This Data Processing Agreement (“DPA”) is by and between Service Titan (“Company”) and the eligible partner enterprise that has been accepted into the ServiceTitan Partner Program by ServiceTitan (“Partner”), each a “Party” and collectively the “Parties”. This DPA is incorporated into, forms part of, and (to the extent of any conflict) takes precedence over any other agreement between the Parties (collectively, the “Agreement”). Company and Partner agree as follows:

1. Definitions. For purposes of this DPA:

a. "Applicable Law” means all applicable laws, including laws governing privacy and data security.

b. "Business" and "Third Party" are defined as under the CCPA.

c. "Controller"is defined as under applicable Data Protection Laws using that term.

d. "Data Protection Laws" means all applicable laws, regulations, and other legal or self-regulatory requirements in any jurisdiction relating to privacy, data protection, data security, breach notification, or the Processing of Personal Data, including without limitation, solely to the extent applicable, the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (as amended and together with its regulations, the “CCPA”); the Canadian Personal data Protection and Electronic Documents Act. For the avoidance of doubt, if a Party’s activities involving Personal Data are not within the scope of a given Data Protection Law, such law is not applicable for purposes of this DPA.

e. “Data Subject” means an identified or identifiable natural person to whom Personal Data relates and includes “consumer” as defined under Data Protection Laws.

f. “Personal Data” includes “personal data,” “personal information,” and similar terms, as defined by Data Protection Laws, that Partner Processes in connection with the Services.

g. “Process”, “Processing”, and their cognates mean any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, creating, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

h. “Security Breach” means any accidental or unlawful acquisition, destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

i. “Services” means the products or services that each Party may provide to the other Party, as applicable, under the Agreement.

2. Roles of the Parties

a. This DPA applies to Personal Data Processed by the Parties in connection with the Agreement.

b. The Parties are independent Controllers of Personal Data. For purposes of the CCPA, Company and Partner are each an independent Business. Each Party will comply with the requirements of Data Protection Laws applicable to it as a Controller or Business (as applicable), and each Party is solely responsible for such compliance.

3. Parties Obligations

Each Party shall:

a. promptly forward to the other any inquiry or request from or on behalf of a Data Subject, or direct the Data Subject to contact the other party directly, relating to any copy of Personal Data that such other party may have.

b. respond to requests from or on behalf of Data Subjects with respect to their Personal Data as required by Data Protection Laws, and will notify the other party of any valid opt-out and deletion requests as required by Data Protection Laws.

c. take appropriate technical and organizational measures designed to protect Personal Data against a Security Breach and will lawfully respond to and address potential and confirmed Security Breaches.

d. Process Personal Data for the purposes set forth in the Agreement and as specified in this DPA and in accordance with their respective privacy policies.

e. Provide any required disclosures, such as privacy policies, notices at collection, or opt out notices to individuals whose Personal data Partner processes

f. Not “Sell” or “Share” (as both terms are defined under Applicable Law) Personal data provided by the disclosing party pursuant to the Agreement, or otherwise retain, use, disclose, or process such Personal data, for any purpose other than for the specific purposes set forth herein, unless the receiving party has received appropriate consent under Applicable Law from the individual about whom the Personal data relates.

g. Provide the same level of privacy protection to Personal Data as required under Data Protection Laws, and in no event less than a reasonable standard of care.

4. Additional Partner Obligations

a. Partner represents and warrants that it has all legally required rights, consents, and authority to provide Company with Personal Data for Company’s use as contemplated under the Agreement.

b. Partner represents and warrants that (i) Personal Data has been collected in compliance with Data Protection Laws, (ii) Partner will provide Personal Data to Company in compliance with Data Protection Laws, and (iii) without limiting (i) or (ii) it has provided legally sufficient notices and obtained any legally required consent for the Processing of Personal Data as contemplated under the Agreement, including for Company to process such Personal Data as contemplated thereunder.

c. Partner will hold harmless, defend, and indemnify Company and its affiliates, and each of their officers, directors, employees, and agents from and against all third-party claims, demands, suits, causes of action, awards, judgments, and liabilities, including reasonable attorneys’ fees and costs, alleging acts or omissions that would constitute a breach of any of the representations and warranties contained in this DPA.

5. Data Transfers. The Parties acknowledge that each Party’s provision of the Services to the other Party may involve cross-border transfers of Personal Data. The Parties may only engage in cross-border Processing of Personal Data or onward cross-border transfers of Personal Data if they have put in place appropriate safeguards to protect such Personal Data in accordance with applicable Data Protection Laws.

6. Survival. The provisions of this DPA survive the termination or expiration of the Agreement for so long as Partner Processes Personal Data.

Last Updated May 2025