Execution Version 1 PROGRAM ADMINISTRATOR AGREEMENT This Program Administrator Agreement (hereinafter referred to as the “Agreement”), dated May 9, 2024, between Interboro Insurance Company (hereinafter referred to as the “Company”), and SageSure...

Execution Version 1 PROGRAM ADMINISTRATOR AGREEMENT This Program Administrator Agreement (hereinafter referred to as the “Agreement”), dated May 9, 2024, between Interboro Insurance Company (hereinafter referred to as the “Company”), and SageSure Insurance Managers, LLC (hereinafter referred to as the “Administrator”), (collectively, the “Parties” and individually, a “Party”), shall grant the Administrator the authority to exercise the powers stated in this Agreement and any Schedule attached hereto as applicable to the Administrator. RECITALS 1. The Company is a New York domiciled property and casualty stock insurer that is authorized to transact insurance. 2. The Administrator is a licensed producer and a program manager and has expertise, systems and personnel to provide insurance program management for policies issued by Company. 3. The Company desires to retain the Administrator, on an exclusive basis within the Territory (as hereinafter defined), to market, solicit, sell, underwrite, and generally manage the Company business, as requested by the Company. 4. The Company desires to procure certain technology and intellectual property services through the Administrator, from the Administrator’s affiliate, SageSure Capital Holdings, Inc. (“SSCH”). 5. The Company desires to avail itself of the services provided by Administrator as hereinafter set forth subject to the supervision of the Company. AGREEMENT The Company and the Administrator agree as follows: 1. Authority In carrying out the business contemplated under this Agreement, the Administrator agrees and is hereby authorized: (A) to procure and evaluate applications for insurance of the type set forth in Schedule A to this Agreement; (B) to underwrite risks and determine appropriate premiums for insurance policies of the type set forth in Schedule A in accordance with: (i) the underwriting guidelines established by the Company and provided to the Administrator in writing from time to time (hereinafter the “Underwriting Guidelines”) and (ii) applicable laws and regulations; (C) to negotiate, quote, bind, arrange for countersignature of and deliver such policies, endorsements, certificates, binders, and related financial responsibility filings, if any, pursuant to this Agreement, the Underwriting Guidelines and applicable laws and regulations;

Execution Version 2 (D) to have “Authorized Representatives” of the Company identified in Schedule B to this Agreement sign policies, endorsements, certificates, binders, and related financial responsibility filings, if any, for insurance coverage issued pursuant to this Agreement. Schedule B may be amended or supplemented from time to time by a writing signed by the Company; (E) to effect cancellation and non-renewal of policies in accordance with applicable laws, regulations and the Underwriting Guidelines; and (F) to provide, through its affiliate, SSCH, the technology services and intellectual property described on Schedule G attached hereto. In addition, and subject to the restrictions on authority contained elsewhere in this Agreement, the Administrator shall have the required incidental authority necessary to fulfill its obligations hereunder, and such additional authority that may be extended by the Company in writing. 2. Restrictions on Authority The Administrator further agrees that: (A) the Administrator shall not underwrite risks and/or determine appropriate premium for insurance policies other than as prescribed in Schedule A and the Underwriting Guidelines, unless the Administrator requests and receives prior written approval from the Company for such risks. Any approval granted by the Company is limited to the specific risks for which approval has been sought unless expressly noted otherwise by the Company; (B) the Administrator shall not waive any condition or make any change to the Company's insurance policies, endorsements or applications without the Company’s prior written consent; (C) the Administrator shall not, without the Company’s prior written consent, (i) appoint insurance agents or sub-insurance agents to bind insurance coverage or countersign policies on behalf of the Company, or (ii) make any other agreement rendering the Company liable for the payment or repayment of expenses, commissions or other sums; (D) the Administrator shall not negotiate, solicit, quote, bind, arrange for countersignature of or deliver on behalf of the Company any policies, endorsements, certificates or binders in any jurisdiction or territory except those listed in Schedule D to this Agreement; (E) the Administrator shall not affect any flat cancellations of policies issued pursuant to this Agreement, unless the flat cancellation is within the first 30 days after the effective date of the policy and is in compliance with applicable Underwriting Guidelines and law, including, but not limited to, laws and regulations applicable to the return of premium. If any flat

Execution Version 3 cancellation is processed, the Administrator shall retain in its underwriting file proof of such flat cancellation by return of the original policy or a lost policy statement executed by the insured; (F) the Administrator shall not bind coverage after the effective date of a policy without prior written approval of the Company; provided, in the event of an inadvertent failure to bind a policy on the proposed effective date (due to communications error or otherwise), then the Administrator is authorized to bind the policy with the proposed effective date without prior written approval of the Company as long as (i) such binder is processed within (3) business days following the effective date, (ii) the prospective insured has signed an application, or otherwise made a commitment to purchase a policy, on or before the proposed effective date, (iii) submission of a statement of no loss, and (iv) all other criteria set forth in the Underwriting Guidelines are satisfied; (G) the Administrator shall not commit the Company to participate in reinsurance or reinsurance syndicates; nor shall the Administrator bind reinsurance or retrocessions on behalf of the Company, except that the Administrator may bind facultative reinsurance contracts pursuant to obligatory facultative agreements if the Administrator and the Company enter into a contract containing reinsurance underwriting guidelines, including, for both reinsurance assumed and ceded, a list of reinsurers with which such automatic agreements are in effect, the coverages and amounts or percentages that may be reinsured and commission schedules. This sub-paragraph shall not preclude the Administrator from consulting with the Company regarding reinsurance for coverage issued pursuant to this Agreement. (H) the Administrator may not use or permit or authorize the use of the Company's name, logo or other identifying mark(s) in any advertising or promotional material without the Company’s prior written consent and then only in strict compliance with any restrictions or guidelines contained in such consent; and (I) the Administrator shall not charge any broker fees, policy fees, or service fees without express written authorization from the Company, other than the fees listed in Schedule C; (J) the Administrator shall not appoint a sub-MGA; (K) the Administrator shall not jointly employ an individual who is employed with the Company; and (L) the Administrator shall not permit its sub-producer to serve on the Company’s board of directors. 3. Warranties, Representations and Covenants The Administrator warrants, represents, and covenants:

Execution Version 4 (A) that: (i) the Administrator and the “Authorized Representatives” identified in Schedule B of this Agreement have all authorizations necessary to conduct the business described in this Agreement, and (ii) the Administrator and the “Authorized Representatives” will maintain during each Term of this Agreement and for the period of time during which it has continuing obligations under this Agreement all authorizations necessary to conduct the business described in this Agreement. To the extent Authorized Representatives are required to hold and maintain a license for the Company to perform its obligations, and in the event that any such license held by an Authorized Representative expires or terminates, for any reason, the Administrator shall immediately notify the Company and such Authorized Representative shall not be authorized to exercise any authority granted herein in any state or states in which the license has been lost as of the date of such license(s) expiration or termination. In the event that any such license held by the Administrator expires or terminates, for any reason, the Administrator shall immediately notify the Company and the Administrator’s authority shall be immediately suspended in the applicable state or states as of the date of such license(s) expiration or termination, unless within one week from the date the Company receives notice of the license expiration or termination from the Administrator, the Company agrees, in writing, to modify the provisions set forth herein. However, nothing in this section shall affect the Administrator’s obligation to perform any obligation under this Agreement for which a license is not required; (B) that the Administrator shall operate at all times in compliance with this Agreement and the Schedules attached hereto and with all applicable laws and regulations. The Administrator agrees that it is its responsibility to know and comply with the laws and regulations applicable to this Agreement and the business contemplated hereunder, including, but not limited to: (i) laws and regulations regarding notices to insureds and prospective insureds; and (ii) record retention laws and regulations; (C) that the Administrator shall maintain at its own cost and expense, during each Term of this Agreement and for the period of time during which it has continuing obligations under this Agreement, an insurance policy (policies) covering errors and omissions, first-party cyber liability, third-party cyber liability, general liability and commercial automobile liability exposures in the amount of $5,000,000, such limit shall apply independently to each coverage and not as an aggregate limit for all, with an insurer acceptable to the Company (a copy of which has been provided to the Company prior to the execution of this Agreement) and obtain from the policy issuing insurer an original certificate of insurance addressed to (and which shall be forwarded to) the Company. The Administrator agrees to obtain written approval from the Company before any change is made to such errors and omissions insurance policy, unless the change is renewal of the policy for a one-year policy period, an increase in policy limits, or a change in premium. For each such change and for each renewal of such policy, the Administrator shall obtain and forward to the Company an original certificate of insurance addressed to the Company as evidence of the terms of such amended or renewed errors and omissions insurance policy;

Execution Version 5 (D) that within forty-five (45) days after the execution of this Agreement, the Administrator shall provide the Company with a blanket fidelity bond in the amount of at least $1,000,000. Such bond shall, for the duration of this Agreement and the period in which the Administrator has any continuing obligations hereunder, contain such terms as are reasonably satisfactory to the Company; (E) that the Administrator now has and shall maintain at its sole expense for the duration of its obligations under this Agreement a staff consisting of an adequate number of competent and trained personnel who have the underwriting expertise to select, underwrite, and price the business covered by this Agreement; and (F) that the Administrator shall maintain at its sole expense throughout each Term of this Agreement a staff consisting of an adequate number of competent and trained personnel, including computer support personnel, such supplies and equipment, including computer hardware and software, and such procedures as are necessary to administer and supervise all aspects of the business covered by this Agreement, including but not limited to the servicing of policies and the billing and collection of premium due from policyholders, Authorized Representatives and sub-insurance producers. 4. Additional Duties of the Administrator The Administrator also agrees: (A) to collect, receive and account for premiums on insurance policies issued pursuant to this Agreement, and to remit funds to the Company as requested by the Company and as required under this Agreement; (B) that the Administrator shall be responsible to ensure that its operations and the business produced complies with all applicable laws and regulations. Without limiting the foregoing, the Administrator agrees that it shall cooperate with the Company or its designated representative to ensure that the business produced is in compliance with underwriting loss control requirements as specified in writing by the Company. In the event the performance of any duty or obligation of the Administrator herein would constitute the unauthorized practice of insurance by the Company in an applicable jurisdiction, the Administrator shall immediately notify the Company and the Administrator’s authority shall be immediately suspended or modified in such jurisdiction. If such a suspension shall frustrate the purposes of this Agreement, the Agreement shall terminate unless the Parties agree to amend this Agreement so that the performance by the Administrator does not constitute the unauthorized practice of insurance by the Company; (C) the Administrator shall verify, according to applicable law, that all sub-insurance producers: (i) are properly licensed to transact the kinds of insurance for which the producer is appointed, (ii) maintain Agents and Brokers Errors and Omissions Insurance with a limit of

Execution Version 6 no less than $1,000,000, and (iii) are appointed by the Company where required; (D) except as otherwise expressly noted herein or as agreed to by the Company in writing, that the Administrator shall be responsible for all reasonable costs, fees and expenses incurred in connection with the production of business hereunder, including but not limited to credit reports and inspection reports for policyholders, and for all costs, fees and expenses incurred in connection with agent appointments of such individuals; (E) that the Administrator shall comply with reasonable instructions or directions received from the Company; (F) that the Administrator shall maintain updated Company manuals (e.g., ISO or NCCI) for all lines of business to which this Agreement now or hereinafter applies if necessary; (G) if the Administrator cancels or non-renews policies in accordance with applicable laws, regulations and the Underwriting Guidelines, that the Administrator shall retain copies of any notices (and original proofs of mailing of same) sent to policyholders to effect such cancellation or non-renewal and shall make copies of the notices and the original proofs of mailing available to the Company upon request; (H) that, unless otherwise required by law or regulations, the Administrator shall refer State Insurance Department contacts, requests or inquiries regarding matters relating to business subject to this Agreement, including requests for access to or copying of records, to the Company. In the event of any such contacts, requests or inquiries, the Administrator shall notify the Company immediately of the contact. In addition to the obligations specified above, unless prohibited by law or regulation, the Administrator shall immediately notify the Company of any contact, request or inquiry by any other governmental official or agency regarding matters relating to business subject to this Agreement. The Administrator will cooperate with the Company in the resolution of any complaints or inquiries by a governmental agency; (I) to keep accurate, complete and separate, written records of all transactions affecting business written on behalf of the Company under this Agreement and to file all necessary affidavits and reports as may be required by applicable laws and regulations. Without limiting the foregoing, the Administrator agrees, at a minimum, to maintain copies of all policy forms, rate schedules, rules and manuals supplied by the Company; provided, however, that the Company shall also maintain separate records of business written under this Agreement. The Administrator shall also maintain a policy register and shall account for all policies furnished or supplied to the Company. The underwriting files to be maintained by the Administrator shall at a minimum consist of a policy application (signed by the policyholder if required by law or regulation), rating worksheets, true and complete records of all transactions and correspondence with policyholders, producers, and the Company,

Execution Version 7 including but not limited to copies of the policies issued, and proof of mailing for all notices required by law or regulation, including but not limited to cancellation and non-renewal notices; (J) that the separate records (whether in paper or electronic form) of business for the Company must be maintained by the Administrator for the greater of: (i) seven (7) years from the termination of the policy to which the record relates; or (ii) the length of time required by applicable law or regulation. Before the Administrator destroys or discards any of such records, the Administrator agrees to give the Company 60 days’ notice of its intention to do so. If during that 60-day period the Company expresses the desire to maintain such files, the Administrator shall, at Company’s expense and direction, send or deliver such files in electronic format, to the location directed by Company. In the event this Agreement is terminated by either Party, the Administrator shall maintain the records in accordance with the preceding sub-paragraph, and in the event that the Company requests duplicate copies of the records, the Administrator shall provide duplicates in electronic format to the Company at the Company’s expense. Also, in the event of an examination by any authority which regulates the Company, Administrator agrees to cooperate with the Company during any such examination, inspection and/or audit and agrees that it shall make any and all files available to such regulatory authority at the time and place the Company specifies. In the event duplicate files need to be shipped, the Administrator and the Company shall, equally, bear the cost of duplicating and shipping such files. The Administrator shall certify that the duplicate files provided for review by the regulatory authority are true and complete copies of the original files; (K) that the records maintained relating to business produced under this Agreement are jointly owned by the Company and the Administrator. Accordingly, all books, papers and records relating to the business of the Company under this Agreement or any other agreement related thereto, shall be open for inspection or copying by duly authorized representatives of the Company or regulatory authorities having jurisdiction over Company business, at the Company’s expense, at all times during the continuance of this Agreement and any policies issued hereunder, and for the duration of the records retention requirements hereunder and shall survive the suspension or termination of this Agreement. Subject to sub-paragraph (K) above, the right of access and copying shall also be available to any state Commissioner, Director or Superintendent of Insurance, or their designees, with jurisdiction over the Company. Further, the Administrator and the Company agree that they will not deprive or impede the other Party’s rights under this sub-paragraph due to the existence of a dispute or disagreement between the Parties. Notwithstanding any other provision of this Agreement, the Administrator agrees that its failure to fully comply with this provision: (i) could cause serious and irreparable harm to

Execution Version 8 the Company, and (ii) serves as adequate justification for the Company’s seeking and obtaining an ex parte court order or injunction permitting the Company (or its duly authorized representatives) access to such records for immediate removal or copying at the Administrator’s offices or at some other location approved by the court issuing the order or injunction. If copying of the records is authorized, the Administrator agrees to reimburse the Company for all costs and expenses incurred in copying the records; (L) that the Administrator shall establish and maintain a disaster recovery plan and meet all federal, state and local requirements relating to data retention and security and shall provide the Company with a copy of the plan and any amendments thereto at least annually; (M) that it will forward to the Company weekly and in no event later than 10 days after the date any policy or endorsement is issued pursuant to this Agreement (and in no event more than 25 days after the effective date of such policy or endorsement), or when otherwise directed by the Company, exact, signed copies of all policies, endorsements or other appropriate evidences of insurance bound, issued, modified or canceled pursuant to this Agreement, including countersignature endorsements (except as otherwise specified herein relating to flat cancellations), together with the corresponding signed application. The Administrator may satisfy its obligation under this section by submitting policy data to the Company via electronic interface in a form acceptable to the Company. Notwithstanding the foregoing, the Administrator shall also provide copies of any and all policies, endorsements, or other evidences of insurance to the Company upon request; (N) that the Administrator shall provide, where permitted by law, written notice to the Company, of any proposed or completed sale, transfer, merger, consolidation or reorganization involving the Administrator, a controlling interest in the Administrator or any company that has a controlling interest in the Administrator, or involving a majority of its assets. However, in no event shall such notice be given later than the date of any public announcement of: (a) the proposed transaction or change, or (b) the execution of an agreement concerning the proposed transaction or change; (O) that the Administrator shall not take any actions to impede or interfere with the Company’s rights and ability to recover from third parties, whether any such right of recovery is based in tort or contract; (P) the Administrator shall perform all duties imposed upon it under any reinsurance agreement applicable to the business authorized herein, copies of which shall be provided to the Administrator, if applicable. Company agrees to advise the Administrator of any such duties prior to the effective date of any proposed reinsurance and the Administrator shall be entitled to additional reasonable compensation to be negotiated between the Parties, and approved in writing by the Company, if such duties impose material additional costs or duties upon the Administrator;

Execution Version 9 (Q) for as long as the Administrator has responsibilities and obligations hereunder, the Administrator shall provide the Company with audited financial statements. Such financial statements shall be prepared in accordance with Generally Accepted Accounting Principles and audited in accordance with Generally Accepted Auditing Standards. Such statements shall be provided to the Company within 180 days after the end of the applicable year or within 5 days of the availability of such statements whichever is earlier and shall be treated as Confidential Information (as hereinafter defined) by the Company; (R) the Administrator shall provide an organizational chart to the Company listing all subsidiaries, affiliates and the person or entity that ultimately controls the Administrator which shall be treated as Confidential Information by the Company. The Administrator shall keep the information in the organizational chart current by providing the Company with an updated organizational chart as the Administrator’s organization is amended; (S) to perform its duties hereunder in accordance with the: (i) the accounting and systems guidelines established by the Company and provided to the Administrator in writing from time to time (herein the “Accounting and Systems Guidelines” which are contained in Schedule E) and (ii) applicable laws and regulations; (T) the Administrator shall notify the Company of any new inter-company agreements, understandings, undertakings, guarantees of any kind affecting the Administrator Produced Policies or the Administrator Serviced Policies (each as defined in Schedule C), whether oral or written, where the Administrator is a party and any affiliate or controlling shareholder is a counter party. This information shall be treated as Confidential Information by the Company. The Company may add additional entities to this list at any time; (U) the Administrator shall maintain workers’ compensation and disability insurance for its employees in accordance with applicable laws and regulations; (V) that, to the extent the Administrator engages in any premium finance transactions, which require the prior written approval of the Company, the Administrator (i) shall do so in accordance with all applicable laws and regulations and (ii) does so solely on its own account and at its own risk. The Administrator shall be solely liable for any extensions of credit of earned premium or premium financing to policyholders or sub-producers and for the full amount of any premiums due to the Company on policies written under this Agreement regardless of whether the Administrator has collected the premium due from the policyholder or the sub-producer; (W) that for each year in which this Agreement remains in effect, the Administrator shall provide the Company with the following information within 15 business days after each of the following specified dates: (i) March 31, provide the March 31 inforce portfolio and the estimated May 31 and September 30 portfolios to support reinsurance purchasing; (ii) May 31, provide the actual May 31 inforce portfolio; and (iii) September 30, provide actual

Execution Version 10 September 30 inforce portfolio; (X) the Administrator, on behalf of the Company and as directed by the Company, shall file for approval with State Insurance Departments: all policy forms, rate schedules and associated rules and manuals as may be required by such regulatory authorities for the business subject to this Agreement. The Administrator shall provide the Company with a list of such approved documents and copies of such documents; (Y) the Administrator will follow appropriate Company underwriting guidelines, including: (i) the basis of the rates to be charged; (ii) applicable exclusions; and (iii) the maximum policy period; and (Z) Administrator shall assume oversight and responsibility for the Administrator Serviced Policies on the Company’s policy management system on the terms set forth herein; and (AA) Administrator, through its affiliate SSCH and for the benefit of Company, shall maintain Proprietary Platforms, as defined in and more particularly described in Schedule G. 5. Company Duties and Transition (A) Transition. a. As used in this Agreement: “Administrator Renewal Effective Date” means the date that is five (5) months following the Effective Date. “Effective Date” means May 9, 2024. “Legacy Policies” means all insurance policies issued by the Company through Company systems prior to the Effective Date. “Majesco Legacy Policies” means all insurance policies issued by the Company through Company systems prior to the Effective Date, and includes renewals of such policies only when such renewals are maintained on the Company’s systems. For the avoidance of doubt, Majesco Legacy Policies does not include Majesco Legacy Policies replaced by the New Insurance Product or renewed through the Administrator’s policy administration system. “New Business” means the New Insurance Product, and any other insurance policies issued by the Company to a new insured, on or after the Effective Date. “New Insurance Product” means insurance policies using the rates and forms developed by Administrator and as approved by the State of New York Department of Financial Services.

Execution Version 11 “SageSure Legacy Policies” refers to insurance policies issued by the Company through Company systems prior to the Effective Date, only after such policy has been renewed on the Administrator’s policy administration system. “Transaction” means the transaction whereby an affiliate of Administrator has agreed to acquire one hundred percent of the issued and outstanding shares of the Company. “Transition Employees” means all of the Company’s policy administration employees as of the Effective Date. b. New Business. a. With respect to all New Business, on and after the Effective Date: i. The Company shall appoint Administrator as the Company’s sole agent with the authority to place policies within the Territory. ii. The Company shall direct its agents to submit applications for New Business through Administrator. iii. All New Business opportunities received by the Company, and not through the Administrator, will be submitted to the Administrator for underwriting. c. Majesco Legacy Policies. a. With respect to Majesco Legacy Policies, on and after the Effective Date: i. Non-renewals, cancellations and endorsements shall be performed on the Company’s policy management system by the Company, until such Majesco Legacy Policy has been renewed on Administrator’s policy management system. b. With respect to Majesco Legacy Policies, on and after the Effective Date, and prior to the Administrator Renewal Effective Date: i. The Company’s agents will continue to process renewals, directly through the Company, for policies with a renewal date prior to the Administrator Renewal Effective Date. c. With respect to Majesco Legacy Policies with a policy renewal date on and after the Administrator Renewal Effective Date: i. The Company appoints Administrator as the Company’s sole agent with the authority within the Territory, on behalf of Company, to communicate with insureds and their agents and representatives. ii. Administrator may offer to renew, offer replacement policies (which may include the New Insurance Product), or issue cancellations (subject to the Underwriting Guidelines and applicable law), all on the Administrator’s policy management system. Any non-renewal accompanied by an offer for a replacement policy will also be performed by the Administrator on the Administrator’s policy management system.

Execution Version 12 iii. The Company shall notify its agents that the Administrator has been appointed as the program administrator, and that all such policies will be processed through the Administrator. iv. The Company shall maintain support for Majesco Legacy Policies on the Company’s systems (including Majesco software and data) at the Company’s expense until all active Legacy Policies are transitioned to the Administrator’s policy management system. d. Transition Employees. The Parties shall use commercially reasonable efforts to ensure that the Transition Employees become Administrator’s employees at a mutually agreeable time without interference to servicing of Legacy Policies. (B) Expenses. Except as expressly set forth elsewhere in this Agreement, during the Term, each Party shall be responsible for its own expenses including: (1) maintenance of its policy administration systems; and (2) wages and benefits owed to its employees. (C) Access to Data. Throughout the Term of this Agreement, the Company shall make available to Administrator all policy data from the Company’s systems (including Majesco) as is reasonably necessary for the prompt and efficient performance of by Administrator of its duties under this Agreement. (D) The Company shall pay all premium taxes, board fees and other taxes on premiums incident to policies written by the Administrator for business subject to this Agreement. (E) The Company shall notify the Administrator in a timely manner of any changes to its rates, rules and forms applicable to insurance subject to this Agreement. (F) The Company shall maintain at least an “A” rating by Demotech. (G) The Company shall perform all other duties and obligations of the Company required elsewhere in this Agreement. 6. Payment and Accounting Responsibilities (A) Premiums and all other funds collected by the Administrator will be held in a fiduciary capacity for Company until delivered to Company. All premiums, net of (i) Commission, (ii) policy fees and inspection fees, and (iii) setup fees and installment fees on payment plans, collected by Administrator with respect to the Policies, are the property of Company. The Company and Administrator shall agree to designate the bank account in such a manner as to clearly establish that Administrator is holding and acting as fiduciary for Company with respect to the funds in the account. The premiums received by Administrator shall be kept in a fiduciary bank account in a financial institution selected by Administrator (“Program Bank Account”) provided, however, that: (a) said institution must be a member of the Federal Reserve System; (b) Administrator’s fiduciary account therein must be insured by the Federal Deposit Insurance Corporation; and, (c) The Program Bank Account has online banking capacity sufficient to allow both Company and Administrator secured online access.

Execution Version 13 Administrator must segregate and shall not commingle premiums collected on behalf of Company with other fiduciary funds received by Administrator in the operation of its business. Except as expressly authorized by the Company, Administrator shall not have authority to draw on any other accounts of the Company. Company will have access during ordinary business hours to such books and records as they pertain to Company’s premiums. Company authorizes Administrator, to the extent permitted by applicable law, to charge set up fees and installment fees with respect to policies billed on an installment basis. (B) The Administrator shall prepare and submit to the Company within five (5) business days after the end of each month a bordereau report showing all premiums, policy fees, inspection fees, surcharges, amounts written, earned and collected; and details of all compensation due to Administrator. The Administrator shall also provide the Company with such other information that it may reasonably require to satisfy its own internal reporting requirements as outlined in Schedule F and any reporting requirements for the applicable reinsurer. The Company shall remit compensation due to the Administrator, if any, on not less than a monthly basis. (C) Administrator will establish lockbox capabilities to collect monies due on policies produced under this Agreement. Upon establishment of lockbox capabilities, Company will assist Administrator in directing all payments made for insurance produced under this Agreement to Administrator. (D) The Administrator shall only have the authority to prepare online transfers against the Program Bank Account, for the following purposes: a. payment of monies due insureds in connection with return premiums and endorsements relating to insurance produced under this Agreement; b. reimbursement of monies due to Administrator in connection with return premiums and endorsements relating to insurance produced under this Agreement that Administrator pays from the Administrator’s account; c. refund of monies received in the Program Bank Account for policies related to other insurance carriers or otherwise unrelated to Company; d. payments to the Company; e. payments of amounts due the Administrator; and f. payments to SSCH pursuant to Schedule G on behalf of the Company. Consistent with the Administrator’s reporting obligations under this Agreement, the Administrator shall furnish supporting documentation for all transfers from the Program Bank Account. (E) Each week, the Administrator will transfer funds in excess of an agreed-upon minimum balance in the Program Bank Account to the Company, less the Provisional Commission for amounts due the Administrator as set forth in Schedule C. The Administrator will transfer funds equal to the Provisional Commission to its designated bank account, concurrent with weekly transfers to the Company. By the 5th business day of each month, the Administrator

Execution Version 14 will submit an invoice to the Company for the prior month reflecting amounts due the Administrator, net of the Provisional Commission fund transfers. The Administrator shall be liable to the Company for any and all premiums due on insurance produced under this Agreement, including amounts that are still in transit to the Program Bank Account. The Administrator shall report monthly to the Company any earned premiums that were uncollectible from policyholders. The Administrator is responsible to pay the Company for any uncollected premiums greater than 90 days past due, except for uncollected premium caused by any action taken by Company or state regulatory authority preventing Administrator from collecting premium in the normal course of business. (F) The Administrator agrees to pay all costs and expenses of commercially reasonable collection efforts from insureds, including reasonable attorneys' fees, where premiums to be received by the Administrator pursuant to this Agreement are not paid in full by an insured. (G) Administrator will reimburse the Company for all billed out of pocket expenses incurred with respect to market conduct examinations or other regulatory reviews and audits which are related to the Administrators business activities. (H) Without limiting any other rights, the Company or the Administrator may have, should either Party default in the payment of amounts due, the Parties may offset any balances due between the Parties. (I) At such time that Legacy Policies and renewals of those policies are being administered by the Administrator, entries in the Parties’ respective accounting systems will be adjusted to reflect a transfer of any positive balances from Company’s system to the Administrator’s accounting systems, resulting in a $0 balance on the Company’s accounting system, and a corresponding transfer of funds by the Company to the Program Bank Account. By way of example only, if the Company is holding unearned premium that is required to be returned to an insured due to a cancellation, then such amount shall be transferred to the Administrator. 7. Administrator's Status The Administrator and the Company further agree that: (A) the Administrator is an independent contractor, not an employee of the Company, and has exclusive control over its time, the conduct of its operations and the selection of the companies with which it does business. Neither the term “Administrator” nor anything contained in this Agreement shall be construed as creating an employer/employee relationship between the Company and the Administrator, nor shall the Administrator be authorized to act on behalf of the Company except as expressly authorized in this Agreement. Neither Party to this Agreement shall employ an individual while such individual is employed with the other Party; (B) the Administrator shall be responsible for all expenses incurred in producing the business

Execution Version 15 authorized and in fulfilling its obligations under this Agreement unless the Company agrees otherwise in writing; and (C) notwithstanding any other provision of this Agreement, it is understood that the business and affairs of the Company shall be managed by its Board of Directors, and, to the extent delegated by such board, by its appropriately designated officers. The Board of Managers and officers of the Administrator shall not have any management prerogatives with respect to the business affairs and operations of the Company. 8. Confidentiality and Information Security (A) The Parties may provide confidential information to one another, which may include (but is not limited to) proprietary information, technical data, trade secrets, know-how related to research, product plans, inventions, developments, services, software, prices, costs, discounts, databases, future plans, business affairs, process information, methodologies, analysis, customer lists, product design, information, copyrights, and other confidential information (collectively, “Confidential Information”) that are valuable, special and unique assets of the party disclosing the Confidential Information (the “Disclosing Party”). Confidential Information shall not include information which: (a) is or becomes a part of the public domain through no act or omission of the Party receiving the information (the “Receiving Party”); (b) was in the Receiving Party’s lawful possession prior to the disclosure and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (c) is lawfully disclosed to the Receiving Party by a third-party without restriction on disclosure; (d) is independently developed by the Receiving Party without use of the Confidential Information; or (e) is disclosed by operation of law. (B) The Receiving Party will take commercially reasonable measures to protect the Confidential Information and treat it as strictly confidential. The Receiving Party agrees that it will not at any time or in any manner, either directly or indirectly, use any information for its own benefit, or divulge, disclose, or communicate in any manner any Confidential Information to any third party without the prior written consent of the Disclosing Party, unless required to do so by law or by a court or other forum of competent jurisdiction. In the event the Receiving Party is required by law to disclose any Confidential Information, the Receiving Party agrees to notify the Disclosing Party to the extent permitted by law prior to making any disclosure and to cooperate fully with the Disclosing Party in protecting such Confidential Information. (C) The Parties shall comply with the terms set forth in the Information Security Agreement attached hereto as Exhibit A. (D) The confidentiality and information security provisions of this Agreement shall remain in full force and effect after the termination of this Agreement. 9. Indemnification

Execution Version 16 (A) The Administrator and its successors and assigns agree to indemnify and hold the Company harmless against all liability including but not limited to damages, losses, fines, penalties (including, but not limited to, market conduct fines, penalties or assessments), and reasonable costs and expenses of whatsoever kind, including but not limited to fees and disbursements of counsel, which the Company is or may be held liable to pay arising out of: (i) the Administrator's failure to comply with the terms of this Agreement; and/or (ii) the willful or negligent acts or omissions of the Administrator, its employees and/or their agents or assigns; provided, such indemnification does not extend to acts or omissions by agents of the Administrator who were direct agents of the Company prior to the Effective Date. The Administrator shall also indemnify the Company against all such liability occasioned by the actions of any of the Authorized Representatives or any countersignature agents appointed at its behest or pursuant to its recommendation. The Company agrees that conditions precedent to such indemnification, are: (a) the Company’s prompt notification to the Administrator of any claim or suit against the Company regarding business written under this Agreement and/or any matters which appear reasonably likely to involve acts or omissions discussed in this sub-paragraph; (b) the Company’s cooperation with the Administrator in handling such claim or suit; and (c) the Company allowing and assisting the Administrator in making such investigations or defending such matters as the Administrator in its reasonable discretion deems prudent. (B) The Company agrees to indemnify and hold the Administrator harmless against all liability including but not limited to damages, losses, fines, penalties and reasonable costs and expenses of whatsoever kind, including but not limited to fees and disbursements of counsel, which the Administrator is or may be held liable to pay arising out of: (i) the willful or negligent acts or omissions of the Company; and/or (ii) any act or omission of the Administrator based solely or in substantial part upon procedures prescribed by the Company pursuant to this Agreement or upon direction or instruction by the Company during the period that this Agreement shall be in force and effect, including the period in which that Administrator may have any continuing obligations hereunder. The Administrator agrees that conditions precedent to such indemnification, are: (a) the Administrator’s prompt notification to the Company of any claim or suit against the Administrator regarding business written under this Agreement and/or any matters which appear reasonably likely to involve acts or omissions discussed in this sub-paragraph; (b) the Administrator’s cooperation with the Company in handling such claim or suit; and (c) the Administrator allowing and assisting the Company in making such investigations or defending such matters as the Company in its reasonable discretion deems prudent. 10. Commission The Administrator and the Company agree that: (A) the commission paid and policy fees remitted by the Company to the Administrator for

Execution Version 17 business produced by the Administrator under this Agreement shall be as set forth in Schedule C of this Agreement. For purposes of computing commissions, the rates set forth in Schedule C shall be applied to the relevant final gross written premium. For the purposes of this Agreement, the term “final gross written premium” shall mean the total written premium less return premium, exclusive of fees and surcharges, charged for each policy written hereunder; and (B) the compensation set forth in Schedule C and Schedule G shall be the sole remuneration paid to the Administrator and SSCH by the Company for services provided by the Administrator pursuant to this Agreement; and (C) if the Administrator has the authority to determine the amount of the interim profits by establishing loss reserves or controlling claim payments, or in any other manner, interim profits will be paid to the Administrator only as provided by this Agreement, but in no event until one year after they are earned for property insurance business; and on casualty business, interim profits will be paid only as provided by this Agreement, but in no event until five years after they are earned, and not until the profits have been verified pursuant to applicable state laws governing managing general agents. 11. Term, Termination and Suspension (A) The Administrator and the Company further agree that: 1) Unless terminated earlier, the initial term of this Agreement shall be two (2) years beginning on the Effective Date, and this Agreement will renew automatically for successive two-year terms (each such two-year period is referred to herein as a “Term”); 2) Notwithstanding anything in this Agreement to the contrary, this Agreement will automatically terminate in the event that the Company becomes a controlled insurer within the same holding company system as the Administrator for purposes of New York Insurance Law Section 1505. 3) this Agreement may be terminated: (i) immediately by mutual consent of the Parties to this Agreement at any time; or (ii) by any Party giving written notice to the other Parties, which notice must be received at least 90 days prior to the effective date of termination; or (iii) by the Company upon 30 days written notice to the Administrator in the event that any legislation or regulation adversely affects the ability of the Company and the Administrator (as may reasonably be determined by the Company in its sole discretion) to carry out the purposes of this Agreement or (iv) as otherwise required by law or regulation; 4) notwithstanding sub-paragraphs (A) and (B) above, this Agreement shall terminate immediately if: (i) there has been an event of fraud, abandonment or gross and willful misconduct under this Agreement on the part of the Administrator, or the Company, materially affecting the interests of the other; (ii) the Administrator has undergone an assignment for the benefit of creditors, has had a receiver appointed or has had a petition in bankruptcy filed by or against it; (iii) the representations, warranties and covenants contained in this Agreement shall prove false or

Execution Version 18 misleading in any material way; or (iv) for any other cause as provided for in this Agreement; 5) notwithstanding sub-paragraphs (A) and (B) above, if the Administrator shall commit any material breach of this Agreement or fail to comply with any reasonable instructions or directions from the Company, the Company may, in its sole discretion, suspend the authority of the Administrator under this Agreement, and the Company will be entitled to all legal rights of recovery from the Administrator. The Company shall notify the Administrator in writing of any suspension effected pursuant to this sub-paragraph. Such suspension shall be effective on the 10th business day following receipt of the written notice unless before such effective date the Administrator demonstrates to the Company’s satisfaction that the Administrator has cured the breach or failure, or the Company and Administrator agree otherwise in writing; 6) notwithstanding the foregoing, if there is a dispute between the Company and the Administrator concerning any violation or alleged violation of this Agreement or the Administrator's failure or alleged failure to comply with any reasonable instructions or directions from the Company, then the Company may, in its sole discretion, immediately suspend or modify the authority of the Administrator under this Agreement during the pendency of such dispute. Written notice shall be provided by the Company to the Administrator, as applicable, of any suspension affected pursuant to this sub-paragraph, which suspension shall be effective upon receipt of such notice unless otherwise specified by the Company in writing to the Administrator. Such a suspension shall not affect, negate or in any way diminish the Company’s rights under this Agreement; 7) should the Administrator fail to comply with any suspension notice, the Administrator agrees to indemnify and reimburse the Company for any loss or expense or for any damages caused to the Company as a consequence thereof, including, but not limited to, loss or expenses incurred under policies issued or renewed in violation of the suspension notice; and 8) in the event the Administrator's authority under this Agreement is suspended, the Company, in its sole discretion, may elect to remove or disable the software system or data files (and related computer hardware) that the Company has provided to the Administrator, if any. In such an event, the Administrator agrees that the Company’s representative(s) are permitted (without the need to obtain a court order) to access the Administrator’s office(s) during normal business hours and upon five (5) days’ notice to remove or disable such software system and related computer hardware. However, Company’s representatives may not interfere with the Administrator’s conduct of its business that is unrelated to this Agreement. If the Company makes an election to remove or disable such software system and related computer hardware and in the event the Administrator has any continuing servicing rights or obligations with regard to the policies issued by it under the authority granted in this Agreement which are frustrated by the Company’s actions, then the Administrator agrees to timely request that the Company provide it with any necessary policy documentation to enable the Administrator to fulfill such servicing rights or obligations. The Company agrees to cooperate with the Administrator in this regard and will forward all appropriate policy documentation to the Administrator for further

Execution Version 19 forwarding to the policyholder(s) to enable the Administrator to fulfill their servicing rights or obligations. 12. Continuing Obligations During Suspension and After Termination Upon termination of this Agreement or suspension of the Administrator's authority under this Agreement, the Administrator shall, as applicable: (A) continue to pay the Company all sums due the Company in the manner described in paragraph 6 above; (B) continue to perform all customary and necessary services regarding all policies issued by the Administrator on behalf of the Company until all such policies have been completely canceled, non-renewed or otherwise terminated. However, if an endorsement request would result in a charge of premium under the Underwriting Guidelines, the Administrator shall forward the request to the Company for review and prior approval; (C) continue to perform all services and pay all expenses incurred in fulfillment of its obligation to collect premiums; (D) issue all applicable cancellation and/or non-renewal notices in full and complete compliance with this Agreement and applicable laws and regulations. Except as may otherwise be required by law or regulation or as may otherwise be authorized in writing by the Company, any such cancellation and/or non-renewal notices shall be issued timely to ensure that the Company is not obligated to renew or extend any policy that has an expiration date after the date such termination or suspension is effective, or, if the termination or suspension notice given to the Administrator is less than 120 days’ notice, 75 days after notice of termination or suspension is received by the Administrator; (E) immediately stop binding coverage and issuing insurance and stop submitting or renewing business on behalf of the Company or extending the term of any existing business, except as may otherwise be required by law or regulation or as may otherwise be authorized in writing by the Company; (F) continue to fulfill all other obligations to the extent that such obligations are not inconsistent with (A) through (E) above and the contents of the termination or suspension notice; and (G) maintain records consistent with sub-paragraphs 4(I), 4(J) and 4(K) above. If the Administrator fails in any respect to fulfill these continuing obligations, in addition to any other rights and remedies that the Company may have herein or under applicable law, then any reasonable expense incurred by the Company (i) for the servicing of policies issued by the Administrator; (ii) to fulfill the Administrator’s unfulfilled obligations; or (iii) to enforce its rights under this Agreement, will be fully reimbursed to the Company by the Administrator and/or may be offset against any funds owed the

Execution Version 20 Administrator by the Company under this Agreement. Following the termination of this Agreement, the Company shall continue to pay the Administrator any commissions, policy fees, and other applicable compensation due to be paid as set forth in Schedule C, until the expiration of the last Company policy. 13. Ownership of Supplies Any unused policies, certifications, forms, applications or other unused Company supplies furnished by the Company to the Administrator, including, but not limited to, system software and related equipment supplied by the Company and any copies thereof, are the property of the Company and shall be accounted for and returned by the Administrator to the Company immediately upon demand. 14. Cancellation of Insurance (A) Nothing in this Agreement shall be construed as limiting or restricting the right of the Company to cancel any binder, policy, contract or other evidence of insurance issued under this Agreement in accordance with the cancellation provisions of such binder, policy, contract, other evidence of insurance and applicable law. (B) Return premiums for cancellations as a result of payment default under any premium finance plan shall be calculated in accordance with the terms of the applicable premium finance agreement except in those jurisdictions where such action is contrary to or otherwise provided for by law. 15. Ownership of Expirations The Company and the Administrator agree that: (A) With respect to Administrator Produced Policies (as defined in Schedule C), the Company will not make a claim to any expirations, as all such expirations are the property of the Administrator. (B) With respect to Company’s policies other than those described in Section 15(A) above (i.e., the Administrator Serviced Policies, as defined in Schedule C, and any other policies that the Administrator is not servicing): a. If the Transaction has not closed, then at the time of termination of this Agreement, the Administrator will not make claim to expirations for such policies, as all such expirations are the property of the Company. b. If the Transaction has closed, then at the time of termination of this Agreement, the Company will not make a claim to expirations, as all such expirations become the

Execution Version 22 electronic mail will be effective upon the date sent, if sent on a business day before 12:01 p.m., Eastern Time. If sent after 12:01 p.m. Eastern Time or on a day other than a business day, notice will be effective on the next business day. Written notice provided via first class registered mail shall be deemed received three days after the date it was sent, prepaid overnight mail shall be deemed received the day after it was sent, overnight courier and certified mail and hand-delivered notice shall be deemed received the date it was delivered. In the event the date of deemed receipt falls on a Saturday, Sunday or a United States national holiday, the date of receipt shall be deemed to be the next business day. The date of receipt or deemed receipt, regardless of the time of actual receipt, if received during the 9:00 am to 5:00 pm period at the recipient’s location, shall be the first day of any period of time provided for in any notice given under this Agreement. 18. Modification and Enforcement of this Agreement (A) Except as expressly noted herein, this Agreement and the Schedules hereto may not be changed or amended unless in writing signed by the Parties hereto; (B) In the event a Court of competent jurisdiction modifies or invalidates any provision of this Agreement, all other provisions of this Agreement shall remain in full force and effect. 19. Applicable Law This Agreement will be construed and enforced in accordance with and governed by the laws of the State of New York. 20. Headings The Paragraph headings are for reference only and will not limit or otherwise affect the meaning thereof. 21. Waiver A waiver by a Party of any breach or default by the other Party under this Agreement shall not constitute a continuing waiver or a waiver of any subsequent act in breach or in default hereunder. 22. Comprehension and Non-Reliance This Agreement is the product of arm’s length negotiations and the terms of this Agreement have been completely read, fully understood and voluntarily accepted by the Administrator and the Company. The Parties represent that each has had full opportunity to consult its own attorney in connection with the preparation and review of this Agreement, that each understands the meaning and effect of this Agreement, that each has carefully read and understands the scope and effect of each provision contained in this Agreement, and that each is not relying upon any representations made by any other party, its attorneys or other representatives.

Execution Version 23 Further, all Parties agree that, for purposes of interpretation, this Agreement shall not be deemed to have been drafted by one Party or the other. 23. Non-Assignability Except as required by law, neither Party may assign the rights and obligations set forth in this Agreement, in whole or in part, directly or indirectly, without prior written approval by the other Party. 24. Privacy The Company and the Administrator acknowledge that insurance is a highly regulated industry and that Administrator’s performance of its obligations under this Agreement may give rise to certain duties imposed under laws, rules and regulations that govern insurance companies, agents and suppliers of insurance services and functions. The Company and the Administrator further acknowledge that nonpublic personally identifiable personal, financial and medical information about the Company’s customers, former customers, applicants and claimants may be disclosed to the Administrator during the course of, and as necessary for, the performance of this Agreement. The Administrator agrees that it will maintain the confidentiality and privacy of such information and comply with all applicable laws, rules and regulations concerning the maintenance of the privacy of such information. The Administrator will limit access to such information to only those individuals that require access to such information for performance of this Agreement, and will not disclose such information to a third party unless otherwise permitted by law and only after requiring the third party to execute a similar confidentiality and privacy clause and with prior written consent of the Company. The Administrator shall take commercially reasonable precautions to safeguard its computer systems and offices in order to comply with the provisions of this paragraph and to prevent unauthorized access to nonpublic personally identifiable personal, financial and medical information whether in physical, electronic or other medium. 25. Required Contract Provisions If any statute, regulation or other law governing the business of the Administrator and its affiliates (if any) and the Company requires certain contract provisions to be included in this Agreement, those required contract provisions are deemed to be included in this Agreement. Remainder of Page Intentionally Blank

22 LIST OF SCHEDULES Schedule A – Authorized Coverages Schedule B – List of Authorized Representatives Schedule C – Administrator Compensation Schedule D – Jurisdictions in Which Authorized to Represent Company Schedule E – Accounting and Systems Guidelines Schedule F – Reporting Schedule G – SSCH Services and Compensation

23 SCHEDULE A AUTHORIZED COVERAGES FOR CLASSES OF BUSINESS OUTLINED IN THE UNDERWRITING GUIDELINES Company hereby grants to the Administrator the authority to act as agent for Company to the extent herein defined. 1. Maximum Annual Direct Written Premium Volume. The Administrator’s written capacity authority on business it produces shall be limited to the following (measured in gross written premiums in a calendar year): $20 million The Parties acknowledge that year-over-year growth in written premium will need to be managed in such a way as to avoid putting strain on the Company’s surplus, which could result in downward pressure on its Demotech rating and/or outlook. As such, it is in the best interests of both Parties to effectively manage the Company’s premium growth. The Company and Administrator will communicate regularly about the level of premium growth throughout each year and will cooperate to ensure that the objectives outlined in this paragraph are being adequately monitored and addressed. Notwithstanding the premium volumes defined above, the Administrator may request the Company to increase its written premium volume authority if the Company has sufficient surplus, as determined in the Company’s sole discretion. In addition, the Company, upon written notice to the Administrator, may reduce the Administrator’s written capacity authority if it is deemed necessary, in the Company’s sole reasonable discretion, in order to maintain an adequate Authorized Control Level Risk-Based Capital Ratio (“ACL RBC Ratio”), which, for the purpose of this Agreement, is defined as an ACL RBC Ratio of at least 400%. 2. Authorized Classes of Insurance Business and Types of Risks. Subject to any additional authorization issued by the Company, the Administrator is authorized by the Company to underwrite on its behalf Policies containing the following lines of business: Homeowners Dwelling Fire

24 SCHEDULE B LIST OF AUTHORIZED REPRESENTATIVES Schedule to be maintained on file with the Administrator and the Company.

25 SCHEDULE C ADMINISTRATOR COMPENSATION Administrator compensation will consist of the following: A. Commission B. Program Fees C. True-Up Calculations D. Profit Sharing All Administrator compensation, other than True-Up Calculations, will be reported to Company by the Administrator by the 10th of each month end and paid to the Administrator’s designated bank account. A. Commission Administrator Produced Policies On new policies produced by Administrator, including Legacy Policies renewed onto the New Insurance Product (“Administrator Produced Policies”), the Administrator will earn provisional commission described in the chart below based on gross written premiums per policy (“Provisional Commission”). Commissionable premiums are exclusive of surcharges and policy fees. Such Provisional Commission shall include all compensation for producer commissions and all other expenses which are the responsibility of the Administrator. The Provisional Commission is subject to an annual adjustment in accordance with the Commission True-up section of this Schedule C. The Provisional Commission allowable under this Agreement for Administrator Produced Policies is set forth below: State Provisional Commission % of Gross Written Commissionable Premiums NY Administrator Serviced Policies Majesco Legacy Policies and SageSure Legacy Policies renewed by Administrator onto the Company’s products other than the New Insurance Product are referred to herein as “Administrator Serviced Policies”. For Administrator Serviced Policies, on and after the Administrator Renewal Effective Date, the Administrator will earn Provisional Commission described in the chart below. Commissionable premiums are exclusive of surcharges and policy fees. Such Provisional Commission shall include all compensation for producer commissions and all other

26 expenses which are the responsibility of the Administrator. The Provisional Commission is subject to an annual adjustment in accordance with the Commission True-Up section of this Schedule C. (A) Administrator Service Fee (B) Agent Commission = (A) + (B) Provisional Commission % of Gross Written Commissionable Premiums B. Program Fees Policy and Inspection Fees Only as allowed by applicable state law, and subject to filing and regulatory approval as part of any admitted product, may the Company charge, and Administrator collect, policy fees and inspection fees in connection with the business written pursuant to this Agreement. These fees are intended to cover Administrator Program Vendor Expenses, which are vendor expenses incurred by the Administrator for the purpose of acquiring, qualifying, underwriting, inspecting, modeling, servicing, issuing, and administering payments to Company business. Not included in these Policy and Inspection Fees are statutory “pass through” fees (including but not limited to Fair Plan Emergency, New York Fire, Guaranty Fund surcharges) which will be fully retained by Company for remittance to related organizations. Setup Fees and Installment Fees on Payment Plans The Administrator will collect setup fees and installment fees from insureds to the extent allowable under applicable state law on payment plans in exchange for coverage costs of bank accounts, credit card fees, ACH fees and lockbox fees associated with this Agreement. These costs are inclusive of Administrator Program Vendor Expenses. C. True-Up Calculations Commission True-Up Once annually, the Administrator will calculate the average paid commission rate paid to Administrator’s distribution sources. Average Commission Rate to Distributors = (Commission Paid to Distributors / Collected Commissionable Premiums) + (Channels-Specific Retail Contingents Paid / Gross Written Commissionable Premiums) Provisional Commission Rate = Provisional Commission Amounts Paid / Gross Written Commissionable Premiums

28 make the True-up Payment on or about October 1st of each year. “ITD” means Inception-to-Date. For the purposes of all calculations in this Schedule C, Inception-to- Date refers to summations for all define measures for the period starting with the issuance of the first policy issued pursuant to this agreement (“Program Inception”) through the June 30 of the relevant measurement period. D. Profit Sharing The intent of the profit sharing arrangement is to establish a sharing of the inception to date profits (“ITD Profits”) generated under this Agreement on Administrator Produced Policies. The Parties agree that if the profit margin on Administrator Produced Policies (defined based on ITD Profits divided by ITD Gross Earned Premium) is greater than then the Administrator is entitled to of the profit margin in excess of . If the profit margin is less than , there is no profit sharing. Profit Sharing Calculations The following describes in terms of mathematical expressions the approach to the Profit Sharing computation over the life of this Agreement. Profit sharing payments shall be based on the calculations set forth below. “ITD” means Inception-to-Date. For the purposes of all calculations in this Schedule C, Inception-to- Date refers to summations for all define measures for the period starting with the issuance of the first policy issued pursuant to this agreement (“Program Inception”) through the June 30 of the relevant measurement period. For example, for the period ending June 30, 2024, ITD Gross Earned Premium (or ITD GEP(t)) is the total Gross Earned Premium for the period from the Program Inception through June 30, 2024. For period ending June 30, 2025, ITD GEP(t) would reflect the period from the Program Inception through June 30, 2025 and ITD GEP(t-1) would reflect the period from Program Inception through June 30, 2024. The first measurement period will be the Stub Period from the Program Inception through June 30, 2024. The measurement period will be July 1 through June 30 each following year. ITD GEP = ITD Gross Earned Premiums ITD Margin = ITD Profit / ITD GEP If ITD Margin >= THEN ITD Profit Sharing = [(ITD Margin – ) * ] * ITD GEP

29 ELSE ITD Profit Sharing = 0 Profit Sharing Earned(t) = ITD Profit Sharing(t) – ITD Profit Sharing (t-1) If Profit Sharing Earned(t) > 0 then Company will pay 100% within 15 days of the receipt of final calculations from Administrator. If Profit Sharing Earned(t) < 0 then Administrator will owe such amounts to the Company (a “Giveback”). The Company shall deduct 1/36 of the Giveback from each of the next 36 monthly Provisional Commission amounts owed to the Administrator, starting with the month of September. Notwithstanding the foregoing, the Giveback, if any, for each month shall not exceed of current month’s Gross Written Premiums, and any excess shall be rolled forward to the next calendar month and paid in accordance with the foregoing formula. If a Profit Sharing Payment is due to the Administrator in a subsequent year in which Giveback amounts are still due, then (i) if the Profit Sharing Payment exceeds the outstanding Giveback, the Profit Sharing Payment shall be reduced by the amount of outstanding Giveback and any remaining Profit Sharing Payment amounts shall be paid to the Administrator, or (ii) if the outstanding Giveback exceeds the Profit Sharing Payment Amount, the Giveback shall be reduced by the Profit Sharing Payment and any remaining Giveback shall continue to be paid in accordance with the formula above. For sake of clarity, Givebacks will be treated as negative Profit Sharing Payments for prior periods in the calculation of Profit Sharing Payments above. General Definitions ITD Profit (before profit sharing payments) = ITD Gross Earned Premiums (excluding surcharges, assessments, and other regulatory charges) Less ITD a) Actual Catastrophe Excess-of-Loss Reinsurance Costs b) Actual Other Reinsurance Costs c) Actual Gross Losses and ALAE Incurred d) Actual ULAE e) IBNR Charge f) Provisional Commission g) Actual Premium Taxes Incurred (admitted business only) h) Boards & Bureaus Plus ITD i) True-Up Payment j) Reinsurance Recoveries from Catastrophe Excess-of-Loss Reinsurance in (a) k) Reinsurance Recoveries from Other Reinsurance in (b)

30 a) Actual costs incurred for the Treaty Year in the purchase of an appropriate amount of Catastrophe Excess-of-Loss Reinsurance coverage (i.e., up to the greater of 1) what is required by Demotech to maintain an A rating and 2) what is required by Texas regulators to operate in the state). Company will make these Actual costs available to the Administrator. b) Actual costs incurred for the Treaty Year in the purchase of other reinsurance including Per Risk XOL Treaty, Facultative, ID Theft and any other Reinsurance. Company will make these Actual costs available to the Administrator. c) Treaty Year Incurred Losses and ALAE (including the benefit of salvage & subrogation). d) Actual ULAE. Company will make these Actual costs available to the Administrator for inclusion. e) IBNR Factors of 14%, 3% and 1% applied to (c) for Treaty Year 1, 2, and 3, assessed at 12, 24, and 36 months, respectively, where Treaty Year 1 is the most recent year (the latest year in the calculation). The Treaty Year measurement period will be for losses occurring between July 1 through June 30 for each year. f) The sum of Provisional Commission Rate times Commissionable Earned Premiums for each policy. g) The sum of Actual Rate of premium taxes for admitted business times Commissionable Earned Premiums for each state. The Actual Rate of Premium Taxes is the actual Premium Taxes paid divided by the Gross Written Commissionable Premium (excluding all fees) for each state. h) Actual Boards & Bureaus expense in connection with Administrator Business incurred by the company plus all costs of Market Conduct examinations. Company will make these Actual costs available to the Administrator for inclusion. i) True-Up Payments as defined in Section C of this Schedule C. j) Reinsurance recoveries from reinsurance described in (a). k) Reinsurance recoveries from reinsurance described in (b). Note that all amounts in the calculation of ITD Profit and Margin are ITD calculations. All premium calculations exclude policy fees, inspection fees, surcharges, and other regulatory charges that are added onto the policy charges after the calculation of premium.

31 SCHEDULE D JURISDICTIONS IN WHICH AUTHORIZED TO REPRESENT COMPANY All jurisdictions in which the Company holds a license or certificate of authority to issue insurance policies

32 SCHEDULE E ACCOUNTING AND SYSTEMS GUIDELINES a. System Availability – Mission Critical Systems, the websites that support rate, quote, policy issuance, billing and underwriting will be available 99% of the time as measured over a calendar month and during the times deemed as business hours (Monday to Friday 8:00 AM Eastern until 9:00 PM Eastern), not including holidays. b. Phone Service – Phone systems will be available 24 X 7 X 365 except during downtime required for maintenance support. The phones will be manned on Monday to Friday from 8:00 AM Eastern until 9:00 PM Eastern. Recorded call prompts will provide emergency contact and claims notice references as specified by Company. Company will contact Administrator in the event of unscheduled office closures that may require alternate claims call handling. c. Interface of Policy Information – Administrator will provide secure direct access to database repository of information that enables Company to populate Company systems with policy information according to Company specifications. d. Disaster Recovery / Business Continuity – Provide for the backup, storage and retrieval of all policy data, reference files, data, programs and “Objects”, that would be required to restore systems to operational status following an outage. For extended outages of more than 3 days, have infrastructure and processes in place to make Mission Critical Systems available to customers within 3 business days and all services available within five business days. e. Confidentiality of Data – Maintain the information regarding Company, its policyholders and business practices with the same care as they would maintain their own data. This data will not be used for any other purposes than those contemplated in this Agreement. Information will not be shared with any third parties unless agreed to in advance by Company. f. Lockbox / Cash Processing – 95% of cash will be processed on the same day it is received and 100% will be processed within 2 business days. g. Print (Operational Reports) – All operational reports required by Company to operate / manage this program from the Carrier and Claims Handling perspective should be electronically delivered to Company not later than 8:00 AM the business day following processing by the Administrator’s system. h. Print (Policy forms, Bills, Certificates) – The output generated for all processing completed by 5:00 PM Eastern time should be printed for delivery to the insured, producers and interested parties within the same business day.

33 SCHEDULE F REPORTING All Administrator compensation will be reported to Company by the 5th business day of each month and any unsettled amounts paid from Program Bank Account to Administrator’s designated bank account. Administrator shall keep detailed accounting of the Company’s policy activities on all premiums, taxes, and any other funds due to the Company on all policies written under this Agreement. Administrator shall maintain complete and accurate accounting records in accordance with usual and customary accounting practices and/or as may be requested by the Company. On a monthly basis within 5 business days after the end of the month, Administrator will provide a detailed and itemized statement of account of all premiums written, premiums earned, premiums collected, policy fees written, policy fees collected, inspection fees written, inspection fees collected, and taxes or regulatory surcharges. Upon execution of this Agreement, Administrator will work to implement a mutually agreed reporting process and format. Administrator shall provide information necessary for Company to report financial and statistical data, either on a summary or policy level, in a mutually agreed format. Administrator shall ensure that financial and statistical information provided to the Company is accurately coded, input, and balanced based on the mutually agreed format. Administrator will provide claim related reporting and analytics support as set forth below or otherwise reasonably requested by Company: a. Administrator shall maintain all data required for the Company to prepare its Statutory Annual Statement and any other report required by the National Association of Insurance Commissioners (“NAIC”) or other regulatory authority. Administrator shall also maintain all statistical data required by the Insurance Services Office (“ISO”) or similar statistical reporting agencies. Administrator and the Company shall mutually agree upon the data that must be maintained by Administrator under this Paragraph upon execution of this Agreement, and update as mutually agreed upon. b. Administrator shall provide a detailed monthly claims extract report to Company within fifteen (15) days after the last day of each calendar month. 1. Contents. The report must contain the following information, by state and Annual Statement line of business: claim numbers, dates of loss, policy numbers, effective dates of policies, paid losses, paid loss adjustment expenses, outstanding losses, outstanding loss adjustment expenses, net salvage and subrogation recoveries, and recovery expenses. The report must also contain paid losses, legal expenses, and salvage and subrogation recoveries from inception to date.

34 2. Format and Data. Administrator and the Company shall mutually agree upon the form and data field content of the loss run report prior upon execution of this Agreement.

35 SCHEDULE G SSCH SERVICES AND COMPENSATION SageSure Capital Compensation As consideration for the SageSure Capital Services described below, the Company directs the Administrator to pay SageSure Capital Holdings, Inc. (“SSCH”) of Gross Written Commissionable Premium from the Administrator’s Provisional Commission described in Schedule C of this Agreement (“SageSure Capital Compensation”). The Parties may mutually agree to change the amount of the SageSure Capital Compensation at any time during the Term of this Agreement. The compensation to SSCH is not an incremental expense to the Company, but rather is paid from the Administrator’s Provisional Commission, effectively reducing the commission retained by the Administrator. SageSure Capital Services SSCH shall provide certain technology services to the Company through the Administrator (the “SageSure Capital Services”) with respect to all policies under the Agreement: 1. The creation, delivery, security, and maintenance of proprietary custom platforms for a producer management system with quoting technology, a policy administration system, a policyholder portal, and a data repository accessible through applications (collectively “Proprietary Platforms”). 2. The management, delivery, security, and maintenance of vended platforms and applications, creation of proprietary technology and maintenance of integrations between the vended platforms and Proprietary Platforms, and management of software and application implementation related to the vended platforms and Proprietary Platforms.

36 Exhibit A Information Security Agreement Attached.

Information Security Agreement 1) Definitions. Capitalized terms used herein shall have the meanings set forth in this Section 1. “Agreement” means the agreement to which this Information Security Agreement is attached. “Authorized Employees” means employees of each Party who have a need to know or otherwise access Personal Information to enable the Parties to perform their obligations under the Agreement. “Authorized Persons” means (i) Authorized Employees; and (ii) each Party’s contractors, agents, or third parties, who have a need to know or otherwise access Personal Information to enable the Parties to perform their obligations under the Agreement, and who are bound in writing by confidentiality and other obligations sufficient to protect Personal Information in accordance with the terms and conditions of this Information Security Agreement. “Highly Sensitive Personal Information” means an (i) individual's government-issued identification number (including Social Security number, driver's license number, or state-issued identification number); (ii) financial account number, credit card number, debit card number, or credit report information, with or without any required security code, access code, personal identification number, or password that would permit access to an individual's financial account; (iii) biometric, genetic, health, medical, or medical insurance data; (iv) geolocation data; or (v) information regarding their racial or ethnic origin, religious beliefs, sex life or sexual orientation, union membership, or citizenship or immigration status. “Party” refers to each party (collectively, the “Parties”) to the Agreement. “Personal Information” means information provided to a Party (the “Receiving Party”) by or at the direction of the other Party (the “Disclosing Party”), information which is created or obtained by a Party (the “Receiving Party”) on behalf of the other Party (the “Disclosing Party”), or information to which access was provided to a Party (the “Receiving Party”) by or at the direction of the other Party (the “Disclosing Party”), in the course of the Parties’ performance under the Agreement that: (i) identifies or can be used to identify an individual (including, without limitation, names, signatures, addresses, telephone numbers, email addresses, and other unique identifiers); or (ii) can be used to identify or authenticate an individual (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or PINs, user identification and account access credentials or passwords, financial account numbers, credit report information, student information, biometric, health, genetic, medical, or medical insurance data, answers to security questions, an individual's internet activity or similar interaction history, inferences drawn from other personal information to create consumer profiles, geolocation data, an individual's commercial, employment, or education history, and other personal characteristics and identifiers), in case of both subclauses (i) and (ii), including, without limitation, all Highly Sensitive Personal Information. A Party’s business contact information is not by itself deemed to be Personal Information. “Security Breach” means (i) any act or omission that compromises either the security, confidentiality, availability, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards put in place by a Party (or any Authorized Persons) that relate to the protection of the security, confidentiality, availability, or integrity of Personal Information, or (ii) receipt of a complaint in relation to a Party’s privacy and data security practices

(or any Authorized Persons) or a breach or alleged breach of this Information Security Agreement relating to such privacy and data security practices. Without limiting the foregoing, a compromise shall include any unauthorized access to or disclosure or acquisition of Personal Information. 2) Standard of Care. a) The Parties acknowledge and agree that, in the course of performance of the Agreement, the Parties may create, receive, or have access to Personal Information. Each Party shall comply with the terms and conditions set forth in this Information Security Agreement in its creation, collection, receipt, transmission, storage, disposal, use, and disclosure of such Personal Information and be responsible for any unauthorized creation, collection, receipt, transmission, access, storage, disposal, use, or disclosure of Personal Information under its control or in its possession by all Authorized Persons. Each Party shall be responsible for, and remain liable to, the other Party for the actions and omissions of its Authorized Persons that are not Authorized Employees concerning the treatment of Personal Information as if they were the Party’s own actions and omissions. Each Party’s Personal Information is deemed to be Confidential Information of that Party and is not Confidential Information of the other Party. In the event of a conflict or inconsistency between this Section 2, on one hand, and the Agreement or this Information Security Agreement, on the other hand, the terms and conditions set forth in this Section 2 shall govern and control. b) In recognition of the foregoing, each Receiving Party agrees and covenants that it shall: i) keep and maintain all Personal Information in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use, or disclosure; ii) not create, collect, receive, access, or use Personal Information in violation of law; iii) use and disclose Personal Information solely and exclusively for the purposes for which the Personal Information, or access to it, is provided pursuant to the terms and conditions of this Information Security Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Personal Information for the Receiving Party’s own purposes or for the benefit of anyone other than the Disclosing Party, in each case, without the Disclosing Party’s prior written consent; and iv) not, directly or indirectly, disclose Personal Information to any person other than its Authorized Persons, including any subcontractors, agents, its own service providers or auditors (each, an “Unauthorized Third Party”), without the Disclosing Party’s prior written consent, unless and to the extent required by Government Authorities or as otherwise, to the extent expressly required, by applicable law, in which case, the Receiving Party shall (A) notify the Disclosing Party before such disclosure or as soon thereafter as reasonably possible; (B) be responsible for and remain liable to the Disclosing Party for the actions and omissions of such Unauthorized Third Party concerning the treatment of such Personal Information as if they were the Receiving Party’s own actions and omissions; and (C) require the Unauthorized Third Party that has access to Personal Information to execute a written agreement agreeing to comply with the terms and conditions of this Information Security Agreement relating to the treatment of Personal Information.

3) Information Security. a) Each Party represents and warrants that its creation, collection, receipt, access, use, storage, disposal, and disclosure of Personal Information does and will comply with all applicable federal, state, and foreign privacy and data protection laws, as well as all other applicable regulations and directives. b) Each Party shall implement and maintain a written information security program including appropriate policies, procedures, and risk assessments that are reviewed at least annually. c) Without limiting either Party’s obligations under Section 3(a), each Party shall implement administrative, physical, and technical safeguards to protect Personal Information from unauthorized access, acquisition, or disclosure, destruction, alteration, accidental loss, misuse, or damage that are no less rigorous than accepted industry practices, and shall ensure that all such safeguards, including the manner in which Personal Information is created, collected, accessed, received, used, stored, processed, disposed of, and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Information Security Agreement. If, in the course of performance under the Agreement, either Party has access to or will collect, access, use, store, process, dispose of, or disclose credit, debit, or other payment cardholder information, such Party shall at all times remain in compliance with the Payment Card Industry Data Security Standard (“PCI DSS”) requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at such Party’s sole cost and expense. d) At a minimum, each Party’s safeguards for the protection of Personal Information shall include: (i) limiting access of Personal Information to Authorized Persons; (ii) securing business facilities, data centers, paper files, servers, backup systems, and computing equipment, including, but not limited to, all mobile devices and other equipment with information storage capability; (iii) implementing network, application, database, and platform security; (iv) securing information transmission, storage, and disposal; (v) implementing authentication and access controls within media, applications, operating systems, and equipment, including the use of multifactor authentication for access to any Personal Information; (vi) encrypting Personal Information stored on any [mobile] media; (vii) encrypting Personal Information when transmitted; (viii) strictly segregating Personal Information from information of the other Party or any third-party so that Personal Information is not commingled with any other types of information; (ix) conducting risk assessments, penetration testing, and vulnerability scans and promptly implementing, at the Party’s sole cost and expense, a corrective action plan to correct any issues that are reported as a result of the testing; (x) implementing appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks consistent with applicable law; and (xi) providing appropriate privacy and information security training to the Party’s employees. e) During the term of each Authorized Employee's employment by a Party, the Party shall at all times cause such Authorized Employees to abide strictly by the Party’s obligations under this Information Security Agreement and its standard policies and procedures, a copy of which have

been provided to the other Party upon request. Each Party further agrees that it shall maintain a disciplinary process to address any unauthorized access, use, or disclosure of Personal Information by any of its officers, partners, principals, employees, agents, or contractors. 4) Security Breach Procedures. a) Each Party shall: i) provide the other Party with the name and contact information for one or more of the Party’s employees/security operations or other service desk who/which shall serve as the other Party’s primary security contact and shall be available to assist the other Party twenty- four (24) hours per day, seven (7) days per week as a contact in resolving obligations associated with a Security Breach; ii) notify the other Party of a Security Breach as soon as practicable, but no later than twenty- four (24) hours after the Party becomes aware of it; and iii) notify the other Party of any Security Breaches by emailing the other Party at an address provided by the other Party, with a copy by email to the Party’s primary business contact within the other Party. b) Immediately following notification of a Security Breach, the Parties shall coordinate with each other to investigate the Security Breach. The Parties agree to fully cooperate with each other in the handling of the matter, including, without limitation: (i) assisting with any investigation; (ii) providing physical access to the facilities and operations affected; (iii) facilitating interviews with employees and others involved in the matter; and (iv) making available all relevant records, logs, files, data reporting, and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the other Party. c) The Party responsible for the Security Breach shall (i) at its own expense use best efforts to immediately contain and remedy any Security Breach and prevent any further Security Breach, including, but not limited to taking any and all action necessary to comply with applicable privacy rights, laws, regulations, and standards, and (ii) reimburse the other Party for all actual reasonable costs incurred by the other Party in responding to, and mitigating damages caused by, any Security Breach, including all costs of notice and/or remediation pursuant to Section 4(d). d) Each Party agrees that it shall not inform any third party of a Security Breach without first obtaining the other Party’s prior written consent, other than to inform a complainant that the matter has been forwarded to the Party’s legal counsel. Further, the Receiving Party agrees that the Disclosing Party shall have the sole right to determine: (i) whether notice of the Security Breach is to be provided to any individuals, regulators, law enforcement agencies, consumer reporting agencies, or others as required by law or regulation, or otherwise in Disclosing Party’s discretion; and (ii) the contents of such notice, whether any type of remediation may be offered to affected persons, and the nature and extent of any such remediation. e) The Parties agree to maintain and preserve all documents, records, and other data related to any Security Breach for the longest of the following (the “Applicable Retention Period”): (i) five (5) years; (ii) any applicable retention period required by the Agreement or any other contract

between the Parties; or (iii) the length of time required by applicable law or regulation. Prior to destruction or disposal of such documents, records or other data, each Party shall provide no less than 90 days prior written notice to the other Party specifying in reasonable detail the documents, records, or other data to be destroyed or disposed and the other Party may request that the documents, records, or other data to be destroyed or disposed be delivered to that Party at requesting Party’s sole expense. Notwithstanding the foregoing, if any litigation, claim, negotiation, audit, or other action involving the documents, records, and other data has been started before the expiration of the applicable retention period, the documents, records, and other data shall be retained until completion of the action and resolution of all issues which arise from it, or until the end of the Applicable Retention Period, whichever is later, and until any outstanding litigation, audit, or claim has been fully resolved. f) Each Party agrees to fully cooperate at its own expense with the other Party in any litigation, investigation, or other action resulting from a Security Breach, if deemed reasonably necessary by the other Party to protect its rights relating to the use, disclosure, protection, and maintenance of Personal Information. g) In the event of any Security Breach, the Parties shall promptly use their best efforts to prevent a recurrence of any such Security Breach. 5) Return or Destruction of Personal Information. At any time during the term of the Agreement, at the Disclosing Party’s request or upon the termination or expiration of the Agreement for any reason, the Receiving Party shall, and shall instruct all Authorized Persons to, promptly return to the Disclosing Party all copies, whether in written, electronic, or other form or media, of Personal Information in its possession or the possession of such Authorized Persons, or securely dispose of all such copies, and certify in writing to the Disclosing Party that such Personal Information has been returned to the Disclosing Party or disposed of securely. The Receiving Party shall comply with all reasonable directions provided by the Disclosing Party with respect to the return or disposal of Personal Information. 6) Equitable Relief. Each Party acknowledges that any breach of its covenants or obligations set forth herein, or the other Party’s standard policies and procedures, may cause the other Party irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the other Party is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance, and any other relief that may be available from any court, in addition to any other remedy to which the other Party may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available at law or in equity, subject to any express exclusions or limitations in the Agreement to the contrary. 7) Material Breach. A Party’s failure to comply with any of the provisions of this Information Security Agreement is a material breach of the Agreement. In such event, the non-breaching Party may terminate the Agreement effective immediately upon written notice to the breaching Party without further liability or obligation to the breaching Party. 8) Indemnification. Each Party (the “Indemnitor”) shall defend, indemnify, and hold harmless the other Party and the other Party’s subsidiaries, affiliates, and its respective officers, directors, employees, agents, successors, and permitted assigns (each, an “Indemnitee”) from and against any and all

losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, penalties, fines, costs, or expenses of whatever kind, including reasonable attorneys' fees, the cost of enforcing any right to indemnification hereunder, and the cost of pursuing any insurance providers, arising out of or resulting from any third-party claim against any Indemnitee arising out of or resulting from Indemnitor’s failure to comply with any of its obligations under this Information Security Agreement.