Ready to Edit

Enterprise Software as a Service Agreement - Kentucky - Free Editor

ENTERPRISE SOFTWARE AS A SERVICE AGREEMENT

COMMONWEALTH OF KENTUCKY

AGREEMENT INFORMATION

Field	Information
Agreement Date	[__/__/____]
Agreement Number	[________________________________]
Effective Date	[__/__/____]

PARTIES TO THIS AGREEMENT

PROVIDER:

Field	Information
Legal Entity Name	[________________________________]
State of Formation	[________________________________]
Principal Address	[________________________________]
City, State, ZIP	[________________________________]
Federal Tax ID (EIN)	[________________________________]
Primary Contact Name	[________________________________]
Contact Email	[________________________________]
Contact Phone	[________________________________]

CUSTOMER:

Field	Information
Legal Entity Name	[________________________________]
State of Formation	[________________________________]
Principal Address	[________________________________]
City, State, ZIP	[________________________________]
Federal Tax ID (EIN)	[________________________________]
Primary Contact Name	[________________________________]
Contact Email	[________________________________]
Contact Phone	[________________________________]

RECITALS

WHEREAS, Provider is engaged in the business of providing cloud-based software as a service solutions and related professional services;

WHEREAS, Customer desires to obtain access to and use of Provider's software platform and services for Customer's enterprise business operations;

WHEREAS, the parties wish to establish the terms and conditions under which Provider will make its services available to Customer;

WHEREAS, the parties intend that this Agreement shall be governed by and interpreted in accordance with the laws of the Commonwealth of Kentucky, including the Kentucky Consumer Data Protection Act (KRS 367.3611 et seq.) effective January 1, 2026;

NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

ARTICLE 1: DEFINITIONS

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.

1.2 "Authorized Users" means Customer's employees, contractors, consultants, and agents who are authorized by Customer to access and use the Services under the rights granted pursuant to this Agreement.

1.3 "Confidential Information" means all non-public information disclosed by one party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.

1.4 "Consumer Data" has the meaning set forth in the Kentucky Consumer Data Protection Act, KRS 367.3611 et seq., including personal data that identifies, relates to, or is reasonably capable of being associated with or linked to a Kentucky consumer.

1.5 "Controller" has the meaning set forth in KRS 367.3611, referring to a person that, alone or jointly with others, determines the purpose and means of processing personal data.

1.6 "Customer Data" means all electronic data, information, content, records, and files that Customer or Authorized Users upload, submit, store, transmit, or process through the Services.

1.7 "Documentation" means Provider's standard user guides, online help files, technical specifications, and other documentation related to the Services as updated from time to time.

1.8 "Downtime" means any period during which the Services are unavailable or materially impaired, excluding Scheduled Maintenance and Excused Downtime.

1.9 "Effective Date" means the date first written above or the date both parties have executed this Agreement, whichever is later.

1.10 "Excused Downtime" means unavailability caused by: (a) Customer's acts or omissions; (b) failures of Customer's equipment, software, or network connections; (c) third-party services outside Provider's control; (d) force majeure events; or (e) suspension pursuant to Section 6.4.

1.11 "Fees" means all amounts payable by Customer to Provider as set forth in this Agreement and any applicable Order Form.

1.12 "Initial Term" means the initial subscription period specified in the Order Form.

1.13 "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets, and other intellectual property rights recognized under the laws of any jurisdiction worldwide.

1.14 "KCDPA" means the Kentucky Consumer Data Protection Act, KRS 367.3611 through 367.3629, effective January 1, 2026, including any amendments thereto.

1.15 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, adware, or other harmful or malicious code, files, scripts, agents, or programs.

1.16 "Monthly Uptime Percentage" means the total minutes in a calendar month minus minutes of Downtime, divided by total minutes in the month, expressed as a percentage.

1.17 "Order Form" means an ordering document specifying the Services, subscription levels, Fees, and other commercial terms, executed by both parties and incorporated herein.

1.18 "Personal Information" means an individual's first name or first initial and last name in combination with one or more data elements as defined in KRS 365.732, including Social Security number, driver's license number, or financial account number with required security codes.

1.19 "Processor" has the meaning set forth in KRS 367.3611, referring to a person that processes personal data on behalf of a controller.

1.20 "Professional Services" means implementation, configuration, customization, training, integration, and consulting services provided by Provider as specified in an Order Form or Statement of Work.

1.21 "Renewal Term" means each successive subscription period following the Initial Term.

1.22 "Scheduled Maintenance" means planned maintenance of the Services performed during designated maintenance windows with advance notice to Customer.

1.23 "Security Incident" means any unauthorized access to, acquisition of, or disclosure of Customer Data, or any breach or potential breach of Provider's security measures.

1.24 "Sensitive Data" has the meaning set forth in KRS 367.3611, including data revealing racial or ethnic origin, religious beliefs, health diagnosis, sexual orientation, citizenship status, genetic or biometric data, personal data of a known child, and precise geolocation data.

1.25 "Services" means Provider's proprietary cloud-based software platform and related services described in the applicable Order Form, including all updates, enhancements, and new features made generally available.

1.26 "Service Level Agreement" or "SLA" means the service level commitments set forth in Article 4.

1.27 "Statement of Work" or "SOW" means a document describing Professional Services, deliverables, timelines, and associated fees.

1.28 "Subscription Term" means collectively the Initial Term and all Renewal Terms.

1.29 "Third-Party Components" means software, data, services, or content provided by third parties that are incorporated into or used in connection with the Services.

1.30 "Trade Secret" has the meaning set forth in KRS 365.880, including information such as formulas, patterns, compilations, programs, devices, methods, techniques, or processes that derive independent economic value from not being generally known and are subject to reasonable secrecy efforts.

1.31 "User Account" means the unique login credentials and account established for each Authorized User.

ARTICLE 2: SUBSCRIPTION AND ACCESS RIGHTS

2.1 Grant of Rights

Subject to Customer's compliance with this Agreement and payment of all Fees, Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to:

(a) Access and use the Services for Customer's internal business operations;

(b) Permit Authorized Users to access and use the Services in accordance with this Agreement;

(d) Store, process, and retrieve Customer Data through the Services.

2.2 Subscription Tiers

Customer's subscription shall be as specified in the Order Form:

☐ Standard Enterprise - Up to [____] Authorized Users
☐ Professional Enterprise - Up to [____] Authorized Users
☐ Premium Enterprise - Up to [____] Authorized Users
☐ Unlimited Enterprise - Unlimited Authorized Users
☐ Custom Configuration - As specified: [________________________________]

2.3 User Account Administration

(a) Customer shall designate at least one (1) administrator to manage User Accounts and access permissions.

(b) Customer is responsible for maintaining the confidentiality of all User Account credentials.

(d) User Accounts are for designated individuals only and may not be shared among multiple persons.

2.4 Authorized User Categories

☐ Named Users - Identified individuals assigned specific User Accounts
☐ Concurrent Users - Maximum simultaneous users: [____]
☐ Site License - All employees at specified locations
☐ Enterprise-Wide - All employees and authorized contractors
☐ Other: [________________________________]

2.5 Affiliate Usage

☐ Customer's Affiliates are authorized to use the Services under this Agreement
☐ Customer's Affiliates must execute separate Order Forms
☐ Affiliate usage is not permitted

If Affiliate usage is permitted:

(a) Customer shall ensure Affiliate compliance with all Agreement terms;

(b) Customer remains liable for Affiliate acts and omissions;

ARTICLE 3: PROFESSIONAL SERVICES AND SUPPORT

3.1 Implementation Services

Provider shall provide the following implementation services:

☐ Standard Implementation
- System configuration and setup
- Data migration assistance (up to [____] GB)
- Basic integration configuration
- Administrator training (up to [____] hours)
- Go-live support

☐ Premium Implementation
- All Standard Implementation services
- Custom workflow configuration
- Advanced integration development
- Extended training program (up to [____] hours)
- Dedicated implementation manager
- Post-go-live optimization review

☐ Custom Implementation - Per attached Statement of Work

Implementation Timeline: [________________________________]

3.2 Support Tiers

Customer's support tier:

☐ Standard Support
- Business hours support: Monday-Friday, 8:00 AM - 6:00 PM Eastern Time
- Email and ticket-based support
- Response time targets per Section 3.3
- Access to online knowledge base
- Quarterly system health checks

☐ Premium Support
- Extended hours support: Monday-Friday, 7:00 AM - 9:00 PM Eastern Time
- Saturday support: 9:00 AM - 5:00 PM Eastern Time
- Email, ticket, and phone support
- Enhanced response time targets
- Designated support representative
- Monthly system health checks
- Priority escalation path

☐ Enterprise Support
- 24/7/365 support coverage
- Dedicated support team
- Direct phone line access
- Fastest response time guarantees
- Named Technical Account Manager
- Weekly system health reviews
- Quarterly business reviews
- Priority feature request consideration

3.3 Response Time Targets

Severity Level	Description	Standard Support	Premium Support	Enterprise Support
Critical (S1)	Complete system outage; all users affected	4 hours	2 hours	30 minutes
High (S2)	Major functionality impaired; significant user impact	8 hours	4 hours	1 hour
Medium (S3)	Partial functionality affected; workaround available	24 hours	12 hours	4 hours
Low (S4)	Minor issues; questions; enhancement requests	72 hours	48 hours	24 hours

3.4 Training Services

☐ Provider shall provide the following training:

Training Type	Format	Duration	Participants
Administrator Training	[________________________________]	[____] hours	[____]
End User Training	[________________________________]	[____] hours	[____]
Advanced Feature Training	[________________________________]	[____] hours	[____]
Custom Training	[________________________________]	[____] hours	[____]

ARTICLE 4: SERVICE LEVEL AGREEMENT

4.1 Uptime Commitment

Provider commits to the following Monthly Uptime Percentage during each calendar month:

☐ 99.5% Monthly Uptime
☐ 99.9% Monthly Uptime
☐ 99.95% Monthly Uptime
☐ 99.99% Monthly Uptime
☐ Other: [____]%

4.2 Uptime Calculation

Monthly Uptime Percentage = ((Total Minutes in Month - Downtime Minutes) / Total Minutes in Month) x 100

Downtime is measured from when Provider confirms a system-wide outage or when automated monitoring detects unavailability, whichever is earlier.

4.3 Scheduled Maintenance Windows

(a) Standard Maintenance Window: [________________________________]

(b) Provider shall provide at least [____] hours advance notice for scheduled maintenance.

(d) Emergency maintenance may be performed without advance notice when necessary to address critical security issues or prevent imminent harm.

4.4 Service Credits

If Provider fails to meet the Monthly Uptime Percentage commitment, Customer shall be entitled to Service Credits as follows:

Monthly Uptime Percentage	Service Credit (% of Monthly Fee)
99.0% - Below Commitment	10%
98.0% - 98.99%	25%
95.0% - 97.99%	50%
Below 95.0%	100%

4.5 Service Credit Limitations

(a) Service Credits are Customer's sole and exclusive remedy for Provider's failure to meet the SLA.

(b) Service Credits shall not exceed 100% of the monthly Fees for the affected month.

(d) Customer must request Service Credits within thirty (30) days of the end of the affected month.

4.6 Performance Monitoring

(a) Provider shall maintain real-time monitoring of Services availability.

(b) Provider shall make uptime statistics available to Customer through [________________________________].

4.7 Chronic Failure

If Provider fails to meet the Monthly Uptime Percentage commitment for [____] consecutive months or [____] months in any twelve (12) month period, Customer may terminate this Agreement upon thirty (30) days written notice without penalty and receive a pro-rata refund of prepaid Fees.

ARTICLE 5: DATA HANDLING, SECURITY, AND KENTUCKY DATA PRIVACY

5.1 Customer Data Ownership

(a) As between the parties, Customer retains all right, title, and interest in and to Customer Data.

(b) Provider acquires no rights to Customer Data except the limited license to process Customer Data as necessary to provide the Services.

5.2 Data Processing

Provider shall:

(a) Process Customer Data only as necessary to provide the Services and as instructed by Customer;

(b) Not access, use, or disclose Customer Data except as required for Service delivery, security, or as compelled by law;

(d) Ensure personnel with access to Customer Data are bound by confidentiality obligations.

5.3 Kentucky Consumer Data Protection Act (KCDPA) Compliance

IMPORTANT: The KCDPA (KRS 367.3611 et seq.) became effective January 1, 2026. The following provisions apply to the extent the Services involve processing personal data of Kentucky consumers.

(a) Controller/Processor Relationship. To the extent Provider processes personal data on behalf of Customer as a Processor under the KCDPA, Provider shall:
- Process personal data only in accordance with Customer's documented instructions;
- Ensure that each person processing personal data is subject to a duty of confidentiality;
- Implement appropriate technical and organizational security measures;
- Assist Customer in responding to consumer rights requests under KRS 367.3615;
- Make available all information necessary to demonstrate KCDPA compliance.

(b) Consumer Rights. Customer acknowledges that Kentucky consumers have the right to:
- Confirm whether their personal data is being processed;
- Access their personal data;
- Correct inaccuracies in their personal data;
- Delete personal data provided by or obtained about the consumer;
- Obtain a portable copy of personal data;
- Opt out of the sale of personal data, targeted advertising, and profiling.

(c) Sensitive Data. Provider shall not process Sensitive Data without Customer's prior written authorization and in accordance with the opt-in consent requirements of the KCDPA.

(d) Data Protection Assessment. Customer shall conduct data protection impact assessments as required by the KCDPA for processing activities that present a heightened risk of harm. Provider shall cooperate with such assessments upon reasonable request.

(e) Enforcement. The parties acknowledge that the KCDPA is exclusively enforced by the Kentucky Attorney General with a permanent 30-day cure period and penalties up to $7,500 per violation.

5.4 Data Location

☐ Customer Data shall be stored and processed within the United States
☐ Customer Data shall be stored and processed within: [________________________________]
☐ Customer Data may be stored and processed in any Provider data center location
☐ Customer Data location restrictions: [________________________________]

5.5 Information Security Program

Provider shall implement and maintain a comprehensive written information security program including:

(a) Risk Assessment: Regular identification and assessment of reasonably foreseeable internal and external threats to Customer Data security;

(b) Safeguards: Implementation of safeguards to control identified risks, including:
- Encryption of Customer Data in transit and at rest using industry-standard protocols
- Multi-factor authentication for administrative access
- Network security controls including firewalls, intrusion detection, and prevention systems
- Regular vulnerability scanning and penetration testing
- Secure software development practices

(d) Employee Training: Regular security awareness training for all personnel with access to Customer Data;

(e) Incident Response: Written incident response plan addressing detection, containment, investigation, and notification procedures;

(f) Business Continuity: Disaster recovery and business continuity procedures.

5.6 Security Certifications and Audits

Provider maintains or shall obtain the following certifications:

☐ SOC 2 Type II
☐ ISO 27001
☐ ISO 27017
☐ ISO 27018
☐ HITRUST CSF
☐ FedRAMP (Authorization Level: [____])
☐ PCI DSS (if processing payment data)
☐ Other: [________________________________]

5.7 Data Breach Notification - Kentucky Requirements

In the event of a breach of security requiring notification under KRS 365.732:

(a) Provider shall notify Customer in the most expedient time possible and without unreasonable delay after determining a breach has occurred;

(b) The notice shall include the nature and scope of the breach, types of Personal Information potentially compromised, and measures taken to address the breach;

(c) Provider shall cooperate with Customer in fulfilling notification obligations to affected Kentucky residents, including written notice, telephonic notice, or electronic notice as permitted by statute;

(d) Provider shall bear the costs of notification and credit monitoring services if the breach results from Provider's negligence or failure to comply with this Agreement;

(e) Notification may be delayed only if a law enforcement agency determines that notification would impede a criminal investigation, and shall proceed once law enforcement confirms notification will not compromise the investigation.

5.8 Subprocessors

(a) Provider may engage subprocessors to assist in providing the Services, provided:
- Subprocessors are bound by data protection obligations no less protective than this Agreement
- Provider remains liable for subprocessor compliance
- Provider maintains an updated list of subprocessors

(b) Provider shall notify Customer of any material changes to subprocessors at least [____] days in advance.

(c) Customer may object to new subprocessors; if Provider proceeds over Customer's objection, Customer may terminate without penalty.

5.9 Data Backup and Recovery

(a) Provider shall perform [________________________________] backups of Customer Data.

(b) Backups shall be retained for [____] days.

(d) Provider shall test backup restoration procedures at least [________________________________].

ARTICLE 6: ACCEPTABLE USE AND RESTRICTIONS

6.1 Acceptable Use Policy

Customer and Authorized Users shall:

(a) Use the Services only for lawful purposes and in compliance with all applicable laws, including the KCDPA;

(b) Comply with all Documentation and Provider's reasonable usage policies;

(d) Promptly report any suspected security breaches or unauthorized access.

6.2 Prohibited Activities

Customer and Authorized Users shall not:

(a) License, sublicense, sell, resell, rent, lease, transfer, assign, or distribute the Services to third parties;

(b) Modify, copy, or create derivative works based on the Services or Documentation;

(d) Access the Services to build a competitive product or service;

(e) Use the Services to store or transmit Malicious Code;

(f) Interfere with or disrupt the integrity or performance of the Services;

(g) Attempt to gain unauthorized access to the Services or related systems;

(h) Use the Services in violation of any third party's intellectual property or privacy rights;

(i) Exceed licensed usage limits or circumvent usage restrictions;

(j) Remove, alter, or obscure any proprietary notices on the Services.

6.3 Suspension

Provider may suspend Customer's access to the Services:

(a) If Customer's use poses a security threat to Provider or other customers;

(b) If Customer is in material breach of this Agreement and fails to cure within [____] days after notice;

(d) For non-payment of undisputed Fees more than [____] days past due.

Provider shall provide advance notice of suspension when practicable and shall restore access promptly when the grounds for suspension are resolved.

ARTICLE 7: FEES AND PAYMENT

7.1 Subscription Fees

Customer shall pay the following subscription Fees:

Description	Amount	Billing Frequency
Base Subscription Fee	$[________________________________]	☐ Monthly ☐ Quarterly ☐ Annually
Per User Fee	$[________________________________] per user	☐ Monthly ☐ Quarterly ☐ Annually
Data Storage (above included amount)	$[________________________________] per GB	☐ Monthly ☐ Quarterly ☐ Annually
API Calls (above included amount)	$[________________________________] per 1,000 calls	☐ Monthly ☐ Quarterly ☐ Annually
Additional Modules/Features	$[________________________________]	☐ Monthly ☐ Quarterly ☐ Annually

7.2 Professional Services Fees

Service	Rate/Fee	Estimate
Implementation Services	$[________________________________]	[________________________________]
Training Services	$[________________________________] per hour/day	[________________________________]
Custom Development	$[________________________________] per hour	[________________________________]
Consulting Services	$[________________________________] per hour	[________________________________]
On-Site Services	$[________________________________] per day plus expenses	[________________________________]

7.3 Payment Terms

(a) Invoicing: Provider shall invoice Customer:
☐ In advance for each billing period
☐ Upon execution of this Agreement for the first year
☐ According to payment milestones in the Order Form
☐ Other: [________________________________]

(b) Payment Due: All invoices are due and payable within [____] days of invoice date.

(c) Payment Method:
☐ ACH/Wire Transfer
☐ Credit Card (subject to processing fees of [____]%)
☐ Check
☐ Other: [________________________________]

7.4 Taxes - Kentucky SaaS Taxability

(a) Kentucky Sales Tax. As of January 1, 2023, Kentucky imposes a six percent (6%) state sales tax on prewritten computer software, including SaaS, regardless of the method of delivery. Provider shall collect and remit applicable Kentucky sales tax unless Customer provides a valid exemption certificate.

(b) All Fees are exclusive of taxes unless otherwise stated.

(d) Customer shall provide valid Kentucky Form 51A105 (Resale Certificate) or 51A126 (Certificate of Exemption) if applicable.

(e) Provider is responsible for taxes based on Provider's income.

(f) Economic Nexus. Provider represents that it has determined its Kentucky sales tax collection obligations based on gross receipts exceeding $100,000 or 200 or more separate transactions in the previous or current calendar year.

7.5 Late Payment

(a) Late payments shall bear interest at the rate of eight percent (8%) per annum as provided under KRS 360.010, unless a different rate is specified in the applicable Order Form, provided such rate does not exceed the maximum permitted by Kentucky law.

(b) Customer shall reimburse Provider's reasonable collection costs, including attorneys' fees.

7.6 Fee Disputes

(a) Customer shall notify Provider of any disputed charges within [____] days of invoice date.

(b) Customer shall pay all undisputed amounts by the due date.

(d) Provider shall not suspend Services for amounts subject to a bona fide dispute.

7.7 Price Increases

(a) Fees are fixed for the Initial Term.

(b) Provider may increase Fees for Renewal Terms by providing written notice at least [____] days before the Renewal Term.

ARTICLE 8: INTELLECTUAL PROPERTY

8.1 Provider Intellectual Property

(a) Provider retains all right, title, and interest in and to the Services, Documentation, and all related intellectual property, including:
- Software code, architecture, and design
- Algorithms, processes, and methodologies
- User interfaces and user experience designs
- Trade Secrets as defined under KRS 365.880
- All improvements, modifications, and derivative works

(b) No license or right is granted except as expressly set forth herein.

8.2 Customer Intellectual Property

(a) Customer retains all right, title, and interest in and to Customer Data and Customer's pre-existing intellectual property.

(b) Customer grants Provider a limited, non-exclusive license to use Customer Data solely as necessary to provide the Services.

8.3 Feedback

(a) If Customer provides suggestions, ideas, or feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or compensation.

(b) Customer hereby assigns to Provider all rights in any Feedback.

8.4 Aggregated Data

(a) Provider may collect and analyze aggregated, anonymized data derived from Customer's use of the Services that does not identify Customer or any individual ("Aggregated Data").

(b) Provider may use Aggregated Data to improve the Services, develop new products, and for other lawful business purposes.

(d) KCDPA Note: Aggregated Data must be de-identified in accordance with the KCDPA standards and Provider shall not attempt to re-identify such data.

8.5 Custom Development

For any custom development performed under this Agreement:

☐ Provider Ownership: Provider owns all custom developments; Customer receives a license to use
☐ Customer Ownership: Customer owns all custom developments; Provider receives a license to incorporate into Services
☐ Joint Ownership: Parties jointly own custom developments
☐ Work Made for Hire: Custom developments are works made for hire owned by Customer
☐ As Specified: Ownership determined per individual Statement of Work

ARTICLE 9: CONFIDENTIALITY

9.1 Confidentiality Obligations

Each party agrees to:

(a) Maintain the confidentiality of the other party's Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care;

(b) Not disclose Confidential Information to any third party except as expressly permitted herein;

(d) Limit access to Confidential Information to employees, contractors, and agents with a need to know who are bound by confidentiality obligations.

9.2 Exclusions

Confidential Information does not include information that:

(a) Is or becomes publicly available through no fault of the receiving party;

(b) Was rightfully known to the receiving party without restriction before disclosure;

(d) Is independently developed without use of Confidential Information.

9.3 Permitted Disclosures

A party may disclose Confidential Information:

(a) To its professional advisors bound by professional confidentiality obligations;

(b) As required by law, regulation, or court order, provided the disclosing party gives prompt notice (if legally permitted) to allow the other party to seek protective measures;

9.4 Trade Secret Protection Under Kentucky Law

(a) The parties acknowledge that certain Confidential Information may constitute Trade Secrets under the Kentucky Uniform Trade Secrets Act, KRS 365.880 et seq.

(b) Each party agrees to maintain reasonable measures to preserve the secrecy of Trade Secrets as required by KRS 365.880.

(c) The parties acknowledge that misappropriation of Trade Secrets may give rise to injunctive relief, damages including unjust enrichment, and in cases of willful and malicious misappropriation, exemplary damages not exceeding twice the compensatory amount under KRS 365.884.

(d) The statute of limitations for misappropriation claims under the Kentucky UTSA is five (5) years from the date the misappropriation is discovered or should have been discovered (KRS 365.892).

9.5 Duration

Confidentiality obligations shall survive termination of this Agreement for a period of [____] years, except that obligations regarding Trade Secrets shall continue for as long as the information qualifies as a Trade Secret under applicable law.

ARTICLE 10: WARRANTIES

10.1 Provider Warranties

Provider warrants that:

(a) Performance Warranty: The Services will perform materially in accordance with the Documentation during the Subscription Term;

(b) Authority: Provider has full power and authority to enter into this Agreement and grant the rights herein;

(c) Non-Infringement: To Provider's knowledge, the Services do not infringe any third party's intellectual property rights;

(d) Malicious Code: The Services will not contain Malicious Code introduced by Provider;

(e) Compliance: Provider will comply with all laws applicable to Provider's provision of the Services, including the KCDPA;

(f) Personnel: Provider's personnel performing Professional Services will have the necessary skills and qualifications;

(g) Security: Provider will maintain the security program described in Article 5.

10.2 Customer Warranties

Customer warrants that:

(a) Customer has full power and authority to enter into this Agreement;

(b) Customer owns or has the right to provide Customer Data to Provider;

(d) Customer will use the Services in compliance with this Agreement and applicable law.

10.3 Warranty Remedies

For breach of Provider's Performance Warranty:

(a) Customer shall notify Provider of any warranty claim within [____] days of discovery;

(b) Provider shall use commercially reasonable efforts to correct the non-conformity;

(c) If Provider cannot correct the non-conformity within [____] days, Customer may terminate the affected Services and receive a pro-rata refund.

10.4 Disclaimer of Warranties

EXCEPT FOR THE EXPRESS WARRANTIES IN THIS ARTICLE, TO THE MAXIMUM EXTENT PERMITTED BY KRS 355.2-316:

(a) PROVIDER MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT;

(b) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE;

(d) ANY THIRD-PARTY COMPONENTS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.

KENTUCKY UCC NOTE: Pursuant to KRS 355.2-316, to effectively disclaim the implied warranty of merchantability, the disclaimer must mention "merchantability" and, if in writing, must be conspicuous. To disclaim the implied warranty of fitness for a particular purpose, the disclaimer must be in writing and conspicuous.

ARTICLE 11: INDEMNIFICATION

11.1 Provider Indemnification

Provider shall defend, indemnify, and hold harmless Customer, its Affiliates, and their respective officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

(a) Allegations that the Services infringe any United States patent, copyright, trademark, or misappropriate any trade secret;

(b) Provider's gross negligence or willful misconduct;

(d) Provider's violation of applicable law, including the KCDPA, in its provision of the Services.

11.2 IP Indemnification Exclusions

Provider's indemnification obligations do not apply to claims arising from:

(a) Modifications to the Services made by Customer without Provider's authorization;

(b) Combination of the Services with products, services, or data not provided by Provider;

(d) Customer Data or Customer's specifications that caused the alleged infringement;

(e) Use of a non-current version of the Services if infringement would have been avoided by using the current version.

11.3 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Provider, its Affiliates, and their respective officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

(a) Customer Data, including claims that Customer Data infringes or violates third-party rights;

(b) Customer's breach of the Acceptable Use Policy;

(d) Customer's violation of applicable law in its use of the Services.

11.4 Indemnification Procedures

The indemnified party shall:

(a) Provide prompt written notice of any claim (failure to provide prompt notice shall not relieve the indemnifying party except to the extent materially prejudiced);

(b) Grant the indemnifying party sole control of the defense and settlement;

(d) Not settle any claim without the indemnifying party's prior written consent.

11.5 Kentucky Indemnification Standards

In accordance with Kentucky law, the parties acknowledge that:

(a) Indemnification provisions must be clear and unequivocal to be enforceable;

(b) This Agreement does not purport to require either party to indemnify the other for claims arising from the indemnified party's sole negligence;

(c) Each party's indemnification obligations are limited to claims arising from the matters expressly described in this Article.

ARTICLE 12: LIMITATION OF LIABILITY

12.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY KRS 355.2-719 AND APPLICABLE KENTUCKY LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, LOST REVENUES, LOST DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, OR COST OF PROCUREMENT OF SUBSTITUTE SERVICES, ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE) AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

12.2 Liability Cap

EXCEPT AS PROVIDED IN SECTION 12.3, EACH PARTY'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED:

☐ The total Fees paid or payable by Customer during the twelve (12) months preceding the claim
☐ The total Fees paid or payable by Customer during the twenty-four (24) months preceding the claim
☐ $[________________________________]
☐ Other: [________________________________]

12.3 Exceptions to Limitations

The limitations in Sections 12.1 and 12.2 shall not apply to:

(a) Either party's indemnification obligations under Article 11;

(b) Either party's breach of confidentiality obligations under Article 9;

(d) Claims arising from a party's gross negligence or willful misconduct;

(e) Claims arising from Provider's breach of its data security obligations resulting in unauthorized disclosure of Customer Data;

(f) Claims arising from Provider's unauthorized use or disclosure of Customer Data beyond the scope permitted by this Agreement.

12.4 Kentucky Enforceability Note

PRACTITIONER NOTE: Under Kentucky law, exculpatory clauses are strictly construed against the party relying on them. Limitation of liability clauses must clearly and specifically set forth the scope of the limitation. General or vague "catch all" exculpatory language will not be enforced. A party cannot contractually limit liability for willful or wanton misconduct.

12.5 Acknowledgment

THE PARTIES ACKNOWLEDGE THAT THE LIMITATIONS OF LIABILITY IN THIS ARTICLE REFLECT A REASONABLE ALLOCATION OF RISK AND ARE A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES.

ARTICLE 13: TERM, RENEWAL, AND TERMINATION

13.1 Initial Term

This Agreement shall commence on the Effective Date and continue for an Initial Term of:

☐ One (1) year
☐ Two (2) years
☐ Three (3) years
☐ Other: [________________________________]

13.2 Renewal

(a) This Agreement shall automatically renew for successive Renewal Terms of [________________________________] unless either party provides written notice of non-renewal at least [____] days before the end of the then-current term.

(b) Customer may terminate at any time for convenience by providing [____] days written notice, subject to payment of:
☐ All Fees through the end of the then-current term
☐ Early termination fee of [________________________________]
☐ No early termination fee
☐ Other: [________________________________]

13.3 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if:

(a) The other party materially breaches this Agreement and fails to cure within [____] days after written notice;

(b) The other party becomes insolvent, files for bankruptcy, or makes an assignment for the benefit of creditors;

13.4 Effect of Expiration or Termination

Upon expiration or termination of this Agreement:

(a) All rights and licenses granted to Customer shall immediately terminate;

(b) Customer shall immediately cease all use of the Services;

(d) Each party shall return or destroy Confidential Information as directed by the disclosing party;

(e) Provisions that by their nature should survive shall continue in effect.

13.5 Kentucky Statute of Limitations

The parties acknowledge that under KRS 413.160, actions on written contracts executed on or after July 15, 2014 are subject to a ten (10) year statute of limitations. For contracts executed prior to that date, the fifteen (15) year limitation under KRS 413.090 applies.

ARTICLE 14: DATA PORTABILITY AND TRANSITION SERVICES

14.1 Data Export During Subscription

During the Subscription Term, Customer may export Customer Data at any time through:

☐ Self-service export functionality within the Services
☐ API access for programmatic data retrieval
☐ Provider-assisted export upon request
☐ Other: [________________________________]

14.2 Data Export Format

Customer Data shall be made available in the following formats:

☐ CSV (Comma-Separated Values)
☐ JSON (JavaScript Object Notation)
☐ XML (Extensible Markup Language)
☐ Native application format
☐ Database dump (SQL format)
☐ Other: [________________________________]

14.3 Transition Assistance

Upon expiration or termination, Provider shall:

(a) Provide Customer access to export Customer Data for a period of [____] days following the termination effective date;

(b) Provide reasonable assistance with data migration at Provider's then-current Professional Services rates;

14.4 Data Deletion

(a) Upon Customer's written request following the transition period, Provider shall:
- Delete all Customer Data from production systems within [____] days
- Delete Customer Data from backup systems within [____] days or upon normal backup rotation

(b) Provider shall provide written certification of deletion upon Customer's request.

ARTICLE 15: INSURANCE REQUIREMENTS

15.1 Required Insurance

Provider shall maintain the following insurance coverages during the Subscription Term and for [____] years thereafter:

Coverage Type	Minimum Limit	Requirements
Commercial General Liability	$[________________________________] per occurrence / $[________________________________] aggregate	Including products/completed operations
Professional Liability/E&O	$[________________________________] per claim / $[________________________________] aggregate	Covering technology professional services
Cyber Liability/Data Breach	$[________________________________] per incident / $[________________________________] aggregate	Including network security, privacy liability, breach response
Workers' Compensation	Statutory limits	As required by Kentucky law
Employer's Liability	$[________________________________]	Per accident and disease
Umbrella/Excess Liability	$[________________________________]	Excess of primary coverages

15.2 Insurance Requirements

(a) All insurance shall be provided by carriers with an A.M. Best rating of A- or better;

(b) Provider shall provide certificates of insurance upon Customer's request;

(d) Provider shall provide at least thirty (30) days advance notice of cancellation or material change;

(e) Commercial General Liability and Umbrella policies shall name Customer as an additional insured.

ARTICLE 16: DISPUTE RESOLUTION

16.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Kentucky, without regard to its conflict of laws principles.

16.2 Venue and Jurisdiction

The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in:

☐ Jefferson County, Kentucky (Louisville)
☐ Fayette County, Kentucky (Lexington)
☐ Franklin County, Kentucky (Frankfort)
☐ [________________________________] County, Kentucky

Each party waives any objection to such jurisdiction and venue, including inconvenient forum.

16.3 Dispute Resolution Process

Before initiating litigation, the parties agree to the following escalation process:

Step 1 - Informal Resolution: Representatives shall attempt to resolve disputes informally within [____] business days.

Step 2 - Executive Escalation: If unresolved, disputes shall be escalated to each party's executive officer (or designee) for resolution within [____] business days.

Step 3 - Mediation: If still unresolved, the parties shall participate in mediation administered by [________________________________] before commencing litigation. Mediation costs shall be shared equally.

☐ Step 4 - Arbitration (Optional):
If mediation is unsuccessful, disputes shall be resolved by binding arbitration administered by [________________________________] in accordance with its Commercial Arbitration Rules. The arbitration shall be conducted in [________________________________], Kentucky. Judgment on the award may be entered in any court of competent jurisdiction.

16.4 Jury Trial Waiver

TO THE FULLEST EXTENT PERMITTED BY KENTUCKY LAW, EACH PARTY HEREBY IRREVOCABLY AND UNCONDITIONALLY WAIVES ITS RIGHT TO A JURY TRIAL IN ANY ACTION, PROCEEDING, OR COUNTERCLAIM ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE TRANSACTIONS CONTEMPLATED HEREBY. THIS WAIVER IS KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY MADE BY EACH PARTY.

KENTUCKY NOTE: Kentucky courts generally enforce jury waiver provisions in commercial contracts between sophisticated parties when the waiver is knowing, voluntary, and intentional. This provision is drafted to meet those standards.

16.5 Injunctive Relief

Notwithstanding any dispute resolution procedures, either party may seek injunctive or other equitable relief from any court of competent jurisdiction to prevent irreparable harm pending resolution of disputes.

16.6 Prevailing Party

In any legal proceeding arising out of this Agreement, the prevailing party shall be entitled to recover its reasonable attorneys' fees and costs from the non-prevailing party.

ARTICLE 17: GENERAL PROVISIONS

17.1 Entire Agreement

This Agreement, including all Order Forms, Statements of Work, and exhibits, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior and contemporaneous agreements, proposals, and representations, whether written or oral.

17.2 Amendments

No amendment to this Agreement shall be effective unless in writing and signed by authorized representatives of both parties, in accordance with KRS 355.2-209 regarding contract modification.

17.3 Order of Precedence

In the event of conflict, the following order of precedence applies: (1) Order Forms; (2) Statements of Work; (3) this Agreement; (4) Documentation.

17.4 Assignment

Neither party may assign this Agreement without the other party's prior written consent, except that either party may assign to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets. Any purported assignment in violation of this Section is void.

17.5 Notices

Notices shall be in writing and delivered by certified mail, overnight courier, or email with confirmation, to the addresses set forth herein or as updated by notice.

Party	Notice Address
Provider	[________________________________]
	[________________________________]
	Email: [________________________________]
Customer	[________________________________]
	[________________________________]
	Email: [________________________________]

17.6 Force Majeure

Neither party shall be liable for failure or delay in performance due to causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, riots, government actions, pandemics, or failures of telecommunications or power. The affected party shall provide prompt notice and use reasonable efforts to mitigate. If force majeure continues for more than [____] days, either party may terminate affected Services without liability.

17.7 Waiver

No waiver of any right or remedy shall be effective unless in writing. No waiver shall constitute a waiver of any other or subsequent right or remedy.

17.8 Severability

If any provision of this Agreement is held invalid or unenforceable, the remaining provisions shall continue in effect. The parties shall negotiate in good faith to replace the invalid provision with a valid provision that achieves the original intent.

17.9 Independent Contractors

The parties are independent contractors. This Agreement does not create a partnership, joint venture, agency, or employment relationship.

17.10 Compliance with Laws

Each party shall comply with all applicable federal, state, and local laws, regulations, and ordinances in the performance of its obligations under this Agreement, including the KCDPA and the Kentucky Consumer Protection Act (KRS 367.110 et seq.).

17.11 Electronic Signatures

In accordance with KRS 369.101 et seq. (Kentucky Uniform Electronic Transactions Act):

(a) This Agreement may be executed electronically;

(b) Electronic signatures have the same legal effect as original signatures;

17.12 Counterparts

This Agreement may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one instrument.

17.13 Construction

This Agreement shall be construed without regard to any presumption against the party that drafted it. Headings are for convenience only and do not affect interpretation.

ARTICLE 18: EXECUTION

By signing below, the parties acknowledge that they have read, understand, and agree to be bound by all terms and conditions of this Agreement.

PRE-EXECUTION CHECKLIST

Provider Verification:
☐ All Order Forms completed and attached
☐ Pricing confirmed and documented
☐ Service level commitments confirmed
☐ Security certifications current
☐ Insurance certificates available
☐ Implementation timeline established
☐ KCDPA compliance measures in place
☐ Legal review completed
☐ Authority to sign verified

Customer Verification:
☐ Business requirements documented
☐ Technical requirements reviewed
☐ Security requirements addressed
☐ Compliance requirements satisfied (including KCDPA)
☐ Budget approval obtained
☐ Internal stakeholder approval obtained
☐ Legal review completed
☐ Authority to sign verified

SIGNATURE PAGE

PROVIDER

[________________________________]

Field	Information
Signature	________________________________________________
Printed Name	[________________________________]
Title	[________________________________]
Date	[__/__/____]

CUSTOMER

[________________________________]

Field	Information
Signature	________________________________________________
Printed Name	[________________________________]
Title	[________________________________]
Date	[__/__/____]

EXHIBIT A: ORDER FORM

Order Form Number: [________________________________]

Order Form Effective Date: [__/__/____]

Services Ordered

Service/Module	Description	Quantity	Unit Price	Total
[________________________________]	[________________________________]	[____]	$[________]	$[________]
[________________________________]	[________________________________]	[____]	$[________]	$[________]
[________________________________]	[________________________________]	[____]	$[________]	$[________]
[________________________________]	[________________________________]	[____]	$[________]	$[________]

Subscription Details

Field	Value
Initial Term	[________________________________]
Renewal Term	[________________________________]
Billing Frequency	☐ Monthly ☐ Quarterly ☐ Annually
Payment Terms	Net [____] days
Support Tier	☐ Standard ☐ Premium ☐ Enterprise
Uptime Commitment	[____]%

Pricing Summary

Category	Amount
Annual Subscription Fees	$[________________________________]
One-Time Implementation Fees	$[________________________________]
Annual Support Fees (if separate)	$[________________________________]
Total First Year Investment	$[________________________________]

PROVIDER: ___________________________ Date: [__/__/____]

CUSTOMER: ___________________________ Date: [__/__/____]

EXHIBIT B: DATA PROCESSING ADDENDUM

B.1 Scope

This Data Processing Addendum ("DPA") supplements the Agreement with respect to Provider's processing of Personal Information and Consumer Data on behalf of Customer, including compliance with the KCDPA.

B.2 KCDPA Processing Terms

(a) Provider, as Processor, shall process personal data only as instructed by Customer (Controller);

(b) Provider shall ensure all persons processing personal data are subject to a duty of confidentiality;

(d) Provider shall assist Customer in responding to consumer rights requests (access, correction, deletion, portability, opt-out) within the timeframes required by the KCDPA;

(e) Provider shall delete or return all personal data upon termination;

(f) Provider shall make available all information necessary to demonstrate KCDPA compliance;

(g) Provider shall allow and contribute to reasonable audits by Customer.

B.3 Subprocessors

(a) Customer authorizes Provider to engage subprocessors listed at: [________________________________]

(b) Provider shall notify Customer of subprocessor changes [____] days in advance.

B.4 Data Transfers

If Personal Information is transferred outside the United States, Provider shall ensure appropriate safeguards are in place.

EXHIBIT C: SERVICE LEVEL AGREEMENT DETAILS

C.1 Availability Measurement

Provider measures availability using [________________________________].

C.2 Excluded Events

The following are excluded from availability calculations:

☐ Scheduled maintenance within designated windows
☐ Emergency maintenance for security issues
☐ Customer-caused issues
☐ Third-party service failures
☐ Force majeure events
☐ Network issues outside Provider's control

C.3 Maintenance Schedule

Maintenance Type	Window	Frequency	Notice Required
Standard Maintenance	[________________________________]	[________]	[____] hours
Major Updates	[________________________________]	[________]	[____] days
Emergency Maintenance	As needed	As needed	Best efforts

C.4 Monitoring and Reporting

Provider shall:

(a) Monitor Services availability 24/7/365;

(b) Provide real-time status at: [________________________________];

(d) Alert Customer of outages within [____] minutes.

EXHIBIT D: ACCEPTABLE USE POLICY

D.1 Permitted Use

The Services may be used for lawful business purposes consistent with the Documentation and this Agreement.

D.2 Prohibited Content

Customer shall not use the Services to store, process, or transmit content that:

(a) Violates any applicable law, regulation, or third-party right;

(b) Contains Malicious Code;

(d) Infringes intellectual property rights.

D.3 Capacity Limits

Customer shall not exceed the licensed capacity specified in the applicable Order Form without prior agreement and payment of additional Fees.

PRACTITIONER NOTES FOR KENTUCKY

Key Kentucky-Specific Considerations

KCDPA Compliance (Effective January 1, 2026). The Kentucky Consumer Data Protection Act (KRS 367.3611 et seq.) requires controllers and processors of personal data of Kentucky consumers to comply with data minimization, purpose limitation, security, and consumer rights obligations. AG enforcement only, with a permanent 30-day cure period and fines up to $7,500 per violation.
SaaS Taxability. As of January 1, 2023, Kentucky taxes SaaS as prewritten computer software at a flat 6% state sales tax rate. No local sales taxes apply. Ensure proper tax collection and remittance provisions are addressed.
Interest Rate. The default legal interest rate under KRS 360.010 is 8% per annum. Parties may agree in writing to a higher rate. After default, the contractual rate applies unless no rate was specified.
Statute of Limitations. Written contracts executed on or after July 15, 2014 are subject to a 10-year limitation under KRS 413.160. Pre-July 2014 contracts have a 15-year limitation under KRS 413.090. UCC sales claims have a 4-year limitation under KRS 355.2-725.
Warranty Disclaimers. Under KRS 355.2-316, disclaimers of the implied warranty of merchantability must mention "merchantability" and must be conspicuous in writing. Fitness warranty disclaimers must be conspicuous and in writing.
Limitation of Liability. Kentucky courts strictly construe exculpatory clauses. The limitation must be clear and specific. Liability for willful or wanton misconduct cannot be contractually waived.
Trade Secrets. The Kentucky UTSA (KRS 365.880 et seq.) provides injunctive relief, compensatory damages, and exemplary damages up to 2x for willful and malicious misappropriation. The statute of limitations is 5 years.
Consumer Protection. The Kentucky Consumer Protection Act (KRS 367.110 et seq.) prohibits unfair, false, misleading, or deceptive practices. Violations may result in AG enforcement actions.
Jury Waiver. Kentucky courts generally enforce jury waiver provisions in commercial contracts between sophisticated parties when the waiver is knowing, voluntary, and intentional. Use conspicuous language and mutual waiver.
Data Breach Notification. KRS 365.732 requires notification in the most expedient time possible and without unreasonable delay. No specific number of days is mandated, but prompt action is expected.

This Enterprise Software as a Service Agreement template is designed for use in the Commonwealth of Kentucky and incorporates applicable Kentucky statutory requirements, including the Kentucky Consumer Data Protection Act effective January 1, 2026. Legal counsel should review this Agreement before execution to ensure compliance with current law and suitability for specific business needs.

AI Legal Assistant