MASTER SUBSCRIPTION AGREEMENT
(the "Agreement")
1. Subscription & Access
1.1 Subscription. Subject to the terms herein, Provider grants Customer a non-exclusive, non-transferable right to access and use the SaaS Services described in the Order Form during the Subscription Term.
1.2 Authorized Users. Customer may permit its employees, contractors, and Affiliates to use the Services, provided they comply with this Agreement. Customer is responsible for their actions.
1.3 Usage Limits. Usage is subject to the limitations specified in the Order Form (e.g., seats, transactions, API calls).
2. Platform Features & AI Functionality
2.1 AI Components. Provider's Services may include artificial intelligence or machine learning features ("AI Features"). Provider shall document AI use cases, data inputs, and outputs in Schedule AI-1.
2.2 Training Data. Provider will not use Customer Data to train generalized AI models without Customer's explicit, written consent. Any permitted training shall follow the safeguards in Section 9 and the AI Annex.
2.3 Explainability & Controls. Provider shall provide documentation describing model logic, limitations, and human oversight options. Customer may disable AI Features where feasible.
2.4 Prohibited Uses. Customer shall not use AI Features for automated decision-making that produces legal or similarly significant effects without compliance with applicable laws.
2.5 Texas AI Compliance. Provider shall comply with applicable Texas AI regulations as they develop and shall support Customer's compliance with the Texas Data Privacy and Security Act (TDPSA) requirements regarding profiling and automated decision-making.
3. Implementation & Support
3.1 Implementation Services. Provider will deliver implementation, configuration, and onboarding assistance as described in Schedule PS-1.
3.2 Support. Provider shall offer support in accordance with the Support Policy in Schedule SUP-1.
3.3 Service Levels. Provider guarantees uptime, response, and resolution targets stated in Schedule SLA-1. Service credits apply per Section 7.3.
4. Fees & Payment
4.1 Fees. Customer shall pay the fees set forth in the Order Form. Except as expressly stated, fees are non-refundable.
4.2 Invoices. Fees are invoiced [IN ADVANCE/ARREARS] and due within [DAYS] days. Late payments accrue interest at [RATE] or the maximum permitted under Texas Finance Code Chapter 302 and 303 (currently 18% per annum for commercial transactions unless otherwise agreed).
4.3 Taxes. Fees exclude taxes; Customer is responsible for applicable taxes other than Provider's income taxes.
4.4 Suspension. Provider may suspend Services for unpaid amounts after [DAYS] days' notice.
5. Proprietary Rights
5.1 Ownership. Provider retains all rights in the Services, Documentation, and underlying technology. Customer retains all rights in Customer Data.
5.2 License to Customer Data. Customer grants Provider a limited license to process Customer Data solely to provide the Services and support obligations.
5.3 Feedback. Provider may use Feedback to improve the Services, provided no Customer Confidential Information is disclosed.
6. Customer Obligations
6.1 Acceptable Use. Customer shall not (a) reverse engineer the Services; (b) bypass security controls; (c) upload malicious code; or (d) use the Services in violation of law.
6.2 Data Accuracy. Customer is responsible for the accuracy, content, and legality of Customer Data.
6.3 Credentials. Customer shall maintain the confidentiality of access credentials and promptly notify Provider of unauthorized use.
7. Warranties & Service Credits
7.1 Performance Warranty. Provider warrants the Services will perform materially as described in the Documentation.
7.2 Malware Warranty. Provider warrants the Services will be free from viruses or malicious code at delivery.
7.3 Service Credits. If uptime falls below the thresholds in Schedule SLA-1, Provider will issue service credits or permit termination for chronic failure.
7.4 Disclaimer. Except as expressly provided, the Services are provided "AS IS." TO THE EXTENT PERMITTED BY TEXAS LAW, PROVIDER DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THE LIMITATIONS AND EXCLUSIONS IN THIS AGREEMENT ARE CONSPICUOUS AS REQUIRED BY TEX. BUS. & COM. CODE SECTION 2.316.
8. Confidentiality
8.1 Confidential Information. Each Party shall protect the other Party's Confidential Information using reasonable safeguards.
8.2 Exceptions. Confidential Information excludes data that is public, known prior to disclosure, independently developed, or obtained from a third party without breach.
8.3 Compelled Disclosure. A Party may disclose Confidential Information pursuant to law, after giving notice if permitted.
8.4 Return/Destruction. Upon termination, each Party shall return or destroy Confidential Information, except for archival copies subject to ongoing confidentiality obligations.
8.5 Trade Secrets. Trade secret claims governed by Texas Uniform Trade Secrets Act (Tex. Civ. Prac. & Rem. Code Chapter 134A) and the federal Defend Trade Secrets Act.
9. Data Protection, Security & AI Governance
9.1 Data Processing Agreement. The Parties shall execute the Data Processing Agreement attached as Schedule DPA-1.
9.2 Security Program. Provider maintains administrative, physical, and technical safeguards aligned with recognized frameworks (e.g., ISO 27001, SOC 2).
9.3 AI Governance. Provider shall perform AI impact assessments, monitor model performance, and implement safeguards against bias and hallucinations. Provider will promptly notify Customer of material AI incidents.
9.4 Customer Responsibilities. Customer shall configure the Services consistent with its regulatory obligations and maintain appropriate internal controls.
9.5 Texas Privacy and Security Compliance. Provider shall comply with:
- Texas Business & Commerce Code Chapter 521 (Identity Theft Enforcement and Protection Act) data security and breach notification requirements;
- Texas Data Privacy and Security Act (TDPSA), including consumer rights, data protection assessments, and profiling disclosure requirements where applicable;
- Implementing and maintaining reasonable procedures to protect sensitive personal information.
9.6 TDPSA AI Provisions. Where AI Features involve profiling as defined under TDPSA, Provider shall:
- Support Customer's obligation to provide consumers the right to opt out of profiling;
- Conduct data protection assessments for processing activities presenting heightened risk of harm;
- Provide transparency regarding the logic involved in profiling decisions.
9.7 Regulatory Alignment. The Parties shall cooperate to address mandatory AI and cybersecurity requirements, including EU AI Act obligations already in force, national NIS2 implementing laws applicable to the Services, and Texas-specific data protection requirements.
10. Mutual Indemnification
10.1 By Provider. Provider shall indemnify Customer against third-party claims alleging the Services infringe intellectual property rights or arise from Provider's breach of Section 9.
10.2 By Customer. Customer shall indemnify Provider against claims arising from Customer Data or Customer's breach of the Acceptable Use Policy.
10.3 Procedures. The indemnified Party must provide prompt notice, allow the indemnifying Party control of defense, and cooperate reasonably.
10.4 Express Negligence. THE INDEMNIFICATION OBLIGATIONS IN THIS SECTION ARE INTENDED TO APPLY EVEN IF THE LOSSES ARISE IN WHOLE OR IN PART FROM THE NEGLIGENCE OF THE INDEMNIFIED PARTY.
11. Limitation of Liability
Except for (a) indemnification obligations; (b) breaches of confidentiality; (c) violation of data protection obligations; or (d) amounts payable under Section 12, each Party's aggregate liability is limited to [MULTIPLE] times the fees paid in the twelve (12) months preceding the claim. Neither Party is liable for indirect, incidental, or consequential damages to the extent permitted by Texas law. Liability caps do not apply to gross negligence, willful misconduct, fraud, or violations of Texas law where limitation is prohibited. THE LIMITATIONS IN THIS SECTION REPRESENT THE ALLOCATION OF RISK BETWEEN THE PARTIES AND SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE.
12. Export Control, Sanctions & Compliance
Each Party shall comply with applicable export control, sanctions, anti-corruption, and cybersecurity laws. Customer shall not permit access from embargoed jurisdictions or prohibited parties. Compliance with Texas Government Code Chapter 2252 (government contracting requirements) where applicable.
13. Term & Termination
13.1 Term. This Agreement begins on the Effective Date and continues until all Order Forms expire or are terminated.
13.2 Termination for Cause. Either Party may terminate for material breach if not cured within [DAYS] days after written notice.
13.3 Termination for Convenience. Customer may terminate future renewals by giving [DAYS] days' notice prior to the renewal date.
13.4 Effect of Termination. Upon termination, Customer shall cease use of the Services and pay outstanding fees; Provider shall make Customer Data available for export for [DAYS] days.
14. General Provisions
14.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of laws principles.
14.2 Venue. Exclusive jurisdiction and venue shall be in the state or federal courts located in [Travis / Harris / Dallas / Bexar] County, Texas.
14.3 Jury Waiver. TO THE FULLEST EXTENT PERMITTED BY TEXAS LAW, EACH PARTY KNOWINGLY, VOLUNTARILY, AND INTENTIONALLY WAIVES ANY RIGHT TO A JURY TRIAL FOR ANY DISPUTE ARISING OUT OF OR RELATING TO THIS AGREEMENT.
14.4 Additional Terms. Include clauses on notices, assignment, subcontracting, force majeure, publicity, and order of precedence. Entire agreement; this Agreement supersedes all prior negotiations, representations, or agreements relating to its subject matter.
Schedules & Exhibits
- Schedule OF-1: Order Form Template
- Schedule SLA-1: Service Level Agreement
- Schedule SUP-1: Support Policy
- Schedule PS-1: Professional Services Statement of Work
- Schedule DPA-1: Data Processing Agreement
- Schedule AI-1: AI Feature Description & Controls
- Schedule SEC-1: Security Controls and Compliance Certificates
IN WITNESS WHEREOF, the Parties execute this Agreement as of the Effective Date.
| Provider | Customer |
|---|---|
| By: __________________________ | By: __________________________ |
| Name: [NAME] | Name: [NAME] |
| Title: [TITLE] | Title: [TITLE] |
| Date: [DATE] | Date: [DATE] |