Confidentiality and Non-Disclosure Agreement

This Confidentiality and Non-Disclosure Agreement ("Agreement" or "NDA") is entered into as of the date a user creates an account on the Record Label Registry ("Effective Date") and governs the treatment of confidential and proprietary information exchanged between the parties identified below.

This Agreement is intended to protect both parties in the exchange of sensitive business information through the Record Label Registry platform. Both parties acknowledge that, in the course of using or operating the Service, each party may disclose or receive information that is proprietary, commercially sensitive, or otherwise confidential in nature.

1. Parties

This Agreement is between the following parties:

THRY ARCHIVE LLC("Registry Operator," "we," "us," or "our"), the entity that owns and operates the Record Label Registry at recordlabelregistry.com.

The Registered User("User," "you," or "your"), any individual or entity that creates an account on the Record Label Registry and submits information through the platform.

This Agreement constitutes a mutual non-disclosure agreement. Each party may act as both a "Disclosing Party" (when sharing Confidential Information) and a "Receiving Party" (when receiving Confidential Information from the other party). The obligations set forth herein apply equally to both parties in their respective capacities.

For the purposes of this Agreement, the Registry Operator acts as the Receiving Party with respect to User business data submitted through the platform, and the User acts as the Receiving Party with respect to proprietary Registry systems, processes, and methodologies.

2. Definitions

2.1 Confidential Information

"Confidential Information" means any and all non-public information disclosed by either party to the other, whether orally, in writing, electronically, or by any other means, that relates to the business, operations, technology, or affairs of the Disclosing Party. Confidential Information includes, but is not limited to, the following categories:

• Business and Financial Data: Business plans, financial statements, projections, budgets, revenue data, pricing strategies, investment information, and funding arrangements.
• Artist and Catalog Information: Artist contracts, catalog ownership details, recording agreements, publishing arrangements, unreleased artist information, A&R strategies, artist development plans, and talent acquisition activities.
• Revenue and Licensing Data: Streaming revenue data, royalty structures and rates, distribution agreements, sync licensing terms and fees, mechanical royalty arrangements, performance royalty data, and revenue share agreements.
• Corporate and Legal Information: Corporate entity filings, tax identification numbers, employer identification numbers (EINs), articles of incorporation, operating agreements, partnership agreements, and organizational documents.
• Verification Evidence: Documents, links, records, and other materials submitted in connection with Registry verification processes, including supporting evidence of label ownership, operational status, and business legitimacy.
• Trade Secrets: Proprietary processes, algorithms, scoring methodologies, verification criteria, technical architectures, source code, software designs, and system configurations.
• Customer and Contact Information: Customer lists, user databases, contact information, vendor relationships, supplier agreements, and distribution partner details.
• Technical Information: API specifications, system architectures, database schemas, security protocols, infrastructure configurations, and development roadmaps.
• Marked Materials: Any information, documents, or materials explicitly marked as "Confidential," "Proprietary," "Trade Secret," or with similar designations.
• Reasonably Understood Information: Any information that a reasonable person in the receiving party's position would understand to be confidential based on its nature or the circumstances of its disclosure.

2.2 Registry Systems

"Registry Systems" means all software, platforms, tools, databases, APIs, algorithms, and technical infrastructure used to operate the Record Label Registry, including the verification system, scoring methodologies, search algorithms, and data processing pipelines.

2.3 Service

"Service" means the Record Label Registry platform operated at recordlabelregistry.com, including all features, functionalities, APIs, and related services provided by THRY ARCHIVE LLC.

3. Exclusions from Confidential Information

The obligations of confidentiality set forth in this Agreement do not apply to information that the Receiving Party can demonstrate:

• (a) Public Availability: Is or becomes publicly available through no act, omission, or fault of the Receiving Party. Information that is disclosed in violation of this Agreement and subsequently becomes public does not qualify for this exclusion.
• (b) Prior Knowledge: Was already known to the Receiving Party at the time of disclosure, as demonstrated by written records or other competent evidence predating the date of disclosure under this Agreement.
• (c) Independent Development: Was independently developed by the Receiving Party without reference to, reliance upon, or use of the Disclosing Party's Confidential Information. The burden of proving independent development rests with the Receiving Party.
• (d) Third-Party Disclosure: Was lawfully received from a third party who is not under any obligation of confidentiality to the Disclosing Party and who disclosed such information without restriction.
• (e) Compelled Disclosure: Is required to be disclosed by applicable law, regulation, governmental order, or court order, provided that the Receiving Party: (i) gives the Disclosing Party prompt written notice of such requirement prior to disclosure, to the extent legally permitted; (ii) cooperates with the Disclosing Party in seeking a protective order or other appropriate remedy; and (iii) discloses only the minimum amount of Confidential Information necessary to comply with such requirement.

The exclusions set forth in this Section 3 are to be construed narrowly. The Receiving Party bears the burden of establishing the applicability of any exclusion.

4. Obligations of the Registry Operator (THRY ARCHIVE LLC)

As the operator of the Record Label Registry, THRY ARCHIVE LLC acknowledges the sensitivity of the business information entrusted to it by registered users. The Registry Operator agrees to the following obligations with respect to all User Confidential Information:

4.1 Standard of Care

The Registry Operator will protect all User Confidential Information with at least the same degree of care it uses to protect its own confidential and proprietary information, which in no event shall be less than a reasonable standard of care. The Registry Operator will take all reasonable precautions to prevent unauthorized disclosure, access, use, or modification of User Confidential Information.

4.2 Access Restrictions

Access to User Confidential Information will be restricted to authorized personnel of the Registry Operator who have a legitimate need to access such information for purposes of operating, maintaining, or improving the Service. All such personnel are bound by written confidentiality obligations no less protective than those set forth in this Agreement.

4.3 Prohibition on Sale or Unauthorized Sharing

The Registry Operator will not sell, rent, lease, trade, or otherwise commercially exploit User Confidential Information. The Registry Operator will not disclose User Confidential Information to any third party except as strictly necessary for the delivery and operation of the Service, and only to third parties who are bound by written confidentiality obligations consistent with this Agreement.

4.4 Encryption and Data Protection

The Registry Operator will encrypt all sensitive data at rest using industry-standard encryption protocols (AES-256 or equivalent) and in transit using TLS 1.2 or higher. The Registry Operator will implement and maintain appropriate technical and organizational measures to ensure the security and integrity of all Confidential Information in its possession.

4.5 Audit Logging

The Registry Operator will maintain comprehensive audit logs of all access to User Confidential Information, including the identity of the accessor, the date and time of access, and the nature of the information accessed. Audit logs will be retained for a minimum of two (2) years and will be available for review upon reasonable request by the affected User.

4.6 Breach Notification

In the event of any unauthorized access to, disclosure of, or security breach involving User Confidential Information, the Registry Operator will promptly notify the affected User without unreasonable delay, and in no event later than seventy-two (72) hours after becoming aware of the incident. The notification will include: (i) a description of the nature of the breach; (ii) the categories and approximate volume of data affected; (iii) the likely consequences of the breach; and (iv) the measures taken or proposed to address the breach and mitigate its effects.

4.7 Return or Destruction

Upon termination of the User's account or upon written request by the User, the Registry Operator will return or securely destroy all Confidential Information received from the User, in accordance with the procedures set forth in Section 10 of this Agreement.

5. Obligations of the User

In the course of using the Record Label Registry, Users may gain access to or become aware of proprietary information belonging to the Registry Operator or to other registered labels. The User agrees to the following obligations:

5.1 Reverse Engineering Prohibition

The User will not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, underlying algorithms, or structural design of any Registry Systems. This prohibition extends to any attempt to reconstruct proprietary logic through systematic observation of system inputs and outputs.

5.2 Proprietary Process Confidentiality

The User will not disclose, publish, or make available to any third party the proprietary algorithms, scoring methodologies, verification criteria, or other proprietary processes used by the Registry Operator. This includes, but is not limited to, verification scoring logic, auto-verification thresholds, data validation rules, and registry ranking factors.

5.3 Credential Security

The User will not share, transfer, or disclose API keys, authentication credentials, access tokens, session identifiers, or any other security credentials issued by the Registry Operator. The User is solely responsible for maintaining the security of all credentials associated with their account. Any unauthorized use of the User's credentials must be reported to the Registry Operator immediately upon discovery.

5.4 Data Collection Restrictions

The User will not scrape, harvest, crawl, or systematically collect data from the Registry beyond the scope of authorized API access and normal platform usage. Automated data extraction, bulk downloading, or any form of systematic data collection that exceeds authorized access is strictly prohibited.

5.5 Other Labels' Data

The User will not disclose, share, reproduce, or exploit any non-public information pertaining to other registered labels that the User may encounter through the platform. This includes, without limitation, verification status details, submission data, business information, and any other data belonging to third-party labels that is not part of the public registry profile.

6. Permitted Disclosures

Notwithstanding the obligations set forth in Sections 4 and 5, either party may disclose Confidential Information under the following circumstances:

6.1 Professional Advisors

Either party may disclose Confidential Information to its professional advisors, including attorneys, accountants, auditors, and financial advisors, provided that such advisors are bound by professional or contractual obligations of confidentiality no less restrictive than those set forth in this Agreement.

6.2 Sub-Processors

The Registry Operator may disclose User Confidential Information to sub-processors identified in the Data Processing Agreement, provided that such sub-processors are bound by written confidentiality and data protection obligations consistent with this Agreement and applicable law.

6.3 Regulatory and Legal Requirements

Either party may disclose Confidential Information to regulatory authorities, law enforcement agencies, or courts as required by applicable law, regulation, subpoena, or court order. The disclosing party will comply with the notice requirements set forth in Section 3(e) of this Agreement before making any such disclosure.

6.4 Affiliates

Either party may disclose Confidential Information to its affiliates, subsidiaries, or parent entities, provided that such entities are bound by written confidentiality obligations equivalent to those set forth in this Agreement. The disclosing party remains responsible for any breach of this Agreement by its affiliates.

6.5 Aggregated and Anonymized Data

The Registry Operator may disclose aggregated, anonymized, or de-identified data derived from User information, provided that such data does not identify, and cannot reasonably be used to identify, any individual label, user, or their specific business information. Such aggregated data may be used for industry research, statistical analysis, and improvement of the Service.

7. Duration of Confidentiality

7.1 General Obligations

The confidentiality obligations set forth in this Agreement shall remain in full force and effect for a period of three (3) years following the termination or expiration of the User's service agreement or account with the Record Label Registry, regardless of the reason for termination. During this period, each party must continue to protect the other party's Confidential Information in accordance with the terms of this Agreement.

7.2 Trade Secrets

Notwithstanding Section 7.1, information that constitutes a trade secret under the Defend Trade Secrets Act (18 U.S.C. 1836 et seq.) or applicable state trade secret law shall remain protected indefinitely, or for as long as such information continues to qualify as a trade secret under applicable law. The obligations of confidentiality with respect to trade secrets survive the expiration of the general confidentiality period.

7.3 Financial and Corporate Data

Confidential Information consisting of financial data, tax identification numbers, corporate entity information, and related records shall be protected for a period of seven (7) years following termination of the service agreement, or such longer period as may be required by applicable law or regulation.

7.4 Survival

The obligations under Sections 2, 3, 7, 9, 11, and 12 of this Agreement shall survive the termination or expiration of this Agreement for the periods specified herein or, where no period is specified, indefinitely.

8. Data Security Measures

The Registry Operator maintains the following technical and organizational security measures to protect Confidential Information. These measures are reviewed and updated periodically to reflect evolving security standards and emerging threats.

8.1 Encryption

• At Rest: All sensitive data is encrypted at rest using AES-256 encryption or equivalent industry-standard cryptographic protocols.
• In Transit: All data transmitted between users and Registry Systems is encrypted using TLS 1.2 or higher, ensuring protection against interception and tampering during transmission.

8.2 Access Controls

• Role-Based Access: Access to Confidential Information is governed by role-based access controls (RBAC), ensuring that personnel can access only the information necessary for their designated responsibilities.
• Multi-Factor Authentication: Administrative access to Registry Systems requires multi-factor authentication (MFA), providing an additional layer of security beyond password-based authentication.
• Principle of Least Privilege: All system access is provisioned according to the principle of least privilege, granting the minimum level of access required to perform authorized functions.

8.3 Security Practices

• Security Audits: Regular security audits are conducted to identify and remediate vulnerabilities in Registry Systems and processes.
• Penetration Testing: Periodic penetration testing is performed by qualified security professionals to evaluate the effectiveness of security controls.
• Secure Development: Software development follows secure coding practices, including code reviews, static analysis, and dependency vulnerability scanning.

8.4 Incident Response

The Registry Operator maintains a documented incident response plan that defines procedures for detecting, containing, investigating, and remediating security incidents. The plan includes defined escalation paths, communication protocols, and post-incident review processes to prevent recurrence.

9. Breach and Remedies

9.1 Material Breach

Any unauthorized disclosure, use, or misappropriation of Confidential Information constitutes a material breach of this Agreement. The parties acknowledge that Confidential Information is valuable and unique, and that unauthorized disclosure may cause irreparable harm for which monetary damages alone would be an insufficient remedy.

9.2 Injunctive Relief

In the event of a breach or threatened breach of this Agreement, the Disclosing Party shall be entitled to seek injunctive relief, including temporary restraining orders, preliminary injunctions, and permanent injunctions, without the necessity of proving actual damages and without the requirement of posting a bond or other security. This right to injunctive relief is in addition to, and not in lieu of, any other remedies available at law or in equity.

9.3 Damages

The Disclosing Party shall be entitled to recover actual damages resulting from any breach of this Agreement, including direct damages, consequential damages to the extent foreseeable, and reasonable attorneys' fees and costs incurred in enforcing this Agreement.

9.4 Liquidated Damages

In the event of willful unauthorized disclosure of Confidential Information, the breaching party shall pay liquidated damages of ten thousand dollars ($10,000) per incident of unauthorized disclosure, or actual damages, whichever is greater. The parties agree that this liquidated damages amount is a reasonable estimate of the harm likely to result from such a breach and is not intended as a penalty. This provision does not limit the Disclosing Party's right to seek injunctive relief or other equitable remedies.

9.5 Notification and Mitigation

Upon becoming aware of any actual or suspected breach of this Agreement, the Receiving Party must:

• Immediately notify the Disclosing Party in writing of the nature and scope of the breach or suspected breach.
• Take all reasonable and necessary steps to mitigate the harm caused by the breach, including efforts to retrieve or prevent further dissemination of the disclosed information.
• Cooperate fully with the Disclosing Party in investigating the breach and implementing corrective measures.
• Provide a detailed written report of the incident, including the circumstances, scope, and remedial actions taken, within fourteen (14) days of discovery.

Failure to provide timely notification of a breach shall itself constitute a material breach of this Agreement.

10. Return of Materials

10.1 Obligation to Return or Destroy

Upon termination of the service agreement, closure of the User's account, or upon written request by the Disclosing Party, the Receiving Party shall, within thirty (30) calendar days, return to the Disclosing Party or securely destroy all Confidential Information in its possession, custody, or control. This obligation extends to all copies, reproductions, summaries, analyses, and derivative works containing or reflecting Confidential Information, in any form or medium.

10.2 Certification of Destruction

If the Receiving Party elects to destroy Confidential Information rather than return it, the Receiving Party shall certify in writing, signed by an authorized representative, that all Confidential Information has been securely destroyed in a manner that renders it unrecoverable. Such certification shall be provided to the Disclosing Party within ten (10) business days of the completion of destruction.

10.3 Archival Exception

Notwithstanding Section 10.1, the Receiving Party may retain one (1) archival copy of Confidential Information solely for the purpose of legal compliance, regulatory recordkeeping, or the administration of ongoing legal obligations. Any such archival copy remains subject to the full confidentiality obligations of this Agreement for the duration specified in Section 7.

11. No License or Transfer

Nothing in this Agreement shall be construed as granting to the Receiving Party any license, ownership interest, or intellectual property rights in or to any Confidential Information disclosed by the Disclosing Party. All Confidential Information remains the exclusive property of the Disclosing Party.

The disclosure of Confidential Information under this Agreement does not constitute a transfer, assignment, or conveyance of any patent, trademark, copyright, trade secret, or other intellectual property right, whether by implication, estoppel, or otherwise.

The Receiving Party acknowledges that the Disclosing Party retains all right, title, and interest in and to its Confidential Information and that no rights are conferred upon the Receiving Party by virtue of disclosure, except the limited right to use such information in accordance with the terms of this Agreement.

12. Governing Law and Dispute Resolution

12.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law principles.

12.2 Negotiation

In the event of any dispute, claim, or controversy arising out of or relating to this Agreement, the parties agree to first attempt to resolve the matter through good faith negotiation. Either party may initiate the negotiation process by providing written notice to the other party describing the nature of the dispute. The parties shall have thirty (30) days from the date of such notice to reach a mutually acceptable resolution.

12.3 Binding Arbitration

If the parties are unable to resolve the dispute through negotiation within the thirty (30) day period, the dispute shall be submitted to and resolved by binding arbitration administered by the American Arbitration Association ("AAA") in accordance with its Commercial Arbitration Rules then in effect. The arbitration shall be conducted by a single arbitrator selected in accordance with the AAA rules. The seat of arbitration shall be the State of Delaware. The arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.

12.4 Injunctive Relief Exception

Notwithstanding the arbitration provisions of Section 12.3, either party may seek injunctive or other equitable relief in any court of competent jurisdiction at any time, without first engaging in negotiation or arbitration, to prevent the actual or threatened breach of this Agreement or to preserve the status quo pending resolution of a dispute.

13. Severability

If any provision of this Agreement is found by a court or arbitrator of competent jurisdiction to be invalid, illegal, or unenforceable, such finding shall not affect the validity or enforceability of the remaining provisions, which shall continue in full force and effect.

In the event that a provision is deemed unenforceable, the parties agree that such provision shall be reformed and construed to the minimum extent necessary to render it valid and enforceable while preserving the original intent of the parties to the greatest extent possible. If reformation is not feasible, the unenforceable provision shall be severed, and the remaining provisions shall be interpreted as if the unenforceable provision had not been included.

14. Entire Agreement

This Confidentiality and Non-Disclosure Agreement, together with the Terms of Service and the Data Processing Agreement, constitutes the entire agreement between the parties with respect to the subject matter of confidentiality and supersedes all prior and contemporaneous agreements, understandings, negotiations, and discussions, whether oral or written, relating to confidentiality.

No amendment, modification, or waiver of any provision of this Agreement shall be effective unless made in writing and signed by authorized representatives of both parties. A waiver of any breach or default under this Agreement shall not constitute a waiver of any subsequent breach or default.

In the event of a conflict between this Agreement and any other agreement between the parties, the provisions of this Agreement shall control with respect to the treatment of Confidential Information, unless the other agreement explicitly states that it supersedes this Agreement on the specific matter in question.

15. Contact

For all inquiries, notices, or requests relating to this Confidentiality and Non-Disclosure Agreement, including requests for return or destruction of Confidential Information, breach notifications, or general questions regarding confidentiality practices, please contact us using the information below.

Related Documents

This Confidentiality Agreement should be read in conjunction with the following documents, which together govern your use of the Record Label Registry:

• Terms of Service
• Privacy Policy
• Data Processing Agreement
• Acceptable Use Policy
• Data Retention Policy