Master Subscription Agreement
(June 2023 – Present)
This Agreement permits Customer to purchase Software, Hosted Solutions, and Services (as applicable) from PortX, Inc. (“PortX”) pursuant to the PortX order forms referencing this Agreement (“Order Form(s)”) and sets forth the basic terms and conditions. This Agreement shall govern Customer’s initial purchase on the Effective Date as well as any future purchases made by Customer that reference this Agreement. PortX provides the Software and Hosted Solutions listed on an Order Form on a subscription basis. The term of each Subscription is designated in the applicable Order Form. As part of each Subscription, PortX provides the maintenance and support services described in Section 6 (Support & Maintenance) of the Agreement. PortX also offers Services (as defined in Section 7 (Services)), such as architecture, implementation, and training related to the Software and Hosted Solutions.
1. Definitions
1.1. “Affiliate” means any entity that Customer, directly or indirectly, controls; an entity that controls Customer; or an entity that is under common control with Customer. For purposes of this provision, “control” means ownership of at least fifty percent (50%) of the outstanding voting shares of the entity.
1.2. Confidential Information” means Customer Data, nonpublic personal information of the Customer’s customers, and all code, inventions, know-how, business, technical and financial information that one party (“Receiving Party”) obtains from the other party (“Disclosing Party”); provided that such information is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be Confidential Information due to the nature of the information disclosed and the circumstances surrounding the disclosure; and provided further that any software, documentation or technical information provided by PortX (or its agents), performance information relating to the Software, and the terms of this Agreement shall be deemed Confidential Information of PortX without any marking or further designation
1.3. “Customer Data” means Customer’s electronic data other than Log Data, including information that is processed by PortX, or collected by PortX, on behalf of Customer, which identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular identified or identifiable person.
1.4. “Documentation” means the technical specification documentation made available by PortX to Customer with regard to the Software or Hosted Solution.
1.5. “Engineering Unit” has the meaning defined in Attachment 3.
1.6. “Hosted Solution” means an installation of Software and the OSIS Stack, hosted in a cloud-computing platform (such as an Amazon Web Services, or Microsoft Azure instance) that may be set forth on an Order Form and are subsequently made available by PortX for use by Customer including associated documentation (but excluding Third Party Solution Components or infrastructure).
1.7. “Log Data” means metadata about services in the cloud, logs, audit trail events and metrics.
1.8. “Materials” means any materials provided by PortX to Customer in connection with the provision of Services.
1.9. “Open Source Integration Stack” or “OSIS Stack” means the open source software components included in a Hosted Solution.
1.10. “Order Form” means a PortX standard ordering document referencing this Agreement and reflecting the Software licenses, Hosted Solution Subscription, Services, and Support and Maintenance (as applicable), purchased by Customer.
1.11. “Results” means the separate integration solutions, applications or program code that Customer creates through the permitted and contemplated use of the Software or Hosted Solution (but expressly excludes Software, the Hosted Solution, Materials, Documentation, User Guides, and all derivative works thereof, as well as deliverables and other results of Services).
1.12.“Services” means the professional consulting services purchased by Customer in the applicable Order Form and relating to assistance with Software installation, Hosted Solution implementation, deployment, or usage; or development or delivery of additional related software or technology.
1.13. “Software” means (i) the proprietary PortX software products that are deployed on premise or in a Hosted Solution, and that are specified in a mutually executed Order Form; and (ii) all related Documentation for and any Support and Maintenance releases of the same Software (but excluding Third Party Solution Components).
1.14. “SOW” means a Statement of Work between PortX and Customer with respect to Services.
1.15. “Subscription” means the Customer’s right to access and use the relevant Software, Hosted Solution, and Support and Maintenance on a subscription basis, as and to the extent listed on a mutually executed Order Form.
1.16. “Subscription Term” means the duration of a Subscription as set forth on an Order Form or as specified in Section 3.1.
1.17. “Support and Maintenance” means the applicable support and maintenance services, and service level agreement (SLA) as provided for in Addendum A.
1.18. “Term” means the period commencing as of the Effective Date and expiring on the day that the last Subscription Term under this Agreement terminates.
1.19. “Third Party Solution Components” means online applications and offline software products that are provided by entities or individuals other than PortX and that interoperate with the Software or Hosted Solution.
1.20. “Users” means the Customer’s employees and contractors which are authorized by Customer to access and use Software or Hosted Solution purchased under an Order Form.
1.21. vCore means a virtual representation of computer capacity equal to a single hardware core used for processing.
1.22. “Warranty Period” means a period of thirty (30) days following the commencement of the relevant Subscription Term
2. Licenses and Ownership
2.1. License to Software; Access to Hosted Solution. If and to the extent that the relevant Subscription covers Software, then the terms and conditions of Attachment 1 to this Agreement shall govern Customer’s access to and use of that Software. If and to the extent that the relevant Subscription covers a Hosted Solution, then the terms and conditions of Attachment 2 to this Agreement shall govern Customer’s access to and use of the Hosted Solution. If and to the extent that the relevant Subscription includes a Platform Subscription, then the terms and conditions of Attachment 3 to this Agreement shall govern Customers access to and use of the Platform Subscription. With respect to the rights granted under Attachments, Customer agrees that it will comply with all applicable laws and regulations in the exercise of such rights.
2.2. Ownership
(a) Software & Hosted Solution. Notwithstanding anything to the contrary contained herein, except for the limited license rights expressly provided under a fully paid Subscription, PortX and its suppliers have and will retain all right, title and interest in and to the Software and the Hosted Solution (including, without limitation, all patent, copyright, trademark, trade secret and other intellectual property rights) and all copies, modifications and derivative works thereof. Customer acknowledges that it is obtaining only a limited license right to use the Software or Hosted Solution, and that irrespective of any use of the words “purchase,” “sale,” or like terms hereunder no ownership rights are being conveyed to Customer under this Agreement or otherwise. In addition, PortX will have a royalty-free, worldwide, irrevocable, perpetual license to use for any purpose any suggestions, enhancement requests, recommendations or other feedback provided by Customer, including Users, relating to the Software or Hosted Solution.
(b) Materials. Customer agrees and acknowledges that Customer is not obtaining any intellectual property or other rights in or to the Materials delivered as part of the Services, other than the rights of use specifically granted in this Agreement. Customer will be entitled to retain and use all Materials provided to Customer solely in connection with Customer’s permitted use of (as the case may be) the Software or Hosted Solution, but without any other license to exercise any of the intellectual property rights therein, all of which are hereby strictly reserved to PortX. In particular and without limitation, Materials may not be copied electronically or otherwise whether or not for archival purposes, modified including translated, re-distributed, disclosed to third parties, lent, hired out, made available to the public, sold, offered for sale, shared, or transferred in any other way, all except as expressly permitted herein. All PortX trademarks, trade names, logos and notices present on the Materials will be preserved and not deliberately defaced, modified or obliterated except by normal wear and tear. Customer shall not use any PortX trademarks without PortX’s express written authorization.
(c) Results; Customer Data and Log Data. Subject to PortX’s rights under 2.2(a)-(b), Customer shall own all right, title and interest in and to the Results. In addition, Customer retains all right, title and interest in and to the Customer Data and Log Data. Notwithstanding the foregoing, PortX may freely use the Results and the Log Data as part of its efforts to improve and analyze the performance of the Software or Hosted Solution, and solely on a generic, aggregate basis along with PortX’s use of similar data from all of its customers.
3. Subscription Term, Fees, and Payment
3.1. Subscription Term and Renewals. Unless otherwise designated in the Order Form, the term of any Subscription shall be one (1) year commencing on the Order Form Effective Date of the applicable Order Form. Except as may otherwise be specified on an Order Form, each Subscription Term shall automatically renew for subsequent periods of the same length as the initial Subscription Term unless either party gives PortX written notice of termination at least ninety (90) days prior to expiration of the then-current Subscription Term. The rates for any Subscription Term renewals shall be PortX’s then-current list Subscription rates.
3.2. Subscription Fees. Customer shall pay all fees for each Subscription as specified on the applicable Order Form and may purchase additional Subscriptions by entering into additional Order Forms with PortX. Fees for additional Subscriptions or renewals will be at PortX’s then-current list prices for Subscriptions unless otherwise set forth on an Order Form. If PortX sets a price on an Order Form for additional Subscriptions, such prices are valid during the then-current Subscription Term.
3.3. Payment Terms. All fees are as set forth in the applicable Order Form and shall be paid by Customer thirty (30) days from invoice unless otherwise specified in the applicable Order Form unless disputed in good faith by Customer. Customer shall be responsible for all taxes, withholdings, duties and levies arising from the order (excluding taxes based on the net income of PortX). Except as set forth herein, fees are non-refundable upon payment. Payments will be made without right of set-off or chargeback. Any late payments shall be subject to a service charge equal to 1.5% per month of the amount due or the maximum amount allowed by law, whichever is less. If payment of any undisputed fee is overdue, PortX may also suspend provision of the Software, Hosted Solution, Services, and Support and Maintenance, until such delinquency is corrected.
4. Term and Termination
4.1. Term and Termination. This Agreement is effective during the Term. Either party may terminate this Agreement (including all related Order Forms) if the other party: (a) fails to cure any material breach of this Agreement within thirty (30) days after written notice of such breach; (b) ceases operation without a successor. Additionally, PortX may terminate this Agreement if Customer seeks protection under any bankruptcy, receivership, trust deed, creditors arrangement, composition or comparable proceeding, or if any such proceeding is instituted against Customer (and not dismissed within 60 days thereafter)).
4.2. Effects of Termination. Upon expiration or termination of this Agreement for any reason: (a) any amounts owed to PortX under this Agreement before such termination will be immediately due and payable; (b) Customer shall cease any and all use of the (as the case may be) Software or Hosted Solution, and destroy all copies of the former and so certify to PortX in writing; (c) each party will return to the other party the Confidential Information of the other party that it obtained during the course of this Agreement; and (d) each party must certify in writing to the other party that it has returned or destroyed all Confidential Information of the other party. In the event that PortX terminates this Agreement pursuant to Section 4.1, Customer will pay any unpaid fees for the remainder of the Subscription Term(s) under all Order Forms. In the event that Customer terminates the Agreement pursuant to Section 4.1, PortX shall owe Customer a pro-rata refund of any prepaid subscription fees.
4.3. Survival. Sections 1-3, 4.2, 4.3, 5.5, 8, 10, and 11 shall survive any termination or expiration of this Agreement.
5. Acceptance; Limited Warranties; Warranty Disclaimers
5.1. Acceptance. None of the Software, Hosted Solution, Support and Maintenance or Services shall be subject to contractual acceptance, and all of the foregoing shall be deemed accepted upon delivery.
5.2. Limited Warranties. The limited warranties, if any, applicable to the Software, Hosted Solution and the parties’ rights and obligations in the event of a breach of such warranty, are as expressly set out in Attachment 1 and Attachment 2, respectively. With respect to Services, PortX warrants only that the relevant Services will be performed consistent with generally accepted industry standards. If the Services do not conform to such warranty, PortX will re-perform the non-conforming Services.
5.3. Exclusive Remedies. The remedies in Attachment 1, Attachment 2, and Section 5.2 are Customer’s sole and exclusive remedies for breach of the relevant warranty and are PortX’s sole and exclusive liability for breach of such warranty.
5.4. Warranty Exclusions. The warranties in Attachment 1, Attachment 2, and Section 5.2 are made to and for the benefit of Customer only. The warranties will apply only if (a) the relevant PortX product has been properly installed and used at all times and in accordance with the instructions in the applicable Documentation; (b) no modification, alteration or addition has been made to the relevant PortX product by anyone other than PortX; and (c) PortX receives written notification of the breach within thirty (30) days following the date the relevant PortX product was initially licensed, and in the case of Services, within thirty (30) days following the performance of the relevant Services. The above warranties shall not apply: (i) to defects in the PortX product due to accident, abuse or improper use by Customer; or (ii) items provided on a no charge or evaluation basis.
5.5. DISCLAIMER OF WARRANTIES. THE WARRANTIES (IF ANY) LISTED IN ATTACHMENT 1, ATTACHMENT 2, AND SECTION 5.2 ARE LIMITED WARRANTIES AND EXCEPT AS EXPRESSLY SET FORTH IN ATTACHMENT 1, ATTACHMENT 2 AND SECTION 5.2, THE SOFTWARE, HOSTED SOLUTION, DOCUMENTATION, USER GUIDES, ALL SERVICES, ALL MATERIALS, AND SUPPORT AND MAINTENANCE ARE ALL PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING DISCLAIMER, PortX DOES NOT WARRANT THAT THE SOFTWARE OR HOSTED SERVICES (I) WILL OPERATE UNINTERRUPTED, (II) WILL BE FREE FROM DEFECTS, OR (III) HAVE BEEN DESIGNED TO MEET CUSTOMER’S SPECIFIC BUSINESS REQUIREMENTS. NEITHER PortX NOR ITS SUPPLIERS MAKES ANY OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. CUSTOMER MAY HAVE OTHER STATUTORY RIGHTS. HOWEVER, TO THE FULL EXTENT PERMITTED BY LAW, THE DURATION OF STATUTORILY REQUIRED WARRANTIES, IF ANY, SHALL BE LIMITED TO THE LIMITED WARRANTY PERIOD. CUSTOMER ACKNOWLEDGES THAT THE SOFTWARE AND HOSTED SERVICES ARE NOT INTENDED FOR USE IN CONNECTION WITH ANY STRICT LIABILITY ACTIVITY (INCLUDING, WITHOUT LIMITATION, AIR OR SPACE TRAVEL, POWER PLANT OPERATION, OR LIFE SUPPORT OR EMERGENCY MEDICAL OPERATIONS) AND THAT PortX MAKES NO WARRANTY AND SHALL HAVE NO LIABILITY IN CONNECTION WITH ANY USE OF THE SOFTWARE IN SUCH SITUATIONS.
6. Support & Maintenance; Cooperation; Third Party Solution Components; Data Processing
6.1. Support and Maintenance. During the time that Customer has paid the applicable Subscription fees, PortX shall provide Support and Maintenance during the Subscription Term in accordance with PortX’s support policies defined in Section 1.17.
6.2. Cooperation. Customer agrees to provide PortX with such cooperation, materials, information, access and support which PortX deems to be reasonably required to allow PortX to successfully provide the Services and Support and Maintenance, including, without limitation, as may be set forth in an applicable Order Form. Customer understands and agrees that PortX’s obligations hereunder are expressly conditioned upon Customer providing such cooperation, materials, information, access and support. Additionally, Customer understands and agrees that PortX may share Customer information with its Representatives (as defined in Section 10) for the purpose of providing Support and Maintenance.
6.3. Results. Under this Agreement PortX provides only the Software and Services and Support and Maintenance with respect to such Software. PortX does not provide any warranty on, and does not provide Support and Maintenance on, the Results. As a non-exclusive example, in order for Customer effectively to use Results, Customer may need to license, modify and install Third Party Solution Components. PortX may provide Customer with links and instructions for obtaining Third Party Solution Components or provide access to them but it is Customer’s sole responsibility to properly license and install any required Third Party Solution Components from the relevant third party providers. PortX will have no liability with respect to any Third Party Solution Components. If applicable, prior to PortX starting any Services that require the use of Third Party Solution Components, Customer will provide documentation to PortX confirming that Customer can provide the rights necessary to allow PortX to modify the Third Party Solution Component software if necessary.
6.4. Data Processing. During the performance of providing access to the Software or the Hosted Solution, PortX may have access to Customer Data and/or its customers non-public data and information. PortX will process any such data in accordance with Addendum B, attached hereto.
7. Services
PortX shall provide the Services purchased in the applicable Order Form or SOW, as the case may be. Services may be ordered by Customer pursuant to a SOW describing the work to be performed, fees and any applicable milestones, dependencies and other technical specifications or related information. Both parties must sign each SOW before PortX shall commence work under such SOW. If the parties do not execute a separate Statement of Work, the Services shall be provided as stated on the Order Form. Customer will reimburse PortX for reasonable travel and lodging expenses as incurred.
8. Limitation of Remedies and Damages
8.1. PortX SHALL NOT BE LIABLE FOR (I) ANY COST OF COVER OR ANALOGOUS COSTS RELATED TO THE PROCUREMENT OF REPLACEMENT SERVICES; OR (II) ANY LOSS OF USE, LOST DATA, FAILURE OF SECURITY MECHANISMS, INTERRUPTION OF BUSINESS, OR ANY INDIRECT, SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOST PROFITS), REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, EVEN IF INFORMED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
8.2. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, PortX’S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL BE LIMITED TO PROVEN DIRECT DAMAGES CAUSED BY PortX’S SOLE NEGLIGENCE IN AN AMOUNT NOT TO EXCEED THE FEES ACTUALLY PAID BY CUSTOMER TO PortX UNDER THIS AGREEMENT DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF THE CLAIM.
8.3. OTHER THAN CLAIMS FOR SUBSCRIPTION FEES AND INTEREST THEREON, A MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY OR BREACH OF CONFIDENTIAL INFORMATION, NEITHER PARTY SHALL BRING ANY CLAIM BASED ON OR ARISING UNDER THIS AGREEMENT (INCLUDING WITHOUT LIMITATION, CLAIMS RELATING TO THE SOFTWARE OR THE HOSTED SERVICES) MORE THAN TWELVE (12) MONTHS AFTER THE CAUSE OF ACTION ACCRUES.
9. Indemnification
9.1. Indemnity by PortX. Subject to the remainder of this Section 9, PortX shall defend Customer against any independent third party claim that the Software or Hosted Solution infringes such third party’s U.S. patent or copyright (an “Infringement Claim”), and indemnify Customer from the resulting costs and damages awarded against Customer to the third party making such Infringement Claim, by a court of competent jurisdiction or agreed to in settlement; provided that Customer: (i) notifies PortX promptly in writing of such Infringement Claim, (ii) grants PortX sole control over the defense and settlement thereof, provided that no such settlement shall require any act or omission of Customer and provided that PortX may not settle any Infringement Claim against Customer unless the settlement unconditionally releases Customer of all liability, and (iii) reasonably cooperates in response to a PortX request for assistance. PortX will have the exclusive right to defend any such Infringement Claim and make settlements thereof at its own discretion, and Customer may not settle or compromise such Infringement Claim, except with prior written consent of PortX.
9.2. Options. Should any Software or the Hosted Solution become, or in PortX’s opinion be likely to become, the subject of such an Infringement Claim, PortX shall, at its option and expense, (a) procure for Customer the right to make continued use of the Software or the Hosted Solution, (b) replace or modify such so that it becomes non-infringing, or (c) request return of the Software or termination of the access to the Hosted Solution, and upon such request the corresponding licenses under Attachment 1 or 2 shall be terminated and PortX shall refund the price paid by Customer for the Subscription Term in which the Infringement Claim was asserted, less a pro rata portion of the Subscription fee reflecting that portion of the Subscription Term that was fulfilled prior to termination.
9.3. Exclusions. PortX will have no obligation for claims of infringement resulting from (i) any modification of the Software by a party other than PortX if such infringement would have been avoided in the absence of such modifications; (ii) Customer’s failure, within a reasonable time frame, to implement any replacement or modification of Software or Hosted Solution provided by PortX; (iii) any combination, operation, or use of the Software or Hosted Solution with any products, equipment, software, hardware, data, or business processes not supplied by PortX, including without limitation Third Party Solutions Components, Customer Data, Log Data and Results, (iv) use for a purpose or in a manner for which the Software or Hosted Solution were not designed, (v) any intellectual property right owned or licensed by Customer, excluding the Software or the Hosted Solution or, (vi) PortX’s compliance with any materials, designs, specifications or instructions provided by Customer, (vii) Customer using the Software or the Hosted Solution after PortX notifies Customer to discontinue using due to such a claim, or (viii) third party open source software.
9.4. Indemnity by Customer. Customer shall defend PortX against any third party Infringement Claim to the extent that they arise from any combination of Software or the Hosted Solution provided by PortX with products, data or business processes not supplied by PortX, and indemnify PortX for any damages, attorney fees and costs finally awarded against PortX as a result of, or for any amounts paid by PortX under a court-approved settlement of, an Infringement Claim against PortX; provided that PortX (a) promptly gives Customer written notice of the Infringement Claim against PortX; (b) gives Customer sole control of the defense and settlement of the Infringement Claim against PortX (provided that no such settlement shall require any act or omission of PortX and provided that Customer may not settle any Infringement Claim against PortX unless the settlement unconditionally releases PortX of all liability); and (c) provides to Customer all reasonable assistance, at Customer’s expense. Customer will have the exclusive right to defend any such Infringement Claim and make settlements thereof at its own discretion, and PortX may not settle or compromise such Infringement Claim, except with prior written consent of Customer.
9.5. Limitation. THIS SECTION STATES THE SOLE AND EXCLUSIVE REMEDIES AND ENTIRE LIABILITY FOR INFRINGEMENT CLAIMS
10. Confidential Information. Except as expressly authorized herein, the Receiving Party will hold in confidence and not use or disclose any Confidential Information. The Receiving Party’s nondisclosure obligation shall not apply to information which the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; (iv) is independently developed by employees of the Receiving Party who had no access to such information; or (v) is required to be disclosed pursuant to a regulation, law or court order (but only to the minimum extent required to comply with such regulation or order and with advance notice to the Disclosing Party). Each party will only disclose Confidential Information to its employees, agents, representatives, partners and authorized contractors (collectively “Representatives”) having a need to know for the purposes of this Agreement. Each party will notify and inform such Representatives of each party’s limitations, duties, and obligations regarding use, access to, and nondisclosure of Confidential Information and will obtain or have obtained its Representatives’ agreements to comply with such limitations, duties, and obligations with regard to such Confidential Information no less restrictive than those contained herein. Each party is liable for all acts and omissions of the Representatives related to the other party’s Confidential Information. Each party agrees to give notice to the other party immediately after learning of or having reason to suspect a breach of any of the proprietary restrictions set forth in this Section. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party shall be entitled to appropriate equitable relief in addition to whatever other remedies it might have at law.
11. Insurance. PortX shall maintain insurance at all times during the term of this Agreement as it deems adequate in its reasonable judgment, provided that such insurance shall be adequate to address any customarily insurable liabilities which may arise under this Agreement, and which shall consist of the following coverages in the following minimum limits: general liability with a minimum limit of $2 million per occurrence and $4 million aggregate; cyber liability with a minimum limit of $1 million; and umbrella liability with a minimum limit of $4 million. Upon Customer request, PortX shall procure from its insurer(s) and provide certificates of insurance evidencing its compliance with the foregoing requirements, which name Customer as an additional insured, and have a current A.M. Best rating of A VIII or better. PortX shall provide at least 30 days’ prior written notice to Customer if any insurance policy listed in the certificates of insurance is terminated prior to the date of its expiration. Upon request, PortX shall provide Customer with evidence of renewal for any subsequent periods of coverage for the policies described above.
12. Business Continuity Plan. PortX shall maintain a business continuity plan (“Business Continuity Plan”) and implement and execute such Business Continuity Plan during a time of emergency or disaster. PortX shall perform an exercise of the Business Continuity Plan at least once per year. If the Business Continuity Plan exercise fails to meet any of the success or other criteria set forth therein, then PortX will promptly remedy any identified failures and within thirty (30) days of the initial exercise, conduct another exercise of the Business Continuity Plan. PortX shall provide a copy of its Business Continuity Plan and the results of any exercise thereunder to Customer at Customer’s request. Upon request, PortX shall provide Customer, the most recent disaster recovery testing results.
13. General
13.1. Severability. If any provision of this Agreement shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited to the minimum extent necessary so that this Agreement shall otherwise remain in effect.
13.2. Governing Law. This Agreement shall be governed by the laws of the State of Delaware and the United States without regard to conflicts of laws provisions thereof, and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transactions Act (UCITA).
13.3. Attorneys’ Fees and Costs. The prevailing party in any action to enforce this Agreement will be entitled to recover its attorneys’ fees and costs in connection with such action.
13.4. Notices and Reports. Any notice or report hereunder shall be in writing to the notice address set forth above and shall be deemed given: (i) upon receipt if by personal delivery; (ii) upon receipt if sent by certified or registered U.S. mail (return receipt requested); or (iii) one day after it is sent if by next day delivery by a major commercial delivery service.
13.5. Amendments; Waivers. No supplement, modification, or amendment of this Agreement shall be binding, unless executed in writing by a duly authorized representative of each party to this Agreement. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. No provision of any purchase order or other business form employed by Customer will supersede the terms and conditions of this Agreement, and any such document relating to this Agreement shall be for administrative purposes only and shall have no legal effect.
13.6. Application; Entire Agreement. This Agreement shall govern all of Customer’s purchases of Subscriptions and Services from and after the Effective Date. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this Agreement. This Agreement also supersedes all terms any “shrink-wrap” or “click wrap” license included in any package, media, or electronic version of PortX-furnished software and any such Software shall be licensed under the terms of this Agreement. Notwithstanding any contrary provision therein, Customer Purchase Orders will be for the sole purpose of confirming for Customer’s internal records the quantities, prices and other terms applicable to a purchase of Subscriptions and Services in an Order Form, which Order Form(s) shall be the sole instrument forming a particular transaction hereunder between the parties.
13.7. Precedence. In the event of a conflict between two provisions that appear in the body of this Agreement, in any of the Exhibits or Attachments hereto, or in any Order Form, the conflict shall be resolved by giving precedence to the provision as it appears in the highest-ranked document in the following order: (1) the relevant Order Form (but only if the Order Form expressly states that it supersedes the other contradictory provision(s) of the other document(s)); then (2) the body of this Agreement; then (3) the Attachments to this Agreement; then (4) the Exhibits to this Agreement.
13.8. Audit Rights.
13.8.1. With respect to Subscriptions that are covered by Attachment 1 to this Agreement, Customer will maintain accurate records as to its use of the Software as authorized by this Agreement, for at least two (2) years from the last day on which Support and Maintenance expired for the applicable Software. PortX, or persons designated by PortX, will, at any time during the period when Customer is obliged to maintain such records, be entitled to audit such records and to ascertain completeness and accuracy, in order to verify that the Software is used by Customer in accordance with the terms of this Agreement and that Customer has paid the applicable license fees and Support and Maintenance fees for the Software, provided that: (a) PortX may conduct no more than one (1) audit in any twelve (12) month period; (b) any such audit shall be subject to a mutually agreed upon non-disclosure agreement negotiated in good faith and entered into by the parties (including any third party agent PortX may use in connection with such audit); (c) the audit will be conducted during normal business hours; and (d) PortX shall use commercially reasonable efforts to minimize the disruption of Customer’s normal business activities in connection with any such audit. PortX, or persons designated by PortX, shall not have physical access to Customer’s computing devices in connection with any such audit, without Customer’s prior written consent. Customer shall promptly pay to PortX any underpayments revealed by any such audit. Any such audit will be performed at PortX’s expense, provided, however, that Customer shall promptly reimburse PortX for the cost of such audit and any applicable fees if such audit reveals an underpayment by Customer of more than five percent (5%) of the license amounts payable by Customer to PortX for the period audited.
13.8.2. Upon reasonable notice, Customer, the Customer’s prudential regulators, or Customer’s authorized agent, may audit PortX’s records and information for the limited purpose of determining PortX’s compliance with this Agreement and applicable law. PortX shall have an independent SSAE18 SOC 2 Type 2 control audit conducted on PortX.
13.9. Independent Contractors. The parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the parties. Neither party will have the power to bind the other or incur obligations on the other party’s behalf without the other party’s prior written consent.
13.10. Force Majeure. Neither party shall be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to events which are beyond the reasonable control of such party, including but not limited to any strike, blockade, war, act of terrorism, riot, natural disaster, failure or diminishment of power or of telecommunications or data networks or services, or refusal of approval or a license by a government agency.
13.11. Assignment. Neither party may assign any part of this Agreement without the written consent of the other, except that either party may assign this Agreement in connection with a merger, acquisition, asset sale, or corporate reorganization. Any other attempt to assign is void.
13.12. Government End-Users. The Software and accompanying Documentation are deemed to be “commercial computer software” and “commercial computer software documentation”, respectively, pursuant to DFAR Section 227.7202 and FAR Section 12.212(b), as applicable. Any use, modification, reproduction, release, performing, displaying or disclosing of the Software and Documentation by the U.S. Government shall be governed solely by the terms of this Agreement. This product was developed fully at private expense. All other use is prohibited.
13.13. Export Compliance. Customer may not export or re-export the Software except in compliance with the United States Export Administration Act and the related rules and regulations and similar non-U.S. government restrictions, if applicable. Customer acknowledges that the Software is subject to export restrictions by the United States government and import restrictions by certain foreign governments. Customer shall not and shall not allow any third-party to remove or export from the United States or allow the export or re-export of any part of the Software or any direct product thereof: (i) into (or to a national or resident of) any embargoed or terrorist-supporting country; (ii) to anyone on the U.S. Commerce Department’s Table of Denial Orders or U.S. Treasury Department’s list of Specially Designated Nationals; (iii) to any country to which such export or re-export is restricted or prohibited, or as to which the United States government or any agency thereof requires an export license or other governmental approval at the time of export or re-export without first obtaining such license or approval; or (iv) otherwise in violation of any export or import restrictions, laws or regulations of any United States or foreign agency or authority. Customer agrees to the foregoing and warrants that it is not located in, under the control of, or a national or resident of any such prohibited country or on any such prohibited party list. The Software and Cloud Offerings are further restricted from being used for the design or development of nuclear, chemical, or biological weapons or missile technology, or for terrorist activity, without the prior permission of the United States government.
13.14. Customer Acknowledgement. Customer agrees that PortX may from time to time identify Customer (with Customer’s name, logo, or trademark) as a PortX customer in or on PortX’s website, sales and marketing materials, or press releases. PortX may not use Customer’s name, logo, or trademark for any other purpose without obtaining Customer’s prior written consent.
13.15. Cloud Providers. PortX shall make commercially reasonable efforts to notify Customer at least six months in advance of any change in the provider of the servers on which the Software, the Hosted Solution, the Platform Subscription, or any data pertaining to Customer or its customers is hosted, and Customer shall have the right to terminate this Agreement and receive a pro rata refund of all prepaid fees any time after receipt of such notice if the new provider of the services is not reasonably acceptable to Customer.
ATTACHMENT 1
License Grant: Software
- Grant of License. Subject to all of the terms and conditions of this Agreement, during the relevant Subscription Term, PortX grants to Customer a non-transferable, non-sublicensable, non-exclusive license to use the Software in object code form for Customer’s own internal business operations, but only in accordance with (i) the Documentation, (ii) this Agreement, and (iii) and all restrictions set forth in the applicable Order Form, including without limitation restrictions related to servers, users, and number of licensed vCores (i.e., the total number of vCores which are running the Software cannot exceed the number of vCores with respect to which the Customer has purchased licenses), computer, website, or field of use. In addition, any third party providing services (“Third Party Service Providers”) to the Customer may use the Software solely for Customer’s internal benefit and solely within the scope of the restrictions just described. Customer shall be liable for all violations of this Agreement by its Third Party Service Providers.
- Installation and Copies. Customer may copy and install on Customer’s computers for use only by Customer’s employees and Third Party Service Providers one (1) copy of the Software for each Subscription designated in the applicable Order Form. Customer may also make one copy of the Software for archival purposes.
- Use by Affiliates. Subject to the terms and conditions of the Agreement and of this Attachment 1, Customer’s Affiliates may use the licenses granted to Customer, provided that: (a) such use is only for the aggregate benefit of Customer and its Affiliates; (b) Customer remains responsible for each such Affiliate’s compliance with the terms and conditions of this Agreement and of each Order Form; (c) Customer provides PortX advance written notice of each such Affiliate usage; (d) subject to the following subsection (e), use of the Software by all Affiliates and Customer in the aggregate must be within the restrictions in the applicable Order Form; and (e) notwithstanding the foregoing, Affiliates may not use Customer’s rights under any “enterprise wide” or unlimited API Unit (or other unlimited quantity) licenses unless Affiliate usage is specifically designated in the applicable Order Form.
- License Restrictions. Customer shall not (and shall not allow any third party to): (a) decompile, disassemble, translate, reverse engineer or otherwise attempt to derive source code from any encrypted or encoded portion of the Software, in whole or in part, nor will Customer use any mechanical, electronic or other method to trace, decompile, disassemble, or identify the source code of the Software or encourage or permit others to do so, except and only to the extent that applicable law prohibits or restricts reverse engineering restrictions (provided, however, before Customer exercises any rights that Customer believes to be entitled to based on mandatory law, Customer shall provide PortX with thirty (30) days prior written notice and provide all reasonably requested information to allow PortX to assess Customer’s claim and, at PortX’s sole discretion, to provide alternatives that reduce any adverse impact on PortX’s intellectual property or other rights); (b) sell, sublicense, rent, lease, distribute, market, or commercialize for any purpose, including timesharing or service bureau purposes: (i) the Software, (ii) any modified version or derivative work of the Software created by the Customer or for the Customer, or (iii) any PortX software, either modified or not, licensed under an open source license; (c) create, develop, license, install, use, or deploy any third party software or services to circumvent, enable, modify or provide access, permissions or rights that violate the technical restrictions of the Software, any additional licensing terms provided by PortX via product documentation, notification, and/or policy change posted at http://www.portx.io, and the terms of the Agreement; (d) remove any product identification, proprietary, copyright or other notices contained in the Software; € modify or create a derivative work of any encrypted or encoded portion of the Software, or any other portion of the Software; or (f) publicly disseminate performance information or analysis (including, without limitation, benchmarks) from any source relating to the Software.
- Limited Software Warranty. PortX warrants, for Customer’s benefit only, that during the Warranty Period, the Software shall operate in substantial conformity with the applicable Documentation. If during the Warranty Period the Software does not substantially conform to the description contained in the applicable Documentation, PortX’s sole liability (and Customer’s sole and exclusive remedy) for any breach of this warranty shall be for PortX to correct the defects in the Software; provided that this remedy is only available if Customer gives PortX written notice of such breach during the Warranty Period. Customer acknowledges that the Software is subscription-based and that, in order to provide improved customer experience, PortX may make changes to the Software and that in such event, PortX will update the Documentation accordingly.
ATTACHMENT 2
Grant of Access and Use: Hosted Solution
- Provisioning. PortX will make the Hosted Solution available to Users pursuant to this Agreement and the relevant Order Forms during the Subscription Term. Customer agrees that Customer’s purchases hereunder are neither contingent on the delivery of any future functionality or features nor dependent on any oral or written public comments made by PortX regarding future functionality or features. Subject to the terms and conditions of this Agreement in general and this Attachment 2 in particular, and the relevant Order Form(s), PortX grants Customer a limited, worldwide, non-assignable and non-exclusive license during the relevant Subscription Term to access and use the Hosted Service. The foregoing access license is for the sole purpose of enabling Customer to use and enjoy the benefit of the Hosted Service as provided by PortX, in the manner permitted by this Agreement.
- Subscriptions; Account Limitations. Hosted Solutions are purchased as Subscriptions and may be accessed by no more than the specified number of vCores set forth on an Order Form. The Hosted Solution also may be subject to account limitations as specified in the Order Form. Customer is responsible for using the Hosted Solution to monitor compliance with such account limitations.
- Use by Affiliates. Subject to the terms and conditions of the Agreement and of this Attachment 2, Customer’s Affiliates may use the licenses granted to Customer, provided that: (a) such use is only for the aggregate benefit of Customer and its Affiliates; (b) Customer remains responsible for each such Affiliate’s compliance with the terms and conditions of this Agreement and of each Order Form; (c) subject to the following subsection (d), use of the Hosted Solution by all Affiliates and Customer in the aggregate must be within the restrictions in the applicable Order Form; and (d) notwithstanding the foregoing, Affiliates may not use Customer’s rights under any unlimited vCores (or other unlimited quantity) licenses unless Affiliate usage is specifically designated in the applicable Order Form.
- Customer Data. PortX maintains security of the Hosted Solution in accordance with the following policy: https://www.portx.io/data_protection/. PortX may update this policy provided any such updates will not degrade or materially change PortX obligations therein. For the Hosted Solution, PortX does not directly store, monitor, track, or inspect Customer Data, including personally identifiable information (PII), and personal healthcare information (PHI). Customer may configure the appropriate software settings based on Customer’s use and security standards. PortX will not (a) modify Customer Data, (b) disclose Customer Data except as compelled by law or as expressly permitted in writing by Customer, or (c) access Customer Data, except to access to address service or technical problems. Any exchange of data between Customer and any Third Party Solutions Components (or by Customer between two or more Third Party Solutions Components), is solely between Customer and the applicable provider of the Third Party Solutions Components.
- Restrictions. Customer will not (i) permit any third party to access the Hosted Solution except as permitted herein and in the relevant Order Form, (ii) create derivate works based on the Hosted Solution, (iii) copy, frame or mirror any part or content of the Hosted Solution, (iv) decompile, disassemble, translate, reverse engineer or otherwise attempt to derive source code from the Hosted Solution, in whole or in part, nor will Customer use any mechanical, electronic or other method to trace, decompile, disassemble, or identify the source code of the Hosted Solution or encourage or permit others to do so (except and only to the extent that applicable law prohibits or restricts reverse engineering restrictions), (v) access the Hosted Solution in order to (a) build a competitive product or service, or (b) copy any features, functions or graphics of the Hosted Solution, (vi) sell, resell, rent or lease the Hosted Solution (vii) use the Cloud Offerings to store or transmit infringing, libelous, or otherwise unlawful or tortious material, or to store or transmit material in violation of third-party privacy rights (or otherwise use the Hosted Solution in violation of the Documentation or any PortX terms of service), (viii) store or transmit virus or other malicious code through the Hosted Solution, (ix) interfere with or disrupt the integrity or performance of the Hosted Solution or third-party products or data contained therein, or (x) attempt to gain unauthorized access to the Hosted Solution or their related systems or networks. Customer acknowledges that Customer is solely responsible for complying with, and covenants to comply with, all laws applicable to Customer and to Customer’s use of the Hosted Solution, including without limitation all laws and regulations relating to the protection and non-disclosure of Customer Data. Without limiting the generality of the foregoing, the Customer is solely responsible for using the Hosted Solution in compliance with, any applicable data privacy or personally identifiable information.
- AWS Terms. If PortX uses Amazon Web Service (“AWS”) cloud infrastructure for its Hosted Solution. Customer acknowledges the use of the Hosted Solution is subject to the terms and limitations set forth in the AWS Customer Agreement: http://aws.amazon.com/agreement/.
- Azure Terms. If PortX uses Microsoft Azure cloud infrastructure for its Hosted Solution. Customer acknowledges the use of the Hosted Solution is subject to the terms and limitations set forth in the Microsoft Azure Service Agreement: https://azure.microsoft.com/en-us/support/legal/
- Warranty. PortX warrants, for Customer’s benefit only, that during the Warranty Period, the Hosted Solution shall perform materially in accordance with the Documentation. If during the Warranty Period the Hosted Solution does not perform materially in accordance with the Documentation, PortX’s sole liability (and Customer’s sole and exclusive remedy) for any breach of this warranty shall be for PortX to correct the defects in the Hosted Solution. Customer acknowledges that the Hosted Solution is subscription-based and that, in order to provide improved customer experience, PortX may make changes to the Hosted Solution and that in such event, PortX will update the Documentation accordingly.
ATTACHMENT 3
Grant of Access and Use: Platform Subscription
The PortX Platform Subscription comprises the following:
- License to PortX Banking Platform solution
- PortX Integration Manager
- PortX Payment Manager
- Capacity:
- The number of vCores specified in the Order Form
- The number of transactions specified in the Order Form
- One (1) Discovery Workshop per year
- The number of Engineering Units specified in the Order Form
Platform Subscription Terms
- vCores. Customer is licensed to the number of vCores specified in the Order Form.
- Discovery Workshop. Upon mutual scheduling of the parties, PortX will engage with Customer to provide a workshop to gather requirements for Customer’s integration priorities, assist Customer with planning for solutions, develop solution designs and provide documentation and a presentation. Travel expenses are not included in the subscription fee
- Engineering Unit. Customer will have access to the number of Engineering Units specified in an Order Form. An Engineering Unit is one (1) developer and related support staff architecture, project management and testing) for the purpose of deploying and configuring PortX in the Customer’s environment, and developing requested API’s, within the following parameters:
- Customer shall submit a ticket to PortX for each requested project.
- Customer will provide PortX with access to necessary personnel, technical specifications, and technologies (e.g. banking core, and other services for integration.
- PortX shall provide a project plan for delivering the project within two weeks of receipt of a project ticket.
(If purchased in an Order Form) Premium Support & Monitoring
If specified in an Order Form, as a replacement for PortX standard support, Customer shall receive Premium Support which includes 24/7 support as described in Attachment 1. Additionally, PortX shall implement an advanced automated framework. The automated monitoring will notify the PortX support team of critical errors or outages of the Customer’s PortX Banking Platform instance, enabling PortX to proactively remedy such issues as efficiently as possible.
Intellectual Property
Work Product – Ownership & Support
While providing integration, implementation, configuration, and development for Customer under the PortX Platform Subscription, PortX may create derivative works of PortX software, develop new software (including API’s) or other works of authorship (collectively “Work Product”). Subject to Customer’s ownership interest in, and PortX obligations with respect to, Customer’s Confidential Information, PortX shall own all right title and interest in and to all Work Product, including all intellectual property rights therein and thereto. Subject to the additional terms below, all Work Product shall be subject to the Master Subscription Agreement and Premium Support & Monitoring during the subscription term.
Transferability – License (post subscription term)
Subject to Customer’s full payment of all contracted fees, PortX hereby grants Customer, solely for Customer’s and its affiliates’ internal business operations, a limited, non-exclusive, non-transferable (except in connection with a merger, acquisition, asset sale or corporate reorganization) perpetual right and license to: (a) Use Work Product that are API’s, (b) modify and configure such Work Product that are API’s as may be necessary to permit Customer to transfer and continue to utilize such Work Product API’s (e.g. outside of the PortX platform), and (c) permit affiliates or third-party contractors to perform services on Customer’s behalf, to effectuate Customer’s rights hereunder, provided that (i) such use must be solely for the benefit of Customer or affiliates; (ii) Customer shall be responsible for all acts and omissions of such third parties, and (iii) Customer shall not sublicense such Work Product API’s to any third-party. For clarity and the avoidance of doubt, any such Work Product that are subject to this provision are not eligible for support or maintenance.
ADDENDUM A
SUPPORT & MAINTENANCE
SERVICE LEVEL AGREEMENT
1. Definitions
- Business Hour: means each hour during a Business Day.
- Business Day: means 8:00 a.m. through 5:00 p.m. Pacific Time on a Monday through a Friday, excluding U.S. Federal holidays.
- Error: means any Severity Level S1 error, Severity Level S2 error, Severity Level S3 error or Severity Level S4 error, each as defined in the error severity definition table below.
- Major Releases: means generally commercially released major new releases, modifications or enhancements to the same software product as designated by a change in the number to the left of the decimal in the version number. Major Releases do not include separate or different products marketed by PortX under a different name even if such products are compatible with the relevant software product.
- Minor Releases: means generally commercially released code corrections, patches, updates and minor version releases of the same software product as designated by a change in the number to the right of the decimal in the version number.
- “Service Level Failure” means a breach by PortX of Section 2 or Section 10 of this Exhibit.
Severity Level | Description |
S1 | System outage, or production system outage. The software in production environment is unusable and/or is severely impacting other critical business functions, and no workaround is available. |
S2 | Key functionality impaired, no work around, or non-production outage impacting critical milestone. Reported issue affects key functionality and/or causes some performance degradation, and no workaround is available that does not result in a material diminishment of product functionality available to Customer or any Customer (a “Workaround”). Other product features are still functional. The software is in non-production environment and is nearing a critical milestone, is unusable, and no workaround is available. |
S3 | Moderate impact with work around. Issue has moderate or minor impact on usage, and product remains functional. This category may include enhancement requests, common how-to questions, and any product issues with a Workaround. |
S4 | Minor impact: Includes minor, cosmetic, or documentation-related issues, and enhancement requests that are not time-sensitive. There is no impact on the product’s existing features. |
2. Error Response & Service Levels: Upon receipt of a report of an Error, PortX shall assign appropriate technical personnel to the issue and provide Customer with acknowledgment that it has received such Error report (such actions together, a “Response”). Customer will submit Error reports through the PortX Support ticket portal. PortX will (i) promptly provide Customer with a Response to each incident in accordance with the table below and (ii) promptly resolve each incident. A resolution may consist of an Error fix that restores the affected functionality, Workaround or other substantially similar solution as appropriate. Below are the minimum service level commitments that PortX makes to Customer with respect to maintenance and support:
a. Error Response Time
Severity Level | Response Time |
S1 | 30 Minutes |
S2 | 1 Business Hour |
S3 | 6 Business Hours |
S4 | 2 Business Days |
b. Resolution
i. For Severity 1 Errors, PortX will work until resolved, and in any event PortX will correct the Error and provide such correction within one (1) calendar day after notice of such Error.
ii. For Severity 2 Errors, PortX will work continuously during Business Hours until resolved. If no Workaround is possible, and the Error is for any functions material to the business of a Customer, then the Error will be treated as a Severity 1 Error.
iii. For Severity 1 or 2 Errors, PortX will within 30 days of Error resolution provide Customer with a written analysis of the cause of the Error and steps that are or will be taken to prevent similar future errors.
iv. All costs and expenses for Error corrections shall be borne by PortX.
3. Designated Customer Contacts. Customer may elect up to three (3) designated Customer contacts who have authority to provide notice of Errors.
4. Error Designation. PortX’s support personnel will (a) verify Customer- or Customer-detected Errors and (b) determine the severity of the support request and whether the support request is a Severity Level S1 error, a Severity Level S2 error, a Severity Level S3 error, a Severity Level S4 error or not an Error.
5. Conditions for Providing Support. PortX’s obligation to provide support pursuant to this Exhibit D is conditioned upon Customer’s using commercially reasonable efforts to provide PortX with sufficient information, in response to inquiries by PortX, concerning the nature of the applicable Error or issue.
6. Exclusions. PortX shall have no obligation under this Exhibit D to provide Support and Maintenance for: (i) software other than (a) the software included in a Hosted Solution, excluding Custom Components, (b) as specified in the applicable documentation; (ii) altered or modified software, unless altered or modified by or with the permission of PortX; (iii) Errors in software due to use in a manner prohibited by the Agreement; and (iv) evaluation software or other software provided at no charge (other than professional connectors as identified on PortX.io ((i) through (iv), collectively, the “Support Exclusions”).
7. Maintenance. During the Subscription Term, PortX shall respond to online and email support requests regarding use and deployment, will provide Major and Minor Releases of the same software product(s) licensed by Customer under the Agreement and will resolve errors in accordance with Section 2 of this Addendum (“Support and Maintenance”).
8. Suspension of Support and Maintenance. PortX reserves the right to suspend performance of Support and Maintenance if Customer materially breaches the Agreement and fails to cure such breach within thirty (30) days after receiving written notice of such breach in accordance with Section 4.1 of the Master Subscription Agreement.
9. Production Hosted Solution SLA
a. PortX will use commercially reasonable efforts to make the Hosted Solution available 24 hours a day, 7 days a week, except for: (i) planned downtime (of which PortX shall give advance electronic notice), and (ii) any unavailability caused by circumstances beyond PortX’s reasonable control, including, for example, an act of God, act of government, flood, fire, earthquake, civil unrest, act of terror, strike or other labor problem (other than one involving PortX employees), Internet service provider failure or delay, Non-PortX Application, or denial of service attack.
b. “Available” or “Availability” means the Hosted Solution shall: (i) be available for access and use over the Internet by Customer; and (ii) provide the material functionality set forth in the Agreement and the applicable documentation (including the capacity to execute transactions in accordance with all specifications applicable to the Hosted Solution).
c. “Monthly Fee” means the portion of the Subscription Fees and Platform Subscription Fees corresponding to any 30-day period of the Subscription Term. For example, if such fees were paid annually in advance, then the Monthly Fee would be one-twelfth of the corresponding annual amount.
d. “Planned downtime: will be a) no more than 2 hours per month, with a minimum 48 hour advance notice, scheduled during “slow times” for the end bank customer.
e. The Hosted Solution shall be Available to Customer and each Customer not less than the Availability/ Monthly Uptime SLAs percentage of the time each calendar month. For the purposes of this Section 10, monthly Availability is determined by dividing the number of seconds each calendar month that the Hosted Solution was not Available by the total number of seconds in such calendar month. If the Hosted Solution is Available less than the Availability/ Monthly Uptime SLAs percentage of any calendar month during the Term, Customer shall be eligible for a refund service credit equal to the percentage of the Monthly Fee corresponding to the Availability percentage for the applicable calendar month, as set forth in the table below.
Production Credit Formula
Premium Availability/ Monthly Uptime SLAs | Percentage credit for monthly fees |
99.99 to 99.5% | 5% |
99.4 to 98% | 10% |
Less than 98% | 15% |
f. Customer shall not be entitled to service credits under this Exhibit if (A) the Hosted Solution is unavailable as a result of Support Exclusions or (B) the Hosted Solution is not deployed in a production environment. Customer shall have the right to terminate the Agreement if the uptime in any rolling thirty-day period is less than 98%. For clarity, the service credit described herein and the express remedies set forth above and in the Master Subscription Agreement, shall be Customer’s sole and exclusive remedy for any breach of this Section 10 (Hosted Solution SLA).
10. Service Monitoring & Management.
a. PortX will perform continuous monitoring and management of the Hosted Solution to optimize availability of the Hosted Solution. Included within the scope of this section is the proactive monitoring of the Hosted Solution for failures and other errors on a 7 day by 24 hour basis, and the expedient restoration of components when failures or errors occur within the time period set forth in this Exhibit D. PortX shall maintain redundancy in all key components such that outages of the Hosted Solution are less likely to occur due to individual component failures. PortX shall be responsible for monitoring service level performance and shall provide Customer with reports within 5 business days upon request showing service level performance during the reporting period.
b. PortX will monitor “heartbeat” signals of all Hosted Solution and HTTP availability of the Hosted Solution, by proactive probing at 60-second intervals 24 hours a day using an automated tool. If a facility does not respond to a ping-like stimulus, it shall be immediately checked again. When PortX receives a “down” signal, or otherwise has knowledge of a failure in the Hosted Solution or the Platform Subscription, PortX personnel will take the following actions:
i. Confirm (or disconfirm) the outage by a direct check of the facility;
ii. If confirmed, use commercially reasonable efforts to restore the service in one hour or less, or, if determined to be a telecommunications company or hosting service provider problem, open a trouble ticket with the telecommunications company or hosting service provider;
iii. Notify Customer by telephone or cellphone according to mutually agreed upon procedures that an outage has occurred, providing such details as may be available, including PortX trouble ticket number, if appropriate, and time of outage;
iv. Work the problems until resolution, escalating to management or to engineering as required; and
v. Within 30 days of resolution, provide Customer with a written analysis of the cause of the outage and steps that are or will be taken to prevent similar future outages.
c. Upon request by Customer, PortX shall promptly investigate the root causes of any Service Level Failure and shall provide to Customer (promptly after becoming aware of such Service Level Failure) an analysis of such root causes and a proposed corrective action plan for Customer’s review, comment and approval.
d. Vendor shall use commercially reasonable efforts to (a) notify Customer of scheduled outages at least twenty-four (24) hours in advance, (b) cause such outages to last no longer than one hour and (c) schedule such outages between the hours of 1 a.m. and 3 a.m., Pacific Time.
ADDENDUM B
DATA PROCESSING
1. Definitions.
“Affiliate” means an entity that owns or controls, is owned or controlled by or is or under common control or ownership with either Customer or PortX respectively, where control is defined as the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through ownership of voting securities, by contract or otherwise.
“Applicable Laws” means any privacy or security law that applies to Customer Personal Data.
“Customer Personal Data” means information that is processed by PortX, or collected by PortX, on behalf of Customer which identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular identified or identifiable person or household.
“Subprocessor” means any Processor (including any third party and any PortX Affiliate) appointed by PortX to Process Customer Personal Data.
“Data Subject” means any identifiable individual or household included, or previously included, within the Customer Personal Data.
“Process” means any operation or set of operations that are performed on Customer Data.
“Processor” means any entity that performs the Processing of Customer Personal Data. For the purposes of this Agreement and Addendum, PortX and any authorized subcontractors are Processors.
“Regulator” refers to any government agency responsible for enforcing the Applicable Laws.
“Personal Data Breach” means the accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure of, or access to, Customer Personal Data transmitted, stored or otherwise processed. Should any other definition of “breach,” “data breach,” or “personal data breach” that appears in any Applicable Law be broader in scope than the definition provided here, the definition in said law shall control.
2. Authorization to Process Data. PortX may Process Customer Personal Data as per the terms of the Agreement and this Addendum. PortX shall not Process Customer Personal Data for any purpose other than those specified in the Agreement, this Addendum, or Customer’s documented instructions. PortX shall immediately inform the Customer if, in its opinion, any processing instruction infringes upon any Applicable Law.
3. Confidentiality. All Customer Personal Data is Confidential Information (as defined by the Agreement) and PortX will limit access to those individuals who need to access Customer Personal Data, and will contractually require all individuals that have access to Customer Personal Data to keep such data confidential.
4. Security. PortX shall implement reasonable and appropriate technical and organizational measures to protect Customer Personal Data. In assessing the appropriate level of security, PortX shall take into account the risks that are presented by Processing, in particular from accidental, unauthorized, or unlawful destruction, loss, alteration, damage, disclosure of, or access to Customer Personal Data transmitted or stored. PortX and any Subprocessors represent and warrant that their security program is documented using an accepted industry framework (e.g. CIS, NIST, ISO, etc.). Subject to Section 4 of the Agreement,Customer shall have the right to terminate the Agreement without penalty should PortX willfully or materially fails in any of its obligations under this Addendum. In the event of termination, PortX’s obligations within this Addendum shall continue for so long as PortX has access to Customer Personal Data.
5. Subprocessing.PortX shall provide Customer with a list of any and all Subprocessors upon request. Should Customer provide a reasonable object to a particular Subprocessor, PortX will make commercially reasonable efforts to replace such Subprocessor and Customer shall be responsible for any reasonable (and justifiable) fee adjustments.
With respect to each Subprocessor, PortX shall:
- Carry out adequate due diligence on each Subprocessor to ensure that it is capable of providing the level of protection for Customer Personal Data as is required by this Addendum and provide evidence of such due diligence to Customer if requested by Customer in writing or if requested by a Regulator;
- Maintain written contracts with all Subprocessors that require compliance with PortX obligations herein;
- Remain fully liable to Customer for the actions of Subprocessors in relation to the Customer Personal Data.
6. Data Subject Rights.PortX shall assist Customer in responding to complaints, communications, or requests by a Data Subject to exercise a right under Applicable Laws relating to the Customer Personal Data. This shall include, at minimum, that the PortX and its Subprocessors maintain the ability to access, modify, remove from processing, or irrevocably delete or destroy the data of an individual Data Subject when requested by Customer.Should the PortX or any Subprocessor directly perform any data collection from Data Subjects in connection with the Customer’s instructions, the PortX shall ensure that Data Subjects receive the Customer’s Privacy Policy at or before the point at which any information is collected about the Data Subject.PortX shall promptly notify Customer if it receives a request from a Data Subject in respect to Customer Personal Data, including a request by a Data Subject that PortX access, modify, or delete Customer Personal Data. PortX shall await instructions from Customer concerning whether, and how to, respond to such a request.
7. Personal Data Breach.PortX shall notify Customer immediately upon PortX or any Subprocessor becoming aware of a Personal Data Breach potentially affecting Customer Personal Data, and will provide Customer with sufficient information to allow Customer to meet any obligations to report or inform Data Subjects or relevant Regulators of the Personal Data Breach, and shall further include information that Licensee reasonably requires to enable Licensee to expeditiously implement its response program in accordance with the Interagency Guidelines on Response Programs for Unauthorized Access to Customer Information and Customer Notice (68 F.R. 47594 (Aug. 12, 2003) or any successor pronouncement or regulation).PortX shall, and shall require any Subprocessor to, cooperate with Customer and each Customer Affiliate and take such reasonable commercial steps to assist in the investigation, mitigation, and remediation of any such Personal Data Breach. To the extent incurred in connection with a Personal Data Breach due to PortX’s or any Subprocessor’s action or inaction, PortX shall be responsible for: (a) Customer’s attorneys’ and consultants’ fees; (b) the cost of providing notice to affected Data Subjects; (c) the cost of providing notice to Regulators, credit bureaus, or other required entities; (d) the cost of providing affected Data Subjects with credit monitoring and protection services for twelve (12) months (or longer, if required by Applicable Laws) to the extent the disclosure of the affected Data Subject’s Personal Data could lead to a compromise of the Data Subjects’ credit or credit standing or if otherwise required by Applicable Law; (e) the cost of any other legally required or industry standard measures; and (f) fines or penalties attributable to the Personal Data Breach.
8. Financial Services Regulatory and PCI Compliance. PortX agrees that if at any time during the Term, it or any Subcontractor stores, transmits, or accesses data and information under this Agreement in such a manner that requires Payment Card Industry Data Security Standards (“PCI-DSS”) compliance, PortX will, or will require the Subcontractor to, comply with the level of PCI-DSS applicable to its activities and PortX or the Subcontractor shall, at a minimum, be assessed annually for compliance with PCI-DSS by a qualified security assessor approved by the PCI Security Standards Council (a (“QSA”). A copy of such annual PCI-DSS Report on Compliance shall be provided to Customer upon request.
9. Data Protection Impact Assessment and Prior Consultation. PortX shall provide reasonable assistance to Customer with any data protection impact assessments which are required under Applicable Law in relation to the PortX’s Processing of Customer Personal Data.
10. Deletion or return of Customer Personal Data.PortX shall promptly upon Customer’s request or in any event within 60 calendar days of the effective date of termination of the Agreement: (a) return a copy of all Customer Personal Data to Customer by secure file transfer in such format as notified by Customer to PortX; or (b) delete and procure the deletion of all other copies of Customer Personal Data Processed by PortX or any Subprocessor.PortX may retain Customer Personal Data to the extent required by Applicable Laws, but only to the extent and for such period as required by Applicable Laws. PortX will notify Customer in writing if it believes that such a legal requirement exists. If required by law to retain Customer Personal Data, PortX will continue to ensure the confidentiality of such Customer Personal Data and only Process Customer Personal Data as necessary for the purpose specified in the Applicable Laws that require its storage.
11. Relevant Records and Audit Rights.Upon Customer’s request, PortX shall promptly make available to Customer all information reasonably necessary to demonstrate compliance with this Addendum.In addition to any audit rights granted pursuant to the Agreement, PortX shall allow for and contribute to audits, including inspections, by Customer or an auditor mandated by Customer (“Mandated Auditor”) of any premises where the Processing of Customer Personal Data takes place in order to assess compliance with this Addendum, and shall provide reasonable access to the Mandated Auditor to inspect, audit, and copy any relevant records, processes, and systems documents in order that Customer may satisfy itself that the provisions of this Addendum are being complied with.
12. International Data Transfer. No Customer Personal Data shall be transmitted or stored outside of the United States of America.
13. Liability. Notwithstanding anything to the contrary in the Agreement, PortX shall indemnify Customer for any third party claim that arises out of, or relates to, a breach of this Addendum.
14. General Terms. Any obligation imposed on PortX under this Addendum in relation to the Processing of Personal Data shall survive any termination or expiration of this Addendum. Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum shall remain valid and in force. The invalid or unenforceable provision shall be either: (a) amended as necessary to ensure its validity and enforceability, while preserving the intent of the provision as closely as possible or, if this is not possible, (b) construed in a manner as if the invalid or unenforceable part had never been contained therein. Customer and PortX expressly recognize and agree that this Addendum includes provisions addressed in other portions of the Agreement. Customer and PortX hereby agree that the terms and conditions set out herein shall be added as an Addendum to the Agreement. This Addendum and the other portions of the Agreement shall be read together and construed, to the extent possible, to be in concert with each other. In respect of any conflict between the Agreement and this Addendum, the provisions which provide the greatest protection of the Customer Personal Data shall prevail; provided, however, that in no event shall this Addendum be deemed to eliminate, limit, or otherwise diminish PortX’s obligations or commitments to Customer under portions of the Agreement.