Master Services Agreement

This Master Service Agreement (the “Agreement” or “MSA”) is entered into by and between: S.G. Systems, LLC, a limited liability company organized and existing under the laws of the State of Texas, with its principal office located at 6944 Meadowbriar Lane, Dallas, TX 75230 (“Provider”), and the individual or entity accepting this Agreement by executing an Order Form / Signed Proposal and making payment as described herein (“Customer”).

Provider and Customer may collectively be referred to as the “Parties” and individually as a “Party.”

WHEREAS: Provider offers the V5 Traceability software solution (“Software”), including options for hosted services utilizing a third-party cloud hosting provider and on-premise installations, designed to track and manage regulated supply chain and manufacturing data, along with related implementation, support, and services. Software Version 5.9 has been independently assessed for alignment with applicable technical controls commonly associated with 21 CFR Part 11, EU Annex 11, and GMP expectations. Customer desires to license and use the Software and, where purchased, to receive implementation/onboarding services and related support under the terms of this MSA and the applicable Order Form / Signed Proposal.

NOW, THEREFORE: In consideration of the mutual promises and covenants contained herein, the Parties agree as follows:

1.1 Acceptance; Effective Date. By executing an Order Form / Signed Proposal and making the required initial payment(s), Customer agrees to be bound by this MSA. The date Provider receives Customer’s initial payment shall be the “Effective Date” for the applicable Order Form / Signed Proposal.

1.1.1 Initial Payment Composition. Unless otherwise stated in the Order Form / Signed Proposal, Customer’s initial payment must include: (a) any one-time onboarding/implementation fees due at signing (if any), and (b) the subscription payment due at signing—either the first monthly installment (if monthly billing is elected) or the full annual fee (if annual billing is elected).

1.2 Software Activation. For Hosted Services, access will be provisioned within 72 hours of receipt of the initial subscription payment and required account setup information. For On-Premise Installations, Provider will make the Software available for installation and/or provide access credentials or license information within 72 hours of receipt of the initial subscription payment, subject to Customer providing required environment and access prerequisites.

1.3 Agreement Scope. This MSA governs the Software and all related Services purchased by Customer. The applicable Order Form / Signed Proposal specifies Software tier, deployment type, license model, onboarding/implementation services (if any), fees, and the term.

1.4 Order of Precedence. If there is a conflict between this MSA and an Order Form / Signed Proposal, the Order Form / Signed Proposal controls only for the conflicting commercial terms (e.g., fees, quantities, deployment election, dates). This MSA controls all other terms unless the Parties expressly agree otherwise in writing.

2.1 “Software” means the V5 Traceability software, including updates, upgrades, and documentation provided by Provider under this MSA. This Agreement applies to Version 5.9 during the applicable term unless otherwise agreed in writing.

2.2 “Hosted Services” means the hosting, maintenance, and support of the Software on a third-party cloud hosting provider’s infrastructure, managed by Provider and accessible by Customer via the internet.

2.3 “On-Premise Installation” means the installation and operation of the Software on Customer’s own hardware and / or infrastructure at Customer’s designated location.

2.3.1 “Default Deployment Architecture” means unless otherwise specified in the Order Form / Signed Proposal, the Software shall be deployed on-premises at Customer’s designated location. If Customer elects a hosted (cloud) deployment, this must be clearly indicated on the Order Form / Signed Proposal at the time of order placement.

2.4 “Services” means Hosted Services (if elected), implementation/onboarding services (if purchased), support, maintenance, training assistance, validation assistance, and/or installation services provided by Provider.

2.5 “Order Form / Signed Proposal” means a document, proposal, quote, or other record provided by Provider and accepted by Customer specifying the Software level, deployment election (Hosted vs On-Premise), license type, Services, onboarding/implementation items (if any), fees, and other details of Customer’s engagement.

2.6 “Onboarding / Implementation Services” means one-time professional services purchased by Customer for initial setup, configuration, project management, ERP gap analysis, custom API integration, training sessions, UAT facilitation (if included), validation support (if included), and related rollout activities, as described in the applicable Order Form / Signed Proposal.

2.7 “Onboarding Fees” means one-time fees for Onboarding / Implementation Services, billed upfront as stated in the applicable Order Form / Signed Proposal.

2.8 “ERP Gap Analysis” means a structured analysis of Customer’s ERP data model, workflows, and integration requirements to identify gaps, required mappings, and integration approach, which may be purchased in advance of implementation.

2.9 “Custom API Integration” means API integration work that is specific to Customer’s environment and requirements, including any custom mappings, transforms, or connectors beyond standard configuration, when purchased.

2.10 “Critical Issues” means severe Software malfunctions that prevent Customer from performing essential business operations reliant on the Software.

2.11 “Security Incident” means any unauthorized access, use, disclosure, alteration, or destruction of Customer Data, or a confirmed compromise of the confidentiality, integrity, or availability of Hosted Services.

2.12 “Sandbox Environment” means a separate, isolated testing environment provided by Provider for deploying Software upgrades prior to production use (or, for On-Premise Installations, an environment designated by Customer for testing).

2.13 “Customer Data” means all data uploaded to or generated by the Software by or on behalf of Customer (including regulated records), excluding Usage Data as defined in §2.19.

2.14 “Service Level Agreement (SLA)” means the performance guarantees and commitments outlined in Section 11 of this Agreement, including uptime, response times, and resolution targets for Hosted Services.

2.15 “Renewal Term” means each additional one-year period automatically commenced under Section 5.2.

2.16 “Invoice” means Provider’s written request for payment issued under Section 5.5 and/or Section 6.

2.17 “Device” means a dedicated human–machine interface (HMI) such as a PC or tablet computer used to access the Software, identified by a unique network interface (e.g., MAC address). For clarity, a “Device” does not include passive peripherals such as scales, scanners, printers, or similar equipment—even if such peripherals have IP or MAC addresses—unless expressly listed as licensed HMIs on an Order Form / Signed Proposal.

2.18 “Device License” means a license assigned to a specific Device (HMI) identified by its MAC address or other unique hardware identifier. A Device License is tied to that Device and may not be used concurrently by other devices.

2.19 “Usage Data” means event-level data and metadata generated by Customer’s and Users’ interaction with the Software or Hosted Services, such as login timestamps, user/account identifiers, device or browser type, session duration, feature interactions, performance metrics, and application/error logs. “Usage Data” excludes the business content of Customer’s regulated records except to the extent incidentally captured in error logs.

2.20 “Aggregated/De-identified Data” means data that does not identify—and cannot reasonably be used to identify—any natural person or Customer.

2.21 “User” means an individual authorized by Customer to access the Software.

2.22 “User License” means a license assigned to one named User and may not be shared or rotated among multiple individuals.

2.23 “Documentation” means Provider’s then-current user guides, admin guides, release notes, and training materials made available to Customer.

2.24 “Confidential Information” means non-public information disclosed by a Party that is designated as confidential or that a reasonable person would understand to be confidential, including business, technical, pricing, security, product information, and Customer Data.

2.25 “DPA” means Provider’s Data Processing Addendum (if applicable), incorporated by reference where required by law and made available upon request.

2.26 “Assessment Documentation” means the independent assessment documentation made available by Provider regarding the Software’s alignment with technical controls commonly associated with 21 CFR Part 11, EU Annex 11, and GMP expectations (e.g., assessment report and supporting artifacts provided by Provider, if any).

2.27 “IQ/OQ” means installation qualification and operational qualification activities performed as part of Customer’s validation program in Customer’s environment.

2.28 “UAT” or “User Acceptance Testing” means the pre-go-live testing performed to confirm configured workflows and system behavior meet Customer’s intended use and acceptance criteria.

3.1 Paid, One-Time Services. Onboarding / Implementation Services are professional services purchased by Customer and billed as one-time Onboarding Fees as stated in the applicable Order Form / Signed Proposal. Provider does not provide initial onboarding/implementation for free.

3.2 Typical Onboarding Components. Depending on what Customer purchases, Onboarding / Implementation Services may include:

• Project management: kickoff coordination, timeline management, and structured weekly status cadence.
• ERP Gap Analysis: review of ERP objects, required data mappings, workflow gaps, and integration approach (often purchased in advance).
• Custom API integration: development/configuration of Customer-specific API interfaces, mappings, and test support.
• Configuration & rollout support: roles/permissions, templates, workflows, and initial setup aligned to Customer’s selected tier.
• Training sessions: role-based training for operators, QA, supervisors, and admins as purchased.
• UAT & validation support: UAT planning/facilitation (if included), IQ/OQ template protocols (if included), and reasonable assistance as described in §7.4 and as reflected in the Order Form / Signed Proposal.

3.3 Scope, Deliverables, and Timeline. The scope, deliverables, and estimated timeline for Onboarding / Implementation Services will be defined in the applicable Order Form / Signed Proposal (or in a written addendum/amendment executed by both Parties). Timelines are contingent upon Customer providing timely access to personnel, systems, data, and environments (including ERP sandbox access where applicable).

3.4 Start Condition. Provider is not obligated to schedule or begin Onboarding / Implementation Services until Provider has received the Onboarding Fees (if any) and the required initial subscription payment as described in §1.1.1, unless otherwise stated in the Order Form / Signed Proposal.

3.5 Post-Setup Training & Assistance Included with Subscription (Reasonable Use). After initial setup and go-live, during an active subscription Provider will provide reasonable remote assistance for additional training questions, operational guidance, and minor configuration support at no additional charge. Customer acknowledges that major expansions (e.g., new sites, new integrations, significant workflow redesign, on-site training, or net-new development) require a separate written agreement and may require additional fees.

3.6 Enterprise Onboarding & Validation Package (If Purchased). If Customer purchases the Enterprise tier and Onboarding / Implementation Services are included on the applicable Order Form / Signed Proposal, Provider’s standard Enterprise onboarding scope includes (as part of the one-time Onboarding Fees for that engagement): (a) facilitated UAT support (planning/facilitation and issue triage/retest coordination), and (b) an IQ/OQ template package and reasonable remote assistance to support Customer’s execution. Customer remains responsible for final execution, review, approval, and maintenance of validation deliverables within Customer’s quality system.

4.1 License Grant. Provider grants Customer a non-exclusive, non-transferable, revocable license to use the Software during the applicable subscription term, solely for Customer’s internal business operations. The Software is available in Express, Professional, and Enterprise levels as specified in the Order Form / Signed Proposal.

4.2 Hosted Services Option. If specified in the Order Form / Signed Proposal, Provider will provide Hosted Services, including hosting, maintenance, upgrades, and adherence to the SLA outlined in Section 11.

4.3 On-Premise Installation Option. If specified in the Order Form / Signed Proposal (or by default under §2.3.1), Provider will support an On-Premise Installation. Customer is responsible for maintaining necessary infrastructure (including security, backups, disaster recovery, and applicable third-party software licenses) and ensuring compliance with its regulatory requirements. Provider will provide software-focused operational support for the Software during the subscription term as described in §11.2. Customer acknowledges that uptime, infrastructure performance, and environment availability are dependent on Customer’s systems for On-Premise Installations, and Hosted Services SLA uptime guarantees do not apply unless Hosted Services are elected on the Order Form / Signed Proposal.

4.4 Licensing (User- or Device-Based) and Restrictions. The Software may be licensed on either a per-user or per-device basis, as specified on the applicable Order Form / Signed Proposal. Customer must elect one of the following minimum licensing thresholds: (a) at least three (3) active user licenses, or (b) at least one (1) device-based license. The Software will enforce access limits so that no more users or devices are active than licensed.

User-Based Licensing. A User License is assigned to a single named individual and may not be shared, rotated, or used by multiple individuals.

Device-Based Licensing. A Device License is assigned to a specific Device (HMI) and expressly excludes passive peripherals (e.g., scales, scanners, printers), even if those peripherals have IP or MAC addresses.

Administration. Licenses (user or device) may be reassigned by Customer only in the event of permanent personnel changes or permanent Device retirement/replacement. Temporary rotation or pooling is not permitted without Provider’s prior written consent. Provider reserves the right to audit Customer’s usage to verify compliance with this licensing model.

4.5 ERP Integration. ERP integration, ERP Gap Analysis, and Custom API Integration are provided only if expressly purchased and described in the applicable Order Form / Signed Proposal. Unless expressly stated in writing, ERP integration is not included in the subscription.

4.6 Use Restrictions. Customer shall not (and shall not permit any third party to): (a) reverse engineer, decompile, or attempt to derive source code except as permitted by law; (b) bypass license limits or security controls; (c) use the Software for unlawful purposes; or (d) provide the Software as a service bureau or for third-party benefit without Provider’s written consent.

5.1 MSA Term. This MSA begins on the Effective Date and continues until terminated.

5.2 Subscription Term. Each Order Form establishes a 365-day subscription term (the “Initial Term”). Unless Customer provides written notice of cancellation at least thirty (30) days before the end of the then-current term, each term shall automatically renew for additional one-year periods (each, a “Renewal Term”) under the same fees and terms then in effect, subject to any price adjustment Provider may notify Customer of as provided in Section 5.5.

5.3 Termination for Cause. Either Party may terminate due to a material breach not cured within thirty (30) days of written notice.

5.4 Effect of Termination. Upon termination or expiration, Customer’s right to use the Software ends and access may be disabled. For Hosted Services, Customer Data will be retrievable for 90 days post-termination upon request, provided all undisputed amounts have been paid. Past-due undisputed payment amounts that remain unpaid for more than thirty (30) days after the applicable due date may result in service suspension, and amounts unpaid for more than forty-five (45) days after the due date may result in termination and Hosted Data deletion after the post-termination retrieval window, subject to applicable legal or regulatory obligations.

5.5 Renewal and Invoicing.

• a. Invoice Timing. No later than sixty (60) days before the end of the Initial Term or any Renewal Term, Provider may issue an invoice for the next subscription term’s fees based on the most recently executed Order Form / Signed Proposal.
• b. Cancellation Window. Customer may cancel the upcoming term—or otherwise adjust the scope—by delivering written notice to Provider at least thirty (30) days before the start of the next term. Any cancellation or reduction in scope received after that date will apply only to the following term.
• c. Term Start Payment. Subscription payment for each term is due thirty (30) days prior to the first day of that term (or as stated on the Invoice). Provider reserves the right to suspend services if payment is not received by the due date.
• d. Price Changes. Provider may adjust subscription fees at renewal with at least sixty (60) days’ written notice prior to the next term start date. If Customer does not accept such changes, Customer may elect not to renew by providing cancellation notice within the window in §5.5(b).

5.6 Survival. Sections intended to survive termination (including payment obligations, confidentiality, data rights, IP, limitation of liability, indemnification, and dispute resolution) shall survive.

6.1 Fees. Customer shall pay the fees specified in the applicable Order Form / Signed Proposal and/or Invoice, including (if applicable) one-time Onboarding Fees and subscription fees.

6.2 Onboarding Fees. One-time Onboarding Fees (including fees for ERP Gap Analysis, Custom API Integration, and project management, as purchased) are billed upfront and due as stated on the applicable Invoice and/or Order Form / Signed Proposal. Unless otherwise stated in writing, Onboarding Fees are non-refundable once the applicable services have commenced.

6.3 Subscription Payment Options.

• a. Annual Payment Option. 100% of the subscription term’s fees due at signing and prior to term start (or as stated on the Invoice).
• b. Monthly Payment Option. Twelve equal monthly installments, with payment for the first installment due at signing and prior to term start and each subsequent installment due on the same calendar day of each month thereafter; a 10% convenience fee applies unless otherwise stated on the Order Form / Signed Proposal.
• c. Methods. ACH is preferred; credit card payments may incur a processing fee.

6.4 Activation and Scheduling Contingent on Payment. Provider may withhold activation, onboarding scheduling, and/or delivery of Services until required payments described in §1.1.1 and this §6 are received.

6.5 Subscription Upgrades. Fees will be prorated based on the remaining term unless otherwise stated on the Order Form / Signed Proposal.

6.6 Subscription Downgrades. Downgrades will take effect at the next renewal cycle, with written notice required at least thirty (30) days prior as described in §5.5(b).

6.7 Late Payment Consequences. If an undisputed payment amount is not received by its due date, Provider may (at its discretion) restrict access to Hosted Services and/or pause non-critical support until payment is received. If an undisputed amount remains unpaid for more than thirty (30) days after the due date, Provider may suspend Hosted Services. If an undisputed amount remains unpaid for more than forty-five (45) days after the due date, Provider may terminate the applicable services for cause under §5.3 and apply the post-termination data retrieval and deletion timelines in §5.4. Customer is responsible for all reasonable costs of collection to the extent permitted by law.

6.8 Taxes. Fees are exclusive of taxes. Customer is responsible for applicable sales, use, VAT, GST, or similar taxes (excluding taxes on Provider’s net income), unless Customer provides a valid exemption certificate.

7.1 Compliance Commitment (Assessment Access). Provider represents that Version 5.9 (Major Version) of the Software has been independently assessed against technical controls commonly associated with 21 CFR Part 11 (electronic records and signatures), EU Annex 11 (computerized systems), and GMP expectations. Upon Customer request, Provider will provide Customer access to the Assessment Documentation for Customer’s internal compliance and audit support at no additional charge, subject to confidentiality obligations and during an active subscription.

7.2 Shared Responsibility. Customer acknowledges that compliance in a regulated environment is a shared responsibility. Provider supports Customer’s compliance program by delivering Software features designed to support data integrity and auditability and by providing Assessment Documentation and validation assistance as described in this MSA. Customer remains responsible for configuring and operating the Software within Customer’s quality system, including required SOPs, training, access governance, and performing and approving validation activities (including IQ/OQ and UAT as applicable) in Customer’s environment.

7.3 Data Integrity and Retention. The Software is designed to support data integrity controls, including audit trails, version control, role-based access controls, and encryption for Hosted Services. During an active subscription, Customer Data remains available within the deployment. After termination of Hosted Services, Customer’s ability to retrieve Customer Data is governed by §5.4. Customer remains responsible for meeting regulatory retention obligations, including archiving/exporting records as required by its quality system.

7.4 IQ/OQ and UAT Assistance. Provider will provide reasonable assistance during Customer’s validation activities, which may include IQ/OQ and UAT, including providing templates (e.g., IQ/OQ protocols and/or UAT structures where included in scope) and responding to questions about Software behavior, configuration, and controls. Provider may also support issue triage and retest coordination during UAT and qualification activities where included in the purchased onboarding scope. Where applicable, Provider will support Customer’s validation planning by providing release notes and compliance-impact considerations for updates. Customer remains responsible for final execution, review, and approval of validation documentation and decisions within Customer’s quality system. If Customer requests extensive custom validation documentation, on-site activities, or audit participation beyond reasonable remote assistance, such work may require additional fees and written agreement.

7.5 Audit and Inspection Readiness. Provider will reasonably cooperate with Customer’s regulatory audits related to the Software’s controls and, for Hosted Services, relevant security and access records, subject to confidentiality and reasonable scheduling.

7.6 Security and Access Controls. The Software provides role-based access controls to support ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, and Complete). System access and key actions are logged and time-stamped to support traceability. Provider will protect Hosted Services Customer Data through reasonable administrative, technical, and physical safeguards. Customer remains responsible for appropriate role design, account provisioning/deprovisioning, and SOP enforcement in its regulated environment.

8.1 Controlled Software Updates. Major software updates, patches, or enhancements will be managed under a change control approach appropriate for regulated environments. Provider will notify Customer in advance of significant updates that may impact compliance and allow time for validation before deployment. Customers using Hosted Services will be given at least 30 days’ notice before any major updates, except for emergency security patches.

8.2 Customer Approval for Critical Updates. Updates that materially impact electronic records, security, or regulatory-relevant controls will be communicated in advance. For Hosted Services, Provider will coordinate timing to provide Customer a reasonable window to assess validation impact. For On-Premise Installations, Customer controls when updates are deployed.

8.3 Versioning and Documentation. Each update will include release notes detailing changes, new features, and potential validation considerations. Customers may request a compliance impact summary if changes affect audit trails, electronic signatures, access controls, or retention behavior.

8.4 Emergency Patches. Provider may deploy emergency patches to address active threats or critical vulnerabilities and will provide notice and documentation as soon as reasonably practicable.

9.1 Security Standards. Provider maintains reasonable cybersecurity measures for Hosted Services, including access controls, monitoring, and encryption, to support secure operation of the services.

9.2 Incident Response. In the event of a Security Incident involving Hosted Services, Provider will:

• a) Notify Customer within 24 hours of becoming aware of the incident.
• b) Provide a detailed incident report within 3 business days and provide supplemental/final reporting as additional facts become available, and cooperate with Customer to mitigate the impact and support any required regulatory reporting.

9.3 Business Continuity and Disaster Recovery. Hosted Services customers benefit from automated data backups performed at regular intervals, with recovery time objectives (RTO) and recovery point objectives (RPO) defined in the SLA (Section 11). Provider maintains a disaster recovery plan and performs periodic recovery testing to support readiness and data integrity expectations.

9.4 On-Premise Responsibility. For On-Premise Installations, Customer is responsible for infrastructure security, backups, and disaster recovery. Provider’s security obligations under this Section apply to Hosted Services.

10.1 Validation and Qualification. Customer is responsible for ultimately performing and approving qualification and validation of the Software in Customer’s environment to meet Customer’s intended use and applicable regulatory requirements, and for maintaining validation documentation. Provider will support Customer by providing Assessment Documentation at no additional charge (see §7.1) and by providing IQ/OQ and UAT assistance as described in §7.4, and for Enterprise Customers that purchase Onboarding / Implementation Services, the Enterprise onboarding scope described in §3.6.

10.2 Regulatory Reporting. Customer must maintain internal policies for data integrity and system security and notify Provider promptly if the Software is involved in any regulatory audit or data integrity concern that may require Provider’s cooperation.

10.3 User Training. Customer must ensure Users are properly trained on using the Software in accordance with regulatory requirements and Customer SOPs. Provider provides training assistance as purchased during onboarding and provides reasonable additional training assistance during the subscription as described in §3.5.

10.4 Account Management. Customer is responsible for ensuring accounts are assigned appropriately, promptly removed/updated when access is no longer appropriate, and that shared credentials are prohibited.

11.1 Purpose. This SLA defines the performance guarantees, metrics, and remedies Provider commits to for Hosted Services and ongoing support. For On-Premise Installations, Provider provides software support, but uptime and infrastructure guarantees apply only to Hosted Services unless expressly stated otherwise in the applicable Order Form / Signed Proposal.

11.2 Ongoing Operational Support (On-Premise). For On-Premise Installations, Provider shall provide routine software support, assistance with operational questions, and troubleshooting. Customer is responsible for infrastructure and system maintenance.

11.3 Hosted Uptime. Provider guarantees 99.9% uptime for Hosted Services measured monthly, excluding scheduled maintenance and exclusions in §11.10.

11.4 Response and Resolution Times.

• Critical (Severity 1): Within 90 minutes (24/7/365), Resolution within 4 hours, Escalate to senior engineer within 2 hours if unresolved.
• High Priority (Severity 2): Response within 4 business hours, Resolution within 24 business hours.
• Medium Priority (Severity 3): Response within 8 business hours, Resolution within 5 business days.
• Low Priority (Severity 4): Response within 2 business days, Resolution within 10 business days.

Business Hours. “Business hours” means Monday–Friday, 8:00 AM to 5:00 PM Central Time (excluding U.S. federal holidays), unless otherwise agreed in writing.

11.5 Data Recovery and Business Continuity (Hosted). Provider guarantees an RTO of 4 hours and an RPO of 15 minutes for Hosted Services. Backups and recovery testing are performed on a periodic basis consistent with this objective.

11.6 Penalties for Non-Compliance (Service Credits). If Provider fails to meet SLA metrics for Hosted Services, Customer may request credits as follows:

• Uptime Shortfall: For each 0.1% below 99.9%, credit equals 5% of the monthly Hosted fee, up to 50% of the monthly Hosted fee.
• Response/Resolution Delays: For each instance where Provider exceeds response or resolution targets by more than 50% due to Provider-controlled causes, credit equals 2% of the monthly Hosted fee, up to 20% per incident.
• Security Incident Notice Delay: If Provider fails to notify Customer within 24 hours of awareness, credit equals 10% of the monthly Hosted fee, up to 50%.

11.7 Credit Request Process. Customer must request any service credit in writing within 30 days of the month in which the SLA event occurred. Approved credits apply to future invoices and are not refundable.

11.8 SLA Reporting. Provider will make reasonable SLA performance information available upon request, including uptime and material incident summaries, to support Customer audit needs where applicable.

11.9 SLA Applicability. SLA uptime and Hosted backup/RTO/RPO commitments apply to Hosted Services only. They do not apply to On-Premise Installations.

11.10 Exclusions. SLA commitments do not apply to downtime or issues caused by Customer’s actions or environment, outages due to third-party failures beyond Provider’s control, scheduled maintenance, or Force Majeure events.

11.11 SLA Review and Adjustment. The Parties may adjust SLA metrics annually or upon mutual written agreement.

12.1 Confidentiality. Each Party will protect the other Party’s Confidential Information using at least reasonable care and will use it only to perform obligations or exercise rights under this MSA.

12.2 Compelled Disclosure. If legally compelled to disclose Confidential Information, the receiving Party will provide prompt notice (to the extent permitted) and cooperate to seek confidential treatment.

12.3 Customer Data Ownership. Customer retains all right, title, and interest in Customer Data. Customer grants Provider a limited license to process Customer Data solely to provide the Software and Services, including support, troubleshooting, security monitoring, and compliance with this MSA.

12.4 DPA; Subprocessors. Where applicable, Provider will process personal data in Customer Data in accordance with the DPA and may use subprocessors under written agreements that protect Customer Data.

12.5 Data Export Assistance. Provider will make commercially reasonable efforts to support Customer’s export of Customer Data using standard export methods during the subscription and during the post-termination retrieval window in §5.4. Custom exports may require separate written agreement.

12.6 Term. Confidentiality obligations survive for five (5) years after termination, except Customer Data and trade secrets remain protected as long as they qualify as Confidential Information under applicable law.

13.1 Provider IP. Provider retains all right, title, and interest in and to the Software, Hosted Services, Documentation, and all related intellectual property. No rights are granted except as expressly stated in this MSA.

13.2 Customer IP. Customer retains all right, title, and interest in Customer Data and Customer-provided materials.

13.3 Feedback. Provider may use feedback or suggestions without restriction, provided Provider does not publicly identify Customer as the source without consent.

14.1 Collection & Purposes. Provider collects and processes Usage Data to operate, secure, support, and improve the Software and Hosted Services; troubleshoot issues; enforce licensing; and create Aggregated/De-identified Data and benchmarks that do not identify Customer or individuals.

14.2 Roles. For personal data contained in Customer Data, Provider acts as Customer’s processor under the DPA (if applicable). For Usage Data processed for the purposes above, Provider may act as an independent controller/business as applicable.

14.3 Controls. Essential telemetry (security/service delivery/license enforcement) is always active. Non-essential analytics may be disabled by Customer via written notice per Provider’s process; disabling may reduce proactive insights but will not affect service delivery or license enforcement.

14.4 Retention. Provider retains raw Usage Data for no longer than thirteen (13) months unless required for security, audit, or legal hold. Aggregated/De-identified outputs may be retained indefinitely.

14.5 On-Premise Deployments. Telemetry may require outbound connectivity; if blocked, certain analytics features may be unavailable.

15.1 Mutual Authority. Each Party represents it has the legal power and authority to enter into this Agreement.

15.2 Services Warranty. Provider will perform Services in a professional and workmanlike manner consistent with generally accepted industry standards.

15.3 Disclaimer. EXCEPT AS EXPRESSLY STATED IN THIS MSA, THE SOFTWARE AND SERVICES ARE PROVIDED “AS IS” AND PROVIDER DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

16.1 Provider IP Indemnity. Provider will defend Customer against any third-party claim alleging that the Software, as provided by Provider, infringes a U.S. patent, copyright, or trademark, and will indemnify Customer for settlements and finally awarded damages (including reasonable attorneys’ fees) resulting from such claim, provided Customer: (a) promptly notifies Provider; (b) allows Provider to control the defense and settlement; and (c) reasonably cooperates.

16.2 Mitigation. If infringement is alleged, Provider may, at its option: (a) modify the Software so it is non-infringing; (b) replace it with a non-infringing equivalent; or (c) terminate the affected subscription and refund prepaid unused subscription fees for the remainder of the term.

16.3 Exclusions. Provider has no obligation for claims arising from Customer Data, Customer modifications, combinations with third-party products not provided by Provider, or use outside the scope of this MSA.

16.4 Customer Indemnity. Customer will defend Provider against third-party claims arising from Customer Data or Customer’s misuse of the Software in violation of this MSA and will indemnify Provider for settlements and finally awarded damages (including reasonable attorneys’ fees), subject to the same notice/control/cooperation principles.

17.1 Total Liability. Provider’s total liability under this Agreement shall not exceed the total fees paid by Customer in the 12 months preceding the claim.

17.2 Exclusions. Neither Party shall be liable for indirect, incidental, consequential, special, or punitive damages (including lost profits), except to the extent arising from gross negligence, willful misconduct, or breach of confidentiality obligations.

18.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of laws principles.

18.2 Dispute Resolution. Any disputes arising under this Agreement shall be resolved through mediation, followed by arbitration if necessary, in Dallas, Texas. Either Party may seek injunctive relief for unauthorized use of its intellectual property or breach of confidentiality.

18.3 Entire Agreement. This MSA, together with any Order Forms / Signed Proposals and incorporated addenda, constitutes the entire agreement between the Parties and supersedes all prior agreements or understandings.

18.4 Independent Contractors. The Parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, or agency relationship.

18.5 Assignment. Neither Party may assign this Agreement without the other Party’s prior written consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee agrees in writing to be bound by this Agreement.

18.6 Force Majeure. Neither Party shall be liable for failure or delay caused by events beyond its reasonable control, including natural disasters, labor disputes, war, terrorism, government action, or widespread internet outages.

18.7 Severability; Waiver. If any provision is held unenforceable, the remaining provisions remain in effect. Failure to enforce any provision is not a waiver.

18.8 Notices. Notices must be in writing and delivered to the addresses set forth in the applicable Order Form / Signed Proposal (or to Provider at its address stated in the Introduction). Email notice is effective only if acknowledged by the receiving Party.

18.9 Amendments. Amendments or changes must be in writing and signed by both Parties.