Terms of Service

Last Updated: February 15, 2025 — Version 3.0

Master Terms of Service: This document constitutes the Master Terms of Service ("Agreement") between Anubris Inc., a Delaware corporation ("Anubris," "Company," "we," "us," or "our"), and the entity or individual executing a Statement of Work, accessing the Client Portal, or otherwise engaging Anubris for professional services ("Client," "you," or "your"). By executing a Statement of Work, accessing any Anubris service portal, or remitting payment against any Anubris invoice, you acknowledge that you have read, understood, and agree to be bound by these Terms in their entirety.

1. Definitions

For the purposes of this Agreement, the following terms shall have the meanings ascribed to them below. Capitalized terms used but not defined in a Statement of Work or other ancillary document shall have the meanings set forth in this Section.

"Agreement" means these Master Terms of Service, together with all Statements of Work, Service Level Agreements, Data Processing Addenda, and any other documents expressly incorporated herein by reference.
"Authorized User" means any individual who is authorized by Client to access and use the Services on Client's behalf, including employees, contractors, and agents of Client who have been granted valid access credentials.
"Client" means the entity or individual identified in the applicable Statement of Work or that otherwise enters into this Agreement with Anubris, together with its Affiliates where expressly indicated.
"Client Data" means all data, information, content, records, and files provided by or on behalf of Client, or generated through Client's use of the Services, including but not limited to personal data, business records, configurations, and application data.
"Confidential Information" means any information disclosed by either party to the other, whether orally, in writing, or by inspection, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, as further defined in Section 8.
"Deliverables" means the tangible and intangible work products, reports, software, configurations, documentation, and other materials to be provided by Anubris to Client as specified in the applicable Statement of Work.
"Documentation" means all user manuals, technical specifications, operational guides, knowledge base articles, API references, and other written materials provided by Anubris in connection with the Services, whether in electronic or printed form.
"Effective Date" means the date on which the applicable Statement of Work is fully executed by both parties, or, in the absence of a Statement of Work, the date on which Client first accesses or uses any Service.
"Fees" means all charges, costs, and expenses payable by Client to Anubris for the Services, as set forth in the applicable Statement of Work, rate card, or invoice, including any recurring subscription fees, project-based fees, and time-and-materials charges.
"Force Majeure Event" means any event or circumstance beyond the reasonable control of a party that prevents or materially impedes the performance of its obligations under this Agreement, as further defined in Section 17.
"Intellectual Property" or "IP" means all patents, copyrights, trademarks, trade secrets, know-how, inventions, designs, algorithms, software (in source and object code form), databases, methodologies, frameworks, tools, and all other intellectual property rights, whether registered or unregistered.
"Managed Services" means the ongoing, recurring IT management, monitoring, maintenance, and support services provided by Anubris on a subscription or retainer basis, as described in the applicable Statement of Work.
"Project Services" means discrete, time-bounded professional services engagements undertaken by Anubris on behalf of Client, including but not limited to implementation projects, migrations, assessments, and custom development, as described in the applicable Statement of Work.
"Service Level Agreement" or "SLA" means the documented commitments regarding service availability, performance metrics, response times, and resolution targets applicable to the Services, as set forth in Section 4 or in a separate SLA document incorporated by reference.
"Statement of Work" or "SOW" means a written document executed by both parties that describes the specific Services to be provided, the scope of work, Deliverables, timelines, Fees, and any additional terms applicable to a particular engagement.
"Sub-processor" means any third party engaged by Anubris to process Client Data on behalf of Client in the course of providing the Services.
"Term" means the duration of this Agreement, commencing on the Effective Date and continuing until terminated in accordance with Section 15.

2. Scope & Acceptance

2.1 Scope of Agreement

This Agreement governs all Services provided by Anubris to Client, including Managed Services, Project Services, Cloud Services, Cybersecurity Services, Software Development, and Consulting engagements. All Statements of Work, Service Level Agreements, Data Processing Addenda, and other ancillary documents executed by the parties are incorporated into and form part of this Agreement.

2.2 Acceptance Mechanisms

Client's acceptance of this Agreement may be evidenced by any of the following actions:

Executing (whether by manual or electronic signature) a Statement of Work that references this Agreement;
Accessing or logging into the Anubris Client Portal or any Anubris-provided service platform;
Remitting payment against any Anubris invoice or proposal;
Providing written or electronic acknowledgment of these Terms; or
Continuing to use the Services after receiving notice of updated Terms.

2.3 Order of Precedence

In the event of any conflict or inconsistency between the documents that comprise this Agreement, the following order of precedence shall apply, with the document listed first taking priority:

The applicable Statement of Work (including any amendments thereto);
Any separately executed Master Service Agreement ("MSA") between the parties;
Data Processing Addendum (if applicable);
Service Level Agreement;
These Master Terms of Service.

Notwithstanding the foregoing, a lower-priority document shall govern with respect to any subject matter not addressed by a higher-priority document.

2.4 Authority

If you are entering into this Agreement on behalf of a company, organization, or other legal entity, you represent and warrant that you have the legal authority to bind such entity and its Affiliates to this Agreement. If you do not have such authority, or if you do not agree with these Terms, you must not accept this Agreement and may not use the Services.

2.5 Electronic Signatures

The parties agree that electronic signatures, including but not limited to DocuSign, Adobe Sign, or authenticated email acceptance, shall be deemed legally binding and enforceable to the same extent as original handwritten signatures. Electronically executed documents shall constitute "writings" for all purposes under applicable law.

3. Services Description

Anubris provides a comprehensive portfolio of enterprise IT services and cybersecurity solutions. The specific Services to be provided in each engagement shall be defined in the applicable Statement of Work. The following describes the general categories of Services available:

3.1 Managed IT Services

Ongoing management and monitoring of Client's IT infrastructure, including:

24/7/365 infrastructure monitoring with real-time alerting and automated incident creation;
Helpdesk and end-user support services with tiered support levels;
Patch management and vulnerability remediation across operating systems, firmware, and applications;
Backup management, integrity verification, and disaster recovery planning and testing;
Network management, including firewall administration, VPN configuration, and bandwidth optimization;
Endpoint management, including deployment, lifecycle management, and secure decommissioning;
Vendor liaison and third-party software management on behalf of Client.

3.2 Cloud Services

Design, migration, management, and optimization of cloud infrastructure across major platforms:

Cloud architecture design and migration planning for Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP);
Hybrid and multi-cloud environment management and workload optimization;
Cloud cost optimization and FinOps practices, including reserved instance management, rightsizing, and waste elimination;
Infrastructure as Code (IaC) implementation using Terraform, ARM templates, CloudFormation, and Pulumi;
Cloud-native application architecture, containerization (Docker, Kubernetes), and serverless implementations;
Cloud security posture management (CSPM) and compliance monitoring.

3.3 Cybersecurity Services

Comprehensive security services designed to protect Client's digital assets and ensure regulatory compliance:

Penetration testing (network, application, wireless, social engineering) with detailed findings and remediation guidance;
Security Information and Event Management (SIEM) deployment and 24/7 Security Operations Center (SOC) monitoring;
Compliance assessment and readiness programs (SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF, CMMC, GDPR);
Incident response planning, tabletop exercises, and on-call breach response services;
Vulnerability management programs with continuous scanning, prioritization, and remediation tracking;
Security awareness training and phishing simulation campaigns;
Zero Trust architecture design and implementation;
Digital forensics and threat intelligence services.

3.4 Software Development

Custom software engineering and application modernization services:

Custom application development (web, mobile, desktop) using modern technology stacks;
API design, development, and integration services (REST, GraphQL, gRPC);
DevOps and CI/CD pipeline implementation (GitHub Actions, Azure DevOps, Jenkins, GitLab CI);
Legacy application modernization, re-platforming, and re-architecture;
Database design, optimization, migration, and administration;
Quality assurance, automated testing frameworks, and performance engineering;
User experience (UX) design and front-end development.

3.5 Consulting & Strategy

Strategic advisory services to align technology investments with business objectives:

IT roadmap development and technology strategy alignment with business goals;
Digital transformation planning and execution support;
Vendor evaluation, selection, and management;
IT budgeting, forecasting, and Total Cost of Ownership (TCO) analysis;
Mergers & acquisitions IT due diligence and integration planning;
Business continuity and disaster recovery strategy development;
IT governance framework implementation (ITIL, COBIT).

4. Service Level Agreements

Anubris is committed to delivering Services at the highest standards of reliability and responsiveness. The following Service Level commitments apply to Managed Services engagements unless otherwise specified in the applicable Statement of Work. Custom SLA terms may be negotiated and documented in a separate SLA addendum.

4.1 Service Availability

Anubris targets a minimum service availability of 99.9% uptime for all Managed Services infrastructure under its direct control, measured on a calendar month basis. Availability is calculated as follows:

Availability % = ((Total Minutes in Month − Unscheduled Downtime Minutes) / Total Minutes in Month) × 100

4.2 Incident Priority & Response Targets

Incidents are classified by severity, and response and resolution targets are established according to the following matrix:

Priority	Description	Response	Resolution	Example
P1 — Critical	Complete service outage or critical security breach	≤ 15 min	≤ 4 hrs	Production server down, active ransomware
P2 — High	Major degradation affecting business operations	≤ 30 min	≤ 8 hrs	Email system partial outage, VPN failures
P3 — Medium	Service impairment with available workaround	≤ 2 hrs	≤ 24 hrs	Printer issues, non-critical app errors
P4 — Low	Minor issue or service request with no business impact	≤ 4 hrs	≤ 72 hrs	New user setup, software installation request

4.3 Measurement Methodology

Service availability and incident response metrics shall be measured using Anubris's monitoring and ticketing systems, which constitute the authoritative source of record. Response time is measured from the moment Anubris receives notification of the incident (via monitoring alert, ticketing system, phone call, or email) to the moment an Anubris engineer acknowledges the incident and begins active troubleshooting. Resolution time is measured from initial notification to the point at which normal service operation is restored or a substantive workaround is implemented.

4.4 SLA Exclusions

Service Level commitments shall not apply to service interruptions or degradations caused by:

Scheduled maintenance windows (communicated at least 72 hours in advance, conducted during off-peak hours unless otherwise agreed);
Emergency maintenance required to address critical security vulnerabilities (with notice provided as soon as reasonably practicable);
Force Majeure Events as defined in Section 17;
Actions, omissions, or configurations implemented by Client or Client's Authorized Users without Anubris approval;
Third-party service provider outages outside of Anubris's reasonable control (e.g., ISP failures, public cloud platform incidents);
Client's failure to meet its obligations under Section 5;
Client's use of Services in a manner inconsistent with the Documentation or applicable SOW.

4.5 Service Credits

In the event that Anubris fails to meet the availability commitment set forth in Section 4.1, Client shall be entitled to service credits calculated as follows:

Service Credit Calculation:

Service Credit = (Total Unscheduled Downtime Minutes / Total Minutes in Month) × Monthly Recurring Fee

Service credits are capped at a maximum of 30% of the applicable monthly recurring fee. Service credits constitute Client's sole and exclusive remedy for failure to meet availability commitments. Credits are applied against future invoices and are not redeemable for cash. Client must submit a credit request in writing within thirty (30) days of the incident.

Anubris shall provide monthly SLA performance reports to Client, detailing uptime metrics, incident volumes by priority, and response/resolution time adherence.

5. Client Obligations

The timely and effective delivery of the Services requires active cooperation from Client. Client acknowledges that Anubris's ability to meet its obligations under this Agreement, including Service Level commitments, is contingent upon Client fulfilling the following obligations:

5.1 Primary Contact Designation

Client shall designate a primary point of contact and an alternate contact who shall have the authority to make decisions, approve change requests, provide information, and grant access on behalf of Client. Client shall notify Anubris in writing within five (5) business days of any change to these designated contacts.

5.2 Access & Information

Client shall provide Anubris with timely access to Client's systems, facilities, networks, applications, and personnel as reasonably necessary for Anubris to perform the Services. Client shall provide all information, data, and materials reasonably requested by Anubris in a timely manner. Delays in providing access or information may result in corresponding delays to project timelines and Service delivery, for which Anubris shall not be held responsible.

5.3 Data Backups

Unless backup management is expressly included in the applicable Statement of Work, Client is solely responsible for maintaining current and complete backups of all Client Data. Anubris shall not be liable for any loss of Client Data resulting from Client's failure to maintain adequate backups.

5.4 Acceptable Use Compliance

Client shall ensure that all Authorized Users comply with the Acceptable Use Policy set forth in Section 6. Client shall be responsible for any violations of the AUP committed by its Authorized Users and shall indemnify Anubris against any claims arising from such violations.

5.5 Licensing & Compliance

Client shall maintain all necessary software licenses, permits, and regulatory approvals required for its operations and for Anubris to perform the Services. Unless expressly stated in the applicable SOW, Anubris is not responsible for procuring or maintaining Client's software licenses.

5.6 Security Cooperation

Client shall cooperate with Anubris in the implementation of security measures, including multi-factor authentication (MFA), access controls, and vulnerability remediation. Client shall promptly implement security recommendations made by Anubris and shall notify Anubris immediately upon becoming aware of any actual or suspected security incident affecting systems under Anubris management.

5.7 Deliverable Review

Client shall review and provide written feedback on all Deliverables within ten (10) business days of receipt ("Review Period"). If Client does not provide written notice of non-conformance within the Review Period, the Deliverables shall be deemed accepted. Acceptance shall not be unreasonably withheld, conditioned, or delayed.

6. Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs the use of all Anubris-provided or Anubris-managed systems, services, networks, and resources. All Authorized Users are bound by this AUP, and Client is responsible for ensuring compliance by all individuals who access the Services using Client's credentials or through Client's account.

6.1 Prohibited Activities

The following activities are strictly prohibited when using Anubris Services or any systems managed by Anubris:

Violating any applicable local, state, national, or international law, regulation, or ordinance;
Infringing upon the intellectual property rights, privacy rights, or other proprietary rights of any third party;
Transmitting, distributing, or storing malware, viruses, trojans, worms, ransomware, or any other malicious or destructive code;
Engaging in unauthorized access, probing, scanning, or penetration testing of any system, network, or account;
Sending unsolicited bulk communications (spam), phishing attempts, or social engineering attacks;
Interfering with, disrupting, or degrading the performance of any Anubris system, network, or service;
Attempting to reverse engineer, decompile, disassemble, or derive the source code of any Anubris software, tools, or systems;
Using the Services for cryptocurrency mining, excessive automated scraping, or other resource-intensive activities not expressly authorized;
Storing, transmitting, or processing content that is unlawful, defamatory, obscene, threatening, or harassing;
Circumventing, disabling, or interfering with any security feature, access control, or usage limitation;
Using another user's credentials or impersonating any person or entity;
Reselling, sublicensing, or redistributing Anubris Services without prior written authorization;
Failing to comply with export control or sanctions laws applicable to the technology or data being processed;
Operating open mail relays, open proxies, or other network services that may be exploited by third parties;
Engaging in any activity that could reasonably be expected to subject Anubris to liability, regulatory action, or reputational harm.

6.2 Resource Limits

Anubris may establish reasonable resource usage limits (storage, bandwidth, compute, API calls) for each Client based on the applicable SOW. Anubris reserves the right to throttle, suspend, or require an upgrade of Services if Client's usage materially exceeds the agreed-upon resource allocation or adversely impacts other clients.

6.3 Security Requirements

All Authorized Users must comply with the following minimum security standards:

Multi-factor authentication (MFA) must be enabled on all accounts accessing Anubris-managed systems;
Passwords must meet minimum complexity requirements: at least 12 characters, combining uppercase, lowercase, numbers, and special characters;
Passwords must be unique to each service and must not be shared between users;
Access credentials must not be stored in plaintext, shared via unsecured channels, or embedded in code;
Authorized Users must promptly report any actual or suspected security incident to Anubris.

6.4 Monitoring

Anubris reserves the right to monitor, log, and audit usage of its Services and managed systems for the purposes of security management, capacity planning, compliance verification, and enforcement of this AUP. Client acknowledges and consents to such monitoring as a condition of using the Services.

6.5 Violation Consequences

Enforcement Escalation: Violations of this Acceptable Use Policy will be addressed through the following escalation process:

First Violation (Non-Critical): Written warning and requirement to remediate within a specified timeframe;
Second Violation or Failure to Remediate: Temporary suspension of affected Services with written notice;
Third Violation, Critical Violation, or Continued Non-Compliance: Immediate termination of Services for cause, with all outstanding Fees becoming immediately due.

Anubris reserves the right to bypass the escalation process and immediately suspend or terminate Services in cases where a violation poses an imminent threat to the security, integrity, or availability of Anubris systems or other clients' environments.

6.6 Reporting Obligations

Client shall promptly notify Anubris of any known or suspected AUP violations by its Authorized Users, any unauthorized use of Client's account or credentials, and any security incident that may affect systems under Anubris management. Failure to report known violations may be treated as a material breach of this Agreement.

7. Intellectual Property Rights

7.1 Pre-Existing Intellectual Property

Each party retains all rights, title, and interest in and to its pre-existing Intellectual Property. Nothing in this Agreement shall be construed as a transfer of ownership of either party's pre-existing IP to the other party. "Pre-Existing IP" means any Intellectual Property owned by or licensed to a party prior to the Effective Date, or developed by a party independently of this Agreement.

7.2 Client-Owned Deliverables

Subject to Section 7.3 and conditional upon Client's full payment of all applicable Fees, Anubris hereby assigns to Client all rights, title, and interest in and to custom Deliverables developed specifically and exclusively for Client pursuant to an applicable Statement of Work. Such assignment is effective upon full payment for the applicable Deliverable. Until full payment is received, Anubris retains all rights in such Deliverables.

7.3 Anubris-Retained IP

Notwithstanding Section 7.2, Anubris retains all rights, title, and interest in and to the following, regardless of whether they are incorporated into Deliverables:

Anubris's proprietary tools, scripts, libraries, frameworks, templates, and utilities;
General methodologies, processes, techniques, and know-how, including improvements thereto developed in the course of providing Services;
Pre-existing code, components, and modules owned by or licensed to Anubris;
Aggregated, anonymized, and de-identified data derived from the provision of Services (which shall not include Client Data in identifiable form);
Any general knowledge, skills, and experience gained by Anubris personnel in the course of providing Services.

Where Anubris-Retained IP is incorporated into Deliverables, Anubris grants Client a non-exclusive, non-transferable, perpetual, royalty-free license to use such Anubris-Retained IP solely as part of and to the extent necessary to use the Deliverables for Client's internal business purposes.

7.4 Open Source Software

To the extent that any Deliverable incorporates open source software components, Anubris shall identify such components and their applicable licenses in the project documentation. Client acknowledges that open source components are subject to their respective license terms, which may impose additional obligations or restrictions. Anubris shall not incorporate any open source component governed by a "copyleft" license (e.g., GPL, AGPL) into a Deliverable without Client's prior written consent.

7.5 Restrictions

Except as expressly authorized in this Agreement, Client shall not: (a) reverse engineer, decompile, or disassemble any Anubris software, tools, or systems; (b) modify, adapt, or create derivative works of Anubris-Retained IP; (c) sublicense, sell, resell, or distribute any Anubris IP; or (d) remove, alter, or obscure any proprietary notices on Anubris materials.

8. Confidentiality

8.1 Definition of Confidential Information

"Confidential Information" means any and all non-public information disclosed by one party ("Disclosing Party") to the other party ("Receiving Party"), whether orally, in writing, electronically, or by inspection or observation, that is designated as confidential, proprietary, or trade secret, or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes, without limitation: business plans, financial data, pricing, customer lists, technical specifications, source code, algorithms, security architectures, system configurations, employee information, and the terms and conditions of this Agreement.

8.2 Obligations of the Receiving Party

The Receiving Party shall: (a) hold the Disclosing Party's Confidential Information in strict confidence; (b) not disclose Confidential Information to any third party except as expressly permitted herein; (c) use Confidential Information solely for the purpose of performing its obligations or exercising its rights under this Agreement; and (d) protect Confidential Information using the same degree of care it uses to protect its own Confidential Information of like kind, but in no event less than reasonable care. Access to Confidential Information shall be limited to those employees, contractors, and agents of the Receiving Party who have a need to know and who are bound by confidentiality obligations no less protective than those set forth herein.

8.3 Exceptions

The obligations of confidentiality shall not apply to information that the Receiving Party can demonstrate:

Was or becomes publicly available through no fault or breach by the Receiving Party;
Was rightfully known to the Receiving Party prior to disclosure, without restriction, as evidenced by written records;
Was independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information;
Was rightfully received from a third party without restriction on disclosure and without breach of any obligation of confidentiality; or
Is required to be disclosed by applicable law, regulation, or court order, provided that the Receiving Party gives the Disclosing Party prompt written notice of such requirement (to the extent legally permissible) and reasonably cooperates with the Disclosing Party's efforts to obtain protective treatment for such information.

8.4 Duration

The obligations of confidentiality set forth in this Section shall survive the termination or expiration of this Agreement and shall continue for a period of five (5) years from the date of disclosure, except that obligations with respect to trade secrets shall continue for as long as the information retains its trade secret status under applicable law.

8.5 Return or Destruction

Upon termination or expiration of this Agreement, or upon the Disclosing Party's written request, the Receiving Party shall, at the Disclosing Party's option, promptly return or destroy all Confidential Information of the Disclosing Party in its possession or control, including all copies, extracts, and summaries thereof, and shall certify in writing that it has done so. Notwithstanding the foregoing, the Receiving Party may retain copies of Confidential Information to the extent required by applicable law, regulation, or bona fide document retention policies, provided that such retained copies remain subject to the confidentiality obligations herein. Return or destruction shall be completed within thirty (30) days of the applicable request or termination date.

9. Data Protection & Privacy

9.1 Roles & Responsibilities

For the purposes of applicable data protection laws, the parties acknowledge that: (a) Client acts as the data controller (or "business" under CCPA/CPRA) with respect to any personal data contained within Client Data; and (b) Anubris acts as a data processor (or "service provider" under CCPA/CPRA) processing personal data on behalf of and under the instructions of Client. Where Anubris processes personal data for its own legitimate business purposes (e.g., billing, account management), Anubris acts as an independent controller with respect to such processing.

9.2 GDPR Compliance

To the extent that the processing of personal data is subject to the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") or the United Kingdom GDPR, the parties agree to the following Article 28 processor terms: Anubris shall process personal data only on documented instructions from Client; shall ensure that personnel authorized to process personal data are bound by appropriate confidentiality obligations; shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk; shall assist Client in fulfilling its obligations regarding data subject rights and data protection impact assessments; and shall make available to Client all information necessary to demonstrate compliance. A detailed Data Processing Addendum ("DPA") is available upon request and, when executed, shall be incorporated into this Agreement by reference.

9.3 CCPA/CPRA Compliance

To the extent that Client Data includes personal information of California residents subject to the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), Anubris shall: (a) not sell or share personal information; (b) not retain, use, or disclose personal information for purposes other than performing the Services; (c) not combine personal information received from Client with personal information from other sources except as permitted by applicable law; and (d) comply with applicable provisions of the CCPA/CPRA.

9.4 Data Processing Limitations

Anubris shall process Client Data solely as necessary to provide the Services and as instructed by Client. Anubris shall not use Client Data for any purpose other than providing the Services, unless required by applicable law. Anubris shall promptly inform Client if, in Anubris's opinion, an instruction from Client infringes applicable data protection laws.

9.5 Sub-processors

Client grants Anubris general authorization to engage Sub-processors to assist in the provision of Services, subject to the following conditions: (a) Anubris shall maintain a current list of Sub-processors, which shall be made available to Client upon request; (b) Anubris shall notify Client in writing at least thirty (30) days prior to engaging a new Sub-processor or materially changing an existing Sub-processor arrangement; (c) Client may object to the engagement of a new Sub-processor on reasonable grounds within fifteen (15) days of receiving notice, and the parties shall negotiate in good faith to resolve any such objection; and (d) Anubris shall impose data protection obligations on each Sub-processor that are no less protective than those imposed on Anubris under this Agreement.

9.6 Data Breach Notification

Breach Notification: In the event of a personal data breach (as defined by applicable data protection laws) involving Client Data, Anubris shall notify Client without undue delay and in any event within seventy-two (72) hours of becoming aware of the breach. Such notification shall include: (a) a description of the nature of the breach; (b) the categories and approximate number of data subjects and records affected; (c) the likely consequences of the breach; and (d) the measures taken or proposed to address the breach, including measures to mitigate its adverse effects.

Anubris shall cooperate with Client in investigating the breach, fulfilling regulatory notification obligations, and implementing remedial measures. Anubris shall document all personal data breaches and make such documentation available to Client and supervisory authorities upon request.

9.7 Data Localization & Cross-Border Transfers

Client Data shall be stored and processed in the geographic regions specified in the applicable Statement of Work. In the absence of such specification, Anubris shall store and process Client Data within the United States. Any transfer of Client Data to a country outside the European Economic Area, the United Kingdom, or Switzerland (where applicable) shall be subject to appropriate safeguards, including but not limited to Standard Contractual Clauses ("SCCs") as adopted by the European Commission, supplementary measures as required by applicable law, or other approved transfer mechanisms.

9.8 Security & Compliance Audits

Anubris commits to maintaining an information security program that includes administrative, technical, and physical safeguards appropriate to the nature and scope of the Services. Anubris shall: (a) maintain SOC 2 Type II certification (or equivalent) and make audit reports available to Client under NDA upon request; (b) conduct annual penetration testing of its infrastructure by qualified independent assessors; (c) permit Client (or Client's designated independent auditor) to conduct audits of Anubris's data processing activities upon reasonable written notice, subject to mutually agreed scope, timing, and confidentiality protections; and (d) promptly remediate any material findings identified through such audits or assessments.

9.9 Data Retention

Anubris shall retain Client Data only for as long as necessary to provide the Services and comply with applicable legal obligations. Upon termination of the Agreement, Anubris shall handle Client Data in accordance with Section 15 (Term & Termination) and Section 16 (Transition & Exit Assistance).

Data Category	Retention Period	Post-Termination
Active Client Data	Duration of Agreement	Returned or destroyed within 30 days
Backup & Archives	Per SOW retention schedule	Purged within 90 days
Security & Audit Logs	Minimum 12 months	Retained per legal requirements
Billing & Financial Records	7 years (legal requirement)	Retained per legal requirements
Aggregated / Anonymized Data	Indefinite	Retained (non-identifiable)

10. Fees & Payment

10.1 Fee Structures

Fees for Services shall be set forth in the applicable Statement of Work and may be structured under one or more of the following models:

Fixed Price: A predetermined total fee for a defined scope of work and Deliverables;
Time & Materials (T&M): Fees based on actual hours worked at agreed-upon hourly or daily rates, plus approved expenses;
Monthly Retainer: A fixed monthly fee for a specified allocation of hours, resources, or service scope;
Subscription: Recurring periodic fees for ongoing Managed Services, licensing, or platform access.

All Fees are quoted in United States Dollars (USD) unless otherwise specified in the applicable SOW.

10.2 Invoicing

Unless otherwise specified in the applicable Statement of Work: (a) Managed Services and subscription fees shall be invoiced monthly in advance; (b) time-and-materials fees shall be invoiced monthly in arrears, supported by itemized time records; (c) project-based fees shall be invoiced upon achievement of milestones defined in the SOW; and (d) pre-approved expenses shall be invoiced at cost with supporting documentation.

10.3 Payment Terms

Standard Payment Terms:

Due Date: All invoices are due and payable within thirty (30) days of the invoice date ("Net 30").
Late Payment Interest: Overdue amounts shall accrue interest at a rate of 1.5% per month (or the maximum rate permitted by applicable law, whichever is lower), calculated from the due date until the date of payment.
Collection Costs: Client shall be responsible for all reasonable costs of collection, including attorneys' fees, incurred by Anubris in collecting overdue amounts.
Currency: All payments shall be made in United States Dollars (USD) via wire transfer, ACH, or such other method as agreed by the parties.

Suspension for Non-Payment: If any undisputed amount remains unpaid for more than fifteen (15) days past the due date, Anubris may, upon five (5) business days' prior written notice, suspend the provision of Services until all outstanding amounts are paid in full. Such suspension shall not relieve Client of its obligation to pay Fees for the full Term.

10.4 Invoice Disputes

Client must notify Anubris in writing of any disputed invoice charges within fifteen (15) days of the invoice date, specifying the nature and basis of the dispute in reasonable detail. The parties shall negotiate in good faith to resolve any disputes promptly. Undisputed portions of any invoice shall remain due and payable in accordance with Section 10.3, regardless of any pending dispute. Failure to dispute an invoice within the fifteen (15) day period shall constitute acceptance of the invoiced amounts.

10.5 Annual Price Adjustments

Anubris may adjust recurring Fees annually, effective upon the anniversary of the applicable SOW or renewal date, to reflect changes in the Consumer Price Index for All Urban Consumers (CPI-U) as published by the U.S. Bureau of Labor Statistics. Anubris shall provide Client with at least sixty (60) days' prior written notice of any price adjustment. Annual increases shall be capped at five percent (5%) of the then-current Fees. Price adjustments exceeding the CPI-linked adjustment or the 5% cap require mutual written agreement.

10.6 Taxes

All Fees are exclusive of applicable taxes. Client is responsible for all sales, use, value-added, goods and services, withholding, and other taxes and government charges imposed on the Services (other than taxes based on Anubris's net income). If Anubris is required to collect or remit any such taxes, they shall be added to the applicable invoice. Client shall provide Anubris with valid tax exemption certificates where applicable.

11. Warranties

11.1 Anubris Warranties

Anubris represents and warrants that:

Services shall be performed in a professional and workmanlike manner, consistent with generally accepted industry standards and practices;
Anubris personnel assigned to perform Services shall possess the qualifications, skills, and experience reasonably necessary to perform the Services in accordance with the applicable SOW;
Deliverables shall materially conform to the specifications, requirements, and acceptance criteria set forth in the applicable Statement of Work;
Anubris shall perform the Services in compliance with all applicable laws, regulations, and industry standards;
To Anubris's knowledge, Deliverables provided to Client shall not contain any known virus, malware, backdoor, or other malicious code at the time of delivery;
Anubris has the right and authority to enter into this Agreement and to grant the rights and licenses contemplated herein.

11.2 Client Warranties

Client represents and warrants that:

Client has full authority to enter into this Agreement and to perform its obligations hereunder;
All information provided by Client to Anubris is accurate, complete, and not misleading in any material respect;
Client holds all necessary licenses, rights, and permissions for any software, data, or materials provided to Anubris in connection with the Services;
Client's use of the Services and Deliverables shall comply with all applicable laws, regulations, and industry standards;
Client Data does not and shall not infringe, misappropriate, or otherwise violate any third-party intellectual property rights, privacy rights, or other proprietary rights.

11.3 Warranty Period & Remedy

The warranty period for Project Services Deliverables shall be ninety (90) days from the date of Client's acceptance (or deemed acceptance) of the applicable Deliverable ("Warranty Period"). During the Warranty Period, if Client provides written notice that a Deliverable does not materially conform to the specifications set forth in the applicable SOW, Anubris shall, at its own expense, use commercially reasonable efforts to re-perform the non-conforming Services or repair or replace the non-conforming Deliverable. Such re-performance, repair, or replacement shall constitute Client's sole and exclusive remedy and Anubris's sole and exclusive liability for breach of the warranties set forth in Section 11.1 with respect to Project Services Deliverables.

12. Disclaimer of Warranties

EXCEPT AS EXPRESSLY SET FORTH IN SECTION 11, ALL SERVICES, DELIVERABLES, AND MATERIALS ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. ANUBRIS EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

WITHOUT LIMITING THE FOREGOING, ANUBRIS DOES NOT WARRANT THAT:

THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE;
THE RESULTS OBTAINED FROM THE USE OF THE SERVICES WILL BE ACCURATE, RELIABLE, OR COMPLETE;
ANY THIRD-PARTY PRODUCTS, SERVICES, OR PLATFORMS INTEGRATED WITH OR USED IN CONNECTION WITH THE SERVICES WILL PERFORM AS EXPECTED OR BE FREE OF DEFECTS;
DELIVERABLES THAT HAVE BEEN MODIFIED, ALTERED, OR ADAPTED BY CLIENT OR ANY THIRD PARTY WILL CONTINUE TO CONFORM TO THEIR ORIGINAL SPECIFICATIONS;
THE SERVICES WILL MEET CLIENT'S REQUIREMENTS BEYOND THOSE EXPRESSLY SPECIFIED IN THE APPLICABLE STATEMENT OF WORK.

CLIENT ACKNOWLEDGES THAT THE SERVICES INVOLVE TECHNOLOGY THAT IS INHERENTLY SUBJECT TO RISKS, INCLUDING BUT NOT LIMITED TO HARDWARE FAILURES, SOFTWARE DEFECTS, NETWORK OUTAGES, CYBERSECURITY THREATS, AND EVOLVING REGULATORY REQUIREMENTS. CLIENT ASSUMES ALL RISK ASSOCIATED WITH THE USE OF THE SERVICES AND DELIVERABLES EXCEPT TO THE EXTENT EXPRESSLY WARRANTED IN SECTION 11.

13. Limitation of Liability

13.1 Aggregate Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE TOTAL AGGREGATE LIABILITY OF ANUBRIS ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY CLIENT TO ANUBRIS DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

13.2 Exclusion of Consequential Damages

IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF BUSINESS OPPORTUNITIES, LOSS OF DATA, LOSS OF GOODWILL, COST OF PROCUREMENT OF SUBSTITUTE SERVICES, OR BUSINESS INTERRUPTION, HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

13.3 Exceptions to Limitations

The limitations set forth in Sections 13.1 and 13.2 shall not apply to:

Liability arising from a party's gross negligence or willful misconduct;
Anubris's indemnification obligations for intellectual property infringement under Section 14;
A party's breach of its confidentiality obligations under Section 8;
A data breach resulting from Anubris's negligent failure to implement and maintain the security measures required by this Agreement;
Client's obligation to pay Fees for Services rendered;
Liability that cannot be limited or excluded under applicable law.

13.4 Per-Incident Cap for Data Breaches

Notwithstanding Section 13.1, in the event of a data breach resulting from Anubris's negligence, Anubris's liability for such breach shall not exceed two (2) times the total annual Fees paid or payable by Client under this Agreement in the twelve (12) months preceding the breach.

13.5 Essential Basis of the Bargain

THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 13 ARE A FUNDAMENTAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. THE FEES CHARGED BY ANUBRIS REFLECT THE ALLOCATION OF RISK SET FORTH IN THIS AGREEMENT, AND ANUBRIS WOULD NOT ENTER INTO THIS AGREEMENT WITHOUT THESE LIMITATIONS. THE PARTIES ACKNOWLEDGE THAT THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY PROVIDED HEREIN.

14. Indemnification

14.1 Indemnification by Anubris

Anubris shall defend, indemnify, and hold harmless Client and its officers, directors, employees, and agents ("Client Indemnitees") from and against any third-party claims, demands, lawsuits, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

Any allegation that the Deliverables, as delivered by Anubris and used by Client in accordance with this Agreement, infringe, misappropriate, or otherwise violate any third-party intellectual property rights;
Anubris's gross negligence or willful misconduct in the performance of the Services;
Anubris's material breach of its confidentiality obligations under Section 8 or its data protection obligations under Section 9.

If any Deliverable becomes, or in Anubris's reasonable opinion is likely to become, the subject of an infringement claim, Anubris may, at its option and expense: (a) procure the right for Client to continue using the Deliverable; (b) modify the Deliverable to make it non-infringing while preserving substantially equivalent functionality; or (c) replace the Deliverable with a non-infringing alternative. If none of the foregoing options are commercially reasonable, Anubris may terminate the affected SOW and refund to Client any pre-paid Fees attributable to the infringing Deliverable for the period following such termination.

14.2 Indemnification by Client

Client shall defend, indemnify, and hold harmless Anubris and its officers, directors, employees, and agents ("Anubris Indemnitees") from and against any third-party claims, demands, lawsuits, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

Client Data, including any allegation that Client Data infringes, misappropriates, or otherwise violates any third-party intellectual property rights, privacy rights, or other proprietary rights;
Client's or its Authorized Users' violation of the Acceptable Use Policy set forth in Section 6;
Client's use of the Services or Deliverables in a manner not authorized by this Agreement or the applicable SOW;
Client's breach of its warranties or representations under Section 11.2.

14.3 Indemnification Procedure

The party seeking indemnification ("Indemnified Party") shall: (a) provide the indemnifying party ("Indemnifying Party") with prompt written notice of the claim (provided that failure to provide prompt notice shall not relieve the Indemnifying Party of its obligations except to the extent materially prejudiced thereby); (b) grant the Indemnifying Party sole control of the defense and settlement of the claim; and (c) provide reasonable cooperation and assistance at the Indemnifying Party's expense. The Indemnifying Party shall not enter into any settlement that imposes any obligation or liability on the Indemnified Party, or that does not include a full and unconditional release of the Indemnified Party, without the Indemnified Party's prior written consent. Each party shall use commercially reasonable efforts to mitigate damages for which indemnification may be sought.

15. Term & Termination

15.1 Term

The initial term of this Agreement shall commence on the Effective Date and shall continue for the period specified in the applicable Statement of Work. For Managed Services engagements, the initial term is typically twelve (12) months unless otherwise specified. For Project Services, the term shall continue until the applicable Deliverables have been accepted and all obligations under the SOW have been fulfilled.

15.2 Renewal

Unless either party provides written notice of non-renewal at least sixty (60) days prior to the expiration of the then-current term, Managed Services engagements shall automatically renew for successive twelve (12) month periods on substantially the same terms and conditions, subject to annual price adjustments as set forth in Section 10.5.

15.3 Termination for Convenience

Either party may terminate this Agreement or any Statement of Work for convenience upon the following written notice periods:

Managed Services: Sixty (60) days' prior written notice;
Project Services: Thirty (30) days' prior written notice, subject to payment for all Services performed and expenses incurred through the effective date of termination, plus any non-cancellable commitments made by Anubris at Client's direction.

15.4 Termination for Cause

Either party may terminate this Agreement or any Statement of Work for cause upon thirty (30) days' written notice specifying the material breach in reasonable detail, if the breaching party fails to cure such breach within the thirty (30) day notice period.

15.5 Immediate Termination

Either party may terminate this Agreement immediately upon written notice if the other party:

Becomes insolvent, makes an assignment for the benefit of creditors, or files or has filed against it a petition in bankruptcy or for reorganization;
Is convicted of, or pleads guilty or no contest to, a criminal offense that materially impacts its ability to perform under this Agreement;
Commits three (3) or more material breaches within any twelve (12) month period, regardless of whether such breaches have been cured.

15.6 Effect of Termination

Upon the effective date of termination or expiration of this Agreement:

Anubris shall cease performing all Services, except as necessary to fulfill transition assistance obligations under Section 16;
All outstanding Fees for Services performed through the effective date of termination shall become immediately due and payable;
Anubris shall issue a final invoice within thirty (30) days of the termination effective date;
Each party shall comply with its obligations regarding Confidential Information (Section 8.5) and Client Data (Section 9);
Anubris shall return or make available for export all Client Data in accordance with Section 16, within thirty (30) days of the termination effective date;
All licenses granted by Anubris that are expressly stated to be perpetual shall survive termination; all other licenses shall terminate.

15.7 Survival

The following Sections shall survive the termination or expiration of this Agreement: Section 1 (Definitions), Section 7 (Intellectual Property Rights), Section 8 (Confidentiality), Section 9 (Data Protection & Privacy), Section 10 (Fees & Payment, with respect to amounts accrued prior to termination), Section 12 (Disclaimer of Warranties), Section 13 (Limitation of Liability), Section 14 (Indemnification), Section 16 (Transition & Exit Assistance), Section 18 (Dispute Resolution), and Section 19 (General Provisions), together with any other provisions that by their nature are intended to survive.

16. Transition & Exit Assistance

16.1 Transition Planning

Upon receipt of a termination or non-renewal notice, Anubris shall prepare and deliver to Client a written transition plan within fifteen (15) business days. The transition plan shall outline the key activities, milestones, timelines, and resources required to effect an orderly transition of the Services to Client or Client's designated successor service provider.

16.2 Knowledge Transfer

Anubris shall conduct knowledge transfer sessions with Client's personnel and/or successor service provider, covering: (a) system architectures, configurations, and dependencies; (b) operational procedures, runbooks, and escalation processes; (c) monitoring and alerting configurations; (d) vendor and third-party contacts and relationships; (e) known issues, workarounds, and pending changes; and (f) any other information reasonably necessary for the continued operation of Client's IT environment.

16.3 Documentation

Anubris shall provide comprehensive documentation of all configurations, customizations, and integrations implemented during the engagement, including: network diagrams, system architecture documentation, configuration files, access credentials (transferred securely), license information, and operational procedures.

16.4 Data Export

Anubris shall export and deliver all Client Data in industry-standard, machine-readable formats (e.g., CSV, JSON, XML, SQL, or other formats as mutually agreed). Client Data shall be delivered via secure transfer methods (encrypted file transfer, secure cloud storage, or encrypted physical media, as appropriate). Anubris shall certify the completeness and integrity of the exported data.

16.5 Parallel Running

At Client's request and expense, Anubris shall support a parallel running period during which Anubris continues to provide the Services concurrently with Client's successor service provider. The duration, scope, and fees for parallel running shall be mutually agreed in writing.

16.6 Transition Support Duration

Anubris shall make transition assistance available for a minimum period of ninety (90) days following the effective date of termination. Transition assistance shall be provided at Anubris's then-current standard rates unless otherwise agreed. Anubris shall not unreasonably withhold, condition, or delay the provision of transition assistance.

16.7 Cooperation with Successor

Anubris shall cooperate in good faith with Client's designated successor service provider and shall not impede or obstruct the transition process. Cooperation shall include providing reasonable access to systems, personnel, and documentation during the transition period, subject to appropriate confidentiality protections.

17. Force Majeure

17.1 Definition

A "Force Majeure Event" means any event or circumstance beyond the reasonable control of the affected party that prevents, hinders, or delays the performance of its obligations under this Agreement, including but not limited to:

Natural disasters (earthquakes, hurricanes, floods, volcanic eruptions, tsunamis, wildfires);
Acts of war, armed conflict, terrorism, insurrection, or civil unrest;
Epidemics, pandemics, or quarantine restrictions;
Government actions, embargoes, sanctions, or regulatory changes;
Large-scale cyber attacks on national or regional infrastructure (e.g., attacks on internet backbone, DNS infrastructure, or cloud provider regions);
Utility failures (power grid failures, telecommunications outages) extending beyond the scope of commercially available redundancy measures;
Labor disputes, strikes, or lockouts not involving the affected party's own employees;
Failure of key third-party infrastructure providers or supply chain disruptions beyond the affected party's reasonable control.

A Force Majeure Event shall not include: (a) financial hardship or inability to pay; (b) changes in market conditions; (c) a party's failure to plan for foreseeable events; or (d) events that could have been reasonably avoided or mitigated by the affected party.

17.2 Notification

The party affected by a Force Majeure Event shall notify the other party in writing within forty-eight (48) hours of becoming aware of the event, describing the nature of the event, its expected duration, and the obligations affected. The affected party shall provide regular updates on the status of the Force Majeure Event and its efforts to resume performance.

17.3 Mitigation

The affected party shall use commercially reasonable efforts to mitigate the impact of the Force Majeure Event, resume performance of its obligations as soon as practicable, and identify and implement reasonable alternative means of performance.

17.4 Extended Force Majeure

If a Force Majeure Event continues for a period exceeding ninety (90) consecutive days, either party may terminate the affected Statement of Work (or this Agreement in its entirety if all Services are affected) upon thirty (30) days' written notice, without liability to the other party, except for payment of Fees for Services actually rendered prior to the Force Majeure Event.

17.5 Fee Obligations

Client shall not be obligated to pay Fees for the period during which Services are materially unavailable due to a Force Majeure Event, except to the extent that Anubris continues to incur costs in maintaining readiness to resume Services at Client's request.

18. Dispute Resolution

18.1 Escalation Procedure

The parties agree to attempt to resolve any dispute, controversy, or claim arising out of or relating to this Agreement ("Dispute") through the following escalation procedure before resorting to formal dispute resolution mechanisms:

Tier 1 — Project Managers: The designated project managers or primary contacts for each party shall attempt to resolve the Dispute within ten (10) business days of written notice of the Dispute;
Tier 2 — Directors / Department Heads: If the Dispute is not resolved at Tier 1, it shall be escalated to the respective directors or department heads, who shall attempt to resolve the Dispute within ten (10) business days;
Tier 3 — Executive Leadership: If the Dispute is not resolved at Tier 2, it shall be escalated to the respective executive officers (e.g., CEO, COO, or their designees), who shall attempt to resolve the Dispute within ten (10) business days.

18.2 Mediation

If the Dispute is not resolved through the escalation procedure set forth in Section 18.1, either party may initiate non-binding mediation administered by JAMS in New York, New York, in accordance with the JAMS Mediation Rules then in effect. The costs of mediation (including mediator fees) shall be shared equally by the parties. Each party shall bear its own attorneys' fees and expenses in connection with the mediation.

18.3 Arbitration

If the Dispute is not resolved through mediation within sixty (60) days of the initiation of mediation (or such longer period as the parties may agree), either party may submit the Dispute to final and binding arbitration administered by JAMS in accordance with the JAMS Comprehensive Arbitration Rules & Procedures then in effect. The arbitration shall be conducted by a single arbitrator selected in accordance with the JAMS rules. The arbitration shall take place in New York, New York, and shall be conducted in the English language. The arbitrator's decision shall be final and binding, and judgment on the award may be entered in any court of competent jurisdiction. The arbitrator shall have the authority to award any relief that would be available in a court of law, including injunctive and declaratory relief, but shall not have the authority to award punitive or exemplary damages except as permitted by applicable law.

18.4 Injunctive Relief

Notwithstanding the foregoing, either party may seek temporary, preliminary, or permanent injunctive relief, or other equitable remedies, from any court of competent jurisdiction at any time, without first exhausting the escalation, mediation, or arbitration procedures set forth above, where necessary to prevent irreparable harm or to preserve the status quo, including but not limited to claims involving breach of confidentiality, infringement of intellectual property rights, or unauthorized access to systems or data.

18.5 Small Claims

Either party may bring qualifying claims in small claims court as an alternative to the arbitration procedure set forth above, to the extent permitted by applicable law and the jurisdictional limits of such court.

18.6 Continued Performance

Unless this Agreement has been terminated in accordance with Section 15, both parties shall continue to perform their respective obligations under this Agreement during the pendency of any Dispute, including the continued provision of Services by Anubris and the continued payment of undisputed Fees by Client.

19. General Provisions

19.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of laws principles. The parties irrevocably submit to the exclusive jurisdiction of the state and federal courts located in New York County, New York, for any proceedings arising out of or relating to this Agreement that are not subject to arbitration under Section 18.

19.2 Entire Agreement

This Agreement, together with all Statements of Work, Data Processing Addenda, Service Level Agreements, and other documents expressly incorporated by reference, constitutes the entire agreement between the parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, proposals, negotiations, representations, and communications, whether oral or written, between the parties relating to such subject matter.

19.3 Severability

If any provision of this Agreement is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if modification is not possible, shall be severed from this Agreement. The invalidity or unenforceability of any provision shall not affect the validity or enforceability of the remaining provisions, which shall continue in full force and effect.

19.4 Waiver

No failure or delay by either party in exercising any right, power, or remedy under this Agreement shall operate as a waiver thereof, nor shall any single or partial exercise of any right, power, or remedy preclude any further or other exercise thereof or the exercise of any other right, power, or remedy. Any waiver must be in writing and signed by the waiving party to be effective.

19.5 Assignment

Neither party may assign or transfer this Agreement or any of its rights or obligations hereunder without the prior written consent of the other party, except that either party may, without the other party's consent, assign this Agreement to: (a) an Affiliate of such party; or (b) a successor entity in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of such party's assets, provided that the assignee assumes all obligations of the assigning party under this Agreement. Any attempted assignment in violation of this Section shall be void.

19.6 Subcontracting

Anubris may engage qualified subcontractors to assist in the performance of the Services, provided that Anubris shall remain fully responsible for the performance of any subcontracted obligations and shall ensure that subcontractors are bound by obligations no less protective than those imposed on Anubris under this Agreement. Anubris shall notify Client upon request of the identity of any subcontractors engaged to perform material portions of the Services.

19.7 Notices

All notices, requests, demands, and other communications required or permitted under this Agreement shall be in writing and shall be deemed given: (a) upon delivery if delivered personally; (b) upon confirmed transmission if sent by email to the designated email addresses; (c) one (1) business day after deposit with a nationally recognized overnight courier service; or (d) three (3) business days after deposit in the United States mail, postage prepaid, registered or certified, return receipt requested, addressed to the party at the address specified in the applicable SOW or as otherwise provided in writing. For legal notices, email delivery must be accompanied by one of the methods specified in clauses (c) or (d) above.

19.8 Independent Contractor

The relationship of the parties under this Agreement is that of independent contractors. Nothing in this Agreement shall be construed to create a partnership, joint venture, agency, employment, or franchise relationship between the parties. Neither party has the authority to bind the other or to incur any obligation on behalf of the other party. Anubris personnel are not employees of Client and are not entitled to any Client employee benefits.

19.9 No Third-Party Beneficiaries

This Agreement is entered into solely for the benefit of the parties hereto and their respective successors and permitted assigns. Nothing in this Agreement, express or implied, is intended to or shall confer upon any third party any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.

19.10 Counterparts & Electronic Execution

This Agreement and any SOW or amendment hereto may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument. Electronic signatures and electronically transmitted copies shall have the same legal effect as original signatures and documents.

19.11 Export Compliance

Each party shall comply with all applicable export control laws and regulations, including the U.S. Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and sanctions programs administered by the U.S. Office of Foreign Assets Control (OFAC). Client shall not export, re-export, or transfer any Deliverables, technical data, or software received from Anubris to any country, entity, or person prohibited by applicable export control laws without obtaining the required governmental approvals.

19.12 Anti-Corruption & Anti-Bribery

Each party represents and warrants that it shall comply with all applicable anti-corruption and anti-bribery laws, including the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act 2010. Neither party shall make, offer, promise, or authorize any payment or transfer of value, directly or indirectly, to any government official, political party, or any other person for the purpose of obtaining or retaining business or securing any improper advantage in connection with this Agreement.

19.13 Insurance

Anubris shall maintain, at its own expense, the following minimum insurance coverage throughout the Term of this Agreement:

Professional Liability / Errors & Omissions (E&O): Not less than $2,000,000 per occurrence and in the aggregate;
Cyber Liability / Technology Errors & Omissions: Not less than $5,000,000 per occurrence and in the aggregate;
Commercial General Liability (CGL): Not less than $1,000,000 per occurrence and $2,000,000 in the aggregate;
Workers' Compensation: As required by applicable law.

Anubris shall provide certificates of insurance evidencing such coverage upon Client's written request.

19.14 Publicity

Neither party shall use the other party's name, logo, trademarks, or other identifying information in any press release, marketing material, case study, or public statement without the prior written consent of the other party. Notwithstanding the foregoing, Anubris may include Client's name in confidential client lists provided to prospective clients or investors, subject to Client's right to opt out of such inclusion upon written notice.

20. Contact & Amendments

20.1 Contact Information

Anubris Inc. — Contact Directory

Legal & Compliance Inquiries:
Email: legal@anubris.com
For contract negotiations, legal notices, compliance questions, and data protection requests.

Billing & Accounts:
Email: billing@anubris.com
For invoice inquiries, payment processing, account statements, and billing disputes.

Technical Support:
Email: support@anubris.com
For incident reporting, service requests, technical questions, and SLA inquiries.

General Inquiries:
Email: info@anubris.com
Website: https://anubris.com

20.2 Amendments

This Agreement may only be amended, modified, or supplemented by a written instrument executed by authorized representatives of both parties. No amendment shall be effective unless it expressly references this Agreement and is signed (including by electronic signature) by both parties. Oral amendments, modifications, and waivers are not enforceable.

20.3 Version Control

Anubris shall maintain a version history of these Terms of Service, including the date and a summary description of material changes for each version. The current version number and last updated date are displayed at the top of this document. Prior versions shall be retained for a period of no less than five (5) years and shall be made available upon written request.

20.4 Non-Material Changes

Anubris may make non-material changes to these website-published Terms (e.g., formatting updates, clarifications that do not alter the substance of any provision, or updates to contact information) by posting the revised Terms on its website with an updated "Last Updated" date. Anubris shall provide at least thirty (30) days' notice of any such changes by posting the updated Terms prior to their effective date. For active service engagements governed by an executed MSA or SOW, the terms in effect at the time of execution shall govern unless amended in accordance with Section 20.2.

Acknowledgment: By executing a Statement of Work, accessing the Anubris Client Portal, or using any Anubris Services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service in their entirety. If you have any questions regarding these Terms, please contact legal@anubris.com before proceeding.