Software as a Service Attachment
Version 1.0
Last modified: June 26, 2026
This Attachment will apply to the extent that Supplier provides any SaaS Services to Purchaser.
1. Definitions.
1.1 “Documentation” means documents in any format, including specifications, performance metrics, user manuals, reference guides or materials, or instructions regarding the use, functionality, and performance of the Saas Services made available by Supplier.
1.2 “Purchaser Data,” for purposes of this Software as a Service Attachment, means Purchaser Data that is provided, inputted, or otherwise made available by Purchaser in connection with its use of the SaaS Services, and includes any content, data, or information that is an output of, results from, or is otherwise generated in connection with such use.
1.3 “Updates” means all updates, error corrections, fixes, patches, maintenance releases, enhancements, improvements, and upgrades.
2. SaaS Services.
2.1 Provision. Supplier shall provide SaaS Services, including any configuration and implementation requirements, as set forth in applicable Ordering Document and this Software as a Service Attachment. Any “click-through,” “click-wrap,” or other online terms of services that Purchaser or its users are required to accept will not be binding and will have no legal effect or validity as to the SaaS Services or the Ordering Document.
2.2 Use Rights. Supplier grants to Purchaser and all other users identified in the Ordering Document a non-exclusive, worldwide, royalty-free, fully paid-up, enterprise-wide right to access and use the SaaS Services described in the Ordering Document and the related Documentation, with the right to sublicense any third party providing services to Purchaser, during the term set forth in the Ordering Document. The rights under this section apply to all Updates to the SaaS Services made generally available by or on behalf of Supplier.
2.3 Access Credentials. Supplier shall provide Purchaser with access credentials to access the SaaS Services promptly upon acceptance of the Ordering Document.
2.4 Restrictions. Supplier shall not decompile, disassemble, reverse engineer, or otherwise attempt to extract the source code of the SaaS Services, except as expressly permitted under the Ordering Document or Law. Purchaser shall not remove any proprietary marks or confidentiality notices contained in the SaaS Services.
2.5 Reservation of Rights. As between the Parties, Supplier owns and reserves all rights, title, and interest, including associated Intellectual Property Rights, in and to the SaaS Services and any Updates to it, excluding with respect to any Purchaser Data processed thereby.
3. Supplier Obligations.
3.1 Operations. Supplier shall maintain and operate the SaaS Services so that they operate in a manner to perform as required in accordance with applicable Documentation, the Service Level Agreement (as described in Section 8 below), and the Contract. Supplier shall ensure that any Purchaser Data used in connection with the SaaS Services is logically or physically segregated from data of any other Supplier customers.
3.2 Operating Environment. As applicable, the hardware and software environment required for Purchaser to properly access and use the SaaS Services will be set forth in the applicable Ordering Document. If any hardware or software components other than the operating environment are necessary for Purchaser to properly access and use, and for Supplier to operate, the SaaS Services, Supplier shall procure all such other hardware and software components at Supplier’s sole cost and expense.
4. Purchaser Data.
4.1 Limited Use. Purchaser hereby grants Supplier a limited, non-exclusive, non-transferable, non-sublicensable license to collect, host, use, access, store, display, creative derivative works of, and otherwise process Purchaser Data solely to the extent necessary for Supplier to provide the SaaS Services and perform any of its other obligations under the applicable Ordering Document for the term of such Ordering Document.
4.2 Retrieval of Purchaser Data. During the term and for the sixty (60) day period following termination or expiration of the applicable Ordering Document for any reason, Supplier shall enable functionality that will allow Purchaser to download or otherwise retrieve any Purchaser Data that is stored in the SaaS Services. Promptly upon the end of such sixty (60)-day period, Supplier shall destroy or permanently delete all Purchaser Data relating to that Ordering Document.
4.3 Ownership. Purchaser owns and reserves all rights, title, and interest, including all associated Intellectual Property Rights, to Purchaser Data. No rights, title, or interest to any Purchaser Data or any other Intellectual Property Rights of Purchaser is transferred or licensed to Supplier except as expressly set forth in the Contract.
5. Data Security.
5.1 Safeguards. Supplier shall: (a) establish, implement, and maintain commercially reasonable safeguards to protect against the destruction, loss, alteration, and unauthorized access and use of Purchaser Data in the possession or control of Supplier (or its subcontractors) that are no less rigorous than those maintained by Purchaser as of the Effective Date and are no less rigorous than those maintained by Supplier for its own data of a similar nature; and (b) comply with Purchaser’s information and data security policies as disclosed to Supplier from time to time.
5.2 Restrictions. All Purchaser Data are the exclusive property of Purchaser. Supplier shall not prevent Purchaser from accessing Purchaser Data or withhold or restrict access to Purchaser Data (in whatever format) for any reason and under any circumstances. Absent Purchaser’s prior written consent, Purchaser Data must not be (a) used, disclosed, monitored, analyzed, individualized, anonymized, aggregated, stored, copied, or otherwise provided to third parties by Supplier or its Personnel; (b) sold, assigned, or leased by Supplier or its Personnel; or (c) commercially exploited in any form by or on behalf of Supplier or its Personnel.
5.3 Data Breach. If Supplier becomes aware of any actual or threatened breach of Purchaser Data, Supplier must immediately notify Purchaser and fully cooperate to secure Purchaser Data. Supplier must at all times comply with all of Purchaser’s data retention, use, and privacy standards and all Laws relating to Supplier’s access to and use of Purchaser Data (including any Personal Data). Except as otherwise agreed in a DPA (if applicable), Supplier shall not process or cause any Purchaser Data to be processed, transferred, or accessed outside of the United States without first obtaining Purchaser’s prior written consent. Supplier must ensure that any subcontractors or subprocessors permitted under the Contract abide by the same restrictions contained in the foregoing sentence.
6. Representations and Warranties.
6.1 SaaS Services. Supplier represents and warrants to Purchaser: (a) the SaaS Services will perform materially in accordance with the Documentation, Service Level Agreement, and the Contract; and (b) it will use commercially reasonable efforts to correct material Errors (as defined in Section 8 below) that are reported by Purchaser; (c) it will update the Documentation so that it continues to describe the SaaS Services in all material respects; (d) the SaaS Services do not contain code intended to disrupt, damage, provide unauthorized access to, or interfere with Purchaser’s systems, software, Purchaser Data, or Purchaser’s rights under the Contract; and (f) the SaaS Services do not violate or infringe any third party’s Intellectual Property Rights.
6.2 Open Source and Other Materials. Supplier represents and warrants to Purchaser that Supplier: (a) shall not incorporate or use any third party’s Intellectual Property or open source materials in the SaaS Services that are governed by any version of the Affero General Public License (AGPL) or similar license terms applicable to hosted software and (b) may incorporate or use other third party Intellectual Property or open source materials only as expressly described in the applicable Ordering Document.
6.3 Legal Proceedings. Supplier represents and warrants to Purchaser that no legal proceedings have been threatened or brought against Supplier that could threaten the provision of the SaaS Services to Purchaser and shall promptly notify Purchaser in writing if such legal proceedings are brought against Supplier during the term of the Ordering Document.
6.4 Remedies. In addition to the indemnification obligations in the Contract, if the use of the SaaS Services infringes or misappropriates any third-party rights, including Intellectual Property Rights, Supplier shall do the following at its sole expense: (a) procure the right for Supplier and its users to continue using the SaaS Services; (b) modify the SaaS Services to make them non-infringing without materially reducing functionality; or (c) replace the SaaS Services with a non-infringing, functionally-equivalent alternative.
7. Transition Assistance.
Notwithstanding anything to the contrary in the Contract, on termination or expiration of any Ordering Document for SaaS Services, Supplier shall provide reasonably requested assistance to Purchaser to facilitate a timely and orderly transition of SaaS Services and Purchaser Data to Purchaser or its designee. As requested by Purchaser, Supplier shall continue to provide the SaaS Services (and the applicable terms of the Contract, including payment and access and use rights, will continue to apply) until such transition is complete.
8. Service Levels and Maintenance and Support.
Supplier shall maintain and support the SaaS Services to ensure connectivity and access by Purchaser and its users in accordance with the Service Level Agreement (“SLA”) set forth in Exhibit A to this Attachment. Supplier shall promptly repair or replace, without any additional charge, the SaaS Services, to fix any bugs, defects, or errors (collectively, “Errors”).
9. Survival.
Sections 1 (Definitions), 4.2 (Retrieval of Purchaser Data), 4.3 (Ownership), 5 (Data Security) , and 7 (Transition Assistance) of this Attachment will survive any expiration or termination of the Contract.
EXHIBIT A
SERVICE LEVEL AGREEMENT
Supplier shall provide the following service levels for the SaaS Services as set forth below.
1. Service Availability. Supplier shall make the SaaS Services available at least 99.99% of the time in a Reporting Period, excluding for Maintenance Time.
1.1 Defined Terms. Capitalized terms will have the meanings provided below or as otherwise defined in this Attachment:
(a) “Downtime” means the time that users of the SaaS Services are not able to (i) access the SaaS Services; (ii) perform ordinary functions to use or receive SaaS Services in accordance with Documentation; or (iii) use the SaaS Services for normal business operations due to failure malfunction or delay. Downtime does not include any unavailability of the SaaS Services due to Maintenance Time.
(b) “Maintenance Time” means the time (in minutes) that the SaaS Services are not accessible to Purchaser for maintenance periods scheduled with advance notice to perform system maintenance, backup, and system Updates for the SaaS Services.
(c) “Reporting Period” means a calendar month.
1.2 System Maintenance Notice.
(a) Supplier shall provide Purchaser with at least ten (10) business days’ prior written notice of any scheduled maintenance or sixty minutes’ advance written notice for unscheduled, emergency maintenance. Provider shall provide such notices to Purchaser by email to an address provided by Purchaser. Maintenance Time in a given Reporting Period will not exceed two (2) hours and will only be performed on Friday or Saturday between the hours of 1:00 a.m. and 3:00 a.m. PST. Any time during which the SaaS Services is unavailable to Purchaser due to maintenance or other activity by Supplier for which Supplier fails to give notice, which exceeds the permitted time allotment, or which occurs outside of the foregoing permitted hours will be included in the calculation of Downtime.
(b) Supplier represents and warrants that no Update (i) will impair the operation or disable or inhibit any functions or features of the SaaS Services or cause performance of the SaaS Services to degrade; or (ii) adversely affect the form, fit, function, reliability, safety, or serviceability of the SaaS Services.
1.3 Uptime. “Service Availability” will be calculated for each Reporting Period as follows, expressed as a percentage:
((Total minutes in Reporting Period-Maintenance Time-Downtime)/(Total minutes in Reporting Period-Maintenance Time))*100
1.4 Service Credits for Service Availability. If Supplier does not meet the Service Availability commitment in a Reporting Period, Purchaser will be eligible to receive a service credit equal to:
Service Availability | Credits |
99.01–99.98% | 1% of total monthly fee |
96.6–99% | 10% of total monthly fee |
< 96.5% | 25% of total monthly fee |
1.5 Reporting. During the term of the Contract, Supplier shall, upon Purchaser’s request (which made be made by telephone or email), provide monthly reports to Purchaser that include Supplier’s performance with respect to the service levels and such other metrics as reasonably requested by Purchaser from time to time.
1.6 SLA Credit Procedures. Supplier shall credit all SLA credits accrued to Purchaser in the month in which the SLA credits accrue, provided that if no further invoices will be submitted to Purchaser hereunder, Supplier shall pay such SLA credits to Purchaser within thirty (30) days of the end of the month in which such SLA credits accrue.
1.7 Termination. Customer may terminate the Contract upon five (5) days’ written notice to Supplier if the Service Availability falls below 98% in each of two consecutive Reporting Periods or three or more Reporting Periods in a six-month consecutive period.
3. Error Response.
3.1 Severity Level Response. Supplier shall respond to Errors in accordance with the severity levels set out in the table below in the time periods set forth therein.
Severity Level | Description of Error and Impact | Response Time | Resolution Time |
1 | A critical condition which makes the use or continued use of any one or more functions of the SaaS Services impossible or significantly impaired. | Within 30 minutes | 4 hours |
2 | Any condition which results in or causes serious impact and outage to the SaaS Services or a service failure resulting in significant degradation of quality and performance of the SaaS Services. | Within 4 hours | 8 hours |
3 | Non-critical or serious condition that causes or results in temporary or minor performance degradations that do not materially impact Purchaser’s use of the SaaS Services. | Within one day | Three business days |
4 | A minor problem condition or Documentation error which Purchaser can easily circumvent or avoid. Additional requests for new feature suggestions are classified as Severity Level 4. | Within 48 hours | Earlier of 30 days or next Update |
3.2 Availability and Contacts. Supplier shall make technical support available to Purchaser by toll-free telephone number and e-mail, 24 hours per day, 7 days per week. Supplier’s support Personnel will provide Purchaser with remote assistance for help in using and operating the SaaS Services and to accept reports of Errors in the SaaS Services. Supplier shall ensure that Personnel performing any maintenance and support services are experienced, knowledgeable, and qualified in the use, maintenance, and support of the SaaS Services.
4. Business Continuity and Backups.
4.1 Business Continuity Plan. Supplier shall maintain an appropriate disaster recovery and business continuity system in place in accordance with good industry practice that, in the event of emergency or failure, ensures the continued performance of the SaaS Services in accordance with the Contract. Supplier shall provide such plan to Purchaser upon written request.
4.2 Data Backups. On at least a daily basis, Supplier shall back up all Purchaser Data entered into the SaaS Services since the last backup to Supplier’s backup location. Supplier shall create a full backup at least once per week at such backup location. Supplier shall maintain all backup files for at least 180 days. Upon Purchaser’s request, Supplier shall restore data from backup files. Supplier shall ensure that (a) backups do not cause Downtime; and (b) daily incremental backups in combination with weekly full backups are complete so that no more than 24 hours-worth of data will be lost from a data loss event. Supplier shall restore Purchaser Data as requested by Purchaser within 24 hours of Purchaser’s written request.
