ARTICLE 0: DEFINITIONS

• “Aggregated Statistics” means data derived from Customer’s use of the Service that is: (i) aggregated with data from ≥10 customers or ≥1,000 individuals; (ii) de-identified per GDPR Recital 26 and CCPA §1798.140(h); and (iii) cannot identify Customer or individuals.
• “Agreement” means this MSA, all Order Forms, and Exhibits.
• “AUP” means Acceptable Use Policy (Exhibit D).
• “Customer Data” means all data uploaded, submitted, or transmitted by Customer or End Users to the Service.
• “Documentation” means Jombone’s published user guides, technical manuals, and API documentation accessible at docs.jombone.com.
• “End Users” means Customer’s employees, contractors, affiliates, clients, and authorized users.
• “Order Form” means the ordering document specifying Services, fees, Subscription Term, and transaction-specific terms.
• “Personal Data” has the meaning in the DPA (Exhibit A).
• “Professional Services” means implementation, configuration, training, and consulting services per a SOW.
• “Service” or “Platform” means the Jombone Staffing Platform, including software, APIs, mobile apps, and related services.
• “SOW” means Statement of Work describing Professional Services.
• “Subscription Term” means initial term and renewal terms per Order Form.
• “White Labeled Service” has the meaning in Section 2.2 and Exhibit E.

ARTICLE 1: STRUCTURE AND ORDER FORMS

1.1 Order Forms. All Services are provided per executed Order Forms. Order Forms may use electronic signatures (DocuSign, SignNow) or manual signatures. Each Order Form specifies: (i) Services; (ii) Subscription Term; (iii) fees and payment terms; (iv) usage metrics; (v) special terms. Order Forms are effective upon later of: (a) execution by both parties or (b) specified Effective Date. Order Forms are non-cancellable and non-refundable except as expressly stated.

1.2 Precedence. Conflicts resolved in this order: (1) Order Form and Appendices; (2) MSA; (3) Exhibits.

1.3 Exhibits. Incorporated Exhibits:

(A) Data Processing Addendum

(B) Service Level Agreement & Support

(C) Security & Architecture

(D) Acceptable Use Policy

(E) White Label Addendum (if applicable)

(F) Source Code Escrow (if applicable)

(G) End User License Agreement

ARTICLE 2: LICENSE GRANT AND USE RESTRICTION

2.1 License Grant. Jombone grants Customer a limited, non-exclusive, non-transferable (except per Section 14.2), non-sublicensable (except per Section 2.2 for White Label) right to access the Service during the Subscription Term for:

(i) Managing Customer’s workforce (employees, contractors, contingent workers)

(ii) Providing staffing services to Customer’s clients (if Customer is staffing agency)

(iii) Operating White Labeled Service for authorized End Users (if licensed per Exhibit E)

2.2 White Label License. If permitted in Order Form and per Exhibit E, Customer may offer rebranded Service to End Users. All deployments must include “Powered by Jombone” attribution per Exhibit E unless waived in writing. Failure to maintain attribution = material breach. Non-compliance cure period: 5 business days. Repeated violations (3+ in 12 months) allow Jombone to: (i) suspend White Label license; (ii) impose liquidated damages of $5,000/month; or (iii) terminate per Section 11.3.

2.3 Flow-Down Obligations. Customer responsible for all End User activity. Customer must bind End Users to written terms ≥ protective of Jombone as this Agreement, including AUP. Customer solely responsible for Customer Data content, accuracy, and legality. Customer provides copy of End User terms upon request.

2.4 Usage Audit Rights. Jombone may audit usage upon 20 business days’ notice (on-site) or 10 days (remote), max once/year (or more if prior audit showed >10% overage). Audits via: (i) automated reporting; (ii) questionnaires; or (iii) on-site review. If usage exceeds licensed metrics by ≥5%, Customer shall: (a) purchase additional licenses; (b) pay past overage at list price; (c) reimburse audit costs (max $10K remote; $25K on-site).

2.5 Platform Modifications. Jombone may modify Service for improvement, security, or compliance. “Material Degradation” means: (i) removes/impairs feature in Order Form; (ii) reduces performance >20%; (iii) materially increases Customer’s costs; or (iv) prevents intended use. 90 days’ notice for Material Degradation. If substantially impairs White Label or core operations, Customer may terminate affected Order Form within 30 days before modification and receive pro-rata refund. Scheduled maintenance per SLA with 72 hours’ notice (24 hours for emergency security patches).

2.6 Use Restrictions. Customer and End Users shall not: (a) reverse engineer; (b) use for competitive analysis/benchmarking; (c) allow unauthorized access; (d) remove proprietary notices; (e) violate laws or AUP.

ARTICLE 3: INTELLECTUAL PROPERTY

3.1 Jombone Ownership. Jombone retains all rights to Service, software, modifications, and related IP. Customer receives only expressly granted licenses.

3.2 Customer Feedback. Customer grants Jombone perpetual, irrevocable, royalty-free, worldwide, sublicensable license to use Feedback without obligation. Survives termination. Customer warrants it has rights to grant this license.

3.3 Professional Services Deliverables.

(a) Jombone Retains: Service technology; reusable tools/templates/methodologies; Service enhancements from Professional Services.

(b) Customer Owns: Work Product created specifically for Customer per SOW (custom configurations, integrations, reports, scripts, documentation), excluding Jombone IP and third-party components. Upon full payment, Jombone grants perpetual, irrevocable license to use Work Product with the Service.

(c) Jombone License: Customer grants Jombone non-exclusive, perpetual license to use Work Product (anonymized/aggregated) to improve Service.

ARTICLE 4: FEES, PAYMENT, AND TAXES 

4.1 Fees. Customer pays all fees per Order Forms. Fees based on services purchased, not actual usage (unless Order Form specifies usage-based pricing). Non-cancellable; non-refundable except as stated herein.

4.1A Usage-Based Pricing (if in Order Form):

(i) Baseline: Minimum monthly commitment per Order Form

(ii) Overages: Billed monthly in arrears at Order Form rate (or list price if not specified)

(iii) True-Up: Quarterly reconciliation within 30 days of quarter-end

(iv) No Carryover: Unused baseline capacity non-refundable

(v) Reporting: Monthly usage reports via dashboard and email

 4.2 Invoicing. Unless Order Form states otherwise:

(a) Subscription Fees: annually in advance

(b) Professional Services: per SOW schedule (typically 30% signature, 40% go-live, 30% 30-day post-acceptance)

(c) Payment: Net 30 days from invoice

4.3 Overdue Payments.

(a) Interest: 1.5%/month or max legal rate

(b) Suspension: If ≥15 days overdue, Jombone may suspend after 2 business days’ notice. Restore within 2 days of payment + interest.

(c) Termination: If ≥30 days overdue, Jombone may terminate per Section 11.3

(d) Collection Costs: Customer reimburses attorneys’ fees, collection costs

 4.4 Taxes.

(a) Fees exclude all taxes except Jombone’s income tax

(b) Jombone calculates taxes based on billing address

(c) Tax exemption certificates due within 15 days; apply prospectively only

(d) Withholding: Customer provides receipts, grosses-up payments, assists with treaty benefits

(e) Tax law changes >10% of fees: Jombone may adjust upon 60 days’ notice; Customer may terminate within 30 days

ARTICLE 5: CONFIDENTIALITY 

5.1 Definition. “Confidential Information” means non-public information: (i) marked “Confidential/Proprietary” or (ii) reasonably considered confidential. Includes:

• Jombone: Source code, architecture, algorithms, pricing, roadmaps, customer lists, Agreement terms
• Customer: Customer Data, business plans, customer lists, financial info
• Both: Discussions and negotiations

Oral disclosures confirmed in writing within 30 days (unless obviously confidential).

5.2 Obligations. Each party shall: (i) hold in strict confidence using ≥ same care as own confidential info (minimum: reasonable care); (ii) use only to perform Agreement; (iii) disclose only to employees/contractors/advisors with need-to-know bound by confidentiality.

Survival: 5 years general; perpetual for trade secrets.

5.3 Exceptions. Excludes info that: (a) publicly available (no breach); (b) rightfully known pre-disclosure; (c) independently developed; (d) legally required (with notice if permitted).

ARTICLE 6: DATA PROTECTION AND SECURITY

6.1 DPA. Parties comply with DPA (Exhibit A) for Personal Data processing.

6.2 Data Ownership. Customer owns Customer Data. Customer grants Jombone non-exclusive license to: (a) provide Service per Agreement/Documentation; (b) create Aggregated Statistics. Jombone owns and may use Aggregated Statistics for any lawful purpose (product development, benchmarking, research, public reporting). Aggregated Statistics not Customer Confidential Information.

6.3 Security. Jombone maintains security program per Exhibit C. SOC 2 Type II report available upon request under NDA.

6.4 Data Retention.

(a) Standard: 60-day retention post-termination for export/transition

(b) Extended: Up to 6 months available (fee per Order Form); export-only access

(c) Export Formats: CSV, JSON, PDF, database backups (backups subject to fees)

(d) Export SLA: 3 business days; extended timeline if >10GB

(e) Deletion: Secure per NIST SP 800-88; certificate upon request within 15 days

(f) Legal Holds: Jombone may retain as legally required; notifies Customer unless prohibited

6.5 Audit Rights.

(a) SOC 2 Review: Customer may review Jombone’s current SOC 2 Type II report under NDA within 15 days; no charge; anytime

(b) On-Site Audit: If reasonable belief of security non-compliance: 45 days’ notice; max once/year; mutually agreed Big 4 auditor; limited scope; minimizes disruption; Customer expense unless material breach found (Jombone reimburses up to $50K)

(c) Regulatory: For HIPAA/PCI DSS requirements: 60 days’ notice; max once/year per regulation; auditor signs NDA; limited to relevant controls

ARTICLE 7: SERVICE LEVELS AND SUPPORT

7.1 SLA. 99.5% monthly uptime per Exhibit B, excluding scheduled maintenance and qualifying third-party disruptions.

7.2 Support. Standard support per Exhibit B. Hours: Mon-Fri 8AM-8PM ET (excluding holidays). Premium 24/7 support available for additional fee. 

7.3 Sole SLA Remedy. Service credits per Exhibit B are exclusive remedy for SLA failure. 

7.4 Chronic Failure Termination. If uptime <95% for 3 consecutive months, Customer may terminate affected Order Form with 30 days’ notice and receive pro-rata refund.

ARTICLE 8: WARRANTIES AND DISCLAIMERS

8.1 Mutual. Each party has authority to enter this Agreement.

8.2 Jombone Warranties.

(a) Material Compliance: Service performs materially per Documentation (core functions; non-conformance doesn’t substantially impair utility; isolated/minor bugs excluded)

(b) Professional Standards: Commercially reasonable care consistent with industry standards

(c) No Malicious Code: Service free from viruses/malware as delivered

(d) Remedy: (i) Re-performance or (ii) if no cure within 30 days, terminate and pro-rata refund. Excludes Customer misuse, unauthorized mods, unsupported environments.

8.3 Customer Warranties. Customer has rights to Customer Data and licenses granted; use complies with laws.

8.4 DISCLAIMER.

(a) EXCEPT SECTIONS 8.1-8.2 AND EXHIBIT B, NO WARRANTIES (EXPRESS, IMPLIED, STATUTORY), INCLUDING MERCHANTABILITY, FITNESS, TITLE, NON-INFRINGEMENT.

(b) JOMBONE DOESN’T WARRANT: (i) MEETS ALL REQUIREMENTS; (ii) COMPLETELY ERROR-FREE (SUBJECT TO SLA); (iii) ALL DEFECTS CORRECTED; (iv) FREE FROM VULNERABILITIES (ADDRESSES PER EXHIBIT C).

(c) SERVICE NOT FOR HAZARDOUS ENVIRONMENTS WHERE FAILURE CAUSES DEATH/INJURY. CUSTOMER SOLELY RESPONSIBLE FOR SUITABILITY. JOMBONE NOT RESPONSIBLE FOR EMPLOYMENT DECISIONS/LABOR LAW COMPLIANCE.

(d) DOESN’T LIMIT EXPRESS WARRANTIES OR SLA.

ARTICLE 9: INDEMNIFICATION

9.1 By Jombone.

(a) Scope: Jombone defends Customer against third-party IP Claims alleging Service (used per Agreement) infringes U.S./foreign: (i) patent; (ii) copyright; (iii) trade secret; or (iv) trademark (if from Jombone branding). Indemnifies damages/awards/settlements/attorneys’ fees.

(b) Remedies: If IP Claim likely, Jombone may: (i) procure continued use rights; (ii) replace/modify (non-infringing, no material degradation); or (iii) if (i)-(ii) not commercially reasonable, terminate and pro-rata refund.

(c) Exclusions: No obligation for claims from: (i) Customer modifications; (ii) combinations not supplied by Jombone; (iii) Agreement violations; (iv) outdated versions (if update avoided infringement); (v) Customer white label branding; (vi) Customer Data; (vii) third-party products/services.

(d) Conditions: Customer: (i) promptly notifies; (ii) grants sole control; (iii) provides cooperation at Jombone expense.

(e) EXCLUSIVE REMEDY for IP infringement.

9.2 By Customer.

(a) Scope: Customer defends Jombone against claims from: (i) AUP/law violations; (ii) Customer Data content/legality; (iii) White Label branding; (iv) White Label representations exceeding Jombone warranties; (v) flow-down obligation failures; (vi) employment claims (except Service defects); (vii) third-party rights violations. Indemnifies damages/awards/settlements/fees.

(b) Conditions: Jombone: (i) promptly notifies; (ii) grants control (no settlement admitting Jombone liability or imposing obligations without consent); (iii) provides cooperation at Customer expense.

9.3 Procedures. Indemnified party: prompt notice, cooperation. Indemnifying party: sole control; no settlement harming indemnified party without consent (not unreasonably withheld).

ARTICLE 10: LIMITATION OF LIABILITY

10.1 Liability Caps.

(a) General: EXCEPT EXCLUDED CLAIMS, EACH PARTY’S TOTAL LIABILITY SHALL NOT EXCEED GREATER OF: (i) 12-MONTH FEES PAID/PAYABLE OR (ii) $250,000 USD.

(b) Enhanced (Security/IP): For (i) confidentiality breach; (ii) IP indemnity; (iii) Security Incidents (including regulatory fines, notification, credit monitoring); (iv) DPA breaches: CAP = ANNUAL SUBSCRIPTION FEES (12-month preceding or first-year total if claim in year 1).

(c) Excluded: Caps DON’T apply to: (i) gross negligence/willful misconduct; (ii) Customer payment obligations; (iii) Customer indemnity; (iv) IP violations (except Section 9.1); (v) third-party indemnity amounts; (vi) liabilities uncappable by law.

(d) Aggregation: All claims in 12 months aggregated. Related claims = single claim.

10.2 Consequential Damages.

(a) EXCLUSION: NO LIABILITY FOR INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, CONSEQUENTIAL DAMAGES (lost profits, revenue, data [except Section 6.4], opportunity, goodwill, substitutes, business interruption [except SLA credits]) WHETHER IN CONTRACT/TORT/STRICT LIABILITY, EVEN IF ADVISED.

(b) Exceptions: Exclusion doesn’t apply to: (i) third-party indemnity amounts; (ii) gross negligence/willful misconduct; (iii) Customer payments; (iv) Security Incident specified costs (mandatory notification, regulatory fines/penalties not insurance-covered, credit monitoring up to 12 months as legally required; NOT covered: lost profits, business interruption, reputation, beyond legal minimums, speculative damages); (v) IP violations outside granted licenses.

(c) “Consequential” = beyond direct/immediate consequences, even if foreseeable.

10.3 Essential Terms. Limitations essential to bargain; Jombone wouldn’t contract without them.

ARTICLE 11: TERM AND TERMINATION

11.1 Term. Commences on Effective Date; continues until all Subscription Terms expire/terminate.

11.2 Subscription Term and Renewal.

(a) Initial: Per Order Form

(b) Auto-Renewal: Renews for successive 1-year terms unless Non-Renewal Notice given

(c) Non-Renewal Notice: 90 days before term end via: (i) email to Section 14.4 addresses; (ii) certified mail; or (iii) Account portal. Jombone sends renewal reminder 120 days before renewal.

(d) Price Increases: Max 7% annually upon 90 days’ notice. If >7%, Customer may decline renewal within 30 days of notice.

(e) White Label Multi-Year Lock: 3+ year commitments: pricing locked for initial term per Order Form; adjustable upon renewal per (d).

(f) California Compliance: For CA customers: complies with Bus. & Prof. Code §7600 et seq. 

11.3 For Cause. Either party may terminate for material breach upon 30 days’ notice if uncured. Either may terminate immediately for insolvency/bankruptcy/cessation.

11.4 Change of Control (White Label Only).

(a) Notice: Customer notifies within 15 days of Change of Control to potential Competitor.

(b) Definitions:

• Change of Control: (i) merger (Customer not survivor); (ii) >50% equity/voting transfer; (iii) substantially all assets sale; (iv) board majority change.
• Competitor: Entity with >30% revenue from: ATS for staffing; VMS; staffing workforce platforms (time/attendance, scheduling, onboarding); white-label staffing tech. NOT Competitors: general HRIS (Workday, ADP), payroll, background checks, job boards, entities acquiring for customer base (not tech).

(c) Consultation: Within 30 days, parties meet to discuss: (i) safeguards for Jombone IP/Confidential Info; (ii) competitive risks; (iii) Agreement modifications.

(d) Termination: If no agreement within 60 days, Jombone may terminate with 90 days’ notice and pro-rata refund.

(e) Survival: Articles 5, 11.5, Exhibit E §6.3 survive.

 11.5 Post-Termination.

(a) Service access ceases immediately

(b) Customer deletes Jombone Confidential Information

(c) White Label: (i) cease offering; (ii) remove mobile apps from stores within 15 days; (iii) remove web portals within 15 days; (iv) certify compliance (signed officer) within 30 days

(d) Data export per Section 6.4

(e) Transition Assistance (60-day period; Customer pays pro-rata fees): (i) read-only access; (ii) 20 hours free technical consultation; (iii) data exports per 6.4; (iv) enhanced migration (fee-based). Request within 15 days of termination. Conditioned on payment and compliance.

(f) Return/certify destruction of tangible Confidential Information within 15 days.

 11.6 Survival. Articles 0, 1, 3, 5, 6, 9, 10, 11.5-11.6, 14 survive.

ARTICLE 12: PROFESSIONAL SERVICES

12.1 Performance. Professional and workmanlike per industry standards.

12.2 Customer Responsibilities.

(a) Provide: (i) timely personnel access; (ii) system/data/facility access; (iii) accurate info; (iv) timely decisions per SOW; (v) hardware/software per specs; (vi) test data/environments; (vii) change management.

(b) Delays: If Customer delay >15 business days: (i) timeline extends day-for-day + 5-10 day ramp-up; (ii) Jombone may re-allocate resources (reassign within 15 days when ready); (iii) if >30 days: standby fees (50% daily rate), remobilization costs, adjusted pricing; (iv) if >90 days aggregate: Jombone may terminate SOW with 30 days’ notice; Customer pays for work performed + wind-down.

(c) Liaison: Customer appoints single decision-authority contact.

(d) Changes: Require written change order (both signatures) specifying timeline/fee/resource impacts. 

12.3 Acceptance.

(a) Delivery: Electronic/in-Service/staging environment per SOW schedule.

(b) Testing Period: 30 calendar days from delivery.

(c) Accept/Reject: By written notice (email OK) before period end:

 Accept: Written acceptance OR production use = deemed accepted.

 Reject: Notice specifying: unmet criteria, deficiency details, test evidence, replication info.

 Deemed: No acceptance or rejection notice = deemed accepted.

(d) Remediation: Upon valid rejection, Jombone remediates and redelivers within 15 business days. Redelivery testing: 15 days.

(e) Repeated Rejection: If no conforming Deliverable after 2 attempts, Customer may: (i) accept with fee reduction (negotiate); (ii) require continued remediation; (iii) terminate SOW and refund.

(f) Limitations: No rejection for: (i) changed requirements post-SOW (unless change order); (ii) minor/cosmetic defects; (iii) Customer delay in cooperation; (iv) third-party compatibility (outside Jombone control).

(g) Payment: Milestone payments due within 15 days of acceptance.

ARTICLE 13: INSURANCE

13.1 Requirements. Jombone maintains insurance appropriate to the services provided and contract value, as follows:

(a) Standard Tier (Annual Contract Value ≤ $500,000; Non-White Label OR White Label serving ≤ 25,000 End Users): 

(i) Cyber Liability: $3M aggregate. Coverage: first-party (breach response, forensics, notification, credit monitoring, legal/PR, business interruption, ransomware, cyber extortion); third-party (regulatory defense/fines, network security liability, privacy liability, PCI fines); media liability.

(ii) Professional Liability (TECH E&O): $2M aggregate. Coverage: errors and omissions, software defects, failure to perform, contractual liability, placed personnel vicarious liability.

(iii) General Liability: $5M per occurrence.

(iv) Commercial Umbrella: $5M aggregate.

(b) Enhanced Tier (Annual Contract Value > $500,000 but ≤ $2M; White Label serving 25,001-75,000 End Users):

(i) Cyber Liability: $5M aggregate.

(ii) Professional Liability: $3M aggregate.

(iii) General Liability: $5M per occurrence.

(iv) Commercial Umbrella: $10M aggregate.

(c) Premium Tier (Annual Contract Value > $2M OR White Label serving > 75,000 End Users):

(i) Cyber Liability: $10M aggregate.

(ii) Professional Liability: $5M aggregate.

(iii) General Liability: $5M per occurrence.

(iv) Commercial Umbrella: $10M aggregate (or $25M if Annual Contract Value > $10M).

(d) Universal Requirements:

(i) Workers’ Compensation: As required by law.

(ii) Business Interruption: Covered under Cyber Liability or as separate policy. 

(iii) All policies: Rated A- (Excellent) VII or better by A.M. Best or equivalent; no cyber sublimit below specified amounts.

(e) Compliance Timeline: If Order Form execution triggers higher tier requirements, Jombone shall obtain increased coverage within 60 days and provide updated certificates per Section 13.2. If unable to obtain coverage at commercially reasonable rates (< 15% of annual revenue attributable to that contract), Jombone shall notify Customer within 30 days to negotiate alternative risk allocation, which may include fee adjustment, service limitations, or termination rights.

(f) Current Coverage: As of the Effective Date, Jombone maintains Standard Tier coverage levels and will increase coverage as contract portfolio triggers enhanced requirements.

 13.2 Certificates.

(a) Timing: Within 10 days of: (i) Effective Date; (ii) annual policy renewals; (iii) Customer request (maximum 2 requests per year); (iv) material changes (carrier change, limit reduction, coverage modification).

(b) Additional Insured: Customer (and Customer’s specified clients for White Label services, upon written request with client details) shall be named as additional insured on Jombone’s General Liability policy with respect to liability arising from Jombone’s operations. Cyber Liability additional insured status may be included where available from carrier.

(c) Primary and Non-Contributory: Jombone’s General Liability insurance shall be primary and non-contributory to any insurance carried by Customer.

(d) Waiver of Subrogation: To the extent permitted by policies and not resulting in loss of coverage, all policies shall include waiver of subrogation against Customer.

(e) Cancellation Notice: All policies shall require insurer to endeavor to provide 30 days’ prior written notice to Customer (at address in Section 14.4) of cancellation, non-renewal, or material change (10 days for non-payment cancellation). Jombone shall notify Customer immediately upon receiving any such notice from insurers.

(f) Remedies for Non-Maintenance: If Jombone fails to maintain required insurance for more than 30 days after written notice from Customer, Customer may: (i) purchase substantially similar coverage and deduct reasonable premiums from amounts owed to Jombone; OR (ii) terminate affected Order Form(s) per Section 11.3 and receive pro-rata refund of prepaid fees.

(g) Limitations: Jombone’s maintenance of insurance does not limit Jombone’s liabilities under this Agreement. Customer’s review or approval of certificates does not waive any rights or constitute waiver of any breach.

(h) Certificate Format: Certificates shall be in form reasonably acceptable to Customer (ACORD 25, CSIO, or equivalent certificate of liability insurance). 

ARTICLE 14: MISCELLANEOUS 

14.1 Governing Law and Disputes.

(a) Law: Texas law (excluding conflicts); CISG not applicable.

(b) Informal: Either party may request VP+ meeting within 30 days to resolve.

(c) Mediation: If unresolved, either initiates non-binding mediation. Select mediator within 15 days (or JAMS/AAA appoints). Equal cost-sharing. Good faith participation within 45 days. Confidential per FRE 408.

(d) Litigation: If no resolution within 60 days (or party declines mediation): exclusive jurisdiction Dallas County, Texas (state or federal courts). Irrevocable consent; waive improper venue/forum non conveniens objections.

(e) Injunctive Relief: Either may seek equitable relief for IP/Confidential Information/irreparable harm without mediation first.

(f) Fees: Prevailing party recovers attorneys’ fees, expert fees, costs.

(g) Performance: Parties continue obligations during disputes (except payments or breach justifying suspension).

14.2 Assignment.

(a) Prohibition: No assignment without consent (not unreasonably withheld).

(b) Permitted: To Affiliates (>50% control); merger/acquisition/sale (non-Competitor); corporate reorganization.

(c) Conditions: (i) 15-day notice; (ii) assignee written agreement; (iii) assignor secondarily liable (unless waived).

(d) White Label CoC: Section 11.4 controls for Competitor assignments; Jombone termination rights apply despite (b).

(e) Subcontracting: Jombone may subcontract; remains responsible; subs bound by confidentiality/data protection; Personal Data per DP §4.

(f) Effect: References to assigning party = assignee. Binding on successors/assigns.

14.3 Entire Agreement. MSA, Order Forms, Exhibits, SOWs = complete agreement; supersedes priors. Modifications require written amendment (both authorized signatures).

14.4 Notices.

(a) Methods: (i) personal (receipt); (ii) overnight courier/signature (1 business day after deposit); (iii) certified mail/return receipt (3 business days after mail); (iv) email below (upon transmission if no bounce-back); (v) Account portal (non-critical only).

(b) Addresses:

• Jombone: 3300 Dallas Parkway, Suite 200, Plano, TX 75093; Attn: General Counsel; Email: [email protected] (copy: [email protected])
• Customer: Per Order Form or: Attn: CEO and General Counsel; Email: per registration

(c) Critical (require certified mail AND email): Termination, non-renewal, breach, indemnity, Change of Control, assignment notices.

(d) Changes: 15 days’ advance written notice.

(e) Business Days: Excluding Sat/Sun/federal holidays.

(f) Proof: Retain delivery proof 2 years.

14.5 Force Majeure. No liability for delays/failures (except payments) beyond reasonable control (acts of God, disasters, war, terrorism, labor disputes, governmental actions, internet/telecom failures). If >90 days, either terminates with notice; Customer receives pro-rata refund.

14.6 Waiver; Severability. No waiver unless written/signed. Invalid provisions construed/limited/eliminated minimally; remainder enforceable.

14.7 Counterparts and E-Signatures. May execute in counterparts (each original, all = one instrument). E-signatures and e-delivery = original force.

14.8 Independent Contractors. No partnership/joint venture/agency/employment.

14.9 Export Compliance. Customer complies with export/import controls; no violations.

14.10 U.S. Government. If U.S. Government customer: “commercial computer software” with only rights granted to all end users per FAR 12.212 and DFARS 227.7202.

ARTICLE 15: ANNUAL MAINTENANCE & SUPPORT

15.1 Included Maintenance. Subscription Fee includes:

(a) All updates, upgrades, patches, enhancements generally available during term

(b) Standard Support (Exhibit B)

(c) Documentation updates

(d) Bug fixes and error corrections

(e) Security patches and vulnerability remediation

 15.2 Updates.

(a) Automatic: Continuous delivery model. Updates deploy automatically to production; immediately available. No Customer action needed.

(b) Major Releases: ~Twice/year (Spring, Fall). Significant features, architecture improvements, UX enhancements.

(c) Backward Compatibility: Published APIs backward compatible for ≥24 months after new version. Deprecated APIs announced ≥12 months before discontinuation.

(d) Customer Testing (White Label): Staging/sandbox access to test major releases 15 days before         production deployment.

(e) Rollback: If major update causes critical production issues (Sev 1), Jombone may: (i) apply hotfix within 4 hours; (ii) rollback Customer’s instance to prior version; or (iii) provide workaround while developing fix.

15.3 End of Life.

(a) Current Support: Jombone fully supports only current major version.

(b) Legacy Support: May (at discretion, additional fees) provide limited support for prior major versions for up to 12 months after new major version released. After 12 months: legacy support unavailable; Customer must upgrade.

(c) Forced Upgrades: If legacy version creates security risks, violates third-party license terms, or no longer technically feasible (infrastructure provider EOL), Jombone may require upgrade upon 90 days’ notice.

15.4 Premium Support (Optional). Purchase at Order Form rates. Includes:

• 24/7/365 phone support
• Faster response times (Exhibit B)
• Dedicated Customer Success Manager
• Quarterly Business Reviews with exec sponsor
• Priority roadmap/beta access
• Training webinars and office hours
• Custom integration consultation (up to 20 hours/year)

Invoiced annually in advance. Non-refundable. Auto-renews with Subscription unless 90 days’ non-renewal notice.

SIGNATURE PAGE FOLLOWS

SIGNATURE PAGE

JOMBONE INC.

By: ___________________________

Name: _________________________

Title: _________________________

Date: __________________________

CUSTOMER:

By: ___________________________

Name: _________________________

Title: _________________________

Date: __________________________

EXHIBIT A: DATA PROCESSING ADDENDUM (DPA)

 Parties: Jombone (Processor); Customer (Controller)

1. DEFINITIONS

• Data Protection Laws: GDPR, CCPA/CPRA, PIPEDA, similar laws
• Personal Data, Data Subject, Processing, Controller, Processor: GDPR meanings
• Security Incident: Confirmed breach causing destruction, loss, alteration, unauthorized disclosure/access
• Subprocessor: Third-party processor engaged by Jombone

2. ROLES

2.1 Controller/Processor. Customer = Controller; Jombone = Processor.

2.2 Processing Details. See Annex 1 (subject, duration, nature, purpose, data types, subject categories).

3. PROCESSOR OBLIGATIONS

3.1 Instructions. Process only per Customer’s documented instructions (DPA, Agreement) unless legally required (notify Customer unless prohibited).

3.2 Confidentiality. Authorized personnel bound by strict confidentiality.

3.3 Security. Technical/organizational measures per Exhibit C. May update if no material degradation. 

3.4 Security Incidents. Upon awareness: (i) notify within 24 hours for incidents affecting >1,000 subjects or special categories; 72 hours for others; (ii) provide cooperation for breach notifications; (iii) mitigate and prevent recurrence; (iv) daily updates during response; (v) final report within 30 days (root cause, affected data, remediation, prevention). Customer bears own legal counsel costs; Jombone bears notification costs subject to Article 10 caps.

3.5 Data Subject Requests. Reasonable assistance (at Customer expense) within:

• Access/Portability: 10 business days (CSV/JSON/XML format)
• Rectification/Restriction: 5 business days (provide tools OR perform upon instruction)
• Erasure: 10 business days (delete from production/backups except legal retention)
• Objection: 5 business days (cease processing subject to legal grounds)

First 12 requests/year no charge. Additional requests or extensive manual effort: professional services rates (notify and obtain approval before incurring).

3.6 DPIA. Reasonable cooperation for data protection impact assessments and Supervisory Authority consultations.

3.7 Audits. Upon request, max annually: provide current third-party audit reports (SOC 2 Type II).

4. SUBPROCESSING

4.1 Authorization. Customer authorizes Subprocessors per list at jombone.com/subprocessors:

• AWS (hosting – US)
• SendGrid/Twilio (email/SMS/voice – US)
• Certn (background checks – US/Canada)
• Google Maps (US)
• SignNow (e-signature – US)
• Nylas (email/calendar – US)
• Job Target (job distribution – US)
• Drata (compliance – US)
• Intercom (support – US)

4.2 Changes. 45 days’ notice before adding/replacing. Customer may object on reasonable data protection grounds within objection period. If unresolved, Customer terminates affected services with 30 days’ notice.

4.3 Requirements. Written agreements imposing ≥ DPA obligations. Jombone fully liable for Subprocessor performance.

5. INTERNATIONAL TRANSFERS

5.1 Third Countries. Primary data centers: US (AWS). For EEA/UK/Switzerland transfers lacking adequacy: EU Standard Contractual Clauses (SCCs) govern.

5.2 SCCs. Module 2 (Controller→Processor) and Module 3 (Processor → Subprocessor) incorporated by reference:

• Data exporter: Customer
• Data importer: Jombone Inc.
• Appendix info: Annexes 1-2, Exhibit C
• Clause 9: Option 2 (general authorization per §4)
• Clause 12 liability: Subject to Agreement Article 10
• Clause 17 law: EU Member State where exporter established (or Ireland if agreed)
• Clause 18 forum: Courts where exporter established

6. DELETION/RETURN

Upon termination or request: delete or return all Personal Data and delete copies (except legal retention). Provide written certification upon request.

7. CCPA/CPRA (California Customers)

7.1 Status. Jombone = “Service Provider” (not “Third Party”).

7.2 Prohibitions. Jombone shall NOT: (a) sell/share Personal Information; (b) retain/use/disclose except for Agreement services or as CCPA permits; (c) use outside direct Jombone-Customer relationship; (d) combine with other sources except as CCPA permits. 

7.3 Certification. Jombone certifies understanding and compliance with §7.2.

7.4 Assistance. Reasonable cooperation for verified consumer requests (know, delete, opt-out).

ANNEX 1: PROCESSING DETAILS

Subject Matter: Jombone Staffing Platform (ATS, recruiting, scheduling, time/attendance, onboarding, credentialing, compliance, payroll support, invoicing)

Duration: Agreement term + retention period (MSA §6.4)

Nature/Purpose: Candidate sourcing/screening/placement; employee/contractor scheduling/shifts; time capture/timesheets; onboarding/credentialing; compliance tracking/reporting; payroll prep/support; invoicing/financial reporting; analytics

Personal Data Types:

• Identity: Name, DOB, SSN, driver’s license
• Contact: Email, phone, address
• Financial: Bank details, routing, tax withholding
• Biometric: Facial recognition, fingerprint (if time clock used)
• Background: Criminal history, I-9, MVR, credit (if applicable)
• Employment: Work history, title, skills, certs, licenses, evaluations, disciplinary
• Health: Vaccination records, medical certs, workers’ comp (if applicable)
• HR: Shift preferences, availability, attendance, training

Data Subject Categories: Customer employees (FT/PT/temp/seasonal), job applicants, contractors, Customer clients’ employees (VMS scenarios)

Special Categories: Health, biometric (only as necessary and per Customer instruction)

ANNEX 2: SECURITY MEASURES

See Exhibit C (comprehensive security controls)

EXHIBIT B: SERVICE LEVEL AGREEMENT

1. UPTIME SLA

1.1 Target: 99.5% monthly uptime

1.2 Calculation: Uptime % = (Total Minutes – Downtime) / Total Minutes × 100

 1.3 Exclusions:

(a) Scheduled: 72 hours’ notice (24 for security); ≤4 hours/month; Customer’s maintenance window (default: Sun 2-6AM ET)

(b) Emergency: Critical security; as much notice as practicable (min 2 hrs except zero-days); off-peak when possible; ≤4 hours

(c) Force Majeure: Per MSA §14.5

(d) Customer-Caused: Misuse, AUP breach, Customer connectivity/infrastructure, failure to update, unauthorized mods

(e) Non-Payment Suspension: Per MSA §4.3

(f) Limited Third-Party: AWS/datacenter failures IF: (i) provider has comparable SLA (AWS 99.99% Multi-AZ); (ii) Jombone promptly notifies and updates; (iii) Jombone uses reasonable mitigation efforts; (iv) qualifies for provider’s credits (passed through to Customer). NOT excluded: Jombone application layer, APIs, database, authentication, configuration issues.

2. SUPPORT

 2.1 Channels: Email ([email protected]); ticketing (JIRA Service Desk); phone (provided at onboarding)

 2.2 Hours:

• Standard: Mon-Fri 8AM-8PM ET (excluding holidays): email, ticketing, in-app chat
• Premium (additional fee): 24/7/365 phone for Sev 1-2; dedicated CSM; quarterly reviews; priority escalation; 30-min Sev 1 response
• Sev 1 Emergency (all customers): 24/7 hotline + [email protected]; <2 hour response off-hours

 2.3 Severity Levels:

3. SERVICE CREDITS

 3.1 Eligibility:

3.2 Request: Within 30 days of month-end to [email protected] with: dates/times, affected users/functions, ticket numbers

3.3 Issuance: Applied to next invoice. Sole financial remedy for isolated breaches.

3.4 Annual Cap: 100% annual fees max. If exceed: Customer may (i) receive cap + terminate penalty-free OR (ii) extend term proportionally (no charge). If credits >50% in 12 months: Customer may terminate with 30 days’ notice; Jombone refunds prepaid minus issued credits.

4. CHRONIC FAILURE

 Uptime <95% for 3 consecutive months: Customer may terminate with 30 days’ notice and pro-rata refund.

5. MAINTENANCE

 Scheduled during off-peak; 24 hours’ notice via email/in-app; ≤4 hours/month aggregate.

6. THIRD-PARTY DEPENDENCIES

 Platform relies on AWS, SendGrid, Certn. Jombone disclaims SLA for third-party failures if: exercised reasonable care in selection; providers contractually obligated to appropriate standards; Jombone promptly notifies and mitigates.

7. SLA MODIFICATIONS

30 days’ notice. Won’t materially reduce levels during active term without consent. Continued use after effective date = acceptance.

EXHIBIT C: SECURITY & ARCHITECTURE

  INFORMATION SECURITY PROGRAM

1. Organizational

• 1 Policies: Written covering access control, data classification, incident response, change management, encryption, passwords, acceptable use. Annual review/approval.
• 2 CISO: Designated CISO reports to CEO; semi-annual Board updates.
• 3 Screening: Background checks (criminal, employment) pre-hire. Confidentiality/acceptable use agreements.
• 4 Training: Mandatory security awareness (hire + annually): phishing, passwords, social engineering, data handling, incident reporting, GDPR/CCPA/PIPEDA.

1. Physical (AWS)

• 5 Data Centers: AWS US (geographically dispersed). 24/7 security staff, video surveillance, biometric/key card access, fire suppression, climate/power controls, visitor escort/logging. AWS: SOC 2 Type II, ISO 27001, PCI DSS Level 1. Jombone relies on AWS certified practices.

1. System Security

• 6 Network: Firewalls, segmentation, IDS/IPS, WAF, DDoS protection (Cloudflare), continuous vulnerability scanning.
• 7 Access: RBAC (least privilege), MFA (all admin/privileged), unique IDs (no sharing), annual reviews (+ on termination/role change), secure bastion hosts.
• 8 Encryption:
  • Transit: TLS 1.2+ (strong ciphers)
  • Rest: AES-256 (AWS-managed), AWS KMS (automated key rotation)
  • Passwords: BCrypt (salted); never plaintext

1. Operations

• 9 Change Management: Documented, senior approval, peer review (1+ senior dev), testing (Dev/SIT/UAT), rollback procedures.
• 10 Logging: All production/database/data access logged (timestamps, users, actions). 24/7 monitoring (CloudWatch, GuardDuty, Cloudflare, Drata). Automated alerts. 1-year retention.
• 11 Incident Response: Formal plan; annual tabletop exercises; review/update annually or post-incident.

 Vulnerability/Patch Management

• 12 Penetration Testing: Semi-annually by independent third-party (CREST/OSCP/CEH certified). External apps, APIs, auth/authz, network, cloud (AWS), mobile apps (iOS/Android), integrations. Methodology: OWASP Top 10, SANS Top 25, MITRE ATT&CK, NIST SP 800-115. Remediation:
  • Critical (CVSS 9.0-10.0): 24-48 hrs
  • High (7.0-8.9): 7 days
  • Medium (4.0-6.9): 30 days
  • Low (0.1-3.9): 90 days or next release
• 13 Vulnerability Scanning: Continuous automated. Weekly review. CVSS-prioritized remediation.
• 14 Patching:
  • OS/Infrastructure: Critical (actively exploited) 24-48 hrs; high 1 week; routine monthly maintenance
  • Application: Critical hotfixes or regular cycles; staging testing before production
• 15 Endpoints: Enterprise AV/anti-malware (managed, updated), full-disk encryption, auto screen-lock (15-min max), EDR (Drata-monitored).

Compliance

• 16 SOC 2 Type II: Pursuing with Sensiba LLP (target Q1 2026: Security, Availability, Confidentiality). Available under NDA upon completion.
• 17 ISO 27001 Controls: Aligned (risk, asset, access, crypto, physical, ops, comms, suppliers, incident, continuity, compliance).
• 18 Data Protection: GDPR, CCPA/CPRA, PIPEDA compliance via DPA + Drata monitoring.

2. BUSINESS CONTINUITY & DISASTER RECOVERY

2.1 BC/DR Plan: Documented, formal. Annual review/update. Tested via tabletop + technical restoration exercises 

2.2 Recovery Objectives:

 2.3 Infrastructure:

• AWS Multi-AZ (auto-failover ~10 min)
• Daily encrypted snapshots (geo-redundant S3)
• Retention: 30-day daily, 90-day weekly, 1-year monthly
• Quarterly backup restoration testing

2.4 Remote Work: All personnel remotely capable; ensures continuity during facility/regional disruptions.

3. DATA ARCHITECTURE

3.1 Multi-Tenant: Cloud-native SaaS. Logical segregation via unique tenant IDs + strict access controls (no cross-customer access).

3.2 Private Cloud (White Label): Dedicated environment (separate from other customers). May use internal multi-tenancy for customer’s divisions/entities with logical segregation (application + database layers).

 3.3 Data Residency: US (AWS). Specific regions per Order Form for regulatory compliance.

4. SUBPROCESSORS & VENDOR MANAGEMENT

4.1 Due Diligence: Security/privacy review pre-engagement (practices, certs, data handling, contracts).

 4.2 Contracts: Written agreements imposing ≥ Agreement/DPA obligations.

 4.3 List: jombone.com/subprocessors (AWS, SendGrid/Twilio, Certn, SignNow, Nylas, Job Target, Drata, Intercom).

5. CUSTOMER RESPONSIBILITIES

5.1 Access: Manage user roles/permissions; deactivate terminated users promptly.

 5.2 Classification: Classify data; apply appropriate protections.

 5.3 Incidents: Report suspected incidents to [email protected] promptly.

 5.4 Credentials: Maintain confidentiality; no account/password sharing.

6. QUESTIONNAIRES & AUDITS

 6.1 Questionnaire: One standard security questionnaire/year free. Additional at Jombone discretion (may incur fee).

 6.2 Audits: Per DPA Exhibit A §3.7 exclusively.

 EXHIBIT D: ACCEPTABLE USE POLICY

1. PROHIBITED USES

1.1 Law Violations

• Employment/Labor: Wage/hour violations, worker misclassification, anti-discrimination (Title VII, ADA, ADEA), OSHA, I-9
• Data Protection: GDPR, CCPA/CPRA, PIPEDA violations (no lawful basis, rights violations, improper transfers)
• IP: Copyright, trademark, patent, trade secret infringement/misappropriation

1.2 Harmful/Fraudulent

• Fraudulent, false, misleading, deceptive material
• Phishing, identity theft, money laundering, financial crimes
• Harassment, abuse, threats, stalking, harm
• Impersonation, misrepresentation of affiliation

1.3 System Integrity

• Unauthorized access attempts (hacking, password cracking, scanning)
• Interference/disruption (overloading, DoS attacks, excessive traffic)
• Competitive use (develop/test/deploy competing product; benchmarking without consent)
• Reverse engineering (decompile, disassemble, derive source/algorithms except as law permits)
• Circumvent security features, access controls, usage limits, protective measures

1.4 Malicious/Unlawful Content

• Viruses, worms, Trojans, ransomware, spyware, harmful/malicious/destructive code
• Unlawful, libelous, defamatory, obscene, pornographic, indecent, lewd, harassing, threatening, invasive, abusive, inflammatory, objectionable content
• Unsolicited advertising, spam, junk mail, chain letters (except as Service features authorize)

1.5 AI/ML Restrictions

• Training Prohibition: Use Service/Customer Data to train AI/ML models that: (i) compete with Jombone; (ii) replicate Service functionality; (iii) commercialize/provide to third parties. (Internal analytics/decision-support OK if not (i)-(iii).)
• Scraping: Automated/systematic data extraction (web scraping, RPA) beyond normal UI/API use
• Automated Employment Decisions: Fully automated hiring/firing/promotion/evaluation without meaningful human review if: (i) violates employment laws (GDPR Art. 22, EEOC guidance, state/local AI laws); (ii) produces discriminatory outcomes (race, color, religion, sex, national origin, age, disability, genetic info); (iii) lacks required transparency/explainability. Customer responsible for: compliance, required notices, human oversight, impact assessments (DPIA, NYC LL 144), documentation.
• Reverse Engineering Models: Attempt to extract algorithms, training data, architectures, weights from Service AI features
• Bias Testing: May test for bias/fairness/compliance internally. Report concerns to [email protected] No public disclosure without 90-day remediation opportunity (unless legally required).

2. CUSTOMER RESPONSIBILITIES

2.1 Compliance. Solely responsible for Customer/End User compliance with AUP and laws (recruitment, hiring, employment, workforce management, data protection).

2.2 Monitoring. Monitor use; immediately report known/suspected violations to [email protected].

2.3 Cooperation. Reasonably cooperate in investigating/resolving violations (provide info, logs, personnel).

3. ENFORCEMENT

3.1 Breach. AUP violation = material Agreement breach.

3.2 Suspension. Jombone may investigate. If violation determined, may immediately suspend (whole/part) upon notice, without liability, until cured.

3.3 Termination. Repeated/severe/uncured violations: termination per MSA §11.3.

 3.4 Remedies. Jombone reserves all legal/equitable remedies (injunctions, damages).

4. REVISIONS

30 days’ notice for modifications. Continued use = acceptance. If disagree, terminate per MSA §11.

EXHIBIT E: WHITE LABEL ADDENDUM

1. LICENSE GRANT

Subject to White Label fees payment and full compliance, Jombone grants limited, non-exclusive, non-transferable, non-sublicensable (except §2) right during term to:

• 1 Rebrand user-facing elements (§3) per Branding Guidelines
• 2 Offer White Labeled Service to authorized End Users (employees, contractors, affiliates, clients, customers)

2. END USER SUBLICENSE

 2.1 Grant. Customer may grant End Users non-exclusive, non-transferable, non-sublicensable right to access White Labeled Service for End User’s internal business (or as Jombone approves in writing).

2.2 Mandatory Terms. Customer must have binding written End User Agreement incorporating ≥ protections of: Use Restrictions/AUP (Ex. D); IP Ownership (Art. 3); Confidentiality (Art. 5); Liability Limitation/Disclaimer (Arts. 8, 10); Indemnity (mirroring §9.2).

2.3 Responsibility. Customer solely responsible/liable for all End User use. End User breach/prohibited use = Customer breach.

2.4 Audit. Jombone may request End User Agreement copy for review. Customer certifies annually (by Jan 31) enforcement of flow-downs with all End Users.

3. PERMITTED BRANDING (User-Facing Only)

• 1 Web login screen (logo, colors, branding)
• 2 Mobile login screen (iOS, Android)
• 3 Mobile icon/splash screen (iOS, Android)
• 4 Transactional email templates (password reset, shift notifications, alerts)
• 5 Career/application portal (Customer subdomain)
• 6 In-app UI elements (header logo, primary/secondary colors, favicon)
• 7 Approval: Submit to Jombone for written approval pre-deployment. Jombone may reject if misleading, offensive, infringes rights, detrimental to reputation.

4. EXCLUSIONS (NOT White Labeled)

• 1 APIs, webhooks, developer tools, technical docs
• 2 Admin backend, system config, infrastructure management
• 3 Security, audit, compliance, system logs
• 4 Third-party integrations (background checks, e-signature, job boards)
• 5 Jombone trademark, “Powered by Jombone” attribution

5. “POWERED BY JOMBONE” ATTRIBUTION

 5.1 Required Locations: (a) Platform footer (10pt min, all logged-in screens); (b) mobile login screen; (c) Help/About section. Must be legible, unobscured, visible (no horizontal scroll or hidden placement). May link to jombone.com.

 5.2 Waiver. Jombone may waive if Customer agrees to: (a) act as public reference (case study); (b) grant Jombone right to use Customer name/logo/testimonial in marketing (Customer approval of specific uses).

6. MOBILE APP DISTRIBUTION

 6.1 Accounts. Customer responsible for Apple/Google developer accounts and app store compliance.

 6.2 Assistance. Jombone provides reasonable technical assistance (Professional Services or as agreed) to configure/build/submit white-labeled apps.

 6.3 Post-Termination. Within 15 days: remove apps from all stores; cease marketing/promotion/distribution. Within 30 days: provide written certification (signed officer) of removal and decommissioning.

7. WARRANTIES & INDEMNITY

 7.1 Customer Warranties. (a) Branding doesn’t infringe third-party IP or violate laws; (b) won’t make representations exceeding Documentation/Agreement warranties; (c) has rights/licenses/consents for branding and End User offering.

 7.2 Enhanced Indemnity. Customer indemnifies per MSA §9.2 including claims from: (a) White Label branding/marketing/documentation/representations; (b) flow-down failure; (c) branding element infringement; (d) White Label offering law violations.

8. BRANDING GUIDELINES

 8.1 Logos: High-res PNG/SVG (transparent); web 150px×50px min, mobile icon 512px×512px; clear space = “P” height in “Powered by Jombone”

 8.2 Colors: Primary (header, buttons, links) + secondary (highlights, icons) via hex codes. Jombone may reject if reduces accessibility (insufficient contrast, WCAG 2.1 AA violations), usability, readability.

 8.3 Attribution: Original form (no alter/abbreviate/translate); legible font (10pt min); contrasting color; not in collapsed footer/hidden menu.

 8.4 Prohibited: (a) Remove/obscure Jombone copyright/trademark/proprietary notices in source/APIs/admin; (b) use Jombone name/logo implying Jombone provider/endorser to End Users or suggesting non-existent partnership/sponsorship; (c) misleading/offensive/discriminatory/detrimental branding; (d) register domains/social/business names incorporating “Jombone”/confusingly similar.

9. PRIVATE CLOUD & MULTI-TENANCY

 9.1 Model. For enhanced isolation: Private Cloud SaaS (dedicated infrastructure separate from other customers).

 9.2 Internal Multi-Tenancy. Within private cloud: may use multi-tenant architecture for Customer’s entities/divisions (e.g., 7 subsidiaries). Logical segregation via tenant IDs; RBAC prevents cross-entity access unless authorized.

 9.3 Security. Logical segregation at application (tenant-aware queries, authorization) and database (tenant ID columns, row-level security) layers. All Exhibit C controls apply.

10. PLATFORM UPDATES

Customer responsible for ensuring branding/customizations remain compatible with updates (MSA §2.5) and promptly implementing required changes.

 EXHIBIT F: SOURCE CODE ESCROW (Optional)

Applies only if requested and agreed in Order Form.

1. ESTABLISHMENT

 1.1 Agent. Mutually agreed escrow agent (Iron Mountain, Codekeeper, EscrowTech, similar) per Three-Party Software Escrow Agreement.

 1.2 Materials. Jombone deposits: (a) source code; (b) build scripts, configs, deployment instructions; (c) database schemas, migrations, seed data; (d) third-party dependencies/libraries (if redistribution rights exist); (e) technical documentation (sufficient for reasonably skilled developer to understand, compile, deploy, maintain).

 1.3 Updates. Initial within 30 days of Escrow Agreement execution. Updates: each major release or quarterly (whichever more frequent).

2. FEES

 2.1 Customer Pays: Agent’s annual maintenance ($1,200-$2,500 typically), verification, release processing, special requests.

 2.2 Jombone Contribution. May contribute/cover one-time setup ($500-$1,500) at discretion (per Order Form; no ongoing obligation).

3. RELEASE TRIGGERS

 3.1 Events:

• (a) Bankruptcy: Jombone files bankruptcy, assignment for creditors, receiver/trustee appointed, similar insolvency
• (b) Cessation: Discontinues Service >90 consecutive days (excluding: force majeure, scheduled maintenance/upgrades, suspension for Customer breach/non-payment)
• (c) Material SLA Breach: <99.5% uptime for 3 consecutive months AND fails to cure within 180 days of written notice
• (d) Material Uncured Breach: Jombone material breach (not Customer non-payment), uncured after 60 days’ notice, AND: (i) security breach affecting >10,000 subjects; OR (ii) IP/Confidential Info violation causing substantial Customer harm; OR (iii) 3+ material breaches in 12 months (systematic failure)
• (e) Termination Sans Alternative: Jombone terminates (not for Customer breach/non-payment) without providing reasonable alternative (transition assistance, migration support, or extended service for transition)
• (f) Competitor Change of Control: Jombone acquired by Competitor (MSA §11.4(b) definition) AND: (i) acquirer announces Service discontinuation OR (ii) Customer reasonably believes Confidential Info/competitive position at risk AND no adequate safeguards agreed within 60 days
• (g) Force Majeure >120 Days: Force majeure prevents Service >120 consecutive days

 3.2 Verification. Customer provides written notice to Jombone + Agent (specify event, provide evidence). Agent verifies per Escrow Agreement procedures. If verified, releases to Customer.

 3.3 Disputes. If Jombone disputes, resolve per Escrow Agreement and/or MSA §14.1.

4. PERMITTED USE POST-RELEASE

 4.1 License. Upon release: limited, non-exclusive, non-transferable, non-sublicensable license to use, reproduce, modify, maintain Materials solely to continue operating Service for Customer’s internal operations or (if applicable) white label deployment to existing End Users.

 4.2 Prohibited: (a) Resell, redistribute, sublicense Materials/derivatives to third parties; (b) create competing product/service or provide services competing with Jombone; (c) transfer/assign/share with third parties (except necessary consultants/contractors under strict confidentiality); (d) remove/obscure copyright/trademark/proprietary markings.

4.3 Obligations. Customer shall: (a) treat as highly confidential (≥ own confidential info care, min reasonable); (b) limit access to need-to-know personnel with confidentiality obligations; (c) notify Jombone (or successor) within 10 business days of receipt.

5. RETAINED RIGHTS

 5.1 No Ownership Transfer. Release doesn’t transfer Jombone IP ownership. Jombone (or successors) retains all rights to Service, Materials, related IP.

 5.2 Third-Party Components. Materials may include third-party open-source/commercial components with separate licenses. Customer use subject to applicable licenses; Jombone makes no representation re: Customer ability to use outside Service.

6. VERIFICATION

 6.1 Services. Customer may request (at expense) periodic verification (completeness, compileability, functionality). Jombone reasonably cooperates. Frequency/procedures per Escrow Agreement.

 6.2 Deficiencies. If verification reveals incomplete/uncompilable/deficient, Jombone promptly cures by depositing corrected/supplemental materials.

7. TERMINATION

Escrow terminates upon: (a) all Order Forms expire/terminate (unless parties agree to extend); (b) mutual agreement to terminate; (c) Materials release per §3. Upon termination (except by release): Agent returns/destroys Materials per Jombone instruction.

8. GOVERNING LAW

Texas law per MSA §14.1.

 EXHIBIT G: END USER LICENSE AGREEMENT (EULA)

Effective: Upon End User account creation or first access

Between: Jombone Inc. and individual End User (“you”)

IMPORTANT: By clicking “I Agree,” creating account, or accessing Service, you agree to this EULA. If disagree, don’t access/use.

1. LICENSE GRANT

Subject to compliance, Jombone grants personal, non-exclusive, non-transferable, revocable license to access Service solely for purposes authorized by your employer/staffing agency/organization (“Your Organization”). License terminates immediately if: (a) you violate EULA; (b) Your Organization’s subscription terminates; (c) your employment/authorization ends.

2. RESTRICTIONS

You shall not: (a) share login credentials or allow unauthorized access; (b) use for unlawful purpose or violate AUP; (c) reverse engineer, decompile, disassemble Service; (d) use automated tools (bots, scrapers) to extract data; (e) upload viruses, malware, malicious code; (f) attempt unauthorized access to other accounts/data; (g) use to compete with Jombone or Your Organization; (h) remove/modify proprietary notices.

3. DATA AND PRIVACY

(a) Ownership: You retain ownership of data you submit (“Your Data”). You grant Jombone and Your Organization license to process Your Data to provide Service.

(b) Privacy: Jombone processes personal information per Privacy Policy (jombone.com/privacy). Your Organization = data controller determining collection/use. Direct privacy questions to Your Organization.

(c) Organization Access: Your Organization has admin access to your account and can view your data, activity, usage. Jombone may disclose your info to Your Organization as requested.

4. ACCOUNT SECURITY

You’re responsible for: (a) maintaining login credential confidentiality; (b) all activities under your account; (c) notifying Your Organization and Jombone immediately of unauthorized use. Jombone not liable for losses from unauthorized use if you fail to protect credentials.

5. MOBILE APPS

If accessing via mobile: (a) comply with Apple App Store Terms and/or Google Play Terms; (b) these terms apply in addition to EULA; (c) Apple and Google not parties to EULA and have no obligations re: Service.

6. ACCEPTABLE USE

Comply with AUP. Violations may result in immediate suspension/termination without notice.

7. INTELLECTUAL PROPERTY

Service (software, content, trademarks, IP) owned by Jombone and licensors. No ownership rights acquired. “Jombone” and related marks are Jombone trademarks.

8. WARRANTY DISCLAIMER

SERVICE PROVIDED “AS IS” WITHOUT WARRANTIES. JOMBONE DISCLAIMS ALL WARRANTIES (EXPRESS, IMPLIED) INCLUDING MERCHANTABILITY, FITNESS, NON-INFRINGEMENT. DOESN’T WARRANT ERROR-FREE, UNINTERRUPTED, OR SECURE.

9. LIMITATION OF LIABILITY

TO MAX EXTENT PERMITTED BY LAW, JOMBONE’S TOTAL LIABILITY TO YOU SHALL NOT EXCEED $100. NOT LIABLE FOR INDIRECT, INCIDENTAL, CONSEQUENTIAL, PUNITIVE DAMAGES (INCLUDING LOST DATA, PROFITS).

10. INDEMNIFICATION

You indemnify Jombone from claims arising from: (a) your Service use; (b) EULA violation; (c) law or third-party rights violation; (d) Your Data.

11. TERMINATION

Jombone or Your Organization may terminate your access anytime. Upon termination: (a) license terminates immediately; (b) cease all Service use; (c) Sections 7-14 survive.

12. CHANGES

Jombone may modify EULA by posting updates at jombone.com/eula or in-Service. Continued use after changes = acceptance. Material changes: 30 days’ notice via email/in-app notification.

13. DISPUTES (Individual End Users)

(a) Informal: Contact [email protected] for resolution attempt.

(b) Binding Arbitration: Disputes resolved by binding arbitration under AAA Consumer Arbitration Rules. Arbitration in Dallas County, Texas (or your county of residence if law requires). Waive right to class actions/class arbitrations.

(c) Exceptions: Either may seek injunctive relief in court for IP violations or unauthorized access.

(d) Opt-Out: Opt out of arbitration by emailing [email protected] within 30 days of first use.

14. GENERAL

(a) Law: Texas law governs (no conflicts principles).

(b) Entire Agreement: EULA = complete agreement between you and Jombone re: Service (separate from Jombone-Your Organization agreement).

(c) Severability: Unenforceable provisions: remainder remains effective.

(d) No Waiver: Failure to enforce doesn’t waive future enforcement.

Contact: [email protected] | 3300 Dallas Parkway, Suite 200, Plano, TX 75093