Master Service Agreement

1. Definitions

Capitalized terms used in this Agreement have the meanings set forth below or as defined elsewhere in this Agreement:

• "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership of more than fifty percent (50%) of the voting securities or equivalent ownership interest.
• "Authorized Users" means the individuals designated by Customer who are authorized to access and use the Services under Customer's account, subject to the user limits specified in the Order Form.
• "Confidential Information" means any non-public information disclosed by either party ("Disclosing Party") to the other ("Receiving Party"), whether orally, in writing, or electronically, that is designated as confidential or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure. Confidential Information includes, without limitation, source code, algorithms, business plans, customer lists, pricing, financial data, technical specifications, and security architecture.
• "Customer Data" means all data, content, and information submitted, uploaded, or transmitted by or on behalf of Customer through the Services, including infrastructure metadata ingested from connected third-party platforms and any configurations, saved queries, or reports created by Customer within the Services.
• "Documentation" means the user guides, API references, help documentation, technical specifications, and other instructional materials made available by Provider in connection with the Services, as updated from time to time.
• "Effective Date" means the date of the first Order Form executed by both parties, or the date Customer first accesses the Services, whichever is earlier.
• "Fees" means all charges payable by Customer for the Services as specified in the applicable Order Form.
• "Intellectual Property Rights" means all patents, copyrights, trademarks, trade secrets, trade dress, moral rights, rights of publicity, and all other intellectual and industrial property rights, in each case whether registered or unregistered, and all applications, renewals, extensions, and restorations thereof, under the laws of any jurisdiction worldwide.
• "Order Form" means any ordering document, subscription agreement, statement of work, or online purchase flow executed or accepted by Customer that references this Agreement and specifies the Services, subscription tier, user limits, fees, and term.
• "Personal Data" means any information relating to an identified or identifiable natural person, as defined by applicable data protection laws including the GDPR, CCPA/CPRA, and other relevant privacy regulations.
• "Professional Services" means any implementation, configuration, training, consulting, or custom development services provided by Provider as specified in a Statement of Work.
• "SaaS Platform" or "Services" means the Configview cloud-hosted software-as-a-service platform, including the dashboard, APIs, integrations, scheduled data ingestion, query engine, and all related functionality, as described in the Documentation and the applicable Order Form.
• "Self-Hosted Deployment" means a deployment of the Software on infrastructure owned or controlled by Customer, pursuant to a separate self-hosted license addendum.
• "Software" means all proprietary code, algorithms, architectures, interfaces, libraries, data models, scripts, and documentation comprising the Configview platform.
• "Statement of Work" or "SOW" means a document executed by both parties that describes the scope, deliverables, timeline, and fees for Professional Services.
• "Subprocessor" means any third-party vendor engaged by Provider to process data on behalf of Customer in connection with the delivery of the Services.
• "Subscription Term" means the period during which Customer is authorized to access and use the Services, as specified in the applicable Order Form.

2. Scope of Agreement

2.1 Agreement Structure

This MSA establishes the general terms and conditions governing the relationship between Provider and Customer. Specific services, pricing, and terms are defined in one or more Order Forms and/or Statements of Work, each of which is incorporated into and governed by this Agreement.

2.2 Order of Precedence

In the event of a conflict among the documents comprising this Agreement, the following order of precedence shall apply (from highest to lowest priority):

1. The applicable Order Form or Statement of Work (with respect to its specific subject matter);
2. Any addenda or amendments executed by both parties;
3. The Data Processing Addendum (if applicable);
4. This Master Service Agreement; and
5. The Documentation.

2.3 Nature of the Services

Configview provides a SaaS platform that enables organizations to search, query, and correlate infrastructure metadata across cloud providers, identity platforms, device management tools, and communication platforms. The Services are designed for IT operations, security, and compliance use cases. The Services are not designed, intended, or authorized for use in mission-critical applications where failure could result in personal injury, death, or severe physical or environmental damage, including but not limited to medical device systems, life support systems, air traffic control, nuclear facilities, or weapons systems.

3. Provision of Services

3.1 Access and Availability

Subject to the terms of this Agreement and payment of all applicable Fees, Provider shall make the Services available to Customer and its Authorized Users during the Subscription Term. Provider shall use commercially reasonable efforts to maintain the availability of the Services in accordance with the service level commitments described in Section 7.

3.2 Updates and Enhancements

Provider may, in its sole discretion, update, modify, or enhance the Services from time to time. Provider shall use commercially reasonable efforts to ensure that updates do not materially diminish the core functionality of the Services during an active Subscription Term. Material changes will be communicated to Customer with reasonable advance notice.

3.3 Customer Onboarding

Provider shall provide reasonable onboarding assistance to Customer, including access to Documentation and standard configuration guidance. Enhanced onboarding, custom implementation, or dedicated training may be available as Professional Services under a separate Statement of Work.

3.4 Subcontracting

Provider may engage Subprocessors and subcontractors to assist in the delivery of the Services, provided that Provider shall remain fully responsible for the performance of its obligations under this Agreement and for the acts and omissions of its subcontractors. A list of current Subprocessors is available upon request.

4. Customer Obligations

4.1 Cooperation

Customer acknowledges that Provider's ability to deliver the Services depends on Customer's timely cooperation. Customer shall:

• Provide accurate and complete information required for account setup and integration configuration;
• Designate a primary point of contact ("Customer Admin") with authority to make decisions on behalf of Customer regarding the Services;
• Ensure all Authorized Users comply with this Agreement and the Acceptable Use Policy;
• Maintain the security and confidentiality of all account credentials, API keys, and access tokens;
• Promptly notify Provider of any security incident, unauthorized access, or suspected breach involving the Services; and
• Ensure that Customer's use of the Services complies with all applicable laws, regulations, and third-party agreements.

4.2 Third-Party Integrations

Customer is solely responsible for: (a) its relationship with third-party platform providers whose services are integrated with the Configview platform; (b) obtaining all necessary rights, consents, and authorizations to connect third-party platforms and to process data obtained therefrom; (c) the accuracy and security of API credentials provided to the Services; and (d) compliance with the terms of service of each connected third-party platform.

4.3 Authorized Users

Customer shall manage Authorized User access in accordance with the user limits specified in the Order Form. Customer shall promptly revoke access for any individual who is no longer authorized. Customer is liable for any breach of this Agreement by its Authorized Users and shall ensure that each Authorized User is aware of and bound by terms consistent with this Agreement.

5. License, Restrictions, and Intellectual Property

5.1 License Grant to Customer

Subject to Customer's compliance with this Agreement and payment of all applicable Fees, Provider grants Customer a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to access and use the Services during the Subscription Term, solely for Customer's internal business purposes, in accordance with the Documentation and the usage limits specified in the applicable Order Form.

5.2 Restrictions

Customer shall not, and shall not permit any Authorized User or third party to, directly or indirectly:

1. Reverse Engineer, Decompile, or Disassemble: Reverse engineer, decompile, disassemble, decode, decrypt, or otherwise attempt to derive or gain access to the source code, underlying algorithms, data structures, or architecture of the Software or any component thereof, whether by analysis of output, protocol analysis, examination of data structures, or any other means;
2. Modify, Alter, or Create Derivative Works: Modify, adapt, translate, alter, customize, extend, or create derivative works of the Software, Services, Documentation, or any component thereof, without the prior express written consent of Provider;
3. Copy or Reproduce: Copy, reproduce, duplicate, or replicate the Software or any portion thereof, except as expressly authorized in writing by Provider or as strictly necessary for reasonable backup purposes in a Self-Hosted Deployment;
4. Distribute, Sublicense, or Transfer: Sell, resell, license, sublicense, lease, rent, loan, distribute, publish, or otherwise transfer the Services, Software, or any rights therein to any third party, including by time-sharing, service bureau, or managed services arrangement;
5. Remove Proprietary Notices: Remove, obscure, alter, deface, or destroy any proprietary notices, labels, watermarks, or legends affixed to or contained within the Software, Services, or Documentation, including copyright, trademark, patent, or confidentiality notices;
6. Circumvent Security or Access Controls: Circumvent, disable, defeat, or interfere with any security features, access controls, authentication mechanisms, encryption, usage limits, rate limits, or other protective measures of the Services;
7. Competitive Use: Use the Services, Documentation, or any data, output, or insights derived therefrom to build, train, improve, benchmark, or market a product or service that competes with the Services, or to conduct competitive intelligence, feature comparison, or reverse-engineering analysis for competitive purposes;
8. Unauthorized Access: Access or attempt to access any systems, networks, servers, environments, or data not intended for Customer's use, including other customers' accounts, data, or infrastructure;
9. Automated Extraction: Use any robot, spider, crawler, scraper, data mining tool, or other automated means to access, extract, index, or collect data from the Services, except through the APIs provided by Provider and within the documented rate limits;
10. Excessive or Abusive Load: Intentionally or recklessly impose an unreasonable or disproportionate load on the infrastructure supporting the Services, including resource exhaustion attacks or denial-of-service attacks;
11. Frame, Mirror, or Embed: Frame, mirror, embed, or otherwise simulate the appearance or function of the Services on any other website, application, or platform;
12. Code Injection or Tampering: Introduce any virus, worm, Trojan horse, ransomware, malicious code, or other harmful technology into the Services, or tamper with any data, configuration, setting, or functionality of the Services;
13. Exceed Licensed Scope: Use the Services beyond the scope authorized in the Order Form, including exceeding the number of Authorized Users, API call limits, data volume thresholds, or connected integration limits; or
14. Unlawful Use: Use the Services for any purpose that is unlawful, fraudulent, deceptive, harmful, or in violation of any applicable law, regulation, or third-party right.

5.3 Self-Hosted Deployment Restrictions

If Customer deploys the Software under a Self-Hosted Deployment license, the restrictions in Section 5.2 apply in full, and additionally:

• Customer shall deploy the Software only on infrastructure owned or directly controlled by Customer;
• Customer shall not make the Software accessible to any individual or entity outside Customer's organization without prior written consent from Provider;
• Customer shall not modify, patch, extend, instrument, or alter the Software code, binaries, configuration schema, or data models in any way unless expressly authorized in writing by Provider;
• Customer shall maintain the Software in its original, unmodified state and apply only updates, patches, and hotfixes distributed by Provider through official channels;
• Customer shall permit Provider to audit Customer's deployment, usage, and compliance with this Agreement upon thirty (30) days' written notice, no more than once per calendar year, during normal business hours;
• The self-hosted license is tied to the specific server(s), environment(s), or infrastructure identified at the time of deployment and may not be migrated, cloned, or replicated without prior written consent from Provider; and
• Customer shall implement and maintain security measures for its self-hosted environment that are no less protective than industry-standard practices, including encryption at rest and in transit, access controls, and timely application of security patches to the underlying infrastructure.

5.4 Provider Intellectual Property

As between the parties, Provider retains all right, title, and interest in and to the Services, Software, Documentation, Website, and all related technology, content, and materials — including all source code, object code, algorithms, data models, APIs, user interfaces, visual design, graphics, logos, trademarks, trade names, and all improvements, enhancements, modifications, and derivative works thereof — together with all Intellectual Property Rights therein. No rights are granted to Customer except as expressly set forth in this Agreement. All rights not expressly granted are reserved by Provider.

5.5 Customer Data Ownership

As between the parties, Customer retains all right, title, and interest in and to Customer Data. Customer grants Provider a limited, non-exclusive, worldwide, royalty-free license to use, process, store, transmit, and display Customer Data solely as necessary to provide, maintain, support, and improve the Services in accordance with this Agreement and the Privacy Policy. Provider shall not use Customer Data for any other purpose without Customer's prior written consent.

5.6 Aggregated and Anonymized Data

Provider may collect and use aggregated, anonymized, and de-identified data derived from Customer's use of the Services ("Usage Analytics") for purposes of product improvement, capacity planning, benchmarking, and industry analysis, provided that such data: (a) does not identify Customer, any Authorized User, or any individual; (b) cannot reasonably be used to re-identify any person; and (c) is not attributable to Customer's organization. Usage Analytics shall be owned by Provider.

5.7 Feedback

If Customer or its Authorized Users provide suggestions, feature requests, enhancement ideas, bug reports, or other feedback regarding the Services ("Feedback"), Customer hereby assigns to Provider all right, title, and interest in such Feedback. Provider may use, incorporate, and commercialize Feedback without restriction, attribution, or compensation. Customer waives any moral rights in such Feedback to the extent permitted by applicable law.

6. Fees and Payment

6.1 Fees

Customer shall pay all Fees specified in the applicable Order Form. All Fees are quoted in United States dollars unless otherwise stated. Fees are based on the subscription tier, number of Authorized Users, and usage limits selected by Customer and are not contingent on the delivery of future functionality or features.

6.2 Invoicing and Payment Terms

Unless otherwise specified in the Order Form, Fees are due in advance on a monthly or annual basis. Provider shall issue invoices in accordance with the billing cycle specified in the Order Form. Payment is due within [FILL: e.g., "thirty (30)"] days of the invoice date. Provider may use a third-party payment processor to collect Fees.

6.3 Taxes

All Fees are exclusive of taxes, duties, levies, and similar governmental assessments. Customer is responsible for all applicable taxes (excluding taxes based on Provider's net income or payroll). If Provider is required to collect or remit taxes on Customer's behalf, such taxes will be invoiced to Customer and paid in accordance with Section 6.2.

6.4 Price Adjustments

Provider may adjust pricing at the start of any renewal term upon at least sixty (60) days' prior written notice. Price adjustments shall not exceed [FILL: e.g., "ten percent (10%)" OR "the greater of ten percent (10%) or the percentage increase in the Consumer Price Index (CPI-U)"] per renewal term, unless otherwise agreed in writing. If Customer does not agree to the adjusted pricing, Customer may terminate the affected Order Form by providing written notice before the renewal date.

6.5 Late Payment

If any undisputed amount is not paid when due, Provider may: (a) charge interest on overdue amounts at the lesser of one and one-half percent (1.5%) per month or the maximum rate permitted by applicable law; (b) suspend Customer's access to the Services upon fifteen (15) days' written notice if payment remains outstanding; and (c) recover all reasonable costs of collection, including attorney's fees and court costs. Suspension of Services for non-payment shall not relieve Customer of its obligation to pay all outstanding Fees.

6.6 Fee Disputes

Customer must notify Provider in writing of any disputed invoice items within thirty (30) days of the invoice date, providing a reasonable description of the basis for the dispute. The parties shall negotiate in good faith to resolve the dispute. Undisputed amounts must be paid in accordance with the standard payment terms regardless of any pending dispute.

7. Service Levels and Support

7.1 Availability

Provider shall use commercially reasonable efforts to maintain the availability of the SaaS Platform. [FILL: e.g., "Provider targets a monthly uptime percentage of 99.9% for the cloud-hosted Services, as measured by Provider's monitoring systems, excluding Scheduled Maintenance and Excused Downtime." OR "Specific uptime commitments, if any, are set forth in the applicable Order Form or Service Level Agreement (SLA) addendum."]

7.2 Scheduled Maintenance

Provider shall perform scheduled maintenance during off-peak hours and shall provide at least forty-eight (48) hours' advance notice to Customer whenever practicable. Scheduled maintenance windows shall not count against any uptime commitments.

7.3 Excused Downtime

Uptime commitments, if any, do not apply to unavailability caused by:

• Force majeure events (Section 14.5);
• Actions or omissions of Customer or its Authorized Users, including misconfiguration;
• Failures of Customer's network, hardware, or software;
• Third-party service outages, API changes, or rate limiting beyond Provider's control;
• Customer's Self-Hosted Deployment infrastructure; or
• Emergency maintenance required to address security vulnerabilities or critical defects, provided that Provider uses reasonable efforts to notify Customer promptly.

7.4 Support

Provider shall provide technical support to Customer in accordance with the support plan associated with Customer's subscription tier, as described on the Website or in the applicable Order Form. Support may include email support, documentation access, and, for certain tiers, dedicated account management or priority response times.

8. Confidentiality

8.1 Protection Obligations

The Receiving Party shall:

• Protect the Disclosing Party's Confidential Information using at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care;
• Use the Disclosing Party's Confidential Information solely for the purposes contemplated by this Agreement;
• Limit access to Confidential Information to employees, contractors, and advisors who have a legitimate need to know and who are bound by written obligations of confidentiality at least as protective as those in this Section 8;
• Not disclose Confidential Information to any third party without the Disclosing Party's prior written consent, except as expressly permitted herein; and
• Promptly notify the Disclosing Party upon discovery of any unauthorized use or disclosure of Confidential Information.

8.2 Exclusions

Information is not Confidential Information if it:

• Is or becomes publicly available through no fault or breach by the Receiving Party;
• Was lawfully known to the Receiving Party prior to disclosure, without restriction;
• Is independently developed by the Receiving Party without reference to or use of the Disclosing Party's Confidential Information; or
• Is lawfully obtained from a third party who is not subject to a duty of confidentiality.

8.3 Compelled Disclosure

If the Receiving Party is compelled by law, regulation, court order, or governmental authority to disclose Confidential Information, it shall: (a) provide prompt written notice to the Disclosing Party (to the extent legally permitted) to allow the Disclosing Party to seek a protective order or other appropriate remedy; (b) cooperate with the Disclosing Party in seeking such remedy at the Disclosing Party's expense; and (c) disclose only the minimum amount of Confidential Information required to satisfy the legal obligation.

8.4 Injunctive Relief

Each party acknowledges that any breach or threatened breach of this Section 8 may cause irreparable harm to the Disclosing Party for which monetary damages would be an inadequate remedy. Accordingly, the Disclosing Party shall be entitled to seek injunctive or other equitable relief in any court of competent jurisdiction without the necessity of posting a bond or proving actual damages, in addition to any other remedies available at law or in equity.

8.5 Duration

The obligations under this Section 8 shall survive termination or expiration of this Agreement for a period of five (5) years, except with respect to trade secrets, which shall be protected for as long as they qualify as trade secrets under applicable law.

9. Data Privacy, Security, and Processing

9.1 Privacy Policy

Provider's collection and use of information in connection with the Services is described in the Privacy Policy, which is incorporated into this Agreement by reference. The Privacy Policy describes three data domains: Marketing Website Data, Application Usage Data, and Service Data.

9.2 Data Processing Role

To the extent that Provider processes Personal Data on behalf of Customer as a Data Processor (or "Service Provider" under CCPA), the following applies:

• Provider shall process Personal Data only in accordance with Customer's documented instructions and solely for the purpose of providing the Services;
• Provider shall not sell, share, or use Personal Data for any purpose other than performing the Services, including not using Personal Data for Provider's own commercial purposes;
• Provider shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk; and
• Upon Customer's request, Provider shall enter into a Data Processing Addendum ("DPA") that complies with applicable data protection law, including the GDPR, UK GDPR, and CCPA/CPRA.

9.3 Security Measures

Provider shall implement and maintain administrative, technical, and physical security safeguards designed to:

• Protect Customer Data against unauthorized access, alteration, disclosure, or destruction;
• Ensure the confidentiality, integrity, and availability of the Services;
• Encrypt Customer Data in transit (TLS 1.2+) and at rest;
• Manage API credentials and secrets through a dedicated secret management service with envelope encryption; and
• Restrict access to production systems to authorized personnel through role-based access controls and multi-factor authentication.

9.4 Breach Notification

In the event of a confirmed security breach that affects Customer Data ("Security Incident"), Provider shall: (a) notify Customer without undue delay and within seventy-two (72) hours of becoming aware of the Security Incident; (b) provide information regarding the nature and scope of the incident, the categories and approximate volume of data affected, the likely consequences, and the measures taken or proposed to mitigate the impact; (c) cooperate with Customer in investigating and remediating the incident; and (d) take all reasonable steps to contain and resolve the Security Incident.

9.5 Subprocessors

Provider shall maintain a list of Subprocessors and shall provide notice to Customer at least thirty (30) days prior to engaging a new Subprocessor. If Customer reasonably objects to a new Subprocessor on data protection grounds, the parties shall negotiate in good faith to resolve the objection. If no resolution is reached within thirty (30) days, Customer may terminate the affected Order Form with a pro-rata refund of prepaid Fees for the unused portion of the term.

9.6 Customer Responsibilities

Customer is responsible for:

• Obtaining all necessary consents, authorizations, and legal bases required for the processing of Personal Data through the Services;
• Ensuring that its use of the Services complies with all applicable data protection laws;
• Appropriately configuring the Services to meet its compliance obligations;
• The security of its own systems, networks, and credentials; and
• Providing notice to its end users regarding the processing of their data through the Services, as required by applicable law.

10. Representations and Warranties

10.1 Mutual Representations

Each party represents and warrants to the other that:

• It is duly organized, validly existing, and in good standing under the laws of its jurisdiction of formation;
• It has the legal power and authority to enter into and perform its obligations under this Agreement;
• The execution and performance of this Agreement does not conflict with any other agreement to which it is a party; and
• It shall comply with all applicable laws, regulations, and governmental orders in its performance under this Agreement.

10.2 Provider Warranties

Provider warrants that:

• The Services shall perform materially in accordance with the Documentation during the Subscription Term;
• The Services shall be provided using personnel of requisite skill, experience, and qualifications, and in a professional and workmanlike manner consistent with generally recognized industry standards;
• To Provider's knowledge, the Services do not, as of the Effective Date, infringe any third party's Intellectual Property Rights; and
• Provider shall not knowingly introduce any virus, malware, or other harmful code into the Services.

Sole Remedy: Customer's sole and exclusive remedy for a breach of the warranties in Section 10.2 is, at Provider's option: (a) correction of the non-conformity within a commercially reasonable timeframe; or (b) if Provider is unable to correct the non-conformity within sixty (60) days of written notice, termination of the affected Order Form and a pro-rata refund of prepaid Fees for the unused portion of the Subscription Term.

10.3 Customer Warranties

Customer represents and warrants that:

• Customer has all necessary rights and authorizations to provide Customer Data and to connect third-party platforms through the Services;
• Customer Data and Customer's use of the Services will not violate any applicable law or infringe any third party's rights; and
• Customer shall not use the Services for any purpose beyond the scope authorized in this Agreement and the applicable Order Form.

10.4 Disclaimer of Warranties

EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION 10, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." PROVIDER DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. PROVIDER DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, COMPLETELY SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE SERVICES ARE NOT DESIGNED FOR USE IN HIGH-RISK ACTIVITIES WHERE FAILURE COULD LEAD TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE, AND PROVIDER EXPRESSLY DISCLAIMS ANY WARRANTY OF FITNESS FOR SUCH PURPOSES.

11. Limitation of Liability

11.1 Exclusion of Consequential Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, BUSINESS OPPORTUNITY, DATA, OR USE, ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF SUCH DAMAGES WERE FORESEEABLE.

11.2 Aggregate Liability Cap

EXCEPT FOR THE EXCLUDED CLAIMS SET FORTH IN SECTION 11.3, THE AGGREGATE LIABILITY OF EACH PARTY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO PROVIDER DURING THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11.3 Excluded Claims

The limitations in Sections 11.1 and 11.2 shall not apply to:

• Customer's breach of Section 5.2 (Restrictions) or Section 5.4 (Provider Intellectual Property);
• Either party's breach of Section 8 (Confidentiality);
• Either party's indemnification obligations under Section 12;
• Customer's obligation to pay Fees;
• Liability arising from fraud, gross negligence, or willful misconduct; or
• Liability that cannot be limited or excluded under applicable law.

11.4 Allocation of Risk

Customer acknowledges that the Fees reflect the allocation of risk set forth in this Agreement. The limitations of liability in this Section 11 are a fundamental element of the basis of the bargain between the parties and shall apply regardless of the success or effectiveness of other remedies.

12. Indemnification

12.1 Customer Indemnification

Customer shall indemnify, defend, and hold harmless Provider and its Affiliates, and their respective officers, directors, employees, agents, successors, and assigns ("Provider Indemnified Parties") from and against any and all third-party claims, demands, suits, proceedings, losses, damages, liabilities, costs, and expenses (including reasonable attorney's fees and court costs) arising out of or related to:

• Customer's or its Authorized Users' use of the Services in violation of this Agreement;
• Customer Data, including any claim that Customer Data infringes, misappropriates, or otherwise violates any third party's Intellectual Property Rights or privacy rights;
• Customer's breach of any representation, warranty, or obligation under this Agreement;
• Customer's violation of applicable law, regulation, or third-party agreements; or
• Customer's connection of third-party platforms or processing of data obtained therefrom.

12.2 Provider Indemnification (IP)

Provider shall indemnify, defend, and hold harmless Customer and its Affiliates from and against any third-party claim alleging that Customer's authorized use of the Services in accordance with this Agreement infringes such third party's Intellectual Property Rights ("IP Claim"), provided that Customer: (a) promptly notifies Provider in writing of the IP Claim; (b) grants Provider sole control of the defense and settlement; and (c) provides reasonable cooperation at Provider's expense.

Provider's obligations under this Section 12.2 shall not apply to any IP Claim arising from:

• Modification of the Services by anyone other than Provider;
• Combination of the Services with non-Provider products, services, or data;
• Use of the Services in violation of this Agreement or the Documentation;
• Use of a superseded version of the Services if the infringement would have been avoided by use of the then-current version made available to Customer; or
• Customer Data or Customer's specifications or requirements.

12.3 Mitigation

If the Services become, or in Provider's reasonable opinion are likely to become, the subject of an IP Claim, Provider may, at its option and expense: (a) procure for Customer the right to continue using the Services; (b) modify the Services to make them non-infringing without materially reducing functionality; or (c) if neither (a) nor (b) is commercially reasonable, terminate the affected Order Form and refund any prepaid Fees for the unused portion of the Subscription Term.

12.4 Indemnification Procedure

The indemnified party shall: (a) provide prompt written notice of the claim (provided that failure to give prompt notice shall not relieve the indemnifying party of its obligations except to the extent it is materially prejudiced by such failure); (b) grant the indemnifying party sole control of the defense and settlement; and (c) provide reasonable cooperation at the indemnifying party's expense. The indemnifying party shall not settle any claim in a manner that admits fault or liability on behalf of the indemnified party, or that imposes obligations on the indemnified party, without the indemnified party's prior written consent.

13. Term and Termination

13.1 Term of Agreement

This Agreement is effective as of the Effective Date and continues until all Order Forms have expired or been terminated, unless earlier terminated in accordance with this Section 13.

13.2 Subscription Term and Renewal

Each Subscription Term is as specified in the applicable Order Form. Subscription Terms shall automatically renew for successive periods of equal length unless either party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term (or such other notice period as specified in the Order Form).

13.3 Termination for Cause

Either party may terminate this Agreement or an Order Form:

• Material Breach: If the other party materially breaches this Agreement and fails to cure such breach within thirty (30) days of receiving written notice specifying the breach in reasonable detail; or
• Insolvency: If the other party becomes insolvent, files for bankruptcy protection, makes an assignment for the benefit of creditors, or ceases to operate in the ordinary course of business.

13.4 Termination by Provider (Immediate)

Provider may suspend or terminate Customer's access to the Services immediately, without prior notice or cure period, if:

• Customer breaches Section 5.2 (Restrictions), Section 5.4 (Provider IP), or Section 6 (Acceptable Use Policy in the Terms of Service);
• Customer's use of the Services poses an imminent security risk to Provider, other customers, or any third party;
• Suspension or termination is required by law, regulation, or a governmental authority; or
• Customer's account has been inactive for twelve (12) consecutive months with no active Subscription Term.

13.5 Effect of Termination

Upon termination or expiration of this Agreement or any Order Form:

• All licenses granted hereunder shall immediately terminate, and Customer shall immediately cease all use of the Services;
• Customer shall destroy or return all copies of the Software, Documentation, and Provider's Confidential Information in its possession or control, and certify such destruction or return in writing upon request;
• Customer shall pay all outstanding Fees accrued through the effective date of termination;
• Provider shall, upon Customer's written request submitted within thirty (30) days of the effective date of termination, make Customer Data available for export in a standard machine-readable format (e.g., JSON or CSV). After such thirty (30) day period, Provider shall have no obligation to maintain Customer Data and may delete it in accordance with its standard data retention practices;
• If Customer terminates for Provider's uncured material breach, Provider shall refund any prepaid Fees for the unused portion of the Subscription Term; and
• If Provider terminates for Customer's breach, all Fees for the remainder of the Subscription Term shall become immediately due and payable as liquidated damages, and not as a penalty.

13.6 Survival

The following sections shall survive termination or expiration of this Agreement: Sections 1 (Definitions), 5.2 (Restrictions), 5.4 (Provider IP), 5.6 (Aggregated Data), 5.7 (Feedback), 6 (Fees — with respect to amounts accrued prior to termination), 8 (Confidentiality), 9 (Data Privacy — with respect to data processed prior to termination), 10.4 (Disclaimer), 11 (Limitation of Liability), 12 (Indemnification), 13.5 (Effect of Termination), 13.6 (Survival), and 14 (General Provisions).

14. General Provisions

14.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods (CISG) does not apply to this Agreement.

14.2 Dispute Resolution

• Escalation: The parties shall first attempt to resolve any dispute through good-faith negotiation between designated representatives. If the dispute is not resolved within thirty (30) days, either party may escalate to executive-level discussions for an additional fifteen (15) day period.
• Binding Arbitration: Disputes not resolved through escalation shall be submitted to final and binding arbitration administered by [FILL: e.g., "the American Arbitration Association (AAA) under its Commercial Arbitration Rules" OR "JAMS under its Comprehensive Arbitration Rules and Procedures"]. The arbitration shall take place in San Francisco, California. The arbitrator shall have the authority to grant any remedy available at law or in equity. The arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction.
• Equitable Relief: Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of Intellectual Property Rights or Confidential Information, without the necessity of posting a bond or proving actual damages.

14.3 Class Action Waiver

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE PARTIES AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS SHALL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. EACH PARTY WAIVES ANY RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION.

14.4 Entire Agreement

This Agreement, together with all Order Forms, Statements of Work, the Privacy Policy, the Data Processing Addendum (if applicable), and any other addenda expressly incorporated by reference, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, agreements, proposals, negotiations, representations, and warranties, both written and oral. No terms or conditions contained in any Customer purchase order, acknowledgment, or other business form shall modify or supplement this Agreement, and any such terms are expressly rejected.

14.5 Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations under this Agreement (other than payment obligations) to the extent such failure or delay results from causes beyond the affected party's reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, riots, embargoes, epidemics or pandemics, government actions or orders, power failures, internet or telecommunications outages, cyberattacks, or labor disputes. The affected party shall provide prompt written notice and use commercially reasonable efforts to mitigate the impact. If a force majeure event continues for more than ninety (90) days, either party may terminate the affected Order Form upon written notice.

14.6 Severability

If any provision of this Agreement is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction or arbitrator, such provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the parties' original intent, or if modification is not possible, shall be severed. The remaining provisions shall continue in full force and effect, and the parties shall negotiate in good faith to replace the severed provision with a valid provision that achieves the same economic and legal effect.

14.7 Waiver

No failure or delay by either party in exercising any right, power, or remedy under this Agreement shall operate as a waiver thereof, nor shall any single or partial exercise preclude any other or further exercise of such right or the exercise of any other right. All waivers must be in writing and signed by an authorized representative of the waiving party.

14.8 Assignment

Customer may not assign, transfer, or delegate this Agreement or any rights or obligations hereunder, in whole or in part, by operation of law or otherwise, without the prior written consent of Provider. Any attempted assignment in violation of this section shall be null and void. Provider may assign this Agreement freely in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets, upon written notice to Customer. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties and their respective successors and permitted assigns.

14.9 Notices

All notices required or permitted under this Agreement shall be in writing and shall be deemed effective upon: (a) personal delivery; (b) the date sent by confirmed email; (c) one (1) business day after deposit with a nationally recognized overnight courier; or (d) three (3) business days after being sent by certified or registered mail, return receipt requested, postage prepaid. Notices to Provider shall be sent to the address in Section 15. Notices to Customer shall be sent to the email address or mailing address on file in Customer's account.

14.10 Independent Contractors

The relationship between the parties is that of independent contractors. Nothing in this Agreement shall be construed as creating a partnership, joint venture, agency, franchise, or employment relationship. Neither party has the authority to bind the other or to incur obligations on the other's behalf.

14.11 No Third-Party Beneficiaries

This Agreement is for the sole benefit of the parties and their permitted successors and assigns. Nothing in this Agreement shall confer upon any third party any legal or equitable right, benefit, or remedy.

14.12 Export Compliance

Customer agrees to comply with all applicable export and import control laws and regulations, including the U.S. Export Administration Regulations (EAR), International Traffic in Arms Regulations (ITAR), and Office of Foreign Assets Control (OFAC) sanctions programs. Customer shall not access or use the Services from, or export the Software to, any country, entity, or individual prohibited by applicable export control laws.

14.13 Government End Users

The Software and Documentation are "commercial computer software" and "commercial computer software documentation" as defined in FAR 12.212 and DFARS 227.7202. If the Software is licensed for use by or on behalf of the U.S. Government, it is provided with only the commercial license rights and restrictions described in this Agreement.

14.14 Anti-Corruption

Each party represents and warrants that it has not, and covenants that it will not, in connection with this Agreement, directly or indirectly offer, pay, promise, or authorize any bribe, kickback, or other corrupt payment to any person, including any government official, in violation of the U.S. Foreign Corrupt Practices Act (FCPA), the UK Bribery Act 2010, or any other applicable anti-corruption law.

14.15 Modifications to Agreement

Provider may update or modify this MSA from time to time. For existing Customers with active Subscription Terms, material changes will not take effect until the start of the next renewal term unless Customer affirmatively consents. Provider shall provide at least sixty (60) days' prior written notice of material changes. If Customer does not agree to the modified terms, Customer may terminate the Agreement at the end of the then-current Subscription Term by providing written notice before the renewal date.

14.16 Construction

The headings in this Agreement are for convenience only and shall not affect the interpretation of any provision. The words "include," "includes," and "including" shall be deemed to be followed by "without limitation." This Agreement shall be construed without regard to any presumption or rule requiring construction against the drafting party. Unless the context requires otherwise, references to "Sections" refer to sections of this Agreement. References to "days" mean calendar days unless "business days" is specified.

14.17 Counterparts

Order Forms and Statements of Work may be executed in counterparts, each of which shall constitute an original and all of which together shall constitute one agreement. Electronic signatures and PDF copies of signed documents shall be deemed originals for all purposes.

15. Contact Information

For questions about this Master Service Agreement, please contact: