Master Terms of Service

1. Definitions

The following definitions apply throughout this Agreement:

"Agreement"

These Master Terms of Service together with any applicable Statement of Work, Order Form, or Master Services Agreement executed between the parties.

"Foefox Labs" / "Provider"

Foefox Labs, a Vaansoft Technologies company, including its subsidiaries, affiliates, officers, employees, and authorized representatives.

"Client" / "Customer"

The entity or individual engaging Foefox Labs for Services, as identified in the applicable Statement of Work or Order Form.

"Services"

The compliance consulting, security assessment, and related professional services described in the applicable Statement of Work.

"Deliverables"

Work product, documents, reports, policies, and other materials created by Foefox Labs for Client under this Agreement.

"Confidential Information"

Any non-public information disclosed by either party, including but not limited to business plans, technical data, security assessments, financial information, and customer data.

"Statement of Work" / "SOW"

A document describing specific Services, Deliverables, timelines, fees, and other project-specific terms, incorporated by reference into this Agreement.

2. Agreement to Terms

2.1 Acceptance

By executing a Statement of Work, Order Form, or otherwise engaging Foefox Labs for Services, Client agrees to be bound by these Master Terms of Service. These Terms, together with any SOW, constitute the complete and exclusive agreement between the parties regarding the subject matter herein.

2.2 Order of Precedence

In the event of any conflict between documents, the following order of precedence shall apply:

1. The applicable Statement of Work (most recent controls)
2. Any executed Master Services Agreement
3. These Master Terms of Service
4. Any policies or guidelines referenced herein

2.3 Modifications

Foefox Labs may update these Terms from time to time. Material changes will be communicated via email at least 30 days prior to taking effect. Continued use of Services after changes become effective constitutes acceptance. For active engagements, the Terms in effect at SOW execution shall govern unless mutually agreed otherwise.

3. Services & Scope

3.1 Service Categories

Foefox Labs provides enterprise compliance consulting services including, but not limited to:

• SOC 2 Compliance: Type I and Type II readiness assessments, gap analysis, control implementation, evidence collection, and audit coordination
• ISO 27001 Certification: ISMS implementation, documentation, internal audits, and certification body coordination
• GDPR Compliance: Data mapping, privacy impact assessments, policy development, and DPO services
• Security Assessments: Penetration testing, vulnerability assessments, code review, and security architecture review
• Policy Development: Information security policies, procedures, and employee training programs
• Ongoing Compliance: Continuous monitoring, annual renewals, and compliance program management

3.2 No Guarantee of Certification

3.3 Scope Definition

The specific Services, Deliverables, timelines, milestones, and fees for each engagement will be detailed in a Statement of Work. Services not explicitly included in an executed SOW are out of scope and may require a change order with additional fees.

3.4 Change Orders

Either party may request changes to the scope of Services. All change requests must be documented in writing and executed by authorized representatives of both parties before work commences. Change orders may affect timelines and fees.

3.5 Subcontractors

Foefox Labs may engage qualified subcontractors to perform portions of the Services, provided that: (a) Foefox Labs remains responsible for subcontractor performance; (b) subcontractors are bound by confidentiality obligations at least as protective as those in this Agreement; and (c) Client is notified of subcontractor use upon request.

4. Client Responsibilities

To enable Foefox Labs to deliver Services effectively and on schedule, Client agrees to the following obligations:

4.1 Access & Cooperation

• Personnel Access: Make appropriate personnel available for interviews, workshops, and reviews as reasonably requested
• System Access: Provide secure access to systems, applications, and infrastructure within scope of the engagement
• Documentation: Provide existing documentation, policies, procedures, and relevant business information
• Facilities: Provide suitable workspace for on-site activities when required

4.2 Information Accuracy

• Provide accurate, complete, and timely information about systems, processes, and controls
• Promptly notify Foefox Labs of any material changes to systems or business operations
• Disclose any known compliance issues, security incidents, or regulatory actions

4.3 Timely Response

• Respond to information requests within five (5) business days unless otherwise agreed
• Review and provide feedback on Deliverables within the timeframes specified in the SOW
• Attend scheduled meetings and provide timely decisions on project matters

4.4 Implementation

• Implement recommended controls, remediations, and process improvements
• Maintain implemented controls throughout the engagement and audit period
• Allocate sufficient internal resources to support the compliance program

4.5 Project Management

• Designate a qualified project lead with decision-making authority
• Ensure executive sponsorship for the compliance initiative
• Manage internal stakeholder communication and change management

5. Fees & Payment

5.1 Fee Structure

Fees for Services are specified in the applicable Statement of Work. Foefox Labs offers the following fee structures:

5.2 Payment Terms

• All invoices are due and payable within thirty (30) days of invoice date
• All fees are quoted and payable in United States Dollars (USD)
• Fixed-fee engagements typically require 50% upon execution and 50% upon completion of readiness phase
• Wire transfer or ACH is preferred for amounts exceeding $10,000

5.3 Late Payment

Overdue amounts shall accrue interest at the rate of one and one-half percent (1.5%) per month, or the maximum rate permitted by applicable law, whichever is lower. Client shall reimburse Foefox Labs for reasonable collection costs, including attorneys' fees, incurred in collecting overdue amounts.

5.4 Taxes

All fees are exclusive of applicable taxes. Client is responsible for all sales, use, VAT, GST, withholding, and similar taxes, excluding taxes based solely on Foefox Labs's net income. If Client is required to withhold taxes, the amount payable shall be increased so that Foefox Labs receives the full invoiced amount.

5.5 Expenses

Pre-approved travel and out-of-pocket expenses will be invoiced at cost with supporting documentation. Expenses exceeding $500 individually or $2,500 in aggregate require prior written approval.

5.6 Disputed Invoices

Client must notify Foefox Labs in writing of any invoice dispute within fifteen (15) days of receipt, specifying the nature and basis of the dispute. Undisputed portions remain due per standard terms. Parties shall work in good faith to resolve disputes promptly.

6. Intellectual Property

6.1 Client Materials

Client retains all right, title, and interest in and to all materials, data, information, systems, and intellectual property provided to Foefox Labs ("Client Materials"). Client grants Foefox Labs a limited, non-exclusive license to use Client Materials solely for the purpose of performing Services.

6.2 Foefox Labs Materials

Foefox Labs retains all right, title, and interest in and to its pre-existing materials, methodologies, frameworks, tools, templates, software, and know-how ("Foefox Labs Materials"), including any improvements thereto. Foefox Labs grants Client a non-exclusive, non-transferable, perpetual license to use Foefox Labs Materials incorporated into Deliverables for Client's internal business purposes only.

6.3 Custom Deliverables

Subject to full payment of all fees, Client shall own all custom Deliverables created specifically for Client (e.g., customized security policies, Client-specific documentation). However:

• Foefox Labs retains ownership of any Foefox Labs Materials incorporated therein
• Foefox Labs may use anonymized and aggregated learnings to improve its methodologies and services
• General knowledge and skills developed during the engagement remain Foefox Labs property

6.4 Feedback

Any suggestions, ideas, or feedback provided by Client regarding Services or Foefox Labs Materials may be freely used by Foefox Labs without obligation or compensation.

7. Confidentiality

7.1 Obligations

Each party agrees to:

• Maintain the confidentiality of the other party's Confidential Information
• Use Confidential Information solely for purposes of this Agreement
• Protect Confidential Information using at least the same degree of care used to protect its own confidential information, but no less than reasonable care
• Limit access to Confidential Information to personnel with a need to know who are bound by confidentiality obligations
• Not disclose Confidential Information to third parties without prior written consent

7.2 Exclusions

Confidentiality obligations do not apply to information that:

• Is or becomes publicly available through no fault of the receiving party
• Was rightfully known to the receiving party prior to disclosure
• Is rightfully received from a third party without restriction
• Is independently developed without use of Confidential Information
• Must be disclosed pursuant to law, regulation, or court order (with prompt notice to the disclosing party where permitted)

7.3 Return or Destruction

Upon termination or expiration of this Agreement, or upon written request, each party shall promptly return or securely destroy all Confidential Information of the other party, except for copies retained in routine backup systems or as required for legal compliance.

7.4 Duration

Confidentiality obligations shall survive termination of this Agreement for a period of five (5) years, except for trade secrets which shall remain confidential indefinitely.

7.5 Injunctive Relief

Each party acknowledges that breach of confidentiality obligations may cause irreparable harm and that monetary damages may be inadequate. Accordingly, either party may seek injunctive relief without the necessity of proving actual damages or posting bond.

8. Data Protection

8.1 Data Processing

To the extent Foefox Labs processes personal data on behalf of Client, the parties agree that:

• Client is the data controller and Foefox Labs is the data processor
• Foefox Labs will process personal data only as necessary to perform Services and in accordance with Client's documented instructions
• A Data Processing Agreement (DPA) shall be executed upon Client request

8.2 Security Measures

Foefox Labs implements and maintains appropriate technical and organizational security measures, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls based on least privilege and need-to-know
• Multi-factor authentication for all personnel
• Annual penetration testing and continuous vulnerability management
• SOC 2 Type II certified operations

8.3 Data Breach Notification

Foefox Labs will notify Client without undue delay (and in no event more than 72 hours) upon becoming aware of any security incident affecting Client data, and will cooperate with Client's incident response and regulatory notification obligations.

8.4 International Transfers

For transfers of personal data from the EU/EEA/UK to the United States, Foefox Labs relies on Standard Contractual Clauses (SCCs) approved by the European Commission, with appropriate supplementary measures.

9. Warranties

9.1 Foefox Labs Warranties

Foefox Labs represents and warrants that:

• Professional Standards: Services will be performed in a professional and workmanlike manner consistent with industry standards
• Qualified Personnel: Personnel assigned to perform Services are qualified and experienced in compliance consulting
• Legal Compliance: Foefox Labs will comply with all applicable laws and regulations in performing Services
• No Conflicts: Foefox Labs has no conflicts of interest that would materially impair its ability to perform Services
• Authority: Foefox Labs has full authority to enter into this Agreement and perform its obligations

9.2 Client Warranties

Client represents and warrants that:

• Client has authority to enter into this Agreement and engage Foefox Labs
• Client Materials do not infringe any third-party intellectual property rights
• Information provided to Foefox Labs is accurate and complete to the best of Client's knowledge
• Client will comply with all applicable laws in connection with this engagement

9.3 Disclaimer

10. Limitation of Liability

10.1 Exclusion of Consequential Damages

NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, DATA, BUSINESS OPPORTUNITIES, OR OTHER INTANGIBLE LOSSES, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT, OR OTHERWISE), EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.2 Cap on Liability

FOEFOX LABS' TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY CLIENT TO FOEFOX LABS IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE CLAIM; OR (B) FIFTY THOUSAND DOLLARS ($50,000).

10.3 Exceptions

The limitations in this Section 10 shall not apply to:

• Breaches of confidentiality obligations under Section 7
• Either party's willful misconduct or gross negligence
• Indemnification obligations under Section 11
• Client's payment obligations
• Claims arising from infringement of intellectual property rights

10.4 Basis of Bargain

The parties acknowledge that the limitations of liability in this Section reflect a reasonable allocation of risk and are a fundamental element of the basis of the bargain between the parties. The fees charged reflect this allocation of risk and the limitations herein.

11. Indemnification

11.1 Client Indemnification

Client shall indemnify, defend, and hold harmless Foefox Labs and its officers, directors, employees, and agents from and against any third-party claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from:

• Client's breach of this Agreement
• Client's violation of applicable laws or regulations
• Client Materials infringing third-party intellectual property rights
• Client's negligence or willful misconduct
• Any misrepresentation by Client

11.2 Foefox Labs Indemnification

Foefox Labs shall indemnify, defend, and hold harmless Client from and against any third-party claims arising from:

• Foefox Labs Materials infringing third-party intellectual property rights
• Foefox Labs's gross negligence or willful misconduct in performing Services

11.3 Indemnification Procedures

The indemnified party must: (a) promptly notify the indemnifying party in writing; (b) grant sole control of the defense and settlement; and (c) provide reasonable cooperation at the indemnifying party's expense. The indemnifying party shall not settle any claim that imposes obligations on the indemnified party without prior written consent.

12. Insurance

Foefox Labs maintains the following insurance coverage:

• Professional Liability (E&O): $2,000,000 per occurrence / $5,000,000 aggregate
• Cyber Liability: $2,000,000 per occurrence / $5,000,000 aggregate
• Commercial General Liability: $1,000,000 per occurrence / $2,000,000 aggregate
• Workers' Compensation: As required by applicable law

Certificates of insurance are available upon request. Client may be named as an additional insured on the CGL policy upon written request.

13. Term & Termination

13.1 Term

This Agreement is effective upon execution of an initial Statement of Work and continues until all SOWs have been completed or terminated, unless earlier terminated pursuant to this Section.

13.2 Termination for Convenience

Either party may terminate this Agreement or any SOW for convenience upon thirty (30) days prior written notice. Client shall pay for all Services performed and expenses incurred through the effective date of termination, plus any non-cancelable commitments made by Foefox Labs on Client's behalf.

13.3 Termination for Cause

Either party may terminate this Agreement immediately upon written notice if the other party:

• Materially breaches this Agreement and fails to cure within fifteen (15) days of written notice
• Becomes insolvent, files for bankruptcy, or makes an assignment for the benefit of creditors
• Engages in conduct that materially damages the other party's reputation

13.4 Effect of Termination

Upon termination or expiration:

• All fees owed through the termination date become immediately due and payable
• Each party shall return or destroy the other party's Confidential Information
• Foefox Labs shall deliver all completed Deliverables and work-in-progress (subject to payment)
• Licenses granted hereunder shall terminate, except as expressly stated to survive

13.5 Survival

The following provisions shall survive termination: Definitions, Intellectual Property, Confidentiality, Data Protection, Warranties (disclaimers), Limitation of Liability, Indemnification, Governing Law, and General Provisions.

14. Governing Law & Dispute Resolution

14.1 Governing Law

This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

14.2 Dispute Resolution

The parties agree to resolve disputes as follows:

1. Negotiation: The parties shall first attempt to resolve any dispute through good-faith negotiation between project managers
2. Escalation: If unresolved within fifteen (15) days, disputes shall be escalated to senior executives for resolution
3. Mediation: If still unresolved within thirty (30) days, the parties shall engage in mediation administered by JAMS in San Francisco, California
4. Arbitration: If mediation fails, disputes shall be resolved by binding arbitration administered by JAMS under its Comprehensive Arbitration Rules

14.3 Arbitration Terms

Arbitration shall be conducted by a single arbitrator with expertise in technology and professional services. The arbitration shall be held in San Francisco, California. The arbitrator's decision shall be final and binding, and judgment may be entered in any court of competent jurisdiction.

14.4 Class Action Waiver

ALL DISPUTES MUST BE BROUGHT IN AN INDIVIDUAL CAPACITY, NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING.

14.5 Injunctive Relief

Notwithstanding the above, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or Confidential Information.

15. General Provisions

• Entire Agreement: This Agreement, together with all SOWs and exhibits, constitutes the entire agreement between the parties and supersedes all prior negotiations, representations, and agreements
• Amendment: Except as otherwise provided herein, this Agreement may only be modified by a written instrument signed by authorized representatives of both parties
• Assignment: Neither party may assign this Agreement without prior written consent, except to an affiliate or in connection with a merger, acquisition, or sale of all or substantially all assets
• Severability: If any provision is held invalid or unenforceable, the remaining provisions shall continue in full force and effect, and the invalid provision shall be modified to the minimum extent necessary
• Waiver: The failure of either party to enforce any right or provision shall not constitute a waiver of such right or provision
• Force Majeure: Neither party shall be liable for delays or failures in performance resulting from circumstances beyond reasonable control, including acts of God, natural disasters, war, terrorism, labor disputes, or government actions
• Independent Contractors: The parties are independent contractors. Nothing herein creates a partnership, joint venture, employment, or agency relationship
• No Third-Party Beneficiaries: This Agreement is solely for the benefit of the parties and does not confer any rights on third parties
• Notices: All notices must be in writing and delivered by email with confirmation, overnight courier, or certified mail to the addresses specified in the SOW
• Counterparts: This Agreement may be executed in counterparts, including electronic signatures, each of which shall be deemed an original
• Headings: Section headings are for convenience only and shall not affect interpretation
• Construction: This Agreement shall not be construed against either party as the drafter

16. Contact Information

For questions regarding these Terms or to request modifications: