Terms of Service

1. Definitions

For the purposes of these Terms of Service ("Terms," "Agreement," or "ToS"), the following definitions shall apply:

• "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.
• "Authorized User" means any individual who is authorized by an Organization Administrator to access and use the Platform on behalf of the Customer.
• "Blockchain" means the distributed ledger technology networks integrated with the Platform, currently Base Mainnet (Chain ID: 8453), used by Cathedral solely to anchor a public audit log of governance events.
• "Cathedral," "we," "us," or "our" means Cathedral s.r.l.s, a simplified limited liability company organized under the laws of the Italian Republic.
• "Confidential Information" means any information disclosed by one party to the other that is marked as confidential or that reasonably should be understood to be confidential.
• "Customer," "you," or "your" means the legal entity or individual entering into this Agreement with Cathedral for the use of the Platform and Services.
• "Customer Content" means all data, information, text, graphics, images, documents, proposals, votes, configurations, notification messages (including post-close email content authored by the Customer), and other materials that the Customer or its Authorized Users upload, submit, store, transmit, or otherwise make available through the Platform.
• "Customer Notification Content" means any email subject lines, email body text, or other notification content authored, composed, or provided by the Customer or its Authorized Users for delivery to Members via the Platform's notification services, including but not limited to post-proposal-close voter notifications.
• "Customer Data" means all electronic data and information submitted by or on behalf of Customer or its Authorized Users to the Platform, including Personal Data.
• "Data Processing Agreement" or "DPA" means the data processing agreement between Cathedral and Customer governing the processing of Personal Data.
• "Documentation" means the technical documentation, user guides, API documentation, and other materials made available by Cathedral.
• "Governance Activity" means any proposal creation, voting, delegation, group management, weighting configuration, or other governance-related action performed through the Platform.
• "Member" means an individual who participates in Governance Activities within an Organization.
• "Organization" means a legal entity, association, cooperative, foundation, club, or other collective body that utilizes the Platform to conduct Governance Activities.
• "Personal Data" has the meaning ascribed to it in the General Data Protection Regulation (EU) 2016/679 ("GDPR").
• "Platform" means the Vora governance platform, including all software, applications, interfaces, APIs, features, and functionality made available by Cathedral.
• "Reward" means an incentive (discount code, event access, digital download, physical prize, or custom benefit) attached by a Customer to a Proposal, distributed to eligible voters when the Proposal closes.
• "Services" means the Platform, Documentation, support services, professional services, and any other services provided by Cathedral to Customer.
• "Third-Party Services" means any products, services, applications, integrations, or platforms not provided by Cathedral that interoperate with or are accessed through the Platform.
• "Webhook" means an HTTP callback mechanism that sends automated notifications to Customer-specified endpoints when certain events occur on the Platform.

2. Acceptance of Terms

2.1 Agreement to Terms

By accessing, browsing, or using the Platform in any manner, or by clicking a button or checking a box marked "I Accept," "I Agree," or similar language, or by executing an Order Form that references these Terms, you signify that you have read, understood, and agree to be bound by these Terms.

2.2 Capacity to Contract

You represent and warrant that:

• You are at least eighteen (18) years of age
• You have the legal capacity to enter into binding contracts
• You are not prohibited from using the Platform under any applicable law
• Your use of the Platform will not violate any applicable law or regulation

2.3 Authority to Bind Organization

If you are entering into this Agreement on behalf of an Organization or other legal entity, you represent and warrant that you have full legal authority to bind such entity to these Terms.

2.4 Additional Agreements

Your use of the Platform may also be governed by additional terms and conditions, including: the Privacy Policy, the Data Processing Agreement, any Order Form executed between the parties, the Acceptable Use Policy, and any service-specific terms.

2.5 Modifications to Agreement

Cathedral reserves the right to modify these Terms at any time. Material changes will be communicated with at least thirty (30) days' prior notice. Your continued use of the Platform following such notice constitutes acceptance of the modified Terms.

3. Eligibility and Account Registration

3.1 Eligibility Requirements

• Business Entities: The Platform is designed for use by businesses, Organizations, and other legal entities.
• Age Requirements for Administrators: Organization Administrators must be at least eighteen (18) years of age.
• Age Requirements for Members: Members participating in Governance Activities must be at least sixteen (16) years of age. Members between 16-18 require parental consent.
• Geographic Restrictions: The Platform is not available to individuals or entities in sanctioned territories.

3.2 Account Registration

To access the Platform, you must complete the registration process by providing accurate, current, and complete information. You agree to maintain and promptly update your registration information.

3.3 Account Security

You are responsible for maintaining the confidentiality of your account credentials. You agree to implement reasonable security measures, including using strong passwords and enabling multi-factor authentication. You are solely responsible for all activity that occurs under your account.

3.4 Organization Administrator Responsibilities

Organization Administrators are responsible for: managing Authorized User access, ensuring compliance with these Terms, configuring Organization settings, and serving as the primary contact for Cathedral communications.

4. Description of Services

4.1 Platform Overview

The Vora Platform is a comprehensive B2B SaaS governance solution that enables Organizations to conduct transparent, secure, and auditable decision-making processes:

• Proposal Management - Create, configure, and manage proposals for organizational decision-making
• Voting and Polling - Conduct secure voting authenticated via Vora account credentials
• Member Management - Organize Members into groups, assign Voting Weights, manage contact information
• Blockchain Integration - Record voting results on the Blockchain for immutable record-keeping
• Notification Services - Send automated email notifications
• Webhook Integrations - Configure Webhooks for real-time notifications to external systems
• API Access - Programmatic access through documented REST APIs

4.2 Voter Authentication

The Platform authenticates Members exclusively through their Vora account credentials (email and password, optionally protected by two-factor authentication). SMS One-Time Password verification has been discontinued; no phone number is collected, transmitted, or verified during the voting flow.

4.3 Post-Proposal-Close Email Notifications

For Members (voters): By accepting these Terms and casting a vote on a proposal, you consent to receive email notifications from Vora related to proposals you have voted on, including voting results and outcome summaries. These notifications are delivered by Cathedral s.r.l.s through the Vora platform on behalf of the Organization hosting the proposal. The content of these messages is authored entirely by the Organization — not by Cathedral. At the moment of casting your vote, you may also be offered a separate, optional checkbox (default OFF) to share your email address with the Organization that owns the proposal, so the Organization can follow up with you about that specific proposal. This sharing is a distinct legal basis under Art. 6(1)(a) GDPR (explicit consent) and is recorded by Cathedral together with proof of consent under Art. 7 GDPR. You may withdraw this consent — or request removal of your notification email — at any time, with immediate effect, through your account profile (Privacy tab) or by writing to privacy@cathedral.technology.

For Customers (organizations): The Platform enables you to compose custom email messages that will be delivered to voters when a proposal closes. You acknowledge and agree that:

• You are the sole author and originator of all Customer Notification Content
• Cathedral transmits your messages as a technical intermediary only and does not review, endorse, or approve the content (notwithstanding any automated content moderation filters)
• You are solely responsible for ensuring that your notification content complies with all applicable laws, including anti-spam legislation (e.g. EU ePrivacy Directive, Italian Legislative Decree 196/2003 as amended), consumer protection laws, advertising standards, and data protection regulations
• You shall not use the notification feature to send unsolicited commercial communications, deceptive or misleading content, content that infringes third-party rights, or content that is unlawful, harmful, threatening, abusive, defamatory, or obscene
• Cathedral reserves the right to disable or restrict your access to the notification feature at any time if it reasonably believes your content violates these Terms or applicable law

4.4 Customer Notification Content — Disclaimer of Liability

4.5 Voter Rewards

Customers (Organizations) may attach Rewards to Proposals to incentivize voter participation. By voting on a Proposal that has one or more Rewards attached, the Member consents to receiving a service notification email containing the Reward details. Specifically:

• Reward attachment: Customers may attach Rewards (discount codes, event access, digital downloads, physical prizes, or custom benefits) to any Proposal before or during the voting period.
• Notification upon close: When a rewarded Proposal closes, eligible voters receive an email containing only: the Reward title, redemption instructions, claim code (if applicable), and a verification link.
• Service fulfillment, not marketing: Reward notification emails are transactional service notifications tied to the Member's voting action. They are delivered under GDPR Article 6(1)(b) (contract performance) as part of the voting service, and are not subject to the marketing email opt-out.
• Right to object: Members may exercise their right to object under GDPR Article 21 by contacting privacy@cathedral.technology. Note that objection to reward delivery may result in the Member forfeiting unclaimed Rewards.

4.6 Blockchain Integration

4.7 Webhook Integrations

You are solely responsible for the security and availability of your Webhook endpoints. Cathedral is not responsible for failed deliveries due to endpoint unavailability or misconfiguration.

4.8 Third-Party Services

The Platform may integrate with Third-Party Services. Your use of Third-Party Services is subject to their terms and conditions. Cathedral makes no warranties regarding Third-Party Services.

4.9 E-Commerce Integrations (Shopify)

The Platform integrates with Shopify to provide loyalty and governance features to e-commerce customers. By installing the Vora Shopify app, the Customer (merchant) acknowledges and agrees to the following:

• Data sharing: When the Vora Shopify app is installed, customer purchase data (email address, Shopify customer identifier, and order amounts) is shared with the Vora Platform to power loyalty features including XP rewards, badges, and governance participation.
• Controller and processor roles: The merchant is the data controller for customer data shared via the Shopify integration. Cathedral acts as a data processor on behalf of the merchant, processing this data only for the purposes described in this Agreement and the Data Processing Agreement. When a customer voluntarily claims a Vora account, Cathedral becomes an independent data controller for that account.
• Merchant obligations: The merchant is responsible for: (i) disclosing the Vora integration in their store's privacy policy; (ii) ensuring they have a lawful basis under applicable data protection laws to share customer data with Vora; (iii) promptly forwarding customer data subject requests to Cathedral; (iv) informing Cathedral of any data protection obligations that may affect processing.
• Loyalty profiles: Cathedral creates loyalty profiles for the merchant's customers based on purchase activity. These profiles contain only email, a pseudonymized customer identifier, and derived XP/badge data. Customers may optionally claim a full Vora account via a secure claim link.
• Data deletion on uninstall: Upon app uninstall, Cathedral will delete all merchant-associated customer data within forty-eight (48) hours. Independently claimed Vora accounts are not affected, as those customers have established a direct relationship with Cathedral under separate terms.
• Compliance webhooks: Cathedral implements mandatory Shopify compliance webhooks (customers/data_request, customers/redact, shop/redact) to honour customer and merchant data rights.

5. Service Tier and Fees

5.1 Free Service

The Platform is currently offered free of charge to Customers and Members. No subscription fees, licence fees, transaction fees, or per-vote fees apply, and no payment data is collected by Cathedral in connection with use of the Platform. The Services are provided "AS IS," without warranty of any kind beyond the warranties expressly set out in this Agreement and any mandatory consumer-protection rights that cannot be excluded under Italian or EU law.

5.2 Future Paid Tiers

Cathedral reserves the right to introduce paid tiers, optional add-ons, or usage-based pricing in the future. If Cathedral does so, it will (a) update these Terms and the Privacy Policy with at least thirty (30) days' prior notice to active Customers, (b) clearly distinguish any feature, limit, or service that becomes payable, and (c) ensure that Customers' existing data and configurations are not lost as a consequence of the change. No payment obligation arises until and unless a Customer expressly subscribes to a paid tier under a separate Order Form.

5.3 Voluntary Contributions

Cathedral may, from time to time, accept voluntary financial contributions from Customers, Members, or third parties to support the operation and development of the Platform. Voluntary contributions do not create a contractual right to additional services, support levels, or features and do not alter the legal nature of the free Service offered under this Section 5.

6. User Content and Data

6.1 Ownership of Customer Content

Customer retains all right, title, and interest in Customer Content. Nothing in this Agreement transfers any ownership rights in Customer Content to Cathedral.

6.2 License to Customer Content

Customer grants to Cathedral a non-exclusive, worldwide, royalty-free license to use, copy, store, transmit, display, modify, and create derivative works of Customer Content solely to provide the Services.

6.3 Customer Data Processing

Cathedral will process Customer Data in accordance with this Agreement, the Privacy Policy, the Data Processing Agreement, and applicable data protection laws including the GDPR.

6.4 Customer Responsibilities

Customer represents and warrants that:

• Customer has all necessary rights, consents, and permissions to submit Customer Content
• Customer Content does not violate any third-party rights or applicable laws
• Customer will comply with all applicable data protection laws
• Customer will obtain all necessary consents from Members
• Customer is solely responsible for the accuracy, quality, and legality of Customer Content
• Customer is solely responsible for the content, accuracy, legality, and appropriateness of all Customer Notification Content (email messages) delivered to Members via the Platform, and acknowledges that Cathedral acts solely as a technical intermediary for delivery

6.5 Content Restrictions

Customer agrees not to submit any content that is: unlawful, harmful, threatening, abusive, defamatory, obscene; infringes intellectual property rights; contains malware or viruses; contains personal data without appropriate consent.

6.6 Content Moderation

Cathedral reserves the right to monitor and remove Customer Content that violates this Agreement or applicable law.

6.7 Data Portability

Upon Customer's written request within ninety (90) days after termination, Cathedral will provide a copy of Customer Data in a machine-readable format.

6.8 Aggregate and Anonymized Data

Cathedral may collect, use, and disclose aggregate or anonymized data derived from Customer's use of the Services for any business purpose.

6.9 Data Handling Outside the Platform; Disclaimer of Liability

Customer is solely responsible for:

• The security and integrity of systems receiving Webhook data
• Compliance with all applicable data protection laws, including GDPR
• Obtaining and maintaining all necessary consents and legal bases
• Implementing appropriate technical and organizational measures
• Any onward transfers of such data to third parties

CATHEDRAL SHALL HAVE NO LIABILITY WHATSOEVER FOR:

• How Customer uses, processes, stores, or discloses data obtained from the Platform
• Customer's compliance or non-compliance with data protection laws outside the Platform
• Any data breach or security incident in Customer's or third-party systems
• Any claims, damages, or losses arising from Customer's handling of data after it leaves the Platform
• Customer's decisions or actions based on data obtained from the Platform

Member Behavior: Customer is solely responsible for the conduct and behavior of its Members, Authorized Users, and any other individuals who access the Platform through Customer's Organization. Cathedral shall have no liability for disputes between Customer and its Members, the accuracy or legality of votes cast, governance decisions made based on voting results, or any harm caused by Members' actions inside or outside the Platform.

Customer's Sole Responsibility: Once data leaves the Platform through any means (Webhooks, API calls, exports, downloads), Customer becomes the sole data controller and assumes full responsibility. Cathedral's role as data processor terminates upon data leaving the Platform.

7. Intellectual Property

7.1 Cathedral's Intellectual Property

The Platform, Services, Documentation, and all underlying technology are owned by Cathedral or its licensors and are protected by intellectual property laws.

7.2 License to Use Platform

Subject to compliance with this Agreement, Cathedral grants Customer a limited, non-exclusive, non-transferable licence to access and use the Platform for its internal business and governance purposes.

7.3 Restrictions

Customer shall not:

• Copy, modify, adapt, or create derivative works of the Platform
• Reverse engineer, disassemble, or decompile the Platform
• Rent, lease, sell, sublicense, or transfer the Platform to any third party
• Remove or alter any proprietary notices
• Use the Platform to develop a competing product or service
• Use automated means to access the Platform except through published APIs

7.4 Trademarks

"Cathedral," "Vora," and all related names, logos, and designs are trademarks of Cathedral. Customer may not use such marks without prior written permission.

7.5 AI Training Prohibition

Customer agrees not to use any data from the Platform to train, develop, or improve any artificial intelligence or machine learning model without Cathedral's express written consent.

7.6 Feedback

If Customer provides any Feedback to Cathedral, Customer grants Cathedral a perpetual, irrevocable, worldwide, royalty-free license to use such Feedback for any purpose.

8. Marketing and Publicity Rights

8.1 Customer Reference Rights

Subject to this Section 8, Customer grants to Cathedral the following rights during the Term of this Agreement and for one (1) year thereafter:

• Company Name and Logo: The right to use Customer's company name and logo on Cathedral's website and marketing materials to identify Customer as a customer
• Customer List: The right to include Customer's name in lists of Cathedral's customers
• Social Media: The right to mention Customer as a Cathedral customer on social media platforms, including LinkedIn, Twitter/X, and Facebook

8.2 Case Studies and Press Releases

Cathedral may request Customer's participation in case studies, press releases, and conference presentations. Such participation shall be at Customer's sole discretion and subject to Customer's prior written approval for any content that quotes Customer or describes Customer's specific use case.

8.3 License to Customer Marks

Customer grants to Cathedral a limited, non-exclusive, royalty-free license to use Customer Marks solely as permitted in this Section 8. Cathedral agrees to use Customer Marks only in the form provided and comply with any trademark usage guidelines.

8.4 Opt-Out Rights

Customer may opt out of any or all marketing and publicity rights at any time by providing written notice to legal@cathedral.technology. Upon receipt, Cathedral will cease new uses within thirty (30) days and remove existing references within sixty (60) days.

9. Privacy and Data Protection

9.1 Privacy Policy

Cathedral's collection and use of information is governed by the Privacy Policy. By using the Services, you acknowledge that you have read and understood the Privacy Policy.

9.2 GDPR Compliance

Cathedral is committed to compliance with the GDPR and other applicable data protection laws:

• Controller and Processor Roles: Customer is the data controller; Cathedral is the data processor
• Data Processing Agreement: Processing is governed by the DPA, incorporated by reference
• Lawful Basis: Customer is responsible for ensuring valid lawful bases under GDPR Article 6
• Data Subject Rights: Cathedral will assist Customer in responding to data subject requests

9.3 Sub-Processors

Customer agrees that Cathedral may engage third-party sub-processors. A current list is maintained at cathedral.technology/sub-processors.

9.4 International Data Transfers

Personal Data may be transferred outside the EEA. Cathedral ensures such transfers comply with applicable laws through Standard Contractual Clauses or other lawful mechanisms.

9.5 Data Security

Cathedral implements appropriate technical and organizational measures to protect Personal Data against unauthorized processing, loss, destruction, or disclosure.

9.6 Data Breach Notification

In the event of a Personal Data breach, Cathedral will notify Customer without undue delay and within seventy-two (72) hours of becoming aware.

9.7 Audit Rights

Customer has the right to audit Cathedral's compliance with data protection obligations, subject to appropriate confidentiality and cost allocation.

10. Acceptable Use Policy

10.1 General Conduct

Customer agrees to use the Platform only for lawful purposes and in accordance with this Agreement. Customer is responsible for ensuring all Authorized Users and Members comply.

10.2 Prohibited Uses

Customer shall not use the Platform to:

• Illegal Activities: Violate any applicable laws or regulations
• Harmful Content: Transmit defamatory, harassing, threatening, or hateful material
• Fraudulent Conduct: Engage in deceptive or misleading activity, including impersonation
• Intellectual Property Infringement: Infringe or misappropriate third-party rights
• Security Violations: Probe, scan, or test vulnerabilities; breach security measures
• Malicious Software: Transmit viruses, malware, or other destructive items
• Spam and Notification Abuse: Send unsolicited messages or communications, or use the Platform's notification features (including post-proposal-close email) to deliver promotional spam, deceptive marketing, phishing attempts, or any content unrelated to the governance activity for which consent was given
• Interference: Interfere with or disrupt the Platform or connected networks
• Unauthorized Access: Attempt to gain unauthorized access through hacking or other means
• Vote Manipulation: Manipulate voting results, create fake Members or votes

10.3 Rate Limits and Free-Tier Caps

Customer's use is subject to rate limits as specified in the Documentation. Customer agrees to implement appropriate throttling and retry mechanisms.

While the Platform is offered without monetary charge, the following per-organization free-tier ceilings apply to protect Platform stability and to keep operating costs predictable. Cathedral may revise these caps from time to time on at least thirty (30) days' notice.

• Concurrent open proposals: up to 5 active proposals at any one time per organization.
• Image uploads: up to 50 image uploads per calendar month per organization, and a total cumulative storage ceiling of 500 MB per organization across all proposals (whichever is reached first).
• AI-assisted pilot scans: up to 5 scans per rolling 7-day window and 20 scans per calendar month per organization.
• Vote submission: up to 100 votes per Authorized User per day across the Platform, with short-window burst protection.
• Proposal creation: up to 2 new proposals per Authorized User per hour, in addition to the per-organization monthly limit defined in the Documentation.

Fair use override. Cathedral may, in its reasonable discretion and without prior notice, throttle, suspend, or restrict access to specific endpoints or accounts where it identifies usage patterns that materially exceed the free-tier caps, threaten the stability of the Platform, or appear to be automated abuse. Cathedral will, where practicable, notify the affected Customer promptly after taking such action.

10.4 Security Obligations

Customer agrees to implement reasonable security measures to protect access credentials, API keys, and Member data.

10.5 Reporting Violations

Report any violations immediately to abuse@cathedral.technology.

11. Service Levels and Availability

11.1 Uptime Commitment

Cathedral will use commercially reasonable efforts to maintain Platform availability of at least 99.5% during each calendar month.

11.2 Downtime Exclusions

Downtime does not include unavailability caused by: scheduled maintenance, Force Majeure Events, Customer's equipment or network, Customer's misuse, Third-Party Services, or suspension pursuant to this Agreement.

11.3 Remedy for Sustained Unavailability

Because the Platform is currently provided free of charge (Section 5), no monetary service credits or refunds apply. If monthly availability falls below 95.0% in two (2) consecutive calendar months, Customer may, as its sole and exclusive remedy, terminate this Agreement immediately upon written notice to support@cathedral.technology, and Cathedral will assist Customer with the orderly export of its data under Section 6.

11.4 Maintenance Windows

Scheduled maintenance: Sundays from 02:00 to 06:00 CET/CEST. Cathedral will provide at least 48 hours' advance notice for scheduled maintenance.

11.5 Force Majeure

Neither party shall be liable for failure or delay in performance arising out of events beyond reasonable control.

12. Disclaimers and Warranties

12.1 Limited Warranty

Cathedral warrants that the Platform will perform substantially in accordance with the Documentation during the Term of this Agreement.

12.2 AS IS Disclaimer

EXCEPT FOR THE EXPRESS WARRANTY IN SECTION 12.1, THE PLATFORM AND SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. CATHEDRAL SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

12.3 No Warranty of Results

CATHEDRAL DOES NOT WARRANT THAT THE PLATFORM WILL MEET CUSTOMER'S REQUIREMENTS, THAT OPERATION WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE PLATFORM IS FREE OF VIRUSES.

12.4 Blockchain Disclaimer

CUSTOMER ACKNOWLEDGES THAT:

• Blockchain technology is experimental and subject to inherent risks
• Cathedral does not control the Blockchain network
• Blockchain transactions are irreversible
• Customer is solely responsible for compliance with applicable laws
• Cathedral shall have no liability for blockchain-related losses

12.5 Notification Content and Delivery Disclaimer

CATHEDRAL DOES NOT WARRANT THAT: (A) CUSTOMER NOTIFICATION CONTENT WILL BE DELIVERED SUCCESSFULLY TO ALL INTENDED RECIPIENTS; (B) EMAIL DELIVERY WILL BE TIMELY, UNINTERRUPTED, OR ERROR-FREE; (C) AUTOMATED CONTENT MODERATION WILL DETECT ALL OBJECTIONABLE, UNLAWFUL, OR INAPPROPRIATE CONTENT. CATHEDRAL MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY, LEGALITY, OR APPROPRIATENESS OF CUSTOMER NOTIFICATION CONTENT AND EXPRESSLY DISCLAIMS ANY LIABILITY ARISING THEREFROM.

12.6 Third-Party Services Disclaimer

CATHEDRAL MAKES NO WARRANTIES REGARDING THIRD-PARTY SERVICES. CUSTOMER'S USE OF THIRD-PARTY SERVICES IS AT CUSTOMER'S SOLE RISK.

12.7 Beta Services

Beta Services are provided "as is" without any warranty or support obligation. Cathedral may discontinue Beta Services at any time without liability.

13. Limitation of Liability

13.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES.

13.2 Cap on Liability

THE TOTAL CUMULATIVE LIABILITY OF CATHEDRAL ARISING OUT OF THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL AMOUNTS PAID BY CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM; OR (B) ONE THOUSAND EUROS (EUR 1,000).

13.3 Exceptions

These limitations do not apply to: indemnification obligations, breach of confidentiality, Customer's breach of restrictions or acceptable use policy, gross negligence or willful misconduct, or any liability that cannot be limited under applicable law.

13.4 Basis of the Bargain

CUSTOMER ACKNOWLEDGES THAT CATHEDRAL HAS SET ITS PRICES IN RELIANCE UPON THESE LIMITATIONS OF LIABILITY AND DISCLAIMERS, WHICH FORM AN ESSENTIAL BASIS OF THE BARGAIN.

13.5 EU Carve-Outs

For Customers in the European Union, nothing limits Cathedral's liability for: death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be limited under applicable EU or member state law.

14. Indemnification

14.1 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Cathedral and its Affiliates, officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or relating to:

• Customer Content and Customer Notification Content, including any claims of infringement, violation of third-party rights, or violation of applicable laws (including anti-spam, consumer protection, and data protection laws)
• Customer's use of the Platform in violation of this Agreement or applicable law
• Customer's breach of any representation, warranty, or obligation under this Agreement
• Any dispute between Customer and its Members, Authorized Users, or other third parties
• Customer's failure to obtain necessary consents for processing Personal Data or sending communications
• Any claims by Members or third parties arising from Customer Notification Content delivered via the Platform's email notification features, including but not limited to claims of harassment, defamation, deceptive practices, unwanted communications, or emotional distress
• Any regulatory action, fine, penalty, or enforcement proceeding brought against Cathedral by any governmental authority as a result of Customer Notification Content or Customer's use of the notification feature

14.2 Cathedral Indemnification

Cathedral shall defend and indemnify Customer against claims that the Platform infringes any patent, copyright, trademark, or trade secret of any third party, subject to certain exceptions.

14.3 Infringement Remedies

If the Platform becomes subject to an infringement claim, Cathedral may: procure the right to continue using the Platform, replace or modify the Platform to make it non-infringing, or terminate Customer's access on reasonable notice.

14.4 Indemnification Procedure

The indemnified party shall: promptly notify the indemnifying party, give sole control of defense and settlement, and provide reasonable assistance.

15. Term and Termination

15.1 Term

This Agreement commences on the Effective Date and continues until terminated in accordance with this Section 15.

15.2 Term

This Agreement remains in effect for as long as Customer maintains an active account on the Platform, unless terminated earlier in accordance with this Section 15.

15.3 Termination for Convenience

Either party may terminate this Agreement at any time for convenience by providing at least thirty (30) days' prior written notice. Customer may also terminate by deleting its account through the in-product settings.

15.4 Termination for Cause

Either party may terminate immediately if:

• The other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of written notice
• The other party becomes subject to bankruptcy or insolvency proceedings
• The other party ceases to operate in the ordinary course of business

15.5 Suspension

Cathedral may immediately suspend access if: account is more than thirty (30) days overdue, violation of Acceptable Use Policy, required by law, or continued provision could cause material harm.

15.6 Effect of Termination

Upon termination:

• All licenses immediately terminate; Customer shall cease all use of the Platform
• Customer shall pay all amounts due
• Cathedral will retain Customer Data for ninety (90) days for export requests
• Each party shall return or destroy Confidential Information
• Certain provisions survive termination (Sections 1, 4.4, 5, 6.1, 6.8, 7, 9, 12, 13, 14, 15.6, 16, 18)

15.7 No Refunds

Except as provided in Section 14.3, Customer shall not be entitled to any refund upon termination.

16. Dispute Resolution

16.1 Informal Resolution

Before initiating any formal proceeding, the parties agree to first attempt to resolve any Dispute informally. The aggrieved party shall send written notice describing the Dispute. The parties shall negotiate in good faith for at least thirty (30) days.

16.2 Arbitration Agreement

If unable to resolve through informal negotiation, Disputes shall be finally settled by binding arbitration administered by the Milan Chamber of Arbitration (Camera Arbitrale di Milano). The arbitration shall be conducted in Milan, Italy, by a single arbitrator. The language shall be English.

16.3 Arbitration Procedures

The arbitrator's award shall be final and binding. Each party shall bear its own costs, and parties shall share equally the fees of the arbitrator and arbitral institution.

16.4 Class Action Waiver

TO THE FULLEST EXTENT PERMITTED BY LAW, CUSTOMER AGREES THAT ANY DISPUTE SHALL BE RESOLVED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION.

16.5 Exceptions to Arbitration

Either party may seek injunctive relief to protect Intellectual Property Rights or Confidential Information. Claims below EUR 10,000 may be brought in the courts specified in Section 16.7.

16.6 Governing Law

This Agreement shall be governed by the laws of the Italian Republic, without regard to conflict of laws principles. The UN Convention on Contracts for the International Sale of Goods shall not apply.

16.7 Venue

For matters not subject to arbitration, the parties consent to the exclusive jurisdiction and venue of the courts of Milan, Italy.

16.8 Time Limitation

Any claim must be brought within one (1) year after the cause of action accrues, or be permanently barred.

17. Changes to Terms

17.1 Right to Modify

Cathedral reserves the right to modify these Terms at any time, including changes required for legal compliance or to address changes in the Services.

17.2 Notice of Material Changes

Cathedral will provide at least thirty (30) days' notice of material changes via email or prominent notice on the Platform.

17.3 Acceptance of Changes

Continued use of the Platform after the effective date of changes constitutes acceptance. If you do not agree, you must discontinue use before the changes take effect.

17.4 Non-Material Changes

Cathedral may make non-material changes (such as correcting typos or clarifying provisions) at any time without prior notice.

17.5 Prior Versions

Prior versions of these Terms are available upon request at legal@cathedral.technology.

18. Miscellaneous

18.1 Severability

If any provision is held invalid, it shall be modified to the minimum extent necessary or severed, and the remaining provisions shall continue in full force.

18.2 Waiver

No failure or delay in exercising any right shall operate as a waiver. Any waiver must be in writing.

18.3 Assignment

Customer may not assign this Agreement without Cathedral's prior written consent. Cathedral may freely assign this Agreement.

18.4 Force Majeure

Neither party shall be liable for failure or delay in performance arising from events beyond reasonable control.

18.5 Entire Agreement

This Agreement, together with all Order Forms, the Privacy Policy, the DPA, and any other agreements incorporated herein, constitutes the entire agreement between the parties.

18.6 Amendment

Except as provided in Section 17, this Agreement may only be amended by a written instrument signed by both parties.

18.7 Independent Contractors

The relationship between the parties is that of independent contractors. Nothing creates a partnership, joint venture, employment, or agency relationship.

18.8 No Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties. No third party has any legal or equitable right, benefit, or remedy under this Agreement.

18.9 Language

This Agreement is drafted in English. In the event of any conflict between the English version and any translation, the English version shall prevail.

18.10 Export Compliance

Customer agrees to comply with all applicable export and re-export control laws and regulations.

18.11 Interpretation per Italian Civil Code

Where this Agreement is ambiguous, it shall be interpreted in accordance with the Italian Civil Code (Codice Civile), including Articles 1321-1469.

19. Contact Information

For questions, concerns, or communications regarding these Terms of Service:

20. Crypto-Assets and MiCA Compliance

20.1 No Issuance of Crypto-Assets

Cathedral does not issue, mint, distribute, sell, or facilitate the secondary trading of any crypto-asset as defined in Article 3(1)(5) of MiCA. The Platform does not offer asset-referenced tokens, e-money tokens, or other crypto-assets within the meaning of MiCA Titles II, III, or IV. Cathedral does not act as a crypto-asset service provider ("CASP") under Title V of MiCA and does not require authorisation thereunder. Cathedral has never offered to the public, sold, marketed, or solicited the purchase of any crypto-asset.

20.2 Experience Points ("XP") — Non-Transferable Internal Accounting Unit

Within the Platform, Members may accrue "XP" (Experience Points) and visual badges as a result of in-Platform activity (such as voting, idea submission, or other engagement actions). XP and badges are exclusively an internal, non-transferable accounting and recognition mechanism. Specifically, XP and badges:

• have no monetary value, no exchange rate, and no redemption value in fiat currency, in any crypto-asset, or in any good or service of measurable economic value;
• cannot be transferred, traded, gifted, sold, exchanged, withdrawn, redeemed, or used as consideration, between Members, with Cathedral, or with any third party;
• do not represent any claim, right, equity interest, debt obligation, profit-sharing right, dividend, voting share in Cathedral, or entitlement against Cathedral or any Organization;
• are not recorded on any public distributed ledger and are not crypto-assets within the meaning of MiCA, the Italian Civil Code, or any applicable financial regulation;
• may be reset, recalibrated, suspended, or discontinued by Cathedral at any time, in whole or in part, without notice and without liability.

For the avoidance of doubt: the disclosure shown on the Platform — "XP is a non-transferable internal points system. Vora does not issue crypto-assets." — accurately reflects the legal nature of XP and badges and forms part of these Terms.

20.3 On-Chain Audit Log — Transparency Mechanism, Not an Asset

For Customers on the relevant subscription tiers, Cathedral records cryptographic commitments related to Governance Activities on a public distributed ledger via the smart contract VoteAuditLog deployed at address 0xeC0a2d350e133BA9A144340844A803FDdFfe4a77 on Base Mainnet (Chain ID: 8453), and, for Enterprise Customers, on Ethereum Mainnet (Chain ID: 1). Specifically, the audit log records:

• Merkle root commitments aggregating cryptographic hashes of individual votes;
• certifications of aggregated proposal results (in the form of SHA-256 hashes); and
• related transaction metadata (block number, transaction hash, timestamp).

The audit log is a write-only, append-only event-emission mechanism. It does not create, represent, transfer, allocate, or extinguish any unit of value, any token balance, any account balance, any holder right, or any claim of any kind. Customer and Members acknowledge that the audit log is a transparency and integrity mechanism — analogous to a cryptographic timestamp — and is not a token, not a security, not a financial instrument, not a crypto-asset, and not an issuance of any kind. Accordingly, the audit log falls outside the scope of MiCA, of the Italian Consolidated Law on Finance (D.Lgs. 58/1998, "TUF"), and of any equivalent financial regulation.

20.4 No Investment, No Financial Advice, No Solicitation

Nothing on the Platform — including the existence of XP, badges, or the on-chain audit log — constitutes an offer to sell or a solicitation of an offer to buy any crypto-asset, security, financial instrument, or investment product. Nothing on the Platform constitutes investment, legal, tax, or financial advice. Customer shall not, and shall ensure its Authorized Users and Members do not, represent or imply to any third party that participation in the Platform confers any economic, financial, investment, or speculative right or expectation of return.

20.5 Acknowledgement

By accepting these Terms or by continuing to use the Platform, Customer and each Authorized User and Member acknowledge that they have read and understood this Section 20 and accept that XP, badges, and the on-chain audit log are and shall be treated in accordance with the foregoing provisions.

Acknowledgment

BY USING THE VORA PLATFORM, CUSTOMER ACKNOWLEDGES THAT IT HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS. CUSTOMER FURTHER AGREES THAT THIS AGREEMENT IS THE COMPLETE AND EXCLUSIVE STATEMENT OF THE AGREEMENT BETWEEN CUSTOMER AND CATHEDRAL WITH RESPECT TO THE SUBJECT MATTER HEREOF.

Copyright © 2026 Vora s.r.l.s. All rights reserved.