The URL can be used to link to this page

Home My WebLink AboutP-23-352 SPIDR Tech Inc.pdf DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc SUBSCRIPTION AGREEMENT This Subscription Agreement (this "Agreement") is made as of July 24, 2023 (the "Effective Date"), by and between SPIDR Tech Inc., a Delaware corporation addressable at P.O. Box 3448, Manhattan Beach, CA, 90266 ("SPIDR Tech"), and the County of Fresno, a political subdivision of the State of California ("Customer"). SPIDR Tech and Customer may be referred to as a "Party" herein and together as the "Parties."The Sales Proposal by and between SPIDR Tech and the Customer (the "Sales Proposal") and the terms therein shall be deemed incorporated herein. The Sales Proposal is attached as Exhibit A. WHEREAS, SPIDR Tech's proprietary systems, applications and related APIs permit police departments to gather, review and analyze data in connection with law enforcement intelligence, officer productivity and related community engagement. WHEREAS, Customer desires to access and use SPIDR Tech's proprietary system, and SPIDR Tech desires to provide such access, in accordance with the terms and conditions herein; NOW, THEREFORE, in consideration of the covenants set forth herein, SPIDR Tech and Customer hereby agree as follows: 1. Provision of the Service. 1.1 Provision Generally. SPIDR Tech will provide Customer with access to SPIDR Tech's proprietary service for the modules specified in the Sales Proposal, which is attached as Exhibit A(collectively the "Service") in accordance with the terms and conditions of this Agreement. In order to access and use the Service, Customer is responsible at its own expense for obtaining its own Internet access, and any hardware and software required therefor. 1.2 Grant of Rights. Subject to the terms and conditions of this Agreement, SPIDR Tech hereby grants to Customer a limited, non-exclusive, non-transferable right to access and use the Service, solely for Customer's purposes during the Term. All rights not expressly granted to Customer are reserved by SPIDR Tech and its licensors. There are no implied rights. 1.3 Restrictions. Customer shall not (and shall not allow any third party to): (a) use the Service for the benefit of any third party, or to develop or market any product, software or service that is functionally similar to or derivative of the Service, or for any other purpose not expressly permitted herein; (b) permit any third party or individual to access or use the Service; (c) sell, distribute, rent, lease, service bureau, post, link, disclose or provide access to the Service, directly or indirectly, to any third party; (d) alter, modify, debug, reverse engineer, decompile, disassemble, or otherwise attempt to derive or gain access to any software (including source code) associated with the Service; or (e) use any robot, spider, scraper or other automated means to access the Service, or engage in any scraping, data-mining, harvesting, screen-scraping, data aggregating or indexing of the Service. Customer shall keep all 1 of 11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc passwords and API Keys provided to it safe and secure, and shall be responsible for all use of the Service using passwords or API keys issued to Customer. Customer shall notify SPIDR Tech immediately of any actual or suspected unauthorized use of its passwords or API keys for the Service. Without limiting any of its other rights or remedies, SPIDR Tech reserves the right to suspend access to the Service if SPIDR Tech reasonably believes that Customer has materially violated the restrictions and obligations in this Agreement (in which case, it shall provide Customer prompt written notice of such suspension). 1.4 Customer Cooperation. Customer shall: (a) reasonably cooperate with SPIDR Tech in all matters relating to the Service; (b) respond promptly to any SPIDR Tech request to provide information, approvals, authorizations or decisions that are reasonably necessary for SPIDR Tech to provide the Service in accordance with this Agreement; and (c) provide such Customer materials or information as SPIDR Tech may reasonably request to provide the Service and ensure that such materials or information are complete and accurate in all material respects. 2. SPIDR Tech Technology. In connection with providing the Service, SPIDR Tech and its licensors shall operate and support the hosted environment used by SPIDR Tech to provide the Service, including the SPIDR Tech Technology, the server hardware, disk storage, firewall protection, server operating systems, management programs, web server programs, documentation and all other technology or information so used by SPIDR Tech. As used herein, "SPIDR Tech Technology" means all of SPIDR Tech's proprietary technology (including software, hardware, products, processes, algorithms, user interfaces, know-how, techniques, designs and other tangible or intangible technical material or information) made available to Customer by SPIDR Tech in providing the Service. 3. Downtime. Subject to the terms and conditions of this Agreement, SPIDR Tech shall use commercially reasonable efforts to provide access to the Service for twenty-four (24) hours a day, seven (7) days a week throughout the term of this Agreement. Customer agrees that from time to time the Service may be inaccessible or inoperable for various reasons, including (i) equipment malfunctions; (ii) periodic maintenance procedures or repairs which SPIDR Tech may undertake from time to time; or (iii) causes beyond the control of SPIDR Tech or which are not reasonably foreseeable by SPIDR Tech, including interruption or failure of telecommunication or digital transmission links, hostile network attacks or network congestion or other failures, or failures or issues experienced by the Hosting Contractors independent of and not related to the Service or SPIDR Tech (collectively "Downtime"). SPIDR Tech shall use commercially reasonable efforts to provide twenty-four (24) hour advance notice to Customer in the event of any scheduled Downtime. SPIDR Tech shall have no obligation during performance of such operations to mirror Customer Data on any other server or to transfer Customer Data to any other server. SPIDR Tech shall use commercially 2of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc reasonable efforts to minimize any disruption, inaccessibility and/or inoperability of the service in connection with Downtime, whether scheduled or not. 4. Ownership. Customer acknowledges and agrees that as between SPIDR Tech and Customer, all right, title and interest in and to the Service (including the data, information, text, images, designs, sound, music, marks, logos, compilations (meaning the collection, arrangement and assembly of information) and other content on or made available through the Service, other than Customer Data), the SPIDR Tech Technology and all improvements and derivatives of the foregoing (including all intellectual property and proprietary rights embodied therein or associated therewith) are and shall remain owned by SPIDR Tech or its licensors, and this Agreement in no way conveys any right, title or interest in the Service or the SPIDR Tech Technology other than a limited right to use the Service in accordance with the terms and conditions herein. No right or license is granted hereunder to Customer under any trademarks, service marks, trade names or logos. Customer shall not remove any SPIDR Tech trademark, service mark or logo, or any proprietary notices or labels (including any copyright or trademark notices) from the Service. 5. Fees; Payments; Taxes. 5.1 Fees. In consideration of the provision of the Service hereunder, Customer shall pay SPIDR Tech the fees as set forth in Exhibit A. Except as otherwise agreed in writing between the Parties, in no event shall compensation paid to SPIDR Tech for the three-year term of this Agreement exceed $65,080.00. If optional renewals are used, compensation for year four shall not exceed $19,472.00 and year five shall not exceed $20,056.00. The five-year total shall not exceed $104,608.00. 5.2Taxes. All amounts due hereunder are exclusive of all sales, use, excise, service, value added, or other taxes, duties and charges of any kind (whether foreign, federal, state, local or other) associated with this Agreement, the Service, or Customer's access to the Service. Customer shall be solely responsible for all such taxes, duties and charges (except for taxes imposed on SPIDR Tech's income), which may be invoiced by SPIDR Tech from time- to-time. 5.3 Payment Method. Customer shall make all payments hereunder, in US dollars, in the manner specified by SPIDR Tech, and without deduction of any charges, taxes or other amounts. 5.41-ate Payments. Customer shall reimburse SPIDR Tech for all costs and expenses, including attorneys' fees, incurred in collecting any unpaid amounts owed by Customer hereunder. 6. Term; Termination. 6.1 Term. The term of this Agreement shall commence on the Effective Date and, unless earlier terminated as set forth herein, shall continue for three (3) calendar years immediately following the Effective Date. Either Party may terminate this Agreement by providing the other Party 30 days advance written notice of its desire to terminate. The entire term before termination is 3of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc collectively referred to as the "Term" herein. This Agreement may be extended for two (2) additional one (1) year periods by the mutual written consent of all parties. 6.2Termination for Breach. Either Party may terminate this Agreement by written notice thereof to the other Party, if the other Party materially breaches this Agreement and does not cure such breach within 30 days after written notice thereof. In the event of such a termination as a result of SPIDR Tech's material breach, any prepaid, unused amounts shall be refunded to Customer, prorated for the remaining portion of the then-current pre-paid year of the term. 6.3Termination for Non-Allocation of Funds. The terms of this Agreement are contingent on the approval of funds by the appropriating government agency. If sufficient funds are not allocated, then the Customer, upon at least 30 days' advance written notice to SPIDR Tech, may terminate this Agreement. 6.4 Effects of Termination; Survival. Upon any termination of this Agreement: (a) all rights granted to Customer hereunder shall terminate and SPIDR Tech shall no longer provide access to the Service to Customer, and (b) Customer shall cease using the Service. Any obligations that have accrued prior to termination shall survive termination of this Agreement. In addition, the following Sections, as well as any other provisions herein which by their nature should survive, shall survive termination of this Agreement: Sections 4 through 12. 7. Customer Data. 7.1 Data Generally. All data and information which the Customer inputs or provides to the Service (the "Customer Data") is stored in a private and secure fashion (as regulated by CJIS requirements), and will not be used by SPIDR Tech except as permitted herein. Customer hereby grants to SPIDR Tech a limited, non-exclusive, non-transferable, royalty-free right to use, reproduce, manipulate, display, transmit and distribute the Customer Data solely in connection with providing the Service to Customer, and improving and developing the Service. In addition, SPIDR Tech may analyze Customer Data, and data of other customers, to create aggregated or anonymized statistics or data that do not identify Customer or any individual, and SPIDR Tech may during and after the Term use and disclose such statistics or data in its discretion. Except as specified otherwise in this Agreement (including the Sales Proposal), Customer shall be solely responsible for providing, updating, uploading and maintaining all Customer Data. Customer shall not be liable or responsible for the accuracy of the content of Customer Data, and makes no warranties or guaranties to SPIDR Tech of such accuracy. SPIDR Tech shall operate the Service in a manner that provides reasonable information security for Customer Data, using commercially reasonable data backup, security, and recovery protections (as regulated by CJIS requirements), in accordance with the requirements of Exhibit C, Data Security, which is attached and incorporated by this reference. 7.2Additional Customer Responsibilities. Customer is solely responsible for all Customer Data. SPIDR Tech does not guarantee the accuracy, integrity or 4of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc quality of Customer Data. Customer shall not: (a) upload or otherwise make available to SPIDR Tech any Customer Data that is unlawful or that violates the rights of any third parties; (b) upload or otherwise make available to SPIDR Tech any Customer Data that Customer does not have a right to transmit due to any law, rule, regulation or other obligation; (c) use, upload or otherwise transmit any Customer Data that infringes any intellectual property or other proprietary rights of any third party; (d) knowingly upload or otherwise make available to SPIDR Tech any material that contains software viruses or any other computer code, files or programs designed to interrupt, destroy, limit the functionality of any computer software or hardware or telecommunications equipment; (e) interfere with or disrupt the Service or servers or networks connected to the Service; (f) upload or otherwise make available to SPIDR Tech any Customer Data that constitutes protected health information subject to the Health Insurance Portability and Accountability Act or any regulation, rule or standards issued thereunder; or (g) violate any applicable law, rule or regulation, including those regarding the export of technical data. 8. Representations and Warranties; Disclaimer. 8.1 General Representations and Warranties. Each Party hereby represents and warrants to the other Party that: (a) it is a corporation, company or other entity (as applicable) duly organized, validly existing and in good standing in its jurisdiction of organization; (b) its execution, delivery and performance of this Agreement have been duly and validly authorized by all necessary organizational action on its part; (c) the provisions set forth in this Agreement constitute legal, valid, and binding obligations of such Party enforceable against such Party in accordance with their terms, subject to bankruptcy, insolvency and other laws affecting creditors' rights generally; and (d) its execution, delivery and performance of this Agreement do not and will not conflict with, result in a breach of, constitute a default under, or require the consent of any third party under, any agreement or other obligation to which such Party is subject. 8.2SPIDR Tech Limited Warranty. SPIDR Tech warrants that it will provide the Service in a competent and workmanlike manner. SPIDR Tech does not warrant that it will be able to correct all reported defects or that use of the Service will be uninterrupted or error free. SPIDR Tech makes no warranty regarding features or services provided by any third parties. SPIDR Tech retains the right to modify its services and the SPIDR Tech Technology in its sole discretion; provided that doing so does not have a material adverse impact on the Service hereunder. Customer's sole remedy for SPIDR Tech's breach of the warranty in this paragraph shall be that SPIDR Tech shall remedy the applicable error, or if SPIDR Tech is unable to do so in a timely manner, refund to Customer actual damages up to a limit of the fees paid for the Service for the 9-month period immediately prior to when the breach of warranty occurred. 8.3Disclaimer. EXCEPT FOR THE WARRANTIES SET FORTH IN SECTIONS 8.1-8.2 ABOVE, SPIDR TECH MAKES NO REPRESENTATION OR 5of11 90004289.2 DocuSign Envelope ID: 89582DA7-FF82-4C48-BB1 B-CA791326E067D P-23-352 County of Fresno SPIDR-Tech Inc WARRANTY WHATSOEVER, AND HEREBY DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, WITH RESPECT TO THE SERVICE (IN EACH CASE WHETHER EXPRESS OR IMPLIED BY LAW, COURSE OF DEALING, COURSE OF PERFORMANCE, USAGE OF TRADE OR OTHERWISE), INCLUDING ANY WARRANTY (A) OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT, (B) THAT THE SERVICE WILL MEET CUSTOMER'S REQUIREMENTS, WILL ALWAYS BE AVAILABLE, ACCESSIBLE, UNINTERRUPTED, TIMELY, SECURE OR OPERATE WITHOUT ERROR, (C) AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICE, OR (D) AS TO THE ACCURACY OR RELIABILITY OF ANY INFORMATION OBTAINED FROM THE SERVICE. 9. Limitations of Liability. 9.1 Damages Cap. TO THE FULLEST EXTENT PERMISSIBLE BY LAW, SPIDR TECH'S TOTAL LIABILITY FOR ALL DAMAGES ARISING OUT OF OR RELATED TO THE SERVICE OR THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT OF FEES PAID BY CUSTOMER TO SPIDR TECH UNDER THIS AGREEMENT DURING THE PRIOR 6 MONTHS. 9.2 Disclaimer of Indirect Damages. EXCEPT FOR (A) CUSTOMER'S OBLIGATION TO PAY ALL AMOUNTS DUE HEREUNDER, (B) ITS INDEMNIFICATION OBLIGATIONS OR (C) ITS BREACH OF ANY INTELLECTUAL PROPERTY OR CONFIDENTIALITY OBLIGATIONS OR RESTRICTIONS HEREIN (INCLUDING ANY LIMITATIONS OR RESTRICTIONS ON USE OF THE SERVICE), IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES (INCLUDING LOSS OF DATA, PROFITS OR REVENUE) ARISING OUT OF OR RELATED TO THE SERVICE OR THIS AGREEMENT, WHETHER SUCH DAMAGES ARISE IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE. 9.3Basis of the Bargain. THE PARTIES AGREE THAT THE LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION 9 ARE A FUNDAMENTAL BASIS OF THE BARGAIN, THAT SPIDR TECH HAS SET ITS FEES IN RELIANCE ON THE ENFORCEABILITY OF THESE PROVISIONS, AND THAT THEY SHALL APPLY NOTWITHSTANDING THAT ANY REMEDY SHALL FAIL ITS ESSENTIAL PURPOSE. 10. Indemnification. 10.1 SPIDR Tech Indemnification. SPIDR Tech shall defend, indemnify and hold harmless Customer and its directors, officers, employees and agents ("Customer Indemnified Parties") from and against any third party claims, actions, proceedings, demands, lawsuits, damages, liabilities and expenses (including reasonable attorneys' fees and court costs) (collectively, "Claims") to the extent based on any claim that the Service infringes, misappropriates 6of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc or otherwise violates (collectively, "Infringes") any third party intellectual property or proprietary right. 10.2 Reserved. 10.3 Indemnification Process. As conditions of the indemnification obligations in Section 10.1 above: (a) the applicable Customer Indemnified Party (the "Indemnitee")will provide the indemnifying Party (the"Indemnitor")with prompt written notice of any Claim for which indemnification is sought (provided that failure to so notify will not remove the Indemnitor's indemnification obligations except to the extent it is prejudiced thereby), (b) the Indemnitee will permit the Indemnitor to control the defense and settlement of such Claim, and (c) the Indemnitee will reasonably cooperate with the Indemnitor in connection with the Indemnitor's evaluation, defense and settlement of such Claim. In defending any Claim, the Indemnitor shall use counsel reasonably satisfactory to the other Party. The Indemnitor shall not settle or compromise any such Claim or consent to the entry of any judgment without the prior written consent of the other Party (not unreasonably withheld). 10.4 Exclusions. SPIDR Tech's obligations in Section 10.1 above shall not apply to any Claim to the extent arising from or relating to (a) misuse of the Service (including any use not strictly in accordance with the documentation therefor, SPIDR Tech's instructions, and this Agreement), (b) any modification, alteration or conversion of the Service not created or approved in writing by SPIDR Tech, (c) any combination of the Service with any computer, hardware, software or service not provided by SPIDR Tech, (d) SPIDR Tech's compliance with specifications or other requirements of Customer, or (e) any third party data or Customer Data. If the Service is or may be subject to a Claim of Infringement described in Section 10.1 above, SPIDR Tech may, at its cost and sole discretion: (i) obtain the right for Customer to continue using the Service as contemplated herein; or (ii) replace or modify the Service so that it becomes non-Infringing without substantially compromising its principal functions; or (iii) to the extent the foregoing are not commercially reasonable, terminate this Agreement and return to Customer any pre-paid fees for the Service associated with the then-remaining Term. SPIDR Tech's obligations in this Section 10 shall be SPIDR Tech's sole obligations, and Customer's sole remedies, in the event of any Infringement of intellectual property or proprietary rights by or related to the Service. 11. Confidentiality. 11.1 Definition. "Confidential Information" means information that is disclosed by either Party (the "Disclosing Party") to the other Party (the "Receiving Party") hereunder during the Term that is clearly labeled or identified as confidential or proprietary when disclosed, or that, under the circumstances, should reasonably be treated as confidential, except that "Confidential Information" shall not include any information that (a) is or becomes generally known to the public through no fault of, or breach of this Agreement by, the Receiving Party; (b) is rightfully in the Receiving Party's possession at the time of disclosure 7of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc without an obligation of confidentiality; (c) is independently developed by the Receiving Party without use of the Disclosing Party's Confidential Information; or (d) is rightfully obtained by the Receiving Party from a third party without restriction on use or disclosure. In addition the Service and SPIDR Tech Technology shall be deemed Confidential Information of SPIDR Tech, regardless of whether or not such is labeled as confidential information. 11.2 General Obligations. Each Party agrees that it will during the Term and thereafter (a) not disclose the other Party's Confidential Information to any third party (other than as permitted in the last sentence of this paragraph); (b) use the other Party's Confidential Information only to the extent reasonably necessary to perform its obligations or exercise its rights under this Agreement; (c) disclose the other Party's Confidential Information only to those of its employees and independent contractors who reasonably need to know such information for purposes of this Agreement and who are bound by confidentiality obligations that protect Confidential Information similar to the obligations in this Section 11.; and (d) protect all Confidential Information of the other Party from unauthorized use, access, or disclosure in the same manner as it protects its own confidential information of a similar nature, and in no event with less than reasonable care. Notwithstanding the above, this paragraph shall not prohibit a Party from disclosing Confidential Information of the other Party to the extent required by applicable law, rule or regulation, including, but not limited to, the California Public Records Act, Government Code § 7920.000 et. seq., and the Ralph M. Brown Act, California Government Code § 54950 et. seq., (including a court order or other government order) or the rules and regulations of the SEC or any national securities exchange; provided that such Party provides the other Party prior written notice of such disclosure, to the extent practicable, and reasonably cooperates with efforts of the other Party to seek confidential treatment thereof, to the extent such cooperation is requested by the other Party 11.3 Return or Destruction. Except as otherwise expressly provided in this Agreement, the Receiving Party will return to the Disclosing Party, or destroy or erase, the Disclosing Party's Confidential Information in tangible form, upon the termination of this Agreement; provided that (a) Receiving Party may retain a copy of Disclosing Party's Confidential Information solely for the purposes of tracking Receiving Party's rights and obligations hereunder with respect thereto, (b) Receiving Party may retain copies of Disclosing Party's Confidential Information solely to the extent required by law or by applicable professional standards which require such Party to retain copies of its working papers, and (c) Receiving Party may retain Disclosing Party's Confidential Information solely to the extent reasonably necessary for Receiving Party to exercise rights or perform obligations under this Agreement that survive such termination. 11.4 Feedback. Notwithstanding the above or anything to the contrary herein, to the extent that Customer at any time provides SPIDR Tech with any feedback 8of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc or suggestions regarding the Service, including potential improvements or changes thereto (collectively, "Feedback"), the Feedback shall not be considered Confidential Information of Customer, and SPIDR Tech shall be free to use, disclose, and otherwise exploit in any manner, the Feedback for any purpose. 12.Miscellaneous. 12.1 Compliance with Laws. Each Party shall comply with all laws, rules, regulations and ordinances applicable to its activities hereunder. 12.2 Hosting Providers. Customer acknowledges that the Service is hosted by third party hosting providers (the "Hosting Contractors"). SPIDR Tech may change its Hosting Contractors at any time. Customer's use of the Service is subject to any applicable restrictions imposed by the Hosting Contractors. Notwithstanding any other provision of this Agreement, SPIDR Tech shall not be liable for any problems, failures, defects or errors with the Service to the extent caused by the Hosting Contractors. Customer acknowledges that the fees payable for the Service reflect the fact that SPIDR Tech is not responsible for the acts and omissions of the Hosting Contractors. 12.3 Assignment. Customer may not assign this Agreement, or assign any of its rights or delegate any of its obligations under this Agreement, without the prior written consent of SPIDR Tech. SPIDR Tech may freely assign this Agreement, or assign any of its rights or delegate any of its obligations under this Agreement. Any purported assignment or delegation in violation of this paragraph is null and void. This Agreement will bind and inure to the benefit of each Party's successor and permitted assigns. 12.4 Entire Agreement; Amendment. This Agreement (including Exhibit A) contains the complete understanding and agreement of the Parties with respect to the subject matter hereof, and supersedes all prior or contemporaneous agreements or understandings, oral or written, with respect thereto. No pre-printed terms on any purchase order, invoice or similar document issued in relation to this Agreement shall have any effect on the Parties or this Agreement. This Agreement may be amended or modified only by an express written agreement signed by duly authorized representatives of both Parties. 12.5 Notices. Unless otherwise specifically provided herein, all notices required or permitted by this Agreement shall be in writing and may be delivered personally, or may be sent by facsimile, overnight delivery or certified mail, return receipt requested, to the addresses provided in the Sales Proposal. For all claims arising from or related to this Agreement, nothing in this Agreement establishes, waives, or modifies any claims presentation requirements or procedures provided by law, including the Government Claims Act (Division 3.6 of Title 1 of the Government Code, beginning with section 810). 12.6 Force Maieure. SPIDR Tech shall not be liable or responsible to Customer, nor be considered to have defaulted or breached this Agreement, for any failure or delay in fulfilling or performing any provision of this Agreement to the 9of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc extent such failure or delay is caused by or results from any act, circumstance or other cause beyond the reasonable control of SPIDR Tech, including acts of God, flood, fire, earthquake, explosion, governmental actions, war, invasion or hostilities (whether war is declared or not), terrorist threats or acts, riot, or other civil unrest, national emergency, revolution, insurrection, epidemic, lockouts, strikes or other labor disputes (whether or not relating to either Party's workforce), or restraints or delays affecting carriers or inability or delay in obtaining supplies of adequate or suitable technology or components, telecommunication breakdown, or power outage. 12.7 Publicity. SPIDR Tech shall have the right to use Customer's name and logo on Customer lists published on SPIDR Tech's website and in marketing materials. SPIDR Tech may announce the relationship hereunder in a press release provided that SPIDR Tech obtains Customer's prior approval of the wording of the release (not to be unreasonably withheld). 12.8 Insurance. SPIDR Tech shall comply with all the insurance requirements in Exhibit B to this Agreement. 12.9 Choice of Law. This Agreement is signed and performed in Fresno County, California. SPIDR Tech consents to California jurisdiction for actions arising from or related to this Agreement, and, subject to the Government Claims Act, all such actions must be brought and maintained in Fresno County. 12.10 Injunctive Relief. Each Party acknowledges that its breach of any intellectual property or confidentiality obligations or restrictions herein (including any limitations or restrictions on use of the Service) will cause substantial harm to the other Party that could not be remedied by payment of damages alone. Accordingly, the other Party will be entitled to seek preliminary, temporary and permanent injunctive relief, and other equitable relief, for any such breach with no obligation to post bond unless required by applicable law. 12.11 Relationship of the Parties. The relationship between the Parties is that of independent contractors. Nothing contained in this Agreement shall be construed as creating any agency, partnership, joint venture or other form of joint enterprise or employment relationship between the Parties, and neither Party shall have authority to contract for or bind the other Party in any manner whatsoever. 12.12 Waiver. No waiver by either Party of any of the provision of this Agreement is effective unless explicitly set forth in writing and signed by such Party. No failure to exercise, or delay in exercising, any right, remedy, power or privilege arising from this Agreement operates, or may be construed, as a waiver thereof. No single or partial exercise of any right, remedy, power or privilege hereunder precludes any other or further exercise thereof or the exercise of any other right, remedy, power or privilege. 12.13 Severability. If any provision of this Agreement is invalid, illegal or unenforceable in any jurisdiction, such invalidity, illegality or unenforceability 10of11 90004289.2 DocuSign Envelope ID:89582DA7-FF82-4C48-BB1B-CA79B26E067D P-23-352 County of Fresno SPIDR-Tech Inc shall not affect any other provision of this Agreement or invalidate or render unenforceable such provision in any other jurisdiction. 12.14 Headings; Interpretation. Headings are provided for convenience only and will not be used to interpret the substance of this Agreement. . 12.15 Counterparts. This Agreement may be executed in two counterparts (which may be delivered by .pdf or other facsimile format acceptable to the Parties), each of which shall be an original and both of which taken together shall form one agreement. 13 By signing below, each party acknowledges that it has carefully read and fully understood this Agreement, and each agrees to be bound by the terms of the Agreement. The Agreement becomes effective upon the date of last signature (the "Effective Date"). The individuals signing this Agreement represent that they have the authority to bind the respective parties to the terms of this Agreement. SPIDR Tech, Inc. DocuSigned by: DocuSigned by: Signature: !,/ �°,,,, Signature: E CTI&C 0458A471 D7714C1... BC4F3D123D3648A... Name: Warren Loomis Name: Terri Rosales Title: CEO Title: Secretary/VP of Finance Date Signed: August 3, 2023 Date Signed: August 3, 2023 County of Fresno, Purchasing Manager for District Attorney Office (CA) Digitally signed by Gary Si nature: Gary Cornuelle Dateg Cornuelle 07.53. 0-07'007 07:53:59-07'00' Name: Gary E. Cornuelle Title: Purchasing Manager Date signed: 8/7/2023 11 of 11 90004289.2 P-23-352 Exhibit A • • SPIOR T E C H Fresno District Attorney Office SPIDR Tech Proposal Created: 04/28/2023 Expires: 07/28/2023 Prepared for: Scott Hoedt Prepared by: Maxwell Keenan P-23-352 Exhibit A Executive Summary SPIOR We give law enforcement the technology they need to provide people with service they deserve. SPIDR Tech was founded by law enforcement officers in 2015, with the sole purpose of providing software that helps the public safety agencies provide excellent customer service. We now have over 100 partner agencies in the USA and Canada, with marquee partnerships with: San Antonio Police Department in Texas, Sacramento Police in California, Seattle Police Department in Washington, and Albuquerque Police Department in New Mexico. SPIDR Tech is a part of Versaterm Public Safety, an Ottawa-based company that has provided software, systems, and support to the public safety industry for over 40 years. Versaterm Public Safety provides law enforcement agencies with a comprehensive Public Safety Software Ecosystem. The SPIDR Tech Platform would provide the Fresno DistrictAttorney's Office (DA) with a solution that would allow the DA to automatically communicate with individuals involved in a case. These communications include Short Message Service/text (SMS), text with web browser links and email. Messaging flexibility allows you use standardized templates crafted from best practices, or you have the ability to design your own customized messages. Additionally, the software would reduce the amount of call backs to the DA office. For example, the San Antonio Police Department saw a 30% reduction on all property crime call backs once SPIDR Tech was in action. SPIDR Tech will provide a full implementation of the platform for the DA, and ongoing support for the SPIDR Tech Platform. SPIDR Tech has experience implementing large scale projects with Sacramento Police Department, Seattle Police Department, York Regional Police Department, and many more. In addition, in the unlikely event of any issues during the deployment process, the DA would benefit from having all the P-23-352 Exhibit A resources of both the Versaterm and SPIDR Tech engineers to resolve the issue rapidly. Overall, SPIDR Tech can provide the DA with the only end-to-end Customer Service Management solution designed specifically for public safety and criminal justice. The software would allow the DA to provide a level of transparency that is unmatched in the industry. Supporting Customer CJIS and Security Requirements Working with law enforcement data requires special security considerations, and SPIDR Tech supports these requirements. We perform background checks on all employees and will subject all project personnel to an agency background checks if requested. Our teams have passed all FBI screenings in the past for projects with other law enforcement agencies. SPIDR Tech offers a fully Software-as-a-Service (SaaS) model, host by Amazon Web Services (AWS) GovCloud, ensuring the customer does not need to purchase any hardware to install our system. AWS follows Criminal Justice Information Services (CJIS) compliance guidelines, and we possess all supporting documentation detailing our compliance. SPIDR Tech is fully hosted within AWS GovCloud (us-gov-west-1), which complies with the FedRAMP High baseline and is being used by multiple agencies to run CJIS workloads in the cloud. It is important to note that SPIDR Tech does not install, own, or manage any equipment within your agency's network. Our services are hosted in the cloud, and the networks talk to each other via a secure Virtual Private Network (VPN) or Application Programming Interface (API). SPIDR Tech utilizes a Federal Information Processing Standard (FIPS) 140-2 compliant encryption method to encrypt CJIS data at rest, including database backups and volumes. As an additional precaution, The SPIDR Tech Platform encrypts CJI data such as driver's licenses and social security numbers if an agency chooses to provide those items as part of the data transfer. Additionally, details can be found in the section labeled "System Architecture and Security". P-23-352 Exhibit A System Overview Investigations Module The SPIDR Tech Investigations Module is designed to provide ongoing, proactive follow-up messages to individuals and law enforcement agencies involved in a case. Once a case is filed with the DA, the SPIDR software will automate messages to victims, witnesses, and law enforcement agencies. It is critical to keep victims, witnesses, and law enforcement agencies up to date on the status of the case and make sure everyone is aware of any updates made. Often this process is done manually by phone or mail, costing the DA a great deal of time and money. The Investigations Module sends automated case updates to the crime victim via both SMS and email. Once the police report is filed in the Criminal Justice Case Management system (CJCM) or once reviewed and approved, the SPIDR Tech Platform can send the following types of messages to the crime victim: 1. After arraignment and following each hearing VANCOUVER This message is designed to proactively provide POLICE victims and witnesses with information following arraignment and after each hearing. This is accomplished by pulling data directly from the Hello Grayce, CJCM such as the case number, date of events, OnTue,November 19,2019,a police report was hearing type, and witness coordinator phone filed by the Vancouver Police Department involving: numbers. By pulling this data directly from the Larceny.You were named as a victim in this police report.As part of the Vancouver Poli e Department's CJCM and sending it to the correct parties, Fresno commitment toprovvice, ewatedtosens endyoh the hmore DA can not only improve the customer service level of customer service,we wanted to send you more information regarding this report. experience of their victims but can again minimize The report was filed by Ofc.C.Turner.The report administrative walk-ins and callbacks to the DXs number is 83624.Please keep this information for office by ensuring that the individuals involved in your records. the case have all the information needed. The Vancouver Police Department takes larceny crimes very seriously.Larceny crimes are investigated by Operations Division East,Neighborhood Crimes Section.You can contact them at 360-693-3111 and please leave your name,phone number,and the case report number.Please allow for a period of 1-2 weeks 2. After sentencing P-23-352 Exhibit A r TUCSON POLICE This message is designed to notify the individuals �'/ involved in the case of the sentence handed down by the jury/judge. This notification is critical to Hello Brittany, provide your agency with an automated platform to The Tucson Police Department would like to make these notifications, ensuring that they are inform you that on 09/05/2019,Richard W. consistent and timely as well as eliminating or 1909050028.agody was rrested in connection with Report minimizingan existing manual solutions that are 1909050028. Y g As a victim in this case,you have the right to be often costly and time-consuming. notified of an arrest that pertains to your case, the right to be present and to be heard at any pre-sentencing or sentencing proceeding that results in a conviction,and the right to make an impact statement prior to the imposition of the sentence.If you would like to make an impact statement in this case,please contact the Victim's Assistance Unit at 520-791-5483 to learn more, including how to provide your statement. If you need victim's assistance,there are resources to assist you.Please call the Victim's Assistance Unit 520-791-5483,Monday-Friday, 8:00 AM-5:00 PM or learn more online at 3. Law enforcement agency update messaging As the case progresses through ® various stages, a law enforcement update message can be sent directly to the agencies and can include all relevant information to Dearlesse, the agency. These updates could This notification from Your Police Department is to assist you in maintaining important case reference information and to ensure you have the appropriate contact information necessary for you to reach us.We were contacted on include but are not limited to, the Saturday,November 26,2022 at 4:23 PM regarding a Auto Then Your report number is20200050. case number, police report Your current case status is:Active. number, date, trial information, Case Status:Active hearing type, and future hearing The Cleburne Police Department is actively investigating your case.It has been assigned to to Detective Veum,who updates. can be reached at(555)SSS-5555 or Aron Veum@us-tx-cIebume-pd.wm. To request a copy of your police report,please visit our Records Department located at[INSERT ADDRESS].Our Overall the Investigations Module Records Bureau is open from[INSERT HOURS].Records Bureau personnel can be reached by calling[INSERT f PHONE NUMBER]or by emailing(INSERT EMAIL]. can proactively provide the law Sincerely, enforcement agencies with the Cleburne Police Department case information as well as regular Non.Emergency.tall)645.0972 302 W Henderson St updates on the status of the cases Emergency:911 Cleburne,TX 76033 the agency is involved in. By proactively providing case information and consistent updates, you can improve the law enforcement agencies engagement in the case. Multi-Lingual Functionality P-23-352 Exhibit A Para—este men,aje en espaW hags clic a View[his email in Enghsh Spider Tech offers standard WMonterey Park template messages in four POLICE languages, English, Spanish, Simple Chinese, and French. In J I-": addition, we can optionally facilitate tP Wed.August 29,2018 . ■, Monterey Park Police Department(f"*]JinMMVg)ffiw)M5x7�I)kFv9'NfN3F the customization of messages and 1(:Ah�i'�o:(tei'�ii.!�fixJ'eK?�S4�orP#&311�$;g�'.�fi$34PaYAhb^,q#i�ka1#�7��"AB3R9iA. ®itt#g1P1� surveys in 119 languages. These ik 1M2E6B.Iglesias#gx•NZAAM.M multilingual messages are linked to 1R"f'1i'®m$Wl;ae*AR Fill!�_113M7AAIJ3IIQF�117MR° the SMS in a convenient web browser format. For example a t k0 ilt� og7C#�alR. 1IS18n&QMWRW%M:(626)307-1233. partner agency in California sends HO?IJBh163FsS fOCalifornia Constitution,Victim's Bill of Rights(hoMIM, Racef9t£W) W9fgrl° all of their messages in English, rk-T Traditional Mandarin, and Spanish. The agency can also solicit survey ® $ � responses in multiple languages. This feature allows your agency to be inclusive of minority or majority members of the community, ensuring people receive the information they need in a language they understand. Portal Module The SPIDR Tech Portal Mod- i"'� 7vcsoN ule is designed to provide citi- POLICE zens with a 24/7 on-demand web portal where they can Tucson Police Department Victim Information Portal check their case status and sign up for additional updates. Step 1:Locate Case Step 2:Verify Victim Information Step 3:Check Status This portal can be made ac- cessible directly from a web- Case Number site link and would provide an please enter your 10-digit case number here. additional layer of 24/7 access for citizens to minimize walk- ins and callbacks. The Portal Para `restapaginaenespariol,hagacllcaQuf Module requires a minimal FAQ Privacy Policy Terms of Service amount of information to verify the victim's identity and can then provide the victim with their current case status, infor- mation related to personnel assigned to their case, and any other information that the agency would like to make accessible to the victim. Pricing P-23-352 Exhibit A SPIDR Tech software pricing has two components: The initial, one-time deployment fee and the an- nual subscription cost.The deployment fee includes all technical and non-technical interfaces, and the subscription cost includes all messages (text and email), data storage, feature updates, mainte- nance and professional services.Additionally,the following items are included in the SaaS Subscrip- tion: • CJCM interface built by SPIDR Tech or pair-programmed with your team • User Acceptance Testing • Non-Technical support for messages and settings • Custom reporting available • Assigned SPIDR Tech Partner Success Manager • Technical support for required adjustments to the interface (CJCM) • 24/7 interface monitoring SPIDR Tech Pricing Overview Year 1 Cost SPIDR SaaS Modules Included: Subscription • Investigations&Portal Module $19,800 Deployment and Deployment and installation fee (one-time setup/integration fee) $10,000 Installation Unlimited maintenance and support including changes to settings, Maintenance and IN- Support messages,surveys,and configurations post go-live,assigned Customer CLUDED Pp Success Manager SaaS Discount Discount contingent on signed contract by 06/28/2023 ($1,980) Total: $27,820 Year 2 Cost SPIDR SaaS Modules Included: Subscription • Investigations&Portal Module $20,394 Unlimited maintenance and support,changes to settings,messages, Maintenance and IN- Support surveys,and configurations post go-live,assigned Customer Success CLUDED Pp Manager SaaS Discount Discount contingent on signed contract by 06/28/2023 ($2,039) P-23-352 Exhibit A Total: $18,355 Year 3 Cost SPIDR SaaS Modules Included: Subscription Investigations&Portal Module $21,005 Unlimited maintenance and support,changes to settings,messages, Maintenance and IN- surveys, and configurations post go-live,assigned Customer Success Support CLUDED Manager SaaS Discount Discount contingent on signed contract by 06/28/2023 ($2,100) Total: $18,905 Implementation Overview After the contract signing the SPIDR Tech team will host a Pre-kickoff meeting to review the implementation process with the Fresno DA team and will then schedule a Kickoff meeting. The average SPIDR Tech implementation timeframe from Kickoff to Launch is 30-90 days depending on the availability of the agency's resources. San Antonio Police Department in Texas was able to complete its implementation in 14 days by fully dedi- cating its agency resources to the project. As seen in the Scope of Work below there are two phases to the SPIDR Tech deployment process: they are the technical deploy- ment and the non-technical deployment, and these two phases run concurrently. The Technical deployment will require Fresno DA resources such as a Primary IT POC, Criminal Justice Case Management (CJCM) system administrator, Network administra- tor, Database administrator, and Domain/System administrator. Often many of these roles are handled by a single person. The technical deployment itself is typically sched- uled for 1-4 full days over the course of a single week and the majority of that is staff fa- cilitating remote attended sessions while the technical work is completed. P-23-352 Exhibit A Agency Resources/ Deployment Timeline Pre-Deployment Deployment Week Post-deployment Quality Assurance Technical Role 1 2 3 41 5 1617 8 19 10 11 12 13 14 15116 17 18 19 2012122123124125 26 27 28 Network Administrator Domain/System Administrator Database Administrator Primary IT PoC CAD/RMS Administrator Role is needed full-time Role is needed part-time Role should be available as-needed to address issues The Non-technical deployment will require the resources of the Fresno DA Subject Mat- ter Experts (SMEs)", typically this is a supervisor. Often there is additional input solicited from additional Executive Staff, the Public Information Officer, and Victim Services Per- sonnel. The non-technical part of the deployment includes mapping all of the case types and deciding which messages the agency wants to send based on the case type and case updates. During the deployment and post deployment Spider Tech resources will support your agency with training and guidance with the customization capabilities of our system. —s-® 6_. ek Q X Week Momh year < > Cmical OatM1 Baze6nez wa> n�mr ry 1 zranl zinrsn WrutiOn 25[v 2o22 ocr 2o22 n�o[c 2ox2 zka 2023 eaa 30ll .®. r3023 NN3023 ��IOCE 1 > Nlgn erajec[Pon-Sales DNmrade Jan 1,ND Jan 2,2023 S EaJs 2 r Ce ..TeeM1nkal Deliaera6ks 0elwerade Jan 6.2023 Mar 16,2023 3 r Complete Non-TeeM1n1u10elNe b1ft 0ell.erade Jan B.3023 Ma 15,2023 - a eona0n la0neM1 netlmpea celn rase Mar 17,2023 np 7.m23 16 mn s flrMll:e vrgm celweraae pr a.m rwr a,2023 0da -� STATEMENT OF WORK (SOW) Spidr Tech Project Roles and Responsibilities A Spidr Tech team will include an Implementation Manager, Deployment Engineer and a Partner Success Manager. In order to maximize efficiencies Spidr Tech's project team will provide services remotely via teleconference, web-conference or other remote method in filling its commitments as outlined. The personnel role descriptions noted be- low provide an overview of typical project team members. P-23-352 Exhibit A Implementation Manager A Spidr Tech Implementation Manager will be assigned as the principal business repre- sentative and point of contact for the organization. The Implementation Manager's re- sponsibilities include: • Responsible for all non-technical tasks over the course of the deployment pro- cess, such as, but not limited to, assisting your agency with determining mes- sage content and settings, mapping Fresno DA's Criminal Justice Case Manage- ment system (eProsecutor) with Spidr, aligning message triggers based on case status updates, etc. • Manage the Spidr Tech responsibilities related to the delivery of the project and non technical tasks. • Maintain the project schedule and manage the assigned Spidr Tech personnel. • Manage the Change Order process per the Agreement. • Maintain project communications with the Customer. • Identify and manage project risks. • Collaborative coordination of Customer resources to minimize and avoid project delays. • Measure, evaluate, and report the project status against the Project Schedule, identify the activities completed, as well as activities planned. • Conduct remote status meetings on a mutually agreed basis to discuss project status and assigned tasks. • Provide timely responses to issues related to project progress. Deployment Engineer The Deployment Engineer is responsible for the delivery of the technical elements of the solution. They confirm the delivered technical elements meet contracted requirements. • Supports your agency in a technical capacity throughout your contract lifespan • Responsible for all technical tasks over the course of the deployment process, such as, but not limited to, technical interfacing, handling all SSO/SAML login tasks, conducting quality assurance checks. Partner Success Representative A Partner Success Representative will be assigned to the Customer post launch. By be- ing the Customer's trusted advisor, the Customer Success Advocate' responsibilities in- clude: • Assist the Customer with maximizing the use of their Spidr Tech software and service investment. P-23-352 Exhibit A • Actively manage, escalate, and log issues with Support, Product Management, and Sales. • Provide ongoing customer communication about progress, timelines, and next steps. Fresno DA Project Roles and Responsibilities Overview The success of the project is dependent on early assignment of key DA resources. It is critical these resources are empowered to make provisioning decisions based on the DA's operational and administration needs. The DA project team should be engaged from project initiation through beneficial use of the system. The continued involvement in the project and use of the system will convey the required knowledge to maintain the system post completion of the project. In some cases, one person may fill multiple pro- ject roles. The project team must be committed to participate in activities for a success- ful implementation. Project Manager/Agency Champion The Project Manager will act as the primary DA point of contact for the duration of the project. This includes the management of any third party vendors that are DA Subcon- tractors. The Project Manager's responsibilities include: • Communicate and coordinate with other project participants. • Manage the DA project team including timely facilitation of efforts, tasks, and ac- tivities. • Maintain project communications with the Spidr Tech Implementation Manager. • Identify the efforts required of the DA staff to meet the task requirements and milestones in this SOW and Project Schedule. • Consolidate all project-related questions and queries from DA staff to present to the Spidr Tech Implementation Manager. • Review the Project Schedule with the Spidr Tech Implementation Manager and finalize the detailed tasks, task dates, and responsibilities. • Measure and evaluate progress against the Project Schedule. • Monitor the project to ensure resources are available as scheduled. • Attend status meetings. • Provide timely responses to issues related to project progress. • Assign one or more personnel who will work with Spidr Tech staff as needed for the duration of the project • Ensure remote network connectivity and access to Spidr Tech Deployment Engi- neer. P-23-352 Exhibit A • Provide signatures of Spidr Tech-provided milestone certifications and Change Orders within five (5) business days of receipt. User Agency Stakeholders Operational Decision maker- on non-technical issues, subject matter expert in DA oper- ations related to managing criminal cases and the notifications associated. User Agency Stakeholders, if the system is deployed in a multi-agency environment, are those resources representing agencies outside of the Customer's agency. These re- sources will provide provisioning inputs to the SMEs if operations for these agencies dif- fer from that of the Customer agency. Technical Support System Administrator- manages the technical efforts and ongoing tasks and activities of their system. IT Technical Point of Contact- they must also be familiar with connectivity to internal, ex- ternal, and third-party systems to which the Spidr Tech system will interface. Criminal Justice Case Management (CJCM) system subject matter expert (SME) - They must be subject matter expert in police operations related to 911 response, Network administrator, Database administrator, Domain/System administrator Often many of these roles are handled by a single person Additional Resources Public Information Officer-in charge of all branding, media releases, and external com- munications related to launch Training Officer- A representative who will serve as the trainer for the DA Interface Customization SPIDR's interfaces are flexible and can be tailored to meet the specific requirements of your agency. Our interfaces are developed to transfer only the data needed to power the platform, and data redaction/suppression can be performed agency-side before leaving your agency's network. Data Used SPIDR recommends that the scope of data to be sent to the platform be limited to only the data required to power the platform. This ensures that our interfaces are lightweight and limit the exposure of your agency's data. For CJCM interfaces, the platform re- quires basic event metadata. There will be three types of messages sent from the plat- form: 1. After arraignment and the following each hearing: P-23-352 Exhibit A • DA Case number • Court Case number • Date of events (next hearing date) • Department name • Hearing type • Witness coordinator phone numbers 2. After sentencing • District Attorney's Office contact information (phone number/email) • DA case number 3. To Law Enforcement • DA case number • Defendant's name • Police report number • Prelim or trial • Date • Department • Case updates (continued or resolved) • Witness instructions (trial or release) • Hearing type • Future hearing dates Domain White Labeling The platform offers the ability to fully brand all messages and links with your offices' logos and URLs. To accomplish this, the customer agency selects a new subdomain on top of the existing DNS infrastructure to transparently route all the Engage platform's services through. DNS Implementation SPIDR will provide 4 CNAME records for the agency's chosen subdomain. These rec- ords provide standalone web and email services for the Engage platform -- there is no need to modify your agency's existing web or email infrastructure to integrate the plat- form. Email services for the subdomain are automatically secured using SPF and DKIM records. Web services are secured using SSL certificates, TLS connections, and HTTPS. SPIDR Tech Service Level Agreement This service level agreement (SLA) describes the levels of service that the "Client" will receive from SPIDR Tech. During the term of the applicable SLA, SPIDR Tech's API will be operational and availa- ble to the Client at least 99.9% of the time in any calendar month. P-23-352 Exhibit A Note that even during API downtime (for whatever reason), once the API availability is reestablished, SPIDR Tech can receive "lost" data. The platform will generate and send any messages that can still be reasonably sent. This reduces the number of messages failed even during unexpected API outages. Guaranteed Response Times When the Client raises a support issue with SPIDR Tech, SPIDR Tech promises to re- spond in a timely fashion. Support Services SPIDR Tech shall establish, sufficiently staff, and maintain the organization and pro- cesses necessary to provide telephone and/or email-based technical support, trouble- shooting, error identification, isolation and remediation, and other assistance directly to the Client and its authorized users. SPIDR Tech will provide the Client with any resource containing information that will aid in problem and error resolution and correction, as well as any other technical resources made electronically available to any of SPIDR Tech's other customers. Response times The response time measures how long it takes SPIDR Tech to respond to a support re- quest raised via email (support@spidrtech.com) or phone (877-746-8276). SPIDR Tech is deemed to have responded when it has replied to the Client's initial re- quest. This may be in the form of an email or telephone call, to either provide a solution, request further information, or propose an ETA for a solution. Guaranteed initial response times depend on the priority of the item(s) affected and the severity of the issue. They are shown in the table below: P-23-352 Exhibit A Issue Severity(see Severity Levels section, below) Critical Severe Medium Minor Priority 1 Immediate,but in 1 hOUf 2 hours 1 business day no event to exceed 1 hour Priority 2 1 hour 2 hours 1 business day 2 business days* Priority 3 2 hours 1 business day 2 business days* 2 business days* Issues of lower priority and lower severity maybe transferred to our work queue backlog for later planning and prioritization. Response times apply on a 24x7 basis, and after normal business hours and on holi- days, as necessary to support SPIDR Tech's obligations under this Agreement. Severity levels The severity levels shown in the table above are defined as follows: Critical - Complete degradation — all users and critical functions affected. Item or ser- vice completely unavailable. Severe - Significant degradation — a large number of users or critical functions af- fected. Medium - Limited degradation — a limited number of users or functions affected. Busi- ness processes can continue. Minor - Small degradation —few users or one user affected. Business processes can continue. Item types and priority levels Item Type Priority Messaging correctness(content and recipients) 1 Messaging schedule and timeliness 2 Daily survey update emails 2 Administrative interface 3 P-23-352 Exhibit A Resolution times SPIDR Tech will always endeavor to resolve problems as swiftly as possible. It recog- nizes that the Client's operational systems and community relationships are key to its mission and that any downtime can have significant consequences. However, SPIDR Tech is unable to provide guaranteed resolution times. This is because the nature and causes of problems can vary enormously. For instance, it may be possible to resolve a critical API issue in minutes, simply by re- starting the affected component(s). But if a system fails due to a persistent infrastructure fault (also classed as a critical issue) it may take longer to get back up and running. In all cases, SPIDR Tech will make its best efforts to resolve problems as quickly as possi- ble. It will also provide frequent progress reports to the Client. Service Credits If SPIDR Tech fails to make the API available at least 99.9% of the time in any given month during the Regular Usage Period due to API Unavailability, SPIDR Tech will credit the Client's account for the unavailable API as follows: Monthly Uptime Percentage Service Credit in Days Less than 99.9% 1 Less than 95% 5 Service Credits are awarded as days of service added to the end of the service sub- scription term at no charge to you. "API Unavailability" is defined as the percentage of minutes per month in which the API is completely and generally unavailable for the Client's use (but not the use of any one Authorized User), provided that API Unavailability does not include any unavailability at- tributable to this SLA's Exclusions. The Client will be responsible for immediately notify- ing SPIDR Tech of all Third Party-managed VPN access and internal or external (e.g., internet service provider) network problems that arise. To receive this credit, the Client must notify SPIDR Tech in writing within fifteen (15) days following the end of the month the API Unavailability occurred, including all infor- mation necessary for us to validate the claim, including but not limited to: (i) a detailed description of the Incident; (ii) information regarding the time and duration of the Inci- dent; (iii) the number and location(s) of affected users (if applicable); and (iv) descrip- tions of your attempts to resolve the Incident at the time of occurrence. All claims are subject to review and verification by SPIDR Tech before any credits are granted. SPIDR Tech will acknowledge credit requests within fifteen (15) business days of receipt and will inform the Client whether such claim request is approved or denied. The issuance of P-23-352 Exhibit A API Service Credit by SPIDR Tech hereunder is the Client's sole and exclusive remedy for any failure by SPIDR Tech to satisfy the service levels outlined in this SLA. Monitoring process and service level reporting SPIDR Tech classifies different components of the API and overall platform and deter- mines monitoring and reporting requirements by severity level, impact, and risk profile. Reports for this monitoring span multiple components and systems. SPIDR Tech peri- odically produces summary reports for audit and review. SPIDR Tech is fully compliant with WCAG 2.0 AA web accessibility design standards and we are currently in the process of reviewing and ensuring that all of our platform is compliant with WCAG 2.1 AA requirements. Security The SPIDR Tech platform does use and store PH data but does not use or store any CJIS or HIPAA data. Despite not using/storing any CJIS data we follow the CJIS Policy guidelines as a framework for our security posture. All of SPIDR Tech's employees are CJIS level 4 trained and have signed the CJIS Security Addendum, and a detailed ma- trix of our compliance with the CJIS Policy is available upon request. SPIDR Tech adheres to CJIS policy regarding data security and additional compliance documentation is available upon request. Our platform is fully hosted within AWS GovCloud which is a FedRAMP-certified region and is designed to handle sensitive workloads. To maintain data security, we do not use any additional SAAS subcontrac- tors, we encrypt all data when it is in motion and at rest, we perform hourly backups, en- crypt all backups, and they are retained for 60 days. To protect data from a cybersecurity attack we adhere to all controls within CJIS policy including encrypting data when in transit (via TLS 1.2 / 1.3) and at rest, the Principle of Least Privilege, Zero Trust model, and annual penetration testing. User role security can be optimized by using the customer agency's Single Sign On (SSO) provider which can include multi-factor authentication. Please note:All pricing and discounts described in this Order Form are contingent upon Customer's execution and return of this Order Form no later than 07/28/2023(unless countersigned by SPIDR Tech). By signing below, each party acknowledges that it has carefully read and fully understood this Agreement, and each agrees to be bound by the terms of the Agreement.The Agreement becomes effective upon the date of last signature (the"Effective Date").The individuals signing this Agreement represent that they have the authority to bind the respective parties to the terms of this Agreement. P-23-352 Exhibit A Fresno DA Renewal Contract Pricing (Years 4-6) SPIDR Tech Pricing Overview Year 4 Cost SPIDR SaaS Modules Included: Subscription • Investigations&Portal Module $21,635 Unlimited maintenance and support including changes to settings, Maintenance and INCLUDE Support messages,surveys,and configurations post go-live,assigned Customer D pp Success Manager SaaS Discount Discount contingent on signed contract by 06/28/2023 ($2,163) Total: $19,472 Year 5 Cost SPIDR SaaS Modules Included: Subscription • Investigations&Portal Module $22,284 Unlimited maintenance and support,changes to settings,messages, Maintenance and INCLUDE Support surveys,and configurations post go-live,assigned Customer Success D pp Manager SaaS Discount Discount contingent on signed contract by 06/28/2023 ($2,228) Total: $20,056 P-23-352 Exhibit B Data Security 1. Definitions Capitalized terms used in this Exhibit B have the meanings set forth in this section 1. (A) "Authorized Employees" means the Contractor's employees who have access to Personal Information. (B) "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to the Contractor, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit B. (C)"Director" means the County's Director of Internal Services/Chief Information Officer or his or her designee. (D)"Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. (E) "Person" means any natural person, corporation, partnership, limited liability company, firm, or association. (F) "Personal Information" means any and all information, including any data, provided, or to which access is provided, to the Contractor by or upon the authorization of the County, under this Agreement, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a person (including, without limitation, employee identification numbers, government-issued identification numbers, passwords or personal identification numbers (PINs), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or (iii) is personal information within the meaning of California Civil Code section 1798.3, subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (G)"Privacy Practices Complaint" means a complaint received by the County relating to the Contractor's (or any Authorized Person's) privacy practices, or alleging a Security Breach. Such complaint shall have sufficient detail to enable the Contractor to promptly investigate and take remedial action under this Exhibit B. (H) "Security Safeguards" means physical, technical, administrative or organizational security procedures and practices put in place by the Contractor (or any Authorized Persons) that relate to the protection of the security, confidentiality, value, or integrity of Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in section 3(C) of this Exhibit B. B-1 90004292.2 P-23-352 Exhibit B Data Security (1) "Security Breach" means (i) any act or omission that compromises either the security, confidentiality, value, or integrity of any Personal Information or the Security Safeguards, or (ii) any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Personal Information. (J) "Use" or any derivative of that word means to receive, acquire, collect, apply, manipulate, employ, process, transmit, disseminate, access, store, disclose, or dispose of Personal Information. 2. Standard of Care (A) The Contractor acknowledges that, in the course of its engagement by the County under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information only as permitted in this Agreement. (B) The Contractor acknowledges that Personal Information is deemed to be confidential information of, or owned by, the County (or persons from whom the County receives or has received Personal Information) and is not confidential information of, or owned or by, the Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and interest in or to the Personal Information remains in the County (or persons from whom the County receives or has received Personal Information) regardless of the Contractor's, or any Authorized Person's, Use of that Personal Information. (C)The Contractor agrees and covenants in favor of the County that the Contractor shall: (i) keep and maintain all Personal Information in strict confidence, using such degree of care under this section 2 as is reasonable and appropriate to avoid a Security Breach; (ii) Use Personal Information exclusively for the purposes for which the Personal Information is made accessible to the Contractor pursuant to the terms of this Exhibit B; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Personal Information for the Contractor's own purposes or for the benefit of anyone other than the County, without the County's express prior written consent, which the County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, Disclose Personal Information to any person (an "Unauthorized Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior written consent. (D) Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, Contractor shall, unless prohibited by applicable law, (i) immediately notify the County of the specific demand for, and legal authority for the disclosure, including providing County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, from any government regulatory authorities, or in relation to any legal proceeding, and B-2 90004292.2 P-23-352 Exhibit B Data Security (ii) promptly notify the County before such Personal Information is offered by the Contractor for such disclosure so that the County may have sufficient time to obtain a court order or take any other action the County may deem necessary to protect the Personal Information from such disclosure, and the Contractor shall cooperate with the County to minimize the scope of such disclosure of such Personal Information. (E) The Contractor shall remain liable to the County for the actions and omissions of any Unauthorized Third Party that received Personal Information from Contractor, concerning its Use of such Personal Information as if they were the Contractor's own actions and omissions. 3. Information Security (A) The Contractor covenants, represents and warrants to the County that the Contractor's Use of Personal Information under this Agreement does and will at all times comply with all applicable federal, state, and local, privacy and data protection laws, regulations and directives. If the Contractor Uses credit, debit or other payment cardholder information, the Contractor shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing and maintaining all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at the Contractor's sole cost and expense. (B) The Contractor covenants, represents and warrants to the County that, as of the effective date of this Agreement, the Contractor has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or directives, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. (C)Without limiting the Contractor's obligations under section 3(A) of this Exhibit B, the Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) limiting Use of Personal Information strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are necessary for the Contractor's, or Authorized Persons', Use of the Personal Information pursuant to this Agreement; (ii) ensuring that all of the Contractor's connectivity to County computing systems will only be through the County's security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii) to the extent that they contain or provide access to Personal Information, (a) securing business facilities, data centers, paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating systems, and software applications with information storage capability; (b) employing adequate controls and data security measures, both internally and externally, to protect (1) the Personal Information from potential loss or B-3 90004292.2 P-23-352 Exhibit B Data Security misappropriation, or unauthorized Use, and (2) the County's operations from disruption and abuse; (c) having and maintaining network, device application, database and platform security; (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; and (e) installing and maintaining in all mobile, wireless, or handheld devices a secure internet connection, having continuously updated anti-virus software protection and a remote wipe feature always enabled, all of which is subject to express prior written consent of the Director; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher (a) stored on any mobile devices, including but not limited to hard disks, portable storage devices, or remote installation, or (b) transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of which is subject to express prior written consent of the Director); (v) having a patch management process including installation of all operating system and software vendor security patches; (vi) maintaining appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (vii) providing appropriate privacy and information security training to Authorized Employees. (D) During the term of each Authorized Employee's employment by the Contractor, the Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations under this Exhibit B. The Contractor shall maintain a disciplinary process to address any unauthorized Use of Personal Information by any Authorized Employees. (E) The Contractor shall, in a secure manner, backup daily, or more frequently if it is the Contractor's practice to do so more frequently, Personal Information received from the County, and the County shall have immediate, real time access, at all times, to such backups via a secure, remote access connection provided by the Contractor, through the Internet. (F) The Contractor shall not knowingly include or authorize any Trojan Horse, back door, time bomb, drop dead device, worm, virus, or other code of any kind that may disable, erase, display any unauthorized message within, or otherwise impair any County computing system, with or without the intent to cause harm. 4. Security Breach Procedures (A) Immediately upon the Contractor confirming a Security Breach, the Contractor shall (i) notify the Director of the Security Breach, such notice to be given by either a telephone call at the following telephone number, or by email at the following email address: (559) 600-6200 / serviced es1<6�fresnocountyca.gov (which telephone number and email address the County may update by providing notice to the Contractor), and (ii) preserve B-4 90004292.2 P-23-352 Exhibit B Data Security all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (B) Immediately following the Contractor's notification to the County of a Security Breach, as provided pursuant to section 4(A) of this Exhibit B, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to reasonably cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii) facilitating interviews with Authorized Persons and any of the Contractor's other employees knowledgeable of the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall comply with applicable laws and regulations with respect to a Security Breach and any notifications or remediation efforts. (C) County shall promptly notify the Contractor of the Director's knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of that notification, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit B, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason for that determination. (D)The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred relation to any litigation or other action described section 4(E) of this Exhibit B. B-5 90004292.2 P-23-352 Exhibit B Data Security (E) The Contractor agrees to cooperate, at its sole expense, with the County in any litigation or other action to protect the County's rights relating to Personal Information, including the rights of persons from whom the County receives Personal Information. 5. Oversight of Security Compliance (A) The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. (B) Upon the County's written request with thirty (30) days' notice, once per calendar year during the Term, to confirm the Contractor's compliance with this Exhibit B, as well as any applicable laws, regulations and industry standards, the Contractor grants the County or, upon the County's election, a third party on the County's behalf, permission to perform an assessment, audit, examination or review, at the County's sole expense, of all controls in the Contractor's physical and technical environment in relation to all Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully cooperate with such assessment, audit or examination, as applicable, by providing the County or the third party on the County's behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor's information security program as relevant to the security and confidentiality of Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit B, provided that any audit results or reports provided under this Section 5(b) shall constitute Confidential Information under Section 11 of the Subscription Agreement. (C)The Contractor shall ensure that all Authorized Persons who Use Personal Information agree to the same restrictions and conditions in this Exhibit B that apply to the Contractor with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons, or amending any written agreements to provide same. 6. Return or Destruction of Personal Information. Upon the termination of this Agreement, the Contractor shall, and shall instruct all Authorized Persons to, promptly return to the County all Personal Information, whether in written, electronic or other form or media, in its possession or the possession of such Authorized Persons, in a machine readable form used by the County at the time of such return, or upon the express prior written consent of the Director, securely destroy all such Personal Information, and certify in writing to the County that such Personal Information have been returned to the County or disposed of securely, as applicable. If the Contractor is authorized to dispose of any such Personal Information, as provided in this Exhibit B, such certification shall state the date, time, and manner (including standard) of disposal and by whom, specifying the title of the individual. The Contractor shall comply with all reasonable directions provided by the Director with respect to the return or disposal of Personal Information and copies of Personal Information. If return or disposal of such Personal Information or copies of Personal Information is not feasible, the Contractor shall notify the County according, B-6 90004292.2 P-23-352 Exhibit B Data Security specifying the reason, and continue to extend the protections of this Exhibit B to all such Personal Information and copies of Personal Information. The Contractor shall not retain any copy of any Personal Information after returning or disposing of Personal Information as required by this section 6. The Contractor's obligations under this section 6 survive the termination of this Agreement and apply to all Personal Information that the Contractor retains if return or disposal is not feasible and to all Personal Information that the Contractor may later discover. 7. Equitable Relief. The Contractor acknowledges that any breach of its covenants or obligations set forth in this Exhibit B may cause the County irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which the County may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to the County at law or in equity or under this Agreement. 8. Survival. The respective rights and obligations of the Contractor and the County as stated in this Exhibit B shall survive the termination of this Agreement. 9. No Third Party Beneficiary. Nothing express or implied in the provisions of in this Exhibit B is intended to confer, nor shall anything in this Exhibit B confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. 10. No County Warranty. The County does not make any warranty or representation whether any Personal Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the Contractor (or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. B-7 90004292.2 P-23-352 Exhibit C Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (C)Technology Professional Liability (Errors and Omissions). Technology professional liability (errors and omissions) insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and in the aggregate. Coverage must encompass all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks. (D) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Exhibit B of this Agreement; (iv) system failure; (v) data recovery; (vi)failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (A) information theft; (xii) damage to or destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv)fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response C-1 90004294.2 P-23-352 Exhibit C costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (v) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. C-2 90004294.2 P-23-352 Exhibit C (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may terminate this Agreement upon the occurrence of that failure. (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. C-3 90004294.2