Enterprise Software as a Service Agreement - Idaho

ENTERPRISE SOFTWARE AS A SERVICE AGREEMENT

STATE OF IDAHO

AGREEMENT INFORMATION

PARTIES TO THIS AGREEMENT

PROVIDER:

CUSTOMER:

RECITALS

WHEREAS, Provider is engaged in the business of providing cloud-based software as a service solutions and related professional services;

WHEREAS, Customer desires to obtain access to and use of Provider's software platform and services for Customer's enterprise business operations;

WHEREAS, the parties wish to establish the terms and conditions under which Provider will make its services available to Customer, subject to the laws of the State of Idaho;

WHEREAS, Idaho is a community property state (Idaho Code § 32-906), and the parties acknowledge this may affect asset classification in certain circumstances involving individual signatories;

NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

ARTICLE 1: DEFINITIONS

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.

1.2 "Authorized Users" means Customer's employees, contractors, consultants, and agents who are authorized by Customer to access and use the Services under the rights granted pursuant to this Agreement.

1.3 "Confidential Information" means all non-public information disclosed by one party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure. For purposes of Idaho Code § 48-801 et seq., Confidential Information that constitutes a trade secret shall receive the protections afforded under the Idaho Trade Secrets Act.

1.4 "Customer Data" means all electronic data, information, content, records, and files that Customer or Authorized Users upload, submit, store, transmit, or process through the Services, including Personal Information.

1.5 "Data Processing Agreement" or "DPA" means the data processing addendum attached as Exhibit C, setting forth the terms under which Provider processes Customer Data.

1.6 "Documentation" means Provider's standard user guides, online help files, technical specifications, and other documentation related to the Services as updated from time to time.

1.7 "Downtime" means any period during which the Services are unavailable or materially impaired, excluding Scheduled Maintenance and Excused Downtime.

1.8 "Effective Date" means the date first written above or the date both parties have executed this Agreement, whichever is later.

1.9 "Excused Downtime" means unavailability caused by: (a) Customer's acts or omissions; (b) failures of Customer's equipment, software, or network connections; (c) third-party services outside Provider's control; (d) force majeure events; or (e) suspension pursuant to Section 6.4.

1.10 "Fees" means all amounts payable by Customer to Provider as set forth in this Agreement and any applicable Order Form.

1.11 "Initial Term" means the initial subscription period specified in the Order Form.

1.12 "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets (as defined under Idaho Code § 48-801), and other intellectual property rights recognized under the laws of any jurisdiction worldwide.

1.13 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, adware, or other harmful or malicious code, files, scripts, agents, or programs.

1.14 "Monthly Uptime Percentage" means the total minutes in a calendar month minus minutes of Downtime, divided by total minutes in the month, expressed as a percentage.

1.15 "Order Form" means an ordering document specifying the Services, subscription levels, Fees, and other commercial terms, executed by both parties and incorporated herein.

1.16 "Personal Information" has the meaning set forth in Idaho Code § 28-51-104, including an individual's first name or first initial and last name in combination with a Social Security number, driver's license or state identification number, or financial account number with required security code, access code, or password.

1.17 "Professional Services" means implementation, configuration, customization, training, integration, and consulting services provided by Provider as specified in an Order Form or Statement of Work.

1.18 "Renewal Term" means each successive subscription period following the Initial Term.

1.19 "SaaS Services" means Provider's proprietary cloud-based software platform accessible via the internet on a subscription basis, distinct from downloadable or locally installed software.

1.20 "Scheduled Maintenance" means planned maintenance of the Services performed during designated maintenance windows with advance notice to Customer.

1.21 "Security Breach" has the meaning set forth in Idaho Code § 28-51-104, including the illegal acquisition of unencrypted computerized data that materially compromises the security, confidentiality, or integrity of Personal Information maintained by an individual or a commercial entity.

1.22 "Security Incident" means any unauthorized access to, acquisition of, or disclosure of Customer Data, or any breach or potential breach of Provider's security measures.

1.23 "Service Level Agreement" or "SLA" means the service level commitments set forth in Article 4 and Exhibit B.

1.24 "Services" means collectively the SaaS Services, Professional Services, and support services described in the applicable Order Form.

1.25 "Statement of Work" or "SOW" means a document describing Professional Services, deliverables, timelines, and associated fees.

1.26 "Subscription Term" means collectively the Initial Term and all Renewal Terms.

1.27 "Third-Party Components" means software, data, services, or content provided by third parties that are incorporated into or used in connection with the Services.

1.28 "Trade Secret" has the meaning set forth in Idaho Code § 48-801(5), including information that derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

1.29 "Uptime Commitment" means the minimum Monthly Uptime Percentage that Provider commits to maintain as specified in Article 4 and the Order Form.

1.30 "User Account" means the unique login credentials and account established for each Authorized User.

ARTICLE 2: SAAS SERVICES AND ACCESS RIGHTS

2.1 Grant of Rights

Subject to Customer's compliance with this Agreement and payment of all Fees, Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to:

(a) Access and use the SaaS Services for Customer's internal business operations;

(b) Permit Authorized Users to access and use the SaaS Services in accordance with this Agreement;

(c) Access, use, and reproduce the Documentation in connection with permitted use of the Services; and

(d) Store, process, and retrieve Customer Data through the Services.

2.2 Subscription Tiers

Customer's subscription shall be as specified in the Order Form:

☐ Standard Enterprise — Up to [____] Authorized Users
☐ Professional Enterprise — Up to [____] Authorized Users
☐ Premium Enterprise — Up to [____] Authorized Users
☐ Unlimited Enterprise — Unlimited Authorized Users
☐ Custom Configuration — As specified: [________________________________]

2.3 User Account Administration

(a) Customer shall designate at least one (1) administrator to manage User Accounts and access permissions.

(b) Customer is responsible for maintaining the confidentiality of all User Account credentials.

(c) Customer shall promptly notify Provider of any unauthorized access or security breach involving User Accounts.

(d) User Accounts are for designated individuals only and may not be shared among multiple persons.

2.4 Authorized User Categories

☐ Named Users — Identified individuals assigned specific User Accounts
☐ Concurrent Users — Maximum simultaneous users: [____]
☐ Site License — All employees at specified locations
☐ Enterprise-Wide — All employees and authorized contractors
☐ Other: [________________________________]

2.5 Affiliate Usage

☐ Customer's Affiliates are authorized to use the Services under this Agreement
☐ Customer's Affiliates must execute separate Order Forms
☐ Affiliate usage is not permitted

If Affiliate usage is permitted:

(a) Customer shall ensure Affiliate compliance with all Agreement terms;

(b) Customer remains liable for Affiliate acts and omissions;

(c) Affiliate usage counts toward Customer's licensed capacity.

2.6 Use Restrictions

Customer shall not, and shall not permit any Authorized User or third party to:

(a) Copy, modify, or create derivative works of the Services or Documentation;

(b) Reverse engineer, disassemble, decompile, or attempt to discover the source code of the Services;

(c) Sublicense, sell, lease, rent, loan, distribute, or otherwise transfer the Services to any third party;

(d) Use the Services in violation of any applicable law, including the Idaho Consumer Protection Act (Idaho Code § 48-601 et seq.);

(e) Use the Services to transmit Malicious Code;

(f) Interfere with or disrupt the integrity or performance of the Services; or

(g) Attempt to gain unauthorized access to the Services or related systems.

ARTICLE 3: PROFESSIONAL SERVICES AND SUPPORT

3.1 Implementation Services

Provider shall provide the following implementation services:

☐ Standard Implementation — Per Provider's standard methodology
☐ Custom Implementation — Per mutually agreed Statement of Work
☐ Phased Implementation — Per the timeline in the Order Form

3.2 Support Services

Provider shall provide support in accordance with the following tier:

☐ Standard Support — Business hours (8:00 AM–5:00 PM MST, Monday–Friday), email and ticket-based
☐ Premium Support — Extended hours with phone support and dedicated account manager
☐ Enterprise Support — 24/7/365 coverage with designated support engineer and four-hour response SLA
☐ Custom Support — As specified: [________________________________]

3.3 Training

Provider shall deliver the following training:

☐ Online self-service training materials at no additional charge
☐ Live virtual training sessions: [____] sessions included
☐ On-site training at Customer's Idaho location: [____] days included
☐ Custom training program as specified in SOW

3.4 Change Management

Any changes to the scope of Professional Services shall be documented in a written change order signed by both parties, specifying the nature of the change, impact on timeline, and any additional Fees.

ARTICLE 4: SERVICE LEVELS AND UPTIME

4.1 Uptime Commitment

Provider shall use commercially reasonable efforts to maintain the following Monthly Uptime Percentage:

Selected tier: ☐ Standard ☐ Enhanced ☐ Premium ☐ Mission-Critical

4.2 Service Level Credits

If Provider fails to meet the Uptime Commitment in any calendar month, Customer shall be entitled to a Service Level Credit as follows:

4.3 Credit Request Process

(a) Customer must request Service Level Credits in writing within thirty (30) days of the end of the month in which the Downtime occurred.

(b) Provider shall verify the Downtime claim and issue credits within fifteen (15) business days.

(c) Service Level Credits shall be applied to the next invoice or, if at the end of the Subscription Term, refunded to Customer.

(d) Service Level Credits are Customer's sole and exclusive remedy for Provider's failure to meet the Uptime Commitment.

4.4 Chronic Failure Termination Right

If Provider fails to meet the Uptime Commitment for three (3) or more consecutive months, or for any five (5) months in a rolling twelve-month period, Customer may terminate the affected Order Form upon thirty (30) days' written notice and receive a pro-rata refund of prepaid Fees.

4.5 Scheduled Maintenance

(a) Provider shall perform Scheduled Maintenance during the following maintenance window: [________________________________] (default: Sundays 2:00 AM–6:00 AM MST).

(b) Provider shall provide at least forty-eight (48) hours' advance notice of Scheduled Maintenance.

(c) Scheduled Maintenance shall not exceed [____] hours per month.

(d) Scheduled Maintenance is excluded from Downtime calculations.

4.6 Excused Downtime Exclusions

The following events are excluded from Downtime calculations:

(a) Force majeure events as defined in Article 16;

(b) Customer's acts, omissions, or equipment failures;

(c) Third-party internet service provider failures;

(d) Scheduled Maintenance performed within designated windows;

(e) Suspension of Services pursuant to Section 6.4; and

(f) Emergency maintenance necessitated by security threats, with prompt notice to Customer.

ARTICLE 5: CUSTOMER DATA AND DATA PROTECTION

5.1 Ownership of Customer Data

As between the parties, Customer retains all right, title, and interest in and to Customer Data. Provider acquires no rights in Customer Data except the limited license to process Customer Data as necessary to perform its obligations under this Agreement.

5.2 Data Processing

Provider shall process Customer Data solely in accordance with:

(a) Customer's documented instructions;

(b) The terms of this Agreement and the DPA (Exhibit C);

(c) Applicable data protection laws, including Idaho data breach notification requirements; and

(d) Industry-standard security practices.

5.3 Data Security

Provider shall implement and maintain reasonable administrative, technical, and physical safeguards designed to:

(a) Protect Customer Data against unauthorized access, acquisition, or disclosure;

(b) Ensure the confidentiality, integrity, and availability of Customer Data;

(c) Protect against reasonably anticipated threats or hazards to Customer Data security; and

(d) Comply with applicable Idaho law, including the Idaho Identity Theft Protection Act (Idaho Code § 28-51-104 et seq.).

5.4 Security Certifications

Provider maintains the following security certifications:

☐ SOC 2 Type II
☐ ISO 27001
☐ ISO 27017 (Cloud Security)
☐ ISO 27018 (PII in Cloud)
☐ HITRUST CSF
☐ FedRAMP (if applicable)
☐ Other: [________________________________]

5.5 Data Breach Notification

IDAHO-SPECIFIC PROVISION: In the event of a Security Breach involving Personal Information of Idaho residents, Provider shall:

(a) Notify Customer as soon as possible after discovering the breach, consistent with Idaho Code § 28-51-105;

(b) Provide sufficient information for Customer to evaluate whether notice to affected Idaho residents is required;

(c) Note that under Idaho Code § 28-51-105, notification is not required if, after a reasonable and prompt investigation, the covered entity determines that misuse of the resident's information has not occurred and is not reasonably likely to occur;

(d) Cooperate with Customer in investigating the breach and mitigating its effects;

(e) Assist Customer in preparing any required notifications to affected Idaho residents and the Idaho Attorney General; and

(f) Be aware that intentional failure to notify under Idaho law is subject to a fine of not more than twenty-five thousand dollars ($25,000) per breach under Idaho Code § 28-51-107.

5.6 No Comprehensive State Privacy Law

IDAHO-SPECIFIC NOTE: As of the date of this Agreement, Idaho has not enacted a comprehensive consumer data privacy law comparable to the CCPA, CPA, or ICDPA. Data protection obligations under this Agreement are governed by Idaho's data breach notification statute (Idaho Code § 28-51-104 et seq.), the Idaho Consumer Protection Act (Idaho Code § 48-601 et seq.), and applicable federal laws. The parties agree to amend this Agreement as necessary to comply with any Idaho data privacy legislation enacted during the Subscription Term.

5.7 Data Location

Provider shall store Customer Data in the following location(s):

☐ United States only
☐ United States and approved international locations
☐ Specific data center region(s): [________________________________]

5.8 Data Encryption

Provider shall encrypt Customer Data:

(a) In transit using TLS 1.2 or higher;

(b) At rest using AES-256 or equivalent encryption standard; and

(c) For backups using encryption equivalent to that used for primary storage.

ARTICLE 6: FEES, PAYMENT, AND TAXES

6.1 Fee Structure

Customer shall pay Provider the Fees specified in the applicable Order Form:

☐ Annual Subscription — $[________________________________] per year
☐ Monthly Subscription — $[________________________________] per month
☐ Per-User Fee — $[________________________________] per Authorized User per [month/year]
☐ Usage-Based — Per the usage metrics in the Order Form
☐ Tiered Pricing — Per the tier schedule in the Order Form

6.2 Payment Terms

(a) Provider shall invoice Customer [monthly/quarterly/annually] in advance for subscription Fees and in arrears for usage-based Fees and Professional Services.

(b) Customer shall pay all undisputed invoices within [____] days of receipt (default: thirty (30) days).

(c) All Fees are stated in United States Dollars.

6.3 Late Payments

IDAHO-SPECIFIC PROVISION: Overdue amounts shall accrue interest at the lesser of: (a) one and one-half percent (1.5%) per month; or (b) the maximum rate permitted under Idaho law. Under Idaho Code § 28-22-104, when no express contract in writing fixes a different rate, the legal rate of interest is twelve percent (12%) per annum. This is one of the highest statutory default rates in the nation. Parties should carefully specify a contractual interest rate, as the 12% default may apply if this section is left blank or ambiguous.

6.4 Suspension for Non-Payment

If Customer fails to pay any undisputed Fees within fifteen (15) days after receiving written notice of non-payment, Provider may suspend Customer's access to the Services until all outstanding Fees are paid. Provider shall provide at least ten (10) business days' written notice before suspension.

6.5 Fee Disputes

(a) Customer shall notify Provider of any disputed charges within thirty (30) days of invoice receipt.

(b) Customer shall pay all undisputed amounts by the due date while the parties resolve the dispute in good faith.

(c) If a dispute is resolved in Customer's favor, Provider shall promptly issue a credit or refund.

6.6 Taxes

IDAHO-SPECIFIC PROVISION — SaaS TAXABILITY:

(a) Idaho SaaS Tax Treatment. Idaho does not impose sales tax on SaaS when the software is accessed remotely via the internet and no tangible medium is transferred. The Idaho State Tax Commission treats remotely accessed SaaS as a non-taxable service, provided no copy of the software is delivered to the customer. However, software delivered on a physical medium (e.g., CD, DVD, USB) is taxable. Custom software is also not subject to sales tax.

(b) Tax Responsibility. All Fees are exclusive of taxes. Customer shall be responsible for all applicable sales, use, and similar taxes arising from this Agreement, except for taxes based on Provider's net income.

(c) Digital Goods Distinction. Idaho classifies digital products (music, books, videos, games) as tangible personal property when the purchaser obtains a permanent right to use. However, subscriptions, rentals, and streaming access are not taxable. SaaS subscriptions, where no copy of the software is transferred, fall into the non-taxable category.

(d) Tax Indemnification. Customer shall indemnify Provider for any taxes, penalties, or interest assessed against Provider that are Customer's responsibility hereunder.

6.7 Fee Increases

(a) Fees for Renewal Terms may be increased by Provider upon at least sixty (60) days' written notice prior to the start of a Renewal Term.

(b) Annual fee increases shall not exceed [____]% (default: the greater of 5% or the Consumer Price Index increase for the preceding twelve months).

ARTICLE 7: INTELLECTUAL PROPERTY RIGHTS

7.1 Provider IP

Provider retains all right, title, and interest in and to the Services, Documentation, software, algorithms, interfaces, technology, and all Intellectual Property Rights therein. No rights are granted to Customer except as expressly set forth in this Agreement.

7.2 Customer IP

Customer retains all right, title, and interest in and to Customer Data and any pre-existing intellectual property of Customer. Provider acquires no Intellectual Property Rights in Customer Data.

7.3 Feedback

If Customer provides suggestions, enhancement requests, or other feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or obligation. Customer hereby assigns to Provider all right, title, and interest in and to such Feedback.

7.4 Aggregated and De-Identified Data

Provider may collect and use aggregated, anonymized, and de-identified data derived from Customer's use of the Services for product improvement, benchmarking, and analytics, provided that such data does not identify Customer or any individual.

7.5 Third-Party Components

(a) The Services may incorporate Third-Party Components subject to separate license terms.

(b) Provider shall identify material Third-Party Components upon Customer's request.

(c) Provider represents that it has all necessary rights and licenses for Third-Party Components used in the Services.

ARTICLE 8: CONFIDENTIALITY

8.1 Obligations

IDAHO-SPECIFIC PROVISION: Each party (the "Receiving Party") shall: (a) hold the other party's (the "Disclosing Party's") Confidential Information in strict confidence using at least the same degree of care it uses to protect its own confidential information (but in no event less than reasonable care); (b) not disclose Confidential Information to third parties except as expressly permitted herein; and (c) use Confidential Information only to perform its obligations or exercise its rights under this Agreement. Claims for misappropriation of Trade Secrets shall be governed by the Idaho Trade Secrets Act (Idaho Code § 48-801 et seq.), which provides a three-year statute of limitations under Idaho Code § 48-805.

8.2 Permitted Disclosures

The Receiving Party may disclose Confidential Information to its employees, agents, contractors, and professional advisors who have a need to know and are bound by confidentiality obligations at least as protective as those herein.

8.3 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was known to the Receiving Party before disclosure; (c) is received from a third party without restriction; or (d) is independently developed without use of Confidential Information.

8.4 Required Disclosures

The Receiving Party may disclose Confidential Information if required by law, regulation, or legal process, provided that the Receiving Party: (a) gives prompt written notice to the Disclosing Party (to the extent legally permitted); (b) cooperates with the Disclosing Party's efforts to obtain a protective order; and (c) discloses only the minimum information required.

8.5 Return or Destruction

Upon termination or expiration of this Agreement, each party shall, at the Disclosing Party's election, return or destroy all Confidential Information, except for copies retained in automated backups (subject to continued confidentiality obligations) and copies required to be retained under Idaho law.

8.6 Injunctive Relief

Each party acknowledges that unauthorized disclosure of Confidential Information may cause irreparable harm for which monetary damages would be inadequate. Accordingly, either party may seek injunctive or equitable relief from any Idaho court of competent jurisdiction without the necessity of posting a bond, in addition to any other remedies available at law or in equity under Idaho Code § 48-803.

ARTICLE 9: REPRESENTATIONS AND WARRANTIES

9.1 Mutual Representations

Each party represents and warrants that:

(a) It is duly organized, validly existing, and in good standing under the laws of its state of formation;

(b) It has full power and authority to enter into this Agreement;

(c) This Agreement constitutes a valid and binding obligation enforceable in accordance with its terms; and

(d) Execution of this Agreement does not conflict with any other agreement or obligation.

9.2 Provider Warranties

Provider represents and warrants that:

(a) The Services will perform materially in accordance with the Documentation during the Subscription Term;

(b) The Services will be provided in a professional and workmanlike manner consistent with industry standards;

(c) Provider has the right to grant the licenses and access rights set forth herein;

(d) The Services will not, at the time of delivery, contain any Malicious Code;

(e) Provider will comply with all applicable laws in performing its obligations, including Idaho data protection laws; and

(f) Provider's security measures will be no less protective than industry-standard practices for cloud-based enterprise software.

9.3 Customer Warranties

Customer represents and warrants that:

(a) Customer will use the Services in compliance with this Agreement and applicable law;

(b) Customer has all necessary rights to transmit Customer Data to Provider; and

(c) Customer Data does not and will not infringe any third party's Intellectual Property Rights.

9.4 Warranty Disclaimer

IDAHO-SPECIFIC PROVISION: EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT, AND TO THE MAXIMUM EXTENT PERMITTED BY IDAHO LAW:

(a) PROVIDER MAKES NO OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

(b) THIS DISCLAIMER IS MADE IN ACCORDANCE WITH IDAHO CODE § 28-2-316, WHICH REQUIRES THAT ANY EXCLUSION OF THE IMPLIED WARRANTY OF MERCHANTABILITY MUST MENTION "MERCHANTABILITY" AND, IF IN WRITING, MUST BE CONSPICUOUS. THIS DISCLAIMER IS SET FORTH IN CAPITALIZED TEXT TO SATISFY THE CONSPICUOUSNESS REQUIREMENT.

(c) TO EXCLUDE THE IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, THE EXCLUSION MUST BE IN WRITING AND CONSPICUOUS UNDER IDAHO CODE § 28-2-316(2). THIS WRITTEN DISCLAIMER IN CAPITALIZED TEXT SATISFIES THAT REQUIREMENT.

(d) UNDER IDAHO CODE § 28-2-316(3), ALL IMPLIED WARRANTIES MAY ALSO BE EXCLUDED BY EXPRESSIONS SUCH AS "AS IS" OR "WITH ALL FAULTS." THE SAAS SERVICES ARE NOT PROVIDED "AS IS" BUT ARE SUBJECT TO THE EXPRESS WARRANTIES STATED ABOVE.

(e) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES WILL MEET CUSTOMER'S SPECIFIC REQUIREMENTS BEYOND THOSE EXPRESSLY STATED IN THE DOCUMENTATION.

ARTICLE 10: INDEMNIFICATION

10.1 Provider Indemnification

Provider shall defend, indemnify, and hold harmless Customer and its officers, directors, employees, and agents from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

(a) IP Indemnity: Any allegation that Customer's use of the Services as permitted hereunder infringes or misappropriates any third party's Intellectual Property Rights;

(b) Data Breach Indemnity: Provider's failure to comply with its data security obligations hereunder, including obligations under the Idaho Identity Theft Protection Act (Idaho Code § 28-51-104 et seq.), resulting in a Security Breach;

(c) General Indemnity: Provider's gross negligence or willful misconduct in performing its obligations; and

(d) Compliance Indemnity: Provider's violation of applicable law in performing the Services.

10.2 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Provider and its officers, directors, employees, and agents from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

(a) Customer Data or its use infringing any third party's rights;

(b) Customer's use of the Services in violation of this Agreement or applicable law; and

(c) Customer's gross negligence or willful misconduct.

10.3 Indemnification Procedures

(a) The indemnified party shall provide prompt written notice of any claim (provided that failure to give prompt notice shall not relieve the indemnifying party except to the extent prejudiced);

(b) The indemnifying party shall have sole control of the defense and settlement, provided it does not admit liability on behalf of the indemnified party;

(c) The indemnified party shall cooperate and provide reasonable assistance at the indemnifying party's expense; and

(d) The indemnified party may participate in the defense at its own expense with counsel of its choice.

10.4 IP Indemnity Remedies

If the Services become, or in Provider's opinion are likely to become, the subject of an infringement claim, Provider may, at its option and expense: (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing while maintaining substantially equivalent functionality; or (c) if neither (a) nor (b) is commercially feasible, terminate the affected Order Form and refund prepaid Fees for the remaining Subscription Term.

ARTICLE 11: LIMITATION OF LIABILITY

11.1 Cap on Liability

IDAHO-SPECIFIC PROVISION: EXCEPT FOR EXCLUDED CLAIMS (DEFINED BELOW), EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE [____]-MONTH PERIOD (DEFAULT: TWELVE (12) MONTHS) PRECEDING THE EVENT GIVING RISE TO THE LIABILITY; OR (B) [________________________________] DOLLARS ($[____]).

11.2 Exclusion of Consequential Damages

EXCEPT FOR EXCLUDED CLAIMS, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR BUSINESS OPPORTUNITIES, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Excluded Claims

The limitations in Sections 11.1 and 11.2 shall not apply to:

(a) Either party's indemnification obligations under Article 10;

(b) Provider's breach of its data security or data breach notification obligations under Article 5;

(c) Either party's breach of its confidentiality obligations under Article 8;

(d) Customer's obligation to pay Fees;

(e) Either party's gross negligence or willful misconduct;

(f) Provider's infringement of Customer's Intellectual Property Rights; and

(g) Liability that cannot be limited under applicable Idaho law.

11.4 Idaho Enforceability Analysis

PRACTITIONER NOTE: Idaho courts enforce contractual limitations of liability in commercial agreements between sophisticated parties, provided such limitations are not unconscionable under Idaho Code § 28-2-719. Idaho courts have held that parties may agree to limit their liability and that such limitations must contain "language of exclusivity" before the court will find an exclusive remedy limiting liability. Under Idaho Code § 28-2-719(2), where circumstances cause an exclusive or limited remedy to fail of its essential purpose, remedy may be had as provided in the UCC. Under Idaho Code § 28-2-719(3), consequential damages may be limited or excluded unless the limitation is unconscionable. Idaho's five-year statute of limitations for written contracts (Idaho Code § 5-216) is the applicable limitations period. The state's 12% statutory default interest rate (Idaho Code § 28-22-104) should also be considered when evaluating damages exposure.

11.5 Essential Purpose

The parties acknowledge that the Fees reflect the allocation of risk set forth herein and that the limitations of liability are an essential element of the bargain between the parties. Each limitation and exclusion of liability shall apply even if the limited remedies provided herein fail of their essential purpose, to the extent permitted under Idaho Code § 28-2-719(2).

ARTICLE 12: TERM, RENEWAL, AND TERMINATION

12.1 Initial Term

This Agreement shall commence on the Effective Date and continue for the Initial Term specified in the Order Form:

☐ One (1) year
☐ Two (2) years
☐ Three (3) years
☐ Other: [________________________________]

12.2 Renewal

☐ Auto-Renewal: This Agreement shall automatically renew for successive Renewal Terms of [________________________________] each, unless either party provides written notice of non-renewal at least [____] days (default: sixty (60) days) prior to the end of the then-current term.

☐ Manual Renewal: This Agreement shall not renew automatically. Any renewal requires a new Order Form executed by both parties.

12.3 Termination for Cause

Either party may terminate this Agreement upon written notice if:

(a) The other party materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice;

(b) The other party becomes insolvent, files for bankruptcy, or ceases operations; or

(c) A force majeure event continues for more than ninety (90) consecutive days.

12.4 Termination for Convenience

☐ Either party may terminate this Agreement for convenience upon [____] days' written notice (default: ninety (90) days), subject to the following:

(a) Customer shall pay all Fees accrued through the effective date of termination;

(b) Provider shall refund prepaid Fees on a pro-rata basis for the unused portion of the Subscription Term; and

(c) Early termination fees, if any: [________________________________].

☐ Termination for convenience is not permitted.

12.5 Effects of Termination

Upon termination or expiration:

(a) Customer's right to access and use the Services shall immediately cease;

(b) Each party shall return or destroy the other's Confidential Information;

(c) Provider shall make Customer Data available for export as set forth in Article 13;

(d) All accrued payment obligations shall survive; and

(e) Provisions that by their nature should survive termination shall survive, including Articles 1, 5.1, 7, 8, 9.4, 10, 11, 13, and 15.

ARTICLE 13: DATA PORTABILITY AND TRANSITION SERVICES

13.1 Data Export

Upon termination or expiration of this Agreement, Provider shall:

(a) Make Customer Data available for export in a standard, machine-readable format (e.g., CSV, JSON, XML, or SQL) for a period of [____] days (default: sixty (60) days) following the effective date of termination;

(b) Provide reasonable technical assistance for data migration at Provider's then-current Professional Services rates; and

(c) Permanently delete all Customer Data from Provider's systems within [____] days (default: ninety (90) days) after the export period, except as required by law.

13.2 Transition Services

Provider shall provide the following transition assistance:

☐ Standard Transition — Data export and basic documentation, included at no additional charge
☐ Extended Transition — Up to [____] hours of technical support for data migration at $[____]/hour
☐ Full Transition — Comprehensive migration support as specified in a transition SOW

13.3 Data Format

Provider shall export Customer Data in the following format(s):

☐ CSV (Comma-Separated Values)
☐ JSON (JavaScript Object Notation)
☐ XML (Extensible Markup Language)
☐ SQL database dump
☐ Provider's proprietary format with documentation
☐ Other: [________________________________]

13.4 Certification of Deletion

Upon completion of data deletion, Provider shall provide Customer with a written certification confirming that all Customer Data has been securely deleted from Provider's systems, including backups, in accordance with NIST SP 800-88 or equivalent standard.

ARTICLE 14: INSURANCE REQUIREMENTS

14.1 Provider Insurance

Provider shall maintain throughout the Subscription Term, at its own expense, the following minimum insurance coverage:

14.2 Insurance Requirements

(a) All insurance policies shall be issued by carriers rated A- VII or better by A.M. Best.

(b) Provider shall name Customer as an additional insured on the Commercial General Liability and Umbrella policies.

(c) Provider shall provide Customer with certificates of insurance upon request and at least thirty (30) days prior to any policy cancellation or material modification.

(d) Provider's insurance obligations shall not limit Provider's liability under this Agreement.

ARTICLE 15: DISPUTE RESOLUTION

15.1 Informal Resolution

The parties shall attempt to resolve any dispute arising out of or relating to this Agreement through good-faith negotiation between senior executives. Either party may initiate this process by written notice, and the executives shall meet (in person or by videoconference) within fifteen (15) business days.

15.2 Mediation

If the dispute is not resolved within thirty (30) days of the initial notice, either party may submit the dispute to non-binding mediation administered by:

☐ JAMS
☐ American Arbitration Association (AAA)
☐ Idaho Mediation Association
☐ Other: [________________________________]

15.3 Arbitration (if selected)

☐ If mediation is unsuccessful, disputes shall be resolved by binding arbitration under the rules of [JAMS/AAA] in [________________________________], Idaho, before [one/three] arbitrator(s). The arbitrator's award shall be final and binding and may be entered in any court of competent jurisdiction.

☐ Arbitration is not elected; disputes shall proceed to litigation.

15.4 Litigation

If arbitration is not elected, disputes shall be resolved in the state or federal courts located in [________________________________] County, Idaho (default: Ada County). Each party irrevocably consents to the exclusive jurisdiction and venue of such courts.

15.5 Jury Waiver

IDAHO-SPECIFIC PROVISION: TO THE FULLEST EXTENT PERMITTED BY THE LAWS OF THE STATE OF IDAHO, EACH PARTY HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVES ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT OR ANY TRANSACTION CONTEMPLATED HEREBY.

Practitioner Note: Idaho has not specifically addressed the enforceability of contractual jury waivers in a published appellate decision. The general trend across most jurisdictions is to enforce such waivers in commercial contexts when they are knowing, voluntary, and conspicuous. To maximize enforceability, the waiver should be mutual, prominently displayed, and acknowledged by both parties. Consider binding arbitration as an alternative.

☐ Provider acknowledges the jury waiver: Initials [____]
☐ Customer acknowledges the jury waiver: Initials [____]

15.6 Prevailing Party Attorneys' Fees

The prevailing party in any litigation or arbitration arising under this Agreement shall be entitled to recover its reasonable attorneys' fees and costs from the non-prevailing party. Idaho Code § 12-120(3) provides for the award of reasonable attorney's fees to the prevailing party in any civil action to recover on a commercial transaction.

15.7 Injunctive Relief

Nothing in this Article shall prevent either party from seeking injunctive or equitable relief from any court of competent jurisdiction at any time, including to protect its Confidential Information or Intellectual Property Rights under the Idaho Trade Secrets Act (Idaho Code § 48-803).

ARTICLE 16: GENERAL PROVISIONS

16.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Idaho, without giving effect to any choice or conflict of law provision that would cause the application of the laws of any other jurisdiction. The Idaho Uniform Commercial Code (Idaho Code Title 28) shall apply to the extent the transactions hereunder are deemed to involve the sale of goods.

16.2 Assignment

Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign this Agreement without consent to an Affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees to be bound by this Agreement.

16.3 Community Property Considerations

IDAHO-SPECIFIC PROVISION: Idaho is a community property state under Idaho Code § 32-906. If either party is a sole proprietor or if any individual signatory enters into this Agreement, the parties acknowledge that obligations incurred under this Agreement may be characterized as community obligations. The parties recommend that entity signatories (rather than individuals) execute this Agreement where practicable to avoid community property complications.

16.4 Force Majeure

Neither party shall be liable for any delay or failure to perform due to causes beyond its reasonable control, including natural disasters, pandemics, war, terrorism, government actions, labor disputes, internet or utility failures, or cyberattacks. The affected party shall provide prompt notice and use reasonable efforts to mitigate the impact.

16.5 Notices

All notices under this Agreement shall be in writing and delivered by: (a) personal delivery; (b) nationally recognized overnight courier; (c) certified or registered mail, return receipt requested; or (d) email with confirmed receipt. Notices shall be deemed effective upon receipt.

If to Provider: [________________________________]
If to Customer: [________________________________]

16.6 Entire Agreement

This Agreement, together with all Order Forms, SOWs, and Exhibits, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous agreements, representations, and understandings. No amendment shall be effective unless in writing and signed by both parties.

16.7 Severability

If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction in Idaho, the remaining provisions shall remain in full force and effect, and the invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

16.8 Waiver

No waiver of any provision shall be effective unless in writing. Failure to enforce any provision shall not constitute a waiver of future enforcement.

16.9 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, employment, or agency relationship.

16.10 Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties and their permitted successors and assigns. No third party shall have any rights hereunder.

16.11 Counterparts and Electronic Signatures

This Agreement may be executed in counterparts, each of which shall be deemed an original. Electronic signatures shall be valid and enforceable pursuant to the Idaho Uniform Electronic Transactions Act (Idaho Code § 28-50-101 et seq.).

16.12 Compliance with Idaho Law

Each party shall comply with all applicable Idaho laws and regulations in the performance of its obligations under this Agreement, including:

(a) Idaho Consumer Protection Act (Idaho Code § 48-601 et seq.);

(b) Idaho Identity Theft Protection Act (Idaho Code § 28-51-104 et seq.); and

(c) Idaho Trade Secrets Act (Idaho Code § 48-801 et seq.).

16.13 Export Compliance

Customer shall not export or re-export the Services in violation of U.S. export control laws, including the Export Administration Regulations (EAR) and sanctions administered by the Office of Foreign Assets Control (OFAC).

16.14 Anti-Corruption

Each party shall comply with all applicable anti-corruption and anti-bribery laws, including the Foreign Corrupt Practices Act (FCPA).

16.15 Non-Solicitation

During the Subscription Term and for a period of [____] months (default: twelve (12) months) thereafter, neither party shall directly solicit for employment any employee of the other party who was involved in the performance of this Agreement, without the other party's prior written consent.

SIGNATURES

IN WITNESS WHEREOF, the parties have executed this Enterprise Software as a Service Agreement as of the Effective Date.

PROVIDER:

CUSTOMER:

☐ Provider has reviewed and agrees to all terms of this Agreement
☐ Customer has reviewed and agrees to all terms of this Agreement

EXHIBIT A: ORDER FORM

Order Form Number: [________________________________]
Order Date: [__/__/____]

Subscription Term: [________________________________]
Billing Frequency: ☐ Monthly ☐ Quarterly ☐ Annually
Payment Method: ☐ ACH ☐ Wire Transfer ☐ Credit Card ☐ Check

Special Terms: [________________________________]

EXHIBIT B: SERVICE LEVEL AGREEMENT (SLA)

B.1 Uptime Commitment

B.2 Response Times

B.3 Performance Metrics

EXHIBIT C: DATA PROCESSING AGREEMENT (DPA)

C.1 Scope

This DPA supplements the Agreement and governs Provider's processing of Customer Data that constitutes Personal Information on behalf of Customer, in compliance with Idaho Code § 28-51-104 et seq. and applicable federal law.

C.2 Roles

C.3 Processing Details

C.4 Provider Obligations as Processor

Provider shall:

(a) Process Customer Data only on documented instructions from Customer;

(b) Ensure that persons authorized to process Customer Data have committed to confidentiality;

(c) Implement appropriate technical and organizational security measures;

(d) Engage sub-processors only with Customer's prior written consent and subject to equivalent data protection obligations;

(e) Assist Customer in ensuring compliance with data security and breach notification obligations under Idaho Code § 28-51-104 et seq.;

(f) At Customer's choice, delete or return all Customer Data upon termination; and

(g) Make available all information necessary to demonstrate compliance.

C.5 Sub-Processors

Provider's current sub-processors: [________________________________]

Provider shall notify Customer at least [____] days (default: thirty (30) days) before engaging a new sub-processor. Customer may object within [____] days, and if Provider cannot reasonably accommodate the objection, Customer may terminate the affected Order Form.

C.6 International Transfers

If Customer Data is transferred outside the United States, Provider shall ensure appropriate safeguards, including Standard Contractual Clauses or other approved transfer mechanisms.

EXHIBIT D: ACCEPTABLE USE POLICY (AUP)

D.1 Prohibited Uses

Customer and Authorized Users shall not use the Services to:

(a) Violate any applicable federal, state, or local law, including Idaho law;

(b) Transmit material that is unlawful, harmful, threatening, abusive, defamatory, or obscene;

(c) Transmit Malicious Code or interfere with the Services;

(d) Attempt to gain unauthorized access to Provider's systems;

(e) Infringe any third party's Intellectual Property Rights;

(f) Engage in unauthorized data mining, scraping, or harvesting;

(g) Send unsolicited commercial communications in violation of applicable law; or

(h) Use the Services for competitive analysis or benchmarking without Provider's consent.

D.2 Enforcement

Provider may suspend access for AUP violations upon notice to Customer. Customer shall have [____] business days (default: five (5)) to cure the violation before suspension becomes effective, except in cases of imminent harm where immediate suspension is warranted.

PRACTITIONER NOTES — IDAHO-SPECIFIC GUIDANCE

Note 1: Idaho's 12% Default Interest Rate

Idaho Code § 28-22-104 establishes a default interest rate of twelve percent (12%) per annum when no express written contract specifies a different rate. This is one of the highest statutory default rates in the nation. Practitioners should always specify a contractual interest rate to avoid the 12% default. Conversely, a Provider might benefit from leaving the rate unspecified if seeking a higher default rate on late payments.

Note 2: SaaS Tax Exemption in Idaho

Idaho does not impose sales tax on SaaS when the software is accessed remotely and no tangible medium is transferred. The Idaho State Tax Commission treats remotely accessed software subscriptions as non-taxable. However, if any component of the SaaS service involves delivery of software on a physical medium, that component could trigger sales tax. Custom software development is also exempt. Practitioners should ensure the SaaS delivery model is clearly documented as cloud-based/remote access to maintain the tax exemption.

Note 3: Community Property State

Idaho is one of nine community property states. Under Idaho Code § 32-906, community property includes all property acquired after marriage by either spouse. This can affect contract obligations when individual signatories are involved. Best practice is to have entity signatories execute the agreement rather than individuals to avoid community property complications. If an individual must sign, consider including a community property acknowledgment or spousal consent.

Note 4: Data Breach Penalties

Idaho Code § 28-51-107 imposes a fine of not more than $25,000 per breach for intentional failure to provide breach notification. Unlike some states with per-person penalties, Idaho's penalty is per-breach, which limits total exposure but still creates meaningful risk. The breach notification statute does not contain a private right of action; enforcement is by the Idaho Attorney General under the Idaho Consumer Protection Act.

Note 5: Attorneys' Fees in Commercial Disputes

Idaho Code § 12-120(3) provides for the mandatory award of reasonable attorney's fees to the prevailing party in any civil action to recover on a commercial transaction. This is a significant consideration in Idaho litigation, as the losing party can face substantial additional liability. Include this consideration in dispute resolution strategy.

Note 6: Trade Secrets Protection

The Idaho Trade Secrets Act (Idaho Code § 48-801 et seq.) provides a three-year statute of limitations for misappropriation claims (Idaho Code § 48-805). The Act provides for injunctive relief (§ 48-803), damages (§ 48-804), and attorney's fees in cases of willful and malicious misappropriation. SaaS providers should ensure their trade secret information is clearly identified and that reasonable measures to maintain secrecy are documented.

Note 7: Limitation of Liability

Idaho courts enforce limitation of liability clauses under Idaho Code § 28-2-719, provided they are not unconscionable and contain clear "language of exclusivity." Where a limited remedy fails of its essential purpose, the UCC remedies become available. Practitioners should draft limitation clauses with clear, specific language and ensure the limitations are conspicuous in the agreement.

This template is provided for informational purposes only and does not constitute legal advice. Consult a licensed Idaho attorney before executing this agreement. Idaho-specific provisions should be reviewed for compliance with current Idaho law, including recent amendments.

Last updated: 2026-02-28