Support Policy (Enterprise SaaS) — California

ENTERPRISE SAAS SUPPORT POLICY

CALIFORNIA-SPECIFIC EDITION

Support Policy Reference Number: [________________________________]

Effective Date: [__/__/____]

Last Revised: [__/__/____]

This Enterprise SaaS Support Policy ("Support Policy" or "Policy") is incorporated into and forms part of the Master SaaS Agreement or equivalent subscription agreement ("Master Agreement") between the parties identified below. Capitalized terms not defined herein shall have the meanings set forth in the Master Agreement.

Provider: [________________________________] ("Provider")

• Address: [________________________________]
• State of Organization: [________________________________]

Customer: [________________________________] ("Customer")

• Address: [________________________________]
• State of Organization: [________________________________]

Master Agreement Date: [__/__/____]

Master Agreement Reference: [________________________________]

TABLE OF CONTENTS

1. Definitions
2. Scope of Support
3. Support Tiers and Pricing
4. Support Hours and Channels
5. Named Support Contacts
6. Severity Definitions
7. Response and Resolution Targets
8. Escalation Matrix
9. Customer Obligations
10. Exclusions
11. Status Updates and Communication
12. Maintenance Windows
13. Version Support and End-of-Life
14. Service Credits
15. Support Performance Reporting
16. Security Incident Support
17. Changes to Support Policy
18. Order of Precedence
19. California-Specific Legal Provisions
20. Electronic Signatures
21. Signature Blocks
22. Exhibit A: Support Contact Information
23. Exhibit B: Supported Configurations

1. DEFINITIONS

1.1 "Authorized Contact" means an individual designated by Customer authorized to submit support requests, access the Support Portal, and communicate with Provider's support personnel.

1.2 "Business Day" means Monday through Friday, excluding federal holidays and California state holidays, including but not limited to Cesar Chavez Day (March 31).

1.3 "Business Hours" means 8:00 AM to 6:00 PM Pacific Time (PT) on Business Days, unless otherwise specified by Support Tier.

1.4 "Customer Environment" means Customer's hardware, software, network infrastructure, configurations, third-party integrations, and operating conditions.

1.5 "Defect" means a reproducible failure of the SaaS Service to perform materially in accordance with the Documentation.

1.6 "Enhancement" means a request for new functionality not in the Documentation.

1.7 "Error" means a verifiable and reproducible failure to conform to Documentation specifications.

1.8 "Fix" means a permanent code change resolving a Defect or Error in a generally available release.

1.9 "Hot Fix" means an emergency code change deployed outside the standard release cycle for Severity 1 or Severity 2 Incidents.

1.10 "Incident" means any event causing or potentially causing an interruption or reduction in SaaS Service quality.

1.11 "Maintenance Window" means a designated period for scheduled maintenance, updates, patches, or upgrades.

1.12 "Named Support Contact" means an individual designated in Exhibit A as Customer's primary liaison with Provider's support organization.

1.13 "Production Environment" means the live, operational SaaS Service instance for actual business operations.

1.14 "Resolution" means Incident resolution through a Fix, Hot Fix, Workaround, or corrective action.

1.15 "Root Cause Analysis" ("RCA") means a structured investigation with written report covering timeline, factors, corrections, and prevention.

1.16 "Service Credit" means a credit against future fees per Section 14.

1.17 "Service Level" means a measurable performance standard per Section 7 and the Master Agreement.

1.18 "Severity Level" means Incident classification per Section 6.

1.19 "Support Portal" means Provider's web-based system at [________________________________].

1.20 "Ticket" means a uniquely numbered record tracking a support request.

1.21 "Uptime" means monthly Production Environment availability percentage per the Master Agreement.

1.22 "Workaround" means a temporary method circumventing a Defect or Error without a permanent Fix.

2. SCOPE OF SUPPORT

2.1 Included Support Services

(a) Break/Fix Support — Diagnosis and resolution of Errors, Defects, and Incidents.

(b) Configuration Assistance — Guidance within documented parameters.

(c) Standard Integration Support — Provider-documented integrations and published APIs.

(d) Software Updates — Patches, minor and major releases.

(e) Knowledge Base Access — Self-service articles, guides, FAQs.

(f) Health Checks — Periodic reviews for Premium and Enterprise customers.

2.2 Excluded Services

(a) Custom development or source code modifications;
(b) On-site support;
(c) Training beyond standard onboarding;
(d) Data migration or conversion;
(e) Third-party items not in Exhibit B;
(f) Customer infrastructure optimization; and
(g) End-of-life version support per Section 13.

3. SUPPORT TIERS AND PRICING

Selected Tier: ☐ Standard | ☐ Premium | ☐ Enterprise

4. SUPPORT HOURS AND CHANNELS

4.1 Support Hours by Tier

4.2 Support Channels

4.3 After-Hours Support

Severity 1/2 outside standard hours: Premium and Enterprise via emergency line at [________________________________]. Standard tier SLA clock begins next Business Day.

4.4 SLA Clock

Begins on Ticket creation with sufficient information. Pauses awaiting Customer input.

5. NAMED SUPPORT CONTACTS

5.1 Allocation

Standard: 2 | Premium: 5 | Enterprise: 10

5.2 Requirements

Complete Provider onboarding; technical triage capability; Workaround approval authority; Business Hours availability.

5.3 Changes

Via Portal or email to [________________________________]. Effective within two (2) Business Days. Onboarding within fifteen (15) calendar days.

6. SEVERITY DEFINITIONS

6.1 Disputes

Escalate to Support Manager within two (2) hours. Unresolved disputes per Section 8.

7. RESPONSE AND RESOLUTION TARGETS

SLA clock pauses for Customer input, third-party fixes, and force majeure.

8. ESCALATION MATRIX

Customer-initiated escalation via Portal or [________________________________].

9. CUSTOMER OBLIGATIONS

9.1 Supported Configurations

Maintain environment per Exhibit B.

9.2 Log Access

Provide logs, screenshots, diagnostics. For Sev 1/2, within one (1) hour.

9.3 Patches

Critical within fourteen (14) days; non-critical within thirty (30) days.

9.4 Contact Availability

One Named Contact during Business Hours; for Sev 1, within thirty (30) minutes outside hours.

9.5 Ticket Quality

Include: description, expected/actual behavior, reproduction steps, business impact, environment, logs/screenshots.

9.6 Environment Changes

Five (5) Business Days' advance notice.

10. EXCLUSIONS

No support obligation for: (a) Customer network/hardware; (b) unsupported third-party items; (c) unauthorized use; (d) unauthorized modifications; (e) missed patches; (f) unsupported configurations; (g) unsupported browsers/OS; (h) force majeure; (i) Customer data issues; (j) EOL versions.

11. STATUS UPDATES AND COMMUNICATION

Updates include: status, actions, next steps, estimated timeline, Customer actions needed.

12. MAINTENANCE WINDOWS

12.1 Scheduled

Standard window: [________________________________] (e.g., Sundays 2:00 AM – 6:00 AM PT). Seventy-two (72) hours' notice.

12.2 Emergency

For critical security or data integrity. Four (4) hours' notice when feasible.

12.3 Uptime Impact

Scheduled maintenance excluded from SLA when properly noticed. Emergency counts unless force majeure or Customer-caused.

12.4 Status Page

[________________________________]

13. VERSION SUPPORT AND END-OF-LIFE

13.1 Supported Versions

Current version plus two (2) prior major versions.

13.2 EOL Notice

One hundred eighty (180) calendar days.

13.3 Post-EOL Patches

Ninety (90) calendar days of critical security patches.

13.4 Migration Assistance

Free for Premium/Enterprise who initiate within notice period.

14. SERVICE CREDITS

14.1 Eligibility

For missed Response Times or Uptime SLA, subject to Section 10 exclusions.

14.2 Response Time Credits

14.3 Uptime Credits

14.4 Cap

100% of affected month's fees. Non-cash, applied to next invoice.

14.5 Claim Process

Written claim within thirty (30) days of month-end. Provider responds within fifteen (15) Business Days.

14.6 Sole Remedy and California Consumer Rights Preservation

Service Credits constitute Customer's sole and exclusive remedy for Service Level failures, except for claims arising from willful misconduct, gross negligence, or breach of confidentiality.

CALIFORNIA CONSUMER RIGHTS NOTICE: This sole remedy provision shall not be construed to limit or waive any rights or remedies available to Customer under the California Consumer Legal Remedies Act (Cal. Civ. Code § 1750 et seq.), the California Unfair Competition Law (Cal. Bus. & Prof. Code § 17200 et seq.), or any other California consumer protection statute where Customer qualifies as a consumer. Any provision that purports to waive rights under these statutes is void and unenforceable under California law (Cal. Civ. Code § 1751).

15. SUPPORT PERFORMANCE REPORTING

15.1 Monthly Reports

Within ten (10) Business Days: Tickets by Severity, Response/Resolution vs. targets, escalations, Uptime, Sev 1/2 summaries, Service Credits.

15.2 Reviews

Quarterly for Premium; monthly for Enterprise.

15.3 KPIs

First Response Time, MTTR, CSAT, Reopen Rate, Escalation Rate, Uptime.

16. SECURITY INCIDENT SUPPORT

16.1 Classification

Security Incidents default to Severity 1.

16.2 Elevated Support

(a) Dedicated coordinator within 15 min; (b) updates every 30 min; (c) coordination with Customer security; (d) interim report within 24 hrs; (e) full RCA within 5 Business Days.

16.3 California Data Breach Notification Compliance

Per Cal. Civ. Code § 1798.82 (as amended by SB 446, effective January 1, 2026):

(a) Notification Deadline. Provider shall cooperate with Customer to ensure notification to affected California residents within thirty (30) calendar days of discovery of a data breach.

(b) Attorney General Notification. If the breach affects more than five hundred (500) California residents, notice to the California Attorney General must be provided within fifteen (15) calendar days after notifying affected residents.

(c) Content Requirements. Notification must be clearly and conspicuously titled "Notice of Data Breach," formatted in 10-point font or larger, written in plain language, and organized under specific headings as required by statute.

(d) Triggers. Disclosure is required when unencrypted personal information is acquired by an unauthorized person, or when encrypted data is acquired along with the encryption key or security credential.

(e) Law Enforcement Delay. The 30-day deadline may be extended if law enforcement determines that notification will impede a criminal investigation, or as necessary to determine scope and restore system integrity.

(f) Provider Obligations. Provider shall maintain incident documentation, provide forensic data, and cooperate fully with Customer's compliance with California breach notification requirements.

16.4 California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA)

Provider acknowledges the following CCPA/CPRA requirements applicable to support operations:

(a) Data Processing. If Provider processes personal information on behalf of Customer, Provider shall act as a "service provider" as defined in Cal. Civ. Code § 1798.140(ag) and shall process personal information only as necessary to perform the SaaS Service and support obligations.

(b) Consumer Rights. Provider shall assist Customer in responding to consumer rights requests (access, deletion, correction, portability) that relate to data processed or stored by the SaaS Service.

(c) No Waiver. Any provision purporting to waive or limit rights under the CCPA/CPRA is void and unenforceable (Cal. Civ. Code § 1798.192).

(d) Penalties. Violations of CCPA/CPRA may result in penalties up to $2,663 per negligent violation and $7,988 per intentional violation (as adjusted).

16.5 Coordination

Provider's security support integrates with Customer's incident response plan. Security contact in Exhibit A.

17. CHANGES TO SUPPORT POLICY

17.1 Notice

Sixty (60) days for material changes; thirty (30) days for non-material.

17.2 Material Reduction Protections

Customer may accept or require prior version through current term.

17.3 Non-Diminishment

No reductions below Effective Date levels without consent.

18. ORDER OF PRECEDENCE

This Policy is subject to the Master Agreement. Support metrics/procedures in this Policy control; otherwise the Master Agreement governs. Order Forms with differing support terms control if they reference this Policy.

19. CALIFORNIA-SPECIFIC LEGAL PROVISIONS

19.1 Governing Law

This Policy is governed by California law, without regard to conflict of laws principles.

19.2 Venue and Jurisdiction

Exclusive jurisdiction in state and federal courts in [________________________________] County, California (e.g., San Francisco County, Los Angeles County, Santa Clara County, San Diego County).

19.3 Unfair Competition Law (UCL)

The California Unfair Competition Law (Cal. Bus. & Prof. Code § 17200 et seq.) prohibits any "unlawful, unfair, or fraudulent business act or practice." The UCL is construed broadly. Provider represents that all Service Levels and commitments herein are truthful and not deceptive. The UCL provides for injunctive relief and restitution; it does not provide for damages.

19.4 Consumer Legal Remedies Act (CLRA)

The California Consumer Legal Remedies Act (Cal. Civ. Code § 1750 et seq.) prohibits specific unfair or deceptive practices in transactions intended to result in the sale or lease of goods or services to consumers. Any waiver of CLRA rights by a consumer is contrary to public policy and void (Cal. Civ. Code § 1751). To the extent Customer is a "consumer" under the CLRA, the protections of the Act are preserved.

19.5 Song-Beverly Consumer Warranty Act

The Song-Beverly Consumer Warranty Act (Cal. Civ. Code § 1790 et seq.) provides express and implied warranty protections for consumer goods. Cal. Civ. Code § 1791.1 defines the implied warranty of merchantability to require that goods pass without objection, are fit for ordinary purposes, are adequately packaged, and conform to label promises. To the extent the SaaS Service is treated as a "good" under California law, these protections may apply. This Policy does not disclaim any implied warranties; any disclaimer is in the Master Agreement and must comply with applicable California warranty law.

19.6 Jury Waiver

TO THE FULLEST EXTENT PERMITTED BY CALIFORNIA LAW, EACH PARTY WAIVES ANY RIGHT TO TRIAL BY JURY.

CALIFORNIA PRACTICE NOTE: California courts scrutinize jury waiver provisions and may not enforce them in all circumstances. Under Cal. Const. Art. I, § 16, the right to a jury trial is inviolate, and courts may examine whether a pre-dispute jury waiver was knowing and voluntary. Parties should consult California counsel regarding enforceability.

19.7 Cure Period

Thirty (30) calendar days to cure material breach after written notice, except for Sev 1 failures unresolved beyond twice the Resolution Target.

19.8 Statute of Limitations

Written contract claims: four (4) years (Cal. Code Civ. Proc. § 337). UCL claims: four (4) years (Cal. Bus. & Prof. Code § 17208). CLRA claims: three (3) years (Cal. Civ. Code § 1783).

20. ELECTRONIC SIGNATURES

This Policy may be executed electronically per the California Uniform Electronic Transactions Act (Cal. Civ. Code § 1633.1 et seq.) and the federal E-SIGN Act (15 U.S.C. § 7001 et seq.). Electronic signatures have the same legal effect as manual signatures.

21. SIGNATURE BLOCKS

IN WITNESS WHEREOF, the parties execute this Policy as of the Effective Date.

PROVIDER:

Signature: [________________________________]

Printed Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

CUSTOMER:

Signature: [________________________________]

Printed Name: [________________________________]

Title: [________________________________]

Date: [__/__/____]

EXHIBIT A: SUPPORT CONTACT INFORMATION

Provider Support Contacts

Customer Named Support Contacts

Security Incident Contact

EXHIBIT B: SUPPORTED CONFIGURATIONS

Browsers

Operating Systems

Network

Third-Party Integrations

SOURCES AND REFERENCES

1. California Consumer Privacy Act / CPRA — Cal. Civ. Code § 1798.100 et seq.
   https://oag.ca.gov/privacy/ccpa

2. California Data Breach Notification — Cal. Civ. Code § 1798.82
   https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.82

3. California Unfair Competition Law — Cal. Bus. & Prof. Code § 17200 et seq.
   https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=BPC&sectionNum=17200

4. California Consumer Legal Remedies Act — Cal. Civ. Code § 1750 et seq.
   https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=1.5.&part=4.&chapter=&article=

5. California Song-Beverly Consumer Warranty Act — Cal. Civ. Code § 1790 et seq.
   https://law.justia.com/codes/california/code-civ/division-3/part-4/title-1-7/

6. California UETA — Cal. Civ. Code § 1633.1 et seq.
   https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=CIV&division=3.&title=2.5.

7. California Attorney General — Data Breach Reporting
   https://oag.ca.gov/privacy/databreach/reporting

This template is provided for informational purposes only and does not constitute legal advice. It must be reviewed and customized by a qualified attorney licensed in California before use. Laws change frequently; verify all citations. This template is designed for the ezel.ai platform.