Client Terms and Conditions

2.1 Master Framework

This Agreement is a master framework. Specific Services are described in individual Service Orders. Scope is strictly limited to Services expressly listed in each Service Order. Out-of-Scope Work creates no obligation or liability for UTS whatsoever, whether performed voluntarily, gratuitously, or in an emergency. No course of dealing, verbal promise, or marketing material expands the scope of any Service Order.

2.2 Order of Precedence

In the event of any conflict: a Service Order governs over a Service Description; a Service Description governs over this Agreement. Addenda executed by both Parties govern over all other documents to the extent of the conflict.

2.3 Third-Party Providers

Certain Services involve Third-Party Providers. UTS acts solely as reseller or facilitator and is not the direct provider. UTS bears no liability for Third-Party Provider performance, availability, errors, or failures. UTS may change Third-Party Providers at any time without Client's consent, provided such change does not materially degrade the Services. All Third-Party Services are provided strictly "as is" and "as available" without any warranty of any kind.

2.4 Environment Accepted As-Is at Onboarding

UTS accepts management of the Environment in its current, pre-existing condition. UTS is not responsible for any defects, vulnerabilities, instability, data loss, security gaps, misconfiguration, or compliance failures that existed prior to UTS's management. The Baseline Report documents the Environment's condition at commencement. All pre-existing issues are excluded from UTS's obligations and liability. Commencement of Services constitutes Client's irrevocable acceptance of the Environment in its existing state.

2.5 Authenticity and Licensing

Everything in the Environment must be genuine, licensed, and vendor-supported. If UTS requests proof of authenticity or licensing, Client must provide it promptly. Minimum Requirements must be implemented and maintained throughout the term. Any costs to bring the Environment up to Minimum Requirements are excluded from all Service Orders unless expressly stated.

2.6 Unilateral Amendment Right

UTS reserves the right to update or amend this Agreement at any time by providing Client with at least thirty (30) days' prior written notice of the change, which may be delivered by email to Client's designated contact address. Client's continued use or receipt of the Services after the thirty-day notice period constitutes Client's irrevocable acceptance of the updated Agreement. If Client objects to any amendment, Client must provide UTS with written notice of termination before the amendment's effective date, in which case the Early Termination Fee will not apply solely to the extent termination is caused exclusively by Client's objection to that amendment.

2.7 Right to Subcontract

UTS may subcontract any portion of the Services to qualified third-party personnel or subcontractors without Client's prior consent. UTS remains responsible for the performance of subcontractors as if UTS performed the work itself.

2.8 Cost Pass-Throughs

UTS may pass through Third-Party Provider cost increases to Client with reasonable advance written notice. Pass-throughs are excluded from any fee-increase caps set forth in a Service Order.

2.9 Fee Audit Right

UTS reserves the right, upon reasonable written notice, to audit Client's device count, user count, software licenses, and Environment configuration to verify that the fees charged accurately reflect the scope of Services being delivered. If an audit reveals that Client has been receiving Services in excess of what Client has been paying for, UTS may invoice Client retroactively for up to twelve (12) months of underbilled amounts at the applicable per-unit rates, payable within thirty (30) days of invoice.

2.10 Lien on Client Data and Credentials

UTS has the right to withhold Client Data, administrative credentials, passwords, log files, configuration documentation, and all transition assistance until all outstanding fees, Early Termination Fees, and other amounts owed to UTS are paid in full. This lien right is UTS's primary security interest in Client's account and survives termination of this Agreement. Payment of all outstanding amounts is a condition precedent to UTS's obligation to provide transition assistance or release any Client Data or credentials.

2.11 Wire Fraud and Social Engineering Disclaimer

Cybercriminals may impersonate UTS by sending fraudulent communications instructing Client to change payment instructions or wire funds. UTS will never request a change to payment instructions or a wire transfer solely by email without verbal confirmation. Client agrees to verify any request to change payment details or transfer funds by calling UTS directly at the verified telephone number listed in the applicable Service Order before acting on any such request. UTS is expressly held harmless for any losses arising from Client's response to such attacks or Client's failure to verify such requests.

2.12 AI and Automation Tools

UTS may use artificial intelligence, machine learning, automated monitoring, automated ticketing, and other automated tools to assist in delivering the Services. These tools assist UTS's personnel and do not replace professional judgment. UTS makes no warranty that automation tools will be error-free or that their outputs will be accurate under all circumstances. UTS bears no additional or separate liability for errors or incorrect outputs generated by automation tools, provided UTS's personnel exercise reasonable professional oversight. Use of automation tools does not expand UTS's liability beyond the limits set forth in Article 12.

This Article constitutes the Service Statement for all managed services provided by UTS. Only services specifically listed in the applicable Service Order will be provided. The following descriptions define all services UTS may offer; their inclusion here does not obligate UTS to provide any particular service unless it appears in a Service Order.

3.1 Onboarding Services

If onboarding services are included in the Service Order, UTS will perform the following activities, subject to change if UTS determines in its discretion that different or additional activities are required:

• Uninstall any monitoring tools or software installed by previous IT providers
• Compile a full inventory of all protected servers, workstations, and laptops
• Uninstall previous antivirus software and install UTS's managed antivirus application
• Install remote support access application on each managed device
• Configure patch management application and check for missing security updates
• Uninstall unsafe or unnecessary applications
• Optimize device performance including disk cleanup, antivirus, and spyware scans
• Review firewall configuration and other network infrastructure devices
• Review and document battery backup protection status on all devices
• Review and document current server configuration and status
• Determine existing backup strategy and status; prepare backup options for consideration
• Review password policies and update user and device passwords
• Issue Recommendations for changes to the Environment as applicable

Onboarding services do not include remediation of discovered deficiencies unless expressly stated in the Service Order. UTS cannot guarantee that all issues will be detected during onboarding. Deficiencies discovered will be documented in the Baseline Report and are excluded from UTS's ongoing service obligations and liability.

3.2 Ongoing and Recurring Managed Services

Ongoing services are billed monthly from the Commencement Date unless otherwise indicated. Delays in onboarding may delay the start of ongoing services. The following services are provided only if expressly listed in the Service Order:

Remote Monitoring and Management (RMM)

Software agents on Covered Equipment report status and events 24x7. Alerts are generated and responded to per the service levels in Article 4. Monitoring and alert services are limited to detection and notification only unless otherwise stated. Monitoring levels are set by UTS; Client shall not modify them without UTS's prior written consent.

Backup and Disaster Recovery (BDR)

• 24/7 monitoring of backup system including offsite backup and offsite replication (local backup appliance purchased separately)
• Troubleshooting and remediation of failed backup jobs
• Preventive maintenance and management of imaging software
• Firmware and software updates of backup appliance
• Monitoring of backup successes and failures and quarterly recovery verification

Backup Schedule: Hourly by default. Certain applications (such as Microsoft 365) limit daily backup frequency; in such cases UTS performs the maximum number permitted.

Data Security: All backed-up data is encrypted in transit using 256-bit AES encryption. At-rest encryption is available upon request.

Retention: Hourly: 2 weeks. Daily: 6 weeks. Weekly: 8 weeks. Monthly: 6 months.

Recovery: Requests during business hours (9:00 AM to 6:00 PM EST, Mon through Fri) via support email or telephone, subject to technician availability. Generally: 0 to 100 MB within 4 hours; 100 to 500 MB within 8 hours; over 500 MB per technician availability.

BDR services require reliable, always-connected internet. Outages prevent BDR from operating correctly. UTS is held harmless for data loss caused by hardware failure, telecommunications failure, or internet outage. UTS does not warrant that data corruption or loss will be avoided in all circumstances. Client is strongly advised to maintain a local backup of all stored data independently of UTS-managed BDR.

Updates and Patch Management

• Deploy updates, bug fixes, and security updates as deemed necessary on all managed hardware
• Perform minor hardware and software installations and upgrades on managed hardware
• Perform minor remote installations (tasks typically taking less than thirty (30) minutes)
• Deploy, manage, and monitor approved service packs, security updates, and firmware updates

Patches are developed by third parties and may on rare occasions destabilize the Environment. UTS is not responsible for downtime or losses arising from patch installation. UTS reserves the right to delay installing any patch it believes may cause instability.

Firewall Solution

FIPS 140-2 compliant firewall configured for Client's specific bandwidth, remote access, and user needs. Prevents unauthorized external access; provides encrypted remote access, antivirus scanning of all traffic, and website content filtering.

Email Threat Protection

Managed protection from phishing, business email compromise, spam, and email-based malware. Friendly name filters, whaling and CEO fraud protection, display name spoofing protection, and look-alike domain protection.

End User Security Awareness Training

Online, on-demand multi-lingual training videos and quizzes. Baseline phish-prone percentage testing and simulated phishing campaigns.

EDR-AV (Endpoint Detection and Response Antivirus)

Endpoint Detection and Response antivirus installed on managed devices. Viruses existing in the Environment at the time of implementation may not be removable without additional Out-of-Scope services. UTS does not warrant that all viruses and malware will be detected, avoided, or removed, or that affected data will be recoverable.

MDR-AV (Managed Detection and Response)

Managed Detection and Response software such as Huntress MDR, providing advanced threat hunting and remediation beyond standard antivirus.

Dark Web Monitoring

Third-party dark web monitoring scans for Client's designated credentials and information. UTS does not guarantee detection of all actual or potential unauthorized uses of Client's credentials.

Hardware as a Service (HaaS)

• Provision, deployment, installation, repair, replacement, and technical support for HaaS Equipment
• Periodic replacement of aging HaaS Equipment at UTS's discretion (generally equipment five or more years old)

Deployment: Per the Service Order timeline, provided Client supplies required information promptly. Client may delay deployment with five (5) days' written notice after signing; no delay beyond two (2) months. Client is charged 50% of monthly HaaS-related recurring fees during any delay period.

Repair or Replacement: UTS will repair or replace HaaS Equipment by the end of the business day following the business day on which the problem is identified as non-remotely-remediable. This excludes time to rebuild systems, configure replacement devices, rebuild RAID arrays, reload operating systems, or restore from backup. If UTS fails to meet this commitment and the failure materially impacts Client's hosted environment, Client's sole remedy is a discretionary goodwill credit of up to 50% of the applicable month's fee for the affected equipment. This credit is not a contractual entitlement and does not constitute an admission of breach.

Return: Client shall not remove or disable software agents on HaaS Equipment without UTS's written direction. Within ten (10) days after termination of HaaS-related Services, Client provides UTS access to retrieve all HaaS Equipment. Missing or damaged equipment (beyond normal wear and tear) is billed at full replacement cost.

Use Restrictions: HaaS Equipment is for Client's internal business use only. Client shall not sublease, sublicense, rent, or make HaaS Equipment available to any third party without UTS's prior written consent.

Labor for New and Replacement Workstations

Includes all labor for setup of new or replacement workstations: new or additional computers added during the term; replacements for computers four or more years old per manufacturer records; replacements for lost, stolen, or irreparably damaged out-of-warranty computers; and OS upgrades subject to hardware compatibility. Limited to four (4) devices per month unless pre-approved. Not available for used or remanufactured computers. Machines must be business-grade from a major manufacturer.

Remote and Onsite Support

Includes all labor for supporting company-owned computers, laptops, servers, cloud environments (including Microsoft 365), printers, and desktop support. Subject to the Fair Usage Policy in Section 3.7.

3.3 Additional Services on Fixed-Fee Project Basis

The following are available only if expressly included in a Service Order:

• HIPAA Audit and Policy Manual Implementation: Six-step audit, development of Privacy and Security Policy Manuals, IT Disaster and Recovery Plan, Business Continuity Plan, online documentation repository, and Security Awareness Training.
• SOC 2 and ISO 27001 Compliance and Certification: Environment review and advisory on SOC 2 and ISO 27001 controls frameworks. Third-party provider delivers certification after implementation. Does not include third-party licensing or actual implementation.
• NIST Cybersecurity Framework Assessment: Environment review and advisory based on the NIST Cybersecurity Framework. Does not include implementation.
• CIS Controls Assessment: Environment review and advisory based on CIS Controls Framework. Does not include implementation.
• Risk Assessment: NIST-based risk questionnaire providing a risk assessment score via third-party software platform.
• NY State SHIELD Act Audit: Environment review and advisory on NY State SHIELD Act requirements. Does not include implementation.
• NYCRR Part 500 Compliance Review: Annual review and compliance check based on NYCRR Part 500. Does not include implementation.
• Vulnerability Scans: Vulnerability scan of Client's network and review of outstanding vulnerabilities.
• Domain and Email Setup: Email server setup with company-owned domain at Microsoft 365 or Google Workspace. Does not include monthly user licensing.
• Azure Active Directory and Intune Management Setup: Azure AD setup, Intune enrollment, UTS-developed security standards deployment, device configuration profiles, Conditional Access Policies, and company device enrollment. All settings await Client's written approval before deployment. Does not include monthly user licensing.
• Email Migration: On-premises to cloud or cloud-to-cloud email migration.
• Data Migration: On-premises to on-premises, on-premises to cloud, or cloud-to-cloud data migration.

3.4 Covered Equipment and Environment

Managed Services apply to Covered Hardware only. Supported Software on Covered Hardware is supported under the plan; software without a vendor-supported plan is supported on a best-efforts basis only. Environment modifications are subject to additional fees, pro-rated for mid-month changes.

3.5 Physical Locations

Services are provided remotely unless UTS determines an onsite visit is required. Unless otherwise agreed, all onsite Services are provided at Client's primary office location in the Service Order. Travel up to thirty (30) minutes from UTS's office is included; travel beyond thirty (30) minutes is billed at UTS's then-current hourly rates. Client is also billed for all tolls, parking, and related expenses for onsite services.

3.6 Minimum Requirements and Exclusions

The following Minimum Requirements must be maintained throughout the term:

• Server hardware must be under current warranty coverage
• All Microsoft Windows equipment must run currently supported OS versions with latest service packs and critical updates
• All software must be genuine, licensed, and vendor-supported
• Server file systems and email systems must be protected by licensed, up-to-date antivirus software
• The Environment must have a currently licensed, vendor-supported, server-based backup solution that can be monitored
• All wireless data traffic must be securely encrypted
• All servers must be connected to working UPS devices
• Client must provide all software installation media and key codes in the event of a failure
• Client must provide UTS with full administrative privileges to the Environment
• Client must not install any accessory, addition, upgrade, or device on the firewall, server, or NAS appliances without UTS's prior written approval

Expressly excluded from all Service Orders unless separately agreed in writing: customization of third-party applications or programming; support for end-of-life hardware or software; data/voice wiring or cabling; battery backup replacement; equipment relocation; costs to bring the Environment up to Minimum Requirements; hardware repair costs or parts acquisition; and cost of travel or parking for onsite visits.

3.7 Fair Usage Policy

All services designated "unlimited" are subject to this Fair Usage Policy. Unlimited means Client may use the service as reasonably necessary without additional time-based or usage-based costs, during normal business hours only, subject to technician availability. UTS may prioritize more urgent issues. Client agrees to refrain from creating urgent tickets for non-urgent issues; requesting support volumes inconsistent with normal industry patterns; and requesting support likely to interfere with UTS's ability to serve other clients.

3.8 Hosted Email and Acceptable Use

Client is solely responsible for proper use of any hosted email service. Client and all Client Users agree to refrain from transmitting content that is obscene or illegal; violates intellectual property or privacy rights; creates a false identity; interferes with UTS's or third-party services; or contains viruses or malicious code. Client must not use hosted email to send spam. UTS may suspend hosted email access if it reasonably believes the account is being used improperly. Client is solely responsible for the security and confidentiality of all login credentials.

3.9 Penetration Testing and Vulnerability Assessments

Client is solely responsible for notifying monitoring companies and law enforcement of potential false alarms arising from penetration testing. Client must take all steps necessary to ensure false alarms are not treated as real threats. Some security measures may cause partial or complete Environment shutdown during testing. UTS is not responsible for any claims or expenses arising from monitoring company or law enforcement responses to penetration testing, or from any shutdown of the Environment caused by a security device.

3.10 No Unauthorized Third-Party Testing

Unless authorized by UTS in writing, Client shall not conduct or permit any third-party diagnostic or security test of UTS-managed security systems, protocols, or solutions. Any remediation required from unauthorized testing is Out-of-Scope Work billed at UTS's then-current hourly rates.

3.11 Breach and Cyber Incident Recovery

Unless expressly stated in the Service Order, Security Incident remediation and recovery is Out-of-Scope Work, provided on a time-and-materials basis at UTS's then-current hourly rates if requested. UTS does not warrant the time required to remediate a Security Incident, that recovery will be possible under all circumstances, or that all impacted data will be recoverable.

3.12 Configuration of Third-Party Services

Client agrees to refrain from modifying configurations of third-party services without UTS's prior written authorization. Unauthorized changes may disrupt Services or cause significant fee increases for which Client is solely responsible.

3.13 Obsolescence

If any portion of the Environment becomes an Obsolete Element, UTS may designate it as unsupported and require Client to update or replace it within a reasonable time. If Client does not act promptly, UTS may: (a) continue providing Services to the Obsolete Element on a best-efforts basis only, with no warranty or remediation obligation; or (b) eliminate the Obsolete Element from the scope of Services upon written notice. UTS makes no warranty regarding any Obsolete Element.

3.14 Environmental Factors

Exposure to water, heat, cold, or other environmental factors may cause equipment to malfunction. Unless expressly stated in the Service Order, UTS does not warrant that installed equipment will operate error-free under all conditions.

3.15 Procurement

Procured Equipment may carry manufacturer warranties that UTS will pass through to Client. UTS makes no warranties regarding quality, integrity, or usefulness of Procured Equipment. Once purchased, items may not be returnable or may carry restocking fees, all of which are Client's responsibility. UTS is not responsible for quantity, condition, or delivery timing of Procured Equipment once tendered to a shipping courier.

3.16 Sample Policies and Procedures

Sample or template policies and procedures provided by UTS are for informational purposes only and do not constitute legal or professional advice. Client should seek independent legal counsel before using or distributing any Sample Policies.

3.17 Virtual CTO and CIO Services

Advice provided in a virtual CTO or CIO capacity is for informational and educational purposes only. UTS will not hold an actual director or officer position in Client's organization and will not hold any fiduciary relationship with Client. Client shall not list UTS on Client's corporate records or accounts.

3.18 Quarterly Business Reviews

Advice and suggestions in quarterly business reviews are based on industry practices and UTS's knowledge of relevant facts. By rendering advice, UTS does not endorse any particular manufacturer or service provider.

3.19 Licenses

If UTS is required to reinstall or replicate Client-provided software, Client must verify that all such software is properly licensed. UTS reserves the right to require proof of licensing before installation. License acquisition costs are excluded from Services unless expressly stated in a Service Order.

Automated monitoring operates 24x7x365. All other services are provided during normal business hours (8:00 AM to 6:00 PM Eastern Time, Monday through Friday) unless specified in the Service Order. Severity levels are determined by UTS after consulting with Client. All remediation is first attempted remotely. Onsite service is provided only if remote remediation is ineffective and covered under Client's Service Order.

Severity	Description	Availability	Response Target
Critical	Service completely unavailable	24/7	Within 1 hour (business hours); within 4 hours (after hours)
Significant Degradation	Large number of users or critical functions affected	12/5 (Mon through Fri)	Within 2 hours during business hours
Limited Degradation	Limited users affected; business process continues	Business hours	Within 8 business hours after notification
Small Degradation	One user affected; business process continues	Business hours	Within 2 business days after notification

All timeframes are calculated from notification via UTS's designated support email, RMM agent, help desk, or listed telephone number. Help desk support outside normal hours is billed at $250 per hour (one-hour minimum). Response time commitments are targets only and do not constitute guarantees. Failure to meet a response time target does not constitute a breach of this Agreement unless specifically designated as a material service level commitment in a signed Service Order. All commitments are subject to the excused delays in Section 5.7.

5.1 Technical Recommendations

UTS SHALL NOT BE RESPONSIBLE for any service degradation, security incident, data loss, downtime, or adverse outcome of any kind resulting from Client's failure or delay in implementing any Recommendation, regardless of whether UTS communicated the associated risks. If Client's inaction renders continued Services impracticable in UTS's sole judgment, UTS may terminate the affected Services immediately upon written notice without liability or refund.

5.2 Client Responsibilities

Client is solely responsible for: (a) designating and maintaining Authorized Contacts; (b) providing timely access to the Environment, facilities, credentials, and documentation; (c) maintaining the Environment at or above Minimum Requirements at Client's sole cost; (d) refraining from unauthorized modifications; (e) notifying UTS promptly of material changes to the Environment, business operations, or applicable regulations; and (f) maintaining all hardware, software, and connectivity necessary to receive Services. UTS's performance obligations are conditioned on Client fulfilling these responsibilities.

5.3 Unauthorized Modifications

Client shall not modify, reconfigure, or install software in the Environment without UTS's prior written approval. UTS is expressly released from all liability arising from unauthorized modifications. Remediation of resulting problems is Out-of-Scope Work billed at UTS's then-current hourly rates.

5.4 Authorized Contacts

UTS relies on and acts upon instructions from Authorized Contacts only. Written changes take effect within two (2) business days. Live telephone changes are effective the same day. Changes via voicemail or ticketing systems will not be honored. UTS is not liable for acting in good faith on instructions from a person reasonably believed to be an Authorized Contact.

5.5 Co-Managed Environments

UTS bears no responsibility for acts or omissions of co-managers, other vendors, or Client's internal personnel who access the Environment. Where a co-manager's decision conflicts with UTS's position, UTS will defer to the co-manager and document the deferral in writing to Client. All problems arising from co-manager actions are excluded from UTS's obligations and liability.

5.6 Software Agents and Access

Client grants UTS and designated Third-Party Providers a limited right to access, monitor, and configure the Environment solely as necessary to deliver Services. Client shall not disable, remove, or tamper with any UTS-installed software agents. Unauthorized tampering is a material breach that entitles UTS to immediate termination and releases UTS from all liability for the Environment.

5.7 Excused Performance

UTS has no liability, and no service-level credits accrue, for failures or delays caused by: (a) Client's failure to meet its obligations; (b) Third-Party Provider failures; (c) scheduled maintenance; (d) force majeure events; (e) security-driven suspensions; (f) the Transition Period; (g) Client-Side Downtime (inability to reach an Authorized Contact); (h) Vendor-Side Downtime (failures of third-party platforms or telecommunications); or (i) errors or outputs from automation tools referenced in Section 2.12.

5.8 Transition Period

All service-level commitments are suspended during the Transition Period. Client waives all claims against UTS for delays or service quality issues occurring during any Transition Period.

5.9 Bring Your Own Device

Client warrants that UTS is authorized to access all devices connected to the Environment. UTS is not responsible for any problem caused by Unknown Devices (devices not enrolled in UTS's managed service program). All costs associated with Unknown Device-related issues are Out-of-Scope Work.

6.1 Commencement and Initial Term

Services commence and billing begins on the Commencement Date and continue through the Initial Term in the Service Order. UTS may delay the Commencement Date until onboarding is complete and identified deficiencies are addressed to UTS's satisfaction.

6.2 Auto-Renewal

After expiration of the Initial Term, the Service Term automatically renews for successive terms equal to the Initial Term unless either Party provides written notice of non-renewal no less than thirty (30) days before the end of the then-current Service Term.

6.3 Agreement Term

This Agreement is effective upon Client's acceptance of a Service Order or UTS's commencement of Services, whichever is earlier, and remains in effect until the later of: (i) expiration or termination of all active Service Orders; or (ii) six (6) months after UTS's last service delivery.

7.1 Fees and Minimum Monthly Fees

Client agrees to pay all fees in each Service Order and SD. The initial fees are the Minimum Monthly Fees for the term. Fees will not drop below the Minimum Monthly Fees regardless of user or device count unless UTS agrees in writing. All modifications to device or user counts must be agreed in writing by both Parties. Fees are due in advance of each service period. UTS's obligation to provide Services is conditioned on receipt of payment.

7.2 Changes to Environment Fees

If the Environment changes, fees are automatically modified to reflect the change. Additional devices and licenses are billed at the same per-unit rates as existing items, pro-rated for mid-month changes.

7.3 Payment Authorization

By accepting a Service Order, Client expressly authorizes UTS to charge Client's designated payment method for all recurring fees and any other amounts due under this Agreement on an automated monthly basis. Client authorizes ACH debits to Client's designated checking or savings account and credit card charges to Client's designated credit card. If both ACH and credit card are on file, ACH will be attempted first; if ACH fails, the credit card will be charged. A $45.00 service charge applies to any ACH debit returned for insufficient funds. This authorization continues until terminated in writing by Client and all outstanding amounts are paid in full. Client agrees that automated charges pursuant to this authorization are not unauthorized transactions and waives any right to dispute such charges as unauthorized with Client's financial institution, provided the charges are consistent with the fees set forth in the applicable Service Order.

7.4 Taxes

Client is solely responsible for all applicable taxes, duties, and governmental charges. Absent a valid exemption certificate before invoice issuance, UTS will collect applicable taxes.

7.5 Late Payment; Interest; Suspension

Invoices unpaid within fifteen (15) days of the due date accrue interest at 1.5% per month (or the maximum permitted by law) from the original due date. UTS may suspend all Services without prior notice for nonpayment of any undisputed amount. Recurring charges continue to accrue during suspension. A reconnection fee of up to 10% of monthly recurring fees applies upon restoration.

7.6 Fee Increases

UTS may increase recurring service fees. Where an increase exceeds five percent (5%) of the prior calendar year's fees for the same Services, Client will receive sixty (60) days' written notice and the opportunity to terminate by providing written notice within that window. Continued use after the sixty-day period constitutes acceptance of the increased fees. This cap does not apply to Third-Party Provider cost pass-throughs.

7.7 Appointment Cancellations

Appointments may be canceled or rescheduled at no charge with at least one (1) business day's notice. Without timely notice, or if Client is absent or access is denied at the scheduled time, Client owes a cancellation fee equal to two (2) hours at UTS's then-current hourly rates.

7.8 Collections

Client agrees to pay all collection costs including reasonable attorneys' fees, court costs, and agency fees for any amount pursued through collections or legal proceedings. This obligation survives termination.

7.9 Fee Disputes; Warranty Claims Window

Fee disputes must be raised in writing within sixty (60) days of the service date or payment date, whichever is later. Rights to dispute fees not raised within this window are irrevocably waived. Undisputed amounts must be paid while disputes are pending. Any warranty claim relating to a specific service delivery must be raised in writing within thirty (30) days of that delivery or it is irrevocably waived, regardless of the general six-month limitation period.

7.10 Microsoft NCE Licensing

NCE Licenses are non-cancelable once purchased and cannot be transferred. Regardless of the reason for termination, Client pays for all NCE Licenses in full through their entire term. Where Client has paid in full, Client may continue using the applicable Microsoft applications through license expiration even after transitioning to a different provider.

Where required by UTS, the Guarantor personally and unconditionally guarantees full and prompt payment of all amounts owed by Client, including fees, interest, collection costs, and attorneys' fees. The Guarantee is continuing and irrevocable until all Client obligations are satisfied in full. UTS may proceed directly against the Guarantor without first exhausting remedies against Client. The Guarantor waives all defenses of suretyship, notice, and presentment. The Guarantee survives Client's bankruptcy, dissolution, or insolvency. Failure to provide a required Guarantee within ten (10) days of UTS's written request is grounds for immediate suspension or termination of Services.

Client shall obtain and maintain throughout the term, with insurers rated no less than A-VII by AM Best:

• Commercial General Liability: Minimum $1,000,000 per occurrence and $2,000,000 aggregate
• Cyber Liability and Data Breach Insurance: Minimum $1,000,000 per occurrence. This coverage is mandatory and not optional. It must cover ransomware, data breach, network security failures, and privacy liability
• Workers' Compensation: As required by applicable law
• Business Interruption: Sufficient to cover Client's own losses from technology-related disruptions

Client shall name United Tech Systems LLC as an additional insured on its CGL policy. Certificates of insurance must be provided within five (5) business days of UTS's written request. Failure to maintain required insurance is a material breach. If Client suffers a loss that required insurance would have covered and Client failed to maintain that insurance, Client cannot recover that loss from UTS.

10.1 Prohibited Uses

Client and all Client Users shall not use the Services or Environment for any activity that: violates any law or regulation; transmits or stores malware, ransomware, or malicious code; involves unauthorized access to third-party systems; infringes any intellectual property right; violates any person's privacy rights; transmits spam or phishing communications; facilitates illegal commerce; involves cryptocurrency mining on UTS-managed systems without prior written approval; or exposes UTS to reputational harm, regulatory sanction, or legal liability.

10.2 Immediate Termination Right

UTS may immediately suspend or terminate Services without prior notice, cure period, or liability upon any actual or reasonably suspected violation of this Article. Client remains liable for all fees and the full Early Termination Fee upon AUP-based termination.

10.3 Client Liability for Users

Client is fully and unconditionally responsible for all acts and omissions of Client Users. Client indemnifies UTS from all claims, losses, and costs arising from any Client User's unauthorized or prohibited use of the Services.

11.1 Limited Service Warranty

UTS warrants solely that Services will be performed in a professional and workmanlike manner consistent with reasonable industry standards. Client's exclusive remedy for breach of this warranty is, at UTS's sole election: (a) re-performance of the deficient Services; or (b) a pro-rated credit for fees paid for the deficient Services. This warranty does not apply to issues caused by Client's acts or omissions, unauthorized modifications, Third-Party Provider failures, Unknown Devices, pre-existing conditions, or Obsolete Elements. Any warranty claim must be raised within thirty (30) days of the deficient service delivery or it is irrevocably waived.

11.2 Disclaimer of All Other Warranties

EXCEPT FOR THE LIMITED WARRANTY IN SECTION 11.1, UTS EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING: (A) IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE; (B) ANY WARRANTY THAT SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, TIMELY, OR SECURE; (C) ANY WARRANTY THAT DATA WILL BE PRESERVED, BACKED UP, OR RECOVERABLE; (D) ANY WARRANTY REGARDING THIRD-PARTY SERVICE PERFORMANCE; AND (E) ANY WARRANTY THAT SECURITY MEASURES WILL PREVENT ALL UNAUTHORIZED ACCESS, DATA BREACHES, OR RANSOMWARE ATTACKS. NO ORAL OR WRITTEN STATEMENT BY UTS'S EMPLOYEES OR AGENTS CREATES ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT.

11.3 No Guarantee of Results

UTS makes no representation, promise, or guarantee that Services will achieve any specific business objective, uptime percentage, security outcome, compliance status, or performance result. Any projections or estimates are illustrative only and are not warranties or commitments.

12.1 No Consequential Damages

IN NO EVENT SHALL UTS BE LIABLE TO CLIENT FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR PUNITIVE DAMAGES OF ANY KIND WHATSOEVER, INCLUDING BUT NOT LIMITED TO: LOST PROFITS; LOST REVENUE; LOSS OF BUSINESS OPPORTUNITY; LOSS OF DATA; LOSS OF GOODWILL; BUSINESS INTERRUPTION; COST OF SUBSTITUTE SERVICES; RANSOMWARE PAYMENTS OR DEMANDS; REGULATORY FINES OR PENALTIES; COSTS OF NOTIFYING AFFECTED INDIVIDUALS; REPUTATIONAL HARM; OR ANY OTHER INDIRECT OR CONSEQUENTIAL ECONOMIC LOSS. THIS EXCLUSION APPLIES REGARDLESS OF THE THEORY OF LIABILITY AND REGARDLESS OF WHETHER UTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS EXCLUSION APPLIES EVEN IN CASES OF GROSS NEGLIGENCE OR WILLFUL MISCONDUCT TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.

12.2 Aggregate Liability Cap

UTS's total aggregate liability to Client for any and all claims of any nature shall be strictly limited to and shall not under any circumstances exceed the lesser of: (i) the total amount of fees actually paid by Client to UTS in the three (3) calendar months immediately preceding the date on which the first cause of action accrued; or (ii) ten thousand dollars ($10,000.00). The word "lesser" is intentional and controlling. For the avoidance of doubt:

• This cap is calculated using fees actually received by UTS, excluding all third-party hard costs
• If Client has paid UTS for less than three (3) months of Services at the time a claim accrues, the cap is limited to the total fees actually paid from the Commencement Date through the date the cause of action accrued, or $10,000, whichever is lower
• If Client has paid UTS nothing at the time a claim accrues, UTS's total liability is zero dollars ($0.00)
• This cap applies in the aggregate across all claims combined, not per incident, not per claim, and not per Service Order
• By way of example: if Client pays UTS $2,000 per month, three months of fees is $6,000, which is less than $10,000, so UTS's maximum liability is $6,000. If Client pays UTS $5,000 per month, three months of fees is $15,000, which is greater than $10,000, so UTS's maximum liability is $10,000

12.3 No Liability for Out-of-Scope Work

UTS has zero liability for claims arising from Out-of-Scope Work, whether performed voluntarily, gratuitously, or in an emergency.

12.4 No Liability for Pre-Existing Conditions

UTS has zero liability for claims arising from defects, vulnerabilities, or failures that existed in the Environment prior to UTS's management, whether or not identified in the Baseline Report.

12.5 No Liability for Client Non-Compliance

UTS has zero liability for losses caused by Client's failure to follow Recommendations, maintain required insurance, implement MFA, train employees, maintain Minimum Requirements, respond appropriately to social engineering attacks, or otherwise fulfill Client's obligations under this Agreement.

12.6 No Liability for Obsolete Elements

UTS has zero liability for failures, data loss, security incidents, or any other adverse outcomes attributable to Obsolete Elements.

12.7 No Liability for Social Engineering and Wire Fraud

UTS is expressly held harmless from all losses arising from social engineering attacks targeting Client's employees, finance team, or executives, including wire transfer fraud, business email compromise, and fraudulent payment instruction changes.

12.8 No Liability for Automation Tool Outputs

UTS has no additional or separate liability for errors, omissions, or incorrect outputs generated by automation tools referenced in Section 2.12, provided UTS's personnel exercise reasonable professional oversight.

12.9 No Class Action Indemnification

Client's indemnification obligations under Article 13 apply only to claims brought against UTS individually. Client is not obligated to indemnify UTS against class actions, mass actions, or consolidated claims brought on behalf of multiple parties, except where Client's own conduct is the direct cause of such claims.

12.10 Mitigation Duty

Each Party has an affirmative duty to mitigate damages. Failure to mitigate reduces the liable Party's obligation proportionately.

12.11 Essential Purpose

The limitations in this Article apply even if any remedy fails of its essential purpose. The allocation of risk between the Parties is an integral part of the bargain reflected in UTS's fees.

12.12 Narrow Exception for Gross Negligence

The aggregate cap in Section 12.2 does not apply to claims arising directly and solely from UTS's own gross negligence or willful misconduct. For clarity: gross negligence means a conscious, voluntary act or omission in reckless disregard of a legal duty. Ordinary negligence, inadvertent errors, mistakes of professional judgment, and failures of automated systems do not constitute gross negligence. Even where gross negligence is established, the exclusion of consequential damages in Section 12.1 continues to apply to the maximum extent permitted by applicable New York law.

13.1 Mutual Indemnification

Each Party shall defend, indemnify, and hold harmless the other Party and its members, managers, officers, employees, agents, successors, and assigns from and against all losses, damages, liabilities, judgments, settlements, fines, penalties, costs, and expenses (including reasonable attorneys' fees) arising from the Indemnifying Party's: (a) material breach of this Agreement; (b) gross negligence or willful misconduct; or (c) violation of applicable law.

13.2 Client's Additional Indemnification

Client shall additionally indemnify and hold UTS harmless from all losses arising from: (a) violations of Article 10 by Client or any Client User; (b) third-party claims arising from Client's data or use of the Services; (c) any claim that Client's data, content, or software infringes any third party's intellectual property rights; (d) Client's failure to obtain required consents or licenses; (e) regulatory fines or enforcement actions from Client's compliance failures; (f) personal injury or property damage at Client's premises attributable to Client; (g) Client's unauthorized modifications to the Environment; (h) Client's failure to maintain required insurance; and (i) losses arising from Client's response to social engineering attacks or failure to verify payment instructions per Section 2.11.

13.3 Procedure

The Indemnified Party shall: (a) give prompt written notice of any claim; (b) grant the Indemnifying Party the right to control the defense and settlement; and (c) cooperate reasonably. No settlement imposing obligations on the Indemnified Party may be made without its prior written consent, not to be unreasonably withheld.

14.1 Termination for Cause

Either Party may terminate upon material breach with twenty (20) days' written notice and cure opportunity (ten (10) days for nonpayment). UTS may terminate immediately without notice or cure for: (a) AUP violations; (b) two or more consecutive unpaid invoices; (c) Client insolvency or bankruptcy; (d) threats to UTS's network or other clients; or (e) legal prohibition on continued service.

14.2 Early Termination Fee

No Service Order may be terminated without cause before its stated expiration date. If Client terminates without cause, or if UTS terminates for cause, Client owes the Early Termination Fee equal to 100% of all recurring fees payable through the remainder of the term, at rates in effect on the termination date, with no discount for planned future adjustments. The Parties acknowledge that UTS's actual damages from early termination are difficult to calculate and agree that this fee represents a reasonable estimate of such damages, not a penalty.

14.3 Effect of Termination

Upon termination: (a) all accrued fees are immediately due; (b) Confidential Information must be returned or destroyed as directed; (c) Client grants UTS access for equipment retrieval; (d) missing, damaged, or unreturned UTS equipment is billed at full replacement cost; and (e) survival provisions take effect immediately.

14.4 Lien on Client Data Until Paid

UTS has the right to withhold Client Data, credentials, passwords, documentation, and all transition assistance until all outstanding amounts are paid in full. Payment of all outstanding fees is a condition precedent to UTS's obligation to release any Client Data or provide transition assistance. UTS has no liability for any harm arising from Client's inability to access its data during any period in which Client's account remains in arrears.

14.5 Transition Assistance

Transition assistance is available at UTS's then-current hourly rates, conditioned on full payment of all outstanding fees in advance. UTS's proprietary software configurations, scripts, methodologies, and UTS Work Product will not be disclosed or transferred under any circumstances.

14.6 Force Majeure Exit

If a force majeure event persists for more than sixty (60) consecutive days, either Party may terminate the affected Service Order without Early Termination Fee liability.

14.7 Microsoft NCE on Termination

NCE Licenses are non-cancelable once purchased. Client pays for all NCE Licenses in full through their entire license term regardless of termination reason.

15.1 Employee Non-Solicitation

For two (2) years following termination, neither Party shall directly or indirectly solicit, recruit, hire, or retain as a contractor any current or former employee of the other Party who was involved in the Services, without prior written consent.

15.2 Client Non-Circumvention

For two (2) years following termination, Client shall not engage, hire, or contract with any Third-Party Provider or vendor introduced by UTS in connection with the Services for the purpose of obtaining the same or substantially similar services without UTS's participation.

15.3 Liquidated Damages

Violations of Sections 15.1 or 15.2 entitle the affected Party to liquidated damages equal to the greater of $100,000 or one (1) year of the solicited individual's total compensation. These amounts represent a reasonable estimate of harm, not a penalty.

16.1 Obligations

Each Recipient shall hold the Discloser's Confidential Information in strict confidence using at least commercially reasonable care, use it solely to fulfill this Agreement, and limit disclosure to employees or contractors with a need to know who are bound by equivalent obligations. Confidential Information does not include information in the public domain through no fault of the Recipient; independently developed information; or information lawfully received from a third party without confidentiality obligations.

16.2 UTS Proprietary Information

UTS's software configurations, scripts, methodologies, UTS Work Product, pricing, and operational processes are UTS's Confidential Information. Client shall not reverse-engineer, copy, or disclose any UTS Confidential Information under any circumstances, including after termination.

16.3 Injunctive Relief

Breach of this Article causes irreparable harm. The Discloser is entitled to seek immediate injunctive relief without posting bond, in addition to all other available remedies.

17.1 UTS Ownership of Work Product

All UTS Work Product is and remains the exclusive intellectual property of UTS. Client acquires no ownership interest. Client shall not reproduce, modify, or reverse-engineer any UTS Work Product. Client's right to use UTS Work Product is limited to receiving the benefit of the Services during the applicable Service Order term.

17.2 Client Data License

Client grants UTS a limited, non-exclusive, royalty-free license to process, store, and transmit Client Data solely as necessary to deliver Services.

17.3 Third-Party Software

Third-party software is licensed, not sold. Client's use is governed by the applicable end user license agreement. UTS makes no warranty with respect to third-party software beyond what the manufacturer provides.

17.4 Feedback License

Client grants UTS a perpetual, irrevocable, worldwide, royalty-free license to use and commercialize any feedback or suggestions Client provides regarding the Services, without attribution or compensation.

18.1 Data Ownership

All Client Data remains Client's sole property. UTS processes Client Data solely to deliver Services.

18.2 Security Standards

UTS will implement commercially reasonable safeguards consistent with industry-standard practices. UTS does not guarantee that its measures will prevent all unauthorized access or that Client Data will be immune from breach, loss, or corruption.

18.3 Breach Notification

Upon confirming a Security Incident caused by a failure within UTS's direct control, UTS will notify Client promptly and without unreasonable delay. Client is solely responsible for all regulatory notification obligations, filings, responses to regulatory inquiries, and notifications to affected individuals arising from any Security Incident, regardless of cause.

18.4 Compliance Exclusion

The Services are not a compliance solution for HIPAA, PCI-DSS, CCPA, SOC 2, NIST, CMMC, NYCRR Part 500, NY SHIELD Act, or any other regulatory framework unless expressly stated in a Service Order. Client is solely responsible for its own regulatory compliance.

18.5 MFA Not Included Unless Specified

UTS is not responsible for enabling or enforcing MFA in any application unless expressly included in a Service Order. Client bears all risk of security incidents that MFA could have prevented.

18.6 Data Retention

UTS is not obligated to retain Client Data following termination. Upon written request and after payment of all outstanding fees, UTS will return or securely destroy Client Data at Client's expense.

18.7 Geographic Data Handling

Some Services may involve access by personnel outside the United States or storage on servers outside the United States. Client must notify UTS in writing of any geographic restrictions before commencement of Services.

19.1 Physical Security

Client shall maintain physical access controls, alarm systems, fire detection and suppression, and periodic access control reviews for all premises where managed hardware is located. UTS has no liability for losses from Client's failure to maintain adequate physical security.

19.2 Employee Security Training

Client shall provide documented security awareness training to all employees at least annually covering phishing, social engineering, and acceptable use. Client bears all risk of security incidents caused by untrained or negligent employees.

19.3 Password and Access Policy

Client shall implement and enforce a written password and access management policy requiring strong passwords, regular rotation, and least-privilege access. UTS has no liability for breaches attributable to weak or compromised credentials within Client's control.

19.4 Verification of Payment Instructions

Client shall implement an internal policy requiring verbal verification (via a pre-established, trusted phone number) of any request to change banking or payment information or to initiate a wire transfer. UTS has no liability for losses arising from Client's failure to maintain and follow such a verification policy.

20.1 Mutual Representations

Each Party represents and warrants on a continuing basis that: (a) it is duly organized and in good standing; (b) it has full authority to enter into and perform this Agreement; (c) this Agreement is binding and enforceable; (d) entry does not violate any other obligation; and (e) it will comply with all applicable laws.

20.2 Client's Additional Representations

Client additionally represents and warrants that: (a) no law or obligation applicable to Client's business would impede UTS's provision of Services, and Client will notify UTS immediately if this changes; (b) all data provided to UTS has been lawfully obtained and Client has all necessary rights to share it; (c) Client is not subject to OFAC sanctions; (d) Client has not concealed known defects, vulnerabilities, or compliance violations from UTS at onboarding; (e) Client's execution of this Agreement has been duly authorized; and (f) Client has the right to use all software, data, and content it provides to UTS or makes available through the Services, and such use does not infringe any third party's intellectual property rights.

21.1 Senior Officer Escalation

Before either Party may initiate arbitration (other than for emergency equitable relief or UTS's collections actions), the Party seeking resolution must deliver written notice to the other Party describing the dispute in reasonable detail. Within ten (10) business days of such notice, each Party's senior officer or designated executive must participate in at least one good-faith negotiation session to attempt to resolve the dispute. If the dispute is not resolved within twenty (20) business days of the initial notice, either Party may proceed to arbitration.

21.2 Binding Arbitration

Except for UTS's collections actions and either Party's right to seek emergency equitable relief, all disputes shall be resolved by binding arbitration administered by the AAA under its Commercial Arbitration Rules, before a single arbitrator experienced in technology contracts, at UTS's principal place of business. The prevailing Party is entitled to its reasonable attorneys' fees and all arbitration costs from the non-prevailing Party.

21.3 Class Action Waiver

All claims must be brought in the Parties' individual capacities. No Party may bring claims as a plaintiff or class member in any class or representative action. Class arbitration is expressly prohibited. This waiver is a material, bargained-for term of this Agreement.

21.4 Six-Month Limitation Period

All claims arising out of or related to the Services or this Agreement (other than collections) must be initiated within six (6) months after the cause of action accrues or they are permanently and irrevocably barred. This shortened limitations period is a bargained-for, material term reflected in UTS's fees.

21.5 Governing Law and Venue

This Agreement is governed by New York law without regard to conflict-of-laws rules. For all non-arbitrable matters, the Parties consent to the exclusive jurisdiction and venue of the state and federal courts of New York County, New York.

22.1 Independent Contractor; No Fiduciary Duty

UTS is an independent contractor. No employment, partnership, joint venture, agency, or fiduciary relationship is created. Any fiduciary or special relationship that might otherwise be implied by law is expressly and irrevocably waived by Client.

22.2 Force Majeure

Neither Party is liable for delays caused by circumstances beyond reasonable control, including acts of God, pandemic, governmental action, war, terrorism, cyberattacks circumventing then-current defenses, utility failures, or telecommunications outages.

22.3 Assignment

Neither Party may assign this Agreement without prior written consent, except that UTS may assign without consent in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee expressly assumes all obligations. Unauthorized assignments are void.

22.4 Waiver

No failure to enforce any right constitutes a waiver. All waivers must be in writing signed by an authorized representative.

22.5 Severability

If any provision is held invalid or unenforceable, it is modified to the minimum extent necessary to render it enforceable. Remaining provisions continue in full force.

22.6 Entire Agreement

This Agreement, all Service Orders, Service Descriptions, and addenda constitute the entire agreement between the Parties and supersede all prior negotiations, representations, and agreements. UTS's website and marketing materials create no warranties or additional obligations. UTS is not bound by any term in Client's purchase orders or procurement documents unless expressly accepted in a signed writing by UTS.

22.7 Notices

Notices must be in writing and delivered by certified mail (effective 3 business days after mailing), overnight courier (effective 1 business day), or email to the designated legal notice address (effective 1 business day after transmission with delivery confirmation).

22.8 Survival

The following survive termination: Sections 2.10 (Lien), Article 7 (Fees), Article 8 (Personal Guarantee), Article 12 (Limitation of Liability), Article 13 (Indemnification), Section 14.4 (Lien on Data), Article 15 (Non-Solicitation), Article 16 (Confidentiality), Article 17 (Intellectual Property), Article 21 (Dispute Resolution), and Article 22 (General Provisions), and all accrued payment obligations.

22.9 Counterparts; Electronic Signatures

This Agreement may be executed in counterparts. Electronic and digital signatures are fully binding under E-SIGN and ESRA.

22.10 Construction

This Agreement was negotiated by Parties with the opportunity to seek legal counsel and shall not be construed against either Party as drafter. Headings are for convenience only. No usage of trade or course of dealing modifies this Agreement.

22.11 No Third-Party Beneficiaries

This Agreement is for the sole benefit of the Parties. No third party has any right to enforce or rely upon this Agreement.