Nohmit Incorporated d/b/a Invitrr · Effective June 1, 2026

Nohmit Incorporated d/b/a Invitrr

Effective Date: June 1, 2026 | Version: 2026-06-01

This document should be displayed in no less than twelve (12) point font on desktop interfaces and no less than fourteen (14) scaled pixels on mobile interfaces, with a minimum line-height of 1.4 and sufficient contrast to meet WCAG 2.1 AA standards. Nohmit Incorporated reserves the right to present this document in any lawful format consistent with applicable platform requirements.

NOTICE TO ALL USERS: THIS PRIVACY POLICY CONSTITUTES A BINDING LEGAL AGREEMENT BETWEEN YOU AND NOHMIT INCORPORATED. BY ACCESSING OR USING THE SERVICES IN ANY MANNER, INCLUDING BUT NOT LIMITED TO CREATING AN ACCOUNT, BROWSING ANY PORTION OF THE APPLICATION OR WEBSITE, OR SUBMITTING ANY INFORMATION TO US, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY IN ITS ENTIRETY, THAT YOU UNDERSTAND IT, AND THAT YOU AGREE TO BE BOUND BY ITS TERMS. IF YOU DO NOT AGREE WITH ANY PORTION OF THIS PRIVACY POLICY, YOUR SOLE REMEDY IS TO DISCONTINUE ALL ACCESS TO AND USE OF THE SERVICES AND TO REQUEST DELETION OF YOUR ACCOUNT AND PERSONAL INFORMATION IN THE MANNER DESCRIBED HEREIN.

SECTION 1 — INTRODUCTION, IDENTITY OF THE CONTROLLER, AND SCOPE OF THIS POLICY

Nohmit Incorporated ("Invitrr," "we," "us," "our," or the "Company") is a corporation incorporated under the laws of the Province of Ontario, Canada, with its principal place of business in Ottawa, Ontario. Invitrr operates the Invitrr mobile application, the primary consumer website accessible at invitrr.com, and any other current or future websites, mobile applications, application programming interfaces, software, features, tools, content, services, or platforms operated by or on behalf of Nohmit Incorporated that link to or reference this Privacy Policy (all of the foregoing, collectively and individually, the "Services").

This Privacy Policy ("Policy") describes in detail the manner in which Nohmit Incorporated collects, receives, generates, stores, processes, uses, discloses, transfers, retains, archives, and deletes personal information and other data in connection with your access to and use of the Services. This Policy also describes your rights with respect to your personal information and the mechanisms through which you may exercise those rights. References in this Policy to "personal information" or "personal data" mean any information relating to an identified or identifiable natural person, as that term is defined under applicable privacy legislation, including but not limited to Canada's federal Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 ("PIPEDA"); An Act Respecting the Protection of Personal Information in the Private Sector (R.S.Q., c. P-39.1), as amended by An Act to Modernize Legislative Provisions as Regards the Protection of Personal Information (2021, chapter 25, "Law 25" or "Quebec Privacy Act"); Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR"); the United Kingdom General Data Protection Regulation as retained in UK law by the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 ("UK GDPR"); the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code §§ 1798.100 et seq., "CCPA/CPRA"); and any other applicable privacy, data protection, or consumer protection statutes, regulations, or binding guidance in force in any jurisdiction in which the Services are accessed or used.

For purposes of applicable Canadian and Quebec privacy legislation, Nohmit Incorporated is the "organization" responsible for personal information under its control. For purposes of the GDPR and UK GDPR, to the extent those instruments apply, Nohmit Incorporated acts as the "data controller" with respect to personal information processed in connection with the Services. Nohmit Incorporated has designated a Privacy Officer responsible for overseeing compliance with applicable privacy legislation and for receiving and responding to privacy-related inquiries and complaints. Our Privacy Officer may be contacted at any time by email at [email protected], with the subject line "Privacy Officer — [Nature of Inquiry]." We endeavour to acknowledge receipt of all privacy inquiries within five (5) business days and to respond substantively within thirty (30) calendar days, extendable to sixty (60) calendar days where permitted by applicable law and where the complexity of the request so requires, provided that we will notify you of any such extension within the initial thirty-day period.

For individuals located in the European Economic Area or the United Kingdom, this Policy serves as the privacy notice required by Articles 13 and 14 of the GDPR and UK GDPR, respectively. Nohmit Incorporated is committed to designating a representative within the EEA and/or UK as required by Article 27 of the GDPR and UK GDPR once the volume and nature of our processing activities in those jurisdictions necessitates such designation under applicable guidance. Until such a representative is designated, inquiries from EEA and UK individuals may be directed to [email protected].

This Policy applies to all individuals who access or use the Services in any capacity, including without limitation registered users who have created an Invitrr account, individuals who browse the public-facing website without creating an account, individuals who submit their contact information through our pre-launch waitlist, hosts who create social events through the Services, attendees who request to join events, community volunteers who participate in the Bailout safety program, individuals whose personal information is transmitted to us as emergency contacts by registered users, and any other individual whose personal information we process in connection with the Services. Certain provisions of this Policy apply only to specific categories of individuals as indicated, and we have endeavoured to make those distinctions clear within the text.

SECTION 2 — ELIGIBILITY AND AGE RESTRICTIONS

The Services are exclusively directed to, and are intended for use only by, individuals who are eighteen (18) years of age or older. Invitrr does not knowingly collect, solicit, use, or disclose personal information from individuals under the age of eighteen (18). We do not knowingly collect personal information from children under the age of thirteen (13) as defined under the Children's Online Privacy Protection Act ("COPPA"), and we do not knowingly process personal data of children under sixteen (16) as defined under Article 8 of the GDPR. At the time of account creation, we require users to confirm that they are at least eighteen (18) years of age, and we record that confirmation in our database alongside the timestamp, IP address, and user agent string associated with the confirmation event. By creating an account and using the Services, you represent and warrant that you are at least eighteen (18) years of age and that you have the legal capacity to enter into a binding agreement under the laws of your jurisdiction of residence. If we discover at any time or have reasonable cause to believe that a user is under the age of eighteen (18), we reserve the right to immediately suspend or permanently terminate that user's account, deny all further access to the Services, and delete or cease processing any personal information associated with that account to the extent technically and legally feasible. If you have reason to believe that an individual under the age of eighteen (18) has created an account or otherwise submitted personal information to us through the Services, please contact us immediately at [email protected].

SECTION 3 — CATEGORIES OF PERSONAL INFORMATION WE COLLECT AND THE SOURCES FROM WHICH WE COLLECT IT

We collect personal information from multiple sources and through multiple mechanisms. The following subsections describe in detail each category of personal information we collect, the specific data elements within each category, the source of that information, and the purpose for which it is initially collected. Additional information about how we use this information is provided in Section 4. Additional information about how long we retain this information is provided in Section 8.

3.1 Information You Provide Directly. The most significant source of personal information we collect is information that you voluntarily provide to us directly through your use of the Services. When you create an Invitrr account, you provide us with your email address, which we store as your primary account identifier and which we use to authenticate your identity, to deliver one-time password verification codes, and to send you account-critical transactional communications including but not limited to security alerts, account verification notices, subscription notifications, moderation notices, and safety-related communications. You may also optionally provide your mobile telephone number in E.164 international format, which we use as an alternative authentication mechanism and for delivery of SMS-based one-time password codes and, where applicable, SMS safety alerts through our Bailout safety feature. If you create your account using a password, we store a cryptographic hash of your password using industry-standard hashing algorithms; the plaintext of your password is never stored in our database and is not accessible to any Invitrr employee or system in its original form. If you authenticate using Sign In with Apple, we store the Apple-issued subject identifier associated with your Apple identity, which is an opaque, app-specific string that does not contain or reveal your Apple ID email address; if you authenticate using Google OAuth, we store the Google-issued subject identifier ("sub claim") associated with your Google account. Both of these social authentication identifiers are stored exclusively for authentication purposes, are never returned in API responses accessible to other users, and are never used for any purpose other than authenticating your identity when you log in.

When you complete the Invitrr onboarding questionnaire, you provide us with a substantial body of profile and personality information that forms the foundation of your public profile and that is used to seed and inform our proprietary recommendation and matching systems. This information includes your first and last name, which is displayed on your profile; your date of birth, which we use to verify that you meet the age requirement and which is used to display or conceal your age on your profile in accordance with your privacy settings; your gender identity, which is a free-text field that you may complete voluntarily and which is displayed on your profile and may optionally be used in discovery filtering; your chosen username or handle, which is a unique public identifier on the platform; a freeform biography of up to five hundred (500) characters; a short vibe descriptor; a description of your hosting style if you intend to host events; your preferred role on the platform (host, guest, or both); your selection of event type preferences from a predefined list of categories; your selection of vibe and interest tags from predefined taxonomies; your responses to personality and social-style questions presented during onboarding, including your event size preference, your social energy level as indicated on a scale captured as a floating-point value between zero and one, your preferred time of day for social activities, your willingness to travel a certain distance for events, your self-described frequency of going out, your stated priorities at social events, your planning style, your preferences regarding host characteristics, and your response to personality-framing questions presented in the onboarding flow. You also provide your city and country of residence. The specific algorithms, models, weighting systems, computational processes, and proprietary methodologies through which any of the foregoing information is combined, processed, weighted, scored, vectorized, or otherwise applied to generate recommendations, match scores, feed rankings, or any other output of our systems constitute proprietary trade secrets of Nohmit Incorporated and are not disclosed in this Policy or in any other public-facing document. We describe the categories of inputs we use, and the general purposes for which we use them, but we do not and are not required to disclose the proprietary means by which those inputs are processed.

You also provide us with your profile photographs, which you upload through the application and which are stored in Cloudflare R2 object storage with access governed by signed URLs served through media.invitrr.com. All photographs uploaded to the Services are automatically submitted to our automated content moderation pipeline prior to being made publicly visible, as described in greater detail in Section 3.4. You may also optionally provide event listings including an event title, description, venue display name, neighborhood and city information, timing information, event metadata, capacity, visual assets, and tags. When you send messages to other users through the Services, the text and image content of those messages is stored in our database and, in the case of text content, is submitted to our automated content moderation pipeline. When you submit a request to attend an event, we store the content of any personal note you include with your request. When you add emergency contacts to your account, you provide us with each contact's full name, telephone number in E.164 format, relationship label, preferred notification method, and priority ranking. When you activate a Bailout safety session, you provide us with your chosen request type and an optional contextual description. When you submit an event rating following attendance at an event, we store your numerical ratings across multiple dimensions and any optional text comment you include. When you submit an identity verification selfie, we store the image file and associated challenge data as described in Section 3.5.

3.2 Information Generated Automatically Through Your Use of the Services. In addition to information you provide directly, we automatically generate and collect certain information through your interaction with the Services. When you interact with events, profiles, or other content within the application, we record a time-series log of your in-app interaction signals ("behavioral events"). Each behavioral event record captures the type of interaction (drawn from a predefined internal taxonomy of signal types that includes but is not limited to events corresponding to feed views, event card views, time spent viewing a card, swipe-accept interactions, swipe-reject interactions, search queries entered, profile views, event request submissions, conversation initiations, messages sent, conversation abandonment, and other engagement signals, totaling forty-six (46) discrete event types as of the effective date of this Policy, subject to expansion as the Services evolve); the identifier of the content object you interacted with; a JSON payload containing contextual metadata specific to the event type (such as the number of seconds spent viewing a card, the text of a search query, or the scroll depth of a feed view); the session identifier grouping this event with other events in the same user session; and the timestamp of the interaction. This behavioral event log is retained for a rolling ninety (90) day window for active users, after which records older than ninety days are incorporated into the aggregated behavioral model described below and the raw event records are permanently deleted. Following account deletion, all behavioral event records are permanently deleted within thirty (30) days as part of the data erasure cascade.

We derive from the behavioral event log, and maintain on a per-user basis, a behavioral preference model ("behavioral vector") that consists of preference weights across multiple event type dimensions, vibe dimensions, distance preferences, and temporal preferences; engagement scores, activity scores, urgency scores, and role scores derived from your interaction history; and a set of numerical signals that are used to personalize your event feed, determine the ranking of events presented to you, and inform other aspects of the recommendation experience. The behavioral vector is updated continuously as new behavioral events are logged. The specific algorithms, computational methods, mathematical formulas, model architectures, feature engineering processes, normalization techniques, weighting mechanisms, and other technical processes used to derive, update, store, and apply the behavioral vector — including but not limited to any machine learning models, statistical models, heuristic systems, or hybrid systems involved in those processes — constitute proprietary and confidential trade secrets of Nohmit Incorporated. We expressly decline to disclose any aspect of these processes beyond the input categories described in this Policy, and nothing in applicable privacy law requires us to disclose trade secret information. Our disclosure obligations under GDPR Article 13, PIPEDA Schedule 1, Law 25, and other applicable instruments are satisfied by our disclosure of the categories of personal data processed and the purposes of processing, which we provide herein.

We also collect certain device and technical information automatically when you install and use the application. This includes a stable device identifier generated by and stored in your iOS Keychain, which persists across application reinstalls and which we use for session management, device continuity tracking, and new-device security alert generation; the human-readable model name of your device, such as "iPhone"; the version number of the Invitrr application installed on your device; your Apple Push Notification service (APNs) device token, which we use exclusively to route push notifications to your device and which is never shared with any third party for advertising or targeting purposes; your device platform identifier; and the timestamp at which your device token was last registered or updated. In connection with authenticated sessions, we collect and store for each active session a cryptographic hash of the refresh token issued to that session (the raw token value is never stored on our servers), the device identifier and model associated with the session, the application version associated with the session, the IP address from which the session was established (stored in partially masked form in session management records accessible to you, and in full in server access logs retained for thirty (30) days), the session expiry timestamp, and a record of the last time the session was used. You may view your active sessions and revoke any individual session or all other sessions through the Security section of the application Settings screen.

We collect your IP address in several contexts, including in our web server access logs (retained for thirty (30) days), in our records of account creation events, in our records of policy acceptance events (retained for seven (7) years as legal evidence of consent), in our rate limiting and IP reputation systems (retained transiently in cache), and in connection with reports of suspicious activity. IP addresses are used for security purposes including rate limiting, fraud detection, and IP reputation filtering; for geographic context in certain limited circumstances; and as part of our legal records of consent. IP addresses collected as part of policy consent records are retained as legal evidence of the circumstances under which you accepted our Terms of Service and Privacy Policy.

3.3 Information We Receive From Third Parties. We receive certain personal information about you from third parties in limited circumstances. When you authenticate using Sign In with Apple, Apple transmits to us the Apple-issued subject identifier associated with your Apple identity and, on the first login only, your name and email address to the extent you choose to share them with us through the Apple authentication flow; on subsequent logins, Apple transmits only the subject identifier. When you authenticate using Google OAuth, Google transmits to us your Google-issued subject identifier, your email address, and your name as registered in your Google account. Apple's transmission of your personal information to us is governed by Apple's Privacy Policy; Google's transmission is governed by Google's Privacy Policy. When Apple notifies us of subscription events through App Store Server Notifications — including renewals, expirations, cancellations, billing retry events, and refund events — Apple transmits to us your original transaction identifier, the product identifier of your subscription, and associated event metadata. We also receive acknowledgment responses from your emergency contacts when they interact with your safety tracking page or respond to SMS alerts during an active Bailout safety session; specifically, we receive the phone number of the contact who responded and the type of acknowledgment they provided.

3.4 Content Moderation Data. All text content you submit through the Services — including messages, biographies, event descriptions, event titles, request notes, and rating comments — is submitted to the OpenAI Moderation API, a third-party automated content moderation service, for the purpose of detecting potentially harmful, abusive, or policy-violating content. The OpenAI Moderation API returns a toxicity score and category classifications for each piece of submitted content, which we store in association with the content record for moderation record-keeping purposes. Text content is submitted to the OpenAI Moderation API in hashed or encoded form where technically feasible to minimize data exposure. All image content you upload through the Services — including profile photographs, event cover photographs, and message image attachments — is submitted to the Amazon Web Services Rekognition computer vision service ("AWS Rekognition") for the purpose of detecting explicit, violent, or otherwise prohibited visual content. AWS Rekognition returns a set of label classifications and confidence scores, which we store in association with the content record. Neither OpenAI nor AWS is authorized to retain, use, or share content submitted to their respective moderation APIs for any purpose other than returning moderation results to us, and we have data processing agreements in place with each provider to this effect.

3.5 Identity Verification Data. If you choose to undergo our optional identity verification process, we collect and store your identity verification status, the timestamp of your selfie submission, and a reference to the selfie photograph stored in Cloudflare R2 object storage. The identity verification process involves your completion of a liveness challenge, which is a dynamic sequence of face orientation or expression prompts designed to confirm that you are a live person present at the time of verification rather than a static photograph or pre-recorded video. The challenge parameters, the individual frame uploads, and the completed liveness submission are processed by our internal liveness verification system. Selfie images and liveness frames are accessible exclusively to trained Trust and Safety personnel at Nohmit Incorporated who conduct verification reviews. We do not use your verification selfie to build a biometric database, we do not share it with third-party identity verification services, and we do not use it for any purpose other than confirming that the person depicted in the selfie is consistent with the profile photographs you have provided. Verification selfies are retained for a maximum of twelve (12) months following the completion or rejection of a verification review, after which they are permanently deleted, except where retention is required or permitted by applicable law in connection with a legal proceeding, regulatory investigation, or law enforcement request.

3.6 Safety and Bailout Session Data. When you activate a Bailout safety session, we create a session record that includes the unique identifier of the session; your user identifier; the type of safety request you selected; any optional contextual description you provided; the lifecycle status of the session (matching, active, escalated, resolved, cancelled, or expired); the timestamp at which the session was activated; the identifier of any community volunteer matched to your session; a single-use safety access token derived from a cryptographically secure random UUID, which is used to generate the unique URL transmitted to your emergency contacts and which expires four (4) hours after activation; the escalation level of the session, reflecting how many rounds of escalation SMS messages have been sent; a record of check-in events and missed check-ins; a record of any distress signals detected by our system (such as cessation of location updates or GPS dropout); the timestamp and method of session resolution; and internal risk scoring fields used exclusively for safety system decision-making and never returned in API responses accessible to users.

During an active Bailout session, your device transmits GPS location updates to our servers at approximately sixty (60) second intervals. Each location update record includes your latitude and longitude coordinates, the horizontal accuracy of the coordinates in metres, your direction of travel in degrees, your speed in metres per second, your device battery percentage, the type of participant transmitting the update (session owner or volunteer), and the timestamp of the update. These location updates are displayed in real time on the safety tracking page accessible to your emergency contacts via the unique safety URL, and are also made available in real time to any community volunteer matched to your session. Location updates are retained for ninety (90) days following session resolution, after which they are permanently and irrecoverably deleted. During a Bailout session, messages exchanged between you and an assigned community volunteer through the in-session chat interface are relayed exclusively through a WebSocket connection maintained by our servers and are never written to our persistent database; these messages are ephemeral by design and are purged from server memory when the session resolves, expires, or is cancelled.

3.7 Subscription, Payment, and Balance Data. We maintain subscription records including your Apple App Store original transaction identifier, the product identifier of your current subscription plan, your subscription status, your subscription expiry date, your auto-renewal preference, the App Store environment in which your subscription was issued, and the timestamp of our most recent verification of your subscription status with Apple. We also maintain a record of your consumable add-on credit balances, including the number of Super Request credits, extra request pack credits, Event Spotlight credits, Profile Boost credits, Extended Event credits, and Rewind credits associated with your account, which serves as the server-side authoritative source of truth for these balances. We do not collect, store, process, or have any access to your credit card number, bank account number, payment card expiration date, CVV/security code, billing address, or any other financial instrument details; all payment processing is performed exclusively by Apple through the App Store, and Apple's privacy policy and payment terms govern that processing.

3.8 Pre-Launch Waitlist Data. If you submitted your name, email address, city, intended role, and IP address through our pre-launch waitlist at invitrr.com prior to the public launch of the Services, we retain that information for the purpose of sending you your waitlist invitation and for the purpose of geographic launch sequencing. Waitlist data is not automatically merged with any Invitrr account you subsequently create; we rely on matching email addresses to associate waitlist records with accounts for purposes of delivering promised waitlist benefits, and we treat waitlist records and account records as separate processing contexts subject to separate consent bases.

3.9 Policy Agreement Records. We maintain an immutable append-only record of each event on which you accepted the Invitrr Terms of Service, Privacy Policy, or any other policy requiring your affirmative consent, including the version identifier of the policy accepted, the precise timestamp of acceptance, a boolean flag indicating your affirmative acceptance, a boolean flag recording your confirmation that you are at least eighteen (18) years of age, the IP address from which acceptance was submitted, and the User-Agent string of the device and application through which acceptance was submitted. These records constitute legal evidence of your informed consent and are retained for the duration of your account and for a minimum period of seven (7) years following permanent account deletion, to enable us to demonstrate compliance with applicable consent-recording obligations and to defend against any claims arising from the consent transaction.

SECTION 4 — PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL INFORMATION AND THE LEGAL BASES FOR THAT PROCESSING

We process your personal information for specific, legitimate purposes, each of which is described in this Section. For individuals in the European Economic Area or the United Kingdom, we identify alongside each purpose the legal basis under the GDPR and UK GDPR on which we rely for that processing. For individuals in Quebec, we also identify the purpose and the legal basis under Law 25. For all other Canadian users, processing is conducted in accordance with PIPEDA's consent-based and legitimate-business-need frameworks.

We process your account and authentication information for the purpose of creating and maintaining your account, verifying your identity when you log in, delivering security alerts, and providing account management features, on the legal basis of performance of a contract (Article 6(1)(b) GDPR), being the contract formed between you and Invitrr upon your acceptance of the Terms of Service. We process your profile information for the purpose of displaying your profile to other users, enabling event discovery, and enabling hosts to review your profile when considering your request to attend their events, on the legal basis of performance of a contract. We process your onboarding questionnaire responses, behavioral event data, and derived behavioral vector for the purpose of operating, personalizing, and improving our proprietary recommendation and matching systems, and for the purpose of ranking your event feed, on the legal basis of our legitimate interests in providing you with a personalized and relevant service experience (Article 6(1)(f) GDPR); we have determined that this processing is necessary for the provision of the core value proposition of the Services and that our legitimate interests in conducting it are not overridden by your interests or fundamental rights, particularly given the nature of the processing (personalization of a social discovery feed) and the transparency we provide through this Policy, and our Legitimate Interests Assessment for this processing is available upon request. We process your device and technical information for the purposes of delivering push notifications, managing your sessions, detecting suspicious or fraudulent activity, and maintaining the security and integrity of the Services, on the legal basis of our legitimate interests in operating a secure and reliable platform and, to the extent the processing is technically necessary to provide features you have requested (such as push notifications), on the basis of performance of a contract. We process your emergency contact information for the purpose of operating the Bailout safety feature and transmitting safety alerts to your designated contacts when you activate a session, on the legal basis of performance of a contract and, in circumstances where the activation of a Bailout session may indicate an imminent risk to your life or physical safety, on the additional legal basis of protection of vital interests (Article 6(1)(d) GDPR). We process your Bailout session data and real-time location updates during active Bailout sessions on the legal basis of your explicit consent given at the time of activating the session (Article 6(1)(a) and, to the extent location constitutes sensitive data in the applicable jurisdiction, Article 9(2)(a) GDPR), on the legal basis of protection of vital interests, and on the legal basis of performance of a contract. We process content moderation data for the purpose of detecting and removing policy-violating content, protecting our users from harmful content, and enforcing our Community Guidelines, on the legal basis of our legitimate interests in maintaining a safe and lawful platform and, to the extent we are legally required to remove certain categories of content, on the legal basis of compliance with a legal obligation (Article 6(1)(c) GDPR). We process subscription and payment data for the purpose of managing your subscription, gating premium features, and maintaining required financial records, on the legal basis of performance of a contract and compliance with a legal obligation. We process policy agreement records for the purpose of documenting your consent and demonstrating compliance with our consent obligations, on the legal basis of compliance with a legal obligation and our legitimate interests in legal defense. We process risk scoring data, moderation history, audit logs, suspension records, and appeal records for the purpose of enforcing our Terms of Service and Community Guidelines, maintaining platform safety, and defending against legal claims, on the legal basis of our legitimate interests in these activities and, where applicable, compliance with a legal obligation. We may process any category of personal information described in this Policy for the purpose of establishing, exercising, or defending legal claims, on the legal basis of Article 9(2)(f) GDPR where special category data is involved, and Article 6(1)(f) for all other data.

To the extent that any information you voluntarily provide — including gender identity or personal information disclosed in connection with Bailout safety events — constitutes special category data under Article 9 GDPR, we rely on your explicit consent (Article 9(2)(a)), the necessity of processing to protect your vital interests (Article 9(2)(c)) in the context of the Bailout feature, and the necessity of processing for reasons of substantial public interest (Article 9(2)(g)) where applicable. We collect gender identity only because users choose to provide it voluntarily in their profile, and we process it only for the purposes of profile display and, where you have enabled it, discovery filtering. We do not collect or infer any other special category data and we do not use any personal information you provide as a proxy for inferring racial or ethnic origin, political opinions, religious or philosophical beliefs, or other special category attributes.

SECTION 5 — HOW WE SHARE YOUR PERSONAL INFORMATION

We do not sell your personal information to third parties for monetary consideration. We do not share your personal information for cross-context behavioral advertising purposes. We do not disclose your personal information to data brokers, advertising networks, or social media companies for targeting purposes. We share your personal information only in the limited circumstances described in this Section, and in each case only to the extent necessary to accomplish the stated purpose.

We share your public profile information — which includes your first name, handle, profile photographs, biography, vibe descriptor, interest and vibe tags, event preference tags, general location at city or neighbourhood precision, membership tenure, events-attended and events-hosted counts, average host rating, and InvitrScore — with other authenticated users of the Services for the purpose of enabling social discovery, facilitating event requests, and enabling hosts to review profiles before accepting or declining requests. Your precise home-area latitude and longitude coordinates, your date of birth (unless you have enabled age display), your email address, your telephone number, your device information, your behavioral vector, your risk score, and all other information described in this Policy as "internal only" or as excluded from API responses are never shared with other users through the Services under any circumstances. The exact address and precise coordinates of an event you host are shared only with confirmed attendees — that is, users whose request to attend your event you have accepted — and are not disclosed to any other user, including users whose requests are pending or have been declined.

We share your personal information with the following categories of third-party service providers, each of whom processes your data as a data processor (or "service provider" under the CCPA) under contract with Nohmit Incorporated and subject to data processing agreements that prohibit the service provider from using your personal information for any purpose other than performing services for us: Apple Inc., to whom we transmit your APNs device token and notification payload for purposes of delivering push notifications to your device; Twilio Inc., to whom we transmit telephone numbers and message content for purposes of delivering SMS one-time password codes, security alerts, and Bailout safety alert messages to you and to your emergency contacts; Resend Inc., to whom we transmit your email address and email content for purposes of delivering transactional email communications; Cloudflare, Inc., whose R2 object storage service we use to store profile photographs, event photographs, verification selfies, and other binary assets, and whose network infrastructure serves those assets through signed URLs; Amazon Web Services, Inc., to whose Rekognition computer vision service we transmit uploaded images for automated content moderation scanning; OpenAI, LLC, to whose Moderation API we transmit text content for automated harmful-content detection; and database and caching infrastructure providers, which host and process personal data described in this Policy under data processing agreements with us. Each of the foregoing service providers is contractually prohibited from using your personal information for their own purposes, from selling it, from disclosing it to unauthorized parties, and from processing it in ways not authorized by us. We conduct due diligence on our service providers' privacy and security practices before engaging them and maintain data processing agreements with each.

We share your first name, activation timestamp, real-time GPS location, and the unique safety tracking URL with your designated emergency contacts when you activate a Bailout safety session. By adding emergency contacts to your account and activating a Bailout session, you consent to this disclosure. We share your first name, request type, and real-time GPS location with a matched community volunteer during an active Bailout session. Community volunteers are other registered Invitrr users who have voluntarily opted into the volunteer program and agreed to the volunteer terms; they are not employees or agents of Invitrr.

We may disclose personal information to government authorities, regulatory bodies, law enforcement agencies, or courts of competent jurisdiction when we are required to do so by applicable law, court order, subpoena, search warrant, regulatory demand, or other lawful legal process. We review all such requests for legal validity before complying and, where we are not legally prohibited from doing so, we will make reasonable efforts to notify you of any request for your personal information before complying, to the extent technically and legally feasible. We maintain internal records of all government data requests we receive and our responses to them. We may also disclose personal information in the good-faith belief that such disclosure is reasonably necessary to prevent or address an imminent risk of serious harm to life or physical safety; to prevent, investigate, or respond to fraud, security threats, illegal activity, or abuse of the Services; to enforce our Terms of Service, Community Guidelines, or other agreements; or to protect the rights, property, and safety of Invitrr, our users, or third parties.

In connection with a merger, acquisition, consolidation, reorganization, financing, change of control, bankruptcy, or sale of all or substantially all of our assets, personal information may be transferred to the successor entity or acquirer as part of the transaction. We will notify you of any such transaction and of any resulting change in the identity of the data controller or the applicable privacy policy through a prominent notice in the application or on our website, and through a notification sent to your registered email address, no later than thirty (30) days prior to the effective date of any material change resulting from such transaction to the extent reasonably practicable.

SECTION 6 — INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Nohmit Incorporated is incorporated in and primarily operates from Ontario, Canada. Our technical infrastructure involves service providers located in multiple countries, including but not limited to the United States of America. As a result, personal information you provide may be transferred to, stored in, and processed in countries other than the country in which you reside, including countries whose data protection laws may offer a different level of protection than the laws of your home jurisdiction.

Canada's federal privacy legislation, PIPEDA, has been recognized by the European Commission as providing adequate protection for personal data transferred from the European Economic Area under Commission Decision 2002/2/EC. This adequacy decision applies to transfers of personal data from the EEA to organizations in Canada subject to PIPEDA. Nohmit Incorporated is subject to PIPEDA and processes personal data in a manner consistent with its requirements. For transfers of personal data to service providers located in the United States — including Twilio, OpenAI, AWS, Neon, and Upstash — we rely on appropriate safeguards including Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914), where applicable, and data processing agreements that impose privacy obligations on our service providers that are substantially equivalent to those required under PIPEDA and, where applicable, the GDPR. For users in Quebec, we conduct privacy impact assessments as required by Law 25 before communicating personal information outside of Quebec to third parties, and we ensure through contractual mechanisms that such information receives protection equivalent to that provided under Quebec law. Upon request, we will provide additional information about the specific safeguards in place for any particular international data transfer.

SECTION 7 — COOKIES, TRACKING TECHNOLOGIES, AND ANALYTICS

The Invitrr iOS application does not use cookies. The Invitrr website at invitrr.com may use technically necessary session cookies for the purpose of maintaining session state during your visit; these cookies expire at the end of your browsing session and are not used for tracking, advertising, or profiling purposes. We do not use third-party advertising cookies, tracking pixels, social media cookies, or any other third-party tracking technologies on our website or in our application. We do not participate in cross-site tracking, real-time bidding, programmatic advertising, interest-based advertising, or any other form of data sharing with advertising networks or data brokers. We do not integrate with Facebook Pixel, Google Analytics, or any third-party analytics SDK within our application. All behavioral analytics and recommendation data described in Section 3.2 of this Policy are collected and processed exclusively within Invitrr's own infrastructure and are never shared with third-party analytics providers.

SECTION 8 — DATA RETENTION

We retain personal information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements, as described in this Section. Our determination of appropriate retention periods takes into account the sensitivity of the personal information, the risk of harm that could result from unauthorized use or disclosure, the technical and operational feasibility of deletion, the purposes for which the data was collected, whether those purposes could reasonably be achieved by other means, and our legal obligations.

Personal information associated with an active user account is retained for the duration of the account. Upon account deletion — whether initiated by you through the in-app deletion process or by Invitrr as a result of a Terms of Service violation — your account is immediately deactivated, which immediately removes your profile from all discovery feeds and public display and revokes all active access tokens. Following deactivation, your personal information is permanently anonymised within twenty-four (24) hours. This includes your name, email address, phone number, profile photos, date of birth, and location data. Non-personal activity data may be retained in anonymised form to improve our services, consistent with applicable privacy law under which anonymised data does not constitute personal information. Certain categories of information are retained beyond the thirty-day erasure cascade for legal compliance purposes, including audit log records documenting account creation, policy acceptance, and significant administrative actions (retained for seven years); records of account suspensions and bans and associated moderation decisions (retained for seven years); report records submitted by or about you (retained for seven years); policy consent records (retained for seven years); subscription and transaction records (retained for the period required by applicable tax and financial record-keeping law, generally seven years); and identity verification records excluding the selfie image itself (retained for seven years). Your registration email address is retained in an exclusion list for the duration of any active ban to enable enforcement of ban decisions.

Behavioral event records are subject to a rolling ninety (90) day retention window, after which records older than ninety days are incorporated into the aggregate behavioral vector and the raw event records are permanently deleted, regardless of whether your account remains active. Location update records generated during Bailout safety sessions are retained for ninety (90) days following session resolution or expiry, after which they are permanently and irrecoverably deleted. Identity verification selfie images are retained for a maximum of twelve (12) months following the completion of the verification review, after which they are permanently deleted. Liveness challenge records, including frame upload references, are retained for a maximum of ten (10) minutes from challenge creation, after which they are permanently expired and deleted.

SECTION 9 — SECURITY OF YOUR PERSONAL INFORMATION

We implement and maintain technical, administrative, and organizational security measures designed to protect your personal information against unauthorized access, acquisition, use, disclosure, alteration, destruction, or other processing in violation of applicable law or our obligations to you. These measures include, without limitation: industry-standard JSON Web Token authentication with short-lived access tokens and rotating refresh tokens; industry-standard password hashing algorithms; Transport Layer Security (TLS) encryption for all data in transit between your device and our servers, with HTTP Strict Transport Security (HSTS) headers specifying a maximum age of 31,536,000 seconds with includeSubDomains and preload directives; certificate pinning enforced in the iOS application to prevent interception of traffic by unauthorized certificate authorities; a server-side API response filter that categorically strips sensitive internal fields — including password hashes, device tokens, social authentication identifiers, risk scores, risk factors, and other internal-only fields — from all API responses, regardless of any query parameters or request modifications; rate limiting enforced at both global and per-endpoint levels with stricter limits for sensitive operations; an IP reputation system that blocks known malicious IP addresses; input validation and sanitization applied to all request bodies using schema validation and HTML stripping; and append-only audit logging of all significant administrative and system actions for accountability and forensic purposes. Access to personal data within our organization is restricted on a need-to-know basis, and all administrative access to user data requires multi-factor authentication and generates an audit log entry. We conduct periodic reviews of our security controls and engage in ongoing security testing.

Notwithstanding the foregoing, no security system is impenetrable, and we cannot guarantee that your personal information will be secure in all circumstances. The security of your account also depends in part on your own practices, including your maintenance of the confidentiality of your account credentials, your use of a strong and unique password, your prompt notification to us of any unauthorized use of your account, and your maintenance of the physical security of the devices on which you use the Services. In the event of a security incident involving unauthorized access to or acquisition of your personal information that creates a real risk of significant harm to you, we will notify the applicable regulatory authority and, where required by law, affected individuals, in accordance with applicable breach notification requirements and within the timeframes specified by applicable law, including without limitation within seventy-two (72) hours of becoming aware of a qualifying breach for reporting to the Commission d'accès à l'information under Quebec Law 25, and without undue delay for reporting to the applicable supervisory authority under the GDPR.

SECTION 10 — YOUR RIGHTS AND HOW TO EXERCISE THEM

Subject to applicable law and certain exceptions, you have the following rights with respect to your personal information, exercisable by submitting a request to [email protected] with sufficient information for us to verify your identity, including your registered email address and, for sensitive requests, a completed identity verification challenge. We will respond to all rights requests within thirty (30) calendar days of receipt, with an extension of up to sixty (60) additional days where permitted and necessary given the complexity and number of requests, provided that we notify you of any such extension within the initial thirty-day period.

Right of Access. You have the right to request confirmation of whether we process personal information about you, and if so, to receive a copy of that personal information along with supplementary information about the processing. We provide a machine-readable data export in JSON format through the Settings > Privacy > Export My Data function in the application, which generates a comprehensive export of your personal information within thirty (30) days of the request being initiated. This export includes your profile data, preference data, behavioral data, conversation history, event history, request history, safety history, and other personal information associated with your account. The export does not include the following categories of information, which are exempt from access requests under applicable law or which constitute proprietary trade secrets: internal risk scores, risk factors, and risk classification; A/B experiment assignments; the specific weighting, scoring, or ranking values in your behavioral vector; moderation results pertaining to other users' content; internal audit log entries pertaining to the actions of other users; and any information that would reveal the personal information of other individuals or the confidential business processes of Nohmit Incorporated.

Right of Rectification. You have the right to correct inaccurate personal information and, where appropriate, to have incomplete personal information completed. You may update and correct most of your personal information directly through the profile editing features of the application, including your name, biography, vibe descriptor, interests, event preferences, city, and photographs. For information that cannot be corrected through in-app features, you may submit a correction request to [email protected] with a description of the information to be corrected and the correct information.

Right to Erasure. You have the right to request the deletion of your personal information in the circumstances provided by applicable law, including where the information is no longer necessary for the purposes for which it was collected, where you withdraw consent on which processing is based and there is no other legal ground for processing, where you object to processing based on legitimate interests and there are no overriding legitimate grounds, or where the processing is unlawful. You may initiate account deletion through the Settings > Account > Delete Account function in the application, which requires re-authentication and OTP verification before proceeding. Following your confirmed deletion request, we will process your erasure within thirty (30) days in the manner described in Section 8. The right to erasure is subject to exceptions where retention is required by applicable law or is necessary for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing. You have the right to request that we restrict the processing of your personal information in certain circumstances, including where you contest the accuracy of the information, where processing is unlawful and you prefer restriction to erasure, where we no longer need the information but you require it for legal claims, or where you have objected to processing pending verification of our legitimate grounds.

Right to Data Portability. You have the right to receive personal information that you have provided to us, in a structured, commonly used, and machine-readable format (JSON), and to transmit that information to another controller without hindrance from us, in circumstances where the processing is based on consent or contract and is carried out by automated means. This right is satisfied by our data export feature described under Right of Access above.

Right to Object. Where we process your personal information on the legal basis of legitimate interests, you have the right to object to such processing at any time by contacting [email protected]. We will cease processing your personal information on that basis unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing is for the establishment, exercise, or defense of legal claims. You also have the right to object at any time to the processing of your personal information for direct marketing purposes, which we do not conduct without your prior opt-in consent.

Right to Withdraw Consent. Where we rely on your consent as a legal basis for processing — including your consent to real-time location sharing during Bailout sessions — you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent for location sharing during a Bailout session may be effected by cancelling the session. Withdrawal of consent for optional profile fields may be effected by removing that information from your profile through the in-app editing features.

Right to Lodge a Complaint. You have the right to lodge a complaint with the applicable supervisory authority if you believe we have processed your personal information in violation of applicable privacy law. In Canada, the federal authority is the Office of the Privacy Commissioner of Canada (priv.gc.ca; 1-800-282-1376). For Quebec residents, the applicable authority is the Commission d'accès à l'information du Québec (cai.quebec.ca; 1-888-528-7741). For EEA residents, the applicable authority is the data protection authority of your member state. For UK residents, the applicable authority is the Information Commissioner's Office (ico.org.uk; 0303 123 1113). We encourage you to contact us first at [email protected] so that we may attempt to resolve your concern directly.

Automated Decision-Making. We use automated processing to personalize your event feed and to score and rank events for presentation to you. This automated processing does not produce decisions that have legal effects on you or that similarly significantly affect you; it produces a personalized event feed that is purely informational and leaves all consequential decisions — such as whether to request to attend an event, or whether a host accepts your request — to human judgment. You are not subject to any decision based solely on automated processing that produces legal or similarly significant effects, and no such processing occurs in connection with the Services.

SECTION 11 — JURISDICTION-SPECIFIC DISCLOSURES AND RIGHTS

11.1 Quebec, Canada — Law 25. In addition to the rights described in Section 10, residents of Quebec have the following rights and are entitled to the following additional disclosures. You have the right to request the de-indexing of any hyperlink associated with your name that provides access to personal information that could injure your reputation or violates your dignity, or that is used contrary to law or a court order. You have the right to request that personal information provided through the Services be communicated to you or to a person or body authorized by law or regulation in a structured, commonly used technological format. Our Services are designed to collect only the personal information that is necessary for the purposes identified in this Policy (principle of data minimization). We maintain a comprehensive inventory of personal information under our control, updated in connection with each revision to this Policy. We conduct privacy impact assessments before implementing new information systems or technologies that process personal information, and before communicating personal information outside of Quebec. Our Privacy Officer is responsible for overseeing our compliance with Law 25 and for receiving complaints. This Privacy Policy is available in French at invitrr.com/privacy/fr, and where required by law, the French version governs for Quebec residents in the event of any conflict between language versions.

11.2 European Economic Area and United Kingdom — GDPR / UK GDPR. In addition to the rights described in Section 10, residents of the EEA and UK have the following additional rights. You have the right to obtain information about the safeguards we have put in place for international transfers of your personal data, which you may request by contacting [email protected]. You have the right to lodge a complaint with your national supervisory authority as described in Section 10. We are committed to maintaining records of processing activities as required by Article 30 GDPR. To the extent required by Article 27 GDPR, we are in the process of identifying and engaging an EU/UK representative. Our lawful bases for each processing activity are identified in Section 4.

11.3 California, United States — CCPA/CPRA. California residents are entitled to the following additional disclosures. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. We do not use sensitive personal information for any purpose other than those permitted under Cal. Civ. Code § 1798.121. The categories of personal information we collect are described in Section 3. The business purposes for which we collect personal information are described in Section 4. The categories of third parties with whom we share personal information are described in Section 5. We do not discriminate against you for exercising your CCPA/CPRA rights. To submit a CCPA/CPRA request, contact [email protected]; we will verify your identity before processing the request. You may designate an authorized agent to submit requests on your behalf by providing written authorization to [email protected].

SECTION 12 — CHILDREN'S PRIVACY

The Services are not directed to or intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from individuals under eighteen (18). We do not knowingly collect personal information from children under thirteen (13) as defined under COPPA, and we do not knowingly process personal data of children under sixteen (16) as defined under Article 8 GDPR. We maintain age verification records as described in Sections 2 and 3. If we become aware that we have inadvertently collected personal information from an individual under eighteen (18), we will take immediate steps to suspend the account, notify the user by email, and permanently delete the associated personal information. If you have reason to believe that someone under eighteen (18) has created an account or submitted personal information to us, please notify us at [email protected] immediately.

SECTION 13 — LINKS TO THIRD-PARTY SERVICES

The Services may contain links to or integrations with third-party websites, applications, or services that are not owned, operated, or controlled by Nohmit Incorporated. This Privacy Policy does not apply to any third-party service. We have no control over and assume no responsibility for the privacy practices, terms, or content of any third-party service. We encourage you to review the privacy policies of any third-party services you access or use in connection with the Services.

SECTION 14 — CHANGES TO THIS PRIVACY POLICY

Nohmit Incorporated reserves the right to modify this Privacy Policy at any time. We will post the updated Policy at invitrr.com/privacy and update the "Last Updated" date at the top of this Policy. Where required by applicable law, we will provide you with advance notice of material changes to this Policy — by prominent notice in the application, by email to your registered address, or by both — and where the change involves a new or different legal basis or purpose for processing your personal information that requires your consent under applicable law, we will seek your renewed consent before proceeding. Your continued use of the Services after the effective date of any modification constitutes your acknowledgment of and agreement to the modified Policy. If you do not agree with any modification, your sole remedy is to cease using the Services and request deletion of your account.

--

Nohmit Incorporated d/b/a Invitrr · Effective June 1, 2026

Nohmit Incorporated d/b/a Invitrr

Effective Date: June 1, 2026 | Version: 2026-06-01

This document should be displayed in no less than twelve (12) point font on desktop interfaces and no less than fourteen (14) scaled pixels on mobile interfaces, with minimum 1.4 line-height and sufficient contrast to meet WCAG 2.1 AA standards.

IMPORTANT LEGAL NOTICE. PLEASE READ THESE TERMS OF SERVICE IN THEIR ENTIRETY BEFORE USING THE SERVICES. THESE TERMS CONTAIN AN AGREEMENT TO ARBITRATE THAT REQUIRES, SUBJECT TO LIMITED EXCEPTIONS, THAT ALL DISPUTES BETWEEN YOU AND INVITRR BE RESOLVED BY BINDING INDIVIDUAL ARBITRATION RATHER THAN IN COURT. BY AGREEING TO ARBITRATE, YOU AND INVITRR EACH WAIVE THE RIGHT TO A JURY TRIAL AND THE RIGHT TO PARTICIPATE IN A CLASS ACTION OR CLASS ARBITRATION. THESE TERMS ALSO CONTAIN LIMITATIONS OF LIABILITY THAT LIMIT INVITRR'S LEGAL RESPONSIBILITY TO YOU. BY ACCESSING OR USING THE SERVICES IN ANY MANNER, YOU AGREE TO THESE TERMS.

SECTION 1 — THE AGREEMENT, THE PARTIES, AND DEFINITIONS

These Terms of Service (this "Agreement" or these "Terms") are entered into by and between you, an individual user of the Services ("you," "your," or "User"), and Nohmit Incorporated, a corporation incorporated under the Business Corporations Act (Ontario), carrying on business under the trade name "Invitrr," with its principal office in Ottawa, Ontario, Canada ("Invitrr," "we," "us," "our," or the "Company"). This Agreement governs your access to and use of all current and future products, features, applications, software, content, services, websites, APIs, and other offerings made available by Nohmit Incorporated, including without limitation the Invitrr mobile application (the websites at invitrr.com and its subdomains, and any other service that links to or references this Agreement (collectively, the "Services").

In this Agreement, "Content" means all text, photographs, images, audio, video, data, information, graphics, links, software, tools, documents, and other materials; "User Content" means any Content submitted, posted, uploaded, published, transmitted, or displayed by a User through the Services; "Invitrr Content" means all Content that Invitrr or its licensors make available through the Services, excluding User Content; "Host" means any User who creates and manages an event through the Services; "Attendee" means any User who requests to attend or attends an event through the Services; "Volunteer" means any User who has registered to participate in the Invitrr community volunteer program in connection with the Bailout safety feature; "Bailout" means the in-app safety feature described in Section 9; "Premium Features" means features of the Services available exclusively to users with an active Invitrr Plus subscription; "App Store" means the Apple Inc. App Store through which the Invitrr application is distributed; "Additional Policies" means Invitrr's Privacy Policy, Community Guidelines, Host Policy, Bailout Safety Policy, and any other policy, guideline, or supplemental terms published by Invitrr on invitrr.com or made available within the Services; and "Effective Date" means the date on which you first access or use the Services or the date on which these Terms are posted, whichever is earlier.

This Agreement incorporates by reference all Additional Policies, which form an integral part of the agreement between you and Invitrr. In the event of any conflict between the main body of this Agreement and any Additional Policy, the main body of this Agreement shall control unless the Additional Policy expressly provides otherwise. Invitrr may publish Additional Policies from time to time, and your continued use of the Services after publication of any Additional Policy constitutes your acceptance of that policy. You should check the Services regularly for updates to this Agreement and all Additional Policies.

SECTION 2 — ACCEPTANCE OF TERMS AND MODIFICATIONS

By accessing the Services in any manner — including but not limited to installing the Invitrr application, creating an account, browsing any portion of the website or application without creating an account, or submitting any information through the Services — you represent that you have read, understood, and agree to be bound by this Agreement in its entirety, including all Additional Policies incorporated herein. Your acceptance of this Agreement is recorded in our database, including the version of the Agreement accepted, the timestamp, your IP address, and the User-Agent string of your device, and constitutes a legally binding electronic signature under applicable electronic commerce legislation.

Invitrr reserves the right, in its sole and absolute discretion, to modify, amend, update, or replace this Agreement at any time and for any reason, with or without prior notice, subject to requirements under applicable consumer protection law. All modifications are effective immediately upon posting at invitrr.com/terms unless we specify a later effective date. Where applicable law requires advance notice of material modifications, we will provide such notice through a prominent notice in the application, by email to your registered address, or both, and where applicable law requires your renewed consent for certain changes, we will seek it. Subject to the foregoing, your continued use of the Services after the effective date of any modification constitutes your binding acceptance of the modified Terms. If you do not agree with any modification, you must immediately cease all use of the Services and request deletion of your account. Invitrr is not obligated to provide modification notices beyond what is required by applicable law, and your responsibility to review these Terms periodically is a material condition of this Agreement.

SECTION 3 — ELIGIBILITY

The Services are available only to individuals who are at least eighteen (18) years of age, who have the legal capacity to form a binding contract under the laws of their jurisdiction of residence, who are not barred from receiving services under applicable law, and who have not previously been permanently banned from the Services. By creating an account or using the Services, you represent and warrant that you satisfy all of the foregoing eligibility conditions. If you are creating an account or using the Services on behalf of a legal entity, you represent and warrant that you have the authority to bind that entity to this Agreement. We maintain irrefutable records of your age confirmation at the time of account creation, and we reserve the right to require you to provide additional verification of your age or identity at any time. If we determine that you do not meet the eligibility requirements of this Section, we may immediately terminate your account and all associated rights under this Agreement without notice and without liability, except where liability cannot be excluded under applicable law.

SECTION 4 — ACCOUNT REGISTRATION AND SECURITY

To access the full functionality of the Services, you are required to create an account. You agree to provide accurate, current, complete, and non-misleading information during the account registration process and at all times thereafter, and to promptly update your information to maintain its accuracy. You may not register using the identity of another person, a false identity, a pseudonym that is intended to deceive other users or Invitrr, or automated means. You may maintain only one account; the creation of multiple accounts by the same individual, whether using the same or different identity information, is prohibited. You are solely and entirely responsible for maintaining the confidentiality and security of your account credentials, including your password, one-time authentication codes, and any device on which you remain logged in, and you bear full responsibility for all activities, transactions, and submissions that occur under your account whether or not authorized by you. You must notify Invitrr immediately at [email protected] if you become aware of any unauthorized access to or use of your account. Notwithstanding the foregoing, Invitrr reserves the right to take any account management actions it deems appropriate to protect the integrity of the Services, including the right to terminate, suspend, or restrict access to accounts at any time in our sole and absolute discretion. Invitrr will not be liable for any loss or damage you suffer as a result of unauthorized use of your account where such loss results from your failure to maintain the security of your credentials or your failure to promptly notify Invitrr of unauthorized access.

SECTION 5 — LICENSE TO USE THE SERVICES; RESTRICTIONS

Subject to your full and continuous compliance with this Agreement and all Additional Policies, Invitrr grants you a limited, personal, revocable, non-exclusive, non-transferable, non-sublicensable license to download, install, and use the Invitrr application on a single iOS device that you own or control, and to access and use the Services through the application and the website, solely for your own personal, non-commercial purposes and in strict accordance with this Agreement. This license does not include any right to: (a) sublicense, sell, resell, transfer, assign, or otherwise commercially exploit the Services or any portion thereof; (b) modify, adapt, translate, reverse engineer, decompile, disassemble, decrypt, or create derivative works of the Services or any portion thereof, including without limitation any source code, object code, algorithms, machine learning models, data models, recommendation systems, matching systems, or other proprietary components of the Services; (c) access the Services through any means other than the officially provided application and website interfaces, including without limitation through any API access not expressly authorized by Invitrr; (d) access, harvest, scrape, index, or query the Services or any data therein using any automated tool, bot, spider, crawler, script, browser plugin, or other automated means; (e) frame, mirror, or otherwise incorporate any portion of the Services into any other website or application; (f) remove, alter, or obscure any copyright, trademark, patent, or other proprietary notice in or on the Services; or (g) use the Services for any unlawful purpose or in violation of any applicable law. This license is effective from the date you first access the Services until terminated by either party in accordance with Section 16.

SECTION 6 — INTELLECTUAL PROPERTY

All rights, title, and interest in and to the Services — including without limitation all software, source code, object code, algorithms, mathematical models, machine learning models, statistical models, recommendation and matching systems, behavioral analysis systems, safety systems, risk scoring systems, data structures, databases, user interfaces, visual design, graphics, trademarks, service marks, trade names, trade secrets, proprietary processes, methodologies, know-how, and all intellectual property embodied in or constituting the Services — are owned by Nohmit Incorporated or its licensors and are protected under the laws of Canada, the United States, and all other applicable jurisdictions, including the Trademarks Act (Canada), the Copyright Act (Canada), the Trade Secrets Protection Act (Ontario), and equivalent legislation in other jurisdictions. The Services are made available to you under the limited license described in Section 5, and no provision of this Agreement shall be construed as transferring, assigning, or granting to you any ownership interest in, or any license beyond the limited license described in Section 5 with respect to, any Invitrr intellectual property. You specifically acknowledge that Invitrr's recommendation engine, vibe matching systems, event ranking algorithms, user risk scoring systems, behavioral modeling systems, content moderation pipeline, and all related proprietary processes and methodologies constitute trade secrets of Nohmit Incorporated that provide us with significant competitive advantages; that you have no right to access, reverse engineer, reproduce, circumvent, or disclose any aspect of these systems or processes; and that any attempt to do so would cause irreparable harm to Invitrr for which monetary damages would be an inadequate remedy. You agree that Invitrr shall be entitled to seek injunctive relief, without the requirement to post any bond or other security, in addition to all other remedies available at law or in equity, in the event of any actual or threatened violation of this Section. The "Invitrr" name and word mark, the Invitrr logo, and all related brand identifiers are trademarks or registered trademarks of Nohmit Incorporated. All other trademarks, service marks, and trade names appearing in the Services are the property of their respective owners.

SECTION 7 — USER CONTENT

You retain ownership of all User Content you submit through the Services, subject to the license granted to Invitrr in this Section and the rights granted to other users as described herein. By submitting any User Content to the Services — including without limitation profile photographs, biographical information, vibe and interest tags, event listings, messages, request notes, ratings, reviews, and any other content you contribute — you grant to Nohmit Incorporated and its successors and permitted assigns a non-exclusive, worldwide, royalty-free, fully paid, sublicensable, perpetual (or, where applicable law prohibits perpetual licenses, for the maximum duration permitted), irrevocable license to use, store, copy, reproduce, adapt, translate, modify, perform, display, publish, distribute, transmit, broadcast, syndicate, index, archive, create derivative works of, and otherwise exploit your User Content in any medium and by any means now known or hereafter devised, in connection with the operation, provision, promotion, improvement, and development of the Services and of any current or future product or service of Nohmit Incorporated, including for the purposes of content moderation, safety monitoring, machine learning model training, quality assurance, research, and product development. The license granted in this Section survives the deletion of your User Content or your account to the extent that copies of your User Content have been made by other users, cached by our systems, or are necessary for Invitrr to comply with its legal obligations or enforce its rights.

By submitting User Content, you represent and warrant that: (a) you own the User Content or have all necessary rights, licenses, consents, and releases to submit it to the Services and to grant the rights and licenses described in this Section; (b) the User Content does not and will not violate, misappropriate, or infringe any third-party intellectual property right, privacy right, right of publicity, moral right, or other proprietary or legal right; (c) the User Content does not contain any information that you do not have the right to disclose, including any confidential information of a third party; (d) the User Content complies with this Agreement and all Additional Policies and with all applicable laws; (e) the User Content is not false, inaccurate, misleading, or deceptive; and (f) you have obtained all necessary consents from any identifiable individuals depicted in the User Content, including their consent to appear in the content and to have it published on the Services. You acknowledge that Invitrr does not pre-screen User Content, and that Invitrr is not responsible for any User Content submitted by any user, including User Content that is unlawful, harmful, inaccurate, or objectionable. Invitrr reserves the right, but is not obligated, to review, monitor, refuse, remove, hide, flag, or restrict access to any User Content, at any time and for any reason, in our sole and absolute discretion, without notice and without liability.

If you submit ideas, suggestions, enhancement requests, feature requests, feedback, or other proposals regarding the Services or any aspect of Invitrr's business to us by any means (collectively, "Feedback"), you grant Invitrr an irrevocable, perpetual, worldwide, royalty-free, fully paid, sublicensable, transferable license to use, implement, modify, incorporate, and commercialize any Feedback without any obligation to compensate you, seek your approval, provide attribution, or account to you in any way.

SECTION 8 — PROHIBITED CONDUCT

You agree that, in connection with your use of the Services, you will not, and will not attempt, encourage, facilitate, or assist any other person to, engage in any of the following prohibited activities: using the Services in any manner inconsistent with this Agreement or any Additional Policy; using the Services in any manner that violates any applicable federal, provincial, state, local, or international law or regulation; accessing or using the Services if you are under eighteen (18) years of age or if you have been previously permanently banned; creating multiple accounts, creating accounts using automated means, or creating an account on behalf of another person without that person's express written consent; impersonating any person or entity, including without limitation any Invitrr employee, administrator, or other user, or misrepresenting your affiliation with any person or entity; misrepresenting your identity, age, location, or any other information in your profile, event listings, or communications; accessing or attempting to access any other user's account, computer systems, or data without authorization; using any automated tool, bot, script, spider, crawler, or other automated mechanism to access, query, scrape, harvest, or extract data from the Services; circumventing, disabling, defeating, or interfering with any security feature, rate limiting mechanism, authentication system, content moderation system, or other protective measure of the Services; attempting to probe, scan, or test the vulnerability of any system or network of Invitrr or any of its service providers; reverse engineering, decompiling, disassembling, decrypting, or otherwise attempting to discover the source code, underlying algorithms, models, formulas, or proprietary processes of the Services; transmitting any User Content that infringes, misappropriates, or violates any third-party intellectual property right, privacy right, or other proprietary right; transmitting any User Content that is unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, sexually explicit, or otherwise objectionable; transmitting any User Content that contains nudity, explicit sexual content, content that exploits or depicts minors, hate speech, content that promotes violence or terrorism, or any other content prohibited by applicable law or our Community Guidelines; using the Services to send spam, chain letters, pyramid schemes, or other unsolicited commercial communications; using the Services to collect, harvest, or store personal information of other users without their consent or for any purpose not expressly permitted by this Agreement; using the Services to conduct any fraudulent, deceptive, or misleading activity; using the Services to facilitate the purchase, sale, or exchange of any goods or services not authorized by Invitrr; using the Services for any commercial purpose not expressly authorized in writing by Invitrr; using the Services in a manner that could damage, disable, overburden, impair, or interfere with the operation of the Services or the servers or networks connected to the Services; introducing malicious code, viruses, trojans, ransomware, spyware, or other harmful programs into the Services; taking any action that imposes an unreasonable load on the infrastructure supporting the Services; reproducing, duplicating, copying, selling, reselling, or otherwise commercially exploiting any portion of the Services; framing or mirroring any portion of the Services on any other website or application; using the Services to obtain unauthorized access to any other computer systems, data, or resources; violating the privacy of any user of the Services, including by sharing, publishing, or threatening to publish any user's personal information without their consent; misusing the Bailout safety feature, including without limitation activating Bailout sessions in bad faith, repeatedly, or for purposes other than genuine personal safety needs; and engaging in any other conduct that Invitrr determines, in its sole and absolute discretion, to be harmful, unlawful, fraudulent, or contrary to the spirit and purpose of the Services.

SECTION 9 — THE BAILOUT SAFETY FEATURE — IMPORTANT LIMITATIONS AND DISCLAIMERS

The Bailout feature is an in-application personal safety tool that is designed to assist users who are in uncomfortable or unsafe social situations by transmitting safety alerts to their pre-configured emergency contacts, connecting them with a nearby community volunteer, and sharing their real-time GPS location with their emergency contacts and volunteer during the session. The following limitations and disclaimers apply to your use of the Bailout feature and are an essential part of this Agreement.

BAILOUT IS NOT AN EMERGENCY SERVICE. The Bailout feature is not a substitute for calling local emergency services. In any situation involving an immediate threat to life, personal safety, or property, you must call your local emergency number — 911 in Canada and the United States, 999 in the United Kingdom, 112 in the European Union and many other jurisdictions — immediately. The Bailout feature does not summon police, fire departments, medical personnel, or any other emergency service. It does not connect you with trained crisis counselors or mental health professionals. It does not guarantee a response of any kind. Invitrr is a technology company and not an emergency services provider, a security company, a crisis intervention organization, or a law enforcement body.

NO GUARANTEE OF VOLUNTEER AVAILABILITY. The availability of community volunteers is entirely dependent on the voluntary participation of other Invitrr users and may be unavailable in your geographic area, at the time you activate the feature, or at any time without notice.

NO GUARANTEE OF TECHNICAL RELIABILITY. The Bailout feature depends on continuous internet connectivity, accurate GPS signal, functioning mobile device hardware, and the reliable operation of third-party SMS delivery services. Invitrr makes no warranty that the feature will function correctly or at all in any particular circumstance, and we disclaim all liability for any failure, malfunction, delay, or inaccuracy of the Bailout feature.

VOLUNTEER DISCLAIMER. Community volunteers are ordinary Invitrr users who have voluntarily opted into the volunteer program. They are not employees, agents, contractors, or representatives of Invitrr. Invitrr does not train, supervise, direct, control, or compensate volunteers, and Invitrr makes no representation regarding the qualifications, competence, character, or reliability of any volunteer. Your interaction with any volunteer is at your own risk, and Invitrr is not responsible for any act or omission of any volunteer.

YOUR SOLE REMEDY. If you are dissatisfied with the Bailout feature or if the Bailout feature fails to function as described, your sole remedy is to cease using the feature and to contact local emergency services directly. You acknowledge that the limitations of liability in Section 13 apply to all claims arising from your use of or reliance on the Bailout feature.

SECTION 10 — SUBSCRIPTIONS AND PAYMENT TERMS

Invitrr offers a free tier of access to the Services and a premium subscription tier ("Invitrr Plus") offering access to Premium Features. Subscriptions to Invitrr Plus are offered at the prices and on the terms described within the application at the point of purchase, which are subject to change from time to time upon notice as required by applicable law. All subscriptions and in-app purchases, including consumable add-on credits, are processed exclusively through the Apple App Store and are subject to Apple's payment terms, billing policies, and refund policies. Invitrr does not independently process payment card transactions and does not have access to your payment instrument details. You authorize Apple to charge the applicable subscription or purchase fee to the payment method on file with your Apple ID at the time of purchase and, for recurring subscriptions, at the beginning of each renewal period unless you cancel the subscription before the renewal date. Subscription fees are non-refundable except as required by applicable law or as provided in Apple's refund policy. Consumable add-on credits are non-refundable, have no monetary value outside the Services, and cannot be transferred to another account, redeemed for cash, or carried over following account deletion or termination. Invitrr reserves the right to modify, suspend, or discontinue any subscription plan, pricing, feature, or add-on credit type at any time upon notice as required by applicable law. If we modify the features included in your subscription plan to your material detriment, we will provide notice and an opportunity to cancel your subscription before the modification takes effect. Failure by Apple to collect your subscription payment will result in the immediate suspension of your access to Premium Features without notice. If your account is suspended or terminated by Invitrr for violation of this Agreement, you will not be entitled to a prorated refund of any subscription fees paid, except where required by applicable consumer protection law.

SECTION 11 — THIRD-PARTY SERVICES AND CONTENT

The Services may contain links to, integrations with, or features that depend upon third-party websites, applications, services, or content ("Third-Party Services"). Invitrr does not own, operate, control, endorse, or assume any responsibility for any Third-Party Service. Your access to and use of any Third-Party Service is governed exclusively by the terms and privacy policies of that Third-Party Service and is at your own risk. Invitrr shall not be liable for any harm, loss, or damage arising from your use of any Third-Party Service. The Services are distributed through the Apple App Store, and your use of the Services is subject to Apple's applicable usage rules and terms, which are incorporated into this Agreement by reference.

SECTION 12 — DISCLAIMER OF WARRANTIES

THE SERVICES, ALL CONTENT, AND ALL FEATURES MADE AVAILABLE THROUGH THE SERVICES ARE PROVIDED "AS IS," "AS AVAILABLE," AND "WITH ALL FAULTS," WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, INVITRR AND ITS PARENT COMPANIES, SUBSIDIARIES, AFFILIATES, LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS, AND DIRECTORS (COLLECTIVELY, THE "INVITRR PARTIES") EXPRESSLY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, ACCURACY, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE, OR OTHERWISE. THE INVITRR PARTIES MAKE NO WARRANTY THAT: (A) THE SERVICES WILL MEET YOUR REQUIREMENTS; (B) THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE; (C) THE RESULTS OBTAINED FROM USE OF THE SERVICES WILL BE ACCURATE, RELIABLE, OR SATISFACTORY; (D) ANY ERRORS OR DEFECTS IN THE SERVICES WILL BE CORRECTED; (E) THE SERVICES OR THE SERVERS THAT MAKE THE SERVICES AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; (F) ANY CONTENT ON THE SERVICES IS ACCURATE, COMPLETE, CURRENT, OR NOT MISLEADING; (G) ANY USER, HOST, ATTENDEE, OR VOLUNTEER IS WHO THEY REPRESENT THEMSELVES TO BE; OR (H) THE BAILOUT FEATURE WILL FUNCTION WITHOUT INTERRUPTION OR WILL RESULT IN ANY PERSON BEING REACHED OR ASSISTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM INVITRR OR THROUGH THE SERVICES, WILL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT. TO THE EXTENT THAT ANY WARRANTY CANNOT BE DISCLAIMED UNDER APPLICABLE LAW, THE INVITRR PARTIES LIMIT THE DURATION AND REMEDY OF SUCH WARRANTY TO THE MINIMUM PERIOD AND REMEDY PERMITTED BY APPLICABLE LAW. SOME JURISDICTIONS, INCLUDING QUEBEC, DO NOT ALLOW THE DISCLAIMER OF CERTAIN STATUTORY WARRANTIES; IN SUCH JURISDICTIONS, THE FOREGOING DISCLAIMER APPLIES TO THE FULLEST EXTENT PERMITTED BY LAW.

SECTION 13 — LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL ANY OF THE INVITRR PARTIES BE LIABLE TO YOU OR TO ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR ENHANCED DAMAGES OF ANY KIND WHATSOEVER, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, THE SERVICES, OR ANY CONTENT, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS OR REVENUE, LOSS OF BUSINESS OR BUSINESS OPPORTUNITY, LOSS OF GOODWILL, LOSS OF DATA, LOSS OF ANTICIPATED SAVINGS, LOSS OF REPUTATION, PERSONAL INJURY, PROPERTY DAMAGE, OR ANY OTHER TANGIBLE OR INTANGIBLE LOSS, REGARDLESS OF WHETHER SUCH DAMAGES ARE FORESEEABLE OR WHETHER INVITRR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND REGARDLESS OF THE LEGAL THEORY ON WHICH SUCH DAMAGES ARE SOUGHT, INCLUDING BUT NOT LIMITED TO CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, STATUTORY LIABILITY, OR OTHERWISE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE INVITRR PARTIES' TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS OF ANY KIND ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, THE SERVICES, OR ANY CONTENT, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, STATUTE, OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE GREATER OF: (A) THE TOTAL AMOUNT OF FEES ACTUALLY PAID BY YOU TO INVITRR THROUGH THE APP STORE IN THE TWELVE (12) CALENDAR MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH THE CLAIM AROSE; OR (B) ONE HUNDRED CANADIAN DOLLARS (CAD $100.00). THE FOREGOING LIMITATIONS APPLY EVEN IF THE EXCLUSIVE REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE.

YOU ACKNOWLEDGE AND AGREE THAT INVITRR HAS ENTERED INTO THIS AGREEMENT IN RELIANCE ON THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION, AND THAT THESE LIMITATIONS REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN THE PARTIES AND ARE A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN YOU AND INVITRR, WITHOUT WHICH INVITRR WOULD NOT BE ABLE TO PROVIDE THE SERVICES ON THE ECONOMIC TERMS OFFERED. SOME JURISDICTIONS, INCLUDING QUEBEC, DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN CATEGORIES OF DAMAGES; IN SUCH JURISDICTIONS, THE FOREGOING LIMITATIONS AND EXCLUSIONS APPLY TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

SECTION 14 — INDEMNIFICATION

To the fullest extent permitted by applicable law, you agree to indemnify, defend, and hold harmless the Invitrr Parties from and against any and all claims, actions, demands, proceedings, liabilities, losses, damages, costs, and expenses (including reasonable legal and professional fees and disbursements) arising out of or relating to, directly or indirectly: (a) your access to or use of the Services, including your use of any information obtained through the Services; (b) your User Content, including any claim that your User Content infringes, misappropriates, or violates any third-party right; (c) your violation of any provision of this Agreement or any Additional Policy; (d) your violation of any applicable law, regulation, or the rights of any third party; (e) any event that you organize or host through the Services, including any injury, loss, or damage suffered by any guest or third party in connection with your event; (f) your interaction with any other user, host, attendee, or volunteer through the Services; (g) any misrepresentation you make to Invitrr or to other users; or (h) your willful misconduct or gross negligence. Invitrr reserves the right to assume exclusive control of the defense and settlement of any matter for which you are required to indemnify us under this Section, at your expense, and you agree to cooperate fully with our defense of any such claim and not to settle any such claim without our prior written consent.

SECTION 15 — DISPUTE RESOLUTION, ARBITRATION, AND CLASS ACTION WAIVER

15.1 Informal Resolution. Before initiating any formal dispute resolution proceeding, you agree to attempt to resolve any dispute, claim, or controversy arising out of or relating to this Agreement, the Additional Policies, the Services, or the relationship between you and Invitrr (each, a "Dispute") informally by sending a written notice to [email protected] describing the nature of your Dispute and the relief you are seeking ("Notice of Dispute"). We agree to attempt to resolve each Dispute through good-faith informal negotiation for a period of sixty (60) calendar days from our receipt of a Notice of Dispute (the "Informal Resolution Period"), which may be extended by mutual written agreement. Compliance with this informal resolution process is a condition precedent to initiating any formal proceeding, and you agree not to initiate any formal proceeding until the expiration of the Informal Resolution Period. This informal resolution requirement does not apply to any claim for emergency injunctive relief.

15.2 Binding Arbitration. If a Dispute is not resolved during the Informal Resolution Period, and subject to the exceptions in Section 15.5, you and Invitrr each agree that the Dispute shall be submitted to and resolved exclusively by final and binding arbitration administered by the ADR Institute of Canada, Inc. ("ADRIC") pursuant to the ADRIC Arbitration Rules as in effect at the time the arbitration is initiated ("ADRIC Rules"), except to the extent those rules are inconsistent with this Agreement, in which case this Agreement shall govern. The arbitration shall be conducted in the English language. The seat and juridical place of arbitration shall be Ottawa, Ontario, Canada, though the arbitration may be conducted remotely by videoconference at the election of both parties. The number of arbitrators shall be one (1), appointed in accordance with the ADRIC Rules, unless the aggregate amount in dispute exceeds five hundred thousand Canadian dollars (CAD $500,000.00), in which case the number of arbitrators shall be three (3). The arbitrator shall have the authority to award any remedy that a court of competent jurisdiction could award, including monetary damages, declaratory relief, and injunctive relief on an individual basis, but subject to the limitations of liability in Section 13. The arbitrator shall not have authority to award any remedy that would otherwise be prohibited by this Agreement. The arbitration award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction. The costs and expenses of the arbitration, including the arbitrator's fees, shall be allocated between the parties in accordance with the ADRIC Rules; each party shall bear its own legal fees and costs unless the arbitrator awards otherwise. All arbitration proceedings and all related documents and communications shall be maintained in strict confidence by the parties, their representatives, and the arbitrator, and neither party shall disclose the existence, content, or results of any arbitration to any third party without the prior written consent of the other party, except as necessary to enforce an arbitration award or as required by law.

15.3 Class Action and Collective Proceeding Waiver. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EACH OF YOU AND INVITRR AGREES TO BRING ANY DISPUTE ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF, CLAIMANT, OR CLASS MEMBER IN ANY PURPORTED CLASS ACTION, COLLECTIVE ACTION, PRIVATE ATTORNEY GENERAL ACTION, MULTI-PARTY ARBITRATION, OR CONSOLIDATED OR REPRESENTATIVE PROCEEDING. THE ARBITRATOR SHALL NOT HAVE THE AUTHORITY TO PRESIDE OVER ANY CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING OR TO CONSOLIDATE THE ARBITRATION WITH ANY OTHER ARBITRATION OR PROCEEDING. IF A COURT OF COMPETENT JURISDICTION DETERMINES THAT THIS CLASS ACTION WAIVER IS INVALID OR UNENFORCEABLE WITH RESPECT TO A PARTICULAR CLAIM, THE PARTIES AGREE THAT THAT CLAIM SHALL BE SEVERED FROM THE ARBITRATION AND PROCEED IN A COURT OF COMPETENT JURISDICTION IN ONTARIO, CANADA, WHILE ALL OTHER CLAIMS THAT ARE SUBJECT TO ARBITRATION SHALL PROCEED INDIVIDUALLY IN ARBITRATION.

15.4 Governing Law; Jurisdiction for Non-Arbitrable Claims. This Agreement and all Disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of the Province of Ontario and the applicable federal laws of Canada, without giving effect to any choice-of-law or conflict-of-law provisions. To the extent any Dispute falls within the exceptions to arbitration described in Section 15.5 or if the arbitration agreement is found unenforceable, you and Invitrr each irrevocably consent to the exclusive personal jurisdiction of the courts of the Province of Ontario, Canada, and waive any objection to the laying of venue in those courts or any claim that those courts are an inconvenient forum.

15.5 Exceptions to Arbitration. Notwithstanding Section 15.2, either party may bring an individual action in a court of competent jurisdiction to: (a) seek emergency or interim injunctive or other provisional relief to prevent irreparable harm pending the resolution of the underlying Dispute through arbitration; (b) enforce an arbitration award; or (c) pursue a claim that applicable law expressly mandates may not be submitted to pre-dispute mandatory arbitration.

15.6 Limitation Period. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY CLAIM OR CAUSE OF ACTION ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE SERVICES, OR ANY CONTENT MUST BE FILED WITHIN ONE (1) CALENDAR YEAR FROM THE DATE ON WHICH THE CLAIM OR CAUSE OF ACTION AROSE, AFTER WHICH IT WILL BE FOREVER BARRED, REGARDLESS OF ANY STATUTE OF LIMITATIONS OR OTHER LAW TO THE CONTRARY. The one-year limitation period in this Section does not apply where applicable consumer protection law in the user's jurisdiction mandates a longer limitation period that cannot be contractually shortened, in which case the minimum limitation period required by applicable law shall apply.

15.7 Severability of Dispute Resolution Provisions. If any portion of this Section 15 other than the class action waiver is found to be invalid or unenforceable, the remainder of this Section 15 shall continue in full force and effect. If the class action waiver in Section 15.3 is found invalid or unenforceable, the entire agreement to arbitrate in Section 15.2 shall be null and void as to the claim for which the waiver was found invalid, and such claim shall proceed in court.

15.8 Right to Opt Out. You may opt out of the arbitration agreement in Section 15.2 within thirty (30) days of the date you first accept these Terms by sending a written notice to [email protected] with the subject line "Arbitration Opt-Out" and including your name, the email address associated with your account, and a statement that you wish to opt out of the arbitration agreement. Opting out does not affect any other provision of this Agreement. If you opt out, any Dispute must be brought in a court of competent jurisdiction in Ontario, Canada, and you and Invitrr each consent to personal jurisdiction in those courts.

SECTION 16 — TERMINATION

This Agreement commences when you first access or use the Services and continues until terminated. You may terminate this Agreement at any time by permanently deleting your account through the in-app account deletion process. Invitrr reserves the right, in its sole and absolute discretion, to terminate or suspend your account and your access to all or any part of the Services at any time, with or without cause, with or without notice, effective immediately, without liability to you except as required by applicable law. Without limiting the foregoing, Invitrr may terminate or suspend your account for any violation or suspected violation of this Agreement or any Additional Policy, for any conduct that Invitrr determines to be harmful to other users or the Services, for any fraudulent or abusive activity, for any extended period of account inactivity, or for any other reason in our sole and absolute discretion. Upon termination of your account for any reason: (a) your license to access and use the Services is immediately and automatically revoked; (b) you must immediately cease all use of the Services; (c) all provisions of this Agreement which by their nature should survive termination shall survive, including without limitation Sections 1, 5 (restrictions only), 6, 7, 9 (disclaimers), 12, 13, 14, 15, 16, and 17; and (d) Invitrr may retain and process your personal information in accordance with the Privacy Policy and applicable law. Where applicable consumer protection law affords you the right to notice before termination, such notice will be provided to the extent required.

SECTION 17 — GENERAL PROVISIONS

This Agreement, together with the Privacy Policy and all Additional Policies incorporated herein by reference, constitutes the entire agreement between you and Invitrr with respect to your use of the Services and supersedes all prior agreements, representations, warranties, negotiations, and understandings, whether oral or written, between you and Invitrr relating to the same subject matter. If any provision of this Agreement is held by a court or arbitrator of competent jurisdiction to be invalid, illegal, void, or unenforceable for any reason, that provision shall be deemed modified to the minimum extent necessary to make it valid and enforceable, and the remainder of this Agreement shall continue in full force and effect as if the invalid provision had never been included; provided that if the invalid provision cannot be modified to be made valid and enforceable, it shall be severed from this Agreement. Invitrr's failure to enforce any right or provision of this Agreement on any occasion shall not constitute a waiver of such right or provision on that or any other occasion, and no waiver by Invitrr shall be effective unless it is in writing and signed by an authorized representative of Nohmit Incorporated. You may not assign or transfer any of your rights or obligations under this Agreement, by operation of law or otherwise, without Invitrr's prior written consent, and any attempted assignment in violation of this restriction shall be void. Invitrr may assign or transfer this Agreement and all of its rights and obligations, in whole or in part, without your consent, in connection with any merger, acquisition, reorganization, change of control, or sale of all or substantially all of its assets. Subject to the foregoing, this Agreement is binding on and inures to the benefit of the parties and their respective permitted successors and assigns. Invitrr shall not be liable for any failure to perform or delay in performance of its obligations under this Agreement to the extent caused by circumstances beyond Invitrr's reasonable control, including without limitation acts of God, natural disasters, public health emergencies, government actions, labor disputes, power outages, internet outages, telecommunications infrastructure failures, denial-of-service attacks, or failures of third-party service providers. Nothing in this Agreement creates, or shall be construed to create, any partnership, joint venture, agency, franchise, employment, or independent contractor relationship between you and Invitrr. Neither party is authorized to make any commitment or representation on behalf of the other. This Agreement does not create any rights in any third party, including any emergency contacts designated by you or any community volunteers, and there are no third-party beneficiaries of this Agreement. This Agreement was drafted in the English language. For Quebec residents, a French-language version is available at invitrr.com/terms/fr, and in the event of any inconsistency between the French and English versions for Quebec residents, the French version shall prevail. The section headings in this Agreement are for convenience only and have no legal effect. For all notices to Invitrr under this Agreement, please write to [email protected] with "Legal Notice — [Subject]" in the subject line.

Nohmit Incorporated | Ottawa, Ontario, Canada | [email protected] | invitrr.com/terms

These Terms of Service were last reviewed and approved on June 1, 2026. Version: 2026-06-01.

Nohmit Incorporated d/b/a Invitrr · Effective June 1, 2026

SECTION 1 — ABOUT THIS COOKIE POLICY

This Cookie Policy explains how Nohmit Incorporated (doing business as Invitrr, "we," "us," or "our") uses cookies and similar technologies on the invitrr.com website and related Services. It should be read together with our Privacy Policy. By selecting "I agree" on our consent prompt, or by continuing to use the website after being presented with that prompt, you consent to the use of cookies as described below, except for cookies that require separate opt-in consent under applicable law.

SECTION 2 — WHAT COOKIES ARE

Cookies are small text files a website places on your device to store information. Similar technologies include browser local storage, pixels, and software development kits. Cookies may be "session" cookies, which expire when you close your browser, or "persistent" cookies, which remain until they expire or are deleted. They may be first-party (set by us) or third-party (set by a service we use).

SECTION 3 — HOW WE USE COOKIES AND LOCAL STORAGE

Strictly necessary. We use browser local storage to remember that you have acknowledged our age and terms consent prompt, so we do not show it on every visit. This is essential to providing the website lawfully and cannot be switched off through our interface. Functional. We may store preferences such as whether you have already joined the waitlist. Analytics. Where enabled and permitted by law, we may use privacy-respecting, aggregate, de-identified analytics to improve the website. We do not use cookies to build advertising profiles, and we do not sell information collected through cookies.

SECTION 4 — THIRD-PARTY SERVICES

Certain features rely on third parties that may set their own cookies or receive limited technical data, including our waitlist form processor and our font and content delivery providers. These parties process data under their own policies. We do not embed third-party advertising trackers on this website.

SECTION 5 — YOUR CHOICES

Most browsers let you refuse or delete cookies, and you may clear local storage at any time. Because our age and terms acknowledgement is stored locally, clearing it will cause the consent prompt to appear again. If you decline the consent prompt, you will not be permitted to use the Services. Disabling strictly necessary storage may prevent parts of the website from functioning.

SECTION 6 — CHANGES AND CONTACT

We may update this Cookie Policy from time to time; material changes will be reflected by an updated effective date. Questions may be directed to [email protected].

Nohmit Incorporated d/b/a Invitrr · Effective June 1, 2026

Nohmit Incorporated d/b/a Invitrr

Effective Date: June 1, 2026 | Version: 2026-06-01

These Community Guidelines (these "Guidelines") are published by Nohmit Incorporated ("Invitrr," "we," "us," or "our") and constitute Additional Policies that form part of the Terms of Service agreed to by every user of the Invitrr platform. Capitalized terms used but not defined in these Guidelines have the meanings given to them in the Terms of Service. These Guidelines apply to all users of the Services — whether you use Invitrr as an attendee, a host, a community volunteer, or in any other capacity — and govern all content, conduct, communications, and activities in connection with your use of the Services. By using the Services, you acknowledge that you have read, understood, and agree to comply with these Guidelines in their entirety. Invitrr reserves the right to interpret, apply, modify, and enforce these Guidelines in its sole and absolute discretion, and to update them at any time, with changes effective upon posting at invitrr.com/guidelines.

The Foundation. Invitrr exists because we believe that intentional social connection — the kind where the right person shows up to the right room at the right time — can genuinely change people's lives. Every design decision we have made has been in service of creating a platform where that kind of connection is possible. These Guidelines exist to protect the environment that makes it possible. We enforce them because we have to, and because the alternative — a platform where anyone can do anything — is not Invitrr.

Who This Is For. The Services are available exclusively to individuals who are eighteen (18) years of age or older. This is an absolute requirement, not a guideline. There are no exceptions. If you are under eighteen, you may not use Invitrr in any capacity, and any account created by someone under eighteen will be permanently terminated immediately upon discovery.

Absolute Prohibitions. Certain behaviors are so harmful that we treat them categorically: any single instance results in immediate permanent termination of your account without warning, without notice, and without right of appeal. These absolute prohibitions exist because the harms they prevent are so serious and so irreversible that we believe no amount of context, explanation, or prior positive history on the platform can or should mitigate them. The absolute prohibitions are as follows. First, any content, communication, behavior, solicitation, or activity that involves, depicts, exploits, sexualizes, threatens, or puts at risk any person under the age of eighteen (18) — including any image, text, video, or other content that constitutes or could constitute child sexual abuse material under applicable law — is grounds for immediate permanent termination and referral to law enforcement. Second, any content that constitutes, depicts, promotes, glorifies, solicits, or facilitates sexual violence, rape, or any non-consensual sexual act, including the sharing, threatened sharing, or solicitation of intimate images without the consent of the person depicted, is grounds for immediate permanent termination. Third, any credible threat of violence — whether expressed as a direct threat against a specific individual or as a general expression of intent to commit violence — and any content that incites, promotes, celebrates, or glorifies acts of violence, terrorism, or mass harm is grounds for immediate permanent termination and referral to law enforcement. Fourth, any content that constitutes, facilitates, promotes, or glorifies human trafficking, sexual exploitation, forced labor, forced marriage, debt bondage, or any other form of modern slavery is grounds for immediate permanent termination and referral to law enforcement. Fifth, any content that promotes, glorifies, recruits for, finances, or facilitates any terrorist organization, extremist organization, or mass violent movement designated as such by the Government of Canada or any allied government, or any organization that promotes genocide, ethnic cleansing, or systematic violence against any group, is grounds for immediate permanent termination and referral to law enforcement. We maintain ongoing communication with appropriate law enforcement and regulatory authorities regarding any content that meets these thresholds, and we cooperate fully with investigations.

Your Profile. Your Invitrr profile must represent you honestly and accurately. The name on your profile must be your real first name — the name by which you are actually known in your social life. Profile photographs must show your actual face in at least one image and must be photographs of you and no one else. Photographs that do not show your face, that depict animals or objects rather than you, that are generated by artificial intelligence systems or are heavily manipulated to misrepresent your appearance, or that depict another real or fictional person, violate our profile authenticity requirements. Photographs that contain nudity, sexually explicit content, hate symbols, or depictions of illegal activity also violate these Guidelines. We prohibit any profile content — including your biography, vibe descriptor, and interest tags — that contains hate speech as defined below, external contact information or social media handles (which belong in your conversations, not your public profile), commercial advertising, promotional language for any product or service, links to external websites, content that is illegal in your jurisdiction, or content that is false or designed to deceive other users about who you are. You may not create a profile that impersonates any other person, including another Invitrr user, a celebrity, a public figure, an Invitrr employee or representative, or any fictional character in a manner designed to deceive.

Events. Every event created on Invitrr must be a real, legitimate social gathering that you intend to host in the manner described in your event listing. Events may not be created for commercial purposes without Invitrr's express written authorization — the platform is for genuine social connection, not for product launches, business networking events designed primarily to generate sales leads, or promoted brand activations. Events must comply with all applicable laws and regulations in the jurisdiction where they take place, including applicable liquor licensing laws, health and safety regulations, noise bylaws, fire code requirements, and any other regulatory requirements that apply to the type of gathering you are hosting. You may not create an event that describes activities materially different from the event you actually intend to hold — the description, vibe, venue, and timing of your event must be accurate. Events whose primary purpose is facilitating drug use, facilitating sexual activity, conducting unlawful gambling, or engaging in any other illegal activity are prohibited. Events designed to harvest personal information from guests or to expose guests to commercial solicitation without their knowledge and consent are prohibited. Hosts are responsible for ensuring that their events are held in venues appropriate for the guest capacity listed, and for ensuring that the physical environment of the event is reasonably safe.

Messaging and Communication. All communications through the Invitrr messaging system — including event request notes, chat messages, and any other in-app communication — must be respectful, honest, and consistent with the purpose of Invitrr as a social connection platform. Hate speech — meaning content that dehumanizes, demeans, threatens, or incites discrimination against any individual or group based on race, colour, national or ethnic origin, religion, sex, gender identity or expression, sexual orientation, disability, age, or any other characteristic protected by applicable human rights law — is prohibited in all contexts. Explicit sexual content sent without the explicit prior request of the recipient is prohibited and will result in immediate account termination on the first instance. Harassment — including sending repeated unwanted messages after a user has declined to respond, creating a pattern of intimidating or threatening communications, or continuing to contact a user who has blocked you through any means — is prohibited. Doxxing — the sharing, publishing, or threatening to share the personal information of any user without their consent, including their name, address, workplace, telephone number, or any other identifying information — is prohibited. Spam — including unsolicited commercial communications, chain letters, pyramid scheme promotions, or any repetitive and unwanted message campaigns — is prohibited. Impersonation in communications — presenting yourself as someone other than who you are in conversations with other users — is prohibited.

Authenticity and Platform Integrity. The integrity of the Invitrr platform depends on users engaging authentically. You may not use automated tools or scripts to interact with the platform, create profiles, send messages, or perform any other action on the Services. You may not take actions designed to game, manipulate, or circumvent any of Invitrr's matching, recommendation, trust, or safety systems. You may not coordinate with other users to submit inauthentic ratings, generate fake engagement, or manipulate event discovery in any way. You may not attempt to probe, test, or exploit any vulnerability in the Services. You may not engage in any activity designed to degrade the performance of the Services or to interfere with other users' access to the Services.

Respect and Non-Discrimination. Invitrr is a platform for everyone who meets our age requirement. While hosts have the discretion to curate their guest lists and may accept or decline any request for any legitimate social reason, hosts may not decline requests on the basis of race, colour, national or ethnic origin, religion, sex, gender identity or expression, sexual orientation, disability, age, or any other ground protected under the Canadian Human Rights Act, the Ontario Human Rights Code, or any other applicable human rights legislation. Similarly, users may not harass, demean, or discriminate against other users on the basis of any of these characteristics in their communications or conduct on the platform.

Reporting. If you encounter content, an event, or a user that you believe violates these Guidelines, please report it using the in-app reporting feature immediately. Reports are reviewed by our Trust and Safety team. We ask that you report only in good faith — submitting false or malicious reports to harm other users is itself a violation of these Guidelines and may result in enforcement action against your account. Invitrr will maintain the confidentiality of the identity of users who submit reports to the extent permitted by law, and we will not disclose your identity to the user you reported in the ordinary course of the review process.

Enforcement. Invitrr's Trust and Safety team reviews reported content, flagged content identified by our automated moderation systems, and accounts that generate a pattern of complaints or moderation flags. Enforcement actions available to our team include issuing a formal warning (which is recorded in your account's moderation history and is considered in all future enforcement decisions), removing or hiding specific content from the platform, restricting specific features of your account, temporarily suspending your account for a defined period, and permanently terminating your account. The enforcement action applied in any given case is determined in Invitrr's sole and absolute discretion based on the nature and severity of the violation, the number and pattern of prior violations, and any other factors our team deems relevant. We reserve the right to skip any intermediate enforcement step and proceed directly to permanent account termination for violations that we determine to be serious, intentional, repeated, or harmful to the safety of the community. Our determinations are final and, except where required by applicable law, are not subject to appeal or review by any external body. Where applicable law requires us to provide a mechanism for appeal, we offer the appeals process described in the Terms of Service.

Changes. Invitrr may update these Guidelines at any time. Changes will be posted at invitrr.com/guidelines. Your continued use of the Services after any change constitutes your acceptance.

Nohmit Incorporated | Ottawa, Ontario, Canada | [email protected] | invitrr.com/guidelines

These Community Guidelines were last reviewed and approved on June 1, 2026. Version: 2026-06-01.

Nohmit Incorporated d/b/a Invitrr · Effective June 1, 2026

Nohmit Incorporated d/b/a Invitrr

Effective Date: June 1, 2026 | Version: 2026-06-01

This Host Policy (this "Policy") is published by Nohmit Incorporated ("Invitrr," "we," "us," or "our") and constitutes an Additional Policy forming part of the Terms of Service agreed to by every user who creates or manages an event through the Services. Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms of Service. By creating any event on Invitrr — including by accessing the event creation interface, completing any portion of the event creation process, or submitting an event for any purpose — you acknowledge that you have read, understood, and agree to comply with this Policy in its entirety. Invitrr reserves the right to modify, update, and enforce this Policy in its sole and absolute discretion, and to update it at any time, with changes effective upon posting at invitrr.com/host-policy.

Nature of the Hosting Relationship. Before we describe what we require of hosts and what we offer in support, we must be completely clear about what Invitrr is and is not in relation to your events. Invitrr is a technology platform. We provide the software tools and infrastructure that allow you to create a private event listing, manage guest requests, communicate with guests, and access certain safety tools. We do not participate in, co-organize, co-host, supervise, attend, control, endorse, or assume responsibility for any event you create. We are not a party to your event. We are not a partner in the organization of your event. We are not your employer, and you are not our employee, agent, independent contractor, or representative in any legally recognized sense. The relationship between you and Invitrr is strictly that of an independent service user and a technology platform provider. No provision of this Policy or the Terms of Service creates or should be construed to create any agency, employment, franchise, partnership, or joint venture relationship between you and Invitrr. You alone are responsible for every aspect of every event you create through the Services.

Eligibility to Host. To create events on the Services, you must satisfy all of the following requirements at the time of each event creation and throughout the event's lifecycle on the platform. You must be at least eighteen (18) years of age, with no exceptions. You must maintain a complete Invitrr profile that includes at least one profile photograph that clearly and accurately depicts your face, an accurate first name, and such other profile information as Invitrr may require from time to time. You must not be subject to a current suspension from hosting or from the Services generally. You must not have been permanently banned from the Services. You represent and warrant, which representation and warranty is a continuing obligation throughout the period in which you use the Services as a host, that you have not been convicted of, and do not currently have charges pending against you for, any offense involving violence, sexual assault, exploitation of a vulnerable person, fraud, or any offense that in Invitrr's determination would be relevant to the safety of potential guests. Invitrr does not conduct background checks and makes no representation that the absence of a reported conviction constitutes a verification of your suitability to host; the foregoing is a self-certification that you are responsible for making honestly, and a false certification constitutes a material breach of this Policy and the Terms of Service.

Identity Verification. Invitrr offers an optional but strongly encouraged identity verification process through which you may submit a selfie photograph and complete a liveness challenge for review by our Trust and Safety personnel. Verified hosts receive a verification badge displayed on their public profile. You should be aware of several important limitations of this verification. Identity verification is a trust signal — a way of indicating to prospective guests that a human being has compared your submitted selfie to your profile photograph and confirmed a reasonable degree of consistency. It is not a background check. It is not a criminal record check. It is not a review of your character, history, professional qualifications, mental health, or social suitability. It is not a guarantee of anything. Invitrr's verification process involves our Trust and Safety team making a good-faith determination that the photograph appears authentic and consistent, nothing more. Invitrr expressly disclaims any representation that verified hosts are safe, trustworthy, law-abiding, or appropriate event organizers, and we expressly disclaim any liability to guests who suffer harm at the hands of a host who has undergone verification. Invitrr may approve or reject any verification submission in its sole discretion, may revoke a verification badge at any time without notice, and is not required to provide reasons for any decision in the verification process.

Creating Your Event Listing. Every event listing you create must be accurate, honest, and complete. The title and description of your event must reflect what you actually intend to host — not an idealized or fictional version of it. The venue display name you provide must be a genuine identifier for the venue, and the neighbourhood and city information must reflect the actual location of the event. The start and end times must reflect your genuine plan. The capacity you list must reflect the actual guest capacity of your venue — not a capacity that sounds appealing but exceeds what the venue can safely accommodate. Event photographs must be photographs of the actual venue or of events of the type you are hosting; stock photography that misrepresents the nature or quality of your event is prohibited. The vibe tags, category, and dress code information you provide must be chosen honestly to help prospective guests understand what kind of event they would be attending. Invitrr does not verify the accuracy of event listings before they are published, but we investigate complaints of inaccurate listings and take enforcement action when we confirm that a host has provided materially false or misleading event information. Repeated creation of inaccurate or misleading event listings is a serious violation of this Policy and may result in permanent loss of hosting privileges.

Venue and Legal Compliance. You are solely responsible for selecting a venue that is appropriate, safe, and legally suitable for your event. You are responsible for ensuring that you have the right to use the venue, whether by ownership, lease, license, or permission of the venue owner or operator. If your venue requires a permit, license, or other authorization for the type of gathering you are hosting — including but not limited to a special occasion permit for events serving alcohol, a noise permit, or an occupancy license — obtaining that authorization is your responsibility, not Invitrr's. You are responsible for ensuring that your event complies with all applicable federal, provincial, municipal, and local laws and regulations, including but not limited to fire safety regulations regarding maximum occupancy, noise bylaws, liquor licensing laws, health and safety regulations, and any COVID-19 or public health requirements that may be in effect at the time of your event. Invitrr is not responsible for any regulatory violation arising from your event and will cooperate with any regulatory investigation.

Guest Selection and Non-Discrimination. As a host, you have the sole discretion to review and accept or decline any request submitted to your event. You may base your guest selection decisions on any legitimate social consideration, including the fit between the prospective guest's profile and the vibe of your event, capacity constraints, or any other genuine compatibility consideration. However, as stated in our Community Guidelines, you may not decline any request on the basis of race, colour, national or ethnic origin, religion, sex, gender identity or expression, sexual orientation, disability, age, ancestry, marital status, family status, citizenship, or any other characteristic protected under the Canadian Human Rights Act, the Ontario Human Rights Code, or any other applicable human rights or anti-discrimination legislation. Engaging in discriminatory guest selection is a violation of applicable law and this Policy and will result in enforcement action up to and including permanent termination of your account. Invitrr does not monitor or review individual guest selection decisions and does not have the ability to require hosts to accept any specific request, but we take complaints of discriminatory conduct seriously and investigate all such complaints. You also may not retaliate against any user who submits a complaint about your conduct, declines your event invitation, or exercises any right under applicable law.

Host Conduct at Events. You are expected to be present at and actively host every event you create. Creating an event and then failing to appear at the event you advertised is a serious violation of the trust of your guests and of this Policy. As a host, you are responsible for the experience you create, and that means being physically present and genuinely engaged in fostering the kind of social environment you described in your listing. You must treat all guests with dignity and respect. You must not engage in any threatening, harassing, abusive, discriminatory, or otherwise harmful conduct toward any guest. You must not pressure any guest to consume alcohol or any other substance. You must not make any guest feel unsafe in any way. If you become aware that a guest at your event is making other guests uncomfortable or unsafe, you have the authority — and, where there is a genuine safety concern, the responsibility — to address the situation, which may include asking the guest to leave. If any situation at your event rises to the level where emergency services should be called, you must call them. The Bailout feature and Invitrr's Trust and Safety team are not substitutes for emergency services.

Ratings and the Host Quality Signal. Following every event, confirmed guests have the opportunity to rate their experience across multiple dimensions including overall experience, host behavior, event atmosphere, and safety and comfort. These ratings are aggregated and displayed on your public profile and contribute to your InvitrScore. You acknowledge that the ratings submitted by guests reflect their genuine experience and that you have no right to demand, suppress, or contest any rating submitted in good faith. You may not incentivize guests to submit positive ratings or coordinate with anyone to submit inauthentic ratings; doing so is a violation of this Policy and our Community Guidelines. Invitrr treats safety and comfort ratings as safety signals, meaning that a pattern of low safety ratings associated with your events will trigger a Trust and Safety review of your hosting activity, which may result in temporary or permanent suspension of your hosting privileges regardless of whether a specific complaint or report has been filed. We may also take into account your response rate — the proportion of pending requests you respond to within a reasonable timeframe — in assessing your standing as a host and in the visibility of your events in our feed.

Invitrr's Rights Regarding Events. Invitrr reserves the right at any time and in its sole and absolute discretion, without notice to you and without liability, to: remove any event listing from the Services for any reason, including but not limited to a suspected violation of this Policy, the Community Guidelines, or any applicable law; pause or restrict the visibility of any event listing pending a Trust and Safety investigation; modify the category, tags, or other metadata associated with an event listing to ensure appropriate classification; and cancel or terminate any event at any time. You should not rely on the continued availability of any event listing and should maintain alternative communication channels with guests in the event that an event is removed from the platform.

Consequences of Policy Violations. Violations of this Policy are addressed through the enforcement mechanisms described in the Community Guidelines and the Terms of Service, which may include warnings, temporary or permanent suspension of hosting privileges, and permanent account termination. Invitrr will apply these consequences in its sole and absolute discretion and without obligation to follow any specific graduated process, except as required by applicable law.

Nohmit Incorporated | Ottawa, Ontario, Canada | [email protected] | invitrr.com/host-policy

This Host Policy was last reviewed and approved on June 1, 2026. Version: 2026-06-01.

Nohmit Incorporated d/b/a Invitrr · Effective June 1, 2026

Nohmit Incorporated d/b/a Invitrr

Effective Date: June 1, 2026 | Version: 2026-06-01

This Bailout and Safety Policy (this "Policy") is published by Nohmit Incorporated ("Invitrr," "we," "us," or "our") and constitutes an Additional Policy forming part of the Terms of Service agreed to by every user of the Invitrr platform. Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms of Service. By activating the Bailout feature or otherwise using any safety-related feature of the Services, you acknowledge that you have read, understood, and agree to this Policy in its entirety. This Policy should be read carefully and in its entirety before you add emergency contacts to your account or activate any Bailout session.

Critical Safety Notice — Read This First. No feature of the Invitrr platform is a substitute for calling your local emergency services number. If you are in a situation that involves an immediate or imminent threat to your life, the life of another person, or any person's physical safety, you must call your local emergency services number — 9-1-1 in Canada and the United States, 9-9-9 in the United Kingdom, 1-1-2 in the European Union and many other jurisdictions — immediately and without delay. Invitrr is a technology platform. We do not dispatch police officers, paramedics, firefighters, or any other emergency responders. We do not operate a crisis line, a mental health hotline, or any other emergency service. The Bailout feature is a supplemental personal safety tool designed to help you in uncomfortable or unsafe social situations by connecting you with people who care about you and, potentially, a nearby willing volunteer. It is not designed to be, and should not be used as, a primary or sole safety mechanism in any situation involving genuine risk to life or physical safety.

What the Bailout Feature Is. The Bailout feature is an in-application personal safety tool that you can activate by navigating to the Bailout screen within the Invitrr application and selecting a request type that best describes your situation. The available request types are as follows: Urgent Exit, meaning you need to leave your current location immediately; Feeling Unsafe, meaning you feel threatened, uncomfortable, or in a potentially dangerous situation; Social Escape, meaning you want to leave a social situation gracefully and are looking for a plausible reason to do so; Social Cover, meaning you want a friend to appear to call or contact you with a reason to leave; and Check-In, meaning you want someone to know where you are and to receive confirmation that you are okay. Upon activation, the system performs several actions automatically. It transmits an SMS alert to all emergency contacts you have configured in your account settings, containing your first name, the time of activation, and a unique single-use URL linking to a safety tracking page where your contacts can view your real-time location and session status. It initiates a search for a nearby community volunteer who has opted into the volunteer program, is currently available, and has indicated willingness to assist with the type of request you have selected. It begins transmitting your GPS location from your device to our servers, where it is made available on the safety tracking page and, if a volunteer is matched, to the matched volunteer. It initiates an escalation schedule under which additional SMS alerts are sent to your emergency contacts at defined intervals if the session is not resolved.

Data Collected During a Bailout Session. By activating a Bailout session, you provide explicit consent for Invitrr to collect and process the following data in connection with that session: your GPS coordinates transmitted from your device at approximately sixty-second intervals, together with the associated accuracy, heading, speed, and battery percentage metadata described in our Privacy Policy; any optional contextual description you choose to provide at the time of activation; the type of request you select; and the communications and status updates generated in connection with the session, as further described in the Privacy Policy. Your explicit consent to real-time location sharing is required to activate the feature and is obtained through the in-app activation flow. You may withdraw your consent and end location sharing at any time by resolving or cancelling the session through the in-app interface. Location data collected during Bailout sessions is retained for ninety (90) days following session resolution and is then permanently deleted, as described in the Privacy Policy.

Emergency Contacts — Your Obligations and Their Rights. You are solely responsible for selecting and maintaining accurate emergency contacts in your account. Your emergency contacts are people — real human beings who care about you — and you owe it to them to: tell them in advance that you use Invitrr and that they may receive safety alerts from Invitrr on your behalf; explain to them what a Bailout SMS means and what they should do when they receive one; and keep their contact information current. Invitrr will never send marketing, promotional, or non-safety communications to your emergency contacts under any circumstances. Emergency contacts receive an SMS message when you activate a session, which message contains your first name, activation timestamp, and a link to the safety tracking page. Contacts may view your real-time location on the safety tracking page for up to four (4) hours following activation, after which the safety URL expires. Contacts may click "I've spoken with them — they're safe" on the safety tracking page or reply "SAFE" to the SMS to acknowledge the alert. These actions are recorded and may affect the escalation sequence. By adding any person as your emergency contact, you represent and warrant that you have that person's knowledge and acceptance of the possibility of receiving such alerts on your behalf, and that you are authorized to provide their telephone number to us for this purpose.

Community Volunteers — Important Disclaimers. The Invitrr community volunteer program consists entirely of ordinary Invitrr users who have voluntarily opted in to assist other users who activate Bailout sessions. Volunteers are not employees of Invitrr. They are not agents of Invitrr. They are not contractors, representatives, or affiliates of Invitrr in any legally cognizable sense. Invitrr does not train volunteers in first aid, crisis intervention, self-defense, or any other relevant skill. Invitrr does not conduct background checks on volunteers. Invitrr does not supervise, direct, or monitor volunteer behavior. Invitrr does not guarantee that any volunteer is qualified, competent, reliable, or safe to interact with. Invitrr makes no representation whatsoever regarding the character, history, motivations, or suitability of any community volunteer. When you interact with a community volunteer in connection with a Bailout session, you do so at your own risk, and Invitrr expressly disclaims all liability for any act, omission, conduct, or negligence of any volunteer. Volunteers are bound by the Terms of Service and Community Guidelines and are required to treat users with care, dignity, and respect, but Invitrr's ability to monitor and enforce this obligation is limited, and you should exercise your own judgment about whether to engage with a matched volunteer in any given session.

How Sessions Are Resolved. A Bailout session is resolved through one of the following mechanisms: PIN resolution, in which you enter a four-digit PIN into the in-application interface. This PIN is generated on your device at the time of session activation and stored exclusively in your iOS Keychain — it is never transmitted to Invitrr's servers, never stored in any Invitrr database, and cannot be recovered by Invitrr under any circumstances. PIN verification occurs locally on your device. When the correct PIN is entered, the application signals to the server that the session has been resolved, and the system automatically sends "Your contact is safe" confirmation SMS messages to all emergency contacts. Cancellation, in which you select the "Cancel" option within the application, which sends a "false alarm" notification to your emergency contacts. Expiry, in which the session automatically expires after four (4) hours if not resolved or cancelled, and the safety URL transmitted to your emergency contacts is invalidated. All session resolutions are logged in your Bailout history, which is accessible to you through the Bailout history feature.

Escalation. If a session is not resolved, cancelled, or otherwise closed, our system sends escalating SMS alerts to your emergency contacts at intervals of fifteen (15) minutes, one (1) hour, two (2) hours, and four (4) hours following activation. These escalation alerts use progressively urgent language and, at higher escalation levels, include instructions to your emergency contacts to consider contacting local emergency services if they cannot reach you. Invitrr does not automatically contact emergency services on your behalf at any escalation level. Our system does not have the ability to dispatch any emergency responder. The decision to call emergency services remains exclusively with you, your emergency contacts, or any volunteer.

Misuse of the Bailout Feature. The Bailout feature exists for genuine personal safety situations. Using it in bad faith — repeatedly, for entertainment or testing purposes, or to deceive your emergency contacts — imposes real costs on the people who care about you and burdens the volunteer community. It is also a violation of this Policy and our Community Guidelines. Users who misuse the Bailout feature may have access to the feature suspended, may receive a formal warning, and may in cases of repeated or egregious misuse have their accounts permanently terminated. We understand that certain request types — including Social Escape and Social Cover — are designed for situations that are not dangerous but where a graceful exit is desired. Using these features for their intended purpose is entirely appropriate and is not misuse. Misuse refers specifically to bad-faith activation with no genuine purpose, repeated activation designed to test the system, or activation intended to harass or alarm emergency contacts.

Technical Limitations and Disclaimers; Limitation of Liability. The Bailout feature is provided as-is and is subject to all of the technical limitations inherent in a software application that depends on internet connectivity, GPS signal availability, mobile device hardware performance, and the reliable operation of third-party SMS delivery infrastructure. Invitrr does not guarantee that the Bailout feature will be available in all geographic locations, at all times, or under all network and device conditions. GPS accuracy depends on environmental factors and device capabilities and may be insufficient to reliably determine your precise location in all circumstances, particularly indoors, underground, in dense urban environments, or in areas with poor signal. SMS delivery through our Twilio integration depends on the recipient's mobile carrier, network coverage, device status, and other factors entirely outside Invitrr's control, and delivery cannot be guaranteed. Volunteer availability is not guaranteed under any circumstance. To the maximum extent permitted by applicable law, Invitrr and its officers, directors, employees, agents, successors, and assigns shall not be liable for any harm, loss, injury, death, or damage of any kind arising from your use of or reliance on the Bailout feature, including without limitation any failure of the system to deliver alerts, any unavailability of volunteers, any inaccuracy in location data, any act or omission of any volunteer, or any failure of the feature to function as described. This limitation of liability applies in addition to and without limitation on the general limitation of liability set out in Section 13 of the Terms of Service. Nothing in this limitation of liability is intended to exclude liability for Invitrr's own fraud, willful misconduct, or gross negligence, or to exclude any liability that cannot be excluded under applicable law.

Changes. Invitrr may update this Policy at any time. Changes will be posted at invitrr.com/safety-policy. Your continued use of the Bailout feature after any update constitutes your acceptance of the updated Policy.

Nohmit Incorporated | Ottawa, Ontario, Canada | [email protected] | invitrr.com/safety-policy

This Bailout and Safety Policy was last reviewed and approved on June 1, 2026. Version: 2026-06-01.