This Master Service Agreement (the “Agreement” or “MSA”) is entered into by and between: S.G. Systems, LLC, a limited liability company organized and existing under the laws of the State of Texas, with its principal office located at 6944 Meadowbriar Lane, Dallas, TX 75230 (“Provider”), and the individual or entity accepting this Agreement by executing an Order Form / Signed Proposal and making payment as described herein (“Customer”).

Provider and Customer may collectively be referred to as the “Parties” and individually as a “Party.”

This MSA is document Version 1.23 and is effective as of April 14th 2026. The version block and change log presented in this HTML form part of Provider’s controlled document record for this Agreement.

WHEREAS: Provider offers the V5 Traceability software solution (“Software”), including options for hosted services utilizing a third-party cloud hosting provider and on-premise installations, designed to track and manage regulated supply chain and manufacturing data, along with related presales services, implementation, support, development, and other services. Software Version 5.9 has been independently assessed for alignment with applicable technical controls commonly associated with 21 CFR Part 11, EU Annex 11, and GMP expectations. Customer desires to license and use the Software and, where purchased, to receive implementation, support, presales services, and related services under the terms of this MSA and the applicable Order Form / Signed Proposal.

The Parties acknowledge that Provider’s current commercial model is based on seat licensing measured by concurrent use. Provider no longer sells new per-user licenses or new per-device licenses as its standard licensing model, but may continue to honor certain grandfathered subscription pricing and commercial terms for converted legacy customers strictly in accordance with this Agreement.

Customer may also purchase limited presales services, including ERP Gap Analysis and Proof of Concept (POC) engagements, before entering into or expanding a production subscription. Where Provider enables Stripe checkout or the Stripe Customer Portal, accepted portal transactions, invoices, quotes, or similar commercial records may document such purchases and any subsequent billing or subscription changes as further described in this Agreement.

NOW, THEREFORE: In consideration of the mutual promises and covenants contained herein, the Parties agree as follows:

1.1 Acceptance; Effective Date. By executing an Order Form / Signed Proposal and making the required initial payment(s), Customer agrees to be bound by this MSA. The date Provider receives Customer’s initial payment shall be the “Effective Date” for the applicable Order Form / Signed Proposal.

1.1.1 Initial Payment Composition. Unless otherwise stated in the Order Form / Signed Proposal, Customer’s initial payment must include: (a) any one-time onboarding / implementation fees due at signing (if any), and (b) the subscription or recurring service payment due at signing—either the first monthly installment (if monthly billing is elected) or the full annual fee (if annual billing is elected).

1.1.2 Document Version. This HTML MSA is Provider document Version 1.23, effective April 14th 2026. The version block and change log included with this document are incorporated for document control and reference purposes.

1.2 Software Activation. For Hosted Services, access will be provisioned within 72 hours of receipt of the initial subscription payment and required account setup information. For On-Premise Installations, Provider will make the Software available for installation and/or provide access credentials or license information within 72 hours of receipt of the initial subscription payment, subject to Customer providing required environment and access prerequisites.

1.3 Agreement Scope. This MSA governs the Software and all related Services and Presales Services purchased by Customer. The applicable Order Form / Signed Proposal specifies Software tier, deployment type, applicable license model, onboarding / implementation services (if any), presales services (if any), fees, and the term. Unless expressly stated otherwise as a qualifying grandfathered arrangement, current licenses are seat licenses measured by concurrent users.

1.3.1 Commercial Records. For convenience, the Parties agree that a Provider-issued quote, accepted Stripe checkout, accepted Stripe Customer Portal change, invoice, renewal, statement of work, or other written commercial record accepted or paid by Customer may serve as the applicable Order Form / Signed Proposal for the specific items purchased or changed.

1.4 Order of Precedence. If there is a conflict between this MSA and an Order Form / Signed Proposal, the Order Form / Signed Proposal controls only for the conflicting commercial terms (e.g., fees, quantities, deployment election, dates). This MSA controls all other terms unless the Parties expressly agree otherwise in writing.

2.1 “Software” means the V5 Traceability software, including updates, upgrades, and documentation provided by Provider under this MSA. This Agreement applies to Version 5.9 during the applicable term unless otherwise agreed in writing.

2.2 “Hosted Services” means the hosting, maintenance, and support of the Software on a third-party cloud hosting provider’s infrastructure, managed by Provider and accessible by Customer via the internet.

2.3 “On-Premise Installation” means the installation and operation of the Software on Customer’s own hardware and / or infrastructure at Customer’s designated location.

2.3.1 “Default Deployment Architecture” means unless otherwise specified in the Order Form / Signed Proposal, the Software shall be deployed on-premises at Customer’s designated location. If Customer elects a hosted (cloud) deployment, this must be clearly indicated on the Order Form / Signed Proposal at the time of order placement.

2.4 “Services” means Hosted Services (if elected), implementation / onboarding services (if purchased), support, maintenance, training assistance, validation assistance, installation services, and related professional services provided by Provider.

2.4.1 “Presales Services” means limited-scope paid or complimentary commercial services offered before full subscription go-live or expansion, including ERP Gap Analysis, Proof of Concept (POC), discovery, and similar evaluation services described in the applicable commercial record.

2.5 “Order Form / Signed Proposal” means a document, proposal, quote, renewal, invoice, accepted Stripe checkout, accepted Stripe Customer Portal change, or other record provided by Provider and accepted by Customer specifying the Software level, deployment election (Hosted vs On-Premise), applicable license model, Services, onboarding / implementation items (if any), fees, and other details of Customer’s engagement.

2.6 “Onboarding / Implementation Services” means one-time professional services purchased by Customer for initial setup, configuration, project management, custom API integration, training sessions, UAT facilitation (if included), validation support (if included), and related rollout activities, as described in the applicable Order Form / Signed Proposal. For clarity, ERP Gap Analysis and Proof of Concept engagements may be purchased either as Presales Services or as part of a broader onboarding scope, depending on the applicable commercial record.

2.7 “Onboarding Fees” means one-time fees for Onboarding / Implementation Services, billed upfront as stated in the applicable Order Form / Signed Proposal.

2.8 “ERP Gap Analysis” means a structured analysis of Customer’s ERP data model, workflows, and integration requirements to identify gaps, required mappings, and integration approach, which may be purchased in advance of implementation as a Presales Service or as part of an implementation engagement.

2.9 “Custom API Integration” means API integration work that is specific to Customer’s environment and requirements, including any custom mappings, transforms, or connectors beyond standard configuration, when purchased.

2.10 “Critical Issues” means severe Software malfunctions that prevent Customer from performing essential business operations reliant on the Software.

2.11 “Security Incident” means any unauthorized access, use, disclosure, alteration, or destruction of Customer Data, or a confirmed compromise of the confidentiality, integrity, or availability of Hosted Services.

2.12 “Sandbox Environment” means a separate, isolated testing environment provided by Provider for deploying Software upgrades prior to production use (or, for On-Premise Installations, an environment designated by Customer for testing).

2.13 “Customer Data” means all data uploaded to or generated by the Software by or on behalf of Customer (including regulated records), excluding Usage Data as defined in §2.19.

2.14 “Service Level Agreement (SLA)” means the performance guarantees and commitments outlined in Section 11 of this Agreement, including uptime, response times, and resolution targets for Hosted Services.

2.15 “Renewal Term” means each additional one-year period automatically commenced under Section 5.2.

2.16 “Invoice” means Provider’s written request for payment issued under Section 5.5 and / or Section 6.

2.17 “Device” means a dedicated human-machine interface (HMI) such as a PC or tablet computer used to access the Software, identified by a unique network interface (e.g., MAC address). For clarity, a “Device” does not include passive peripherals such as scales, scanners, printers, or similar equipment—even if such peripherals have IP or MAC addresses—unless expressly listed as licensed HMIs on a historical Order Form / Signed Proposal.

2.18 “Legacy User License” means a historical named-user license quantity reflected in a prior Order Form / Signed Proposal or renewal arrangement. Legacy User Licenses are no longer Provider’s current standard commercial model for new customers, but may continue to be recognized solely as part of a Customer’s grandfathered subscription arrangement under this Agreement.

2.19 “Legacy Device License” means a historical device-based license quantity reflected in a prior Order Form / Signed Proposal or renewal arrangement. Legacy Device Licenses are no longer Provider’s current standard commercial model for new customers, but may continue to be recognized solely as part of a Customer’s grandfathered subscription arrangement under this Agreement.

2.20 “Usage Data” means event-level data and metadata generated by Customer’s and Users’ interaction with the Software or Hosted Services, such as login timestamps, user / account identifiers, device or browser type, session duration, feature interactions, performance metrics, and application / error logs. “Usage Data” excludes the business content of Customer’s regulated records except to the extent incidentally captured in error logs.

2.21 “Aggregated / De-identified Data” means data that does not identify—and cannot reasonably be used to identify—any natural person or Customer.

2.22 “User” means an individual authorized by Customer to access the Software.

2.23 “Seat License” or “Seat” means a license entitling Customer to permit concurrent access to the Software by up to the number of simultaneously active Users purchased by Customer. A Seat is measured by concurrent use rather than total headcount. Customer may authorize more named Users than the number of Seats purchased, provided the number of simultaneously active Users does not exceed the licensed Seat count at any time. Provider may use session controls, authentication controls, audit logs, and other reasonable technical measures to enforce Seat limits and prevent circumvention.

2.24 “Grandfathered Subscription Terms” means subscription pricing, license quantities, commercial treatment, and related renewal rights that Provider has agreed to continue honoring for a specific Customer even though such pricing or structure originated under an older pricing model, historical named-user model, historical device model, or older converted service arrangement. For clarity, Grandfathered Subscription Terms are part of a current subscription relationship, not a perpetual license grant.

2.25 “Converted Legacy Customer” means a Customer whose older perpetual-license, support, service, named-user, or device-based commercial arrangement has already been converted to a subscription relationship, but whose pricing and/or commercial treatment may continue under Grandfathered Subscription Terms.

2.26 “Timely Payment” means Provider’s receipt in full of all undisputed invoiced amounts on or before the applicable due date stated on the Invoice or Order Form / Signed Proposal, without extension, carry-forward, or partial payment unless expressly agreed by Provider in writing.

2.27 “Documentation” means Provider’s then-current user guides, admin guides, release notes, and training materials made available to Customer.

2.28 “Confidential Information” means non-public information disclosed by a Party that is designated as confidential or that a reasonable person would understand to be confidential, including business, technical, pricing, security, product information, and Customer Data.

2.29 “DPA” means Provider’s Data Processing Addendum (if applicable), incorporated by reference where required by law and made available upon request.

2.30 “Assessment Documentation” means the independent assessment documentation made available by Provider regarding the Software’s alignment with technical controls commonly associated with 21 CFR Part 11, EU Annex 11, and GMP expectations (e.g., assessment report and supporting artifacts provided by Provider, if any).

2.31 “IQ / OQ” means installation qualification and operational qualification activities performed as part of Customer’s validation program in Customer’s environment.

2.32 “UAT” or “User Acceptance Testing” means the pre-go-live testing performed to confirm configured workflows and system behavior meet Customer’s intended use and acceptance criteria.

2.33 “POC” or “Proof of Concept” means a paid, limited-scope Services engagement intended to confirm fit quickly. POCs are intentionally constrained unless otherwise stated in the applicable Order Form / Signed Proposal and commonly exclude integrations, multi-site rollout, mass data migration, and validation services (IQ / OQ / UAT).

2.34 “Stripe Customer Portal” means Provider’s third-party billing portal used for subscription billing, payment method management, seat changes, billing-frequency changes where offered, renewals, and other commercial self-service actions.

2.35 “Account Manager” means Provider personnel authorized to quote, scope, approve, or coordinate additional Services, expansions, and development requests.

2.36 “Configurable Software Classification” means Provider’s classification of V5 as highly configurable standard software. Where useful for Customer validation planning, Provider may describe V5 using legacy GAMP 4-style terminology for configurable standard software; however, Customer remains responsible for validation of the actual configured intended use in Customer’s environment.

2.37 “Separate Branch Development” means software development, whether paid or complimentary, performed in a controlled source-code branch distinct from the main production branch until reviewed, tested, approved, and merged under Provider’s change control process.

3.1 Paid, One-Time Services. Onboarding / Implementation Services are professional services purchased by Customer and billed as one-time Onboarding Fees as stated in the applicable Order Form / Signed Proposal. Provider does not provide initial onboarding / implementation for free.

3.1.1 Presales Services. ERP Gap Analysis, POCs, and similar evaluation work may be purchased before a production subscription, before a broader implementation, or as part of an expansion. Unless otherwise stated in the applicable commercial record, Presales Services are limited in scope and are billed separately from ongoing subscription fees.

3.2 Typical Onboarding Components. Depending on what Customer purchases, Onboarding / Implementation Services may include:

• Project management: kickoff coordination, timeline management, and structured weekly status cadence.
• Proof of Concept (POC) (if purchased): limited-scope engagement to confirm fit quickly; scope / exclusions defined in the Order Form / Signed Proposal.
• ERP Gap Analysis: review of ERP objects, required data mappings, workflow gaps, and integration approach (often purchased in advance).
• Custom API integration: development / configuration of Customer-specific API interfaces, mappings, and test support.
• Configuration & rollout support: roles / permissions, templates, workflows, and initial setup aligned to Customer’s selected tier.
• Training sessions: role-based training for operators, QA, supervisors, and admins as purchased.
• UAT & validation support: UAT planning / facilitation (if included), IQ / OQ template protocols (if included), and reasonable assistance as described in §7.4 and as reflected in the Order Form / Signed Proposal.

3.3 Scope, Deliverables, and Timeline. The scope, deliverables, and estimated timeline for Onboarding / Implementation Services will be defined in the applicable Order Form / Signed Proposal (or in a written addendum / amendment executed by both Parties). Timelines are contingent upon Customer providing timely access to personnel, systems, data, and environments (including ERP sandbox access where applicable).

3.4 Start Condition. Provider is not obligated to schedule or begin Onboarding / Implementation Services until Provider has received the Onboarding Fees (if any) and the required initial subscription payment as described in §1.1.1, unless otherwise stated in the Order Form / Signed Proposal.

3.5 Post-Setup Training & Assistance Included with Subscription (Reasonable Use). After initial setup and go-live, during an active subscription Provider will provide reasonable remote assistance for additional training questions, operational guidance, and minor configuration support at no additional charge. Customer acknowledges that major expansions (e.g., new sites, new integrations, significant workflow redesign, on-site training, or net-new development) require a separate written agreement and may require additional fees.

3.6 Enterprise Onboarding & Validation Package (If Purchased). If Customer purchases the Enterprise tier and Onboarding / Implementation Services are included on the applicable Order Form / Signed Proposal, Provider’s standard Enterprise onboarding scope includes (as part of the one-time Onboarding Fees for that engagement): (a) facilitated UAT support (planning / facilitation and issue triage / retest coordination), and (b) an IQ / OQ template package and reasonable remote assistance to support Customer’s execution. Customer remains responsible for final execution, review, approval, and maintenance of validation deliverables within Customer’s quality system.

4.1 License Grant. Provider grants Customer a non-exclusive, non-transferable, revocable license to use the Software during the applicable subscription term, solely for Customer’s internal business operations. The Software is available in Express, Professional, and Enterprise levels as specified in the Order Form / Signed Proposal.

4.1.1 Configurable Software Position. Provider supplies V5 as highly configurable standard software. Where relevant to Customer’s validation program, Provider may describe V5 using legacy GAMP 4-style terminology for configurable standard software, while acknowledging that the actual risk assessment and validation scope depend on Customer’s intended use, configuration, integrations, and procedures.

4.2 Hosted Services Option. If specified in the Order Form / Signed Proposal, Provider will provide Hosted Services, including hosting, maintenance, upgrades, and adherence to the SLA outlined in Section 11.

4.3 On-Premise Installation Option. If specified in the Order Form / Signed Proposal (or by default under §2.3.1), Provider will support an On-Premise Installation. Customer is responsible for maintaining necessary infrastructure (including security, backups, disaster recovery, and applicable third-party software licenses) and ensuring compliance with its regulatory requirements. Provider will provide software-focused operational support for the Software during the subscription term as described in §11.2. Customer acknowledges that uptime, infrastructure performance, and environment availability are dependent on Customer’s systems for On-Premise Installations, and Hosted Services SLA uptime guarantees do not apply unless Hosted Services are elected on the Order Form / Signed Proposal.

4.4 Licensing Structure; Current Seat Model; Grandfathered Subscription Terms.

• a. Current Standard Model. Provider’s current standard licensing model is Seat-based licensing measured by concurrent Users. Unless expressly stated otherwise in the applicable Order Form / Signed Proposal or renewal documentation, all new subscriptions, re-quotes, and replacement commercial arrangements will be issued on a Seat basis.
• b. Seat Licensing. Each purchased Seat permits one concurrently active User session at a time. Customer may maintain more named Users in the system than the number of Seats purchased, but simultaneous access may not exceed the purchased Seat count. Customer shall not use shared credentials, overlapping sessions, technical workarounds, automation, or other means to circumvent Seat limits. Provider may implement technical controls, session controls, audit logs, and other reasonable enforcement measures to enforce Seat counts.
• c. Current Minimum Threshold. Unless otherwise expressly stated in writing by Provider, Customer must purchase at least three (3) Seats under the current licensing model.
• d. Historical Models No Longer Current for New Sales. Historical named-user licensing and historical device licensing are no longer Provider’s standard commercial models for new customers or fresh quotes. However, certain Converted Legacy Customers may continue under Grandfathered Subscription Terms as described below.
• e. Grandfathered Subscription Terms Honored While Paid On Time. Provider may continue to honor Grandfathered Subscription Terms for a Converted Legacy Customer, including legacy pricing or similar pricing subject to annual increases, so long as Customer remains current on all undisputed payments and otherwise compliant with this Agreement.
• f. Expansion Rights While Current. So long as a Converted Legacy Customer remains current on all undisputed payments, Provider may also continue to expand that Customer’s subscription by adding additional licensing under the Customer’s existing grandfathered commercial framework, whether such added licensing is expressed by historical named-user quantities, historical device quantities, Seat quantities, or another written renewal structure used by Provider for that Customer. Any such expansion shall be documented by Provider in an Order Form, renewal, quote, invoice, or other written commercial record.
• g. Forfeiture Upon Non-Payment. If Customer fails to make Timely Payment of any undisputed invoiced amount, then in addition to any suspension or shutoff rights elsewhere in this Agreement: (i) Customer loses the benefit of its Grandfathered Subscription Terms; (ii) Provider is no longer obligated to honor the Customer’s prior pricing, prior license structure, or prior expansion treatment; and (iii) any continued service, reinstatement, renewal, or future expansion may be re-quoted entirely under Provider’s then-current pricing, terms, and licensing model.
• h. No Ongoing Perpetual Rights Created. For clarity, Grandfathered Subscription Terms do not preserve or recreate any prior perpetual-license commercial model. Converted Legacy Customers are subscription customers and remain subject to ongoing renewal and payment requirements.
• i. Audit Rights. Provider reserves the right to audit Customer’s usage and deployment records on reasonable notice to verify compliance with applicable Seat counts and any continuing grandfathered entitlements.

4.5 ERP Integration. ERP integration, ERP Gap Analysis, and Custom API Integration are provided only if expressly purchased and described in the applicable Order Form / Signed Proposal. Unless expressly stated in writing, ERP integration is not included in the subscription.

4.6 Use Restrictions. Customer shall not (and shall not permit any third party to): (a) reverse engineer, decompile, or attempt to derive source code except as permitted by law; (b) bypass license limits or security controls; (c) use the Software for unlawful purposes; or (d) provide the Software as a service bureau or for third-party benefit without Provider’s written consent.

5.1 MSA Term. This MSA begins on the Effective Date and continues until terminated.

5.2 Subscription Term. Each Order Form, renewal, or recurring commercial arrangement establishes a 365-day subscription term (the “Initial Term”). Unless Customer provides written notice of cancellation at least thirty (30) days before the end of the then-current term, each term shall automatically renew for additional one-year periods (each, a “Renewal Term”) under the same fees and terms then in effect, subject to any price adjustment Provider may notify Customer of as provided in Section 5.5 and subject to any loss of Grandfathered Subscription Terms under this Agreement.

5.3 Termination for Cause. Either Party may terminate due to a material breach not cured within thirty (30) days of written notice.

5.4 Effect of Termination or Suspension. Upon termination, expiration, or suspension for non-payment, Customer’s right to use the Software may be disabled immediately, including by automated system controls. For Hosted Services, Customer Data will be retrievable for 90 days post-termination upon request, provided all undisputed amounts have been paid. Past-due undisputed payment amounts that remain unpaid may also result in suspension, shutoff, or termination as further described in §6.7.

5.5 Renewal and Grandfathered Pricing Treatment.

• a. Invoice Timing. No later than sixty (60) days before the end of the Initial Term or any Renewal Term, Provider may issue an invoice for the next subscription term’s fees based on the most recent Order Form / Signed Proposal, renewal, or other written commercial record then governing the Customer account.
• b. Cancellation Window. Customer may cancel the upcoming term—or otherwise adjust the scope—by delivering written notice to Provider at least thirty (30) days before the start of the next term. Any cancellation or reduction in scope received after that date will apply only to the following term. Cancellation does not entitle Customer to any refund or credit for the then-current term.
• c. Term Start Payment. Subscription payment for each term is due thirty (30) days prior to the first day of that term (or as stated on the Invoice). Provider reserves the right to suspend or disable services automatically if payment is not received by the due date.
• d. Grandfathered Pricing While Current. For Converted Legacy Customers, Provider may continue to honor Grandfathered Subscription Terms, including prior pricing or similar pricing with annual increases, and may continue to permit license expansion within that grandfathered commercial structure, so long as Customer remains current on all undisputed payments.
• e. Loss of Grandfathered Treatment. If Customer does not make Timely Payment of any undisputed invoice, Provider may immediately cease honoring Grandfathered Subscription Terms. After that point, any reinstatement, renewal, continued access, replacement quote, or expanded licensing may be offered only under Provider’s then-current pricing, terms, and licensing structure.
• f. Price Changes for Current Model Customers. For customers not operating under Grandfathered Subscription Terms, Provider may adjust subscription fees at renewal with at least sixty (60) days’ written notice prior to the next term start date. If Customer does not accept such changes, Customer may elect not to renew by providing cancellation notice within the window in §5.5(b).

5.6 Survival. Sections intended to survive termination (including payment obligations, confidentiality, data rights, IP, limitation of liability, indemnification, and dispute resolution) shall survive.

6.1 Fees. Customer shall pay the fees specified in the applicable Order Form / Signed Proposal, renewal, and / or Invoice, including one-time Onboarding Fees (if any), subscription fees, recurring service fees, and any approved license expansions.

6.1.1 Additional Services Pricing. Services outside the included subscription or onboarding scope, including custom software development, change requests, additional validation support, data work, additional integrations, reports, training, or other professional services, may be quoted by Provider, typically through the assigned Account Manager, and billed at the rates or fixed fees stated in the applicable commercial record or invoice. Provider may elect to perform certain minor items at no charge in its discretion, but nothing in this Agreement obligates Provider to do so.

6.2 Onboarding Fees. One-time Onboarding Fees (including fees for ERP Gap Analysis, Custom API Integration, and project management, as purchased) are billed upfront and due as stated on the applicable Invoice and / or Order Form / Signed Proposal. Unless otherwise stated in writing, Onboarding Fees are non-refundable once paid (including in the event Customer cancels, delays, or abandons the project after signing).

6.3 Subscription Payment Options.

• a. Annual Payment Option. 100% of the subscription term’s fees due at signing and prior to term start (or as stated on the Invoice).
• b. Monthly Payment Option. Twelve equal monthly installments, with payment for the first installment due at signing and prior to term start and each subsequent installment due on the same calendar day of each month thereafter; a 10% convenience fee applies unless otherwise stated on the Order Form / Signed Proposal.
• c. Methods. ACH is preferred; credit card payments may incur a processing fee. Provider may use Stripe checkout and / or the Stripe Customer Portal for billing administration, payment method management, invoicing, renewals, subscription changes, and related contract administration.
• d. Stripe Customer Portal Changes. Where enabled by Provider, Customer may request or self-initiate billing-frequency changes, seat increases, renewals, payment method updates, or other subscription changes through the Stripe Customer Portal. Any such accepted portal transaction or Provider-approved portal change becomes part of the applicable commercial record and may amend the commercial terms for the affected subscription from its effective date.

6.4 Activation and Scheduling Contingent on Payment. Provider may withhold activation, onboarding scheduling, delivery of Services, or license expansion until required payments are received.

6.5 Subscription Upgrades and Expansions. Fees for upgrades or added licensing will be prorated based on the remaining term unless otherwise stated on the applicable commercial document. For Converted Legacy Customers that remain current on all undisputed payments, Provider may allow added licensing to remain under the Customer’s Grandfathered Subscription Terms. Once Grandfathered Subscription Terms are lost, any further upgrade, reinstatement, or expansion may be quoted solely under Provider’s then-current commercial model.

6.6 Subscription Downgrades. Downgrades will take effect at the next renewal cycle, with written notice required at least thirty (30) days prior as described in §5.5(b).

6.7 Late Payment; Automatic Shutoff; Loss of Grandfathered Terms. If an undisputed payment amount is not received by its due date, Provider may, at its discretion or through automated system controls, restrict, suspend, or disable Customer access to the Software and Hosted Services immediately until payment is received. If an undisputed amount remains unpaid for more than thirty (30) days after the due date, Provider may suspend Hosted Services and pause non-critical support. If an undisputed amount remains unpaid for more than forty-five (45) days after the due date, Provider may terminate the applicable services for cause under §5.3 and apply the post-termination data retrieval and deletion timelines in §5.4. For any Customer operating under Grandfathered Subscription Terms, failure to make Timely Payment also results in loss of those Grandfathered Subscription Terms, after which Provider shall have no obligation to continue prior pricing, prior license treatment, or prior expansion treatment. Customer is responsible for all reasonable costs of collection to the extent permitted by law.

6.8 Taxes. Fees are exclusive of taxes. Customer is responsible for applicable sales, use, VAT, GST, or similar taxes (excluding taxes on Provider’s net income), unless Customer provides a valid exemption certificate.

6.9 No Refunds; Cancellation; Abandoned Projects. Except as expressly stated in this MSA (for example, §16.2) or the applicable Order Form / Signed Proposal, all fees are non-refundable (including subscription fees, recurring service fees, Onboarding Fees, and any other Services fees). Customer’s cancellation, early termination, non-use of the Software, or abandonment / pausing of Services (including POCs and implementations) does not entitle Customer to any refund, credit, or pro-ration of amounts paid or prepaid.

7.1 Compliance Commitment (Assessment Access). Provider represents that Version 5.9 (Major Version) of the Software has been independently assessed against technical controls commonly associated with 21 CFR Part 11 (electronic records and signatures), EU Annex 11 (computerized systems), and GMP expectations. Upon Customer request, Provider will provide Customer access to the Assessment Documentation for Customer’s internal compliance and audit support at no additional charge, subject to confidentiality obligations and during an active subscription.

7.2 Shared Responsibility. Customer acknowledges that compliance in a regulated environment is a shared responsibility. Provider supports Customer’s compliance program by delivering Software features designed to support data integrity and auditability and by providing Assessment Documentation and validation assistance as described in this MSA. Customer remains responsible for configuring and operating the Software within Customer’s quality system, including required SOPs, training, access governance, and performing and approving validation activities (including IQ / OQ and UAT as applicable) in Customer’s environment.

7.3 Data Integrity and Retention. The Software is designed to support data integrity controls, including audit trails, version control, role-based access controls, and encryption for Hosted Services. During an active subscription, Customer Data remains available within the deployment. After termination of Hosted Services, Customer’s ability to retrieve Customer Data is governed by §5.4. Customer remains responsible for meeting regulatory retention obligations, including archiving / exporting records as required by its quality system.

7.4 IQ / OQ and UAT Assistance. Provider will provide reasonable assistance during Customer’s validation activities, which may include IQ / OQ and UAT, including providing templates (e.g., IQ / OQ protocols and / or UAT structures where included in scope) and responding to questions about Software behavior, configuration, and controls. Provider may also support issue triage and retest coordination during UAT and qualification activities where included in the purchased onboarding scope. Where applicable, Provider will support Customer’s validation planning by providing release notes and compliance-impact considerations for updates. Customer remains responsible for final execution, review, and approval of validation documentation and decisions within Customer’s quality system. If Customer requests extensive custom validation documentation, on-site activities, or audit participation beyond reasonable remote assistance, such work may require additional fees and written agreement.

7.5 Audit and Inspection Readiness. Provider will reasonably cooperate with Customer’s regulatory audits related to the Software’s controls and, for Hosted Services, relevant security and access records, subject to confidentiality and reasonable scheduling.

7.6 Security and Access Controls. The Software provides role-based access controls to support ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, and Complete). System access and key actions are logged and time-stamped to support traceability. Provider will protect Hosted Services Customer Data through reasonable administrative, technical, and physical safeguards. Customer remains responsible for appropriate role design, account provisioning / deprovisioning, and SOP enforcement in its regulated environment.

8.1 Controlled Software Updates. Major software updates, patches, or enhancements will be managed under a change control approach appropriate for regulated environments. Provider will notify Customer in advance of significant updates that may impact compliance and allow time for validation before deployment. Customers using Hosted Services will be given at least 30 days’ notice before any major updates, except for emergency security patches.

8.1.1 Separate Branch Development. Customer-specific software developments, whether paid or provided at no charge, may be performed on separate controlled branches. Provider maintains branch history, testing, review, approval, and merge activity as part of its change control practices for regulated software.

8.2 Customer Approval for Critical Updates. Updates that materially impact electronic records, security, or regulatory-relevant controls will be communicated in advance. For Hosted Services, Provider will coordinate timing to provide Customer a reasonable window to assess validation impact. For On-Premise Installations, Customer controls when updates are deployed.

8.3 Versioning and Documentation. Each update will include release notes detailing changes, new features, and potential validation considerations. Customers may request a compliance impact summary if changes affect audit trails, electronic signatures, access controls, or retention behavior.

8.3.1 Main Product Integration. Provider may maintain and support multiple branches simultaneously and may fold approved branch changes into the main product where appropriate. Such merges will be documented through Provider’s controlled release and change processes intended to support change control expectations commonly associated with 21 CFR Part 11 and other regulated-environment requirements.

8.4 Emergency Patches. Provider may deploy emergency patches to address active threats or critical vulnerabilities and will provide notice and documentation as soon as reasonably practicable.

9.1 Security Standards. Provider maintains reasonable cybersecurity measures for Hosted Services, including access controls, monitoring, and encryption, to support secure operation of the services.

9.2 Incident Response. In the event of a Security Incident involving Hosted Services, Provider will:

• a) Notify Customer within 24 hours of becoming aware of the incident.
• b) Provide a detailed incident report within 3 business days and provide supplemental / final reporting as additional facts become available, and cooperate with Customer to mitigate the impact and support any required regulatory reporting.

9.3 Business Continuity and Disaster Recovery. Hosted Services customers benefit from automated data backups performed at regular intervals, with recovery time objectives (RTO) and recovery point objectives (RPO) defined in the SLA (Section 11). Provider maintains a disaster recovery plan and performs periodic recovery testing to support readiness and data integrity expectations.

9.4 On-Premise Responsibility. For On-Premise Installations, Customer is responsible for infrastructure security, backups, and disaster recovery. Provider’s security obligations under this Section apply to Hosted Services.

10.1 Validation and Qualification. Customer is responsible for ultimately performing and approving qualification and validation of the Software in Customer’s environment to meet Customer’s intended use and applicable regulatory requirements, and for maintaining validation documentation. Provider will support Customer by providing Assessment Documentation at no additional charge (see §7.1) and by providing IQ / OQ and UAT assistance as described in §7.4, and for Enterprise Customers that purchase Onboarding / Implementation Services, the Enterprise onboarding scope described in §3.6.

10.2 Regulatory Reporting. Customer must maintain internal policies for data integrity and system security and notify Provider promptly if the Software is involved in any regulatory audit or data integrity concern that may require Provider’s cooperation.

10.3 User Training. Customer must ensure Users are properly trained on using the Software in accordance with regulatory requirements and Customer SOPs. Provider provides training assistance as purchased during onboarding and provides reasonable additional training assistance during the subscription as described in §3.5.

10.4 Account Management. Customer is responsible for ensuring accounts are assigned appropriately, promptly removed / updated when access is no longer appropriate, and that shared credentials are prohibited. Under the current Seat model, Customer is also responsible for managing the number of simultaneously active Users so that concurrent access does not exceed the licensed Seat count.

11.1 Purpose. This SLA defines the performance guarantees, metrics, and remedies Provider commits to for Hosted Services and ongoing support. For On-Premise Installations, Provider provides software support, but uptime and infrastructure guarantees apply only to Hosted Services unless expressly stated otherwise in the applicable Order Form / Signed Proposal.

11.2 Ongoing Operational Support (On-Premise). For On-Premise Installations, Provider shall provide routine software support, assistance with operational questions, and troubleshooting. Customer is responsible for infrastructure and system maintenance.

11.3 Hosted Uptime. Provider guarantees 99.9% uptime for Hosted Services measured monthly, excluding scheduled maintenance and exclusions in §11.10.

11.4 Response and Resolution Times.

• Critical (Severity 1): Within 90 minutes (24/7/365), Resolution within 4 hours, Escalate to senior engineer within 2 hours if unresolved.
• High Priority (Severity 2): Response within 4 business hours, Resolution within 24 business hours.
• Medium Priority (Severity 3): Response within 8 business hours, Resolution within 5 business days.
• Low Priority (Severity 4): Response within 2 business days, Resolution within 10 business days.

Business Hours. “Business hours” means Monday–Friday, 8:00 AM to 5:00 PM Central Time (excluding U.S. federal holidays), unless otherwise agreed in writing.

11.5 Data Recovery and Business Continuity (Hosted). Provider guarantees an RTO of 4 hours and an RPO of 15 minutes for Hosted Services. Backups and recovery testing are performed on a periodic basis consistent with this objective.

11.6 Penalties for Non-Compliance (Service Credits). If Provider fails to meet SLA metrics for Hosted Services, Customer may request credits as follows:

• Uptime Shortfall: For each 0.1% below 99.9%, credit equals 5% of the monthly Hosted fee, up to 50% of the monthly Hosted fee.
• Response / Resolution Delays: For each instance where Provider exceeds response or resolution targets by more than 50% due to Provider-controlled causes, credit equals 2% of the monthly Hosted fee, up to 20% per incident.
• Security Incident Notice Delay: If Provider fails to notify Customer within 24 hours of awareness, credit equals 10% of the monthly Hosted fee, up to 50%.

11.7 Credit Request Process. Customer must request any service credit in writing within 30 days of the month in which the SLA event occurred. Approved credits apply to future invoices and are not refundable.

11.8 SLA Reporting. Provider will make reasonable SLA performance information available upon request, including uptime and material incident summaries, to support Customer audit needs where applicable.

11.9 SLA Applicability. SLA uptime and Hosted backup / RTO / RPO commitments apply to Hosted Services only. They do not apply to On-Premise Installations.

11.10 Exclusions. SLA commitments do not apply to downtime or issues caused by Customer’s actions or environment, outages due to third-party failures beyond Provider’s control, scheduled maintenance, or Force Majeure events.

11.11 SLA Review and Adjustment. The Parties may adjust SLA metrics annually or upon mutual written agreement.

12.1 Confidentiality. Each Party will protect the other Party’s Confidential Information using at least reasonable care and will use it only to perform obligations or exercise rights under this MSA.

12.2 Compelled Disclosure. If legally compelled to disclose Confidential Information, the receiving Party will provide prompt notice (to the extent permitted) and cooperate to seek confidential treatment.

12.3 Customer Data Ownership. Customer retains all right, title, and interest in Customer Data. Customer grants Provider a limited license to process Customer Data solely to provide the Software and Services, including support, troubleshooting, security monitoring, compliance with this MSA, and licensing administration.

12.4 DPA; Subprocessors. Where applicable, Provider will process personal data in Customer Data in accordance with the DPA and may use subprocessors under written agreements that protect Customer Data.

12.5 Data Export Assistance. Provider will make commercially reasonable efforts to support Customer’s export of Customer Data using standard export methods during the subscription and during the post-termination retrieval window in §5.4. Custom exports may require separate written agreement.

12.6 Term. Confidentiality obligations survive for five (5) years after termination, except Customer Data and trade secrets remain protected as long as they qualify as Confidential Information under applicable law.

13.1 Provider IP. Provider retains all right, title, and interest in and to the Software, Hosted Services, Documentation, and all related intellectual property. No rights are granted except as expressly stated in this MSA.

13.2 Customer IP. Customer retains all right, title, and interest in Customer Data and Customer-provided materials.

13.3 Feedback. Provider may use feedback or suggestions without restriction, provided Provider does not publicly identify Customer as the source without consent.

14.1 Collection & Purposes. Provider collects and processes Usage Data to operate, secure, support, and improve the Software and Hosted Services; troubleshoot issues; enforce licensing; and create Aggregated / De-identified Data and benchmarks that do not identify Customer or individuals.

14.2 Roles. For personal data contained in Customer Data, Provider acts as Customer’s processor under the DPA (if applicable). For Usage Data processed for the purposes above, Provider may act as an independent controller / business as applicable.

14.3 Controls. Essential telemetry (security / service delivery / license enforcement) is always active. Non-essential analytics may be disabled by Customer via written notice per Provider’s process; disabling may reduce proactive insights but will not affect service delivery or license enforcement.

14.4 Retention. Provider retains raw Usage Data for no longer than thirteen (13) months unless required for security, audit, or legal hold. Aggregated / De-identified outputs may be retained indefinitely.

14.5 On-Premise Deployments. Telemetry may require outbound connectivity; if blocked, certain analytics features may be unavailable.

15.1 Mutual Authority. Each Party represents it has the legal power and authority to enter into this Agreement.

15.2 Services Warranty. Provider will perform Services in a professional and workmanlike manner consistent with generally accepted industry standards.

15.3 Disclaimer. EXCEPT AS EXPRESSLY STATED IN THIS MSA, THE SOFTWARE AND SERVICES ARE PROVIDED “AS IS” AND PROVIDER DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

16.1 Provider IP Indemnity. Provider will defend Customer against any third-party claim alleging that the Software, as provided by Provider, infringes a U.S. patent, copyright, or trademark, and will indemnify Customer for settlements and finally awarded damages (including reasonable attorneys’ fees) resulting from such claim, provided Customer: (a) promptly notifies Provider; (b) allows Provider to control the defense and settlement; and (c) reasonably cooperates.

16.2 Mitigation. If infringement is alleged, Provider may, at its option: (a) modify the Software so it is non-infringing; (b) replace it with a non-infringing equivalent; or (c) terminate the affected subscription and refund prepaid unused subscription fees for the remainder of the term.

16.3 Exclusions. Provider has no obligation for claims arising from Customer Data, Customer modifications, combinations with third-party products not provided by Provider, or use outside the scope of this MSA.

16.4 Customer Indemnity. Customer will defend Provider against third-party claims arising from Customer Data or Customer’s misuse of the Software in violation of this MSA and will indemnify Provider for settlements and finally awarded damages (including reasonable attorneys’ fees), subject to the same notice / control / cooperation principles.

17.1 Total Liability. Provider’s total liability under this Agreement shall not exceed the total fees paid by Customer in the 12 months preceding the claim.

17.2 Exclusions. Neither Party shall be liable for indirect, incidental, consequential, special, or punitive damages (including lost profits), except to the extent arising from gross negligence, willful misconduct, or breach of confidentiality obligations.

18.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of laws principles.

18.2 Dispute Resolution. Any disputes arising under this Agreement shall be resolved through mediation, followed by arbitration if necessary, in Dallas, Texas. Either Party may seek injunctive relief for unauthorized use of its intellectual property or breach of confidentiality.

18.3 Entire Agreement. This MSA, together with any Order Forms / Signed Proposals and incorporated addenda, constitutes the entire agreement between the Parties and supersedes all prior agreements or understandings.

18.4 Independent Contractors. The Parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, or agency relationship.

18.5 Assignment. Neither Party may assign this Agreement without the other Party’s prior written consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee agrees in writing to be bound by this Agreement.

18.6 Force Majeure. Neither Party shall be liable for failure or delay caused by events beyond its reasonable control, including natural disasters, labor disputes, war, terrorism, government action, or widespread internet outages.

18.7 Severability; Waiver. If any provision is held unenforceable, the remaining provisions remain in effect. Failure to enforce any provision is not a waiver.

18.8 Notices. Notices must be in writing and delivered to the addresses set forth in the applicable Order Form / Signed Proposal (or to Provider at its address stated in the Introduction). Email notice is effective only if acknowledged by the receiving Party.

18.9 Amendments. Amendments or changes must be in writing and signed by both Parties.

18.10 Billing Portal and Self-Service Changes. Where Provider enables self-service contract administration through Stripe checkout or the Stripe Customer Portal, Customer actions taken through that portal, including payment, renewal, seat changes, billing-frequency changes, and other accepted commercial changes, are deemed authorized by Customer and form part of the applicable Order Form / Signed Proposal or other commercial record for the affected subscription.

18.11 Version Control and Change Log. The version identifier and change log displayed with this HTML MSA are maintained for document control and reference. Unless the Parties execute a separate amendment, the change log does not by itself alter Customer-specific commercial terms already accepted; rather, it records revisions to the form MSA effective from the listed version date.