The URL can be used to link to this page

Home My WebLink AboutFoundant Technologies Inc; 2025-02-17;Foundant Technologies Subscription Contract for: Foundant Technologies, Inc. Client Order Form v042022 City of Carlsbad Date: 11-19-2024 Foundant Technologies, Inc. Contact: Stephanie Johnson stephanie.johnson@foundant.com 149 Willow Peak Drive Bozeman, MT 59718 (406) 922-5303 City of Carlsbad Contact: 1775 Dove Lane Carlsbad, CA 92011 3107569936 Software and Services Chart (“Software and Services Chart”): QTY SKU Product Description Subscription Start Subscription End Price (“Price”) Cost (USD) 1 GLM2STD Grant Lifecycle Manager (GLM) - Standard Two-Year Licensed Subscription Includes 5 GLM Grant Processes, hosting, maintenance and support with no limitations on the number of users or incoming requests. 2/17/2025 2/16/2027 $11,800.00 $11,800.00 Total $11,800.00 Paid annually at $5,900.00 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies Subscription Contract for: Foundant Technologies, Inc. Client Order Form v042022 City of Carlsbad Date: 11-19-2024 Client Order Form for Grant Lifecycle Manager (“GLM”) and Scholarship Lifecycle Manager (“SLM”) 1. Foundant Technologies, Inc.’s Platform access and Services are provided in accordance with the terms and conditions listed in this Client Order Form (“Client Order Form”) as well as those set forth in the following, which are incorporated by reference, and collectively with any Statements of Work (“SOW”) represent the Agreement (the “Agreement”) between City of Carlsbad, 1775 Dove Lane, Carlsbad, CA 92011 (the “Client”), and Foundant Technologies, Inc., a Montana company located at 149 Willow Peak Drive, Bozeman, MT 59718 (“Foundant Technologies” ): a. Master Subscription Agreement (“MSA”) – https://www.foundant.com/legal/ - Attached as Exhibit A b. Data Processing Agreement (“DPA”) – https://www.foundant.com/legal/ - Attached as Exhibit B c. Service Level Agreement (“SLA”) – https://www.foundant.com/legal/ - Attached as Exhibit C d. Professional Services Agreement (“PSA”) – https://www.foundant.com/legal/ - Attached as Exhibit D e. City of Carlsbad Insurance Addendum – Attached as Exhibit E 2. All quoted prices are in U.S. dollars. All payments shall be in U.S. dollars and are due net thirty (30) days from the invoice date. 3. This Client Order Form is valid for ninety (90) days after issuance and shall become binding upon execution by Client and Foundant Technologies. 4. The term of the Agreement (the “Term”) begins on the later date signed by both Parties below (the “Effective Date”). 5. The Subscription Term(s) (“Subscription Term”) for the Software commences on the initial date shown for each Subscription Term shown in the Software and Services Chart. 6. The Software identified in this Client Order Form requires Client to pay the Fees in full and in advance. Client will be invoiced for the Fees upon execution of this Client Order Form. All Platform access rights include maintenance and support with no limitations on the number of users. 7. Unless otherwise specified in the SOW, the Fees for Professional Services are fixed and will be invoiced upon execution of this Client Order Form. Travel expenses associated with Professional Services will be invoiced monthly, if incurred. All Professional Services shall expire at the end of the Subscription Term and must be initiated within the first twelve (12) months of the Effective Date of this Client Order Form. 8. Fees do not take into account any sales tax. Foundant Technologies collects and remits sales tax from our Clients located in certain state and local jurisdictions. Foundant Technologies determines your local taxing jurisdiction based upon shipping address (i.e., the primary business location from which the Platform is accessed). In order to determine if you are exempt from sales tax, you must provide proof of your organization's state sales tax exemption. Please note that states do not recognize your 501(c)3 letter as proof of exemption. 9. All GLM and SLM subscriptions include hosting, maintenance, and support with no limitations on the number of users. 10. GuideStar by Candid is licensed for up to one thousand (1,000) total lookups per Software subscription (as applicable) over the subscription term based on the items purchased via this Client Order Form. 11. Unless otherwise noted, client activity level is expected to be less than five thousand (5,000) online form submissions through GLM and/or SLM per week (as applicable). Any deviation from this expectation should be communicated by Client to Foundant Technologies at least thirty (30) days prior to the initiation of such activity and Foundant Technologies reserves the right to limit access to GLM and/or SLM (as applicable) if adequate notice is not provided. 12. Capitalized terms used but not defined herein have the meaning given in the Agreement. 13. If there are special conditions documented below, the order of precedence in the MSA shall apply. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies Subscription Contract for: City of Carlsbad Date: 11-19-2024 Foundant Technologies, Inc. Client Order Form v042022 Special Conditions: 1. For the purposes of this Client Order Form, the Client Order Form is amended as set forth by these Special Conditions. Subject to the Special Conditions modifications, the Agreement shall remain in full force and effect. A. Section 6: In the first sentence, “in full and in advance” is deleted and replaced with “annually.” The payment schedule is as follows: a. The first invoice in the amount of $5,900 will be sent to Client on 1/17/25. b. The second invoice in the amount of $5,900 will be sent to Client on 1/17/26. c. Both invoices are due net thirty (30) days from the invoice date. B. Section 7: The second sentence is replaced with “Travel expenses associated with Professional Services will be invoiced monthly, if incurred, but will not be incurred without Client approval.” 2. The MSA is amended as set forth below: A. Section 4.3 is deleted in its entirety. B. Section 5.1 is replaced with the following Section 5.1: Term. As noted in the Client Order Form, the Term of this Agreement commences on the Effective Date of February 17, 2025. The Term continues until the Subscription Term(s) in the Client Order Form has terminated. Prior to each Notice Period, updated pricing and Subscription Term(s) will be communicated to the Client with an updated Client Order Form. Such updated Client Order Form will become part of the Agreement. The Term and each Renewal Term are collectively referred to as the (“Order Term”). C. Section 5.6 the last sentence is replaced with the following: (c) Service Provider shall return all Client Data within thirty (30) days of termination, and upon Client’s confirmation of receipt of Client Data, erase all Client Data in Service Provider’s possession subject to Service Provider’s standard back-up retention schedules. D. Section 8.2 is replaced with the following: Claims Against Service Provider. Client shall defend, any claim, suit, or action against Service Provider brought by a third party to the extent that such claim, suit or action is based upon Client’s unauthorized use or Service Provider’s authorized use of Client Data in accordance with this Agreement (“Service Provider Claim”) and Client shall indemnify and hold Service Provider harmless, from and against Losses that are specifically attributable to such Service Provider Claim or those costs and damages agreed to in a settlement of such Service Provider Claim, provided that any such settlement shall (i)not require Service Provider to admit fault, or impose any unreasonable obligation on Service Provider, and (ii) require Service Provider’s express written consent, which shall not be unreasonably withheld. The foregoing obligations are conditioned on Service Provider: (a) promptly notifying Client in writing of such Service Provider Claim; (b) giving Client sole control of the defense thereof and any related settlement negotiations; and, (c) cooperating and, at Client’s request and expense, assisting in such defense. Notwithstanding the foregoing, Client will have no obligation under this Section 8.2 or otherwise with respect to any Service Provider Claim based upon Service Provider’s use of the Client Data in violation of this Agreement. E. Section 9.1 is revised as follows: IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, PUNITIVE, EXEMPLARY, COVER, RELIANCE, SPECIAL, OR INCIDENTAL DAMAGES OF ANY TYPE OR KIND, OR FOR ANY LOST DATA, LOST PROFITS, REVENUE OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES (COLLECTIVELY, “CONSEQUENTIAL DAMAGES”), ARISING FROM OR RELATING TO THIS AGREEMENT, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE, BREACH OR REPUDIATION OF CONTRACT, BREACH OF WARRANTY, OR OTHERWISE), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S TOTAL CUMULATIVE LIABILITY IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT OR TORT OR OTHERWISE, WILL NOT EXCEED ONE TIMES (1X) THE AMOUNT OF FEES PAID OR OWED BY CLIENT TO SERVICE PROVIDER UNDER THE CURRENT CLIENT ORDER FORM, AS THE CASE MAY BE, DURING WHICH THE EVENTS GIVING RISE TO SUCH LIABILITY OCCURRED. BOTH PARTIES ACKNOWLEDGE Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies Subscription Contract for: City of Carlsbad Date: 11-19-2024 Foundant Technologies, Inc. Client Order Form v042022 THAT THE FEES REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT THE PARTIES WOULD NOT ENTER INTO THIS AGREEMENT WITHOUT THESE LIMITATIONS ON THEIR LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS SECTION 9, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY TO THE EXTENT SUCH LIABILITY WOULD NOT HAVE OCCURRED BUT FOR THE OTHER PARTY’S FAILURE TO COMPLY WITH THE TERMS OF THIS AGREEMENT. THE LIMITATION OF LIABILITIES SET FORTH IN THIS SECTION 9 SHALL NOT APPLY TO A PARTY’S OBLIGATIONS UNDER SECTION 8, OR TO LIABILITY ARISING FROM CLIENT’S BREACH OF SECTION 3.2; HOWEVER, FOR CLARITY, UNDER NO CIRCUMSTANCES SHALL EITHER PARTY BE LIABLE FOR CONSEQUENTIAL DAMAGES AS DEFINED IN SECTION 9.1. F. Section 10.3 is replaced with the following: Recipient shall have no confidentiality obligations under Section 10.2 above with respect to any information of Discloser that Recipient can document: (a) was already known to Recipient prior to Discloser’s disclosure; (b) is disclosed to Recipient by a third party who had the right to make such disclosure without violating any confidentiality Agreement with or other obligation to the party who disclosed the information; (c) is, or through no fault of Recipient has become, generally available to the public; (d) is independently developed by Recipient without access to or use of Confidential Information; or (e) any information subject to disclosure under the California Public Records Act (California Government Code § 6250 et seq.) or California Civil Discovery Act (California Code of Civil Procedure § 2016.010 et seq.). Recipient may disclose Confidential Information if so required as part of a judicial process, government investigation, legal proceeding, or other similar process. G. Section 12.3 is replaced with the following: The performance of the Agreement by either Party shall be subject to force majeure, including, but not limited to: acts of God; fire; flood; natural disaster; war; acts of terrorism; riots; civil disorder; unauthorized strikes; governmental regulation or advisory; recognized health threats as determined by the World Health Organization, the Centers for Disease Control, or local government authority or health agencies; curtailment of transportation facilities; or, other similar occurrence beyond the control of the Parties, where any of those factors, circumstances, situations, or conditions or similar ones make it illegal, impossible, or commercially impracticable to fully perform under the terms of the Agreement. In such a case, the Agreement may be canceled by either Party, without liability, damages, fees, or penalty, and any unused deposits or amounts paid shall be refunded, for any one or more of the above reasons, by written notice to the other Party. H. Section 12.4 is amended to add the following sentence: If the Client does not object to the modification of this Agreement and thereby does not opt to terminate this Agreement for convenience, the Parties will execute an amendment to reflect the modified terms. I. Section 12.5, Governing Law, is Replaced with the following Section 12.5: This Agreement shall be interpreted in accordance with the laws of the State of California. Any action at law or in equity brought by either of the parties for the purpose of enforcing a right or rights provided for by this Agreement will be tried in a court of competent jurisdiction in the County of San Diego, State of California, and the parties waive all provisions of law providing for a change of venue in these proceedings to any other county. J. Section 12.6 is replaced with the following: Except as otherwise expressly provided in this Agreement, the Parties’ rights and remedies under this Agreement are cumulative. Each Party acknowledges and agrees that any actual or threatened breach of Sections 3.1 or 10 will constitute immediate, irreparable harm to the non-breaching Party for which monetary damages would be an inadequate remedy, that injunctive relief is an appropriate remedy for such breach, and that if granted, the breaching Party agrees to waive any bond that would otherwise be required. /// /// Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies Subscription Contract for: City of Carlsbad Date: 11-19-2024 Foundant Technologies, Inc. Client Order Form v042022 K. By accepting this Client Order Form that references the MSA, DPA, SLA, PSA, and SOW(s), Client agrees to the terms and conditions of this collective Agreement. Any additional or different terms (whether included in your purchase order, your response to this proposal, or elsewhere) not expressly listed herein, shall be disregarded and shall not bind either Party. Additionally, if you are entering into this Agreement on behalf of a Client or other legal entity, you warrant that: (i) you have the full legal authority to bind such entity and its Affiliates to these terms and conditions, and in the event such Affiliates exist, the term “Client” shall refer to such entity and its Affiliates; (ii) you have read and understand this Agreement; and, (iii) you agree, on behalf of Client, to this Agreement. If you do not have such legal authority, or if you do not agree with these terms and conditions, you must not accept this Agreement and shall not be permitted to use the Software or Services. /// /// /// /// /// /// /// /// /// /// /// /// /// Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies Subscription Contract for: City of Carlsbad Date: 11-19-2024 Foundant Technologies, Inc. Client Order Form v042022 14. AUTHORITY The individuals executing this Agreement and the instruments referenced in it on behalf of Contractor each represent and warrant that they have the legal power, right and actual authority to bind Contractor to the terms and conditions of this Agreement. CONTRACTOR CITY OF CARLSBAD, a municipal corporation of the State of California Foundant Technologies Inc, a Montana corporation By: By: (sign here) IT Director (print name/title) ATTEST: By: SHERRY FREISINGER, City Clerk (sign here) By: Deputy City Clerk (print name/title) If required by City, proper notarial acknowledgment of execution by contractor must be attached. If a corporation, Agreement must be signed by one corporate officer from each of the following two groups: Group A. Group B. Chairman, Secretary, President, or Assistant Secretary, Vice-President CFO or Assistant Treasurer Otherwise, the corporation must attach a resolution certified by the secretary or assistant secretary under corporate seal empowering the officer(s) signing to bind the corporation. APPROVED AS TO FORM: CINDIE K. McMAHON, City Attorney BY: _____________________________ Deputy City Attorney Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Acting CROChris Dahl Chris Rodskog CFO FOR Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 1 of 12 MASTER SUBSCRIPTION AGREEMENT Foundant Technologies, Inc. This Master Subscription Agreement (“MSA”) is effective as of the Effective Date by and between Client (hereinafter referred to as “Client”) and Foundant Technologies, Inc. (“Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). Client desires to use Service Provider’s Platform and the Services as outlined in the Client Order Form and elsewhere in the Agreement pursuant to the terms and conditions of the Client Order Form, this MSA, the Data Processing Agreement, the Service Level Agreement. the Professional Services Agreement, and any related Statements of Work (collectively, the “Agreement”). The Parties agree as follows: 1. DEFINITIONS. 1.1 “Affiliate” means, with respect to a Party, any other individual, corporation, partnership (formal or informal), joint venture, limited liability entity, foundation, governmental authority, unincorporated organization, trust, association, component funds, or other entity that directly or indirectly controls, is controlled by, or is under common control with such entity, through one or more intermediaries or contractual relationships, where “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity. 1.2 “Client Data” means the electronic data and information that is: (a) input into the Platform by or on behalf of Client; or, (b) provided by a User in connection with the use of the Platform and may include, but is not limited to, names and email addresses. Client Data does not include Usage Data. 1.3 “Content” means content, data, and information that is owned or licensed by Service Provider or any of its licensors that is provided or made available by Service Provider through use of the Platform or as part of or in connection with Service Provider’s provision of Services. Content does not include Client Data. 1.4 “Documentation” means any user materials, instructions, and specifications, written or otherwise, made available by Foundant Technologies to Client for the Software and Services. 1.5 “Platform” means the Service Provider’s proprietary Software identified in the Client Order Form and any Updates associated therewith. The Platform does not include Client’s connectivity equipment, internet and network connections, hardware, software, and other equipment as may be necessary for Client and its Users to connect to and obtain access to the Platform or to utilize the Services. 1.6 “Prohibited Data” means any of the following: (i) “protected health information” or “individually identifiable health information” as defined under 45 C.F.R. § 160.103 or similar state laws; (ii) any information deemed to be special categories of data as set forth in Article 9 of the EU General Data Protection Regulation or similar data protection laws or regulations; (iii) “nonpublic personal Exhibit ADocusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 2 of 12 information” as defined under the Gramm-Leach-Bliley Act; and/or, (iv) children’s personal information protected by the Children’s Online Privacy Protection Act. 1.7 “Professional Services” means the migration, training, implementation, integration, and configuration services to be performed by Service Provider as listed in the Client Order Form. 1.8 “Services” means, collectively, Professional Services, Support Services, and any other sub-processor services made available on, by, or through the Platform as described in this Agreement. 1.9 “Software” means Service Provider’s proprietary software-as-a-service (“SAAS”) subscription(s) identified in the Software and Services Chart shown in the Client Order Form. 1.10 “Support Services” means the technical support and Software maintenance as described in the Service Level Agreement located at: https://www.foundant.com/legal/. 1.11 “Third Party Services” means services provided by a third party. 1.12 “User/s” means Client’s employees, independent contractors, donors, grant or scholarship applicants, and other individuals who are authorized by Client to use the Software or receive the Services on behalf of Client. 1.13 “Usage Data” means any content, data, or information that is collected or produced by the Platform in connection with the use of the Services in an anonymized, aggregated format that is not identifiable to Client or a particular User, and may include, but is not limited to, usage patterns, traffic logs and user conduct associated with the Platform. 2. SERVICES. 2.1 Provision of Services. Subject to the terms and conditions of this Agreement, Service Provider shall provide the Services or enable the Services to be provided to Client and its Users. 2.2 Cooperation. Client shall supply to Service Provider the Client Data for input into the Platform. Client shall also provide Service Provider with access and personnel resources reasonably requested by Service Provider to enable Service Provider to provide the Services and Software functionality as set forth in this Agreement and the Documentation. 2.3 Resources. Client is solely responsible for, at its own expense, acquiring, installing, and maintaining all connectivity equipment, internet and network connections, hardware, software, and other equipment as may be necessary for its Users to connect to and access the Platform. 3. GRANT OF RIGHTS. 3.1 Access Rights; Client’s Use of the Platform. Subject to the terms and conditions of this Agreement, Service Provider hereby grants to Client and Users, during the Order Term (as defined below), a non- exclusive, non-sublicensable right to remotely access and use the Platform for Client’s, and its Affiliates’, internal business purposes in accordance with the Documentation and the terms and Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 3 of 12 conditions of this Agreement. Service Provider reserve all rights in and to the Platform not expressly granted to Client under this Agreement. Client may use reports generated from the Platform solely for Client’s lawful internal purposes and in accordance with this Agreement. 3.2 Restrictions on Use. Client shall not: (a) reproduce, display, download, modify, rent, license, sell, assign, distribute, outsource, sublicense, share, transfer, lease, create derivative works of, or distribute the Platform; (b) attempt to reverse engineer, decompile, disassemble, de-encrypt, access, or the like, the source code for the Platform or any component thereof; (c) use the Platform, or any component thereof, in the operation of a service bureau or to support or process any content, data, or information of any party other than Client or Client Affiliates; (d) permit any party, other than the then-currently authorized Users to independently access the Platform; (e) interfere with or disrupt the integrity or performance of the Platform or the data contained therein; (f) attempt to gain unauthorized access to the Platform or its related systems or networks; (g) access or use the Services to build or support, directly or indirectly, products, or services competitive to the Service Provider; (h) provide or make available Prohibited Data to Service Provider; or, (i) use the Platform or Services to collect or otherwise process Prohibited Data. 3.3 Users. Under the rights granted to Client under this Agreement, Client may permit independent contractors and employees of its Affiliates to become Users in order to access and use the Platform in accordance with this Agreement; provided that Client will be liable for the acts and omissions of all contractors, Affiliates and Users to the extent any of such acts or omissions, if performed by Client, would constitute a breach of, or otherwise give rise to liability to Client under, this Agreement. Client shall not, and shall not permit any User to, use the Platform, Software, or Documentation except as expressly permitted under this Agreement. Client shall be fully responsible for Users’ compliance with this Agreement. 4. FEES AND PAYMENT TERMS. 4.1 Price. Client shall pay Service Provider the Price(s) in the Software and Services Chart of the Client Order Form (“Fees”) in accordance with the terms of this Agreement. The Fees associated with the Software in the Software and Services Chart comprise Software Fees (“Software Fees”). Fees are exclusive of, and Client shall pay, all taxes, fees, duties, levies and other governmental charges of any nature, including, for example, value-added, sales use, or withholding taxes, assessable by any jurisdiction arising from the payment of any Fees or any amounts owed to Service Provider under this Agreement (excluding any taxes arising from Service Provider’s income or any employment taxes). Fees for any Services requested by Client that are not set forth in Client Order Form will be charged as mutually agreed to by the parties in writing. 4.2 Payment. Except as otherwise set forth in Client Order Form Client shall pay to Service Provider all Fees within thirty (30) days from the invoice date. If Client disagrees with any Fees set forth in an invoice, it shall notify Service Provider of the dispute within thirty (30) days after receipt of such invoice. Client’s failure to provide Service Provider with notice of disputed invoiced amounts within the timeframe noted shall be deemed to be Client’s acceptance of the content of such invoice. All payments received by Service Provider are non-refundable except as otherwise expressly provided in this Agreement. Client shall make all payments in United States dollars. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 4 of 12 4.3 Charges. Client shall pay a finance charge on any undisputed overdue payment hereunder of one percent (1%) for each month or portion thereof that such undisputed payment is overdue, or the highest interest rate permitted by applicable law, whichever is the lower. Interest shall compound monthly. 4.4 Suspension. If any undisputed charge owing by Client under this Agreement is thirty (30) days or more overdue, Service Provider may, without limiting its other rights and remedies, suspend Services and access to the Platform until such amounts are paid in full on the condition that Service Provider provides Client with at least ten (10) days’ prior notice that its account is overdue before suspending Services to Client. 5. TERM, TERMINATION & SUSPENSION. 5.1 Term. As noted in the Client Order Form, the Term of this Agreement commences on the Effective Date. The Term continues until the Subscription Term(s) in the Client Order Form has terminated. The Term will automatically renew (“Renewal Term”), unless a Party gives the other Party written notice of its intent not to renew at least thirty (30) days prior to the end of the Term or the then- current Renewal Term (“Notice Period”). Prior to each Notice Period, updated pricing and Subscription Term(s) will be communicated to the Client with an updated Client Order Form. Such updated Client Order Form will become part of the Agreement. The Term and each Renewal Term are collectively referred to as the (“Order Term”). 5.2 Suspension. In addition to any of its other rights or remedies (including, without limitation, any termination rights) set forth in this Agreement, Service Provider reserves the right to suspend provision of the Services and access to the Platform: (i) if Service Provider determines Client has breached Section 6; (ii) to avoid material harm to Client or Client’s customers, as determined by Service Provider, including if the Platform is experiencing denial of service attacks, mail flooding, or other attacks or disruptions outside of Service Provider’s control; (iii) as required by law or at the request of governmental entities; or, (iv) if Client uses the Services or Platform in association with illegal activity, harassment of any kind, or Software testing. Client acknowledges that if access to the Services or Platform is suspended, Client may no longer have access to the Client Data or may experience a decrease in the performance level of the Services or Platform. 5.3 Service Provider Termination for Cause. Service Provider may terminate this Agreement upon notice if the Client breaches any material provision of this Agreement and does not cure such breach (provided that such breach is capable of cure) within thirty (30) days after being provided with written notice of such breach. 5.4 Effects of Service Provider Termination for Cause. Upon termination of this Agreement under Section 5.3: (a) all amounts owed to Service Provider under this Agreement before such termination will be due and payable; (b) all rights granted in this Agreement will immediately cease; (c) Client shall promptly discontinue all access and use of the Platform and return or erase, all copies of the Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 5 of 12 Documentation in Client’s possession or control; and, (d) Service Provider shall return or erase all Client Data in accordance with the Data Processing Agreement. 5.5 Client Termination for Convenience. Client may terminate this Agreement upon thirty (30) day notice to Service Provider for any reason. 5.6 Effects of Client Termination. For products other than GrantHub and GrantHub Pro: If Client termination occurs within the first ninety (90) days of the Term, Service Provider will refund one hundred percent (100%) of the paid Software Fees. If Client termination occurs subsequent to the first ninety (90) days or during a Renewal Term, Service Provider will refund a prorated amount of the unused portion of the paid Software Fees. Furthermore, upon Client termination of this Agreement: (a) all rights granted in this Agreement will immediately cease; (b) Client shall promptly discontinue all access and use of the Platform and verify the return or erasing of all copies of the Documentation in Client's possession or control; and, (c) Service Provider shall return or erase all Client Data within thirty (30) days of termination, subject to Service Provider’s standard back-up retention schedules. For the GrantHub Pro product: Client may request termination at any time. Such termination shall be effective at the end of the current Subscription Term and Client will retain access to the Software until the end of the Subscription Term. Client will remain obligated to pay any outstanding fees to Service Provider pursuant to the terms of this agreement the Client Order Form. No refund will be payable. If Client upgraded from GrantHub to GrantHub Pro in the 30 days prior to termination, Client may return to GrantHub upon signing a new Client Order Form. Any unused paid GrantHub Pro Subscription Fees will be applied to the GrantHub Subscription Term. In such case, the GrantHub Pro Subscription Term shall terminate immediately. For the GrantHub product: Client termination of GrantHub is governed by the terms and conditions set out at https://grantseekers.foundant.com/terms-and-conditions. 5.7 Return of Client Data. In the event that Client submits a written request to Service Provider to return Client Data at the time of termination, Service Provider will provide Client with commercially reasonable assistance in extracting requested Client Data via reporting tool functionalities of the Platform. Client Data will be provided to Client in the same format as such data is stored by Service Provider in one or more comma delimited text files (i.e., .CSV format) or another format reasonably determined by Service Provider. Service Provider shall have no other obligation to maintain any Client Data stored in the Platform following any termination of this Agreement, or to forward any Client Data to Client. Any requests for a customized export of Client Data will be considered additional Professional Services, and the fees and scope must be mutually agreed by the parties in a separate Client Order Form or statement of work. 6. PROPRIETARY RIGHTS. 6.1 Client. As between the Parties, Client owns all right, title, and interest in Client Data, including all Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 6 of 12 intellectual property rights therein. Any rights in Client Data not expressly granted to Service Provider hereunder are reserved by Client, its licensors, and suppliers. 6.2 Client Data License Grant. Client hereby grants to Service Provider, during the Order Term, a limited, non-exclusive, non-transferable (except as provided in this Agreement), non-sublicensable license to use the Client Data to: (a) provide the Platform and the Services to Client; (b) perform its obligations and exercise its rights under this Agreement; and, (c) generate Usage Data. 6.3 Service Provider. All proprietary technology utilized by Service Provider to perform its obligations under this Agreement, including, but not limited to, the Software, and all intellectual property rights in and to the foregoing are the exclusive property of Service Provider. Any and all derivative works to the proprietary technology including the Software, Content, Documentation, and/or any other similar information shall be owned by Service Provider and Client shall have the same rights and licenses to such derivative works as Client has to the Software. Service Provider or its third party licensors retain ownership of all right, title, and interest to all copyrights, patents, trademarks, trade secrets, and other intellectual property rights in and to the Content and the Platform, including, without limitation, the Software, Service Provider’s database (and all data therein except for Client Data), Documentation, customizations, enhancements, and all processes, know-how, and the like utilized by or created by Service Provider in performing under this Agreement. Any rights not expressly granted to Client hereunder are reserved by Service Provider. Client shall not at any time, directly or indirectly, challenge the scope, validity, or ownership of Service Provider’s, or its licensors’, rights in the Software or do any act that could reasonably be expected to impair the scope, validity, or ownership of such rights. Each Party agrees to promptly notify, in writing, the other Party upon gaining knowledge of any infringement, dilution, or similar harm to the other Party’s intellectual property or related rights or information. 6.4 Usage Data. Service Provider owns all right, title, and interest in and to Usage Data and may use Usage Data in connection with its performance of its obligations in this Agreement and for any other lawful business purpose, including, but not limited to, benchmarking, data analysis, and to improve Service Provider’s services, systems, and algorithms. 7. WARRANTY & DISCLAIMERS. 7.1 Access to the Platform. Service Provider warrants that the Platform will perform in accordance with the Documentation and this Agreement. Service Provider does not warrant that the Platform will be completely error-free or uninterrupted. If Client notifies Service Provider of a reproducible error in the Platform that indicates a breach of the foregoing warranty (each, an “Error”) within thirty (30) days after Client experiences such Error, Service Provider shall, at its own expense and as its sole obligation and Client’s exclusive remedy: (a) use commercially reasonable efforts to correct or provide a workaround for any Error; or, (b) if Service Provider is unable to provide a correction or workaround for any such Error in a commercially reasonable manner after receiving notice of an Error from Client, Client may terminate this Agreement upon notice to Service Provider and, Service Provider shall refund the amounts paid by Client for access to the Platform for the period during which the Platform was not usable by Client. The warranties set forth in this Section 7.1 do not cover or apply to: (i) any Error caused by Client or its Users; (ii) any Error or unavailability of the Platform caused by use of the Platform in any manner or in any environment inconsistent with its intended purpose; (iii) any of Client’s hardware or software if modified or repaired in any manner which materially adversely affects the operation or reliability of the Platform; or, (iv) any equipment Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 7 of 12 or software or other material utilized in connection with the Platform used by Client contrary to manufacturer's instructions. 7.2 Right to Client Data. Client represents and warrants that it has the right to: (a) use the Client Data as contemplated by this Agreement; and, (b) grant Service Provider the licenses as contemplated by this Agreement. 7.3 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION 7 AND SECTION 7.1 OF THE PSA, THE PLATFORM, PROFESSIONAL SERVICES, AND DELIVERABLES ARE PROVIDED “AS IS” AND NEITHER PARTY MAKES ANY WARRANTIES OF ANY KIND OR ANY REPRESENTATIONS TO THE OTHER PARTY OR ANY THIRD PARTY AND EACH PARTY SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY, USABILITY, CONDITION, OPERATION, OR FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, COMPATIBILITY, SECURITY, ACCURACY AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR COURSE OF PERFORMANCE. 8. INDEMNIFICATION. 8.1 Claims Against Client. Service Provider shall defend any claim, suit, or action against Client brought by a third party to the extent based on an allegation that the Software infringes any intellectual property rights of such third party (each, a “Client Claim”), and Service Provider shall indemnify and hold Client harmless, from and against damages, losses, liabilities, and expenses (including reasonable attorneys’ fees and other legal expenses) (collectively, “Losses”) that are specifically attributable to such Client Claim or those costs and damages agreed to in a settlement of such Client Claim. The foregoing obligations are conditioned on Client: (a) promptly notifying Service Provider in writing of such Client Claim; (b) giving Service Provider sole control of the defense thereof and any related settlement negotiations; and, (c) cooperating and, at Service Provider’s request and expense, assisting in such defense. In the event that the use of the Platform is enjoined, Service Provider shall, at its option and at its own expense either: (a) procure for Client the right to continue using the Platform; (b) replace the Software with a non-infringing but functionally equivalent product; (c) modify the Software so it becomes non-infringing; or, (d) terminate this Agreement and refund the amounts Client paid for access to the Platform that relate to the period during which Client was not able to use the Platform. Notwithstanding the foregoing, Service Provider will have no obligation under this Section 8.1 with respect to any infringement claim based upon: (1) any use of the Platform not in accordance with this Agreement; (2) any use of the Platform in combination with products, equipment, software, or data that Service Provider did not supply or approve of; or, (3) any modification of the Platform by any person other than Service Provider or its authorized agents or subcontractors. This Section 8.1 states Service Provider’s entire liability and Client’s sole and exclusive remedy for Client Claims. 8.2 Claims Against Service Provider. Client shall defend, any claim, suit, or action against Service Provider brought by a third party to the extent that such claim, suit or action is based upon Client's or Service Provider’s use of any Client Data in accordance with this Agreement (“Service Provider Claim”) and Client shall indemnify and hold Service Provider harmless, from and against Losses that are specifically attributable to such Service Provider Claim or those costs and damages agreed to in a settlement of such Service Provider Claim, provided that any such settlement shall (i) not compromise any rights or interests of Service Provider, and (ii) require Service Provider’s express written consent. The foregoing obligations are conditioned on Service Provider: (a) promptly Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 8 of 12 notifying Client in writing of such Service Provider Claim; (b) giving Client sole control of the defense thereof and any related settlement negotiations; and, (c) cooperating and, at Client’s request and expense, assisting in such defense. Notwithstanding the foregoing, Client will have no obligation under this Section 8.2 or otherwise with respect to any Service Provider Claim to the extent based upon Service Provider’s use of the Client Data in violation of this Agreement. 9. LIMITATIONS OF LIABILITY. 9.1 IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INDIRECT, PUNITIVE, EXEMPLARY, COVER, RELIANCE, SPECIAL, OR INCIDENTAL DAMAGES OF ANY TYPE OR KIND, OR FOR ANY LOST DATA, LOST PROFITS, REVENUE OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, ARISING FROM OR RELATING TO THIS AGREEMENT, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE, BREACH OR REPUDIATION OF CONTRACT, BREACH OF WARRANTY, OR OTHERWISE), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. EACH PARTY’S TOTAL CUMULATIVE LIABILITY IN CONNECTION WITH THIS AGREEMENT, WHETHER IN CONTRACT OR TORT OR OTHERWISE, WILL NOT EXCEED ONE TIMES (1X) THE AMOUNT OF FEES PAID OR OWED BY CLIENT TO SERVICE PROVIDER UNDER THE CURRENT CLIENT ORDER FORM, AS THE CASE MAY BE, DURING WHICH THE EVENTS GIVING RISE TO SUCH LIABILITY OCCURRED. BOTH PARTIES ACKNOWLEDGE THAT THE FEES REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT AND THAT THE PARTIES WOULD NOT ENTER INTO THIS AGREEMENT WITHOUT THESE LIMITATIONS ON THEIR LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS SECTION, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY TO THE EXTENT SUCH LIABILITY WOULD NOT HAVE OCCURRED BUT FOR THE OTHER PARTY’S FAILURE TO COMPLY WITH THE TERMS OF THIS AGREEMENT. THE LIMITATION OF LIABILITIES SET FORTH IN THIS SECTION 9 SHALL NOT APPLY TO A PARTY’S OBLIGATIONS UNDER SECTION 8, OR TO LIABILITY ARISING FROM CLIENT’S BREACH OF SECTION 3.2. 9.2 IN NO EVENT WILL SERVICE PROVIDER BE LIABLE IN CONNECTION WITH ANY PROHIBITED DATA: (A) PROVIDED OR MADE AVAILABLE TO SERVICE PROVIDER BY OR ON BEHALF OF CLIENT; OR, (B) STORED IN, COLLECTED THROUGH, OR OTHERWISE PROCESSED ON THE PLATFORM OR VIA THE SERVICES. 10. CONFIDENTIALITY. 10.1 Definitions. “Confidential Information” means all information disclosed by one party (“Discloser”) to the other party (“Recipient”) under this Agreement during the Term. Confidential Information includes information that is marked or identified as confidential and, if not marked or identified as confidential, information that should reasonably have been understood by Recipient to be proprietary and confidential to Discloser or to a third party, whether or not such information is designated as confidential. Service Provider’s Confidential Information includes Software, Deliverables, and Documentation. Client’s Confidential Information includes Controller Data, Personal Data, and Client Data. Client’s Confidential Information does not include Usage Data. 10.2 Protection. Recipient shall not use any Confidential Information for any purpose not expressly permitted by this Agreement and shall not disclose Confidential Information to anyone other than Recipient’s employees and independent contractors who have a need to know such Confidential Information for purposes of this Agreement and who are subject to confidentiality obligations no less restrictive than Recipient’s obligations under this Section 10. Recipient shall protect Confidential Information from unauthorized use, access, and disclosure in the same manner as Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 9 of 12 Recipient protects its own confidential or proprietary information of a similar nature and with no less than reasonable care. 10.3 Exceptions. Recipient shall have no confidentiality obligations under Section 10.2 above with respect to any information of Discloser that Recipient can document: (a) was already known to Recipient prior to Discloser’s disclosure; (b) is disclosed to Recipient by a third party who had the right to make such disclosure without violating any confidentiality Agreement with or other obligation to the party who disclosed the information; (c) is, or through no fault of Recipient has become, generally available to the public; or, (d) is independently developed by Recipient without access to or use of Confidential Information. Recipient may disclose Confidential Information if so required as part of a judicial process, government investigation, legal proceeding, or other similar process, provided that, to the extent permitted by applicable law, Recipient gives prior written notice of such requirement to Discloser. Recipient shall take reasonable efforts to provide this notice in sufficient time to allow Discloser to seek an appropriate confidentiality Agreement, protective order, or modification of any disclosure, and Recipient shall reasonably cooperate in such efforts at the expense of Discloser. 11. RELATIONSHIP OF PARTIES 11.1 Independent Contractor. Service Provider acknowledges that it is an independent contractor and neither Client nor Service Provider is intended to be or should be construed to be an agent, subsidiary, partner, joint venture, affiliate, or employee of the other for any purpose, including reporting to any governmental authority. Neither Party shall become liable for any representation, act, or omission of the other Party or have the authority to bind or otherwise obligate the other Party in any manner, and neither Party may represent to anyone that it has a right to do so. Any Fees, expenses or other amounts paid by Client to Service Provider hereunder shall not be considered salary for pension or wage tax purposes and neither Service Provider nor its Professional Services Personnel will be entitled to any fringe benefits, including sick or vacation pay, or other supplemental benefits of Client, unless otherwise required by law. 11.2 Subcontractors. Nothing in this Agreement shall prevent a Party from utilizing the services of any subcontractor as it deems appropriate to perform its obligations under this Agreement; provided, however, that each Party shall require its subcontractors to comply with all applicable terms and conditions of this Agreement in providing such services and each Party shall remain primarily liable to the other Party for the performance of such subcontractor. For the purposes of this Agreement, Sub processors are not subcontractors. 11.3 Non-solicitation. Both Parties recognize and understand that they will be interacting with each other’s employees when performing under this Agreement, and that it may cause irreparable harm to a Party should one or more of employees be directly or indirectly solicited to work for the other Party. Because of this, each Party agrees that it shall not, directly or indirectly, personally or through others, solicit or encourage, or attempt to solicit or encourage, on its own behalf or on behalf of any other person or entity, to hire or use the work of any employee of the other Party. Each Party agrees to adhere to this requirement for one year following termination of this Agreement. This provision shall survive termination of this Agreement. 11.4 Professional and business-like manner. A Party’s personnel shall interact with the other Party’s personnel in a professional and businesslike manner at all times. Unprofessional and unbusinesslike Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 10 of 12 interactions may occur through direct verbal and non-verbal interactions, digital interactions via email, chat, etc., and other forms of communications. If a Party’s personnel interaction with the other Party’s personnel is neither professional nor businesslike, the other Party will provide the Party with a notice within ten (10) days of such incident informing the Party of such interaction and stating that such interaction must cease immediately. If unprofessional and unbusinesslike interaction continues by the Party’s personnel towards the other Party’s personnel, the other party is entitled to hold the Party in breach of the Agreement and is entitled to cancel the Agreement for cause by providing thirty (30) days’ notice to the Party of such cancellation. The Party will have no recourse if the Agreement is canceled for such cause. 12. GENERAL. 12.1 Third Party Services. Certain Third-Party Services may be integrated into or provided in connection with the Software. Service Provider does not control or otherwise influence any Third-Party Services, makes no claim or representation regarding the Third-Party services and accepts no responsibility or liability for the quality, content, nature, privacy, security, or reliability of the Third- Party Services. Foundant does not warrant that the provision of the Third-Party Services will be uninterrupted, error free, timely, complete, or accurate, nor does Foundant make any warranties as to the results to be obtained from use of the same. Client expressly agrees that Client’s use of the Third-Party Services is at Client’s own risk and that Foundant will not in any way be liable to Client or any other entity for any inaccuracies, errors, omissions, delays, damages, claims, liabilities or losses, regardless of cause, in or arising from the use of the Third-Party Services. There is no implied affiliation, endorsement, or adoption by Service Provider of these Third-Party Services and Service Provider shall not be responsible for any content provided on or through these Third-Party Services. 12.2 Assignment. Neither Party may assign or transfer, by operation of law or otherwise, this Agreement or any of its rights under this Agreement to any third party without the other Party’s prior written consent, such consent shall not be unreasonably withheld or delayed; except that a Party may assign this Agreement, without consent from the other Party by operation of law or otherwise if notice is provided to the other Party, to: (a) an Affiliate; or, (b) any successor to its business or assets to which this Agreement relates, whether by merger, sale of assets, sale of stock, reorganization, or otherwise. Any attempted assignment or transfer in violation of the foregoing will be void. This Agreement does not confer any rights or remedies upon any person or entity not a party hereto. 12.3 Force Majeure. The performance of the Agreement by either Party shall be subject to force majeure, including, but not limited to: acts of God; fire; flood; natural disaster; war; acts of terrorism; riots; civil disorder; unauthorized strikes; governmental regulation or advisory; recognized health threats as determined by the World Health Organization, the Centers for Disease Control, or local government authority or health agencies; curtailment of transportation facilities; or, other similar occurrence beyond the control of the Parties, where any of those factors, circumstances, situations, or conditions or similar ones make it illegal, impossible, or commercially impracticable to fully perform under the terms of the Agreement, except for the payment of the Fees. In such a case, the Agreement may be canceled by either Party, without liability, damages, fees, or penalty, and any unused deposits or amounts paid shall be refunded, for any one or more of the above reasons, by written notice to the other Party. 12.4 Notices. Notices under this Agreement that do not relate to Agreement updates must be delivered Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 11 of 12 in writing by electronic mail, courier, or certified or registered mail, (postage prepaid and return receipt requested) to the other Party at the address for each Party set forth on the Client Order Form and will be effective upon receipt. Electronic mail may only be used to distribute routine communications (e.g., change in sub processors) and to obtain approvals and consents and shall not be used for material notices that do not relate to Agreement updates, including under Section 11.4. Client agrees that Foundant Technologies may modify this Agreement by notice to Client at least thirty (30) days before the change will take effect by either: (a) providing notice in accordance with the Agreement; or (b) alerting Client via the Services or Platform. If Client objects to any such modification, Client may immediately terminate this Agreement for convenience by giving written notice to Foundant Technologies within forty-five (45) days of being informed by Foundant Technologies of the modification. 12.5 Governing Law. This Agreement will be governed by and interpreted in accordance with the laws of the State of Montana without reference to its choice of law rules. The Parties hereby submit to the exclusive jurisdiction of, and waive any venue objections against, state or federal courts sitting in the State of Montana in any litigation arising out of this Agreement or the Services. Each Party also hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement. 12.6 Remedies. Except as otherwise expressly provided in this Agreement, the Parties’ rights and remedies under this Agreement are cumulative. Each Party acknowledges and agrees that any actual or threatened breach of Sections 3.1 or 10 will constitute immediate, irreparable harm to the non-breaching Party for which monetary damages would be an inadequate remedy, that injunctive relief is an appropriate remedy for such breach, and that if granted, the breaching Party agrees to waive any bond that would otherwise be required. If any legal action is brought by a Party to enforce this Agreement, the prevailing Party will be entitled to receive its attorneys’ fees, court costs, and other legal expenses, in addition to any other relief it may receive from the non-prevailing Party. 12.7 Compliance with Laws. Each Party shall comply with all laws applicable to such Party, including, but not limited to, all applicable anti-corruption laws and regulations (“Anti-Corruption Laws”). Anti- Corruption Laws include but are not limited to the United States Foreign Corrupt Practices Act and the UK Bribery Act, irrespective of whether either Party is legally subject to it. Neither Party shall engage in any deceptive or unethical trade practices or any act which might harm the other Party's reputation. Neither Party shall cause the other Party to violate any Anti-Corruption Laws in connection with the activities conducted under the Agreement or any other activities involving the other Party (collectively, the “Activities”). Neither Party shall, in connection with the Activities, pay, offer, promise, or authorize the payment or transfer of anything of value, directly or indirectly, to any other person or entity for the purpose of improperly obtaining or retaining business, for any other advantage, or for any other purpose prohibited by any Anti-Corruption Laws. 12.8 Export Controls. Service Provider’s Services and Platform are of United States origin and are provided subject to the U.S. Export Administration Regulations and the regulations of other jurisdictions. Diversion contrary to applicable law is prohibited. Without limiting the foregoing, each Party agrees that: (i) it is not, and is not acting on behalf of, any person who is a citizen, national, or resident of, or who is controlled by the government of any country to which the United States or other applicable government body has prohibited export transactions (Iran, North Korea, etc.); (ii) it is not and is not acting on behalf of, any person or entity listed on a relevant list of persons to whom export is prohibited (the U.S. Treasury Department list of Specially Designated Nationals Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Master Subscription Agreement (MSA) v012024 Page 12 of 12 and Blocked Persons, the U.S. Commerce Department Denied Persons List or Entity List, etc.); and, (iii) it will not use any Service Provider’s Services or the Platform for, and will not permit any Service Provider’s Services or the Platform to be used for, any purpose prohibited by applicable law. 12.9 Waivers. To be effective, any waivers must be in writing and signed by the Party to be charged. Any waiver or failure to enforce any provision of this Agreement on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. 12.10 Severability. If any provision of this Agreement is, for any reason, held to be unenforceable, the other provisions of this Agreement will be unimpaired, and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law (unless such modification is not permitted by law, in which case such provision will be disregarded). 12.11 Counterparts. This Agreement may be executed in counterparts, each of which will be considered an original, but all of which together will constitute the same instrument. 12.12 Publicity. Service Provider shall have the right to list Client as a client on Foundant Technologies' website, on publicly available client lists, or in media releases unless Client specifically requests, in writing, to not be listed. Client, at its sole discretion, shall cooperate with any reasonable request by Service Provider for assistance in the preparation of a case study, testimonials, or quotes documenting Client’s experience in using the Services. The final text of the case study shall be subject to Client’s written approval before publication. 12.13 Survival. Those provisions of this Agreement that by their nature should survive expiration or earlier termination will remain in effect following expiration or termination. These provisions include the provisions under Sections 5.3 through 5.7, 6, 7, 8, 9, and 10 as well as other identified Sections in the Agreement including payment and any Statements of Work and Client Order Forms. 12.14 Verification. At the Service Provider's discretion, Service Provider shall have the right to virtually audit Client’s implementation of the Services and Platform for verification of compliance with the terms set forth in this Agreement. 12.15 Entire Agreement. This Agreement, including any Client Order Form, Data Processing Agreement, Services Level Agreement, Professional Services Agreement, any exhibits or attachments thereto, and Statements of Work constitute the final and entire Agreement between the parties regarding the subject hereof and supersedes all other Agreements, whether written or oral, between the parties concerning such subject matter. No terms and conditions proposed by either party shall be binding on the other party unless accepted in writing by both parties, and each party hereby objects to and rejects all terms and conditions not so accepted. In the event of a conflict or inconsistency between any of the documents included in this Agreement, the following order of precedence shall apply: (1) Data Processing Agreement; (2) Service Level Agreement; (3) Client Order Form; (4) Master Subscription Agreement; (5) Statement(s) of Work; and, (6) Professional Services Agreement. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 1 of 13 EXHIBIT B - DATA PROCESSING AGREEMENT Foundant Technologies, Inc. This Data Processing Agreement (including its appendices, the “DPA”) is made and entered into as of the Effective Date of the Client Order Form by and between the entity agreeing to the Client Order Form (“Client”) and Foundant Technologies, Inc. (hereinafter referred to as “Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). This DPA supplements and forms part of the Master Subscription Agreement between the parties (together with the Client Order Form and other terms and conditions incorporated therein, the “Agreement”). The Parties agree as follows: 1. DEFINITIONS. Capitalized terms in this DPA have the meanings given in this DPA. Capitalized terms used but not defined herein have the meaning given elsewhere in the Agreement. 1.1. “Applicable Data Protection Legislation” means all privacy and data protection laws and regulations of any jurisdiction applicable to the processing of Controller Data that is the subject matter of this DPA, including without limitation, in each case where applicable, European Data Protection Legislation and the California Consumer Privacy Act of 2018, California Civil Code § 1798.100 et seq. (the “CCPA”). 1.2. “Controller” means the entity that determines the purposes and means of the processing of Controller Data. 1.3. “Controller Data” means any Personal Data Processed by Foundant Technologies on behalf of Client pursuant to the Agreement. 1.4. “Data Subject” means the identified or identifiable person to whom Personal Data relates. 1.5. “European Data Protection Legislation” means, in each case to the extent applicable to the Processing of Controller Data under the Agreement: (a) the EU General Data Protection Regulation 2016/679 (“GDPR”); (b) the UK General Data Protection Regulation, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and the Data Protection Act 2018 (collectively, (the “UK GDPR”); and (c) the Swiss Federal Act on Data Protection (“Swiss FDPA”). 1.6. “Personal Data” means any information (a) relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly, or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, or (b) that otherwise constitutes “personal information,” “personally identifiable information,” “personal data,” or similar terms defined in and governed by Applicable Data Protection Legislation. Exhibit B Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 2 of 13 1.7. “Personal Data Breach” means a breach of Foundant Technologies’ security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Controller Data. 1.8. “Process” means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, alignment, combination, restriction, erasure, destruction or disclosure by transmission, dissemination or otherwise making available. 1.9. “Processor” means an entity that Processes Personal Data on behalf of the Controller. 1.10. "Standard Contractual Clauses" or “Clauses” means “Module Two: Transfer controller to processor” and/or “Module Three: Transfer processor to processor,” as applicable, of the standard contractual clauses approved by the European Commission in decision 2021/914 of 4 June 2021, available at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj, as supplemented and/or amended by Appendix 3. 1.11. “Sub-processor” means a third-party data processor engaged by Foundant Technologies to Process Controller Data. 1.12. “Supervisory Authority” means an independent public authority that is established or recognized under Applicable Data Protection Legislation. 2. PROCESSING OF CONTROLLER DATA. 2.1. Roles of the Parties; Compliance. The Parties acknowledge and agree that, as between the Parties, with regard to the Processing of Controller Data under the Agreement (a) Client is the Controller and (b) Foundant Technologies is the Processor. Each Party shall comply with its obligations under Applicable Data Protection Legislation at all times. 2.2. Details of Processing. The details regarding Foundant Technologies’ Processing of Controller Data are set forth in Appendix 1 to this DPA. 2.3. Client’s Instructions. Foundant Technologies will only Process Controller Data: (i) as necessary to perform the Services and prevent or address technical problems with the Services; (ii) in accordance with Controller’s documented instructions under the Agreement; (iii) to perform its obligations and exercise its rights under the Agreement; and (iv) as required by applicable law. Processing outside the scope of these instructions (if any) shall require prior written agreement between the Parties. Client represents and warrants that it is, and at all relevant times will remain duly and effectively authorized to give instructions, with all necessary rights, permissions, and consents secured. Client shall have sole responsibility for the accuracy, quality, and legality of Controller Data and how Client acquired Controller Data. The Agreement and this DPA are Client’s complete and final instructions to Foundant Technologies for the Processing of Controller Data. Foundant Technologies will promptly inform Client in the event Foundant Technologies reasonably believes an instruction of Client violates Applicable Data Protection Legislation or if Foundant is unable to fulfill its obligations under this DPA, unless such notice is prohibited by applicable law. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 3 of 13 2.4. Processing Subject to the CCPA. In the event that the Processing of Controller Personal Data is subject to the CCPA, this Section 2.4 shall apply in respect of any personal information (as defined in the CCPA) contained therein. Foundant Technologies shall not (i) “sell” (as defined in the CCPA) any Controller Data; (ii) retain, use, or disclose any Controller Data for any purpose other than for the specific purpose of providing the Services as described in Section 2.3 or as otherwise permitted by the CCPA, including retaining, using, or disclosing Controller Data for a commercial purpose (as defined in the CCPA) other than for the provision of the Services; or (iii) retain, use, or disclose the Controller Data outside of the direct business relationship between Foundant Technologies and Client. Foundant Technologies hereby certifies that it understands its obligations under this Section 2.4 and will comply with them. Notwithstanding anything in the Agreement, the Parties acknowledge and agree that Foundant Technologies’ access to Controller Data does not constitute part of the consideration exchanged by the parties in respect of the Agreement. 2.5. Legal Requests. Service Provider will promptly notify Client in the event of any request, inquiry, or demand from law enforcement or government authorities relating to Controller Data (including subpoenas, court orders, or other legal requests), unless prohibited by applicable law or the requesting authority. Service Provider will take commercially reasonable steps to: (a) direct the requesting party to submit their request, inquiry, or demand directly to Client; (b) challenge any such request, inquiry, or demand on appropriate grounds, including a conflict with European Data Protection Legislation; or (c) limit the disclosure of Controller Data to only what is necessary to comply with the specific request, inquiry, or demand. 3. SECURITY MEASURES. 3.1. Foundant Technologies Security Measures. Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Foundant Technologies shall implement commercially reasonable technical, security, and organizational measures designed to protect and safeguard the Controller Data against Personal Data Breaches, as set forth in Appendix 2. Such measures shall at least reach a level of security equivalent to what is prescribed by: (i) Applicable Data Protection Legislation; and (ii) the American Institute of Certified Public Accountants’ (“AICPA”) Trust Services Criteria for a services organization’s system. Foundant Technologies will maintain its security controls and audits, pursuant to, amongst others, the AICPA’s Trust Services Criteria for a services organization’s system and shall regularly monitor compliance with these safeguards. Foundant Technologies will not materially decrease the overall security of the Services during the term of the Agreement. 3.2. Client Controls & Responsibilities. In providing the Services, Client acknowledges that Foundant Technologies provides certain complementary user entity controls (“Controls”), and that Client is responsible for administering such Controls. Client is further responsible for: (i) validating that access to Services is authorized for Users that it creates; (ii) removing access to the Services for Users who no longer require access; (iii) assigning the appropriate roles and permissions for each User; (iv) protecting any data upon download from the Services by Users; (v) validating that administrative access to the Services is authorized for Users; (vi) configuring password complexity to its instance of the Services to comply with the complexity policy requirements for its organization; (vii) the protection of its Users' credentials; (viii) using multi-factor Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 4 of 13 authentication when and where available in regards to Services; and (ix) complying with Section 3.2 of the MSA. 4. PERSONNEL AND CONFIDENTIALITY. 4.1. Personnel. Foundant Technologies shall take reasonable steps to ensure the reliability of any employee, agent, or contractor of Foundant Technologies who accesses the Controller Data (“Personnel”), ensuring in each case that access is limited to Personnel who need to know/access the relevant Controller Data, as necessary for the purposes of this Agreement, and to comply with the Applicable Data Protection Laws and the AICPA’s Trust Services Criteria for a services organization’s system in the context of such Personnel’s duties to Foundant Technologies. 4.2. Confidentiality. Foundant Technologies will impose appropriate contractual obligations upon its Personnel with access to Controller Data or ensure that such Personnel are subject to an appropriate statutory obligation of confidentiality, including relevant obligations regarding confidentiality, data protection, and data security. Personnel with access to Controller Data shall be informed of the confidential nature of Controller Data and shall have received appropriate training with respect to their responsibilities. 5. SUB-PROCESSORS. 5.1. Authorization. Client authorizes Foundant Technologies to appoint Sub-processors in accordance with this Section 5 for the purpose of providing the Services under the Agreement. Foundant Technologies is further authorized to use those Sub-processors set forth at https://info.foundant.com/rs/356-VHW-319/images/FT%20Subprocessors%20-%20Final%20- %20v042022.pdf. 5.2. Notice of Sub-processor Changes. Foundant Technologies shall give Client thirty (30) days’ notice of the appointment of any new Sub-processor, including relevant details of the processing activities to be performed by such Sub-processor. If, within ten (10) days of receipt of such notice, Client notifies Foundant Technologies in writing of any reasonable objection to the appointment on data protection grounds, Foundant Technologies shall postpone the appointment until reasonable steps have been taken to address Client’s objection. Where such steps are not sufficient to relieve Client’s objection, to the extent that it relates to the Services which require the use of such Sub-processor, Client may, by written notice to Foundant Technologies, terminate the applicable portion of the Agreement. 5.3. Responsibility for Sub-processors. Where a Sub-processor fails to fulfill its data protection obligations, Foundant Technologies shall remain fully liable to Client for the performance of the Sub-processor’s obligations. 5.4. Sub-processor Requirements. With respect to each Sub-processor: (i) Foundant Technologies shall, before the Sub-processor first Processes Controller Data, carry out adequate due diligence to ensure that the Sub-processor is capable of providing the level of protection for Client Data required by the Agreement; and, (ii) ensure that the arrangement between Foundant Technologies and the Sub-processor is governed by a written contract that substantially meets the same obligations under this DPA. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 5 of 13 6. PERSONAL DATA BREACH. 6.1. Notice. If Foundant Technologies becomes aware of a confirmed Personal Data Breach it will notify Client without undue delay. Such notice will include, to the extent possible, details of the Personal Data Breach, the corrective actions taken or planned to be taken, and the steps Foundant Technologies recommends Client take to address the Personal Data Breach. 6.2. Investigation and Response. After becoming aware of a confirmed Personal Data Breach, Foundant Technologies shall promptly: a. Commence an investigation of the Personal Data Breach in order to determine the scope, nature, and the likely consequences of the Personal Data Breach; b. Take appropriate steps to prevent, mitigate, or rectify the possible adverse effects of the Personal Data Breach and minimize damage resulting therefrom; and c. Where possible, provide Client with such details relating to the Personal Data Breach as Client reasonably requires and provide reasonable assistance to support Client in complying with its obligations under Applicable Data Protection Legislation. 6.3. Public Disclosures. Neither Party shall make or provide any filings, communications, notices, press releases, or reports related to a Personal Data Breach that reference the other Party without obtaining the consent of such party, which cannot be reasonably withheld, prior to any publication or communication thereof. 6.4. Client Security Incidents. In the event that Client experiences any security incident or other breach of security affecting the security or confidentiality of the Services, including without limitation any unauthorized access to a User account or a breach of user credentials, Client shall promptly notify Foundant Technologies and reasonably cooperate with Foundant Technologies in the investigation and remediation of any such matter. 7. RIGHTS OF DATA SUBJECTS. 7.1. Receipt of Data Subject Requests. Foundant Technologies shall promptly notify Client if it receives a request from a Data Subject to exercise the Data Subject’s rights in respect of Controller Data under Applicable Data Protection Legislation (i.e., rights of access, rectification, restriction of processing, erasure, data portability, or to object to Processing) (each, a “Data Subject Request”). Foundant Technologies will not respond to any such requests unless authorized to do so by Client (unless required to do so under Applicable Data Protection Legislation or under the instructions of a Supervisory Authority). 7.2. Data Subject Request Assistance. Foundant Technologies shall provide commercially reasonable assistance to Client by taking appropriate technical and organizational measures for fulfilling Client’s obligations in responding to Data Subject Requests, as provided in Applicable Data Protection Legislation, including by providing self-service functionality of the Services that allows Client to independently process requests, as available. Unless prohibited under Applicable Data Protection Legislation, Client will reimburse Foundant Technologies for any costs and expenses related to Foundant Technologies’ provision of such assistance. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 6 of 13 8. AUDITS. 8.1. Independent Audits. Foundant Technologies utilizes external auditors to perform an audit to verify the adequacy of its security measures and other obligations under this DPA. This audit will: (i) be performed at least annually; (ii) be performed in accordance with the AICPA’s Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization (or an equivalent audit under the successor standard as may then be in effect); (iii) be performed by independent third party security professionals at the Foundant Technologies’ selection and expense; and (iv) result in the generation of a System and Organization Controls Type 2 audit report (“SOC 2 Report”), which will be Foundant Technologies’ Confidential Information. 8.2. Audit Rights. Not more than once per year, and solely for the purpose of meeting its audit requirements under any Applicable Data Protection Legislation to confirm Foundant Technologies’ compliance with this DPA, Client may request an audit in writing. Foundant Technologies shall then permit Client (or its appointed third-party auditors) to review Foundant Technologies' SOC 2 Report and other security and/or compliance documentation that Foundant Technologies may make generally available to customers, if any (collectively, the “Security Documentation”). Client will not exercise its audit rights more than once in any twelve (12) calendar month period and Client agrees that the Security Documentation will be used as the primary and only mechanism to audit and inspect Foundant Technologies' processing activities, except: (i) if and when required by instruction of a Supervisory Authority; or, (ii) Client believes a further on-site audit is necessary due to a Personal Data Breach suffered by Foundant Technologies. 8.3. On-Site Audits. In the event that an on-site audit is required under Section 8.2(i) or (ii), then such audit requests must meet the following requirements: a. Any audit must be requested with at least thirty (30) days prior written notice and include a detailed audit plan that describes the proposed scope, duration, reimbursement rates, and start date of the audit which the Parties must mutually agree upon prior to the commencement of an audit. Audit requests must be sent to security@foundant.com. b. Prior to conducting the audit, the auditor must provide to Foundant Technologies an executed nondisclosure agreement provided by Foundant Technologies. c. The audit must be conducted during Foundant Technologies’ regular business hours, subject to Foundant Technologies' policies, and may not unreasonably interfere with Foundant Technologies’ business activities. d. Client will reimburse Foundant Technologies for any time expended at its then-current reasonable ancillary services rates, made available to Client upon request. All reimbursement rates will be reasonable and take into account the resources expended by Foundant Technologies. Additionally, Client is fully responsible for any and all costs associated with third-party auditors associated with the audit. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 7 of 13 8.4. Results of Audits. For all audits, Client must immediately notify Foundant Technologies with information regarding any suspected or actual non-compliance revealed during an audit. Any information resulting or derived from any audit under this Section 8, including any analyses, notes, assessments, or other materials in whatever form or media, constitute Foundant Technologies’ Confidential Information subject to applicable protections defined in the Agreement. 9. DATA PROTECTION IMPACT ASSESSMENTS, TRANSFER ASSESSMENTS, AND PRIOR CONSULTATIONS. In the event that Applicable Data Protection Legislation requires Client to conduct a data protection impact assessment, transfer assessment, or prior consultation with a Supervisory Authority, Foundant Technologies shall, upon Client’s reasonable request, use commercially reasonable efforts to provide relevant information and assistance to Client for Client to fulfill such requirement, taking into account the nature of Foundant Technologies’ Processing of Controller Data and the information available to Foundant Technologies. 10. DOCUMENTATION. Foundant Technologies shall maintain complete, accurate, and up-to-date documentation of its Controller Data Processing activities and measures taken hereunder, as required under Applicable Data Protection Legislation and the AICPA’s Trust Services Criteria for a services organization’s system. 11. TRANSFERS OF CONTROLLER DATA. 11.1. Data Processing Facilities. Foundant Technologies may, subject to Section 11.2, Process Controller Data in the United States or anywhere Foundant Technologies or its Sub-processors maintain facilities. Subject to Foundant Technologies’ obligations in this Section 11, Client is responsible for ensuring that its use of the Services and Platform complies with any cross-border data transfer restrictions under Applicable Data Protection Legislation. 11.2. Standard Contractual Clauses. In the event that Client transfers Controller Data subject to European Data Protection Legislation to Foundant Technologies in a country which has not been recognized as providing an adequate level of protection for such Controller Data within the meaning of applicable European Data Protection Legislation, and no lawful alternative basis, mechanism, or framework for such transfer of Controller Data applies, such transfer will be governed by the Standard Contractual Clauses, the terms of which are hereby incorporated into this DPA. For the avoidance of doubt: (i) if Client is acting as the Controller with respect to Controller Data, “Module Two: Transfer controller to processor” shall apply; and/or (ii) if Client is acting as a Processor to a third-party Controller with respect to Controller Data, “Module Three: Transfer processor to processor” shall apply. The Standard Contractual Clauses shall automatically terminate once the Controller Data transfer governed thereby becomes lawful under European Data Protection Laws in the absence of such Standard Contractual Clauses on any other basis. 12. DELETION AND RETURN OF CONTROLLER DATA. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 8 of 13 Foundant Technologies shall promptly delete or return all copies of Controller Data, except where such copies are required to be retained in accordance with: (i) Applicable Data Protection Legislation; or (ii) the AICPA’s Trust Services Criteria for a services organization’s system. 13. GENERAL TERMS. 13.1. Survival. The obligations placed upon the parties under this DPA shall survive so long as Foundant Technologies and/or its Sub-processors process Controller Data on behalf of Client. 13.2. Governing Law. The parties to this DPA hereby submit to the choice of jurisdiction and/or forum stipulated in the Agreement with respect to any disputes or claims however arising under this DPA, including disputes regarding its existence, validity, or termination or the consequences of its nullity. This section shall not apply to the Standard Contractual Clauses. 13.3. Severability. Should any provision of this DPA be invalid or unenforceable, then the remainder of this DPA shall remain valid and in force. The invalid or unenforceable provision shall be either amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible, or, if this is not possible, construed in a manner as if the invalid or unenforceable part had never been contained therein. 13.4. Modification. In the event that a modification to this DPA is required for compliance with Applicable Data Protection Legislation, Foundant Technologies may modify this DPA by notice to Client at least thirty (30) days (or such shorter period as may be required to comply with Applicable Data Protection Legislation) before the change will take effect by either: (a) providing notice in accordance with the Agreement; or (b) alerting Client via the Services or Platform. If Client objects to any such modification, Client may immediately terminate this DPA and the Agreement for convenience by giving written notice to Foundant Technologies within forty-five (45) days of being informed by Foundant Technologies of the modification. 13.5. Order of Precedence. To the extent of any conflict or inconsistency between this DPA and the other terms of the Agreement, this DPA will govern. 13.6. Liability. Any liabilities arising in respect of this DPA are subject to the limitations of liability under the Agreement. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 9 of 13 Appendix 1 Subject Matter and Details of Processing This Appendix 1 includes certain details of the Processing of Controller Data. Subject matter and duration of the Processing of Personal Data: The subject matter and duration of the Processing of Controller Data are set out in the Agreement and this DPA. The nature and purpose of the Processing of Personal Data: Processing of Controller Data by Foundant Technologies is reasonably required to facilitate or support the provision of the Services as described under the Agreement and this DPA. Categories of Data Subjects: The categories of Data Subjects about whom the Controller Data relates will depend on the Services and Platform provided to and accessed by Client and are determined and controlled by Client in its sole discretion and/or dependent on the Services and Platform, and may include, but are not limited to: ● Prospects, donors, visitors, grant or scholarship applicants, subscribers of the Client (who are natural persons); ● Employees, agents, advisors, independent contractors, or business partners of the Client; and ● Users authorized by the Client to use the Service. Types of Personal Data Processed: The types of Controller Data Processed will depend on the Services and Platform provided to and accessed by Client and are determined and controlled by Client in its sole discretion depending on services, products, licenses, and subscriptions purchased by the Controller, and may include, but are not limited to: ● First and last name ● Contact information (title, position, company, email, phone, physical business address) ● Grant and/or scholarship application data ● Other information which Client chooses to collect via the Services Special Categories of Personal Data Processed: The special categories of Controller Data Processed will depend on the Services and Platform provided to and accessed by Client and are determined and controlled by Client in its sole discretion, and may include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, criminal convictions. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 10 of 13 Appendix 2 Security Measures A. Information Security Program. Foundant Technologies implements, maintains and complies with information security policies and procedures designed to protect the confidentiality, availability, and integrity of Controller Data and any systems that store or otherwise Process it, which are: (a) aligned with an industry-standard control framework (e.g., NIST SP 800-53, ISO 27001, CIS Critical Security Controls); (b) approved by executive management; (c) reviewed and updated at least annually; and (d) communicated to all personnel with access to Controller Data. B. Risk Assessment. Foundant Technologies maintains risk assessment procedures for the purposes of periodic review and assessment of risks to the organization, monitoring and maintaining compliance with the organization’s policies and procedures, and reporting the condition of the organization’s information security and compliance to internal senior management. Risk assessment procedures include vulnerability scans and penetration testing. C. Personnel Training. Foundant Technologies trains personnel to maintain the confidentiality, integrity, availability and security of Controller Data, consistent with the terms of the Agreement and Applicable Data Protection Legislation. D. Vendor Management. Prior to engaging Sub-processors and other subcontractors, Foundant Technologies conducts reasonable due diligence and monitoring to ensure subcontractors are capable of maintaining the privacy, confidentiality, security, integrity and availability of Controller Data. E. Access Controls. Only authorized personnel and third parties are permitted to access Controller Data. Foundant Technologies maintains logical access controls designed to limit access to Controller Data and relevant information systems (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur). F. Secure User Authentication. Foundant Technologies maintains password controls designed to manage and control password strength, expiration, and usage. These controls include prohibiting users from sharing passwords and requiring that passwords controlling access to Controller Data must: (a) be at least eight (8) characters in length and meet minimum complexity requirements; (b) not be stored in readable format on the organization’s computer systems; and, (c) a first time user will be prompted to create their own password after first use. G. Incident Detection and Response. Foundant Technologies maintains policies and procedures to detect and respond to actual or reasonably suspected Security Incidents, and encourages the reporting of such incidents. H. Encryption and Pseudonymization. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 11 of 13 Foundant Technologies applies industry standard encryption to Controller Data: (a) stored on any medium (i.e., laptops, mobile devices, portable storage devices, file servers and application databases); and (b) transmitted across any public network (such as the Internet) or wirelessly. Where applicable to the Services and Platform, Foundant Technologies will implement and maintain technical and organizational measures to pseudonymize Controller Data in accordance with Applicable Data Protection Legislation, such as attribute suppression, character masking, noise addition, differential privacy, swapping, k- anonymity, L-diversity/T-closeness, etc. I. Network Security. Foundant Technologies implements network security controls such as up-to-date firewalls (including AWS Web Application Firewall), layered DMZs, updated intrusion detection/prevention systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack. J. Vulnerability Management. To detect, assess, mitigate, remove, and protect against new and existing security vulnerabilities and threats, including viruses, bots, and other malicious code, Foundant Technologies implements vulnerability management, threat protection technologies, and scheduled monitoring procedures. K. Change Control. Foundant Technologies follows change management procedures and has implemented tracking mechanisms designed to test, approve and monitor all changes to the organization’s technology and information assets that are used to provide the Services. L. Physical Security. The physical and environmental security of data centers, server room facilities and other areas containing Controller Data is designed to: (a) protect information assets from unauthorized physical access; (b) manage, monitor and log movement of persons into and out of the organization’s facilities; and (c) guard against environmental hazards such as heat, fire and water damage. M. Business Continuity and Disaster Recovery. Foundant Technologies maintains business continuity and disaster recovery policies and procedures designed to maintain service and recover from foreseeable emergency situations or disasters. This includes the use of commercially reasonable efforts to maintain service uptime requirements except for (a) planned downtime or (b) any unavailability caused by circumstances beyond Foundant Technologies’ reasonable control (e.g., acts of God, acts of government, acts of terror, Internet service provider failures or delays). Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 12 of 13 APPENDIX 3 Standard Contractual Clauses Addendum The parties agree that the following terms shall apply to and supplement and/or modify the Standard Contractual Clauses, as applicable. 1. EXECUTION. The parties agree that execution of the DPA shall constitute execution of the Standard Contractual Clauses as of the Effective Date. 2. SELECTIONS. The parties agree to the selections in the table set forth below in respect of the corresponding clauses of the Standard Contractual Clauses. Section Reference Concept Selection by the Parties Section I, Clause 7 Docking Clause N/A Section II, Clause 9 Approval of Subprocessors Option 2: GENERAL WRITTEN AUTHORIZATION Specified time period: thirty (30) days Section IV, Clause 17 Governing law The laws of the Republic of Ireland. See also Sections 4 and 5 of this Appendix 3. Section IV, Clause 18 (b) Choice of forum and jurisdiction The courts of the Republic of Ireland. See also Sections 4 and 5 of this Appendix 3. Annex I.A List of Parties – Data exporter(s) Client Role: controller Annex I.A List of Parties – Data importer(s) Foundant Technologies Role: processor Annex I.A. Description of the Transfer Categories of data subjects: See Appendix 1. Categories of personal data: See Appendix 1. Sensitive data transferred: See Appendix 1. The frequency of the transfer: For the duration of the Order Term. Nature of the processing: As set forth in the Agreement. Purpose(s) of the data transfer and further processing: To allow Foundant Technologies to provide the Services and Platform under the Agreement. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period: As set forth in the Agreement, the DPA, or as otherwise determined by Client. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing: As above. Annex I.C Competent Supervisory Authority As determined by Clause 13 and the GDPR or Sections 4 and 5 of this Appendix 3. Annex II Technical and Organisational Measures See Appendix 2. 3. SUPPLEMENTAL BUSINESS-RELATED CLAUSES. In accordance with Clause 2 of the Standard Contractual Clauses, the parties wish to supplement the Clauses with business-related clauses, which shall neither be interpreted nor applied in such a way as to contradict the Clauses (whether directly or indirectly) or to prejudice the fundamental rights and freedoms of data subjects. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Data Processing Agreement (DPA) - v042022 Page 13 of 13 Foundant Technologies and Client therefore agree that the applicable terms of the Agreement and the DPA shall apply if, and to the extent that, they are permitted under the Clauses, including without limitation the following: a. In the event of a data subject request for a copy of the Clauses in accordance with Clause 8.3, Client shall make all redactions reasonably necessary to protect business secrets or other confidential information of Foundant Technologies. b. Certification of deletion of personal data under Clause 8.5 and Clause 16(d) shall be provided upon the written request of Client. c. Deletion and/or return of personal data by Foundant Technologies under the Clauses shall be governed by Section 12 of the DPA. d. Foundant Technologies shall be deemed in compliance with Clause 8.8 to the extent such onward transfers occur in accordance with Article 4 of the Commission Implementing Decision (EU) 2021/914 of 4 June 2021. e. Any information requests or audits provided for in Clause 8.9 shall be fulfilled in accordance with Section 8 of the DPA. f. Section 13.6 of the DPA and the terms of the Agreement which govern indemnification and limitation of liability shall apply to Foundant Technologies’ liability under Clauses 12(a), 12(d), and 12(f). g. The terms of the Agreement which govern termination shall apply to a termination pursuant to Clause 14(f) or Clause 16. 4. TRANSFERS FROM SWITZERLAND. If the Clauses apply to the Processing of Controller Data governed by the Swiss FDPA, the Clauses shall be modified as follows: a. the term “member state” shall not be interpreted in such a way as to exclude data subjects in Switzerland from suing for their rights in their place of habitual residence in accordance with Clause 18(c); b. the Clauses shall also protect the data of legal entities until the entry into force of the revised Swiss FDPA on or about 1 January 2023; c. references to the GDPR or other governing law contained in the Clauses shall also be interpreted to include the Swiss FDPA; and d. the parties agree that the supervisory authority as indicated in Annex I.C shall be, insofar as the data transfer is governed by the Swiss FDPA, the Swiss Federal Data Protection and Information Commissioner. 5. TRANSFERS FROM THE UNITED KINGDOM. If Client transfers Controller Data to Foundant Technologies that is subject to the UK GDPR, this Section 5 shall apply to and modify the Standard Contractual Clauses to the extent that the UK GDPR applies to Client’s Processing when making that transfer. As used in this Section, “Approved Addendum” means the template addendum issued by the Information Commissioner and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of such addendum. The Parties acknowledge that the information required to be set forth in “Part 1: Tables” of the Approved Addendum shall be completed in accordance with Appendix 1 and this Appendix 3 of the DPA. “Part 2: Mandatory Clauses” of the Approved Addendum, as it is revised under section 18 of those Mandatory Clauses, is hereby incorporated herein by reference. For purposes of section 19 of the Mandatory Clauses, each Party to this Agreement may end the Addendum in accordance with section 19 thereof. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 1 of 4 SERVICE LEVEL AGREEMENT Foundant Technologies, Inc. This Service Level Agreement (“SLA”) is made and entered into as of the Effective Date by and between, Client (hereinafter referred to as “Client”), and Foundant Technologies, Inc. (hereinafter referred to as “Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). This SLA is a supplement to and made part of the Client Order Form, the Master Subscription Agreement, the Data Processing Agreement, the Professional Services Agreement, and any related Statements of Work (collectively, the “Agreement”). The Parties agree as follows: 1. DEFINITIONS. 1.1 “Critical Function” means the level of functionality that can be considered as a core characteristic of the Software whose failure would contribute to, or cause, a failure condition that would prevent the continued use of the Software. 1.2 “Error” means an instance of failure in coding or logic that causes the Software to not function substantially as intended. 1.3 “Other Causes” means: (a) downtime caused solely by the Client’s or Users’ use of the Services or Platform other than in accordance with the Agreement; (b) lack of availability or untimely response time from the Client with regard to incidents that require its participation for source identification and/or resolution; (c) the impairment or unavailability of minor features or functionality that do not materially affect the end user experience or productivity such as cosmetic defects or pending Client requests to Foundant Technologies for functionality or configuration changes not included in the core Services or Platform offering; (d) system impairment or unavailability caused by scheduled routine activities such as the loading of new data; or, (e) the Client’s or Users’ computers or network equipment and any third party activities, equipment, or software not within Foundant Technologies’ direct control. 1.4 “Scheduled Downtime” means Software downtime resulting from either a Force Majeure event(s) or for regular maintenance, improvements, and updates, as determined by Service Provider. 1.5 “Support” means Service Provider team that will assist in technical maintenance and Error resolution. 1.6 “Support Services” means technical support and maintenance of the Software as described in Section 5 of this document. 1.7 “Update” means regular updates to the Software, including new features and functionalities, resolution of Software defects and smaller enhancements to the Software. 1.8 Capitalized terms that are not listed in this SLA have the same meaning as provided elsewhere in the Agreement. Exhibit C Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 2 of 4 2. ACCESS TO THE SOFTWARE. 2.1 For the Order Term, Service Provider shall provide the Client and the Users with access to the Software. 2.2 Client may grant Software access to as many Users as it desires. 3. HOSTING AND PLATFORM ADMINISTRATION. 3.1 Service Provider shall provide all site hosting for the Software. Service Provider shall use commercially reasonable efforts to make the Software available to Users twenty-four (24) hours a day, seven (7) days a week (excluding Scheduled Downtime and Other Causes), and Service Provider shall maintain disaster recovery procedures such that corrective action will be quickly taken should the Software become unavailable for any reason, excluding Scheduled Downtime and Other Causes. 3.2 The Service Provider will use commercially reasonable efforts to make the Software available on average of ninety-nine point five percent (99.5%) of each ninety (90) day period during the Order Term, excluding Scheduled Downtime and Other Causes. 3.3 Scheduled Downtime does not count against Software availability under Section 3.2, and is considered regularly scheduled if it is communicated with at least forty-eight (48) hours in advance of the Scheduled Downtime when the downtime is expected to last less than four (4) hours. In the event any Scheduled Downtime is expected to last over four (4) hours in duration (i.e., for an Update), Service Provider shall notify the Client at least seventy-two (72) hours in advance of the Scheduled Downtime. Service Provider shall use commercially reasonable efforts to limit Scheduled Downtime to a maximum of six (6) times within a ninety (90) day period. 3.4 Service Provider shall back up all data files associated with the Software on a daily basis to prevent the loss of critical data, with back-ups stored in a separate and secure location from the Software hosting location(s). 3.5 Scheduled maintenance periods for production environments will not take place between 7:00 AM and 6:00 PM Mountain Time Monday through Friday unless there is an emergency (e.g., to implement a security patch, etc.). 3.6 Service Provider shall not be held accountable for unavailability of the Software due to acts of Client or its agents or Affiliates, network unavailability outside of the Service Provider’s network, or due to any failure, defect, malfunction of any software or equipment not provided by Service Provider. The Service Provider’s network is defined to extend from the hosting device to, include, and terminate at a router controlled by the data center hosting the Software, and which interfaces with the data center’s wide area network (“WAN”) connections. The WAN connections to a data center’s backbone providers (e.g., Bell South, AT&T Local, MFS, etc.) and backbone provider connections are outside of the Service Provider’s network. 4. PLATFORM SECURITY. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 3 of 4 4.1 The Platform will be designed to be accessible only to Users authorized by Client. 4.2 Platform passwords will be required in accordance with the provisions of the Agreement. 4.3 Service Provider shall maintain firewalls and network / intrusion detection software designed to monitor and prevent unauthorized access to the Platform. 5. SUPPORT SERVICES. 5.1 Technical and operational support services are available from 7:00 AM Mountain Time to 6:00 PM Mountain Time on Monday through Friday, excluding any Service Provider holidays (“Business Day”), and are included with the Support Services. 5.2 All Support communication is provided in English. 5.3 Support does not provide assistance with or support for non-Foundant Technologies products, services, or technologies, including databases, computer networks, communication systems, computers, hard drives, networks, printers, or the like. 5.4 Client shall promptly notify Service Provider of any Errors or other support request issues by contacting Service Provider Support through the following contact methods: 5.4.1 Online Support Hub – Clients login access to the Service Provider Support Hub located at https://support.foundant.com (the “Support Hub”). The Support Hub shall provide Client with access to its open and resolved tickets, information about the Services, including but not limited to, service announcements, Support contact methods, and access to the Documentation. 5.4.2 Telephone Support – Client may contact Service Provider Support at (877) 297-0043 or (406) 602-0600. If a Service Provider representative is unavailable to take the call, Client may leave a detailed message that describes the support issue and includes a contact phone number and email address. Tickets are created for all answered phone calls and voicemails and are assigned to the next available Service Provider Support team member. 5.4.3 Email Support – Client can contact Support through email. Support tickets are created for all requests received at support@foundant.com and assigned to the next available Service Provider Support team member.. 5.4.4 Chat Support – During the Business Day, Client can contact Support by using the chat widget located within the Software and the Support Hub. Support tickets are created for all chats and assigned to the next available Service Provider Support team member. 5.5 For each Error reported by Client, Service Provider shall maintain a record by creating a Support ticket and assigning a Support request number. Responses to Support emails are automatically logged with the original request. 5.6 Service Provider shall internally initiate commercially reasonable efforts to resolve each Error. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Service Level Agreement (SLA) v042022 Page 4 of 4 5.7 Support shall use commercially reasonable efforts to respond to Errors reported to it by Client and shall use commercially reasonable efforts to provide a resolution timeline for correcting such Error. 5.8 In the event of a complete system outage impacting Client, or failure of a Critical Function, Service Provider will communicate with Client, through appropriate communication channels on the following schedule: 5.8.1 First Notification - Within one (1) hour from time of discovery and confirmation of outage or Critical Function failure. 5.8.2 Subsequent Notifications - Every three (3) hours until resolution is in place and confirmed. 6. UPDATES. 6.1 The Service Provider will make available to Client any and all Updates on the Platform as indicated on the Client Order Form, along with associated Documentation describing the purpose and function of the Update. 6.2 Service Provider will use commercially reasonable efforts that such Update does not degrade the performance, functioning, or operation of the Platform. 6.3 After an Update has been incorporated into the Platform, the Update shall be considered part of the Service or Platform indicated on the Client Order Form. 7. LEARNING & DEVELOPMENT. 7.1 The Service Provider’s interactive training tool, Foundant Courses, shall be available to Client during and after training implementation in their sandbox environment, if applicable. In accordance with this SLA, Foundant Courses will include Software updates, new features, and enhancements. 7.2 The Service Provider Support Hub will provide a library of product support and help articles. In accordance with this SLA, the Support Hub will include product updates, new features, or relevant enhancements. 8. DOCUMENTATION. 8.1 Within a reasonable amount of time after implementing an Update, the Service Provider will enable Client access to modified Documentation and corresponding changes to the Support Hub and Foundant Courses describing such Updates. 9. SERVICE GUARANTEE. 9.1 If the Service Provider does not consistently meet the Client’s expectations in the delivery of Services, the Client may terminate this Agreement upon thirty (30) day notice to Service Provider for any reason as outlined in the Master Subscription Agreement. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 1 of 5 PROFESSIONAL SERVICES AGREEMENT Foundant Technologies, Inc. This Professional Services Agreement (“PSA”) is made and entered into as of the Effective Date of the Client Order Form duly executed by and between Client (hereinafter referred to as “Client”), and Foundant Technologies, Inc. (hereinafter referred to as “Foundant Technologies” or “Service Provider”) (singularly, a “Party” and collectively, the “Parties”). This PSA is a supplement to and made part of the Client Order Form, Master Subscription Agreement, Data Processing Agreement, Service Level Agreement, and any related Statements of Work (“SOW”) (collectively, the “Agreement”). 1. DEFINITIONS. 1.1 “Change Order” means any change to an SOW as described in Section 4.7. Change Orders will be deemed incorporated by reference in the applicable SOW. 1.2 “Deliverable/s” means any tangible item or action, except for the Platform, identified as provided by Service Provider in (i) Section 1.2 of the SOW or (ii) any Change Order. 1.3 Capitalized terms that are not listed in this PSA have the same meaning as provided elsewhere in the Agreement. 2. PROFESSIONAL SERVICES. 2.1 Subject to the terms and conditions of the Agreement, Service Provider will provide Client with Professional Services as set forth in the applicable SOW(s) executed by Service Provider and Client, subject to Client’s payment of all fees as set forth in the Section 5 of this PSA. 2.2 This PSA is limited to Professional Services, the Deliverables, and does not convey any right to use any other of the Services or the Platform. Any use of other Services by Client will be governed by a separate document within the Agreement. Client agrees that its purchase of Professional Services is not contingent on the delivery of any future Services functionality or features, other than the Deliverables, subject to the terms of the applicable SOW or Client Order Form. 3. CLIENT COOPERATION. 3.1 Client agrees to provide, at no cost to Service Provider, reasonable assistance and other resources requested by Service Provider to enable the performance of the Professional Services (collectively, “Assistance”). 3.2 Client will act in good faith with Service Provider by, without limitation: (a) timely performing any tasks necessary to enable Service Provider to perform its obligations under each SOW or Client Order Form; (b) timely providing any Client obligations as outlined in each SOW or Client Order Form; (c) timely responding to Service Provider’s inquiries related to the Professional Services; Exhibit DDocusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 2 of 5 (d) assigning an internal project manager for each SOW or Client Order Form to serve as a primary point of contact for Service Provider; (e) actively participating in scheduled project meetings; (f) providing, in a timely manner and at no charge to Service Provider: office workspace, telephone and other facilities, configured computer equipment with internet access, access to employees and agents of Client having knowledge and skills necessary to complete Service Provider’s request, and coordination of onsite, online and telephonic meetings, all of the above as reasonably requested by Service Provider or as otherwise defined in Agreement; and, (g) complete, accurate and prompt delivery of information, data and feedback all as reasonably requested by Service Provider or as otherwise defined in the Agreement. 3.3 Any delays in the performance of Professional Services or delivery of Deliverables, directly or indirectly related to Client’s acts or omissions may result in additional applicable charges for resource time. 3.4 Service Provider will not be liable for any deficiency in the performance of Professional Services to the extent such deficiency results from any acts or omissions of Client, including, but not limited to, Client’s failure to provide Assistance as required hereunder. 4. DELIVERY, ACCEPTANCE, AND CHANGE ORDERS. 4.1 Service Provider will provide the Professional Services, including any Deliverables, in accordance with the Agreement. 4.2 Client and Service Provider agree to cooperate in good faith to achieve completion of the Professional Services in a timely and professional manner. 4.3 Client is responsible for reviewing and testing all Deliverables in accordance with any reviewing and testing described in the related SOW or Client Order Form and pursuant to any acceptance criteria or test plans mutually agreed upon in writing by the parties for such Deliverable. Failure to reject a Deliverable, as set forth below, will be deemed as acceptance. If Client reasonably determines in good faith that any submitted Deliverable does not satisfy the acceptance criteria, Client must notify Service Provider in writing within ten (10) business days after Service Provider’s submission of the Deliverable, specifying any and all acceptance criteria deficiencies in detail. Service Provider will use commercially reasonable efforts to correct such deficiencies and, if necessary, shall resubmit the Deliverable to Client in a timely manner. Client will again review and test the Deliverable against the acceptance criteria, and shall detail any deficiencies to Service Provider in writing within ten (10) business days after resubmission of the Deliverable. If a Deliverable fails to meet the functional requirements specified in the applicable SOW or Client Order Form after the second submission of the Deliverable to Client, Client may either, as its sole and exclusive remedy: (i) again reject the Deliverable and return it to Service Provider for further correction and resubmission in accordance with the process described above. If the Deliverable is not Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 3 of 5 accepted after two resubmissions, the matter will be escalated to Client’s executive sponsor for the project associated with the SOW or Client Order Form and the Service Provider Engagement Manager; or, (ii) terminate the relevant SOW or Client Order Form immediately upon written notice. If the parties determine that a Deliverable’s functional requirements specified in a SOW or Client Order Form require modification (for example, due to incorrect assumptions or changed requirements), they will cooperate in good faith to execute a Change Order for such revised requirements. 4.4 Acceptance of Professional Services, including a Deliverable, will not affect Client’s rights or remedies under Section 7. 4.5 Service Provider will perform the Professional Services through qualified employees (“Professional Services Personnel”). Service Provider may replace Professional Services Personnel in its normal course of business, provided that Service Provider will be responsible for the performance of Professional Services by all Professional Services Personnel. 4.6 Service Provider will control the method and manner of performing all work necessary for completion of Professional Services, including but not limited to the supervision and control of any Professional Services Personnel performing Professional Services. Service Provider will maintain such a number of qualified Professional Services Personnel and appropriate facilities and other resources sufficient to perform Service Provider’s obligations under the Agreement and in accordance with its terms. 4.7 A Party may request a change in a Statement of Work (whether in Fees or otherwise) by submitting a written change request to the other Party describing the requested changes (a “Change Order Request”) using the Change Order . Absent the execution of a Change Order, the Parties will proceed to fulfill their obligations under the applicable SOW in accordance with its original terms. 5. FEES, INVOICING, AND TAXES. 5.1 Client will pay Service Provider the Fees for the Professional Services. Professional Services are provided on a fixed fee basis. 5.2 Unless otherwise stated in the Agreement, and in accordance with the Service Provider’s travel and expense policies, Client will reimburse Service Provider for all reasonable travel and out-of-pocket expenses incurred in connection with Professional Services. If an estimate of expenses is provided in the applicable SOW or Client Order Form, Service Provider will not materially exceed such estimate without the written consent of Client. 5.3 The Fees will be invoiced, in advance, in the manner as provided in the SOW or Client Order Form, as applicable, unless otherwise expressly stated therein. 5.4. Subject to Section 5.5, if any amount owing by Client under this or any other agreement for Professional Services is thirty (30) days or more overdue, Service Provider may, without limiting its other rights and remedies, suspend its performance of Professional Services until such amounts are paid in full. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 4 of 5 5.5 Service Provider will not exercise its rights under Section 4.3 of the MSA or suspension of Professional Services section above if Client is reasonably disputing the applicable charges in good faith and cooperating diligently to resolve the dispute. 6. PROPRIETARY RIGHTS AND LICENSES. 6.1 Service Provider shall own all rights, title and interest in and to the Deliverables, including all related intellectual property rights. Deliverables are Service Provider’s Confidential Information and Client may not reverse engineer, decompile, disassemble, translate, copy, reproduce, display, publish, create derivative works of, assign, sell, lease, rent, license, sublicense or grant a security interest in all or any portion of the Deliverables. Subject to the terms and conditions of the Agreement, and during the Order Term, Service Provider hereby provides Client with a limited, non-exclusive, nontransferable terminable license to use the Deliverables solely for Client’s internal operations in connection with its authorized use of the Platform. 6.2 The Parties hereby agree that the Professional Services involve the configuration of Client’s subscription to Software and the integration of Client Data with and into the Platform, and therefore the Deliverables are inoperative without an active subscription to the Software. 7. WARRANTIES. 7.1 Service Provider hereby represents and warrants that: (a) the Professional Services provided pursuant to the Agreement will be performed in a timely and professional manner by Service Provider and its Professional Services Personnel, consistent with generally-accepted industry standards; provided that Client’s sole and exclusive remedy for any breach of this warranty will be, at Service Provider’s option, re- performance of the Professional Services or termination of the applicable SOW; and, (b) it is under no contractual or other restrictions or obligations which are inconsistent with the execution of the Agreement, or, to its best knowledge, which will interfere with its performance of the Professional Services. 7.2 IN THE EVENT THAT CLIENT MODIFIES ANY DELIVERABLES IN A MANNER NOT INSTRUCTED BY SERVICE PROVIDER, SERVICE PROVIDER SHALL NOT BE RESPONSIBLE, IN LAW OR OTHERWISE, FOR ANY DELIVERABLES DESPITE ANY OTHER WARRANTIES OR GUARANTEES. SERVICE PROVIDER DOES NOT WARRANT THAT CLIENT’S OR ANY THIRD PARTY’S ACCESS TO OR USE OF THE DELIVERABLES SHALL BE UNINTERRUPTED OR ERROR-FREE, OR THAT IT WILL MEET ANY PARTICULAR CRITERIA OF PERFORMANCE OR QUALITY. FURTHER, SERVICE PROVIDER EXPRESSLY DISCLAIMS ANY RESPONSIBILITY TO SUPPORT OR MAINTAIN ANY DELIVERABLE AND WILL NOT DO SO UNLESS OTHERWISE AGREED BY THE PARTIES. THIS DISCLAIMER OF WARRANTY AND LIABILITY IS EXPRESSLY MADE IN ADDITION TO ANY DISCLAIMERS MADE BY SERVICE PROVIDER OR ITS AFFILIATES UNDER THE AGREEMENT WITH RESPECT TO THE SERVICES, PLATFORM, AND DELIVERABLES. 8. GENERAL TERMS. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies, Inc. Professional Services Agreement (PSA) – v042022 Page 5 of 5 8.1 Should any provision of this PSA be invalid or unenforceable, then the remainder of this PSA shall remain valid and in force. The invalid or unenforceable provision shall be either: (i) amended as necessary to ensure its validity and enforceability, while preserving the parties’ intentions as closely as possible; or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Exhibit E CITY OF CARLSBAD INSURANCE REQUIREMENTS 1.0 INSURANCE Contractor will obtain and maintain for the duration of the Agreement and any and all amendments, insurance against claims for injuries to persons or damage to property which may arise out of or in connection with performance of the services by Contractor or Contractor’s agents, representatives, employees or subcontractors. The insurance will be obtained from an insurance carrier admitted and authorized to do business in the State of California. The insurance carrier is required to have a current Best's Key Rating of not less than "A-:VII"; OR with a surplus line insurer on the State of California’s List of Approved Surplus Line Insurers (LASLI) with a rating in the latest Best’s Key Rating Guide of at least “A:X”; OR an alien non-admitted insurer listed by the National Association of Insurance Commissioners (NAIC) latest quarterly listings report. 1.1 Coverages and Limits. Contractor will maintain the types of coverages and minimum limits indicated below, unless Risk Manager or City Manager approves a lower amount. These minimum amounts of coverage will not constitute any limitations or cap on Contractor's indemnification obligations under this Agreement. City, its officers, agents and employees make no representation that the limits of the insurance specified to be carried by Contractor pursuant to this Agreement are adequate to protect Contractor. If Contractor believes that any required insurance coverage is inadequate, Contractor will obtain such additional insurance coverage, as Contractor deems adequate, at Contractor's sole expense. The full limits available to the named insured shall also be available and applicable to the City as an additional insured. 1.1.1 Commercial General Liability (CGL) Insurance. Insurance written on an “occurrence” basis, including personal & advertising injury, with limits no less than $2,000,000 per occurrence. If a general aggregate limit applies, either the general aggregate limit shall apply separately to this project/location or the general aggregate limit shall be twice the required occurrence limit. 1.1.2 Automobile Liability. If the use of an automobile is involved for Contractor's work for City, $2,000,000 combined single-limit per accident for bodily injury and property damage. 1.1.3 Workers' Compensation and Employer's Liability. Workers' Compensation limits as required by the California Labor Code. Workers' Compensation will not be required if Contractor has no employees and provides, to City's satisfaction, a declaration stating this. 1.1.4 Professional Liability. Errors and omissions liability appropriate to Contractor’s profession with limits of not less than $1,000,000 per claim. Coverage must be maintained for a period of five years following the date of completion of the work. 1.1.5 Cyber Liability Insurance. At all times during the performance of work under this Agreement and for sixty (60) months following the date of Agreement termination, the Contractor will carry and maintain, at its own expense, Cyber Liability insurance with limits of not less than $1,000,000 per occurrence or claim, and $2,000,000 aggregate. 1.2 Additional Provisions. Contractor will ensure that the policies of insurance required under this Agreement contain, or are endorsed to contain, the following provisions: 1.2.1 The City will be named as an additional insured on Commercial General Liability which shall provide primary coverage to the City. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Exhibit E 1.2.2 Contractor will obtain occurrence coverage, excluding Professional Liability, which will be written as claims-made coverage. 1.2.3 If Contractor maintains higher limits than the minimums shown above, the City requires and will be entitled to coverage for the higher limits maintained by Contractor. Any available insurance proceeds in excess of the specified minimum limits of insurance and coverage will be available to the City.” 1.2.4 This insurance will be in force during the life of the Agreement and any extensions of it and will not be canceled without thirty (30) days prior written notice to City sent by certified mail pursuant to the Notice provisions of this Agreement. 1.3 Providing Certificates of Insurance and Endorsements. Prior to City's execution of this Agreement, Contractor will furnish certificates of insurance and endorsements to City. 1.4 Failure to Maintain Coverage. If Contractor fails to maintain any of these insurance coverages, then City will have the option to declare Contractor in breach or may purchase replacement insurance or pay the premiums that are due on existing policies in order to maintain the required coverages. Contractor is responsible for any payments made by City to obtain or maintain insurance and City may collect these payments from Contractor or deduct the amount paid from any sums due Contractor under this Agreement. 1.5 Submission of Insurance Policies. City reserves the right to require, at any time, complete and certified copies of any or all required insurance policies and endorsements. Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 02/07/2025 RSC Insurance Brokerage, Inc. 750 Third Ave 15th Floor New York NY 10017 Kirk Gilleland kgilleland@risk-strategies.com Foundant Technologies Holdings, Inc. SmartSmiple Software Inc. 149 Willow Peak Drive Bozeman MT 59718 Atlantic Specialty Ins Co 27154 Travelers Indemnity Co 25658 Coalition Insurance Co.29530 CL24101096227 A Y 7110167540005 10/01/2024 10/01/2025 1,000,000 500,000 15,000 1,000,000 2,000,000 2,000,000 A Y 7110167540005 10/01/2024 10/01/2025 1,000,000 A 7110167540004 10/01/2024 10/01/2025 12,000,000 12,000,000 B N UB4S324303-22-42G 07/01/2024 07/01/2025 1,000,000 1,000,000 1,000,000 C Technology E&O & Cyber C-4N3S-241680-CYBER-2024 08/02/2024 10/01/2025 Limit $5,000,000 Retention $25,000 City of Carlsbad is included as an Additional Insured on a Primary/Non-contributory basis re General Liability and Auto Liability as per written contract. 30-day Notice of Cancellation applies in favor of Additional Insured. Excess Cyber E&O $5M x $5MCarrier: Corvus Date: 8/2/2024-8/2/2025 City of Carlsbad 1635 Faraday Avenue Carlsbad,CA 92008 SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. INSURER(S) AFFORDING COVERAGE INSURER F : INSURER E : INSURER D : INSURER C : INSURER B : INSURER A : NAIC # NAME:CONTACT (A/C, No):FAX E-MAILADDRESS: PRODUCER (A/C, No, Ext):PHONE INSURED REVISION NUMBER:CERTIFICATE NUMBER:COVERAGES IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsement(s). THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. OTHER: (Per accident) (Ea accident) $ $ N / A SUBR WVD ADDL INSD THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. $ $ $ $PROPERTY DAMAGE BODILY INJURY (Per accident) BODILY INJURY (Per person) COMBINED SINGLE LIMIT AUTOS ONLY AUTOSAUTOS ONLY NON-OWNED SCHEDULEDOWNED ANY AUTO AUTOMOBILE LIABILITY Y / N WORKERS COMPENSATION AND EMPLOYERS' LIABILITY OFFICER/MEMBER EXCLUDED?(Mandatory in NH) DESCRIPTION OF OPERATIONS belowIf yes, describe under ANY PROPRIETOR/PARTNER/EXECUTIVE $ $ $ E.L. DISEASE - POLICY LIMIT E.L. DISEASE - EA EMPLOYEE E.L. EACH ACCIDENT EROTH-STATUTEPER LIMITS(MM/DD/YYYY)POLICY EXP(MM/DD/YYYY)POLICY EFFPOLICY NUMBERTYPE OF INSURANCELTRINSR DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached if more space is required) EXCESS LIAB UMBRELLA LIAB $EACH OCCURRENCE $AGGREGATE $ OCCUR CLAIMS-MADE DED RETENTION $ $PRODUCTS - COMP/OP AGG $GENERAL AGGREGATE $PERSONAL & ADV INJURY $MED EXP (Any one person) $EACH OCCURRENCEDAMAGE TO RENTED $PREMISES (Ea occurrence) COMMERCIAL GENERAL LIABILITY CLAIMS-MADE OCCUR GEN'L AGGREGATE LIMIT APPLIES PER: POLICY PRO-JECT LOC CERTIFICATE OF LIABILITY INSURANCE DATE (MM/DD/YYYY) CANCELLATION AUTHORIZED REPRESENTATIVE ACORD 25 (2016/03) © 1988-2015 ACORD CORPORATION. All rights reserved. CERTIFICATE HOLDER The ACORD name and logo are registered marks of ACORD HIREDAUTOS ONLY Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Acquisition Holdings, Inc. c/o L Squared Capital Partners 00306693 RSC Insurance Brokerage, Inc. 25 Certificate of Liability Insurance Policy Number: TXS-108072546-00 Excess Cyber E&O $5M x $10M Carrier: Intact Ins.Date: 8/2/2024-8/2/2025 Policy Number: 711-01-85-28-0000 Crime - Policy Number: PCD1005564-02 2/1/2025-2/1/2026 Carrier: Arch Insurance Co.Limit of Liability: $1,000,000 Retention: $25,000 This certificate is issued as evidence of insurance coverage only. Named Insureds include: SmartSimple Software Inc.SmartSimple Software Ireland Limited SmartSimple Software Ltd. SmartSimple Software UK LimitedSmartSimple Software Sales Inc. ACORD 101 (2008/01) The ACORD name and logo are registered marks of ACORD © 2008 ACORD CORPORATION. All rights reserved. THIS ADDITIONAL REMARKS FORM IS A SCHEDULE TO ACORD FORM, FORM NUMBER:FORM TITLE: ADDITIONAL REMARKS ADDITIONAL REMARKS SCHEDULE Page of AGENCY CUSTOMER ID: LOC #: AGENCY CARRIER NAIC CODE POLICY NUMBER NAMED INSURED EFFECTIVE DATE: Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Foundant Technologies Holdings, Inc.RSC Insurance Brokerage, Inc. 25 Certificate of Liability Insurance: Remarks Excess Cyber E&O $5M x $5MCarrier: Corvus Date: 8/2/2024-10/1/2025 Policy Number: TXS-108072546-00 Excess Cyber E&O $5M x $10M Carrier: Intact Ins.Date: 8/2/2024-10/1/2025 Policy Number: 711-01-85-28-0000 D&O/EPL/Fiduciary/Fidelity - Policy Number: PCD1005564-02 2/1/2025-10/1/2025 Carrier: Arch Insurance Co.Limit of Liability: $1,000,000 Retention: $25,000 This certificate is issued as evidence of insurance coverage only. Named Insureds include: SmartSimple Software Inc.SmartSimple Software Ireland Limited SmartSimple Software Ltd. SmartSimple Software UK LimitedSmartSimple Software Sales Inc. ACORD 101 (2008/01) The ACORD name and logo are registered marks of ACORD © 2008 ACORD CORPORATION. All rights reserved. THIS ADDITIONAL REMARKS FORM IS A SCHEDULE TO ACORD FORM, FORM NUMBER:FORM TITLE: ADDITIONAL REMARKS ADDITIONAL REMARKS SCHEDULE Page of AGENCY CUSTOMER ID: LOC #: AGENCY CARRIER NAIC CODE POLICY NUMBER NAMED INSURED EFFECTIVE DATE: Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906 Docusign Envelope ID: 5930628F-AAEC-4D62-A9F1-06A80C99E906