ThirdProof, Inc.

1. Nature of Reports and Analytical Opinion Framework

All Reports generated by the Cloud Service constitute automated analytical opinions based on publicly available data as of the Assessment date and Provider's published, versioned methodology. Reports are protected expressions of opinion. Risk tier assignments, confidence scores, and analytical conclusions represent Provider's reasoned opinion based on the application of a published methodology to independently sourced public data. These opinions are provided to inform Customer's independent business judgment and do not constitute statements of fact regarding the investigated entity's fitness, quality, or compliance status.

Provider operates as an independent analytical platform, not as an auditor, certifying body, consumer reporting agency, regulatory authority, or legal advisor. No Report should be construed as a certification that any investigated vendor is compliant with any regulatory framework, free from risk, or suitable for any particular business purpose.

Provider's methodology is documented and versioned at thirdproof.ai/methodology. In the event the URL is unavailable, methodology documentation is available upon request at legal@thirdproof.ai.

2. Assessment Methodology and Versioning

Provider's risk tier assignment methodology is documented, versioned, and available at thirdproof.ai/methodology or upon request at legal@thirdproof.ai. Each Report identifies the methodology version in effect at the time of Assessment. Provider reserves the right to update its methodology upon 30 days written notice to Active Customers. Material Methodology Updates will be assigned a new version number and include a summary of changes. Assessments conducted under different methodology versions may produce different results for the same investigated entity. Customer acknowledges that methodology evolution is an inherent characteristic of AI-assisted analytical platforms and does not constitute a breach of this Agreement. Methodology updates apply prospectively only.

3. Investigated Third Parties

Reports assess third-party vendors, entities, and organizations that are not parties to this Agreement and have not provided information directly to Provider. Provider's Assessments rely exclusively on publicly available data sources. Investigated entities have not consented to Assessment, have not provided information to Provider, and bear no contractual relationship with Provider or Customer under this Agreement.

Provider makes no representation that Reports reflect all available information about any investigated entity. Customer is solely responsible for how it uses, shares, and acts upon Report findings.

If an investigated entity contacts Provider directly to dispute Report findings, Provider may in its sole discretion review the dispute and issue a corrected Report if warranted. Provider has no obligation to notify Customer of third-party disputes or corrections unless a corrected Report is issued.

4. Correction and Dispute Process

If Customer believes a Report contains a material factual error attributable to Provider's data processing rather than underlying third-party source data, Customer may submit a written correction request to support@thirdproof.ai with supporting documentation.

Provider will review the request within 10 business days and issue a corrected Report if the error is confirmed. Provider's determination following review is final with respect to whether a corrected Report will be issued. This correction process is an operational quality assurance mechanism and does not constitute a dispute resolution procedure under Section 26.

Submission of a correction request, Provider's review, and Provider's issuance of a corrected Report do not constitute an admission that the original Report was inaccurate, negligent, or defamatory. Provider's correction process is a quality assurance measure and does not create any inference of fault or liability. Provider's internal review communications and methodology assessments are confidential and proprietary.

Provider is not obligated to investigate or correct errors attributable to inaccuracies in underlying third-party data sources. Correction requests must be submitted within 90 days of the Assessment date.

5. Point-in-Time Assessments

All Reports reflect conditions as of the Assessment date only. Provider does not currently offer continuous monitoring services. Customer acknowledges that vendor risk profiles, compliance status, sanctions exposure, and all other assessed conditions may change materially after the Assessment date. Provider specifically disclaims any obligation to notify Customer of changes in investigated entity status occurring after Report generation. Customer is solely responsible for determining appropriate re-assessment frequency.

6. Data Source Independence and Limitations

Provider queries multiple independent public data sources simultaneously in generating Reports. The current number and identity of data sources is available at thirdproof.ai/learn or upon request at support@thirdproof.ai. Provider does not warrant the accuracy, completeness, currency, or availability of any individual data source. Individual data sources may be unavailable, delayed, or returning incomplete data at the time of Assessment. Reports will indicate where data sources were unavailable or returned incomplete results. The number and identity of data sources may change over time. Source changes do not constitute a material modification of this Agreement.

7. AI Synthesis and Automated Processing

Reports incorporate AI-assisted synthesis using large language model technology to generate executive summaries, risk narratives, compliance framework context, and analytical conclusions. AI-generated content is identified within Reports. Risk tier assignments are produced by rule-based logic applied to source evidence and are not subject to AI interpretation. While rule-based logic is designed to be deterministic and reproducible, Provider does not warrant the elimination of implementation errors in the rule engine.

AI-assisted synthesis may produce outputs containing errors, omissions, or inaccuracies not present in underlying source data (hallucination). Provider implements reasonable validation procedures but does not warrant the elimination of AI-generated errors. AI-assisted synthesis may incorrectly associate information from one entity with a similarly identified entity. Customer is solely responsible for independently verifying AI-generated narrative content before relying on it for any material business decision.

8. Cached Data and Temporal Limitations

Provider implements a source caching layer to improve Assessment speed and reduce redundant API calls. Cached data reflects conditions as of the cache retrieval date, which may precede the Assessment date. Reports will indicate the data retrieval date where available.

9. Independence Statement Scope

Independence statements included in Reports confirm that Assessments were conducted using publicly available data sources without vendor cooperation, vendor-supplied information, or vendor influence on Assessment methodology or findings. Independence statements confirm methodological independence only. Provider's Verified Vendor Program involves independent verification of vendor-supplied certifications against authoritative third-party sources. Participation in the Verified Vendor Program does not constitute vendor influence over Assessment methodology, risk tier assignments, or Report findings.

10. Network Intelligence and Anonymized Signals

Reports may incorporate anonymized Network Intelligence Signals reflecting aggregated Assessment and risk patterns across Provider's customer base. Network Intelligence Signals are statistical indicators derived from anonymized, aggregated data and do not identify or reflect the decisions of any specific organization. Provider implements statistical disclosure control measures designed to prevent identification of individual contributing organizations. Network Intelligence Signals are suppressed when the contributing customer pool falls below Provider's minimum anonymity threshold of five (5) distinct customer organizations.

Network Intelligence Signals are provided as informational context only and do not constitute recommendations to accept or reject any vendor. Customer's vendor risk decisions must be based on Customer's independent assessment of Report findings and Customer's own risk tolerance. Provider makes no warranty regarding the accuracy, completeness, or current relevance of Network Intelligence Signals.

11. Compliance Framework Context

Reports provide compliance framework context for frameworks including SOC 2, HIPAA, PCI-DSS, CMMC, ISO 27001, and others as implemented by Provider from time to time. Compliance framework context reflects Provider's analytical interpretation and does not constitute legal advice, a compliance determination, or a regulatory finding. Customer is solely responsible for verifying current compliance obligations with qualified legal counsel.

12. Limitation on Use in Legal Proceedings

Customer may not use Reports or any Provider output as evidence, supporting documentation, or expert opinion in any legal, regulatory, arbitration, or administrative proceeding without Provider's prior written consent, which may be withheld in Provider's sole discretion. If Customer is required by court order, regulatory subpoena, or other compulsory legal process to produce Reports, Customer shall notify Provider at legal@thirdproof.ai within 5 business days of receiving such order.

13. Prohibition on Vendor Notification

Customer may not share, disclose, forward, or otherwise communicate Report findings to the investigated vendor or entity without Provider's prior written consent. Notwithstanding the foregoing, Customer may disclose the existence of a ThirdProof Assessment and the general risk tier outcome to an investigated vendor to the extent required by applicable law, provided that Customer does not disclose the specific findings, evidence citations, confidence scores, source attributions, or methodology details contained in the Report without Provider's prior written consent. If Customer is required by compulsory legal process to disclose Reports to an investigated vendor, Customer shall notify Provider at legal@thirdproof.ai within 5 business days.

14. Provider Independence Declaration

Provider maintains structural independence from all investigated vendors and entities. Provider does not accept payment, compensation, data, or other consideration from investigated vendors in connection with the generation of Reports. Provider does not offer investigated vendors the ability to influence, modify, suppress, or remove Report findings through any commercial arrangement.

Provider's Assessment methodology and risk tier assignment logic are implemented as deterministic rules applied to source evidence. Vendor commercial status, including participation in the Verified Vendor Program, is architecturally separated from the analytical function and cannot influence risk tier assignments, confidence scores, or analytical conclusions. This architectural separation is documented in Provider's methodology, available at thirdproof.ai/methodology or upon request at legal@thirdproof.ai.

If Provider receives any unsolicited payment or offer of consideration from an investigated vendor, Provider will decline such payment.

15. Limitation of Liability

Provider's total aggregate liability to Customer for all claims arising from or related to any Report, Assessment, or the Cloud Service shall not exceed the General Cap Amount. Provider shall not be liable for any loss, damage, or claim arising from:

1. Customer's reliance on Report findings without independent verification;
2. changes in investigated entity status occurring after the Assessment date;
3. inaccuracies in underlying third-party data sources;
4. AI-generated synthesis errors, hallucinations, or entity association errors;
5. cached data that does not reflect current conditions;
6. unavailability, degradation, or failure of individual data sources at Assessment time, including events outside Provider's reasonable control;
7. entity identity confusion arising from inaccurate, incomplete, or ambiguous identification information submitted by Customer;
8. Customer's use of Reports in any manner inconsistent with the Use Limitations; or
9. technical failures in Provider's Assessment pipeline that result in incomplete Reports where such incompleteness is indicated in the Report.

16. Free Trial Terms

Free trial accounts are subject to all terms of this Agreement. Reports generated during a free trial are subject to the same analytical opinion framework applicable to paid Assessments. Provider reserves the right to terminate free trial access at any time without notice. Free trial accounts are limited to one per organization. Provider may terminate or decline free trial accounts that appear to duplicate a prior trial by the same organization.

Free trial accounts will not automatically convert to paid subscriptions. Customer must affirmatively select a paid subscription plan and provide valid payment information to continue service after the free trial period. Reports generated during the free trial remain accessible on the platform for 30 days following trial expiration. Provider has no obligation to retain Reports after this period. Reports downloaded or saved locally during the free trial are licensed for internal reference only and may not be used as a basis for vendor risk decisions, shared with third parties, or cited in audit or compliance documentation after the trial period expires unless Customer maintains an active paid subscription.

17. Feedback and Product Improvement

Customer may provide feedback, suggestions, or input regarding the Cloud Service (“Feedback”). Customer hereby assigns to Provider all right, title, and interest in Feedback. Provider may use Feedback for any purpose without restriction or attribution. This assignment does not transfer Customer's ownership of any underlying Customer Content, proprietary methodologies, or trade secrets that may be incidentally referenced in Feedback.

18. AI Training and Model Improvement

Provider will not use Customer data or Report outputs to train, fine-tune, or develop any AI model without Customer's prior written consent. The following are permitted without additional consent:

1. Using Customer-specific Assessment data in transient API calls to generate Reports for Customer, where such data is not retained beyond Report generation;
2. Using anonymized, aggregated Assessment metadata to improve Assessment methodology, prompt engineering, and output validation, subject to Provider's Privacy Policy at thirdproof.ai/privacy; and
3. Retaining anonymized, aggregated data for Network Intelligence Signals as described in Section 10.

Provider's use of third-party AI APIs is subject to those providers' terms of service. Provider represents that as of the Effective Date, Provider's AI API agreements do not permit use of Customer data for third-party AI model training without opt-in consent. Provider will notify Customer within 30 days if these agreements change materially.

19. Data Retention, Deletion, and Export

Provider retains Customer Assessment queries, Reports, and associated metadata for 24 months to support correction requests, audit trail requirements, and Customer access to historical Reports. Provider may delete Customer-identifiable data after the 24-month retention period without further notice.

Upon Customer's written request during the active Subscription Period or within 30 days of termination, Provider will deliver to Customer via email or secure download link Customer's Assessment queries and generated Reports in PDF format. This data export obligation survives termination of platform access and does not require active Cloud Service access.

Upon termination, Provider will delete Customer-identifiable data within 90 days upon written request to legal@thirdproof.ai. Provider will confirm deletion within 30 days of completing the process. Anonymized, aggregated data that cannot reasonably be attributed to Customer may be retained. SHA-256 hashed Report records may be retained indefinitely for audit integrity.

Provider will not sell, license, or transfer Customer data to third parties except as required by applicable law or necessary to operate the Cloud Service using approved subprocessors. A current list of subprocessors is available at thirdproof.ai/learn or upon request at legal@thirdproof.ai. Provider does not sell Customer data as defined under the California Consumer Privacy Act (CCPA) or any state privacy law.

20. FCRA Exclusion and Prohibited Uses

Provider is not a Consumer Reporting Agency as defined in 15 U.S.C. §1681a(f). Reports are not “consumer reports” as defined in 15 U.S.C. §1681a(d). Reports are designed exclusively for assessment of business entities and their organizational risk posture.

Customer shall not use Reports to evaluate, screen, or make decisions about any natural person for any purpose enumerated in 15 U.S.C. §1681b, including employment, credit, insurance, housing, or government benefits. Customer shall not use Reports as a factor in any decision affecting the rights, opportunities, or status of any identifiable natural person.

Customer represents and warrants that its use of the Cloud Service is exclusively for business-to-business vendor risk assessment and third-party due diligence concerning organizational entities.

Customer acknowledges that assessing sole proprietorships, single-member LLCs, or entities where a single individual is functionally inseparable from the entity may implicate consumer protection laws including the FCRA. Customer assumes all responsibility for determining whether an Assessment request may constitute a request for a consumer report and shall not submit Assessment requests that would result in Reports constituting consumer reports under applicable law.

21. Cross-Border and International Compliance

Customer is responsible for determining whether its use of the Cloud Service triggers obligations under the General Data Protection Regulation (GDPR), UK GDPR, or other international data protection regulations. To the extent any investigated entity is subject to GDPR and automated decision-making rights under Article 22, Customer is solely responsible for compliance with those obligations. Customer shall not use Reports as the sole basis for any decision that produces legal or similarly significant effects on any natural person subject to GDPR protections.

Provider does not currently classify the Cloud Service as a high-risk AI system under Regulation (EU) 2024/1689 (the EU AI Act). Provider will monitor evolving regulatory classification and update this assessment as guidance develops. Customers subject to the EU AI Act who deploy the Cloud Service as part of a regulated process are responsible for their own deployer obligations.

Provider maintains a current list of subprocessors at thirdproof.ai/learn or upon request at legal@thirdproof.ai. Provider will notify Active Customers of material subprocessor changes at least 30 days before the change takes effect. Customer may object to a new subprocessor within 15 days, and Provider will work in good faith to address the concern or offer Customer the option to terminate without penalty.

22. Autonomous Operation Acknowledgment

Customer acknowledges that the Cloud Service operates autonomously, querying multiple independent data sources, synthesizing evidence using AI, and generating Reports without human review or intervention prior to delivery. Risk tier assignments are produced by rule-based logic applied to source evidence. AI-generated narrative content is descriptive and does not determine the risk tier. Customer is responsible for human review of all Reports before reliance. Customer shall not treat any Report as a final determination without independent verification of material findings by qualified personnel.

23. Suspension and Termination

Provider may suspend Customer's access to the Cloud Service immediately upon reasonable belief that Customer is in material breach of this Agreement, including the Use Limitations. Provider will provide written notice of the suspension and the basis for the suspension within 2 business days.

For curable breaches, Customer will have 10 business days from notice to cure the breach. If not cured within this period, Provider may terminate this Agreement. For incurable breaches, including willful violations of the Use Limitations, Provider may terminate immediately upon written notice.

Upon termination, Customer's access to the Cloud Service will cease immediately, subject to the data export provisions in Section 19. Customer's obligations under the Use Limitations, Covered Claims, and Sections 1, 7, 12, 13, 14, 15, 19, 20, 21, 22, 24, 26, 29, 30, 34, 35, 36, 37, and 38 survive termination.

24. Intellectual Property Ownership

Provider retains all right, title, and interest in the Cloud Service, Assessment methodology, algorithms, and platform technology. Reports generated for Customer are licensed, not sold, to Customer under the Use Limitations of this Agreement. Customer retains ownership of Customer Content. Provider retains ownership of Report structure, format, analytical framework, and AI-generated narrative content. Customer receives a non-exclusive, non-transferable, perpetual license to use Reports generated under paid subscriptions for Customer's internal purposes consistent with the Use Limitations.

25. Overage and Plan Limits

Subscription plans include a specified number of Assessments per Subscription Period as described at thirdproof.ai/#pricing or upon request at support@thirdproof.ai. Assessments exceeding the plan limit will be queued until the next Subscription Period unless Customer upgrades to a higher tier. Customer will be notified when approaching the plan limit. No refunds or prorations will be issued for completed or partially completed Subscription Periods, unused Assessments, plan downgrades, or early cancellation. In the event of a material service failure resulting in inability to generate Reports for 48 or more consecutive hours, Customer may request a service credit applicable to the next Subscription Period, not to exceed the prorated value of the affected period.

26. Dispute Resolution

The parties agree to attempt to resolve any dispute arising from or related to this Agreement through good-faith negotiation for 30 days. If unresolved, disputes will be submitted to binding arbitration under the rules of the American Arbitration Association, conducted in Delaware or remotely at the parties' mutual agreement. For disputes where the amount in controversy is less than $25,000, the arbitration shall be conducted under the AAA's Simplified Arbitration Rules. The arbitrator's award is final and may be entered in any court of competent jurisdiction.

Notwithstanding the foregoing, either party may seek injunctive relief in the Chosen Courts for any breach of confidentiality obligations, intellectual property rights, or the Use Limitations. Either party may bring claims in small claims court in the Chosen Courts if the dispute qualifies under the court's jurisdictional limits.

EACH PARTY WAIVES ITS RIGHT TO A JURY TRIAL FOR ANY DISPUTE ARISING FROM OR RELATED TO THIS AGREEMENT. ALL DISPUTES MUST BE BROUGHT IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING.

27. Force Majeure

Neither party shall be liable for any failure to perform obligations under this Agreement due to causes beyond its reasonable control, including natural disasters, pandemics, government actions, war, terrorism, cyber attacks, third-party service provider outages, or internet disruptions. The affected party shall provide prompt notice and use commercially reasonable efforts to resume performance.

28. Assignment

Neither party may assign this Agreement without the other party's prior written consent, except that either party may assign this Agreement to a successor entity in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the successor agrees to be bound by the terms of this Agreement. Provider may assign this Agreement to a subsidiary or affiliate without Customer consent.

29. Severability

If any provision of this Agreement is found to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving its original intent.

30. Entire Agreement

This Agreement, including the Order Form, Key Terms, Definitions, General Terms, and all attachments and supplements referenced herein, constitutes the entire agreement between the parties regarding the subject matter hereof and supersedes all prior agreements and understandings, whether written or oral.

31. Partner and Reseller Arrangements

Customer's access to the Cloud Service through a partner, reseller, or managed service provider is governed by this Agreement plus any additional terms contained in a separately executed Partner Agreement between Provider and the partner. In the event of a conflict between this Agreement and a Partner Agreement, the Partner Agreement will control with respect to the partner relationship. Provider's obligations to Customer under this Agreement are not modified by any Partner Agreement unless Customer is a party to such agreement.

32. Service Continuity

In the event Provider ceases commercial operations or discontinues the Cloud Service, Provider will use commercially reasonable efforts to provide Active Customers with at least 60 days written notice prior to discontinuation and will make Customer's Assessment queries and generated Reports available for export in PDF format during the notice period.

33. Access and License Grant

During the Subscription Period and subject to the terms of this Agreement, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Cloud Service for Customer's internal business purposes. This right is limited to the number of Assessments included in Customer's subscription tier and is conditioned on Customer's compliance with the Use Limitations and all other terms of this Agreement.

34. Confidentiality

Each party (“Receiving Party”) agrees to protect the confidential information of the other party (“Disclosing Party”) using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care. Confidential information includes any non-public information disclosed by either party that is designated as confidential or that a reasonable person would understand to be confidential given the circumstances, including Provider's methodology implementation details, pricing structures, product roadmap, and source code, and Customer's Assessment queries, vendor relationships, and internal compliance processes.

Confidential information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was already known to the Receiving Party without restriction before disclosure; (c) is independently developed by the Receiving Party without use of the Disclosing Party's confidential information; or (d) is rightfully received from a third party without restriction.

A Receiving Party may disclose confidential information to the extent required by applicable law, regulation, or court order, provided the Receiving Party gives the Disclosing Party prompt notice (to the extent legally permitted) and reasonable assistance in seeking a protective order.

35. Indemnification Procedures

The indemnified party shall: (a) promptly notify the indemnifying party of any claim for which indemnification is sought; (b) grant the indemnifying party sole control of the defense and settlement of the claim, provided the indemnifying party may not settle any claim in a manner that imposes obligations on the indemnified party or admits fault on behalf of the indemnified party without the indemnified party's prior written consent; and (c) provide reasonable cooperation at the indemnifying party's expense. Failure to provide prompt notice does not relieve the indemnifying party of its indemnification obligations except to the extent the indemnifying party is materially prejudiced by the delay.

36. Consequential Damages Waiver

IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF BUSINESS OPPORTUNITIES, COST OF COVER, OR REPUTATIONAL HARM, ARISING FROM OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE, EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS WAIVER APPLIES TO ALL CLAIMS EXCEPT: (A) PROVIDER'S INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT; AND (B) EITHER PARTY'S BREACH OF SECTION 34 (CONFIDENTIALITY).

37. Disclaimer of Warranties

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE CLOUD SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE.” PROVIDER MAKES NO WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, OR QUIET ENJOYMENT. PROVIDER DOES NOT WARRANT THAT THE CLOUD SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. CUSTOMER ASSUMES ALL RISK ARISING FROM USE OF THE CLOUD SERVICE.

38. Taxes

All Fees are exclusive of taxes. Customer is responsible for all sales, use, value-added, and similar taxes arising from this Agreement, excluding taxes based on Provider's net income. If Provider is required to collect or remit any such taxes, Provider will invoice Customer and Customer will pay the taxes. If Customer is required by law to withhold taxes from payments to Provider, Customer will provide Provider with documentation of the withholding sufficient for Provider to claim a credit or refund.

39. Notices

All notices under this Agreement must be in writing and sent to the Notice Addresses specified in this Agreement. Notices are effective upon: (a) personal delivery; (b) the second business day after sending by email with confirmation of receipt; or (c) the fifth business day after sending by nationally recognized overnight courier. Provider may also provide operational notices (including methodology updates, pricing changes, and subprocessor changes) via email to Customer's account email address or via notification within the Cloud Service.

40. Waiver

No failure or delay by either party in exercising any right under this Agreement constitutes a waiver of that right. A waiver of any right must be in writing and signed by the waiving party. A waiver of one right does not constitute a waiver of any other right.

41. Amendments

Provider may update these Terms of Service by posting the revised terms at thirdproof.ai/terms and providing Active Customers with at least 30 days written notice before the changes take effect. Continued use of the Cloud Service after the effective date of the updated terms constitutes acceptance. If Customer does not agree to the updated terms, Customer may cancel before the end of the current Subscription Period.