Enterprise Software as a Service Agreement - Indiana

ENTERPRISE SOFTWARE AS A SERVICE AGREEMENT

STATE OF INDIANA

AGREEMENT INFORMATION

PARTIES TO THIS AGREEMENT

PROVIDER:

CUSTOMER:

RECITALS

WHEREAS, Provider is engaged in the business of providing cloud-based software as a service solutions and related professional services;

WHEREAS, Customer desires to obtain access to and use of Provider's software platform and services for Customer's enterprise business operations;

WHEREAS, the parties wish to establish the terms and conditions under which Provider will make its services available to Customer, subject to the laws of the State of Indiana;

WHEREAS, Indiana is a right-to-work state, and the parties acknowledge that employment-related provisions herein shall be drafted in compliance with Indiana law;

NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

ARTICLE 1: DEFINITIONS

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.

1.2 "Authorized Users" means Customer's employees, contractors, consultants, and agents who are authorized by Customer to access and use the Services under the rights granted pursuant to this Agreement.

1.3 "Confidential Information" means all non-public information disclosed by one party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure. For purposes of Ind. Code § 24-2-3, Confidential Information that constitutes a trade secret shall receive the protections afforded under the Indiana Uniform Trade Secrets Act.

1.4 "Customer Data" means all electronic data, information, content, records, and files that Customer or Authorized Users upload, submit, store, transmit, or process through the Services, including Personal Information.

1.5 "Data Processing Agreement" or "DPA" means the data processing addendum attached as Exhibit C, setting forth the terms under which Provider processes Customer Data.

1.6 "Documentation" means Provider's standard user guides, online help files, technical specifications, and other documentation related to the Services as updated from time to time.

1.7 "Downtime" means any period during which the Services are unavailable or materially impaired, excluding Scheduled Maintenance and Excused Downtime.

1.8 "Effective Date" means the date first written above or the date both parties have executed this Agreement, whichever is later.

1.9 "Excused Downtime" means unavailability caused by: (a) Customer's acts or omissions; (b) failures of Customer's equipment, software, or network connections; (c) third-party services outside Provider's control; (d) force majeure events; or (e) suspension pursuant to Section 6.4.

1.10 "Fees" means all amounts payable by Customer to Provider as set forth in this Agreement and any applicable Order Form.

1.11 "Initial Term" means the initial subscription period specified in the Order Form.

1.12 "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets (as defined under Ind. Code § 24-2-3-2), and other intellectual property rights recognized under the laws of any jurisdiction worldwide.

1.13 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, adware, or other harmful or malicious code, files, scripts, agents, or programs.

1.14 "Monthly Uptime Percentage" means the total minutes in a calendar month minus minutes of Downtime, divided by total minutes in the month, expressed as a percentage.

1.15 "Order Form" means an ordering document specifying the Services, subscription levels, Fees, and other commercial terms, executed by both parties and incorporated herein.

1.16 "Personal Information" has the meaning set forth in Ind. Code § 24-4.9-2-10, including an individual's first name or first initial and last name in combination with unencrypted or unredacted: (a) Social Security number; (b) driver's license or state identification number; (c) account number, credit or debit card number, in combination with any required security code; or (d) any other unique identification number or other attribute issued or assigned by a federal or state governmental entity.

1.17 "Professional Services" means implementation, configuration, customization, training, integration, and consulting services provided by Provider as specified in an Order Form or Statement of Work.

1.18 "Renewal Term" means each successive subscription period following the Initial Term.

1.19 "SaaS Services" means Provider's proprietary cloud-based software platform accessible via the internet on a subscription basis, distinct from downloadable or locally installed software.

1.20 "Scheduled Maintenance" means planned maintenance of the Services performed during designated maintenance windows with advance notice to Customer.

1.21 "Security Breach" has the meaning set forth in Ind. Code § 24-4.9-2-2, including the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of Personal Information maintained by a person, that results in or could result in identity deception, identity theft, or fraud affecting an Indiana resident.

1.22 "Security Incident" means any unauthorized access to, acquisition of, or disclosure of Customer Data, or any breach or potential breach of Provider's security measures.

1.23 "Service Level Agreement" or "SLA" means the service level commitments set forth in Article 4 and Exhibit B.

1.24 "Services" means collectively the SaaS Services, Professional Services, and support services described in the applicable Order Form.

1.25 "Statement of Work" or "SOW" means a document describing Professional Services, deliverables, timelines, and associated fees.

1.26 "Subscription Term" means collectively the Initial Term and all Renewal Terms.

1.27 "Third-Party Components" means software, data, services, or content provided by third parties that are incorporated into or used in connection with the Services.

1.28 "Trade Secret" has the meaning set forth in Ind. Code § 24-2-3-2, including information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use; and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

1.29 "Uptime Commitment" means the minimum Monthly Uptime Percentage that Provider commits to maintain as specified in Article 4 and the Order Form.

1.30 "User Account" means the unique login credentials and account established for each Authorized User.

ARTICLE 2: SAAS SERVICES AND ACCESS RIGHTS

2.1 Grant of Rights

Subject to Customer's compliance with this Agreement and payment of all Fees, Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to:

(a) Access and use the SaaS Services for Customer's internal business operations;

(b) Permit Authorized Users to access and use the SaaS Services in accordance with this Agreement;

(c) Access, use, and reproduce the Documentation in connection with permitted use of the Services; and

(d) Store, process, and retrieve Customer Data through the Services.

2.2 Subscription Tiers

Customer's subscription shall be as specified in the Order Form:

☐ Standard Enterprise — Up to [____] Authorized Users
☐ Professional Enterprise — Up to [____] Authorized Users
☐ Premium Enterprise — Up to [____] Authorized Users
☐ Unlimited Enterprise — Unlimited Authorized Users
☐ Custom Configuration — As specified: [________________________________]

2.3 User Account Administration

(a) Customer shall designate at least one (1) administrator to manage User Accounts and access permissions.

(b) Customer is responsible for maintaining the confidentiality of all User Account credentials.

(c) Customer shall promptly notify Provider of any unauthorized access or security breach involving User Accounts.

(d) User Accounts are for designated individuals only and may not be shared among multiple persons.

2.4 Authorized User Categories

☐ Named Users — Identified individuals assigned specific User Accounts
☐ Concurrent Users — Maximum simultaneous users: [____]
☐ Site License — All employees at specified locations
☐ Enterprise-Wide — All employees and authorized contractors
☐ Other: [________________________________]

2.5 Affiliate Usage

☐ Customer's Affiliates are authorized to use the Services under this Agreement
☐ Customer's Affiliates must execute separate Order Forms
☐ Affiliate usage is not permitted

If Affiliate usage is permitted:

(a) Customer shall ensure Affiliate compliance with all Agreement terms;

(b) Customer remains liable for Affiliate acts and omissions;

(c) Affiliate usage counts toward Customer's licensed capacity.

2.6 Use Restrictions

Customer shall not, and shall not permit any Authorized User or third party to:

(a) Copy, modify, or create derivative works of the Services or Documentation;

(b) Reverse engineer, disassemble, decompile, or attempt to discover the source code of the Services;

(c) Sublicense, sell, lease, rent, loan, distribute, or otherwise transfer the Services to any third party;

(d) Use the Services in violation of any applicable law, including the Indiana Deceptive Consumer Sales Act (Ind. Code § 24-5-0.5);

(e) Use the Services to transmit Malicious Code;

(f) Interfere with or disrupt the integrity or performance of the Services; or

(g) Attempt to gain unauthorized access to the Services or related systems.

ARTICLE 3: PROFESSIONAL SERVICES AND SUPPORT

3.1 Implementation Services

Provider shall provide the following implementation services:

☐ Standard Implementation — Per Provider's standard methodology
☐ Custom Implementation — Per mutually agreed Statement of Work
☐ Phased Implementation — Per the timeline in the Order Form

3.2 Support Services

Provider shall provide support in accordance with the following tier:

☐ Standard Support — Business hours (8:00 AM–5:00 PM EST/EDT, Monday–Friday), email and ticket-based
☐ Premium Support — Extended hours with phone support and dedicated account manager
☐ Enterprise Support — 24/7/365 coverage with designated support engineer and four-hour response SLA
☐ Custom Support — As specified: [________________________________]

3.3 Training

Provider shall deliver the following training:

☐ Online self-service training materials at no additional charge
☐ Live virtual training sessions: [____] sessions included
☐ On-site training at Customer's Indiana location: [____] days included
☐ Custom training program as specified in SOW

3.4 Change Management

Any changes to the scope of Professional Services shall be documented in a written change order signed by both parties, specifying the nature of the change, impact on timeline, and any additional Fees.

ARTICLE 4: SERVICE LEVELS AND UPTIME

4.1 Uptime Commitment

Provider shall use commercially reasonable efforts to maintain the following Monthly Uptime Percentage:

Selected tier: ☐ Standard ☐ Enhanced ☐ Premium ☐ Mission-Critical

4.2 Service Level Credits

If Provider fails to meet the Uptime Commitment in any calendar month, Customer shall be entitled to a Service Level Credit as follows:

4.3 Credit Request Process

(a) Customer must request Service Level Credits in writing within thirty (30) days of the end of the month in which the Downtime occurred.

(b) Provider shall verify the Downtime claim and issue credits within fifteen (15) business days.

(c) Service Level Credits shall be applied to the next invoice or, if at the end of the Subscription Term, refunded to Customer.

(d) Service Level Credits are Customer's sole and exclusive remedy for Provider's failure to meet the Uptime Commitment.

4.4 Chronic Failure Termination Right

If Provider fails to meet the Uptime Commitment for three (3) or more consecutive months, or for any five (5) months in a rolling twelve-month period, Customer may terminate the affected Order Form upon thirty (30) days' written notice and receive a pro-rata refund of prepaid Fees.

4.5 Scheduled Maintenance

(a) Provider shall perform Scheduled Maintenance during the following maintenance window: [________________________________] (default: Sundays 2:00 AM–6:00 AM EST).

(b) Provider shall provide at least forty-eight (48) hours' advance notice of Scheduled Maintenance.

(c) Scheduled Maintenance shall not exceed [____] hours per month.

(d) Scheduled Maintenance is excluded from Downtime calculations.

4.6 Excused Downtime Exclusions

The following events are excluded from Downtime calculations:

(a) Force majeure events as defined in Article 16;

(b) Customer's acts, omissions, or equipment failures;

(c) Third-party internet service provider failures;

(d) Scheduled Maintenance performed within designated windows;

(e) Suspension of Services pursuant to Section 6.4; and

(f) Emergency maintenance necessitated by security threats, with prompt notice to Customer.

ARTICLE 5: CUSTOMER DATA AND DATA PROTECTION

5.1 Ownership of Customer Data

As between the parties, Customer retains all right, title, and interest in and to Customer Data. Provider acquires no rights in Customer Data except the limited license to process Customer Data as necessary to perform its obligations under this Agreement.

5.2 Data Processing

Provider shall process Customer Data solely in accordance with:

(a) Customer's documented instructions;

(b) The terms of this Agreement and the DPA (Exhibit C);

(c) Applicable data protection laws, including Indiana data breach notification requirements; and

(d) Industry-standard security practices.

5.3 Data Security

Provider shall implement and maintain reasonable administrative, technical, and physical safeguards designed to:

(a) Protect Customer Data against unauthorized access, acquisition, or disclosure;

(b) Ensure the confidentiality, integrity, and availability of Customer Data;

(c) Protect against reasonably anticipated threats or hazards to Customer Data security; and

(d) Comply with applicable Indiana law, including the Indiana Disclosure of Security Breach Act (Ind. Code § 24-4.9).

5.4 Security Certifications

Provider maintains the following security certifications:

☐ SOC 2 Type II
☐ ISO 27001
☐ ISO 27017 (Cloud Security)
☐ ISO 27018 (PII in Cloud)
☐ HITRUST CSF
☐ FedRAMP (if applicable)
☐ Other: [________________________________]

5.5 Data Breach Notification

INDIANA-SPECIFIC PROVISION: In the event of a Security Breach involving Personal Information of Indiana residents, Provider shall:

(a) Notify Customer without unreasonable delay after discovering or being notified of the breach, and in no event later than thirty (30) days after discovery, consistent with Ind. Code § 24-4.9-3-1;

(b) Provide Customer with sufficient information to determine whether notification to affected Indiana residents is required, specifically whether the breach has resulted in or could result in identity deception, identity theft, or fraud;

(c) Cooperate with Customer in investigating the breach and mitigating its effects;

(d) If notification to Indiana residents is required, assist Customer in disclosing the breach to the Indiana Attorney General as required by Ind. Code § 24-4.9-3-1;

(e) Ensure that notification methods comply with Ind. Code § 24-4.9-3-4, including written notice, electronic mail (if the entity has the email address), telephone, fax, or substitute notice if cost exceeds $250,000 or more than 500,000 Indiana residents are affected; and

(f) Assist Customer in evaluating whether credit monitoring or identity theft protection services should be offered to affected individuals.

5.6 No Comprehensive State Privacy Law

INDIANA-SPECIFIC NOTE: As of the date of this Agreement, Indiana has not enacted a comprehensive consumer data privacy law comparable to the CCPA or ICDPA. Data protection obligations under this Agreement are governed by Indiana's Disclosure of Security Breach Act (Ind. Code § 24-4.9), the Indiana Deceptive Consumer Sales Act (Ind. Code § 24-5-0.5), and applicable federal laws. The parties agree to amend this Agreement as necessary to comply with any Indiana data privacy legislation enacted during the Subscription Term.

5.7 Data Location

Provider shall store Customer Data in the following location(s):

☐ United States only
☐ United States and approved international locations
☐ Specific data center region(s): [________________________________]

5.8 Data Encryption

Provider shall encrypt Customer Data:

(a) In transit using TLS 1.2 or higher;

(b) At rest using AES-256 or equivalent encryption standard; and

(c) For backups using encryption equivalent to that used for primary storage.

ARTICLE 6: FEES, PAYMENT, AND TAXES

6.1 Fee Structure

Customer shall pay Provider the Fees specified in the applicable Order Form:

☐ Annual Subscription — $[________________________________] per year
☐ Monthly Subscription — $[________________________________] per month
☐ Per-User Fee — $[________________________________] per Authorized User per [month/year]
☐ Usage-Based — Per the usage metrics in the Order Form
☐ Tiered Pricing — Per the tier schedule in the Order Form

6.2 Payment Terms

(a) Provider shall invoice Customer [monthly/quarterly/annually] in advance for subscription Fees and in arrears for usage-based Fees and Professional Services.

(b) Customer shall pay all undisputed invoices within [____] days of receipt (default: thirty (30) days).

(c) All Fees are stated in United States Dollars.

6.3 Late Payments

INDIANA-SPECIFIC PROVISION: Overdue amounts shall accrue interest at the lesser of: (a) one and one-half percent (1.5%) per month; or (b) the maximum rate permitted under Indiana law. Under Ind. Code § 24-4.6-1-102, when no rate of interest is agreed upon, interest accrues at eight percent (8%) per annum. Under Ind. Code § 24-4.6-1-103, interest on a written instrument that does not specify a rate accrues at 8% from the date of settlement or from the date an itemized bill is rendered and payment demanded. Indiana law does not impose a general usury cap for commercial transactions between business entities, allowing parties to agree to any rate.

6.4 Suspension for Non-Payment

If Customer fails to pay any undisputed Fees within fifteen (15) days after receiving written notice of non-payment, Provider may suspend Customer's access to the Services until all outstanding Fees are paid. Provider shall provide at least ten (10) business days' written notice before suspension.

6.5 Fee Disputes

(a) Customer shall notify Provider of any disputed charges within thirty (30) days of invoice receipt.

(b) Customer shall pay all undisputed amounts by the due date while the parties resolve the dispute in good faith.

(c) If a dispute is resolved in Customer's favor, Provider shall promptly issue a credit or refund.

6.6 Taxes

INDIANA-SPECIFIC PROVISION — SaaS TAXABILITY:

(a) Indiana SaaS Tax Treatment. Indiana does not impose sales tax on SaaS. Revenue Ruling #2024-04-RST (issued January 7, 2025) confirms that SaaS is not considered tangible personal property and is therefore not subject to Indiana sales tax when the software is accessed remotely and no copy of the software is transferred to the customer. The Indiana state sales tax rate of 7% does not apply to remotely accessed SaaS.

(b) Downloadable vs. Remote Software. While SaaS is exempt, downloaded or physically delivered software is taxable in Indiana. The Agreement should clearly document that the Services are provided via remote access and that no copy of the software is delivered to Customer.

(c) Bundling Risk. Indiana considers the entire bundled transaction taxable if the taxable component's price exceeds 10% of the total and the items are not separately stated on the invoice. If the Services include any taxable components (e.g., physical media), those should be separately invoiced.

(d) Tax Responsibility. All Fees are exclusive of taxes. Customer shall be responsible for all applicable sales, use, and similar taxes arising from this Agreement, except for taxes based on Provider's net income.

(e) Tax Indemnification. Customer shall indemnify Provider for any taxes, penalties, or interest assessed against Provider that are Customer's responsibility hereunder.

6.7 Fee Increases

(a) Fees for Renewal Terms may be increased by Provider upon at least sixty (60) days' written notice prior to the start of a Renewal Term.

(b) Annual fee increases shall not exceed [____]% (default: the greater of 5% or the Consumer Price Index increase for the preceding twelve months).

ARTICLE 7: INTELLECTUAL PROPERTY RIGHTS

7.1 Provider IP

Provider retains all right, title, and interest in and to the Services, Documentation, software, algorithms, interfaces, technology, and all Intellectual Property Rights therein. No rights are granted to Customer except as expressly set forth in this Agreement.

7.2 Customer IP

Customer retains all right, title, and interest in and to Customer Data and any pre-existing intellectual property of Customer. Provider acquires no Intellectual Property Rights in Customer Data.

7.3 Feedback

If Customer provides suggestions, enhancement requests, or other feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or obligation. Customer hereby assigns to Provider all right, title, and interest in and to such Feedback.

7.4 Aggregated and De-Identified Data

Provider may collect and use aggregated, anonymized, and de-identified data derived from Customer's use of the Services for product improvement, benchmarking, and analytics, provided that such data does not identify Customer or any individual.

7.5 Third-Party Components

(a) The Services may incorporate Third-Party Components subject to separate license terms.

(b) Provider shall identify material Third-Party Components upon Customer's request.

(c) Provider represents that it has all necessary rights and licenses for Third-Party Components used in the Services.

ARTICLE 8: CONFIDENTIALITY

8.1 Obligations

INDIANA-SPECIFIC PROVISION: Each party (the "Receiving Party") shall: (a) hold the other party's (the "Disclosing Party's") Confidential Information in strict confidence using at least the same degree of care it uses to protect its own confidential information (but in no event less than reasonable care); (b) not disclose Confidential Information to third parties except as expressly permitted herein; and (c) use Confidential Information only to perform its obligations or exercise its rights under this Agreement. Claims for misappropriation of Trade Secrets shall be governed by the Indiana Uniform Trade Secrets Act (Ind. Code § 24-2-3), which provides for injunctive relief (§ 24-2-3-3), damages (§ 24-2-3-4), and attorney's fees for willful and malicious misappropriation (§ 24-2-3-5). The statute of limitations is three (3) years from the date the misappropriation is discovered or should have been discovered (Ind. Code § 24-2-3-7).

8.2 Permitted Disclosures

The Receiving Party may disclose Confidential Information to its employees, agents, contractors, and professional advisors who have a need to know and are bound by confidentiality obligations at least as protective as those herein.

8.3 Exclusions

Confidential Information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was known to the Receiving Party before disclosure; (c) is received from a third party without restriction; or (d) is independently developed without use of Confidential Information.

8.4 Required Disclosures

The Receiving Party may disclose Confidential Information if required by law, regulation, or legal process, provided that the Receiving Party: (a) gives prompt written notice to the Disclosing Party (to the extent legally permitted); (b) cooperates with the Disclosing Party's efforts to obtain a protective order; and (c) discloses only the minimum information required.

8.5 Return or Destruction

Upon termination or expiration of this Agreement, each party shall, at the Disclosing Party's election, return or destroy all Confidential Information, except for copies retained in automated backups (subject to continued confidentiality obligations) and copies required to be retained under Indiana law.

8.6 Injunctive Relief

Each party acknowledges that unauthorized disclosure of Confidential Information may cause irreparable harm for which monetary damages would be inadequate. Accordingly, either party may seek injunctive or equitable relief from any Indiana court of competent jurisdiction without the necessity of posting a bond, in addition to any other remedies available at law or in equity under Ind. Code § 24-2-3-3.

ARTICLE 9: REPRESENTATIONS AND WARRANTIES

9.1 Mutual Representations

Each party represents and warrants that:

(a) It is duly organized, validly existing, and in good standing under the laws of its state of formation;

(b) It has full power and authority to enter into this Agreement;

(c) This Agreement constitutes a valid and binding obligation enforceable in accordance with its terms; and

(d) Execution of this Agreement does not conflict with any other agreement or obligation.

9.2 Provider Warranties

Provider represents and warrants that:

(a) The Services will perform materially in accordance with the Documentation during the Subscription Term;

(b) The Services will be provided in a professional and workmanlike manner consistent with industry standards;

(c) Provider has the right to grant the licenses and access rights set forth herein;

(d) The Services will not, at the time of delivery, contain any Malicious Code;

(e) Provider will comply with all applicable laws in performing its obligations, including Indiana data protection laws; and

(f) Provider's security measures will be no less protective than industry-standard practices for cloud-based enterprise software.

9.3 Customer Warranties

Customer represents and warrants that:

(a) Customer will use the Services in compliance with this Agreement and applicable law;

(b) Customer has all necessary rights to transmit Customer Data to Provider; and

(c) Customer Data does not and will not infringe any third party's Intellectual Property Rights.

9.4 Warranty Disclaimer

INDIANA-SPECIFIC PROVISION: EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT, AND TO THE MAXIMUM EXTENT PERMITTED BY INDIANA LAW:

(a) PROVIDER MAKES NO OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

(b) THIS DISCLAIMER IS MADE IN ACCORDANCE WITH IND. CODE § 26-1-2-316, WHICH REQUIRES THAT ANY EXCLUSION OF THE IMPLIED WARRANTY OF MERCHANTABILITY MUST MENTION "MERCHANTABILITY" AND, IF IN WRITING, MUST BE CONSPICUOUS. THIS DISCLAIMER IS SET FORTH IN CAPITALIZED TEXT TO SATISFY THE CONSPICUOUSNESS REQUIREMENT.

(c) TO EXCLUDE THE IMPLIED WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, THE EXCLUSION MUST BE IN WRITING AND CONSPICUOUS UNDER IND. CODE § 26-1-2-316(2). THIS WRITTEN DISCLAIMER IN CAPITALIZED TEXT SATISFIES THAT REQUIREMENT.

(d) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT ALL DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES WILL MEET CUSTOMER'S SPECIFIC REQUIREMENTS BEYOND THOSE EXPRESSLY STATED IN THE DOCUMENTATION.

ARTICLE 10: INDEMNIFICATION

10.1 Provider Indemnification

Provider shall defend, indemnify, and hold harmless Customer and its officers, directors, employees, and agents from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

(a) IP Indemnity: Any allegation that Customer's use of the Services as permitted hereunder infringes or misappropriates any third party's Intellectual Property Rights;

(b) Data Breach Indemnity: Provider's failure to comply with its data security obligations hereunder, including obligations under the Indiana Disclosure of Security Breach Act (Ind. Code § 24-4.9), resulting in a Security Breach;

(c) General Indemnity: Provider's gross negligence or willful misconduct in performing its obligations; and

(d) Compliance Indemnity: Provider's violation of applicable law in performing the Services.

10.2 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Provider and its officers, directors, employees, and agents from and against any third-party claims, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

(a) Customer Data or its use infringing any third party's rights;

(b) Customer's use of the Services in violation of this Agreement or applicable law; and

(c) Customer's gross negligence or willful misconduct.

10.3 Indemnification Procedures

(a) The indemnified party shall provide prompt written notice of any claim (provided that failure to give prompt notice shall not relieve the indemnifying party except to the extent prejudiced);

(b) The indemnifying party shall have sole control of the defense and settlement, provided it does not admit liability on behalf of the indemnified party;

(c) The indemnified party shall cooperate and provide reasonable assistance at the indemnifying party's expense; and

(d) The indemnified party may participate in the defense at its own expense with counsel of its choice.

10.4 IP Indemnity Remedies

If the Services become, or in Provider's opinion are likely to become, the subject of an infringement claim, Provider may, at its option and expense: (a) procure the right for Customer to continue using the Services; (b) modify the Services to make them non-infringing while maintaining substantially equivalent functionality; or (c) if neither (a) nor (b) is commercially feasible, terminate the affected Order Form and refund prepaid Fees for the remaining Subscription Term.

ARTICLE 11: LIMITATION OF LIABILITY

11.1 Cap on Liability

INDIANA-SPECIFIC PROVISION: EXCEPT FOR EXCLUDED CLAIMS (DEFINED BELOW), EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE [____]-MONTH PERIOD (DEFAULT: TWELVE (12) MONTHS) PRECEDING THE EVENT GIVING RISE TO THE LIABILITY; OR (B) [________________________________] DOLLARS ($[____]).

11.2 Exclusion of Consequential Damages

EXCEPT FOR EXCLUDED CLAIMS, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, DATA, OR BUSINESS OPPORTUNITIES, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Excluded Claims

The limitations in Sections 11.1 and 11.2 shall not apply to:

(a) Either party's indemnification obligations under Article 10;

(b) Provider's breach of its data security or data breach notification obligations under Article 5;

(c) Either party's breach of its confidentiality obligations under Article 8;

(d) Customer's obligation to pay Fees;

(e) Either party's gross negligence or willful misconduct;

(f) Provider's infringement of Customer's Intellectual Property Rights; and

(g) Liability that cannot be limited under applicable Indiana law.

11.4 Indiana Enforceability Analysis

PRACTITIONER NOTE: Indiana courts generally enforce contractual limitations of liability in commercial agreements between sophisticated parties. Under Ind. Code § 26-1-2-719, contractual modifications or limitations of remedy are permissible unless unconscionable. Indiana courts apply the "strict blue pencil" doctrine to restrictive covenants and will not rewrite overbroad provisions — they either enforce or strike them entirely. This is important for limitation of liability clauses: ensure each limitation is independently enforceable. Indiana has a ten-year statute of limitations for written contracts under Ind. Code § 34-11-2-11, providing extended exposure for breach claims. Indiana courts have upheld jury waivers in commercial contracts, finding that "the agreement to resolve a dispute in a bench trial is no less valid than the rest of the contract." The Indiana Disclosure of Security Breach Act provides civil penalties of up to $150,000 per deceptive act for violations, enforced by the Attorney General.

11.5 Essential Purpose

The parties acknowledge that the Fees reflect the allocation of risk set forth herein and that the limitations of liability are an essential element of the bargain between the parties. Each limitation and exclusion of liability shall apply even if the limited remedies provided herein fail of their essential purpose, to the extent permitted under Ind. Code § 26-1-2-719(2).

ARTICLE 12: TERM, RENEWAL, AND TERMINATION

12.1 Initial Term

This Agreement shall commence on the Effective Date and continue for the Initial Term specified in the Order Form:

☐ One (1) year
☐ Two (2) years
☐ Three (3) years
☐ Other: [________________________________]

12.2 Renewal

☐ Auto-Renewal: This Agreement shall automatically renew for successive Renewal Terms of [________________________________] each, unless either party provides written notice of non-renewal at least [____] days (default: sixty (60) days) prior to the end of the then-current term.

☐ Manual Renewal: This Agreement shall not renew automatically. Any renewal requires a new Order Form executed by both parties.

12.3 Termination for Cause

Either party may terminate this Agreement upon written notice if:

(a) The other party materially breaches this Agreement and fails to cure such breach within thirty (30) days after receiving written notice;

(b) The other party becomes insolvent, files for bankruptcy, or ceases operations; or

(c) A force majeure event continues for more than ninety (90) consecutive days.

12.4 Termination for Convenience

☐ Either party may terminate this Agreement for convenience upon [____] days' written notice (default: ninety (90) days), subject to the following:

(a) Customer shall pay all Fees accrued through the effective date of termination;

(b) Provider shall refund prepaid Fees on a pro-rata basis for the unused portion of the Subscription Term; and

(c) Early termination fees, if any: [________________________________].

☐ Termination for convenience is not permitted.

12.5 Effects of Termination

Upon termination or expiration:

(a) Customer's right to access and use the Services shall immediately cease;

(b) Each party shall return or destroy the other's Confidential Information;

(c) Provider shall make Customer Data available for export as set forth in Article 13;

(d) All accrued payment obligations shall survive; and

(e) Provisions that by their nature should survive termination shall survive, including Articles 1, 5.1, 7, 8, 9.4, 10, 11, 13, and 15.

ARTICLE 13: DATA PORTABILITY AND TRANSITION SERVICES

13.1 Data Export

Upon termination or expiration of this Agreement, Provider shall:

(a) Make Customer Data available for export in a standard, machine-readable format (e.g., CSV, JSON, XML, or SQL) for a period of [____] days (default: sixty (60) days) following the effective date of termination;

(b) Provide reasonable technical assistance for data migration at Provider's then-current Professional Services rates; and

(c) Permanently delete all Customer Data from Provider's systems within [____] days (default: ninety (90) days) after the export period, except as required by law.

13.2 Transition Services

Provider shall provide the following transition assistance:

☐ Standard Transition — Data export and basic documentation, included at no additional charge
☐ Extended Transition — Up to [____] hours of technical support for data migration at $[____]/hour
☐ Full Transition — Comprehensive migration support as specified in a transition SOW

13.3 Data Format

Provider shall export Customer Data in the following format(s):

☐ CSV (Comma-Separated Values)
☐ JSON (JavaScript Object Notation)
☐ XML (Extensible Markup Language)
☐ SQL database dump
☐ Provider's proprietary format with documentation
☐ Other: [________________________________]

13.4 Certification of Deletion

Upon completion of data deletion, Provider shall provide Customer with a written certification confirming that all Customer Data has been securely deleted from Provider's systems, including backups, in accordance with NIST SP 800-88 or equivalent standard.

ARTICLE 14: INSURANCE REQUIREMENTS

14.1 Provider Insurance

Provider shall maintain throughout the Subscription Term, at its own expense, the following minimum insurance coverage:

14.2 Insurance Requirements

(a) All insurance policies shall be issued by carriers rated A- VII or better by A.M. Best.

(b) Provider shall name Customer as an additional insured on the Commercial General Liability and Umbrella policies.

(c) Provider shall provide Customer with certificates of insurance upon request and at least thirty (30) days prior to any policy cancellation or material modification.

(d) Provider's insurance obligations shall not limit Provider's liability under this Agreement.

ARTICLE 15: DISPUTE RESOLUTION

15.1 Informal Resolution

The parties shall attempt to resolve any dispute arising out of or relating to this Agreement through good-faith negotiation between senior executives. Either party may initiate this process by written notice, and the executives shall meet (in person or by videoconference) within fifteen (15) business days.

15.2 Mediation

If the dispute is not resolved within thirty (30) days of the initial notice, either party may submit the dispute to non-binding mediation administered by:

☐ JAMS
☐ American Arbitration Association (AAA)
☐ Indiana State Bar Association Dispute Resolution Section
☐ Other: [________________________________]

15.3 Arbitration (if selected)

☐ If mediation is unsuccessful, disputes shall be resolved by binding arbitration under the rules of [JAMS/AAA] in [________________________________], Indiana, before [one/three] arbitrator(s). The arbitrator's award shall be final and binding and may be entered in any court of competent jurisdiction.

☐ Arbitration is not elected; disputes shall proceed to litigation.

15.4 Litigation

If arbitration is not elected, disputes shall be resolved in the state or federal courts located in [________________________________] County, Indiana (default: Marion County). Each party irrevocably consents to the exclusive jurisdiction and venue of such courts.

15.5 Jury Waiver

INDIANA-SPECIFIC PROVISION: TO THE FULLEST EXTENT PERMITTED BY THE LAWS OF THE STATE OF INDIANA, EACH PARTY HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVES ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT OR ANY TRANSACTION CONTEMPLATED HEREBY.

Practitioner Note: Indiana courts enforce contractual jury waivers in commercial agreements. Indiana courts have held that a contractual waiver of the right to a jury trial is "no less valid than the rest of the contract in which the agreement appears." Courts evaluate whether: (i) the parties are sophisticated business entities; (ii) the provision was prominently displayed and drew more attention than the rest of the contract; (iii) the waiver is mutual; and (iv) the overall agreement is enforceable. Best practices: make the waiver mutual, conspicuous (all caps), and include separate initialing.

☐ Provider acknowledges the jury waiver: Initials [____]
☐ Customer acknowledges the jury waiver: Initials [____]

15.6 Prevailing Party Attorneys' Fees

The prevailing party in any litigation or arbitration arising under this Agreement shall be entitled to recover its reasonable attorneys' fees and costs from the non-prevailing party.

15.7 Injunctive Relief

Nothing in this Article shall prevent either party from seeking injunctive or equitable relief from any court of competent jurisdiction at any time, including to protect its Confidential Information or Intellectual Property Rights under the Indiana Uniform Trade Secrets Act (Ind. Code § 24-2-3-3).

ARTICLE 16: GENERAL PROVISIONS

16.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Indiana, without giving effect to any choice or conflict of law provision that would cause the application of the laws of any other jurisdiction. The Indiana Uniform Commercial Code (Ind. Code Title 26) shall apply to the extent the transactions hereunder are deemed to involve the sale of goods.

16.2 Assignment

Neither party may assign this Agreement without the prior written consent of the other party, except that either party may assign this Agreement without consent to an Affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees to be bound by this Agreement.

16.3 Force Majeure

Neither party shall be liable for any delay or failure to perform due to causes beyond its reasonable control, including natural disasters, pandemics, war, terrorism, government actions, labor disputes, internet or utility failures, or cyberattacks. The affected party shall provide prompt notice and use reasonable efforts to mitigate the impact.

16.4 Notices

All notices under this Agreement shall be in writing and delivered by: (a) personal delivery; (b) nationally recognized overnight courier; (c) certified or registered mail, return receipt requested; or (d) email with confirmed receipt. Notices shall be deemed effective upon receipt.

If to Provider: [________________________________]
If to Customer: [________________________________]

16.5 Entire Agreement

This Agreement, together with all Order Forms, SOWs, and Exhibits, constitutes the entire agreement between the parties and supersedes all prior or contemporaneous agreements, representations, and understandings. No amendment shall be effective unless in writing and signed by both parties.

16.6 Severability — Strict Blue Pencil Doctrine

INDIANA-SPECIFIC PROVISION: If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction in Indiana, the remaining provisions shall remain in full force and effect. Indiana courts apply the "strict blue pencil" doctrine, meaning courts will not rewrite or reform overbroad provisions — they will either enforce the provision as written or strike it entirely. Accordingly, the parties have drafted each provision to be independently enforceable and have not relied on judicial reformation.

16.7 Waiver

No waiver of any provision shall be effective unless in writing. Failure to enforce any provision shall not constitute a waiver of future enforcement.

16.8 Independent Contractors

The parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, employment, or agency relationship.

16.9 Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties and their permitted successors and assigns. No third party shall have any rights hereunder.

16.10 Counterparts and Electronic Signatures

This Agreement may be executed in counterparts, each of which shall be deemed an original. Electronic signatures shall be valid and enforceable pursuant to the Indiana Uniform Electronic Transactions Act (Ind. Code § 26-2-8).

16.11 Compliance with Indiana Law

Each party shall comply with all applicable Indiana laws and regulations in the performance of its obligations under this Agreement, including:

(a) Indiana Deceptive Consumer Sales Act (Ind. Code § 24-5-0.5);

(b) Indiana Disclosure of Security Breach Act (Ind. Code § 24-4.9);

(c) Indiana Uniform Trade Secrets Act (Ind. Code § 24-2-3); and

(d) Indiana Right to Work Act (Ind. Code § 22-6-6, as applicable to employment matters).

16.12 Statute of Limitations

INDIANA-SPECIFIC PROVISION: The statute of limitations for actions arising under this Agreement based on a written contract is ten (10) years under Ind. Code § 34-11-2-11. The parties may agree to a shorter limitations period, provided it is not unconscionably short. Given Indiana's strict blue pencil doctrine, any contractual limitations period should be carefully drafted to be independently enforceable.

16.13 Export Compliance

Customer shall not export or re-export the Services in violation of U.S. export control laws, including the Export Administration Regulations (EAR) and sanctions administered by the Office of Foreign Assets Control (OFAC).

16.14 Anti-Corruption

Each party shall comply with all applicable anti-corruption and anti-bribery laws, including the Foreign Corrupt Practices Act (FCPA).

16.15 Non-Solicitation

During the Subscription Term and for a period of [____] months (default: twelve (12) months) thereafter, neither party shall directly solicit for employment any employee of the other party who was involved in the performance of this Agreement, without the other party's prior written consent. This provision applies to the enterprise relationship between the parties and is subject to Indiana's strict blue pencil doctrine — it is drafted to be enforceable as written and will not be reformed if found overbroad.

SIGNATURES

IN WITNESS WHEREOF, the parties have executed this Enterprise Software as a Service Agreement as of the Effective Date.

PROVIDER:

CUSTOMER:

☐ Provider has reviewed and agrees to all terms of this Agreement
☐ Customer has reviewed and agrees to all terms of this Agreement

EXHIBIT A: ORDER FORM

Order Form Number: [________________________________]
Order Date: [__/__/____]

Subscription Term: [________________________________]
Billing Frequency: ☐ Monthly ☐ Quarterly ☐ Annually
Payment Method: ☐ ACH ☐ Wire Transfer ☐ Credit Card ☐ Check

Special Terms: [________________________________]

EXHIBIT B: SERVICE LEVEL AGREEMENT (SLA)

B.1 Uptime Commitment

B.2 Response Times

B.3 Performance Metrics

EXHIBIT C: DATA PROCESSING AGREEMENT (DPA)

C.1 Scope

This DPA supplements the Agreement and governs Provider's processing of Customer Data that constitutes Personal Information on behalf of Customer, in compliance with Ind. Code § 24-4.9 and applicable federal law.

C.2 Roles

C.3 Processing Details

C.4 Provider Obligations as Processor

Provider shall:

(a) Process Customer Data only on documented instructions from Customer;

(b) Ensure that persons authorized to process Customer Data have committed to confidentiality;

(c) Implement appropriate technical and organizational security measures;

(d) Engage sub-processors only with Customer's prior written consent and subject to equivalent data protection obligations;

(e) Assist Customer in ensuring compliance with data security and breach notification obligations under Ind. Code § 24-4.9;

(f) At Customer's choice, delete or return all Customer Data upon termination; and

(g) Make available all information necessary to demonstrate compliance.

C.5 Sub-Processors

Provider's current sub-processors: [________________________________]

Provider shall notify Customer at least [____] days (default: thirty (30) days) before engaging a new sub-processor. Customer may object within [____] days, and if Provider cannot reasonably accommodate the objection, Customer may terminate the affected Order Form.

C.6 International Transfers

If Customer Data is transferred outside the United States, Provider shall ensure appropriate safeguards, including Standard Contractual Clauses or other approved transfer mechanisms.

EXHIBIT D: ACCEPTABLE USE POLICY (AUP)

D.1 Prohibited Uses

Customer and Authorized Users shall not use the Services to:

(a) Violate any applicable federal, state, or local law, including Indiana law;

(b) Transmit material that is unlawful, harmful, threatening, abusive, defamatory, or obscene;

(c) Transmit Malicious Code or interfere with the Services;

(d) Attempt to gain unauthorized access to Provider's systems;

(e) Infringe any third party's Intellectual Property Rights;

(f) Engage in unauthorized data mining, scraping, or harvesting;

(g) Send unsolicited commercial communications in violation of applicable law; or

(h) Use the Services for competitive analysis or benchmarking without Provider's consent.

D.2 Enforcement

Provider may suspend access for AUP violations upon notice to Customer. Customer shall have [____] business days (default: five (5)) to cure the violation before suspension becomes effective, except in cases of imminent harm where immediate suspension is warranted.

PRACTITIONER NOTES — INDIANA-SPECIFIC GUIDANCE

Note 1: SaaS Tax Exemption

Indiana Revenue Ruling #2024-04-RST (January 7, 2025) confirmed that SaaS is not subject to Indiana sales tax. The ruling distinguishes between remotely accessed software (not taxable) and downloaded/physically delivered software (taxable at 7%). Ensure the SaaS delivery model is clearly documented as remote access to maintain the tax exemption. Watch for bundling issues — Indiana taxes the entire bundled transaction if the taxable component exceeds 10% and is not separately invoiced.

Note 2: 10-Year Written Contract Statute of Limitations

Indiana has one of the longest statutes of limitations for written contracts in the nation at ten (10) years (Ind. Code § 34-11-2-11). This creates extended liability exposure. Practitioners should consider whether to include a contractual limitations period shorter than ten years. Given Indiana's strict blue pencil doctrine, any shortened period must be reasonable and independently enforceable.

Note 3: Strict Blue Pencil Doctrine

Indiana courts apply the strict blue pencil doctrine to restrictive covenants and, by extension, to other contractual provisions. Unlike "reformation" states where courts rewrite overbroad provisions to make them enforceable, Indiana courts will either enforce a provision exactly as written or strike it entirely. This makes precise drafting critical for all restrictive provisions, including non-solicitation, non-compete, limitation of liability, and covenant not to sue clauses.

Note 4: Data Breach Notification

The Indiana Disclosure of Security Breach Act (Ind. Code § 24-4.9) requires notification within 45 days — shorter than many states. The Act includes civil penalties of up to $150,000 per deceptive act, enforced by the Indiana Attorney General. Unlike some states with per-person penalties, Indiana's enforcement is per-violation. There is no private right of action under the Act, though affected individuals may bring claims under other theories.

Note 5: Jury Waivers

Indiana courts enforce contractual jury waivers in commercial agreements between sophisticated parties. Courts have held that a jury waiver is "no less valid than the rest of the contract." Best practices include making the waiver mutual, conspicuous (all caps), and separately acknowledged by both parties.

Note 6: Right-to-Work State

Indiana is a right-to-work state under Ind. Code § 22-6-6. While this primarily affects employment and labor union relationships, it reflects Indiana's generally business-friendly legal environment. Non-solicitation and non-compete provisions in SaaS agreements should be drafted narrowly and with clear consideration to survive blue pencil scrutiny.

Note 7: Interest Rates

Indiana's default interest rate is 8% per annum (Ind. Code § 24-4.6-1-102). There is no general usury cap for commercial transactions between business entities, so parties may agree to any rate. However, consumer transactions are subject to different limitations under the Indiana Uniform Consumer Credit Code. The SaaS agreement should specify a clear interest rate to avoid defaulting to the 8% statutory rate.

This template is provided for informational purposes only and does not constitute legal advice. Consult a licensed Indiana attorney before executing this agreement. Indiana-specific provisions, particularly regarding the strict blue pencil doctrine and data breach notification requirements, should be reviewed for compliance with current Indiana law.

Last updated: 2026-02-28