Master Service Agreement

This Master Service Agreement (this “Agreement”), dated as of the Effective Date of the initial Service Schedule executed hereunder (“Effective Date”), is entered into by and between Hey Nephew Managed Tech Services, LLC, a Georgia limited liability company, having its principal place of business at 109 Latham Drive, Warner Robins, GA 31088 (“Service Provider”), and_______________________________________, a _____________________ having its principal place of business at __________________________________ (“Client”). Service Provider and Client may be referred to herein individually as a “Party” and collectively as the “Parties.”

RECITALS

WHEREAS, Service Provider possesses established expertise and offers professional services in the field of information technology managed services, encompassing, inter alia, proactive system monitoring, network administration, cybersecurity solutions, data management, end-user support, and strategic IT consultation (collectively, the “Professional Services”); WHEREAS, Client desires to engage Service Provider for the performance of certain Professional Services, the specific scope, terms, and conditions of which shall be meticulously delineated in one or more Service Schedules (as defined herein), which shall be mutually executed by duly authorized representatives of the Parties and shall expressly incorporate by reference the terms and conditions of this Agreement; and WHEREAS, the Parties intend for this Agreement to establish the comprehensive and overarching terms and conditions governing their professional relationship and all Professional Services to be rendered by Service Provider to Client pursuant hereto. NOW, THEREFORE, in consideration of the mutual promises, covenants, and agreements contained herein, and for other good and valuable consideration, the receipt and legal sufficiency of which are hereby irrevocably acknowledged and confessed, the Parties, intending to be legally bound, do hereby agree as follows:

ARTICLE 1: DEFINITIONS

1.1. “Acceptable Use Policy” or “AUP” means Service Provider’s standard acceptable use policy governing Client’s use of the Services, as may be provided to Client and as Service Provider may reasonably amend from time to time upon written notice to Client.

1.2. “Affiliate” means, with respect to any specified Person, any other Person that, directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with such specified Person. For purposes of this definition, the term “control” (including, with correlative meanings, the terms “controlled by” and “under common control with”) means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of a Person, whether through the ownership of voting securities, by contract, or otherwise.

1.3. “Agreement” has the meaning ascribed to it in the preamble of this document.

1.4. “Applicable Law” means any and all applicable local, state, federal, national, and international laws, statutes, ordinances, rules, regulations, treaties, and orders of any governmental or regulatory authority of competent jurisdiction.

1.5. “Automated Communication” means system-generated notifications (including, but not limited to, email messages, RMM Tool dashboard alerts, or Short Message Service (SMS) texts) dispatched by Service Provider’s systems to designated Client contacts regarding the detection, status, or automated
handling of an Incident or Service Request.

1.6. “Automated Remediation” means predefined diagnostic routines, corrective scripts, or automated processes executed by the RMM Tool or other Service Provider systems in an attempt to resolve an Incident or fulfill a Service Request without contemporaneous direct human intervention by Service
Provider personnel.

1.7. “Business Day” means any day other than a Saturday, a Sunday, or a Holiday.

1.8. “Change Order” means a written instrument, duly executed by authorized representatives of both Parties, that formally documents any agreed-upon modifications, additions, or deletions to an existing Service Schedule or Statement of Work, including any associated adjustments to Fees or timelines.

1.9. “Client Data” means any and all data, information, content, software, and other materials, in any form or medium (whether electronic, written, or oral), that are provided, submitted, uploaded, imported, or otherwise made accessible by or on behalf of Client or its Covered Users to Service Provider or its
systems in connection with the provision or receipt of the Services, expressly including, without limitation, any Personal Data contained therein.

1.10. “Client Systems” means Client’s information technology and telecommunications infrastructure, including, without limitation, all computers, servers, software, hardware, databases, electronic systems (including database management systems), networks, communication lines, and related equipment and
facilities, whether owned, leased, or licensed by Client, or operated by Client or for Client’s benefit by third parties, to which Service Provider is granted access for the purpose of performing the Services.

1.11. “Confidential Information” has the meaning set forth in Section 6.1 of this Agreement.

1.12. “Covered User” means an individual employee, agent, or duly authorized independent contractor of Client who is specifically designated and authorized by Client to receive access to and support under the Services as explicitly identified and quantified in an applicable Service Schedule.

1.13. “Critical Issue” means an Incident, classified as Severity Level 1 (S1) by Service Provider in its reasonable professional judgment, applying its then-current severity level definitions (which shall be made available to Client), which Incident results in: (a) a complete outage, cessation, or critical degradation of an essential Client System or a core business function, thereby preventing a significant number of Covered Users from performing mission-critical tasks; (b) an active, confirmed, and ongoing material Security Incident that poses an immediate threat to the confidentiality, integrity, or availability of Client Data or Client Systems; or (c) a high probability of imminent, material, and potentially unrecoverable data loss or corruption for which no immediate, effective workaround is available.

1.14. “Deliverables” means any reports, analyses, designs, specifications, documentation, software (in object or source code form), or other tangible or intangible work product created, developed, or provided by Service Provider specifically for Client as a direct result of and in the course of providing the
Services under an applicable Service Schedule or Statement of Work, and expressly identified as a “Deliverable” therein.

1.15. “Disclosing Party” has the meaning set forth in Section 6.1 of this Agreement.

1.16. “Documentation” means any and all user manuals, implementation guides, training materials, technical specifications, release notes, and other similar materials, in any form or medium (including electronic), provided or made available by Service Provider to Client that describe the functionality, components, features, operational procedures, or technical requirements of the Services or any Software provided as part of the Services.

1.17. “Effective Date” has the meaning ascribed to it in the preamble of this Agreement.

1.18. “Emergency Maintenance” means any urgent, unscheduled maintenance performed by Service Provider deemed reasonably necessary by Service Provider to address an immediate threat to the security, stability, or integrity of the Services, Client Systems (to the extent managed by Service Provider),
or the RMM Tool.

1.19. “Excused Downtime” means any period during which any Service is unavailable, degraded, or fails to meet a specified service level, to the extent such unavailability, degradation, or failure is directly and solely attributable to: (a) Scheduled Maintenance or Emergency Maintenance; (b) Force Majeure Events
as defined in Section 13.4; (c) acts, omissions, errors, or failures of Client, its Affiliates, its Covered Users, its other contractors or vendors (not being subcontractors of Service Provider), including, without limitation, failure to provide necessary information or cooperation, or issues with Client-provided
equipment, software, or third-party services not furnished by Service Provider; (d) Client’s failure to implement reasonable written recommendations from Service Provider, the implementation of which would have, in Service Provider’s reasonable judgment, prevented the Incident; (e) Service Provider’s
suspension or termination of Client’s right to use the Services in accordance with the express terms of this Agreement; or (f) inherent limitations, delays, and other problems in the use of the internet or public electronic communications networks.

1.20. “Fees” means any and all fees, charges, and expenses payable by Client to Service Provider in consideration for the Services, as more particularly set forth in the applicable Service Schedule(s) or Statement of Work(s).

1.21. “Force Majeure Event” has the meaning set forth in Section 13.4 of this Agreement.

1.22. “Hands-On Remediation” means direct, interactive diagnostic, troubleshooting, and corrective actions performed by Service Provider personnel, whether conducted remotely or, if expressly agreed for specific Services, on-site at Client’s premises, aimed at resolving an Incident or fulfilling a Service Request.

1.23. “Holidays” means all current U.S. Federal holidays and all official State of Georgia legal holidays. Service Provider shall provide Client with a list of observed Holidays for the then-current calendar year upon Client’s request or make such list available via its client portal or website.

1.24. “Incident” means any unplanned interruption in the normal operation of, or any material degradation of the quality or performance of, any Service or Client System supported by Service Provider under an applicable Service Schedule.

1.25. “Initial Diagnosis” means Service Provider’s preliminary analysis and assessment of an Incident, based upon information derived from the RMM Tool, details provided by Client, and Service Provider’s existing knowledge of Client Systems and environment, to ascertain its apparent nature, scope, business
impact, and potential or probable root cause(s) for the purpose of classification and initial response planning.

1.26. “Intellectual Property Rights” means any and all registered and unregistered rights granted, applied for, or otherwise now or hereafter in existence under or related to any patent, copyright, trademark, trade secret, database protection, moral rights, or other intellectual property rights laws, and
all similar or equivalent rights or forms of protection, in any part of the world, including any registrations, applications, renewals, extensions, continuations, divisions, or reissues thereof.

1.27. “Malicious Code” means any software, code, file, script, agent, or program (including, without limitation, viruses, worms, Trojan horses, ransomware, spyware, adware, keystroke loggers, and other malware) intended or designed to (or that without legitimate intent has the effect of) disrupting,
disabling, harming, destroying, or otherwise impeding in any manner the operation of, or providing unauthorized access to, or expropriating data from, a computer system, network, or other electronic device or medium.

1.28. “MSA” means this Master Service Agreement, inclusive of all Exhibits and Addenda attached hereto or subsequently incorporated by reference, as the same may be amended from time to time in accordance with its terms.

1.29. “Party” and “Parties” have the meanings ascribed to them in the preamble of this Agreement.

1.30. “Person” means an individual, corporation, partnership, joint venture, limited liability company, governmental authority, unincorporated organization, trust, association, or other entity.

1.31. “Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, to the extent such information is protected as personal data, personal information, or personally identifiable information under applicable data privacy laws.

1.32. “Personalized Human Communication” means direct, non-automated communication (including, but not limited to, telephone calls, individually composed email messages, text messages (SMS/MMS), or specific updates via Service Provider’s client portal or ticketing system) from identifiable Service Provider personnel to an authorized Client Representative regarding an Incident or Service Request.

1.33. “Professional Services” has the meaning ascribed to it in the Recitals of this Agreement.

1.34. “Project Work” means specific, discrete, and typically time-bound services requested by Client that are mutually agreed in writing by the Parties to be outside the scope of the standard, recurring Services defined in an active Service Schedule. Project Work is generally detailed in a separate Statement of Work
or Change Order, which will specify its scope, deliverables, timeline, and associated fees. Examples include, without limitation, major system migrations or upgrades, office IT relocations, custom software development or integration, extensive new hardware deployments, or complex Remediation efforts
explicitly deemed Out of Scope from recurring Services.

1.35. “Receiving Party” has the meaning set forth in Section 6.1 of this Agreement.

1.36. “Remediation” means the set of actions, processes, and procedures undertaken by Service Provider to diagnose, address, correct, and resolve an Incident, with the objective of restoring the affected Services or Client Systems to their normal operational state or an agreed-upon acceptable level
of performance.

1.37. “Response Time” for a given Incident means the elapsed time, measured during Standard Business Hours (unless explicitly stated otherwise for a specific Service or severity level in the applicable Service Schedule), commencing from (a) the detection of such Incident by Service Provider’s RMM Tool, or (b)
Client’s proper reporting of such Incident to Service Provider through a designated support channel, whichever occurs first, and concluding at the point when authorized Service Provider personnel initiate Personalized Human Communication to an authorized Client Representative confirming: (i) Service
Provider’s awareness of the Incident; (ii) that an Initial Diagnosis has been completed or is actively being performed; and (iii) that Hands-On Remediation efforts, direct oversight of Automated Remediation, or a definitive plan for such Remediation has commenced or is immediately planned, including an outline of next steps or an estimated timeframe for a more detailed status update.

1.38. “RMM Tool” means the integrated suite of Remote Monitoring and Management software, agents, platforms, and associated technologies utilized by Service Provider in its discretion to deliver, manage, monitor, and support the Services provided to Client.

1.39. “Scheduled Maintenance” means planned maintenance, upgrade, or repair activities performed by Service Provider with respect to the Services, the RMM Tool, or supporting infrastructure, for which Client has been provided with at least forty-eight (48) hours prior written notice (or such other period as
may be mutually agreed upon or specified in a Service Schedule). Service Provider shall use commercially reasonable efforts to schedule such maintenance outside of Client’s peak operational hours.

1.40. “Security Incident” means any actual, confirmed, or reasonably suspected unauthorized access, acquisition, use, disclosure, alteration, loss, or destruction of Client Data or Client Confidential Information that is in the possession or under the control of Service Provider or its subcontractors, or a
material breach of Service Provider’s security safeguards as outlined in its Information Security Program that materially and adversely impacts the security, confidentiality, or integrity of such Client Data or Client Confidential Information.

1.41. “Service Level Agreement” or “SLA” refers to the specific, measurable service level commitments (including, without limitation, Response Times, and potentially uptime or resolution targets if specified) applicable to a particular Service tier, as explicitly detailed in the relevant, executed Service Schedule.

1.42. “Service Schedule” means a written document, which may be titled “Service Schedule,” “Service Level Agreement Addendum,” or similar, substantially in the form of Exhibit A attached hereto (or as otherwise mutually agreed by the Parties in writing), duly executed by authorized representatives of both
Parties, which details the specific Services to be provided, applicable Fees, service tiers, SLAs, term, number of Covered Users, and other transaction-specific particulars for a given engagement, and which expressly incorporates this MSA by reference.

1.43. “Services” means the Professional Services, including any associated support, maintenance, monitoring, Deliverables, and access to Software or RMM Tool agents, to be provided by Service Provider to Client as more particularly described in one or more executed Service Schedules.

1.44. “Software” means any proprietary software, including RMM Tool agents and other executable code in object or source form, owned by or licensed to Service Provider, and provided or made accessible by Service Provider to Client as an integral part of the Services.

1.45. “Standard Business Hours” means the hours between 8:00 A.M. and 6:00 P.M. Eastern Time on any Business Day.

1.46. “Standard Tech Issue” means an Incident, classified as Severity Level 3 (S3) by Service Provider in its reasonable professional judgment, applying its then-current severity level definitions, which Incident typically has a minor or localized impact on Client’s business operations, often affecting a single Covered User or a non-critical function where a reasonable workaround may be available, or any routine Service Request.

1.47. “Statement of Work” or “SOW” means a formal written document, executed by authorized representatives of both Parties, that specifically describes Project Work to be performed by Service Provider, including, but not limited to, the detailed scope of work, objectives, deliverables, timelines,
resources, assumptions, dependencies, acceptance criteria, and associated fees and payment schedules.

1.48. “Term” has the meaning set forth in Section 11.1 of this Agreement.

1.49. “Urgent Issue” means an Incident, classified as Severity Level 2 (S2) by Service Provider in its reasonable professional judgment, applying its then-current severity level definitions, which Incident causes a significant disruption to a key business function or essential service for a group of Covered Users or a single critical Covered User, where important functionalities are impaired and any available workaround is difficult, inefficient, or unsustainable for more than a brief period.

ARTICLE 2: SCOPE OF SERVICES; SERVICE SCHEDULES 

2.1. Services. Service Provider shall provide to Client the Services as identified and described in one or more Service Schedules that are executed by both Parties from time to time. Each such Service Schedule shall constitute a separate agreement for Services that incorporates the terms and conditions of this
MSA. 

2.2. Service Schedules and Statements of Work. The Parties may agree to specific details of Services, including type, tier, quantity, Fees, service levels, and other particulars, by executing Service Schedules or SOWs. No Service Schedule or SOW shall be effective unless signed by an authorized representative of
each Party. Service Provider shall have no obligation to perform any Services not described in a duly executed Service Schedule or SOW. 

2.3. Changes to Services. Any changes to the scope, nature, or volume of Services described in an existing Service Schedule or SOW must be documented in a written Change Order mutually agreed upon and executed by both Parties. 

2.4. Subcontractors. Service Provider may utilize subcontractors in the performance of the Services, provided that Service Provider shall remain fully responsible for the performance of such subcontractors and for their compliance with all applicable terms and conditions of this Agreement. Service Provider
shall ensure that any subcontractor with access to Client Data or Confidential Information is bound by confidentiality and data protection obligations substantially similar to those herein. 

2.5. Client Environment. Client acknowledges that Service Provider’s ability to perform the Services is dependent upon Client maintaining a stable and reasonably up-to-date IT environment that meets or exceeds minimum system requirements as may be communicated by Service Provider from time to time.
Service Provider may recommend upgrades or changes to Client Systems if deemed necessary for optimal service delivery or security, which may be undertaken as Project Work. Service Provider shall not be responsible for service degradation or failures resulting from Client’s failure to maintain such an
environment or implement such reasonable recommendations. 

ARTICLE 3: CLIENT OBLIGATIONS AND ACKNOWLEDGEMENTS 

3.1. Cooperation and Access. Client shall provide Service Provider with: (a) timely, complete, and accurate information as reasonably requested; (b) full cooperation of Client personnel; and (c) continuous remote and, if necessary and agreed for specific Services, physical access to Client Systems,
personnel, facilities, and relevant third-party services or vendors, as reasonably required for Service Provider to perform the Services effectively and efficiently. Client represents and warrants that it has obtained all necessary rights, permissions, and consents for Service Provider to access and use such
systems, information, and facilities for the purposes contemplated herein. Delays or failures in Client cooperation may result in delays in Service Provider’s performance or inability to perform, for which Service Provider shall not be liable. 

3.2. Designated Contacts. Client shall designate in writing one or more primary technical and management contacts (“Client Representatives”) who shall be knowledgeable about Client’s business and technical environment and fully authorized to: (a) provide instructions, information, and approvals to
Service Provider on behalf of Client; (b) receive material communications, notices, and reports from Service Provider; and (c) coordinate and facilitate Service Provider’s performance of the Services. Client shall ensure Client Representatives are available as reasonably needed during Standard Business Hours
and for critical after-hours issues if applicable. 

3.3. Client Systems Maintenance and Integrity. Except as expressly set forth as Service Provider’s responsibility in an applicable Service Schedule, Client is solely responsible for the procurement, installation, configuration, licensing, security, and ongoing maintenance of all Client Systems, including
ensuring their compatibility with the Services. Client shall maintain its systems in a condition that supports the effective and secure delivery of the Services and shall not make changes to configurations managed by Service Provider without prior consultation and approval from Service Provider.

3.4. Data Backup Responsibility. UNLESS “CLOUD DATA BACKUP & RECOVERY SERVICES” OR SIMILARLY TITLED DATA BACKUP SERVICES ARE EXPLICITLY INCLUDED AND DETAILED (INCLUDING SCOPE, RETENTION, AND RECOVERY OBJECTIVES) IN AN EXECUTED SERVICE SCHEDULE, CLIENT ACKNOWLEDGES
AND AGREES THAT CLIENT IS SOLELY AND EXCLUSIVELY RESPONSIBLE FOR IMPLEMENTING, MAINTAINING, AND REGULARLY TESTING ITS OWN COMPREHENSIVE DATA BACKUP AND DISASTER RECOVERY PLANS, PROCESSES, AND SOLUTIONS FOR ALL CLIENT DATA AND CLIENT SYSTEMS. IN THE
ABSENCE OF SUCH EXPLICIT BACKUP SERVICES BEING CONTRACTED FROM AND PROVIDED BY SERVICE PROVIDER, SERVICE PROVIDER SHALL HAVE NO LIABILITY WHATSOEVER FOR ANY LOSS, CORRUPTION, OR UNAVAILABILITY OF CLIENT DATA OR FOR CLIENT’S FAILURE TO ADEQUATELY BACKUP ITS DATA OR
SYSTEMS. 

3.5. Third-Party Products and Services. If Client utilizes any third-party hardware, software, or services (“Third-Party Products”) in conjunction with or affecting the Services (e.g., internet service providers, line-of-business application vendors, cloud platform providers not managed by Service Provider), Client is
solely responsible for such Third-Party Products, including their procurement, performance, licensing, compliance with terms of use, and payment of all associated fees. Service Provider makes no warranties regarding, and shall not be responsible for, the performance, availability, security, or failures of such
Third-Party Products or their interoperability with the Services, unless Service Provider has expressly agreed in writing in a Service Schedule or SOW to manage or support such specific Third-Party Products. 

3.6. Compliance with Laws and Acceptable Use Policy. Client shall, at its own expense, use the Services in strict compliance with all Applicable Law and Service Provider’s then-current AUP. Client warrants that it will not use the Services for any illegal, fraudulent, infringing, defamatory, or unauthorized purpose, nor will it permit any Covered User or third party to do so. Client shall be responsible for any breaches of this section by its Covered Users. 

3.7. Security of Access Credentials. Client is solely responsible for establishing and maintaining the confidentiality and security of all access credentials (including, without limitation, usernames, passwords, API keys, and multi-factor authentication tokens) provided to or created by Client or its Covered Users for accessing the Services or any Client Systems. Client shall implement reasonable security practices for credential management and shall promptly notify Service Provider in writing of any suspected or actual unauthorized access, use, or disclosure of such credentials or any other security breach related to the
Services of which Client becomes aware. 

3.8. Notification of Environmental Changes. Client shall provide Service Provider with prompt written notice of any significant changes planned or implemented within Client Systems, network configuration, physical locations of supported equipment, personnel with access to critical systems, or business
operations that could reasonably be expected to materially impact the delivery, performance, or security of the Services. Failure to provide such notice may affect Service Provider’s ability to meet its SLCs or perform the Services effectively. 

ARTICLE 4: FEES, INVOICING, AND PAYMENT 

4.1. Fees. Client shall pay all Fees specified in each Service Schedule or SOW. All Fees are non-cancelable and non-refundable, except as expressly provided in this Agreement. Fees are stated exclusive of Taxes. 

4.2. Invoicing. Service Provider shall invoice Client for recurring monthly Fees in advance, on or about the first (1st) day of each month. Fees for Project Work or other non-recurring services shall be invoiced as set forth in the applicable SOW or Service Schedule (e.g., upon completion of milestones or on a time-and-materials basis). 

4.3. Payment Terms. All undisputed invoices are due and payable by Client within fifteen (15) calendar days of the invoice date (“Due Date”). Payments shall be made in U.S. dollars via electronic funds transfer (ACH) to an account designated by Service Provider, or via such other payment method as mutually agreed in writing (e.g., credit card, subject to an agreed processing fee). 

4.4. Late Payments. Any undisputed amount not received by Service Provider by the Due Date will accrue interest at the rate of one and one-half percent (1.5%) per month or the maximum rate permitted by Applicable Law in the State of Georgia, whichever is lower, from the Due Date until the date paid in
full. 

4.5. Invoice Disputes. If Client disputes any portion of an invoice in good faith, Client must notify Service Provider in writing of the disputed amount and the basis for the dispute within ten (10) Business Days of the invoice date. Client shall pay all undisputed portions of the invoice by the Due Date. The Parties shall
negotiate in good faith to resolve any disputed amounts promptly. 

4.6. Suspension of Services for Non-Payment. If Client’s account is thirty (30) or more days overdue for any undisputed Fees, Service Provider may, without limiting its other rights and remedies, suspend all or part of the Services upon ten (10) Business Days’ prior written notice to Client, until such amounts are
paid in full. Service Provider shall not be liable for any damages, losses, or service interruptions resulting from such suspension. 

4.7. Taxes. Client shall be responsible for and pay all applicable federal, state, and local sales, use, value added, excise, withholding, and other taxes, duties, and governmental assessments (excluding only taxes based on Service Provider’s net income) arising out of or in connection with this Agreement or the
Services provided hereunder. If Service Provider is required to collect and remit any such Taxes, Service Provider will invoice Client for such Taxes, and Client shall pay such Taxes to Service Provider. 

4.8. Fee Adjustments. Service Provider may adjust the recurring Fees set forth in any Service Schedule upon at least sixty (60) days’ prior written notice to Client, such adjustments not to occur more than once in any twelve (12) month period. If Client does not agree to a Fee adjustment, Client may terminate the
applicable Service Schedule by providing written notice of termination to Service Provider within thirty (30) days of receiving the notice of Fee adjustment, such termination to be effective upon the date the new Fee would have taken effect. 

ARTICLE 5: INTELLECTUAL PROPERTY RIGHTS 

5.1. Service Provider Intellectual Property. As between Service Provider and Client, Service Provider exclusively owns all right, title, and interest in and to the Service Provider IP, including the Services, RMM Tool, Software, Documentation, methodologies, know-how, trade secrets, and any improvements,
enhancements, or derivative works thereof developed by or for Service Provider. This Agreement does not grant Client any ownership interest in or rights to the Service Provider IP, except for the limited, nonexclusive, non-transferable, non-sublicensable right to access and use the Services during the Term
solely for Client’s internal business operations as contemplated by this Agreement and the applicable Service Schedule(s). 

5.2. Client Data and Materials. As between Client and Service Provider, Client exclusively owns all right, title, and interest in and to Client Data and any other materials provided by Client to Service Provider (“Client Materials”). Client hereby grants to Service Provider a limited, non-exclusive, royalty-free,
worldwide license during the Term to use, reproduce, modify, display, and distribute Client Data and Client Materials solely to the extent necessary for Service Provider to perform the Services and fulfill its obligations hereunder. Client represents and warrants that it has all necessary rights to grant Service
Provider the foregoing license. 

5.3. Deliverables. Unless otherwise expressly agreed in a SOW, any Deliverables created by Service Provider under a SOW for Project Work shall be owned by Service Provider, and Client shall be granted a non-exclusive, perpetual, irrevocable, royalty-free license to use such Deliverables for its internal
business purposes. If a SOW expressly states that ownership of specific Deliverables shall vest in Client (“Client-Owned Deliverables”), then upon full and final payment for such Project Work, Service Provider shall assign to Client all of its right, title, and interest in such Client-Owned Deliverables, and Service
Provider shall retain a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to use, reproduce, modify, and create derivative works from such Client-Owned Deliverables for its own business purposes (excluding Client Confidential Information contained therein). 

5.4. Feedback. If Client or any of its employees or contractors provides any ideas, suggestions, recommendations, or other feedback relating to the Services or Service Provider IP (“Feedback”), Service Provider is free to use and incorporate such Feedback in its products and services without any obligation or compensation to Client. Client hereby irrevocably assigns to Service Provider all right, title, and interest in and to such Feedback. 

5.5. Reservation of Rights. Each Party reserves all rights not expressly granted in this Agreement. No licenses are granted by implication, estoppel, or otherwise.

ARTICLE 6: CONFIDENTIALITY 

6.1. Definition of Confidential Information. For purposes of this Agreement, “Confidential Information” means any and all non-public information, data, materials, and know-how, in any form or medium (whether oral, written, electronic, tangible, or intangible), disclosed by or on behalf of one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) or its Representatives, whether before, on, or after the Effective Date, that is either designated as “confidential” or “proprietary” or that the Receiving Party knows or reasonably should know, given the nature of the information and the circumstances of disclosure, is confidential or proprietary to the Disclosing Party. Without limiting the generality of the foregoing, Confidential Information includes, but is not limited to: (a) with respect to Client as Disclosing Party: all Client Data (including Personal Data); information about Client’s employees, customers, suppliers, and business partners; Client’s financial data, business plans, strategies, forecasts, marketing plans, customer lists, sales data, software (source and
object code), network configurations, security vulnerabilities (whether discovered by Client or Service Provider), internal controls, and other non-public technical or business information; (b) with respect to Service Provider as Disclosing Party: the Services (including their non-public features, functionality, and performance characteristics); the RMM Tool and any Software (in source and object code); proprietary scripts, tools, methodologies, processes, and know-how; Documentation (especially non-public portions); pricing and fee structures (including those in Service Schedules and SOWs); security audit reports, vulnerability assessments, and penetration test results pertaining to Service Provider’s systems; business development strategies, client lists (in a general, nonidentifiable manner unless client consent is obtained for identifiable use), and financial performance data; and (c) the specific terms, conditions, and existence of this Agreement, all Service Schedules, SOWs, and Change Orders. 

6.2. Exclusions from Confidential Information. Notwithstanding Section 6.1, Confidential Information shall not include any particular information that the Receiving Party can clearly demonstrate by contemporaneous, competent written documentation: (a) was already lawfully known to or in the
possession of the Receiving Party or its Representatives at the time of disclosure by the Disclosing Party, free of any obligation of confidentiality with respect to such information; (b) was or becomes generally known or available to the public domain other than as a result of any direct or indirect act
or omission of the Receiving Party or its Representatives in breach of this Agreement; (c) was or is rightfully received by the Receiving Party or its Representatives from a third party who is not under any obligation of confidentiality to the Disclosing Party with respect to such information and who has
the lawful right to disclose such information; or (d) was or is independently developed by the Receiving Party or its Representatives without any use of, reference to, or reliance on any Confidential Information of the Disclosing Party. For clarity, the general skills, knowledge, and experience gained by
Service Provider’s personnel in the course of providing services to multiple clients shall not be considered Confidential Information of any single client. 

6.3. Protection of Confidential Information. The Receiving Party shall, and shall cause its Representatives to: (a) Hold all Confidential Information of the Disclosing Party in strict confidence and trust. (b) Use and access the Disclosing Party’s Confidential Information solely and exclusively for the purpose of exercising its rights or performing its obligations under this Agreement (the “Permitted Purpose”) and for no other purpose whatsoever. (c) Implement and maintain security measures to protect such Confidential Information that are at least as rigorous as the measures it uses to protect its own most sensitive confidential information, and in no event less than a commercially reasonable standard of care. (d) Not, directly or indirectly, disclose, divulge, publish, or otherwise make available any Confidential Information of the Disclosing Party to any third party, except as expressly permitted under Section 6.4 (Permitted Disclosures by Representatives) or Section 6.5 (Compelled Disclosures). (e) Promptly notify the Disclosing Party in writing of any unauthorized use, disclosure, loss, or misappropriation of its Confidential Information of which the Receiving Party becomes aware. 

6.4. Permitted Disclosures by Representatives. The Receiving Party may disclose Confidential Information of the Disclosing Party only to those of its Representatives who: (a) have a demonstrable “need to know” such Confidential Information for the Permitted Purpose; (b) have been made aware
of the confidential nature of such information and the Receiving Party’s obligations under this Article 6 prior to any such disclosure; and (c) are legally bound by written confidentiality obligations or professional duties of confidentiality (in the case of legal counsel or auditors) that are no less protective of the Disclosing Party’s Confidential Information than the terms contained herein. The Receiving Party shall be fully responsible and liable for any breach of the terms of this Article 6 by any of its Representatives as if such breach were committed by the Receiving Party itself. 

6.5. Compelled Disclosures. If the Receiving Party or any of its Representatives is required by Applicable Law, regulation, or a valid and binding order of a court or other governmental or regulatory authority of competent jurisdiction (e.g., by oral questions, interrogatories, requests for information or documents, subpoena, civil investigative demand, or similar process) to disclose any Confidential Information of the Disclosing Party, the Receiving Party shall, to the extent legally permissible and practicable: (a) provide the Disclosing Party with prompt prior written notice of such requirement (before disclosure, if possible) so that the Disclosing Party may, at its sole cost and expense, seek a protective order, confidential treatment, or other appropriate remedy to prevent or limit such disclosure; and (b) provide reasonable cooperation and assistance to the Disclosing Party, at the Disclosing Party’s sole cost and expense, in any efforts to obtain such relief. If such protective order or other remedy is not obtained, or if the Disclosing Party waives compliance with the provisions hereof, the Receiving Party or its Representative shall furnish only that portion of the Confidential Information which it is legally advised by counsel is required to be disclosed and shall exercise all reasonable efforts to obtain reliable written assurance that confidential treatment will be accorded
to the Confidential Information so disclosed. 

6.6. Return or Destruction of Confidential Information. Upon the written request of the Disclosing Party at any time, or upon the expiration or earlier termination of this Agreement for any reason, the Receiving Party shall, and shall cause its Representatives to, at the Disclosing Party’s election and in
accordance with its written instructions: (a) Promptly return to the Disclosing Party all originals and copies (in any form or medium) of all documents and tangible materials containing, reflecting, incorporating, or based on the Disclosing Party’s Confidential Information that are in the Receiving Party’s or its Representatives’ possession, custody, or control; or (b) Permanently erase, delete, or otherwise destroy all Confidential Information of the Disclosing Party in electronic form from all computer systems, networks, servers, databases, and other storage media owned or controlled by the Receiving Party or its Representatives (including, without limitation, from any off-site or cloud-based storage, archives, and backups), in a manner that renders it unrecoverable; and (c) Upon completion of such return or destruction, provide to the Disclosing Party, within thirty (30) days thereafter, a written certification signed by a duly authorized officer of the Receiving Party confirming that all such Confidential Information has been returned or destroyed, as applicable, in compliance with this

Section 6.6. (d) Retention Exceptions: Notwithstanding the foregoing, the Receiving Party: (i) may retain one (1) archival copy of the Disclosing Party’s Confidential Information solely for the purpose of demonstrating compliance with its obligations under this Agreement or as required by Applicable Law, provided that such copy is maintained in a secure location, subject to the confidentiality obligations herein for as long as it is retained, and not used for any other purpose; and (ii) shall not be required to erase or destroy Confidential Information that is stored on its automated backup or archival systems in the ordinary course of its business continuity procedures, provided that such information remains subject to the confidentiality obligations herein, is not accessed or used for any other purpose, and is eventually overwritten or destroyed in accordance with the Receiving Party’s standard data retention and destruction policies. 

6.7. Equitable Relief for Breach. Each Party acknowledges and agrees that any breach or threatened breach by the Receiving Party or its Representatives of any of its obligations under this Article 6 may cause immediate and irreparable harm and significant injury to the Disclosing Party for which monetary damages alone would not be an adequate remedy. Accordingly, each Party agrees that, in the event of such actual or threatened breach, the Disclosing Party shall be entitled, in addition to any other rights and remedies available to it at law or in equity (including monetary damages), to seek and obtain immediate equitable relief, including, but not limited to, a temporary restraining order, preliminary injunction, and permanent injunction, from any court of competent jurisdiction, to prevent or restrain any such breach or threatened breach, without the necessity of proving actual damages or posting any bond or other security. 

6.8. Duration of Confidentiality Obligations. The obligations of confidentiality and non-use set forth in this Article 6 shall survive the expiration or termination of this Agreement for a period of five (5) years thereafter; provided, however, that with respect to any Confidential Information that constitutes a “trade secret” under Applicable Law, such obligations shall continue for as long as such information continues to qualify as a trade secret. 

ARTICLE 7: DATA SECURITY AND PRIVACY 

7.1. Service Provider Security Program. Service Provider shall establish, implement, and maintain a written information security program (“Information Security Program”) comprised of commercially reasonable administrative, technical, and physical safeguards designed to: (a) protect the security,
confidentiality, integrity, and availability of Client Data and Client Confidential Information accessed, processed, stored, or transmitted by Service Provider in connection with the Services; (b) protect against any reasonably anticipated threats or hazards to the security or integrity of such information; and (c) protect against any actual or suspected Security Incident. Service Provider’s Information Security Program will be aligned with relevant industry standards (e.g., NIST Cybersecurity Framework
concepts or similar). 

7.2. Security Controls. Such safeguards shall include, without limitation: (a) access controls on information systems; (b) network security measures (e.g., firewalls, intrusion detection/prevention systems for Service Provider’s infrastructure); (c) malware protection; (d) data encryption for Client Data in transit over public networks and at rest where technologically feasible and appropriate for the sensitivity of the data; (e) personnel security and training; (f) physical security of Service Provider facilities where Client Data may be processed or stored; and (g) incident response procedures. 

7.3. Security Incident Notification. In the event Service Provider becomes aware of a confirmed Security Incident that Service Provider reasonably believes affects Client Data or Client Confidential Information, Service Provider shall promptly notify Client in writing (typically within seventy-two (72) hours of confirmation, or sooner if required by Applicable Law), providing details of the Security Incident, the data potentially affected, and the corrective actions taken or planned by Service Provider. Service Provider shall cooperate reasonably with Client in investigating and mitigating the effects of such Security Incident. Client acknowledges that Service Provider’s notification and cooperation obligations are contingent upon Client providing accurate and current contact information.

7.4. Client Security Responsibilities. Notwithstanding Service Provider’s obligations, Client is solely responsible for: (a) implementing and maintaining appropriate security measures on its own Client Systems and for its own data (other than that directly managed by Service Provider as part of a Service); (b) ensuring the security and confidentiality of its access credentials to the Services; (c) making appropriate use of the security features of the Services; and (d) promptly informing Service Provider of any suspected security vulnerabilities or incidents related to the Services or Client Systems.

7.5. Data Processing Addendum (DPA). If the Services involve the processing of Personal Data subject to specific data protection regulations (e.g., GDPR, HIPAA if applicable, CCPA), the Parties shall execute Service Provider’s standard DPA, which shall be incorporated by reference into this Agreement. Client warrants that it has all necessary rights and consents to provide Personal Data to Service Provider for processing in accordance with this Agreement and any applicable DPA.

7.6. RMM Tool Security. Service Provider will use commercially reasonable efforts to ensure the RMM Tool and its agents are deployed and configured securely within Client’s environment. Client will not attempt to tamper with, reverse engineer, or disable any RMM Tool agents or security configurations
deployed by Service Provider without prior written consent.

ARTICLE 8: WARRANTIES; DISCLAIMERS

8.1. Mutual Warranties. Each Party represents and warrants that: (a) it is duly organized, validly existing, and in good standing under the laws of its jurisdiction of incorporation or formation; (b) it has the full right, power, and authority to enter into this Agreement and to perform its obligations
hereunder; (c) the execution of this Agreement by its representative whose signature is set forth at the end hereof has been duly authorized by all necessary corporate or company action of such Party; and (d) when executed and delivered by such Party, this Agreement will constitute the legal, valid, and
binding obligation of such Party, enforceable against such Party in accordance with its terms.

8.2. Service Provider Performance Warranty. Service Provider warrants that the Services will be performed in a professional and workmanlike manner, in accordance with generally accepted industry standards and practices applicable to the provision of similar services. Service Provider further warrants that it will comply with all Applicable Law in its performance of the Services.

8.3. Client Data Warranty. Client represents and warrants that: (a) it owns or otherwise has and will have the necessary rights and consents in and relating to the Client Data so that, as received by Service Provider and processed in accordance with this Agreement, they do not and will not infringe, misappropriate, or otherwise violate any Intellectual Property Rights, privacy rights, or any Applicable Law; and (b) it will not submit any Client Data that is unlawful, defamatory, or obscene.

8.4. Remedy for Breach of Performance Warranty. In the event of a breach of the warranty set forth in Section 8.2, Client’s sole and exclusive remedy, and Service Provider’s entire liability, shall be, at Service Provider’s option and expense: (a) the re-performance of the deficient Services; or (b) if reperformance is not commercially practicable or fails to cure the deficiency, a pro-rata refund of any Fees prepaid by Client to Service Provider for the specific deficient Services for the period of deficiency. Client must provide written notice of any warranty claim within thirty (30) days of the
occurrence of the event giving rise to the claim.

8.5. DISCLAIMER OF WARRANTIES. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN SECTIONS

8.1, 8.2, AND 8.3, ALL SERVICES AND DELIVERABLES ARE PROVIDED “AS IS” AND “WITH ALL FAULTS.” SERVICE PROVIDER HEREBY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE, OR TRADE PRACTICE. SERVICE PROVIDER DOES NOT WARRANT THAT THE SERVICES OR DELIVERABLES WILL BE UNINTERRUPTED, ERROR-FREE, COMPLETELY SECURE, OR THAT ALL DEFECTS WILL BE CORRECTED. CLIENT ACKNOWLEDGES THAT THE SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS, AND SERVICE PROVIDER IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS NOT DIRECTLY AND SOLELY CAUSED BY SERVICE PROVIDER.

ARTICLE 9: LIMITATION OF LIABILITY 

9.1. EXCLUSION OF CERTAIN DAMAGES. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY OR ITS AFFILIATES, OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SUPPLIERS, BE LIABLE TO THE OTHER PARTY OR ANY THIRD PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF BUSINESS OPPORTUNITY, LOSS OF DATA OR CORRUPTION OF DATA, BUSINESS INTERRUPTION, COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR LOSS OF GOODWILL, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SERVICES RENDERED HEREUNDER, REGARDLESS OF THE THEORY OF LIABILITY (WHETHER CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, WARRANTY, OR OTHERWISE), EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND EVEN IF A REMEDY SET FORTH HEREIN
IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. 

9.2. MAXIMUM AGGREGATE LIABILITY. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE TOTAL CUMULATIVE LIABILITY OF SERVICE PROVIDER AND ITS AFFILIATES, AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, AND SUPPLIERS, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SERVICES RENDERED HEREUNDER, FOR ALL CLAIMS OF ANY KIND (WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, WARRANTY, OR OTHERWISE) EXCEED THE LESSER OF: (A) THE TOTAL AGGREGATE FEES ACTUALLY PAID BY CLIENT TO SERVICE PROVIDER FOR THE SPECIFIC SERVICE(S) GIVING RISE TO THE CLAIM DURING THE SIX (6) CALENDAR MONTHS IMMEDIATELY PRECEDING THE DATE OF THE FIRST EVENT GIVING RISE TO SUCH LIABILITY; OR (B) TEN THOUSAND U.S. DOLLARS ($10,000.00). THE EXISTENCE OF MORE THAN ONE CLAIM SHALL NOT ENLARGE THIS LIMIT. 

9.3. BASIS OF THE BARGAIN. THE PARTIES ACKNOWLEDGE AND AGREE THAT THE LIMITATIONS OF LIABILITY, DISCLAIMERS OF WARRANTIES, AND EXCLUSIONS OF DAMAGES SET FORTH IN THIS AGREEMENT ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES, THAT SERVICE PROVIDER HAS SET ITS FEES AND ENTERED INTO THIS AGREEMENT IN RELIANCE UPON SUCH LIMITATIONS AND DISCLAIMERS, AND THAT SUCH PROVISIONS SHALL SURVIVE AND APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. 

9.4. Exceptions to Limitations. The limitations of liability set forth in this Article 9 shall not apply to: (a) a Party’s indemnification obligations under Article 10; (b) liability arising from a Party’s breach of its confidentiality obligations under Article 6 (excluding liability related to Client Data, which remains subject to the monetary caps in Section 9.2); (c) Client’s obligation to pay undisputed Fees due under this Agreement; or (d) liability for a Party’s gross negligence, willful misconduct, or fraud. 

ARTICLE 10: INDEMNIFICATION 

10.1. Indemnification by Service Provider. Service Provider shall defend, indemnify, and hold harmless Client and its Affiliates, and their respective officers, directors, employees, and agents (collectively, “Client Indemnitees”), from and against any and all third-party claims, actions, suits, proceedings, demands, damages, liabilities, losses, costs, and expenses (including reasonable attorneys’ fees and court costs) (collectively, “Losses”) to the extent arising out of or relating to any allegation by a third party that the Services, as delivered by Service Provider and used by Client in accordance with the terms of this Agreement and the Documentation, infringe or misappropriate any valid U.S. patent, copyright, or trade secret of such third party. 

10.1.1. Exclusions from Service Provider Indemnity. Service Provider shall have no obligation under this Section 10.1 or otherwise with respect to any infringement or misappropriation claim to the extent it arises from: (a) Client’s use of the Services in combination with any data, software, hardware,
equipment, or technology not provided by Service Provider or authorized by Service Provider in writing; (b) any modification of the Services by any Person other than Service Provider or its authorized subcontractors; (c) Client Data or Client Materials; (d) Client’s continuance of allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement; or (e) Client’s use of the Services in a manner not strictly in accordance with this Agreement or the Documentation. 

10.1.2. Infringement Remedies. If the Services become, or in Service Provider’s opinion are likely to become, the subject of an infringement claim, Service Provider may, at its sole option and expense: (a) procure for Client the right to continue using the allegedly infringing Services; (b) replace or modify
the allegedly infringing Services so that they become non-infringing while providing substantially equivalent functionality; or (c) if options (a) and (b) are not commercially reasonable in Service Provider’s judgment, terminate the applicable Service Schedule and refund to Client any prepaid,
unused Fees for such terminated Services. THIS SECTION 10.1.2 STATES SERVICE PROVIDER’S ENTIRE LIABILITY AND CLIENT’S SOLE AND EXCLUSIVE REMEDY FOR INTELLECTUAL PROPERTY INFRINGEMENT CLAIMS. 

10.2. Indemnification by Client. Client shall defend, indemnify, and hold harmless Service Provider and its Affiliates, and their respective officers, directors, employees, and agents (collectively, “Service Provider Indemnitees”), from and against any and all Losses to the extent arising out of or relating to: (a) Client Data or Client Materials, including any claim that Client Data or Client Materials, or Service Provider’s use thereof in accordance with this Agreement, infringes, misappropriates, or violates any third party’s Intellectual Property Rights or privacy rights, or any Applicable Law; (b) Client’s or its Covered Users’ use of the Services in breach of this Agreement, the AUP, or any Applicable Law; (c) Client’s gross negligence, willful misconduct, or fraud; or (d) any third-party products, services, or systems procured by Client and used in connection with the Services, unless their integration was performed and warranted by Service Provider. 

10.3. Indemnification Procedure. The indemnified Party shall promptly notify the indemnifying Party in writing of any Claim for which indemnification is sought, provided that failure to provide prompt notice shall not relieve the indemnifying Party of its obligations except to the extent it is materially prejudiced thereby. The indemnifying Party shall have sole control of the defense and settlement of such Claim, provided that the indemnifying Party shall not settle any Claim in a manner that admits liability or imposes any obligation on the indemnified Party (other than the payment of money which is fully covered by the indemnification) without the indemnified Party’s prior written consent, which shall not be unreasonably withheld, conditioned, or delayed. The indemnified Party shall cooperate fully with the indemnifying Party in the defense of such Claim, at the indemnifying Party’s reasonable expense. The indemnified Party shall have the right to participate in the defense of any Claim with counsel of its own choosing at its own expense. 

ARTICLE 11: TERM AND TERMINATION 

11.1. Term of Agreement. The term of this MSA shall commence on the Effective Date and shall continue in full force and effect until all Service Schedules and SOWs executed hereunder have expired or been terminated in accordance with their respective terms or the terms of this Agreement
(the “Term”). 

11.2. Term of Service Schedules. Each Service Schedule or SOW shall have its own specific initial term as set forth therein (“Initial Service Term”). Unless otherwise specified in a Service Schedule, recurring month-to-month Service Schedules shall automatically renew for successive one-month periods unless either Party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term. 

11.3. Termination for Convenience. Client may terminate any month-to-month Service Schedule, or this MSA if no Service Schedules are then in effect, for its convenience upon providing Service Provider with at least thirty (30) days’ prior written notice. Service Provider may terminate any month-to-month Service Schedule for its convenience upon providing Client with at least sixty (60) days’ prior written notice. Termination fees may apply if a fixed-term Service Schedule is terminated early for convenience, as specified in such Service Schedule.

11.4. Termination for Material Breach. Either Party may terminate this MSA and/or any outstanding Service Schedule(s) or SOW(s) for cause if the other Party commits a material breach of this Agreement or the applicable Service Schedule/SOW and fails to cure such breach within thirty (30) calendar days after receipt of written notice detailing the breach from the non-breaching Party. If the material breach is of a nature that it cannot reasonably be cured within thirty (30) days, the breaching Party shall not be in default if it commences cure within said thirty (30) day period and diligently prosecutes such cure to completion within a reasonable time thereafter.

11.5. Termination for Insolvency. Either Party may terminate this MSA and all outstanding Service Schedules and SOWs immediately upon written notice if the other Party: (a) becomes insolvent or is generally unable to pay its debts as they become due; (b) files or has filed against it a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (c) makes or seeks to make a general assignment for the benefit of its creditors; or (d) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business. 

11.6. Effect of Termination or Expiration. Upon any termination or expiration of this MSA or a Service Schedule: (a) Cessation of Services: Service Provider shall cease providing the terminated Services. (b) Payment Obligations: Client shall immediately pay to Service Provider all undisputed Fees accrued and payable for Services rendered up to and including the effective date of termination or expiration. For fixed-term Service Schedules terminated by Service Provider for Client’s breach, or by Client for convenience (if permitted), all remaining Fees due for the remainder of the then-current Initial Service Term or renewal term may become immediately due and payable, as specified in the Service Schedule. (c) Return of Property: Each Party shall promptly return (or, at the Disclosing Party’s option, destroy and certify such destruction) all Confidential Information and other property of the Disclosing Party then in its possession or control, subject to Section 6.6(d). (d) Transition Assistance: If requested by Client in writing at least thirty (30) days prior to termination or expiration, and provided Client is not in breach of its payment obligations, Service Provider may provide reasonable transition assistance services to Client to facilitate the orderly transfer of Services to Client or another provider, subject to mutual agreement on the scope, duration, and fees for such
assistance (typically at Service Provider’s then-current Project Work rates). Service Provider shall have no obligation to provide transition assistance if this Agreement or the applicable Service Schedule was terminated by Service Provider for Client’s material breach.

11.7. Survival. The rights and obligations of the Parties set forth in this Section 11.7 and any other section or provision of this Agreement which, by its nature or context, should survive termination or expiration of this Agreement (including, without limitation, Articles/Sections related to Definitions (to the extent necessary for interpretation of surviving provisions), Fees for services rendered prior to termination/expiration, Intellectual Property, Confidentiality, Disclaimers of Warranties, Limitation of Liability, Indemnification (for pre-termination/expiration claims), Effect of Termination, Governing Law, Dispute Resolution, and General Provisions) shall survive any such termination or expiration of this Agreement.

ARTICLE 12: GENERAL PROVISIONS

12.1. Entire Agreement; Amendment. This Agreement, together with all duly executed Service Schedules, SOWs, and any Exhibits or Addenda attached hereto or thereto (all of which are incorporated herein by reference), constitutes the sole and entire agreement of the Parties with respect to the subject matter contained herein and therein, and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter. This Agreement may only be amended, modified, or supplemented by a written agreement signed by an authorized representative of each Party. No terms or conditions set forth in any Client-issued purchase order or other ancillary documentation shall be
binding upon Service Provider or modify this Agreement or any Service Schedule/SOW, even if Service Provider acknowledges or processes such document, and any such terms are hereby expressly rejected.

12.2. Governing Law; Jurisdiction; Venue; Waiver of Jury Trial. (a) Governing Law: This Agreement and all matters arising out of or relating to this Agreement, including its interpretation, construction, performance, and enforcement, and any disputes, claims or causes of action (whether in contract, tort, or statute) based upon, arising out of, or relating to this Agreement or the transactions contemplated hereby, shall be governed by and construed in accordance with the internal laws of the State of Georgia, without giving effect to any choice or conflict of law provision or rule (whether of the State of Georgia or any other jurisdiction) that would cause the application of laws of any jurisdiction other than those of the State of Georgia. (b) Jurisdiction and Venue: Each Party
irrevocably and unconditionally submits to the exclusive jurisdiction of and venue in the state courts located in Houston County, Georgia, and the federal courts located in the United States District Court for the Middle District of Georgia, for any legal suit, action, or proceeding arising out of or related to this Agreement or the Services provided hereunder. Each Party waives any and all objections to the exercise of jurisdiction over it by such courts and to venue in such courts. (c) WAIVER OF JURY TRIAL: EACH PARTY HEREBY IRREVOCABLY AND UNCONDITIONALLY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL ACTION, PROCEEDING, CAUSE OF ACTION, OR COUNTERCLAIM ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING ANY EXHIBITS, SCHEDULES, OR APPENDICES ATTACHED TO THIS AGREEMENT, OR THE TRANSACTIONS CONTEMPLATED HEREBY. EACH PARTY CERTIFIES AND ACKNOWLEDGES THAT (I) NO REPRESENTATIVE, AGENT, OR ATTORNEY OF ANY OTHER PARTY HAS
REPRESENTED, EXPRESSLY OR OTHERWISE, THAT SUCH OTHER PARTY WOULD NOT, IN THE EVENT OF LITIGATION, SEEK TO ENFORCE THE FOREGOING WAIVER, (II) IT UNDERSTANDS AND HAS CONSIDERED THE IMPLICATIONS OF THIS WAIVER, (III) IT MAKES THIS WAIVER VOLUNTARILY, AND (IV) IT HAS BEEN INDUCED TO ENTER INTO THIS AGREEMENT BY, AMONG OTHER THINGS, THE MUTUAL WAIVERS AND CERTIFICATIONS IN THIS SECTION. 

12.3. Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a “Notice”) must be in writing and addressed to the Parties at the addresses set forth on the first page of this Agreement (or to such other address that may be designated by the receiving Party from time to time in accordance with this section). All Notices must be delivered by personal delivery, nationally recognized overnight courier (with all fees pre-paid and proof of delivery obtained), or by certified or registered mail (in each case, return receipt requested, postage pre-paid). A Notice is effective only (a) upon receipt by the receiving Party (or refusal of delivery), and (b) if the Party giving the Notice has complied with the requirements of this Section. For operational communications related to service delivery, email to designated Client Representatives and Service Provider contacts shall be acceptable, but any Notice concerning breach, termination, indemnification, or other material legal matters must be provided as per the formal methods above. 

12.4. Force Majeure. Neither Party shall be liable or responsible to the other Party, nor be deemed to have defaulted under or breached this Agreement, for any failure or delay in fulfilling or performing any term of this Agreement (except for any obligations to make payments to the other Party hereunder), when and to the extent such failure or delay is caused by or results from acts, events, or circumstances beyond the affected Party’s reasonable control (“Force Majeure Event”), including, without limitation: (a) acts of God (such as flood, fire, earthquake, lightning, hurricane, tornado, or explosion); (b) pandemic, epidemic, or widespread public health crisis (including quarantine or other employee restrictions); (c) war, invasion, hostilities (whether war is declared or not), terrorist threats or acts, riot, insurrection, or other civil unrest or disturbance; (d) requirements of law, actions, orders, or embargoes of any governmental authority; (e) strikes, labor stoppages or slowdowns, or other industrial disturbances (provided such disturbances are not limited to the Party′s own workforce and are widespread); (f) telecommunication breakdowns, utility failures, power outages or shortages, or widespread Internet, cloud service provider, or critical infrastructure disruptions not caused by the obligated Party and outside its reasonable control; and (g) other similar events or circumstances beyond the reasonable control of the Party claiming the Force Majeure Event. The Party suffering a Force Majeure Event shall give prompt written notice to the other Party, stating the nature of the event, the period of time the occurrence is expected to continue, and shall use diligent efforts to end the failure or delay and minimize its effects. The excused Party′s performance shall be extended for a period equal to the time lost by reason of the Force Majeure Event. If the Force Majeure Event continues for a period exceeding sixty (60) consecutive days, either Party may terminate this Agreement or the affected Service Schedule(s) upon written notice to the other Party.

12.5. Relationship of the Parties. The relationship between the Parties is solely that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture, employment, or other form of joint enterprise, employment, or fiduciary relationship between the Parties, and neither Party shall have authority to contract for or bind the other Party in any manner whatsoever, nor shall either Party be responsible for the acts or omissions of the other Party or its employees or agents.

12.6. No Third-Party Beneficiaries. This Agreement is entered into for the sole benefit of the Parties hereto and their respective permitted successors and assigns, and nothing herein, express or implied, is intended to or shall confer upon any other Person any legal or equitable right, benefit, or remedy of
any nature whatsoever under or by reason of this Agreement.

12.7. Assignment. Neither Party may assign, transfer, pledge, or otherwise encumber any of its rights or delegate any of its obligations under this Agreement, in whole or in part, whether voluntarily, involuntarily, by operation of law, or otherwise (including by change of control), without the prior
express written consent of the other Party, which consent shall not be unreasonably withheld, conditioned, or delayed. Notwithstanding the foregoing, Service Provider may assign this Agreement in its entirety (including all Service Schedules and SOWs), without Client′s consent, to an Affiliate or in connection with a merger, consolidation, corporate reorganization, or sale of all or substantially all of its assets or equity, provided that the assignee agrees in writing to be bound by all terms and conditions of this Agreement and such assignment does not materially adversely affect Client’s rights or Service Provider’s ability to perform its obligations hereunder. Any purported assignment or delegation in violation of this Section shall be null and void ab initio. This Agreement is binding upon and inure to the benefit of the Parties hereto and their respective permitted successors and assigns.

12.8. Severability. If any term or provision of this Agreement, or the application thereof to any Person or circumstance, is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability shall not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties hereto shall negotiate in good faith to modify this Agreement so as to effect the original intent of the Parties as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.

12.9. Waiver. No waiver by either Party of any of the provisions hereof shall be effective unless explicitly set forth in writing and signed by an authorized representative of the Party so waiving. No failure to exercise, or delay in exercising, any right, remedy, power, or privilege arising from this Agreement by either Party shall operate or be construed as a waiver thereof; nor shall any single or partial exercise of any right, remedy, power, or privilege hereunder preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege. The rights and remedies provided herein are cumulative and not exclusive of any rights or remedies provided by law.

12.10. Interpretation. For purposes of this Agreement: (a) the words “include,” “includes,” and “including” are deemed to be followed by the words “without limitation”; (b) the word “or” is not exclusive and shall be understood to mean “and/or”; (c) the words “herein,” “hereof,” “hereby,” “hereto,” and “hereunder” refer to this Agreement as a whole, including all Exhibits and Schedules; (d) headings and captions are for convenience of reference only and do not affect the interpretation or construction of this Agreement; (e) unless the context otherwise requires, references to sections or articles refer to sections or articles of this Agreement; (f) the singular includes the plural, and the plural includes the singular, and references to gender include all genders; (g) references to “$” or
“dollars” shall mean United States dollars; and (h) any reference to a statute means such statute as amended from time to time and includes any successor legislation thereto and any regulations promulgated thereunder. This Agreement shall be construed without regard to any presumption or rule requiring construction or interpretation against the Party drafting an instrument or causing any instrument to be drafted.

12.11. Counterparts; Electronic Signatures. This Agreement and any Service Schedules, SOWs, or Change Orders hereunder may be executed in one or more counterparts, each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Delivery of an executed counterpart of a signature page to this Agreement or any such ancillary document by electronic mail (e.g., in .pdf or .jpeg format) or by any other widely accepted electronic means or platform complying with the U.S. Electronic Signatures in Global and National Commerce Act (E-SIGN Act), 15 U.S.C. § 7001 et seq., or similar applicable state law (such as the Uniform Electronic Transactions Act as adopted in Georgia), shall be as effective for all purposes as delivery of a manually executed counterpart. Each Party agrees that electronic signatures of the Parties included in this Agreement are intended to authenticate this writing and to have the same force and effect as manual signatures.

EXHIBIT A: SERVICE SCHEDULE NO. 001 TO MASTER SERVICE AGREEMENT

This Service Schedule No. 001 (“Service Schedule”), effective as of ___/___/___ (“Schedule Effective Date”), is made by and between Hey Nephew Managed Tech Services, LLC (“Service Provider”) and _____________________________________ (“Client”), and is governed by and incorporates by reference the terms and conditions of that certain Master Service Agreement (the “MSA”) entered into between Service Provider and Client, dated as of the Effective Date of the initial Service Schedule executed thereunder. Capitalized terms used herein without definition shall have the meanings ascribed to them in the MSA. In the event of a direct conflict between the terms of this Service Schedule and the MSA, the terms of this Service Schedule shall prevail solely with respect to the Services provided hereunder.

1. SERVICE TIER AND DESCRIPTION:

1.1. Service Tier: IT Guy Managed Services

1.2. Covered Users: This Service Schedule covers [Specify Number, e.g., Five (5)] Covered Users. Additions or subtractions of covered users require the execution of a new Service Schedule.

1.3. General Service Philosophy: The IT Guy Managed Services tier is designed for solo entrepreneurs and small teams, providing a rock-solid security foundation and reliable day-to-day IT support to ensure core technology functions effectively, securely, and with minimal disruption to Client’s business operations.

1.4. Specific Services Included: 

Service Provider shall provide the following Services to Client under this IT Guy Managed Services Tier:

Endpoint Management & Security: Deployment, configuration, ongoing management, and monitoring of Service Provider’s standard, industry-recognized Advanced Endpoint Detection and Response (EDR) software on all primary workstations (defined as one (1) desktop or laptop computer per Covered User, meeting Service Provider’s then-current minimum system requirements). Service includes regular EDR policy review, threat hunting based on EDR telemetry where appropriate, and EDR software updates. Centralized management, monitoring, and automated updating of antivirus and anti-malware definitions and scanning engines for the EDR software on said workstations. Proactive operating system (Microsoft Windows or Apple macOS, current commercially supported versions) and designated common third-party application patch management for said workstations. This includes assessment of applicable patches, risk evaluation, scheduling (in coordination with Client where disruptive patches are involved), deployment via the RMM Tool, and verification of
critical and security-related patches. Emergency/zero-day patches will be deployed on an expedited, commercially reasonable basis. Comprehensive workstation health monitoring via the RMM Tool, including, without limitation, disk space utilization, CPU and memory performance thresholds, critical
operating system service status, hard drive S.M.A.R.T. status, and hardware error reporting. Automated alerts will be generated for conditions exceeding predefined thresholds, and Service Provider will investigate such alerts.

Helpdesk Support Services: Remote technical support, accessible via telephone, dedicated support email address, and Service Provider’s client web portal, for Covered Users concerning their primary managed workstations, primary business mobile device (tablet and/or cellular phone) supported operating systems (current and prior major versions of Windows/macOS), standard business productivity applications (e.g., current versions of Microsoft Office Suite, common web browsers as defined by Service Provider), and local network connectivity Incidents. Support is available during Standard Business Hours. All support requests will be logged and tracked in Service Provider’s ticketing system. Troubleshooting and Remediation of hardware Incidents (e.g., system non-boot, peripheral malfunction, component failure) and software Incidents (e.g., application errors, operating system instability, performance degradation) on Covered Users’ primary managed workstations. Hardware repair or replacement parts are not included within the MRF but diagnosis, recommendation, and coordination with Client-approved third-party warranty providers or repair services (if Client provides active warranty details and authorizes such coordination) are included. Assistance with user account issues, including password resets (subject to identity verification protocols) and account lockouts, for systems directly managed by Service Provider under this Service Schedule (e.g., local workstation accounts).

Basic Network Support (for Endpoints): Troubleshooting of basic network connectivity Incidents originating from or directly affecting Covered Users’ primary managed workstations, limited to connectivity to the local area network (LAN) and internet (e.g., Wi-Fi connectivity issues, inability to obtain a valid IP address, DNS resolution problems from the workstation perspective). This service does not include the management, configuration, or in-depth troubleshooting of Client’s core network infrastructure (e.g., routers, switches, wireless access points, firewalls, internet service provider circuits) unless such devices are explicitly covered under a separate, higher-tier Service Schedule or SOW. Provision of general guidance and best practice recommendations for end-user
network security and connectivity.

Security Response & Triage (for Endpoints): Initial investigation, analysis, and triage of security alerts generated by the EDR software or other RMM Tool security modules related to Covered Users’ primary managed workstations. Guidance to Client on immediate recommended containment actions for identified or reasonably suspected endpoint security threats (e.g., isolating the affected workstation from the network). Coordination with Client for further Remediation steps if a Security Incident is confirmed and requires actions beyond standard endpoint isolation, threat neutralization, and cleaning by EDR tools (e.g., if a broader network compromise is indicated or extensive data recovery from backups is necessary, such extended actions may constitute Project Work).

Reporting: Provision of a standardized monthly summary report, delivered electronically to the designated Client Representative(s), detailing key metrics such as overall endpoint health status, patch compliance summary, a high-level overview of security alerts detected and addressed, and a summary of support tickets generated and resolved for Covered Users during the preceding month (if requested by Client and data is available through standard RMM reporting).

2. SERVICE LEVEL COMMITMENTS (SLCs):

2.1. Incident Severity Classification: Incidents will be classified by Service Provider, in consultation with Client where appropriate and feasible, as a Critical Issue, Urgent Issue, or Standard Tech Issue, based on the definitions set forth in Article 1 of the MSA. Service Provider’s initial classification will be based on its reasonable professional assessment of the business impact as understood at the time of reporting or detection by the RMM Tool.

2.2. Response Times: Response Times are measured during Standard Business Hours only and are achieved upon Personalized Human Communication from Service Provider personnel as defined in Article 1 of the MSA. Critical Issue Response Time: Two (2) Standard Business Hours from the time of RMM Tool detection or proper Client reporting. Urgent Issue Response Time: Four (4) Standard Business Hours from the time of RMM Tool detection
or proper Client reporting. Standard Tech Issue Response Time: Eight (8) Standard Business Hours from the time of RMM Tool detection or proper Client reporting. For Standard Tech Issues reported with fewer than eight (8) Standard Business Hours remaining in a Business Day, or those reported outside of Standard Business Hours, Response may occur by the close of the following Business Day, but Service Provider will use
commercially reasonable efforts to respond sooner.

2.3. Automated Communications Disclaimer: Client explicitly acknowledges and agrees that any Automated Communications (such as automated ticket generation emails or RMM Tool alerts) sent to Client upon initial detection or reporting of an Incident serve as preliminary informational advisories
only. Such Automated Communications do not constitute, and shall not be deemed to satisfy, the achievement of the Response Time SLCs defined herein, which are predicated exclusively upon Personalized Human Communication from Service Provider personnel.

2.4. Holiday Support:  During Holidays, System Monitoring and Automated Remediation attempts will continue where feasible and configured.  For Critical Issues reported or detected on a Holiday, Service Provider will make commercially reasonable efforts to provide a Response and commence Hands-On Remediation as promptly as circumstances permit, acknowledging that personnel availability may be limited. Client will be kept informed of expected engagement timelines.  For Urgent Issues and Standard Tech Issues reported or detected on a Holiday, Response will typically occur by the end of the next Business Day, or in accordance with the standard SLC for that issue type as measured from the start of the next Business Day, whichever is later.

2.5. Scope of Remediation within SLCs: Included Remediation: For Critical and Urgent Issues affecting services explicitly covered under Section 1.4 of this Service Schedule, Service Provider will undertake Hands-On Remediation efforts. For Standard Tech Issues, this includes resolution of routine problems and fulfillment of standard requests within the defined scope of services. Exclusions / Project Work: Remediation efforts for any Incident type that require extensive labor (defined for this tier as generally exceeding four (4) hours of dedicated technician time for a single, distinct Incident), procurement of new hardware or software licenses not covered by Client, complex system rebuilds from bare metal due to extensive corruption or hardware failure, or which fall outside the explicitly defined recurring Services in Section 1.4, may be deemed Project Work. Service Provider shall notify Client if an Incident resolution is likely to require Project Work, and such work will only proceed upon mutual agreement and execution of an SOW or Change Order, to be billed at the Project
Work Rate specified herein.

2.6. Exclusions from SLC Applicability (Excused Downtime): The SLCs set forth herein shall not apply, and Service Provider shall not be deemed in breach of such SLCs, to the extent that any failure to meet an SLC is directly and proximately caused by any period of Excused Downtime as defined in Article 1 of the MSA. Service Provider will use commercially reasonable efforts to notify Client in advance of Scheduled Maintenance that is expected to impact Service availability.

3. FEES AND PAYMENT:

3.1. Monthly Recurring Fee (MRF): For the Services provided under this Service Schedule, Client shall pay Service Provider a MRF of Two Hundred Fifty U.S. Dollars ($250.00) per month per Covered User. This MRF is payable in advance, due as per Article 4 of the MSA.

3.2. Project Work Hourly Rate: Any Project Work or other services performed by Service Provider that are outside the scope of the included Services in Section 1.4, and are approved by Client via an SOW or Change Order, will be billed at an hourly rate of One Hundred Fifty U.S. Dollars ($150.00) per hour. The minimum billing increment for Project Work shall be one (1) hour, with subsequent time billed in thirty (30) minute increments.

3.3. Expenses: Client shall reimburse Service Provider for all reasonable, itemized, and pre-approved in writing by Client, out-of-pocket expenses (including, but not limited to, actual travel costs if on-site work outside of a fifty (50) mile radius from Service Provider’s principal office is specifically requested by Client and agreed by Service Provider, expedited shipping charges for critical hardware if approved by Client, and third-party software license costs or service fees procured by Service Provider directly on Client’s behalf with prior written approval and for Client’s exclusive benefit) incurred by Service Provider in connection with the performance of Services hereunder. Service Provider shall provide receipts or other appropriate documentation for all such reimbursable expenses.

4. TERM AND TERMINATION:

4.1. Initial Service Term: The Initial Service Term of this Service Schedule shall be Month-to-Month, commencing on the Schedule Effective Date.

4.2. Renewal: This Service Schedule shall automatically renew for successive one (1) month periods unless terminated by either Party in accordance with Section 11.3 of the MSA by providing at least thirty (30) days’ prior written notice of non-renewal before the end of the then-current monthly term.

4.3. Incorporation of MSA Termination Provisions: The termination provisions set forth in Article 11 of the MSA (Term and Termination) shall apply fully to this Service Schedule.

5. CLIENT REPRESENTATIVE(S): Client designates the following individual(s) as its primary contact(s) for operational and technical matters related to this Service Schedule, authorized to provide approvals and receive notices pertaining hereto: Primary Contact Name: ______________________ Title:
______________________ Email: ______________________ Phone: ______________________ Secondary Contact Name (Optional): ______________________ Title: ______________________ Email: ______________________ Phone: ______________________

6. ACKNOWLEDGEMENT AND EXECUTION: The Parties, through their duly authorized representatives, have read, understood, and agree to be bound by the terms and conditions of this Service Schedule and the Master Service Agreement incorporated herein by reference. This Service Schedule, together with the MSA, constitutes the entire agreement between the Parties with respect to the Services described herein and supersedes all prior oral or written communications, proposals, and agreements on this specific subject matter.

SERVICE PROVIDER: Hey Nephew Managed Tech Services, LLC
By: ___________________________ Name: Joey Patrick Title: Lead Nephew / Owner Date: ________________________

CLIENT: [Client Company Full Legal Name]
By: ___________________________ Name: _________________________ Title: _________________________ Date: ________________________

EXHIBIT A: SERVICE SCHEDULE NO. 002 TO MASTER SERVICE AGREEMENT

This Service Schedule No. 002 (“Service Schedule”), effective as of ___/___/___ (“Schedule Effective Date”), is made by and between Hey Nephew Managed Tech Services, LLC (“Service Provider”) and ____________________________________________________ (“Client”), and is governed by and incorporates by reference the terms and conditions of that certain Master Service Agreement (the “MSA”) entered into between Service Provider and Client, dated as of the Effective Date of the initial Service Schedule executed thereunder. Capitalized terms used herein without definition shall have the meanings ascribed to them in the MSA. In the event of a direct conflict between the terms of this Service Schedule and the MSA, the terms of this Service Schedule shall prevail solely with respect to the Services provided hereunder.

1. SERVICE TIER AND DESCRIPTION:

1.1. Service Tier: IT Team Managed Services

1.2. Covered Users: This Service Schedule covers [Specify Number, e.g., Ten (10)] Covered Users. Additions or subtractions of covered users require the execution of a new Service Schedule.

1.3. General Service Philosophy: The IT Team Proactive Support tier is tailored for growing businesses requiring robust protection of critical data, streamlined cloud collaboration, enhanced security posture, and faster, more comprehensive IT support to maintain operational momentum and facilitate growth.

1.4. Specific Services Included: Service Provider shall provide all Services included in the “IT Guy Managed Services” Tier (as such services are detailed in Service Provider’s standard IT Guy Service Schedule template, the service descriptions of which are incorporated herein by reference to define
baseline services provided under this IT Team tier), PLUS the following additional and enhanced Services:

Cloud Data Backup & Recovery: Managed data backup services for Client’s Microsoft 365 environment encompassing all Covered Users, specifically including Exchange Online data (mailboxes, calendars, contacts), SharePoint Online data (active sites and associated document libraries utilized by Covered Users), and OneDrive for Business data for each Covered User. Backups are performed automatically to secure, redundant cloud storage on a daily (typically nightly) basis. Standard data retention period for Microsoft 365 backups is one (1) year rolling, unless a longer retention period is explicitly agreed upon in a Change Order and subject to additional fees. Managed endpoint backup services for primary workstations (desktops/laptops) of Covered Users to secure cloud storage. Backup scope typically includes user profiles and designated standard business data folders (e.g., Documents, Desktop), subject to reasonable data volume limits per user as defined by Service Provider. Backup frequency for endpoints will be daily (typically during off-peak hours), with a standard data retention period of thirty (30) days rolling. Recovery assistance for data covered by these backup services in the event of data loss or corruption. Service Provider will assist with locating and restoring data to its original or an alternative location as technically feasible. Recovery Point Objective (RPO) target is typically equivalent to the backup frequency (e.g., 24 hours). Recovery Time Objective (RTO) target for commencing data restoration is commercially reasonable effort during Standard Business Hours, dependent upon the volume of data, nature of the data loss, and technical dependencies. These RPO/RTO values are targets and not guaranteed delivery times due to potential external factors.

Microsoft 365 User & License Management: Comprehensive user account administration within Client’s Microsoft 365 tenant, including user provisioning (adds), de-provisioning (moves, changes, deletions upon authorized Client request), password management (resets, multi-factor authentication
assistance), and group membership modifications for Covered Users. Management and assignment of Microsoft 365 licenses for Covered Users based on Client-owned licenses; periodic (e.g., quarterly or semi-annual) review of license utilization and provision of recommendations for license optimization
(e.g., reallocating underutilized licenses, identifying appropriate license types for user roles) to potentially improve cost-efficiency and ensure compliance with Microsoft licensing terms. Configuration and management of Microsoft 365 distribution groups, security groups, and shared mailboxes as requested by Client for standard business operations. This service does not include tenant-level architectural design or redesign, complex Exchange Online transport rule configuration beyond standard templates, advanced SharePoint Online site collection architecture, or Power Platform development unless explicitly scoped as Project Work.

Basic Network Device Monitoring: Uptime and availability monitoring (e.g., via ICMP ping responses or basic SNMP availability checks if the device supports such and Client provides necessary secure credentials/access) for up to one (1) Client-owned and designated core network device (typically the primary internet firewall or main office router) located at Client’s primary business address. Generation of alerts to Service Provider upon detection of device down status or sustained loss of external connectivity through the monitored device. Upon alert, Service Provider will notify designated Client Representative(s) and perform initial remote diagnostics to attempt to determine the nature of the outage and whether it pertains to the device itself or external factors (e.g., ISP
outage). This service does not include configuration management, firmware updates, security policy management, or in-depth troubleshooting and remediation of the monitored network device itself under this recurring Service; such activities would constitute Project Work.

Value Add – Warranty Management Assistance: For Client-owned endpoint hardware (workstations) and the specifically monitored network device (if applicable) of Covered Users that are under active manufacturer or third-party warranties (for which Client must provide all relevant warranty
information, serial numbers, and proof of purchase/entitlement documentation to Service Provider), Service Provider will, upon Client’s request, assist with logging warranty service claims with the respective vendor and coordinating with vendor-authorized technicians for on-site or depot repair/replacement services. Service Provider is not responsible for vendor performance, delays, or any costs not explicitly covered by the active warranty.

Value Add – Annual IT Health & Backup Summary Review: Once per calendar year, or as otherwise mutually agreed (e.g., semi-annually), Service Provider will conduct a comprehensive review of the IT services utilized by Client under this Service Schedule. This review will include an analysis of endpoint
health trends, patch management compliance, security alert summaries, Microsoft 365 usage patterns (if applicable), and backup success/failure rates and data restorability test outcomes (if applicable). Service Provider will provide Client with a written summary report of this review, typically
presented during a scheduled meeting, highlighting key findings, operational performance against agreed metrics (if any), areas of concern or potential risk, and general recommendations for maintaining or improving Client’s IT posture, operational efficiency, and alignment with business objectives.

2. SERVICE LEVEL COMMITMENTS (SLCs):

2.1. Incident Severity Classification: Incidents will be classified by Service Provider, in consultation with Client where appropriate and feasible, as a Critical Issue, Urgent Issue, or Standard Tech Issue, based on the definitions set forth in Article 1 of the MSA. Service Provider’s initial classification will be based on its reasonable professional assessment of the business impact as understood at the time of reporting or detection by the RMM Tool.

2.2. Response Times: Response Times are measured during Standard Business Hours only and are achieved upon Personalized Human Communication from Service Provider personnel as defined in Article 1 of the MSA.Critical Issue Response Time: One (1) Standard Business Hour from the time of RMM Tool detection or proper Client reporting. Urgent Issue Response Time: Two (2) Standard Business Hours from the time of RMM Tool detection or proper Client reporting. Standard Tech Issue Response Time: Four (4) Standard Business Hours from the time of RMM Tool detection or proper Client reporting.

2.3. Automated Communications Disclaimer: Client explicitly acknowledges and agrees that any Automated Communications (such as automated ticket generation emails or RMM Tool alerts) sent to Client upon initial detection or reporting of an Incident serve as preliminary informational advisories
only. Such Automated Communications do not constitute, and shall not be deemed to satisfy, the achievement of the Response Time SLCs defined herein, which are predicated exclusively upon Personalized Human Communication from Service Provider personnel.

2.4. Holiday Support: During Holidays, System Monitoring and Automated Remediation attempts will continue where feasible and configured. For Critical Issues reported or detected on a Holiday, Service Provider will make commercially reasonable efforts to provide a Response and commence Hands-On
Remediation as promptly as circumstances permit, acknowledging that personnel availability may be limited. Client will be kept informed of expected engagement timelines. For Urgent Issues and Standard Tech Issues reported or detected on a Holiday, Response will typically occur by the end of
the next Business Day, or in accordance with the standard SLC for that issue type as measured from the start of the next Business Day, whichever is later.

2.5. Scope of Remediation within SLCs: Included Remediation: For Critical and Urgent Issues affecting services explicitly covered under Section 1.4 of this Service Schedule, Service Provider will undertake priority Hands-On Remediation efforts. For Standard Tech Issues, this includes resolution of routine
problems and fulfillment of standard requests within the defined scope of services. Exclusions / Project Work: Remediation efforts for any Incident type that require extensive labor (defined for this tier as generally exceeding six (6) hours of dedicated technician time for a single, distinct Incident), procurement of new hardware or software licenses not covered by Client, complex system rebuilds from bare metal, major data recovery operations beyond standard restores, or which fall outside the explicitly defined recurring Services in Section 1.4, may be deemed Project Work. Service Provider shall notify Client if an Incident resolution is likely to require Project Work, and such work will only proceed upon mutual agreement and execution of an SOW or Change Order, to be billed at the Project Work Rate specified herein.

2.6. Exclusions from SLC Applicability (Excused Downtime): The SLCs set forth herein shall not apply, and Service Provider shall not be deemed in breach of such SLCs, to the extent that any failure to meet an SLC is directly and proximately caused by any period of Excused Downtime as defined in Article 1 of the MSA. Service Provider will use commercially reasonable efforts to notify Client in advance of Scheduled Maintenance that is expected to impact Service availability.

3. FEES AND PAYMENT:

3.1. Monthly Recurring Fee (MRF): For the Services provided under this Service Schedule, Client shall pay Service Provider a MRF of Three Hundred Twenty U.S. Dollars ($320.00) per month, per Covered User specified in Section 1.2. This MRF is payable in advance, due as per Article 4 of the MSA.

3.2. Project Work Hourly Rate: Any Project Work or other services performed by Service Provider that are outside the scope of the included Services in Section 1.4, and are approved by Client via an SOW or Change Order, will be billed at an hourly rate of One Hundred Twenty-Five U.S. Dollars ($125.00) per hour. The minimum billing increment for Project Work shall be one (1) hour, with subsequent time billed in thirty (30) minute increments.

3.3. Expenses: Client shall reimburse Service Provider for all reasonable, itemized, and pre-approved in writing by Client, out-of-pocket expenses (including, but not limited to, actual travel costs if on-site work outside of a fifty (50) mile radius from Service Provider’s principal office is specifically requested by Client and agreed by Service Provider, expedited shipping charges for critical hardware if approved by Client, and third-party software license costs or service fees procured by Service Provider directly on Client’s behalf with prior written approval and for Client’s exclusive benefit) incurred by Service Provider in connection with the performance of Services hereunder. Service Provider shall provide receipts or other appropriate documentation for all such reimbursable
expenses.

4. TERM AND TERMINATION:

4.1. Initial Service Term: The Initial Service Term of this Service Schedule shall be Month-to-Month, commencing on the Schedule Effective Date.

4.2. Renewal: This Service Schedule shall automatically renew for successive one (1) month periods unless terminated by either Party in accordance with Section 11.3 of the MSA by providing at least thirty (30) days’ prior written notice of non-renewal before the end of the then-current monthly term.

4.3. Incorporation of MSA Termination Provisions: The termination provisions set forth in Article 11 of the MSA (Term and Termination) shall apply fully to this Service Schedule.

5. CLIENT REPRESENTATIVE(S): Client designates the following individual(s) as its primary contact(s) for operational and technical matters related to this Service Schedule, authorized to provide approvals and receive notices pertaining hereto: Primary Contact Name: ______________________ Title:
______________________ Email: ______________________ Phone: ______________________ Secondary Contact Name (Optional): ______________________ Title: ______________________ Email: ______________________ Phone:
______________________

6. ACKNOWLEDGEMENT AND EXECUTION: The Parties, through their duly authorized representatives, have read, understood, and agree to be bound by the terms and conditions of this Service Schedule and the Master Service Agreement incorporated herein by reference. This Service Schedule, together with the MSA, constitutes the entire agreement between the Parties with respect to the Services described herein and supersedes all prior oral or written communications, proposals, and agreements on this specific subject matter.

SERVICE PROVIDER: Hey Nephew Managed Tech Services, LLC
By: ___________________________ Name: Joey Patrick Title: Lead Nephew / Owner Date: ________________________

CLIENT: [Client Company Full Legal Name]
By: ___________________________ Name: _________________________ Title: _________________________ Date: ________________________

EXHIBIT A: SERVICE SCHEDULE NO. 003 TO MASTER SERVICE AGREEMENT

This Service Schedule No. 003 (“Service Schedule”), effective as of ___/___/___ (“Schedule Effective Date”), is made by and between Hey Nephew Managed Tech Services, LLC (“Service Provider”) and ____________________________________________________ (“Client”), and is governed by and incorporates by reference the terms and conditions of that certain Master Service Agreement (the “MSA”) entered into between Service Provider and Client, dated as of the Effective Date of the initial Service Schedule executed thereunder. Capitalized terms used herein without definition shall have the meanings ascribed to them in the MSA. In the event of a direct conflict between the terms of this Service Schedule and the MSA, the terms of this Service Schedule shall prevail solely with respect to
the Services provided hereunder.

1. SERVICE TIER AND DESCRIPTION:

1.1. Service Tier: vCIO Managed Services

1.2. Covered Users: This Service Schedule covers [Specify Number, e.g., Fifteen (15)] Covered Users. Additions or subtractions of covered users require the execution of a new Service Schedule.

1.3. General Service Philosophy: The VirtualCIO Strategic Partnership tier is designed for companies seeking to proactively leverage technology as a significant competitive advantage and a primary driver of business growth, through expert IT strategy, robust security and compliance management, and premier operational support ensuring maximum uptime and efficiency.

1.4. Specific Services Included: Service Provider shall provide all Services included in the “IT Team” Tier (as such services are detailed in Service Provider’s standard IT Team Service Schedule template, the service descriptions of which are incorporated herein by reference to define baseline services provided under this vCIO tier), PLUS the following additional and enhanced Services:

Advanced Security & Compliance Management Assistance: Proactive and continuous review, assessment, and enhancement of Client’s overall cybersecurity posture, including recommendations based on advanced industry best practices (e.g., specific NIST Cybersecurity Framework profiles, CIS Controls Implementation Groups, or other relevant frameworks as mutually agreed). Dedicated assistance with Client’s preparedness for, and ongoing maintenance of, specific regulatory or industry compliance frameworks directly relevant to Client’s business (e.g., providing guidance and support for HIPAA Security Rule technical safeguards, CMMC Level [Specify Level, e.g., 1-2] practice implementation – scope of specific frameworks and depth of assistance to be mutually agreed and documented). This includes detailed policy review against framework requirements, gap analysis reporting, and strategic remediation planning assistance. Service Provider does not perform formal audits or issue certifications but will assist Client in preparing for such by third parties. Coordination,
interpretation, and prioritized remediation planning based on results from approved third-party vulnerability scans, penetration tests, or other security assessments (whether procured by Client directly or by Service Provider as agreed Project Work). Provision of advanced security reporting,
including customized dashboards (where feasible with RMM Tool capabilities), trend analysis of security events, and periodic threat intelligence briefings pertinent to Client’s industry, technology stack, or specific risk profile.

Strategic IT Consultation & Technical Infrastructure Review (vCIO Services): Assignment of a dedicated Virtual Chief Information Officer (vCIO) resource from Service Provider, responsible for high-level strategic engagement with Client’s management and leadership team. Regularly scheduled (minimum quarterly, or as otherwise mutually agreed, e.g., monthly for initial onboarding phase) strategic business review (SBR/QBR) meetings. These meetings will focus on IT performance metrics, alignment of IT initiatives with Client’s strategic business objectives, comprehensive risk management discussions, evaluation of emerging technologies relevant to Client, and collaborative future planning. Development, documentation, and ongoing maintenance of a multi-year strategic IT roadmap and technology lifecycle plan for Client, created in close collaboration with Client stakeholders, to guide technology investments and initiatives. Proactive assistance with IT budget forecasting, detailed planning, and ongoing optimization strategies, including ROI analysis for proposed technology investments. Comprehensive periodic (typically annual, or more frequently if significant changes occur) in-depth review of Client’s overall technical infrastructure (including servers, network architecture, core business applications, cloud service integrations, and security controls). This review will identify architectural strengths, weaknesses, performance bottlenecks, security vulnerabilities, operational risks, and opportunities for improvement, modernization,
consolidation, or cost savings, with detailed written reports and presentations provided to Client management.

Value Add – Annual IT Security Policy Suite Review & Development Assistance: Collaborative annual (or as needed upon major business change) review of Client’s existing suite of key IT security policies (e.g., Acceptable Use, Data Security & Privacy, Incident Response Plan, Business Continuity/Disaster
Recovery Plan, Remote Access Policy, etc.). Provision of industry-standard templates, best-practice guidance, and direct assistance in the development, refinement, or enhancement of such policies to align with evolving best practices, Client’s specific operational needs, and relevant compliance requirements.

Value Add – Software Asset & License Management (SAM) Strategy & Optimization: Proactive assistance with establishing and maintaining an inventory of key software licenses utilized by Client and supported under this agreement. Strategic recommendations for software license optimization, including identifying underutilized or redundant licenses, exploring alternative licensing models for potential cost savings, ensuring compliance with vendor licensing agreements to mitigate audit risks, and planning for future software needs.

Enhanced Vendor Management & Technical Liaison Services: Acting as a primary technical point of contact and strategic liaison between Client and Client’s critical third-party technology vendors (e.g., Internet Service Providers, core Line-of-Business (LoB) application providers, specialized cloud platform providers, telecommunications carriers). Service Provider will proactively manage technical escalations with such vendors, advocate for Client’s interests in service disputes or performance issues, coordinate multi-vendor troubleshooting for complex integrated issues, and participate in technical planning discussions with vendors regarding new services or upgrades relevant to Client. Client must provide necessary authorizations and vendor account information to facilitate this service.

2. SERVICE LEVEL COMMITMENTS (SLCs):

2.1. Incident Severity Classification: Incidents will be classified by Service Provider, in consultation with Client where appropriate and feasible, as a Critical Issue, Urgent Issue, or Standard Tech Issue, based on the definitions set forth in Article 1 of the MSA. Service Provider’s initial classification will be based on its reasonable professional assessment of the business impact as understood at the time of reporting or detection by the RMM Tool.

2.2. Response Times: Response Times are measured during Standard Business Hours only and are achieved upon Personalized Human Communication from Service Provider personnel as defined in Article 1 of the MSA. Critical Issue Response Time: Thirty (30) Minutes within Standard Business Hours from the time of RMM Tool detection or proper Client reporting. Urgent Issue Response Time: One (1) Standard Business Hour from the time of RMM Tool detection or
proper Client reporting. Standard Tech Issue Response Time: Two (2) Standard Business Hours from the time of RMM Tool detection or proper Client reporting.

2.3. Automated Communications Disclaimer: Client explicitly acknowledges and agrees that any Automated Communications (such as automated ticket generation emails or RMM Tool alerts) sent to Client upon initial detection or reporting of an Incident serve as preliminary informational advisories
only. Such Automated Communications do not constitute, and shall not be deemed to satisfy, the achievement of the Response Time SLCs defined herein, which are predicated exclusively upon Personalized Human Communication from Service Provider personnel.

2.4. Holiday Support: During Holidays, System Monitoring and Automated Remediation attempts will continue where feasible and configured. For Critical Issues reported or detected on a Holiday, Service Provider will make commercially reasonable efforts to provide a Response and commence Hands-On
Remediation as promptly as circumstances permit, acknowledging that personnel availability may be limited. Client will be kept informed of expected engagement timelines. For Urgent Issues and Standard Tech Issues reported or detected on a Holiday, Response will typically occur by the end of
the next Business Day, or in accordance with the standard SLC for that issue type as measured from the start of the next Business Day, whichever is later.

2.5. Scope of Remediation within SLCs: Included Remediation: For Critical and Urgent Issues affecting services explicitly covered under Section 1.4 of this Service Schedule, Service Provider will undertake priority, expedited Hands-On Remediation efforts, leveraging senior technical resources where
appropriate. For Standard Tech Issues, this includes expedited resolution of routine problems and fulfillment of standard requests with a higher priority than lower tiers. Exclusions / Project Work: Remediation efforts for any Incident type that require extensive labor (defined for this tier as generally exceeding eight (8) hours of dedicated technician/consultant time for a single, distinct Incident, though this may be assessed on a case-by-case basis for vCIO clients), significant new infrastructure or enterprise software procurement, complex forensic investigations beyond initial incident response, or which fall outside the explicitly defined recurring Services in Section 1.4 (e.g., custom application development, major data center migrations), will be deemed Project Work. Service Provider shall notify Client if an Incident resolution is likely to require Project Work, and such work will only proceed upon mutual agreement and execution of an SOW or Change Order, to be billed at the Project Work Rate specified herein or as defined in the SOW.

2.6. Exclusions from SLC Applicability (Excused Downtime): The SLCs set forth herein shall not apply, and Service Provider shall not be deemed in breach of such SLCs, to the extent that any failure to meet an SLC is directly and proximately caused by any period of Excused Downtime as defined in
Article 1 of the MSA. Service Provider will use commercially reasonable efforts to notify Client in advance of Scheduled Maintenance that is expected to impact Service availability.

3. FEES AND PAYMENT:

3.1. Monthly Recurring Fee (MRF): For the Services provided under this Service Schedule, Client shall pay Service Provider a MRF of Four Hundred U.S. Dollars ($400.00) per month, per Covered User specified in Section 1.2. This MRF is payable in advance, due as per Article 4 of the MSA.

3.2. Project Work Hourly Rate: Any Project Work or other services performed by Service Provider that are outside the scope of the included Services in Section 1.4, and are approved by Client via an SOW or Change Order, will be billed at an hourly rate of One Hundred Fifteen U.S. Dollars ($115.00) per hour. The minimum billing increment for Project Work shall be one (1) hour, with subsequent time billed in thirty (30) minute increments.

3.3. Expenses: Client shall reimburse Service Provider for all reasonable, itemized, and pre-approved in writing by Client, out-of-pocket expenses (including, but not limited to, actual travel costs if on-site work outside of a fifty (50) mile radius from Service Provider’s principal office is specifically requested by Client and agreed by Service Provider, expedited shipping charges for critical hardware if approved by Client, and third-party software license costs or service fees procured by Service Provider directly on Client’s behalf with prior written approval and for Client’s exclusive benefit) incurred by Service Provider in connection with the performance of Services hereunder. Service Provider shall provide receipts or other appropriate documentation for all such reimbursable expenses.

4. TERM AND TERMINATION:

4.1. Initial Service Term: The Initial Service Term of this Service Schedule shall be Month-to-Month, commencing on the Schedule Effective Date.

4.2. Renewal: This Service Schedule shall automatically renew for successive one (1) month periods unless terminated by either Party in accordance with Section 11.3 of the MSA by providing at least thirty (30) days’ prior written notice of non-renewal before the end of the then-current monthly term.

4.3. Incorporation of MSA Termination Provisions: The termination provisions set forth in Article 11 of the MSA (Term and Termination) shall apply fully to this Service Schedule.

5. CLIENT REPRESENTATIVE(S): Client designates the following individual(s) as its primary contact(s) for operational and technical matters related to this Service Schedule, authorized to provide approvals and receive notices pertaining hereto: Primary Contact Name: ______________________ Title:
______________________ Email: ______________________ Phone: ______________________ Secondary Contact Name (Optional): ______________________ Title: ______________________ Email: ______________________ Phone: ______________________

6. ACKNOWLEDGEMENT AND EXECUTION: The Parties, through their duly authorized representatives, have read, understood, and agree to be bound by the terms and conditions of this Service Schedule and the Master Service Agreement incorporated herein by reference. This Service Schedule, together with the MSA, constitutes the entire agreement between the Parties with respect to the Services described herein and supersedes all prior oral or written communications, proposals, and agreements on this specific subject matter.

SERVICE PROVIDER: Hey Nephew Managed Tech Services, LLC
By: ___________________________ Name: Joey Patrick Title: Lead Nephew / Owner Date:________________________

CLIENT: [Client Company Full Legal Name]
By: ___________________________ Name: _________________________ Title: _________________________ Date:_______________________