General Terms & Conditions

GENERAL TERMS AND CONDITIONS v6 2025.10.28

Please read these Terms and Conditions ("Terms") carefully. These Terms govern the services and products we provide to you (the "User") across all service delivery models, including Managed Services, Co-Managed Services, and Retainer Services. By using our services, you agree to these Terms. We may update the Terms from time to time by notifying you of the changes, and such revisions will become effective immediately upon notice to you. 

USER USE OF COMPANY’S SERVICES CONSTITUTES USER ACCEPTANCE OF THESE TERMS. 

  1. Definitions. As used in this Agreement, the following definitions shall apply, unless the context otherwise requires: 

1.2 “Applicable Rate” shall mean the rate (Hourly or Overtime Rate) specified for the Services hereinafter defined below or in any Agreement, Schedule, Exhibit, Addenda or Amendment attached to this or any subsequent Agreement between the parties. 

1.2 “A-Tech – Senior Technician Rate” shall mean any DECYPHER TECHNOLOGIES team member designed to handle technologies that require a higher degree of specialization than most other network administration tasks including but not limited to Microsoft Server, Cisco IOS, Unix, Linux etc. 

1.3 “Break-Fix Service” shall mean any service not covered or defined as such in the then-current DECYPHER TECHNOLOGIES Services Agreements, under any attached Schedules, Exhibits, Addenda, Amendment and/or Agreement subsequent hereto or a mutually agreed to fixed cost project. 

1.4 “Company” and/or “Licensor” shall refer to Decypher Technologies Inc., or, “DECYPHER TECHNOLOGIES”. 

1.5 “Computer System” shall include, but is not limited to, all software, servers, computer workstations and other computer equipment, switches, circuits, printers, scanners, and other related computer equipment owned/leased/licensed by User. 

1.6 “Effective Date” shall mean the first date on which User and Company agreed that Company would provide Services to the User. The Effective Date applies all of these General Terms and Conditions throughout the relationship between Company and User and is not limited to the Effective Dates of each Schedule, Addendum, Amendment and/or Agreement subsequent hereto. 

1.7 “Help Desk Support” shall mean any and all work done on behalf of User from a remote location with or without User or point of contact support. 

1.8 “Normal Business Hours” shall mean DECYPHER TECHNOLOGIES’ regular business hours Monday through Friday (exclusive of holidays as set forth under the definitions of “Overtime Hours” below) between the hours of 8:00 a.m. and 5:00 p.m. Mountain Standard Time (MST). 

1.9 “Overtime Hours” shall mean DECYPHER TECHNOLOGIES’ overtime hours Monday through Friday, between the hours of 5:01 p.m. until 7:59 a.m. Mountain Standard Time (MST), all day Saturday, Sunday and the following holidays, New Years, Memorial Day, Labor Day, Independence Day, Thanksgiving Day and the Friday following, and Christmas Day. 

1.10 “Services” shall mean any services provided by Company to User pursuant to the terms of this Agreement, including any and all travel time to and from the User. 

1.11 “Telephone System” shall mean all software, servers, telephone workstations and other telephone equipment, switches, circuits and other related Telephone equipment owned/leased/licensed by User. 

1.12 “User” (or “Licensee”) shall means the client receiving Decypher’s services under this Agreement. This term refers to you, the customer.” 

1.13Agreement” shall mean the Master Services Agreement (MSA), the Quote, the Services Guide, and any applicable Data Processing Addendum (DPA) or Business Associate Agreement (BAA) that incorporates these Terms. In the event of conflict, the Order of Precedence outlined in the MSA or DPA shall govern. 

1.14 “Quote” shall mean the proposal, service order, statement of work, or similar document (electronic or otherwise) accepted by the User, which details the specific services, scope, and fees. 

1.15 “Third-Party Provider” shall mean any external vendor or service provider (including Sub-processors) engaged by Decypher Technologies to deliver solutions, software, or services as part of this Agreement. 

1.16 “Third-Party Solutions” shall mean any technology, software, hardware, or services provided by a Third-Party Provider and integrated into Decypher Technologies’ offerings. 

1.17 “End User License Agreement (EULA)” shall mean the contractual agreement between a Third-Party Provider and the end user that governs the use of Third-Party Solutions and sets forth licensing obligations, restrictions, and terms. 

1.18 “Applicable Data Protection Laws” shall mean all laws and regulations applicable to the processing of Personal Data under this Agreement, including but not limited to the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the Colorado Privacy Act (CPA), and sector-specific laws (e.g., HIPAA, GLBA, FERPA) as applicable to Controller. 

1.19 “Personal Data” shall mean any information relating to an identified or identifiable natural person that is processed by Company on behalf of User pursuant to the Agreement, as further described in the DPA. 

1.20 “Security Incident” shall mean any confirmed unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. 

1.21 "Managed Services" shall mean a comprehensive service delivery model where Company assumes primary responsibility for the ongoing management, monitoring, maintenance, and support of User's IT infrastructure and systems as specified in the applicable Quote or Service Guide. Under this model, Company proactively monitors systems, performs routine maintenance, provides help desk support, manages security measures, and handles day-to-day IT operations on behalf of User. Managed Services are typically provided on a fixed monthly fee basis with defined service levels, and User relies on Company as their primary or sole IT support provider. 

1.22 "Co-Managed Services" shall mean a collaborative service delivery model where Company works in partnership with User's existing in-house IT personnel or other designated IT resources to provide supplemental expertise, support, and services. Under this model, responsibilities are shared between Company and User's internal IT team based on the specific services outlined in the applicable Quote or Service Guide. Co-Managed Services allow User to retain control of certain IT functions while leveraging Company's specialized knowledge, additional capacity, monitoring tools, security expertise, or after-hours support to enhance their existing IT capabilities. The division of responsibilities and scope of Company's involvement shall be clearly defined in the applicable Quote. 

1.23 "Retainer Services" (also referred to as "Block Time Services" or "Pre-Purchased Support Hours") shall mean a service delivery model where User pre-purchases a specified number of service hours or retains Company's availability for on-demand technical support and project-based work. Under this model, Company provides services on an as-needed basis rather than continuous proactive management. Retainer Services may include break-fix support, project implementation, consulting, technical assessments, or other specialized services as requested by User and approved by Company. Hours are typically purchased in advance and consumed as services are rendered, with any unused hours handled according to the terms specified in the applicable Quote. Services not covered under User's primary Managed Services or Co-Managed Services agreement may be provided under Retainer Services terms. 

2. Confidentiality 

2.1 Confidential Information 

2.1.1 Both parties hereto understand that during the term of this Agreement, each party may have access to unpublished, proprietary and otherwise confidential information (hereinafter “Confidential Information”), related to actual or anticipated business and/or business strategies, both of a technical and non-technical nature, relating to each other’s technology or the implementation or exploitation thereof, including, but not limited to, information pertaining to strategies, positions, clients, partners, staff, size, and data, tapes, software, applications, supplier lists, customer lists, customer data, marketing information, documentation, records and all copies of the foregoing of any kind and any materials bearing or containing any of the foregoing. User owns all right, title and interest in and to all of User’s Confidential Information. At all times, both during User’s use of Company’s Services and after the cessation of said Services, whether the cessation is voluntary or involuntary, for any reason or no reason, or by disability, both parties will keep in strictest confidence and trust all of the other party’s Confidential Information and anything related thereto, and will not disclose or use or permit the use or disclosure of any such information or rights pertaining to Confidential Information, and anything related thereto, without the other party’s prior written consent, except as may be necessary in the ordinary course of Company performing its Services for User, or as required by applicable law. 

2.1.2 The parties recognize that the parties may have exchanged and in the future likely will exchange with third parties, their Confidential Information subject to a duty on both parties and third parties’ parts to maintain the confidentiality of such information and to use it only for certain limited purposes consistent with the parties’ agreements with such third parties.

2.1.3 Upon the termination or expiration of this Agreement or upon User’s request, Company shall promptly return or destroy all of User’s Confidential Information that Company has in its possession or under its control and if requested, certify in writing to User that all of User’s Confidential Information has been returned or destroyed, as applicable. 

2.1.4 Notwithstanding the foregoing, Confidential Information does not include information that (i) is or becomes publicly available other than through a breach of this Agreement by Company, its employees, agents or representatives, (ii) Company can demonstrate is known to or is in the possession of Company or any of its employees, agents or representatives at the time of disclosure, (iii) after disclosure becomes known to or comes into possession of Company or any of its employees, agents or representatives (other than as a result of breach of this Agreement) from a third party that Company, or such employee, agent or representative reasonably believes after reasonable investigation is not under any obligation of confidentiality with respect to, and is lawfully in the possession of, such information; (iv) is required to be disclosed by order of a court of competent jurisdiction, administrative agency or governmental body, or by subpoena, summons or other legal process, or by law, rule or regulation, or by applicable regulatory or professional standards; provided that prior to such disclosure, User is given reasonable advance notice of such order and an opportunity to object to such disclosure; or (v) retention is required by Applicable Data Protection Laws or necessary for the Company’s routine, secure backup systems.  

2.1.5 When Confidential Information includes Personal Data, Decypher agrees to protect such information in compliance with Applicable Data Protection Laws, including implementing the Security Measures detailed in the Services Guide or the Data Processing Addendum (DPA). 

2.1.6 In addition to the obligations set forth above, Decypher agrees to protect any proprietary information received from Third-Party Providers as part of its service delivery. This includes adhering to the confidentiality obligations specified in Third-Party agreements or licenses and ensuring that such information is not disclosed without the express written consent of the Third-Party Provider, except as required by law.  

 

2.2 Remedy 

2.2.1 Without limiting the remedies available to Company, which will include money damages, subject to the limitations of liability and indemnification set forth in the Master Services Agreement, User acknowledges that User breach of this Agreement will result in material, irreparable injury to Company for which there is no adequate remedy at law, that it will not be possible to measure damages for such injuries precisely, and that, in the event of such a breach or threat thereof, Company will be entitled to obtain a Temporary Restraining Order and/or Preliminary Injunction (without posting any bond or other security) restraining User from engaging in activities prohibited herein or such other relief as may be required to enforce any of the provisions of this Agreement. 

2.2.2 Without limiting the remedies available to User, which may include money damages, subject to the limitations of liability and indemnification set forth in the Master Services Agreement, Company acknowledges that its breach of this section may result in material, irreparable injury to User for which there is no adequate remedy at law, that it may not be possible to measure damages for such injuries precisely, and that, in the event of such a breach or threat thereof, User will be entitled to obtain a Temporary Restraining Order and/or Preliminary Injunction (without posting any bond or other security)restraining Company from engaging in activities prohibited herein or such other relief as may be required to enforce any of the provisions of this Agreement. 

2.2.3 In the event of a breach of confidentiality obligations related to Third-Party Providers, the breaching party agrees to indemnify and hold harmless the other party and the Third-Party Provider from any claims, damages, or liabilities arising from such breach, subject to the indemnification and liability limitations in the MSA. Both parties acknowledge that irreparable harm may result from such a breach, warranting equitable relief, including injunctive relief. 

2.3 Compliance with Subpoena 

2.3.1 Notwithstanding the terms and conditions contained above, the parties may comply with any subpoena, governmental request or similar order related to Confidential information, provided that the complying party notifies the other party promptly upon receipt thereof, unless such notice is prohibited by law. The targeted party shall pay complying party’s reasonable expenses for such compliance at Company’s then-current hourly rates, consistent with the fees outlined in the Master Services Agreement. 

2.3.2 The parties recognize that they may have received and in the future likely will receive from third parties their Confidential Information, subject to a request or similar order related to Company Confidential Information, provided that the complying party notifies the other party promptly upon receipt thereof, unless such notice is prohibited by law, so that the other party may inform the targeted third party if required and permissible. The complying party’s reasonable expenses for such compliance shall be paid by the other party, whose third party is the target of said information request. 

2.3.3 In cases where Third-Party Confidential Information is subject to subpoena, governmental request, or similar order, Decypher will provide prompt notice to both User and the Third-Party Provider, unless prohibited by law. Any reasonable expenses incurred in compliance will be recoverable from the targeted party or its third-party provider, consistent with the billing terms above. 

3. Delivery of Property and Work Product

3.1 In the event that the Company ceases to provide Services for User, for any reason, the parties agree to: 

3.1.1 Return of Property: Return all devices, records, sketches, reports, memoranda, notes, proposals, lists, correspondence, equipment, documents, programs, data, software, hardware, and other materials belonging to the other party or the other party’s clients/customers. This includes any property or data belonging to Third-Party Providers used in connection with the services. 

3.1.2 Deletion or Return of Data: For all Personal Data (including PHI) processed on User’s behalf, Decypher shall, at User's choice and instruction, securely delete or return such data to the User after the end of the provision of Services, and delete existing copies, unless retention is required by Applicable Data Protection Laws or necessary for Decypher’s legitimate business interest (e.g., maintaining required documentation). Decypher shall provide a written certification of deletion upon User’s request. 

3.1.3 Service Transition Obligations: Ensure that all active third-party service subscriptions remain operational until the end of their respective terms. Transition services, if requested, will be provided to facilitate compliance with third-party agreements. 

3.1.4 Offboarding Costs and Fees: User acknowledges that offboarding services, data conversion beyond standard formats, system decommissioning, documentation, and transition support to an incoming provider are Out-of-Scope Services. Such additional services, if requested, will be provided on a time and materials basis at Decypher's then-current hourly rates. 

3.1.5 Cost Responsibility: Each party shall bear its own costs related to the return of property unless otherwise agreed in writing. For third-party property, the returning party is responsible for reasonable costs associated with its return or transition. 

 

4. Duties of Company 

4.1 Performance of Services: During the term hereof, Company shall perform the Services specified on the attached Schedules, as applicable. Company’s employees shall perform all Services; provided, however, that Company is hereby authorized to engage qualified consultants, agents, independent contractors, or Third-Party Providers (Sub-processors) to perform the Services on behalf of Company. 

4.2 Responsibility for Sub-processors: Company shall remain fully liable to User for any failure by a Sub-processor to fulfill its data protection obligations. Company shall ensure that all such consultants, agents, independent contractors, or Sub-processors are bound by a written agreement imposing data protection obligations substantially similar to those imposed on Company under the applicable Data Processing Addendum (DPA). 

4.3 Remote Access Services: At Company’s reasonable discretion, and to the extent practicable, Company may perform Services via remote access to User’s System(s). For remote services facilitated through Third-Party Solutions, User agrees to comply with the platform-specific End User License Agreements (EULAs) and terms and conditions as required by the respective service provider. 

4.4 Security and Confidentiality of Personnel: Company shall ensure that all personnel authorized to process Confidential Information, including Personal Data, are subject to appropriate written confidentiality obligations no less stringent than those set forth in this Agreement, and receive relevant training on privacy and security. 

 

5. Duties of User 

5.1 Return of Property: Upon cessation of Services, User shall promptly return all property of Decypher Technologies, Inc., as detailed in Section 3. 

5.2 Legal Compliance and Indemnification: User warrants that its use of the Services, Computer System(s), software, and Personal Data shall comply with all Applicable Data Protection Laws and other federal, state, and local laws. User agrees to defend, indemnify, and hold harmless Company from any claim, damage, or liability arising out of User's breach of this warranty or any violation of law, subject to the limitations and exclusions set forth in the Master Services Agreement. 

5.3 Client Security: Prerequisites and Shared Responsibility User acknowledges that the effectiveness of Decypher’s security measures and its ability to provide compliant services is contingent upon User fulfilling the following Client Security Responsibilities and Minimum Requirements (collectively, "Prerequisites"), as further detailed in the Services Guide: 

5.3.1 Physical and Logical Access Control: User shall: (a) Restrict physical access to all managed equipment (servers, workstations, network hardware) to authorized personnel; (b) Implement and enforce Multi-Factor Authentication (MFA) for all administrative accounts and, where directed by Decypher, for all user access to information systems; and (c) Protect and securely manage all administrative credentials and access tokens.

5.3.2 User Training and Policy Adherence: User shall: (a) Ensure all personnel authorized to process Personal Data complete security awareness training; (b) Promptly report suspicious activities or Security Incidents through designated channels; and (c) Not attempt to circumvent security controls or systems implemented by Decypher.

5.3.3 Compliance with Third-Party Terms: User agrees to comply with all licenses, End User License Agreements (EULAs), and terms and conditions governing Third-Party Solutions and Third-Party Services facilitated by Decypher. User acknowledges that Decypher’s continued provision of Services is subject to User's compliance with such third-party terms.

5.3.4 Cooperation with Data Subject Rights (DSRs): User, as the Controller, is solely responsible for verifying and responding to Data Subject Requests (DSRs) from consumers. User agrees to promptly forward any DSRs received directly by User to Decypher and provide all necessary verification documentation to enable Decypher to fulfill its contractual duty of assistance. 

 

5.4 Service Model-Specific Responsibilities: 

5.4.1 General Obligations: User's specific responsibilities and level of involvement in managing its IT environment shall vary based on the service delivery model (Managed Services, Co-Managed Services, or Retainer Services) selected and detailed in the applicable Quote or Service Guide. User acknowledges that the effectiveness of Company's services and Company's ability to meet its obligations are contingent upon User fulfilling the responsibilities outlined below. 

5.4.2 Managed Services - User Responsibilities: 

5.4.2.1 When receiving Managed Services, User shall: 
5.4.2.2 Provide Company with timely access (physical and remote) to all covered systems, facilities, and information necessary for Company to perform the Services; 
5.4.2.3 Designate a primary contact person with authority to make decisions regarding IT matters and approve changes; 
5.4.2.4 Promptly notify Company of any changes to User's business operations, locations, user count, or IT environment that may affect service delivery; 
5.4.2.5 Follow Company's written recommendations regarding security measures, system updates, and infrastructure improvements. User acknowledges that failure to implement Company's documented recommendations may affect Company's ability to maintain security and service levels; 
5.4.2.6 Maintain current licenses for all software and comply with all third-party licensing agreements for systems under Company's management; and 
5.4.2.7 Refrain from making unauthorized changes to systems managed by Company without prior written approval. 

5.4.3 Co-Managed Services - Enhanced User Responsibilities: 

 5.4.3.1 When receiving Co-Managed Services, in addition to the general obligations above, User assumes heightened responsibilities and shall: 

          • Collaborate with User's internal IT personnel or designated IT resources in a shared responsibility model;
          • Provide only those specific services, support functions, or technical capabilities explicitly identified in the Quote or Service Guide;
          • Coordinate with User's IT personnel regarding system changes, maintenance windows, and incident response according to agreed-upon escalation procedures; 
          • Respect the division of responsibilities outlined in the Quote, acknowledging that User's internal IT team or other designated providers retain responsibility for portions of the IT environment not explicitly assigned to Company; and
          • Limitation of Liability for Co-Managed Environments: Company's liability under Co-Managed Services is expressly limited to those systems, services, and functions for which Company has been granted operational responsibility and appropriate access. Company shall not be liable for issues, failures, security incidents, or damages arising from: (1) systems, services, or infrastructure managed by User's internal IT personnel or other third-party providers; (2) configurations, changes, or decisions made by User's personnel without Company's knowledge or approval; (3) User's failure to follow Company's recommendations or implement advised security measures; or (4) lack of access, insufficient permissions, or incomplete information provided by User or User's IT personnel that prevents Company from fully performing its designated responsibilities. 

 

5.4.4 Retainer Services: When providing Retainer Services, Company shall:  

5.4.4.1 Make personnel available to User for on-demand support, consulting, project work, or other services as requested by User and accepted by Company, subject to resource availability; 
5.4.4.2 Provide services on a time-and-materials or pre-purchased hours basis as specified in the applicable Quote;  
5.4.4.3 Respond to User requests according to the response times specified in the Quote or, if not specified, within a commercially reasonable timeframe;  
5.4.4.4 Not be obligated to proactively monitor User's systems or provide continuous oversight unless specifically included in the Retainer Services scope; and 
5.4.4.5 Track and report time spent on services rendered, with unused pre-purchased hours subject to expiration, rollover, or refund policies as specified in the Quote. 

5.4.5 Scope Documentation: For all service models, the specific systems, applications, users, locations, and services covered (or explicitly excluded) shall be documented in the Quote, Service Guide, or accompanying Statement of Work. Any services, systems, or support not explicitly identified as within scope shall be considered out-of-scope and may be provided as additional services subject to separate agreement and fees. 

5.4.6 Scope Changes: Changes to the scope of services under any service model require a written amendment to the Quote or the execution of a new Quote. Company reserves the right to adjust fees if User's environment, user count, or service requirements materially change from what was originally scoped. 

6. Warranties and Disclaimers 

6.1 Limited Service: Warranty Decypher Technologies warrants that the Services will be performed in a professional and workmanlike manner, consistent with generally accepted industry standards for managed service providers, and that reasonable efforts will be used to adhere to all service commitments explicitly set forth in the applicable Quote. This limited warranty is contingent upon User fulfilling all Client Security Prerequisites and Minimum Requirements detailed in the Services Guide. 

6.2 Disclaimer of Third-Party Warranties: User acknowledges that Decypher is a reseller and/or facilitator of Third-Party Services and does not provide those services directly. DECYPHER PROVIDES NO WARRANTIES, EXPRESS OR IMPLIED, FOR ANY THIRD-PARTY SERVICES OR THIRD-PARTY SOLUTIONS, which are provided to User strictly on an “as is” basis only. Decypher is not and cannot be responsible for any defect, act, omission, or failure of any Third-Party Service or any failure of any Third-Party Provider. 

6.3 Disclaimer of Security Guarantee: User acknowledges that security is a shared responsibility and that Decypher provides Services on a commercially reasonable best-efforts basis. DECYPHER DOES NOT WARRANT OR GUARANTEE THAT THE SERVICES WILL PREVENT ALL SECURITY INCIDENTS, breaches, losses, or damage to data, nor does Decypher guarantee that the systems will be free from interruption or error. User acknowledges that: (i) No security measure is 100% effective against all threats; (ii) Advanced persistent threats, zero-day exploits, and insider threats may circumvent any control framework; and (iii) The security measures described in the Services Guide are only designed to assist in reducing risk. 

6.4 Disclaimer of Compliance: Warranty Decypher makes NO REPRESENTATION OR WARRANTY that the Services, Decypher’s security practices, or the Third-Party Services alone will make User compliant with any specific regulatory framework, including but not limited to HIPAA, GLBA, FERPA, PCI DSS, GDPR, or state privacy laws. Compliance remains the User's sole responsibility. While Decypher warrants that its security practices are designed with consideration of regulatory frameworks, the interpretation of regulatory requirements, determination of applicability, and ultimate achievement and maintenance of compliance rests entirely with the User. 

6.5 Relationship to MSA: The foregoing warranties and disclaimers are subject to the specific limitations of liability and indemnification provisions set forth in the Master Services Agreement. 

6.6 Service Model-Specific Warranty Provisions and Limitations:  

6.6.1 Scope of Warranty Varies by Service Model: User acknowledges and agrees that the scope and applicability of the warranties set forth in Section 6.1 vary depending on the service delivery model (Managed Services, Co-Managed Services, or Retainer Services) and the specific services Company is engaged to provide as detailed in the applicable Quote or Service Guide. For installation, infrastructure deployment, or other project-based work with a Date of Substantial Completion, Company's separate Project Warranty and Subcontractor Warranty shall govern. 

6.6.2 Managed Services Warranty Scope:   For Managed Services engagements, the warranty set forth in Section 6.1 applies to: 

6.6.2.1 All systems, infrastructure, and services explicitly identified in the Quote or Service Guide as within Company's management scope; 

6.6.2.2 The proactive monitoring, maintenance, and support activities Company performs as part of the defined Managed Services; 
Company's adherence to the service level commitments specified in the applicable Service Level Agreement. 

However, even under Managed Services, Company does not warrant: 

6.6.2.3 Systems, applications, or services explicitly excluded from the scope in the Quote or Service Guide; 

6.6.2.4 Third-party software, hardware, or cloud services that Company resells or facilitates but does not develop or manufacture (subject to Section 6.2); 

6.6.2.5 Outcomes dependent upon User's compliance with Company's recommendations or User's fulfillment of the Client Security Prerequisites detailed in Section 5.3. 

6.6.3 Co-Managed Services Limited Warranty: For Co-Managed Services engagements, the warranty set forth in Section 6.1 is expressly limited and applies only to: 

6.6.3.1 Limited Warranty Scope: Company warrants that it will perform the specific services assigned to Company (as documented in the Quote or Service Guide) in a professional and workmanlike manner, consistent with industry standards. THIS WARRANTY DOES NOT EXTEND TO: 

            • Systems, services, applications, or infrastructure managed by User's internal IT personnel or other third-party providers; 
            • The overall security, performance, availability, or compliance of User's IT environment as a whole; 
            • Issues, failures, or security incidents arising from systems or services outside Company's designated scope of responsibility; 
            • Problems caused by actions, omissions, misconfigurations, or decisions made by User's IT personnel or other providers; and 
            • The integration, compatibility, or interaction between Company-managed systems and User-managed systems. 


6.6.3.2 No Warranty for Shared or User-Managed Systems: COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO ANY SYSTEMS, SERVICES, OR INFRASTRUCTURE THAT REMAIN UNDER USER'S MANAGEMENT OR THE MANAGEMENT OF USER'S INTERNAL IT PERSONNEL OR OTHER THIRD-PARTY PROVIDERS. Company makes no representations regarding the adequacy, security, compliance, or performance of such User-managed or third-party managed systems. 

6.6.4.1 Coordination Dependency: In Co-Managed environments, Company's ability to deliver warranted services is dependent upon effective coordination with User's IT personnel and User's fulfillment of the enhanced responsibilities outlined in Section 5.4.c. Company's warranty obligations are contingent upon User providing timely access, information, and cooperation as required. 

6.6.5.1 No Warranty for Comprehensive IT Environment: User acknowledges that in Co-Managed Services arrangements, Company does not assume responsibility for, and provides no warranty regarding, the overall integrity, security posture, compliance status, or operational reliability of User's complete IT environment. Company's warranty extends only to the discrete services and systems for which Company has been granted operational responsibility and appropriate access. 

6.6.4 Retainer Services Limited Warranty: For Retainer Services engagements, the warranty set forth in Section 6.1 is limited and applies only to: 

6.6.4.1 The specific services rendered by Company in response to User's individual service requests, and only to the extent of the work actually performed; 
6.6.4.2 Company's commitment to perform requested services (when accepted) in a professional and workmanlike manner; and 
6.6.4.3 The accuracy of time tracking and billing for services rendered. 

Company does NOT warrant under Retainer Services: 

6.6.4.4 The availability of resources to respond to User's requests within any specific timeframe (unless explicitly stated in the Quote); 
6.6.4.5 Any proactive monitoring, maintenance, or oversight of User's systems; 
6.6.4.6 The ongoing security, performance, or compliance of User's IT environment between service engagements; 
6.6.4.7 That the services performed will resolve the underlying issue, as outcomes may depend on factors outside Company's control, including the age and condition of equipment, User's environment, or third-party software/services; and 
6.6.4.8 Any systems, equipment, or services not directly addressed during a specific service engagement. 

 

6.6.5 Warranty Exclusions Common to All Service Models: Regardless of service model, the warranties in Section 6.1 do NOT apply and Company disclaims all liability when: 

6.6.5.1 User has failed to implement Company's documented recommendations regarding security measures, patches, updates, or infrastructure improvements; 

6.6.5.2 User has not maintained current software licenses, hardware warranties, or third-party service subscriptions as required;

6.6.5.3 Issues arise from User's failure to fulfill the Client Security Prerequisites outlined in Section 5.3 or the service model-specific responsibilities in Section 5.4; 

6.6.5.4 Problems result from unauthorized modifications, changes, or access to systems managed by Company without Company's prior written approval; 

6.6.5.5 Failures occur due to equipment, software, or services that Company has documented as end-of-life, unsupported, or requiring replacement/upgrade; 

6.6.5.6 User has failed to provide Company with timely access, accurate information, or necessary credentials to perform the Services; and 

6.6.5.7 Issues are caused by force majeure events, third-party service provider failures, or circumstances beyond Company's reasonable control as outlined in Section 10.4. 
 

6.6.6 Warranty Remedy and Limitation: For all service models, User's sole and exclusive remedy for breach of the limited warranty set forth in Section 6.1 shall be re-performance of the deficient service at no additional charge, or, if Company cannot re-perform the service, a pro-rata refund of fees paid for the specific deficient service. This remedy is subject to the overall limitation of liability provisions in Section 7 and the Master Services Agreement. 

6.6.7. No Warranty for Assumptions and Estimates: For all service models, Company's assessments, recommendations, project timelines, cost estimates, and risk evaluations are based on the information available at the time and represent Company's professional opinion. COMPANY DOES NOT WARRANT THE ACCURACY OF ESTIMATES, TIMELINES, OR ASSUMPTIONS, as actual conditions, hidden issues, or changing circumstances may differ from initial assessments. User acknowledges that IT projects and remediation efforts may require additional time and resources beyond initial estimates due to factors that cannot be anticipated in advance. 

6.6.8 Documentation Required for Warranty Claims: Any warranty claim must be submitted to Company in writing within thirty (30) days of User becoming aware of the alleged warranty breach, with sufficient detail for Company to investigate the claim. Company shall have a reasonable opportunity to investigate and cure any warranty breach. Failure to provide timely notice or to allow Company an opportunity to cure shall constitute a waiver of the warranty claim. 

 

7. Limitation of Liability 

7.1 General Limitation: Decypher Technologies' entire liability, and User's exclusive remedy, for any claim, loss, or damage arising out of or related to this Agreement (including the Services Guide and any Quote) shall be governed exclusively by the terms and limitations set forth in the Master Services Agreement (MSA). 

7.2 Exclusion of Damages: Notwithstanding any other provision in this Agreement, in no event shall Decypher Technologies be liable for any indirect, incidental, consequential, special, punitive, exemplary, or reliance damages, including, without limitation, loss of profits, revenue, data, anticipated savings, or business interruption, even if Decypher has been advised of the possibility of such damages. 

7.3 Third-Party Services: Disclaimer. Decypher Technologies shall have no liability whatsoever for any claim, loss, damage, or expense arising from or related to the failure, defect, or performance of any Third-Party Providers or Third-Party Services/Solutions furnished or facilitated under this Agreement, as Decypher is a reseller only, pursuant to the explicit terms of the MSA. 

7.4 Data Protection Exception: The limitations set forth in this Section 7 shall be subject to the specific exceptions for liability arising from breaches of core data protection obligations as detailed in the Data Processing Addendum (DPA), provided that any resulting liability remains subject to the maximum financial caps defined in the MSA. 

8. Indemnification 

8.1 User Indemnity. User agrees to defend, indemnify, and hold harmless Decypher Technologies (and its officers, employees, and Third-Party Providers) from and against any and all claims, damages, liabilities, and expenses (including reasonable attorneys' fees) arising out of or resulting from: (a) User's breach of this Agreement, including the Duties of User in Section 5; (b) User's failure to comply with Applicable Data Protection Laws (c) User's failure to follow Decypher’s written Advice or remediate documented security deficiencies; or (d) claims arising from systems, services, or portions of the Environment managed by Co-Managed Providers or external administrators, as further detailed in the Master Services Agreement. 

8.2 Decypher Indemnity. Decypher Technologies agrees to defend, indemnify, and hold harmless User from and against any and all third-party claims, damages, liabilities, and expenses (including reasonable attorneys' fees) arising out of or resulting from: (a) Decypher's gross negligence or willful misconduct; or (b) a final judicial determination that Decypher committed a material breach of the confidentiality obligations. 

9. Governing Law and Dispute Resolution 

9.1 Governing Law and Venue: This Agreement and any disputes arising out of or related hereto shall be governed by and construed in accordance with the laws of the State of Colorado. The parties irrevocably consent to the exclusive jurisdiction and venue of the state and federal courts located in Garfield County, Colorado, for all non-arbitrable claims and causes of action arising from or related to this Agreement. Notwithstanding the foregoing, all matters relating to the processing of Personal Data shall be governed by Applicable Data Protection Laws. 

9.2 Dispute Resolution and Arbitration: Except for undisputed Collections actions or any amounts that qualify for small claims court jurisdiction, all disputes, claims, or controversies arising from or related to this Agreement shall be settled EXCLUSIVELY by binding arbitration. The parties agree to waive any right to a trial by a jury and agree that all claims must be brought solely in the parties' individual capacity and not as a plaintiff or class member in any purported class, collective, or representative proceeding 

10. General Provisions 

10.1 Modifications and Updates: Decypher reserves the right to modify these General Terms and Conditions and the Services, including features, functionalities, or associated Third-Party Solutions, from time to time to address changes in technology, industry standards, or vendor offerings. Decypher will provide User with notice of any material changes, particularly those affecting rights or service levels. User’s continued use of the Services after such notification shall constitute User’s acceptance of the modified Terms. If User does not agree to the modified Terms, User's sole remedy is to terminate the Services. 

10.2 Entire Agreement and Non-Reliance: This Agreement, coupled with the Quote and the Services Guide, sets forth the entire understanding of the parties and supersedes all prior agreements. User acknowledges that marketing materials and promotional information available on Decypher's [insert Service Guide link] (including but not limited to Service descriptions, customer endorsements, etc.) are for illustrative or educational purposes only and are not intended to create, and will not be interpreted as creating, additional duties, requirements, service levels, promises, or guarantees of specific Services or specific results. 

10.3  Assignment: Neither party may assign this Agreement or any of its rights or obligations without the other party's prior written consent, except in connection with a sale of substantially all assets or a merger. Any assignment must maintain data protection obligations and comply with applicable privacy laws. Modifications or assignments requiring third-party service provider approval will only take effect upon written confirmation of such approval. 

10.4 Force Majeure: Neither party will be liable for delays or failures to perform its obligations because of circumstances beyond such party’s reasonable control. Such circumstances include, but will not be limited to, cyberwarfare, cyberterrorism, or hacking, malware or virus-related incidents that circumvent then-current anti-virus or anti-malware software. 

10.5 Severability: If any provision in this Agreement, any Quote, or the Services Guide is declared invalid by a court of competent jurisdiction, such provision will be ineffective only to the extent of such invalidity or unenforceability so that the remainder of that provision and all remaining provisions will be valid and enforceable to the fullest extent permitted by applicable law. 

10.6 Survival: The provisions contained in this Agreement that by their context are intended to survive termination or expiration of this Agreement will survive, including without limitation, provisions regarding confidentiality, payment obligations, intellectual property ownership, indemnification, and limitation of liability. 

10.7 Order of Precedence: In the event of a conflict between the documents comprising the Agreement, the following descending order of precedence shall govern: (1) The applicable Quote (for service scope, pricing, and term); (2) The Data Processing Addendum (DPA) or Business Associate Agreement (BAA) (which shall control with respect to all matters concerning the processing of Personal Data or PHI and HIPAA compliance); (3) The Master Services Agreement (MSA); (4) The Services Guide; and (5) These General Terms and Conditions. 

11. Insurance 

11. 1 Decypher Insurance: Decypher Technologies, Inc. shall maintain, at its own expense, during the Term of the Agreement, Commercial General Liability insurance in commercially reasonable amounts consistent with industry standards for managed service providers, as further detailed in the Master Services Agreement. Decypher warrants that its employees are covered by applicable workers' compensation insurance required by Colorado law or the law of the jurisdiction where the work is performed. 

11. 2 Client Insurance: User asserts that it is properly insured at a minimum to meet the qualifications of the jurisdiction's insurance laws where services are performed by Decypher. 

11. 3 Third-Party Vendor: Insurance and Risk Transfer User acknowledges that the Services often rely on Third-Party Providers (Sub-processors). Decypher’s security vetting includes confirming that critical Third-Party Providers maintain industry-standard security and liability insurance. User acknowledges that vendor-provided liability coverage may apply to certain claims arising from Third-Party Services or Third-Party Solutions. 

12. No Solicitation 

12. 1 Prohibition on Solicitation of Employees and Contractors: During the Term of this Agreement and for a period of twelve (12) months thereafter, User shall not, directly or indirectly, solicit, recruit, or attempt to hire any employee or independent contractor of Decypher Technologies, Inc. without Decypher’s prior written consent. 

12. 2 Prohibition on Solicitation of Third-Party Providers: User shall not, during the Term of this Agreement and for a period of twelve (12) months thereafter, directly or indirectly solicit, recruit, or attempt to engage the services of any Third-Party Provider (including its employees or contractors) that Decypher utilizes to provide or facilitate the Services, circumventing Decypher as the primary service facilitator. 

12. 3 Liquidated Damages: User acknowledges that Decypher would suffer irreparable harm and that the damages resulting from a breach of this Section are difficult to calculate. Therefore, if User breaches Section 12.1 or 12.2, User agrees to pay Decypher, as liquidated damages and not as a penalty, a fee equal to fifty percent (50%) of the solicited individual's or entity’s annualized compensation or contract value. This provision is in addition to any other remedies available at law or equity, including injunctive relief. 

13. Notices 

13.1 Form of Notice. All notices, requests, demands, and other communications hereunder shall be in writing. Electronic documents and communications, including email, shall satisfy any "writing" requirement under this Agreement. 

13. 2 Timing of Notice. Notice shall be deemed to have been duly given: (a) when delivered by hand; (b) when received by the addressee if sent by a nationally recognized overnight courier (receipt requested); (c) on the date sent by electronic mail (with confirmation of transmission) if sent during Normal Business Hours of the recipient, and on the next business day if sent outside Normal Business Hours of the recipient; or (d) on the third day after the date mailed, by certified or registered mail, return receipt requested, postage prepaid. 

13. 3 Designated Contacts. Such communications must be sent to the respective parties at their primary business addresses or such other address or electronic mail address as may be designated by a party by notice to the other party pursuant to this Section. Notices to Company shall be addressed to the person designated in the Master Service Agreement.