Carrier Hub, Inc.

This Acceptable Use Policy (“AUP”) governs the use of IoT Connectivity Services provided by Carrier Hub, Inc. (“Company,” “we,” “us”) to its customers (“Customer,” “you”). These services are delivered via Vodafone Roaming SIMs operating on T-Mobile and AT&T domestic networks.

This AUP is incorporated by reference into the Carrier Hub IoT Connectivity Services Agreement (“Agreement”) and is a binding part of the contractual relationship between Company and Customer. By activating, using, or allowing use of any SIM card, IoT Platform account, or Connectivity Service provided by Company, Customer agrees to comply with this AUP.

Company reserves the right to amend this AUP at any time. Customers will be provided at least thirty (30) days written notice of material changes.

Carrier Hub’s Connectivity Services are purpose-built for machine-to-machine (M2M) and Internet of Things (IoT) data applications. The Vodafone Roaming SIMs provided by Company are provisioned specifically for IoT communications on T-Mobile and AT&T networks and are not general-purpose consumer SIMs.

Authorized Uses Include

• Telemetry, sensor data transmission, and remote monitoring
• Asset tracking and fleet management
• Smart meters, alarms, and industrial automation
• Connected devices such as routers, gateways, and embedded modules
• Any other M2M / IoT application expressly authorized in writing by Company on a Quote or Order

Customer shall not use the Connectivity Services, SIM cards, IoT Platform, or any associated equipment for any of the following purposes:

3.1 — Unauthorized Communication Types

• Voice calls of any kind (SIMs are data-only and not provisioned for voice)
• Standard SMS messaging unless expressly included and authorized in a written Quote
• General-purpose consumer internet browsing or web surfing
• Streaming audio or video content (e.g., music, video on demand, live streams)
• Peer-to-peer (P2P) file sharing or torrenting
• Tethering a SIM to a laptop, smartphone, tablet, or other non-IoT consumer device
• Operating a personal Wi-Fi hotspot or mobile broadband device for general use

3.2 — Unauthorized Devices and Configurations

• Installing a Carrier Hub IoT SIM in any device not identified in an applicable Order or expressly approved by Company in writing
• Reprogramming, relocking, or otherwise modifying SIM provisioning or APN settings without Company’s prior written consent
• Attempting to expand, exploit, or circumvent the SIM’s provisioned capabilities or network access restrictions
• Using SIMs in devices incompatible with T-Mobile or AT&T network technologies supported by the Vodafone Roaming SIM

3.3 — Network Abuse and Harmful Activity

• Any activity that adversely affects network performance, stability, or availability for other users
• Sending unsolicited bulk messages, spam, or automated nuisance traffic
• Conducting port scanning, network probing, or unauthorized penetration testing
• Launching or facilitating distributed denial-of-service (DDoS) attacks
• Attempting to gain unauthorized access to third-party networks, systems, or data
• Transmitting malware, viruses, ransomware, or any malicious code

3.4 — Illegal and Harmful Content

• Any activity that violates applicable federal, state, or local law, including laws governing data privacy, export controls, and telecommunications
• Transmitting, storing, or facilitating access to content that is unlawful, defamatory, obscene, or that infringes any intellectual property right
• Activities that facilitate fraud, identity theft, financial crimes, or any other illegal conduct

3.5 — Resale and Redistribution

• Reselling, sublicensing, or otherwise providing access to the Connectivity Services to any third party without Company’s prior written consent
• Sharing SIM cards, credentials, or access between Customer accounts or entities not authorized under the Agreement

Customer is responsible for managing SIM states through the Vodafone IoT Platform Web Management Portal or APIs in accordance with the user guide provided by Company. The following obligations apply:

• SIMs will be delivered in Inactive or Active Test state. Customer must not activate SIMs until they are ready for deployment in an authorized IoT device.
• SIMs in Active Test state are limited to 100KB of data and a maximum test duration of one week. Customer must not attempt to circumvent these test limits.
• SIMs in Active Standby or Active Suspend state incur monthly charges (€0.10/SIM/month). Customer is responsible for promptly terminating SIMs that are no longer needed to avoid ongoing charges.
• Customer must not move SIMs to Active Live state for devices or use cases not authorized under the Agreement.
• Customer is solely responsible for correct tariff assignment to each SIM. Failure to assign the correct tariff may result in unplanned overage charges for which Customer remains fully liable.

Customer’s data usage is measured on a per-kilobyte basis and rounded up to the nearest KB per individual data session, consistent with Vodafone’s billing methodology. Total invoiced data volume may be higher than raw usage data shown in IoT Platform reports due to per-session rounding.

For pooled bundle tariffs, all Active Live SIMs sharing a tariff contribute to and draw from a shared data pool. Excess usage beyond the pool allowance is charged at the applicable overage rate per MB.

Customer is solely responsible for monitoring data consumption using the tools provided through the IoT Platform. Company will make commercially reasonable efforts to provide overage alerts but does not guarantee delivery of such alerts. Receipt or non-receipt of an alert does not affect Customer’s obligation to pay all applicable charges.

The Connectivity Services depend on the network infrastructure of T-Mobile, AT&T, and the Vodafone roaming network. Company does not own or operate the underlying networks and cannot guarantee specific coverage, data speeds, latency, or uninterrupted service.

Customer Acknowledges

• Network availability varies by geographic location and is subject to change without notice based on carrier decisions.
• Vodafone may modify Connected Networks or Network Tiers at any time for commercial or regulatory reasons.
• Carrier-imposed speed reductions may occur due to network congestion, billing cycle data limits, or prioritization policies beyond Company’s control. No credits or refunds are available for such carrier-imposed practices.
• Network technologies (e.g., 4G LTE) may be retired during the Agreement term. Customer is responsible for ensuring devices remain compatible with available networks and bears all associated upgrade costs.

Customer is responsible for the physical and logical security of all SIM cards, IoT Devices, and IoT Platform credentials under its control. Specifically, Customer shall:

• Safeguard IoT Platform login credentials and API keys from unauthorized access
• Promptly report any suspected loss, theft, or unauthorized use of a SIM or IoT Platform account by writing to Carrier Hub, Inc., 10936 St. Moritz Circle, Stockton, CA 95209
• Suspend or terminate compromised SIMs immediately through the IoT Platform and notify Company without delay
• Ensure IoT Devices are adequately secured against physical tampering that could enable SIM misuse

Company reserves the right to investigate suspected violations of this AUP. Upon confirming or reasonably suspecting a violation, Company may, in its sole discretion and without prior notice:

• Suspend or terminate any SIM, service plan, or account involved in the violation
• Throttle or limit data speeds for SIMs or devices involved in the violation
• Remove SIMs from active network states to prevent further unauthorized use
• Terminate the Agreement for cause in accordance with the terms of the Agreement
• Pursue all remedies available at law and in equity, including recovery of damages, costs, and attorneys’ fees

Suspension or termination of services due to an AUP violation does not relieve Customer of its payment obligations for the remaining term of any accepted Order or Agreement.

This AUP is governed by the laws of the State of California. It does not supersede or replace any other terms of the Agreement but is incorporated into and forms part of the Agreement. In the event of any conflict between this AUP and the Agreement, the Agreement shall control.

Company’s failure to enforce any provision of this AUP in a particular instance does not constitute a waiver of its rights to enforce such provision in the future.

Questions about this AUP should be directed to Carrier Hub, Inc., 10936 St. Moritz Circle, Stockton, CA 95209.