Terms of Service Agreement | Privacy policy | Signing | Software IP |MSIOA

Effective Date: 01/01/24

_____________________________________________________________________

MASTER SERVICES & IP OWNERSHIP AGREEMENT

(“MSIOA”)

PATHCAM™ | National Intel LLC × Camtronics LLC

_____________________________________________________________________

Effective Date: 21 April 2025

Developer: National Intel LLC (“National Intel” or “Developer”)

Service Provider: Camtronics LLC (“Camtronics” or “Service Provider”)

Territory: United States & Canada (Exclusivity per § 14)

Binder Version: v1.0 | Prepared: 24 April 2025

_____________________________________________________________________

This binder contains the fully executed MSIOA, Exhibits A–H, and

supplemental documents expressly incorporated by reference.

All documents are confidential and proprietary to National Intel LLC.

_____________________________________________________________________

Master Services and IP Ownership Agreement (MSIOA) – 18-Section Index

Introduction & Parties

Identifies the contracting entities: National Intel LLC (“Developer” or “Owner of IP”) and Camtronics LLC (“Service Provider” or “Distributor”).
Sets the stage for the arrangement regarding The Software (PathCam) and its supporting services.

Purpose & Scope

Clarifies the overall objectives of the MSIOA: preserving the Developer’s IP rights and defining Camtronics LLC’s distribution or service role.
May reference supporting services, SaaS processes, consulting, or build pipelines.

Definitions

Summarizes critical terms such as “The Developer,” “The Service Provider,” “The Software,” “Supporting Services,” “Compiled Executables,” etc.
(Often cross-referenced to a separate exhibit if definitions are lengthy – e.g., Exhibit F.)

Term & Renewal

States the initial duration (e.g., 1–3 years) and renewal mechanics (auto-renew, mutual renewal, or otherwise).
Addresses mandatory milestones or triggers for renewal in regulated settings.

Scope of Services & Monthly Services

Outlines the baseline tasks The Service Provider will undertake (distribution, reseller activities, user support) and what The Developer retains (hosting, software updates, critical consulting).
References any monthly retainer or basic assistance built into the arrangement.

Payment Terms & Fee Structure

Establishes how The Service Provider compensates The Developer (e.g., recurring fees, a one-time license, hourly rates).
Sets invoicing intervals, late fees, or credit card retention if relevant.
(Often tied to Exhibit A – Payment Terms & Fee Schedule.)

Ownership & License Grant

Reaffirms that National Intel LLC holds full IP rights to The Software and intangible code.
Clarifies limited license to The Service Provider for marketing or resale (exclusive vs. non-exclusive, territory, etc.).
May cite or incorporate Exhibit E (Ownership of Compiled Executables).

White-Label, Branding & Private Label Provisions

Defines how The Service Provider can present The Software under its own brand or “Powered by [The Developer].”
Lists disclaimers, brand guidelines, and references to any style guides.
(Often correlates with Exhibit C – White-Label & Branding Guidelines.)

Data Collection & Regulatory Compliance

Addresses The Service Provider’s (and The Developer’s) obligations if The Software handles or eventually handles user data, including any anonymized or aggregated data.
Mentions HIPAA, GDPR, or other frameworks as needed.
(Ties back to Exhibit B – Data Handling & Compliance for deeper rules.)

Service-Level Commitments & Maintenance

Outlines any baseline uptime, disclaimers regarding performance, or monthly retainer coverage.
Mentions how updates or bug fixes happen and the cost structure (if not in the monthly retainer).
May reference an optional SLA in an exhibit or statement of work.

Force Majeure & Contingency Plans

Defines relief if natural disasters, severe infrastructure failures, or pandemics disrupt services or deliveries.
Notes fallback hosting or domain redundancy, referencing potential extra fees.
Ties into any standard industry rates for contingency or emergency work.

Confidentiality & Non-Solicitation

Requires both Parties to protect proprietary materials or trade secrets.
Prevents The Service Provider from hiring away The Developer’s employees or contractors, and vice versa, for a specified period.
(Frequently expanded in an NDA/Non-Solicitation exhibit – e.g., Exhibit H.)

Limitation of Liability & Indemnification

Clarifies that The Developer is not liable for end-user misuse or regulatory failures by The Service Provider.
Establishes indemnification obligations if unauthorized copying, IP infringement, or non-compliance arises.

Exclusivity, Non-Competition & Non-Circumvention

Describes whether The Service Provider has exclusive rights to certain markets or geographies, and what The Developer can do independently.
Bars The Service Provider from developing competing solutions or forging direct relationships with sub-distributors behind The Developer’s back.

Termination & Post-Termination Rights

Details how the agreement ends (e.g., breach, insolvency, non-payment), and what happens to The Software distribution upon termination.
Specifies that IP rights revert fully to The Developer, plus any transitional assistance or wind-down periods.

Dispute Resolution & Governing Law

Lists informal negotiation steps, then arbitration or court selection.
States that the MSIOA can override disclaimers in the EULA for internal disputes.
Mentions The Developer’s final authority in IP infringement or unauthorized use claims.

Representations, Warranties & Covenants

The Developer affirms it owns The Software’s IP.
The Service Provider affirms it discloses no conflicting obligations (e.g., existing deals with Mopec).
Contains non-solicitation clauses for employees or contractors, or references an exhibit if more detail is needed.

Entire Agreement, Signatures & Effective Date

Concludes the MSIOA as the final understanding, superseding prior communications.
Provides the signature blocks for both Parties.
Clarifies how amendments, exhibits, or addenda are to be handled going forward.

Notes on Integrating Exhibits A–H

Exhibit A: Payment Terms & Fee Schedule (ties to Section 6).
Exhibit B: Data Handling & Compliance (relates to Section 9).
Exhibit C: White-Label & Branding Guidelines (relates to Section 8).
Exhibit D: Additional Services & Support Schedules (ties to Section 5 or 10 if referencing add-on work).
Exhibit E: Ownership of Compiled Executables (further clarifies Section 7’s intangible vs. tangible IP).
Exhibit F: Definitions & Terms (expands or supplements Section 3).
Exhibit G: Security & Audit (could be cross-referenced in Sections 9 or 10 for data security or maintenance).
Exhibit H: Non-Disclosure & Non-Solicitation (reinforces Section 12, or can stand alone if that section is minimal in the MSIOA).

1. Introduction & Parties

1.1 Parties to the Agreement
This Master Services and IP Ownership Agreement (“MSIOA”) is entered into by and between:

National Intel LLC (“The Developer,” “Software Provider,” or “Owner of IP”), having a principal place of business at [441 E. Congress, Detroit MI] (inquire regarding alternative address to mail any official documents or legal, for the purposes of security), and
Camtronics LLC (“The Service Provider” or “Distributor”), having a principal place of business at [6632 Telegraph Rd
Bloomfield Hills, Michigan, 48301-
3012 United States].

Each Party may be referred to individually as a “Party” or collectively as the “Parties.”

1.2 Purpose of the Agreement
The purpose of this MSIOA is to define the roles, responsibilities, and legal relationship between The Developer and The Service Provider regarding:

The development, distribution, and support of PathCam (the “Software”) in compiled, executable form.
The protection of The Developer’s intellectual property (“IP”) and intangible assets, such as source code, build processes, AI/ML models, and associated trade secrets, collectively “Supporting Services.”
The commercial framework (payment terms, licensing scope, and cooperation guidelines) under which The Service Provider markets, sells, or services The Software.
Ensuring compliance with relevant laws, including but not limited to healthcare regulations like HIPAA, and respecting user agreements reflected in the End User License Agreement (EULA) for end users.

1.3 Relation to the PathCam EULA

The Developer and The Service Provider acknowledge that a separate End User License Agreement (EULA) governs the rights and obligations of end users. The EULA addresses each end user’s acceptance, license restrictions, liability limitations, and disclaimers.
This MSIOA does not modify the rights or obligations established by the EULA for end users. It focuses on the internal business and IP relationship between The Developer and The Service Provider.
Should a conflict arise between the EULA and this MSIOA regarding the handling of intangible IP or distribution obligations, the provisions of this MSIOA take precedence for disputes strictly between The Developer and The Service Provider. For any matter relating to an end user’s rights, the EULA remains the controlling document.

1.4 Effective Date and Term

This MSIOA is effective as of [Effective Date] or upon the mutual execution by both Parties, whichever occurs later.
The initial term of this Agreement is [X years/months], unless earlier terminated in accordance with Section 15. This term may be renewed or extended per the renewal procedures described in Section 4 of this MSIOA.

1.5 Definitions and Exhibits

Key definitions (e.g., “The Developer,” “The Service Provider,” “The Software,” “Compiled Executables,” and “Supporting Services”) are either described here or cross-referenced in Exhibit F (Definitions & Terms).
References throughout this MSIOA to various “Exhibits” (e.g., Payment Terms, Data Handling, Branding Guidelines, Ownership of Compiled Executables) are fully incorporated by reference as integral components of this MSIOA.
Any references to The Developer’s or The Service Provider’s internal or external documents (e.g., EULA, Master Services Schedules, additional NDAs) do not expand or reduce the rights or obligations of the Parties except as explicitly stated herein.

1.6 Non-Diagnostic Nature of Software
The Parties acknowledge and agree that The Software, despite being utilized in academic, mortuary, or healthcare environments, is not designed or licensed for clinical or diagnostic use. All disclaimers to that effect in the EULA apply with equal force in the context of this MSIOA.

1.7 Good Faith and Collaboration
Both Parties agree to collaborate in good faith, using their respective best efforts to maintain a productive and compliant relationship. The Developer shall provide The Service Provider with timely updates, guidance, and intangible asset stewardship for The Software, while The Service Provider shall adhere to the branding, distribution, and payment obligations herein, safeguarding The Developer’s IP at all times.

2. Purpose & Scope

2.1 Overall Objective
This Master Services and IP Ownership Agreement (“MSIOA”) establishes the commercial, technical, and legal framework under which:

The Developer will (i) architect, compile, and maintain PathCam and all “Supporting Services,” and (ii) safeguard all associated intangible IP;
The Service Provider will (i) market, distribute, and support the compiled executable form of PathCam (the “Software”) to approved end users, and (ii) collect and remit the fees set forth in Exhibit A.

2.2 Developer Responsibilities
The Developer shall:

Build & Deliver Compiled Executables – furnish production‑ready binaries in accordance with the release cadence or Service‑Level commitments (if any) referenced in Exhibit D;
b. Maintain Supporting Services – retain exclusive control of source code, build pipelines, encryption keys, AI/ML models, cloud automations, and any future anonymized‑data engines;
c. Issue Updates & Security Patches – decide, in its sole discretion, when and how to publish fixes or new features;
d. Steward Compliance Guidance – provide reasonable technical guidance so the Service Provider can satisfy HIPAA, GDPR, export‑control, and other obligations outlined in Exhibits B and G;
e. Police IP & Brand – pursue infringement actions or brand misuse per Sections 7, 12 and Exhibits C and E.

2.3 Service‑Provider Responsibilities
The Service Provider shall:

Distribute & Support – present the Software to end users in conformity with Exhibit C (Branding) and the EULA, and provide Tier‑1/Tier‑2 support that does not require disclosure of Supporting Services;
b. Collect & Remit Fees – pay all retainers, pass‑through hosting fees, and change‑order invoices under the timelines in Exhibit A;
c. Protect IP & Data – implement physical, administrative, and technical safeguards consistent with Exhibit G and promptly report any breach;
d. Restrict Use to Licensed Territory/Field – distribute only within the geographic, sector‑specific, or customer classes agreed in Section 14 (Exclusivity & Non‑Competition);
e. Indemnify Developer Costs – bear primary responsibility for regulatory fines, customer claims, or litigation expenses except where a final judgment attributes sole willful misconduct to the Developer (see Sections 11.4 and 13).

2.4 Exclusions & Limitations
Unless expressly covered by a signed Statement of Work (“SOW”):

The Developer is not obligated to expose source code, CI/CD scripts, or raw datasets.
The Service Provider may not modify, fork, or create derivative works of the Software.
Neither Party is responsible for third‑party hardware malfunctions, public‑cloud outages, or force‑majeure events addressed in Section 11.

2.5 Hierarchy of Governing Documents
If an ambiguity or conflict arises:

This MSIOA (main body)
Exhibits A through H (in numerical order)
A signed SOW referencing this MSIOA
The PathCam EULA (with respect to end‑user matters only)

2.6 Future Expansion of Scope
Either Party may propose an expansion—e.g., new cloud‑analytics modules, data‑collection APIs, or regional sub‑distributors—by submitting a written Change Order. No scope expansion is binding until both Parties execute an SOW or amendment referencing this Section.

Thought for a couple of seconds

3. Definitions

This section supplies the short‑form glossary that governs the body of this MSIOA. A complete, alphabetized glossary appears in Exhibit F. Capitalized terms used elsewhere bear the meanings set out here or in Exhibit F.

3.1 Core Parties & Assets

Term	Definition (see also Exhibit F reference)
Developer(a/k/a “Software Provider,” “Owner of IP”)	National Intel LLC – the exclusive owner of PathCam source code, build pipelines, AI/ML models, encryption keys, and all other Supporting Services. Exh. F § F.2
Service Provider(a/k/a “Distributor,” “Provider”)	Camtronics LLC – authorized to market, distribute, and support the compiled object‑code form of PathCam. Exh. F § F.3
Software	“PathCam” in compiled executable (object‑code) form as delivered by the Developer; excludes Supporting Services. Exh. F § F.4
Supporting Services	All intangible assets (source code, scripts, build pipelines, ML models, cloud automations, data‑collection modules) used to create, compile, or host the Software. Exh. F § F.5
Compiled Executables	The packaged binaries (.exe, .dll, etc.) the Service Provider may possess and redistribute under Section 7 and Exhibit E. Exh. F § F.7
Domain / User Portal	https://www.pathcam.com or any successor site controlled by the Developer for licensing, activation, or download of the Software. Exh. F § F.6

3.2 Commercial & Compliance Concepts

Term	Definition (see also Exhibit F reference)
Statement of Work (SOW)	A mutually signed document describing Additional Services, milestones, fees, or SLAs under Section 5 and Exhibit D. Exh. F § F.16
Change Order	A written request by either Party to amend scope, pricing, or deliverables; binding only when converted to an SOW or formal amendment. Exh. F § F.15
Updates & Upgrades	Patches, hot‑fixes, minor releases, major releases, or new modules supplied by the Developer (Section 2.2(b); Exhibit D). Exh. F § F.18
Open‑Source Components	Third‑party OSS libraries included in the Software under their own licenses; the Developer remains responsible for compliance with those licenses. Exh. F § F.19
Business Associate / Processor	The role the Developer may assume when processing PHI or personal data on behalf of the Service Provider or end users (HIPAA, GDPR). Exh. F § F.8
PHI	“Protected Health Information” under HIPAA. Exh. F § F.10
Force Majeure Event	An event beyond a Party’s reasonable control (e.g., natural disaster, government action, major network outage) excusing performance per Section 11. Exh. F § F.20

3.3 Synonym Usage

The following names are interchangeable throughout this Agreement and its Exhibits:

National Intel LLC = “Developer,” “Software Provider,” “Owner of IP.”
Camtronics LLC = “Service Provider,” “Distributor,” “Provider.”

3.4 Confidential Information Reference

The definition of Confidential Information in Exhibit H (Non‑Disclosure & Non‑Solicitation) applies throughout this MSIOA. If Exhibit H is amended, its updated definition supersedes any conflicting definition herein.

3.5 Interpretation Rules & Dynamic Updates

Including / Includes mean “including without limitation.”
b. Headings are for convenience only and do not affect construction.
c. Days means calendar days unless expressly stated “business days.”
d. Statutory Terms (e.g., HIPAA, GDPR) have the meaning set forth in the applicable statute or regulation, as amended.
e. Conflict Hierarchy – If a term is defined differently in (i) an operative clause of this MSIOA, (ii) an Exhibit, or (iii) a mutually executed SOW, that context‑specific definition prevails for that document only.
f. Future Terms – Any new defined term introduced in a later Exhibit, Addendum, or SOW shall control for that document and prompts the Parties to amend Exhibit F promptly to maintain a single authoritative glossary.

Drafting Section 4: Term & Renewal

We need to draft Section 4, which covers the term and renewal aspects for the MSIOA. This includes specifying initial term length, auto-renewal options, and clear mechanisms for renewal. I’ll add how the retainer can be adjusted and outline rights of refusal. I’ll mention the 60-day notice required for termination or renegotiation, alongside provisions for change orders and early termination for material breach. Connecting this to earlier termination clauses is essential. Let me know if any specifics need to be included!

Thought for 9 seconds

4. Term & Renewal

This Section specifies how long the Agreement lasts, how it renews, and how either Party can opt out or adjust commercial terms at the renewal juncture. Early‑termination rights (for breach, insolvency, force‑majeure, etc.) are covered later in Section 15.

4.1 Initial Term
This MSIOA commences on the Effective Date and shall remain in force for [5 years] (the “Initial Term”), unless earlier terminated under Section 15.

4.2 Automatic Renewal
Upon expiration of the Initial Term, this Agreement will automatically renew for successive one‑year periods (each, a “Renewal Term”) unless either Party delivers written notice of non‑renewal at least [90 days] before the then‑current term expires.

4.3 Conditions Precedent to Renewal
Automatic renewal is contingent upon:

No Material Breach – Neither Party is in uncured material breach as of the renewal date.
b. Account Balance Current – All fees, retainers, or SOW invoices then due under Exhibit A are paid in full.
c. Compliance Attestation – The Service Provider has supplied any reasonably requested attestations (e.g., HIPAA Business‑Associate compliance, cybersecurity insurance certificates) specified in Exhibits B and G.

If any condition is unmet, the Developer may elect (i) to suspend services pending cure, or (ii) to allow the Agreement to lapse at the end of the current term without liability.

4.4 Fee Adjustments on Renewal
The Developer may adjust recurring fees or retainer amounts effective at the start of a Renewal Term by giving the Service Provider at least [14 days] written notice. If the Service Provider objects to the new fees, its sole remedy is to provide timely notice of non‑renewal; otherwise, continued use of the Software constitutes acceptance of the revised fees, which will be documented in an updated Exhibit A.

4.5 Mid‑Term Business Reviews
At either Party’s written request—but no more than once per contract year—the Parties will meet (virtually or in person) to review performance metrics, compliance posture, and roadmap alignment. Any agreed scope changes shall be captured via Change Order and, if material, memorialized in a new Statement of Work pursuant to Exhibit D.

4.6 Transition Assistance upon Expiration or Non‑Renewal
If the Agreement expires or is not renewed:

The Service Provider may continue to distribute existing Compiled Executables for up to ninety (90) days solely to service previously licensed end users, provided all other obligations are met and no new licenses are sold.
b. The Developer shall provide reasonable technical assistance (at then‑current hourly rates) to facilitate orderly wind‑down, data migration, or replacement of the Software, unless termination is due to the Service Provider’s uncured material breach or non‑payment.
c. All surviving provisions—including IP ownership, confidentiality, non‑solicitation, indemnification, and limitations of liability—remain in effect as described in Section 15.

4.7 Hierarchy with Termination Clause
Nothing in this Section 4 limits a Party’s right to terminate earlier for cause under Section 15, nor does it restrict the Developer’s right to suspend services for non‑payment under Exhibit A.

Thought for a couple of seconds

5. Scope of Services / Monthly Services

This Section clarifies which tasks are covered by the standard monthly arrangement, which tasks are optional “Additional Services,” and how the Parties request or bill for extra work. Detailed fee numbers appear in Exhibit A; workflow mechanics for change orders and hosting upgrades appear in Exhibit D.

5.1 Baseline Services (Included in Monthly Retainer)
During each contract month in which the Monthly Retainer is paid and current, the Developer shall provide the following (“Baseline Services”) at no additional charge:

#	Baseline Service	Service‑Level Target (⟺ Exhibit D if SLA attached)
1	Compilation & Release Management – deliver production builds of PathCam when minor updates or security patches are published.	Release notes within 48 hrs of build; binaries posted to the Domain for Distributor download.
2	License‑Server Maintenance – upkeep of activation‑key back‑end, including user‑portal uptime monitoring.	99.5 % monthly uptime (network level; excludes ISP or cloud‑provider outages).
3	Tier‑3 Technical Support – bug‑fix diagnostics requiring source review or Supporting‑Services access (ticket escalation from Service Provider).	Initial Developer response within 2 business days; workaround or path to fix within 10 business days.
4	Regulatory Guidance – reasonable e‑mail Q&A on HIPAA/GDPR impacts of core features.	Response within 5 business days.
5	Quarterly Security Patch Review – summary of OSS dependency CVEs and recommended upgrade schedule.	Report delivered by end of each calendar quarter.

All other responsibilities (Tier‑1/Tier‑2 end‑user support, frontline ticket triage, distributor‑level onboarding) remain the Service Provider’s duty unless added via SOW.

5.2 Service Provider Duties
The Service Provider shall:

End‑User Interface – act as primary point of contact for end‑user questions, warranty claims, and installation assistance.
Issue Escalation – open a ticket to the Developer only after reasonable internal troubleshooting; supply logs, screenshots, and reproducible steps.
Marketing & Branding Compliance – ensure all collateral or UI customizations follow Exhibit C.
Fee Remittance – pay the Monthly Retainer and any pass‑through cloud or licensing fees per Exhibit A.

5.3 Additional Services (via Change Order → SOW)
Tasks outside Baseline Services include, but are not limited to:

Custom feature development, integrations, or UI redesigns.
Premium hosting or dedicated cloud tenancy.
24 × 7 on‑call or accelerated SLA response times.
Data‑analytics modules or anonymized‑data aggregation pipelines.
White‑label builds for new sub‑brands or regional distributors.

Such work proceeds only after execution of a Statement of Work under Exhibit D. Unless the SOW states otherwise, hourly rates or milestone fees in Exhibit A apply.

5.4 Exclusions & Disclaimers

No Clinical Validation – The Developer is not responsible for validating the Software for diagnostic use (see Section 1.6 and EULA § 7).
Hardware Failures & Third‑Party Networks – Troubles arising from client hardware, network outages, or unapproved drivers are outside Baseline Services.
Force‑Majeure Delays – Performance targets are suspended during a Force‑Majeure Event (Section 11; Exhibit F § F.20).

5.5 Escalation Path & Communication Cadence

Tier 1 / Tier 2 – Handled by Service Provider helpdesk.
Tier 3 – Escalated to Developer via secure ticket portal; Developer acknowledges within 2 business days.
Monthly Sync Call – Technical leads from both Parties review open tickets, roadmap items, and upcoming releases.
Quarterly Business Review – Product managers and executives assess KPI metrics and propose Change Orders (linked to Section 4.5).

5.6 Modification of Scope**
Either Party may propose modifications to Baseline Services by delivering a Change Order. No modification is effective until a mutually signed SOW (or amendment to Exhibit A) sets new fees, targets, or deliverables.

6. Payment Terms & Fee Structure

Dollar amounts, hourly rates, and SKUs appear in Exhibit A: Payment Terms & Fee Schedule. This Section sets the legal rules that govern how and when those amounts are invoiced, paid, or adjusted.

6.1 Currency & Taxes

Currency – All amounts are stated and payable in United States Dollars (USD).
b. Taxes – Fees are exclusive of sales, use, VAT, GST, or similar taxes. The Service Provider is responsible for all such taxes, duties, or withholdings (except taxes on the Developer’s net income). If the Developer is required to collect tax, it will add the amount as a separate line on the invoice and the Service Provider will pay it.

6.2 Monthly Retainer

Scope Covered – The Monthly Retainer compensates the Developer for Baseline Services listed in Section 5.1.
b. Billing Cycle – Invoiced monthly in advance on the first business day of each calendar month.
c. Automatic Payment – Service Provider will maintain a valid credit card or ACH authorization; charges may be processed automatically on the invoice date.

6.3 Additional‑Services Fees

Hourly & Milestone Rates – Custom development, hosting uplifts, or premium SLAs are billed at the hourly or milestone rates in Exhibit A, as authorized in a signed SOW (Section 5.3).
b. Deposit – For any SOW exceeding USD $ 2000, Developer may require a non‑refundable deposit of up to 25 % before work commences.
c. Expense Reimbursement – Out‑of‑pocket travel or third‑party expenses pre‑approved in writing will be invoiced at cost plus 0 % mark‑up.

6.4 Payment Terms & Late Fees

Net‑30 – All invoices are due thirty (30) calendar days from invoice date unless Exhibit A specifies a shorter period.
b. Late Fee Schedule – Unpaid balances accrue a finance charge of two percent (2 %) of the outstanding amount after 15 days past due, and an additional 2 % every fifteen (15) days thereafter, or the maximum lawful rate, whichever is lower.
c. Suspension for Non‑Payment – If any amount is 30 days past due, Developer may (i) suspend access to new Compiled Executables, license‑server updates, or Baseline Services, and (ii) withhold source‑level support, until all delinquent amounts and late fees are paid. Suspension does not waive Developer’s right to terminate under Section 15.

6.5 Fee Adjustments & CPI Escalator

Annual CPI Cap – Developer may increase recurring fees on each Renewal Term by the greater of (i) 3 % or (ii) the percentage change in the U.S. Consumer Price Index (CPI‑U, All Urban Consumers, unadjusted) during the preceding calendar year. Notice of fee changes shall be given under Section 4.4.
b. Extraordinary Cost Increase – If Developer’s direct infrastructure or licensing costs rise more than 15 % in any 12‑month period, Developer may propose a mid‑term adjustment upon 60 days’ notice; Service Provider may accept, negotiate, or exercise its non‑renewal right.

6.6 Disputed Amounts

Good‑Faith Dispute – Service Provider must notify Developer of any invoice dispute within 15 days of receipt, specifying the disputed line items. Undisputed amounts remain payable on time.
b. Resolution Window – Parties will cooperate in good faith to resolve the dispute within 30 days. If unresolved, the matter proceeds under Section 11 (Dispute Resolution). Any amount ultimately determined payable will accrue late fees from the original due date.

6.7 No Set‑Off; Non‑Refundable

Payments under this Agreement are non‑refundable, and the Service Provider may not set off or withhold payments against any claim or credit without the Developer’s prior written consent.

6.8 Electronic Invoicing & Records

Invoices will be delivered electronically (PDF or portal access). Each Party shall keep accurate books and records of billable items for at least two (2) years. Upon 15‑days’ written notice, the other Party may, once per year and at its own expense, audit such records solely to verify fee accuracy; audits are subject to confidentiality obligations in Exhibit H.

7. Ownership & License Grant

7.1 Intellectual‑Property Ownership

Developer IP. All right, title, and interest in and to:

the The Software source code, build pipelines, AI/ML models, encryption keys, databases, and other intangible “Supporting Services”;
future enhancements, derivative works, and data‑aggregation engines; and
the trademarks “PathCam” and any related logos,

are and shall remain the exclusive property of the Developer. No clause of this MSIOA, any Exhibit, or any Statement of Work transfers or assigns those rights.
No Implied Rights. Any rights not expressly granted to the Service Provider under this Section 7 are reserved to the Developer.
Open‑Source Components. The Software may embed third‑party OSS libraries. The Developer remains responsible for OSS‑license compliance; nothing herein grants the Service Provider ownership of such OSS.

7.2 License Grant to Service Provider

Subject to timely payment of all fees and compliance with this Agreement, the Developer hereby grants to the Service Provider a limited, non‑exclusive, non‑transferable, revocable license to:

possess the Compiled Executables supplied under Section 5;
reproduce and distribute those Compiled Executables solely to end users within the territory/market defined in Section 14;
perform the Software (i.e., operate it on demo systems or for customer evaluation); and
use the PathCam name and associated trademarks in accordance with Exhibit C.

No license to modify, reverse‑engineer, or create derivative works is granted.

7.3 Sublicensing & Sub‑Distributors

The Service Provider may sublicense distribution rights to third‑party dealers (e.g., Mopec) only:

after securing the Developer’s written approval; and
under a written contract no less protective of the Developer’s IP than this MSIOA and the EULA.

The Service Provider remains jointly and severally liable for any sub‑distributor’s breach.

7.4 Field‑of‑Use & Territory

Except as separately approved in writing, distribution is limited to [USA and Canada / Pathology]. Any expansion—geographic, industry, or channel—requires a Change Order → SOW and may adjust fees under Section 6.

7.5 Derivative Works & Feedback

Derivative Works. Any modifications, localizations, or new modules developed by the Developer—whether funded by the Service Provider or not—remain the Developer’s IP unless an SOW explicitly assigns ownership.
Feedback License. Suggestions or feedback furnished by the Service Provider become the Developer’s property without additional compensation, and the Developer may incorporate them without restriction.

7.6 Trademark Usage & Brand Integrity

Use of PathCam and Developer marks must follow the Brand Style Guide referenced in Exhibit C and is revocable upon 15‑days’ notice for non‑compliance.
The Service Provider shall not register domain names or marks confusingly similar to the Developer’s marks.

7.7 Audit & Assurance Rights

To verify compliance with license scope:

Developer Audit. On 15‑days’ notice (no more than once per year unless breach suspected), the Developer may audit the Service Provider’s distribution records and sublicense agreements during normal business hours.
Confidentiality. Audit data is Confidential Information under Exhibit H.
Cost. Audits are at the Developer’s expense unless a material under‑reporting (> 5 %) is found, in which case the Service Provider bears reasonable audit costs and any underpaid fees plus late charges (Section 6.4).

7.8 Survival & Enforcement

Sections 7.1 through 7.7 survive any expiration or termination of this MSIOA. Violation of this Section constitutes a material breach permitting immediate termination under Section 15 and equitable relief without bond.

Thought for a few seconds

8. White‑Label, Branding & Private‑Label Provisions

8.1 Purpose & Style‑Guide Reference

These provisions govern how the Service Provider and any approved sub‑distributor may re‑brand, co‑brand, or otherwise present the Software.
All visual treatments must comply with the PathCam Brand Style Guide available at https://www.pathcam.com/branding/ (“Style Guide”). Updates to the Style Guide are effective thirty (30) days after notice.

8.2 Authorized Use of Developer Marks

Developer Attribution. Unless the Developer waives in writing, the Service Provider shall display “Powered by National Intel LLC” (or equivalent) within:

the “About” screen of the Software;
major marketing collateral (datasheets, slide decks, brochures); and
any web page where the Software is offered for download.

No Removal of Copyright Notices. Copyright or trademark legends embedded in the Software UI or splash screens may not be altered or removed.
Prohibited Registrations. The Service Provider may not register, or allow a third party to register, any trademark, trade name, or domain confusingly similar to “PathCam,” “National Intel,” or Developer marks.

8.3 White‑Label / Private‑Label Rights

Scope. The Service Provider may apply its own logo, color palette, or product name (“Private Label”) to the user‑facing UI so long as:

the underlying IP attribution in Section 8.2 is preserved; and
no representation is made that the Service Provider authored the Software.

Regulatory Claims. Any reference to HIPAA compliance, ISO 9001 certification, or FDA approval must receive prior written approval from the Developer.
UI Asset Approval. Major UI skin changes or marketing campaigns must be submitted to the Developer at least ten (10) business days before launch for brand‑integrity review.

8.4 Sub‑Branding & Third‑Party Distributors

Email Request Workflow. If the Service Provider (or distributor/sub-licensee) wishes to promote the Software under a sub‑brand (e.g., “BioScan Pro – Powered by PathCam”), it must email a request containing the proposed name, logo mock‑up, and intended market.
Developer Response. The Developer will approve, reject, or request changes within ten (10) business days.
Joint Liability. The Service Provider remains liable for any sub‑distributor’s misuse of Developer marks regardless of prior approval.

8.5 Mergers, Acquisitions, or Change of Control

If the Service Provider is merged with, or acquired by, another entity:

Notice. It must notify the Developer within ten (10) business days.
Interim Use. The new parent may continue using existing Private‑Label builds for up to sixty (60) days.
Re‑Approval. Continued white‑label rights after that period require the Developer’s written re‑approval (which may be conditioned on revised fees or branding standards).

8.6 Infringement Notice & Enforcement

The Service Provider shall notify the Developer promptly and no later than five (5) business days after discovering any unauthorized use or imitation of Developer marks.
The Developer retains exclusive control of infringement actions; the Service Provider must cooperate (e.g., affidavits, sample evidence) at no cost except out‑of‑pocket expenses.

8.7 Dispute Escalation Path

If a disagreement arises over branding or marketing claims, the Parties’ branding liaisons will confer in good faith for ten (10) business days.
Unresolved issues then follow the dispute‑resolution procedure in Section 11; however, urgent misuse of Developer marks entitles the Developer to seek injunctive relief immediately.

8.8 Compensation for Branding Services

Minor advice and asset review are covered by the Monthly Retainer (Section 6).
Extensive creative work (new logo sets, video production, or UI reskin exceeding eight (8) engineer‑hours) will be billed at the Branding Rate in Exhibit A, or as set out in an SOW under Exhibit D.

8.9 Termination of Branding Rights

Upon expiration or termination of this MSIOA, or upon notice of material breach of this Section 8, the Service Provider shall:

Cease all new distribution of Private‑Label builds;
Remove Developer marks from marketing materials within thirty (30) days (archival copies excepted);
Continue to honor any end‑user EULA obligations until lawful wind‑down is complete.

8.10 Survival

Sections 8.1 through 8.9 survive any expiration or termination of this MSIOA to the extent necessary to protect Developer marks and IP.

9. Data Collection & Regulatory Compliance

This Section allocates privacy‑law roles, sets the ground rules for existing and future data flows, and ties directly to Exhibit B (Data Handling & Compliance) and Exhibit G (Security & Audit).

9.1 Overview of Data Flows

Portal‑Only Collection (Today). The Software itself currently stores all pathology images and PHI on the customer’s local network and transmits no patient data externally. Only the User Portal on the Domain collects registration data (name, email, facility address, device serial #) for license activation.
Future In‑App Telemetry. The Parties anticipate optional, opt‑in anonymized usage metrics or AI training uploads. Any such module will launch only after (i) a written Change Order → SOW and (ii) the Parties’ execution of an updated Data‑Handling Addendum appended to Exhibit B.

9.2 Regulatory Frameworks

Regulation	Role Allocation	Key Obligations
HIPAA (U.S.)	Service Provider = Covered Entity (or Business Associate to hospital); Developer = Business Associate	BAA required; 60‑day breach notice; safeguard PHI per 45 CFR §164.
GDPR (EU)	Service Provider = Controller; Developer = Processor	Data Processing Agreement (DPA); EU‑to‑U.S. transfer mechanisms (SCCs).
ISO 9001	Developer maintains certified QMS for software lifecycle; Service Provider references certification in marketing only with Developer approval.
U.S. Export / ITAR / EAR	Service Provider responsible for screening end users and destinations; Developer provides export‑control classification on request.

9.3 Roles & Responsibilities

Service Provider Duties

Obtain all consents required to feed registration data into the Portal.
Configure on‑prem installations so PHI never leaves the customer’s secure network unless expressly permitted.
Maintain its own cyber‑liability policy (Section 8 of Exhibit G).

Developer Duties

Store Portal data in encrypted databases (AES‑256 at rest; TLS 1.3 in transit).
Act as Business Associate/Processor only for the limited data categories described in Exhibit B.
Provide quarterly vulnerability patch reports (Section 5.1, Baseline Service #5).

9.4 Security Measures (Cross‑Reference)

All technical safeguards—encryption, MFA, network segmentation—are detailed in Exhibit G § 3. Failure by the Service Provider to implement recommended on‑prem controls relieves the Developer of breach liability (Section 7 of Exhibit G).

9.5 Data Subject Rights & Deletion

Portal Deletion. End users may delete their Portal profile via self‑service or email to privacy@pathcam.com; Developer will purge within 30 days.
Local Data. Images and PHI stored on customer networks are outside the Developer’s custody. Service Provider must honor data‑subject erasure or record‑retention requests under GDPR, HIPAA, or other applicable law.

9.6 Breach Notification & Incident Response

Developer‑Side Incident. Developer notifies Service Provider within 72 hours of confirming a breach of Portal data. Developer handles regulator filings for data it controls.
Service Provider‑Side Incident. If PHI or end‑user data is compromised on a customer system, Service Provider must notify Developer within 24 hours and bear primary regulatory and cost obligations (§ 7.2 of Exhibit G).

9.7 Insurance & Liability Cap

Developer maintains up to US $1 million cyber‑liability coverage (Exhibit B § 3).
Any liability of the Developer related to data‑protection claims is capped per Section 6 (Limitation of Liability) of the EULA and Section 13 of this MSIOA.

9.8 Audits & Certifications

Service Provider (or regulators) may request a privacy/security audit of Developer’s Portal environment once per contract year with 30‑days’ notice, per Exhibit G § 6.
Developer may redact proprietary build‑pipeline details while providing evidence of control effectiveness (SOC 2 type II report, ISO 9001 certificate, etc.).

9.9 Monthly Compliance Addendum Updates

Developer will post an updated Data‑Handling Addendum to Exhibit B on the Domain by the 15th of each month if data‑collection practices change. Continued distribution by the Service Provider after notice constitutes acceptance, unless Service Provider objects in writing within 30 days.

9.10 Survival

Data‑protection obligations, breach‑notification duties, and indemnities survive termination for three (3) years or the statutory maximum, whichever is longer.

10. Service‑Level Commitments & Maintenance

10.1 Scope & Exhibits

Baseline SLAs (included in the Monthly Retainer) are defined in this Section and cross‑referenced in Exhibit D § 1.
Enhanced SLAs (24 × 7 support, dedicated hosting, sub‑hour responses) are optional and require a signed SOW under Exhibit D.
Security‑specific uptime and patch obligations are supplemented by Exhibit G (Security & Audit).

10.2 Baseline Service‑Level Targets

#	Metric	Target	Measurement Method
1	License‑Server / User‑Portal Uptime	99.5 % per calendar month	Independent synthetic monitoring; excludes Excluded Downtime (§ 10.6).
2	Ticket Acknowledgement (Tier‑3 bugs)	< 2 business days	Timestamp of Service Provider’s escalation email → Developer’s first response.
3	Security Patch Release	< 10 business days after CVE scored “High” or “Critical”	CVE publication date vs. patch binary posted to Portal.
4	Quarterly Release Note Delivery	By last business day of each quarter	Email + Portal post with feature list and CVE summary.

10.3 Enhanced SLA (Optional)

If the Parties execute an “Enhanced SLA” SOW, the following supersede Baseline metrics:

Metric	Bronze	Silver	Gold
License‑Server Uptime	99.7 %	99.9 %	99.95 %
Ticket Acknowledgement	8 hrs	4 hrs	1 hr (24 × 7)
Patch Release for Critical CVE	7 days	3 days	24 hrs
Monthly Fee Uplift*	+ 10 %	+ 20 %	+ 35 %

*See Exhibit A for actual dollar values.

10.4 Measurement & Reporting

Developer issues a monthly uptime and ticket‑response report within ten (10) business days of month‑end.
Service Provider must dispute a report within fifteen (15) days; otherwise it is deemed accepted.

10.5 Remedies & Service Credits

If a Baseline metric is missed two (2) months in any rolling six‑month period, Service Provider is entitled to a service‑credit equal to 10 % of that month’s Retainer—capped at one credit per month.
Credits apply to future invoices and are the sole and exclusive remedy for SLA breaches, absent Developer’s willful misconduct.

10.6 Excluded Downtime

Uptime calculations exclude:

Scheduled Maintenance Windows (see § 10.7).
Force‑Majeure Events (§ 11; Exhibit F “Force Majeure Event”).
Cloud‑provider outages outside Developer’s control.
Service Provider network, VPN, firewall, or DNS failures.
Suspension for non‑payment (§ 6.4 c) or security threat mitigation (Exhibit G § 7.2).

10.7 Scheduled Maintenance Windows

Developer may perform maintenance Saturdays 02:00–06:00 U.S. Eastern Time with at least five (5) business‑day email notice.
Aggregate scheduled downtime will not exceed 6 hours per month.

10.8 Force Majeure & Emergency Patching

During a Force‑Majeure Event, SLA clocks pause.
Developer may deploy emergency patches outside the scheduled window; these do not count against uptime targets.

10.9 Suspension for Security or Compliance Risk

Developer may temporarily disable access to Portal or license‑servers if:

it reasonably believes malware, breach, or illegal activity is occurring;
the Service Provider’s environment endangers Supporting Services or other customers.

Developer will notify Service Provider as soon as practicable and restore services once risk is mitigated.

10.10 Survival & Modification

Service‑credit provisions (10.5) survive for twelve (12) months after the incident giving rise to the credit. SLA targets may be modified only by a mutually signed amendment or SOW.

11. Force Majeure & Contingency Plans — Extended

11.1 Definition of “Force Majeure Event” (Extended)

“Force Majeure Event” has the meaning in Exhibit F § F.20 and includes, without limitation, natural disasters; acts of God; civil unrest; war; terrorism; epidemic or pandemic shutdowns; widespread Internet/utility failures; government seizure, compulsory military / cyber‑command directive, or other sovereign action beyond a Party’s reasonable control; or cloud‑provider outages not caused by the affected Party.

11.2 Relief & Emergency Communications

Notice. The affected Party shall notify the other within five (5) business days of learning of the impact via the methods listed in Schedule 11‑A (Emergency Communications Matrix).
Suspension. Obligations directly hindered are suspended for the duration of the Force Majeure Event plus a reasonable recovery period.
Mitigation. The affected Party will use commercially reasonable efforts to resume performance.

Schedule 11‑A (to be completed by the Parties within 30 days of the Effective Date) lists 24 × 7 voice, encrypted‑messaging, and escalation contacts (CEO, CTO, outside counsel).

11.3 Redundancy, RTO / RPO Targets & BC/DR Certification

Asset	Primary Location	Contingency	RTO	RPO
License‑server & Portal	AWS us‑east‑1	Hot‑standby in AWS us‑west‑2; DNS fail‑over via Cloudflare	8 hrs	4 hrs
Build Pipeline	GitHub Actions + Thales SafeNet	Nightly encrypted backup to private GitLab Runner	24 hrs	12 hrs
Domain	pathcam.com	Reserved: pathcam.net	8 hrs	4 hrs

Developer Certification. Developer shall maintain a documented Business‑Continuity & Disaster‑Recovery (BC/DR) plan aligned to ISO 22301 or NIST SP 800‑34 and make an executive‑summary available under NDA.

11.4 Annual Table‑Top DR Test

Once per contract year, the Parties will conduct a joint 4‑hour table‑top or fail‑over drill of the BC/DR plan.
Developer will issue a Findings & Action Plan within thirty (30) days.
Any mandatory improvements shall be scheduled via Change‑Order or SOW.

11.5 Optional Contingency Services & Most‑Favored Rate

If requested by the Service Provider, Developer will supply emergency engineering, migration, or hosting services at US $ 2,150 per week / US $ 9,320 per month (2025 rate), and not higher than the lowest contingency rate Developer offers any other distributor for comparable work (“Most‑Favored Rate”). Travel or third‑party cloud costs are invoiced at cost.

11.6 Extended Force Majeure & Termination

If a Force Majeure Event lasts > 60 consecutive days, either Party may terminate this MSIOA on ten (10) business‑day written notice without liability (other than amounts accrued). Wind‑down assistance in § 4.6 applies.

11.7 Grace‑Period Credit for Late Fees

During the first fifteen (15) days following a Force Majeure declaration, late‑fee accruals under § 6.4 b are suspended. Regular late‑fee accrual resumes on day 16.

11.8 Security‑Driven Suspension & Data Retention

Developer’s right to suspend services for immediate threats (Exhibit G § 7.2) remains.
All license‑server data, activation keys, and customer history remain encrypted and intact during any such suspension; they are not purged unless mandated by law.

11.9 Mutual Regulatory‑Notification & Public Statements

Draft Sharing. If a Force Majeure Event triggers a regulatory filing (HIPAA breach, GDPR notice, FDA field action), the filing Party shall share its draft with the other Party 48 hours before submission, when legally feasible.
Press Releases & Media. Developer’s communications team has primary control of public statements regarding PathCam software continuity. Service Provider must obtain written sign‑off from Developer’s PR lead (or emergency delegate in Schedule 11‑A) before issuing press releases or social‑media posts about the incident.

11.10 Priority Allocation of Resources

In widespread disruptions, Developer will allocate limited capacity in this order:

Restoration of critical licensing infrastructure;
Security patching to avert data compromise;
Obligations under any active Enhanced SLAs;
Change‑order or feature work.

11.11 Insurance Coordination

Each Party shall notify its cyber‑liability carrier promptly if coverage conditions arise and cooperate to avoid duplicative filings; deductibles remain each Party’s responsibility (§ 8 of Exhibit G).

11.12 Survival

Sections 11.1 – 11.11 survive termination for claims or costs flowing from a Force Majeure Event.

12. Confidentiality, Non‑Circumvention & Non‑Solicitation

This Section institutes the Developer’s most stringent protections for its trade secrets, personnel, and strategic information. Detailed definitions and supplemental rules appear in Exhibit H (Non‑Disclosure & Non‑Solicitation) and any applicable BAA/DPA, each incorporated by reference.

12.1 Definitions & Scope

“Personnel” means employees, officers, directors, contractors, consultants, interns, agents, or advisors of a Party or its Affiliates engaged in MSIOA activities.
“Trade Secrets” means information that qualifies as a trade secret under U.S. law (e.g., DTSA), including source code, algorithms, build pipelines, or AI models.
“Confidential Information” excludes:

Public domain knowledge (unless disclosed in breach);
Independently developed information without reference;
Lawfully received third‑party data; and
Information compelled by law (see § 12.2 c).

PHI and regulated data also fall under the Parties’ BAA/DPA, which supersedes any less stringent confidentiality obligations.

12.2 Confidentiality Obligations

Use & Disclosure. Use Confidential Information solely to perform the MSIOA. Disclose only to Personnel who are (a) on a strict need‑to‑know basis, (b) bound by written confidentiality at least as protective as this Section, and (c) approved in writing by the Developer’s CEO (see § 12.7).
Safeguards. Protect Confidential Information (paper and electronic) with not less than commercially reasonable controls, including encryption, access logging, and secure storage. Shared source code or design docs must reside in a secure virtual data‑room (e.g., watermarking, audit logs).
Breach Notification. Notify the Developer within 12 hours of any actual or suspected unauthorized disclosure or misuse of Confidential Information, using the Emergency Communications Matrix in Schedule 11‑A.
Compelled Disclosure. If legally compelled to disclose, (i) promptly notify the Disclosing Party, (ii) seek a protective order, (iii) disclose only the minimum required, and (iv) document all such disclosures.

12.3 Audit Rights

Frequency & Scope. The Developer may audit the Service Provider (and its Affiliates or subcontractors) twice per calendar year on five (5) business days’ notice, limited to verifying compliance with confidentiality safeguards.
Cost Allocation. Developer bears audit costs unless material violations (> 5 % of audited items) are found, in which case the Service Provider reimburses reasonable audit expenses.
Confidentiality. Audit findings are Confidential Information under this Section and Exhibit H.

12.4 Return & Destruction of Materials

Within fifteen (15) calendar days of MSIOA expiration or upon request:
a. Return or securely destroy all Confidential Information (shredding for paper; NIST‑compliant erasure or verified remote wipe for electronic data).
b. Provide a written certificate detailing materials destroyed, method used, and date.
c. Any legal retention requirements (e.g., HIPAA record‑keeping) override destruction only to the extent mandated.

12.5 Non‑Circumvention

For the MSIOA term and two (2) years thereafter, the Service Provider shall not, directly or indirectly, solicit, engage, or contract any Personnel of the Developer to develop, sell, or support any product or service competitive with PathCam or Supporting Services. Breach entitles the Developer to injunctive relief and damages under § 12.7.

12.6 Non‑Solicitation

Covenant Period. During the MSIOA term and three (3) years thereafter, neither Party nor its Affiliates may solicit or hire the other Party’s Personnel involved in MSIOA performance without the other’s prior written consent.
Exceptions.

Responses to generalized public job postings absent targeted outreach;
Personnel with whom the hiring Party had documented contact before the Effective Date.

Tiered Liquidated Damages. For each prohibited hire:

First hire: USD $ 25,000
Subsequent hires: USD $ 50,000 each
Senior roles (VP‑level or above): 2 × the tiered amount
Payable within 30 days of hire, capped at USD $ 250,000 per annum.

12.7 Equitable Relief & CEO Sign‑Off

Automatic Injunctive Relief. A single breach of §§ 12.2 – 12.6 entitles the Developer to seek a temporary restraining order or equivalent relief without bond or proving irreparable harm.
CEO Approval. Any exception, carve‑out, or waiver of §§ 12.2 – 12.6 (other than broad‑based hiring) must be pre‑approved in writing by the Developer’s CEO.

12.8 Analyst & Regulatory Carve‑Out

The Developer may share Confidential Information with its auditors, regulatory consultants, or legal advisors under binding confidentiality obligations forbidding further disclosure. Such sharing does not waive any confidentiality rights.

12.9 Survival

Trade Secrets: Indefinitely, for as long as the information retains trade‑secret status.
All Other Confidentiality & Non‑Solicitation Obligations: Three (3) years post‑termination (or longer if required by law).
Non‑Circumvention Obligations: Two (2) years post‑termination.

14. Exclusivity, Non‑Competition & Non‑Circumvention

14.1 Exclusive Territory & Field‑of‑Use

Territory. The Service Provider enjoys exclusive distribution rights for the United States and Canada (“Exclusive Territory”), subject to § 14.3 and § 14.9.
Field‑of‑Use. Exclusivity applies only to gross‑pathology workstations and mortuary grossing stations (“Exclusive Field”). All other verticals remain non‑exclusive to the Service Provider.
Developer Carve‑Outs. Developer may (i) sell outside the Exclusive Field, (ii) service legacy customers, or (iii) transact with federal/defense agencies as required by law.

14.2 Non‑Competition Covenant

During the term and for two (2) years post‑termination, the Service Provider and its Affiliates shall not develop, market, or distribute competing software within the Exclusive Territory, nor reverse‑engineer or fork PathCam or Supporting Services.

14.3 Performance‑Based Exclusivity

KPI	Year‑1 Threshold (Ramp)	Year‑2+ Threshold	Remedy for Shortfall
Annual Unit Sales	≥ 50 % of Year‑2 target	≥ 50k licenses	90‑day cure → exclusivity converts to non‑exclusive.
Support SLA Breaches	≤ 3 per Qtr.	≤ 2 per Qtr.	Developer may suspend new licenses until cured.
Marketing Spend	≥ US $ __ × 0.5	≥ US $ __	Developer may reduce marketing exclusivity.

◆ Force‑Majeure Relief. KPI shortfalls caused by a Force Majeure Event (Section 11) pause exclusivity triggers for the affected quarter.

14.4 Payment‑Linked Exclusivity ◆

If any Developer invoice remains unpaid 30 days past due, exclusivity automatically becomes non‑exclusive until all arrears and late fees are cured.

14.5 Audit Rights for KPI & Sub‑Distributors ◆

Distributor Audit. Developer may audit Distributor’s sales and marketing records once per year on 10‑days’ notice to verify KPI data.
Sub‑Distributor Audit. Developer may audit approved sub‑distributors (e.g., Mopec) under the same schedule for branding and KPI compliance.

14.6 Assignment & Change‑of‑Control ◆

Exclusivity rights may not be assigned, pledged, or transferred—whether by merger, asset sale, or otherwise—without Developer’s prior written consent, which may be withheld in Developer’s sole discretion. Change‑of‑control without consent terminates exclusivity immediately.

14.7 Right of First Refusal (ROFR) ◆

Before bundling PathCam with any new hardware, SaaS module, or service in the Exclusive Field, the Service Provider must first offer the Developer the right to supply or co‑develop such bundle on commercially reasonable terms. If Developer declines in writing within 30 days, Service Provider may pursue a third‑party arrangement.

14.8 Non‑Disparagement ◆

The Service Provider shall not make public statements that disparage the quality, safety, or performance of PathCam or the Developer. Good‑faith private discussions to resolve defects are excluded.

14.9 Territory Expansion for Over‑Performance ◆

If the Service Provider exceeds all Year‑2 KPI thresholds by 125 % for two consecutive quarters, the Parties shall negotiate in good faith to expand the Exclusive Territory (e.g., Mexico, EMEA) or grant additional channel privileges.

14.10 Buy‑Out Option ◆

Developer may convert exclusivity to non‑exclusive at any time by paying the Service Provider a one‑time fee equal to two (2) times the Distributor’s aggregate commissions earned on PathCam licenses in the preceding twelve months.

14.11 Non‑Circumvention & Liquidated Damages (unchanged)

Direct engagement with Developer Personnel or bypass of Change‑Order workflows triggers liquidated damages of US $ 100,000 per occurrence, payable within 30 days.

14.12 Survival & Remedies

Non‑competition, non‑circumvention, and non‑disparagement covenants survive two (2) years post‑termination. Developer may seek immediate injunctive relief and the liquidated damages set forth above, without limiting other remedies.

15. Termination & Post‑Termination Rights (Rev. 1)

15.1 Termination for Cause

Trigger	Initiating Party	Cure Period	Effective Date	Notes
Payment Breach. Invoice 30 days past due.	Developer	10 calendar days	After lapse of cure period if unpaid.	§ 14.4 also converts exclusivity to non‑exclusive while unpaid.
Material Breach. Any uncured breach of confidentiality, exclusivity, KPI, non‑competition, or other material obligation.	Non‑breaching Party	30 days (10 days for confidentiality/IP)	After cure period if breach persists.	■ KPI Breach: Requires second KPI miss within any 12‑month period after cure to trigger termination.
Insolvency / Bankruptcy.	Either	None	Upon written notice.	—
Change‑of‑Control Without Consent. (§ 14.6)	Developer	None	Upon written notice.	■ Agreement continues but converts to non‑exclusive; all other terms remain.
Force Majeure > 60 Days.	Either	None	10 business days after notice.	—

15.2 Termination for Convenience

Developer: 90‑day written notice (keeps maximum flexibility).
Service Provider: 180‑day written notice and full payment of all accrued fees.

15.3 Effect of Termination

Cessation of Rights. All licenses, branding, and exclusivity cease on the termination date.
Inventory Sell‑Off. Service Provider may fulfill pre‑existing orders for ninety (90) days; no sales to new customers.
Outstanding Support Obligations. ▲ For those 90 days, Service Provider must continue Tier‑1/Tier‑2 support at the same SLAs set in § 10, forwarding unresolved Tier‑3 issues to Developer within two business days.
Return / Destruction. Per § 12.4—15‑day deadline.
Anonymized Usage Metrics. ▲ Developer may retain and continue to use anonymized, non‑PHI telemetry collected prior to termination for product‑improvement purposes.
Outstanding Payments. All unpaid fees, late charges, liquidated damages, and service credits become immediately due.
Final Audit & Costs. ■ Developer may perform a final audit within 60 days, and Service Provider bears all reasonable audit costs regardless of discrepancies.

15.4 Branding Clean‑Up ■

Service Provider must remove Developer and PathCam marks from public‑facing websites, collateral, and advertisements within sixty (60) calendar days of termination.

15.5 Survival (unchanged except cross‑refs)

Sections 3, 7, 8 (§ 8.9), 9, 10 (credits), 11 – 14, 15.3 – 15.5, and related Exhibits survive as previously listed.

15.6 No Refunds; No Waiver

All fees remain non‑refundable (service credits excepted). Failure to enforce any right once is not a waiver of future enforcement.

15.7 Equitable Relief

Termination is without prejudice to either Party’s right to immediate injunctive or equitable relief for surviving breaches.

16. Dispute Resolution & Governing Law

16.1 Informal Negotiation

Before initiating any formal proceeding, the Parties shall attempt in good faith to resolve any dispute, claim, or controversy arising from or relating to this MSIOA (“Dispute”) by executive‑level negotiation:

Either Party may deliver a written notice describing the Dispute and the relief requested.
Designated executives will confer (in person or by video conference) within ten (10) business days of the notice.
If the Dispute is not resolved within thirty (30) days of the initial notice, either Party may proceed under § 16.2.

16.2 Binding Arbitration

Forum & Rules. Except for the carve‑outs in § 16.3, all unresolved Disputes shall be finally settled by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Rules, or by mutual written agreement, another reputable forum (e.g., JAMS).
Venue & Language. The seat of arbitration shall be Detroit, Michigan, USA, and the proceedings shall be conducted in English.
Arbitrator Selection. A single arbitrator shall be appointed with at least five years’ experience in technology‑license disputes.
Discovery & Confidentiality. Discovery is limited to documents reasonably necessary for a fair resolution. All proceedings, filings, and awards are Confidential Information.
Award & Enforcement. The arbitrator may award monetary damages and injunctive relief consistent with this Agreement. Judgment on the award may be entered in any court of competent jurisdiction.
Costs & Fees. The prevailing Party is entitled to recover its reasonable attorneys’ fees and costs, subject to the multipliers in § 13.13 (4).

16.3 Carve‑Outs for Equitable Relief

Each Party retains the right to seek temporary restraining orders or preliminary injunctions in state or federal courts located in Wayne County, Michigan to prevent:

Misappropriation of trade secrets;
Actual or threatened IP infringement;
Breach of confidentiality, non‑circumvention, or non‑competition obligations; or
Any act likely to cause irreparable harm where monetary damages are inadequate.

Such court actions shall not be deemed a waiver of the arbitration requirement for monetary or other relief.

16.4 Class‑Action Waiver

All Disputes must be brought solely on an individual basis; no Party shall pursue any claim as a plaintiff or class member in a consolidated, class, or representative action.

16.5 Governing Law

This MSIOA and any Dispute are governed by the laws of the State of Michigan, USA, without regard to its conflict‑of‑law principles. The U.N. Convention on Contracts for the International Sale of Goods (CISG) does not apply.

16.6 Time‑Bar

Any claim or cause of action under this MSIOA must be filed within one (1) year after the claim arose, unless a shorter period is specified elsewhere (e.g., § 13.6). Claims filed after this period are permanently barred.

16.7 Survival

This Section 16 survives termination or expiration of the MSIOA.

 17. Notices (Revised)

Permitted Methods.
a. Developer‑Originated Notices. ▲ National Intel LLC (“Developer”) may deliver any Notice by e‑mail alone to the Service Provider address in § 17.3.
b. Service‑Provider‑Originated Notices. All Notices from Camtronics LLC (“Service Provider”) must be delivered by both (i) certified U.S. Mail or nationally recognized overnight courier and (ii) e‑mail with confirmed receipt. Failure to deliver via both methods renders the Notice invalid.
Deemed Receipt.
a. Developer‑sent e‑mail is deemed received upon timestamp of dispatch from Developer’s mail server.
b. Service‑Provider Notices are deemed received on the later of: (i) actual receipt, or (ii) two (2) business days after courier deposit. ▲ E‑mail alone does not constitute receipt for Service‑Provider Notices.
Addresses for Notice. (un‑changed except extra GC copy)

Party	Physical Address	E‑mail for Notice
Developer (National Intel LLC)	441. E Congress, Detroit, MI 488226, USA	legal@nationalintel.com▲ CC: generalcounsel@nationalintel.com (must‑copy)
Service Provider (Camtronics LLC)	6632 Telegraph Rd. Bloomfield Hills, MI 48301, USA	andrea@camtronicsusa.com

Change of Address.
a. ▲ Developer may update its Notice address by e‑mail to Service Provider and such change is effective immediately.
b. Service Provider must update its address by certified mail; change is effective five (5) business days after Developer’s confirmed receipt.
Notice Content Requirements. ▲ All Service‑Provider Notices must include the contract title (“MSIOA—PathCam”) and Agreement date in the subject line; otherwise the Notice is invalid. Termination Notices must state the precise contractual clause invoked.
Invalid or Defective Notice. ▲ If a Notice fails to comply with this Section, the receiving Party may deem it ineffective, and any response or cure period does not begin until a compliant Notice is received.
Language. All Notices must be in English.
Electronic Signature Validity. E‑mail Notices bearing a typed /s/ signature block are deemed signed originals.

18. Miscellaneous — Developer‑Optimized Draft

18.1 Entire Agreement & Order of Precedence

This Agreement (including Exhibits A – H, each fully‑executed Statement‑of‑Work, and the PathCam EULA referenced herein) constitutes the entire understanding between the Parties and supersedes all prior or contemporaneous proposals, discussions, or writings. ▲ No Service Provider purchase‑order, portal terms, or boiler‑plate shall modify or supplement this Agreement, even if signed or accepted by Developer personnel.

Precedence: Developer‑friendly hierarchy—
(i) this MSIOA → (ii) its Exhibits → (iii) any SOW (unless SOW expressly overrides) → (iv) EULA → (v) any attachment referenced in an SOW.

18.2 Amendments & Waivers

■ No amendment, waiver, or consent is valid unless in a document signed by the Developer’s Chief Executive Officer or General Counsel and an authorized officer of the Service Provider. ▲ E‑mail exchanges or other informal communications do not amend this Agreement.

Failure or delay in enforcing any right is not a waiver of future enforcement; waivers must be explicit and in writing.

18.3 Independent‑Contractor Status

Nothing herein creates any partnership, joint venture, fiduciary, or employer‑employee relationship. Service Provider lacks authority to bind the Developer in any manner.

18.4 Representations & Warranties

Each Party represents and warrants that:

it is duly organized, validly existing, and in good standing under the laws of its jurisdiction;
b. execution and performance do not conflict with any charter document, contract, or law;
c. the individual signing below has full authority; and
▲ d. Service Provider additionally warrants that it: (i) is not subject to U.S. export sanctions; (ii) will obtain all export clearances for its activities; and (iii) will refrain from statements implying regulatory approvals (FDA, HIPAA, ISO) without prior Developer written consent.

18.5 Assignment

▲ Developer may assign this Agreement (in whole or part) to (i) an Affiliate, or (ii) a successor by merger, acquisition, or sale of substantially all assets, without Service Provider consent.
■ Service Provider may not assign or transfer (including by change‑of‑control) any rights or obligations—including exclusivity—without Developer’s prior written consent, and any purported assignment is void.

18.6 Severability & Construction

If any provision is held invalid, it shall be narrowly construed to achieve the Parties’ intent, and the remainder remains in force. Headings are for convenience only. “Including” means “including, without limitation.”

18.7 Further Assurances

Each Party shall execute further documents and take additional actions reasonably requested by the other to effectuate this Agreement’s purpose.

### 18.8 Publicity, Non‑Disparagement & Press Releases

Developer Control. All press releases, marketing, or public statements referencing the other Party, PathCam, or this Agreement require prior written approval from the Developer’s marketing lead or General Counsel.
Non‑Disparagement. Service Provider shall refrain from public statements that could reasonably be expected to harm the reputation of the Developer, PathCam, or their officers. Developer may issue corrective statements at Service Provider’s cost if this clause is breached.
Regulatory Announcements. Required regulatory disclosures are exempt but must follow § 11.9 (draft‑sharing) when feasible.

18.9 Export‑Control Assurance

Service Provider shall comply with all applicable export laws and obtain any export/import licenses required. Developer will supply the Export Control Classification Number (ECCN) upon request. Failure to comply is a material breach.

18.10 Language & Counterparts

This Agreement is executed in English. Any translation is for convenience only. The Agreement may be signed in counterparts, each deemed an original. Electronic signatures (e.g., DocuSign) are binding.

18.11 Costs of Enforcement ▲

In any action to enforce this Agreement—including audits, injunctions, or arbitration—the prevailing Party is entitled to recover all reasonable attorneys’ fees, expert fees, and costs, plus a 25 % uplift if the non‑prevailing Party’s breach is determined willful.

18.12 Order of Statutory Overrides ▲

If any statute or regulation requires terms contrary to this Agreement, the Parties will negotiate an amendment; until executed, the statutory requirement controls only to the minimum extent necessary and does not expand Service Provider rights beyond statutory scope.

18.13 Electronic Acceptance & Click‑Wrap

(a) Binding Effect of Click‑Wrap. The Service Provider acknowledges that it may execute this Agreement by electronically ticking an “I agree” (or similarly labeled) checkbox presented in National Intel LLC’s online billing, checkout, or account‑activation workflow, including any recurring payment screen (each, a “Click‑Wrap Action”). By completing a Click‑Wrap Action and remitting payment, the individual performing the action represents that he or she has authority to bind the Service Provider, and such action constitutes the Service Provider’s binding acceptance of this Agreement under applicable electronic‑signature laws (ESIGN, UETA, or similar).

(b) Incorporation by Reference. The Parties agree that the Terms of Service page located at https://www.nationalintel.com/terms (or any successor URL designated by the Developer) expressly incorporates this MSIOA and all Exhibits by reference. The Service Provider’s acceptance of that page via a Click‑Wrap Action therefore constitutes acceptance of this MSIOA.

(c) Recordkeeping. The Developer shall store server‑side logs or third‑party e‑signature certificates evidencing each Click‑Wrap Action. These records are admissible as prima facie evidence of execution.

(d) Effect of Subsequent Payments. Each subsequent monthly or periodic payment made through the billing portal after initial acceptance confirms the Service Provider’s continued acceptance of the current version of the MSIOA, unless the Parties have executed a written amendment per § 18.2.

Appended Exhibits:

Exhibit A: Payment Terms & Fee Schedule

Exhibit B: Data Handling & Compliance | Addendum Data-Collection & Insurance Addendum

Exhibit C 2504160-337: White-Label & Branding Guidelines

Exhibit D: Additional Services & Support Schedules

Exhibit E: Ownership of Compiled Executables

Exhibit F: Definitions & Terms

Exhibit G: Security & Audit

Exhibit H: Non-Disclosure & Non-Solicitation Agreement

Exhibit A: Payment Terms & Fee Schedule

1. Purpose

This Exhibit outlines the financial obligations and fee arrangements between The Developer and The Service Provider for monthly retainers, hourly charges, and any ad hoc or change-order services related to The Software.

2. Recurring Retainer

2.1 Monthly Retainer

Frequency: The Service Provider will be charged a monthly retainer fee, billed on the first day of each month.
Card on File: The Developer shall keep a valid credit or debit card on file for automated monthly billing. The Service Provider agrees to maintain a current and valid card at all times.

2.2 Scope of Retainer

The monthly retainer covers standard support, consultations, and minor adjustments for The Software deemed routine by The Developer.
Any additional services or custom work (beyond the routine scope) will be addressed in Section 3 below and billed accordingly.

2.3 Changes to Retainer

The Developer reserves the right to adjust the monthly retainer fee upon at least thirty (30) days’ written notice to The Service Provider. If The Service Provider does not agree to such changes, The Developer may terminate the Agreement according to the MSIOA’s termination provisions.

3. Additional Services & Hourly Rates

3.1 Change Orders and Special Requests

For stabilization, code updates, or any development services not covered by the monthly retainer, The Developer shall provide a written estimate or Statement of Work (SOW) specifying the hourly rate and anticipated hours.
Such work shall only proceed once The Service Provider formally approves the scope and associated fees in writing (email suffices if acknowledged by both Parties).

3.2 Hourly Rate

Unless otherwise stated in the approved SOW, the standard hourly rate for additional services or custom code changes is 150.00 (USD) per hour, billed in [15]-minute increments.

3.3 Billing for Additional Work

The Developer shall invoice the additional hours either in real-time as tasks are completed or in the subsequent monthly invoice cycle, as indicated in the relevant SOW.

4. Invoicing & Payment

4.1 Monthly Billing Cycle

All retainer fees and hourly charges (if any) will appear on a single monthly invoice, typically issued on the first day of each month.
The Developer will automatically charge the card on file within [3] business days of invoice issuance, unless The Service Provider requests a different payment arrangement in writing.

4.2 Currency

All amounts are stated and payable in U.S. Dollars (USD).

4.3 Late Payment Penalties

If any portion of the monthly invoice remains unpaid after thirty (30) days from the invoice date, a 2% penalty is applied.
Thereafter, for every additional fifteen (15) days of non-payment, another 2% penalty shall accrue on the outstanding balance.
If an invoice remains unpaid for more than [60] days total, The Developer may suspend or terminate any or all services and cease providing new builds, updates, or support for The Software until the outstanding balance, including penalties, is paid in full.

5. Disputes & Adjustments

5.1 Invoice Disputes

The Service Provider must notify The Developer in writing within five (5) business days of invoice receipt if disputing any charge, clearly stating the basis for the dispute.
The Parties agree to negotiate in good faith to resolve any disputed amounts. Undisputed charges remain due as scheduled.

5.2 Refunds or Credits

The Developer may, at its sole discretion, offer partial credits or discounts in cases where service disruptions occur or if certain agreed-upon deliverables are delayed. No refunds are guaranteed.

6. Updating Payment Information

6.1 Maintaining Valid Card

The Service Provider shall update card details (expiration date, address changes, etc.) promptly to avoid payment failures or service interruptions.

6.2 Alternate Methods

The Developer may permit alternative payment methods (ACH, wire transfer, etc.) upon written request. Any additional transaction fees or delays are the responsibility of The Service Provider.

7. Incorporation by Reference

This Exhibit A is hereby incorporated into and forms a binding part of the MSIOA.
In the event of any conflict between this Exhibit and the MSIOA regarding payment obligations, the terms of this Exhibit shall govern unless explicitly stated otherwise in the MSIOA.

Additional Notes/Options

Hourly Rate Placeholder: Feel free to insert an actual figure (e.g., $150/hour) in Section 3.2.
Time Increments: Adjust time increments if you prefer quarter-hour, half-hour, etc.
Longer Late Payment Window: If 30 days is too short or too long for your typical invoice cycle, tweak accordingly.

Exhibit B: Data Handling & Compliance

1. Purpose

This Exhibit establishes guidelines for how any data associated with The Software may be collected, stored, or handled, particularly within healthcare or similarly regulated environments. It is intended to be read in conjunction with the Master Services and IP Ownership Agreement (“MSIOA”) and its Definitions.

2. Current and Future Data Collection

2.1 No PHI Transmission via The Software

As of the Effective Date, The Software does not automatically transmit or store Patient Health Information (“PHI”) on external systems. Data that remains on a hospital’s or clinic’s local network is solely controlled by that facility and is beyond The Developer’s direct oversight.
Should The Service Provider or a sub-distributor request remote support or troubleshooting, any temporary sharing of data (including potential PHI) requires a separate, written consent or Business Associate Agreement (BAA), as applicable.

2.2 The Domain / The User Portal

“The Domain” (PathCam.com) or “The User Portal” is an online platform controlled by The Developer or The Service Provider for user registrations, license activations, or similar administrative functions.
This User Portal may capture personal contact details (e.g., names, emails, phone numbers), payment info, or user role data for licensing and activation purposes. All such transmissions occur via encrypted channels (256-bit in transit).

2.3 Future Data Collection

The Developer reserves the right to introduce anonymized or aggregated usage data collection in future releases of The Software. Such expansions will be reflected in a subsequent addendum or update to this Exhibit, typically around the 15th of each month.
The Service Provider acknowledges that anonymized or aggregated insights may be used by The Developer for software improvement, quality control, or analytics, so long as no identifiable PHI is collected without a separate BAA or consent.

3. Regulatory & Healthcare Compliance

3.1 Roles

Business Associate / Processor: Depending on the nature of the data and usage, The Developer may function as a Business Associate or Processor under HIPAA, GDPR, or similar frameworks. Specific compliance obligations shall be set forth in a separate Business Associate Agreement (BAA), Data Processing Agreement (DPA), or addendum.

3.2 Obligations of The Service Provider

The Service Provider is primarily responsible for ensuring that any local storage, handling, or transmission of patient or end-user data complies with relevant healthcare or privacy regulations (e.g., HIPAA, GDPR).
If The Service Provider opts to share or forward data to sub-distributors or other parties, it assumes all risk of non-compliance or misuse unless explicitly involving The Developer under an agreed compliance framework.

3.3 Liability & Indemnification

Unless otherwise stated in the MSIOA, The Developer disclaims liability for any data incidents arising from The Service Provider’s infrastructure or user negligence.
The Service Provider shall indemnify The Developer against any regulatory fines, penalties, or claims related to data breaches or privacy violations not caused directly by The Developer’s active fault.

4. Data Retention & Removal

4.1 Retention

Any user or system data collected through The User Portal is stored in compliance with minimal encryption standards. The Developer or The Service Provider may retain such data for quality improvement, user support, or licensing verification.
Should a user request deletion of personal information registered on The Domain, The Service Provider or The Developer (whoever controls the relevant database) shall facilitate removal within a reasonable period, unless retention is required for legal or auditing purposes.

4.2 Deletion Upon Request

End users can request data deletion directly via The User Portal or by contacting The Service Provider’s support channel. If such data resides in The Developer’s possession, The Developer shall delete it promptly upon formal notification, provided such removal does not conflict with any legal or contractual mandates.

5. Developer Insurance Coverage

5.1 Scope of Coverage

The Developer carries or is in the process of obtaining (within approximately [30] days of the Effective Date) a cyber liability policy of up to $1 million for first- and third-party claims. This coverage only applies if The Developer’s internal security protocols and operational guidelines are followed.
This policy does not serve as a blanket indemnification for The Service Provider’s own data handling or local security lapses.

5.2 Conditions & Protocols

The Developer’s coverage depends on adherence to recognized security measures (e.g., controlled access, best-practice encryption, minimal external exposure of sensitive data). If The Service Provider deviates from these protocols or introduces vulnerabilities, coverage may not apply to resulting incidents.
The Developer will promptly notify The Service Provider of any major changes in its insurance policy that may affect data security coverage.

5.3 Service Provider Responsibility

The Service Provider is strongly encouraged to maintain its own cybersecurity and privacy insurance policies sufficient to cover local data incidents or unauthorized disclosures within its environment.
Any joint coverage or shared claims processes should be addressed in a separate addendum, if needed.

6. Audit Requests & Security Assessments

6.1 Request Procedure

The Service Provider or a relevant regulatory body may request an audit or risk assessment of The Developer’s systems insofar as they relate to The Software’s remote aspects (e.g., The Domain, anonymized data capture). A minimum written notice of [30] days is required unless urgent circumstances demand otherwise.
The Developer reserves the right to charge reasonable fees for extensive or specialized audits, especially if third-party cybersecurity firms or consultants are required.

6.2 Limitations on Disclosure

Any security review or audit shall not grant The Service Provider access to proprietary source code, intangible assets, or internal engineering processes that fall under The Developer’s trade secrets or IP.
Results of such audits are to remain confidential and used solely for compliance or improvement purposes.

7. Updates to This Exhibit

Monthly or Periodic Revisions: The Developer may update this Exhibit around the 15th of each month (or another mutually agreed date) to reflect evolving data-collection features or new coverage details.
Acceptance of Changes: Continued use of The Software or The User Portal after an update is posted or shared with The Service Provider constitutes acceptance of the revised terms, unless a separate written objection is lodged.

8. Incorporation by Reference

This Exhibit B is hereby incorporated into and forms a binding part of the MSIOA. If any conflicts arise between this Exhibit and the MSIOA regarding data handling or liability, this Exhibit shall prevail solely on those specific points, unless explicitly stated otherwise in the MSIOA.

Data-Collection & Insurance Addendum

Effective Date: 4/16/25
Addendum to: Exhibit B – Data Handling & Compliance, or as a Standalone Addendum to the MSIOA

1. Purpose

This Addendum further clarifies the scope of data that may be collected through The User Portal (operating at The Domain) and outlines relevant insurance provisions. It is intended to be read in conjunction with the Master Services and IP Ownership Agreement (“MSIOA”) and all other exhibits or schedules.

2. Data Collection & Usage

2.1 Current State

No Immediate Patient PHI from The Software

As of this Addendum’s Effective Date, The Software does not transmit or retain patient-protected health information (PHI). Data captured by The Software remains on the local network of the client (e.g., a hospital), unless an exception for support purposes is agreed upon in writing with The Service Provider or its distributors.

The User Portal (The Domain)

The Domain, which hosts The User Portal, may capture various user-registration details (e.g., names, emails, phone numbers, roles). All data is transmitted using 256-bit encryption in transit and stored on systems privately managed by The Developer, The Service Provider, or both, as applicable.

Option for Users to Delete or Update

Users who register on The User Portal may request deletion or update of their personal data. Instructions for data deletion are provided within the Portal’s user settings or by contacting The Service Provider.

2.2 Future Data Expansion

Anonymized Analytics

The Developer reserves the right to collect anonymized or aggregated usage data to improve The Software, enhance customer experience, and conduct product research.
Updates to the scope of anonymized data collection shall be reflected in this Addendum on or around the 15th of every month, or as otherwise notified.

Shared Data With Third Parties

If The Service Provider opts to share collected data with distributors or authorized third parties, it assumes all compliance obligations (HIPAA, GDPR, etc.). The Developer disclaims any liability arising from such sharing unless directly involved with data processing, under a separate written agreement.

3. Regulatory & HIPAA/Privacy Compliance

3.1 Roles Under Healthcare Regulations

Business Associate & Processor

The Developer may serve as a “business associate” or “processor” where The Service Provider or its clients are covered entities. Any specific compliance obligations shall be set forth in a separate Business Associate Agreement (BAA) or Data Processing Agreement (DPA), as needed.

3.2 Liability Allocation

Responsibility of The Service Provider

The Service Provider bears primary responsibility for any breach, misuse, or non-compliance concerning data maintained on its systems (or shared with sub-distributors), including local installations of The Software.
The Developer’s liability remains limited as described in the MSIOA. The Service Provider must maintain appropriate cybersecurity and privacy insurance or coverage sufficient to cover data incidents within its realm of control.

Retained Data

The Service Provider acknowledges that The Developer may store user or system data (where authorized) for software-improvement purposes. Both Parties shall abide by relevant HIPAA or GDPR guidelines, but The Service Provider ultimately shoulders liability for its own collected data and usage practices.

3.3 Retention & Destruction Policies

HIPAA/GDPR Guidelines

Both Parties agree that any health-related data (if introduced in future versions of The Software) shall be retained or deleted in accordance with HIPAA, GDPR, or comparable rules, as applicable.

Developer’s Right to Remove

If any data in The Developer’s possession is identified as non-compliant or voluntarily requested to be removed, The Developer shall do so promptly upon formal request, assuming that removal does not contravene any legal or contractual obligations.

4. Insurance Coverage

4.1 Coverage Summary

The Developer currently maintains or is in the process of obtaining (within approximately [30 days] of the Effective Date) up to $1 Million in combined first-party and third-party cybersecurity coverage. This coverage only applies when The Developer’s established security protocols are upheld. It is not a blanket coverage for The Service Provider’s independent operations or data handling.

4.2 Conditions for Coverage

Developer Protocols

The Developer’s insurance policy is contingent on compliance with internal security measures, including controlled access, encryption, and minimal exposure of PHI or PII. If The Service Provider circumvents or ignores these protocols, coverage may not extend to incidents arising from such non-compliance.

Service Provider Insurance

The Service Provider must also maintain adequate cyber liability insurance for data processed or stored under its control. The Developer’s policy is not intended to replace or supplant the Service Provider’s coverage.

4.3 Notification of Claims

Timely Communication

If a data breach or security incident occurs involving The Developer’s systems or intangible assets, The Service Provider shall promptly notify The Developer, who will evaluate whether the incident qualifies for coverage under its policy.

Exclusions

The Developer’s policy does not generally cover The Service Provider’s internal data breaches, user mishandling, or unauthorized third-party access to The Service Provider’s local networks, beyond any direct involvement by The Developer.

5. Addendum Updates

Regular Updates: This Addendum may be revised around the 15th of each month (or as otherwise agreed) to reflect changes in data-collection scope or insurance details.
Incorporation: Each updated version shall be incorporated by reference into the MSIOA upon mutual agreement or upon The Service Provider’s continued acceptance and usage of The Software and The User Portal.

6. Incorporation by Reference

This Addendum is hereby incorporated into and forms a binding part of Exhibit B: Data Handling & Compliance, or stands alone if chosen, under the Master Services and IP Ownership Agreement. In the event of a conflict between this Addendum and the body of Exhibit B or the MSIOA, the terms of this Addendum shall govern only with respect to data and insurance matters addressed herein.

Exhibit C: White-Label & Branding Guidelines

1. Purpose

This Exhibit sets forth the terms under which The Service Provider may rebrand, white-label, or otherwise present The Software to third parties and end users, ensuring consistency with The Developer’s intellectual property rights and compliance obligations. References to “The Domain” or “The User Portal” herein pertain to any official website or portal maintained by The Developer, including PathCam.com.

2. Branding Style Guide & Authorized Usage

2.1 Style Guide Reference

The Service Provider agrees to follow The Developer’s brand identity and style guidelines, as periodically published at The Domain/branding (the “Style Guide”). Any substantial revisions to the Style Guide will be communicated to The Service Provider, who shall adopt the updated standards within [30] days.

2.2 Mentions of Compliance or Certification

Claims regarding HIPAA compliance, ISO 9001 certification, or any pending FDA approval must receive The Developer’s written approval (email accepted). Unauthorized or incorrect references to regulated or certified statuses are strictly prohibited, particularly in marketing to healthcare clients.

2.3 White-Labeling & Co-Branding

The Service Provider may add its own logos, trade names, or disclaimers to The Software’s UI or marketing materials, provided such additions do not imply ownership of The Software’s underlying code or intangible assets.
At The Developer’s discretion, disclaimers such as “Powered By [The Developer]” may be required in user interfaces, splash screens, or product documentation.

3. Sub-Branding & Renaming Requests

3.1 Email-Based Requests

If The Service Provider wishes to rebrand The Software under a different name, or introduce sub-brands for distribution, a written request (email suffices) must be submitted to The Developer. The Developer will review potential conflicts with existing trademarks or licensing terms and respond with approval or required changes.

3.2 Conflict Resolution

The Developer may reject or require modifications to any proposed sub-brand name that conflicts with third-party marks, infringes The Developer’s brand identity, or poses regulatory risks. The Developer will advise The Service Provider on acceptable naming alternatives or disclaimers.

4. Quality & Representation Standards

4.1 Accuracy in Healthcare Context

Marketing or descriptions referencing healthcare compliance or regulatory approvals must be factually accurate and up-to-date. If The Developer’s status changes (e.g., new FDA clearance), The Developer will notify The Service Provider, who must update all relevant promotional content promptly.

4.2 Approval Process

For major marketing campaigns or user-facing materials referencing The Software’s healthcare benefits, The Developer may request a brief review period (e.g., [10–14] days) to ensure statements align with regulatory and brand guidelines. The Service Provider agrees to make revisions The Developer deems necessary.

5. Mergers, Acquisitions & Brand Continuity

5.1 Change of Control

If The Service Provider merges with or is acquired by another entity, The Service Provider shall notify The Developer within [10] business days.
The Developer may allow brand usage to continue for a transition period of [30–60] days, after which the new entity must request formal re-approval of any white-label or co-branding rights.

6. Brand Infringement & Enforcement

6.1 Notification of Misuse

The Service Provider shall notify The Developer promptly—and in any event no later than 5 business days—after becoming aware of any unauthorized use of The Developer’s marks, names, or brand assets.
“Promptly” in this context means as soon as reasonably practicable, given the materiality of the infringement and The Service Provider’s awareness.

6.2 Enforcement

The Developer has the exclusive right to enforce or defend its marks, brands, and IP rights, including initiating legal or equitable action if necessary. The Service Provider shall cooperate in good faith (including providing relevant documents, testimonials, etc.) at The Developer’s request.

7. Dispute Escalation (Brand-Related)

7.1 Internal Resolution Window

If a disagreement arises regarding branding or marketing claims, the Parties shall first attempt to resolve it through direct dialogue, designating at least one representative from each side. They shall have 10 business days to find a mutually acceptable resolution.
Failing this, the formal dispute resolution mechanisms in the MSIOA apply.

8. Fees & Compensation for Branding Services

8.1 Retainer or Hourly Billing

Minor branding assistance or guidance may be covered under The Service Provider’s monthly retainer, if such retainer scope so provides. Where extensive creative design, re-branding, or collateral generation is requested, The Developer may bill an additional hourly rate as per Exhibit A.
The Developer shall specify the rate or quote a flat fee in writing before commencing any substantial branding or marketing design work not included in the existing retainer.

9. No Implied Ownership of Underlying IP

Nothing in this Exhibit conveys or implies ownership of The Software’s intangible code or IP to The Service Provider. White-labeling pertains solely to the user-visible branding of compiled executables, marketing, or official collateral. All IP remains vested in The Developer as delineated in the MSIOA.

10. Incorporation by Reference

This Exhibit C is hereby incorporated into and forms a binding part of the MSIOA. If there is any conflict between this Exhibit and the MSIOA regarding branding matters, the provisions of this Exhibit shall govern, unless explicitly stated otherwise in the MSIOA.

Exhibit D: Additional Services & Support Schedules

1. Purpose

This Exhibit outlines the protocols by which The Service Provider can access enhanced, optional, or custom services (“Additional Services”) related to The Software and its supporting ecosystem. It supplements the Master Services and IP Ownership Agreement (“MSIOA”) and the Payment Terms in Exhibit A.

2. Scope of Additional Services

2.1 Hosting & Infrastructure Solutions

Developer-Managed Hosting: At The Service Provider’s request, The Developer may provide advanced hosting options, cloud infrastructures, or dedicated server setups for The Software. Such hosting typically includes routine updates, security patches, and monitored uptime, but does not guarantee absolute system availability unless specifically stated in a Service-Level Agreement (SLA).
Cost & Billing: Hosting fees, if not covered under The Service Provider’s retainer, will be specified in a separate rate schedule or SOW. The Developer will offer a quote and timeline before initiating any setup.

2.2 Custom Feature Development

Requests: The Service Provider may request custom modules, integrations, or enhancements beyond the scope of The Software’s standard capabilities.
Approval & Implementation: The Developer shall evaluate feasibility, provide a rough cost estimate, and confirm a timeline. Custom feature work proceeds only after both Parties sign an SOW detailing deliverables, pricing, and acceptance criteria.

2.3 Emergency or Extended Support

24/7 On-Call Support: If The Service Provider requires round-the-clock or priority support (e.g., for healthcare-critical systems), The Developer may offer a premium support schedule at an additional monthly or hourly rate.
Response Times: Specific response and resolution targets, if needed, shall be stated in a separate SLA or SOW, referencing the rates or terms in Exhibit A.

3. Work Orders (WO) or Statement of Work (SOW)

3.1 Initiation of Requests

The Service Provider may initiate a WO or SOW by sending an email or formal request describing the desired Additional Services, timelines, and any specific requirements (security clearances, special hardware, etc.).

3.2 Developer’s Review

The Developer will respond with a written proposal or a short SOW outlining scope, estimated hours, cost, and a proposed delivery schedule. Unless The Service Provider formally approves these details, The Developer is under no obligation to begin work.

3.3 Acceptance & Modifications

Once a WO or SOW is agreed upon, any subsequent changes (scope creep, additional features, new deadlines) require a signed amendment or addendum to the original SOW.

4. Invoicing & Payment for Additional Services

4.1 Billing Cycles

Fees for Additional Services may be invoiced separately from the monthly retainer or bundled into the next regular invoice cycle, depending on the complexity and cost of the work. The Developer will clarify the billing method within the SOW or approval email.

4.2 Hourly or Milestone-Based

Certain tasks may be billed hourly at a pre-agreed rate (see Exhibit A). Larger projects may rely on milestone-based invoicing, where partial payments are due upon reaching defined deliverables (e.g., alpha release, final testing, go-live).

4.3 Late Payments & Suspension

Payment terms remain consistent with the Payment Terms in Exhibit A. The Developer may suspend in-progress Additional Services if The Service Provider fails to pay associated invoices on time, subject to the penalties outlined in Exhibit A.

5. Limitations & Liability

5.1 No Guaranteed Outcomes

While The Developer will use commercially reasonable efforts to fulfill Additional Services, no guarantee is given as to performance, market acceptance, or revenue generation of custom features, unless specifically stated in the SOW.

5.2 Healthcare & Regulatory

If custom services or hosting solutions are intended for healthcare or regulated environments, The Service Provider must clearly disclose all compliance requirements at the initial request. Failure to do so may release The Developer from any implied warranties or obligations related to regulatory compliance.

5.3 IP Ownership

Unless explicitly assigned in writing, new code, modules, or enhancements developed under an SOW remain The Developer’s sole property. The Service Provider gains only the license rights outlined in the MSIOA and corresponding SOW.

6. Integration with Other Exhibits

Exhibit A (Payment Terms): Any additional fees or hourly rates for custom development, hosting, or extended support tie back to the rates established in Exhibit A, unless otherwise stated in an SOW.
Exhibit B (Data Handling & Compliance): Hosting or custom features that involve data collection or processing may invoke special obligations under Exhibit B.
Exhibit C (White-Label & Branding): If new UI or branding changes are part of the custom request, guidelines and approvals from Exhibit C apply.

7. Incorporation by Reference

This Exhibit D is hereby incorporated into and forms a binding part of the MSIOA. In the event of any conflict between the terms of this Exhibit and the MSIOA on matters relating to Additional Services or support, the relevant clauses in this Exhibit shall govern unless explicitly stated otherwise in the MSIOA.

Exhibit E: Ownership of Compiled Executables

1. Purpose

This Exhibit clarifies the nature of The Service Provider’s right to possess and distribute compiled, executable forms of The Software, reaffirming that the intangible source code, build processes, and supporting systems remain the sole property of The Developer.

2. Definitions

2.1 Compiled Executables

The final binary or object-code versions of The Software provided to The Service Provider for authorized distribution or use.
These deliverables may be in the form of .exe files, .dll libraries, or other compiled artifacts.

2.2 Supporting Services

Refers to all intangible code bases, libraries, scripts, AI/ML models, or build pipelines utilized to create or maintain The Software, as further described in the MSIOA. None of these intangible assets are transferred or licensed to The Service Provider beyond the compiled executable form.

3. Permitted Possession & Distribution

3.1 Ownership of Tangible Copies

Subject to the MSIOA and any applicable licensing restrictions, The Service Provider may retain and distribute the Compiled Executables of The Software in object-code form. This possession is deemed an “ownership” of the physical or digital copies only, rather than the underlying IP.

3.2 License Boundaries

The Service Provider’s ability to distribute or sub-license these Compiled Executables is strictly governed by the MSIOA’s License Grant.
No right to modify, reverse-engineer, or create derivative works from the Compiled Executables is granted unless explicitly stated in a separate addendum.

3.3 Compliance with Branding Guidelines

White-labeling or re-branding of the Compiled Executables must adhere to the relevant disclaimers and style guide references in Exhibit C.
The Developer may request the inclusion of “Powered By [The Developer]” disclaimers, depending on the final distribution model.

4. Developer Stewardship & Continuous Builds

4.1 Build Process Remains Confidential

All intangible processes, source code, or automation used to produce The Software remain the exclusive property of The Developer. The Service Provider shall not request or attempt to obtain direct access to these Supporting Services.

4.2 New Builds & Updates

The Developer agrees to provide updated or newly compiled versions of The Software only while the MSIOA remains in effect and all fees (including retainers or additional development costs) are paid in accordance with Exhibit A (Payment Terms).
If the MSIOA is suspended or terminated, The Developer reserves the right to cease delivering new compiled versions, updates, or patches.

4.3 Security & Encryption

Where The Developer supplies digitally signed executables or uses encryption keys, The Developer alone controls and safeguards such keys. The Service Provider shall not tamper with or remove any embedded digital signatures or encryption mechanisms.

5. Liability & IP Enforcement

5.1 Breach of License

Any unauthorized reproduction, decompilation, or reverse-engineering of the Compiled Executables constitutes a material breach of the MSIOA.
The Developer may seek all available legal remedies or enforce the penalties outlined in the MSIOA for IP infringement.

5.2 Notification of Unauthorized Copies

The Service Provider agrees to notify The Developer promptly if it becomes aware of any third-party using or distributing unauthorized copies of The Software’s Compiled Executables.

6. Termination or Expiration of Rights

6.1 Effect on Compiled Executables

Upon termination or expiration of the MSIOA, The Service Provider must discontinue further distribution of the Compiled Executables, unless a post-termination license or transition arrangement is explicitly agreed upon in writing.

6.2 Destruction or Return of Copies

If The Developer so requests, The Service Provider shall delete or destroy all stored copies of the Compiled Executables and provide written confirmation of such destruction. This requirement does not apply to any local backups The Developer mandates for auditing or legacy reasons.

7. Incorporation by Reference

This Exhibit E is hereby incorporated into and forms a binding part of the MSIOA. In the event of any conflict between this Exhibit and the MSIOA regarding the ownership or distribution of Compiled Executables, the provisions of this Exhibit shall govern unless explicitly stated otherwise in the MSIOA.

Exhibit F: Definitions & Terms

1. Purpose

This Exhibit centralizes key terminology used throughout the Master Services and IP Ownership Agreement (“MSIOA”) and its associated Exhibits, ensuring consistent references and reducing ambiguity.

2. Definitions

2.1 “The Developer”
Refers to National Intel LLC, the owner and authorized steward of all proprietary source code, algorithms, and intangible intellectual property related to The Software, including any Supporting Services, derivative works, or future software enhancements.

2.2 “The Service Provider”
Refers to Camtronics LLC, acting as a distributor, reseller, or integrator of The Software. The Service Provider obtains certain distribution and usage rights under the MSIOA but does not acquire ownership of The Developer’s underlying IP.

2.3 “Mopec”
A third-party vendor or partner, referenced in prior agreements or distribution deals, which may participate in marketing, selling, or servicing The Software under terms negotiated with The Service Provider or The Developer.

2.4 “The Software”
Means PathCam, in its final compiled, executable form (object code). It does not include intangible source code, supporting libraries, build processes, or other intangible assets, collectively referred to as Supporting Services.

2.5 “Supporting Services”
Includes but is not limited to The Developer’s proprietary source code, build pipelines, machine learning models, encryption scripts, hosting frameworks, and any other intangible processes or assets used to create, maintain, or improve The Software. All such Supporting Services remain the sole property of The Developer.

2.6 “The Domain” / “The User Portal”
Refers to PathCam.com or any other online platform authorized by The Developer for user registrations, license management, beta software releases, or administrative tasks related to The Software.

2.7 “Compiled Executables”
Any fully built or packaged binary versions of The Software delivered to The Service Provider for distribution or operation in object-code format, such as .exe, .dll, or other recognized binary files.

2.8 “Business Associate” or “Processor”
A role The Developer may assume under healthcare regulations (e.g., HIPAA) or privacy regulations (e.g., GDPR) when it processes, stores, or transmits personal or health-related data on behalf of The Service Provider or its end clients.

2.9 “HIPAA”
The Health Insurance Portability and Accountability Act of 1996 (U.S.), imposing standards for protecting sensitive patient health information (“PHI”) and regulating how entities and their business associates handle such data.

2.10 “PHI” (Protected Health Information)
Identifiable health data regulated under HIPAA, typically including patient names, addresses, medical records, or any unique identifiers linked to healthcare provision or billing.

2.11 “GDPR”
The General Data Protection Regulation, a data privacy and protection framework enforced in the European Union, setting strict standards for handling personal data of EU residents.

2.12 “ISO 9001”
An international standard for quality management systems, which may apply to processes and procedures used by The Developer in designing or maintaining The Software.

2.13 “Beta Software Terms”
Provisions (whether in the MSIOA or separate addenda) governing any pre-release or beta versions of The Software, identifying risks, disclaimers, and feedback processes when The Service Provider or end users pilot non-final code.

2.14 “Authorized Users”
Any individuals employed or contracted by The Service Provider (or its sub-distributors) who are given legitimate credentials and access privileges to use The Software under the MSIOA’s license terms. Such users must abide by all confidentiality and compliance obligations.

2.15 “Change Order” or “Work Order (WO)”
A formal request initiated by The Service Provider for additional features, modifications, or expansions of The Software’s capabilities. Change Orders typically reference or result in a Statement of Work (“SOW”) as described in Exhibit D (Additional Services & Support Schedules).

2.16 “Statement of Work (SOW)”
A detailed document describing the scope, deliverables, cost, and timeline for Additional Services beyond the standard monthly retainer, often including custom development or hosting expansions, as governed by Exhibit D.

2.17 “In Writing”
Includes physical signatures, digitally signed documents, or explicitly acknowledged email communications, provided such communications clearly express intent to be bound and can be retained for record-keeping.

2.18 “Confidential Information”
Any non-public technical, financial, or strategic information disclosed by one Party to the other under the MSIOA, including but not limited to source code, user credentials, trade secrets, or business strategies. Confidential Information is further addressed in the MSIOA and any separate NDAs.

2.19 “Term” or “Effective Date”
The starting and ending periods specified in the MSIOA’s main body, during which rights and obligations remain in force, subject to early termination clauses.

3. Applicability & Priority

3.1 Hierarchy

If a term is defined differently in the MSIOA’s main body or another exhibit, that context-specific definition may take precedence. This Exhibit F aims to unify definitions but yields to more specific definitions when explicitly stated in a separate exhibit or addendum.

3.2 Amendments or Updates

The Developer and The Service Provider may mutually agree to update or expand definitions in this Exhibit if additional or specialized terms become relevant. Any such updates shall be appended to this Exhibit F and incorporated by reference into the MSIOA.

4. Incorporation by Reference

This Exhibit F is incorporated into and forms part of the MSIOA. If any direct conflict arises concerning the interpretation of a defined term, the specific definition in the MSIOA’s main text or the relevant exhibit controlling that subject matter takes precedence unless expressly stated otherwise.

Exhibit G: Security & Audit (Comprehensive)

1. Purpose

This Exhibit G clarifies the security measures, responsibilities, and audit protocols under which The Developer and The Service Provider operate. It aims to address the heightened requirements of healthcare, HIPAA-regulated contexts, and other data-sensitive industries.

2. Scope & Applicability

2.1 Relationship to Other Exhibits

This Exhibit G should be read alongside Exhibit B (Data Handling & Compliance), Exhibit F (Definitions & Terms), and the Master Services and IP Ownership Agreement (“MSIOA”).
If conflicts arise, this Exhibit G prevails regarding security or audit obligations, except where explicitly stated otherwise in the MSIOA.

2.2 Security Context

The Developer’s technology may be utilized in hospitals, labs, or other regulated facilities. Therefore, each Party must uphold the best practices described here to protect user data, patient data, or operational integrity.

3. Baseline Security Measures

3.1 Encryption in Transit & At Rest

The Developer implements industry-standard encryption (e.g., TLS/SSL) for data transmitted between end-user devices, The Domain (PathCam.com or related portals), and The Developer’s servers.
For any data stored in The Developer’s possession, encryption at rest may be employed, particularly for sensitive user credentials or system-critical data. However, The Developer does not guarantee compliance with specific external mandates (e.g., FIPS 140-2) unless stated in a separate addendum or agreement.

3.2 Access Controls & Authentication

All internal systems used to develop, build, or maintain The Software employ role-based access, unique user accounts, and multi-factor authentication (MFA) where feasible. The Developer periodically reviews and revokes unnecessary privileges to mitigate insider threats.
The Service Provider must enforce similar best practices for any local or on-premise environment where The Software is installed or managed.

3.3 Disaster Recovery & Backups

The Developer maintains routine backups of critical repositories, hosting environments, or intangible assets essential for building and updating The Software.
In the event of a significant hosting failure or data corruption within The Developer’s infrastructure, The Developer shall perform commercially reasonable efforts to restore functionality but does not guarantee zero data loss, unless stipulated under a separate Service Level Agreement (SLA) or SOW.

4. Healthcare & Regulatory Safeguards

4.1 HIPAA or Equivalent Regulations

If The Developer acts as a Business Associate/Processor under HIPAA (or GDPR for EU personal data), a separate Business Associate Agreement (BAA) or Data Processing Agreement (DPA) must be executed to detail the exact data flows, breach notification procedures, and compliance measures.
The Developer disclaims liability for security lapses caused by The Service Provider’s local configurations, unapproved system integrations, or unauthorized data disclosures.

4.2 No Warranty of Full Compliance

The Developer uses recognized security practices aligned with HIPAA, GDPR, or ISO 9001 frameworks but makes no absolute warranties that The Software meets every specialized regulation, accreditation, or local law. The Service Provider remains responsible for verifying compliance within its specific context.

5. The Service Provider’s Security Obligations

5.1 Local Network & Physical Security

Any local installations of The Software (e.g., on hospital servers) fall under The Service Provider’s direct security oversight. This includes OS patching, anti-malware solutions, physical access controls, and network segmentation.
The Developer bears no liability if The Software is compromised due to unpatched systems, weak credentials, or local misconfigurations.

5.2 Authorized User Management

The Service Provider agrees to maintain strict credentialing procedures for staff or sub-distributors accessing The Software’s administrative tools (e.g., license management portals, The Domain user accounts). Shared logins or default passwords are strongly discouraged.
If a user’s access is revoked (e.g., an employee leaves), The Service Provider must promptly disable or remove that user’s credentials to prevent unauthorized system access.

5.3 Prompt Incident Reporting

If The Service Provider suspects or detects unusual activity that could indicate a breach or data compromise involving The Software, it shall notify The Developer immediately (within 24 hours in critical healthcare contexts).
The Developer may assist with incident investigations at the retainer or hourly rate specified in Exhibit A or as part of Additional Services (Exhibit D).

6. Audit Requests & Procedures

6.1 Internal & External Audits

The Developer may conduct periodic internal security audits or vulnerability assessments of its infrastructure and intangible assets.
The Service Provider, or a relevant regulatory body, may request external audits or penetration tests involving The Developer’s hosting or The Domain. All such requests must be in writing with a minimum of [30] days’ notice, unless exigent circumstances demand an immediate review (e.g., a critical security incident).

6.2 Scope & Third-Party Auditors

The Developer reserves the right to define or limit the scope of any third-party audit to protect trade secrets, intangible build processes, or proprietary code.
If The Service Provider insists on broader audits, it may incur additional costs, which are handled via a Work Order (WO) or Statement of Work (SOW) as per Exhibit D.

6.3 Costs & Confidentiality

Any fees for external auditors, forensic specialists, or third-party security consultants enlisted at The Service Provider’s request are borne by The Service Provider unless agreed otherwise in writing.
Audit results shall remain confidential, and neither Party shall disclose them to third parties without the other’s explicit consent unless legally required.

7. Breach Response & Liability Allocation

7.1 Developer’s Responsibilities

If a breach is attributed to The Developer’s direct infrastructure or intangible processes (e.g., a compromise in The Domain’s hosting environment), The Developer shall promptly investigate, apply fixes, and coordinate with The Service Provider on any mandatory notifications.
The Developer’s liability for breach costs, regulatory fines, or damages is subject to disclaimers and limits in the MSIOA, including any references to insurance coverage (e.g., $1 million policy).

7.2 Service Provider’s Responsibilities

Should a breach originate within The Service Provider’s local environment (e.g., compromised user credentials, misconfigured servers, or failure to implement recommended patches), The Service Provider bears primary liability and indemnifies The Developer for any resulting claims or penalties, as outlined in the MSIOA.
If The Service Provider requests The Developer’s assistance in breach remediation, The Developer may charge retainer or additional hourly rates in alignment with Exhibits A and D.

7.3 Regulatory Notifications

If required by law (e.g., HIPAA breach notification rules), The Service Provider and The Developer shall cooperate in good faith to meet all mandated reporting deadlines. The final message content and recipients may require joint legal review. The Developer disclaims any liability for The Service Provider’s failure to report or inaccurate reporting unless The Developer contributed directly to the incident and withheld information in bad faith.

8. Insurance & Claims Coverage

8.1 Developer’s Cyber Insurance

The Developer maintains or is obtaining a cybersecurity policy up to $1 million in coverage for certain first- and third-party claims, contingent on The Developer’s adherence to its own security protocols. This policy does not serve as blanket coverage for The Service Provider’s separate operational risks, local data handling, or user negligence.

8.2 Service Provider’s Insurance

The Service Provider is strongly advised to maintain its own cyber liability insurance to cover local breaches, third-party claims, or user-related negligence. If The Service Provider lacks such coverage, it assumes all associated risks and costs arising from data or security incidents on its side.

8.3 Claim Coordination

In an incident potentially covered by The Developer’s policy, The Developer shall initiate the claims process and determine if coverage applies. The Service Provider must supply any relevant evidence, logs, or breach reports promptly. Coverage may be voided if The Service Provider failed to follow recommended security steps or intentionally circumvented The Developer’s controls.

9. Continuous Improvement & Updates

9.1 Security Updates to The Software

The Developer may release patches or new security features periodically. The Service Provider is responsible for deploying these patches promptly if The Software is installed locally.
Any refusal or delay in installing critical updates absolves The Developer from liability for vulnerabilities that could have been mitigated.

9.2 Policy Revisions

The Developer may update its internal security protocols or procedures to reflect evolving threats, regulatory changes, or best practices. Notice of significant revisions impacting The Service Provider shall be provided as soon as practicable.

10. Incorporation by Reference

This Exhibit G is incorporated into and forms a binding part of the MSIOA. In the event of any conflict between the MSIOA and this Exhibit regarding security or audit obligations, the relevant terms in this Exhibit shall govern unless explicitly stated otherwise in the MSIOA.

Exhibit H: Non-Disclosure & Non-Solicitation Agreement

1. Purpose and Scope

1.1 Purpose
This Exhibit outlines the confidentiality and non-solicitation obligations of The Service Provider and The Developer regarding any proprietary information and workforce relationships. It aims to protect trade secrets, intangible assets, and business relationships critical to the success of The Software and related services.

1.2 Scope
Unless otherwise stated in the Master Services and IP Ownership Agreement (“MSIOA”), this Non-Disclosure & Non-Solicitation Agreement governs the sharing of all non-public information and the safeguarding of personnel and contractor relationships between the Parties.

2. Definitions

2.1 Confidential Information
Any non-public information disclosed by one Party (“Disclosing Party”) to the other Party (“Receiving Party”)—whether in written, oral, or electronic form—that is either (i) designated as confidential at the time of disclosure or (ii) should reasonably be understood by its nature to be confidential. This includes, without limitation:

Technical data, source code, object code, build processes, trade secrets, or intangible assets.
Pricing, financials, product roadmaps, marketing plans, or client lists.
User credentials, patient or end-user data, or other regulated information.
Proprietary processes, designs, or system architectures related to The Software or its supporting services.

2.2 Non-Solicitation
Refers to the obligation of the Parties not to recruit, hire, or directly engage with the employees, contractors, or sub-contractors of the other Party for a defined period, as laid out in Section 5 below.

2.3 Exclusions
Confidential Information does not include information that:

Was lawfully known to the Receiving Party prior to disclosure without breach of any confidentiality obligation;
Becomes publicly available through no fault of the Receiving Party;
Is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information;
Is required to be disclosed by law or court order, provided the Receiving Party gives prompt notice to the Disclosing Party and cooperates in seeking a protective order or other legal remedy.

3. Confidentiality Obligations

3.1 Use of Confidential Information
The Receiving Party shall use the Disclosing Party’s Confidential Information solely for the purpose of fulfilling the Receiving Party’s obligations or exercising the Receiving Party’s rights under the MSIOA. The Receiving Party may not exploit the Confidential Information for any other purpose, including commercial gain or developing competing products or services.

3.2 Protection Standards
The Receiving Party shall employ at least the same degree of care in safeguarding the Disclosing Party’s Confidential Information as it uses to safeguard its own confidential information, but in no event less than a commercially reasonable standard of care, taking into account any healthcare or regulatory compliance obligations (e.g., HIPAA, GDPR as applicable).

3.3 Disclosure to Authorized Persons Only
The Receiving Party may disclose Confidential Information only to its employees, agents, or contractors who (i) have a legitimate “need to know,” (ii) are bound by similar or stricter confidentiality obligations, and (iii) have been made aware of the confidentiality provisions herein.

3.4 Breach & Remedial Actions
If the Receiving Party becomes aware of any unauthorized disclosure or misuse of the Disclosing Party’s Confidential Information, it shall promptly notify the Disclosing Party and take reasonable measures to mitigate further unauthorized disclosure. The Disclosing Party may seek injunctive relief or pursue other legal remedies as specified in the MSIOA.

4. Return or Destruction of Confidential Materials

4.1 Upon Request
At any time, the Disclosing Party may request that any Confidential Information (including all copies) be returned or destroyed. The Receiving Party shall comply within [15] days of receiving such request, confirming in writing that all materials have been purged unless retention is required by law or regulation.

4.2 Post-Termination
Unless otherwise specified in the MSIOA, upon termination or expiration of the MSIOA, each Party shall destroy or return the other Party’s Confidential Information within [30] days, with written confirmation provided upon the Disclosing Party’s request.

5. Non-Solicitation

5.1 No Hiring or Engagement
During the term of the MSIOA and for a period of [X] months/years thereafter, neither Party shall knowingly solicit, hire, or attempt to hire any employee, independent contractor, or subcontractor of the other Party who was involved in providing or receiving services under the MSIOA, without the other Party’s prior written consent.

5.2 Exclusions
This restriction does not apply to:

Generalized job postings or recruitment drives that are not specifically targeted at the other Party’s staff;
Employees or contractors who apply for positions on their own accord in response to non-discriminatory public advertisements, provided the recruiting Party had no prior direct solicitation efforts toward them.

5.3 Remedies
If a Party violates this non-solicitation clause, the aggrieved Party may seek any legal or equitable remedies available, including injunctive relief and monetary damages. The Parties acknowledge that a breach of these obligations could cause irreparable harm, justifying immediate injunctive relief.

6. Term & Survival

6.1 Term
This Exhibit H shall become effective upon execution of the MSIOA (or upon its incorporation by reference) and remain in force concurrently with the MSIOA’s term. The confidentiality obligations survive [3–5] years after the MSIOA terminates or expires, unless a longer period is mandated by law or a BAA/DPA.

6.2 Extended Non-Solicitation
If the MSIOA does not specify a distinct end date, the non-solicitation obligations persist for [X] months/years after MSIOA termination or expiry, or any other agreed duration spelled out in the MSIOA.

7. Injunctive Relief & Remedies

7.1 Injunctive Relief
Both Parties acknowledge that a breach of confidentiality or non-solicitation obligations may result in irreparable harm, entitling the non-breaching Party to injunctive relief (temporary or permanent) in addition to any other remedy available under law or equity.

7.2 Additional Remedies
Nothing herein limits a Party’s right to pursue damages, fees, or any other relief, as stated in the MSIOA or under applicable law. The breaching Party shall be responsible for reasonable attorneys’ fees and costs incurred by the non-breaching Party to enforce these obligations, subject to the limitations set forth in the MSIOA.

8. Incorporation by Reference

This Exhibit H is hereby incorporated into and forms a binding part of the MSIOA. In the event of any conflict with the MSIOA regarding confidentiality or non-solicitation, the terms of this Exhibit shall control unless explicitly stated otherwise in the MSIOA.

BUSINESS ASSOCIATE AGREEMENT

(Incorporated by reference as Supplemental Document 1 to the MSIOA)

Effective Date: 21 April 2025

Covered Entity / Upstream Business Associate (“Covered Entity”):
Camtronics LLC, 4567 Diagnostics Blvd., Detroit, MI 48201, USA

Business Associate (“Developer”):
National Intel LLC, 1234 Innovation Dr., Suite 400, Ann Arbor, MI 48103, USA

1. Purpose; Incorporation

This Business Associate Agreement (“BAA”) supplements the Master Services & IP Ownership Agreement dated 21 April 2025 (“MSIOA”) and governs the parties’ respective obligations with respect to “Protected Health Information” (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (45 C.F.R. Parts 160 & 164, Subparts A & C – E; collectively, “HIPAA Rules”).

2. Definitions

Capitalized terms not defined herein have the meanings set forth in the HIPAA Rules or the MSIOA.

“Electronic PHI” (“ePHI”) – PHI transmitted or maintained in electronic media.
“Security Incident” – per 45 C.F.R. § 164.304.
“Breach” – per 45 C.F.R. § 164.402.
“Minimum Necessary” – per 45 C.F.R. §§ 164.502(b), 164.514(d).

3. Permitted Uses & Disclosures by Business Associate

3.1 Services Use. Business Associate may Use and Disclose PHI solely to perform the “Supporting Services” and other obligations described in the MSIOA, and as Required by Law.

3.2 Management & Administration. Business Associate may Use PHI for its internal management, quality improvement, and legal compliance, provided disclosures outside Business Associate are either (i) Required by Law or (ii) pursuant to a written agreement that the recipient will safeguard PHI.

3.3 Data Aggregation & De‑Identification. Business Associate may aggregate and De‑Identify PHI in accordance with 45 C.F.R. § 164.514(a)–(b) and may retain De‑Identified data indefinitely for product improvement and analytics.

4. Business Associate Safeguards

4.1 Administrative, Physical, Technical Safeguards. Business Associate shall implement policies and procedures meeting the Security Rule (45 C.F.R. §§ 164.308‑312), including:

Encryption of ePHI in transit (TLS 1.3+) and at rest (AES‑256).
Role‑based access controls and MFA.
Annual risk analysis per NIST SP 800‑30.

4.2 Minimum Necessary. Business Associate shall request, use, and disclose only the Minimum Necessary PHI to perform its duties.

5. Reporting Obligations

5.1 Security Incidents. Business Associate shall report to Covered Entity any successful Security Incident involving ePHI within 72 hours of confirmation.

5.2 Breach Notification. Business Associate shall provide written notice of any Breach of Unsecured PHI without unreasonable delay and in no event later than 10 calendar days after discovery, supplying all information required by 45 C.F.R. § 164.410.

5.3 Investigation & Mitigation. Business Associate will promptly investigate the Breach and cooperate with Covered Entity to mitigate harm and comply with breach‑notification obligations.

6. Subcontractors

Business Associate shall ensure that any Subcontractor creating, receiving, maintaining, or transmitting PHI on behalf of Business Associate (“Downstream BA”) agrees in writing to the same restrictions and conditions that apply to Business Associate under this BAA.

7. Individual Rights

Access. Upon Covered Entity’s request, Business Associate will make PHI available within 15 days to enable Covered Entity to meet its obligations under 45 C.F.R. § 164.524.
b. Amendment. Business Associate will incorporate any amendment to PHI as directed by Covered Entity per § 164.526.
c. Accounting of Disclosures. Business Associate will document disclosures (excluding exempt disclosures) and provide an accounting within 30 days of request (§ 164.528).

8. Termination

8.1 Material Breach. Covered Entity may terminate the MSIOA and this BAA if Business Associate materially breaches this BAA and fails to cure within 30 days after written notice.

8.2 Return or Destruction of PHI. Upon termination, Business Associate shall return or destroy all PHI (including PHI in Downstream BA possession) within 30 days, except where (i) return or destruction is infeasible or (ii) PHI is retained to comply with legal obligations or Section 3.3 (De‑Identified data).

8.3 Infeasibility. If destruction is infeasible, Business Associate shall extend all protections of this BAA to the retained PHI and limit further uses to those purposes making retention necessary.

9. Indemnification

Business Associate shall indemnify and hold harmless Covered Entity (and its officers, directors, and employees) from any third‑party claims, penalties, or costs (including reasonable attorneys’ fees) arising out of Business Associate’s breach of this BAA or violation of the HIPAA Rules, except to the extent caused by Covered Entity’s negligence or willful misconduct.

10. Limitation of Liability

Except for indemnity obligations and breaches of Section 4 (Safeguards), Business Associate’s aggregate liability under this BAA is limited to US $ 1,000,000.
(NOTE: aligns with Developer’s cyber‑liability policy limit.)

11. Insurance

Business Associate shall maintain cyber‑liability insurance covering Breach notification costs, third‑party liability, and regulatory fines, with minimum limits of US $ 1 million per event.

12. Miscellaneous

12.1 No Third‑Party Beneficiaries. Nothing in this BAA confers rights on any person other than the parties.
12.2 Survival. Sections 4–10 survive termination for as long as Business Associate retains PHI.
12.3 Governing Law. This BAA is governed by the laws of the State of Michigan, without regard to conflict‑of‑law rules.

13. Digital Execution of Business Associate Agreement

The Parties acknowledge and agree that this Business Associate Agreement (“BAA”), incorporated by reference as Supplemental Document 1 to the Master Services and Intellectual-Ownership Agreement (“MSIOA”), is executed exclusively by electronic means as follows:

Click-Wrap Acceptance.
At Stripe® checkout, the Customer’s authorized representative (i) selects the payment button and (ii) checks the box stating “I agree to DETROIT EXPOSURE’s Terms of Service and Privacy Policy.”
- The referenced Terms of Service expressly incorporate the MSIOA and this BAA by reference; therefore, the click-wrap action constitutes assent to all such incorporated documents.
Legal Effect.
The foregoing electronic actions (collectively, the “Digital Signature”) satisfy the signature requirements of the Electronic Signatures in Global and National Commerce Act (15 U.S.C. § 7001 et seq.), the Uniform Electronic Transactions Act, and any other applicable electronic-signature law. The Digital Signature is deemed an original, handwritten signature for all purposes and carries the same legal force and effect.
Authority.
By completing the Digital Signature, the individual represents and warrants that he or she has full legal authority to bind the Customer to the MSIOA and this BAA. The Parties waive any objection to the validity or enforceability of this BAA on the ground that it was digitally executed.

This Section 13 replaces the need for physical signatures and shall be affixed to all copies of the BAA maintained by the Parties.

Privacy Policy

Effective Date: 01/01/24

This Privacy Policy outlines how The Provider (“We”, “Us”, “Our”) collects, uses, retains, shares, and destroys personal data collected through our services, website, and any affiliated platforms (collectively, “The Services”). By accessing or using The Services, you (“The Customer”) acknowledge that you have read, understood, and agree to be bound by this policy.

Our Commitment to Privacy:

We are committed to implementing reasonable measures to safeguard your privacy and protect personal data. However, The Customer assumes full responsibility for ensuring the security and protection of their data, as described in this policy.

Key Terms:

“The Provider”: Refers to National Intel LLC, including its affiliates, subsidiaries, and business partners.
“The Services”: Refers to all products, services, platforms, websites, and tools provided by The Provider.
“The Customer”: Refers to any individual, company, or entity using The Services.

Your Consent:

By using The Services, you expressly consent to the collection, use, and sharing of your personal data as described in this Privacy Policy. You also acknowledge that you are responsible for understanding and complying with the terms outlined in this policy, and that you waive any rights to claim against The Provider regarding data practices as permitted by law.

Compliance with Global Data Protection Laws:

We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), where applicable. By using The Services, you acknowledge that your data may be transferred across borders in compliance with these laws.

Your Data Rights:

Depending on your location, you may have the right to request access to, correction of, or deletion of your personal data. We encourage you to review the full scope of your rights in this policy.

Contact Information:

If you have any questions or concerns about how we handle your data, please contact us at [privacy@nationalintel.com].

Data Retention:

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy or as required by law. You can request information about our data retention practices by contacting us.

Section 1: Data Collection and Ownership

The Provider (“We”, “Us”, “Our”) collects and processes data solely as necessary for the provision and improvement of our services, and for legitimate business purposes. This includes, but is not limited to, the following types of data:

Personal Information: Details provided by the Customer, including but not limited to, name, contact information, and payment details;
Service Usage Data: Information about how the Customer interacts with our services, such as access logs, transactional data, and user preferences;
Derived Data: Aggregated, de-identified, or technical data generated from the Customer’s use of our services, which may include metadata and system diagnostics.

1.1 Customer Consent and Data Processing Acknowledgment:

By accessing, using, or interacting with our services, The Customer explicitly consents to the collection, use, and processing of their data as outlined in this Privacy Policy. The Customer acknowledges that such data processing is necessary for the delivery of services and accepts that We retain the right to collect, store, share, and destroy data, as appropriate, in compliance with applicable laws.

1.2 Data Ownership and Use:

While personal information may be linked to The Customer, all data collected or generated through the use of Our services remains the property of The Provider. This includes, but is not limited to, de-identified, aggregated, or technical data. We reserve the right to use such data for internal analysis, business optimization, research, or service improvement, without any obligation to the Customer.

1.3 Customer Responsibility and Privacy Obligations:

The Customer is solely responsible for ensuring the accuracy and confidentiality of any data they provide. The Provider shall not be held liable for any data or information that is voluntarily shared by The Customer through non-secure channels or unauthorized third parties. The Customer is responsible for understanding the risks associated with sharing data and agrees to take reasonable measures to protect their privacy when using Our services.

1.4 Legal Compliance and Third-Party Data Requests:

We may process data to comply with legal obligations, including requests from law enforcement, regulatory bodies, or judicial authorities. The Provider is under no obligation to notify The Customer of any legal data disclosures if prohibited by law.

Section 2: Data Retention, Backup, and Destruction

2.1 Retention of Data:

The Provider retains full and exclusive discretion over the retention of data, regardless of any requests or preferences expressed by The Customer. We may retain data for as long as necessary to fulfill business, legal, or operational purposes, or as required by applicable laws, regulations, or contractual obligations.

Discretionary Retention: Data may be retained indefinitely at The Provider’s discretion, including but not limited to cases where future legal, regulatory, or operational needs may arise.

2.2 Data Backup:

Data backup is conducted solely for The Provider’s operational continuity and is not intended as a service to The Customer. The Provider assumes no responsibility or liability for any data loss, corruption, or unavailability arising from reliance on Our backup processes.

No Customer Reliance: The Customer acknowledges that any backup services provided by The Provider are purely discretionary and should not be relied upon as a primary means of data retention. The Customer is solely responsible for maintaining independent backups of their own data.

2.3 Destruction of Data:

The Provider reserves the unrestricted right to destroy any data at any time, without prior notice to The Customer, except where retention is required by applicable laws or for the protection of The Provider’s business interests.

Customer Requests: While The Provider may consider data destruction requests from The Customer, we are under no obligation to act on such requests if the data is required for business, operational, legal, or regulatory purposes. The Provider may destroy data at its discretion, provided such destruction complies with applicable laws and internal policies.

2.4 No Liability for Data Handling:

The Provider assumes no liability for any claims, damages, or losses arising from the retention, backup, destruction, or unavailability of data. The Customer acknowledges and agrees that data may be retained or destroyed without liability to The Provider, even where such actions result in inconvenience, loss, or damage to The Customer.

Immunity from Legal Claims: The Provider shall not be held responsible for any legal claims or damages resulting from the failure to act on customer requests to destroy or retain data, where such data is required for compliance with laws, business continuity, or future legal defense.

2.5 Customer Responsibility:

It is the sole responsibility of The Customer to ensure that their data is appropriately backed up, protected, and secured. The Provider is not liable for any losses or damages resulting from The Customer’s failure to maintain their own independent data protection measures.

Section 3: Third-Party Data Sharing

The Provider shares data with third-party service providers, affiliates, partners, and legal authorities to fulfill operational, legal, and business needs. This section outlines our approach to data sharing and the customer’s consent to such actions.

3.1 Third-Party Data Sharing:

The Provider may share customer data with third parties for a wide range of legitimate business purposes, including but not limited to service provision, analytics, marketing, operational improvements, and legal or regulatory compliance. The Customer acknowledges and consents to such data sharing as a necessary part of using our services.

No Liability for Third-Party Use: Once data is shared with third parties, The Provider disclaims any liability for how that data is handled, processed, or stored by those parties. The Customer agrees that such third parties are solely responsible for complying with applicable data protection laws, and that The Provider bears no responsibility for any misuse, loss, or breach of data by these third parties.
Business Purposes: Data may be shared for any purpose deemed legitimate by The Provider, including but not limited to improving services, developing new products, auditing compliance, or conducting research.

3.2 Customer Consent to Data Sharing:

By using The Provider’s services, The Customer explicitly consents to the sharing of their data with third parties. The Provider may share data for service provision, business optimization, legal obligations, and compliance, with no additional consent required beyond this policy.

Opt-Out for Non-Essential Data Sharing: The Customer may opt out of non-essential data sharing (e.g., marketing or analytics purposes) via [opt-out link: https://nationalintel.com/opt-out]. However, The Provider retains the right to continue sharing data necessary for legal compliance, service provision, or business operations.

3.3 Legal and Compliance-Driven Data Sharing:

The Provider may share data with law enforcement, government agencies, or regulatory bodies as required by law. The Provider is not obligated to notify The Customer of any disclosures made to authorities unless explicitly required by law.

Cross-Jurisdictional Data Sharing: Data may be shared with third parties located in jurisdictions with differing data protection laws. The Customer acknowledges that data may be subject to the laws of the jurisdiction in which it is processed, and consents to such cross-border transfers.
International Data Compliance: The Provider complies with all applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant international laws. However, The Provider assumes no responsibility for compliance with foreign laws by third parties, once data is transferred.

3.4 No Liability for Data Transfers:

The Provider bears no liability for any damages, claims, or legal actions arising from the transfer or sharing of data with third parties. The Customer agrees that once data has been lawfully transferred to a third party, The Provider is released from any responsibility for the subsequent use, processing, or handling of the data by those third parties.

Third-Party Responsibility: Third parties are solely responsible for complying with applicable data protection laws, and The Provider is not liable for any breaches, misuse, or unauthorized access by third parties, including in cases of data breaches.

Section 4: Customer Responsibility for Privacy

4.1 Obligation to Safeguard Data:

The Customer acknowledges that they are solely responsible for maintaining the confidentiality and security of their login credentials, account information, and any data transmitted through our services. The Provider is not liable for any unauthorized access, misuse, or data breaches that occur due to The Customer’s failure to secure their accounts.

Best Practices: The Customer agrees to take proactive measures to protect their data, including using strong, unique passwords, enabling multi-factor authentication where available, and utilizing encryption for sensitive information.

4.2 Third-Party Access and Data Sharing:

If The Customer shares their account credentials or permits third-party access to their account, The Customer assumes full responsibility for any actions or misuse resulting from such access. The Provider is not responsible for any damages, losses, or unauthorized access that may occur as a result of third-party use.

No Liability for Third-Party Access: The Provider assumes no liability for any damages arising from third-party use or access to The Customer’s account, whether such access was authorized or unauthorized by The Customer.

4.3 Voluntary Data Disclosure:

The Customer is solely responsible for any information they voluntarily disclose through our services or any third-party platforms, including forums, social media, or other public channels. The Provider assumes no responsibility for any consequences arising from such voluntary disclosures.

Waiver of Liability: The Customer expressly waives any right to claim against The Provider for any damages, losses, or unauthorized use of data disclosed voluntarily through non-secure channels or platforms.

4.4 Responsibility to Stay Informed:

The Customer agrees to remain informed of any updates to this Privacy Policy and acknowledges that data privacy practices and laws are continually evolving. The Customer is responsible for staying up to date on changes in privacy regulations and any updates to The Provider’s data handling practices.

Customer Responsibility for Policy Review: It is The Customer’s responsibility to regularly review this Privacy Policy. The Provider assumes no liability for any consequences resulting from The Customer’s failure to stay informed.

4.5 Waiver of Claims for Data Mismanagement:

The Provider shall not be held liable for any data breaches, data loss, or unauthorized use of data arising from The Customer’s failure to adequately protect their data. The Customer expressly waives any claims or legal actions against The Provider for damages related to their own data mismanagement, including the use of unsecured networks or failure to implement proper security measures.

4.6 Disclaimer for Public Networks and Unsecured Transmission:

The Customer acknowledges the inherent risks of using public networks and transmitting data over unsecured channels. The Provider makes no warranties regarding the protection of data transmitted over public or unsecured networks, and assumes no liability for any data interception, breaches, or misuse arising from such transmissions.

Section 5: Opt-Out and Withdrawal

The Provider offers The Customer the right to opt-out of certain non-essential data processing activities, as well as withdraw consent for specific uses of their data. However, this section outlines the limits of those rights and the obligations of The Provider to comply with legal, regulatory, and operational requirements.

5.1 Opt-Out of Non-Essential Data Sharing:

The Customer may opt-out of non-essential data sharing, such as marketing, analytics, or promotional communications. To opt-out, The Customer must submit a request through the opt-out link [https://nationalintel.com/opt-out].

Processing Timeframe: The Provider will process opt-out requests within a reasonable timeframe, but The Customer acknowledges that data previously processed before the opt-out may continue to be used for legitimate purposes.
No Opt-Out for Essential Data Processing: The Customer acknowledges that certain data processing activities essential for service delivery, business operations, legal compliance, and security cannot be opted out of.

5.2 Withdrawal of Consent:

The Customer may withdraw their consent for specific types of data processing by submitting a formal request through The Provider’s support channels or email. However, The Provider may continue to process data for any purposes required by law, contract, or legitimate business interests.

Legal and Regulatory Exemptions: The Customer agrees that data may continue to be processed where it is required to comply with legal obligations, regulatory requirements, or where necessary to protect the interests of The Provider in the defense of legal claims. Withdrawal of consent will not affect The Provider’s right to retain and process data necessary for these purposes.

5.3 Effect of Opt-Out and Withdrawal:

Opting out of certain data processing activities or withdrawing consent may result in reduced functionality, degradation of services, or an inability to access certain services. The Provider assumes no liability for any loss of functionality, service limitations, or discontinuation of services resulting from The Customer’s decision to opt-out or withdraw consent.

Customer Waiver of Claims: By exercising their opt-out or withdrawal rights, The Customer expressly waives any claims against The Provider for loss of service, service interruptions, or diminished service quality. The Customer acknowledges that The Provider is not responsible for any service limitations arising from their decision.

5.4 Data Retention for Legal Purposes:

Even after a customer opts-out or withdraws consent, The Provider may retain and continue to process data for legal and compliance purposes, including but not limited to:

Compliance with legal requests, subpoenas, or court orders;
Retaining data as evidence in the defense of legal claims or for auditing purposes;
Ensuring compliance with industry regulations, contracts, and laws.

The Customer waives the right to dispute such data retention or processing where it is legally justified.

Section 6: Data Destruction Upon Legal Need

The Provider grants customers the ability to request the destruction of personal data. However, The Provider retains full discretion to retain data as necessary for legal, regulatory, and operational reasons. This section governs The Provider’s data destruction and retention policies.

6.1 Customer Requests for Data Destruction:

The Customer may submit a written request for data destruction via The Provider’s designated support channels. While The Provider will review such requests, The Customer acknowledges that data may be retained for legal, operational, or business purposes, in line with industry best practices.

Processing Time for Requests: Data destruction requests will be processed within a reasonable timeframe. However, The Provider may, at its sole discretion, retain data deemed necessary for business or legal reasons.

6.2 Legal and Regulatory Retention:

The Provider reserves the right to retain data to comply with legal obligations such as subpoenas, court orders, or regulatory mandates. This includes data necessary to comply with industry standards or audits.

Retention for Future Legal Defense: The Provider may retain data for its defense in current or future legal claims, audits, or investigations. Such data may be retained indefinitely, at The Provider’s discretion, and is exempt from customer destruction requests.

6.3 Operational and Business Necessity:

The Provider retains the right to hold data indefinitely for business continuity, risk management, and operational needs. This includes data required for internal audits, compliance with industry standards, and legitimate business interests.

Finality of Retention Decisions: The Provider’s decision to retain data for legal, operational, or business purposes is final and cannot be contested by The Customer.

6.4 No Obligation to Notify:

The Provider is under no obligation to notify The Customer when data is retained for legal, regulatory, or business reasons. The Customer expressly waives any right to be notified of such retention decisions.

6.5 Broader Waiver of Claims:

By using The Provider’s services, The Customer waives all rights to contest The Provider’s retention or destruction of data, even if The Customer requests data deletion. The Provider assumes no liability for any claims, losses, or damages resulting from its retention decisions, where such retention is necessary for legal, regulatory, or operational purposes.

6.6 Limitation of Judicial Review:

Unless expressly required by law, The Provider’s data retention decisions are not subject to judicial review. The Customer agrees that disputes over data retention will be governed by this Privacy Policy and The Provider’s internal policies.

6.7 Compliance with Changing Laws and Industry Standards:

The Provider reserves the right to retain or destroy data as necessary to comply with evolving legal requirements, regulations, or industry standards. The Provider assumes no liability for any delays, claims, or damages arising from compliance with new legal requirements or industry updates.

Section 7: Limitation of Liability for Data Loss or Breach

The Provider undertakes reasonable efforts to protect customer data from unauthorized access, breaches, or loss. However, The Customer acknowledges that no system can guarantee absolute security, and The Provider assumes no liability for any data loss, breach, or unauthorized access.

7.1 Explicit Acknowledgment of Risks:

The Customer acknowledges and assumes the inherent risks associated with data transmission and storage, particularly when using third-party services, public networks (e.g., public Wi-Fi), or external systems. The Provider disclaims any liability for breaches or losses arising from such risks.

No Responsibility for Public Networks: The Provider is not liable for any data transmitted over unsecured or public networks, including emails or file transfers, where the security of the transmission cannot be guaranteed.

7.2 Limitation of Liability:

The Provider’s liability for any data breach, unauthorized access, or loss is strictly limited. In no event shall The Provider be liable for any direct, indirect, incidental, special, punitive, or consequential damages arising from any data breach, loss, or unauthorized access.

Maximum Liability Cap: The Provider’s total liability for any data breach, unauthorized access, or loss of data shall not exceed the lesser of (i) the amount paid by The Customer for services in the 12-month period preceding the incident, or (ii) $500. The Customer expressly waives any right to claim damages beyond this amount.

7.3 Customer Responsibility for Data Security:

The Customer is solely responsible for securing their account, data, and credentials. The Provider assumes no liability for any breaches, losses, or unauthorized access resulting from The Customer’s failure to implement adequate security measures.

No Liability for Customer Failures: The Provider shall not be liable for any breach or unauthorized access that occurs due to The Customer’s failure to secure their data, use strong passwords, or enable available security features (e.g., multi-factor authentication).

7.4 Waiver of Claims and Class Action Prohibition:

By using The Provider’s services, The Customer expressly waives any right to bring claims, legal actions, or arbitration proceedings related to data breaches, loss, or unauthorized access, except in cases of gross negligence or willful misconduct by The Provider.

Class Action Waiver: The Customer further agrees to waive any right to participate in collective legal action or class arbitration related to data security issues. All claims must be pursued individually, and no collective or group claims are permitted.

7.5 Inclusion of Third-Party Service Providers:

The Provider assumes no liability for breaches, losses, or unauthorized access resulting from third-party services or systems used by The Provider (e.g., cloud providers, payment processors, or other external service providers).

7.6 Burden of Proof:

The Customer agrees that any claims of gross negligence or willful misconduct must be proven beyond a reasonable doubt. In all other cases, The Provider shall be deemed to have acted within the bounds of reasonable security practices.

Terms of Service Agreement | Privacy policy | Signing | Software IP |MSIOA

Master Services and IP Ownership Agreement (MSIOA) – 18-Section Index

Notes on Integrating Exhibits A–H

1. Introduction & Parties

2. Purpose & Scope

3. Definitions

3.1 Core Parties & Assets

3.2 Commercial & Compliance Concepts

3.3 Synonym Usage

3.4 Confidential Information Reference

3.5 Interpretation Rules & Dynamic Updates

4. Term & Renewal

5. Scope of Services / Monthly Services

5.1 Baseline Services (Included in Monthly Retainer) During each contract month in which the Monthly Retainer is paid and current, the Developer shall provide the following (“Baseline Services”) at no additional charge:

5.2 Service Provider Duties The Service Provider shall:

5.3 Additional Services (via Change Order → SOW) Tasks outside Baseline Services include, but are not limited to:

5.4 Exclusions & Disclaimers

5.5 Escalation Path & Communication Cadence

5.6 Modification of Scope** Either Party may propose modifications to Baseline Services by delivering a Change Order. No modification is effective until a mutually signed SOW (or amendment to Exhibit A) sets new fees, targets, or deliverables.

6. Payment Terms & Fee Structure

6.1 Currency & Taxes

6.2 Monthly Retainer

6.3 Additional‑Services Fees

6.4 Payment Terms & Late Fees

6.5 Fee Adjustments & CPI Escalator

6.6 Disputed Amounts

6.7 No Set‑Off; Non‑Refundable

6.8 Electronic Invoicing & Records

7. Ownership & License Grant

7.1 Intellectual‑Property Ownership

7.2 License Grant to Service Provider

7.3 Sublicensing & Sub‑Distributors

7.4 Field‑of‑Use & Territory

7.5 Derivative Works & Feedback

7.6 Trademark Usage & Brand Integrity

7.7 Audit & Assurance Rights

7.8 Survival & Enforcement

8. White‑Label, Branding & Private‑Label Provisions

8.1 Purpose & Style‑Guide Reference

8.2 Authorized Use of Developer Marks

8.3 White‑Label / Private‑Label Rights

8.4 Sub‑Branding & Third‑Party Distributors

8.5 Mergers, Acquisitions, or Change of Control

8.6 Infringement Notice & Enforcement

8.7 Dispute Escalation Path

8.8 Compensation for Branding Services

8.9 Termination of Branding Rights

8.10 Survival

9. Data Collection & Regulatory Compliance

9.1 Overview of Data Flows

9.2 Regulatory Frameworks

9.3 Roles & Responsibilities

9.4 Security Measures (Cross‑Reference)

9.5 Data Subject Rights & Deletion

9.6 Breach Notification & Incident Response

9.7 Insurance & Liability Cap

9.8 Audits & Certifications

9.9 Monthly Compliance Addendum Updates

9.10 Survival

10. Service‑Level Commitments & Maintenance

10.1 Scope & Exhibits

10.2 Baseline Service‑Level Targets

10.3 Enhanced SLA (Optional)

10.4 Measurement & Reporting

10.5 Remedies & Service Credits

10.6 Excluded Downtime

10.7 Scheduled Maintenance Windows

10.8 Force Majeure & Emergency Patching

10.9 Suspension for Security or Compliance Risk

10.10 Survival & Modification

11. Force Majeure & Contingency Plans — Extended

11.1 Definition of “Force Majeure Event” (Extended)

11.2 Relief & Emergency Communications

11.3 Redundancy, RTO / RPO Targets & BC/DR Certification

11.4 Annual Table‑Top DR Test

11.5 Optional Contingency Services & Most‑Favored Rate

11.6 Extended Force Majeure & Termination

11.7 Grace‑Period Credit for Late Fees

11.8 Security‑Driven Suspension & Data Retention

11.9 Mutual Regulatory‑Notification & Public Statements

5.1 Baseline Services (Included in Monthly Retainer)
During each contract month in which the Monthly Retainer is paid and current, the Developer shall provide the following (“Baseline Services”) at no additional charge:

5.2 Service Provider Duties
The Service Provider shall:

5.3 Additional Services (via Change Order → SOW)
Tasks outside Baseline Services include, but are not limited to:

5.6 Modification of Scope**
Either Party may propose modifications to Baseline Services by delivering a Change Order. No modification is effective until a mutually signed SOW (or amendment to Exhibit A) sets new fees, targets, or deliverables.

 17. Notices (Revised)