SOFTWARE AS A SERVICE AGREEMENT (ENTERPRISE)

TABLE OF CONTENTS

1. Parties and Order
2. Access Rights and Restrictions
3. Service Levels, Availability, and DR
4. Support Services
5. Customer Obligations
6. Fees and Payment
7. Security and Data Protection
8. Business Continuity and Disaster Recovery
9. Intellectual Property and Feedback
10. Confidentiality
11. Warranties and Disclaimers
12. Indemnities
13. Limitations of Liability
14. Term, Suspension, and Termination
15. Compliance (AUP, Export, Sanctions, Anti-Corruption)
16. Governing Law and Dispute Resolution
17. Miscellaneous
18. Signatures
19. Attachments

1. PARTIES AND ORDER

Agreement between [PROVIDER] and [CUSTOMER], effective [DATE], incorporating the Order Form and attachments listed in Section 19.

2. ACCESS RIGHTS AND RESTRICTIONS

• Non-exclusive, non-transferable right to access the SaaS during the Subscription Term, subject to usage limits in the Order.
• Restrictions: no resale, benchmarking disclosure without consent, reverse engineering, circumvention of limits, or competitive use if restricted by law.
• Customer is responsible for Users' compliance.

3. SERVICE LEVELS, AVAILABILITY, AND DR

• Uptime target: [99.9%] monthly, excluding scheduled maintenance and force majeure; SLA credits per SLA Policy (Attachment B) as sole remedy unless chronic failure triggers termination right.
• Maintenance windows: [specify notice/recurrence].
• DR: RPO [X hours]; RTO [Y hours]; tested [annually/semi-annually] with summaries available upon request.

4. SUPPORT SERVICES

• Support scope, hours, response/resolution targets per Support Policy (Attachment C).
• Escalation procedures and status cadence included therein.

5. CUSTOMER OBLIGATIONS

• Provide accurate account info; maintain credentials; comply with AUP; lawful content.
• Configure Customer-controlled settings securely; notify Provider of security incidents involving the SaaS.
• Provide cooperation and information reasonably needed for support and investigations.

6. FEES AND PAYMENT

• Fees: subscription, usage/overage, and taxes as stated in the Order; expenses typically N/A unless professional services ordered.
• Invoices per Order; payments due [30] days; late amounts accrue [1.5%/month] or the maximum rate permitted under District of Columbia law (D.C. Code Section 28-3302).
• Suspension for non-payment after [10] days' notice; restoration upon cure.
• Renewal pricing uplift [X% cap or CPI] with [60] days' notice.

7. SECURITY AND DATA PROTECTION

• Provider maintains safeguards per Security Addendum/DPA (Attachment D); incident notice within [X] hours of confirmation; cooperation on investigations and notifications.
• DPA governs Personal Data processing; data return/deletion per DPA and Section 14.
• District of Columbia Data Breach Notification: Provider shall notify Customer of any security breach involving Customer's personal information in accordance with the D.C. Security Breach Notification Act (D.C. Code Section 28-3851 et seq.) without unreasonable delay.
• Provider shall cooperate with Customer in responding to consumer rights requests as applicable.

8. BUSINESS CONTINUITY AND DISASTER RECOVERY

• BC/DR plan maintained and reviewed [annually]; material changes notified; backup cadence [e.g., daily with retention X]; secondary region [if applicable].
• Force majeure events handled per standard clause; Provider to prioritize restoration of critical functions.

9. INTELLECTUAL PROPERTY AND FEEDBACK

• Provider retains IP in the SaaS; Customer retains IP in Customer Data.
• Customer grants Provider rights to use Customer Data to provide the SaaS and to create aggregated/de-identified data for [security/benchmarking/product improvement] if permitted by law and AUP/DPA.
• Feedback licensed to Provider on a royalty-free basis.

10. CONFIDENTIALITY

• Mutual confidentiality with standard exclusions; protection period [X] years post-termination.
• Customer Data treated as Customer Confidential Information subject to DPA for Personal Data.
• District of Columbia Uniform Trade Secrets Act (D.C. Code Section 36-401 et seq.) governs trade secret claims.

11. WARRANTIES AND DISCLAIMERS

• SaaS will materially conform to Documentation; services performed professionally; no malware at delivery.
• Disclaimers: no implied warranties beyond stated; no warranty for beta/free features; Customer solely responsible for results from configurations outside Documentation.
• TO THE EXTENT PERMITTED BY DISTRICT OF COLUMBIA LAW, ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED.

12. INDEMNITIES

• Provider indemnifies for third-party IP infringement claims based on the SaaS as provided (exclusions: Customer Data, unauthorised combinations, misuse).
• Customer indemnifies for claims from Customer Data, AUP breaches, or use in violation of this Agreement.
• Procedure: prompt notice, control of defense, cooperation; settlements require consent.

13. LIMITATIONS OF LIABILITY

• Cap: fees paid/payable in prior [12/24] months (select), excluding SLA credits.
• Exclusions: no consequential/indirect damages (lost profits, revenue, data), except carve-outs as negotiated (e.g., IP indemnity, confidentiality breach, data breach, willful misconduct).
• Liability caps do not apply to gross negligence, willful misconduct, or violations of District of Columbia law where limitation is prohibited.

14. TERM, SUSPENSION, AND TERMINATION

• Initial Subscription Term per Order; auto-renew unless notice [30/60] days prior.
• Suspension for AUP violations, security threats, or non-payment after notice.
• Termination for material breach uncured [30] days; insolvency; chronic SLA failure per SLA Policy.
• Effect: Customer pays accrued fees; data export available for [30] days post-termination (unless terminated for Customer breach after notice), then deletion per DPA.

15. COMPLIANCE (AUP, EXPORT, SANCTIONS, ANTI-CORRUPTION)

• AUP incorporated; no prohibited content/activities.
• Export/sanctions compliance; no access from embargoed jurisdictions or by sanctioned parties; no prohibited end uses.
• Anti-corruption covenant; accurate books for any government interactions.
• Compliance with District of Columbia Consumer Protection Procedures Act (CPPA) (D.C. Code Section 28-3901 et seq.).

16. GOVERNING LAW AND DISPUTE RESOLUTION

• Governing Law: This Agreement shall be governed by and construed in accordance with the laws of the District of Columbia, without regard to its conflict of laws principles.
• Venue: Exclusive jurisdiction and venue shall be in the Superior Court of the District of Columbia or the United States District Court for the District of Columbia.
• Escalation: The parties agree to attempt good-faith escalation to executives before initiating formal proceedings.
• JURY WAIVER: TO THE FULLEST EXTENT PERMITTED BY DISTRICT OF COLUMBIA LAW, EACH PARTY WAIVES ANY RIGHT TO A JURY TRIAL FOR ANY DISPUTE ARISING OUT OF OR RELATING TO THIS AGREEMENT.

17. MISCELLANEOUS

• Assignment (change of control options), subcontracting with responsibility retained by Provider, notices, force majeure, order of precedence, amendments in writing, severability, independent contractors.
• District of Columbia Uniform Electronic Transactions Act (D.C. Code Section 28-4901 et seq.) governs electronic signatures and records.

18. SIGNATURES

☐ Provider has reviewed and agrees to the terms
☐ Customer has reviewed and agrees to the terms
☐ Legal counsel review completed

19. ATTACHMENTS

• Attachment A: Order Form
• Attachment B: SLA Policy
• Attachment C: Support Policy
• Attachment D: DPA / Security Addendum
• Attachment E: Acceptable Use Policy