DriveBoss Mutual Non-Disclosure and Confidentiality Agreement

DriveBoss LLC · Effective Date: April 21, 2026 · Last Updated: April 21, 2026

This Mutual Non-Disclosure and Confidentiality Agreement ("NDA") is entered into by and between DriveBoss LLC, a Delaware limited liability company with its registered corporate address at 254 Chapman Road, Suite 208 #703, Newark, Delaware 19702, United States ("DriveBoss"), and the customer, prospect, vendor, integration partner, or other counterparty accepting this NDA electronically, signing an order form or other agreement that references this NDA, or exchanging Confidential Information with DriveBoss ("Customer"). DriveBoss and Customer may be referred to individually as a "Party" and collectively as the "Parties."

1. Purpose

The Parties may exchange Confidential Information in connection with evaluation, onboarding, use, support, operation, purchase, integration, or provision of the DriveBoss services and related business discussions. This NDA governs the protection of that Confidential Information.

This NDA does not create a non-compete restriction. Customer remains free to operate its transportation, healthcare, logistics, or related business, and DriveBoss remains free to operate and improve its software and services, subject to each Party's confidentiality obligations.

2. Confidential Information

"Confidential Information" means nonpublic information disclosed by one Party ("Disclosing Party") to the other Party ("Receiving Party") that is marked confidential, identified as confidential at the time of disclosure, or should reasonably be understood to be confidential based on the nature of the information or the circumstances of disclosure.

Confidential Information includes:

• software, source code, object code, APIs, workflows, algorithms, product plans, roadmaps, designs, documentation, and technical materials;
• pricing, order forms, business plans, customer lists, financial information, vendor information, and commercial terms;
• security information, credentials, access tokens, system architecture, vulnerability information, and audit information;
• broker, payer, facility, transportation-provider, and integration information;
• trip workflows, billing workflows, dispatch operations, and operational know-how;
• support communications and implementation information;
• information a Party is required to keep confidential for a third party.

Confidential Information does not include Protected Health Information ("PHI") to the extent PHI is governed by the Parties' Business Associate Agreement. If this NDA conflicts with the BAA, the BAA controls for PHI.

3. Exclusions

Confidential Information does not include information the Receiving Party can demonstrate:

• was lawfully known to the Receiving Party without confidentiality restriction before receipt from the Disclosing Party;
• becomes publicly available without breach of this NDA by the Receiving Party;
• is lawfully received from a third party without confidentiality restriction and without known breach of duty;
• is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information; or
• is approved for release in writing by the Disclosing Party.

4. Use and Disclosure Restrictions

The Receiving Party may Use Confidential Information only for the purpose described in this NDA and for performance under the Master Services Agreement, order forms, BAA, and related agreements between the Parties.

The Receiving Party may Disclose Confidential Information only to its employees, contractors, affiliates, professional advisors, auditors, insurers, and service providers who need to know the information for the permitted purpose and are bound by confidentiality obligations at least as protective as this NDA.

The Receiving Party is responsible for any unauthorized Use or Disclosure of Confidential Information by persons or entities to whom it Discloses Confidential Information.

5. Standard of Care

The Receiving Party will protect Confidential Information using at least the same degree of care it uses to protect its own similar confidential information, but in no event less than reasonable care.

The Receiving Party will promptly notify the Disclosing Party if it becomes aware of unauthorized Use or Disclosure of Confidential Information and will reasonably cooperate to mitigate harm.

6. Compelled Disclosure

If the Receiving Party is required by law, subpoena, court order, governmental request, or similar legal process to Disclose Confidential Information, the Receiving Party will, to the extent legally permitted, promptly notify the Disclosing Party and reasonably cooperate with the Disclosing Party's efforts to seek protective treatment. The Receiving Party may Disclose only the portion of Confidential Information legally required to be Disclosed.

7. Return or Destruction

Upon written request by the Disclosing Party, the Receiving Party will return or destroy the Disclosing Party's Confidential Information in its possession or control.

The Receiving Party may retain copies as required by law, professional obligations, ordinary-course backups, disaster recovery systems, security logs, audit records, document-retention policies, or legal holds, provided retained copies remain protected under this NDA and are not used for any other purpose.

8. Ownership and No License

Confidential Information remains the property of the Disclosing Party. No license, assignment, or other right is granted except the limited right to Use Confidential Information for the permitted purpose.

Feedback, suggestions, ideas, or recommendations about DriveBoss services may be used by DriveBoss without restriction or compensation, provided DriveBoss does not disclose Customer's Confidential Information in doing so.

9. No Obligation to Proceed

This NDA does not require either Party to enter into any transaction, purchase services, provide services, or continue discussions. Any service relationship is governed by the Master Services Agreement, order forms, BAA, and other applicable written agreements.

10. Duration

This NDA begins when Customer accepts this NDA electronically, signs an order form or other agreement that references this NDA, exchanges Confidential Information after this NDA is presented or made available, or otherwise electronically accepts it. For Confidential Information that is not a trade secret, confidentiality obligations continue for five years after disclosure. For trade secrets, confidentiality obligations continue for as long as the information remains a trade secret under applicable law.

11. Remedies

Unauthorized Use or Disclosure of Confidential Information may cause irreparable harm for which monetary damages may be inadequate. The Disclosing Party may seek injunctive or equitable relief without posting bond, in addition to any other remedies available under applicable law.

12. Order of Precedence

If this NDA conflicts with the BAA, the BAA controls for PHI. If this NDA conflicts with the Master Services Agreement, the more specific confidentiality provision controls. Nothing in this NDA limits either Party's obligations under the BAA, applicable privacy laws, broker requirements, or security obligations.

13. Governing Law and Venue

This NDA is governed by the laws of the State of Delaware, without regard to conflict-of-laws rules. Exclusive venue for disputes arising out of or relating to this NDA is the state and federal courts located in New Castle County, Delaware, except that either Party may seek emergency injunctive relief in any court of competent jurisdiction.

14. Electronic Acceptance

Customer accepts this NDA by clicking or checking an acceptance box, signing an order form or other agreement that references this NDA, exchanging Confidential Information after this NDA is presented or made available, or otherwise electronically accepting it. Electronic acceptance and electronic signatures are intended to be binding to the maximum extent permitted by law.