Terms of Service

1. Acceptance of Terms

These Terms of Service ("Terms") constitute a legally binding agreement between Software Productivity Strategists, Inc. ("Company," "we," or "us") and the enterprise entity agreeing to these Terms ("Client"). By accessing, activating, or using the MYID Self Verify platform and associated services (the "Services"), Client agrees to be bound by these Terms and any applicable Order Form and Data Processing Agreement.

If Client does not agree to these Terms, it may not use the Services. These Terms apply to all users of the Services, including Client administrators and authorized End Users. Where a separately executed Master Services Agreement (MSA) exists between the parties, that agreement governs to the extent of any conflict with these Terms.

2. Definitions

• "Services" means the MYID Self Verify SaaS platform, including MYID Manage, MYID Protect, MYID Learn, MYID Autopilot, MYID Agent, all APIs, integrations, documentation, and support services
• "Client Data" means all data, including personal data, submitted to or processed through the Services by Client or its End Users
• "End Users" means Client's employees, contractors, and other personnel authorized by Client to access the Services
• "Order Form" means any written or electronic ordering document executed by the parties specifying subscription scope, authorized users, fees, and term
• "Documentation" means the technical and operational guides provided by Company for use of the Services
• "DPA" means the Data Processing Agreement governing Company's processing of personal data on behalf of Client

3. License Grant and Access

Subject to these Terms and timely payment of applicable fees, Company grants Client a limited, non-exclusive, non-transferable, revocable right to access and use the Services during the subscription term, solely for Client's internal business operations and as described in the applicable Order Form.

Client may not:

• Sublicense, resell, or make the Services available to third parties without a separately executed partner or reseller agreement with Company
• Reverse engineer, decompile, disassemble, or attempt to derive source code from the Services
• Use the Services to develop a competing product or service
• Use the Services in any manner that violates applicable law or regulation
• Remove, obscure, or alter any proprietary rights notices on or within the Services

4. Client Responsibilities

Client is solely responsible for configuring the Services appropriately for its environment, security posture, and regulatory obligations; ensuring all End Users are authorized, trained, and informed of acceptable use; the accuracy, completeness, and legality of all Client Data submitted to the Services; maintaining the security and confidentiality of all Client administrator credentials; compliance with applicable laws governing Client's collection, use, and processing of End User data; and the configuration and maintenance of third-party identity platform integrations (including IBM ISIM/ISAM, IBM Verify, Okta, Microsoft Entra ID, Active Directory, Ping Identity, and others) within Client's environment.

5. Acceptable Use

Client and its End Users may not use the Services to access, collect, or process personal data without a valid legal basis or appropriate authorization; transmit, introduce, or facilitate malware, ransomware, spyware, or other malicious code; circumvent, disable, or interfere with any security controls, authentication mechanisms, or audit logging within the platform; process data of individuals in jurisdictions where Client lacks the legal authority to do so; violate any applicable privacy, data protection, cybersecurity, or export control law or regulation; or conduct unauthorized penetration testing or vulnerability scanning against the Services.

Company reserves the right to suspend Client access immediately and without prior notice if continued use poses a credible security risk to the Services or other Clients. In all other cases of material violation, Company will provide 15 days written notice and an opportunity to cure before suspending access.

6. Data Processing and Privacy

Client Data remains the property of Client at all times. Company processes Client Data solely as a data processor under Client's instructions and pursuant to the Data Processing Agreement (DPA), which is incorporated into these Terms by reference.

Company will process Client Data only as necessary to deliver and support the Services; maintain appropriate technical and organizational security measures as described in the Security Disclosure; notify Client of a confirmed data breach affecting Client Data within 72 hours of Company's confirmation of the breach; and delete or return all Client Data within 30 days of contract termination, per DPA terms, unless longer retention is required by applicable law.

7. Service Levels and Availability

Company commits to a platform availability target of 99.99% uptime per calendar month, consistent with Microsoft Azure infrastructure SLAs, excluding scheduled maintenance windows (communicated with at least 48 hours advance notice where practicable); events beyond Company's reasonable control (see Section 16, Force Majeure); and Client-caused outages resulting from misconfiguration or unauthorized modifications.

Client's sole remedy for availability failures, unless otherwise specified in an Order Form or SLA Addendum, is a service credit as outlined in the applicable Order Form.

8. Fees and Payment

• Fees are as specified in the applicable Order Form
• Invoices are issued at the start of each annual subscription term and are due within Net 30 days of invoice date
• Overdue amounts accrue interest at 1.5% per month or the maximum rate permitted by Maryland law, whichever is lower
• Company may suspend Services after 15 days written notice of non-payment, without waiving its right to collect outstanding amounts
• All fees are non-refundable except as expressly stated in the Order Form or required by applicable law
• Subscription terms are annual and renew automatically unless either party provides written notice of non-renewal at least 30 days before the end of the then-current term

9. Intellectual Property

Company owns and retains all right, title, and interest in the Services, including the platform, software, AI models, machine learning algorithms, automation logic, documentation, and all enhancements and derivatives thereof. Nothing in these Terms transfers ownership of any Company intellectual property to Client.

Client owns all Client Data. Client grants Company a limited, non-exclusive license to process Client Data solely as necessary to deliver the Services during the subscription term.

Any feedback, suggestions, or feature requests provided by Client regarding the Services may be used by Company without attribution, compensation, or restriction.

10. Confidentiality

Each party agrees to hold the other party's non-public business, technical, and financial information ("Confidential Information") in strict confidence; use Confidential Information only for purposes of performing its obligations under these Terms; apply at least the same degree of care it uses to protect its own confidential information (no less than reasonable care); and limit disclosure to employees and contractors who have a need to know and are bound by equivalent confidentiality obligations.

Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was rightfully known to the receiving party prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) is required to be disclosed by law, regulation, or court order, provided the receiving party gives prompt written notice to enable the disclosing party to seek protective relief. Confidentiality obligations survive termination of these Terms for a period of five (5) years.

11. Representations and Warranties

Company warrants that the Services will perform materially in accordance with the Documentation during the subscription term; Company will maintain a security program appropriate to the nature and sensitivity of the data processed; and Company has the full authority to enter into and perform these Terms.

Client warrants that Client has the full legal authority to enter into these Terms on behalf of its organization; Client has the legal right to submit and process all Client Data through the Services; and Client's use of the Services will at all times comply with applicable law.

12. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

(a) NEITHER PARTY will be liable to the other for any indirect, incidental, consequential, special, exemplary, or punitive damages, including lost profits, lost revenue, loss of data, or business interruption, even if advised of the possibility of such damages and regardless of the theory of liability.

(b) COMPANY'S TOTAL AGGREGATE LIABILITY to Client arising out of or related to these Terms, the Services, or any Order Form will not exceed the total fees paid by Client in the twelve (12) months immediately preceding the claim giving rise to liability.

These limitations apply regardless of whether the claim arises in contract, tort, negligence, strict liability, or any other legal theory. Exceptions apply to: (i) Client's payment obligations; (ii) either party's indemnification obligations under Section 13; (iii) either party's breach of confidentiality obligations under Section 10; (iv) either party's fraud, gross negligence, or willful misconduct; or (v) Company's breach of data security obligations under Section 6 that directly results in a confirmed Client data breach.

13. Indemnification

Client will indemnify, defend, and hold harmless Company and its officers, directors, employees, and agents from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) Client's use of the Services in violation of these Terms or applicable law; (b) Client Data, including any claim that Client Data infringes or misappropriates a third party's intellectual property or privacy rights; or (c) Client's failure to fulfill its obligations as a data controller.

Company will indemnify, defend, and hold harmless Client from and against third-party claims alleging that the Services, as delivered by Company and used in accordance with these Terms, infringe a third party's intellectual property rights, provided that Client: (i) promptly notifies Company in writing of the claim; (ii) grants Company sole control of the defense and settlement; and (iii) cooperates reasonably at Company's expense.

14. Term and Termination

• These Terms commence on the date Client first accesses the Services and continue for the annual subscription term set forth in the Order Form, renewing automatically as described in Section 8
• Either party may terminate these Terms for material breach upon 30 days written notice if the breach is not cured within that notice period
• Company may terminate immediately and without notice if Client: (i) engages in Prohibited Use under Section 5 that poses a security risk; (ii) becomes insolvent or makes an assignment for the benefit of creditors; or (iii) violates Company's intellectual property rights
• Upon termination: Client's access to the Services is immediately revoked; Company will delete or return all Client Data within 30 days per the DPA
• Survival: Sections 9, 10, 11, 12, 13, 15, and all accrued payment obligations survive termination

15. Governing Law and Dispute Resolution

These Terms are governed by and construed in accordance with the laws of the State of Maryland, without regard to its conflict of law principles.

Any dispute, controversy, or claim arising out of or relating to these Terms or the Services that cannot be resolved through good-faith negotiation within 30 days will be submitted to binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, with proceedings conducted in Rockville, Maryland.

Either party may seek injunctive or other equitable relief in a court of competent jurisdiction to prevent irreparable harm arising from a breach of intellectual property rights or confidentiality obligations, without waiving its right to arbitrate the underlying dispute. Each party waives any right to pursue claims on a class or representative basis.

16. General Provisions

• Entire Agreement: These Terms, together with any executed Order Form and DPA, constitute the entire agreement between the parties regarding the Services
• Amendment: Company may modify these Terms with 30 days written notice. Continued use constitutes acceptance
• Waiver: Failure by either party to enforce any provision is not a waiver of that provision
• Severability: If any provision is found unenforceable, it will be modified to the minimum extent necessary, and all remaining provisions remain in full force
• Force Majeure: Neither party is liable for delays or failures caused by circumstances beyond its reasonable control
• Assignment: Client may not assign these Terms without Company's prior written consent. Company may assign in connection with a merger or acquisition with written notice
• Notices: Legal notices to Company must be sent to legal@ext.myidselfverify.com and to the address below

Contact