CLOUD SERVICES AND LICENSED SOFTWARE AGREEMENT GENERAL TERMS

Last Updated: March 10, 2026.

1. DEFINITIONS
   

   “Affiliate” means an entity that, directly or indirectly, controls, is under the control of, or is under common control with a Party, where control means having more than fifty percent (50%) of the voting stock or other ownership interest.

   “Agreement” means, with respect to each Order Form, the applicable Order Form together with these General Terms, including any and all documents incorporated herein, which collectively form a separate binding agreement by and between FOCUS and Customer.

   “Aggregated Data” means de-identified, anonymized, and aggregated data derived from Customer Data or Usage Data that does not identify Customer, any Authorized User, or any natural person or household.

   “Authorized Users” means the individuals who are authorized by Customer to access and use the Cloud Service on Customer’s behalf.

   “Claims” means any and all third-party demands, allegations, actions, claims, lawsuits, proceedings, and investigations.

   “Cloud Service” means FOCUS’s proprietary SaaS platform for learning management, training, and administration, as described in the applicable Order Form, including any Updates.

   “Confidential Information” means any non-public information disclosed by or on behalf of a Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) in connection with this Agreement, whether disclosed orally, in writing, electronically, or by any other means, that (a) is designated as “confidential,” “proprietary,” or with a similar legend or designation at the time of disclosure; (b) by its nature or the circumstances of its disclosure, would reasonably be understood to be confidential or proprietary; or (c) constitutes or relates to: (i) non-public technical, business, financial, operational, and strategic information; (ii) trade secrets, know-how, inventions, processes, techniques, or algorithms; (iii) product plans, designs, roadmaps, specifications, and prototypes; (iv) pricing (including pricing in this Agreement), costs, and other financial terms; (v) customer lists, vendor lists, and marketing strategies; (vi) non-public information about employees, contractors, or business relationships; or (vii) non-public information regarding information security plans and implementation. FOCUS’s Confidential Information includes, without limitation: (A) the Cloud Service, Licensed Software, Software, Documentation, and Aggregated Data; (B) FOCUS IP and all related technical information; (C) any non-public information regarding FOCUS’s business operations and product development.

   “Customer” means the Party identified as such in the applicable Order Form.

   “Customer Data” means all data, information, content, materials, recordings, files, transcripts, outputs, and inputs (i) collected, received, stored or maintained by the Cloud Service, the Licensed Software or FOCUS in connection with Customer’s access to or use of Licensed Software or Cloud Service or FOCUS’ performance of its obligations under this Agreement (including data, information, content, materials, recordings, files, transcripts, outputs, and inputs collected by or associated with any cookies); (ii) provided by Customer to FOCUS, including all data files; or (iii) derived from (i) or (ii)

   "Defect" means a failure of the Cloud Service or Licensed Software to conform in a material respect to the Documentation.

   “Documentation” means the user manuals, help files, and other instructional materials for the Cloud Service made available by FOCUS.

   “DPA” means FOCUS’s Data Processing Addendum, attached hereto as Schedule B and incorporated into this Agreement by reference.

   “Fees” means the amounts payable by Customer as set forth in the applicable Order Form, including Cloud Service Fees, Implementation Fees, Maintenance Fees, and any other fees specified therein.

   “FOCUS” means FOCUS Learning Corporation, a California corporation with its principal place of business at 140 W Franklin Suite 203, Monterey, CA 93940.

   “FOCUS IP” means (a) the Cloud Service, Software, Documentation, and all related technology and algorithms; (b) all modifications, improvements, and derivative works of the foregoing; (c) all intellectual property rights in and to the foregoing; and (d) Aggregated Data.

   “General Terms” means these Cloud Services and Licensed Software Agreement General Terms.

   "License Key" means the alphanumeric code or digital key provided by FOCUS that enables the installation and use of the Licensed Software in accordance with the license metrics specified in the Order Form.

   "Licensed Software" means the object code version of FOCUS's proprietary software identified in the applicable Order Form for on-premises installation and use, including any Updates provided under an active Maintenance agreement.

   “Losses” means any and all losses, liabilities, settlements, damages, judgments, fines, fees, penalties, costs, and expenses (including reasonable attorneys’ fees).

   "Maintenance" means the support and maintenance services for the Licensed Software, including the provision of Updates, technical support, and error correction, as further described in this Agreement.

   "Maintenance Fees" means the annual fees payable by Customer for Maintenance of the Licensed Software as specified in the applicable Order Form.

   “Order Form” means an ordering document executed by the Parties that references and incorporates these General Terms and sets forth the specific terms for Customer’s subscription to the Cloud Service.

   “Party” and “Parties” means FOCUS and Customer, individually and collectively.

   “Personal Data” has the meaning set forth in the DPA.

   “Professional Services” means the professional services set forth in the Order Form.

   "Reinstatement Fee" means a payment for restoring the Cloud Service or Licensed Software Maintenance of a previously terminated or lapsed purchase agreement or contract, as determined by FOCUS in its sole discretion.

   “Software” means any software owned or controlled by FOCUS, including without limitation the software underlying the Cloud Service.

   “Subscription Term” means the period during which Customer may access and use the Cloud Service, as specified in the applicable Order Form.

   "Update" means (i) for Licensed Software, any bug fixes, patches, error corrections, minor enhancements, and new releases of the Licensed Software that FOCUS makes generally available to its licensees under active Maintenance at no additional license fee and (ii) for Cloud Service, any bug fixes, patches, error corrections, minor enhancements, and new releases of the Cloud Service that FOCUS makes generally available to its cloud customers at no additional license fee. "Update" does not include new products or modules that FOCUS markets or prices separately.

   “Usage Data” means data and information about the provision, use, and performance of the Cloud Service based on Customer’s or Authorized Users’ use of the Cloud Service.

   “Use" means (a) utilization of the Licensed Software by Authorized Users for Customer's internal business purposes and (b) installation of the Licensed Software at the Sites specified in the applicable Order Form.

2. ACCESS AND USE
   1. Grant of Rights. Subject to the terms of this Agreement and Customer’s payment of all applicable Fees, FOCUS hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to (a) access and use the Cloud Service solely for Customer’s internal business purposes; and (b) copy and use the Documentation internally solely as necessary to use the Cloud Service. The rights granted under this Agreement are limited to Customer and its Authorized Users and may not be extended to any third party. Except as expressly set forth in Section 2.5 in connection with Licensed Software licenses, Customer has no right to access, copy, or use the Software.
   2. User Accounts. Customer is responsible for (a) all actions taken by its Authorized Users and through its Authorized Users’ accounts; (b) ensuring all Authorized Users comply with this Agreement; and (c) maintaining the confidentiality of all account credentials. Customer shall promptly notify FOCUS if Customer knows of or reasonably suspects any unauthorized access to or use of the Cloud Service or any compromise of account credentials.
   3. Technical Support. During the Subscription Term, FOCUS will provide Customer with technical support for the Cloud Service in accordance with FOCUS’s then-current support policies and the SLA set forth in Schedule A, attached hereto and incorporated herein by reference, which FOCUS may modify from time to time in its sole discretion. FOCUS's support obligations are limited to reasonable commercial efforts to address issues reported by Customer, and FOCUS does not guarantee resolution of all issues or any specific response times except as expressly set forth in Schedule A.
   4. Professional Services. FOCUS will use reasonable efforts to perform and provide the Professional Services set forth in the Order Form. Professional Services are not included in the Cloud Service definition. Provision of the Cloud Service is not included in the Professional Service definition.
   5. Grant of Rights - Licensed Software. If the Order Form specifies that Customer has licensed Licensed Software, then subject to the terms of this Agreement and Customer's payment of all applicable Fees, FOCUS hereby grants to Customer a limited, non-exclusive, non-sublicensable, non-transferable license during the applicable license term to Use the Licensed Software and Documentation for Customer's internal business purposes only. This license does not transfer to Customer title or any proprietary or intellectual property rights to the Licensed Software, Documentation, or any copyrights, patents, or trade secrets embodied therein, except for the rights expressly granted herein. Customer may: (a) install and use the Licensed Software identified in the Order Form in object code form at the sites and within the license metrics, designated environment, and territory specified in the Order Form; (b) make only the number of copies reasonably required for use, backup, testing, disaster recovery, and archival purposes; and (c) make copies of the Documentation for use by its Authorized Users. All copies of the Licensed Software and Documentation will be subject to all terms and conditions of this Agreement. Whenever Customer copies the Licensed Software or Documentation, Customer shall reproduce on such copies all titles, trademark symbols, copyright symbols, legends, and other proprietary markings appearing on the original.
   6. Delivery and Acceptance. If Customer has licensed Licensed Software under an Order Form:
      • Delivery. FOCUS will deliver the Licensed Software via electronic download or other mutually agreed method, together with any applicable License Keys and Documentation. Delivery will be deemed complete upon FOCUS making the Licensed Software available for download.
      • Acceptance. Customer will have thirty (30) days following delivery (the "Acceptance Period") to evaluate the Licensed Software for substantial conformity to the Documentation. Customer will be deemed to have accepted the Licensed Software upon the earliest of: (i) Customer's written notice of acceptance; (ii) Customer's use of the Licensed Software in a production environment; or (iii) expiration of the Acceptance Period without Customer's written rejection specifying material non-conformities.
      • Rejection and Cure. If Customer rejects the Licensed Software in accordance with this section, FOCUS will have sixty (60) days to cure the identified non-conformities and redeliver the corrected Licensed Software. Upon redelivery, a new Acceptance Period will commence. If FOCUS is unable to cure the material non-conformities after three (3) cure attempts, Customer's sole and exclusive remedy shall be to terminate the applicable Order Form and receive a refund of any license fees paid for the non-conforming Licensed Software, less any fees attributable to Customer's use of the Licensed Software prior to rejection.
   7. Maintenance and Support for Licensed Software. If Customer has licensed Licensed Software under an Order Form and has paid the applicable Maintenance Fees: (a) Scope. FOCUS shall provide Maintenance for the Licensed Software, including: (i) Updates as they become generally available; (ii) technical support via email and telephone during FOCUS's standard business hours; and (iii) commercially reasonable efforts to provide fixes for errors reported by Customer. (b) Local Installation Support. FOCUS will provide reasonable assistance with installation issues for the Licensed Software, subject to any time limitations specified in the Order Form, with additional support available at FOCUS's then-current hourly rates. (c) Exclusions. FOCUS shall have no obligation to provide Maintenance for issues arising from: (i) modifications to the Licensed Software not made or authorized by FOCUS; (ii) use of the Licensed Software on hardware, operating systems, or platforms not specified in the Documentation; (iii) combination of the Licensed Software with products, software, or data not provided by FOCUS where the issue would not have arisen but for such combination; (iv) Customer's failure to implement Updates within a reasonable time after FOCUS makes them available; or (v) Customer's breach of this Agreement.
   8. Third-Party Products. If Customer uses third-party services, software, or data in connection with the Licensed Software or Cloud Service, Customer is solely responsible for procuring such third-party products and any related fees, installation, and compatibility requirements. FOCUS does not warrant that the Licensed Software or Cloud Service is compatible with or will operate in connection with any specific server, operating environment, third-party software, or data not expressly specified in the Documentation.
   9. Customer Responsibilities. If Customer has licensed Licensed Software under an Order Form, Customer shall be solely responsible for: (a) the Use, installation, and operation of the Licensed Software, and its connection or interface to any other computer hardware, software, or peripherals; (b) any data entry, loading, and management of Customer data; (c) promptly notifying FOCUS of any failures of the Licensed Software to perform in accordance with the Documentation; and (d) identifying to FOCUS one primary contact person and one alternate contact person qualified to work with the Licensed Software for the purpose of reporting issues and implementing Updates.
   10. Customer Environment Obligations. If Customer has licensed Licensed Software under an Order Form, Customer is solely responsible for: (a) procuring, installing, configuring, and maintaining all hardware, operating systems, databases, middleware, network infrastructure, and other third-party software required to operate the Licensed Software; (b) maintaining adequate power supply, environmental controls, and network connectivity; and (c) maintaining security of Customer's systems and environment. FOCUS shall have no liability for any failure, degradation, or non-conformity of the Licensed Software caused by Customer's hardware, operating systems, network outages, or third-party software conflicts. Customer shall maintain adequate backups and disaster recovery for on-premise deployments.
   11. License Verification and Audit. If Customer has licensed Licensed Software under an Order Form, Customer shall maintain complete and accurate books and records regarding its use of the Licensed Software, including the number of users, devices, or other applicable license metrics set forth in the Order Form, for the duration of this Agreement and for two (2) years thereafter. Upon FOCUS's written request, made no more than once per twelve (12) month period, Customer shall provide FOCUS with a written certification signed by an authorized officer of Customer confirming Customer's compliance with the applicable license metrics set forth in the Order Form. FOCUS may, upon at least thirty (30) days' prior written notice and no more than once per twelve (12) month period, conduct an audit of Customer's use of the Licensed Software to verify compliance with this Agreement. Such audit may be conducted by FOCUS or an independent third-party auditor selected by FOCUS and reasonably acceptable to Customer. Any audit shall be conducted during Customer's normal business hours in a manner designed to minimize disruption to Customer's operations. Customer shall cooperate reasonably with any such audit and provide access to relevant systems, records, and personnel. FOCUS and any third-party auditor shall maintain the confidentiality of all information obtained during any audit, except as necessary to enforce FOCUS's rights under this Agreement. Any third-party auditor shall execute a confidentiality agreement reasonably acceptable to Customer prior to conducting the audit. If any audit or self-certification reveals that Customer's use of the Licensed Software has exceeded the applicable license metrics set forth in the Order Form: (i) Customer shall promptly pay FOCUS the applicable fees for such excess use at FOCUS's then-current list prices, calculated from the date such excess use began or, if such date cannot be determined, from the beginning of the applicable audit period; and (ii) if such excess exceeds five percent (5%) of the licensed amount, Customer shall also reimburse FOCUS for the reasonable costs of the audit. For a period of one (1) year following expiration or termination of this Agreement, FOCUS may, upon reasonable prior written notice, audit Customer's systems to verify that Customer has ceased all use of the Licensed Software and has destroyed or returned all copies as required by this Agreement. Customer shall cooperate with any such post-termination audit and provide reasonable access to relevant systems and personnel.
3. CUSTOMER OBLIGATIONS AND RESTRICTIONS
   1. Restrictions. Except as expressly permitted by this Agreement, Customer shall not, and shall not permit its Authorized Users or any third party to, in whole or in part: (a) reverse engineer, decompile, disassemble, or attempt to discover any source code, algorithms, or underlying ideas of the Cloud Service or the Licensed Software (except to the extent such restriction is prohibited by applicable law for purposes of achieving interoperability); (b) sublicense, sell, transfer, assign, distribute, rent, lease, pledge, encumber, or otherwise provide access to the Cloud Service or the Licensed Software to any third party; (c) remove, alter, or obscure any proprietary notices on the Cloud Service, the Licensed Software, or Documentation; (d) copy, modify, or create derivative works of the Cloud Service, Software, the Licensed Software or Documentation, except as expressly permitted by this Agreement; (e) write or develop any derivative software or any other software program based upon the Cloud Service, Licensed Software, or any Confidential Information of FOCUS; (f) interfere with or disrupt the integrity or performance of the Cloud Service or any FOCUS systems; (g) attempt to gain unauthorized access to any systems, accounts, or data related to the Cloud Service or the Licensed Software; (h) use the Cloud Service or the Licensed Software to develop a competing product or service; (i) use the Cloud Service or the Licensed Software for any unlawful purpose or in violation of applicable laws; (j) use the Cloud Service or the Licensed Software for any high-risk activities where failure or malfunction could lead to death, bodily injury, or environmental damage; (k) submit or transmit any Customer Data to the Cloud Service in violation of applicable laws or third-party rights; (l) use the Cloud Service or the Licensed Software under a service bureau, timesharing, outsourcing, or similar arrangement to process data or provide services for the benefit of any third party; or (m) use the Cloud Service or the Licensed Software after the expiration or termination of this Agreement. Without limiting any of the foregoing, Customer, including its Authorized Users, shall use the Cloud Service and the Licensed Software in compliance with all applicable laws, rules, and regulations.
   2. Suspension. FOCUS may suspend Customer’s access to and use of the Cloud Service, and suspend performance of Professional Services, with or without notice if: (i) Customer has an outstanding balance for more than thirty (30) days; (ii) FOCUS knows or reasonably suspects Customer, including its Authorized Users, is in breach of the restrictions set forth in this Agreement; (iii) FOCUS knows or reasonably suspects Customer is using the Cloud Service in a manner that materially and negatively impacts the Cloud Service or poses a security risk; or (iv) FOCUS determines in its reasonable discretion that suspension is necessary to protect FOCUS, the Cloud Service, or FOCUS's other customers. FOCUS will use reasonable efforts to notify Customer before any suspension when practicable. If Customer has licensed Licensed Software under an Order Form and any amount owed by Customer remains unpaid for more than thirty (30) days after its due date, FOCUS may, upon written notice suspend or disable any License Keys associated with the Licensed Software or withhold Maintenance, including Updates and support. Upon Customer's payment in full of all outstanding amounts, including any applicable late fees, interest, and Reinstatement Fees, FOCUS will reinstate any suspended License Keys and resume Maintenance. Any suspension will not release Customer from its obligation to pay all amounts due under this Agreement. The foregoing suspension rights arewithout prejudice to any other rights or remedies FOCUS may have under this Agreement or at law.
      
4. HOSTING AND DATA STORAGE SERVICES
   1. Hosting. During the Subscription Term, FOCUS shall provide hosting and availability of the Cloud Service and the Customer Data.
   2. Updating. FOCUS may provide Updates from time to time.
   3. Infrastructure Maintenance. FOCUS shall maintain a suitable environment for its hosting facilities, including power, building environment, monitoring, and security as described in the applicable Order Form.
   4. Security. FOCUS shall provide firewall equipment and related services in order to secure the Customer Data from unauthorized access. FOCUS will implement and maintain administrative, physical, and technical safeguards commercially reasonable for cloud services of similar nature to protect Customer Data from unauthorized access.
5. FEES AND PAYMENT
   1. Fees. Customer shall pay all Fees as specified in the applicable Order Form, which may include Cloud Service Fees, License Fees (for Licensed Software, if applicable), Maintenance Fees, Implementation Fees, and any other fees specified therein. All Fees are quoted and payable in U.S. dollars unless otherwise specified in the Order Form.
   2. Invoicing and Payment. FOCUS will invoice Customer in accordance with the payment terms set forth in the applicable Order Form. Unless otherwise specified, all invoices are due and payable within thirty (30) days of the invoice date. In the event of a good faith dispute regarding Fees, Customer will pay all undisputed amounts owed and notify FOCUS within thirty (30) days of receipt of such invoice of such disputed amounts. The Parties will confer in good faith to resolve such disputes. FOCUS may suspend the Cloud Service or Licensed Software under this Agreement in the event such dispute endures for more than forty-five (45) days beyond when such disputed amounts were allegedly due. Customer shall reimburse FOCUS for all reasonable costs of collection of Fees, including attorneys’ fees.
   3. Reinstatement Fees. In the event Customer requests the reinstatement of a previously terminated Cloud Service, FOCUS reserves the right to charge a Reinstatement Fee no greater than the cost of the current Cloud Service Fees assessed to new subscriptions. If Customer has licensed Licensed Software and Customer's Maintenance lapses due to non-payment or Customer's election not to renew, and Customer subsequently requests reinstatement of Maintenance, FOCUS may require Customer to pay all Maintenance Fees that would have been due during the lapsed period plus a reinstatement surcharge.
   4. Default and Interest. In the event Customer fails to make timely payment of any Fees, or Customer attempts to use the Cloud Service for purposes other than those specified without paying the additional Fees, or otherwise fails to comply with the obligations set forth herein, Customer shall be deemed in material breach of this Agreement. In addition to any other rights and remedies, FOCUS shall have the right to suspend Customer's access to the Cloud Service if any payment is overdue. Undisputed overdue Fees will accrue interest at the rate of one and one-half percent (1.5%) per month, or the maximum rate permitted by applicable law, whichever is less. Customer shall reimburse FOCUS for all reasonable costs of collection of Fees, including attorneys' fees.
   5. Taxes. All Fees are exclusive of taxes. Customer is solely responsible for, and will pay, all sales, use, VAT, GST, withholding, and other taxes and duties arising from this Agreement, excluding taxes based on FOCUS’s income. All taxes are in addition to all Fees set forth in this Agreement.
   6. Fee Increases. Upon each renewal of the Subscription Term, FOCUS may increase the Fees by providing notice of the fee increase at least thirty (30) days prior to the end of the then-current Subscription Term.
6. TERM AND TERMINATION
   1. Subscription Term. The Subscription Term for this Agreement is specified in the Order Form. The Subscription Term will automatically renew for successive one (1) year periods, unless otherwise specified in the Order Form, or earlier terminated as permitted herein, or either Party provides written notice of non-renewal at least ninety (90) days prior to the end of the then-current Subscription Term.
   2. Termination for Cause. Either Party may terminate this Agreement: (a) upon thirty (30) days’ written notice if the other Party materially breaches this Agreement and fails to cure such breach within such notice period (or, in the case of Customer's failure to pay Fees when due, three (3) days); or (b) immediately upon written notice if the other Party materially breaches this Agreement in a manner that cannot be cured. Additionally, FOCUS may terminate this Agreement immediately upon written notice if Customer undergoes a change of control or if Customer's use of the Cloud Service poses a material risk to FOCUS's systems, other customers, or third parties. A material breach of, and default under, this Agreement by either Party shall include, as applicable and without limitation: (i) any failure by a Party to perform any of its material obligations in accordance with this Agreement; (ii) any failure by Customer to pay, when due, any Fees; and (iii) any breach of the restrictions set forth in Section 3.1. Customer has no right to terminate this Agreement for convenience.
   3. Effect of Termination. Upon expiration or termination of this Agreement or an Order Form: (a) Customer’s right to access and use the Cloud Service and Licensed Software under the affected Order Form shall immediately terminate; (b) upon Customer's written request made within thirty (30) days of termination, FOCUS will make available in FOCUS's then-current standard format all Customer Data to Customer; (c) FOCUS will delete Customer Data in its possession or control within ninety (90) days following the termination or expiration of this Agreement, unless FOCUS is required by applicable law, rule, or regulation to retain such Customer Data; (d) each Party shall return or destroy the other Party’s Confidential Information; and (e) Customer shall pay all Fees accrued through the date of termination. Customer shall be responsible for any costs and fees associated with data migration or conversion to a format other than FOCUS's standard format.
   4. Force Majeure Termination. If a force majeure event (as described in Section 14.7) continues for sixty (60) consecutive days, the Party that is not experiencing the force majeure event may terminate this Agreement.
   5. Return of Materials. Within thirty (30) days after expiration or termination of this Agreement, Customer shall destroy or return to FOCUS all Confidential Information of FOCUS in its possession, including all copies of the Licensed Software and Documentation, and, if requested by FOCUS, deliver a certificate signed by an authorized officer of Customer verifying compliance with this section.
   6. Survival. The following sections shall survive expiration or termination of this Agreement: 1, 2.2, 3.1, 5, 6.3, 6.5, 6.6, 7, 10, 11.5, 11.6, 11.7, 12, 13, and 14.
7. CONFIDENTIALITY
   1. Confidentiality Obligations. The Receiving Party agrees to: (a) maintain the confidentiality of the Disclosing Party’s Confidential Information using at least the same degree of care it uses to protect its own confidential information, but in no event less than reasonable care; (b) not use the Disclosing Party’s Confidential Information except as necessary to perform its obligations or exercise its rights under this Agreement; and (c) not disclose the Disclosing Party’s Confidential Information to any third party except as permitted by this Agreement.
   2. Permitted Disclosures. The Receiving Party may disclose the Disclosing Party’s Confidential Information to its employees, contractors, advisors, and agents ("Representatives") who have a need to know such information to enable the Receiving Party to perform its obligations or exercise its rights under this Agreement and are bound by confidentiality obligations at least as protective as those in this Section 7. If any Representative discloses or uses Confidential Information other than as authorized in this Agreement, the Receiving Party will be liable to the Disclosing Party for such disclosure or use to the same extent that the Receiving Party would have been liable had the Receiving Party performed such unauthorized disclosure or use. The Receiving Party may also disclose the Disclosing Party’s Confidential Information to the extent required by applicable law or legal process, provided that the Receiving Party (to the extent legally permitted) gives the Disclosing Party prompt notice and reasonably cooperates in any effort to obtain protective treatment for the information.
   3. Exclusions. Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) was rightfully known to the Receiving Party prior to disclosure without restriction; (c) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (d) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information. Customer acknowledges and agrees that Customer Data and Personal Data are not Customer Confidential Information and FOCUS’s obligations relating to Customer Data and Personal are set forth in other sections of this Agreement. Customer acknowledges and agrees that any and all improvements, enhancements, and developments to FOCUS’s products and services, whether or not as a result of Customer Data, are FOCUS’s Confidential Information and not Customer’s Confidential Information.
8. CUSTOMER DATA
   1. Customer Data Rights. As between the Parties, Customer retains all right, title, and interest in and to Customer Data, subject to the licenses and rights granted to FOCUS under this Agreement. Customer grants to FOCUS a non-exclusive, worldwide, royalty-free, sublicensable license to use, copy, store, transmit, display, modify, and process Customer Data to (a) provide, maintain, and improve the Cloud Service and FOCUS's products and services; (b) develop or enhance features or functionalities for the Services and other FOCUS technology and products; and (c) exercise FOCUS’s rights and perform FOCUS’s obligations under this Agreement.
   2. Customer Authorizations and Representations. Customer represents, warrants, and covenants that: (a) Customer has all necessary rights, licenses, consents, and authorizations to submit Customer Data to the Cloud Service and to grant the rights granted herein; (b) Customer has obtained all consents, permissions, and authorizations required under applicable laws from all relevant data subjects, third parties, and other persons whose data, information, or communications may be collected, recorded, processed, or transmitted through the Cloud Service, including through any recording, monitoring, or information-gathering features of the Cloud Service (including, without limitation, two-party and all-party consents when required under applicable law); (c) Customer’s submission of Customer Data to the Cloud Service, and FOCUS’s use thereof as contemplated by this Agreement, does not and will not violate any applicable laws, regulations, or third-party rights, including privacy rights, intellectual property rights, and contractual obligations; and (d) Customer has provided all notices and disclosures required under applicable laws in connection with the use of the Cloud Service and the processing of Customer Data.
   3. Aggregated Data. Notwithstanding any other provision of this Agreement, FOCUS may create and use Aggregated Data for any lawful purpose, including to develop, enhance, and improve FOCUS’s products and services. Customer acknowledges and agrees that FOCUS owns all right, title, and interest in and to Aggregated Data. Customer hereby grants FOCUS an irrevocable, perpetual, royalty-free right and license to use such anonymized data for any and all business purposes.
   4. Usage Data. FOCUS may collect and use Usage Data to provide, maintain, analyze, improve, and enhance the Cloud Service and FOCUS’s products and services. FOCUS may disclose Usage Data only in aggregated and de-identified form that does not identify Customer or any Authorized User. If Customer has licensed Licensed Software, FOCUS may collect and use data from the Licensed Software in connection with providing support and to create anonymized data for product improvement, provided such collection does not include Customer Data except as necessary for support purposes.
   5. Feedback. If Customer provides any suggestions, ideas, enhancement requests, recommendations, or other feedback regarding the Cloud Service (“Feedback”), Customer grants to FOCUS a perpetual, irrevocable, worldwide, royalty-free, fully paid-up license to use, copy, modify, create derivative works of, and otherwise exploit such Feedback for any purpose without restriction or obligation to Customer, provided no reference is made to Customer as the source of the Feedback.
   6. Termination. FOCUS has no obligation to retain Customer Data after the date that is ninety (90) days following the termination or expiration of this Agreement. Customer acknowledges and agrees that FOCUS may securely delete any and all Customer Data after such date.
9. DATA PROTECTION AND SECURITY
   1. Security Measures. FOCUS implements and maintains technical, organizational, and physical measures intended to protect Customer Data against unauthorized access, use, alteration, disclosure, or destruction. Such measures are designed to provide a level of security appropriate to the nature of the Cloud Service. FOCUS does not warrant that its security measures will prevent all unauthorized access to Customer Data.
   2. Data Processing Addendum. The DPA is incorporated by reference into this Agreement and governs the processing of Personal Data by FOCUS on behalf of Customer. In the event of a conflict between the DPA and these General Terms, the DPA shall control with respect to the processing of Personal Data.
   3. Prohibited Data. Unless otherwise expressly authorized in writing by FOCUS, Customer shall not submit to the Cloud Service any (a) protected health information regulated by the Health Insurance Portability and Accountability Act; (b) payment card data subject to the Payment Card Industry Data Security Standard; (c) social security numbers, driver’s license numbers, or other government-issued identification numbers; or (d) other categories of sensitive personal data requiring specific security measures under applicable data protection laws.
10. INTELLECTUAL PROPERTY
    1. FOCUS IP. FOCUS retains all right, title, and interest in and to FOCUS IP, including all intellectual property rights in, to or covering the FOCUS IP. FOCUS shall retain sole and exclusive ownership of all right, title, and interest in and to the Cloud Service, the Licensed Software, and all copies thereof, and all modifications and enhancements thereto (including ownership of all copyrights, trademarks, trade secrets and other intellectual property rights pertaining thereto), subject only to the rights expressly granted to Customer herein. This Agreement does not provide Customer with title or ownership of the Cloud Service or the Licensed Software, but only a right of limited access or use. Except for the limited rights expressly granted in this Agreement, no rights or licenses are granted to Customer, whether by implication, estoppel, or otherwise.
    2. Work Product. All materials, documentation, computer programs, inventions (whether or not patentable), pictures, audio, video, artistic works, and all works of authorship, including all worldwide rights therein under patent, copyright, trade secret, or other property right, located on the website and/or created or developed by FOCUS or its partners, whether in connection with Professional Services or not, (collectively, "Work Product") shall be exclusively owned by FOCUS.
    3. Customer Data. As between the Parties, Customer retains all right, title, and interest in and to Customer Data, subject to the licenses granted to FOCUS under this Agreement.
    4. No Implied Rights. Nothing in this Agreement shall be construed to grant, whether by implication, estoppel, or otherwise, either Party any rights in the other Party’s intellectual property except as expressly set forth herein.
11. REPRESENTATIONS AND WARRANTIES
    1. Mutual Representations and Warranties. Each Party represents and warrants that: (a) it has the legal power and authority to enter into this Agreement; (b) it is duly organized and in good standing under the laws of its jurisdiction of organization; and (c) it will comply with all applicable laws in performing its obligations under this Agreement.
    2. Customer Representations and Warranties. Customer represents and warrants that: (a) it has all rights, licenses, consents, and authorizations necessary to submit Customer Data to the Cloud Service and to grant the rights granted herein; (b) Customer Data and Customer’s use of the Cloud Service will not violate any applicable laws or third-party rights; and (c) Customer has obtained all necessary consents and authorizations required under applicable laws for the collection, recording, processing, and transmission of data through the Cloud Service, including through any recording, monitoring, or information-gathering features.
    3. FOCUS Representations and Warranties. FOCUS represents and warrants that (a) the Cloud Service will perform substantially in accordance with the Documentation during the Subscription Term, and (b) the Cloud Service will be free from material Defects. If Customer has licensed Licensed Software under an Order Form, FOCUS represents and warrants that (c) the Licensed Software will conform in all material respects to the Documentation for a period commencing at the termination of the Acceptance Period and continuing for sixty (60) days thereafter, and (d) FOCUS will use commercially reasonable efforts to repair, replace, or provide a workaround for any Defect reported during such warranty period. Customer must notify FOCUS of any claim under this warranty within thirty (30) days of the date on which the condition giving rise to the claim first appeared, failing which the warranty claim shall be deemed waived. If FOCUS breaches this warranty and Customer provides written notice within the required period, FOCUS will use commercially reasonable efforts to repair or provide a workaround for non-operational issues. If FOCUS cannot resolve the issue within ninety (90) days of receiving notice, Customer may terminate the affected Order Form and receive a prorated refund of prepaid Fees for the remainder of the Subscription Term (or, for Licensed Software, a prorated refund of prepaid Fees for the remainder of the license term), which refund shall be Customer's sole and exclusive remedy. This Section 11.3 sets forth Customer’s sole and exclusive remedy for any breach of the warranty set forth herein or any claim that the Cloud Service or Licensed Software does not perform as described.
    4. Intellectual Property Warranty. FOCUS warrants that, to its knowledge, neither the Cloud Service nor the proper exercise of the rights granted under this Agreement shall infringe upon the intellectual property rights, or require any further license, of any other person or entity.
    5. General Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION 11, THE CLOUD SERVICE, THE LICENSED SOFTWARE, SOFTWARE, DOCUMENTATION, OUTPUTS, AND ALL OTHER PRODUCTS AND SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” FOCUS DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. FOCUS DOES NOT WARRANT THAT THE CLOUD SERVICE OR THE LICENSED SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. FOCUS DOES NOT WARRANT THAT THE CLOUD SERVICE OR THE LICENSED SOFTWARE WILL MEET CUSTOMER'S REQUIREMENTS OR EXPECTATIONS. FOCUS ASSUMES NO RESPONSIBILITY WHATSOEVER FOR THE PERFORMANCE OF CUSTOMER'S COMPUTER HARDWARE, OPERATING SYSTEMS OR NETWORK CONNECTIONS, OR HUMAN AND MACHINE ERRORS, OMISSIONS, DELAYS, AND LOSSES, INCLUDING INADVERTENT LOSS OF DATA OR DAMAGE TO MEDIA, THAT MAY GIVE RISE TO LOSS OR DAMAGE. CUSTOMER ACKNOWLEDGES THAT THE CLOUD SERVICE AND THE LICENSED SOFTWARE MAY PRODUCE INACCURATE OR INCOMPLETE OUTPUTS, AND CUSTOMER IS SOLELY RESPONSIBLE FOR EVALUATING AND VERIFYING ALL OUTPUTS BEFORE USE. CUSTOMER ACKNOWLEDGES AND AGREES THAT IN ENTERING INTO THIS AGREEMENT IT HAS NOT RELIED AND IS NOT RELYING ON ANY REPRESENTATIONS, WARRANTIES OR OTHER STATEMENTS WHATSOEVER, WHETHER WRITTEN OR ORAL (FROM OR BY FOCUS OR ANY OF ITS AFFILIATES OR REPRESENTATIVES) OTHER THAN THOSE EXPRESSLY SET FORTH IN THIS AGREEMENT AND THAT IT WILL NOT HAVE ANY RIGHT OR REMEDY ARISING OUT OF ANY REPRESENTATION, WARRANTY OR OTHER STATEMENT NOT EXPRESSLY SET FORTH IN THIS AGREEMENT.
    6. Warranty Exclusions. The warranties in this Section 11 do not apply to issues arising from: (a) misuse or unauthorized modification of the Cloud Service or the Licensed Software; (b) use of the Cloud Service or the Licensed Software in combination with products or services not provided by FOCUS; (c) Customer Data or Customer’s breach of this Agreement; (d) third-party products or services; or (e) Customer's hardware, operating systems, or environment not meeting FOCUS's specifications. Customer is responsible for the verification of accuracy and applicability of any pre-populated information and/or regulatory standard information, which may be provided and referred to as a "starter database," "starter file," or data file accompanying or included with the Cloud Service or the Licensed Software. Any such pre-populated and/or regulatory standard information that may be provided is offered for illustrative purposes only; FOCUS offers no warranty as to the applicability of this illustrative information to Customer's organization, operations, or regulatory status.
    7. Third Party Products. FOCUS SHALL NOT BE LIABLE FOR ANY FAILURES, INTERRUPTIONS, DELAYS, OR DAMAGES CAUSED BY OR RELATED TO THE THIRD PARTY HOSTING PROVIDER OR ANY OTHER PRODUCTS, SERVICES, TECHNOLOGIES, OR COMPONENTS THAT ARE NOT PROPRIETARY TO FOCUS, INCLUDING WITHOUT LIMITATION OPEN SOURCE SOFTWARE, THIRD-PARTY APIS, INTEGRATIONS, OR TELECOMMUNICATIONS PROVIDERS. CUSTOMER ACKNOWLEDGES THAT THE CLOUD SERVICE RELIES ON THIRD-PARTY INFRASTRUCTURE AND SERVICES, AND FOCUS 'S OBLIGATIONS ARE CONTINGENT UPON THE AVAILABILITY AND PERFORMANCE OF SUCH THIRD-PARTY SERVICES.
12. INDEMNIFICATION
    1. Indemnification by FOCUS. Subject to the limitations set forth in Section 13 (Limitation of Liability), FOCUS shall indemnify, defend, and hold harmless Customer, its Affiliates, and its and their respective officers, directors, employees, and agents from and against any and all Claims, including any and all Losses in connection therewith, alleging that the Cloud Service or Licensed Software, when used by Customer in strict accordance with this Agreement and the Documentation, infringes or misappropriates such third party's United States copyright, trademark, or trade secret rights. FOCUS shall have no obligation under this Section 12.1 for Claims arising from: (a) Customer's continued use of the allegedly infringing product after receipt of notice from FOCUS of a claim of infringement; (b) modifications to the Cloud Service or Licensed Software not made by FOCUS; (c) modifications to the Cloud Service or Licensed Software by FOCUS made pursuant to Customer's express instructions; (d) use of the Cloud Service or Licensed Software in violation of this Agreement or the Documentation; (e) use of the Cloud Service or Licensed Software in combination with any products, services, data, software, hardware, processes, or materials not provided by FOCUS where the Claim would not have arisen but for such combination; (f) Customer Data, inputs provided by Customer or Authorized Users; (g) use of an outdated version of the Cloud Service or Licensed Software where a current version would avoid the claim; or (h) any open source or third-party components. If the Cloud Service or Licensed Software becomes, or in FOCUS’s reasonable opinion is likely to become, the subject of an infringement claim, FOCUS may, at its sole option and expense: (i) modify the Cloud Service or Licensed Software to be non-infringing; (ii) obtain for Customer a license to continue using the Cloud Service or Licensed Software; (iii) substitute for the infringing portion of the software with substantially similar functionality; or (iv) if none of the foregoing are commercially feasible, terminate the affected Order Form and refund to Customer a prorated portion of prepaid Fees for the remainder of the Subscription Term (or, for Licensed Software, a prorated refund of License Fees). This Section 12.1, together with any applicable termination rights, constitutes Customer’s sole and exclusive remedy and FOCUS’s entire liability with respect to the Claims described in this Section 12.1 and for any claim that the Cloud Service or Licensed Software infringes upon intellectual property rights.
    2. Indemnification by Customer. Customer shall indemnify, defend, and hold harmless FOCUS, its Affiliates, and its and their respective officers, directors, members, employees, subcontractors, agents, and successors and assigns from and against any and all Claims, including any and all Losses in connection therewith, arising from or relating to (a) FOCUS’ access or use or processing of Customer Data in accordance with this Agreement; or (b) Customer’s actual or alleged violation of applicable laws; or (c) Customer’s actual or alleged breach of this Agreement.
    3. Indemnification Procedure. The indemnified Party will: (a) promptly notify the indemnifying Party in writing of any Claim for which it seeks indemnification, provided that failure to provide prompt notice shall not relieve the indemnifying Party of its indemnification obligations except to the extent the indemnifying Party is materially prejudiced by such failure; (b) grant the indemnifying Party sole control over the defense and settlement of the Claim, subject to this Section 12.3; and (c) provide reasonable cooperation to the indemnifying Party at the indemnifying Party’s expense. The indemnified Party may participate in the settlement and defense at its own expense. The indemnifying Party shall not settle any Claim in a manner that admits fault on behalf of the indemnified Party or imposes obligations on the indemnified Party without the indemnified Party’s prior written consent.
13. LIMITATION OF LIABILITY
    1. Exclusion of Consequential Damages. SUBJECT TO SECTION 13.3, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY, INCLUDING ITS AFFILIATES, BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS OPPORTUNITIES, ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING ANY AND ALL TRANSACTIONS CONTEMPLATED HEREIN, REGARDLESS OF THE THEORY OF LIABILITY, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE AND REGARDLESS OF WHETHER SUCH PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS EXCLUSION APPLIES REGARDLESS OF ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
    2. Limitation of Liability. SUBJECT TO SECTION 13.3, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EACH PARTY’S, INCLUDING ITS AFFILIATES’, TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT (INCLUDING WITHOUT LIMITATION THESE GENERAL TERMS, THE SLA, THE DPA AND THE ORDER FORM), INCLUDING ANY AND ALL TRANSACTIONS CONTEMPLATED HEREIN, WHETHER ARISING IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EXCEED THE TOTAL FEES ACTUALLY PAID BY CUSTOMER UNDER THIS AGREEMENT IN THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO THE FIRST CLAIM MADE ARISING OUT OF OR RELATING TO THIS AGREEMENT. THE FOREGOING LIMITATION WILL APPLY REGARDLESS OF WHETHER A REMEDY FAILS OF ITS ESSENTIAL PURPOSE.
    3. Exceptions. The limitations and exclusions in Sections 13.1 and 13.2 shall not apply to: (a) each Party’s obligations under Section 12 (Indemnification) or breach thereof; (b) a Party’s breach of Section 7 (Confidentiality); (c) Customer’s infringement or misappropriation of FOCUS IP, Customer's breach of Section 3.1 (Restrictions), or unauthorized use of the Cloud Service or the Licensed Software; (d) a Party’s fraud or willful misconduct; and (e) Customer’s obligation to pay Fees owed under this Agreement.
14. GENERAL PROVISIONS
    1. Independent Contractors. The Parties are independent contractors. Nothing in this Agreement shall be construed to create a partnership, joint venture, agency, or employment relationship between the Parties.
    2. Export Compliance. Customer shall not export or re-export the Cloud Service or any related technology in violation of applicable export control laws and regulations of the United States or any other jurisdiction.
    3. Insurance. Each Party shall maintain commercially reasonable insurance coverage appropriate for its respective business activities and obligations under this Agreement, including commercial general liability insurance and professional liability/errors and omissions insurance, to the extent applicable. Upon the other Party's written request, a Party shall provide a certificate of insurance evidencing the coverage required under this Section; provided, however, that no Party shall be obligated to provide such certificate more than once per calendar year.
    4. Assignment. Neither Party may assign this Agreement without the prior written consent of the other Party, except that FOCUS may assign this Agreement without Customer’s prior written consent (a) in connection with a merger, sale, or acquisition of all or substantially all of its assets or voting securities, or (b) to any Affiliate. Any attempted assignment by Customer in violation of this Section 14.4 shall be void. In the event Customer undergoes a change of control, FOCUS may, at its option, terminate this Agreement upon thirty (30) days' written notice.
    5. No Third-Party Beneficiaries. This Agreement is for the sole benefit of the Parties and their permitted successors and assigns. Nothing in this Agreement shall confer any rights or remedies upon any third party.
    6. Notices. All notices under this Agreement shall be in writing and sent to the addresses specified in the applicable Order Form. Notices shall be deemed given upon: (a) personal delivery; (b) the second business day after mailing by certified mail, return receipt requested; (c) the first business day after sending by overnight courier; or (d) upon confirmed delivery if sent by email. If to FOCUS: FOCUS Learning Corporation, 140 W Franklin Suite 203, Monterey, CA 93940. If to Customer: The address set forth in the applicable Order Form.
    7. Force Majeure. Neither Party shall be liable for any delay or failure to perform its obligations under this Agreement (other than Customer’s obligation to pay Fees) due to causes beyond its reasonable control, including natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, epidemics, pandemics, failures of third-party telecommunications or power supply, cyberattacks, internet service disruptions, actions or omissions of third-party hosting providers, or any other circumstances beyond the reasonable control of the affected Party.
    8. Governing Law; Dispute Resolution; Jury Waiver. This Agreement shall be governed by and construed in accordance with the laws of the State of Illinois, without regard to its conflict of laws principles. Each Party hereby agrees that the exclusive venue for the resolution of any and all claims, demands, disputes, controversies, differences or misunderstandings arising out of or relating to this Agreement, or the failure or refusal to perform the whole or any part hereof, shall be in the Circuit Courts of the County of Cook and State of Illinois or in the United States District Court for the Northern District of Illinois. The prevailing Party shall be entitled to recover, in addition to any other relief granted, reasonable attorney fees and expenses of any action brought by either Party in connection with this Agreement. EACH PARTY HEREBY IRREVOCABLY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY RIGHT IT MAY HAVE TO A TRIAL BY JURY IN ANY LEGAL PROCEEDING DIRECTLY OR INDIRECTLY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE TRANSACTIONS CONTEMPLATED HEREBY.
    9. Equitable Relief. Each Party acknowledges that a breach or threatened breach by the other Party of this Agreement may cause irreparable harm for which monetary damages would be an inadequate remedy. Accordingly, in the event of any such breach or threatened breach, the non-breaching Party shall be entitled to seek injunctive or other equitable relief, without prejudice to any other rights or remedies the non-breaching Party may have. Neither Party shall be required to post any bond in the event it is awarded injunctive relief.
    10. Severability. If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect, and the invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.
    11. Amendment; Waiver. FOCUS may amend these General Terms from time to time by posting an amended version at its website and sending Customer written notice thereof. Such amendment will be deemed accepted and become effective thirty (30) days after such notice (the “Proposed Amendment Date”) unless Customer first gives FOCUS written notice of rejection of the amendment. In the case of such rejection, this Agreement will continue under its original provisions, and the amendment will become effective at the start of Customer’s next renewal Subscription Term following the Proposed Amendment Date. Customer’s continued use of the Cloud Service following the effective date of such renewal Subscription Term constitutes Customer’s acceptance of such amended terms. This Agreement may not be amended in any other way except through a written agreement signed by authorized representatives of each Party. No waiver of any provision of this Agreement shall be effective unless in writing and signed by the waiving Party. No failure or delay in exercising any right shall constitute a waiver of such right. Any terms or conditions contained in any purchase order, acknowledgment, invoice, or other document issued by Customer that are in addition to or inconsistent with the terms of this Agreement are hereby expressly rejected by FOCUS and shall be of no force or effect, regardless of whether FOCUS signs, accepts payment under, or otherwise acknowledges such document. FOCUS's failure to object to any such terms or conditions shall not constitute a waiver of this provision or an acceptance of any such terms or conditions.
    12. Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to its subject matter and supersedes all prior and contemporaneous agreements, proposals, and communications, whether oral or written. In the event of a conflict between the documents comprising this Agreement, the order of precedence shall be: (1) the DPA; (2) the applicable Order Form; and (3) these General Terms.
    13. Hybrid Deployments. If the Order Form specifies both Cloud Service and Licensed Software, the terms of this Agreement applicable to each shall apply as indicated in the Order Form. The Order Form shall identify which components are hosted by FOCUS (subject to the Cloud Service terms, including FOCUS's hosting and security obligations) and which components are installed in Customer's environment (subject to the Licensed Software terms, including Customer's environment and security obligations). Fees and support levels for each component shall be specified separately in the Order Form.
    14. Counterparts. The Order Form may be executed in counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument. Electronic signatures shall be deemed original signatures for all purposes.
    15. Aid in Construction. The Parties acknowledge that each Party and its respective counsel have reviewed and revised this Agreement and that the normal rule of construction to the effect that any ambiguities are to be resolved against the drafting Party shall not be employed in the interpretation of this Agreement or any amendments or exhibits, or schedules hereto.

SCHEDULE A
SERVICE LEVEL AGREEMENT

Service Elements and Service Level Targets for Cloud Service:

The capitalized terms used in this Service Level Agreement (“SLA”) are defined below:

Services Element: aspects of service to be provided by FOCUS, which allow for measurement.

Service Level Target: the metric for each Services Element, by which FOCUS’ performance can be assessed.

Definitions: describes how the Services Element is calculated; describes the criteria to be applied against the Service Level Target metric, to measure performance.

Issues: anomalies, bugs, or errors in the licensed software, detected and reported by the user, which negatively affect operability of the licensed software, preventing it from performing as designed.

Issue Priority: a FOCUS-supplied rating of the level of severity of the reported issue.

The below table contains the Service Level Targets for the Services under this SLA:

Severity Definitions: The below table contains the Applications Severity Definitions:

REPORTS

Upon receipt of a request from Customer, FOCUS will provide to Customer, within five (5) days of receipt of request during the term of this Agreement, a report or series of reports that cover, at a minimum, the following information regarding the performance of the system and Services:

(a) the monthly System Availability percentage;

(b) the number of Service Calls received during the preceding month, summaries of the calls, average, minimum and maximum response and resolution times, and a listing of all outstanding problems;

(c) a summary of actions taken or planned to remedy any failure by FOCUS to meet any of the Service Levels set forth in this Service Level Agreement.

For avoidance of doubt, the foregoing reports are in addition to any reports and analytics described elsewhere in this Agreement.

SCHEDULE B
DATA PROCESSING ADDENDUM

This Data Processing Addendum (“DPA”) is entered into by and between Customer (“Controller” for purposes of the DPA) and FOCUS (“Processor” for purposes of the DPA) (each a “Party” and together the “Parties”). This DPA forms part of the Agreement, and reflects the Parties' agreement regarding the Processing of Personal Data.

1. DEFINITIONS

1.1. The terms “Business,” “Business Purpose,” “Commercial Purpose,” “Consumer,” “Controller,” “Cross-Context Behavioral Advertising,” “Data Exporter,” “Data Importer,” “Data Protection Impact Assessment,” “Data Subject,” “Personal Data,” “Personal Data Breach,” “Processing,” “Processor,” “Sell,” “Service Provider,” “Share,” “Special Categories of Personal Data,” “Supervisory Authority,” and analogous terms shall have the same meaning as in Data Protection Law.

1.2. In this DPA, capitalized terms that are not defined herein shall have the meanings set out in the Agreement, and the following terms shall have the meanings set out below (and cognate terms shall be construed accordingly):

1.2.1. “CCPA” means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, including any implementing regulations promulgated thereunder.

1.2.2. “Customer Personal Data” means any Personal Data that constitutes Customer Data (as defined in the Agreement) and that is Processed by Processor or a Subprocessor on behalf of Controller pursuant to or in connection with the Agreement and this DPA. For the avoidance of doubt, Customer Personal Data is a subset of Customer Data, and the obligations set forth in this DPA apply specifically to Customer Personal Data, while the broader obligations concerning Customer Data are governed by the Agreement.

1.2.3. “Data Protection Law” means all national, federal, state, provincial, or local privacy, cybersecurity, and data protection laws, together with any implementing or supplemental rules and regulations, applicable to the Processing of Personal Data under this DPA, as amended or replaced from time to time, including without limitation: (a) GDPR; (b) all applicable U.S. state and federal data protection, data security, data privacy, and security laws (“US Data Protection Laws”), including without limitation the CCPA; (c) the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”) and applicable Canadian provincial privacy legislation; (d) UK Data Protection Law; and (e) any other applicable laws, rules, orders, or regulations related to the protection of Personal Data that are in effect during the term of this DPA.

1.2.4. “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and associated national legislation.

1.2.5. “Member State” means a member state of the European Economic Area (“EEA”).

1.2.6. "Personal Data" means any information relating to an identified or identifiable natural person, or any equivalent concept under applicable Data Protection Law (including, without limitation, "personal data" as defined in the GDPR, "personal information" as defined in the CCPA, and "personal information" as defined in PIPEDA). Where applicable Data Protection Law provides a broader or narrower definition, the definition under such Data Protection Law shall apply to Processing subject to that law.

1.2.7. “Restricted Transfer” means a transfer or onward transfer of Customer Personal Data where such transfer would be prohibited by Data Protection Law in the absence of the SCCs or other approved transfer mechanisms.

1.2.8. “SCCs” means, as applicable to the relevant data transfer: (i) Module 2 of the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (“Module 2 SCCs”), (ii) Module 2 SCCs deemed amended by the provisions of Part 2 (Mandatory Clauses) of the UK IDTA ("UK SCCs"); (iii) and such other terms intended to provide adequate protection to transferred Personal Data pursuant to Data Protection Law, in each case as amended or replaced from time to time under the relevant Data Protection Law.

1.2.9. “Security Incident” means any confirmed unauthorized access to, or unauthorized disclosure of, Customer Personal Data in Processor's possession and control that is caused directly by Processor's material breach of its security obligations under this DPA.

1.2.10. “Services” means, collectively, the Cloud Service and any Professional Services (each as defined in the Agreement) provided under the Agreement. For purposes of this DPA, references to "Services" shall apply to the Cloud Service and Professional Services to the extent each involves the Processing of Customer Personal Data; provided, however, that Professional Services shall be subject to this DPA only to the extent such Professional Services involve the Processing of Customer Personal Data on behalf of Controller.

1.2.11. “Subprocessor” means any third-party Processor appointed by or on behalf of Processor to Process Customer Personal Data.

1.2.12. “Third Country” means: (i) with respect to GDPR, a country other than the Member States; (ii) with respect to UK Data Protection Law, any country outside of the UK; and (iii) with respect to any other applicable law, as provided in relevant Data Protection Law.

1.2.13 "UK Data Protection Law" means the GDPR as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 ("UK GDPR"), together with the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended), and other data protection or privacy legislation in force from time to time in the United Kingdom.

1.2.14 "UK IDTA" means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner under section 119A(1) Data Protection Act 2018.

2. CONTROLLER'S OBLIGATIONS

2.1. Controller shall (i) determine the means and purposes of Processor's Processing of Customer Personal Data in accordance with the Agreement and this DPA; (ii) obtain any and all relevant agreements, authorizations, consents, instructions, or permissions for the Processing of Customer Personal Data from Data Subjects, including, if applicable, Controller's customers, for Processor to Process Customer Personal Data on Controller's behalf; and (iii) be responsible for the accuracy, completeness, format, and legality of Customer Personal Data. Controller certifies that Controller will limit the transfer to Customer Personal Data that is strictly necessary for Processor to provide the Services.

2.2. Controller represents, warrants, and covenants that: (a) Controller has all necessary rights, licenses, consents, and authorizations to submit Customer Personal Data to the Services and to grant the rights granted herein; (b) Controller has obtained all consents, permissions, and authorizations required under applicable laws from all relevant Data Subjects, third parties, and other persons whose data, information, or communications may be collected, recorded, processed, or transmitted through the Services; (c) Controller's submission of Customer Personal Data to the Services, and Processor's use thereof as contemplated by this DPA, does not and will not violate any applicable laws, regulations, or third-party rights; and (d) Controller has provided all notices and disclosures required under applicable laws in connection with the use of the Services and the processing of Customer Personal Data.

2.3. Controller shall have the right to monitor Processor's compliance with this DPA and, upon notice, to take reasonable and appropriate steps to stop and remediate Processor's unauthorized use of Customer Personal Data.

3. PROCESSOR'S OBLIGATIONS

3.1. Processor will act as Processor of Customer Personal Data in its performance of the Services. Processor shall at all times comply with applicable obligations under Data Protection Law, and shall:

3.1.1. Process Customer Personal Data only for the specific purposes of the Processing as set out in the Agreement and this DPA or as otherwise instructed by Controller;

3.1.2. Inform Controller if, in Processor's opinion, such instructions infringe Data Protection Law;

3.1.3. Limit access to Customer Personal Data on a strict “need to know” basis and grant access to Customer Personal Data only to the extent necessary for performing the Services;

3.1.4. Ensure that Processor's personnel involved in Processing Personal Data are subject to an appropriate duty of confidentiality with respect to Customer Personal Data and comply with the obligations set forth in this DPA;

3.1.5. Maintain reasonable and appropriate technical and organizational measures to protect the security, confidentiality, integrity, and availability of Customer Personal Data as further described in Annex II hereto;

3.1.6. Promptly notify Controller if Processor receives from a Data Subject or Supervisory Authority under any Data Protection Law in respect of Customer Personal Data any complaint, communication, or request (“Request”), and, taking into account the nature of the Processing, assist Controller in fulfilling its obligations to respond to any Request in compliance with Data Protection Law; and, further, not respond to the Request itself, unless authorized to do so by Controller. In order to honor a Data Subject’s deletion request, Processor must delete the Data Subject’s user account and associated data. The Parties agree that Controller shall have sole responsibility for determining whether to proceed in processing Data Subject requests, including informing the Data Subject of user account deletion and determining the timing of any such deletion.; and

3.1.7. Provide assistance to Controller to carry out, upon Controller's written request, a Data Protection Impact Assessment where a type of Processing is likely to result in a high risk to the rights and freedoms of natural persons.

4. U.S. DATA PROTECTION LAWS

4.1. Applicability. This Section 4 shall apply to Processing of Customer Personal Data that is subject to US Data Protection Laws, including the CCPA, in addition to the other provisions of this DPA. To the extent the provisions of this Section 4 conflict with other terms of this DPA, this Section 4 shall control.

4.2. Service Provider Status. To the extent CCPA applies to any Customer Personal Data, such Personal Data will be disclosed by Controller to Processor for a “Business Purpose,” and Processor will act as Controller's “Service Provider” as defined by the CCPA.

4.3. Restrictions on Processing. Processor shall not collect, retain, use, disclose, or otherwise make available Customer Personal Data for any purpose other than the purpose of performing the Services, except where otherwise required by a law that applies to the Customer Personal Data. In such a case, unless prohibited by law, Processor shall inform Controller of the relevant legal requirement before Processing the Customer Personal Data. Without limiting the generality of the foregoing, Processor (i) shall not collect, retain, use, or disclose Customer Personal Data for a Commercial Purpose (other than the limited and specified purpose of providing the Services) or outside the direct business relationship between Processor and Controller; and (ii) shall not Sell or Share the Customer Personal Data.

4.4. Processor hereby certifies that it understands its obligations under this Section 4 and shall comply with the obligations set forth herein and as otherwise required under Data Protection Law.

5. PROHIBITED DATA

Unless otherwise expressly authorized in writing by Processor, Controller shall not submit to the Services any (a) protected health information regulated by the Health Insurance Portability and Accountability Act; (b) payment card data subject to the Payment Card Industry Data Security Standard; (c) social security numbers, driver's license numbers, or other government-issued identification numbers; or (d) other categories of sensitive personal data requiring specific security measures under applicable data protection laws.

6. SUBPROCESSORS

6.1. General Authorization. Controller hereby grants Processor general authorization to appoint third parties to Process Customer Personal Data as Subprocessors. Processor may utilize the Subprocessors listed in Annex III hereto (the “Subprocessor List”).

6.2. Notice of New Subprocessors. Processor may update the Subprocessor List from time to time. At least thirty (30) days before any new Subprocessor Processes any Customer Personal Data, Processor will add such Subprocessor to the Subprocessor List and notify Controller through email or other means.

6.3. Objection to New Subprocessors. If, within thirty (30) days after notice of a new Subprocessor, Controller notifies Processor in writing that Controller objects to Processor's appointment of such new Subprocessor based on reasonable data protection concerns, the Parties will discuss such concerns in good faith. If the Parties are unable to reach a mutually agreeable resolution to Controller's objection to a new Subprocessor, Controller, as its sole and exclusive remedy, may terminate the Agreement in accordance with the termination provisions set forth in the Agreement.

6.4. Subprocessor Obligations. With respect to each Subprocessor, Processor shall: (i) include terms in the contract between Processor and each Subprocessor that provide for data protection obligations materially similar to those set forth in this DPA; and (ii) remain liable to Controller for any act or omission of its Subprocessor to the same extent as Processor would be liable for the act or omission itself.

7. SECURITY INCIDENTS

7.1. Notification. If Processor becomes aware of any Security Incident, Processor shall notify Controller without undue delay, and in any event within seventy-two (72) hours, upon Processor's becoming aware of a Security Incident. Processor shall promptly provide Controller with sufficient information to allow Controller to assess and report a Security Incident under Data Protection Law, including:

7.1.1. A description of the nature of the Security Incident, including the categories and numbers of Data Subjects concerned, and the categories and numbers of Customer Personal Data records concerned;

7.1.2. The name and contact details of a relevant contact from whom more information may be obtained;

7.1.3. The likely consequences of the Security Incident; and

7.1.4. The measures taken or proposed to be taken to address the Security Incident.

7.2. Cooperation. Processor shall cooperate with Controller and take such reasonable steps to assist in the investigation, containment, and remediation of each Security Incident. Controller shall be responsible for all Controller obligations, including those regarding any required notification to Data Subjects, Supervisory Authorities, or other third parties.

8. DELETION OR RETURN OF CUSTOMER PERSONAL DATA

8.1. Upon Controller's written request made within thirty (30) days of termination of the Agreement, Processor will make available in Processor's then-current standard format all Customer Personal Data to Controller. Following termination or expiration of the Agreement, Processor will delete Customer Personal Data within ninety (90) days in accordance with the General Terms, unless Applicable Law requires continued storage of Customer Personal Data. For the avoidance of doubt, the deletion of Customer Personal Data pursuant to this Section 6 shall be performed as part of, and in conjunction with, Processor's deletion of Customer Data under the General Terms.

8.2. Processor may retain Customer Personal Data to the extent and for such period as required by Data Protection Law, provided that Processor shall continue to adhere to the requirements set forth in this DPA for any retained data.

9. AUDIT RIGHTS

9.1. Processor shall, at Controller's reasonable request and with at least thirty (30) days' prior written notice (except if otherwise required by Data Protection Law), permit and contribute to audits of the Processing activities covered by this DPA. Controller and Processor shall mutually agree upon an independent auditor, or, where such right is expressly provided by Data Protection Law, Controller may conduct such audit itself. Unless otherwise required by Data Protection Law, Controller may not request an audit more than once in any twelve (12) month period.

9.2. Processor will cooperate with Controller for the purpose of auditing, inspecting, examining, and assessing Processor's and any of its Subprocessors' compliance with the obligations defined in this DPA or the Agreement. Any audit shall be conducted during Controller's normal business hours in a manner designed to minimize disruption to Processor's operations.

9.3. Controller shall bear all costs and expenses of audits initiated pursuant to Section 9.1.

9.4. Controller acknowledges and agrees that Processor may deny access to information that, in Processor's sole discretion, may be considered confidential and thereby protected from disclosure. However, Processor shall, whenever possible, provide Controller with redacted versions of the requested information.

10. RESTRICTED TRANSFERS

10.1. EEA Restricted Transfers

10.1.1. Controller (as “data exporter”) and Processor (as “data importer”), with effect from the commencement of the relevant transfer, hereby enter into the Module 2 SCCs, which are expressly incorporated by reference herein, in respect of any Restricted Transfer subject to GDPR.

10.1.2. Module 2 of the EEA Standard Contractual Clauses shall also apply to Restricted Transfers affecting Personal Data originated in Switzerland.

10.1.3. The Parties agree that with respect to the Module 2 SCCs:

10.1.3.1. Clause 7 - Docking Clause shall apply;

10.1.3.2. In Clause 9 - Use of Subprocessors, Option 2 shall apply and the “time period” shall be thirty (30) days;

10.1.3.3. In Clause 11(a) - Redress, the optional language shall not apply;

10.1.3.4. In Clause 13(a) - Supervision: (i) Where Controller is established in an EU Member State: The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority; (ii) Where Controller is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority; (iii) Where Controller is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the Data Subjects whose Personal Data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behavior is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority;

10.1.3.5. In Clause 17 - Governing Law, Option 2 shall apply and the “Member State” shall be Ireland;

10.1.3.6. In Clause 18 - Choice of Forum and Jurisdiction, the Member State shall be Ireland;

10.1.3.7. Annexes I, II, and III shall be deemed populated with the relevant sections of the Annexes to this DPA.

10.2 UK Restricted Transfers

10.2.1 Controller (as "data exporter") and Processor (as "data importer"), with effect from the commencement of the relevant transfer, hereby enter into the UK SCCs, which are expressly incorporated by reference herein, in respect of any Restricted Transfer subject to UK Data Protection Law.

10.2.2 In cases of Restricted Transfers subject to UK GDPR, the Module 2 SCCs shall be read in accordance with, and deemed amended by, the provisions of Part 2 (Mandatory Clauses) of the UK IDTA.

10.2.3 The Parties confirm that the information required for the purposes of Part 1 (Tables) of the UK IDTA is hereby completed as follows:

10.2.3.1 For Table 1: the Parties' fields will be deemed to be pre-populated with the exporter and importer parties set out in Annex I to this DPA;

10.2.3.2 For Table 2: the Module 2 SCCs including the Appendix Information and with only the modules, clauses, or optional provisions of the Module 2 SCCs listed in Section 10.1.3 above brought into effect for the purpose of the UK SCCs;

10.2.3.3 For Table 3: the Appendix Information is set out in Annexes I, II, and III to this DPA;

10.2.3.4 For Table 4: the Parties agree that neither Party may end the UK SCCs in accordance with the provisions of Section 19 of the UK SCCs.

11. CANADIAN DATA PROTECTION LAWS

11.1. Applicability. This Section 11 shall apply to the Processing of Customer Personal Data that is subject to PIPEDA or applicable Canadian provincial privacy legislation, in addition to the other provisions of this DPA.

11.2. Compliance. Processor shall Process Customer Personal Data in compliance with PIPEDA and applicable Canadian provincial privacy legislation, including by:

11.2.1. Processing Customer Personal Data only for purposes that a reasonable person would consider appropriate in the circumstances;

11.2.2. Implementing appropriate safeguards to protect Customer Personal Data;

11.2.3. Upon Controller's request, assisting Controller in responding to access requests from individuals whose Personal Data is subject to PIPEDA; and

11.2.4. Notifying Controller of any breach of security safeguards involving Customer Personal Data subject to PIPEDA as soon as feasible, and in any event within seventy-two (72) hours, to enable Controller to assess whether notification to the Office of the Privacy Commissioner of Canada and affected individuals is required.

12. GENERAL TERMS

12.1. Precedence. To the extent there is any conflict between the Agreement and this DPA, this DPA shall control. To the extent there is any conflict between this DPA and the SCCs, the SCCs shall control.

12.2. Governing Law and Dispute Resolution. This DPA shall be governed by the governing law and dispute resolution provisions set forth in the Agreement.

12.3. Entire Agreement. This DPA, together with the Agreement and any Annexes hereto, constitutes the entire agreement between the Parties regarding the subject matter hereof and supersedes all prior agreements, understandings, and communications, whether written or oral, relating to such subject matter.

ANNEX I - DESCRIPTION OF THE PROCESSING

A. LIST OF PARTIES

Data Exporter:

Data Importer:

B. DESCRIPTION OF TRANSFER

C. COMPETENT SUPERVISORY AUTHORITY

Data Protection Commission

ANNEX II - TECHNICAL AND ORGANIZATIONAL MEASURES

FOCUS Learning Corporation (“Processor”) implements and maintains the following technical and organizational measures designed to protect Customer Personal Data in accordance with applicable Data Protection Laws.

Processor implements and maintains technical and organizational measures including:

Access Controls: Role-based access control, least privilege principles, multi-factor authentication for privileged accounts, and periodic access reviews.

Encryption: TLS 1.2+ for data in transit; encryption at rest for databases, backups, and object storage.

Logging & Monitoring: Infrastructure and administrative action logging, log integrity validation, and restricted access to log storage.

Incident Response: Documented incident response procedures, security monitoring, and notification to Controller in accordance with this DPA.

Backup & Disaster Recovery: Regular automated backups (incremental hourly, full weekly/monthly), encrypted backups, and recovery procedures to restore availability following an incident.

Personnel Security: Confidentiality obligations and access limited to individuals with legitimate operational need.

Subprocessor Oversight: Written agreements requiring appropriate data protection measures.

ANNEX III - SUBPROCESSORS

Amazon Web Services, Inc.

Address: 410 Terry Avenue North, Seattle, WA 98109 United States

Email: privacy@amazon.com

Processing services: Provision of cloud infrastructure services including hosting of data. Processes and stores Customer Personal Data on behalf of Processor within US AWS regions.

Microsoft Azure

Address: One Microsoft Way, Redmond, WA 98052 United States

Email: See Microsoft privacy contact page

Processing services: Provision of cloud infrastructure services including hosting of data. Processes and stores Customer Personal Data on behalf of Processor within US Azure regions.