6. Your Compliance with Applicable Privacy and Data Protection Laws

You must comply with all laws and regulations applicable to your use of the data accessed through the Token Metrics APIs, including without limitation laws related to securities regulation, privacy, biometric data, data protection, and confidentiality of communications. Your use of the Token Metrics APIs is conditioned upon implementing and maintaining appropriate protections and measures for your service and Application, including your responsibility for the data obtained through the Token Metrics APIs. For the data you received through the Token Metrics APIs, you must:

a) Obtain all necessary consents before processing data and obtain additional clearance if the processing changes (" Data Access Consents");

b) In the event you're storing data locally, ensure that data is kept up to date and implement corrections, restrictions to data, or the deletion of data as reflected in the data obtained through your use of the Token Metrics APIs;

c) Implement proper retention and deletion policies, including deleting all data when your user abandons your Application, uninstalls your Application, closes its account with you, or leaves the account;

d) Maintain and comply with a written statement available to Customers and users that describes your privacy practices regarding the data and information you collect and use (" Your Privacy Statement"), and that statement must be as protective as the Token Metrics Privacy Statement (found at https://tokenmetrics.com/privacy-policy); and

e) When your Application allows end users to sign in with a Token Metrics account and Token Metrics is not providing the user interface for the sign-in, your Privacy Statement must give a link to https://tokenmetrics.com or such other location(s) as we may specify from time to time, with a clear indication that Customers and end users can go to the Token Metrics site(s) to revoke Data Access Consents at any time.

Suppose Customers or end users must take additional steps to disable your Application's access to Customer or end-user data. In that case, Your Privacy Statement must indicate to Customers and end users the other steps required to disable access.

Nothing in the Agreement shall be construed as creating a joint controller or processor-subprocessor relationship between you and Token Metrics.