MASTER SUBSCRIPTION AGREEMENT
(the "Agreement")
1. Subscription & Access
1.1 Subscription. Subject to the terms herein, Provider grants Customer a non-exclusive, non-transferable right to access and use the SaaS Services described in the Order Form during the Subscription Term.
1.2 Authorized Users. Customer may permit its employees, contractors, and Affiliates to use the Services, provided they comply with this Agreement. Customer is responsible for their actions.
1.3 Usage Limits. Usage is subject to the limitations specified in the Order Form (e.g., seats, transactions, API calls).
2. Platform Features & AI Functionality
2.1 AI Components. Provider's Services may include artificial intelligence or machine learning features ("AI Features"). Provider shall document AI use cases, data inputs, and outputs in Schedule AI-1.
2.2 Training Data. Provider will not use Customer Data to train generalized AI models without Customer's explicit, written consent. Any permitted training shall follow the safeguards in Section 9 and the AI Annex.
2.3 Explainability & Controls. Provider shall provide documentation describing model logic, limitations, and human oversight options. Customer may disable AI Features where feasible.
2.4 Prohibited Uses. Customer shall not use AI Features for automated decision-making that produces legal or similarly significant effects without compliance with applicable laws.
2.5 AI Compliance. Provider shall comply with applicable AI regulations and shall support Customer's compliance with same.
3. Implementation & Support
3.1 Implementation Services. Provider will deliver implementation, configuration, and onboarding assistance as described in Schedule PS-1.
3.2 Support. Provider shall offer support in accordance with the Support Policy in Schedule SUP-1.
3.3 Service Levels. Provider guarantees uptime, response, and resolution targets stated in Schedule SLA-1. Service credits apply per Section 7.3.
4. Fees & Payment
4.1 Fees. Customer shall pay the fees set forth in the Order Form. Except as expressly stated, fees are non-refundable.
4.2 Invoices. Fees are invoiced [IN ADVANCE/ARREARS] and due within [DAYS] days. Late payments accrue interest at [RATE] or the maximum permitted under Arkansas law (currently 17% per annum under Ark. Const. Art. 19, Section 13, as amended).
4.3 Taxes. Fees exclude taxes; Customer is responsible for applicable taxes other than Provider's income taxes.
4.4 Suspension. Provider may suspend Services for unpaid amounts after [DAYS] days' notice.
5. Proprietary Rights
5.1 Ownership. Provider retains all rights in the Services, Documentation, and underlying technology. Customer retains all rights in Customer Data.
5.2 License to Customer Data. Customer grants Provider a limited license to process Customer Data solely to provide the Services and support obligations.
5.3 Feedback. Provider may use Feedback to improve the Services, provided no Customer Confidential Information is disclosed.
6. Customer Obligations
6.1 Acceptable Use. Customer shall not (a) reverse engineer the Services; (b) bypass security controls; (c) upload malicious code; or (d) use the Services in violation of law.
6.2 Data Accuracy. Customer is responsible for the accuracy, content, and legality of Customer Data.
6.3 Credentials. Customer shall maintain the confidentiality of access credentials and promptly notify Provider of unauthorized use.
7. Warranties & Service Credits
7.1 Performance Warranty. Provider warrants the Services will perform materially as described in the Documentation.
7.2 Malware Warranty. Provider warrants the Services will be free from viruses or malicious code at delivery.
7.3 Service Credits. If uptime falls below the thresholds in Schedule SLA-1, Provider will issue service credits or permit termination for chronic failure.
7.4 Disclaimer. Except as expressly provided, the Services are provided "AS IS." TO THE EXTENT PERMITTED BY ARKANSAS LAW, PROVIDER DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
8. Confidentiality
8.1 Confidential Information. Each Party shall protect the other Party's Confidential Information using reasonable safeguards.
8.2 Exceptions. Confidential Information excludes data that is public, known prior to disclosure, independently developed, or obtained from a third party without breach.
8.3 Compelled Disclosure. A Party may disclose Confidential Information pursuant to law, after giving notice if permitted.
8.4 Return/Destruction. Upon termination, each Party shall return or destroy Confidential Information, except for archival copies subject to ongoing confidentiality obligations.
8.5 Trade Secrets. Arkansas Trade Secrets Act (Ark. Code Ann. Section 4-75-601 et seq.) governs trade secret claims arising hereunder.
9. Data Protection, Security & AI Governance
9.1 Data Processing Agreement. The Parties shall execute the Data Processing Agreement attached as Schedule DPA-1.
9.2 Security Program. Provider maintains administrative, physical, and technical safeguards aligned with recognized frameworks (e.g., ISO 27001, SOC 2).
9.3 AI Governance. Provider shall perform AI impact assessments, monitor model performance, and implement safeguards against bias and hallucinations. Provider will promptly notify Customer of material AI incidents.
9.4 Customer Responsibilities. Customer shall configure the Services consistent with its regulatory obligations and maintain appropriate internal controls.
9.5 Arkansas Data Breach Notification. Provider shall comply with the Arkansas Personal Information Protection Act (Ark. Code Ann. Section 4-110-101 et seq.), including:
- Notifying Customer of any security breach without unreasonable delay;
- Cooperating with Customer's breach response and notification obligations;
- Maintaining records of security incidents as required.
9.6 Regulatory Alignment. The Parties shall cooperate to address mandatory AI and cybersecurity requirements applicable to the Services.
10. Mutual Indemnification
10.1 By Provider. Provider shall indemnify Customer against third-party claims alleging the Services infringe intellectual property rights or arise from Provider's breach of Section 9.
10.2 By Customer. Customer shall indemnify Provider against claims arising from Customer Data or Customer's breach of the Acceptable Use Policy.
10.3 Procedures. The indemnified Party must provide prompt notice, allow the indemnifying Party control of defense, and cooperate reasonably.
11. Limitation of Liability
Except for (a) indemnification obligations; (b) breaches of confidentiality; (c) violation of data protection obligations; or (d) amounts payable under Section 12, each Party's aggregate liability is limited to [MULTIPLE] times the fees paid in the twelve (12) months preceding the claim. Neither Party is liable for indirect, incidental, or consequential damages to the extent permitted by Arkansas law. Liability caps do not apply to gross negligence, willful misconduct, or violations of Arkansas law where limitation is prohibited.
12. Export Control, Sanctions & Compliance
Each Party shall comply with applicable export control, sanctions, anti-corruption, and cybersecurity laws. Customer shall not permit access from embargoed jurisdictions or prohibited parties. Compliance with Arkansas Deceptive Trade Practices Act (Ark. Code Ann. Section 4-88-101 et seq.).
13. Term & Termination
13.1 Term. This Agreement begins on the Effective Date and continues until all Order Forms expire or are terminated.
13.2 Termination for Cause. Either Party may terminate for material breach if not cured within [DAYS] days after written notice.
13.3 Termination for Convenience. Customer may terminate future renewals by giving [DAYS] days' notice prior to the renewal date.
13.4 Effect of Termination. Upon termination, Customer shall cease use of the Services and pay outstanding fees; Provider shall make Customer Data available for export for [DAYS] days.
14. General Provisions
14.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Arkansas, without regard to its conflict of laws principles.
14.2 Venue. Exclusive jurisdiction and venue shall be in the state or federal courts located in [Pulaski County / appropriate county], Arkansas.
14.3 Jury Waiver. TO THE FULLEST EXTENT PERMITTED BY ARKANSAS LAW, EACH PARTY WAIVES ANY RIGHT TO A JURY TRIAL FOR ANY DISPUTE ARISING OUT OF OR RELATING TO THIS AGREEMENT.
14.4 Electronic Signatures. Arkansas Uniform Electronic Transactions Act (Ark. Code Ann. Section 25-32-101 et seq.) governs electronic signatures and records.
14.5 Additional Terms. Include clauses on notices, assignment, subcontracting, force majeure, publicity, and order of precedence.
Schedules & Exhibits
- Schedule OF-1: Order Form Template
- Schedule SLA-1: Service Level Agreement
- Schedule SUP-1: Support Policy
- Schedule PS-1: Professional Services Statement of Work
- Schedule DPA-1: Data Processing Agreement
- Schedule AI-1: AI Feature Description & Controls
- Schedule SEC-1: Security Controls and Compliance Certificates
SIGNATURE BLOCK
☐ Provider has reviewed and agrees to the terms
☐ Customer has reviewed and agrees to the terms
☐ Legal counsel review completed
IN WITNESS WHEREOF, the Parties execute this Agreement as of the Effective Date.
| Provider | Customer |
|---|---|
| By: __________________________ | By: __________________________ |
| Name: [NAME] | Name: [NAME] |
| Title: [TITLE] | Title: [TITLE] |
| Date: [DATE] | Date: [DATE] |