SOFTWARE AS A SERVICE AGREEMENT (SMB)

STATE OF MARYLAND

TABLE OF CONTENTS

1. Parties and Recitals
2. Definitions
3. Access Rights and Restrictions
4. Service Levels and Support
5. Customer Obligations
6. Fees and Payment
7. Data Protection and Security
8. Intellectual Property and Feedback
9. Confidentiality
10. Warranties and Disclaimers
11. Indemnification
12. Limitations of Liability
13. Term, Renewal, and Termination
14. Beta and Free Trials
15. Compliance
16. Governing Law and Dispute Resolution
17. Miscellaneous
18. Signatures
19. Attachments

1. PARTIES AND RECITALS

This Software as a Service Agreement ("Agreement") is entered into as of [__/__/____] ("Effective Date") by and between:

Provider:
Name: [________________________________]
Address: [________________________________]
State of Formation: [________________________________]
("Provider")

Customer:
Name: [________________________________]
Address: [________________________________]
State of Formation: [________________________________]
("Customer")

Each a "Party" and collectively the "Parties."

RECITALS

WHEREAS, Provider has developed and operates a cloud-based software-as-a-service platform described more fully in the applicable Order Form and Documentation (the "SaaS");

WHEREAS, Customer desires to access and use the SaaS for Customer's internal business operations, subject to the terms and conditions set forth herein;

WHEREAS, Provider desires to grant Customer the right to access and use the SaaS, subject to Customer's compliance with the terms and conditions of this Agreement and payment of the applicable Fees;

WHEREAS, the Parties intend for this Agreement to be governed by the laws of the State of Maryland, including the Maryland Consumer Protection Act (Md. Code Ann., Com. Law § 13-101 et seq.), the Maryland Personal Information Protection Act (Md. Code Ann., Com. Law § 14-3501 et seq.), and the Maryland Online Data Privacy Act of 2024;

WHEREAS, the Parties acknowledge that this Agreement, together with all Order Forms, the SLA, Support Policy, DPA, and AUP, constitutes the complete agreement between the Parties with respect to the subject matter hereof;

NOW, THEREFORE, in consideration of the mutual covenants and agreements set forth herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties agree as follows:

2. DEFINITIONS

As used in this Agreement, the following capitalized terms have the meanings set forth below:

2.1 "Acceptable Use Policy" or "AUP" means Provider's acceptable use policy attached as Attachment E, as may be updated by Provider from time to time with reasonable notice to Customer.

2.2 "Affiliate" means any entity that directly or indirectly Controls, is Controlled by, or is under common Control with a Party, where "Control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.

2.3 "Authorized Users" means Customer's employees, contractors, and agents who are authorized by Customer to access and use the SaaS under Customer's account, subject to the Usage Limits.

2.4 "Confidential Information" means all non-public information disclosed by one Party to the other Party, whether orally, in writing, or by electronic means, that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure.

2.5 "Customer Data" means all electronic data, information, content, and materials submitted, uploaded, or transmitted by or on behalf of Customer or its Authorized Users to the SaaS, excluding Usage Data.

2.6 "Data Processing Addendum" or "DPA" means the data processing addendum attached as Attachment D, governing the processing of Personal Data.

2.7 "Documentation" means Provider's then-current technical and user documentation for the SaaS, including user guides, API documentation, help center articles, and online resources made generally available by Provider.

2.8 "Downtime" means any period during which the SaaS is materially unavailable or inoperable, as measured by Provider's monitoring systems, excluding Scheduled Maintenance and Force Majeure Events.

2.9 "Effective Date" means the date set forth in the preamble of this Agreement.

2.10 "Fees" means all subscription fees, usage-based fees, professional services fees, and other charges payable by Customer under this Agreement and the applicable Order Form.

2.11 "Force Majeure Event" means any event beyond a Party's reasonable control, including acts of God, fire, flood, earthquake, hurricane, pandemic, epidemic, war, terrorism, civil unrest, government action, labor disputes, power failures, internet or telecommunications failures, cyberattacks on third-party infrastructure, and supply chain disruptions.

2.12 "Intellectual Property" or "IP" means all patents, copyrights, trademarks, trade secrets, know-how, moral rights, and all other intellectual property rights, whether registered or unregistered.

2.13 "Malware" means viruses, worms, Trojan horses, ransomware, spyware, adware, or other malicious code designed to damage, disrupt, or gain unauthorized access to computer systems.

2.14 "Order Form" means each mutually executed ordering document that references this Agreement and specifies the SaaS, Subscription Term, Usage Limits, Fees, and other commercial terms.

2.15 "Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws, including the Maryland Personal Information Protection Act (Md. Code Ann., Com. Law § 14-3501 et seq.) and the Maryland Online Data Privacy Act of 2024.

2.16 "SaaS" means Provider's proprietary cloud-based software application(s) identified in the Order Form, including all Updates made available by Provider during the Subscription Term.

2.17 "Scheduled Maintenance" means planned maintenance windows during which the SaaS may be temporarily unavailable, conducted in accordance with Section 4.

2.18 "Service Level Agreement" or "SLA" means the service level commitments set forth in Attachment B.

2.19 "Subscription Term" means the initial subscription period and any renewal periods as specified in the Order Form and Section 13.

2.20 "Support" means the technical support services provided by Provider in accordance with the Support Policy (Attachment C).

2.21 "Updates" means bug fixes, patches, minor enhancements, and improvements to the SaaS that Provider makes generally available to its customer base at no additional charge.

2.22 "Usage Data" means data and information collected by Provider regarding Customer's and Authorized Users' use of the SaaS, including feature usage statistics, performance metrics, and system logs, in each case in aggregated and de-identified form that does not identify Customer or any individual.

2.23 "Usage Limits" means the quantitative limits on Customer's use of the SaaS as specified in the Order Form, including but not limited to the number of Authorized Users, storage capacity, API call volume, or transaction volume.

3. ACCESS RIGHTS AND RESTRICTIONS

3.1 License Grant. Subject to the terms and conditions of this Agreement and Customer's payment of all applicable Fees, Provider hereby grants Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the SaaS during the Subscription Term, solely for Customer's internal business operations and in accordance with the Usage Limits, Documentation, and AUP.

3.2 Authorized Users. Customer may permit its Authorized Users to access and use the SaaS on Customer's behalf, provided that Customer ensures each Authorized User complies with this Agreement. Customer is responsible for all acts and omissions of its Authorized Users and for maintaining the confidentiality of all login credentials. Each Authorized User account is for a single named individual and may not be shared.

3.3 Affiliates. Customer's Affiliates may access the SaaS under this Agreement by executing an Order Form that references this Agreement. Each such Affiliate shall be bound by the terms hereof as if it were the Customer, and Customer shall remain jointly and severally liable for each Affiliate's compliance.

3.4 Usage Limits. Customer shall not exceed the Usage Limits. If Customer exceeds a Usage Limit, Provider shall notify Customer and Customer shall promptly execute an amended Order Form or reduce usage. Provider may charge for excess usage at its then-current rates.

3.5 API Access. To the extent Provider makes application programming interfaces ("APIs") available, Customer may use such APIs solely in accordance with the Documentation and any API-specific terms. Provider may impose rate limits and modify APIs with reasonable notice.

3.6 Restrictions. Customer shall not, and shall not permit any third party to:

(a) Sublicense, resell, rent, lease, distribute, or otherwise make the SaaS available to any third party except as expressly permitted herein;

(b) Copy, modify, adapt, translate, or create derivative works based on the SaaS;

(c) Reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code or underlying algorithms of the SaaS, except to the extent expressly permitted by applicable Maryland law notwithstanding this restriction;

(d) Access the SaaS for competitive analysis, benchmarking, or to build a competing product or service, unless otherwise permitted by Maryland law;

(e) Circumvent or disable any security, technical limitation, or access control mechanism of the SaaS;

(f) Use the SaaS in violation of any applicable law, regulation, or the AUP;

(g) Introduce any Malware or other harmful code into the SaaS;

(h) Remove, alter, or obscure any proprietary notices, labels, or markings on the SaaS; or

(i) Use the SaaS to store or transmit any material that infringes or misappropriates any third party's Intellectual Property rights.

3.7 Reservation of Rights. Provider reserves all rights not expressly granted to Customer in this Agreement. No implied licenses are granted.

4. SERVICE LEVELS AND SUPPORT

4.1 Uptime Commitment. Provider shall use commercially reasonable efforts to maintain a monthly uptime percentage of at least [____]% (the "Uptime Target"), measured as set forth in the SLA (Attachment B). Uptime is calculated as: ((Total Minutes in Month - Downtime Minutes) / Total Minutes in Month) x 100.

4.2 Uptime Exclusions. The Uptime Target excludes: (a) Scheduled Maintenance; (b) Force Majeure Events; (c) failures caused by Customer's equipment, software, or network connections; (d) Customer's use of the SaaS in a manner not authorized by the Documentation; and (e) suspension of Customer's access pursuant to Section 13.

4.3 SLA Credits. If Provider fails to meet the Uptime Target in any calendar month, Customer shall be entitled to SLA credits as follows:

SLA credits shall be applied against future invoices and shall not exceed [____]% of the monthly Fees for the affected month. SLA credits are Customer's sole and exclusive remedy for Provider's failure to meet the Uptime Target, unless chronic failure (defined as failure to meet the Uptime Target for [____] consecutive months) entitles Customer to terminate under Section 13.

4.4 Scheduled Maintenance. Provider shall perform Scheduled Maintenance during the following standard window: [________________________________]. Provider shall provide Customer at least [____] hours' advance notice of Scheduled Maintenance. Emergency maintenance may be performed with shorter notice when necessary to preserve the integrity or security of the SaaS.

4.5 Support Services. Provider shall provide technical support to Customer in accordance with the Support Policy (Attachment C), including the following commitments:

4.6 Support Channels. Support is available via: ☐ Email ☐ Phone ☐ Live Chat ☐ Ticketing Portal during the hours specified in the Support Policy.

5. CUSTOMER OBLIGATIONS

5.1 Account Security. Customer shall: (a) maintain accurate and complete account registration information; (b) ensure all Authorized Users maintain strong, unique passwords and enable multi-factor authentication where available; (c) promptly notify Provider of any unauthorized access to Customer's account or any suspected security breach; and (d) not share login credentials among multiple individuals.

5.2 Acceptable Use. Customer shall comply, and shall ensure all Authorized Users comply, with the AUP. Customer shall not use the SaaS to store, transmit, or process any content that is unlawful, harmful, threatening, abusive, defamatory, obscene, or otherwise objectionable under applicable Maryland or federal law.

5.3 Data Accuracy. Customer is solely responsible for the accuracy, quality, integrity, and legality of Customer Data and the means by which Customer acquired such data. Customer represents and warrants that it has all necessary rights, consents, and authorizations to submit Customer Data to the SaaS.

5.4 Cooperation. Customer shall provide reasonable cooperation to Provider in connection with Provider's performance of its obligations, including timely responses to support requests, access to relevant systems and personnel, and participation in incident investigations.

5.5 System Requirements. Customer is responsible for obtaining and maintaining its own network connections, computer hardware, operating systems, and web browsers necessary to access the SaaS, and for ensuring compatibility with the SaaS as described in the Documentation.

5.6 Compliance with Laws. Customer shall comply with all applicable federal, state, and local laws and regulations in its use of the SaaS, including the Maryland Consumer Protection Act (Md. Code Ann., Com. Law § 13-301 et seq.) and the Maryland Online Data Privacy Act of 2024, to the extent applicable to Customer's business operations.

6. FEES AND PAYMENT

6.1 Subscription Fees. Customer shall pay the subscription Fees specified in the Order Form. Unless otherwise stated in the Order Form, Fees are: (a) based on the Usage Limits purchased; (b) payable in advance for each billing period; and (c) non-refundable except as expressly provided herein.

6.2 Usage-Based Fees. If the Order Form includes usage-based pricing, Customer shall pay for actual usage exceeding the included thresholds at the per-unit rates specified in the Order Form. Provider shall provide Customer with reasonable access to usage reports.

6.3 Invoicing and Payment Terms. Provider shall invoice Customer in accordance with the Order Form. Unless otherwise specified, invoices are due and payable within [____] days of the invoice date. All payments shall be made in U.S. dollars by [________________________________].

6.4 Late Payment. Overdue amounts shall accrue interest at the lesser of: (a) one and one-half percent (1.5%) per month; or (b) the maximum rate permitted under Maryland law (Md. Code Ann., Com. Law § 12-103, currently 6% per annum absent written agreement, or up to 8% per annum with a written agreement for general loans). Provider may also recover reasonable collection costs, including attorneys' fees, to the extent permitted by Maryland law.

6.5 Suspension for Non-Payment. If any undisputed amount remains unpaid for more than [____] days after the due date, Provider may, upon [____] days' prior written notice, suspend Customer's access to the SaaS until all outstanding amounts are paid in full. Provider shall promptly restore access upon receipt of payment.

6.6 Taxes. All Fees are exclusive of taxes. Customer shall be responsible for all applicable sales, use, value-added, and similar taxes, exclusive of taxes based on Provider's income.

MARYLAND TAX NOTE: Effective July 1, 2025, Maryland imposes a 3% sales and use tax on SaaS and specified IT services used for commercial/enterprise purposes, and a 6% tax on individual/consumer-use SaaS (Md. Code Ann., Tax-Gen. § 11-101 et seq., as amended by the Budget Reconciliation and Financing Act of 2025). Customer is responsible for remitting applicable taxes or providing a valid exemption certificate.

6.7 Price Increases. Provider shall not increase Fees during a Subscription Term. For renewal terms, Provider may increase Fees by providing Customer at least [____] days' prior written notice before the start of the renewal term. Any increase shall not exceed [____]% of the then-current Fees unless otherwise agreed.

6.8 Disputed Invoices. If Customer disputes any portion of an invoice in good faith, Customer shall: (a) pay the undisputed portion by the due date; (b) provide written notice of the dispute, including reasonable detail, within [____] days of receipt of the invoice; and (c) cooperate with Provider to resolve the dispute promptly. Provider shall not suspend access for disputed amounts while the dispute is being resolved in good faith.

7. DATA PROTECTION AND SECURITY

7.1 Security Safeguards. Provider shall implement and maintain administrative, technical, and physical security safeguards designed to protect Customer Data against unauthorized access, use, disclosure, alteration, or destruction, in accordance with industry standards and the Security Addendum (Attachment D). Such safeguards shall include, at minimum:

(a) Encryption of Customer Data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent);

(b) Access controls, including role-based access, multi-factor authentication for administrative access, and least-privilege principles;

(c) Regular vulnerability assessments and penetration testing;

(d) Intrusion detection and prevention systems;

(e) Logging and monitoring of access to Customer Data; and

(f) Employee security training and background checks for personnel with access to Customer Data.

7.2 Compliance Certifications. Provider shall maintain, at its expense, the following certifications and audit reports: ☐ SOC 2 Type II ☐ ISO 27001 ☐ Other: [________________________________]. Provider shall make current audit reports or certifications available to Customer upon reasonable written request, subject to Provider's confidentiality requirements.

7.3 Data Breach Notification. In the event of a confirmed security breach affecting Customer Data, Provider shall:

(a) Notify Customer in writing within seventy-two (72) hours of confirming the breach;

(b) Cooperate with Customer in investigating the breach and mitigating its effects;

(c) Provide Customer with all information reasonably necessary for Customer to comply with its notification obligations under the Maryland Personal Information Protection Act (Md. Code Ann., Com. Law § 14-3504), which requires notification to affected Maryland residents as soon as reasonably practicable but no later than forty-five (45) days after discovery of the breach, and notification to the Maryland Attorney General;

(d) Assist Customer in preparing breach notifications that comply with the content requirements of § 14-3504, including: the number of affected individuals in Maryland, a description of the breach, steps taken to address the breach, and a sample of the notice to affected individuals; and

(e) Provide reasonable assistance with any investigation by the Maryland Office of the Attorney General.

7.4 Maryland Online Data Privacy Act Compliance. To the extent Provider processes Personal Data of Maryland consumers as a "processor" on behalf of Customer as a "controller" under the Maryland Online Data Privacy Act of 2024 (effective October 1, 2025), Provider shall:

(a) Process Personal Data only in accordance with Customer's documented instructions;

(b) Assist Customer in responding to consumer rights requests within the forty-five (45) day response period;

(c) Implement appropriate data minimization practices as required by the Act;

(d) Provide information necessary for Customer to conduct data protection assessments; and

(e) Comply with additional obligations set forth in the DPA (Attachment D).

7.5 Data Processing and Sub-Processors. Provider shall not engage sub-processors to process Customer Data without Customer's prior written consent, which shall not be unreasonably withheld. Provider shall maintain a current list of sub-processors and notify Customer at least [____] days prior to engaging any new sub-processor. Provider shall remain liable for the acts and omissions of its sub-processors.

7.6 Data Location. Customer Data shall be stored and processed in [________________________________]. Provider shall not transfer Customer Data outside the specified location without Customer's prior written consent.

7.7 Incident Response. Provider shall maintain and test an incident response plan at least annually. Upon Customer's reasonable request, Provider shall provide a summary of its incident response procedures.

8. INTELLECTUAL PROPERTY AND FEEDBACK

8.1 Provider IP. As between the Parties, Provider owns and retains all right, title, and interest in and to the SaaS, Documentation, and all related Intellectual Property, including all improvements, modifications, enhancements, and derivative works thereof. Nothing in this Agreement transfers any ownership interest in Provider's IP to Customer.

8.2 Customer IP. As between the Parties, Customer owns and retains all right, title, and interest in and to Customer Data and all Intellectual Property therein. Customer hereby grants Provider a non-exclusive, worldwide, royalty-free license to use, copy, store, transmit, display, and process Customer Data solely to the extent necessary to provide the SaaS and perform Provider's obligations under this Agreement.

8.3 Usage Data. Provider may collect and use Usage Data for purposes of operating, improving, and optimizing the SaaS, developing new products and features, generating industry benchmarks, and compiling statistical analyses, provided that Usage Data is aggregated and de-identified and does not identify Customer or any individual Authorized User.

8.4 Feedback. If Customer or its Authorized Users provide Provider with any suggestions, ideas, enhancement requests, recommendations, or other feedback regarding the SaaS ("Feedback"), Customer hereby grants Provider a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, non-exclusive license to use, reproduce, modify, create derivative works from, distribute, and otherwise exploit such Feedback for any purpose, without attribution or compensation.

8.5 No Implied Rights. Except for the express rights granted in this Agreement, neither Party grants the other any rights, implied or otherwise, to its Intellectual Property or other proprietary information.

9. CONFIDENTIALITY

9.1 Definition. "Confidential Information" includes, but is not limited to: (a) all business, technical, financial, and operational information disclosed by either Party; (b) the terms and pricing of this Agreement; (c) Customer Data; (d) Provider's proprietary technology, algorithms, source code, and product roadmaps; and (e) any information marked as "Confidential" or "Proprietary" or disclosed under circumstances reasonably indicating its confidential nature.

9.2 Obligations. Each Party (the "Receiving Party") shall: (a) use the other Party's (the "Disclosing Party's") Confidential Information solely for the purpose of performing its obligations or exercising its rights under this Agreement; (b) protect such Confidential Information using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care; (c) limit access to such Confidential Information to its employees, contractors, and agents who have a need to know and who are bound by confidentiality obligations at least as protective as those herein.

9.3 Exclusions. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was rightfully known to the Receiving Party prior to disclosure without restriction; (c) is rightfully received from a third party without restriction and without breach of any obligation of confidentiality; or (d) is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information.

9.4 Permitted Disclosures. The Receiving Party may disclose Confidential Information to the extent required by applicable law, regulation, or court order, provided that the Receiving Party: (a) gives the Disclosing Party prompt written notice (to the extent legally permissible) to allow the Disclosing Party to seek a protective order; (b) cooperates with the Disclosing Party's reasonable efforts to obtain protective treatment; and (c) discloses only the minimum amount of Confidential Information required.

9.5 Trade Secrets. Nothing in this Agreement limits either Party's rights or obligations with respect to trade secrets under the Maryland Uniform Trade Secrets Act (Md. Code Ann., Com. Law §§ 11-1201 to 11-1209). Confidential Information that constitutes a trade secret under Maryland law shall be protected for as long as it qualifies as a trade secret, which may extend beyond the term of this Agreement. The three (3)-year post-termination period in Section 9.6 shall not limit the duration of trade secret protection.

9.6 Duration. The obligations of confidentiality set forth in this Section 9 shall survive for a period of [____] years following the expiration or termination of this Agreement, except as provided in Section 9.5 regarding trade secrets.

9.7 Return or Destruction. Upon the Disclosing Party's written request or upon termination of this Agreement, the Receiving Party shall promptly return or destroy all Confidential Information of the Disclosing Party and certify such return or destruction in writing, except that the Receiving Party may retain archival copies to the extent required by applicable law or its standard backup procedures, subject to continued confidentiality obligations.

10. WARRANTIES AND DISCLAIMERS

10.1 Provider Warranties. Provider represents and warrants that:

(a) Conformance. The SaaS shall materially conform to the Documentation during the Subscription Term. If the SaaS fails to materially conform, Provider shall, at its expense, correct the nonconformity or provide Customer with a functionally equivalent workaround within a commercially reasonable time;

(b) Professional Services. Any professional services performed by Provider under this Agreement shall be performed in a professional and workmanlike manner consistent with generally accepted industry standards;

(c) No Malware. Provider shall use commercially reasonable efforts to ensure the SaaS does not contain any Malware at the time of delivery or during the Subscription Term;

(d) Authority. Provider has the full power and authority to enter into this Agreement and grant the rights herein without violating any agreement with a third party;

(e) Non-Infringement. To Provider's knowledge, the SaaS does not infringe or misappropriate any third party's Intellectual Property rights;

(f) Compliance with Law. Provider shall comply with all applicable federal, state, and local laws and regulations in its performance under this Agreement, including Maryland law; and

(g) Security. Provider shall maintain security safeguards that are no less protective than those described in Section 7.

10.2 Customer Warranties. Customer represents and warrants that: (a) it has the full power and authority to enter into this Agreement; (b) it has all necessary rights, consents, and authorizations to submit Customer Data to the SaaS; (c) Customer Data and Customer's use of the SaaS shall not violate any applicable law or third-party rights; and (d) it shall comply with all applicable Maryland and federal laws in its use of the SaaS.

10.3 Disclaimer of Implied Warranties. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS SECTION 10, AND TO THE MAXIMUM EXTENT PERMITTED BY MARYLAND LAW, INCLUDING THE MARYLAND UNIFORM COMMERCIAL CODE (Md. Code Ann., Com. Law § 2-316), THE SAAS IS PROVIDED "AS IS" AND "AS AVAILABLE." PROVIDER DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE.

10.4 Consumer Protection Carve-Out. Nothing in this Agreement shall be construed to limit or waive any rights that Customer may have under the Maryland Consumer Protection Act (Md. Code Ann., Com. Law § 13-301 et seq.), including protections against unfair, abusive, or deceptive trade practices. Any provision of this Agreement that would constitute an unfair or deceptive trade practice under Maryland law shall be deemed modified to the extent necessary to comply with the Act.

11. INDEMNIFICATION

11.1 Provider IP Indemnity. Provider shall defend, indemnify, and hold harmless Customer and its Affiliates, officers, directors, employees, and agents (collectively, "Customer Indemnitees") from and against any third-party claim, action, or proceeding alleging that Customer's authorized use of the SaaS infringes or misappropriates such third party's patent, copyright, trademark, or trade secret rights ("IP Claim"), and shall pay all damages, costs, and expenses (including reasonable attorneys' fees) finally awarded or agreed in settlement. Provider's obligations under this Section do not apply to any IP Claim arising from: (a) Customer Data; (b) Customer's modification of the SaaS; (c) Customer's use of the SaaS in combination with any third-party product, service, or data not provided or approved by Provider; (d) Customer's use of the SaaS in violation of this Agreement; or (e) use of a non-current version of the SaaS if the infringement would have been avoided by use of the current version.

11.2 Provider Remedies for IP Claims. If the SaaS becomes, or in Provider's reasonable opinion is likely to become, the subject of an IP Claim, Provider may, at its option and expense: (a) procure for Customer the right to continue using the SaaS; (b) modify the SaaS to make it non-infringing without material loss of functionality; or (c) replace the SaaS with a functionally equivalent non-infringing alternative. If none of the foregoing remedies are commercially practicable, Provider may terminate the affected Order Form and refund Customer any prepaid Fees for the unused portion of the Subscription Term.

11.3 Customer Indemnity. Customer shall defend, indemnify, and hold harmless Provider and its Affiliates, officers, directors, employees, and agents (collectively, "Provider Indemnitees") from and against any third-party claim, action, or proceeding arising from: (a) Customer Data or Customer's use of the SaaS; (b) Customer's violation of the AUP; (c) Customer's breach of its representations and warranties under this Agreement; or (d) Customer's violation of applicable law.

11.4 Indemnification Procedure. The indemnified Party shall: (a) give the indemnifying Party prompt written notice of the claim (failure to provide timely notice shall not relieve the indemnifying Party's obligations except to the extent materially prejudiced); (b) grant the indemnifying Party sole control of the defense and settlement of the claim; and (c) provide reasonable cooperation at the indemnifying Party's expense. The indemnifying Party shall not settle any claim in a manner that imposes liability or obligations on the indemnified Party without the indemnified Party's prior written consent, which shall not be unreasonably withheld.

11.5 Limitations on Indemnity. The indemnification obligations set forth in this Section 11 are subject to the limitations of liability in Section 12, except that IP indemnity obligations shall not be subject to the liability cap in Section 12.1.

12. LIMITATIONS OF LIABILITY

12.1 Liability Cap. EXCEPT FOR THE CARVE-OUTS SET FORTH IN SECTION 12.3, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER DURING THE [____]-MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

12.2 Consequential Damages Exclusion. EXCEPT FOR THE CARVE-OUTS SET FORTH IN SECTION 12.3, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS OPPORTUNITY, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY (WHETHER IN CONTRACT, TORT, STRICT LIABILITY, OR OTHERWISE), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

12.3 Carve-Outs. The limitations in Sections 12.1 and 12.2 shall not apply to: (a) Provider's IP indemnity obligations under Section 11.1; (b) either Party's breach of confidentiality obligations under Section 9 (except for breaches arising from an unauthorized data breach despite compliance with security obligations); (c) either Party's willful misconduct or fraud; (d) Customer's payment obligations under Section 6; (e) Customer's indemnity obligations under Section 11.3; and (f) liability that cannot be limited under applicable Maryland law.

12.4 Maryland Law Limitations. THE LIMITATIONS SET FORTH IN THIS SECTION 12 SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY MARYLAND LAW. NOTHING IN THIS SECTION SHALL LIMIT LIABILITY FOR BODILY INJURY OR DEATH CAUSED BY NEGLIGENCE, FRAUD, OR FRAUDULENT MISREPRESENTATION. FURTHERMORE, PURSUANT TO MARYLAND COMMON LAW, EXCULPATORY CLAUSES ARE STRICTLY CONSTRUED AND MAY NOT BE ENFORCED IF FOUND TO CONTRAVENE PUBLIC POLICY.

12.5 Essential Purpose. EACH PARTY ACKNOWLEDGES THAT THE LIMITATIONS IN THIS SECTION 12 REFLECT AN INFORMED, VOLUNTARY ALLOCATION OF RISK AND FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES. THE LIMITATIONS SHALL APPLY NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

13. TERM, RENEWAL, AND TERMINATION

13.1 Initial Term. This Agreement commences on the Effective Date and continues for the initial Subscription Term specified in the Order Form (the "Initial Term"), unless earlier terminated in accordance with this Section 13.

13.2 Auto-Renewal. Unless either Party provides written notice of non-renewal at least [____] days prior to the expiration of the then-current term, this Agreement and each Order Form shall automatically renew for successive renewal periods equal to the Initial Term (each, a "Renewal Term"), subject to any Fee adjustments communicated in accordance with Section 6.7.

13.3 Termination for Convenience. Either Party may terminate this Agreement for convenience by providing at least [____] days' prior written notice to the other Party, effective at the end of the then-current Subscription Term. Early termination by Customer does not entitle Customer to a refund of prepaid Fees.

13.4 Termination for Cause. Either Party may terminate this Agreement upon written notice if:

(a) The other Party commits a material breach of this Agreement and fails to cure such breach within [____] days after receiving written notice specifying the breach in reasonable detail;

(b) The other Party becomes insolvent, files or has filed against it a petition in bankruptcy, makes an assignment for the benefit of creditors, or has a receiver or trustee appointed for a substantial part of its assets; or

(c) A Force Majeure Event prevents the other Party from performing its material obligations for more than [____] consecutive days.

13.5 Suspension Rights. Provider may immediately suspend Customer's access to the SaaS, in whole or in part, if: (a) Customer's use of the SaaS poses a security threat to Provider or its other customers; (b) Customer materially violates the AUP; (c) suspension is required by law or regulation; or (d) Customer fails to pay undisputed Fees after the notice period in Section 6.5. Provider shall use reasonable efforts to limit the scope and duration of any suspension and shall provide prompt written notice.

13.6 Effect of Termination. Upon expiration or termination of this Agreement: (a) all licenses and rights granted to Customer shall immediately terminate; (b) Customer shall cease all use of the SaaS; (c) Customer shall pay all accrued and unpaid Fees through the effective date of termination; (d) each Party shall return or destroy the other Party's Confidential Information in accordance with Section 9.7; and (e) the provisions identified in Section 13.8 shall survive.

13.7 Data Retrieval. Following the effective date of termination, Provider shall make Customer Data available for retrieval by Customer for a period of [____] days in a standard, machine-readable format. After such period, Provider shall delete all Customer Data in accordance with the DPA, except as required by applicable law.

13.8 Survival. The following provisions shall survive expiration or termination of this Agreement: Sections 2 (Definitions), 6 (Fees and Payment, for accrued obligations), 8 (Intellectual Property and Feedback), 9 (Confidentiality), 10.3 (Disclaimer), 11 (Indemnification, for claims arising prior to termination), 12 (Limitations of Liability), 13.6 through 13.8, 16 (Governing Law and Dispute Resolution), and 17 (Miscellaneous).

14. BETA AND FREE TRIALS

14.1 Beta Services. Provider may offer Customer access to features, functionality, or services designated as "beta," "preview," "early access," or similar designations ("Beta Services"). Beta Services are provided for evaluation purposes only.

14.2 Free Trials. Provider may offer Customer a free trial of the SaaS for a period specified by Provider ("Trial Period"). At the end of the Trial Period, Customer's access shall terminate unless Customer purchases a subscription.

14.3 No Warranties for Beta/Trial. BETA SERVICES AND FREE TRIALS ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES, SLA COMMITMENTS, INDEMNIFICATION, OR SUPPORT OBLIGATIONS. PROVIDER SHALL HAVE NO LIABILITY FOR ANY HARM OR DAMAGE ARISING FROM CUSTOMER'S USE OF BETA SERVICES OR FREE TRIALS.

14.4 Termination. Provider may terminate or modify Beta Services or free trials at any time, with or without notice, in its sole discretion.

14.5 Data Handling. Upon termination of a Beta Service or free trial, Customer Data may be deleted. Customer should export any necessary data prior to the end of the evaluation period.

14.6 Feedback. Any Feedback provided regarding Beta Services shall be governed by Section 8.4.

15. COMPLIANCE

15.1 Acceptable Use Policy. Customer shall comply with the AUP (Attachment E). Provider may update the AUP from time to time with reasonable prior notice to Customer. Material changes to the AUP that adversely affect Customer's use of the SaaS shall not take effect until the next renewal period unless required by law.

15.2 Export Controls. The SaaS may be subject to U.S. export control laws, including the Export Administration Regulations (15 C.F.R. Parts 730-774). Customer shall not access or use the SaaS in any country or territory subject to comprehensive U.S. economic sanctions (currently Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine).

15.3 Sanctions. Customer represents and warrants that neither it nor any of its Authorized Users are: (a) listed on any U.S. government sanctions list, including the Specially Designated Nationals (SDN) List maintained by OFAC; or (b) owned or controlled by, or acting on behalf of, any person or entity on such lists.

15.4 Anti-Corruption. Each Party shall comply with all applicable anti-corruption laws, including the U.S. Foreign Corrupt Practices Act (15 U.S.C. §§ 78dd-1 et seq.) and the Maryland Bribery and Corrupt Influence Act (Md. Code Ann., Crim. Law §§ 9-201 to 9-206). Neither Party shall make, offer, or authorize any payment or gift of anything of value to any government official for the purpose of influencing any official act.

15.5 Accessibility. Provider shall use commercially reasonable efforts to ensure the SaaS complies with the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA and applicable requirements of the Americans with Disabilities Act (42 U.S.C. § 12101 et seq.).

15.6 Maryland Regulatory Requirements. To the extent applicable, the Parties shall comply with Maryland-specific regulatory requirements, including but not limited to: (a) the Maryland Online Data Privacy Act of 2024; (b) Maryland tax reporting obligations; and (c) any industry-specific regulations applicable to Customer's use of the SaaS.

16. GOVERNING LAW AND DISPUTE RESOLUTION

16.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Maryland, without regard to its conflict of laws principles. The United Nations Convention on Contracts for the International Sale of Goods shall not apply.

16.2 Venue. Any legal action or proceeding arising out of or related to this Agreement shall be brought exclusively in the state courts of [________________________________] County, Maryland, or the United States District Court for the District of Maryland. Each Party irrevocably consents to the personal jurisdiction and venue of such courts.

16.3 Escalation. Before initiating any formal legal proceeding (other than a request for injunctive or equitable relief), the aggrieved Party shall notify the other Party in writing and the Parties shall attempt to resolve the dispute through good-faith negotiation between senior executives within [____] business days of such notice.

16.4 Mediation. If the dispute is not resolved through executive escalation, either Party may propose non-binding mediation. If both Parties agree, mediation shall be conducted in [________________________________], Maryland, by a mutually agreed mediator, with costs shared equally.

16.5 JURY WAIVER. TO THE FULLEST EXTENT PERMITTED BY MARYLAND LAW, EACH PARTY HEREBY IRREVOCABLY WAIVES ANY RIGHT TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATED TO THIS AGREEMENT.

Maryland Note: Contractual jury waivers are generally enforceable in Maryland when entered into knowingly and voluntarily. See Walther v. Sovereign Bank, 386 Md. 412 (2005) (analyzing knowing and voluntary waiver standard). This waiver is mutual and has been conspicuously presented for review by both Parties.

16.6 Attorneys' Fees. In any action or proceeding to enforce this Agreement, the prevailing Party shall be entitled to recover its reasonable attorneys' fees and costs from the non-prevailing Party, to the extent permitted by Maryland law.

16.7 Injunctive Relief. Each Party acknowledges that a breach of Sections 3.6 (Restrictions), 8 (Intellectual Property), or 9 (Confidentiality) may cause irreparable harm for which monetary damages would be an inadequate remedy. Accordingly, either Party may seek injunctive or other equitable relief from any court of competent jurisdiction without the necessity of posting a bond.

17. MISCELLANEOUS

17.1 Assignment. Neither Party may assign this Agreement or any of its rights or obligations hereunder without the prior written consent of the other Party, except that either Party may assign this Agreement without consent to an Affiliate or in connection with a merger, acquisition, or sale of all or substantially all of its assets, provided the assignee agrees in writing to be bound by the terms of this Agreement.

17.2 Subcontracting. Provider may subcontract its obligations under this Agreement to qualified third parties, provided that Provider remains responsible for the performance of its subcontractors and for their compliance with the terms of this Agreement.

17.3 Notices. All notices under this Agreement shall be in writing and delivered to the addresses specified in the Order Form (or such other address as a Party may designate in writing) by: (a) personal delivery; (b) nationally recognized overnight courier; (c) registered or certified mail, return receipt requested; or (d) email (with confirmation of receipt), and shall be deemed received upon actual receipt.

17.4 Force Majeure. Neither Party shall be liable for any failure or delay in performing its obligations (other than payment obligations) to the extent caused by a Force Majeure Event, provided that the affected Party: (a) gives prompt written notice to the other Party describing the Force Majeure Event and its expected duration; (b) uses commercially reasonable efforts to mitigate the effects of the Force Majeure Event; and (c) resumes performance promptly when the Force Majeure Event ceases. If a Force Majeure Event continues for more than [____] consecutive days, either Party may terminate the affected Order Form upon written notice.

17.5 Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction in Maryland, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, and the remaining provisions shall continue in full force and effect.

17.6 Waiver. No failure or delay by either Party in exercising any right under this Agreement shall constitute a waiver of that right. No waiver shall be effective unless in writing and signed by the waiving Party.

17.7 Entire Agreement. This Agreement, together with all Order Forms, the SLA, Support Policy, DPA, AUP, and any other attachments referenced herein, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, proposals, negotiations, representations, and communications, whether oral or written.

17.8 Amendments. This Agreement may not be modified or amended except by a written instrument signed by authorized representatives of both Parties. No terms or conditions contained in any Customer purchase order, acknowledgment, or other business form shall modify or supplement this Agreement.

17.9 Order of Precedence. In the event of any conflict between the documents comprising this Agreement, the following order of precedence shall apply (highest to lowest): (1) DPA/Security Addendum; (2) Order Form; (3) Main Agreement Terms; (4) SLA/Support Policy; (5) AUP.

17.10 Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument.

17.11 Electronic Signatures. This Agreement may be executed by electronic signature, which shall be deemed valid and enforceable under the Maryland Uniform Electronic Transactions Act (Md. Code Ann., Com. Law §§ 21-101 to 21-120) and the federal Electronic Signatures in Global and National Commerce Act (E-SIGN Act, 15 U.S.C. § 7001 et seq.). A signed copy transmitted by email or other electronic means shall have the same legal effect as an original signed copy.

17.12 Headings. Section headings are for convenience only and shall not affect the interpretation of this Agreement.

17.13 Third-Party Beneficiaries. This Agreement does not confer any rights or remedies on any third party other than the Parties and their permitted successors and assigns and the indemnified parties identified in Section 11.

17.14 Relationship of Parties. The Parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, agency, franchise, or employment relationship between the Parties.

17.15 Publicity. Neither Party shall use the other Party's name, logo, or trademarks in any public announcement, press release, or marketing material without the other Party's prior written consent, except that Provider may include Customer's name in its customer list.

17.16 Government End Users. If Customer is a government entity, the SaaS is provided as a "commercial item" as defined at 48 C.F.R. § 2.101, and the rights granted hereunder are limited to those specified in this Agreement.

18. SIGNATURES

IN WITNESS WHEREOF, the Parties have executed this Agreement as of the Effective Date.

PROVIDER:

CUSTOMER:

☐ Provider has reviewed and agrees to all terms and conditions of this Agreement.
☐ Customer has reviewed and agrees to all terms and conditions of this Agreement.
☐ Both Parties acknowledge the jury waiver provision in Section 16.5.
☐ Both Parties acknowledge the limitation of liability provisions in Section 12.

19. ATTACHMENTS

The following attachments are incorporated into and made a part of this Agreement:

Attachment A: Order Form

Attachment B: Service Level Agreement (SLA)

Attachment C: Support Policy

Attachment D: Data Processing Addendum (DPA) / Security Addendum

Attachment E: Acceptable Use Policy (AUP)

Prohibited Uses. Customer and its Authorized Users shall not use the SaaS to:

☐ Violate any applicable law, regulation, or government order
☐ Infringe or misappropriate any third-party intellectual property rights
☐ Transmit Malware or harmful code
☐ Engage in unauthorized access to systems or data
☐ Send spam, unsolicited communications, or phishing messages
☐ Interfere with the integrity or performance of the SaaS
☐ Conduct vulnerability testing without Provider's prior written consent
☐ Store or process regulated data (e.g., PHI, payment card data) without appropriate addenda
☐ Engage in cryptocurrency mining or other resource-intensive unauthorized activities
☐ Resell, redistribute, or sublicense access to the SaaS

Enforcement. Provider may investigate suspected AUP violations and may suspend or terminate access in accordance with Section 13.5.

This template is provided for informational purposes only and does not constitute legal advice. It must be reviewed and customized by a qualified attorney licensed in Maryland before use.

Sources and References:
- Maryland Personal Information Protection Act: Md. Code Ann., Com. Law §§ 14-3501 to 14-3508
- Maryland Consumer Protection Act: Md. Code Ann., Com. Law §§ 13-101 to 13-501
- Maryland Uniform Trade Secrets Act: Md. Code Ann., Com. Law §§ 11-1201 to 11-1209
- Maryland Uniform Electronic Transactions Act: Md. Code Ann., Com. Law §§ 21-101 to 21-120
- Maryland Interest and Usury: Md. Code Ann., Com. Law §§ 12-101 to 12-114
- Maryland Online Data Privacy Act of 2024 (SB 541, effective October 1, 2025)
- Maryland SaaS Sales Tax: Budget Reconciliation and Financing Act of 2025 (effective July 1, 2025)
- Walther v. Sovereign Bank, 386 Md. 412 (2005) (jury waiver enforceability)