Templates Contracts Agreements Enterprise Software as a Service Agreement - Rhode Island
Rhode Island Contracts Agreements
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO

Enterprise Software as a Service Agreement - Rhode Island

Ready to Edit

ENTERPRISE SOFTWARE AS A SERVICE AGREEMENT

STATE OF RHODE ISLAND

AGREEMENT INFORMATION

Field Information
Agreement Date [__/__/____]
Agreement Number [________________________________]
Effective Date [__/__/____]

PARTIES TO THIS AGREEMENT

PROVIDER:

Field Information
Legal Entity Name [________________________________]
State of Formation [________________________________]
Principal Address [________________________________]
City, State, ZIP [________________________________]
Federal Tax ID (EIN) [________________________________]
Primary Contact Name [________________________________]
Contact Email [________________________________]
Contact Phone [________________________________]

CUSTOMER:

Field Information
Legal Entity Name [________________________________]
State of Formation [________________________________]
Principal Address [________________________________]
City, State, ZIP [________________________________]
Federal Tax ID (EIN) [________________________________]
Primary Contact Name [________________________________]
Contact Email [________________________________]
Contact Phone [________________________________]

RECITALS

WHEREAS, Provider is engaged in the business of providing cloud-based software as a service solutions and related professional services;

WHEREAS, Customer desires to obtain access to and use of Provider's software platform and services for Customer's enterprise business operations;

WHEREAS, the parties wish to establish the terms and conditions under which Provider will make its services available to Customer;

WHEREAS, the parties intend that this Agreement comply with all applicable Rhode Island laws, including the Rhode Island Data Transparency and Privacy Protection Act (R.I. Gen. Laws Ch. 6-48.1, effective January 1, 2026), the Identity Theft Protection Act of 2015 (R.I. Gen. Laws Ch. 11-49.3), and the Uniform Trade Secrets Act (R.I. Gen. Laws Ch. 6-41);

WHEREAS, the parties acknowledge Rhode Island's distinctive 12% legal rate of interest and the absence of a cure period under the RIDTPPA;

NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter set forth and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties agree as follows:

ARTICLE 1: DEFINITIONS

1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.

1.2 "Authorized Users" means Customer's employees, contractors, consultants, and agents who are authorized by Customer to access and use the Services under the rights granted pursuant to this Agreement.

1.3 "Confidential Information" means all non-public information disclosed by one party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and circumstances of disclosure.

1.4 "Consumer Data" means personal data of Rhode Island residents as defined under the RIDTPPA, including information linked or reasonably linkable to an identified or identifiable natural person, excluding de-identified data and publicly available information.

1.5 "Customer Data" means all electronic data, information, content, records, and files that Customer or Authorized Users upload, submit, store, transmit, or process through the Services.

1.6 "Documentation" means Provider's standard user guides, online help files, technical specifications, and other documentation related to the Services as updated from time to time.

1.7 "Downtime" means any period during which the Services are unavailable or materially impaired, excluding Scheduled Maintenance and Excused Downtime.

1.8 "Effective Date" means the date first written above or the date both parties have executed this Agreement, whichever is later.

1.9 "Excused Downtime" means unavailability caused by: (a) Customer's acts or omissions; (b) failures of Customer's equipment, software, or network connections; (c) third-party services outside Provider's control; (d) force majeure events; or (e) suspension pursuant to Section 6.4.

1.10 "Fees" means all amounts payable by Customer to Provider as set forth in this Agreement and any applicable Order Form.

1.11 "Initial Term" means the initial subscription period specified in the Order Form.

1.12 "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets, and other intellectual property rights recognized under the laws of any jurisdiction worldwide.

1.13 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, adware, or other harmful or malicious code, files, scripts, agents, or programs.

1.14 "Monthly Uptime Percentage" means the total minutes in a calendar month minus minutes of Downtime, divided by total minutes in the month, expressed as a percentage.

1.15 "Order Form" means an ordering document specifying the Services, subscription levels, Fees, and other commercial terms, executed by both parties and incorporated herein.

1.16 "Personal Information" means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with a particular individual, including as defined in R.I. Gen. Laws § 11-49.3-3(a).

1.17 "Professional Services" means implementation, configuration, customization, training, integration, and consulting services provided by Provider as specified in an Order Form or Statement of Work.

1.18 "Renewal Term" means each successive subscription period following the Initial Term.

1.19 "RIDTPPA" means the Rhode Island Data Transparency and Privacy Protection Act, R.I. Gen. Laws Ch. 6-48.1, effective January 1, 2026, which imposes consumer data privacy obligations on covered businesses with NO right-to-cure period before enforcement.

1.20 "Scheduled Maintenance" means planned maintenance of the Services performed during designated maintenance windows with advance notice to Customer.

1.21 "Security Breach" means any unauthorized access to, acquisition of, or disclosure of Customer Data, or any breach of security as defined in R.I. Gen. Laws § 11-49.3-3(a).

1.22 "Services" means Provider's proprietary cloud-based software platform and related services described in the applicable Order Form, including all updates, enhancements, and new features made generally available.

1.23 "Service Level Agreement" or "SLA" means the service level commitments set forth in Article 4.

1.24 "Statement of Work" or "SOW" means a document describing Professional Services, deliverables, timelines, and associated fees.

1.25 "Subscription Term" means collectively the Initial Term and all Renewal Terms.

1.26 "Third-Party Components" means software, data, services, or content provided by third parties that are incorporated into or used in connection with the Services.

1.27 "Trade Secret" has the meaning set forth in R.I. Gen. Laws § 6-41-1(4), including information that derives independent economic value from not being generally known and is the subject of reasonable efforts to maintain its secrecy.

1.28 "User Account" means the unique login credentials and account established for each Authorized User.

1.29 "Sealed Instrument" means a written instrument executed under seal, which under R.I. Gen. Laws § 9-1-13 is subject to a twenty (20) year statute of limitations.

1.30 "Controller" and "Processor" have the meanings set forth in the RIDTPPA, where Controller means the entity that determines the purposes and means of processing Consumer Data, and Processor means the entity that processes Consumer Data on behalf of a Controller.

ARTICLE 2: SUBSCRIPTION AND ACCESS RIGHTS

2.1 Grant of Rights

Subject to Customer's compliance with this Agreement and payment of all Fees, Provider hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to:

(a) Access and use the Services for Customer's internal business operations;

(b) Permit Authorized Users to access and use the Services in accordance with this Agreement;

(c) Access, use, and reproduce the Documentation in connection with permitted use of the Services; and

(d) Store, process, and retrieve Customer Data through the Services.

2.2 Subscription Tiers

Customer's subscription shall be as specified in the Order Form:

Standard Enterprise - Up to [____] Authorized Users
Professional Enterprise - Up to [____] Authorized Users
Premium Enterprise - Up to [____] Authorized Users
Unlimited Enterprise - Unlimited Authorized Users
Custom Configuration - As specified: [________________________________]

2.3 User Account Administration

(a) Customer shall designate at least one (1) administrator to manage User Accounts and access permissions.

(b) Customer is responsible for maintaining the confidentiality of all User Account credentials.

(c) Customer shall promptly notify Provider of any unauthorized access or security breach involving User Accounts.

(d) User Accounts are for designated individuals only and may not be shared among multiple persons.

2.4 Authorized User Categories

☐ Named Users - Identified individuals assigned specific User Accounts
☐ Concurrent Users - Maximum simultaneous users: [____]
☐ Site License - All employees at specified locations
☐ Enterprise-Wide - All employees and authorized contractors
☐ Other: [________________________________]

2.5 Affiliate Usage

☐ Customer's Affiliates are authorized to use the Services under this Agreement
☐ Customer's Affiliates must execute separate Order Forms
☐ Affiliate usage is not permitted

If Affiliate usage is permitted:

(a) Customer shall ensure Affiliate compliance with all Agreement terms;

(b) Customer remains liable for Affiliate acts and omissions;

(c) Affiliate usage counts toward Customer's licensed capacity.

ARTICLE 3: PROFESSIONAL SERVICES AND SUPPORT

3.1 Implementation Services

Provider shall provide the following implementation services:

Standard Implementation

  • System configuration and setup
  • Data migration assistance (up to [____] GB)
  • Basic integration configuration
  • Administrator training (up to [____] hours)
  • Go-live support

Premium Implementation

  • All Standard Implementation services
  • Custom workflow configuration
  • Advanced integration development
  • Extended training program (up to [____] hours)
  • Dedicated implementation manager
  • Post-go-live optimization review

Custom Implementation - Per attached Statement of Work

Implementation Timeline: [________________________________]

3.2 Support Tiers

Customer's support tier:

Standard Support

  • Business hours support: Monday-Friday, 8:00 AM - 6:00 PM Eastern Time
  • Email and ticket-based support
  • Response time targets per Section 3.3
  • Access to online knowledge base
  • Quarterly system health checks

Premium Support

  • Extended hours support: Monday-Friday, 7:00 AM - 9:00 PM Eastern Time
  • Saturday support: 9:00 AM - 5:00 PM Eastern Time
  • Email, ticket, and phone support
  • Enhanced response time targets
  • Designated support representative
  • Monthly system health checks
  • Priority escalation path

Enterprise Support

  • 24/7/365 support coverage
  • Dedicated support team
  • Direct phone line access
  • Fastest response time guarantees
  • Named Technical Account Manager
  • Weekly system health reviews
  • Quarterly business reviews
  • Priority feature request consideration

3.3 Response Time Targets

Severity Level Description Standard Support Premium Support Enterprise Support
Critical (S1) Complete system outage; all users affected 4 hours 2 hours 30 minutes
High (S2) Major functionality impaired; significant user impact 8 hours 4 hours 1 hour
Medium (S3) Partial functionality affected; workaround available 24 hours 12 hours 4 hours
Low (S4) Minor issues; questions; enhancement requests 72 hours 48 hours 24 hours

3.4 Severity Level Definitions

Critical (Severity 1): The Services are completely unavailable or a critical business function is totally inoperable with no workaround available, resulting in severe business impact.

High (Severity 2): A major feature is significantly degraded or unavailable, impacting a substantial number of users, with limited or difficult workaround.

Medium (Severity 3): A feature is not functioning as documented, but a reasonable workaround exists, or the issue affects a limited number of users.

Low (Severity 4): Minor issues, cosmetic defects, documentation questions, or feature enhancement requests with minimal business impact.

3.5 Support Exclusions

Provider support obligations do not extend to issues arising from:

(a) Customer's misuse of the Services or failure to follow Documentation;

(b) Modifications made by Customer without Provider's authorization;

(c) Third-party software, hardware, or services not provided by Provider;

(d) Customer's failure to implement recommended updates or fixes;

(e) Use of the Services in excess of licensed capacity or scope.

3.6 Training Services

☐ Provider shall provide the following training:

Training Type Format Duration Participants
Administrator Training [________________________________] [____] hours [____]
End User Training [________________________________] [____] hours [____]
Advanced Feature Training [________________________________] [____] hours [____]
Custom Training [________________________________] [____] hours [____]

ARTICLE 4: SERVICE LEVEL AGREEMENT

4.1 Uptime Commitment

Provider commits to the following Monthly Uptime Percentage during each calendar month:

☐ 99.5% Monthly Uptime
☐ 99.9% Monthly Uptime
☐ 99.95% Monthly Uptime
☐ 99.99% Monthly Uptime
☐ Other: [____]%

4.2 Uptime Calculation

Monthly Uptime Percentage = ((Total Minutes in Month - Downtime Minutes) / Total Minutes in Month) x 100

Downtime is measured from when Provider confirms a system-wide outage or when automated monitoring detects unavailability, whichever is earlier.

4.3 Scheduled Maintenance Windows

(a) Standard Maintenance Window: [________________________________]

(b) Provider shall provide at least [____] hours advance notice for scheduled maintenance.

(c) Provider shall use commercially reasonable efforts to perform maintenance during low-usage periods.

(d) Emergency maintenance may be performed without advance notice when necessary to address critical security issues or prevent imminent harm.

4.4 Service Credits

If Provider fails to meet the Monthly Uptime Percentage commitment, Customer shall be entitled to Service Credits as follows:

Monthly Uptime Percentage Service Credit (% of Monthly Fee)
99.0% - Below Commitment 10%
98.0% - 98.99% 25%
95.0% - 97.99% 50%
Below 95.0% 100%

4.5 Service Credit Limitations

(a) Service Credits are Customer's sole and exclusive remedy for Provider's failure to meet the SLA.

(b) Service Credits shall not exceed 100% of the monthly Fees for the affected month.

(c) Service Credits are applied against future invoices and are not redeemable for cash.

(d) Customer must request Service Credits within thirty (30) days of the end of the affected month.

4.6 Performance Monitoring

(a) Provider shall maintain real-time monitoring of Services availability.

(b) Provider shall make uptime statistics available to Customer through [________________________________].

(c) Provider shall notify Customer of any material service disruption within [____] minutes of detection.

4.7 Chronic Failure

If Provider fails to meet the Monthly Uptime Percentage commitment for [____] consecutive months or [____] months in any twelve (12) month period, Customer may terminate this Agreement upon thirty (30) days written notice without penalty and receive a pro-rata refund of prepaid Fees.

ARTICLE 5: DATA HANDLING AND SECURITY

5.1 Customer Data Ownership

(a) As between the parties, Customer retains all right, title, and interest in and to Customer Data.

(b) Provider acquires no rights to Customer Data except the limited license to process Customer Data as necessary to provide the Services.

(c) Customer represents that it has all necessary rights to provide Customer Data to Provider for processing.

5.2 Data Processing

Provider shall:

(a) Process Customer Data only as necessary to provide the Services and as instructed by Customer;

(b) Not access, use, or disclose Customer Data except as required for Service delivery, security, or as compelled by law;

(c) Implement reasonable access controls limiting personnel access to Customer Data on a need-to-know basis;

(d) Ensure personnel with access to Customer Data are bound by confidentiality obligations.

5.3 Data Location

☐ Customer Data shall be stored and processed within the United States
☐ Customer Data shall be stored and processed within: [________________________________]
☐ Customer Data may be stored and processed in any Provider data center location
☐ Customer Data location restrictions: [________________________________]

5.4 Information Security Program

Provider shall implement and maintain a comprehensive written information security program including:

(a) Risk Assessment: Regular identification and assessment of reasonably foreseeable internal and external threats to Customer Data security;

(b) Safeguards: Implementation of safeguards to control identified risks, including:

  • Encryption of Customer Data in transit and at rest using industry-standard protocols
  • Multi-factor authentication for administrative access
  • Network security controls including firewalls, intrusion detection, and prevention systems
  • Regular vulnerability scanning and penetration testing
  • Secure software development practices

(c) Access Controls: Role-based access controls and principle of least privilege;

(d) Employee Training: Regular security awareness training for all personnel with access to Customer Data;

(e) Incident Response: Written incident response plan addressing detection, containment, investigation, and notification procedures;

(f) Business Continuity: Disaster recovery and business continuity procedures.

5.5 Security Certifications and Audits

Provider maintains or shall obtain the following certifications:

☐ SOC 2 Type II
☐ ISO 27001
☐ ISO 27017
☐ ISO 27018
☐ HITRUST CSF
☐ FedRAMP (Authorization Level: [____])
☐ PCI DSS (if processing payment data)
☐ Other: [________________________________]

(a) Provider shall maintain such certifications throughout the Subscription Term.

(b) Upon Customer's reasonable written request (no more than once annually), Provider shall provide copies of current audit reports and certifications.

(c) Customer may conduct or commission a security assessment of Provider's facilities and practices upon reasonable advance notice and at Customer's expense, subject to Provider's reasonable security and confidentiality requirements.

5.6 Security Incident Response

(a) Provider shall notify Customer of any Security Breach affecting Customer Data within [____] hours of discovery.

(b) Notification shall include:

  • A general and brief description of the incident including how the breach occurred
  • The number of affected individuals
  • The type of information subject to the breach
  • The date of breach or estimated date
  • Measures taken to contain and remediate
  • A description of any remediation services offered
  • Contact information for further inquiries

(c) Provider shall cooperate with Customer in investigating and responding to Security Breaches.

(d) Provider shall preserve evidence related to Security Breaches for forensic investigation.

5.7 Rhode Island Data Breach Notification Compliance (Identity Theft Protection Act)

In the event of a breach of security requiring notification under R.I. Gen. Laws Ch. 11-49.3:

(a) Provider shall notify Customer immediately and in no event later than [____] hours after confirming a breach and ascertaining the information required for notification;

(b) For entities that are not state or municipal agencies, notification to affected Rhode Island residents must be provided no later than forty-five (45) calendar days after confirmation of the breach;

(c) If more than five hundred (500) Rhode Island residents are to be notified, Provider shall assist Customer in notifying the Rhode Island Attorney General and major credit reporting agencies as required by R.I. Gen. Laws § 11-49.3-4;

(d) The notification to individuals must include:

  • A general description of the incident and how the breach occurred
  • The type of information subject to the breach
  • The date of breach or estimated date
  • A description of remediation services offered
  • Information about the consumer's ability to file a police report and request a security freeze

(e) Provider shall bear the costs of notification and credit monitoring services if the breach results from Provider's negligence or failure to comply with this Agreement.

5.8 Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) Compliance

CRITICAL COMPLIANCE NOTE: THE RIDTPPA HAS NO RIGHT-TO-CURE PERIOD. VIOLATIONS MAY RESULT IN IMMEDIATE ENFORCEMENT ACTION.

(a) Effective Date and Applicability: The RIDTPPA became effective January 1, 2026. As applicable, both parties shall comply with its requirements.

(b) Roles: For purposes of the RIDTPPA, Customer is the Controller and Provider is the Processor of Consumer Data processed through the Services.

(c) Provider Obligations as Processor: Provider shall:

  • Process Consumer Data only pursuant to Customer's documented instructions and in accordance with this Agreement;
  • Assist Customer in meeting its obligations under the RIDTPPA, including facilitating consumer rights requests (access, deletion, correction, data portability, opt-out of sale/targeted advertising);
  • Provide necessary information to enable Customer to conduct and document data protection assessments for high-risk processing activities;
  • Ensure that each person processing Consumer Data is subject to a duty of confidentiality;
  • Delete or return all Consumer Data at the end of the provision of Services, at Customer's direction;
  • Make available information sufficient to demonstrate compliance with Processor obligations under the RIDTPPA;
  • Allow for and contribute to reasonable audits and inspections by Customer or Customer's designated auditor.

(d) No Cure Period: The parties acknowledge that unlike many other state privacy laws, the RIDTPPA does NOT include a cure period for violations. The Rhode Island Attorney General may take enforcement action without first providing an opportunity to cure. Accordingly, both parties shall maintain ongoing compliance rather than relying on cure opportunities.

(e) Penalties: Violations of the RIDTPPA constitute violations of the Rhode Island Deceptive Trade Practices Act (R.I. Gen. Laws Ch. 6-13.1), imposing a penalty of up to $10,000 per violation. Intentional disclosure of personal information in violation of the RIDTPPA may result in fines between $100 and $500 per violation.

(f) Subprocessor Requirements: Provider shall not engage a subprocessor to process Consumer Data without first entering into a written contract with the subprocessor requiring it to meet the same obligations as Provider under this Article.

5.9 Subprocessors

(a) Provider may engage subprocessors to assist in providing the Services, provided:

  • Subprocessors are bound by data protection obligations no less protective than this Agreement
  • Provider remains liable for subprocessor compliance
  • Provider maintains an updated list of subprocessors

(b) Provider shall notify Customer of any material changes to subprocessors at least [____] days in advance.

(c) Customer may object to new subprocessors; if Provider proceeds over Customer's objection, Customer may terminate without penalty.

5.10 Data Backup and Recovery

(a) Provider shall perform [________________________________] backups of Customer Data.

(b) Backups shall be retained for [____] days.

(c) Provider shall maintain the capability to restore Customer Data from backup within [____] hours of a request.

(d) Provider shall test backup restoration procedures at least [________________________________].

ARTICLE 6: ACCEPTABLE USE AND RESTRICTIONS

6.1 Acceptable Use Policy

Customer and Authorized Users shall:

(a) Use the Services only for lawful purposes and in compliance with all applicable laws;

(b) Comply with all Documentation and Provider's reasonable usage policies;

(c) Maintain the security and confidentiality of User Account credentials;

(d) Promptly report any suspected security breaches or unauthorized access.

6.2 Prohibited Activities

Customer and Authorized Users shall not:

(a) License, sublicense, sell, resell, rent, lease, transfer, assign, or distribute the Services to third parties;

(b) Modify, copy, or create derivative works based on the Services or Documentation;

(c) Reverse engineer, disassemble, decompile, or otherwise attempt to derive source code from the Services;

(d) Access the Services to build a competitive product or service;

(e) Use the Services to store or transmit Malicious Code;

(f) Interfere with or disrupt the integrity or performance of the Services;

(g) Attempt to gain unauthorized access to the Services or related systems;

(h) Use the Services to transmit unlawful, harassing, defamatory, or fraudulent content;

(i) Use the Services in violation of any third party's intellectual property or privacy rights;

(j) Exceed licensed usage limits or circumvent usage restrictions;

(k) Remove, alter, or obscure any proprietary notices on the Services.

6.3 Usage Monitoring

(a) Provider may monitor usage to ensure compliance with this Agreement;

(b) Provider shall notify Customer of any significant usage anomalies;

(c) If usage exceeds licensed capacity, Customer shall promptly pay additional Fees or reduce usage.

6.4 Suspension

Provider may suspend Customer's access to the Services:

(a) If Customer's use poses a security threat to Provider or other customers;

(b) If Customer is in material breach of this Agreement and fails to cure within [____] days after notice;

(c) If required by law or governmental authority;

(d) For non-payment of undisputed Fees more than [____] days past due.

Provider shall provide advance notice of suspension when practicable and shall restore access promptly when the grounds for suspension are resolved.

ARTICLE 7: FEES AND PAYMENT

7.1 Subscription Fees

Customer shall pay the following subscription Fees:

Description Amount Billing Frequency
Base Subscription Fee $[________________________________] ☐ Monthly ☐ Quarterly ☐ Annually
Per User Fee $[________________________________] per user ☐ Monthly ☐ Quarterly ☐ Annually
Data Storage (above included amount) $[________________________________] per GB ☐ Monthly ☐ Quarterly ☐ Annually
API Calls (above included amount) $[________________________________] per 1,000 calls ☐ Monthly ☐ Quarterly ☐ Annually
Additional Modules/Features $[________________________________] ☐ Monthly ☐ Quarterly ☐ Annually

7.2 Professional Services Fees

Service Rate/Fee Estimate
Implementation Services $[________________________________] [________________________________]
Training Services $[________________________________] per hour/day [________________________________]
Custom Development $[________________________________] per hour [________________________________]
Consulting Services $[________________________________] per hour [________________________________]
On-Site Services $[________________________________] per day plus expenses [________________________________]

7.3 Payment Terms

(a) Invoicing: Provider shall invoice Customer:
☐ In advance for each billing period
☐ Upon execution of this Agreement for the first year
☐ According to payment milestones in the Order Form
☐ Other: [________________________________]

(b) Payment Due: All invoices are due and payable within [____] days of invoice date.

(c) Payment Method:
☐ ACH/Wire Transfer
☐ Credit Card (subject to processing fees of [____]%)
☐ Check
☐ Other: [________________________________]

7.4 Taxes - Rhode Island SaaS Taxability

(a) All Fees are exclusive of taxes unless otherwise stated.

(b) Rhode Island Sales Tax on SaaS: The parties acknowledge that vendor-hosted prewritten software (SaaS) is subject to Rhode Island sales tax at the statewide rate of seven percent (7%) under R.I. Gen. Laws § 44-18-7. Rhode Island has no local sales taxes; the 7% rate applies uniformly statewide.

(c) Downloading is not required for the tax to apply; accessing software remotely (SaaS model) is sufficient to trigger taxability.

(d) Custom Software Exception: Purely custom-built software that is not transferred electronically or physically may be exempt. If any portion of the Services constitutes custom software, the Order Form shall separately identify and price such components.

(e) Customer shall provide valid Rhode Island exemption certificates if applicable.

(f) Provider is responsible for taxes based on Provider's income.

7.5 Late Payment

(a) Late payments shall bear interest at the rate of twelve percent (12%) per annum, which is the legal rate of interest under R.I. Gen. Laws § 6-26-1. This is the highest default statutory interest rate among all states.

(b) The parties acknowledge that the maximum contractual interest rate in Rhode Island is twenty-one percent (21%) per annum under R.I. Gen. Laws § 6-26-2 for general loans.

(c) Customer shall reimburse Provider's reasonable collection costs, including attorneys' fees.

(d) Provider may suspend Services for undisputed amounts more than [____] days past due.

7.6 Fee Disputes

(a) Customer shall notify Provider of any disputed charges within [____] days of invoice date.

(b) Customer shall pay all undisputed amounts by the due date.

(c) The parties shall work in good faith to resolve disputes within [____] days.

(d) Provider shall not suspend Services for amounts subject to a bona fide dispute.

7.7 Price Increases

(a) Fees are fixed for the Initial Term.

(b) Provider may increase Fees for Renewal Terms by providing written notice at least [____] days before the Renewal Term.

(c) Fee increases shall not exceed [____]% annually unless Provider's costs increase substantially.

ARTICLE 8: TERM AND RENEWAL

8.1 Initial Term

This Agreement shall commence on the Effective Date and continue for an Initial Term of:

☐ One (1) year
☐ Two (2) years
☐ Three (3) years
☐ Other: [________________________________]

8.2 Renewal

(a) This Agreement shall automatically renew for successive Renewal Terms of [________________________________] unless either party provides written notice of non-renewal at least [____] days before the end of the then-current term.

(b) Provider shall provide Customer with written notice of automatic renewal not less than thirty (30) days nor more than sixty (60) days before the renewal deadline, clearly disclosing:

  • That the Agreement will automatically renew unless cancelled
  • The renewal Fees that will be charged
  • Methods to obtain renewal details and cancellation procedures

(c) Customer may terminate at any time for convenience by providing [____] days written notice, subject to payment of:
☐ All Fees through the end of the then-current term
☐ Early termination fee of [________________________________]
☐ No early termination fee
☐ Other: [________________________________]

8.3 Effect of Expiration or Termination

Upon expiration or termination of this Agreement:

(a) All rights and licenses granted to Customer shall immediately terminate;

(b) Customer shall immediately cease all use of the Services;

(c) Customer shall pay all outstanding Fees for Services rendered through the termination date;

(d) Each party shall return or destroy Confidential Information as directed by the disclosing party;

(e) Provisions that by their nature should survive shall continue in effect.

ARTICLE 9: TERMINATION

9.1 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if:

(a) The other party materially breaches this Agreement and fails to cure within [____] days after written notice;

(b) The other party becomes insolvent, files for bankruptcy, or makes an assignment for the benefit of creditors;

(c) The other party ceases to conduct business in the normal course.

9.2 Provider Termination Rights

Provider may terminate this Agreement:

(a) Immediately if Customer's use of the Services violates applicable law or poses a threat to Provider's systems or other customers;

(b) If Customer fails to pay undisputed Fees within [____] days after a second written notice;

(c) If Customer repeatedly breaches the Acceptable Use Policy.

9.3 Customer Termination Rights

Customer may terminate this Agreement:

(a) If Provider fails to meet the SLA for [____] consecutive months pursuant to Section 4.7;

(b) If Provider experiences a Security Breach materially affecting Customer Data and fails to remediate within a reasonable time;

(c) If Provider materially changes the Services in a way that significantly reduces functionality.

9.4 Refund Upon Termination

(a) If Customer terminates for cause, Provider shall refund prepaid Fees for the unused portion of the Subscription Term.

(b) If Provider terminates for cause, no refund shall be due.

(c) If either party terminates for convenience, refund shall be as specified in Section 8.2(c).

ARTICLE 10: DATA RETURN AND DELETION

10.1 Data Export During Subscription

During the Subscription Term, Customer may export Customer Data at any time through:

☐ Self-service export functionality within the Services
☐ API access for programmatic data retrieval
☐ Provider-assisted export upon request
☐ Other: [________________________________]

10.2 Data Export Format

Customer Data shall be made available in the following formats:

☐ CSV (Comma-Separated Values)
☐ JSON (JavaScript Object Notation)
☐ XML (Extensible Markup Language)
☐ Native application format
☐ Database dump (SQL format)
☐ Other: [________________________________]

10.3 Transition Assistance

Upon expiration or termination, Provider shall:

(a) Provide Customer access to export Customer Data for a period of [____] days following the termination effective date;

(b) Provide reasonable assistance with data migration at Provider's then-current Professional Services rates;

(c) Continue to maintain Customer Data security during the transition period.

10.4 Data Deletion

(a) Upon Customer's written request following the transition period, or upon expiration of the transition period without a request for extension, Provider shall:

  • Delete all Customer Data from production systems within [____] days
  • Delete Customer Data from backup systems within [____] days or upon normal backup rotation

(b) Provider shall provide written certification of deletion upon Customer's request.

(c) Provider may retain Customer Data as required by law or for legitimate legal purposes, subject to continued confidentiality obligations.

10.5 Survival of Data Obligations

Provider's obligations regarding Customer Data confidentiality and security shall survive termination until all Customer Data has been deleted or returned.

ARTICLE 11: INTELLECTUAL PROPERTY

11.1 Provider Intellectual Property

(a) Provider retains all right, title, and interest in and to the Services, Documentation, and all related intellectual property, including:

  • Software code, architecture, and design
  • Algorithms, processes, and methodologies
  • User interfaces and user experience designs
  • Trade Secrets as defined under R.I. Gen. Laws § 6-41-1(4)
  • All improvements, modifications, and derivative works

(b) No license or right is granted except as expressly set forth herein.

(c) Customer shall not acquire any ownership interest in the Services by virtue of this Agreement.

11.2 Customer Intellectual Property

(a) Customer retains all right, title, and interest in and to Customer Data and Customer's pre-existing intellectual property.

(b) Customer grants Provider a limited, non-exclusive license to use Customer Data solely as necessary to provide the Services.

11.3 Feedback

(a) If Customer provides suggestions, ideas, or feedback regarding the Services ("Feedback"), Provider may use such Feedback without restriction or compensation.

(b) Customer hereby assigns to Provider all rights in any Feedback.

11.4 Aggregated Data

(a) Provider may collect and analyze aggregated, anonymized data derived from Customer's use of the Services that does not identify Customer or any individual ("Aggregated Data").

(b) Provider may use Aggregated Data to improve the Services, develop new products, and for other lawful business purposes.

(c) Provider owns all right, title, and interest in Aggregated Data.

11.5 Custom Development

For any custom development performed under this Agreement:

Provider Ownership: Provider owns all custom developments; Customer receives a license to use
Customer Ownership: Customer owns all custom developments; Provider receives a license to incorporate into Services
Joint Ownership: Parties jointly own custom developments
Work Made for Hire: Custom developments are works made for hire owned by Customer
As Specified: Ownership determined per individual Statement of Work

ARTICLE 12: CONFIDENTIALITY

12.1 Confidentiality Obligations

Each party agrees to:

(a) Maintain the confidentiality of the other party's Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care;

(b) Not disclose Confidential Information to any third party except as expressly permitted herein;

(c) Use Confidential Information only for purposes of performing obligations or exercising rights under this Agreement;

(d) Limit access to Confidential Information to employees, contractors, and agents with a need to know who are bound by confidentiality obligations.

12.2 Exclusions

Confidential Information does not include information that:

(a) Is or becomes publicly available through no fault of the receiving party;

(b) Was rightfully known to the receiving party without restriction before disclosure;

(c) Is rightfully obtained from a third party without breach of confidentiality;

(d) Is independently developed without use of Confidential Information.

12.3 Permitted Disclosures

A party may disclose Confidential Information:

(a) To its professional advisors bound by professional confidentiality obligations;

(b) As required by law, regulation, or court order, provided the disclosing party gives prompt notice (if legally permitted) to allow the other party to seek protective measures;

(c) In connection with a merger, acquisition, or financing, subject to confidentiality agreements.

12.4 Trade Secret Protection Under Rhode Island Law

(a) The parties acknowledge that certain Confidential Information may constitute Trade Secrets under the Rhode Island Uniform Trade Secrets Act, R.I. Gen. Laws Ch. 6-41.

(b) Each party agrees to maintain reasonable measures to preserve the secrecy of Trade Secrets as required by R.I. Gen. Laws § 6-41-1(4).

(c) Misappropriation claims under the Rhode Island UTSA are subject to applicable statutes of limitations.

12.5 Duration

Confidentiality obligations shall survive termination of this Agreement for a period of [____] years, except that obligations regarding Trade Secrets shall continue for as long as the information qualifies as a Trade Secret under applicable law.

12.6 Return or Destruction

Upon termination or upon request, each party shall return or destroy the other party's Confidential Information and certify such return or destruction in writing.

ARTICLE 13: WARRANTIES

13.1 Provider Warranties

Provider warrants that:

(a) Performance Warranty: The Services will perform materially in accordance with the Documentation during the Subscription Term;

(b) Authority: Provider has full power and authority to enter into this Agreement and grant the rights herein;

(c) Non-Infringement: To Provider's knowledge, the Services do not infringe any third party's intellectual property rights;

(d) Malicious Code: The Services will not contain Malicious Code introduced by Provider;

(e) Compliance: Provider will comply with all laws applicable to Provider's provision of the Services, including the RIDTPPA;

(f) Personnel: Provider's personnel performing Professional Services will have the necessary skills and qualifications;

(g) Security: Provider will maintain the information security program described in Article 5.

13.2 Customer Warranties

Customer warrants that:

(a) Customer has full power and authority to enter into this Agreement;

(b) Customer owns or has the right to provide Customer Data to Provider;

(c) Customer Data does not violate third-party rights or applicable law;

(d) Customer will use the Services in compliance with this Agreement and applicable law.

13.3 Warranty Remedies

For breach of Provider's Performance Warranty:

(a) Customer shall notify Provider of any warranty claim within [____] days of discovery;

(b) Provider shall use commercially reasonable efforts to correct the non-conformity;

(c) If Provider cannot correct the non-conformity within [____] days, Customer may terminate the affected Services and receive a pro-rata refund.

13.4 Disclaimer of Warranties

EXCEPT FOR THE EXPRESS WARRANTIES IN THIS ARTICLE, TO THE MAXIMUM EXTENT PERMITTED BY R.I. GEN. LAWS § 6A-2-316:

(a) PROVIDER MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT;

(b) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE;

(c) PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL MEET CUSTOMER'S SPECIFIC REQUIREMENTS;

(d) ANY THIRD-PARTY COMPONENTS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.

RHODE ISLAND UCC CONSPICUOUSNESS NOTICE: THE FOREGOING DISCLAIMERS OF IMPLIED WARRANTIES, INCLUDING THE DISCLAIMER OF THE IMPLIED WARRANTY OF MERCHANTABILITY, ARE SET FORTH IN CONSPICUOUS LANGUAGE AS REQUIRED BY R.I. GEN. LAWS § 6A-2-316. CUSTOMER ACKNOWLEDGES HAVING READ AND UNDERSTOOD THESE DISCLAIMERS.

ARTICLE 14: INDEMNIFICATION

14.1 Provider Indemnification

Provider shall defend, indemnify, and hold harmless Customer, its Affiliates, and their respective officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

(a) Allegations that the Services infringe any United States patent, copyright, trademark, or misappropriate any trade secret;

(b) Provider's gross negligence or willful misconduct;

(c) Provider's material breach of its data security obligations under Article 5;

(d) Provider's violation of applicable law in its provision of the Services, including the RIDTPPA.

14.2 IP Indemnification Exclusions

Provider's indemnification obligations do not apply to claims arising from:

(a) Modifications to the Services made by Customer without Provider's authorization;

(b) Combination of the Services with products, services, or data not provided by Provider;

(c) Customer's use of the Services after Provider notifies Customer of allegedly infringing activity;

(d) Customer Data or Customer's specifications that caused the alleged infringement;

(e) Use of a non-current version of the Services if infringement would have been avoided by using the current version.

14.3 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Provider, its Affiliates, and their respective officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

(a) Customer Data, including claims that Customer Data infringes or violates third-party rights;

(b) Customer's breach of the Acceptable Use Policy;

(c) Customer's gross negligence or willful misconduct;

(d) Customer's violation of applicable law in its use of the Services.

14.4 Indemnification Procedures

The indemnified party shall:

(a) Provide prompt written notice of any claim;

(b) Grant the indemnifying party sole control of the defense and settlement;

(c) Provide reasonable cooperation at the indemnifying party's expense;

(d) Not settle any claim without the indemnifying party's prior written consent.

ARTICLE 15: LIMITATION OF LIABILITY

15.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY R.I. GEN. LAWS § 6A-2-719 AND APPLICABLE RHODE ISLAND LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, LOST REVENUES, LOST DATA, LOSS OF GOODWILL, BUSINESS INTERRUPTION, OR COST OF PROCUREMENT OF SUBSTITUTE SERVICES, ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

15.2 Liability Cap

EXCEPT AS PROVIDED IN SECTION 15.3, EACH PARTY'S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED:

☐ The total Fees paid or payable by Customer during the twelve (12) months preceding the claim
☐ The total Fees paid or payable by Customer during the twenty-four (24) months preceding the claim
☐ $[________________________________]
☐ Other: [________________________________]

15.3 Exceptions to Limitations

The limitations in Sections 15.1 and 15.2 shall not apply to:

(a) Either party's indemnification obligations under Article 14;

(b) Either party's breach of confidentiality obligations under Article 12;

(c) Customer's payment obligations;

(d) Claims arising from a party's gross negligence or willful misconduct;

(e) Claims arising from Provider's breach of its data security obligations resulting in unauthorized disclosure of Customer Data;

(f) RIDTPPA penalties imposed by the Rhode Island Attorney General;

(g) Claims arising from Provider's unauthorized use or disclosure of Customer Data.

15.4 Enhanced Liability Cap for Certain Claims

For claims described in Section 15.3(b) and (e), each party's liability shall not exceed:

☐ Two (2) times the general liability cap
☐ Three (3) times the general liability cap
☐ $[________________________________]
☐ No enhanced cap (unlimited liability)

15.5 Acknowledgment

THE PARTIES ACKNOWLEDGE THAT THE LIMITATIONS OF LIABILITY IN THIS ARTICLE REFLECT A REASONABLE ALLOCATION OF RISK AND ARE A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES.

15.6 Sealed Instrument Consideration

RHODE ISLAND NOTE: If this Agreement is executed under seal, the statute of limitations for enforcement is twenty (20) years under R.I. Gen. Laws § 9-1-13. The parties should consider whether to execute this Agreement under seal:

☐ This Agreement IS executed under seal (20-year statute of limitations applies)
☐ This Agreement is NOT executed under seal (standard contract statute of limitations applies)

ARTICLE 16: INSURANCE

16.1 Required Insurance

Provider shall maintain the following insurance coverages during the Subscription Term and for [____] years thereafter:

Coverage Type Minimum Limit Requirements
Commercial General Liability $[________________________________] per occurrence / $[________________________________] aggregate Including products/completed operations
Professional Liability/E&O $[________________________________] per claim / $[________________________________] aggregate Covering technology professional services
Cyber Liability/Data Breach $[________________________________] per incident / $[________________________________] aggregate Including network security, privacy liability, breach response
Workers' Compensation Statutory limits As required by Rhode Island law
Employer's Liability $[________________________________] Per accident and disease
Umbrella/Excess Liability $[________________________________] Excess of primary coverages

16.2 Insurance Requirements

(a) All insurance shall be provided by carriers with an A.M. Best rating of A- or better;

(b) Provider shall provide certificates of insurance upon Customer's request;

(c) Policies shall be primary and non-contributory with respect to Customer's insurance;

(d) Provider shall provide at least thirty (30) days advance notice of cancellation or material change;

(e) Commercial General Liability and Umbrella policies shall name Customer as an additional insured.

16.3 Self-Insurance

☐ Provider may self-insure for: [________________________________]
☐ Self-insurance is not permitted

ARTICLE 17: GOVERNING LAW AND DISPUTE RESOLUTION

17.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Rhode Island, without regard to its conflict of laws principles.

17.2 Venue and Jurisdiction

The parties consent to the exclusive jurisdiction and venue of the state and federal courts located in:

☐ Providence County, Rhode Island
☐ Kent County, Rhode Island
☐ [________________________________] County, Rhode Island

Each party waives any objection to such jurisdiction and venue, including inconvenient forum.

17.3 Dispute Resolution Process

Before initiating litigation, the parties agree to the following escalation process:

Step 1 - Informal Resolution: Representatives shall attempt to resolve disputes informally within [____] business days.

Step 2 - Executive Escalation: If unresolved, disputes shall be escalated to each party's executive officer (or designee) for resolution within [____] business days.

Step 3 - Mediation: If still unresolved, the parties shall participate in mediation administered by [________________________________] before commencing litigation. Mediation costs shall be shared equally.

Step 4 - Arbitration (Optional):
If mediation is unsuccessful, disputes shall be resolved by binding arbitration administered by [________________________________] in accordance with its Commercial Arbitration Rules. The arbitration shall be conducted in [________________________________], Rhode Island.

17.4 Jury Trial Waiver

TO THE FULLEST EXTENT PERMITTED BY RHODE ISLAND LAW, EACH PARTY HEREBY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVES ITS RIGHT TO A JURY TRIAL IN ANY ACTION, PROCEEDING, OR COUNTERCLAIM ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE TRANSACTIONS CONTEMPLATED HEREBY.

17.5 Injunctive Relief

Notwithstanding any dispute resolution procedures, either party may seek injunctive or other equitable relief from any court of competent jurisdiction to prevent irreparable harm pending resolution of disputes.

17.6 Prevailing Party

In any legal proceeding arising out of this Agreement, the prevailing party shall be entitled to recover its reasonable attorneys' fees and costs from the non-prevailing party.

ARTICLE 18: GENERAL PROVISIONS

18.1 Entire Agreement

This Agreement, including all Order Forms, Statements of Work, and exhibits, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior and contemporaneous agreements, proposals, and representations, whether written or oral.

18.2 Amendments

No amendment to this Agreement shall be effective unless in writing and signed by authorized representatives of both parties.

18.3 Order of Precedence

In the event of conflict, the following order of precedence applies: (1) Order Forms; (2) Statements of Work; (3) this Agreement; (4) Documentation.

18.4 Assignment

Neither party may assign this Agreement without the other party's prior written consent, except that either party may assign to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets.

18.5 Notices

Notices shall be in writing and delivered by certified mail, overnight courier, or email with confirmation.

Party Notice Address
Provider [________________________________]
[________________________________]
Email: [________________________________]
Customer [________________________________]
[________________________________]
Email: [________________________________]

18.6 Force Majeure

Neither party shall be liable for failure or delay in performance due to causes beyond its reasonable control, including acts of God, natural disasters, war, terrorism, riots, government actions, pandemics, or failures of telecommunications or power. If force majeure continues for more than [____] days, either party may terminate affected Services without liability.

18.7 Waiver

No waiver of any right or remedy shall be effective unless in writing.

18.8 Severability

If any provision of this Agreement is held invalid or unenforceable, the remaining provisions shall continue in effect.

18.9 Independent Contractors

The parties are independent contractors. This Agreement does not create a partnership, joint venture, agency, or employment relationship.

18.10 Compliance with Laws

Each party shall comply with all applicable laws, including the Rhode Island Deceptive Trade Practices Act (R.I. Gen. Laws Ch. 6-13.1) where applicable.

18.11 Electronic Signatures

In accordance with R.I. Gen. Laws Ch. 42-127.1 (Uniform Electronic Transactions Act):

(a) This Agreement may be executed electronically;

(b) Electronic signatures have the same legal effect as original signatures.

18.12 Counterparts

This Agreement may be executed in counterparts, each of which shall be deemed an original.

18.13 Export Compliance

Customer shall comply with all applicable export control laws and regulations.

18.14 Government Customers

If Customer is a Rhode Island state agency, additional terms may apply per the Order Form.

18.15 Construction

This Agreement shall be construed without regard to any presumption against the party that drafted it.

ARTICLE 19: EXECUTION

By signing below, the parties acknowledge that they have read, understand, and agree to be bound by all terms and conditions of this Agreement.

PRE-EXECUTION CHECKLIST

Provider Verification:
☐ All Order Forms completed and attached
☐ Pricing confirmed and documented
☐ Rhode Island sales tax registration confirmed (7% rate)
☐ RIDTPPA compliance verified (no cure period)
☐ Service level commitments confirmed
☐ Security certifications current
☐ Insurance certificates available
☐ Legal review completed
☐ Authority to sign verified

Customer Verification:
☐ Business requirements documented
☐ Technical requirements reviewed
☐ RIDTPPA obligations as Controller understood
☐ Security requirements addressed
☐ Rhode Island sales tax exemption status confirmed (if applicable)
☐ Sealed instrument election made
☐ Budget approval obtained
☐ Legal review completed
☐ Authority to sign verified

SIGNATURE PAGE

PROVIDER

[________________________________]

Field Information
Signature ________________________________________________
Printed Name [________________________________]
Title [________________________________]
Date [__/__/____]
☐ Executed under seal

CUSTOMER

[________________________________]

Field Information
Signature ________________________________________________
Printed Name [________________________________]
Title [________________________________]
Date [__/__/____]
☐ Executed under seal

EXHIBIT A: ORDER FORM

Order Form Number: [________________________________]

Order Form Effective Date: [__/__/____]

Services Ordered

Service/Module Description Quantity Unit Price Total
[________________________________] [________________________________] [____] $[________] $[________]
[________________________________] [________________________________] [____] $[________] $[________]
[________________________________] [________________________________] [____] $[________] $[________]

Subscription Details

Field Value
Initial Term [________________________________]
Renewal Term [________________________________]
Billing Frequency ☐ Monthly ☐ Quarterly ☐ Annually
Payment Terms Net [____] days
Support Tier ☐ Standard ☐ Premium ☐ Enterprise
Uptime Commitment [____]%

Rhode Island Sales Tax Information

Field Value
Applicable Tax Rate 7% (statewide, no local taxes)
Customer Exemption Status ☐ Taxable ☐ Exempt (certificate attached)
Custom Software Component (if any) $[________________________________] (potentially exempt)

Pricing Summary

Category Amount
Annual Subscription Fees $[________________________________]
One-Time Implementation Fees $[________________________________]
Annual Support Fees (if separate) $[________________________________]
Estimated Rhode Island Sales Tax (7%) $[________________________________]
Total First Year Investment $[________________________________]

PROVIDER: ___________________________ Date: [__/__/____]

CUSTOMER: ___________________________ Date: [__/__/____]

EXHIBIT B: DATA PROCESSING ADDENDUM

B.1 Scope

This Data Processing Addendum ("DPA") supplements the Agreement with respect to Provider's processing of Personal Information and Consumer Data on behalf of Customer.

B.2 RIDTPPA Controller-Processor Obligations

(a) Customer is the Controller and Provider is the Processor under the RIDTPPA.

(b) Provider shall process Consumer Data only in accordance with documented instructions from Customer.

(c) Provider shall assist Customer in responding to consumer rights requests within the timeframes required by the RIDTPPA.

(d) NO CURE PERIOD WARNING: The RIDTPPA does not provide a right-to-cure period. Non-compliance may result in immediate enforcement by the Rhode Island Attorney General.

B.3 Consumer Rights Facilitation

Provider shall provide technical mechanisms to assist Customer in fulfilling the following RIDTPPA consumer rights:

(a) Right to confirm whether personal data is being processed;

(b) Right to access personal data;

(c) Right to correct inaccuracies;

(d) Right to delete personal data;

(e) Right to obtain data in a portable format;

(f) Right to opt out of targeted advertising, sale of personal data, and profiling.

B.4 Data Protection Assessments

Provider shall make information available to Customer for data protection assessments required for high-risk processing activities under the RIDTPPA.

B.5 Subprocessors

(a) Customer authorizes Provider to engage subprocessors listed at: [________________________________]

(b) Provider shall notify Customer of subprocessor changes [____] days in advance.

B.6 Audit Rights

Upon reasonable notice, Customer may audit Provider's compliance with this DPA.

EXHIBIT C: SERVICE LEVEL AGREEMENT DETAILS

C.1 Availability Measurement

Provider measures availability using [________________________________].

C.2 Excluded Events

☐ Scheduled maintenance within designated windows
☐ Emergency maintenance for security issues
☐ Customer-caused issues
☐ Third-party service failures
☐ Force majeure events
☐ Network issues outside Provider's control

C.3 Maintenance Schedule

Maintenance Type Window Frequency Notice Required
Standard Maintenance [________________________________] [________] [____] hours
Major Updates [________________________________] [________] [____] days
Emergency Maintenance As needed As needed Best efforts

C.4 Monitoring and Reporting

Provider shall:

(a) Monitor Services availability 24/7/365;

(b) Provide real-time status at: [________________________________];

(c) Provide monthly availability reports upon request;

(d) Alert Customer of outages within [____] minutes.

PRACTITIONER NOTES FOR RHODE ISLAND

Rhode Island-Specific Considerations

  1. CRITICAL - RIDTPPA Has No Cure Period (eff. Jan. 1, 2026): Rhode Island is one of very few states whose comprehensive privacy law does NOT include a right-to-cure period. The Attorney General may take immediate enforcement action without first providing an opportunity to correct violations. This means compliance must be proactive and ongoing. Penalties: up to $10,000 per violation (consumer protection law); $100-$500 per violation for intentional disclosure.

  2. SaaS Taxable at 7%: Rhode Island imposes a 7% sales tax on vendor-hosted prewritten software (SaaS). This is the second-highest state sales tax rate applicable to SaaS. There are no local sales taxes; the 7% rate applies uniformly statewide. Custom software may be exempt if not transferred electronically.

  3. 12% Default Interest Rate (R.I. Gen. Laws § 6-26-1): Rhode Island's legal rate of interest is 12% per annum -- one of the highest default rates in the nation. Post-judgment interest also accrues at 12%. The maximum contractual rate is 21% per annum for general lending (§ 6-26-2). Practitioners should explicitly state the interest rate for late payments.

  4. 20-Year Statute of Limitations for Sealed Instruments (R.I. Gen. Laws § 9-1-13): If an agreement is executed under seal, the statute of limitations extends to 20 years. This is the longest contract limitation period in the United States. Practitioners should consider whether to execute SaaS agreements under seal based on the desired enforcement window.

  5. Data Breach Notification (R.I. Gen. Laws Ch. 11-49.3): The Identity Theft Protection Act of 2015 requires notification within 45 calendar days after confirmation of a breach (for non-government entities). AG notification required when 500+ residents affected. Must include specific content: incident description, data types, dates, remediation services offered, and information about filing police reports and security freezes.

  6. Jury Waiver: Rhode Island follows general contract law principles for jury waivers. Enforceable where knowing, voluntary, and intentional, with conspicuous language. Use all caps and a separate paragraph for best enforceability.

  7. Limitation of Liability: Rhode Island courts generally enforce limitation of liability clauses in commercial agreements. However, RIDTPPA penalties imposed by the Attorney General cannot be contractually limited between the parties.

  8. UCC Warranty Disclaimers (R.I. Gen. Laws § 6A-2-316): Standard UCC requirements. Merchantability disclaimer must mention "merchantability" and be conspicuous. Fitness disclaimer must be in writing and conspicuous.

  9. Trade Secrets (R.I. Gen. Laws Ch. 6-41): Rhode Island adopted the Uniform Trade Secrets Act. Standard UTSA provisions for injunctions, damages, and attorney fees apply.

  10. Deceptive Trade Practices Act (R.I. Gen. Laws Ch. 6-13.1): RIDTPPA violations are treated as violations of the Deceptive Trade Practices Act. B2B transactions are generally outside the consumer protection scope, but data handling obligations may trigger liability.

This Enterprise Software as a Service Agreement template is designed for use in Rhode Island and incorporates applicable Rhode Island statutory requirements, including the RIDTPPA's no-cure-period enforcement framework and the state's 7% SaaS tax. Legal counsel should review this Agreement before execution to ensure compliance with current law and suitability for specific business needs.

Ezel AI
Hi! I can rewrite every section of this to your exact case in about 5 minutes. Heads up: I'm $49 for a one-shot, or $249/mo if you want unlimited docs. But that's still less than 10 minutes of what a lawyer charges to even look at this. Want me to do it?
AI Legal Assistant
Ezel AI
Hi! I can rewrite every section of this to your exact case in about 5 minutes. Heads up: I'm $49 for a one-shot, or $249/mo if you want unlimited docs. But that's still less than 10 minutes of what a lawyer charges to even look at this. Want me to do it?

Insert Image

Insert Table

Watch Ezel in action (sample case)

All changes saved
Save
Export
Export as DOCX
Export as PDF
Generating PDF...
saas_agreement_enterprise_ri.pdf
Ready to export as PDF or Word
AI is editing...
Chat
Review

Customize this document with Ezel

  • Deep Legal Knowledge
    Understands case law, statutes, and legal doctrine specific to Rhode Island.
  • Court-Ready Formatting
    Proper captions, certificates of service, and local rule compliance.
  • AI-Powered Editing on Your Timeline
    Edit as many times as you need. Tailor every section to your specific case.
  • Export as PDF & Word
    Download your finished document in professional PDF or DOCX format, ready to file or send.
Secure checkout via Stripe
Need to customize this document?

Related Legal Templates

Available in Other Jurisdictions

Enterprise SaaS Agreement Universal SaaS Agreement - Enterprise (Alabama) AL SaaS Agreement - Enterprise (Alaska) AK Enterprise SaaS Agreement - Arizona AZ Enterprise SaaS Agreement — Arkansas AR Enterprise SaaS Agreement — California CA Enterprise SaaS Agreement - Colorado CO Enterprise SaaS Agreement - Connecticut CT View all 43 states

More Contracts Agreements Templates

Consulting Services Agreement RI Enterprise Security Addendum — Rhode Island RI Independent Contractor Agreement RI Limited Partnership Agreement - State of Rhode Island RI Marketing & Advertising Services Agreement (Rhode Island) RI Master Services Agreement (Rhode Island) RI Browse all

About This Template

A contract is a written record of what two or more parties agreed to and what happens if someone does not follow through. Clear language, defined terms, and clean signature blocks keep disputes small and enforceable. The most common mistakes in contracts come from vague promises, missing details about timing or payment, and skipping standard protective clauses like governing law and dispute resolution.

Important Notice

This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.

Last updated: March 2026