Enterprise SaaS Agreement - Colorado

ENTERPRISE SOFTWARE-AS-A-SERVICE AGREEMENT

STATE OF COLORADO

Agreement Number: [________________________________]

Effective Date: [__/__/____]

PARTIES

Provider:

• Legal Name: [________________________________]
• Principal Address: [________________________________]
• State of Organization: [________________________________]
• Colorado Secretary of State ID No.: [________________________________]

Customer:

• Legal Name: [________________________________]
• Principal Address: [________________________________]
• State of Organization: [________________________________]

Provider and Customer are each a "Party" and collectively the "Parties."

RECITALS

WHEREAS, Provider is in the business of developing, hosting, and licensing cloud-based software applications delivered on a subscription basis;

WHEREAS, Customer desires to obtain access to Provider's enterprise software-as-a-service platform and related professional services for its internal business operations;

WHEREAS, the Parties intend this Agreement to be governed by the laws of the State of Colorado, including the Colorado Uniform Commercial Code (C.R.S. Title 4), the Colorado Uniform Electronic Transactions Act (C.R.S. § 24-71.3-101 et seq.), the Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.), and applicable data protection statutes;

WHEREAS, the Parties desire to set forth the terms and conditions under which Provider will deliver the Services and Customer will access and use the same;

NOW, THEREFORE, in consideration of the mutual covenants and agreements set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

ARTICLE 1: DEFINITIONS

As used in this Agreement, the following terms shall have the meanings set forth below:

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where "control" means ownership of fifty percent (50%) or more of the voting securities or equivalent ownership interest.

1.2 "Applicable Law" means all federal, state, and local laws, statutes, regulations, rules, and ordinances applicable to the Parties' performance under this Agreement, including without limitation the Colorado Revised Statutes and rules promulgated by the Colorado Attorney General.

1.3 "Authorized Users" means individuals who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Agreement, subject to the user limitations specified in the applicable Order Form.

1.4 "Biometric Data" means data generated by automatic measurements of an individual's biological characteristics, such as fingerprints, voiceprints, retina or iris images, or other unique biological patterns or characteristics used to identify a specific individual, as defined under C.R.S. § 6-1-1314.

1.5 "Business Day" means any day other than a Saturday, Sunday, or Colorado state holiday.

1.6 "Confidential Information" means all non-public information disclosed by one Party to the other Party, whether orally, in writing, or by electronic means, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure.

1.7 "Consumer" means a Colorado resident acting in an individual or household context, as defined under C.R.S. § 6-1-1303, excluding individuals acting in a commercial or employment context.

1.8 "Customer Data" means all electronic data, information, content, and materials submitted, uploaded, or transmitted by or on behalf of Customer or its Authorized Users to the Services, excluding Provider Technology.

1.9 "Data Breach" means unauthorized acquisition of unencrypted computerized data that compromises the security, confidentiality, or integrity of personal information maintained by Provider, as defined under C.R.S. § 6-1-716.

1.10 "Documentation" means Provider's standard user manuals, online help resources, training materials, technical specifications, and other written or electronic documentation describing the features, functions, and operation of the Services.

1.11 "Error" means any failure of the Services to perform in material conformity with the applicable Documentation and the specifications set forth in the Order Form.

1.12 "Fees" means the amounts payable by Customer for the Services as set forth in the applicable Order Form, including Subscription Fees, Implementation Fees, and Professional Services Fees.

1.13 "Force Majeure Event" means any event beyond the reasonable control of a Party, including acts of God, natural disasters, pandemics, government actions, war, terrorism, labor disputes, power failures, or internet service provider failures.

1.14 "Implementation Services" means the configuration, customization, data migration, integration, and related professional services to be performed by Provider as specified in the applicable Order Form or Statement of Work.

1.15 "Intellectual Property Rights" means all patent rights, copyrights, trademark rights, trade secret rights, database rights, and all other intellectual property rights of any kind throughout the world.

1.16 "Order Form" means each ordering document executed by the Parties that references this Agreement and specifies the Services, Fees, Subscription Term, and other commercial terms, substantially in the form attached as Exhibit A.

1.17 "Personal Information" means information as defined under C.R.S. § 6-1-716, including an individual's name in combination with specified data elements such as Social Security number, driver's license number, student or military identification number, financial account numbers, biometric data, or medical or health insurance information.

1.18 "Professional Services" means consulting, training, data migration, custom development, and other professional services provided by Provider as described in a Statement of Work.

1.19 "Provider Technology" means the Services, Documentation, and all underlying technology, software, algorithms, interfaces, and infrastructure used to provide the Services, including all Intellectual Property Rights therein.

1.20 "Sensitive Data" means personal data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation, citizenship or immigration status, genetic or biometric data uniquely identifying an individual, personal data of a known child, or precise geolocation data, as defined under the Colorado Privacy Act (C.R.S. § 6-1-1303).

1.21 "Service Level Agreement" or "SLA" means the service level commitments set forth in Exhibit B, including uptime guarantees, performance metrics, and remedies for failure to meet such commitments.

1.22 "Services" means the cloud-based software-as-a-service application(s) identified in the applicable Order Form, together with all updates, upgrades, and enhancements made generally available by Provider during the Subscription Term.

1.23 "Statement of Work" or "SOW" means a document executed by both Parties that describes specific Professional Services, deliverables, milestones, timelines, and fees.

1.24 "Subscription Term" means the period during which Customer has the right to access and use the Services, as specified in the applicable Order Form, including any renewal terms.

1.25 "Support Services" means the technical support and maintenance services to be provided by Provider as described in the SLA.

1.26 "Third-Party Components" means any third-party software, open-source libraries, APIs, or services incorporated into or used in connection with the Services.

ARTICLE 2: LICENSE GRANT AND ACCESS RIGHTS

2.1 License Grant. Subject to Customer's compliance with this Agreement and timely payment of all Fees, Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable (except to Authorized Users) right to access and use the Services during the applicable Subscription Term, solely for Customer's internal business purposes and in accordance with the Documentation.

2.2 Authorized Users. Customer shall ensure that all Authorized Users comply with the terms of this Agreement. Customer is responsible for all acts and omissions of its Authorized Users in connection with the Services. The number of Authorized Users shall not exceed the quantities specified in the applicable Order Form unless additional users are purchased.

2.3 Usage Restrictions. Customer shall not, and shall not permit any third party to:

☐ Copy, modify, translate, adapt, or create derivative works of the Services or Documentation;
☐ Reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the Services;
☐ Sublicense, sell, resell, lease, rent, loan, distribute, or otherwise transfer access to the Services to any third party;
☐ Use the Services to develop a competing product or service;
☐ Remove, alter, or obscure any proprietary notices, labels, or marks on the Services or Documentation;
☐ Use the Services in violation of any Applicable Law, including C.R.S. § 6-1-101 et seq. (Colorado Consumer Protection Act);
☐ Transmit any viruses, malware, or harmful code through the Services;
☐ Exceed any usage limitations specified in the Order Form;
☐ Use the Services to store or transmit material that infringes any third-party Intellectual Property Rights.

2.4 Reservation of Rights. All rights not expressly granted in this Agreement are reserved by Provider. No implied licenses are granted by virtue of this Agreement.

2.5 Customer Affiliates. Customer may permit its Affiliates to use the Services under the terms of this Agreement, provided that Customer remains responsible for each Affiliate's compliance with this Agreement and executes a separate Order Form for each Affiliate.

ARTICLE 3: SERVICE LEVEL AGREEMENT

3.1 Uptime Commitment. Provider shall use commercially reasonable efforts to make the Services available with a Monthly Uptime Percentage of at least [____]% during each calendar month, as further detailed in Exhibit B (Service Level Agreement).

3.2 Scheduled Maintenance. Provider shall provide Customer with at least [____] hours' prior written notice of scheduled maintenance windows. Scheduled maintenance shall be performed during off-peak hours (between 12:00 a.m. and 6:00 a.m. Mountain Time) whenever practicable.

3.3 Service Credits. If Provider fails to meet the Monthly Uptime Percentage commitment, Customer shall be entitled to Service Credits as set forth in Exhibit B. Service Credits shall be Customer's sole and exclusive remedy for Provider's failure to meet the uptime commitment.

3.4 Support Tiers. Provider shall provide Support Services in accordance with the following tiers:

3.5 Exclusions. The uptime commitment shall not apply to: (a) scheduled maintenance windows; (b) Force Majeure Events; (c) failures caused by Customer's equipment, software, or network connections; (d) Customer's use of the Services in violation of this Agreement; or (e) features designated as beta or pre-release.

ARTICLE 4: IMPLEMENTATION AND ONBOARDING

4.1 Implementation Plan. Provider shall deliver Implementation Services in accordance with the implementation plan and timeline set forth in the applicable Statement of Work or Order Form.

4.2 Customer Cooperation. Customer shall provide Provider with timely access to Customer personnel, systems, data, and facilities reasonably necessary for Provider to perform the Implementation Services. Delays caused by Customer's failure to cooperate shall not constitute a breach by Provider.

4.3 Acceptance Testing. Upon completion of Implementation Services, Customer shall have [____] Business Days to conduct acceptance testing. Customer shall notify Provider in writing of any material deficiencies. If Customer does not provide written notice of rejection within the acceptance period, the Implementation Services shall be deemed accepted.

4.4 Data Migration. If data migration is included in the Implementation Services, Provider shall use commercially reasonable efforts to migrate Customer Data accurately. Customer is responsible for validating the accuracy and completeness of migrated data within [____] Business Days following migration.

4.5 Training. Provider shall deliver the training specified in the applicable Order Form or SOW. Additional training shall be available at Provider's then-current rates.

ARTICLE 5: FEES AND PAYMENT

5.1 Fees. Customer shall pay the Fees specified in the applicable Order Form. Unless otherwise stated, all Fees are quoted in United States Dollars and are non-refundable except as expressly set forth in this Agreement.

5.2 Invoicing and Payment. Provider shall invoice Customer in accordance with the billing schedule set forth in the Order Form. Customer shall pay all undisputed invoices within [____] days of the invoice date. Payments shall be made by wire transfer, ACH, or such other method as the Parties may agree.

5.3 Late Payments. Overdue payments shall accrue interest at the lesser of: (a) one and one-half percent (1.5%) per month; or (b) the maximum rate permitted under Colorado law (C.R.S. § 5-12-101 et seq.). Provider may suspend access to the Services if any undisputed invoice remains unpaid for more than [____] days after the due date, upon [____] days' prior written notice.

5.4 Taxes. All Fees are exclusive of applicable taxes. Customer shall be responsible for all sales, use, and other taxes imposed by any governmental authority in connection with this Agreement, excluding taxes based on Provider's net income. Colorado sales tax shall be applied in accordance with C.R.S. Title 39, Article 26.

5.5 Fee Increases. Provider may increase Subscription Fees upon renewal by providing written notice at least [____] days prior to the end of the then-current Subscription Term. Fee increases shall not exceed [____]% per annum unless otherwise agreed in the Order Form.

5.6 Disputed Invoices. Customer may dispute any invoice in good faith by providing written notice with reasonable detail within [____] days of the invoice date. The Parties shall negotiate in good faith to resolve any billing disputes. Customer shall pay all undisputed amounts by the due date.

ARTICLE 6: DATA PROTECTION AND SECURITY

6.1 Data Security Obligations. Provider shall implement and maintain administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, use, disclosure, alteration, or destruction, in compliance with industry standards and Applicable Law.

6.2 Colorado Data Breach Notification. In the event of a Data Breach involving Personal Information of Colorado residents, Provider shall:

(a) Notify Customer without unreasonable delay and no later than [____] hours after discovery of the breach;

(b) Cooperate with Customer in complying with the notification requirements of C.R.S. § 6-1-716, which requires notice in the most expedient time possible and without unreasonable delay, but not later than thirty (30) days after the date of determination that a security breach occurred;

(c) If five hundred (500) or more Colorado residents are affected, assist Customer in notifying the Colorado Attorney General within the thirty (30)-day timeframe required by C.R.S. § 6-1-716;

(d) Provide Customer with a detailed written report describing the nature and scope of the breach, the categories of data affected, remedial actions taken, and recommendations for mitigation.

6.3 Colorado Privacy Act (CPA) Compliance. To the extent that Provider processes personal data of Colorado Consumers in connection with the Services, Provider shall comply with the Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.), effective July 1, 2023, as amended, including:

(a) Processing personal data only pursuant to Customer's documented instructions and solely for the purposes of performing its obligations under this Agreement;

(b) Assisting Customer in responding to Consumer rights requests, including rights of access, correction, deletion, portability, and opt-out under C.R.S. § 6-1-1306;

(c) Honoring Consumer opt-out requests for targeted advertising, sale of personal data, and profiling that produces legal or similarly significant effects, in compliance with C.R.S. § 6-1-1306(1)(a);

(d) Recognizing and complying with universal opt-out mechanisms as required by the Colorado Attorney General's rules;

(e) Obtaining Customer's prior consent before processing any Sensitive Data, as required by C.R.S. § 6-1-1308;

(f) Implementing data minimization practices, collecting only personal data that is adequate, relevant, and reasonably necessary for the disclosed purpose;

(g) Assisting Customer in conducting data protection assessments for processing activities that present heightened risk, as required by C.R.S. § 6-1-1309;

(h) Ensuring a duty of confidentiality for each person processing personal data on behalf of Provider;

(i) Deleting or returning all personal data upon the conclusion of services, at Customer's direction.

6.4 CPA Enforcement Awareness. The Parties acknowledge that as of January 1, 2025, the sixty (60)-day cure period for alleged CPA violations is no longer required, and the Colorado Attorney General and District Attorneys have discretion to immediately enforce penalties for violations without first providing an opportunity to cure.

6.5 Biometric Data Protections. If the Services process Biometric Data, Provider shall comply with C.R.S. § 6-1-1314 (effective July 1, 2025), including obtaining appropriate consent, maintaining a written retention and destruction policy, and complying with purpose limitations for biometric data processing.

6.6 Data Processing. Provider shall process Customer Data solely for the purposes of performing its obligations under this Agreement and in accordance with Customer's documented instructions. Provider shall not sell, share, or otherwise disclose Customer Data to third parties except as necessary to provide the Services or as required by Applicable Law.

6.7 Data Location. Customer Data shall be stored and processed within the United States unless Customer provides prior written consent for storage or processing in another jurisdiction.

6.8 Security Standards. Provider shall maintain security controls consistent with SOC 2 Type II certification or equivalent industry-recognized standards. Provider shall make audit reports or certifications available to Customer upon reasonable request and subject to appropriate confidentiality protections.

6.9 Data Return and Deletion. Upon expiration or termination of this Agreement, Provider shall, at Customer's election: (a) return all Customer Data to Customer in a commercially reasonable format; or (b) securely delete all Customer Data. Provider shall certify in writing that all Customer Data has been returned or deleted within [____] days following termination.

6.10 Subprocessors. Provider shall not engage any subprocessor to process Customer Data without Customer's prior written consent. Provider shall maintain an up-to-date list of subprocessors and shall remain liable for the acts and omissions of its subprocessors. Provider shall enter into written agreements with each subprocessor containing data protection obligations no less protective than those set forth in this Agreement.

6.11 Multi-State Privacy Compliance. To the extent Customer Data includes personal information of residents of states with comprehensive privacy laws, Provider shall assist Customer in complying with applicable requirements, including but not limited to the Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.), Delaware Personal Data Privacy Act (Del. Code tit. 6, ch. 12D), and other applicable state privacy laws.

ARTICLE 7: INTELLECTUAL PROPERTY

7.1 Provider IP. As between the Parties, Provider retains all right, title, and interest in and to the Provider Technology, including all Intellectual Property Rights therein. Nothing in this Agreement transfers ownership of any Provider IP to Customer.

7.2 Customer Data Ownership. As between the Parties, Customer retains all right, title, and interest in and to the Customer Data. Customer grants Provider a non-exclusive, limited license to use, copy, store, and process Customer Data solely as necessary to provide the Services.

7.3 Feedback. If Customer provides suggestions, enhancement requests, recommendations, or other feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or obligation to Customer.

7.4 Aggregated Data. Provider may collect and use aggregated, de-identified, and anonymized data derived from Customer's use of the Services for purposes of improving the Services, generating benchmarking reports, and conducting analytics, provided that such data does not identify Customer or any individual, and provided that de-identification practices comply with the requirements of the Colorado Privacy Act.

7.5 Third-Party Components. The Services may incorporate Third-Party Components subject to separate license terms. Provider shall disclose all material Third-Party Components upon Customer's request and shall ensure that the use of such components does not diminish Customer's rights under this Agreement.

ARTICLE 8: CONFIDENTIALITY

8.1 Obligations. Each Party (the "Receiving Party") agrees that it shall: (a) hold the Confidential Information of the other Party (the "Disclosing Party") in strict confidence; (b) not disclose such Confidential Information to any third party except to its employees, agents, and contractors who have a need to know and who are bound by confidentiality obligations at least as protective as those set forth herein; and (c) use the Confidential Information only for the purposes of performing its obligations or exercising its rights under this Agreement.

8.2 Exclusions. Confidential Information shall not include information that: (a) is or becomes publicly available through no breach of this Agreement; (b) was rightfully in the Receiving Party's possession prior to disclosure; (c) is independently developed by the Receiving Party without reference to the Confidential Information; or (d) is rightfully obtained from a third party without restriction on disclosure.

8.3 Compelled Disclosure. The Receiving Party may disclose Confidential Information if required by law, regulation, or court order, provided that the Receiving Party: (a) provides prompt written notice to the Disclosing Party to the extent legally permitted; (b) reasonably cooperates with the Disclosing Party's efforts to obtain a protective order or other appropriate remedy; and (c) discloses only the minimum amount of Confidential Information required.

8.4 Duration. The confidentiality obligations under this Article shall survive the expiration or termination of this Agreement for a period of [____] years; provided, however, that obligations with respect to trade secrets shall continue for so long as such information qualifies as a trade secret under Colorado law, including the Colorado Uniform Trade Secrets Act (C.R.S. § 7-74-101 et seq.).

8.5 Injunctive Relief. Each Party acknowledges that a breach of this Article may cause irreparable harm for which monetary damages would be inadequate. Accordingly, each Party shall be entitled to seek injunctive or other equitable relief in any court of competent jurisdiction in Colorado without the necessity of proving actual damages or posting bond, to the extent permitted by applicable law.

ARTICLE 9: REPRESENTATIONS AND WARRANTIES

9.1 Mutual Representations. Each Party represents and warrants to the other that:

(a) It is duly organized, validly existing, and in good standing under the laws of its jurisdiction of organization;

(b) It has full power and authority to enter into and perform its obligations under this Agreement;

(c) The execution and performance of this Agreement does not conflict with any other agreement to which it is a party;

(d) It shall comply with all Applicable Laws in its performance of this Agreement, including the Colorado Privacy Act.

9.2 Provider Warranties. Provider represents and warrants that:

(a) The Services shall perform in material conformity with the Documentation during the Subscription Term;

(b) The Implementation Services and Professional Services shall be performed in a professional and workmanlike manner by qualified personnel;

(c) The Services shall not, at the time of delivery, contain any viruses, malware, backdoors, or other malicious code;

(d) Provider has and shall maintain all rights, licenses, and permissions necessary to grant Customer the rights set forth in this Agreement;

(e) To Provider's knowledge, the Services do not infringe any third-party Intellectual Property Rights;

(f) Provider shall comply with all applicable data protection laws, including C.R.S. § 6-1-716 and C.R.S. § 6-1-1301 et seq.

9.3 Warranty Remedy. If the Services fail to conform to the warranties in Section 9.2(a), Provider shall, at its own expense, use commercially reasonable efforts to correct the nonconformity. If Provider is unable to correct the nonconformity within [____] days after receiving written notice thereof, Customer may terminate the affected Order Form and receive a pro-rata refund of prepaid Fees for the unused portion of the Subscription Term.

9.4 Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE. THIS DISCLAIMER IS MADE IN ACCORDANCE WITH COLORADO LAW, INCLUDING C.R.S. TITLE 4 (UNIFORM COMMERCIAL CODE).

ARTICLE 10: INDEMNIFICATION

10.1 Provider Indemnification. Provider shall defend, indemnify, and hold harmless Customer and its Affiliates, officers, directors, employees, and agents from and against any third-party claims, actions, suits, proceedings, and demands ("Claims") alleging that:

(a) The Services, as provided by Provider and used by Customer in accordance with this Agreement, infringe any United States patent, copyright, trademark, or trade secret;

(b) Provider's breach of its data security obligations under Article 6 resulted in unauthorized access to or disclosure of Customer Data;

and Provider shall pay all resulting damages, costs, and expenses (including reasonable attorneys' fees).

10.2 Provider Remedies for IP Claims. If the Services become, or in Provider's opinion are likely to become, the subject of an infringement claim, Provider may, at its sole option and expense: (a) procure for Customer the right to continue using the Services; (b) modify or replace the Services so they are non-infringing without material diminution in functionality; or (c) if neither (a) nor (b) is commercially practicable, terminate the affected Order Form and refund any prepaid Fees for the unused portion of the Subscription Term.

10.3 Customer Indemnification. Customer shall defend, indemnify, and hold harmless Provider and its Affiliates, officers, directors, employees, and agents from and against any Claims arising from: (a) Customer's use of the Services in violation of this Agreement or Applicable Law; (b) Customer Data or Customer's instructions to Provider, to the extent such data or instructions infringe any third-party rights; or (c) Customer's breach of any representation or warranty in this Agreement.

10.4 Indemnification Procedures. The indemnified Party shall: (a) promptly notify the indemnifying Party in writing of any Claim; (b) grant the indemnifying Party sole control of the defense and settlement of such Claim; and (c) provide reasonable cooperation at the indemnifying Party's expense. The indemnifying Party shall not settle any Claim in a manner that imposes obligations on the indemnified Party without the indemnified Party's prior written consent.

ARTICLE 11: LIMITATION OF LIABILITY

11.1 Consequential Damages Waiver. EXCEPT FOR A PARTY'S OBLIGATIONS UNDER ARTICLE 8 (CONFIDENTIALITY) AND ARTICLE 10 (INDEMNIFICATION), IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Liability Cap. EXCEPT FOR A PARTY'S OBLIGATIONS UNDER ARTICLE 8 (CONFIDENTIALITY) AND ARTICLE 10 (INDEMNIFICATION), EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE [____]-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11.3 Elevated Cap. FOR CLAIMS ARISING UNDER ARTICLE 8 (CONFIDENTIALITY) OR ARTICLE 10 (INDEMNIFICATION), EACH PARTY'S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED [____] TIMES THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE TWELVE (12)-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11.4 Exceptions. The limitations set forth in this Article shall not apply to: (a) either Party's breach of its confidentiality obligations with respect to the other Party's trade secrets; (b) Provider's indemnification obligations for IP infringement; (c) Customer's payment obligations; (d) damages arising from a Party's willful misconduct or gross negligence; or (e) liability that cannot be limited under Colorado law.

11.5 Essential Basis. The limitations of liability set forth in this Article are an essential element of the basis of the bargain between the Parties and shall apply regardless of whether any remedy fails of its essential purpose.

ARTICLE 12: TERM AND TERMINATION

12.1 Agreement Term. This Agreement shall commence on the Effective Date and shall continue until all Order Forms have expired or been terminated, unless earlier terminated in accordance with this Article.

12.2 Subscription Term. Each Order Form shall specify an initial Subscription Term. Unless either Party provides written notice of non-renewal at least [____] days prior to the end of the then-current term, the Subscription Term shall automatically renew for successive periods of equal length.

12.3 Termination for Cause. Either Party may terminate this Agreement or any Order Form upon written notice if the other Party:

(a) Commits a material breach of this Agreement and fails to cure such breach within [____] days after receiving written notice specifying the breach; or

(b) Becomes the subject of a proceeding relating to bankruptcy, insolvency, receivership, liquidation, or assignment for the benefit of creditors.

12.4 Termination for Convenience. Customer may terminate any Order Form for convenience upon [____] days' prior written notice, provided that Customer shall remain liable for all Fees due through the end of the then-current Subscription Term unless otherwise specified in the Order Form.

12.5 Effect of Termination. Upon termination or expiration of this Agreement:

(a) All rights and licenses granted to Customer shall immediately terminate;

(b) Customer shall immediately cease all use of the Services;

(c) Provider shall comply with the data return and deletion obligations set forth in Section 6.9;

(d) Each Party shall return or destroy all Confidential Information of the other Party;

(e) Customer shall pay all Fees accrued through the effective date of termination within [____] days.

12.6 Survival. The following provisions shall survive any termination or expiration of this Agreement: Articles 1, 7, 8, 9.4, 10, 11, 12.5, 12.6, and 13.

ARTICLE 13: GOVERNING LAW AND DISPUTE RESOLUTION

13.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Colorado, without giving effect to any choice-of-law or conflict-of-law provisions. The United Nations Convention on Contracts for the International Sale of Goods shall not apply.

13.2 Jurisdiction and Venue. The Parties irrevocably consent to the exclusive jurisdiction and venue of the state courts located in the City and County of Denver, Colorado, and the United States District Court for the District of Colorado, for any action or proceeding arising out of or relating to this Agreement.

13.3 Alternative Dispute Resolution. Prior to initiating litigation, the Parties shall attempt to resolve any dispute arising under this Agreement through the following process:

(a) Negotiation. The Parties' designated representatives shall attempt to resolve the dispute through good-faith negotiation within [____] Business Days of written notice of the dispute.

(b) Mediation. If negotiation is unsuccessful, either Party may initiate non-binding mediation administered by [________________________________] in Denver, Colorado. The costs of mediation shall be shared equally.

(c) Litigation. If mediation is unsuccessful within [____] days, either Party may pursue its remedies in accordance with Section 13.2.

13.4 Attorneys' Fees. In any action or proceeding to enforce the terms of this Agreement, the prevailing Party shall be entitled to recover its reasonable attorneys' fees and costs.

13.5 Jury Waiver. EACH PARTY HEREBY IRREVOCABLY WAIVES THE RIGHT TO A JURY TRIAL IN ANY ACTION OR PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT, TO THE FULLEST EXTENT PERMITTED BY COLORADO LAW.

ARTICLE 14: GENERAL PROVISIONS

14.1 Entire Agreement. This Agreement, together with all Order Forms, Exhibits, SOWs, and other documents incorporated by reference, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, negotiations, and understandings, whether written or oral.

14.2 Order of Precedence. In the event of a conflict between the terms of this Agreement and any Order Form, Exhibit, or SOW, the following order of precedence shall apply: (1) this Agreement; (2) the Data Protection provisions in Article 6; (3) the applicable Order Form; (4) the SLA (Exhibit B); (5) any SOW.

14.3 Amendments. This Agreement may not be amended or modified except by a written instrument signed by authorized representatives of both Parties.

14.4 Waiver. No waiver of any provision of this Agreement shall be effective unless in writing and signed by the waiving Party. A waiver of any breach shall not constitute a waiver of any subsequent breach.

14.5 Severability. If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction in Colorado, the remaining provisions shall continue in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

14.6 Assignment. Neither Party may assign this Agreement without the prior written consent of the other Party, except that either Party may assign this Agreement without consent: (a) to an Affiliate; or (b) in connection with a merger, acquisition, or sale of all or substantially all of its assets. Any purported assignment in violation of this Section shall be void.

14.7 Notices. All notices under this Agreement shall be in writing and shall be deemed given: (a) when delivered personally; (b) one (1) Business Day after deposit with a nationally recognized overnight courier; (c) three (3) Business Days after being sent by certified mail, return receipt requested; or (d) when sent by email with confirmation of receipt. Notices shall be sent to the addresses specified in this Agreement or as updated by written notice.

14.8 Independent Contractors. The Parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, franchise, or employment relationship between the Parties.

14.9 Force Majeure. Neither Party shall be liable for any delay or failure in performance resulting from a Force Majeure Event, provided that the affected Party: (a) promptly notifies the other Party; (b) uses commercially reasonable efforts to mitigate the effects; and (c) resumes performance as soon as practicable. If a Force Majeure Event continues for more than [____] days, either Party may terminate the affected Order Form upon written notice.

14.10 Export Compliance. Customer shall comply with all applicable export control laws and regulations, including the U.S. Export Administration Regulations and the International Traffic in Arms Regulations.

14.11 Publicity. Neither Party shall use the other Party's name, logo, or trademarks in any publicity or marketing materials without the other Party's prior written consent.

14.12 Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument. Electronic signatures shall be deemed valid and binding in accordance with the Colorado Uniform Electronic Transactions Act (C.R.S. § 24-71.3-101 et seq.).

14.13 Construction. This Agreement shall be construed without regard to any presumption or rule requiring construction against the Party causing any provision to be drafted. Headings are for convenience only and shall not affect interpretation.

SIGNATURES

IN WITNESS WHEREOF, the Parties have executed this Enterprise SaaS Agreement as of the Effective Date.

PROVIDER:

☐ Authorized signatory has reviewed all terms and conditions

Signature: [________________________________]

Printed Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

CUSTOMER:

☐ Authorized signatory has reviewed all terms and conditions
☐ Legal counsel review completed

Signature: [________________________________]

Printed Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

EXHIBIT A: ORDER FORM

Order Form Number: [________________________________]

Effective Date: [__/__/____]

This Order Form is entered into pursuant to the Enterprise SaaS Agreement between the Parties dated [__/__/____] (the "Agreement"). Capitalized terms not defined herein have the meanings set forth in the Agreement.

Services Ordered

Subscription Details

• Subscription Term: [________________________________]
• Start Date: [__/__/____]
• End Date: [__/__/____]
• Number of Authorized Users: [____]
• Storage Allocation: [____] GB/TB
• Environment: ☐ Production ☐ Staging ☐ Development

Fees

• Total Annual Subscription Fee: $[________]
• Implementation Fee: $[________]
• Training Fee: $[________]
• Payment Schedule: ☐ Annual ☐ Quarterly ☐ Monthly
• Billing Start Date: [__/__/____]

Additional Terms

[________________________________]

Order Form Signatures

Provider: [________________________________] Date: [__/__/____]

Customer: [________________________________] Date: [__/__/____]

EXHIBIT B: SERVICE LEVEL AGREEMENT

1. Uptime Commitment

Provider guarantees a Monthly Uptime Percentage of [____]% for the Services during each calendar month.

Monthly Uptime Percentage = ((Total Minutes in Month - Downtime Minutes) / Total Minutes in Month) x 100

2. Service Credit Schedule

3. Service Credit Procedures

• Customer must request Service Credits within [____] Business Days of the end of the affected month.
• Service Credits shall be applied against future invoices and shall not exceed [____]% of the monthly Fees for the affected Services.
• Service Credits are Customer's sole and exclusive remedy for Provider's failure to meet the uptime commitment.

4. Incident Response

5. Maintenance Windows

• Scheduled Maintenance: [________________________________]
• Emergency Maintenance: Provider shall provide notice as soon as practicable.
• Maintenance Exclusions: Scheduled maintenance downtime is excluded from uptime calculations.

6. Disaster Recovery

• Recovery Point Objective (RPO): [____] hours
• Recovery Time Objective (RTO): [____] hours
• Backup Frequency: [________________________________]
• Backup Location: [________________________________]

7. Reporting

Provider shall provide Customer with monthly uptime reports within [____] Business Days following the end of each calendar month.

SOURCES AND REFERENCES

• Colorado Privacy Act: https://coag.gov/resources/colorado-privacy-act/
• C.R.S. § 6-1-716 (Data Breach Notification): https://codes.findlaw.com/co/title-6-consumer-and-commercial-affairs/co-rev-st-sect-6-1-716/
• Colorado Privacy Act Text (SB21-190): http://leg.colorado.gov/bills/sb21-190
• Colorado Attorney General Data Privacy Resources: https://coag.gov/resources/data-protection-laws/
• C.R.S. § 6-1-1314 (Biometric Data Protections): https://law.justia.com/codes/colorado/title-6/fair-trade-and-restraint-of-trade/article-1/part-13/section-6-1-1314/
• C.R.S. § 7-74-101 et seq. (Uniform Trade Secrets Act)
• Colorado Consumer Protection Act (C.R.S. § 6-1-101 et seq.)