SCHEDULE A

ThinkOn Acceptable Use Policy

Last Updated: February, 2026

This Acceptable Use Policy (“AUP”) describes prohibited uses of the Services offered by ThinkOn and its resellers (the “Services”). We may modify this AUP at any time by posting a revised version on the ThinkOn Subscriber Portal. By using the Services, you agree to the latest version of this AUP. If you violate the AUP or authorize or help others to do so, we may terminate your use of the Services.

No Illegal, Harmful, or Offensive Use or Content. You may not use, or encourage, promote, facilitate or instruct others to use, the Services for any illegal, harmful or offensive use, or to transmit, store, display or otherwise make available content that is illegal, harmful, or offensive. Prohibited activities or content include:

• Illegal Activities. Any illegal activities, including advertising, transmitting, or otherwise making available gambling sites or services or disseminating, promoting or facilitating child pornography.

• Harmful or Fraudulent Activities. Activities that may be harmful to others, our operations or reputation, including offering or disseminating fraudulent goods, services, or engaging in other deceptive practices.

• Offensive Content. Content that is defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable, including content that constitutes child pornography, or depicts non-consensual sex acts.

• Harmful Content. Content or other computer technology that may damage, interfere with, surreptitiously intercept, or expropriate any system, program, or data, including viruses, Trojan horses, worms, time bombs, or cancelbots.

No Security Violations. You may not use the Services to violate the security or integrity of any network, computer or communications system, software application, or computing device. Prohibited activities include:

• Unauthorized Access. Accessing or using any System without permission, including attempting to probe, scan, or test the vulnerability of a System or to breach any security or authentication measures used by a System.

• Falsification of Origin. Forging TCP-IP packet headers, e-mail headers, or any part of a message describing its origin or route. This prohibition does not include the use of aliases or anonymous remailers.

No Network Abuse. You may not make network connections to any subscribers, hosts, or networks unless you have permission to communicate with them. Prohibited activities include:

• Denial of Service (DoS). Overloading a target with communications requests so the target either cannot respond to legitimate traffic or responds so slowly that it becomes ineffective.
• Intentional Interference. Interfering with the proper functioning of any System.

No E-Mail or Other Message Abuse. You will not distribute or facilitate the distribution of unsolicited mass e-mail or other messages (“spam”), including commercial advertising and informational announcements. You will not alter or obscure mail headers or assume a sender’s identity without the sender’s explicit permission.

External Sites and Social Media Usage.

Users may not post, disclose, or transmit ThinkOn confidential, proprietary, or Protected B information on public websites, social media platforms, or external applications unless explicitly authorized.

Organization-provided identifiers (including corporate email addresses) and authentication credentials may not be used to create or manage accounts on external sites or applications unless required for legitimate business purposes and approved by management.

Users remain responsible for protecting organizational information and maintaining professional conduct when interacting with external platforms. 

Our Enforcement. We reserve the right, but do not assume the obligation, to investigate any violation of this AUP or misuse of the Services. We may investigate violations of this AUP; or remove, disable access to, or modify any content or resource that violates this AUP or any other agreement we have with you for use of the Services. We may report any activity that we suspect violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Our reporting may include disclosing appropriate Subscriber information. We also may cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this AUP.

Acceptable use agreements are signed by all employees before being allowed access to information assets.

Reporting of Violations of this AUP. If you become aware of any violation of this AUP, you will immediately notify us and provide us with assistance, as requested, to stop or remedy the violation. To report any violation of this AUP, please follow our abuse reporting process.

Service agreements (e.g., SLAs) between providers and customers (tenants) across the relevant supply chain (upstream/downstream) are reviewed consistently and no less than annually to identify any nonconformance to established agreements. The reviews result in actions to address service-level conflicts or inconsistencies resulting from disparate supplier relationships.

Review and Revision

This policy will be reviewed as it is deemed appropriate, but no less frequently than every 12 months.

The organization ensures that customers are aware of their obligations and rights, and accept the responsibilities and liabilities prior to accessing, processing, communicating, or managing the organization’s information and information assets. ThinkOn will also do the following:

a) Give a description of the product or service to be provided;

b) Reserve the right to monitor and revoke any activity related to the organization’s assets;

c) Clarify the respective liabilities of the organization and the customer.