Master Agreement

APPENDIX A: GENERAL TERMS

1. Definitions

1. Affiliate is an entity that is controlled by or under common control of Customer. An Affiliate includes any Third-Party that Customer has authorized to operate under this Agreement.
2. Confidential Information means all information obtained from a party (“Disclosing Party”) by the other party (“Receiving Party”), whether orally, visually, or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information of each party shall include the terms and conditions of this Agreement and each Order.
3. Device means any Client computing device, (hardware or virtualized) capable of running software applications, including, but not limited to, servers, virtual machines, application containers, personal computers, laptops, tablets, and smartphones, that an individual end user utilizes to access, run, or interface with the licensed software under this Agreement. The term encompasses any device that connects to the network for the purpose of utilizing the licensed software or service, as permitted by this Agreement, and is subject to the licensing restrictions outlined herein.
4. Customer Data means all information received by AI from Customer, Affiliates, Users, or Third-Parties during performance of Software Services pursuant to an Order or at the written request or instruction of Customer or User. Customer Data also includes any registered domain names provided by Customer or registered on behalf of Customer in connection with Software Services.  All output, analyses, insights, copies or modifications using any Customer Data are also included in Customer Data. Customer Data includes all User data and personal information as defined under Data Protection Laws but does not include AI data.
5. Data Protection Laws means any and all applicable U.S. privacy law or U.S. state privacy statutes and regulations relating to the protection of Personal Data, whether in existence as of the effective date or promulgated thereafter, as amended or superseded, including without limitation the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et seq., as amended by the California Privacy Rights Act of 2020, and all regulations issued thereunder (“CCPA”); the Virginia Consumer Data Protection Act of 2021, Va. Code Ann. §§ 59.1-571 et seq. (“VCDPA”), as effective January 1, 2023; the Colorado Privacy Act of 2021, Colo. Rev. Stat. §§ 6-1-1301 et seq. (“CPA”), as will be operative beginning July 1, 2023; the Connecticut Act Concerning Personal Data Privacy and Online Monitoring, Conn. Gen. Stat. §§ 42-515 et seq. (“CTDPA”), as will be operative beginning July 1, 2023; the Utah Consumer Privacy Act of 2021, Utah Code Ann. §§ 13-61-101 et seq. (“UCPA”), as will be operative beginning December 31, 2023; the Texas Data Privacy and Security Act, Tex. Bus. & Com. Code §§ 541 et seq. (“TDPSA”), as will be operative beginning July 1, 2024; the Florida Digital Bill of Rights, Fla. Stat. §§ 501.701 et seq. (“FDBR”), as will be operative beginning July 1, 2024; the Montana Consumer Data Privacy Act, 2023 SB 384 (“MCDPA”), as will be operative beginning October 1, 2024; the Iowa Consumer Data Protection Act, Iowa Code §§ 715D et seq. (“ICDPA”), as will be operative beginning January 1, 2025; the Tennessee Information Protection Act, Tennessee Code Ann. §§ 47-18-3201 et seq. (“TIPA”), as will be operative beginning July 1, 2025; and the Indiana Consumer Data Privacy Act, Indiana Code §§ 24-15 et seq. (“INCDPA”), as will be operative beginning January 1, 2026. Data Protection Laws also include all European Union or Member State, United Kingdom (UK), Swiss or other country laws, rules, and/or regulations to which LYB and/or Contracted Processor is subject relating to data protection, the processing of personal data and privacy, including, without limitation, the EU General Data Protection Regulation 2016/679 (“GDPR”) as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, to the extent applicable, the data protection or privacy laws of any other country or the European Union, the UK General Data Protection Regulation, and US Data Privacy Laws (defined below). In the case of payment card information, the most current version of the Payment Card Industry Data Security Standards (“PCI DSS”).
6. Deliverables means all goods and services provided by AI to Customer and its Affiliates.
7. Documentation means any written or electronic documentation, images, video, or text specifying the functionality of Software or Software Services that are made available to Customer by AI.
8. Intellectual Property means any and all of the following and all associated worldwide rights: 1) names, trademarks, service marks, trade names, and all goodwill associated with any of the foregoing; 2) inventions, improvements, trade secrets, confidential and/or proprietary information, schematics, designs, prototypes, specifications, configurations, customer and supplier lists, financial information, pricing and cost information, technical data, and all documentation relating to any of the foregoing; 3) all worldwide patents, patent applications, continuations and all other indicia of ownership of an improvement, invention or discovery; 4) published and unpublished works of authorship, whether copyrightable or not (including databases and other compilations of data or information); 5) websites, social media accounts, and all related designs and content; 6) databases and data collections, AI’s Artificial Intelligence Output, computer programs, object code, source code, and all associated rights; and 7) goodwill and claims of infringement and misappropriation against Third-Parties.
9. Malicious Software means any file, script, agents, or programs intended to do harm such as a virus, malware, Trojan horse, time bomb, worm, advertising content, unauthorized communications, unauthorized access, or other similar harmful software or firmware.
10. Orders identify all Deliverables including quantity, part number, description, price, and requested delivery date.
11. Professional Services are consulting, technical support, development, data configuration, and other related services that that Customer may request from time to time during the term of this Agreement in support of Deliverables.
12. Return Material Authorization (“RMA”) is an authorization by AI to enable Customer to return goods to AI under warranty or for repair, exchange, or upgrade.
13. Software means computer software owned by AI including all maintenance releases, updates, and upgrades provided during the Term and all accompanying Documentation. In no event does the Software include: (i) any source code for the Software; or (ii) any Third-Party Materials.
14. Taxes include alltaxes, levies, duties or similar assessments of any nature assessed on Deliverables including value added, sales, use, excise, withholding, shipping charges, brokers’ fees and import duties. For the purposes of this agreement, Taxes do not include taxes incurred by AI based on its income, property, or employees.
15. Third-Party is an entity that is not a party to this Agreement. Third-Party Materials are goods and services provided by a Third-Party that are resold by AI to Customer or otherwise incorporated into Deliverables.Third-Party Materialsinclude any technology, data, software or online services licensed or sold to AI by a Third-Party and included in Deliverables.
16. User means a person or a computer application or a computer process that interacts with a Deliverable regardless of whether such interaction is authorized by Customer or AI.
17. Artificial Intelligence Output means any outcome, product, or insight of Machine Learning or Generative Artificial Intelligence.
18. Artificial Intelligence Tools means software, applications, and other tools, whether developed by Supplier or a third party, which include or use Generative Artificial Intelligence and/or Machine Learning.
19. Generative Artificial Intelligence means any collection of models and systems that can produce new text, images, video, audio, code and/or synthetic data.
20. Machine Learning means any collection of models and systems that can extract progressively higher-level features from data by using algorithms and statistical models to analyze and draw inferences from patterns in data.

2. Sales Terms

1. Orders are subject to acceptance by AI. All software offered by AI is licensed and not purchased. Any request by Customer to cancel or reschedule an Order of standard Deliverables within sixty (60) days of AI receiving written notification may be accepted by AI in its sole discretion. Orders for special, custom or non-standard Deliverables, or Deliverables otherwise identified by AI as non-cancelable and/or non-returnable, may not be cancelled, rescheduled or returned without written permission.
2. Prices are applicable for thirty (30) days, or the time specified in the quote. At AI’s discretion, if Customer does not purchase the quantity upon which prices are based, Customer will pay the non-discounted price for the quantity actually purchased. Unless otherwise specified in writing, all prices and sales are in U.S. Dollars. Prices are exclusive of Taxes and Customer is responsible for paying all Taxes. If AI has the legal obligation to pay or collect Taxes under this section, AI will invoice Customer unless Customer provides AI with a valid tax exemption certificate.
3. Payment. Payment is due in U.S. dollars thirty (30) days from date of invoice (Net 30) unless otherwise agreed in writing. Customer agrees to pay the entire amount of each invoice without offset or deduction. If AI believes Customer’s ability to make payments may be impaired, AI may suspend or cancel any part of any Order. AI may apply any payment from Customer against any payments due. Any undisputed amount not paid when due will be subject to finance charges equal to two percent (2%) of the unpaid balance per month or the highest rate permitted by applicable law, whichever is less, determined and compounded daily from the date due until the date paid. Customer is responsible for reasonable expenses incurred by AI in collection of any sums owed. If Customer or any Affiliate has past-due payment(s) owing to AI, at its sole discretion, AI may suspend provision of any Deliverables and/or may condition future Orders on payment terms that are shorter than those specified in this section.
4. Credit Approval. Orders are subject to credit approval. At any time and its discretion, AI may change the terms of Customer’s credit, require payment in cash, wire transfer or bank check and/or require payment of any amounts due before shipment of Deliverables. Customer agrees to submit such information as may be reasonably requested by AI for the determination of credit.
5. Credit Card. If Customer provides AI with credit card information, it authorizes AI to charge such credit card for all items on the applicable invoice and for any applicable renewal fees. Customer is responsible for providing complete and accurate billing and contact information and promptly notifying AI of any changes to such information.
6. Delivery.  Expected delivery time will be provided to Customer upon demand when the Order is placed. AI may be able to offer expedited delivery for an additional fee. For expedited delivery, AI will verify and confirm delivery in writing. Delivery will be ‘Delivered at Place’ (Incoterms 2020 DAP). Unless specified by Customer, AI will select the carrier and route. Customer acknowledges that delivery dates are estimates and that AI is not liable for failure to deliver on such dates. Delivery of a quantity that is less than the quantity requested shall not relieve Customer of the obligation to accept delivery and pay for Deliverables actually delivered. Delay in delivery of one Order shall not entitle Customer to cancel other Orders.
7. Inspection, Acceptance & Returns.  Customer is deemed to have accepted Deliverables unless AI receives written notice within ten (10) days of delivery. AI will not accept any returns without a RMA number that may be issued by AI in its sole discretion. Returned Deliverables must be in original shipping cartons and shall be returned freight prepaid in the manner specified by AI. If returned Deliverables are claimed to be defective, a complete description of the defect must be included with the returned Deliverables. Deliverables not eligible for return shall be returned to Customer freight collect. Restocking fees of up to fifteen percent (15%) may apply.
8. Export Control regulations of the United States and the import control laws of other countries may apply to Deliverables. Customer agrees to comply with all relevant export laws and regulations including Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and the Office of Foreign Assets Control (OFAC) regulations. When applicable, Customer shall provide AI with information regarding Customer compliance with this section as may be reasonably requested by AI.

3. Warranty

1. Limited Warranty. AI warrants that all Deliverables will perform substantially in accordance with the specifications provided with the Deliverable and shall be free from defects in materials and workmanship under normal use and service for the terms of the warranty specified in this Section. All services will be performed in a good and workmanlike manner.
2. Warranty Term. Unless otherwise specified in this Section, the warranty term for a Deliverable comprising Professional Services or a Perpetual License for Software is ninety (90) days from delivery and the warranty term for Deliverables comprising goods is one (1) year from delivery. Third-Party products sold by AI will conform to the original manufacturer’s warranty terms and conditions. The warranty term for any repaired or replaced goods will be the remainder of the original warranty term or ninety (90) days from repair or replacement, whichever is longer.
3. Certain Hardware Warranties. The limited warranty for Bullhorn and MicroMax^® devices covers defects caused by firmware, components, batteries, workmanship, design, materials, cables, enclosures, product recall, and, if applicable, radio defects. The warranty term for Bullhorn remote monitoring units RM4014S, RM4150S and the RM5 product family is three (3) years from date of shipment and the warranty includes defects from electrical surge (including lightning). For Juniper Systems devices associated with Field Data Collection Software, the warranty term is two (2) years from date of shipment.
4. Exclusions. Except as expressly set forth in this Agreement, all warranties are solely for the benefit of Customer. Deliverables purchased from a Third-Party that is not authorized by AI will not be eligible for any warranty provided in this Agreement. Unless otherwise specified in this Section, the limited warranty does not apply to damage or defects caused by or related to: 1) natural or environmental events including, but not limited to, lightning, flood, earthquake, fire and other extreme environmental conditions; 2) Customer abuse, misuse, misapplication, improper storage, installation or maintenance; 3) Customer modifications made without written approval by AI; 4) failure of Customer to comply with specifications provided by AI; 5) damage or loss from impact, theft, vandalism and the like; 6) corrosion or electrical surge; 7) normal wear and/or consumables; 8) at AI’s sole discretion, any finding by AI upon inspection that there is no defect.
5. No Other Warranties. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NO REPRESENTATION, WARRANTY, GUARANTEE, OR CONDITIONS, EITHER EXPRESS OR IMPLIED, IS MADE BY AI (OR ITS LICENSORS OR SUPPLIERS) WITH RESPECT TO THE DELIVERABLES OR USE OF THE DELIVERABLES. AI DOES NOT MAKE ANY WARRANTY, GUARANTEE, CONDITION, OR REPRESENTATION HEREUNDER WITH RESPECT TO ANY THIRD-PARTY DELIVERABLES, OR THAT USE OF THE DELIVERABLES WILL BE UNINTERRUPTED, SECURE, OR ERROR FREE, OR REGARDING THE CORRECTNESS, ACCURACY, RELIABILITY, OR OTHER PERFORMANCE OF THE DELIVERABLES. THERE ARE NO OTHER WARRANTIES THAT MAY ARISE FROM USE OF TRADE OR COURSE OF DEALING. AI DISCLAIMS ANY AND ALL IMPLIED WARRANTIES AND CONDITIONS, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, QUIET POSSESSION, AND NON-INFRINGEMENT.
6. Remedies. AI’s entire obligation and liability and Customer’s sole remedy under this limited warranty will be that AI, in its sole discretion, will repair or replace the Deliverable or return valid pro-rated fees paid by Customer. In the event AI agrees to a pro-rated refund of Software-related fees, any license granted for such Software will terminate upon payment of the refund. AI’s obligations set forth in this Agreement are contingent on Customer providing AI with written notice of alleged defects during the warranty term. Customer must obtain an RMA number from AI before returning Deliverables comprising goods and agrees to pay all expenses for shipment to and from AI. Once goods are received by AI under a valid RMA, AI will evaluate the warranty eligibility and cause of the defect and, if covered by warranty, AI will notify Customer and, if applicable, provide an estimated time to complete repairs. If AI determines that returned is not covered under warranty, Customer may be charged an evaluation fee, and AI will provide a quote for repair or replacement. In the event returned goods are deemed not under warranty, Customer may choose to: 1) accept the quote for repair or replacement; or 2) have AI return the goods “as is” (upon paying for return shipment). In some cases, AI may provide a quote including the option for Customer to upgrade the goods to a newer version at a discounted price.

4. Intellectual Property

1. Rights. AI and its licensors retain all rights, title, and interest to all Intellectual Property created, used, or provided by AI under this Agreement. AI shall own all rights, title, and interest in all modifications, improvements or derivatives of any part of Deliverables. Customer hereby makes all assignments necessary to provide AI such ownership rights. Customer shall not disassemble, decompile, reverse engineer (except to the extent that the reverse engineering restriction is prohibited by law and then Customer shall provide AI prompt written notice of any such action), copy, distribute, modify or sell Deliverables except as expressly permitted by this Agreement.
2. Third-Party Materials are solely for the internal use of Customer only. Customer is expressly prohibited from using Third-Party Materials for any revenue generating activities beyond Customer’s normal business activities or using the Third-Party Materials independently from Deliverables and/or with any other product or service not approved by AI in writing. Customer is prohibited from storing, caching, using, uploading, distributing or sublicensing content or otherwise using Third-Party Materials in violation of any Third-Party rights, including intellectual property rights, privacy rights, nondiscrimination laws, export laws or any other applicable law or regulation. Customer shall not remove or obscure any patent, copyright, trademark, proprietary rights notices or legends contained in or affixed to any Third-Party Materials, output, metadata file or attribution page or data associated with the Third-Party Materials.
3. AI Indemnification. AI agrees to indemnify and defend Customer against all liabilities, judgments, awards and costs finally awarded, arising out of, or related to any claim that Customer’s authorized use or possession of Deliverables (as permitted herein) infringes or violates the copyright, trade secret, U.S. patent, or any other proprietary right of any Third-Party, provided that Customer: 1) promptly notifies AI in writing of any claim or suit; 2) gives AI the sole right to control investigation, preparation, defense, and settlement of such claim or suit; and 3) provides reasonable assistance for the defense.
   
   The foregoing obligations of AI shall not apply and AI will have no liability for any claim of infringement if: 1) the Deliverable is configured or developed to Customer specifications; 2) the Deliverable is modified after delivery by anyone other than AI or a party approved in writing by AI; 3) the Deliverable is combined with other products, services, processes, or materials; 4) Customer continues the infringing activity after being notified of modifications that would have avoided the alleged infringement; 5) Customer fails to incorporate Deliverable updates or upgrades provided by AI that would have avoided the alleged infringement or; 6) Customer’s use is not in accordance with this Agreement to the extent that such infringement occurred because of these actions. AI will not be liable for a settlement made without its prior written consent. If the Deliverable is held to be infringing of the rights stated above and the use of the Deliverable is enjoined or if AI believes the Deliverable might be held to infringe a Third-Party’s intellectual property rights, AI may, at its option and at its cost: 1) procure for Customer the right to use the Deliverable; 2) replace or modify the Deliverable with another Deliverable with similar functionality that does not infringe; or 3) refund the pro-rata payments made by Customer to AI for the Deliverable upon receipt of the infringing Deliverable from Customer. THIS LIMITED INDEMNITY IS IN LIEU OF ANY OTHER STATUTORY OR IMPLIED WARRANTY AGAINST INFRINGEMENT. The foregoing obligations do not apply to any Third-Party Deliverables and Customer agrees to rely on the applicable Third-Party with respect to any claims for infringement involving Third-Party Deliverables.
4. Customer Indemnification. Customer shall defend AI against any claim made or brought against AI by a Third-Party alleging that Customer data or Customer’s use of the Deliverable is in violation of this Agreement, infringes or misappropriates the Intellectual Property rights of a Third-Party or violates applicable law, and shall indemnify AI for any damages finally awarded and reasonable attorney’s fees incurred by AI in connection with any such claim; provided, that AI: 1) promptly gives Customer written notice of the claim; 2) gives Customer sole control of the defense and settlement of the claim (provided that Customer may not settle any claim unless the settlement unconditionally releases AI of all liability); and 3) provides to Customer reasonable assistance for the defense.

5. Limitation of Liability

1. SUBJECT TO SECTION 4B BELOW, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL AI OR ITS THIRD-PARTY PARTNERS BE LIABLE FOR ANY: 1) INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, OR CONSEQUENTIAL DAMAGES; 2) DAMAGES ARISING FROM LOST PROFITS, LOST SAVINGS, LOST BUSINESS OPPORTUNITY, BUSINESS INTERRUPTION, LOST OR DAMAGED REPUTATION OR GOODWILL, OR LOST OR CORRUPTED DATA OR SOFTWARE; OR 3) THE COST OF PROCURING ANY SUBSTITUTE GOODS OR SERVICES REGARDLESS OF THE FORM OF ACTION AND EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL AI’S AGGREGATE LIABILITY UNDER OR IN CONNECTION WITH THIS AGREEMENT EXCEED THE TOTAL AMOUNT RECEIVED BY AI FROM CUSTOMER FOR THE APPLICABLE DELIVERABLE (FOR SUBSCRIPTIONS THIS SHALL BE LIMITED TO THE AMOUNT PAID FOR THE CURRENT TERM). THE FOREGOING EXCLUSIONS AND LIMITATION SHALL APPLY: 1) TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW; 2) EVEN IF AI HAS BEEN ADVISED OF, OR SHOULD HAVE BEEN AWARE OF, THE POSSIBILITY OF LOSSES, DAMAGES, OR COSTS; 3) EVEN IF ANY REMEDY IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE; AND 4) REGARDLESS OF THE THEORY OR BASIS OF LIABILITY, AND WHETHER IN CONTRACT, TORT (INCLUDING BREACH OF STATUTORY DUTY, STRICT LIABILITY, MISREPRESENTATION, RESTITUTION, OR OTHERWISE). CUSTOMER ACKNOWLEDGES THAT THE APPLICABLE AMOUNTS PAID BY CUSTOMER REFLECT THIS ALLOCATION OF RISK.
2. THE FOREGOING EXCLUSIONS AND LIMITATION SHALL NOT APPLY TO EITHER PARTY’S INDEMNIFICATION OBLIGATIONS UNDER THIS AGREEMENT OR TO LOSSES CAUSED BY EITHER PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, OR CRIMINAL ACTS.
3. HIGH RISK USES. AI PRODUCTS ARE NOT DESIGNED, MANUFACTURED OR TESTED FOR USE IN ENVIRONMENTS REQUIRING FAIL SAFE PERFORMANCE, including, but not limited to, lifesaving or sustaining systems or any application where the failure of the Deliverable could lead to death, personal injury, severe property damage or environmental harm. Customer will defend, indemnify and hold harmless AI and its directors, officers, employees and agents from any and all claims, losses, damages, actions and expenses (including reasonable attorneys’ fees) arising out of Customer’s use of Deliverables for high risk uses regardless of whether such claims are founded in whole or in part on the alleged or actual negligence of AI.

6. Confidentiality

1. Without granting any right or license, Disclosing Party agrees that Confidential Information does not include any information that: 1) can be demonstrated to have been in the public domain prior to the date of disclosure; 2) can be demonstrated to have been in the Receiving Party’s possession prior to disclosure; 3) becomes part of the public domain through no act or omission of the Receiving Party; 4) is supplied to the Receiving Party by a Third-Party not under an obligation of confidentiality; 5) was independently developed by the Receiving Party without violating this Agreement, or; 6) is required by law to be disclosed, including under the Freedom of Information Act and discovery orders from courts of competent jurisdiction, provided the Receiving Party uses diligent efforts to limit disclosure and obtain confidential treatment, including informing the Disclosing Party in writing.
2. Use. The Receiving Party shall: a) use Confidential Information only for the purposes set forth in this Agreement; b) restrict disclosure of Confidential Information to authorized employees and representatives that require such information to perform their responsibilities in connection with this Agreement and advise such persons of their obligations under this Agreement; c) copy Confidential Information only as necessary and clearly mark copies as confidential; d) not disclose Confidential Information except as provided for in this Agreement; e) not remove any Confidential Information from the United States except in compliance with applicable export laws and regulations, and; f) not duplicate or reverse engineer any such Confidential Information. 
3. Transmission. Confidential Information may be transmitted electronically from time to time. AI, on its own and through Third-Parties, has implemented various measures to ensure the security and confidentiality of such Confidential Information is protected both online and offline. However, no data transmission can be guaranteed to be 100% secure. Accordingly, Customer acknowledges that it undertakes any such data transmission at its own risk and AI does not assume responsibility for disclosure resulting from unauthorized access to AI systems or those of its Third-Party partners.

7. General

1. Entire Agreement. This Agreement constitutes the entire agreement of the parties and supersedes any oral or written proposals, prior agreements, purchase orders or any other communication between Customer and AI. The parties are independent contractors and this Agreement does not create a partnership, franchise, joint venture, agency or employment relationship between the parties. In the event of a conflict between Appendix A and any other Appendix or Addendum, the terms of Appendix A shall prevail and control.
2. Waiver.  Any waiver by AI of a term of this Agreement must be in writing and signed by a duly authorized representative of AI. AI’s failure to object to any terms that conflict with this Agreement shall not be deemed a waiver or modification of its terms by AI. The waiver by either party of any breach of any provision of this Agreement does not waive any other breach. The failure of any party to insist on strict performance of any covenant or obligation in accordance with this Agreement will not be a waiver of such party’s right to demand strict compliance in the future. If any provision of this Agreement is held invalid, the clause will be modified to be enforceable and, as modified, shall be fully enforced, and the remainder of this Agreement will continue in full force and effect.
3. Assignment. Neither party may assign performance of this Agreement or any of its rights or delegate any of its duties under this Agreement without the prior written consent of the other. Notwithstanding the preceding sentence, AI may assign this Agreement without the other party’s prior written consent in the case of a merger, acquisition or other change of control.
4. Force Majeure. AI is not liable for delay or default in performing if such delay or default is caused by conditions beyond its reasonable control including but not limited to acts of God, natural disasters, acts or omissions of other parties, government restrictions (including the denial or cancellation of any export or other necessary license), material shortages, changes in law, strikes, war, and/or any other cause beyond the reasonable control of the party whose performance is affected (including mechanical, electronic, internet service provider, or communications failure). AI’s time for performance of any such obligation shall be extended for the period of delay or AI may, at its option, cancel any part of any such Order without liability by giving notice to Customer.
5. Governing Law. This Agreement is governed by the laws of the state of Texas, exclusive of any provisions of the United Nations convention on the international sale of goods, without regard to principles of conflicts of law. Any dispute or disagreement arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the state and federal courts located within Travis County, Texas and both parties hereby irrevocably consent to venue and personal jurisdiction in such courts. If any action is brought by either party against the other, the prevailing party shall be entitled to recover reasonable attorney fees and court costs in addition to any relief granted.
6. Feedback.  If Customer provides any feedback to AI concerning the functionality or performance of a Deliverable (including identifying potential errors and improvements), Customer hereby assigns to AI all right, title, and interest in and to the feedback, and AI is free to use the feedback without payment or restriction.

APPENDIX B: LICENSE AGREEMENT

This License Agreement applies to all Software. By completing the installation process or otherwise executing the Software, Customer is bound by this License Agreement. The terms in this License Agreement supersede the terms included with any click-through terms embedded in the Software.

1. License Grant. In consideration of and conditioned upon Customer’s payment of any applicable fees to AI and subject to the terms and conditions set forth in this License Agreement, AI hereby grants Customer a limited, revocable, non-exclusive, non-transferable, non-sublicensable right and license, during the applicable License Term, to install and use the Software only in the specific configuration allowed by the license type identified in the applicable documentation provided by AI to Customer (the “License“). The term of the License (“License Term”), the applicable type of License (“License Type”) and the usage or consumption and other relevant parameters (“License Use”) will be provided to you in this License Agreement and/or within a valid Order for the purchase of a License which references or otherwise incorporates by reference this License Agreement. ANY UNAUTHORIZED USE OF THE SOFTWARE WILL AUTOMATICALLY VOID THIS LICENSE GRANT AND MAY SUBJECT YOU TO CLAIMS BY AI FOR COPYRIGHT INFRINGEMENT, BREACH OF CONTRACT, INJUNCTIVE RELIEF AND/OR MONETARY DAMAGES.
2. Restrictions. Customer must not violate any applicable laws in the use of the Software. Unless and only to the extent that this License Agreement, a valid Order or applicable law expressly permits otherwise, as a condition to the License, Customer and its Affiliates must not:
   1. Reverse engineer, decompile, disassemble or otherwise attempt to discover the Source Code or non-literal aspects of the Software (including, but not limited to, the underlying structure, sequence, ideas or algorithms);
   2. Modify, translate or create derivatives of the Software;
   3. Distribute or otherwise make the Software, or any password, key or access code for the Software, available to any Third-Party (such as offering the Software as a service bureau);
   4. Sublicense, lease, lend or rent the Software;
   5. Install or use the Software in a floating, concurrent or any other shared context without prior authorization from AI;
   6. Use any means within or external to the Software to exceed or circumvent the License;
   7. Employ any hardware, software, device or technique to pool connections or reduce the number of Users or endpoints that access or use the Software (generally referred to as virtualization, multiplexing or pooling);
   8. Use the Software in connection with any stress test, penetration test or vulnerability scanning or otherwise publish or disclose any results of such activities or any other performance data of the Software without prior written approval from AI;
   9. Defeat or work around any access restrictions or encryption in the Software.
3. License Use/Additional Terms.
   1. Delivery/Acceptance. Unless specified otherwise in the Order, the Software will be delivered to Customer electronically and shall be deemed accepted by Customer upon delivery.
   2. Third-Party Contractors. Customer’s contractors may access and use the Software provided that they do so solely for Customer’s benefit and agree to use the Software in accordance with the terms of this License Agreement. Customer is liable to AI for any acts and omissions of all such Third-Party contractors (including, without limitation, any breach of this License Agreement).
   3. Software Key/Prior Access. Customer agrees to use any keys provided by AI solely with the Software for which it is provided. While AI, in its sole discretion, may provide Customer with the applicable key or other access to use the Software prior to receipt of the applicable license fees, Customer will remain obligated to pay such fees to AI.
   4. Documentation. Customer use of the Software must be in accordance with the applicable Documentation provided by AI and not in any manner that circumvents or is intended to circumvent such Documentation or the intent of this License Agreement.
   5. Backup/Copies. Customer may make a reasonable number of copies of the Software solely for backup or archival purposes and a reasonable number of copies of the Documentation that accompanies the Software solely for Customer’s internal use in connection with its use of the Software. Customer will maintain accurate records of the location of all back-up copies of the Software and such records may be inspected and verified by AI at any time during business hours and upon reasonable notice.
   6. License Transfer. Customer may transfer a License to a Third-Party provided that: 1) Customer notifies AI in writing of such transfer including the contact information of such Third-Party; 2) such Third-Party accepts the terms and conditions of this License Agreement; and 3) after such transfer, Customer does not retain any copies of the Software or any of the written materials accompanying the Software. AI may, in its discretion, charge Customer a reasonable fee for the license transfer.
   7. Compliance. Upon reasonable notice and during normal business hours, Customer agrees to make all applicable records available for review by AI to verify its compliance with the terms and conditions of this License Agreement. If the results of any such inspection indicate the underpayment of applicable fees due and payable to AI, Customer must immediately pay such amounts and reimburse AI for the cost of such inspection.
   8. Data Collection. Customer agrees that the Software may collect and communicate certain software, hardware, and use information to AI or its service providers’ servers for the purposes of: (i) checking for and performing updates; (ii) ensuring that Customer is in compliance with this License Agreement; (iii) AI’s internal product development; and (iv) providing usage reporting to Customer. The information collected and communicated will not include any proprietary application data. AI will not provide any of the information to any Third-Party except as required by law or legal process or to enforce compliance with the terms in this License Agreement. For further details, please see AI’s privacy statement on its website.
   9. Government Rights. The Software is a “commercial item” developed exclusively at private expense, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are defined or used in the applicable U.S. acquisition regulations. If Customer is an agency, department, or other entity of the United States Government, the Software is licensed hereunder: (i) only as a commercial item and; (ii) with only those rights as are granted to all other licensees pursuant to the terms and conditions of this License Agreement. Customer agrees not to use, duplicate, or disclose the Software in any way not expressly permitted by this License Agreement. Nothing in this License Agreement requires AI to produce or furnish technical data for or to Customer.
4. License Types.
   1. Copyright/Limitation. The Software is licensed and not sold. All rights, title, and interest (including without limitation all intellectual property rights) in and to the Software (as well as all copies of the Software, and related contents) are and shall remain owned exclusively by AI (or its suppliers and licensors, as applicable). The Software is protected by applicable copyright laws and international treaty provisions. All rights not expressly granted to Customer in this License Agreement are reserved to and by AI (and its licensors and suppliers).
   2. Named User License. If Customer has obtained a Named User License, Customer may install the Software for one (1) individual Customer / end user designate (“Named User”). For the purposes of this License Agreement, a Named User utilizes a Client computing Device that facilitates consumption of a single Software License and may be tracked or restricted to allow compliance with the Software License restrictions as per Addendum B1 Section 14. The Named User is identified when the License is activated. Only the Named User may use or otherwise run the Software, and the Software may not be run on more than one Device at a time. Customer may not share access to the installed Software over a network such that the installed Software can be run by a different User. Customer may change the Named User to another designated employee provided that each new Named User License is registered. At AI’s discretion, you may convert a Named User License to a Concurrent Use License for an additional fee. The Software must be promptly uninstalled from your Devices upon the earlier of the expiration of the License Term, the termination of this Agreement, or the date the Named Users’ authority to use the Software pursuant to the underlying License terminates.
      1. Concurrent Named User License. If Customer has obtained a Concurrent Use license, Customer may install the Software on any or all Devices at the physical location to which AI initially delivered the Software (“Site”). The Software may be used by all Customer Users at the Site; provided, however, in no event may the number of Users using the Software at the same time exceed the maximum number of licenses Customer has purchased. AI uses a volume license manager to track licensing and suggests that Customer maintain a current and accurate list of its Licenses and Users. There is no home use exception for a Concurrent Use License. Concurrent Use Licenses are not transferrable.
   3. Evaluation License/Pre-Release Software. Pre-Release Software is Software that is not commercially available. An Evaluation License is a limited license that allows for Pre-Release Software to be evaluated prior to release. If Customer has obtained an Evaluation License, Customer may use the Software on a site managed by AI or on a device provided to Customer by AI. Customer may not distribute or transfer an Evaluation License. Customer acknowledges that such Software is evaluation only. Evaluation Software may not be fully functional, and Customer assumes the entire risk of the results and performance. An Evaluation License is provided without warranty or obligation of indemnity on AI. AI, at its sole discretion, may terminate an Evaluation License at any time and for any reason. Customer agrees to use reasonable efforts to provide feedback to AI about its use of such Software including promptly reporting errors or defects.
   4. Home Use Exception. The designated Named User may also install and use the Software on one (1) Device located in such User’s home, provided that the use of the Software on such home Device is limited to work performed in the scope of such person’s employment and complies with all terms and conditions of this License Agreement. The Software must be promptly uninstalled from the individual’s home Device upon the earlier of the underlying license’s expiration or termination date or the date the individual’s authority to use the Software pursuant to the underlying License terminates.
5. License Use/Term and Termination.
   1. Perpetual License. If Customer purchased a License that is specified on the Order as “perpetual”, such License, and accordingly the License Term, will be perpetual and, unless terminated pursuant to the provisions herein, Customer has the right to use the Software in accordance with this License Agreement indefinitely (“Perpetual License”).
   2. Term License. Unless specified on the Order as a Perpetual License, the License is valid for a specific License Term that will commence on the date specified on the invoice and will continue until the end of the License Term unless terminated pursuant to the provisions in this License Agreement. Upon expiration of the License Term, a Term License will automatically renew for an additional year, unless either party notifies the other at least thirty (30) days prior to the commencement of the renewal term. The price for a renewal may change from time to time at AI’s discretion. In such event, AI will provide Customer with an updated quote at least sixty (60) days prior to the termination of the current License Term. If Customer does not agree to the new price, it must provide notice of intent not to renew at least thirty (30) days prior to the commencement of the renewal License Term. In a Term License, TSM is included in the fee for the License Term.
   3. Software Services. If Customer chooses to access Software on computing equipment provided by AI (“Software Services”), please see the Software Services Addendum for additional terms and conditions. Software Services for a Perpetual License includes TSM during the Service Term. Should Customer elect to end Software Services for a Perpetual License, Customer retains the right to install and use such Perpetual License on its own computing equipment for as long as it is in compliance with this License Agreement. Software-as-a-Service (“SaaS”) allows the Customer to pay one fee for access to certain Software on computing equipment managed by AI for a specific term.
   4. Term and Termination. Unless terminated earlier in accordance herewith, this License Agreement remains in effect for the duration of the applicable License Term. This License Agreement will automatically terminate, indefinitely and without prior notice, if you fail to comply with its terms. Term License quantities cannot be decreased during the current License Term and Term License fees are due and payable on the first day of the License Term.
   5. Effect of Termination or Expiration. Upon termination or expiration of this License Agreement, regardless of the reason, the License will terminate, and you must immediately cease all access to and use of the Software and the Software must be promptly uninstalled from your Devices upon the earlier of expiration of the License Term or termination of this License Agreement.
6. Technical Support and Maintenance (“TSM”).
   1. Term. Term Licenses, SaaS, Software Services, and Evaluation Licenses include TSM for a term equal to the License Term. For Perpetual Licenses, TSM is billed in advance for the term specified on the invoice. AI is not obligated to provide TSM beyond the term paid by Customer and, at AI’s discretion, may be offered only for the current commercially available version and the version immediately preceding that version.
   2. Termination. TSM will terminate immediately upon Licensee’s insolvency, assignment to creditors or commencement of a proceeding seeking bankruptcy, upon the termination of the License Term or upon a violation of the License Agreement. Upon termination of TSM for one of these reasons, Customer will not be entitled to any refund.
   3. Response Time.Personnel are available to answer questions related to the Software during AI’s normal business hours. AI will use all reasonable efforts to respond to questions promptly and will create a case within one business day. Customer must be trained on the use of the Software; TSM is not a substitute for training. The TSM fee does not include resolution of issues not directly related to the Software (including but not limited to training, computing environment or network security).
   4. Updates/Maintenance Releases. An Update is Software that corrects known issues and/or offers enhancements in functionality. Upon shipment, an Update shall be deemed to be included in Software and shall be subject to all terms and conditions of TSM and the License. An Update is designated as a decimal change in the Software version (for example 1.13 to 1.14 or 5.0 to 5.1). A Maintenance Release may be provided to address critical problems for which no feasible workaround is available. Maintenance Releases may or may not be intended for general installation since they do not undergo extensive testing. Maintenance Releases are periodically incorporated into Updates. Maintenance Releases are typically designated with a letter associated with a decimal version (for example 1.13b or 5.1f). Updates and Maintenance Releases will be provided to Customer free of charge if Customer has paid for TSM, is in compliance with the License, and has paid all undisputed charges on valid invoices issued by AI.
   5. Upgrades. An Upgrade is a Software release that offers major enhancements in functionality. An Upgrade is designated as an integer change in the Software version (e.g., 1.13 to 2.0 or from 5.3 to 6.0). TSM for versions superseded by an Upgrade will remain available for a minimum of one year; support for all prior Software may be discontinued then or at any subsequent time at AI’s sole discretion. Upgrades will be provided to Customer at a discount from list price if Customer has paid for TSM, is in compliance with the License, and has paid all undisputed charges on valid invoices issued by AI.
   6. Services/Response Time/Severity.AI provides some support services for Software at no additional charge. Software Services and SaaS may include additional support services; please see the Software Services Addendum for details. TSM and other paid Professional Services are available for a fee. Support hours are 7:00 AM to 5:00 PM Central Time Monday to Friday excluding holidays. Customer may also request support by opening a support ticket using https:/techsupport.aiworldwide.com (preferred method) or by sending an email to [email protected].

ADDENDUM B1: SOFTWARE SERVICES

Software Services are governed by the following terms and conditions. Any deviations to the terms and conditions requested by Customer would be negotiated on a case-by-case basis once defined in the Customer Requirements Specifications. Capitalized terms herein shall have the same meaning here as in the Agreement.

1. Definitions
   1. Customer Requirements Specifications (“CRS”) means Customer’s requirements, cooperation, data and information required to establish Software Services that are outside of AI’s standard terms and conditions for Software Services.
   2. Platform means Device hardware, software and connections that allow Customer to securely access Software and Software Services per the terms of this Agreement.
   3. Platform Upgrade means all updates, enhancements, modification of the Platform functionality or applicable integration API applied per the terms and conditions in this Addendum B1. 
   4. Production Mode means that Customer is able to access the Platform, and that AI has configured the Software with Customer Data.
   5. User Acceptance Testing (“UAT”) means the mutually agreed testing to establish that Software Services are operating correctly and are accepted by Customer.
2. Platform. The Platform will be hosted at a location in the continental United States chosen by AI at its complete discretion, and will, at a minimum, enable Customer to: (a) access Customer Data and agreed functionality, (b) manage the administrative requirements of the Software, and (c) perform other functionality as may be detailed in the Documentation. While the Platform may be multi-tenant, AI shall ensure that the database containing Customer Data is logically segregated from any other customer’s database. Physical segregation is available upon request and is subject to an additional fee. Upon request, AI will provision a pre-production (test) environment to enable Customer to validate any integration points between its systems and the Platform. Pre-production environment must be requested in advance and is subject to an additional fee. Pre-production environments cannot be used by Customer to reject rollout of security updates as deemed necessary by AI.
3. Cooperation. Customer will assist AI to implement the necessary integration required for Software Services. Customer will: (a) provide AI with access to information reasonably necessary for providing Software Services; (b) to the extent necessary, and on reasonable notice by AI, Customer will make all the relevant User details available to AI in a timely manner; (c) on reasonable notice by AI, Customer will designate a representative present or available at all times during Platform set-up and Software configuration. Customer acknowledges that provision of Software Services upon the agreed schedule is dependent upon its full and timely cooperation with AI, as well as the accuracy and completeness of all information and data Customer provides to AI.
4. Acceptance. AI will notify Customer when the Platform is ready for UAT. If a defect is found during UAT, a detailed description of the nature of such defect will be noted in a written deficiency report delivered to AI. Within two (2) business days, AI will provide Customer with an estimate of the time necessary for AI to correct the reported defect (the “Corrective Period”). Upon correction of the reported defect, the foregoing acceptance process will be repeated until the acceptance form is signed by Customer, provided that if the parties must repeat the foregoing acceptance process more than three times, Customer may terminate this Agreement without further liability. Customer must provide acceptance or rejection within a mutually agreed upon time at the time. Customer will not delay its acceptance because of its failures or the failures of a Third-Party. If Customer uses the Platform in Production Mode, or without other written arrangement between Customer and AI, the Platform will be deemed to be accepted and all associated service fees will be due and payable as of the date that production operations started. 
5. Performance/Availability. AI will monitor the Platform 24x7x365 to detect abnormalities. This includes network monitoring, firewall monitoring, servers, and storage monitoring, as well as application monitoring. Software Services are provided as available and AI makes no guarantee that Software Services will be available continuously. AI shall provide Software Services with availability (uptime) of 99.0% measured annually (excluding scheduled maintenance activities and Force Majeure events). Additional coverage must be requested in advance and is subject to an additional fee. AI reserves the right to perform monthly maintenance activities aimed at updating its systems with recommended patches and fixes. AI reserves the right to temporarily suspend access to Software Services: a) during planned downtimes for upgrades and maintenance (reasonable notice of such downtimes will be provided to Customer); b) during any unavailability beyond our reasonable control such as acts of God, acts of terror or civil unrest; c) during technical failures beyond our control such as inability to access the internet or denial of service attacks; or d) if AI suspects or detects Malicious Software. A high-speed internet connection is required for proper use of Software Services. Customer is responsible for procuring, securing and maintaining network connections that connect its Users to Software Services, including but not limited to, “browser” software that supports protocols used by AI. AI is not responsible for notifying Customer or its Users of any upgrades, fixes or enhancements to any such software or for any compromise of Customer Data transmitted across networks or telecommunications facilities that are not owned, operated or controlled by AI. AI is not responsible for failure to meet service levels resulting from a failure of Internet, mobile networks, Customer failure or unavailability of Customer’s network, or any part of the infrastructure that is used to access Software Services and which is outside of the reasonable control of AI.
6. Platform Support and Maintenance. AI shall provide support and maintenance services for the Platform. Platform and Software Services are subject to regular maintenance services performed at the discretion of AI. Planned maintenance will be limited to Sundays between 7:00am and 7:00pm Central time to ensure: (i) good Platform operating condition; (ii) repair and prevent equipment or applicative failures in accordance with system vendors or software developers’ recommendations; (iii) apply Platform enhancements to support new devices, functional capabilities or third party components and systems (including Platform Upgrades if applicable); (iv) apply patching or other bug fix activities; (iv) maintain or improve capacity as needed to ensure the delivery of the service levels as described in the table below. User customer support is available from 7:00 AM through 7:00 PM US Central Standard Time, Monday through Friday.

*Require phone call notification
** Within 95% of the reported cases

Support for non-production Platform environments shall be minor priority for reported issues or requests. AI will send notifications about non-standard maintenance activities, incidents or service-related reports via emails to the address Customer provide.

7. Security. AI shall establish information security measures and procedures according to best practices industry standards to protect from disclosure and prevent access to Customer Data from unauthorized access. AI shall have systems in place to promptly detect any unauthorized access. In the event of any breach, AI shall promptly rectify such breach, repair any damage, and promptly notify Customer of such details. AI shall take reasonable and prudent steps to ensure the security of Customer Data and systems, including but not limited to:
   1. Establish and maintain an information security program that defines information protection policies, procedures and practices that comply with industry best practices, applicable laws, rules, and regulations that are within the scope of this Agreement to preserve the confidentiality, availability, integrity of Customer Data.
   2. Maintain and implement procedures to physically and logically segregate Customer Data and Confidential Information from AI data and data belonging to a Third-Party. The applicable database containing Customer Data will reside behind a firewall, and not be directly accessible from the internet.
   3. Maintain adequate training program so that its employees and any others, acting on its behalf are aware of and adhere to its security program. AI shall exercise necessary and appropriate supervision over its employees and others acting on its behalf to maintain appropriate confidentiality, integrity, and availability of Customer Data.
   4. Apply industry best practices, not to transmit or allow transmission of Malicious Code by other Third-Party.
   5. AI computers, networks or applications will not be installed in such a way as to compromise the security of an existing network. AI computers connected to a network will not present an unsecured pathway between one network and another. AI networks will be designed and administered in such a way that the failure of any attached element will not leave the entire network exposed to unauthorized access.
   6. Implement integrity controls to prevent unauthorized disclosure or modification of data during transit, storage, or processing in accordance with Appendix D. Implement data destruction processes to render media storage devices unreadable before being discarded, or otherwise disposed.
   7. Install and maintain up to date operating systems, applications and security patches on AI computer systems that have access or are used to manage the Platform.
   8. Maintain, to the extent possible as to not interrupt Software Services unnecessarily, an up-to-date operating system, applications, security patches as well as security access controls in AI systems that are used to store or process Customer Data.
   9. Perform, on a regular basis, risk assessment and self-audits to identify areas of vulnerability in its solutions designs and will promptly address findings. Self-audits shall identify vulnerabilities, including through penetration testing, in AI systems, and/or other facilities and shall identify controls to address such vulnerabilities and assess controls adequacy.
   10. Additional security controls must be requested in advance and are subject to additional fees.
8. Data Backup. AI shall perform regular backups intended to ensure ability to recover system or applicative data according to the industry standards and the criticality of the system components. AI will perform weekly backup of up to 20 GB of customer service data and will retain such data for not longer than three (3) months. Changes to the default backup implementation which must be requested in advance and is subject to additional fees.
9. Usage Limits. Software Services are subject to usage limits specified in this agreement. Unless otherwise approved in writing by AI: a) Software Services may not be accessed by more than the number of Users paid for in advance; b) passwords may not be shared with another individual; c) a User’s identification may only be reassigned to a new individual replacing one that is no longer using Software Services; d) Customer may not exceed 100 GB of data download per month; e) Customer shall not disassemble, decompile, reverse engineer, copy, distribute, modify or resell Software Services except as expressly permitted in writing by AI. If Customer exceeds any of these limits, AI shall charge Customer additional fees and may suspend Software Services until such fees are paid in full.
10. Platform Upgrades. Platform patches, security or functional bug fixes, alterations, improvements, corrections, revisions, releases, new versions, or any other changes to the Platform and any related underlaying infrastructure is considered a maintenance activity. AI reserves the right to plan and roll out Platform Upgrades based on its internal roadmap and schedule. Customer is encouraged to recommend and request changes and improvements in functionality of the Platform. Any new or modified functionality added to Software Services and any updates or enhancements to Software Services are subject to the terms of this Agreement. Customer’s ability to use new functionality of Software Services introduced through an Upgrade may require additional licensing.
11. Upgrades. Upgrades (as defined in Appendix A) are only available to those Customers using a dedicated SQL server environment. AI will provide Customer with thirty (30) days’ prior written notice of any planned Upgrade to allow evaluation of possible impact on Customer systems. AI will work with Customer in good faith to mitigate possible impact of Upgrades. In the event Customer identify such impact, Customer shall provide AI with a reasonable amount of time to mitigate or correct the impact. If following AI’s opportunity to correct, Customer choose not to upgrade, Customer acknowledge that AI shall only be required to provide Software Services to the current or immediately prior version of the Software. Customer are encouraged to recommend and request changes and improvements in functionality of the Software. Any new or modified functionality added to the Software and any updates or enhancements to the Software are subject to the terms of this Agreement. Customer’s ability to utilize new functionality of the Software introduced through Upgrades may require additional licensing.
12. Documentation/Training. Prior to Production Mode, AI will provide Documentation, support contacts, and ways to initiate or escalate requests. Upon request and no later than Production Mode, AI will also provide electronic copies of all applicable technical documentation related to or associated with the Platform, including: operations and administration manuals for the interfaces exposed to Customer, project definitions, integration diagrams, and test plans and cases, each of which allow for interconnectivity with Software Services. Software Services do not include User training.
13. Failure.  AI will not be liable for any failure to perform that is contingent on a material failure of Customer or a Third-Party performing a task that is designated in a CRS or an Order to be performed by Customer or a Third-Party that causes, in whole or in part, a failure or delay in AI’s performance.
14. Customer Responsibilities. Customer, including its Named Users, is responsible for compliance with this Agreement and ensuring that use of Software Services complies with all applicable laws and regulations. Customer shall: 1) be responsible for the accuracy, quality, integrity and legality of Customer Data and the means by which Customer acquired it; 2) use commercially reasonable efforts to prevent unauthorized access to Software Services, Software and Documentation and promptly notify AI in writing of any such unauthorized access or use; and 3) use the Software and Software Services in accordance with the Documentation. If there is unauthorized use by anyone who obtained access through Customer, Customer will take all steps reasonably necessary to terminate the unauthorized use and will assist with any actions taken by AI to prevent or terminate such unauthorized use. Customer shall not (by itself or through any Third-Party): 1) make Software Services or Software available to anyone other than its Users including anyone operating as a service bureau to benefit a Third-Party; 2) knowingly interfere with or disrupt the integrity or performance of Managed Services or any data contained therein; 3) attempt to gain unauthorized access to Software Services or their related systems; 4) attempt to decipher, decompile, reverse engineer or otherwise discover the source code of any Software; 5) use Software Services to knowingly post, transmit or store any content that is unlawful, harmful, racist, hateful, obscene or discriminatory (including Malicious Software); 6) access any part of Software Services, Software or Documentation in order to build a competitive product or service; or 7) access or use any Intellectual Property except as permitted under this Agreement.
15. Term. Software Services are provided for the term specified in the Order (“Service Term”) and are paid in advance. Software Services fees and the number and type of Users are specified in the Order. Customer shall have the right, but not the obligation, to renew for additional periods. Customer may add Users and will be billed for such additional fees on a pro-rata basis. Unless notified at least thirty (30) days in advance, Software Services shall automatically renew.
16. Termination and Suspension. Software Services shall terminate upon the end of the Service Term unless it is terminated earlier according to this Agreement. Software Services shall be suspended immediately upon AI’s determination of a violation of: (i) Section 14 of this Addendum (Customer Responsibilities); (ii) Appendix A Section 4 Intellectual Property, or (iii) Appendix A Section 6 Confidential Information. AI shall notify Customer in writing promptly following such suspension. The parties shall then work cooperatively to resolve the issue. If the issue is not resolved to AI’s reasonable satisfaction within fifteen (15) days of notice, AI may terminate Software Services without refunding fees.
17. Transition.  Upon written request, AI will assist Customer with the transition of Software Services data to Customer within a mutually agreed timeframe. AI will provide all such services for the transition as is reasonably necessary to effectuate it and Customer will pay AI for such services and associated expenses at prevailing services rates or as negotiated between the parties. Customer will be required to purchase Licenses and associated TSM services as applicable.
18. Internal Controls & Audit.
    1. AI shall implement and maintain: performance and quality monitoring processes and procedures to manage and facilitate its performance of this Agreement, including implementing tools and methodologies to ensure that Managed Services and Software are provided in the manner required hereunder; an internal control environment in day-to-day operations consistent with controls AI uses to deliver similar services to other customers; an internal control reporting function sufficient to monitor the processes and systems used to provide the Managed Services and Software.
    2. AI shall promptly notify Customer after the occurrence of any of the following, and shall provide such information, in reasonable detail, as is needed to fully inform Customer thereof: 1) AI becomes aware that it has committed a material breach under this Agreement; 2) AI plans to make, or makes, any changes to the internal controls that has materially affected, or is reasonably likely to materially affect Managed Services, Software or Customer; 3) AI becomes aware of any determination that a significant deficiency or material weakness exists, in the design or operation of the internal controls; or, 4) AI otherwise becomes aware of any situation related to this Agreement or the Hosted Services or Software that has had, any other severe material adverse impact on same.
    3. AI will maintain an independent audit function, to the extent possible, to assess internal controls over its and its applicable representative’s operations and facilities, including the applicable data centers used in the provision of the Hosted Services and Software.  Upon Customer request, AI shall make available evidence of its compliance with the technical and organizational measures that protect the production systems of the Services.
    4. Upon Customer request, audit reports or certifications required to be provided hereunder will be available through AI for the year in which the audit was conducted. Each audit will cover the applicable internal processes and controls relating to the Managed Services and shall be carried out by an independent and appropriately qualified and recognized Third-Party. Customer may provide a copy of the audit report to a Third-Party if authorized in writing by AI.
    5. AI shall provide Customer with the details of any modifications to its internal controls, specifications or the Hosted Services or Software. In the event of any material changes or deficiencies in either the design or operation of the controls and security tested, AI shall provide Customer with a reasonably detailed explanation of the material change or deficiencies in such controls or security.
    6. AI agrees to respond in writing to any questions, comments and observations made in connection with any audit, inspection or examination undertaken pursuant to this Section, within a reasonable period of time of receipt of such questions, comments and observations. If Customer determines that a modification to an internal control is not solely an enhancement and materially reduces the Hosted Service or Software, Customer may request a review to the modifications, which AI should perform in good faith and will work with the Customer to achieve a mutually satisfactory outcome.

ADDENDUM B2: BULLHORN SOFTWARE-AS-A-SERVICE (SaaS)

Payment in full of all Bullhorn SaaS fees entitles Customer to access for the Service Term and the number of applicable Bullhorn remote monitoring devices (“Devices”). AI reserves the right to deactivate any Device that it deems to be malfunctioning. Bullhorn SaaS, embedded telemetry services, Devices & related software are provided “as is” and “as available”. AI is not obligated to provide Bullhorn SaaS or refund fees when Third-Party service is unavailable to AI. Customer acknowledges that such service may depend upon many factors including antennas, topography and environment and is therefore subject to change without notice. If Customer elects to discontinue use of, retire, deactivate, or otherwise cease operating any Bullhorn Devices or units for any reason, Customer acknowledges and agrees that no refunds, prorated credits, offsets, or reduction of Bullhorn SaaS fees shall be issued for the remainder of the applicable Service Term.

Definitions:

• “Carrier” means any operator of a satellite or terrestrial wireless communications network that supports Bullhorn SaaS (eg. Orbcomm, AT&T, Kore Wireless, SkyWave, Iridium).
• “End User” means a person or entity purchasing Bullhorn SaaS to monitor its equipment.
• “Governmental Authority” means any federal, state, local or other governmental agency or authority of the United States or any other country.
• “Network” means the communications network(s) operated by selected Carrier(s).
• “Number” means the ten (10) digit telephone number assigned to a Device that allows access to a Carrier’s services.
• “Permits” means any franchise, license, exemption, consent, approval, authorization or registration; the issuance of which is required by a Governmental Authority with jurisdiction in any country to facilitate the provision of Services.
• “Service” means the data collection and reporting functionality provided by Bullhorn devices (RMUs) through the use of the Network and delivered to Bullhorn SaaS.

End User shall not have and shall not acquire any proprietary interest in the Number or any other numbers or codes associated with or allocated to a remote monitoring device.  End User acknowledges and understands that it shall bear all responsibility, risk and cost associated with developing and maintaining its business, and neither AI nor its Carriers shall be liable to End User for any costs or damages caused by any failure or impaired performance of the Network or Service.

End User acknowledges that AI and its Carriers shall supply the Service on a good faith efforts basis and that service failures and interruptions may occur and are difficult to assess as to cause or resulting damages. The parties agree that none of AI, the applicable Carrier, nor any Affiliate of either shall be liable to End User for any losses or damages of any kind whatsoever arising out of any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, communication line failure, theft or destruction or unauthorized access to, alteration of or use of records associated with the Network or the Service, whether for breach of contract, tortious behavior, negligence or under any other cause of action.

Use of the Network or the Service is authorized by Governmental Authorities only in certain countries and is permissible only when all Permits have been received from the applicable Governmental Authorities.  In

addition, use of a remote monitoring device is only permissible if it has been specifically approved for use in that country or territory. For information on those countries or territories in which use of the Network is authorized, please contact your AI representative.

End User acknowledges responsibility and indemnifies AI for all “Texas state and local sales and use taxes” on Bullhorn SaaS.

NO CARRIER HAS MADE, OR SHALL BE DEEMED TO HAVE MADE, ANY REPRESENTATIONS OR WARRANTIES WHATSOEVER WITH RESPECT TO THE NETWORK OR SERVICE OR ANY EQUIPMENT PURCHASED IN CONNECTION THEREWITH.  AI AND EACH CARRIER EXPRESSLY DISCLAIMS AND END USER EXPRESSLY WAIVES, RELEASES AND RENOUNCES ALL WARRANTIES ARISING BY LAW OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO:  (A) ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE; (B) ANY WARRANTY AGAINST CLAIMS OF PATENT INFRINGEMENT OR THE LIKE; (C) ANY IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING OR USAGE OF TRADE; (D) ANY WARRANTIES AS TO THE ACCURACY, AVAILABILITY OR CONTENT OF ANY NETWORK OR SERVICE PROVIDED BY AI OR ITS CARRIERS; AND (D) ANY WARRANTY UNDER ANY THEORY OF LAW, INCLUDING ANY TORT, NEGLIGENCE, STRICT LIABILITY, CONTRACT OR OTHER LEGAL OR EQUITABLE THEORY.  NO REPRESENTATION OR OTHER AFFIRMATION OF FACT, INCLUDING, BUT NOT LIMITED TO, STATEMENTS REGARDING CAPACITY OR SUITABILITY FOR USE, THAT IS NOT CONTAINED IN THIS AGREEMENT SHALL BE DEEMED TO BE A WARRANTY BY AI OR ITS CARRIERS. IN NO EVENT SHALL AI OR ITS CARRIERS HAVE ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY TO SUBSCRIBER UNDER THIS AGREEMENT FOR LOSS OF USE, REVENUE OR PROFIT OR ANY OTHER INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES.  IN ADDITION, IN NO EVENT SHALL ANY LIABILITY OF AI OR ITS CARRIERS EXCEED THE AMOUNT OF ONE THOUSAND U.S. DOLLARS (US$1,000.00).

APPENDIX C: PROFESSIONAL SERVICES

Professional Services are governed by the following terms and conditions. Capitalized terms shall have the same meaning as in the Agreement. Whenever Customer desires Professional Services, AI will work with Customer to formalize the scope. Once formalized, a Statement of Work (“SOW”) will be signed by AI and Customer prior to commencing the work. Unless duly authorized in writing by both parties in a valid SOW, in no event shall AI personnel perform Professional Services at Customer’s site without the direct supervision and attendance of Customer personnel. Professional Services are limited to technical consulting and technology-related services related to Deliverables.

1. General Terms
   1. Fees.  Except for those Deliverables for which fees are listed in the applicable SOW, all Deliverables that are provided by AI will be billed at the AI rates then in effect at the time the Deliverables are provided (which rates shall be commercially reasonable). For any Professional Services requested by Customer at Customer’s site or other non-AI facility, Customer shall reimburse AI for actual, reasonable travel and out-of-pocket expenses incurred. Invoices for reimbursed travel expenses will contain adequate detail and supporting documentation. Professional Services provided on a time and materials basis will not exceed the amount agreed upon in the SOW including the reimbursement of allowable expenses.
   2. Invoices. AI will submit invoices for Professional Services no later than sixty (60) days from Acceptance. If Customer’s procedures require that an invoice be submitted against a purchase order before payment can be made, Customer will be responsible for issuing such purchase order before the payment due date. Each invoice will include the Agreement number, invoice number and date, remittance address, itemized and total amounts, and, as applicable, Customer purchase order number, hours worked, hourly rates, travel expenses and related receipts for travel expenses. Customer may not withhold or setoff any amounts for undisputed charges.
   3. Subcontractors/Personnel. AI may engage Third-Party subcontractors in the performance of an SOW at its sole discretion. Customer shall not have the right to approve the terms of any agreement between AI and its subcontractors. AI will not be relieved of any duty under this Agreement by reason of subcontracting and will remain responsible to Customer for the performance of the work. AI will supervise subcontractors in the provision of work under any valid SOW. AI will replace personnel who are not performing in a manner satisfactory to Customer within thirty (30) days of receiving a written request.
   4. Independent Contractor. AI will perform Professional Services as an independent contractor. Personnel and subcontractors performing work under an SOW shall not be employees of Customer and such personnel shall be under the exclusive control of AI. AI will not assume any obligations in the name of the Customer without prior written authorization. AI will comply with all applicable regulations including immigration, worker’s compensation, social security and unemployment.
   5. Suspension or Termination. AI may suspend Professional Services for all or a portion of SOW upon the failure of Customer to pay any undisputed invoice when it is due. Except for the foregoing statement, termination or suspension of Professional Services under any SOW, in whole or in part, shall not affect AI’s obligation to continue Professional Services under any other SOW. If Customer wishes to terminate a SOW for its convenience, AI will be entitled to compensation for Professional Services provided up to the effective date of termination. If Customer suspends work under a SOW for its convenience, the parties will renegotiate the delivery and fees associated with such SOW at such time that Customer wishes to recommence.
   6. Delivery and Delays.
      1. Scheduling and Estimates. Delivery dates and project schedules in any SOW are good faith estimates. Professional Services may depend on the availability of specific personnel, Customer’s timely performance of its obligations, and third party factors.
      2. Customer Dependencies. Customer will timely provide all information, materials, access, decisions, environments, and approvals identified in the SOW or reasonably requested by AI to perform the Professional Services (customer dependencies). Any failure or delay by Customer to meet customer dependencies, or any change in scope or priorities initiated by Customer, will extend the schedule by at least the period of such delay and may require a change order to adjust milestones and Fees.
      3. AI-Caused Delay. If AI is the sole cause of a material delay to a milestone under a SOW, AI will use commercially reasonable efforts to mitigate such delay and, as Customer’s exclusive remedy, will provide reasonable re-performance or additional effort at no additional Services Fees to achieve the delayed milestone. AI will not be liable for consequential, incidental, or indirect damages arising from any delay.
      4. Change Orders for Material Delay. If delays (from any cause other than AI’s sole fault) materially impact the SOW schedule, resource plan, or assumptions, the parties will promptly execute a change order to adjust scope, milestones, fees, and resource allocations. AI is not obligated to continue work materially outside the SOW without a mutually signed change order.
      5. Mitigation and Communication. Each party will promptly notify the other upon becoming aware of any actual or anticipated delay, describe expected impact, and propose reasonable mitigation. The parties will cooperate in good faith to minimize delay impacts while maintaining quality and compliance.
   7. Insurance. Upon Customer request, AI will furnish certificates of insurance evidencing coverage in a form acceptable to Customer with a carrier reasonably acceptable to Customer. Such certificates will include: 1) Worker’s Compensation in accordance with the laws of the state(s) where Professional Services are performed; 2) Commercial General Liability Insurance with a combined single limit of at least $1,000,000 per occurrence and $2,000,000 in the aggregate; 3) Professional Liability with limits of at least $2,000,000 per occurrence and in the aggregate. Upon Customer request, such policies will name Customer as an additional insured.
   8. Liens. AI waives any rights to liens to which AI might be entitled to for work performed under this Appendix and will, prior to commencing work, requires any subcontractors to consent to a waiver of any such rights.  
   9. Ownership. All Professional Services performed under this Agreement and any resulting Software products, hardware products, or other products will be the sole and exclusive property of AI, will be deemed to have been conceived, authored, invented, developed and/or made by AI, and all Intellectual Property rights therein shall belong exclusively to AI. Without limiting the foregoing, Customer acknowledges and agrees that Deliverables involving the design, development, or modifications to software or otherwise involving copyrightable subject matter are not “works made for hire” by AI for Customer; and upon their creation, AI owns all right, title, and interest to all such works.
   10. Records and Audits.
       1. Recordkeeping. AI will maintain complete and accurate records reasonably necessary to verify Fees and compliance with the applicable SOW(s) for Professional Services, including: (i) staffing assignments and labor hours for time-and-materials work, (ii) milestone completion and Customer acceptance for fixed-fee work, (iii) executed change orders and material Customer approvals/decisions, (iv) training attendance/rosters and site access logs where applicable, and (v) reasonable backup for reimbursable expenses (e.g., travel receipts). Records may be maintained in electronic form.
       2. Retention. AI will retain such records for [3] years after the later of the related invoice date or expiration/termination of the applicable SOW, unless a longer period is required by law or expressly stated in the SOW.
       3. Audit Right and Process. During the retention period, Customer may audit the records described in (a) no more than once in any [12]-month period, upon at least [10] business days’ prior written notice, during normal business hours, and in a manner that does not unreasonably interfere with AI’s operations. Audits may be performed by Customer or by an independent, reputable Third-Party auditor engaged by Customer and bound by confidentiality obligations no less protective than those in the Agreement.
       4. Scope Limits. The audit will be limited to records directly related to the Professional Services provided under the audited SOW(s) and the corresponding invoices. It will not extend to AI’s general financial records, cost/pricing build-ups, source code, trade secrets, unrelated customer information, or information AI is prohibited by law or contract from disclosing. AI may reasonably redact information outside the approved scope. No penetration testing, vulnerability scanning, or access to unrelated production systems is permitted under this clause.
       5. Confidentiality and Security. All information disclosed in an audit is AI Confidential Information and subject to the Agreement’s confidentiality terms. Customer and its auditors will comply with AI’s safety and security policies while on-site. Personal data will be minimized to the extent feasible (e.g., role-based or anonymized time entries).
       6. Findings and Remedies. If an audit identifies an overcharge, AI will promptly credit or refund the overcharged amount. If an audit identifies an undercharge, Customer will promptly pay the shortfall. 
       7. Legal/Regulatory Audits. If a governmental or regulatory authority requires an audit beyond the limits above, the parties will cooperate in good faith to meet such requirements. Customer will bear the incremental costs and fees of such audit.
2. Statements of Work (SOW)
   1. Statements of Work (“SOW”) are the documents executed by Customer and AI that specify, among other things, the specific Deliverables Customer will receive, the anticipated delivery dates, and the pricing. Unless stated otherwise therein, the effective date of each SOW is the date it is signed by the latter of the Parties. A general form of SOW is set forth in the attached Addendum to this Appendix. In the event of a conflict between this Agreement or any SOW, this Agreement shall prevail.
   2. Generally. During the term of this Agreement, whenever Customer desires Professional Services, the Parties shall work together to enter into a SOW for the applicable Deliverables. AI will perform Professional Services in a good and workmanlike manner, in accordance with professional standards, and without undue delay. Unless otherwise specified in the SOW, AI will furnish all labor, services, supervision, supplies, and equipment necessary to completely perform its work. Customer responsibilities related to Professional Services shall be clearly specified in the SOW and Customer acknowledges and agrees that AI’s performance under each SOW is dependent upon Customer performing its work in a timely manner and to completion.
   3. Scope; Changes. Each SOW will contain, at a minimum, the applicable Deliverables to be provided, the time-frame for delivery, acceptance procedures (if applicable), and the fees.  Any equipment or other items to be provided by Customer in order to permit AI to perform the Professional Services shall be specified in the applicable SOW. Changes in the scope of the Deliverables for any SOW may be submitted by either Party in writing to the other. While AI will promptly perform any necessary cost and scheduling analysis occasioned by a requested change, AI shall not be required to provide any Deliverables beyond those specified in the applicable SOW until the Parties have executed a revised SOW. Customer acknowledges that AI reserves the right not to accept changes because of (among other things) possible cost, feasibility factors, resource limitations, or potential interference with the performance of AI products.
   4. Delivery. While AI will use all reasonable efforts to meet the applicable delivery dates specified in each SOW, Customer acknowledges and agrees that the Professional Services require specialized skills, may be subject to the availability of certain personnel, and may require Customer to submit various materials and items to AI by certain stipulated time-frames in order for AI to meet required delivery and/or completion deadlines. Consequently, Customer acknowledges and agrees that AI is not responsible for delays. AI will, however, notify Customer of any delivery overruns and the steps AI is taking to address any overruns.
   5. Acceptance. AI shall notify Customer in writing when each SOW has been completed. Unless Customer notifies AI in writing within fifteen (15) days of completion by AI, such work shall be deemed accepted by Customer. Within five (5) working days of receiving a notice of non-compliance from Customer, AI shall provide Customer with a plan for corrective action. The process of corrective action will continue until the parties are satisfied or until the parties agree to an alternative resolution.

ADDENDUM C1: EXAMPLE STATEMENT OF WORK (“SOW”)

APPENDIX D: IT AND CYBERSECURITY

This Appendix sets forth the minimum Information Technology (“IT”) security and controls requirements, informed by IT security standards and frameworks created by the National Institute of Standards and Technology (NIST), regarding Deliverables that involve storing or processing Customer Data at a location not managed by Customer using Deliverables provided, controlled or obtained by AI.

1. Definitions.  All capitalized terms in this Addendum shall have the meanings set forth in the Agreement except as otherwise provided or supplemented in this Addendum.
   1. AI Infrastructure means the infrastructure supplied by AI or obtained by AI from a Third-Party, including the equipment, hardware, software, permits, registrations, telecommunications connections, office and storage space, and other infrastructure used to provide Software Services and maintain all backups of Software Services, including backups of Customer Data.
   2. Information Security Incident means any (i) unauthorized access to, alteration of or damage to AI Infrastructure or Customer Data, including Software, or (ii) loss or unauthorized alteration of or damage to Content or (iii) theft or unauthorized use, disclosure or acquisition of or access to any Customer Data.
   3. IT Controls means all IT controls outlined in Section 3 of this Addendum.
   4. Software Services Environment means the portion of AI Infrastructure used to store, process or host Customer Data.  Software Services Environment excludes AI Infrastructure that is not used to store, process or host Customer Data.
   5. IT Subcontractor means any Third-Party providing services to AI directly related to the development, provision, or maintenance of Software Services or that has access to Customer Data.
   6. Principle of Least Privilege means allowing only authorized access for Users (or processes acting on behalf of Users) that are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.
2. AI’s Obligations
   1. AI agrees to comply with this Addendum and will cause its employees and IT Subcontractors to comply with this Addendum. When Third-Party computing resources are in use, AI is responsible for ensuring that service selection, configuration or any other Third-Party product options are defined in such a way that they comply with the requirements set forth in this Addendum. AI retains responsibility for verification of controls or processes that are subcontracted.
3. IT Controls
   1. IT Services Environment
      1. AI will have in place, maintain, and use appropriate information security measures, including physical, technical, and administrative controls, to prevent unauthorized access to the IT Services Environment. AI will prevent use of communication methods in the AI Infrastructure that could circumvent the IT Services Environment network control point.
      2. AI will separate the IT Services Environment from the internal AI business network with a firewall configured using the Principle of Least Privilege.
      3. The IT Services Environment will not be bridged to other networks in a manner that allows unauthorized access or unauthorized movement of data into or out of the IT Services Environment.
      4. AI will use the following principles when using virtual network peering: (a) virtual network peering design should be documented and a periodic review should be performed; (b) configuration reviews should consider whether the configuration is necessary, whether the configuration is at an appropriate level of granularity, the risk of data exfiltration, the attack surface, and cyber visibility; and (c) avoid virtual network peering between two or more environments with substantially different security posture without firewall filtering.
      5. AI will limit the exposure of computing resources to the public internet. AI will limit or block access to management ports including but not limited to SSH (Port 22) and RDP (port 3389) on virtual machines to the extent public IP addresses are required. To the extent access to these management ports is necessary, AI will ensure access will only be available through hardened machines. AI will implement port whitelisting to enable only necessary traffic to flow through the public IP address.
      6. AI will provide and maintain up-to-date security including, but not limited to, either: (a) an intrusion protection system that identifies and blocks unauthorized activity in the IT Services Environment, or (b) an intrusion detection system in the IT Services Environment combined with 24×7 monitoring and incident response. To the extent permitted by applicable law, logs of detection and blocking events must be retained for a minimum of twelve (12) months unless otherwise specified by the Customer, and such logs must be sufficiently detailed to support forensic analysis.
      7. If AI support staff (including IT Subcontractors) will access AI Infrastructure remotely, access must be via secure channels and/or through a sanitized environment. When file exchange is required to update the IT Services Environment, such file exchange will be done in a manner that mitigates the possibility of transferring Malicious Software to the IT Services Environment or allowing unauthorized access to the IT Services Environment.
      8. AI will use a secure development CI/CD pipeline, combined with in-line code testing, to systematically reduce the frequency and severity of code vulnerabilities.
      9. AI will safeguard against Malicious Software and malicious activity in the AI Infrastructure, Customer Data, and Software. AI will design and operate the IT Service Environment to prevent the introduction or intrusion of Malicious Software in accordance with the software vendors’ recommended practices. In addition to any other rights and remedies available, the parties agree that should any part of AI Infrastructure, Customer Data, or Software display evidence related to the presence of Malicious Software, AI will immediately remove such Malicious Software without adversely affecting utility, functionality, and performance.
      10. Wireless access to the IT Services Environment be restricted where possible and, at a minimum, will pass through a firewall configured using the Principle of Least Privilege. Wireless access includes, but is not limited to wireless routers, access points, and similar technologies.
      11. AI will configure and maintain the IT Services Environment such that connection to an external network terminates at a firewall with the Principle of Least Privilege applied.
      12. AI will implement and maintain up-to-date security controls to protect the IT Services Environment and Software against industry known threats, such as the “OWASP Top 10” threats, via secure coding practices and appropriate technical controls (e.g., Web Application Firewall (WAF), Reverse Proxy).
      13. AI will harden the IT Services Environment by removing unnecessary software and utilities, turning off unneeded services, and closing extraneous network communication ports as proscribed in industry recognized reference guides such as CIS Benchmarks.
      14. AI will implement and maintain an up-to-date comprehensive information security program, compliant with applicable law. AI’s information security program shall include appropriate administrative, technical, physical, organizational and operational safeguards and other security measures designed to (a) ensure the security and confidentiality of Customer Data, in both office and non-office locations and (b) protect against the threat of Information Security Incidents. The information security program will also include a cybersecurity awareness program that informs and reminds staff of preventative measures to avoid inadvertent exposure of Customer Data or inadvertent exposure of the IT Services Environment to unauthorized activity.
      15. AI may offer to implement and maintain up-to-date data loss protection (DLP) controls to protect Customer Data from unauthorized access and unauthorized transmissions outside of the IT Services Environment. DLP controls, if ordered by the Customer in writing, will, at a minimum, be in place for data in transit and data in use, and the Customer must label its data in a way that enables the DLP solution to identify it as protected data.
      16. AI will sanitize physical media intended for reuse prior to such reuse and destroy physical media scheduled for decommissioning to ensure that Customer Data is not inadvertently exposed. AI will maintain documentation to verify full and successful completion of all such sanitization and destruction. The term “sanitize” as used in this Section means (a) permanently removing Customer Data from media before disposal or reuse of such media, or (b) making it unrecoverable through the destruction of at-rest encryption keys in situations where AI does not control the physical media where the data is stored.
      17. AI will not use Customer or Affiliate names or logos on the IT Services Environment without prior written permission of the Customer.
   2. Encryption in the IT Services Environment
      1. AI will encrypt all internal and external AI network traffic to, from, and within the IT Services Environment with a minimum encryption level equivalent to AES-256. AI will encrypt Customer Data at rest with a minimum AES-256-bit encryption. Data will be encrypted, whether the storage device is powered on or off.
      2. AI will store system secrets, including but not limited to encryption keys, certificates, passwords, hashes, connection strings, and other secrets in an appropriate secure service and the Customer Data or Software will be designed to retrieve the secrets from this secure service. AI will not store secrets in configuration files or in source code. AI will ensure that access to system secrets follows the Principle of Least Privilege.
      3. To the extent required for service-to-service integration, AI will set up identities as non-interactive (e.g., through an identity management service) and not require active password or secret management. AI will store passwords using a one-way hashing algorithm.
   3. AI Operating System/Applications
      1. AI will implement and maintain up-to-date change management procedures which include AI’s testing, certification, and approval processes specifically related to standard bug fixes, updates, security patches, and upgrades made available to Customer. The change management procedures will include, at a minimum, defined procedures for emergency and critical changes that address all identified or future business and regulatory risks. AI will document and retain a detailed up-to-date record of its compliance with the change management procedures, such as a ticketing system and records of all testing procedures of any change, including without limitation the date and time of such change, the nature of the change, and the impact any such change may have on Customer Data.
      2. AI will secure all Software, including those that incorporate open-source software or code from an IT Subcontractor, and Customer Data from unauthorized access. 
   4. Backups
      1. AI will either (i) perform online incremental backups of Customer Data daily and full backups at least weekly, or (ii) may perform and continuously maintain secure replication of a primary production site’s Customer Data in near real-time to geo-diverse active sites within the same country as the primary production site. Encryption of and access to Customer Data for the replicated sites will comply with this Addendum.
   5. Authentication/Authorization/Access
      1. AI will require multifactor authentication for all staff when gaining access to the IT Services Environment, except where it is not technically possible.
      2. Whenever passwords are employed, AI will ensure that access to IT Services and Customer Data meets the minimum requirements established in NIST SP 800-63B Authenticator Assurance Level 1 (AAL1).
      3. AI will limit access to Customer Data to the minimum required AI support staff. AI will limit the use of IDs with access to Customer Data to the minimum amount of time reasonably necessary to complete a particular task. AI will monitor access to Customer Data to ensure that access is only obtained when necessary to provide the Software Services, or as necessary to comply with this Addendum. For other access that do not have access to Customer Data, AI will limit the number of AI support staff (including IT Subcontractors) with persistent access to the IT Services Environment according to the Principle of Least Privilege.
      4. Where possible AI will provide Customer with the option to integrate its own SAML 2.0 based or newer SSO provider with Software Services and manage access by Customer staff to Software Services.
      5. AI will provide Customer with an ID to initially perform access management for Customer’s staff or setup Customer SSO authentication.
      6. AI will maintain an activity log of discrete system access tracing such access back to specific individuals who: (a) access the IT Services Environment, (b) perform system and application administration support, or (c) use administrator or other privileged access on a central log server. The retention period for such log will be a minimum of twelve (12) months. The activity log will include date and time, ID of who performed the action, resource accessed, event identifier, and event information (including where possible with enough detail to know what was affected so that the action could be reversed). Log files will be immutable and inaccessible to administrators of the servers and resources being logged.
      7. No less often than monthly, AI will review the logs related to the use of privileged access or anomalous security events (such as abnormal access attempts, critical data changes) to identify any irregularities.
4. Physical Security
   1. Subject to applicable law (e.g., data transfer, sovereignty, or residency), AI will host Customer Data and locate physical servers hosting such Customer Data only in the geographic region in which either (a) the Customer Data was provided or originated or (b) upon Customer request, AI will host the Customer Data at a location near to the location of Customer incorporation or has its principal business address. Upon Customer’s written request, AI will identify the location of the physical servers that host Customer Data.
   2. Upon Customer’s written request, AI will identify the location of the AI support staff, including IT Subcontractors, with access to Customer Data or the IT Services Environment.
   3. AI will require that multifactor authentication be implemented for all individuals who physically access the data center (e.g., card key, unique individual PINs entered in a keypad, biometric screening).
   4. AI will ensure its hosting services providers continuously monitor and record data centers using camera surveillance systems located at critical internal and external entry points to the data center and at individual cages and rooms located therein. Video footage will be archived for a minimum period of ninety (90) days (or the maximum allowed by law, whichever is shorter).
5. Security Assessment and Testing
   1. AI will perform a Third-Party vulnerability assessment, including manual testing, at least once per calendar year. Upon Customer request, AI will provide a summary of AI test results and follow-up actions.
   2. If, as part of the vulnerability assessments and penetration tests, Customer determines that changes to security must be made in order to protect the IT Services Environment or Software, then the parties will mutually review the proposed changes and associated timeframe AI implementation of mutually acceptable changes.
6. Background Checks
   1. AI will, to the extent legally permitted and in accordance with AI’s internal policies and processes, perform industry standard background checks on all AI employees and IT Subcontractors with access to Customer Data and will restrict access to only such employees and IT Subcontractors who have completed any such background check and are acceptable as reasonably determined in AI’s good faith discretion.
7. Controls Verifications and Evaluations:
   1. Customer or its representative may, at its own expense and with at least thirty (30) days prior written notice to AI, verify AI’s compliance with the terms of this Addendum. This verification of compliance with these terms will not be conducted more than once per twelve (12) consecutive month period, unless such verification is in direct response to an Information Security Incident.
8. Standards/Certifications. AI will maintain and, upon request, provide to Customer, attestations of compliance with the following certifications, guidelines, attestation, and other standards: SOC2, Type 2 annually, covering the previous 12-month period. The SOC2, Type 2 report must include auditor findings and notes. The scope of the SOC2, Type 2 report must include the service offering obtained by the Customer.
9. Information Security Incidents
   1. Notice of Incident.  In the event AI becomes aware of any Information Security Incident, AI shall promptly, but no later than one business day from discovery, inform Customer in writing of such discovery. Such notice shall summarize in reasonable detail the effect on Customer or Affiliates, if known, of the Information Security Incident and the corrective action taken or to be taken by AI. AI shall promptly take all necessary or advisable corrective actions and shall cooperate fully with Customer in all reasonable and lawful efforts to prevent, mitigate, or rectify such Information Security Incident.
   2. Notice of Disclosure.  AI will provide Customer copies of any public disclosure, filings, communications, general notices, press releases, or reports related to any Information Security Incident. AI will use best efforts to assist Customer with any legal reporting requirements in response to any actual or suspected unauthorized access to AI Infrastructure.
   3. Indemnification for Information Security Incident. Subject to the Limitation of Liability section of Appendix A, AI shall indemnify and hold harmless Customer and Affiliates and their officers, employees, directors, supervisors and agents from, and defend against, any and all claims, losses, liabilities, costs and expenses, reasonable attorneys’ fees, consultants’ fees and court costs (collectively, “Covered Claims”) at 2x the total value of all fees paid in the previous calendar year, to the extent that such Covered Claims arise from an Information Security Incident arising as a result of AI’s failure to meet any of its obligations under this Addendum, AI’s willful misconduct, or AI’s negligent acts or omissions. AI will not be held responsible nor be required to indemnify Customer and/or its Affiliates for IT Incidents that may have been prevented by Information Security Controls offered to Customer by the AI but not included in the service order made by Customer.
10. Return or Destruction. AI will either: a) securely destroy or render unreadable, undecipherable, or unrecoverable; or, b) at Customer request, deliver to Customer or its designees, the original and any or all copies in any storage media of any materials containing Customer Data or Confidential Information in AI’s possession, custody, or control. The format of the data should be a mutually agreeable format that is both readily usable and complete. Notwithstanding the foregoing, Customer acknowledges that AI’s disaster recovery systems may automatically retain backup copies of Customer Data. To the extent that AI’s disaster recovery systems create backup copies of Customer Data, AI may retain such backup copies for the period that AI normally retains such backup copies (which shall be no longer than twelve (12) months following expiration or termination of services, or a request for return or destruction). These backup copies are subject to the provisions of this Agreement until they are destroyed or erased. In the event applicable law does not permit AI to comply with the delivery or destruction of some Customer Data, AI shall ensure that such Customer Data is kept confidential and secure. AI shall destroy or render unreadable, undecipherable, or unrecoverable when such law allows. Upon reasonable request, AI shall certify to Customer that AI has complied with this Section.
11. Artificial Intelligence.  AI agrees that Customer Content made available to the Artificial Intelligence Tools will be limited to pre-approved and/or agreed between the parties and  the data types utilized and necessary to meet the purposes consistent with the relevant Services provided by AI to Customer or its Affiliates; AI represents and warrants that AI has the power and authority to grant the licenses and all other rights it extends under this Agreement and/or an Order, including any deliverables resulting from Generative Artificial Intelligence; AI represents and warrants that a) the data used for Artificial Intelligence Tools training originates from trusted sources; b) quality controls are applied as required to outputs from Artificial Intelligence Tools; c) AI applies human oversight to any Artificial Intelligence Tools input and output used within processes and services; d) where possible, AI assigns unique identities to Artificial Intellgence Tools to ensure traceability of outputs origination; e) AI adheres to all US or International laws regarding the usage of Artificial Intelligence Tools; AI shall indemnify and hold harmless Customer and Affiliates and their officers, employees, directors, supervisors and agents from, and defend against, any and all third party claims, losses, liabilities, costs and expenses, reasonable attorneys’ fees, consultants’ fees and court costs (collectively, “Covered Claims”), to the extent that such Covered Claims arise from, or may be in any way attributable to AI’s use of Artificial Intelligence Tools or Customer’s or its Affiliate’s use of AI’s Artificial Intelligence Output.

APPENDIX E: Artificial Intelligence (“AI”)

1. The parties agree that the Artificial Intelligence Output made available by the Artificial Intelligence Tools will be limited to reports on any anomalies relevant to Customer’s equipment and/or Services provided by American Innovations to Customer or its Affiliates.
2. Model
3. American Innovations represents and warrants that it has the power and authority to grant the licenses and all other rights it extends under this Agreement and/or an Order, including any deliverables resulting from AI’s Artificial Intelligence Output;
4. American Innovations represents and warrants that a) the data used for Artificial Intelligence Tools training originates from trusted sources; b) quality controls are applied as required to outputs from Artificial Intelligence Tools; c) American Innovations applies human oversight to any AI Tools input and output used within processes and services; d) where possible, American Innovations assigns unique identities to Artificial Intelligence Tools to ensure traceability of outputs origination; e) American Innovations adheres to all  applicable US or International laws regarding the usage of Artificial Intelligence Tools;
5. As provided for in Appendix A “General Terms” Section 4 “Intellectual Property” (a) “Rights”, ownership of any Artificial Intelligence Output will remain with American Innovation and Customer is granted a revocable, worldwide term-based right to use such Artificial Intelligence Output.