Enterprise Software as a Service Agreement - Maine

ENTERPRISE SOFTWARE AS A SERVICE AGREEMENT

STATE OF MAINE

AGREEMENT INFORMATION

PARTIES TO THIS AGREEMENT

PROVIDER:

CUSTOMER:

RECITALS

WHEREAS, Provider is engaged in the business of providing cloud-based software as a service solutions and related professional services;

WHEREAS, Customer desires to obtain access to and use of Provider's software platform and services for Customer's enterprise business operations;

WHEREAS, the parties wish to establish the terms and conditions under which Provider will make its services available to Customer;

WHEREAS, the parties intend that this Agreement shall be governed by the laws of the State of Maine, including Maine's strong consumer protection and data privacy statutes;

NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

ARTICLE 1: DEFINITIONS

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.

1.2 "Authorized Users" means Customer's employees, contractors, consultants, and agents who are authorized by Customer to access and use the Services under the rights granted pursuant to this Agreement.

1.3 "Confidential Information" means all non-public information disclosed by one party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.

1.4 "Customer Data" means all electronic data, information, content, records, and files that Customer or Authorized Users upload, submit, store, transmit, or process through the Services.

1.5 "Documentation" means Provider's standard user guides, online help files, technical specifications, and other documentation related to the Services as updated from time to time.

1.6 "Downtime" means any period during which the Services are unavailable or materially impaired, excluding Scheduled Maintenance and Excused Downtime.

1.7 "Effective Date" means the date first written above or the date both parties have executed this Agreement, whichever is later.

1.8 "Excused Downtime" means unavailability caused by: (a) Customer's acts or omissions; (b) failures of Customer's equipment, software, or network connections; (c) third-party services outside Provider's control; (d) force majeure events; or (e) suspension pursuant to Section 6.4.

1.9 "Fees" means all amounts payable by Customer to Provider as set forth in this Agreement and any applicable Order Form.

1.10 "Initial Term" means the initial subscription period specified in the Order Form.

1.11 "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets, and other intellectual property rights recognized under the laws of any jurisdiction worldwide.

1.12 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, adware, or other harmful or malicious code, files, scripts, agents, or programs.

1.13 "Monthly Uptime Percentage" means the total minutes in a calendar month minus minutes of Downtime, divided by total minutes in the month, expressed as a percentage.

1.14 "Order Form" means an ordering document specifying the Services, subscription levels, Fees, and other commercial terms, executed by both parties and incorporated herein.

1.15 "Personal Information" means an individual's first name, or first initial, and last name in combination with any one or more of the following data elements, when the data elements are not encrypted or redacted: (a) Social Security number; (b) driver's license number or state identification card number; (c) account number, credit card number, or debit card number, if circumstances exist in which the number could be used without additional identifying information, access codes, or passwords; (d) account passwords or personal identification numbers or other access codes; (e) any of the data elements in (a)-(d) when not in connection with the individual's name, if the information compromised would be sufficient to permit a person to fraudulently assume or attempt to assume the identity of the person whose information was compromised, as defined in 10 M.R.S. § 1347.

1.16 "Professional Services" means implementation, configuration, customization, training, integration, and consulting services provided by Provider as specified in an Order Form or Statement of Work.

1.17 "Renewal Term" means each successive subscription period following the Initial Term.

1.18 "Scheduled Maintenance" means planned maintenance of the Services performed during designated maintenance windows with advance notice to Customer.

1.19 "Security Incident" means any unauthorized access to, acquisition of, or disclosure of Customer Data, or any breach or potential breach of Provider's security measures.

1.20 "Services" means Provider's proprietary cloud-based software platform and related services described in the applicable Order Form, including all updates, enhancements, and new features made generally available.

1.21 "Service Level Agreement" or "SLA" means the service level commitments set forth in Article 4.

1.22 "Statement of Work" or "SOW" means a document describing Professional Services, deliverables, timelines, and associated fees.

1.23 "Subscription Term" means collectively the Initial Term and all Renewal Terms.

1.24 "Third-Party Components" means software, data, services, or content provided by third parties that are incorporated into or used in connection with the Services.

1.25 "Trade Secret" has the meaning set forth in 10 M.R.S. § 1542, including information such as formulas, patterns, compilations, programs, devices, methods, techniques, or processes that derive independent economic value from not being generally known and are subject to reasonable secrecy efforts.

1.26 "User Account" means the unique login credentials and account established for each Authorized User.

ARTICLE 2: SUBSCRIPTION AND ACCESS RIGHTS

2.1 Grant of Rights

Subject to Customer's compliance with this Agreement and payment of all Fees, Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to:

(a) Access and use the Services for Customer's internal business operations;

(b) Permit Authorized Users to access and use the Services in accordance with this Agreement;

(c) Access, use, and reproduce the Documentation in connection with permitted use of the Services; and

(d) Store, process, and retrieve Customer Data through the Services.

2.2 Subscription Tiers

Customer's subscription shall be as specified in the Order Form:

☐ Standard Enterprise - Up to [____] Authorized Users
☐ Professional Enterprise - Up to [____] Authorized Users
☐ Premium Enterprise - Up to [____] Authorized Users
☐ Unlimited Enterprise - Unlimited Authorized Users
☐ Custom Configuration - As specified: [________________________________]

2.3 User Account Administration

(a) Customer shall designate at least one (1) administrator to manage User Accounts and access permissions.

(b) Customer is responsible for maintaining the confidentiality of all User Account credentials.

(c) Customer shall promptly notify Provider of any unauthorized access or security breach involving User Accounts.

(d) User Accounts are for designated individuals only and may not be shared among multiple persons.

2.4 Authorized User Categories

☐ Named Users - Identified individuals assigned specific User Accounts
☐ Concurrent Users - Maximum simultaneous users: [____]
☐ Site License - All employees at specified locations
☐ Enterprise-Wide - All employees and authorized contractors
☐ Other: [________________________________]

2.5 Affiliate Usage

☐ Customer's Affiliates are authorized to use the Services under this Agreement
☐ Customer's Affiliates must execute separate Order Forms
☐ Affiliate usage is not permitted

If Affiliate usage is permitted:

(a) Customer shall ensure Affiliate compliance with all Agreement terms;

(b) Customer remains liable for Affiliate acts and omissions;

(c) Affiliate usage counts toward Customer's licensed capacity.

ARTICLE 3: PROFESSIONAL SERVICES AND SUPPORT

3.1 Implementation Services

Provider shall provide the following implementation services:

☐ Standard Implementation

• System configuration and setup
• Data migration assistance (up to [____] GB)
• Basic integration configuration
• Administrator training (up to [____] hours)
• Go-live support

☐ Premium Implementation

• All Standard Implementation services
• Custom workflow configuration
• Advanced integration development
• Extended training program (up to [____] hours)
• Dedicated implementation manager
• Post-go-live optimization review

☐ Custom Implementation - Per attached Statement of Work

Implementation Timeline: [________________________________]

3.2 Support Tiers

Customer's support tier:

☐ Standard Support

• Business hours support: Monday-Friday, 8:00 AM - 6:00 PM Eastern Time
• Email and ticket-based support
• Response time targets per Section 3.3
• Access to online knowledge base
• Quarterly system health checks

☐ Premium Support

• Extended hours support: Monday-Friday, 7:00 AM - 9:00 PM Eastern Time
• Saturday support: 9:00 AM - 5:00 PM Eastern Time
• Email, ticket, and phone support
• Enhanced response time targets
• Designated support representative
• Monthly system health checks
• Priority escalation path

☐ Enterprise Support

• 24/7/365 support coverage
• Dedicated support team
• Direct phone line access
• Fastest response time guarantees
• Named Technical Account Manager
• Weekly system health reviews
• Quarterly business reviews
• Priority feature request consideration

3.3 Response Time Targets

3.4 Training Services

☐ Provider shall provide the following training:

ARTICLE 4: SERVICE LEVEL AGREEMENT

4.1 Uptime Commitment

Provider commits to the following Monthly Uptime Percentage during each calendar month:

☐ 99.5% Monthly Uptime
☐ 99.9% Monthly Uptime
☐ 99.95% Monthly Uptime
☐ 99.99% Monthly Uptime
☐ Other: [____]%

4.2 Uptime Calculation

Monthly Uptime Percentage = ((Total Minutes in Month - Downtime Minutes) / Total Minutes in Month) x 100

4.3 Scheduled Maintenance Windows

(a) Standard Maintenance Window: [________________________________]

(b) Provider shall provide at least [____] hours advance notice for scheduled maintenance.

(c) Provider shall use commercially reasonable efforts to perform maintenance during low-usage periods.

(d) Emergency maintenance may be performed without advance notice when necessary to address critical security issues or prevent imminent harm.

4.4 Service Credits

If Provider fails to meet the Monthly Uptime Percentage commitment, Customer shall be entitled to Service Credits as follows:

4.5 Service Credit Limitations

(a) Service Credits are Customer's sole and exclusive remedy for Provider's failure to meet the SLA.

(b) Service Credits shall not exceed 100% of the monthly Fees for the affected month.

(c) Service Credits are applied against future invoices and are not redeemable for cash.

(d) Customer must request Service Credits within thirty (30) days of the end of the affected month.

4.6 Performance Monitoring

(a) Provider shall maintain real-time monitoring of Services availability.

(b) Provider shall make uptime statistics available to Customer through [________________________________].

(c) Provider shall notify Customer of any material service disruption within [____] minutes of detection.

4.7 Chronic Failure

If Provider fails to meet the Monthly Uptime Percentage commitment for [____] consecutive months or [____] months in any twelve (12) month period, Customer may terminate this Agreement upon thirty (30) days written notice without penalty and receive a pro-rata refund of prepaid Fees.

ARTICLE 5: DATA HANDLING AND SECURITY

5.1 Customer Data Ownership

(a) As between the parties, Customer retains all right, title, and interest in and to Customer Data.

(b) Provider acquires no rights to Customer Data except the limited license to process Customer Data as necessary to provide the Services.

(c) Customer represents that it has all necessary rights to provide Customer Data to Provider for processing.

5.2 Data Processing

Provider shall:

(a) Process Customer Data only as necessary to provide the Services and as instructed by Customer;

(b) Not access, use, or disclose Customer Data except as required for Service delivery, security, or as compelled by law;

(c) Implement reasonable access controls limiting personnel access to Customer Data on a need-to-know basis;

(d) Ensure personnel with access to Customer Data are bound by confidentiality obligations.

5.3 Data Location

☐ Customer Data shall be stored and processed within the United States
☐ Customer Data shall be stored and processed within: [________________________________]
☐ Customer Data may be stored and processed in any Provider data center location
☐ Customer Data location restrictions: [________________________________]

5.4 Information Security Program

Provider shall implement and maintain a comprehensive written information security program including:

(a) Risk Assessment: Regular identification and assessment of reasonably foreseeable internal and external threats to Customer Data security;

(b) Safeguards: Implementation of safeguards to control identified risks, including:

• Encryption of Customer Data in transit and at rest using industry-standard protocols
• Multi-factor authentication for administrative access
• Network security controls including firewalls, intrusion detection, and prevention systems
• Regular vulnerability scanning and penetration testing
• Secure software development practices

(c) Access Controls: Role-based access controls and principle of least privilege;

(d) Employee Training: Regular security awareness training for all personnel with access to Customer Data;

(e) Incident Response: Written incident response plan addressing detection, containment, investigation, and notification procedures;

(f) Business Continuity: Disaster recovery and business continuity procedures.

5.5 Security Certifications and Audits

Provider maintains or shall obtain the following certifications:

☐ SOC 2 Type II
☐ ISO 27001
☐ ISO 27017
☐ ISO 27018
☐ HITRUST CSF
☐ FedRAMP (Authorization Level: [____])
☐ PCI DSS (if processing payment data)
☐ Other: [________________________________]

5.6 Data Breach Notification - Maine Requirements (30-Day Deadline)

CRITICAL: Maine has one of the shortest data breach notification deadlines in the United States -- thirty (30) days.

In the event of a breach of security involving Personal Information of Maine residents as defined in 10 M.R.S. § 1347:

(a) 30-Day Notification Deadline. Provider shall notify Customer no later than thirty (30) days after becoming aware of a breach of security and identifying its scope, consistent with 10 M.R.S. § 1348;

(b) Notifications must be made as expediently as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or with measures necessary to determine the scope of the security breach and restore the reasonable integrity, security, and confidentiality of the data;

(c) Provider shall cooperate with Customer in providing notification to:

• Each affected Maine resident
• The Maine Attorney General (if more than 1,000 persons are to be notified)
• Consumer reporting agencies (if more than 1,000 persons are to be notified)

(d) The notification to affected residents shall include:

• A description of the incident in general terms
• The approximate date of the breach
• The type of Personal Information compromised
• Toll-free telephone numbers and addresses of the major consumer reporting agencies
• Toll-free telephone numbers, addresses, and website addresses for the Federal Trade Commission and the Maine Attorney General

(e) Law Enforcement Delay. If law enforcement determines that notification would impede a criminal investigation, notification must be made within seven (7) business days after law enforcement determines that notification will no longer compromise the investigation;

(f) Provider shall offer credit monitoring to affected individuals for a period of not less than one (1) year when Social Security numbers are compromised;

(g) Provider shall bear the costs of notification and credit monitoring if the breach results from Provider's negligence or failure to comply with this Agreement.

5.7 Subprocessors

(a) Provider may engage subprocessors to assist in providing the Services, provided:

• Subprocessors are bound by data protection obligations no less protective than this Agreement
• Provider remains liable for subprocessor compliance
• Provider maintains an updated list of subprocessors

(b) Provider shall notify Customer of any material changes to subprocessors at least [____] days in advance.

(c) Customer may object to new subprocessors; if Provider proceeds over Customer's objection, Customer may terminate without penalty.

5.8 Data Backup and Recovery

(a) Provider shall perform [________________________________] backups of Customer Data.

(b) Backups shall be retained for [____] days.

(c) Provider shall maintain the capability to restore Customer Data from backup within [____] hours of a request.

(d) Provider shall test backup restoration procedures at least [________________________________].

ARTICLE 6: ACCEPTABLE USE AND RESTRICTIONS

6.1 Acceptable Use Policy

Customer and Authorized Users shall:

(a) Use the Services only for lawful purposes and in compliance with all applicable laws;

(b) Comply with all Documentation and Provider's reasonable usage policies;

(c) Maintain the security and confidentiality of User Account credentials;

(d) Promptly report any suspected security breaches or unauthorized access.

6.2 Prohibited Activities

Customer and Authorized Users shall not:

(a) License, sublicense, sell, resell, rent, lease, transfer, assign, or distribute the Services to third parties;

(b) Modify, copy, or create derivative works based on the Services or Documentation;

(c) Reverse engineer, disassemble, decompile, or otherwise attempt to derive source code from the Services;

(d) Access the Services to build a competitive product or service;

(e) Use the Services to store or transmit Malicious Code;

(f) Interfere with or disrupt the integrity or performance of the Services;

(g) Attempt to gain unauthorized access to the Services or related systems;

(h) Use the Services in violation of any third party's intellectual property or privacy rights;

(i) Exceed licensed usage limits or circumvent usage restrictions;

(j) Remove, alter, or obscure any proprietary notices on the Services.

6.3 Suspension

Provider may suspend Customer's access to the Services:

(a) If Customer's use poses a security threat to Provider or other customers;

(b) If Customer is in material breach of this Agreement and fails to cure within [____] days after notice;

(c) If required by law or governmental authority;

(d) For non-payment of undisputed Fees more than [____] days past due.

ARTICLE 7: FEES AND PAYMENT

7.1 Subscription Fees

Customer shall pay the following subscription Fees:

7.2 Professional Services Fees

7.3 Payment Terms

(a) Invoicing: Provider shall invoice Customer:
☐ In advance for each billing period
☐ Upon execution of this Agreement for the first year
☐ According to payment milestones in the Order Form
☐ Other: [________________________________]

(b) Payment Due: All invoices are due and payable within [____] days of invoice date.

(c) Payment Method:
☐ ACH/Wire Transfer
☐ Credit Card (subject to processing fees of [____]%)
☐ Check
☐ Other: [________________________________]

7.4 Taxes - Maine SaaS Tax Treatment

(a) Maine Sales Tax. SaaS (Software as a Service) is generally not taxable in Maine. Maine imposes a 5.5% sales and use tax on certain tangible personal property and taxable services, but SaaS accessed remotely without download is generally exempt.

(b) Digital Goods. Effective January 1, 2026, Maine expanded its sales tax base to include digital audiovisual and digital audio services (including subscription streaming) at 5.5%. Certain digital goods such as downloadable music, e-books, and video games are taxable. Provider shall determine the correct treatment of each component of the Services.

(c) All Fees are exclusive of taxes unless otherwise stated.

(d) Customer is responsible for all applicable sales, use, and similar taxes.

(e) Customer shall provide valid Maine exemption certificates if applicable.

(f) Provider is responsible for taxes based on Provider's income.

7.5 Late Payment

(a) Late payments shall bear interest at the rate specified in this Agreement, or if no rate is specified, at the rate prescribed by 14 M.R.S. § 1602-B (prejudgment interest: the one-year United States Treasury bill rate, as published by the Federal Reserve Board, plus a base rate, which may not exceed the greater of the rate otherwise allowed by law or 15% per annum).

(b) Customer shall reimburse Provider's reasonable collection costs, including attorneys' fees.

(c) Provider may suspend Services for undisputed amounts more than [____] days past due.

7.6 Fee Disputes

(a) Customer shall notify Provider of any disputed charges within [____] days of invoice date.

(b) Customer shall pay all undisputed amounts by the due date.

(c) The parties shall work in good faith to resolve disputes within [____] days.

(d) Provider shall not suspend Services for amounts subject to a bona fide dispute.

7.7 Price Increases

(a) Fees are fixed for the Initial Term.

(b) Provider may increase Fees for Renewal Terms by providing written notice at least [____] days before the Renewal Term.

(c) Fee increases shall not exceed [____]% annually unless Provider's costs increase substantially.

ARTICLE 8: INTELLECTUAL PROPERTY

8.1 Provider Intellectual Property

(a) Provider retains all right, title, and interest in and to the Services, Documentation, and all related intellectual property, including:

• Software code, architecture, and design
• Algorithms, processes, and methodologies
• User interfaces and user experience designs
• Trade Secrets as defined under 10 M.R.S. § 1542
• All improvements, modifications, and derivative works

(b) No license or right is granted except as expressly set forth herein.

8.2 Customer Intellectual Property

(a) Customer retains all right, title, and interest in and to Customer Data and Customer's pre-existing intellectual property.

(b) Customer grants Provider a limited, non-exclusive license to use Customer Data solely as necessary to provide the Services.

8.3 Feedback

If Customer provides suggestions, ideas, or feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or compensation. Customer hereby assigns to Provider all rights in any Feedback.

8.4 Aggregated Data

(a) Provider may collect and analyze aggregated, anonymized data derived from Customer's use of the Services that does not identify Customer or any individual ("Aggregated Data").

(b) Provider owns all right, title, and interest in Aggregated Data.

8.5 Custom Development

☐ Provider Ownership: Provider owns all custom developments; Customer receives a license to use
☐ Customer Ownership: Customer owns all custom developments
☐ Joint Ownership: Parties jointly own custom developments
☐ As Specified: Ownership determined per individual Statement of Work

ARTICLE 9: CONFIDENTIALITY

9.1 Confidentiality Obligations

Each party agrees to:

(a) Maintain the confidentiality of the other party's Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care;

(b) Not disclose Confidential Information to any third party except as expressly permitted herein;

(c) Use Confidential Information only for purposes of performing obligations or exercising rights under this Agreement;

(d) Limit access to Confidential Information to employees, contractors, and agents with a need to know who are bound by confidentiality obligations.

9.2 Exclusions

Confidential Information does not include information that:

(a) Is or becomes publicly available through no fault of the receiving party;

(b) Was rightfully known to the receiving party without restriction before disclosure;

(c) Is rightfully obtained from a third party without breach of confidentiality;

(d) Is independently developed without use of Confidential Information.

9.3 Trade Secret Protection Under Maine Law

(a) The parties acknowledge that certain Confidential Information may constitute Trade Secrets under the Maine Uniform Trade Secrets Act, 10 M.R.S. §§ 1541 et seq.

(b) Each party agrees to maintain reasonable measures to preserve the secrecy of Trade Secrets.

(c) Misappropriation under the Maine UTSA may give rise to injunctive relief, compensatory damages, and in cases of willful and malicious misappropriation, exemplary damages not exceeding twice the compensatory amount (10 M.R.S. § 1543).

(d) The statute of limitations for misappropriation claims is three (3) years from the date the misappropriation is discovered or should have been discovered (10 M.R.S. § 1545).

9.4 Duration

Confidentiality obligations shall survive termination for a period of [____] years, except that obligations regarding Trade Secrets shall continue for as long as the information qualifies as a Trade Secret.

ARTICLE 10: WARRANTIES

10.1 Provider Warranties

Provider warrants that:

(a) Performance Warranty: The Services will perform materially in accordance with the Documentation during the Subscription Term;

(b) Authority: Provider has full power and authority to enter into this Agreement;

(c) Non-Infringement: To Provider's knowledge, the Services do not infringe any third party's intellectual property rights;

(d) Malicious Code: The Services will not contain Malicious Code introduced by Provider;

(e) Compliance: Provider will comply with all laws applicable to its provision of the Services;

(f) Personnel: Provider's personnel performing Professional Services will have the necessary skills and qualifications;

(g) Security: Provider will maintain the security program described in Article 5.

10.2 Customer Warranties

Customer warrants that:

(a) Customer has full power and authority to enter into this Agreement;

(b) Customer owns or has the right to provide Customer Data to Provider;

(c) Customer Data does not violate third-party rights or applicable law;

(d) Customer will use the Services in compliance with this Agreement and applicable law.

10.3 Warranty Remedies

For breach of Provider's Performance Warranty:

(a) Customer shall notify Provider of any warranty claim within [____] days of discovery;

(b) Provider shall use commercially reasonable efforts to correct the non-conformity;

(c) If Provider cannot correct the non-conformity within [____] days, Customer may terminate the affected Services and receive a pro-rata refund.

10.4 Disclaimer of Warranties

EXCEPT FOR THE EXPRESS WARRANTIES IN THIS ARTICLE, TO THE MAXIMUM EXTENT PERMITTED BY 11 M.R.S. § 2-316:

(a) PROVIDER MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT;

(b) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE;

(c) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL MEET CUSTOMER'S SPECIFIC REQUIREMENTS;

(d) ANY THIRD-PARTY COMPONENTS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.

MAINE UCC NOTE: Pursuant to 11 M.R.S. § 2-316, disclaimers of the implied warranty of merchantability must mention "merchantability" and must be conspicuous in writing. Fitness warranty disclaimers must be in writing and conspicuous.

ARTICLE 11: INDEMNIFICATION

11.1 Provider Indemnification

Provider shall defend, indemnify, and hold harmless Customer from and against any third-party claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

(a) Allegations that the Services infringe any United States patent, copyright, trademark, or misappropriate any trade secret;

(b) Provider's gross negligence or willful misconduct;

(c) Provider's material breach of its data security obligations under Article 5;

(d) Provider's violation of applicable law in its provision of the Services.

11.2 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Provider from and against any third-party claims arising from:

(a) Customer Data, including claims that Customer Data infringes or violates third-party rights;

(b) Customer's breach of the Acceptable Use Policy;

(c) Customer's gross negligence or willful misconduct;

(d) Customer's violation of applicable law in its use of the Services.

11.3 Indemnification Procedures

The indemnified party shall:

(a) Provide prompt written notice of any claim;

(b) Grant the indemnifying party sole control of the defense and settlement;

(c) Provide reasonable cooperation at the indemnifying party's expense;

(d) Not settle any claim without the indemnifying party's prior written consent.

ARTICLE 12: LIMITATION OF LIABILITY

12.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY 11 M.R.S. § 2-719 AND APPLICABLE MAINE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, LOST REVENUES, LOST DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, OR COST OF PROCUREMENT OF SUBSTITUTE SERVICES, ARISING OUT OF OR RELATED TO THIS AGREEMENT.

12.2 Liability Cap

EXCEPT AS PROVIDED IN SECTION 12.3, EACH PARTY'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED:

☐ The total Fees paid or payable by Customer during the twelve (12) months preceding the claim
☐ The total Fees paid or payable by Customer during the twenty-four (24) months preceding the claim
☐ $[________________________________]
☐ Other: [________________________________]

12.3 Exceptions to Limitations

The limitations in Sections 12.1 and 12.2 shall not apply to:

(a) Either party's indemnification obligations under Article 11;

(b) Either party's breach of confidentiality obligations under Article 9;

(c) Customer's payment obligations;

(d) Claims arising from a party's gross negligence or willful misconduct;

(e) Claims arising from Provider's breach of its data security obligations resulting in unauthorized disclosure of Customer Data;

(f) Claims under the Maine Unfair Trade Practices Act (5 M.R.S. §§ 205-A et seq.) to the extent such claims are not subject to contractual limitation.

12.4 Acknowledgment

THE PARTIES ACKNOWLEDGE THAT THE LIMITATIONS OF LIABILITY IN THIS ARTICLE REFLECT A REASONABLE ALLOCATION OF RISK AND ARE A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN.

ARTICLE 13: TERM, RENEWAL, AND TERMINATION

13.1 Initial Term

This Agreement shall commence on the Effective Date and continue for an Initial Term of:

☐ One (1) year
☐ Two (2) years
☐ Three (3) years
☐ Other: [________________________________]

13.2 Renewal

(a) This Agreement shall automatically renew for successive Renewal Terms of [________________________________] unless either party provides written notice of non-renewal at least [____] days before the end of the then-current term.

(b) Customer may terminate at any time for convenience by providing [____] days written notice, subject to payment of:
☐ All Fees through the end of the then-current term
☐ Early termination fee of [________________________________]
☐ No early termination fee

13.3 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if:

(a) The other party materially breaches this Agreement and fails to cure within [____] days after written notice;

(b) The other party becomes insolvent, files for bankruptcy, or makes an assignment for the benefit of creditors;

(c) The other party ceases to conduct business in the normal course.

13.4 Effect of Expiration or Termination

Upon expiration or termination:

(a) All rights and licenses granted to Customer shall immediately terminate;

(b) Customer shall immediately cease all use of the Services;

(c) Customer shall pay all outstanding Fees through the termination date;

(d) Each party shall return or destroy Confidential Information;

(e) Provisions that by their nature should survive shall continue in effect.

ARTICLE 14: DATA PORTABILITY AND TRANSITION SERVICES

14.1 Data Export

During the Subscription Term, Customer may export Customer Data through:

☐ Self-service export functionality
☐ API access for programmatic data retrieval
☐ Provider-assisted export upon request

14.2 Data Export Format

☐ CSV ☐ JSON ☐ XML ☐ Native format ☐ SQL ☐ Other: [________________________________]

14.3 Transition Assistance

Upon expiration or termination, Provider shall provide Customer access to export Customer Data for [____] days and provide reasonable migration assistance at Provider's then-current rates.

14.4 Data Deletion

Upon Customer's written request following the transition period, Provider shall delete all Customer Data from production systems within [____] days and from backups within [____] days or upon normal rotation. Provider shall certify deletion in writing upon request.

ARTICLE 15: INSURANCE REQUIREMENTS

15.1 Required Insurance

Provider shall maintain the following coverages during the Subscription Term:

ARTICLE 16: DISPUTE RESOLUTION

16.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Maine, without regard to its conflict of laws principles.

16.2 Venue and Jurisdiction

The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in:

☐ Cumberland County, Maine (Portland)
☐ Kennebec County, Maine (Augusta)
☐ Penobscot County, Maine (Bangor)
☐ [________________________________] County, Maine

16.3 Dispute Resolution Process

Step 1 - Informal Resolution: Representatives shall attempt to resolve disputes informally within [____] business days.

Step 2 - Executive Escalation: If unresolved, disputes shall be escalated to executives for resolution within [____] business days.

Step 3 - Mediation: If still unresolved, the parties shall participate in mediation before commencing litigation.

☐ Step 4 - Arbitration (Optional): If mediation is unsuccessful, disputes shall be resolved by binding arbitration in [________________________________], Maine.

16.4 Jury Trial Waiver

TO THE FULLEST EXTENT PERMITTED BY MAINE LAW, EACH PARTY HEREBY IRREVOCABLY AND UNCONDITIONALLY WAIVES ITS RIGHT TO A JURY TRIAL IN ANY ACTION ARISING OUT OF OR RELATING TO THIS AGREEMENT. THIS WAIVER IS KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY MADE.

16.5 Injunctive Relief

Either party may seek injunctive or other equitable relief from any court of competent jurisdiction to prevent irreparable harm.

16.6 Prevailing Party

The prevailing party shall be entitled to recover reasonable attorneys' fees and costs.

ARTICLE 17: GENERAL PROVISIONS

17.1 Entire Agreement

This Agreement constitutes the entire agreement between the parties and supersedes all prior agreements.

17.2 Amendments

No amendment shall be effective unless in writing and signed by both parties.

17.3 Order of Precedence

In the event of conflict: (1) Order Forms; (2) Statements of Work; (3) this Agreement; (4) Documentation.

17.4 Assignment

Neither party may assign without the other's prior written consent, except to an Affiliate or in connection with a merger or acquisition.

17.5 Notices

Notices shall be in writing and delivered by certified mail, overnight courier, or email with confirmation.

17.6 Force Majeure

Neither party shall be liable for failure or delay due to causes beyond its reasonable control. If force majeure continues for more than [____] days, either party may terminate.

17.7 Severability

If any provision is held invalid, the remaining provisions continue in effect.

17.8 Independent Contractors

The parties are independent contractors.

17.9 Compliance with Laws

Each party shall comply with all applicable laws, including the Maine Unfair Trade Practices Act (5 M.R.S. §§ 205-A et seq.).

17.10 Electronic Signatures

In accordance with 10 M.R.S. §§ 9401 et seq. (Maine Uniform Electronic Transactions Act), this Agreement may be executed electronically with the same legal effect as original signatures.

17.11 Counterparts

This Agreement may be executed in counterparts.

ARTICLE 18: EXECUTION

PRE-EXECUTION CHECKLIST

Provider Verification:
☐ All Order Forms completed and attached
☐ Pricing confirmed
☐ Service level commitments confirmed
☐ Security certifications current
☐ Insurance certificates available
☐ Data breach notification procedures in place (30-day compliance)
☐ Legal review completed
☐ Authority to sign verified

Customer Verification:
☐ Business requirements documented
☐ Technical and security requirements reviewed
☐ Budget approval obtained
☐ Legal review completed
☐ Authority to sign verified

SIGNATURE PAGE

PROVIDER

[________________________________]

CUSTOMER

[________________________________]

EXHIBIT A: ORDER FORM

Order Form Number: [________________________________]

Order Form Effective Date: [__/__/____]

Services Ordered

Subscription Details

PROVIDER: ___________________________ Date: [__/__/____]

CUSTOMER: ___________________________ Date: [__/__/____]

EXHIBIT B: DATA PROCESSING ADDENDUM

B.1 Scope

This DPA supplements the Agreement with respect to Provider's processing of Personal Information on behalf of Customer.

B.2 Provider Responsibilities

Provider shall process Personal Information only as instructed by Customer, ensure personnel confidentiality, implement security measures, assist with data subject requests, and delete or return data upon termination.

B.3 Subprocessors

Customer authorizes Provider to engage subprocessors listed at: [________________________________]. Provider shall notify Customer of changes [____] days in advance.

EXHIBIT C: SERVICE LEVEL AGREEMENT DETAILS

C.1 Availability Measurement

Provider measures availability using [________________________________].

C.2 Excluded Events

☐ Scheduled maintenance ☐ Emergency maintenance ☐ Customer-caused issues ☐ Third-party failures ☐ Force majeure ☐ Network issues outside Provider's control

C.3 Maintenance Schedule

PRACTITIONER NOTES FOR MAINE

Key Maine-Specific Considerations

1. 30-Day Breach Notification (Shortest in U.S.). Maine's Notice of Risk to Personal Data Act (10 M.R.S. §§ 1346 et seq.) requires notification within 30 days of discovering a breach and identifying its scope. This is one of the shortest notification deadlines in the country. After law enforcement clears notification, only 7 business days are allowed. SaaS providers must have rapid breach detection and response capabilities.

2. SaaS Generally Not Taxable. Maine does not tax SaaS accessed remotely without download. However, effective January 1, 2026, Maine expanded its sales tax base to include digital audiovisual and digital audio services at 5.5%. Providers should carefully classify each component of bundled services.

3. Maine Unfair Trade Practices Act (5 M.R.S. §§ 205-A et seq.). The AG can obtain injunctions, restitution, and civil penalties up to $10,000 per intentional violation. Consumers can bring private actions for equitable relief and damages. Maine courts are guided by FTC and Federal Court interpretations of the FTC Act.

4. Interest Rates. Maine uses a formula-based approach under 14 M.R.S. § 1602-B (prejudgment: T-bill rate + base, capped at 15%) and § 1602-C (post-judgment: contractual rate or T-bill + 6%). Contractual interest rates should be explicitly stated.

5. Trade Secrets. The Maine UTSA (10 M.R.S. §§ 1541 et seq.) provides injunctive relief, compensatory damages, and exemplary damages up to 2x for willful misappropriation. The statute of limitations is 3 years.

6. Statute of Limitations. Written contracts: 6 years (14 M.R.S. § 752). UCC sales: 4 years.

7. Warranty Disclaimers. Under 11 M.R.S. § 2-316, disclaimers must mention "merchantability" (for that warranty) and be conspicuous.

8. Jury Waiver. Maine courts generally enforce jury waivers in commercial contracts between sophisticated parties when the waiver is knowing and voluntary.

9. Consumer Protection. Maine has strong consumer protection laws. The Unfair Trade Practices Act applies broadly and is enforced by both the AG and private parties.

10. Privacy Landscape. While Maine does not have a comprehensive consumer data privacy act comparable to newer state privacy laws, it has enacted targeted privacy protections including the broadband privacy law (35-A M.R.S. § 9301) and continues to consider additional privacy legislation.

This Enterprise Software as a Service Agreement template is designed for use in the State of Maine and incorporates applicable Maine statutory requirements, including Maine's critical 30-day data breach notification deadline. Legal counsel should review this Agreement before execution to ensure compliance with current law and suitability for specific business needs.