Exhibit 10.1

CERTAIN INFORMATION HAS BEEN EXCLUDED FROM THIS EXHIBIT BECAUSE IT BOTH (I) IS NOT MATERIAL AND (II) THE TYPE THAT THE COMPANY TREATS AS PRIVATE OR CONFIDENTIAL. TEXT OMITTED FROM THIS EXHIBIT IS MARKED WITH *****

CLOUD SERVICES AGREEMENT

This Cloud Services Agreement (this “Agreement”) is entered into on April 22, 2026 in the State of Nevada, United States, by and between the following Parties:

Article 1 — Subject Matter and Definitions

1.1 The “Services” under this Agreement refer to the cloud computing, AI model API access, and related value-added services independently provided by Party B to Party A, utilizing ***** cloud infrastructure. Party B acts as the principal service provider, with discretion over service scope, pricing, technical architecture and delivery, and assumes primary responsibility for service quality and delivery. Party A shall access the Services via APIs and the management platform provided by Party B. Party B is responsible for account provisioning, configuration, operations, technical support, billing and compliance advisory.

1.2 “Parties” under this Agreement refer only to Party A and Party B as set forth above.

1.3 “Lock-In” means any agreement, annex, order or supplement confirmed by email or signed by both Parties, which neither Party may unilaterally change (including price, configuration or quantity). Any amendment shall be valid only upon written signature or seal of both Parties. Lock-In applies for a defined period, including order/quote validity periods and the effective term of the relevant instrument.

Article 2 — Services and Fees

2.1 Scope of Services

2.1.1 Party B shall provide to Party A: (a) cloud computing services — Party B delivers cloud computing resources to Party A utilizing ***** cloud infrastructure, with the scope of available services referencing ***** product catalog at https: *****; (b) API access to large language models and AI models hosted on cloud platforms; and (c) value-added services including cloud architecture design and optimization, technical support and troubleshooting, billing and cost analysis, migration planning, security and compliance advisory, and related technical training. Party B assumes independent responsibility for the delivery and quality of the foregoing Services.

2.1.2 Pricing and Billing. Party A shall be charged based on actual usage, with pricing referenced to ***** published rates. Discounts are set out in Annex 1 (Business Terms). Consumption relating to ***** Marketplace products is not discounted and shall be billed at official invoiced amounts.

2.1.3 Data Ownership. Party A retains full ownership of all data, content and information stored, processed or transmitted through the Services (“Customer Data”). Party B shall access Customer Data only to the extent necessary to perform its obligations and shall not use Customer Data for any other purpose.

2.2 Rights and Obligations of Party A

2.2.1 Party A shall use the Services lawfully and in compliance with applicable laws, regulations and public morality.

2.2.2 Party A shall provide true, complete and accurate information regarding its identity and intended use of the Services, and shall cooperate with reasonable compliance reviews by Party B and upstream cloud providers (including export control and sanctions due diligence under Clause 2.7). Party A shall notify Party B in writing within ten (10) business days of any material change (including ownership, control, intended use or end users).

2.2.3 Party A shall pay all fees under this Agreement in full and on time, and is responsible for all activity under its account. Party A is responsible for its own data generated through the Services.

2.3 Rights and Obligations of Party B

2.3.1 Party B shall provide the cloud services, AI model API services and related value-added services to Party A on a stable basis and shall charge fees as agreed. Party B represents and warrants that it has the full legal rights, power and authority to enter into this Agreement and provide all Services under this Agreement to Party A, and that such Services do not violate any third-party rights or applicable laws and regulations.

2.3.2 Party B shall maintain the qualifications and supplier relationships necessary to deliver the Services during the term. Party B shall promptly notify Party A in writing of any material change.

2.3.3 Party B shall comply with applicable laws and regulations and shall keep Party A’s confidential information and Customer Data confidential to the extent reasonably known to it.

2.4 Scope of Service Responsibility

2.4 Party B provides the Services to Party A independently under this Agreement, contracting in its own name, issuing invoices and bearing the corresponding service responsibility. Party A acknowledges that underlying cloud resources and third-party models are provided by upstream suppliers. For service interruptions, data loss, or account restrictions caused by supplier infrastructure failures, supplier policy changes, supplier compliance reviews, supplier maintenance or upgrades, or other events not attributable to Party B’s acts or omissions, Party B’s liability to Party A shall be limited to: (i) passing through to Party A any service credits, refunds, or remedies actually received by Party B from the relevant supplier in respect of the affected Services; and (ii) providing commercially reasonable assistance to Party A in pursuing such remedies. Party B shall use commercially reasonable efforts to obtain available remedies from upstream suppliers on Party A’s behalf. Nothing in this Clause 2.4 shall limit Party B’s liability for its own willful misconduct or gross negligence, or Party B’s obligations under Articles 6 and 7.

2.5 Restricted Recipients

2.5 Without Party B’s prior written consent, Party A shall not, directly or indirectly, use the Services for the benefit of, or to provide services to, the following entities and their affiliates: MINIMAX, Z.ai and KIMI (the “Restricted Entities”). Party A shall not permit its affiliates or end users to use the Services for the benefit of any Restricted Entity. Party B may immediately suspend the Services and investigate upon reasonable suspicion. A confirmed breach constitutes a material breach and Party B may terminate this Agreement immediately.

2.6 Prohibition on Model Distillation

2.6 Party A acknowledges that the LLM services provided under this Agreement are subject to the terms of the relevant cloud supplier and model provider, which generally prohibit or restrict model distillation. Party A shall use reasonable technical and organizational measures to prevent use of the Services for model distillation or any form of model training, fine-tuning, extraction or replication. Party A shall indemnify Party B in full for any loss arising from the model provider’s enforcement, penalty or termination caused by Party A’s breach of this clause.

2.7 Compliance Requirements

2.7.1 Cloud and Third-Party Model Terms. Party A confirms that it has reviewed and agrees to comply with the following terms as conditions precedent to its use of the Services: (a) ***** Service Terms (https:/ *****); (b) ***** Customer Agreement (https:// *****/); and (c) the Anthropic End-User License Agreement for Claude models on ***** (https:// *****). Party A specifically acknowledges and undertakes: (i) under Clause D.2 of the Anthropic EULA, Party A’s use of Claude on Bedrock is subject to Anthropic’s Usage Policy, supported-region policy and specific service terms, and Party A shall cooperate with reasonable verification requests by Anthropic or Party B; and (ii) under Clause D.4 of the Anthropic EULA, Party A shall not use the Services to build products or services competitive with Anthropic, nor independently redistribute the Services absent Anthropic’s express written approval; Party A represents and warrants that its technical architecture does not allow end users to select or specify which model processes their requests.

2.7.2 Export Control and Sanctions. Party A hereby represents, warrants and undertakes to Party B and its upstream suppliers as follows: (a) Ownership and Control: Party A is not owned or controlled, directly or indirectly, by (i) any government or military of a Sanctioned Jurisdiction; (ii) any person or entity on the

U.S. Treasury SDN List, U.S. Commerce Entity List, or any U.S. State Department restricted party list; or (iii) any “military-industrial complex company” under Section 1260H of the U.S. National Defense Authorization Act. (b) Sanctioned Persons and Jurisdictions: Party A is not a Sanctioned Person and is not owned or controlled by one or more Sanctioned Persons; Party A is not organized in, and does not operate in, Cuba, Iran, North Korea, Syria, or the Crimea, Luhansk, Donetsk, Kherson or Zaporizhzhia regions of Ukraine, or any other embargoed territory (the “Sanctioned Jurisdictions”), and is not owned directly or indirectly by an entity organized in, or a citizen of, any such jurisdiction. (c) Non-Military End-User: Party A is not a “military end-user” as defined under U.S. law with respect to China, Cambodia, Nicaragua, Russia, Belarus, Myanmar (Burma), Venezuela, or any other restricted country.

2.7.3 Intended Use and Prohibited Activities. Party A shall use the Services solely for lawful commercial or internal business purposes and shall not use the Services for: (a) AI model training, fine-tuning or large-scale model development that violates U.S. export controls or exceeds applicable U.S. regulatory thresholds without prior written authorization from Party B and the relevant supplier; (b) supercomputing, advanced computing or other activities restricted under Part 744 of the EAR; (c) development, design, production or use of weapons, military systems or surveillance systems restricted by U.S. law; (d) activities for the benefit of the government or military of any Sanctioned Jurisdiction or any sanctioned or restricted party; (e) export, re-export, transfer or release of the Services in violation of the EAR; or (f) any end use prohibited by export control and sanctions laws, including military, missile, nuclear, chemical or biological weapons proliferation.

2.7.4 Prohibited AI Systems and Compute Thresholds. Party A shall not, and does not intend to, use the Services to develop any AI system designed or intended exclusively for: (a) military end use (e.g., weapons targeting, target identification, combat simulation, military vehicle or weapons control, military decision-making, weapons design (including chemical, biological, radiological or nuclear weapons), or combat system logistics and maintenance); or (b) government intelligence or mass-surveillance end use (e.g., through features such as text/audio/video mining, image recognition, location tracking or covert listening). Party A shall not, and does not intend to, use the Services to train any AI system using a quantity of computing power greater than: (i) 10^25 computational operations (integer or floating-point); or (ii) 10^24 computational operations primarily using biological sequence data.

2.7.5 Cooperation, Notification and Recordkeeping. Party A shall: (a) notify Party B in writing within ten (10) business days of any change in its ownership, control structure or intended end use that may trigger export control implications; (b) cooperate with Party B and upstream suppliers in any export control inquiry, audit or regulatory request, and upon reasonable request provide a complete and accurate description of its corporate structure, controlling persons and intended use; (c) maintain records relating to its use of the Services for at least five (5) years; and (d) suspend use of the Services if required by applicable law or requested by Party B for compliance reasons. The individual executing this Agreement is duly authorized to bind Party A to the undertakings in this Clause 2.7; and if any representation becomes inaccurate or misleading, Party A shall promptly notify Party B in writing.

2.7.6 Consequences of Breach. This Clause 2.7 constitutes a condition precedent to Party A’s use of the Services. Breach of any provision of this Clause 2.7 constitutes a material breach, entitling Party B to immediately suspend or terminate the Services. Party A shall indemnify Party B for all resulting losses, uncapped by Clause 6.4. Party A shall cooperate with compliance verification and provide supporting documentation within ten (10) business days of Party B’s request.

2.8 Service Levels

2.8 Service levels under this Agreement follow the SLAs published by the ***** cloud supplier and the relevant model providers.

Notwithstanding anything to the contrary in this Agreement, if the Services provided by Party B are unavailable for more than three (3) consecutive days solely due to causes directly attributable to Party B (and excluding, for the avoidance of doubt, any unavailability caused, in whole or in part, by ***** or other upstream cloud suppliers, model service providers, any third party, Party A’s acts or omissions, force majeure, or any other event beyond Party B’s reasonable control), Party A shall promptly give Party B written notice specifying the nature of the unavailability. Party B shall have seven (7) business days from receipt of such notice to cure the unavailability. If Party B fails to cure within such cure period, Party A may terminate this Agreement (or the affected portion of the Services) upon written notice to Party B. In such event, Party B’s liability to Party A shall be limited to direct damages actually and reasonably incurred by Party A as a direct result of Party B’s failure to cure, and shall in all cases be subject to the limitation of liability set forth in Clause 6.4. Party B shall not be liable for any indirect, incidental, special, punitive or consequential damages. The Parties shall act in good faith to resolve any service unavailability amicably before invoking this termination right.

2.9 Usage Monitoring and Credit Limit

2.9 Party B may continuously monitor Party A’s usage and unbilled balance (invoiced and real-time consumption, the “Credit Exposure”) and set a credit limit based on projected usage and internal credit assessment, notified in writing. If the Credit Exposure exceeds the limit or the performance deposit balance, Party B may, after notice, suspend new provisioning or restrict usage growth until Party A cures. If cumulative unpaid amounts exceed USD 50,000, Party B may give written notice requiring payment within thirty (30) business days; failing which Party B may suspend all or part of the Services. If monthly usage materially exceeds USD 50,000, Party B may require Party A to top up the performance deposit within ten (10) business days of notice, in an amount reasonably commensurate with the increased usage, confirmed in writing.

Article 3 — Fees and Payment

3.1 Additional service needs may be confirmed by supplemental agreement. Once signed, such supplements constitute a “Lock-In,” which neither Party may unilaterally change (including price, configuration and quantity), save by mutual agreement.

3.2 Fees are based on actual usage and denominated in U.S. Dollars (USD). There is no fixed contract amount; the final fee is determined by actual usage.

3.3.1 Monthly Post-Payment. Party A shall pay within ten (10) days of an undisputed invoice (provided that Party A shall notify Party B in writing of any dispute with respect to an invoice within five (5) business days of receipt; failing which, the invoice shall be deemed undisputed and payable in accordance with this Clause 3.3.1). Late payments bear a daily penalty of 0.05% on overdue amounts, with the total penalty capped at 3% of the overdue amount.

3.3.2 Monthly Reconciliation. The Parties shall reconcile monthly. Party B shall provide detailed usage and charge statements by the third (3rd) business day of each month. Party A shall review and confirm within ten (10) business days of receipt. Disputes must be raised in writing within that period, to be resolved within fourteen (14) days. Party A reserves the right to raise manifest errors or overcharges within ninety (90) days after acceptance.

3.4 Party B shall deliver monthly invoices within five (5) days after the monthly reconciliation. Any prepaid deposit or fees, save where termination is caused by Party A’s breach, shall be refunded (unused portion, without interest) within thirty (30) business days of termination.

3.5 Party A shall pay via corporate bank transfer to the account set forth in the “Wiring Instructions” section of Annex 1, or such other account as Party B may designate in writing in accordance with Article 11. Party B’s wiring instructions shall also be noted on the invoice.

3.6 Independence of Payment Obligation. Party A’s payment obligations are independent of the settlement arrangement between Party B and its upstream suppliers. Party A shall not refuse or delay payment based on any dispute between Party B and its suppliers. Party B may adjust the billing cycle in line with the supplier’s cycle, subject to prior written notice.

3.7 Performance Deposit. Party A shall pay the performance deposit (amount in Annex 1) after signing and before service activation. Party B has no obligation to activate Services until the deposit is received. Party B may deduct overdue amounts, liquidated damages and reasonable expenses from the deposit. Party A shall replenish the deposit within five (5) business days of notice, failing which Party B may suspend the Services. Upon termination with no outstanding amounts, Party B shall refund the remaining deposit (without interest) within thirty (30) business days.

Article 4 — Term and Amendment

4.1 This Agreement becomes effective upon commencement of Services. Unless either Party gives written non-renewal notice at least sixty (60) days before expiry, the term shall automatically renew for one (1) year. Any amendment shall be effected by a new signed agreement.

4.2 During the term, additional needs shall be addressed by supplemental agreement.

Article 5 — Termination and Default

5.1 This Agreement terminates in the following circumstances, without liability to the other Party (provided that the terminating Party gives written notice): (a) dissolution of either Party (excluding reorganization, renaming or merger); (b) material breach by one Party entitling the other to terminate; (c) force majeure or mutual agreement; or (d) termination required by law.

5.2 Unless otherwise agreed in this Agreement, neither Party may unilaterally terminate without cause during the term, failing which it shall bear liability for breach.

5.3 Upon expiry, if Party A fails to pay renewal fees, the Agreement shall be deemed terminated and Party B shall cease providing the Services to Party A.

5.4 During the term, upon Party A’s late payment for over seven (7) days, Party B may suspend the Services until cure; if overdue for more than thirty (30) days, Party B may unilaterally terminate and require payment of all amounts due plus damages.

5.5 If a Party fails to perform or materially breaches its obligations such that performance is impossible or unnecessary, such breach shall be treated as that Party’s unilateral termination, and the non-breaching Party may terminate and claim damages.

5.6 Accelerated Suspension. Notwithstanding the above, if Party A’s unpaid amounts or abnormal usage trigger the cloud supplier’s risk controls or expose Party B to suspension, Party B may, within three (3) business days of written notice (including email), suspend all or part of the Services until full payment or adequate security is provided. In urgent cases (including where the supplier has issued a suspension notice or the account is flagged as high-risk), Party B may suspend immediately without prior notice and notify Party A promptly thereafter. Good-faith exercise of this right shall not constitute a breach.

5.7 Party A’s Termination for Convenience. Party A may terminate this Agreement upon thirty (30) days’ prior written notice, and shall pay all fees accrued through the effective date of termination (including used but unbilled amounts).

5.8 Party B’s Termination for Convenience. Party B may terminate this Agreement upon thirty (30) days’ prior written notice, refunding any unused prepayments and remaining deposit (if any) within ten (10) days after the effective date of termination.

5.9 Supply-Chain Termination. If Party B’s cloud supplier or model provider terminates, suspends or materially changes its relationship with Party B, or if due to supplier policy change or loss of qualification beyond Party B’s reasonable control Party B cannot continue providing all or part of the Services, Party B may terminate this Agreement or the affected portion by providing a seven (7) day prior written notice without being in breach. Party B shall notify Party A promptly and refund prepayments for undelivered Services.

5.10 Post-Termination. Upon termination for any reason: (a) Party A shall export all Customer Data before the effective date; Party B shall assist for thirty (30) days post-termination, after which Party B may delete Customer Data without liability; (b) the Parties shall complete final reconciliation and settlement within thirty (30) days; (c) Party A shall immediately cease use of the Services and Party B may close Party A’s account. During the notice period, Party B shall cooperate within reason to enable data migration and transition, but shall not be obliged to proactively provide substitute solutions or continued service; Party A is responsible for any onward arrangements.

Article 6 — Limitation of Liability

6.1 Short interruptions for service configuration or maintenance, or slower access caused by Internet congestion, do not constitute a breach, and Party B shall notify Party A three (3) days in advance (promptly for urgent matters). Events caused by Y2K issues, hackers, viruses, or telecom technical adjustments shall not constitute a breach, and Party B shall notify Party A promptly.

6.2 Party B shall not be liable for losses caused by any third party’s fault or delay.

6.3 Party B shall not be liable to any third party receiving the Services indirectly through Party A.

6.4 Liability Cap. Except as otherwise agreed, either Party’s aggregate liability (whether in contract, tort or otherwise) shall not exceed fees actually paid by Party A during the three (3) months preceding the relevant event. The cap shall not apply to: (a) fraud or willful breach; or (b) Party A’s payment obligations (including deposit top-ups).

6.5 Party A Misuse and Supplier Recourse. Where Party A’s improper use or breach (including unlawful activity, unauthorized provision of services to third parties, disclosure of confidential information, violation of Clause 2.5, model distillation, non-payment, or breach of supplier terms) causes loss to Party B, the cloud supplier, the model provider or any third party, Party A shall bear full indemnification. If the supplier or model provider imposes fines on Party B, forfeits credits, demands joint indemnification, claws back discounts, or suspends or terminates Party B’s account, Party A shall fully indemnify Party B for all direct and indirect losses (including compensation for disruption to other Party B customers, deposit deductions imposed on Party B, and reasonable restoration costs).

6.6 Exclusion of Indirect Damages. Neither Party shall be liable for indirect, incidental, special, punitive or consequential damages, including loss of profits, data, business interruption or goodwill, whether or not foreseeable.

6.7 Party A Indemnity. Party A shall indemnify and hold harmless Party B and its affiliates, directors, officers and employees against all claims, losses, damages and costs (including reasonable attorneys’ fees) arising from: (a) Party A’s breach of this Agreement; (b) infringement of third-party IP or other rights through Party A’s or its users’ use of the Services; and (c) Customer Data violating applicable laws.

Article 7 — Dispute Resolution

7.1 Good-Faith Negotiation. Any dispute, claim or controversy arising out of or relating to this Agreement, or the breach, termination, enforcement, interpretation or validity thereof (each, a “Dispute”), shall first be addressed by good-faith negotiation between senior representatives of the Parties for a period of thirty (30) days following written notice of the Dispute.

7.2 Binding Arbitration. If the Dispute is not resolved through negotiation, the Dispute shall be finally resolved by binding arbitration administered by JAMS in accordance with its Comprehensive Arbitration Rules and Procedures (or, at the Parties’ mutual election, by the American Arbitration Association under its Commercial Arbitration Rules). The arbitration shall be conducted by a single neutral arbitrator mutually selected by the Parties; if the Parties cannot agree within fifteen (15) days, the arbitrator shall be appointed by JAMS (or AAA, as applicable). The seat and legal place of arbitration shall be Las Vegas, Nevada, and the language of the arbitration shall be English. The arbitrator shall have authority to grant any remedy or relief (including interim or provisional relief) available under Nevada law, subject to the limitations of liability set forth in this Agreement. The arbitral award shall be final and binding on the Parties, and judgment upon the award may be entered in any court of competent jurisdiction. The arbitration shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1 et seq.).

7.3 Confidentiality of Arbitration. The existence, content and result of the arbitration shall be kept strictly confidential by the Parties and the arbitrator, except to the extent disclosure is required by law, regulation, or to enforce or challenge the award.

7.4 Costs and Fees. Each Party shall bear its own attorneys’ fees and costs, and the Parties shall share equally the fees of the arbitrator and the arbitration institution, unless the arbitrator determines that a Party has acted in bad faith or frivolously, in which case the arbitrator may award reasonable attorneys’ fees and costs to the prevailing Party.

7.5 Interim Relief; Judicial Exceptions. Notwithstanding the foregoing, either Party may seek temporary or preliminary injunctive or equitable relief in any court of competent jurisdiction located in the State of Nevada to protect its intellectual property, confidential information, or to prevent irreparable harm, pending the outcome of arbitration. The Parties consent to the exclusive personal jurisdiction and venue of the state and federal courts located in Clark County, Nevada, for any such action.

7.6 Class Action Waiver. To the fullest extent permitted by applicable law, all Disputes shall be resolved on an individual basis only, and neither Party shall pursue or participate in any class, collective, representative, or consolidated action against the other.

Article 8 — Force Majeure

8.1 If either Party is prevented or delayed by force majeure, it shall notify the other in writing within five (5) days of the event and submit supporting evidence within twenty (20) days. The affected Party shall not be treated as in breach.

8.2 The affected Party shall take all necessary mitigation measures and resume performance promptly after the event, unless performance has become impossible or unnecessary.

8.3 “Force Majeure” means objective events that are unforeseeable, unavoidable and insurmountable, including natural disasters, war, civil unrest, government controls, sudden policy changes, strikes and material market disruption. For the avoidance of doubt, force majeure does not include either Party’s lack of funds, payment capacity or financing difficulties.

8.4 Public Cloud Disruption. For the avoidance of doubt, any large-scale outage, platform failure or unavailability of a public cloud supplier (including ***** or other cloud providers) not attributable to Party B shall be deemed force majeure. Party B shall not be liable for breach in such event but shall promptly notify Party A and assist in seeking supplier remedies.

Article 9 — Confidentiality

9.1 Each Party shall keep confidential any trade secrets or technical or business information of the other Party obtained during this Agreement and shall not disclose to any third party, except as required by applicable law or with the other Party’s written consent.

9.2 The confidentiality obligations shall survive termination of this Agreement.

9.3 “Confidential Information” means all non-public information disclosed by one Party to the other during this Agreement, including its terms, business plans, customer data, technical materials and pricing. Excluded information: (a) publicly known at the time of disclosure; (b) lawfully known to the recipient before disclosure; (c) lawfully obtained from a third party entitled to disclose; or (d) independently developed.

Article 10 — Reservation of Rights

10.1 Failure by either Party to exercise a right or to act upon a breach shall not constitute a waiver of such right or the right to claim damages. Any waiver must be in writing and limited to the matter stated.

Article 11 — Notices

11.1 Any notice or communication under this Agreement shall be effective upon actual receipt by the addressee, regardless of delivery method.

11.2 “Actual receipt” means delivery to the addressee’s statutory address, residence or designated communication address.

11.3 If a Party changes its communication address or method, it shall notify the other within ten (10) business days, failing which it shall bear the resulting consequences.

Article 12 — Interpretation, Governing Law, Effectiveness and Miscellaneous

12.1 Governing Law. Termination, expiry or invalidity of any provision shall not affect the provisions on interpretation, default, intellectual property, governing law, liability cap, indemnity and dispute resolution. This Agreement shall be governed by and construed in accordance with the laws of the State of Nevada, United States, without regard to its conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.

12.2 The Parties shall perform this Agreement in good faith. If either Party employs fraud, coercion or violence, the other may terminate and claim damages.

12.3 In case of inconsistency between this Agreement and prior terms or representations by Party B, this Agreement prevails.

12.4 Neither Party may transfer or license its rights or obligations to any third party without mutual consent, save for reorganization, merger or renaming, which shall be notified to the other Party.

12.5 This Agreement is executed in two originals, one for each Party. Annexes, supplements and emails confirmed by both Parties have the same legal effect as this Agreement.

12.6 Survival. The following shall survive termination or expiry: clauses of Article 2 concerning data protection and use restrictions, Article 6 (limitation of liability), Article 7 (dispute resolution), Article 9 (confidentiality), Article 12 (governing law and miscellaneous), and any other clauses that by their nature should survive.

12.7 Entire Agreement. This Agreement (including its Annexes and Business Terms) constitutes the entire agreement between the Parties regarding its subject matter, superseding all prior oral or written negotiations, representations and commitments.

12.8 Severability. If any provision is held invalid, illegal or unenforceable by a court or arbitral tribunal of competent jurisdiction, such provision shall be severed to the extent necessary, and the remainder shall remain in full force.

12.9 Assignment Restriction. Neither Party may assign this Agreement in whole or in part without the other Party’s prior written consent. Any assignment in violation of this clause shall be void.

12.10 Language. This Agreement is drafted and executed in the English language, which shall be the sole authoritative version for all purposes, including interpretation, construction and dispute resolution.

Party A (XMax AI Inc.):

ANNEX 1 — BUSINESS TERMS

Discount and Monthly Minimum Consumption

The model and cloud resource discount rates set forth in this Annex 1 apply to cumulative consumption up to the discount cap within each consecutive twelve (12) month period commencing from the service activation date (the “Discount Cap”). For any period shorter than twelve (12) months, the upper limit of the Discount Cap shall be prorated based on the actual duration. Consumption exceeding the Discount Cap is charged at Party B’s then-published standard rates. Party A commits to a monthly minimum consumption. In any month where actual consumption falls below the monthly minimum, that month receives no discount and all consumption is charged at standard rates.

Discount Reconciliation and Claw-Back

Party B shall reconcile consumption and discount eligibility on a calendar quarterly basis (January–March, April–June, July–September, October–December). Discounts for qualifying months shall be reflected in the invoice following quarter-end and applied as a direct deduction from the invoice issued in the first month of the following quarter.

Post-Payment Discount Arrangement

This Agreement uses monthly post-payment. Discount and credit terms are as follows:

Party A and Party B agree that when the term of performance expires and no renewal is made, the Parties shall conduct account settlement in the following month, with any overpayment refunded and any underpayment made up.

Price Adjustment

If any cloud supplier or model provider adjusts pricing, discount policies, service terms or technical architecture (including canceling or adjusting MAP credits, or modifying billing), Party B may make corresponding adjustments to pricing and discounts under this Agreement upon thirty (30) days’ prior written notice identifying the change and effective date. Such adjustments shall not constitute a breach. If Party A does not accept the adjustment, Party A may terminate this Agreement by written notice prior to the effective date, handled per Article 5. The billing benchmark is the ***** published pricing (https: *****), which may change per ***** policy.

Wiring Instructions

All payments owed by Party A to Party B under this Agreement shall be made by corporate bank transfer to the following account. Party B may update these instructions only by written notice executed by an authorized officer of Party B and delivered to Party A in accordance with Article 11; Party A shall verbally verify any purported change in wiring instructions by calling a known Party B representative at a previously-established telephone number before remitting funds to any new account.

ANNEX 2 — INFORMATION SECURITY UNDERTAKING

This Information Security Undertaking sets out Party A’s information security responsibilities in connection with the cloud computing and AI model API services (“Services”) provided by Party B. Party A’s use of the Services constitutes acceptance of all terms herein.

1. Legal and Regulatory Compliance

Party A shall, at its sole cost and expense, comply with all data protection, privacy and cybersecurity laws of the United States applicable to its collection, use, storage, transmission and disclosure of data through the Services (collectively, “U.S. Privacy Laws”), including, without limitation: (a) Nevada Revised Statutes Chapter 603A governing the security and privacy of personal information, including NRS 603A.210 (security measures), NRS 603A.215 (encryption of personal information), and NRS 603A.220 (data breach notification); (b) Nevada’s online privacy law (NRS 603A.300 through 603A.360, as amended by Nevada Senate Bill 220), including the requirement to honor verified requests from Nevada consumers to opt-out of the sale of covered information; (c) to the extent Party A collects, processes or offers goods or services to California residents, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and its implementing regulations (collectively, the “CCPA/CPRA”), and the California Civil Code provisions governing information security and data breach notification, including Sections 1798.81.5, 1798.29 and 1798.82; (d) the Federal Trade Commission Act, Section 5 (prohibiting unfair or deceptive practices, including with respect to privacy and data security); (e) the Children’s Online Privacy Protection Act (COPPA); (f) the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act (SCA); (g) the Computer Fraud and Abuse Act (CFAA); (h) to the extent applicable to Party A or its data, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Fair Credit Reporting Act (FCRA); (i) the Federal Information Security Modernization Act (FISMA) and the Cybersecurity Information Sharing Act of 2015 (CISA) to the extent applicable; and (j) any other U.S. federal, state or local data protection, privacy or cybersecurity laws, regulations or binding industry standards applicable to Party A or its use of the Services. For the avoidance of doubt, compliance with non-U.S. data protection regimes (such as the EU GDPR, UK GDPR or the PRC Personal Information Protection Law) shall be Party A’s sole responsibility to the extent Party A voluntarily elects to make the Services available to individuals or data subjects outside the United States.

2. Prohibited Activities

Party A shall not use the Services for any activity prohibited by U.S. law or public policy, including but not limited to: (a) publishing or disseminating content that violates applicable U.S. laws; (b) processing information involving classified or controlled U.S. government information, national security information or intelligence without proper authorization; (c) obscene content, content constituting child sexual abuse material, or other content unlawful under U.S. federal or state law; (d) content that unlawfully endangers public safety or incites violence; (e) content infringing the lawful rights of others (including intellectual property, privacy, publicity or civil rights protected under U.S. law); (f) content directed at children that violates COPPA or other U.S. laws protecting minors; or (g) network attacks, unauthorized access, data theft, malicious scraping, or other activities that violate the CFAA, ECPA, the SCA, or comparable U.S. law.

3. Data Compliance and Content Responsibility

Party A is solely responsible, as the “operator” or “data collector” under Nevada law (NRS Chapter 603A) and as a “business” within the meaning of the CCPA/CPRA (where applicable), and under other applicable U.S. Privacy Laws, for all data and content transmitted, processed and stored through the API Services, including content submitted by Party A’s end users. Party A shall: (a) provide all privacy notices and disclosures and obtain all authorizations, consents and opt-ins or opt-outs required by U.S. Privacy Laws (including, where applicable, a conspicuous online privacy notice complying with NRS 603A.340 and the “Do Not Sell or Share My Personal Information” and “Limit the Use of My Sensitive Personal Information” mechanisms required by the CCPA/CPRA); (b) honor verified consumer requests from Nevada residents to opt-out of the sale of covered information under NRS 603A.345, and verifiable consumer requests from California residents to know, delete, correct, opt-out of sale or sharing, and limit the use of sensitive personal information, as required under the CCPA/CPRA; (c) not use or disclose personal information for any purpose inconsistent with the notice given to the individual or otherwise prohibited by U.S. Privacy Laws; and (d) fully indemnify Party B and any third party for losses arising from Party A’s data or content violating U.S. Privacy Laws. To the extent Party B processes personal information on Party A’s behalf in connection with the Services, the Parties shall in good faith negotiate and execute a written service-provider / processor addendum meeting the requirements of applicable U.S. Privacy Laws (including, where applicable, Cal. Civ. Code Section 1798.140(ag) and Section 1798.100(d) of the CCPA/CPRA).

4. Security Measures

Party A shall implement and maintain reasonable and appropriate administrative, technical and physical safeguards consistent with the requirements of NRS 603A.210 and NRS 603A.215, California Civil Code Section 1798.81.5 (where applicable), and the FTC Act — including access controls, encryption of personal information in transit and at rest where required, multi-factor authentication for administrative access, logging and monitoring, and a documented written information security program — to safeguard API keys, account credentials, access privileges and any personal information processed through the Services. Party A shall notify Party B in writing without undue delay and in no event later than twenty-four (24) hours after discovery of any actual or reasonably suspected security incident, unauthorized access, or “breach of the security of the system data” (as defined in NRS 603A.020 and, where applicable, California Civil Code Sections 1798.29 and 1798.82 or other applicable U.S. Privacy Laws). Party A shall (i) cooperate with Party B’s investigation and remediation; (ii) bear sole responsibility for any notification to affected individuals, regulators (including the Nevada Attorney General under NRS 603A.220 and, where applicable, the California Attorney General) and other third parties required under U.S. Privacy Laws; and (iii) bear all associated costs, except to the extent the incident is caused by Party B’s gross negligence or willful misconduct.

5. Supplementary Provisions

Matters not addressed in this Undertaking shall be governed by applicable laws and the main body of this Agreement. This Undertaking has the same legal effect as the main body of this Agreement.

Party A (XMax AI Inc.):