Praxis

Advanced Decision Intelligence

Praxis AI Overlay

JEFFREY MICHAEL CAPITAL, LLC | DATA PROCESSING ADDENDUM

Effective Date: January 1, 2026
Last Updated: April 1, 2026

This Data Processing Addendum, including its exhibits and any incorporated schedules, addenda, or referenced documents, is entered into by and between Jeffrey Michael Capital, LLC and the customer entity entering into an Order Form, subscription agreement, statement of work, master services agreement, or other written agreement for access to or use of Praxis or related services.

This Addendum supplements the agreement governing the customer's use of Praxis and applies only to the extent Jeffrey Michael Capital, LLC processes Personal Data on behalf of Customer in connection with Praxis or related services.

1. Parties; Scope; Relationship to Other Agreements

Jeffrey Michael Capital, LLC is an Indiana limited liability company with headquarters in Michigan, USA.

Praxis is a custom decision-intelligence and AI-enabled software-as-a-service platform within the Jeffrey Michael Capital, LLC ecosystem. Praxis may be licensed and used as a standalone subscription offering or in connection with separate consulting, advisory, implementation, configuration, customization, integration, workflow automation, AI-related, or other professional services provided by Jeffrey Michael Capital, LLC.

This Addendum applies only where and to the extent:
(a) Customer acts as a controller, business, or other party with authority over Personal Data,
(b) Jeffrey Michael Capital, LLC acts as a processor, service provider, contractor, or similar provider on behalf of Customer, and
(c) applicable law requires contractual data processing terms.

If there is a conflict between this Addendum and the applicable Praxis Terms of Service, Order Form, subscription agreement, statement of work, or other written agreement, this Addendum controls solely with respect to Personal Data processing governed by this Addendum.

2. U.S.-Only Scope; Non-U.S. Use Requires Separate Terms

Praxis and the related services are intended only for individuals and businesses physically located in the United States and for U.S.-based business activity. Jeffrey Michael Capital, LLC does not market, contract for, or knowingly provide its standard Praxis offering outside the United States.

If an entity is headquartered outside the United States but seeks to use Praxis or related services solely in connection with its U.S.-based operations, personnel, or business activity, Jeffrey Michael Capital, LLC may, in its sole discretion, require separate written approval and additional contractual terms before permitting access, use, or any related engagement beyond the standard U.S.-only framework.

If Customer seeks to use Praxis in connection with:
(a) non-U.S. persons,
(b) non-U.S. operations,
(c) non-U.S. data protection laws, or
(d) cross-border processing arrangements beyond the standard approved U.S.-based framework,
such use requires Jeffrey Michael Capital, LLC's prior written approval and may require a separate written agreement, addendum, or revised data processing terms.

Nothing in this Addendum obligates Jeffrey Michael Capital, LLC to support non-U.S. regulatory frameworks unless expressly agreed in writing.

3. Definitions

For purposes of this Addendum:

“Applicable Data Protection Law” means applicable U.S. federal or state privacy, data protection, or data security laws to the extent such laws apply to the processing of Personal Data under the Agreement.

“Customer” means the entity that entered into the applicable Agreement for Praxis or related services.

“Customer Content” means any prompts, inputs, files, records, internal documents, datasets, communications, business materials, submissions, or other content submitted to Praxis by or on behalf of Customer.

“Personal Data” means information included within Customer Content or otherwise processed by Jeffrey Michael Capital, LLC on behalf of Customer that is identified as personal data, personal information, or similar terminology under Applicable Data Protection Law.

“Process,” “Processing,” or “Processed” means any operation or set of operations performed on Personal Data, whether or not by automated means.

“Security Incident” means an unauthorized acquisition, access, use, disclosure, alteration, or destruction of Personal Data in Jeffrey Michael Capital, LLC's possession or control, excluding unsuccessful attempts or activities that do not compromise the security of Personal Data, such as pings, port scans, denial-of-service attempts, or other attacks that do not result in unauthorized access to Personal Data.

“Subprocessor” means a third party authorized by Jeffrey Michael Capital, LLC to process Personal Data on behalf of Customer in connection with Praxis or related services.

4. Roles of the Parties

As between the parties:
(a) Customer is responsible for determining the purposes and lawful basis for the Processing of Personal Data submitted to Praxis or otherwise provided in connection with the services,
(b) Customer acts as the controller, business, or similar responsible party to the extent required by Applicable Data Protection Law, and
(c) Jeffrey Michael Capital, LLC acts as the processor, service provider, contractor, or similar provider solely on behalf of Customer and in accordance with Customer's documented instructions, this Addendum, and the Agreement.

Customer acknowledges that Praxis may also be used in connection with separate consulting, advisory, implementation, AI integration, workflow, or other professional services. To the extent Jeffrey Michael Capital, LLC processes Personal Data in providing those related services on Customer's behalf, this Addendum also applies unless a separate written agreement expressly provides otherwise.

5. Customer Instructions; Scope of Processing

Jeffrey Michael Capital, LLC will process Personal Data only:
(a) to provide Praxis and related authorized services under the Agreement,
(b) on Customer's documented instructions as set forth in the Agreement, this Addendum, and Customer's use of Praxis,
(c) as required to maintain, support, secure, troubleshoot, and administer Praxis and the relevant customer environment,
(d) as necessary to comply with applicable law, and
(e) as otherwise expressly authorized in writing by Customer.

Customer instructs Jeffrey Michael Capital, LLC to process Personal Data as necessary to:
(a) provide requested platform functionality,
(b) understand business needs,
(c) define and assess service scope,
(d) configure, implement, support, and deliver Praxis and related authorized services,
(e) support consulting, advisory, AI-enabled, implementation, workflow-related, and integration services authorized by Customer,
(f) generate outputs, analyses, summaries, recommendations, and workflows,
(g) maintain, host, secure, troubleshoot, and improve the reliability of the customer environment, and
(h) carry out internal administration, audit, recordkeeping, and support functions related to the services.

Jeffrey Michael Capital, LLC will not:
(a) sell Personal Data,
(b) retain, use, or disclose Personal Data outside the direct business relationship with Customer except as permitted by Applicable Data Protection Law and the Agreement, or
(c) combine Personal Data received from Customer with personal information received from another source except as permitted by Applicable Data Protection Law.

Customer further instructs Jeffrey Michael Capital, LLC to process Personal Data as reasonably necessary for internal business purposes related to support, troubleshooting, service administration, security monitoring, abuse prevention, audit support, recordkeeping, lawful maintenance of Praxis and related authorized services, and compliance with law, in each case only to the extent consistent with the Agreement, this Addendum, and Applicable Data Protection Law.

6. Internal Access; Authorized Personnel

Customer acknowledges and agrees that Personal Data within Customer Content may be reviewed internally by Jeffrey Michael Capital, LLC and its authorized employees, contractors, advisors, service providers, and approved Subprocessors, each subject to appropriate confidentiality, contractual, or professional obligations, solely as reasonably necessary for the purposes described in this Addendum and the Agreement.

Jeffrey Michael Capital, LLC will limit access to Personal Data to persons who have a legitimate business need to know such information for purposes of providing, securing, supporting, administering, configuring, implementing, integrating, troubleshooting, auditing, or lawfully maintaining Praxis or related authorized services.

7. Customer Responsibilities

Customer is solely responsible for:
(a) ensuring that it has all necessary rights, permissions, notices, consents, and lawful bases to disclose Personal Data to Jeffrey Michael Capital, LLC and instruct Processing under the Agreement,
(b) determining whether Praxis and related services are appropriate for the nature of the data submitted,
(c) complying with Applicable Data Protection Law applicable to Customer's business,
(d) providing all notices and obtaining all consents required for the Processing of Personal Data, and
(e) ensuring that Customer does not submit restricted data categories except as expressly authorized in writing.

Customer will not submit through Praxis or related services, unless expressly authorized in writing and subject to appropriate safeguards:
(a) payment card information subject to PCI or similar standards,
(b) protected health information or medical records,
(c) Social Security numbers or similar government-issued identifiers beyond ordinary and expressly approved business necessity,
(d) biometric data,
(e) children's data,
(f) precise geolocation data,
(g) export-controlled information,
(h) FERPA-regulated education records, or
(i) other highly regulated personal information or restricted datasets.

Jeffrey Michael Capital, LLC may reject, remove, quarantine, decline to process, suspend access relating to, or require secure re-submission of any Personal Data, Customer Content, or use case that violates the Agreement, this Addendum, documented instructions, restricted-data limitations, or applicable law, or that creates legal, security, confidentiality, operational, compliance, or reputational risk in its judgment.

8. Confidentiality

Jeffrey Michael Capital, LLC will ensure that any person authorized to process Personal Data is subject to a duty of confidentiality, whether by contract, professional obligation, or otherwise, and receives appropriate instructions regarding the handling of Personal Data.

9. Security Measures

Jeffrey Michael Capital, LLC will implement and maintain reasonable administrative, technical, physical, and organizational safeguards designed to protect Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction, damage, alteration, or disclosure, appropriate to the nature of the Personal Data and the services provided.

Such measures may include, as appropriate:
(a) access controls,
(b) authentication controls,
(c) encryption or equivalent protective measures where appropriate,
(d) logging and monitoring,
(e) personnel confidentiality measures,
(f) incident response procedures,
(g) backup and recovery procedures, and
(h) vendor and Subprocessor oversight.

Customer acknowledges that no system, platform, network, or transmission method is completely secure, and Jeffrey Michael Capital, LLC does not guarantee absolute security.

Certain data categories, environments, integrations, regulated-use cases, enterprise security requirements, foreign-headquartered customer scenarios, localization obligations, retention obligations, or custom compliance commitments may require separate written approval and additional contractual terms before Processing is permitted.

10. Subprocessors

Customer authorizes Jeffrey Michael Capital, LLC to engage Subprocessors in connection with the Processing of Personal Data under this Addendum.

Jeffrey Michael Capital, LLC will:
(a) impose data protection obligations on Subprocessors that are no less protective in substance than the obligations imposed under this Addendum as appropriate to the nature of the services, and
(b) remain responsible for the performance of its Subprocessors to the extent required by Applicable Data Protection Law and the Agreement.

Upon reasonable written request, Jeffrey Michael Capital, LLC will provide Customer with information about relevant categories or identities of Subprocessors, subject to confidentiality, security, or business sensitivity concerns.

Customer acknowledges that Subprocessor information may be provided through a separate subprocessor list, vendor disclosure, onboarding material, diligence response, or other written process designated by Jeffrey Michael Capital, LLC, subject to confidentiality, security, and business sensitivity considerations.

If Customer reasonably objects to a new Subprocessor on legitimate data protection grounds, the parties will work in good faith to address the concern. If the concern cannot be resolved reasonably, Jeffrey Michael Capital, LLC may, at its option, either:
(a) permit Customer to terminate the affected portion of the services, or
(b) decline to offer the affected functionality to Customer.

11. Security Incidents

Jeffrey Michael Capital, LLC will notify Customer without undue delay after becoming aware of a Security Incident affecting Personal Data Processed under this Addendum.

Such notice may:
(a) summarize the nature of the Security Incident,
(b) identify the types of information affected if known,
(c) describe reasonably available remediation steps, and
(d) provide updates as additional information becomes reasonably available.

Jeffrey Michael Capital, LLC's notification of a Security Incident is not an admission of fault or liability.

Customer is responsible for determining whether any notice to individuals, regulators, customers, or other third parties is required under Applicable Data Protection Law, unless otherwise expressly agreed in writing.

12. Assistance with Rights Requests and Compliance

Taking into account the nature of the Processing and the information available to Jeffrey Michael Capital, LLC, Jeffrey Michael Capital, LLC will provide reasonable assistance to Customer, at Customer's expense where appropriate, to support Customer's compliance with applicable legal obligations relating to:
(a) data subject or consumer rights requests,
(b) security incident response,
(c) privacy impact or risk assessments where applicable, and
(d) regulator or lawful governmental inquiries relating to Personal Data processed under the Agreement.

If Jeffrey Michael Capital, LLC receives a rights request relating to Personal Data processed on behalf of Customer, Jeffrey Michael Capital, LLC may:
(a) direct the requesting person to Customer,
(b) notify Customer of the request where reasonably appropriate, and
(c) refrain from responding substantively except as required by law or authorized by Customer.

13. Audit and Information Rights

Upon reasonable written request and no more than once per twelve-month period unless required by law or triggered by a confirmed Security Incident, Jeffrey Michael Capital, LLC will provide Customer with reasonable information necessary to demonstrate compliance with this Addendum, which may include summaries of security practices, relevant documentation, or responses to a reasonable diligence questionnaire.

If Customer reasonably determines that additional review is required, the parties may agree to a reasonable audit process subject to:
(a) advance written notice,
(b) appropriate confidentiality obligations,
(c) reasonable scope and duration limits,
(d) protection of other customers' information and Jeffrey Michael Capital, LLC confidential information,
(e) reasonable security controls, and
(f) reimbursement of Jeffrey Michael Capital, LLC's reasonable costs if permitted by the Agreement or where the request is excessive.

Nothing in this Section requires Jeffrey Michael Capital, LLC to disclose information that would compromise security, violate law, or breach obligations owed to another customer or third party.

14. Retention; Return; Deletion

Upon expiration or termination of the applicable Agreement, Jeffrey Michael Capital, LLC will, in accordance with the Agreement and subject to applicable law, security needs, backup cycles, disaster-recovery processes, legal hold obligations, and recordkeeping requirements:
(a) return Personal Data,
(b) make Personal Data available for export,
(c) delete Personal Data, or
(d) take other action as agreed in writing.

Notwithstanding the foregoing, Jeffrey Michael Capital, LLC may retain Personal Data to the extent required by:
(a) applicable law,
(b) legal hold obligations,
(c) legitimate recordkeeping needs,
(d) backup and disaster recovery systems,
(e) security, audit, fraud-prevention, or enforcement needs, or
(f) enforcement of contractual rights.

Any retained Personal Data will remain protected under this Addendum for so long as it is retained.

15. No Publication; No Public Model Training

Personal Data and Customer Content processed under this Addendum are not published or made publicly available by Jeffrey Michael Capital, LLC except:
(a) at Customer's direction,
(b) as necessary to provide requested services, or
(c) as required by law.

Unless expressly agreed in writing, Personal Data and Customer Content processed under this Addendum are not used by Jeffrey Michael Capital, LLC to train public or general-purpose AI models.

16. Cross-Border Transfers

The parties acknowledge that Praxis and the related services are intended for U.S.-based customers, personnel, and business activity only under the standard approved framework.

Jeffrey Michael Capital, LLC does not undertake under this Addendum to provide compliance with non-U.S. transfer frameworks, foreign data localization requirements, or non-U.S. regulatory obligations unless expressly agreed in writing.

If Customer is headquartered outside the United States but seeks to use Praxis solely for its U.S.-based operations, personnel, or business activity, any additional cross-border, foreign-law, or localization requirements must be separately reviewed and expressly approved in writing before such obligations apply.

If Customer seeks to use Praxis in a manner that would require non-U.S. transfer mechanisms, foreign-law compliance measures, or separate cross-border processing commitments, the parties must first execute a separate written agreement or addendum approved by Jeffrey Michael Capital, LLC.

17. CPRA and Similar U.S. State Terms

To the extent applicable under U.S. state privacy law, including the California Consumer Privacy Act as amended:
(a) Jeffrey Michael Capital, LLC acts as a service provider, contractor, or similar provider with respect to Personal Data processed on behalf of Customer,
(b) Jeffrey Michael Capital, LLC will not sell or share such Personal Data except as permitted by Applicable Data Protection Law and the Agreement,
(c) Jeffrey Michael Capital, LLC will not retain, use, or disclose such Personal Data outside the direct business relationship with Customer except as permitted by law and the Agreement, and
(d) Jeffrey Michael Capital, LLC will permit Customer to take reasonable and appropriate steps to help ensure that Jeffrey Michael Capital, LLC uses Personal Data in a manner consistent with Customer's obligations under applicable law.

18. Limitation of Liability

This Addendum is subject to the liability limitations, exclusions, and allocation of risk set forth in the applicable Agreement.

If no such liability framework applies, then the liability limitations set forth in the Praxis Terms of Service will apply to the maximum extent permitted by law.

19. Order of Precedence

If there is a conflict between this Addendum and another applicable agreement between the parties, the order of precedence with respect to Personal Data Processing only will be:
(a) this Addendum,
(b) any applicable data protection schedule or written amendment expressly modifying this Addendum,
(c) the applicable Order Form, statement of work, or subscription document,
(d) the Praxis Terms of Service, and
(e) any other applicable agreement, unless the relevant agreement expressly states otherwise.

20. Miscellaneous

Except as expressly modified by this Addendum, the applicable Agreement remains in full force and effect.

If any provision of this Addendum is held invalid, illegal, or unenforceable, the remaining provisions will remain in full force and effect.

This Addendum may be updated only by written amendment or as otherwise expressly permitted under the applicable Agreement.

21. Exhibit A | Description of Processing

A. Subject Matter

The Processing of Personal Data in connection with Praxis and related authorized services.

B. Duration

For the duration of the applicable Agreement and any period during which Jeffrey Michael Capital, LLC continues to process Personal Data on behalf of Customer in accordance with the Agreement, backup cycles, legal obligations, and permitted retention.

C. Nature and Purpose of Processing

Processing may include:
(a) hosting, storage, transmission, retrieval, organization, review, analysis, configuration, and support of Customer Content,
(b) generation of outputs, analyses, summaries, recommendations, workflows, and related functionality,
(c) internal review to understand business needs, define service scope, support consulting and AI-enabled workflows, configure and implement services, and deliver requested services,
(d) security, troubleshooting, administration, monitoring, auditing, and recordkeeping, and
(e) compliance with applicable law and enforcement of agreements.

D. Categories of Personal Data

Depending on Customer's use, Personal Data may include:
(a) business contact information,
(b) employee or contractor business information,
(c) customer or vendor business information,
(d) account and usage information,
(e) communications and support records, and
(f) other Personal Data contained in Customer Content submitted by Customer.

E. Categories of Data Subjects

Depending on Customer's use, data subjects may include:
(a) Customer personnel,
(b) Customer clients or customers,
(c) Customer vendors or contractors, and
(d) other individuals whose Personal Data is included in Customer Content submitted by Customer.

22. Contact Information

If you have questions about this Addendum, contact:

Jeffrey Michael Capital, LLC
legal@jeffreymichaelcapital.com
313-356-6665