MASTER SUBSCRIPTION AGREEMENT
(the “Agreement”)
1. Subscription & Access
1.1 Subscription. Subject to the terms herein, Provider grants Customer a non-exclusive, non-transferable right to access and use the SaaS Services described in the Order Form during the Subscription Term.
1.2 Authorized Users. Customer may permit its employees, contractors, and Affiliates to use the Services, provided they comply with this Agreement. Customer is responsible for their actions.
1.3 Usage Limits. Usage is subject to the limitations specified in the Order Form (e.g., seats, transactions, API calls).
2. Platform Features & AI Functionality
2.1 AI Components. Provider’s Services may include artificial intelligence or machine learning features (“AI Features”). Provider shall document AI use cases, data inputs, and outputs in Schedule AI-1.
2.2 Training Data. Provider will not use Customer Data to train generalized AI models without Customer’s explicit, written consent. Any permitted training shall follow the safeguards in Section 9 and the AI Annex.
2.3 Explainability & Controls. Provider shall provide documentation describing model logic, limitations, and human oversight options. Customer may disable AI Features where feasible.
2.4 Prohibited Uses. Customer shall not use AI Features for automated decision-making that produces legal or similarly significant effects without compliance with applicable laws.
3. Implementation & Support
3.1 Implementation Services. Provider will deliver implementation, configuration, and onboarding assistance as described in Schedule PS-1.
3.2 Support. Provider shall offer support in accordance with the Support Policy in Schedule SUP-1.
3.3 Service Levels. Provider guarantees uptime, response, and resolution targets stated in Schedule SLA-1. Service credits apply per Section 7.3.
4. Fees & Payment
4.1 Fees. Customer shall pay the fees set forth in the Order Form. Except as expressly stated, fees are non-refundable.
4.2 Invoices. Fees are invoiced [IN ADVANCE/ARREARS] and due within [DAYS] days. Late payments accrue interest at [RATE].
4.3 Taxes. Fees exclude taxes; Customer is responsible for applicable taxes other than Provider’s income taxes.
4.4 Suspension. Provider may suspend Services for unpaid amounts after [DAYS] days’ notice.
5. Proprietary Rights
5.1 Ownership. Provider retains all rights in the Services, Documentation, and underlying technology. Customer retains all rights in Customer Data.
5.2 License to Customer Data. Customer grants Provider a limited license to process Customer Data solely to provide the Services and support obligations.
5.3 Feedback. Provider may use Feedback to improve the Services, provided no Customer Confidential Information is disclosed.
6. Customer Obligations
6.1 Acceptable Use. Customer shall not (a) reverse engineer the Services; (b) bypass security controls; (c) upload malicious code; or (d) use the Services in violation of law.
6.2 Data Accuracy. Customer is responsible for the accuracy, content, and legality of Customer Data.
6.3 Credentials. Customer shall maintain the confidentiality of access credentials and promptly notify Provider of unauthorized use.
7. Warranties & Service Credits
7.1 Performance Warranty. Provider warrants the Services will perform materially as described in the Documentation.
7.2 Malware Warranty. Provider warrants the Services will be free from viruses or malicious code at delivery.
7.3 Service Credits. If uptime falls below the thresholds in Schedule SLA-1, Provider will issue service credits or permit termination for chronic failure.
7.4 Disclaimer. Except as expressly provided, the Services are provided “AS IS.” Provider disclaims implied warranties to the extent permitted by law.
8. Confidentiality
8.1 Confidential Information. Each Party shall protect the other Party’s Confidential Information using reasonable safeguards.
8.2 Exceptions. Confidential Information excludes data that is public, known prior to disclosure, independently developed, or obtained from a third party without breach.
8.3 Compelled Disclosure. A Party may disclose Confidential Information pursuant to law, after giving notice if permitted.
8.4 Return/Destruction. Upon termination, each Party shall return or destroy Confidential Information, except for archival copies subject to ongoing confidentiality obligations.
9. Data Protection, Security & AI Governance
9.1 Data Processing Agreement. The Parties shall execute the Data Processing Agreement attached as Schedule DPA-1.
9.2 Security Program. Provider maintains administrative, physical, and technical safeguards aligned with recognized frameworks (e.g., ISO 27001, SOC 2).
9.3 AI Governance. Provider shall perform AI impact assessments, monitor model performance, and implement safeguards against bias and hallucinations. Provider will promptly notify Customer of material AI incidents.
9.4 Customer Responsibilities. Customer shall configure the Services consistent with its regulatory obligations and maintain appropriate internal controls.
9.5 Regulatory Alignment. The Parties shall cooperate to address mandatory AI and cybersecurity requirements, including EU AI Act obligations already in force and national NIS2 implementing laws applicable to the Services.
10. Mutual Indemnification
10.1 By Provider. Provider shall indemnify Customer against third-party claims alleging the Services infringe intellectual property rights or arise from Provider’s breach of Section 9.
10.2 By Customer. Customer shall indemnify Provider against claims arising from Customer Data or Customer’s breach of the Acceptable Use Policy.
10.3 Procedures. The indemnified Party must provide prompt notice, allow the indemnifying Party control of defense, and cooperate reasonably.
11. Limitation of Liability
Except for (a) indemnification obligations; (b) breaches of confidentiality; (c) violation of data protection obligations; or (d) amounts payable under Section 12, each Party’s aggregate liability is limited to [MULTIPLE] times the fees paid in the twelve (12) months preceding the claim. Neither Party is liable for indirect, incidental, or consequential damages to the extent permitted by law.
12. Export Control, Sanctions & Compliance
Each Party shall comply with applicable export control, sanctions, anti-corruption, and cybersecurity laws. Customer shall not permit access from embargoed jurisdictions or prohibited parties.
13. Term & Termination
13.1 Term. This Agreement begins on the Effective Date and continues until all Order Forms expire or are terminated.
13.2 Termination for Cause. Either Party may terminate for material breach if not cured within [DAYS] days after written notice.
13.3 Termination for Convenience. Customer may terminate future renewals by giving [DAYS] days’ notice prior to the renewal date.
13.4 Effect of Termination. Upon termination, Customer shall cease use of the Services and pay outstanding fees; Provider shall make Customer Data available for export for [DAYS] days.
14. General Provisions
Include clauses on notices, assignment, subcontracting, force majeure, publicity, governing law, venue, and order of precedence.
Schedules & Exhibits
- Schedule OF-1: Order Form Template
- Schedule SLA-1: Service Level Agreement
- Schedule SUP-1: Support Policy
- Schedule PS-1: Professional Services Statement of Work
- Schedule DPA-1: Data Processing Agreement
- Schedule AI-1: AI Feature Description & Controls
- Schedule SEC-1: Security Controls and Compliance Certificates
IN WITNESS WHEREOF, the Parties execute this Agreement as of the Effective Date.
| Provider | Customer |
|---|---|
| By: ________ | By: ________ |
| Name: [NAME] | Name: [NAME] |
| Title: [TITLE] | Title: [TITLE] |
| Date: [DATE] | Date: [DATE] |
[// GUIDANCE: Maintain version control and update AI governance commitments as regulations evolve.]