SaaS Agreement (Enterprise) - Maryland

ENTERPRISE SOFTWARE AS A SERVICE AGREEMENT

(Maryland Jurisdiction)

TABLE OF CONTENTS

1. Document Header
2. Definitions
3. Grant of Rights; Access to Services
4. Customer Data and Privacy
5. Security
6. Service Levels
7. Fees and Payment
8. Term and Termination
9. Representations and Warranties
10. Limitation of Liability
11. Indemnification
12. Confidentiality
13. Intellectual Property
14. Dispute Resolution
15. General Provisions
16. Execution Block
17. Exhibits

1. DOCUMENT HEADER

1.1 Agreement. This Enterprise Software as a Service Agreement (the "Agreement"), including all Exhibits, Order Forms, and Statements of Work incorporated herein, is entered into as of [EFFECTIVE DATE] (the "Effective Date") by and between:

PROVIDER:
[PROVIDER LEGAL NAME], a [STATE OF FORMATION] [ENTITY TYPE]
Principal Place of Business: [ADDRESS]
("Provider")

CUSTOMER:
[CUSTOMER LEGAL NAME], a [STATE OF FORMATION] [ENTITY TYPE]
Principal Place of Business: [ADDRESS]
("Customer")

Provider and Customer are each referred to as a "Party" and collectively as the "Parties."

1.2 Recitals.

WHEREAS, Provider offers a cloud-based software application and related services;

WHEREAS, Customer desires to obtain access to such software and services for its business operations;

WHEREAS, the Parties wish to set forth the terms and conditions governing Customer's access to and use of the Services;

NOW, THEREFORE, in consideration of the mutual covenants and agreements herein and other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

2. DEFINITIONS

The following terms, when capitalized, have the meanings set forth below:

"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where "control" means ownership of more than fifty percent (50%) of the voting securities.

"Authorized Users" means Customer's employees, contractors, and agents who are authorized by Customer to access and use the Services under this Agreement.

"Confidential Information" means any non-public information disclosed by one Party to the other that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.

"Customer Data" means all data, content, and information that Customer or Authorized Users submit, upload, or transmit to the Services, including Personal Data.

"Documentation" means the user guides, training materials, and technical documentation made available by Provider describing the features, functionality, and use of the Services.

"Effective Date" has the meaning set forth in Section 1.1.

"Fees" means the amounts payable by Customer to Provider as set forth in the applicable Order Form.

"MODPA" means the Maryland Online Data Privacy Act, Md. Code Com. Law Title 14, Subtitle 46, as amended, effective October 1, 2025.

"Order Form" means an ordering document executed by both Parties specifying the Services, Fees, Subscription Term, and other transaction-specific terms.

"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable Data Protection Laws, including the Maryland Personal Information Protection Act and MODPA.

"Professional Services" means implementation, configuration, customization, training, integration, or consulting services provided by Provider pursuant to a Statement of Work.

"Security Incident" means any unauthorized access to, acquisition of, or disclosure of Customer Data, or any security breach affecting the Services.

"Services" means the software-as-a-service application(s) identified in the applicable Order Form, together with any updates, upgrades, and enhancements thereto.

"SLA" or "Service Level Agreement" means the service level commitments set forth in Exhibit B.

"Statement of Work" or "SOW" means a document executed by both Parties describing Professional Services to be performed.

"Subscription Term" means the period during which Customer has the right to access and use the Services, as specified in the applicable Order Form.

"Third-Party Materials" means software, data, content, or services provided by third parties that are integrated with or accessible through the Services.

3. GRANT OF RIGHTS; ACCESS TO SERVICES

3.1 License Grant. Subject to the terms of this Agreement and payment of Fees, Provider grants Customer a non-exclusive, non-transferable, limited right during the Subscription Term to:

(a) Access and use the Services for Customer's internal business purposes;

(b) Permit Authorized Users to access and use the Services; and

(c) Use the Documentation in connection with the Services.

3.2 Authorized Users. Customer may permit Authorized Users to access the Services up to the number of seats or users specified in the applicable Order Form. Customer is responsible for:

(a) Ensuring Authorized Users comply with this Agreement;

(b) Managing access credentials and preventing unauthorized access;

(c) All activities occurring under Authorized User accounts.

3.3 Affiliates. Customer may permit its Affiliates to use the Services under this Agreement, provided that:

(a) Such Affiliates agree to be bound by the terms of this Agreement;

(b) Customer remains responsible for each Affiliate's compliance; and

(c) Usage is within the scope of the applicable Order Form.

3.4 Restrictions. Customer shall not, and shall not permit any third party to:

(a) Sublicense, sell, resell, transfer, assign, or distribute the Services;

(b) Modify, copy, or create derivative works based on the Services;

(c) Reverse engineer, disassemble, decompile, or attempt to derive the source code of the Services, except to the extent expressly permitted by applicable law;

(d) Access the Services to build a competitive product or service;

(e) Use the Services beyond the scope granted in this Agreement;

(f) Remove or alter any proprietary notices on the Services;

(g) Use the Services in violation of applicable law or to transmit malicious code;

(h) Interfere with or disrupt the integrity or performance of the Services; or

(i) Attempt to gain unauthorized access to the Services or related systems.

3.5 Reservation of Rights. Provider reserves all rights not expressly granted herein. No implied licenses are granted.

3.6 Third-Party Materials. The Services may incorporate or integrate with Third-Party Materials. Customer's use of Third-Party Materials is subject to the applicable third-party terms.

4. CUSTOMER DATA AND PRIVACY

4.1 Ownership. As between the Parties, Customer retains all right, title, and interest in and to Customer Data. Provider acquires no rights to Customer Data except as expressly set forth herein.

4.2 License to Customer Data. Customer grants Provider a limited, non-exclusive license to use, process, and display Customer Data solely as necessary to provide the Services and perform its obligations under this Agreement.

4.3 Data Processing.

(a) Provider shall process Customer Data only in accordance with Customer's documented instructions as set forth in this Agreement, the applicable Order Form, and the Data Processing Addendum attached as Exhibit C.

(b) Provider shall not process Customer Data for any purpose other than providing the Services, unless required by applicable law.

(c) Provider shall not sell Customer Data or use it for targeted advertising or profiling.

4.4 Maryland Data Privacy Compliance.

(a) MODPA Compliance. To the extent Provider processes Personal Data on behalf of Customer as a Processor under MODPA:

(i) Provider shall process Personal Data only on Customer's documented instructions;

(ii) Provider shall assist Customer with consumer rights requests (access, deletion, correction, portability) within applicable timeframes;

(iii) Provider shall provide information necessary for Customer to conduct data protection assessments; and

(iv) Provider shall not combine Customer's Personal Data with Personal Data received from other controllers without Customer's consent.

(b) Maryland Personal Information Protection Act. Provider shall comply with the breach notification requirements of Md. Code Com. Law §§ 14-3501 et seq., including notification within forty-five (45) days of a Security Incident involving Personal Data.

4.5 Data Localization. Customer Data shall be stored in the United States unless otherwise agreed in writing. Provider shall notify Customer before any transfer of Customer Data outside the United States and implement appropriate safeguards.

4.6 Subprocessors.

(a) Customer authorizes Provider to engage subprocessors to process Customer Data, subject to the requirements of this Section.

(b) Provider shall maintain a list of subprocessors at [URL] and notify Customer of any additions or changes at least [thirty (30)] days in advance.

(c) Customer may object to a new subprocessor on reasonable grounds. If Provider proceeds despite the objection, Customer may terminate the affected Services without penalty.

(d) Provider shall ensure subprocessors are bound by obligations no less protective than those in this Agreement.

4.7 Data Return and Deletion.

(a) Upon termination or expiration of this Agreement, Provider shall, at Customer's election:

(i) Return Customer Data in a standard, machine-readable format; or

(ii) Delete Customer Data from Provider's systems.

(b) Customer shall make its election within [thirty (30)] days of termination. Provider shall complete return or deletion within [sixty (60)] days thereafter.

(c) Provider may retain Customer Data as required by applicable law, subject to continued confidentiality obligations.

5. SECURITY

5.1 Security Program. Provider shall maintain a comprehensive information security program that includes administrative, technical, and physical safeguards designed to:

(a) Protect the security, confidentiality, and integrity of Customer Data;

(b) Protect against anticipated threats or hazards to the security of Customer Data;

(c) Protect against unauthorized access to or use of Customer Data; and

(d) Ensure proper disposal of Customer Data.

5.2 Security Measures. Provider shall implement and maintain security measures including, at a minimum:

(a) Encryption of Customer Data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent);

(b) Access controls with role-based permissions and multi-factor authentication for administrative access;

(c) Logging and monitoring of access to Customer Data;

(d) Vulnerability management, including regular scanning and timely patching;

(e) Secure software development lifecycle practices;

(f) Business continuity and disaster recovery capabilities; and

(g) Employee security training and background checks.

5.3 Certifications. Provider shall maintain, at a minimum:

☐ SOC 2 Type II certification; and/or

☐ ISO 27001 certification.

Provider shall provide copies of current certification reports or attestations upon Customer's reasonable request.

5.4 Security Incidents.

(a) Provider shall notify Customer of any Security Incident without undue delay and in no event later than [forty-eight (48)] hours after confirmation.

(b) Notice shall include:

(i) Description of the nature and scope of the incident;

(ii) Categories and approximate number of records affected;

(iii) Likely consequences;

(iv) Measures taken or proposed to address the incident; and

(v) Contact information for further inquiries.

(c) Provider shall cooperate with Customer's investigation and remediation efforts.

(d) Provider shall not notify affected individuals, regulators, or third parties without Customer's prior written consent, except as required by law.

5.5 Audits.

(a) Upon reasonable request and not more than once per year (unless a Security Incident has occurred), Customer may audit Provider's security practices by:

(i) Reviewing current SOC 2 or ISO 27001 reports;

(ii) Submitting written security questionnaires; and/or

(iii) Conducting an on-site audit upon sixty (60) days' notice, subject to confidentiality and Provider's reasonable security policies.

(b) Audit costs shall be borne by Customer unless the audit reveals a material non-compliance.

6. SERVICE LEVELS

6.1 Availability. Provider shall use commercially reasonable efforts to make the Services available [99.9% / 99.5%] of the time during each calendar month, excluding scheduled maintenance (the "Uptime Commitment").

6.2 Scheduled Maintenance. Provider shall provide at least [seventy-two (72)] hours' advance notice of scheduled maintenance that may affect availability. Provider shall use reasonable efforts to schedule maintenance during off-peak hours.

6.3 Service Credits.

(a) If Provider fails to meet the Uptime Commitment in any calendar month, Customer shall be entitled to service credits as set forth in the SLA (Exhibit B).

(b) Service credits are Customer's sole and exclusive remedy for failure to meet the Uptime Commitment.

(c) Customer must request service credits within [thirty (30)] days of the month in which the downtime occurred.

6.4 Support. Provider shall provide technical support in accordance with the support terms set forth in Exhibit B, including:

(a) Support channels (email, phone, portal);

(b) Response times by severity level;

(c) Support hours and escalation procedures.

7. FEES AND PAYMENT

7.1 Fees. Customer shall pay the Fees set forth in the applicable Order Form. Unless otherwise specified:

(a) Fees are quoted and payable in U.S. Dollars;

(b) Subscription Fees are invoiced annually in advance; and

(c) Professional Services Fees are invoiced upon completion of milestones or monthly in arrears, as specified in the SOW.

7.2 Payment Terms. Customer shall pay all undisputed invoices within [thirty (30)] days of the invoice date.

7.3 Late Payments.

(a) Past-due amounts shall accrue interest at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by Maryland law (Md. Code Com. Law § 12-102).

(b) Provider may suspend access to the Services upon [fifteen (15)] days' written notice if undisputed Fees remain unpaid more than [thirty (30)] days past due.

7.4 Taxes. Fees do not include taxes. Customer shall pay all applicable sales, use, VAT, and similar taxes, excluding taxes based on Provider's net income. If Customer is required to withhold taxes, Customer shall gross up the payment so Provider receives the full amount.

7.5 Fee Increases. Provider may increase Fees for renewal Subscription Terms upon at least [sixty (60)] days' prior written notice before the end of the then-current term.

7.6 Disputed Invoices. If Customer disputes any invoice in good faith, Customer shall pay the undisputed portion and provide written notice of the dispute within [fifteen (15)] days of invoice receipt. The Parties shall work in good faith to resolve the dispute.

8. TERM AND TERMINATION

8.1 Term. This Agreement commences on the Effective Date and continues until all Subscription Terms have expired or this Agreement is terminated.

8.2 Subscription Term. Each Subscription Term is specified in the applicable Order Form. Unless otherwise stated, Subscription Terms automatically renew for successive periods equal to the initial term, unless either Party provides written notice of non-renewal at least [sixty (60)] days before the end of the then-current term.

8.3 Termination for Cause. Either Party may terminate this Agreement or any Order Form if:

(a) The other Party materially breaches this Agreement and fails to cure within [thirty (30)] days of written notice (or [ten (10)] days for payment breaches); or

(b) The other Party becomes insolvent, files for bankruptcy, or has a receiver appointed.

8.4 Termination for Convenience. Either Party may terminate this Agreement for convenience upon [ninety (90)] days' prior written notice; provided, however, that Customer shall remain obligated to pay all Fees through the end of the then-current Subscription Term.

8.5 Effect of Termination.

(a) Upon termination or expiration:

(i) Customer's right to access the Services terminates immediately (or at the end of any wind-down period);

(ii) Customer shall pay all outstanding Fees through the termination date;

(iii) Each Party shall return or destroy the other Party's Confidential Information; and

(iv) Provider shall handle Customer Data in accordance with Section 4.7.

(b) The following Sections survive termination: 2 (Definitions), 4 (Customer Data), 10 (Limitation of Liability), 11 (Indemnification), 12 (Confidentiality), 13 (Intellectual Property), 14 (Dispute Resolution), and 15 (General Provisions).

8.6 Refunds. If Customer terminates for Provider's uncured material breach, Customer shall be entitled to a prorated refund of prepaid Fees for the unused portion of the Subscription Term. If Provider terminates for Customer's uncured material breach, no refund is due.

9. REPRESENTATIONS AND WARRANTIES

9.1 Mutual Representations. Each Party represents and warrants that:

(a) It is duly organized, validly existing, and in good standing;

(b) It has full power and authority to enter into and perform this Agreement;

(c) The execution and performance of this Agreement do not violate any other agreement to which it is bound; and

(d) This Agreement constitutes a valid and binding obligation enforceable against it.

9.2 Provider Representations. Provider represents and warrants that:

(a) The Services will perform materially in accordance with the Documentation during the Subscription Term;

(b) Provider will provide the Services in a professional and workmanlike manner consistent with industry standards;

(c) The Services will comply with applicable laws, including Maryland law;

(d) Provider has implemented and will maintain commercially reasonable security measures as described in Section 5; and

(e) To Provider's knowledge, the Services do not infringe any third party's intellectual property rights.

9.3 Customer Representations. Customer represents and warrants that:

(a) Customer has the right to provide Customer Data to Provider and to grant the licenses set forth herein;

(b) Customer Data does not violate any third party's rights; and

(c) Customer will use the Services in compliance with applicable laws.

9.4 Warranty Remedies. If Provider breaches the warranty in Section 9.2(a), Provider shall, at its option:

(a) Repair or replace the non-conforming Services; or

(b) If repair or replacement is not commercially reasonable, refund prepaid Fees for the non-conforming Services.

9.5 DISCLAIMER. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, PROVIDER MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, OR NON-INFRINGEMENT. PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE.

10. LIMITATION OF LIABILITY

10.1 Exclusion of Consequential Damages. EXCEPT FOR LIABILITY ARISING FROM A PARTY'S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, BREACH OF CONFIDENTIALITY OBLIGATIONS, INDEMNIFICATION OBLIGATIONS, OR PROVIDER'S BREACH OF SECTION 4 (CUSTOMER DATA), NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.2 Cap on Liability. EXCEPT FOR LIABILITY ARISING FROM A PARTY'S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, BREACH OF CONFIDENTIALITY OBLIGATIONS, INDEMNIFICATION OBLIGATIONS, OR PROVIDER'S BREACH OF SECTION 4 (CUSTOMER DATA), EACH PARTY'S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED:

☐ Option A: The total Fees paid or payable by Customer in the twelve (12) months preceding the claim.

☐ Option B: The total Fees paid or payable by Customer in the twenty-four (24) months preceding the claim.

☐ Option C: [SPECIFIC DOLLAR AMOUNT].

10.3 Super Cap. Notwithstanding Section 10.2, for claims arising from Provider's breach of Section 4 (Customer Data) or Section 5 (Security), Provider's total aggregate liability shall not exceed [two (2) / three (3)] times the cap set forth in Section 10.2.

10.4 Essential Basis. The limitations in this Section 10 reflect the allocation of risk between the Parties and are an essential basis of the bargain.

11. INDEMNIFICATION

11.1 Provider Indemnification. Provider shall defend, indemnify, and hold harmless Customer, its Affiliates, and their respective officers, directors, employees, and agents (collectively, "Customer Indemnitees") from and against any third-party claim, suit, or proceeding alleging that the Services, as provided by Provider and used in accordance with this Agreement, infringe or misappropriate such third party's intellectual property rights ("IP Claim"), and shall pay any damages, costs, and attorneys' fees finally awarded against Customer Indemnitees or agreed to in a Provider-approved settlement.

11.2 IP Claim Remedies. If an IP Claim is made or appears likely, Provider may, at its option and expense:

(a) Procure the right for Customer to continue using the Services;

(b) Modify the Services to be non-infringing without material loss of functionality; or

(c) If (a) and (b) are not commercially reasonable, terminate the affected Services and refund prepaid Fees for the unused Subscription Term.

11.3 Exclusions. Provider has no obligation under Section 11.1 to the extent the IP Claim arises from:

(a) Customer Data or Customer-provided materials;

(b) Modification of the Services by anyone other than Provider;

(c) Combination of the Services with non-Provider products or services; or

(d) Use of the Services in violation of this Agreement.

11.4 Customer Indemnification. Customer shall defend, indemnify, and hold harmless Provider, its Affiliates, and their respective officers, directors, employees, and agents (collectively, "Provider Indemnitees") from and against any third-party claim, suit, or proceeding arising from:

(a) Customer Data, including claims that Customer Data infringes third-party rights;

(b) Customer's breach of this Agreement; or

(c) Customer's violation of applicable law.

11.5 Indemnification Procedure. The indemnifying Party's obligations are conditioned on:

(a) Prompt written notice of the claim (provided that failure to provide prompt notice does not relieve the indemnifying Party except to the extent prejudiced);

(b) Sole control of the defense and settlement (provided that no settlement may impose liability on the indemnified Party without its consent); and

(c) Reasonable cooperation from the indemnified Party.

12. CONFIDENTIALITY

12.1 Confidentiality Obligations. Each Party shall:

(a) Hold the other Party's Confidential Information in strict confidence;

(b) Use Confidential Information solely for purposes of this Agreement;

(c) Protect Confidential Information using at least the same degree of care it uses for its own confidential information, and no less than reasonable care; and

(d) Limit disclosure to employees, contractors, and advisors with a need to know who are bound by confidentiality obligations.

12.2 Exclusions. Confidential Information does not include information that:

(a) Is or becomes publicly available without breach;

(b) Was rightfully in the receiving Party's possession without restriction before disclosure;

(c) Is independently developed without use of Confidential Information; or

(d) Is rightfully obtained from a third party without restriction.

12.3 Compelled Disclosure. If a Party is compelled by law or court order to disclose Confidential Information, it shall provide prompt notice to the other Party (to the extent legally permitted) and cooperate in seeking protective measures.

12.4 Maryland Uniform Trade Secrets Act. The Parties acknowledge that certain Confidential Information may constitute trade secrets under the Maryland Uniform Trade Secrets Act (Md. Code Com. Law § 11-1201 et seq.), and such information shall be protected accordingly.

12.5 Return or Destruction. Upon termination or request, each Party shall return or destroy the other Party's Confidential Information, except for archival copies retained in accordance with legal or compliance requirements.

13. INTELLECTUAL PROPERTY

13.1 Provider IP. Provider retains all right, title, and interest in and to the Services, Documentation, and any improvements, modifications, or derivative works thereof, including all intellectual property rights therein. No rights are granted except as expressly set forth in this Agreement.

13.2 Customer IP. Customer retains all right, title, and interest in and to Customer Data and any pre-existing intellectual property of Customer.

13.3 Feedback. If Customer provides suggestions, ideas, or feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or obligation to Customer.

13.4 Aggregated Data. Provider may collect and use aggregated, anonymized, or de-identified data derived from Customer's use of the Services for product improvement, benchmarking, and analytics, provided such data does not identify Customer or any individual.

14. DISPUTE RESOLUTION

14.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Maryland, without regard to its conflict-of-laws principles.

14.2 Forum Selection. Subject to Section 14.3, each Party irrevocably submits to the exclusive jurisdiction of the state and federal courts located in [Baltimore City / Montgomery County], Maryland, and waives any objection to venue or forum non conveniens.

14.3 Arbitration (Optional).

☐ If initialed by both Parties, disputes shall be resolved by arbitration:

Except for actions seeking injunctive relief, any dispute arising out of or relating to this Agreement shall be finally resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator in [Baltimore / Rockville], Maryland. The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court having jurisdiction.

Provider Initials: ______ Customer Initials: ______

14.4 Jury Waiver. TO THE FULLEST EXTENT PERMITTED BY MARYLAND LAW, EACH PARTY HEREBY KNOWINGLY, VOLUNTARILY, AND IRREVOCABLY WAIVES ANY RIGHT TO A TRIAL BY JURY IN ANY CIVIL ACTION OR PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT.

14.5 Injunctive Relief. Nothing in this Section 14 limits either Party's right to seek temporary, preliminary, or permanent injunctive relief to protect its intellectual property or Confidential Information.

14.6 Attorneys' Fees. In any action to enforce this Agreement, the prevailing Party shall be entitled to recover reasonable attorneys' fees and costs.

15. GENERAL PROVISIONS

15.1 Entire Agreement. This Agreement, including all Order Forms, Exhibits, and SOWs, constitutes the entire agreement between the Parties and supersedes all prior or contemporaneous agreements, proposals, or representations. Conflicting terms in Customer's purchase orders or other documents are rejected and have no effect.

15.2 Order of Precedence. In case of conflict, documents shall control in the following order: (1) the Data Processing Addendum (Exhibit C); (2) Order Forms; (3) this Agreement; (4) Exhibits (other than Exhibit C); (5) SOWs.

15.3 Amendment. This Agreement may be amended only by a written instrument signed by authorized representatives of both Parties.

15.4 Waiver. No waiver of any breach is deemed a waiver of any other breach. No waiver is effective unless in writing and signed by the waiving Party.

15.5 Assignment. Neither Party may assign this Agreement without the other Party's prior written consent, except that either Party may assign to a successor in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee agrees to be bound by this Agreement. Any prohibited assignment is void.

15.6 Subcontracting. Provider may subcontract performance of Services, subject to Section 4.6 regarding subprocessors. Provider remains responsible for subcontractors' performance.

15.7 Severability. If any provision is held invalid or unenforceable, the remaining provisions remain in full force. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable.

15.8 Notices. All notices under this Agreement shall be in writing and deemed given upon:

(a) Personal delivery;

(b) One (1) business day after deposit with a nationally recognized overnight courier;

(c) Three (3) business days after mailing by certified mail, return receipt requested; or

(d) Upon confirmed receipt of email (for routine operational notices only).

Notices shall be sent to the addresses set forth in Section 1.1 or such other address as a Party may designate.

15.9 Independent Contractors. The Parties are independent contractors. Nothing in this Agreement creates an agency, partnership, joint venture, or employment relationship.

15.10 No Third-Party Beneficiaries. This Agreement is for the sole benefit of the Parties and their permitted successors and assigns. No third party has any rights hereunder.

15.11 Force Majeure. Neither Party shall be liable for failure to perform (other than payment obligations) due to causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, labor disputes, government action, or utility failures, provided the affected Party uses reasonable efforts to mitigate and resume performance.

15.12 Publicity. Neither Party may use the other Party's name, logo, or trademarks without prior written consent, except that Provider may include Customer in its customer list and marketing materials with Customer's consent.

15.13 Export Compliance. Customer shall comply with all applicable export control and sanctions laws in connection with use of the Services.

15.14 Electronic Signatures. This Agreement may be executed in counterparts, including electronic counterparts. Signatures delivered by PDF or electronic signature platform (e.g., DocuSign) are deemed originals. Electronic signatures are valid pursuant to the Maryland Uniform Electronic Transactions Act (Md. Code Com. Law § 21-101 et seq.).

15.15 Headings. Headings are for convenience only and do not affect interpretation.

15.16 Construction. This Agreement shall be construed without regard to any presumption against the drafting Party.

16. EXECUTION BLOCK

IN WITNESS WHEREOF, the Parties have executed this Enterprise Software as a Service Agreement as of the Effective Date.

☐ Provider has reviewed and agrees to the terms

☐ Customer has reviewed and agrees to the terms

17. EXHIBITS

The following Exhibits are incorporated into and made a part of this Agreement:

• Exhibit A – Order Form
• Exhibit B – Service Level Agreement (SLA)
• Exhibit C – Data Processing Addendum (DPA)
• Exhibit D – Security Measures
• Exhibit E – Acceptable Use Policy (if applicable)

EXHIBIT A – ORDER FORM

Order Form No.: [NUMBER]
Order Date: [DATE]

Services:
| Description | Quantity | Unit Price | Total |
|-------------|----------|------------|-------|
| [SERVICE 1] | [QTY] | $[PRICE] | $[TOTAL] |
| [SERVICE 2] | [QTY] | $[PRICE] | $[TOTAL] |

Subscription Term: [START DATE] through [END DATE]

Total Fees: $[AMOUNT] (payable [annually in advance / quarterly / monthly])

Special Terms: [IF ANY]

PROVIDER: __________________________ Date: __________

CUSTOMER: __________________________ Date: __________

EXHIBIT B – SERVICE LEVEL AGREEMENT

1. Uptime Commitment: Provider commits to [99.9% / 99.5%] availability per calendar month.

2. Calculation: Uptime % = ((Total Minutes - Downtime Minutes) / Total Minutes) x 100

3. Exclusions: Scheduled maintenance, Customer-caused issues, force majeure events, and third-party failures.

4. Service Credits:

5. Credit Cap: Maximum credits per month: [25%] of monthly Fees.

6. Support Response Times:

EXHIBIT C – DATA PROCESSING ADDENDUM

This Exhibit is incorporated by reference. Attach separate DPA document.

EXHIBIT D – SECURITY MEASURES

Provider maintains the following security measures:

1. Administrative Controls: Security policies, employee training, background checks, access management

2. Technical Controls: Encryption (TLS 1.2+, AES-256), MFA, intrusion detection, vulnerability scanning, penetration testing, secure SDLC

3. Physical Controls: Data center security, access controls, environmental protections

4. Certifications: SOC 2 Type II / ISO 27001 (as applicable)

5. Business Continuity: Disaster recovery, data backup, incident response plan