The provider of the internet services and other products supplied or provided available at https://heaan.io (the "Website" and together with the internet services and other products, the "Service" or “CODE.HEAAN”) is Cryptolab Inc., duly existing under the laws of the Republic of Korea having its registered office at Complex 27, Gwanak-ro 1, Gwanak-gu, Seoul, Korea ("Cryptolab" or "we/our").

This general CODE.HEAAN Terms of Service (“Terms or Service” or “Agreement”) define the scope of the BETA version of the Service and the relationship between Cryptolab which provides the Service, and our registered customers in form of individuals and businesses (each a "Customer" or "you/your").

By using our Service, you are deemed to have been notified of this Agreement, and by signing up as a Customer, you are deemed to agree to be bound by this Agreement.

This Agreement, together with the Software License Agreement for CODE.HEAAN (Beta Version) and any documents referred therein, constitute the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior or contemporaneous communications and proposals, whether oral or written.

A. Creating an Account and Conclusion of the Agreement

You acknowledge that you have read, understand and offer to conclude this Agreement when you use the Service, provide your information managed in accordance with our privacy policy required for creating an account, and declare your intention to create, and create an account for the Service. By creating an account or signing into the Service, you submit an offer to conclude the contract about the usage of the Service and agree to the Agreement and the privacy policy of Cryptolab which are valid at the time of registration.

Notwithstanding anything in the contrary in this Agreement, upon your offer to enter into this Agreement, we may, at our discretion, decide to accept or reject such offer. Unless an explicit declaration of the acceptance is given, our acceptance can be deemed given when Cryptolab grants the Service offered under this Agreement.

By the time of sign-up, you must be at least 19 years old and fully contractually capable. In case of doubt, Cryptolab is entitled to ask the individual Customer to submit a documentary evidence of age or contractual capability.

After successful registration, the Customer shall be able to log in for using our Service. A login is only possible via the access data assigned to the Customer by Cryptolab (user name and password).

B. Support and Consulting

Cryptolab does not offer any integration, support and consulting services as part of the Service. Cryptolab may, in its sole discretion, offer support via email or in-Service communications available at the Website. Customer’s rights in case of defects of the Service remain unaffected.

C. Licenses

Customer agrees to abide by the terms of the Software License Agreement for CODE.HEAAN (Beta Version) separately entered into with Cryptolab.

Customer is aware that the Service contains open source components and such components are governed by the respective open source licenses.

• NVIDIA Software License Agreement and CUDA Supplement to Software License Agreement https://developer.download.nvidia.com/compute/cuda/redist/libcurand/LICENSE.txt
• Blake3 Apache License Version 2.0 https://github.com/BLAKE3-team/BLAKE3/blob/master/LICENSE_A2
• Hexl Apache License Version 2.0 https://github.com/intel/hexl/blob/development/LICENSE
• magic_enum MIT License https://github.com/Neargye/magic_enum/blob/master/LICENSE
• Coder GNU AFFERO GENERAL PUBLIC LICENSE Version 3 https://github.com/coder/coder/blob/main/LICENSE

D. Availability; Limitations of the Service

Our Services are generally available on the Website. Exceptions may include: Back-up processes, system maintenance, system or database repair work. We try to keep these disruptions on a low level. Customers’ rights in case of defects remain unaffected.

Customer should note that the Beta version of the Service is provided only as a demo and for testing purposes. Accordingly, certain features in the Service may be limited, and the Service may be terminated after a period of time, in which case Customer will be notified through his/her registered e-mail account. Any data or information may be permanently deleted after termination of the Service. Customer agrees to take all responsibilities for managing his/her data, including appropriate backups.

E. Liability

Cryptolab will compensate for the following damages, as required by and in accordance with applicable laws:

1. damages caused deliberately or due to gross negligence by Cryptolab;
2. damages arising out of death, injury to body or health; or
3. damages due to a neglect of duty by Cryptolab concerning essential contractual rights and obligations, which are necessary for a proper execution of the contract, and which may hinder the fulfillment of any material contractual obligations.

The Customer agrees that, in the event Cryptolab is found liable for damage, Crybtolab shall not be liable for special damages, indirect damages, consequential damages, punitive damages or any other similar damages, and the Customer shall not pursue any such damages from Cryptolab.

Any exemption from liability and limitations of liability of Cryptolab shall equally apply to the agents, legal representatives and assistants of Cryptolab.

Cryptolab’s liability arising in relation to this Agreement shall be limited to the limitations set forth in this Agreement and to the extent permitted by applicable laws. In particular, Cryptolab shall not be liable for the inability to perform its obligations relating to the Service to the extent such inability is caused by circumstances beyond its reasonable control.

The Service may be connected to third party services, including cloud services (“Third Party Service”). Cryptolab makes no warranties or representations, express or implied, about information provided by, security of, and/or functionality of Third Party Services. You acknowledge sole responsibility for and assume all risk arising from your use of any Third Party Services. Furthermore, you acknowledge that there may be restrictions in using the Service when you engage in acts that violate Third Party Services’ use policies, to the extent that your violations may impact Cryptolab’s provision of the Service. To the full extent permitted by applicable laws, Cryptolab will not be responsible or liable, directly or indirectly, for any damages or losses caused or allegedly caused by or in connection with your use of or reliance on any Third Party Services.

F. Customer's General Obligations

For the BETA version of the Service, you must use the Service for non-commercial use only. You agree that any violation of this obligation may result in a termination of the Service and you may be liable for any damages incurred by Cryptolab as a result.

1. True Data and Fair use: You must fill in all required fields in the sign-up sheet truthfully and completely. You must not engage in any act that seeks to defraud us or any other person or entity, including, but not limited to, providing any false, inaccurate, or misleading information in order to unlawfully obtain the property of another. You must respect and abide these Terms of Service, especially the obligations for Fair and Acceptable Use set forth in Section G. You are responsible for the content you create, post, upload or otherwise store, make available, or communicate in use of the Service.
2. Password and Security: You shall choose a safe password (we recommend at least 12 signs, including both uppercase and lowercase letter, numeral and special character) for your account and change such password on a regular basis. You shall only pass such password information to authorized persons.
3. Defects and Bug reporting: You agree to support Cryptolab in removing possible software defects by means such as bugs reporting or providing any information that can help us finding source of errors, if you have any available.

G. Fair and Acceptable Use; Indemnification

Your use of the Service must comply with general fair practices and you may not allow any other person through your CODE.HEAAN account to:

1. breach any applicable laws in any jurisdiction;
2. engage in activity that infringes on or violates any copyright, trademark, service mark, patent, right of publicity, right of privacy, or other proprietary or intellectual property rights under the applicable laws;
3. post, host, upload, communicate or transmit content that is unlawful, sexually obscene, discriminatory, abusive, libelous, defamatory, fraudulent, harassing, threatening or infringes proprietary rights of any third party or us;
4. distribute any malware or other deceitful or destructive content, including, but not limited to viruses, worms, Trojan horses, exploits, or corrupted files, distribution of unsolicited mass communications, advertising or solicitation;
5. conduct illegal activities or their promotion;
6. interfere or tamper with, violate, disable, impede or circumvent any part of the Service of Cryptolab and the equipment and services used by Cryptolab to provide them;
7. attack or break into computer systems;
8. abuse, scan other computer systems or networks, or place immoderate burden on any computing resources or systems;
9. conduct or participate in any manner in peer-to-peer file sharing activity;
10. engage in number crunching, data mining, cryptocurrency mining or similar schemes;
11. engage in reverse-engineering of any part of the Service, including but not limited to the HEAAN library provided by Cryptolab;
12. engage in any activities that could overload GPU execution;
13. engage in unauthorized resale or use of this service by third parties
14. make any use or failure thereof which could lead to, create, increase risk of, death, physical injury or health or environmental damage; or
15. any other activity which can reasonably be deemed an unfair use of the Service.

Cryptolab workspaces allow you to interact online with other people, computer networks and computer systems. You are solely responsible for this interaction and especially any problems, material or immaterial damage this interaction may cause. Third party claims addressed to us which result from your interactions online or violation of these Terms of Service shall be redirected to you and you shall hold us harmless and indemnify us for any damages, claims, liabilities and expenses, including attorneys’ fees that your interaction causes to others and us provided you are held responsible for such breach.

H. Customer Data and Privacy; Indemnification

Customer has the possibility within his/her account to upload content and code, including but not limited to programs and technical data ("Customer Data"), provided that Customer is prohibited from uploading any personal information, whether such personal information pertains to himself/herself or any other person.

Customer is solely responsible for this Customer Data and undertakes not to upload or otherwise use any prohibited content within his/her account profile in accordance with these Terms of Service. Insofar as the Customer uploads these Customer Data to Cryptolab and its Service, Customer grants Cryptolab all rights necessary for the execution of the contractual agreement with Cryptolab. This includes, in particular, the right to make the corresponding data accessible on the Website displaying them in the Customer’s account. Cryptolab hereby accepts this granting of rights.

In the event that Customer Data is removed from an account or that an account is/was deleted by the Customer or by us for whatever reason, Cryptolab’s rights to such Customer Data shall expire, except to the extent necessary to comply with legal retention periods and the Customer’s statutory rights for a backup of such Customer Data. Note that all Customer Data will be permanently deleted upon the expiration of the Beta version of the Service. The expiration of the Service will be notified to the registered email address one week in advance. Customer is solely responsible for taking the necessary steps to manage his/her Customer Data, including appropriate backups.

Customer is solely responsible for the Customer Data, especially infringement of any copyright or other forms of intellectual property, privacy and data protection requirements, and any other problems, material or immaterial damage these Customer Data may cause. Third party claims addressed to us which result due to these Customer Data and from violations of these Terms of Service shall be redirected to you and you shall hold us harmless and indemnify us for any damages, claims, liabilities and expenses, including attorneys’ fees that your interaction causes to others and us if you are held responsible for such breach.

All Customer’s personal information will be processed in accordance with our privacy policy. Please refer to the details outlined in the privacy policy.

A. Blocking Rights

In addition to our termination rights, we have the right to the following blocking measures:

1. In case a Customer is in breach of Section G. or there is a reasonable suspicion thereof, considering the reasonable interests of the Customer, we may temporarily suspend providing the entire or any part of the Service to the Customer, after providing prior notice; and/or
2. In case the Customer Data (i) violate applicable laws or result from illegal activities, each to the knowledge of Cryptolab, or (ii) harm or affect the provision of the Service, related services and networks, or the security and integrity of related networks, we may block from access and/or execution or delete software or other Customer Data, without prior notice.

We will promptly inform the Customer of such blocking measures set forth above.

B. Term and Termination

This Agreement is effective as of your creation of the Cryptolab account and remains effective until terminated.

You may apply for termination of this Agreement and deletion of your Cryptolab account at any time. In such a case, Cryptolab will process the termination in accordance with the applicable laws without delay.

This Agreement will automatically expire upon termination of the BETA version of the Service. Customer acknowledges that the BETA version of the Service may be terminated for reasons outside of Cryptolab’s control, including but not limited to any acts by, requests from, or reasons attributable to, Third Party Service providers in Section E (including those providing cloud services).

Upon termination of this Agreement, all data of Customers, including the Customer Data outlined in Section H., will be deleted and become irrecoverable unless Cryptolab is allowed to retain such data in accordance with applicable laws or our privacy policy.

The Customer’s obligations set forth in Section E. Liability, Section K. Confidentiality and Section N. Miscellaneous shall survive for two (2) years after the termination of this Agreement.

C. Confidentiality

Both Customer and Cryptolab agree not to, and shall ensure that their employees, agents and advisors do not, disclose to third parties, nor use for any purpose other than as contemplated in these Terms of Service and additional agreements, any confidential or proprietary information arising or disclosed pursuant to such agreements (including but not limited to the Terms of Service), the parties' trade secrets and information not generally known to the public such as business plans, strategies, practices, products, personnel and finances), except: (i) with the prior written permission of the disclosing party; (ii) where the information is already known to, or obtained by independent means, or independently developed without reference to the other party’s confidential information, by the recipient; (iii) such information is already in the public domain through no fault of the recipient; (iv) if the recipient receives such information from a third person without any legal obligations preventing such use or disclosure; or (v) if either party discloses such information to an affiliate of either party. This Section K. shall survive the termination of this Agreement for two (2) years after such termination. Notwithstanding the foregoing, a recipient may disclose confidential information of the other party if required to do so by law, court order or request by any government or regulatory authority. In any of those events, the recipient will promptly inform the other party of such requirement or request for disclosure prior to disclosing the confidential information subject to such requirement or request.

D. Terms of Service Changes

We may change these Terms of Service and related documents such as agreements or policies at any time at our sole discretion. We will notify you of the reasons for such changes and the effective date in advance. If the changes may be disadvantageous to you or if there are material changes in these Terms of Service, we will provide you with an individual notice at least thirty (30) days before such changes become effective.

You will be deemed to have provided consent to, and will be bound by, the changed Terms of Service if you do not express your intention to refuse the changes by the effective date of such change. If you do not consent to the changed Terms of Service, we may not be able to provide the Services subject to the changed Terms to you, and either you or we may terminate this Agreement.

E. Governing Law and Dispute Resolution

This Agreement is governed by the laws of the Republic of Korea.

In the event of any dispute arising out of or in connection with this Agreement between the Customer and Cryptolab, the parties shall first attempt to resolve it through mutual agreement.

If the Customer and Cryptolab fail to reach an agreement, the dispute may be submitted to the Korean Commercial Arbitration Board for resolution by mediation in accordance with its mediation rules in force at the time of submission of the request for mediation.

If neither the Customer nor Cryptolab applies for mediation or such mediation fails to result in a settlement of the dispute within six (6) months of the commencement of such dispute, such dispute arising out of or in connection with this Agreement shall be resolved by a court of competent jurisdiction in accordance with applicable laws and regulations. However, the parties may agree to a different competent court.

F. Miscellaneous

You are not allowed to assign, transfer or delegate these Terms of Service to any person or entity at any time given, except for certain rights as explicitly set forth in these Terms of Service.

These Terms of Service and the documents referred hereto jointly constitute the whole agreement between the Cryptolab and Customer and precede any other agreement, arrangement, proposal or communication. Cryptolab does not waive any rights under this Agreement by not exercising or delaying to exercise these rights.

In case individual provisions in these terms and conditions including this provision are or become invalid, or in case of gaps arising in these terms and conditions, the validity of all other provisions will not be deemed affected thereby. Instead of the ineffective provision or for replenishment of gaps, an adequate provision will apply.

To safeguard the privacy and rights of data subjects, Cryptolab Inc. (“the Company”) responsibly processes and securely manages personal information in accordance with the Personal Information Protection Act (“PIPA”) and applicable laws and regulations. In line with Article 30 of the PIPA, we have established and disclosed this privacy policy to inform data subjects about our procedures and standards for processing and protecting personal information, as well as to ensure the efficient handling of related complaints.

1. Purpose, Scope, and Duration of Personal Information Collection and Use

The Company will collect and use personal information only to the minimum extent necessary to provide services, in compliance with the PIPA. The Company processes the following personal information with the consent of the data subject in accordance with Articles 15(1)(1) of the PIPA.

2. Procedure and Method of Destruction of Personal Information

The Company will promptly destroy personal information when it is no longer necessary due to the expiration of the retention period or the achievement of the processing purpose.

When destroying personal information, the Company will take commercially reasonable and technically possible measures to make the personal information irrecoverable or irreproducible as follows:

• Electronic files which contain personal information will permanently be deleted using a technical method which makes the files irrecoverable; and
• Any other records, print-outs, documents or any other recording media will be shredded or incinerated.

If continued retention of personal information is required under other laws and regulations, despite the expiration of the retention period or the completion of the processing purpose, such information will be moved to a separate database or retained in a different location.

3. Criteria for Determining Additional Use and Provision

In accordance with Article 15(3) or Article 17(4) of the PIPA, the Company may use or provide personal information without the data subject’s consent by taking into account the factors outlined in Article 14-2 of the Enforcement Decree of the PIPA.

To proceed with the additional use and provision of personal information without consent, the Company has evaluated the following considerations:

• Criteria for determining whether it is relevant to the original purpose of collection
• Criteria for determining whether additional use or provision of personal information is foreseeable by data subjects, based on the circumstances under which the information was collected or the practices in which it is processed
• Criteria for determining whether the interests of data subjects are unfairly infringed
• Criteria for determining whether necessary safety measures, such as pseudonymization or encryption, have been implemented

4. Matters to Ensure Personal Information Security

To ensure the safety of personal information, the Company implements the following measures:

• Managerial Measures: Implementing an internal management plan, operating a dedicated organization, and providing regular training for employees.
• Technical Measures: Managing access rights to the personal information processing system, installing access control systems, encrypting personal information, and maintaining up-to-date security programs.
• Physical Measures: Controlling access to the IT room, data storage room, and other sensitive areas.

5. Rights and Responsibilities of Data Subjects and Their Legal Representatives, and How to Exercise Them

At any time, the data subject may exercise their right to request that the Company access, correct, delete, suspend the processing of, or withdraw personal information, or to refuse or seek an explanation for an automated decision (“Exercise of Right”). The Company is committed to taking immediate measures in response.

However, the data subject’s rights to request access to and suspend the processing of their personal information may be restricted by Articles 35(4) and 37(2) of the PIPA. Furthermore, the Company cannot delete personal information if other laws and regulations require its collection.

According to Article 41(1) of the Enforcement Decree of the PIPA, you may exercise your rights with the Company in writing, via email, facsimile, etc. You may also exercise your rights through a representative or an authorized agent. In such cases, a power of attorney must be submitted in the form specified in Annex No. 11 of the Notification on How to Process Personal Information, and the Company will verify the identity of the person exercising the rights as either the data subject or their authorized representative.

6. Remedies for Infringement of Rights and Interests

To address any personal information infringement, individuals may apply for dispute resolution or seek consultation through the Personal Information Dispute Mediation Committee or the Korea Internet & Security Agency’s Personal Information Infringement Reporting Center, among others. Additionally, the following institutions can be contacted for further reports and consultations regarding personal information infringement.

• Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
• Personal Information Infringement Reporting Center: 118 (privacy.kisa.or.kr)
• Supreme Prosecutors' Office: 1301 (www.spo.go.kr)
• National Police Agency: 182 (ecrm.cyber.go.kr)

7. Amendments to this Privacy Policy

This Privacy Policy is effective from May 2nd, 2025.

• [May 2nd, 2025 - TBD] https://heaan.io/privacy-policy

IMPORTANT - READ CAREFULLY: This Software License Agreement ("Agreement") is a legal agreement between you (the "Licensee") and CryptoLab ("Licensor") for the use of CODE.HEAAN (the "Service"), including the HEaaN library (the "Library") or SDK (the “Software”) pre-installed within the instance allocated to the Licensee's workspace container.

BY ACCESSING OR USING THE SERVICE, THE LICENSEE AGREES TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF THE LICENSEE DOES NOT AGREE TO ALL OF THE TERMS AND CONDITIONS OF THIS AGREEMENT, THE LICENSEE MUST NOT ACCESS OR USE THE SERVICE.

1. License Grant (Beta Version)

Subject to the terms and conditions of this Agreement, the Licensor grants the Licensee a limited, non-exclusive, non-transferable, and revocable license to access and use the Service, including the pre-installed Library, solely for the purpose of developing non-commercial Fully Homomorphic Encryption (FHE) applications during the beta testing phase of the Service.

2. Restrictions

The Licensee agrees not to:

• Reverse Engineer: Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Library, in whole or in part, except to the extent expressly permitted by applicable law notwithstanding this limitation.
• Commercial Use (Beta Version): Develop, use, or distribute any FHE applications developed using the Service or the Library for commercial purposes during the beta testing phase. This license is strictly limited to non-commercial research, evaluation, and testing purposes.
• Sublicense, rent, lease, lend, sell, transfer, assign, or otherwise distribute the Service or the Library, or any portion thereof.
• Modify, adapt, or create derivative works based upon the Service or the Library, except to the extent necessary for the development of non-commercial FHE applications within the Service's intended functionality.
• Remove, alter, or obscure any proprietary notices (including copyright and trademark notices) displayed within the Service or the Library.
• Disclose, distribute, copy, display, or otherwise make any confidential information available to any third party without prior written consent from CryptoLab. All materials, software, documentation, communications, and feedback related to the Service are proprietary and confidential. These confidentiality obligations will remain in force for two (2) years after completion of the beta testing phase of the Service or public release of the Service, whichever comes first.

3. Ownership

The Service, the Library, and all intellectual property rights therein are and shall remain the sole and exclusive property of the Licensor and its licensors. This Agreement does not grant the Licensee any title or ownership rights in or to the Service or the Library.

4. Disclaimer of Warranty

THE SERVICE AND THE LIBRARY ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. THE LICENSOR DOES NOT WARRANT THAT THE SERVICE OR THE LIBRARY WILL BE UNINTERRUPTED OR ERROR-FREE. THE LICENSEE ACKNOWLEDGES THAT THE SERVICE IS A BETA VERSION AND MAY CONTAIN DEFECTS.

5. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE LICENSOR BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES) ARISING OUT OF OR RELATING TO THE LICENSEE'S ACCESS TO OR USE OF (OR INABILITY TO ACCESS OR USE) THE SERVICE OR THE LIBRARY, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, EVEN IF THE LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE LICENSOR'S TOTAL CUMULATIVE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED ONE U.S. DOLLAR ($1.00) OR, IF GREATER THAN THE FOREGOING AMOUNT, THE MINIMUM AMOUNT PERMITTED UNDER APPLICABLE LAWS.

6. Term and Termination

This Agreement is effective upon the Licensee's initial access to or use of the Service and shall continue until terminated. The Licensor may terminate this Agreement at any time, with or without cause, upon notice to the Licensee. Upon termination, the Licensee shall cease all use of the Service and the Library

7. Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the Republic of Korea, without regard to its conflict of laws principles.

8. Entire Agreement

This Agreement, together with the CODE.HEAAN Terms of Service (BETA Version) and any documents referred therein, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior or contemporaneous communications and proposals, whether oral or written.

BY ACCESSING OR USING THE SERVICE, THE LICENSEE ACKNOWLEDGES THAT THEY HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS SOFTWARE LICENSE AGREEMENT.