End User License Agreement

Vehicle Photography App for Automotive Dealerships & Resellers

Last Updated: May 12, 2026

Effective Date: July 23, 2024

Version: v2.0

LotPix owned by Metzger Enterprises LLC d/b/a AutoRevolution, a Texas Limited Liability Company

This End User License Agreement and Acceptable Use Terms (this "Agreement") is entered into by and between LotPix, owned and operated by Metzger Enterprises LLC d/b/a AutoRevolution, a Texas limited liability company ("Company," "AutoRevolution," "we," "us," or "our"), and to enterprise customers, including automotive dealerships, dealer groups, reseller organizations, auction groups, OEM-affiliated entities, fleet operators, and other authorized business customers ("Customer"), as well as individuals authorized by Customer to access or use the Services ("Authorized Users").

This Agreement governs access to and use of the Company's software-as-a-service platform, including mobile applications, APIs, software, cloud infrastructure, and related technology (collectively, the "Services"), and is enforced within a multi-dealer SaaS environment in which each Customer operates within a logically isolated dealer account.

BY ACCESSING OR USING THE SERVICES, CUSTOMER ACKNOWLEDGES THAT IT HAS READ, UNDERSTOOD, AND AGREES TO BE LEGALLY BOUND BY THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THIS AGREEMENT DOES NOT HAVE AUTHORITY TO BIND CUSTOMER, SUCH INDIVIDUAL MUST NOT ACCESS OR USE THE SERVICES.

0. MULTI-CUSTOMER SAAS ONBOARDING AND ACCESS CONTROL SYSTEM

0.1 System Overview

This Agreement is enforced within a multi-customer software-as-a-service (SaaS) environment in which each dealership, reseller, auction group, or enterprise customer ("Customer") operates within a logically isolated environment.

0.2 Customer Environment Isolation

  • Each Customer operates within a separate and independently provisioned Customer environment;
  • Customer Data is logically segregated at the application, database, and infrastructure layers;
  • No cross-customer access, visibility, or interaction is permitted unless explicitly authorized in writing by the Company;
  • System-level administrative access is restricted, monitored, and subject to audit logging and access control policies;
  • Security controls are designed to support confidentiality, integrity, and segregation of Customer environments in a multi-tenant architecture.

0.3 Onboarding and Acceptance Flow

By creating an account, accessing or using the Services, or enabling Authorized Users, each Customer acknowledges and agrees that:

  • This Agreement applies at the Customer level and governs all Authorized User activity within the Customer's environment;
  • All Authorized Users are bound by this Agreement through Customer onboarding, account provisioning, or first access to the Services;
  • Acceptance is legally binding upon account activation, first login, or system use, whichever occurs first;
  • The then-current version of this Agreement (v2.0 or any successor version accepted by Customer) applies to all use of the Services;
  • Customer is responsible for ensuring internal dissemination and compliance with this Agreement among all Authorized Users.

0.4 Customer Administrator Authority

Each Customer shall designate one or more authorized administrators ("Customer Administrators") who are responsible for managing access to the Services on behalf of the Customer.

  • Customer Administrators have authority to accept this Agreement on behalf of the Customer;
  • Customer Administrators are responsible for provisioning, modifying, and revoking access for Authorized Users;
  • Customer Administrators are responsible for configuring roles, permissions, and access controls within the Customer environment;
  • Customer is solely responsible for all acts, omissions, and configurations performed by its Customer Administrators and Authorized Users;
  • Customer is responsible for ensuring compliance with all applicable laws, regulations, and industry requirements relating to its use of the Services, including vehicle photography, data capture, and operational workflows.

0.5 Version Control and Agreement Updates

This Agreement is version-controlled and maintained by the Company. The current version is v2.0.

  • The Company may update, modify, or replace this Agreement from time to time in its sole discretion;
  • Material updates may require Customer re-acceptance as a condition of continued access to the Services;
  • Continued use of the Services after an update becomes effective constitutes acceptance of the updated Agreement, where permitted by law;
  • The Company may maintain historical versions of this Agreement for audit, compliance, and vendor due diligence purposes.

1. DEFINITIONS

1.1 "Authorized User"

Any individual who is authorized by Customer to access or use the Services, including Customer's employees, contractors, agents, representatives, or other persons acting on Customer's behalf. Authorized Users are subject to Customer's control, and Customer remains fully responsible and liable for all acts, omissions, and access performed by such users in connection with the Services.

1.2 "Customer Data"

All data, content, information, media, or materials submitted, uploaded, transmitted, captured, processed, or otherwise generated through the Services by or on behalf of Customer or its Authorized Users, including but not limited to vehicle images, videos, photographs, metadata, inventory data, configuration data, and operational records.

Customer Data does not include aggregated, anonymized, or de-identified data derived by the Company that does not identify Customer or any individual.

1.3 "Customer Environment"

The logically isolated software instance, configuration space, and data environment provisioned by the Company for use by a specific Customer within the multi-customer SaaS architecture.

  • Each Customer Environment is independently provisioned and logically segregated;
  • Access is restricted to Authorized Users associated with that Customer;
  • Customer Data and configuration settings are contained within the Customer Environment;
  • No Customer Environment is accessible by another Customer unless expressly authorized in writing by the Company.

1.4 "Customer Data Boundary"

The technical, logical, and administrative controls that define and enforce separation of Customer Data within the Services.

  • Customer Data Boundaries are enforced at the application, database, and infrastructure layers;
  • They are designed to prevent unauthorized access, leakage, or commingling of data between Customers;
  • Customer acknowledges that all processing occurs within these defined boundaries.

1.5 "Dealer Account"

A primary account established by a Customer within the Services representing a dealership, reseller group, or enterprise entity. The Dealer Account serves as the top-level administrative structure governing access, permissions, billing, and configuration within the Customer Environment.

1.6 "Sub-Account"

A subordinate account or user grouping created within a Dealer Account to support internal organizational structure, operational workflows, or role-based access segmentation.

  • Sub-Accounts remain subordinate to the Dealer Account;
  • The Dealer Account administrator retains ultimate control and responsibility for all Sub-Accounts;
  • Sub-Accounts inherit or are assigned permissions through Role-Based Access Control (RBAC) policies defined by the Customer.

1.7 "Dealer Group"

A collection of multiple Dealer Accounts operated under common ownership, management, or enterprise control, including but not limited to dealership networks, franchised groups, or consolidated automotive retail organizations.

  • Dealer Groups may centralize administrative oversight across multiple Dealer Accounts;
  • Each Dealer Account within a Dealer Group remains independently isolated unless explicitly linked through Company-enabled functionality;
  • Data access between Dealer Accounts within a Dealer Group is subject to configuration and authorization controls.

1.8 "Rooftop"

An individual dealership location or operational unit within a Dealer Group or enterprise automotive organization. Each Rooftop may correspond to a distinct physical dealership location with its own inventory, users, and operational workflows.

1.9 "OEM"

Original Equipment Manufacturer, meaning any automotive manufacturer or brand owner that produces vehicles and may interact with Dealer Groups, Dealer Accounts, or the Services for purposes including inventory standards, merchandising requirements, or platform integrations.

1.10 "Confidential Information"

All non-public information disclosed by or on behalf of either party that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.

Confidential Information includes, without limitation, Customer Data, system architecture, security documentation, pricing, business processes, technical specifications, and non-public operational information.

  • Confidential Information shall be protected using no less than reasonable care;
  • Access shall be limited to personnel with a legitimate business need;
  • Confidential Information shall not be disclosed to third parties except as permitted under this Agreement;
  • Obligations survive termination of the Agreement.

1.11 "Security Incident"

Any confirmed unauthorized access to, acquisition of, disclosure of, or loss of Customer Data within the Company's systems that compromises the confidentiality, integrity, or availability of such data.

Security Incident excludes unsuccessful or non-material events, including but not limited to attempted attacks, port scans, firewall blocks, or other routine security monitoring events that do not result in confirmed compromise.

  • The Company will handle Security Incidents in accordance with applicable data breach notification laws;
  • Notification will be provided without undue delay where legally required;
  • Customer acknowledges that investigation and containment efforts may precede formal notification.

1.12 "Demo Account"

A non-production, limited-use account provided solely for evaluation, onboarding, training, or demonstration purposes and not intended for operational, commercial, or revenue-generating use.

  • Demo Accounts may be modified, suspended, or terminated at any time;
  • No production reliance is permitted;
  • Data stored in Demo Accounts may be deleted without notice.

1.13 "Services"

The Company's proprietary software-as-a-service platform, including mobile applications, APIs, cloud infrastructure, integrations, and related systems used for vehicle photography, inventory management, and related automotive retail workflows.

The Services are designed for multi-customer use within a logically isolated architecture and may be updated, modified, or enhanced at the Company's discretion.

2. LICENSE GRANT AND RESTRICTIONS

Subject to Customer's continued compliance with this Agreement, including timely payment of all applicable fees, the Company grants Customer a limited, revocable, non-exclusive, non-transferable, non-sublicensable license during the applicable subscription term to access and use the Services solely for Customer's internal business purposes in connection with its automotive inventory management, vehicle photography, merchandising, and related operational workflows.

The Services are licensed, not sold. No ownership rights, title, or interest in or to the Services are transferred to Customer or any Authorized User under this Agreement.

Customer shall not, and shall not permit any Authorized User or third party to:

  • sublicense, resell, lease, distribute, time-share, or otherwise commercially exploit the Services or any portion thereof;
  • copy, modify, adapt, translate, reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, underlying structure, ideas, algorithms, or trade secrets from the Services, except to the limited extent expressly permitted by applicable law notwithstanding this restriction;
  • create derivative works based on the Services or use the Services to develop, train, or improve any competing product or service;
  • access or use the Services for purposes of competitive analysis, benchmarking, performance testing, or building a competitive product or service without the Company's prior written consent;
  • bypass, disable, circumvent, or interfere with any security, authentication, rate-limiting, usage tracking, or access control mechanisms implemented within the Services;
  • use the Services in violation of applicable laws, regulations, industry standards, or third-party rights;
  • access the Services in a manner intended to avoid incurring applicable fees, usage limitations, or contractual restrictions.

The Company reserves all rights not expressly granted to Customer under this Agreement. No implied licenses are granted, whether by estoppel, implication, or otherwise.

3. AUTHORIZED USE; DEVICE AND ACCESS RESTRICTIONS

3.1 Permitted Users and Eligible Customers

The Services are intended solely for use by legally formed and duly authorized automotive enterprises, including licensed automotive dealerships, dealer groups, reseller organizations, auction entities, and other approved automotive industry participants (each, a "Customer").

Consumer, personal, household, or non-commercial use of the Services is strictly prohibited. Customer acknowledges that the Services are provided exclusively for business-to-business (B2B) operational use within commercial automotive inventory and merchandising workflows.

3.2 Mobile-Only Access Requirement

Customer acknowledges and agrees that the Services are designed, optimized, provisioned, and supported exclusively for use on compatible mobile smartphones (iOS and Android devices).

  • The Services are not designed for, and may not be accessed through, desktops, laptops, tablets, emulators, virtualized environments, automated environments, or any non-mobile device configuration;
  • All Authorized Users, including employees, contractors, agents, and representatives of Customer, must access and operate the Services exclusively through mobile smartphone devices unless otherwise expressly authorized in writing by the Company;
  • Any attempt to access or use the Services outside of supported mobile environments may result in degraded functionality, security restrictions, suspension, or termination of access;
  • Customer acknowledges that mobile-only operation is a material condition of use and acceptance of the Services.

3.3 Bring Your Own Device (BYOD) and Employee Device Use

Company may permit Authorized Users to access and use the Services using either personally owned or Customer-issued mobile devices (BYOD permitted), subject to the following conditions:

  • Customer remains solely responsible for all device-level security, configuration, and usage practices;
  • Customer is responsible for ensuring that all devices used to access the Services are reasonably secured against unauthorized access, including through appropriate password, biometric, or device-level controls;
  • Customer shall implement appropriate credential management, access control, and user provisioning procedures to prevent unauthorized use or credential sharing;
  • Company is not responsible for loss, compromise, or misuse of Customer Data arising from Customer-managed devices or third-party device environments.

3.4 Account Responsibility and Authorized User Liability

Customer is solely and fully responsible for all access to and activity conducted under its accounts, including all actions performed by Authorized Users, whether such actions are authorized, unauthorized, intentional, or negligent.

Any act or omission by an Authorized User shall be deemed an act or omission of Customer for purposes of this Agreement. Customer is responsible for maintaining control over account credentials, access permissions, and user provisioning at all times.

4. DEMO ACCOUNTS

4.1 Limited Purpose and Non-Production Nature

Demo Accounts are provided solely for limited evaluation, onboarding, training, configuration review, and product demonstration purposes. Demo Accounts are non-production environments and are not intended, configured, or warranted for operational use.

Customer acknowledges that Demo Accounts may have reduced functionality, limited security configurations, non-final feature sets, and/or restricted performance characteristics and are provided strictly on an "as available" basis for testing and evaluation.

4.2 Express Restrictions on Use

Customer shall not, and shall not permit any Authorized User or third party to:

  • use Demo Accounts for live, production, or mission-critical inventory management, vehicle photography workflows, or dealership operations;
  • use Demo Accounts for any revenue-generating, commercial, or customer-facing production activities;
  • rely on Demo Accounts for operational decision-making, pricing, inventory management, merchandising decisions, or business continuity purposes;
  • upload, process, or store production Customer Data, regulated data, or business-critical information in Demo Accounts;
  • treat Demo Account outputs, configurations, or performance as representative of production Service behavior or service-level commitments.

4.3 Data Segregation and No Production Warranty

Customer acknowledges and agrees that any data submitted to a Demo Account may be segregated from production environments and may be subject to deletion, modification, reset, or overwrite without notice.

The Company makes no warranties, express or implied, regarding data persistence, availability, integrity, or retention within Demo Accounts.

4.4 Company Rights; Suspension and Termination

The Company may, in its sole discretion and at any time, with or without notice or liability:

  • modify, suspend, restrict, or terminate any Demo Account;
  • reset or delete Demo Account data;
  • limit functionality, duration, or access to Demo Accounts;
  • convert or migrate Demo Accounts to production environments only pursuant to a separate written agreement.

4.5 No Reliance

Customer agrees that it shall not rely on Demo Accounts for any commercial, operational, legal, compliance, or business purposes. Any reliance on Demo Accounts is solely at Customer's own risk.

5. CUSTOMER DATA

5.1 Ownership and Reservation of Rights

As between the parties, Customer retains all right, title, and interest in and to Customer Data. Subject to the limited rights expressly granted herein, the Company acquires no ownership rights in Customer Data.

Nothing in this Agreement shall be construed to restrict Customer's ownership of its data, except as necessary for the Company to perform the Services in accordance with this Agreement.

5.2 Limited License to Company

Customer hereby grants to Company a worldwide, non-exclusive, royalty-free, sublicensable (solely to Company's subcontractors and service providers as necessary to deliver the Services), and transferable license during the Term to host, store, reproduce, process, transmit, display, and otherwise use Customer Data solely to the extent necessary to:

  • provide, operate, maintain, and support the Services;
  • configure and deliver Customer-specific functionality within the Customer Environment;
  • ensure system security, integrity, availability, and performance monitoring;
  • diagnose, troubleshoot, and resolve technical issues;
  • perform backups, disaster recovery, and business continuity operations;
  • develop, improve, and enhance the Services, including feature optimization and system reliability;
  • generate aggregated, anonymized, or de-identified analytics that do not identify Customer or any individual end user.

Company shall not sell Customer Data or use Customer Data for advertising purposes.

5.3 Customer Representations and Warranties

Customer represents, warrants, and covenants that:

  • It has all necessary rights, consents, permissions, and authority to submit, upload, process, and store Customer Data through the Services;
  • Customer Data and its collection, use, and transmission through the Services complies with all applicable federal, state, and local laws, regulations, and industry requirements;
  • Customer Data does not and will not infringe, misappropriate, or violate any intellectual property rights, privacy rights, publicity rights, or other rights of any third party;
  • Customer is solely responsible for obtaining all notices, consents, authorizations, and permissions required for the capture, processing, and use of Customer Data, including any vehicle images or incidental capture of individuals;
  • Customer assumes full responsibility for compliance with applicable data protection, privacy, employment, and biometric information laws arising from its use of the Services.

5.4 Data Processing Role Acknowledgment

To the extent the Company processes personal data contained within Customer Data, the Company acts as a service provider or processor solely on behalf of Customer, and only for the purposes of providing the Services in accordance with this Agreement.

6. TYPE OF DATA COLLECTED

In connection with access to and use of the Services, the Company may collect, receive, generate, store, process, and transmit various categories of data, including but not limited to the following types of information. Such data may be collected directly from Customer, Authorized Users, devices used to access the Services, and through system logs, integrations, and third-party service providers.

6.1 Account and Organizational Data

  • Dealer account information, including dealership name, reseller or enterprise identifiers, and organizational hierarchy;
  • Authorized User profiles, including names, usernames, roles, and access permissions;
  • Authentication credentials and security-related configuration data.

6.2 Device and Mobile Information

  • Mobile device identifiers and hardware-related metadata;
  • Operating system type and version (e.g., iOS, Android);
  • Device model, manufacturer, and configuration settings;
  • Mobile carrier information (where available);
  • Application version, crash logs, and diagnostic performance data;
  • Unique device identifiers, including advertising identifiers or similar technical identifiers where applicable.

6.3 Network and Connection Data

  • IP address assigned to the device at the time of access;
  • Approximate geolocation derived from IP address or device signals;
  • Network type (Wi-Fi, cellular, or other connectivity method);
  • Access timestamps, session duration, and usage logs;
  • Domain and system interaction logs generated through use of the Services.

6.4 Location Data

  • Precise or approximate location data derived from device GPS, IP address, or other location-enabled services (where enabled by the user or device settings);
  • Location metadata associated with vehicle photography capture events;
  • Geofencing or site-level location data associated with dealership or lot operations.

6.5 Usage and Operational Data

  • User activity within the Services, including logins, uploads, edits, and administrative actions;
  • Interaction data related to features, workflows, and system usage patterns;
  • Audit logs and system-generated event records;
  • Performance metrics, error reports, and system diagnostics.

6.6 Customer Content and Media Data

  • Vehicle photographs, videos, and associated media files captured or uploaded through the Services;
  • Metadata associated with media files, including timestamps, device identifiers, and location data (if enabled);
  • Inventory descriptions, vehicle identification data, and related merchandising content.

6.7 Communication Data

  • Support requests, service communications, and correspondence with the Company;
  • Feedback, onboarding communications, and training interactions;
  • Notifications and system messages delivered through the Services.

6.8 Aggregated and Derived Data

  • Aggregated usage statistics and system performance analytics;
  • De-identified or anonymized datasets used for operational improvement and product development;
  • Derived insights generated from usage patterns, subject to applicable law and internal policies.

The Company processes the foregoing categories of data solely as necessary to provide, maintain, secure, support, and improve the Services, and in accordance with applicable law, contractual obligations, and reasonable security practices designed for enterprise SaaS environments.

7. MEDIA CAPTURE AND DEVICE STORAGE

The Services facilitate the capture, processing, transmission, and storage of media content, including photographs, video, and related metadata (collectively, "Media"), which is uploaded from Authorized User devices to the Company's systems for processing, storage, and service delivery.

Customer acknowledges and agrees that Media captured through the Services is transmitted over networks that may be subject to interruption, delay, or degradation, and that successful upload to the Company's systems is not guaranteed in all circumstances.

Upon successful transmission and confirmation of upload, Media may be processed and stored within the applicable Customer Environment. Local copies of Media stored on Authorized User devices may be automatically modified, cleared, or removed by the application in accordance with system design and storage optimization processes.

Customer is solely responsible for determining and implementing any independent backup, archival, or redundancy requirements for Media, including compliance with any applicable legal, regulatory, or internal retention obligations.

The Company does not warrant uninterrupted capture, transmission, storage, or availability of Media on local devices and is not responsible for loss, corruption, or deletion of Media occurring on Customer-controlled devices or networks.

8. SECURITY

The Company implements and maintains a comprehensive information security program that includes administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of the Services and Customer Data, consistent with commercially reasonable practices for enterprise SaaS providers operating in a multi-customer environment.

Such safeguards are designed to mitigate reasonably foreseeable risks of unauthorized access, disclosure, alteration, or destruction of Customer Data, and to support secure operation of the Services within a multi-customer architecture.

Without limiting the foregoing, the Company's security program may include, as applicable:

  • Encryption of data in transit using industry-standard secure communication protocols (such as TLS) and encryption of data at rest using commercially reasonable encryption technologies;
  • Access controls, authentication mechanisms, and identity management systems designed to restrict access to authorized personnel and Authorized Users on a least-privilege basis;
  • Role-based access control (RBAC) frameworks and tenant-aware authorization controls within the Customer Environment;
  • Security monitoring, logging, and alerting systems designed to detect and respond to unauthorized or anomalous activity;
  • Vulnerability management processes, including patch management, security updates, and periodic system assessments;
  • Network security controls designed to protect against unauthorized access and malicious activity;
  • Operational controls limiting access to Customer Data to authorized personnel with a legitimate business need, subject to confidentiality obligations.

The Company may, in its sole discretion, modify, enhance, or update its security controls from time to time in response to evolving threats, technological advancements, or operational requirements, provided that such changes are not intended to materially reduce the overall protective posture of the Services.

Customer acknowledges that no system or method of electronic transmission or storage is completely secure, and the Company does not warrant or guarantee absolute security.

9. SECURITY INCIDENT RESPONSE

The Company maintains documented incident response policies and procedures designed to identify, assess, contain, investigate, and remediate confirmed security events involving Customer Data within the Services.

In the event of a confirmed Security Incident involving unauthorized access to or acquisition of Customer Data that compromises the confidentiality, integrity, or availability of such data, the Company will provide notice to Customer without undue delay, and to the extent required by applicable law, regulatory obligation, or contractual commitment.

Such notice may be provided after the Company has undertaken reasonable measures to assess the scope, severity, and impact of the Security Incident, and to implement containment or mitigation steps designed to reduce further risk to Customer Data or the Services.

Customer acknowledges that the Company's ability to investigate, contain, and remediate Security Incidents may take precedence over immediate notification where necessary to prevent further harm, preserve forensic integrity, or comply with applicable legal obligations.

For purposes of this Agreement, the following do not constitute a Security Incident:

  • failed or unsuccessful login attempts;
  • denial-of-service or distributed denial-of-service attempts that do not result in unauthorized access to Customer Data;
  • port scans, vulnerability scans, or other routine reconnaissance activities;
  • firewall or intrusion prevention system blocks;
  • any other activity that does not result in confirmed unauthorized access to or acquisition of Customer Data.

The Company shall not be required to disclose sensitive security details that could compromise ongoing investigations, system security, or the integrity of the Services, provided that such limitation does not materially undermine legally required notification obligations.

10. DATA RETENTION AND DELETION

Customer Data is retained for the duration of the applicable Subscription Term and for such additional period as may be necessary to fulfill operational, security, legal, regulatory, accounting, or compliance requirements, or as otherwise permitted under the Company's documented data retention policies.

Customer acknowledges that data retention practices may vary depending on the nature of the data, system architecture, backup cycles, and legal obligations applicable to the Company or Customer.

Upon termination or expiration of the Agreement or applicable Subscription Term:

  • Customer's access to the Services and Customer Environment will be disabled in accordance with the Company's access control procedures;
  • Customer Data may be deleted, de-identified, anonymized, or otherwise rendered inaccessible in accordance with the Company's standard retention and deletion processes;
  • Customer acknowledges that residual copies of Customer Data may persist in encrypted backup, archival, disaster recovery, or business continuity systems for a limited period of time;
  • Such residual data will be deleted or overwritten in the ordinary course of the Company's backup retention cycle and will not be actively used for production purposes.

The Company shall have no obligation to maintain, restore, or provide access to Customer Data following termination, except as expressly required by applicable law or mutually agreed in writing.

11. CONFIDENTIALITY

Each party acknowledges that, in connection with this Agreement and the provision or use of the Services, it may receive or have access to non-public, proprietary, or confidential information of the other party ("Confidential Information").

Each party agrees that it shall use the other party's Confidential Information solely to the extent necessary to perform its obligations or exercise its rights under this Agreement, and shall protect such Confidential Information using at least a reasonable standard of care, and in no event less than the degree of care it uses to protect its own confidential information of similar nature and importance.

Without limiting the foregoing, each party agrees that it shall:

  • restrict access to Confidential Information to its employees, contractors, and agents who have a legitimate need to know such information for purposes of this Agreement and who are bound by confidentiality obligations no less protective than those set forth herein;
  • not disclose Confidential Information to any third party without the prior written consent of the disclosing party, except as expressly permitted under this Agreement or as required by applicable law;
  • not use Confidential Information for any purpose other than performance of this Agreement;
  • implement reasonable administrative, technical, and physical safeguards designed to prevent unauthorized access, disclosure, or use of Confidential Information.

Confidential Information does not include information that the receiving party can demonstrate: (i) is or becomes publicly available without breach of this Agreement; (ii) was lawfully known to the receiving party prior to disclosure; (iii) is independently developed without use of or reference to the disclosing party's Confidential Information; or (iv) is lawfully obtained from a third party without restriction.

The obligations set forth in this Section shall survive termination or expiration of this Agreement for the period required under applicable law or, if longer, for so long as the information remains confidential in nature.

12. ACCEPTABLE USE RESTRICTIONS

Customer shall not, and shall not permit any Authorized User, employee, contractor, affiliate, reseller, sub-account user, agent, or other third party acting on Customer's behalf to access or use the Services in any manner that violates this Agreement, applicable law, or the operational integrity or security of the Services.

Without limiting the foregoing, Customer shall not, and shall ensure that all Authorized Users do not:

  • Reverse engineer, decompile, disassemble, decode, adapt, modify, translate, or otherwise attempt to derive source code, underlying ideas, algorithms, or architecture from the Services or any portion thereof;
  • Circumvent, disable, interfere with, or otherwise compromise any authentication mechanism, security control, access restriction, rate limitation, tenant isolation boundary, or technical safeguard implemented by the Company;
  • Access, attempt to access, probe, scan, or test any systems, accounts, data environments, APIs, infrastructure components, or networks not expressly authorized for Customer's use;
  • Use the Services for any unlawful, fraudulent, deceptive, abusive, harassing, defamatory, or unauthorized purpose, including any activity that violates applicable automotive, privacy, employment, consumer protection, export control, sanctions, or electronic communications laws;
  • Upload, transmit, distribute, introduce, or deploy malware, ransomware, spyware, viruses, trojan horses, malicious scripts, corrupted files, or other harmful or disruptive code or content;
  • Interfere with, disrupt, degrade, impair, overload, or otherwise negatively affect the performance, integrity, availability, or operation of the Services or any related infrastructure;
  • Use bots, crawlers, spiders, automated scraping tools, automated extraction methods, data harvesting tools, or similar technologies to access or extract information from the Services without the Company's prior written authorization;
  • Store, upload, process, or transmit unrelated personal information, protected health information, medical records, payment card data, biometric identifiers unrelated to authorized vehicle photography workflows, or other regulated sensitive data not expressly authorized by the Company;
  • Use the Services in violation of applicable export control laws, trade sanctions, embargoes, or restrictions administered by the United States or other applicable governmental authorities;
  • Use the Services in any manner that could compromise multi-customer segregation, Customer Data boundaries, or the confidentiality, integrity, or availability of another Customer's environment or data;
  • Misrepresent identity, organizational affiliation, account ownership, or authorization status while accessing or using the Services.

Customer is solely responsible for the acts and omissions of all Authorized Users and all persons accessing the Services through Customer accounts, credentials, devices, or Customer-controlled environments, whether such access is authorized or unauthorized.

The Company reserves the right, in its sole discretion and without liability, to immediately suspend, restrict, investigate, or terminate access to the Services where the Company reasonably believes that Customer or any Authorized User has violated this Agreement, created a security risk, exposed the Company or other customers to legal or operational risk, or otherwise compromised the integrity or lawful operation of the Services.

The Company further reserves the right to cooperate with law enforcement authorities, regulators, or governmental agencies in connection with any suspected unlawful activity involving the Services, subject to applicable law.

13. COMPLIANCE WITH LAW

Each party shall comply with all applicable federal, state, local, and international laws, regulations, ordinances, rules, and governmental requirements applicable to its performance under this Agreement and its use or provision of the Services.

Without limiting the foregoing, Customer acknowledges and agrees that it is solely responsible for ensuring that its access to and use of the Services, including the activities of its Authorized Users, employees, contractors, agents, sub-accounts, reseller personnel, and affiliated entities, complies with all applicable:

  • Privacy and consumer protection laws;
  • Data protection and data security laws;
  • Export control laws, sanctions programs, and trade restrictions;
  • Automotive industry laws, dealership regulations, and inventory advertising requirements;
  • Employment and workplace laws;
  • Electronic communications and recording laws;
  • Surveillance, image capture, biometric privacy, and consent laws;
  • State-specific privacy and biometric statutes, including where applicable the Illinois Biometric Information Privacy Act ("BIPA").

Customer is solely responsible for determining whether its operational use of the Services, including the capture, upload, processing, storage, distribution, or publication of vehicle photography or related media, is lawful within the jurisdictions in which Customer operates.

Customer further represents and warrants that it has obtained, and will maintain, all necessary notices, disclosures, permissions, authorizations, and consents required under applicable law for the collection and processing of Customer Data through the Services.

The Company does not provide legal advice and makes no representation that Customer's use of the Services will satisfy Customer's independent legal or regulatory obligations.

14. IMAGE DATA / VEHICLE PHOTOGRAPHY AND BIOMETRIC DATA

14.1 Biometric Information and Image Data Processing

The Services are designed primarily for the capture, processing, storage, management, and transmission of vehicle photographs, vehicle inventory media, and related dealership merchandising content for automotive inventory, marketing, operational, and analytics purposes.

Although the Services are intended to capture images of vehicles and dealership inventory, Customer acknowledges and agrees that photographs or videos processed through the Services may incidentally contain images of individuals, faces, license plates, reflections, bystanders, dealership personnel, customers, or other visual elements that could, under certain laws or regulations, be considered personal information, biometric identifiers, or biometric information.

To the extent biometric identifiers or biometric information are collected, processed, stored, or transmitted through the Services, whether intentionally or incidentally, the Company shall implement commercially reasonable practices designed to:

  • Limit collection and processing to what is reasonably necessary for operation of the Services;
  • Obtain or support obtaining legally required notices and consents where applicable law requires such consent;
  • Prohibit the sale, lease, trade, or unauthorized monetization of biometric identifiers or biometric information;
  • Retain such data only for the period reasonably necessary to fulfill legitimate operational purposes or legal obligations;
  • Apply administrative, technical, and organizational safeguards designed to protect such information against unauthorized access, disclosure, alteration, or destruction;
  • Delete or anonymize biometric-related information in accordance with applicable law, contractual obligations, and internal retention procedures.

14.2 Incidental Human Capture

Customer acknowledges that vehicle photography workflows occurring at dealership lots, auctions, transport facilities, service departments, or other operational environments may incidentally capture images of individuals or human characteristics.

The Company may implement technologies, workflows, or operational procedures designed to blur, minimize, crop, redact, suppress, or otherwise reduce incidental human capture where commercially reasonable and technically feasible.

The Services are not designed or intended for facial recognition, facial profiling, identity verification, behavioral analysis, or biometric identification of individuals, and the Company does not knowingly use facial recognition technologies to identify natural persons through vehicle photography workflows.

14.3 Customer Responsibility for Image Collection Practices

Customer is solely responsible for ensuring that its personnel, Authorized Users, photographers, contractors, and dealership or reseller employees comply with all laws applicable to photography practices, surveillance practices, biometric privacy obligations, and image collection activities conducted through use of the Services.

Customer further acknowledges that it is responsible for implementing any legally required notices, signage, workplace policies, consent procedures, or disclosures relating to the capture of images at Customer-operated facilities or dealership locations.

14.4 Biometric Privacy Law Alignment

The Company recognizes that certain jurisdictions impose heightened obligations relating to biometric identifiers and biometric information, including under laws such as the Illinois Biometric Information Privacy Act ("BIPA") and similar state privacy laws.

Accordingly, where applicable and commercially reasonable, the Company may maintain internal practices designed to align with generally recognized biometric privacy principles, including:

  • Reasonable data minimization practices;
  • Restricted access controls;
  • Defined retention and deletion procedures;
  • Confidential handling of sensitive image-related data;
  • Security safeguards designed to reduce unauthorized disclosure risks.

Nothing in this Agreement shall be construed as an admission that the Services intentionally collect or process biometric identifiers within the meaning of any specific biometric privacy law.

15. THIRD-PARTY SERVICES

The Company may engage third-party service providers, infrastructure vendors, subprocessors, cloud hosting providers, telecommunications providers, analytics providers, payment processors, and other third-party service partners (collectively, "Third-Party Providers") in connection with the operation, maintenance, security, support, and delivery of the Services.

Customer acknowledges and agrees that the Services are dependent on Third-Party Providers and that the availability, performance, and functionality of the Services may be subject to the operational limitations, service interruptions, or changes imposed by such Third-Party Providers.

The Company shall exercise commercially reasonable diligence in the selection and management of material Third-Party Providers; however, the Company does not control and is not responsible for the acts, omissions, availability, or performance of Third-Party Providers, except to the extent required by applicable law.

Customer further acknowledges that integration with or reliance on Third-Party Providers may require the transfer, processing, or storage of Customer Data in systems operated by such Third-Party Providers, subject to their applicable terms and privacy and security practices.

Use of the Services constitutes authorization for the Company to engage Third-Party Providers as necessary to deliver the Services, including those who may process Customer Data solely for the purpose of supporting Service functionality.

16. SERVICE AVAILABILITY

The Services are provided on an "as available" and "as maintained" basis and may be subject to intermittent unavailability, downtime, latency, degradation, or interruptions, including those resulting from scheduled maintenance, emergency maintenance, system upgrades, security patches, infrastructure changes, or operational adjustments.

Customer acknowledges that uninterrupted or error-free availability of the Services is not guaranteed, and that the Services may be temporarily suspended or impaired without prior notice where necessary to maintain system integrity, security, or operational stability.

The Company may, from time to time and in its sole discretion, perform maintenance activities that may result in temporary service interruptions, reduced performance, or limited functionality. The Company will use commercially reasonable efforts, where practicable, to schedule such maintenance in a manner designed to minimize disruption.

The Company shall not be liable for any unavailability, interruption, or degradation of the Services arising from: (i) system maintenance; (ii) network or internet failures; (iii) third-party service provider outages; (iv) force majeure events; or (v) circumstances beyond the Company's reasonable control.

Customer agrees that its use of the Services is not contingent upon uninterrupted availability unless expressly agreed in a separate written service level agreement executed by the Company.

17. INTELLECTUAL PROPERTY

The Services, including without limitation all software, applications, APIs, user interfaces, workflows, designs, text, graphics, images, compilations, data structures, architecture, source code, object code, algorithms, models, know-how, trade secrets, and all related technology and documentation, are and shall remain the exclusive property of the Company and its licensors.

All rights, title, and interest in and to the Services are reserved by the Company, and no rights are granted to Customer except for the limited, revocable, non-exclusive, non-transferable license expressly set forth in this Agreement.

Customer acknowledges that the Services are protected by intellectual property laws, including copyright, trademark, trade secret, and other applicable laws and treaties, and that unauthorized use, reproduction, modification, or distribution of the Services is strictly prohibited.

Nothing in this Agreement shall be construed as granting, by implication, estoppel, or otherwise, any ownership interest, license, or right in or to the Company's intellectual property, except as expressly provided herein.

Customer shall not remove, obscure, or alter any proprietary notices, trademarks, or branding contained within the Services or related materials.

18. DISCLAIMER OF WARRANTIES

THE SERVICES ARE PROVIDED ON AN "AS IS," "AS AVAILABLE," AND "WITH ALL FAULTS" BASIS, WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.

TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, ACCURACY, RELIABILITY, OR UNINTERRUPTED OR ERROR-FREE OPERATION.

THE COMPANY DOES NOT WARRANT THAT THE SERVICES WILL MEET CUSTOMER?S REQUIREMENTS OR EXPECTATIONS, OR THAT THE SERVICES WILL BE FREE FROM INTERRUPTIONS, DELAYS, SECURITY BREACHES, DATA LOSS, OR OTHER HARMFUL COMPONENTS.

CUSTOMER ACKNOWLEDGES THAT IT IS RESPONSIBLE FOR DETERMINING WHETHER THE SERVICES ARE SUITABLE FOR ITS INTENDED USE AND ASSUMES ALL RISK ASSOCIATED WITH ITS USE OF THE SERVICES, INCLUDING ANY RELIANCE ON OUTPUTS, DATA, OR FUNCTIONALITY PROVIDED THROUGH THE SERVICES.

NO ORAL OR WRITTEN INFORMATION OR ADVICE PROVIDED BY THE COMPANY OR ITS REPRESENTATIVES SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.

19. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AND NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, THE COMPANY SHALL NOT BE LIABLE TO CUSTOMER OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, REVENUE, BUSINESS OPPORTUNITIES, GOODWILL, DATA, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE SERVICES, EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

THE FOREGOING LIMITATIONS APPLY REGARDLESS OF THE LEGAL THEORY ON WHICH SUCH CLAIM IS BASED, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, AND REGARDLESS OF WHETHER ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE COMPANY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES ACTUALLY PAID BY CUSTOMER TO THE COMPANY FOR THE SERVICES IN THE SIX (6) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

MULTIPLE CLAIMS SHALL NOT EXPAND OR INCREASE THE FOREGOING LIMITATION. THE EXISTENCE OF MORE THAN ONE CLAIM SHALL NOT ENLARGE THE LIABILITY CAP SET FORTH HEREIN.

CUSTOMER ACKNOWLEDGES THAT THE COMPANY HAS ENTERED INTO THIS AGREEMENT IN RELIANCE UPON THE LIMITATIONS OF LIABILITY SET FORTH HEREIN AND THAT SUCH LIMITATIONS FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES.

20. INDEMNIFICATION

Customer shall defend, indemnify, and hold harmless the Company, its affiliates, and each of their respective officers, directors, employees, contractors, and agents (collectively, the "Company Indemnitees") from and against any and all claims, demands, actions, proceedings, damages, losses, liabilities, judgments, settlements, penalties, fines, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

  • Customer Data, including any allegation that Customer Data infringes, misappropriates, or violates any intellectual property rights, privacy rights, publicity rights, or other rights of any third party;
  • Customer's or any Authorized User's access to or use of the Services, including any misuse, unauthorized use, or use in violation of this Agreement;
  • Customer's breach or alleged breach of this Agreement, including any representations, warranties, or obligations set forth herein;
  • Customer's violation of applicable laws, regulations, or industry standards, including those relating to data protection, privacy, employment, or the capture and use of photographic or video content;
  • Any act or omission of an Authorized User, contractor, or any person accessing the Services through Customer's accounts or credentials, whether authorized or unauthorized;
  • Any dispute between Customer and any third party arising from Customer's use of the Services or Customer's business operations.

The Company reserves the right, at its option, to assume the exclusive defense and control of any matter subject to indemnification by Customer, in which case Customer shall cooperate fully with the Company in asserting any available defenses. Customer shall not settle any indemnified claim without the Company's prior written consent if such settlement imposes any obligation or liability on the Company.

This indemnification obligation shall survive termination or expiration of this Agreement.

21. TERMINATION

This Agreement shall remain in effect for so long as Customer or any Authorized User accesses or uses the Services, unless terminated earlier in accordance with this Section.

The Company may, in its sole discretion and without liability, suspend, restrict, or terminate Customer's or any Authorized User's access to all or any portion of the Services immediately upon notice (or, where appropriate, without prior notice) if the Company determines, in good faith, that:

  • Customer has breached, or is reasonably suspected of breaching, any provision of this Agreement;
  • Customer's use of the Services presents a security risk, legal exposure, or potential harm to the Services, other customers, or third parties;
  • Fraudulent, abusive, or unauthorized activity has occurred or is suspected;
  • Customer has failed to pay applicable fees when due;
  • Continued provision of the Services may violate applicable law or regulatory requirements.

Upon termination or suspension of the Services:

  • All licenses and rights granted to Customer under this Agreement shall immediately cease;
  • Customer and all Authorized Users shall immediately discontinue use of the Services;
  • Access to Customer Accounts and associated environments may be disabled or revoked;
  • The Company may delete, deactivate, or otherwise render inaccessible Customer Data in accordance with its data retention and deletion policies.

The Company shall not be liable to Customer or any third party for any termination or suspension of access to the Services in accordance with this Agreement.

Any provisions of this Agreement which by their nature are intended to survive termination or expiration, including but not limited to confidentiality, intellectual property rights, limitation of liability, indemnification, and governing law, shall survive and remain in full force and effect.

22. AUDIT AND COMPLIANCE

The Company may, at its sole discretion, provide Customer with standard security, compliance, and operational documentation reasonably related to the Services, including summaries of applicable controls, policies, and procedures, for the purpose of facilitating Customer's internal governance, vendor risk assessments, or regulatory due diligence requirements.

Any such documentation is provided solely for informational purposes and shall not be construed as a representation, warranty, or guarantee of compliance with any specific legal, regulatory, or industry framework, unless expressly agreed in a separate written agreement executed by the Company.

Customer acknowledges that any audit rights, assessments, or due diligence activities are limited to non-intrusive review of documentation and may not include any form of penetration testing, vulnerability scanning, security testing, load testing, or other intrusive or disruptive activities without the Company's prior written consent, which may be granted or withheld in its sole discretion.

Any authorized audit activities, if permitted, shall be conducted in a manner that does not unreasonably interfere with the Company's operations, security posture, or obligations to other customers, and shall be subject to reasonable confidentiality and access restrictions.

The Company reserves the right to reasonably restrict or condition access to systems, environments, or information where such access could compromise security, data integrity, or multi-tenant isolation safeguards.

23. FORCE MAJEURE

Neither party shall be liable or responsible for any failure or delay in the performance of its obligations under this Agreement (except for payment obligations) to the extent such failure or delay is caused by or results from events, circumstances, or causes beyond its reasonable control, whether foreseeable or unforeseeable.

Such events may include, without limitation: acts of God, natural disasters, fire, flood, earthquake, severe weather, pandemics, epidemics, war, terrorism, civil unrest, labor disputes, governmental actions or restrictions, embargoes, utility failures, telecommunications or internet outages, widespread cyberattacks, distributed denial-of-service (DDoS) attacks, failures of third-party hosting providers or cloud infrastructure, or other disruptions affecting networks or systems essential to the provision of the Services.

The affected party shall use commercially reasonable efforts to mitigate the impact of such force majeure event and to resume performance of its obligations as soon as reasonably practicable under the circumstances.

If a force majeure event continues for an extended period such that performance is materially impaired, the Company may, in its sole discretion, suspend or modify the Services without liability, provided that such suspension or modification is reasonably necessary under the circumstances.

Any deadlines or performance obligations affected by a force majeure event shall be extended for a period equal to the duration of the event and any reasonable recovery period thereafter.

24. GOVERNING LAW AND ARBITRATION

This Agreement, and any dispute, claim, or controversy arising out of or relating to this Agreement or the Services, including its formation, interpretation, breach, termination, enforcement, or validity, shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of laws principles.

Except as otherwise expressly provided in this Section, the parties agree that any dispute arising out of or relating to this Agreement shall be resolved exclusively through final and binding arbitration, rather than in court, except that either party may seek injunctive or equitable relief in a court of competent jurisdiction to protect intellectual property rights, confidential information, or to prevent unauthorized access to or use of the Services.

The arbitration shall be administered by a recognized arbitration provider mutually agreed upon by the parties, and if no agreement is reached, by a nationally recognized arbitration association, in accordance with its applicable commercial arbitration rules in effect at the time the arbitration is initiated.

The arbitration shall be conducted by a single neutral arbitrator with substantial experience in commercial technology agreements. The seat and venue of arbitration shall be in Texas, unless otherwise agreed by the parties in writing, and proceedings may be conducted remotely where permitted by applicable rules.

The arbitrator shall have the authority to award any relief that a court of competent jurisdiction could award, including injunctive relief and damages, but shall not have authority to award punitive or exemplary damages except where such waiver is prohibited by law.

Each party shall bear its own attorneys? fees and costs, and shall share equally in the administrative and arbitrator fees, unless the arbitrator determines otherwise in a reasoned award.

Judgment on the arbitration award may be entered and enforced in any court of competent jurisdiction.

25. ENTIRE AGREEMENT

This Agreement, together with any order forms, supplemental terms, exhibits, schedules, or policies expressly incorporated by reference herein (collectively, the "Agreement"), constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, agreements, representations, and communications, whether written or oral, relating to such subject matter.

The parties acknowledge and agree that they have not relied upon any statement, representation, warranty, or understanding not expressly set forth in this Agreement in entering into this Agreement.

No purchase order, invoice, onboarding flow, click-through acceptance, or other document issued by Customer shall modify, supersede, or add to the terms of this Agreement unless expressly accepted in writing by an authorized representative of the Company.

In the event of any conflict or inconsistency between this Agreement and any incorporated document, the order of precedence shall be: (i) this Agreement, and (ii) the applicable order form or mutually executed written agreement, (iii) any ancillary documentation or policies referenced herein, unless expressly stated otherwise.

25. CONTACT INFORMATION

Metzger Enterprises LLC dba AutoRevolution
Mailing Address: 334 East Church Street, Lewisville TX 75057
Email: support@autorevolution.com
Phone: (972) 243-8460