Epistemic Vault (ORG Edition) – Enterprise License Addendum

Effective date: [2025-12-20] Applies to: Epistemic Vault (ORG Edition) deployments Parties: MiulusTek and the Customer identified in the applicable Order Form / agreement

This Enterprise License Addendum (“Addendum”) supplements the Epistemic Vault Terms & Conditions (or a separate master agreement). If there is a conflict, the following order of precedence applies: (1) an Order Form or signed enterprise agreement; (2) this Addendum; (3) the general Terms & Conditions.

1. Scope

The ORG Edition is a self-hosted deployment of Epistemic Vault intended for single-tenant or limited multi-project operation within the Customer’s controlled environment (on-premises, private cloud, VPC, or air-gapped).

Unless otherwise agreed in writing, MiulusTek does not host Customer data in ORG Edition deployments.

2. License Grant

Subject to payment of applicable fees and compliance with this Addendum, MiulusTek grants Customer a limited, non-exclusive, non-transferable license to install and use the ORG Edition software for Customer’s internal business purposes, during the subscription term (or perpetual term if explicitly purchased).

3. Deployment & Operational Responsibility

Customer is responsible for:

• Infrastructure, networking, and perimeter security
• Storage systems (S3/MinIO/NAS), retention policies, and backups
• Databases and message bus operation (e.g., Postgres, Redis/Kafka)
• Access control, identity provider integration, and credential hygiene
• Monitoring, incident response, and change management within Customer environment

MiulusTek is responsible only for:

• Providing the software artifacts and documentation as agreed
• Providing support and updates only if included in the Order Form

4. Data Sovereignty & Access

1. Data location. Customer controls where Assets, proofs, receipts, and metadata are stored.
2. No default access. MiulusTek has no access to Customer data unless Customer explicitly grants access for support purposes.
3. Support access. If remote access is granted, it must be time-bound, least-privilege, and auditable where feasible.

5. Verification Guarantees (ORG = Scale Cryptographically)

ORG Edition provides the same cryptographic verification guarantees as Scale Edition, including:

• Hash recomputation and integrity checks
• Signature validation and provenance checks (where embedded)
• Merkle-chain verification (where applicable)
• Proof bundle generation and receipt issuance

Differences between ORG and Scale are primarily operational (hosting model, tenancy assumptions, default auth posture), not cryptographic.

6. Federation (Optional)

Federation features (including VaultLink and any CIIL integration) are optional in ORG Edition unless explicitly enabled by Customer.

• Receiving Vaults must independently verify received Assets; federation does not delegate trust.
• Customer is responsible for policies governing cross-Vault sharing and any required legal or contractual approvals.

7. Restrictions

Customer will not:

• Reverse engineer, decompile, or disassemble the ORG Edition software except to the extent permitted by law.
• Remove or obscure proprietary notices.
• Use the ORG Edition to offer a competing hosted service to third parties unless explicitly licensed.
• Attempt to forge, counterfeit, or launder cryptographic provenance through the system.

8. Updates & Maintenance

Unless otherwise agreed:

• Updates may be delivered as signed container images or signed bundles.
• Customer is responsible for applying updates and maintaining compatible infrastructure.
• For air-gapped deployments, Customer is responsible for secure transfer procedures and verification of signed update artifacts.

9. Support (If Purchased)

If support is purchased, the Order Form should specify:

• Support channels and hours
• Response targets (if any)
• Upgrade assistance
• Security patch handling
• Any on-site or remote professional services

10. Compliance, Evidentiary Use, and Chain-of-Custody

Customer acknowledges:

• Epistemic Vault provides cryptographic verification and provenance artifacts, not legal or evidentiary certification.
• Customer remains responsible for operational chain-of-custody procedures, access controls, and compliance requirements.

11. Term & Termination

The license term is as stated in the Order Form. Upon termination or expiration:

• Customer must cease use of the ORG Edition software (except archival verification tools if explicitly licensed).
• Customer retains all Assets and proofs stored in their environment.

12. Contact

MiulusTek Enterprise Legal / Licensing [legal@miulustek.com]