Professional Services Rate Card (California)

PROFESSIONAL SERVICES RATE CARD

ROLES AND RATES (EXAMPLE)

OVERTIME / AFTER-HOURS (IF APPLICABLE)

• After-hours/weekend work billed at [1.5x/2x] upon Customer approval.

TRAVEL AND EXPENSES

• Travel must be pre-approved; billed at cost per policy [cite]; travel time billed at [rate or %] if applicable.

MINIMUMS AND CAPS

• Daily minimum (if onsite): [X] hours.
• Optional not-to-exceed (NTE): [$____] for specified work, subject to change orders.

RATE VALIDITY

• Rates valid through [DATE]; subject to adjustment with [30/60] days' notice per Agreement.

BILLING AND PAYMENT

• Invoicing cadence: [weekly/bi-weekly/monthly] in arrears.
• Payment terms per Agreement.

INTELLECTUAL PROPERTY AND WORK PRODUCT

Ownership of Work Product:

☐ Option 1 — Client Owns Work Product (Work Made for Hire):
All deliverables, reports, analyses, designs, documentation, and other materials created by Provider specifically for Client under this Rate Card ("Work Product") shall be considered works made for hire to the extent permitted by applicable law. To the extent any Work Product does not qualify as a work made for hire, Provider hereby irrevocably assigns to Client all right, title, and interest in and to such Work Product, including all intellectual property rights therein.

☐ Option 2 — Provider Retains Ownership; Client Receives License:
Provider retains all right, title, and interest in Work Product. Upon payment in full, Provider grants Client a non-exclusive, perpetual, irrevocable, royalty-free license to use, reproduce, modify, and display the Work Product for Client's internal business purposes.

☐ Option 3 — Joint Ownership:
Work Product shall be jointly owned by both parties. Each party may use Work Product without accounting to the other, subject to confidentiality obligations.

CALIFORNIA PRACTICE NOTE: Under federal copyright law (17 U.S.C. § 101), a "work made for hire" by an independent contractor requires either: (1) the work falls within one of nine statutory categories and a written agreement designating it as such; or (2) a valid written assignment. See Community for Creative Non-Violence v. Reid, 490 U.S. 730 (1989). Because most professional services deliverables created by independent contractors do not automatically qualify as works for hire, a written assignment clause is strongly recommended to ensure the client obtains ownership. Additionally, California Labor Code § 2870 restricts employer claims on employee inventions developed entirely on the employee's own time without using the employer's equipment, supplies, facilities, or trade secret information, unless the invention relates to the employer's business or results from work performed for the employer. Any assignment provision that purports to require assignment of inventions excluded under § 2870 is against public policy and unenforceable. Employers must provide written notice of § 2870 to employees at the time any invention assignment agreement is executed. See also Cal. Lab. Code §§ 2871-2872.

Provider Pre-Existing IP:
Provider's pre-existing intellectual property, tools, methodologies, templates, and know-how ("Provider IP") remain the sole property of Provider. To the extent Provider IP is incorporated into any Work Product, Provider grants Client a non-exclusive, perpetual, irrevocable, royalty-free license to use such Provider IP solely as embedded in the Work Product.

Client Materials:
All materials, data, and intellectual property provided by Client to Provider ("Client Materials") remain the sole property of Client. Provider shall use Client Materials only for performing services under this Rate Card and shall return or destroy all Client Materials upon request or termination.

DATA PROTECTION AND PRIVACY

Applicability:
☐ Provider will access, process, or store personal data in connection with services under this Rate Card
☐ Provider will NOT access, process, or store personal data (remainder of this section does not apply)

Data Handling Obligations:
Where Provider accesses, processes, or stores personal data on behalf of Client, Provider shall:

1. Process personal data only as necessary to perform services and in accordance with Client's written instructions
2. Implement and maintain reasonable administrative, technical, and physical safeguards to protect personal data from unauthorized access, disclosure, alteration, or destruction
3. Not sell, rent, or otherwise disclose personal data to third parties except as necessary to perform services or as required by law
4. Promptly notify Client (within [____] hours of discovery) of any actual or reasonably suspected data breach affecting personal data
5. Cooperate with Client in investigating and remediating any data breach, including providing timely information necessary for Client to comply with applicable breach notification laws
6. Upon termination of services or Client's written request, return or securely destroy all personal data in Provider's possession within [____] days
7. Permit Client to audit Provider's data protection practices upon [____] days written notice, no more than [____] time(s) per calendar year

Subprocessors:
Provider shall not engage subprocessors to process personal data without Client's prior written consent. Provider remains responsible for any subprocessor's compliance with this section.

Compliance with Applicable Law:
Each party shall comply with all applicable data protection and privacy laws, including but not limited to:

• California Consumer Privacy Act / California Privacy Rights Act (Cal. Civ. Code § 1798.100 et seq.)
• California Data Breach Notification Law (Cal. Civ. Code § 1798.82)
• California Comprehensive Computer Data Access and Fraud Act (Cal. Penal Code § 502)
• Federal regulations applicable to Client's industry (e.g., HIPAA, GLBA, FERPA)

CALIFORNIA PRACTICE NOTE: California has one of the most comprehensive consumer privacy frameworks in the United States. The California Consumer Privacy Act of 2018 (CCPA), as substantially amended by the California Privacy Rights Act of 2020 (CPRA), is codified at Cal. Civ. Code § 1798.100 et seq. and is enforced by both the California Attorney General and the California Privacy Protection Agency. The CCPA/CPRA grants consumers rights to know, access, delete, and correct personal information, and to opt out of the sale or sharing of personal data. Businesses meeting applicable thresholds must comply with detailed obligations regarding notice, data minimization, purpose limitation, and data protection assessments. Additionally, effective January 1, 2026, California's amended breach notification statute (Cal. Civ. Code § 1798.82, as amended by SB 446) requires covered entities to notify affected California residents within 30 days of discovering a breach and to notify the California Attorney General within 15 calendar days of notifying affected individuals for breaches involving more than 500 California residents. Parties should ensure their incident response plans reflect these compressed timelines.

ELECTRONIC SIGNATURES

This Rate Card and any amendments, SOWs, or Change Orders may be executed by electronic signature, which shall be valid and enforceable pursuant to the California Uniform Electronic Transactions Act (Cal. Civ. Code §§ 1633.1-1633.17) and the federal Electronic Signatures in Global and National Commerce Act (E-SIGN, 15 U.S.C. §§ 7001-7031). Electronic signatures, including digital signatures, typed names in signature blocks, and click-through acceptances, shall have the same legal effect as original ink signatures. Copies transmitted by email, PDF, or through electronic signature platforms (e.g., DocuSign, Adobe Sign) shall be deemed originals for all purposes.