The URL can be used to link to this page

Home My WebLink AboutAgreement A-24-654 with Performa Labs Inc..pdf Agreement No. 24-654 PERFORMA SOFTWARE-AS-A-SERVICE AGREEMENT THIS PERFORMA SOFTWARE-AS-A-SERVICE AGREEMENT (together with all attachments hereto, the "Agreement"), is dated December 17, 2024 and made effective as of January 1, 2025 (the "Effective Date") and supersedes any previous agreements regarding PERFORMA SOFTWARE-AS-A-SERVICE, by and between PERFORMA LABS, INC., a Delaware corporation having its principal place of business at 19600 Fairchild Rd, Suite 300, Irvine, CA 92612 ("PERFORMA" or "Contractor") and the COUNTY OF FRESNO, a political subdivision of the State of California, BY AND THROUGH ITS SHERIFF-CORONER/PUBLIC ADMINISTRATOR, having its principal place of business at 2200 Fresno Street, Fresno, Calif. 93721 ("Client" or "County"). Recitals WHEREAS, PERFORMA's App (as defined below) and proprietary training material provide to California peace officers self-study training that is approved and certified by the California Commission on Peace Officer Standards and Training ("POST"); WHEREAS, the Client is participating in a State of California pilot program focused on improving de-escalation and use of force skills for California peace officers, to complete certain goals within a three (3) year pilot program ("Pilot Program"), and utilizing POST-approved training subject to Section 1053 of Title 11 of the California Code of Regulations; WHEREAS, the California state legislature requires California peace officers to complete certain POST-certified training courses during each POST Mandate Cycle (as defined below) (completion of each such training course, "POST Credit"); WHEREAS, the App allows law enforcement agencies to train peace officers using realistic scenarios based on actual body worn camera footage, allows App users flexibility to complete training at their convenience and in accordance with an agency's policy, schedule, and allows agencies to monitor the progress and completion of training; and WHEREAS, Client desires to utilize the App in conjunction with in-person and other training programs to comply with POST requirements, to simplify and decrease the effort, time, and cost of training, and to increase the efficacy of Client's training program. NOW THEREFORE, for good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, PERFORMA and Client agree as follows: 1. Definitions. As used in this Agreement, the following capitalized terms have the meanings set forth below: 1 Performa SaaS Agreement "Admin Console" is a function provided in connection with the App to allow designated Client Admin(s) to access Admin Reports electronically. "Admin Report" means data provided in electronic form created and compiled by PERFORMA for Client Admin(s) concerning the progress and completion of Modules by Users. "Anonymized Data" means electronic data or information compiled or derived by PERFORMA based on User Data that has been deidentified, aggregated or anonymized such that it cannot reasonably be linked to Client or a particular User. "App" means the iOS and Android mobile application, or Microsoft(MS)Windows desktop application that PERFORMA provides to Client Admins and Users to access the Service. "Client Admins" means the persons employed by Client who shall be PERFORMA's primary points of contact regarding the Service. Client shall have at least one designated Client Admin. Each Client Admin shall have access to Admin Reports. "Module" means a proprietary self-study training module consisting of four (4) Training Courses available to authorized Users through the App. "Pilot Program" means the program requirements aligned to the State of California three (3) year pilot program focused on improving de-escalation and use of force skills for California peace officers (as set forth on Exhibit B), and such Training Course's or Module's associated POST Credit, if applicable, during the Subscription Term or Renewal Term then in effect. "POST Mandate Cycle" means each two-year training period established by the California state legislature during which peace officers shall complete certain POST-certified training content for POST Credit, if applicable. A POST Mandate Cycle runs from January 1, 2021 through December 31, 2022; January 1, 2023 through December 31, 2024; and so on and so forth every two (2) calendar years thereafter. "Renewal Term" means an additional term, if any, the parties hereto may agree to extend the Term of this Agreement by following the expiration of the Subscription Term. "Seat" means access to the Service via the App by a single unique User for the completion of one (1) Training Course or Module (as set forth on Exhibit A), and such Training Course's or Module's associated POST Credit, if applicable, during the Subscription Term or Renewal Term then in effect. "Service" means providing (i) those Training Courses and Modules set forth on Exhibit A to Users via the App and (ii) Admin Reports to Client Admins via the App or electronically. The Service includes PERFORMA's storing, hosting, managing, maintaining, and supporting the Software, App, and Admin Console. 2 Performa SaaS Agreement "Service Fees" means the total fees charged for all Seats purchased during the Term of this Agreement. "Software" means PERFORMA's proprietary software (including algorithms and domain expertise) and associated third-party software used by PERFORMA to provide the Service. "Subscription Term" means the period during which PERFORMA shall make the Software available for use by Users as set forth on Exhibit A. "Term of this Agreement" means the period commencing on the Effective Date of January 1, 2025 and terminating on October 31, 2025. The Term of this Agreement shall include the Subscription Term together with all Renewal Terms (as defined below), if any. "Training Course" means a single training course completed by a User during the Subscription Term or Renewal Term then in effect. "Users" means those Client personnel authorized to use the App and the Service. "User Data" means all electronic data or information submitted by Client and Users to the Service, as well as any electronic data or information generated or recorded by Performa concerning Client or Users' use of the Service. 2. Provision of the Service. PERFORMA shall make the Service available to Client and Users during the Subscription Term pursuant to the terms and conditions set forth in this Agreement. 3. Use of the Service. 3.1 POST Reporting. When a User completes or passes a Training Course or Module eligible for POST Credit, Client authorizes PERFORMA to report to POST the name of the User and the results of the Training Course or Module. 3.2 Client Responsibilities. 3.2.1 Client Admins. Client shall notify PERFORMA in writing of the name, title, telephone number, and email address of each of its Client Admins. Client shall keep this information up to date during the Term of this Agreement. Client shall have at least one designated Client Admin at all times during the Term of this Agreement. 3.2.2 User Eligibility and Conduct. Client shall provide the names and email addresses (departmental or Client web domain email addresses only) of those persons who shall be Users of the Service. Client shall submit User information in an electronic format provided or specified by PERFORMA. 3 Performa SaaS Agreement 3.2.1.1 Client is responsible for determining the eligibility of persons who it designates as Users under this Agreement. Users shall be employees of Client and at least 18 years of age. 3.2.1.2 Client shall be liable for any conduct or actions of its Users that violates this Agreement. 3.2.1.3 Client shall notify PERFORMA within thirty (30) days of any User who is no longer eligible or authorized to be a User, including but not limited to ineligibility by reason of termination of employment with Client. 3.2.2 Client Policies. Client shall establish a training schedule and policies governing its Users' use of the Service, which policies shall not conflict with the terms set forth in this Agreement. As between Client and PERFORMA, Client shall be solely responsible for scheduling permitted times that Users may access the Service and ensuring that its Users complete all training in a timely manner (e.g., prior to the termination of a POST Mandate Cycle, the Subscription Term, or a Renewal Term, as applicable). 3.3 Usage Guidelines. 3.3.1 Permitted Use. Client and Users shall use the Service solely for training Users and monitoring Users' training progress through the Admin Console as contemplated by this Agreement. 3.3.2 License Grant and Restrictions. 3.3.2.1 PERFORMA hereby grants a license to one(1)Seat to each User of the Service. Once a Seat is assigned to a User, (i) the User shall create a User ID and password, (ii)such Seat license may not be transferred to another User. Access to that Seat and its related training content, and the license granted thereto, shall automatically terminate upon the earlier of (A) the termination of the Subscription Term or Renewal Term then in effect, and (B) the date such User is no longer permitted to access the Service, including as a result of Client's termination of User's employment. 3.3.2.2 Upon commencement of a Renewal Term, each User shall be granted a new license to one (1) Seat to access the 4 Performa SaaS Agreement Service, complete the associated Training Course or Module (as set forth on Exhbit A), and obtain associated POST Credit, if applicable; provided that Client shall remit to PERFORMA Service Fees for each Seat during the Renewal Term in accordance with Section 4.1. 3.3.3 Additional Seat Purchases. Client may, from time to time during the Term of this Agreement, elect to assign Seats in excess of that number of Seats purchased on Attachment A to Users through the Admin Console (such Seats, the "Additional Seats"). Each Additional Seat assigned to a User shall be subject to PERFORMA's prices then- prevailing rates and Client shall remit payment for all such Additional Seats upon receipt of PERFORMA's invoice therefor in accordance with Section 4. Users of Additional Seats shall be subject to those terms and conditions set forth herein that are applicable to Seats. 3.3.4 Prohibited Uses. 3.3.4.1 Client, Client Admins, and Users shall not copy, reverse engineer, license, sublicense, sell, resell, rent, transfer, lease, assign, distribute, time share, or otherwise commercially exploit or make the Service, App, Admin Console, and Modules available to any third party. Without limiting the generality of the foregoing, Users and Client Admins may not take screenshots or screen captures or any other reproduction of the App or Modules. 3.3.4.2 Client, Client Admin(s), and Users shall not attempt to gain unauthorized access to the Service, App Modules, Admin Console, and related systems or networks. 3.3.4.3 Client, Client Admin(s), and Users shall not share their login information to access the App, including User IDs and passwords, with any other persons or display any content of the Modules to any other persons. 3.3.5 Compliance with Guidelines. Client shall be responsible for ensuring that all Client Admins and Users comply with the use guidelines set forth in this Section 3.3, as well as any additional reasonable guidelines and policies established by Client for their personnel regarding use of 5 Performa SaaS Agreement the App and Service as communicated to PERFORMA by Client from time to time during the Term of this Agreement. PERFORMA reserves the right to block access to the Service by any person who violates the terms of this Agreement or otherwise interferes with PERFORMA's ability to provide the Service to any Client, Client Admin, or User. 3.3.6 Accessing the App. Client, Client Admins, and Users shall download the App using a private link provided by PERFORMA. Client, Client Admins, and Users shall provide their own Internet service and mobile devices operating on either iOS, Android or MS Windows operating systems. No other operating systems are supported at this time. The Service is not available through a web browser. 3.3.7 Supported Software. PERFORMA supports use of the App only on devices using the most current version of the iOS, Android or MS Windows operating systems and the prior two versions of such operating systems. New releases of the iOS, Android or MS Windows operating systems may not be supported for up to three months after their public release. 3.4 PERFORMA Responsibilities 3.4.1 PERFORMA shall comply with all data security terms outlined in Exhibit D, titled "Data Security". In the event of inconsistency between terms listed in the body of the Agreement and Exhibit D, precedence shall be given to terms described in Exhibit D. 4. Service Fees and Payments. 4.1 Minimum Purchase. Client shall pay in advance the Service Fees specified in Exhibit A based on the number of Seats purchased by Client. Client shall purchase one (1) Seat during the Subscription Term and each Renewal Term, if applicable, for each of Client's sworn peace officers and peace officer trainees or cadets. Client may purchase additional Seats for anticipated hiring during the Term of this Agreement. 4.2 Refunds. Service Fees are not refundable in whole or in part in the event that Users do not use, complete, or pass the Training Course or Module for which the Seat was purchased. 4.3 Invoicing & Payment. The Service Fees shall be invoiced by PERFORMA as set forth on Exhibit A. Payments are due within 45 days of Client's receipt of the 6 Performa SaaS Agreement invoice. Any invoices unpaid after 45 days will be subject to interest at the rate of ten percent (10%) per annum. 4.4 Compensation. The maximum compensation payable by Client to PERFORMA for the Term of this Agreement shall not exceed $477,000. 4.5 Suspension of Service. If the Service Fees (except fees then subject to Client's good faith dispute) are 45 days or more overdue, then, in addition to any of its other rights or remedies, PERFORMA may suspend Client's access to the Service, without liability to Client, until all such amounts are paid in full. 4.6 Taxes. Unless otherwise stated, PERFORMA's fees do not include any local, state, federal, or foreign taxes, levies or duties of any nature ("Taxes"). Client is responsible for paying all Taxes, excluding taxes based only on PERFORMA's income. If PERFORMA has the legal obligation to collect or remit Taxes for which Client is responsible under this section, the amount of such Taxes shall be invoiced to and paid by Client unless Client provides PERFORMA with a valid Tax exemption certificate authorized by the appropriate taxing authority. 5. Proprietary Rights. 5.1 Reservations of Rights. Client acknowledges that in providing the Service, PERFORMA utilizes (i) the PERFORMA name, the PERFORMA logo, the PERFORMA-LABS.com domain name, the product and service names associated with the Service, and other registered or unregistered trademarks and service marks; (ii) certain audio and visual information, documents, software and other works of authorship; and (iii) other technology, software, hardware, products, processes, algorithms, user interfaces, know-how, and other trade secrets, techniques, designs, inventions and other tangible or intangible technical material or information (collectively, "PERFORMA Technology") and that the PERFORMA Technology is covered by intellectual property rights owned or licensed by PERFORMA (collectively, "PERFORMA IP Rights"). Other than as expressly set forth in this Agreement, no license or other rights in or to the PERFORMA Technology or PERFORMA IP Rights are granted to Client, Client Admins, or Users, and all such licenses and rights are and shall remain with PERFORMA and its licensors and are hereby expressly reserved. 5.2 License Grant. PERFORMA grants Client and its Users a worldwide, non- exclusive, non-transferable, non-sublicensable right to access and use the App 7 Performa SaaS Agreement and Software hosted by PERFORMA in connection with PERFORMA's provision of the Service in accordance with the terms of this Agreement. 5.3 Restrictions. Client and Users shall not(i) modify, copy, or create derivative works based on the Service or the PERFORMA Technology; (ii) create Internet "links" to or from the Service, or"frame" or "mirror" any content forming part of the Service; (iii) bypass or breach any security device or protection used by the Service or access or use the Service other than by a User through the use of his or her own then-valid access credentials; (iv) remove, delete, alter, or obscure any trademarks, specifications, documentation, end-user license agreement, warranties, or disclaimers, or any copyright, trademark, patent, or other intellectual property or proprietary rights notices from the Service; or(v) disassemble, reverse engineer, decode, or decompile the Service or PERFORMA Technology, or otherwise attempt to derive or gain access to it, for any reason whatsoever, including to (A)build a competitive product or service, (B) build a product or service using similar ideas, features, functions or graphics of the Service, or (C) copy any ideas, features, functions or graphics of the Service. Client, Client Admins, and Users may not create, store, or disseminate screenshots or capture screen images from the App, Module(s), or Admin Console. 5.4 Suggestions. PERFORMA shall have a royalty-free, worldwide, perpetual license to use or incorporate into the Service any suggestions, ideas, enhancement requests, feedback, recommendations, or other information provided by Client or its Users relating to the operation of the Service. 5.5 User Data and Anonymized Data. Client Admin(s) and User(s) may access electronically certain User Data and Anonymized Data that PERFORMA derives therefrom. The parties agree that all such User Data and Anonymized Data are the exclusive property of PERFORMA; provided, however, that PERFORMA shall maintain the confidentiality of all User Data and shall not disclose User Data to any third party without the written consent of Client unless required to do so in response to a subpoena, discovery request, document request, Public Records Act request, or any other valid court order, or as otherwise required by applicable law or regulation. 5.6 Compelled Disclosure. In the event PERFORMA is required by law, regulation, or a valid and effective subpoena or order issued by a court of competent jurisdiction to disclose User Data or any other information (with the exception of 8 Performa SaaS Agreement Anonymized Data) related to this Agreement (any such request, a "Compelled Disclosure"), PERFORMA shall promptly notify Client in writing of the existence, terms and circumstances surrounding such Compelled Disclosure so that Client may take any measures, at Client's expense, that it deems appropriate to oppose or respond to the request. At Client's request, PERFORMA shall provide all cooperation and assistance as may reasonably be requested by Client in responding to the Compelled Disclosure, or seeking a protective order or other appropriate remedy to prevent or limit the scope of any such Compelled Disclosure. Client shall promptly reimburse PERFORMA for costs or expenses, including personnel-related costs, reasonable attorneys' fees, court costs and expenses, and court sanctions or penalties, incurred by PERFORMA in responding to any Compelled Disclosure. 6. Warranties, Limitations, and Disclaimers. 6.1 PERFORMA Warranty. PERFORMA warrants that it will provide the Service in a manner substantially consistent with this Agreement and any documentation provided by PERFORMA in connection with the Service. 6.2 Sole Remedy for PERFORMA Warranty. In the event that PERFORMA provides the Service on the terms set forth in this Agreement in a manner that significantly affects the use of the Service, the App, or Admin Console and Client so notifies PERFORMA with a written report of such failure via email to customerservice@performa-labs.com, PERFORMA's sole obligation shall be to use commercially reasonable efforts to correct such failure promptly. 6.3 Limitations. Although PERFORMA has used its diligent efforts to ensure the accuracy, completeness, timeliness, and accessibility of the Service, Module(s), App, and Admin Console, Client agrees that neither PERFORMA nor PERFORMA's third-party software or service providers shall have any liability whatsoever for the completeness, timeliness, or accessibility of the Service, Module(s), App, and Admin Console, or for any decision made or action taken by Client or Users in reliance upon information or data conveyed through the Service, Module(s), App, and Admin Console, or for interruption of any aspect of the Service, Module(s), App, and Client Console. Client agrees and acknowledges that PERFORMA shall in no event be held responsible for any problems with the Service, Module(s), App or Admin Console attributable to the public or private Internet infrastructure or Client's and Users' ability to connect to the Internet. 9 Performa SaaS Agreement 6.4 Authorization. PERFORMA is either (i) the owner of the Software, App, Admin Console, and Module(s) or (ii) authorized to provide the Service pursuant to the terms of this Agreement, and has sufficient right, title, and interest in the Software, App, Admin Console, and Module(s) to grant the license contemplated by this Agreement, and (iii) PERFORMA is not currently engaged in any litigation or legal proceeding of any kind, the subject of which is the Service, Software, App, Admin Console, and Module(s); and to the knowledge of PERFORMA, no legal action pertaining in any manner to the Service, Software, App, Admin Console, and Module(s) is threatened. 6.5 Open-Source Software. The Service, Software, and App do not make use of Open-Source Software in any way that would otherwise make the Service, Software, or App Open-Source Software. 6.6 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 7.1, THE SERVICES ARE PROVIDED BY PERFORMA AND ITS THIRD-PARTY SOFTWARE AND SERVICE PROVIDERS WITH NO WARRANTIES OF ANY KIND EXCEPT THOSE EXPRESSLY SET FORTH IN THIS SECTION 6, AND PERFORMA AND ITS THIRD-PARTY SOFTWARE AND SERVICE PROVIDERS HEREBY DISCLAIM ANY AND ALL OTHER EXPRESS AND/OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. PERFORMA DOES NOT WARRANT THAT THE SERVICE, MODULE(S), APP, AND ADMIN CONSOLE WILL BE UNINTERRUPTED, ERROR FREE, OR COMPLETELY SECURE. 7. Limitation of Liability. EXCEPT FOR ACTIONS FOR NON-PAYMENT, BREACH OF INTELLECTUAL PROPERTY RIGHTS, OR BREACHES OF SECTIONS 3.3 OR 5.3, IN NO EVENT SHALL EITHER PARTY BE ENTITLED TO INCIDENTAL, INDIRECT, CONSEQUENTIAL, OR RELIANCE DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, UNDER ANY CLAIM OR CAUSE OF ACTION, WHETHER BASED ON LEGAL OR EQUITABLE DOCTRINES. IN NO EVENT WILL PERFORMA'S LIABILITY TO CLIENT ARISING OUT OF, RELATING TO, OR IN CONNECTION WITH THIS AGREEMENT, FROM ALL CAUSES OF ACTION AND UNDER ALL THEORIES OF LIABILITY, EXCEED TWO TIMES (2X) THE ACTUAL AMOUNT PAID TO PERFORMA BY CLIENT IN THE 12 10 Performa SaaS Agreement MONTHS PRECEDING THE ACCRUAL OF THE CAUSE OF ACTION THAT GIVES RISE TO THE CLAIM. In no event shall PERFORMA be liable for data or connection charges incurred by Client, Client Admin(s), and Users to download, access, or use the App, Admin Console, or Service. 8. Indemnification. 8.1 Client Indemnification. Subject to PERFORMA's indemnification obligations in Section 8.2, and in addition to Client's indemnification obligations set forth in Section 5.6, Client shall indemnify PERFORMA against, and hold PERFORMA harmless from, any claim, demand, cause of action, damage, liability, or expense, including reasonable attorneys' fees incurred by PERFORMA arising out of the negligent or willful acts or omissions of Client and its Client Admins, Users, employees, or agents. 8.2 PERFORMA Indemnification. PERFORMA expressly agrees to defend, save, hold harmless, and indemnify Client from any and all third party claims, suits, actions, losses, damages, liabilities, statutory penalties, costs and expenses of any nature (including attorney's fees and costs) whatsoever resulting from, arising out of or relating to any claims that the Service and App or use thereof infringe any patent, copyright, trade secret, trademark, trade dress, mask work, utility design, or other proprietary right (collectively, "Intellectual Property Rights") of any third party, provided that Client gives PERFORMA prompt notice of such claim, suit or proceeding, and gives PERFORMA the full information and reasonable assistance in the defense or settlement of such claim, suit, or proceeding. Client may conduct or participate in its own defense without affecting PERFORMA'S obligation to indemnify and hold harmless or defend Client. PERFORMA shall not be entitled to agree to any judgment or settlement that imposes any monetary obligation on Client without the prior written consent of Client. If PERFORMA believes at any time that the services infringe a third party's Intellectual Property Rights, PERFORMA may, (i) replace an infringing item with a non-infringing item that meets or exceeds the performance and functionality of the replaced item; or (ii) obtain for Client the right to continue to use the infringing item; (iii) modify the infringing item to be non-infringing, provided that, following any replacement or modification made pursuant to the foregoing, the services continue to function in conformance with this Agreement, and (iv) if (i) through (iii) are not commercially 11 Performa SaaS Agreement practicable, PERFORMA may terminate the Agreement and refund on a pro rata basis any unused portion of the Service Fees paid upfront. 8.2.1 Notwithstanding anything herein to the contrary, PERFORMA shall not be liable under this Article 8.2 for any claim for infringement based on the following: 8.2.1.1 Client's unreasonable modification of the Service, Software, Modules, App, or Admin Console without the written permission of PERFORMA. 8.2.1.2 Use of the Service, Software, Modules, App, or Admin Console in an unreasonable manner other than as contemplated by this Agreement, or as authorized in writing by PERFORMA. 9. Insurance. 9.1 Insurance. The Contractor shall comply with all the insurance requirements in Exhibit C to this Agreement. 10. Termination. 10.1 Termination for Convenience. Client shall have the right to partially or completely cancel the Service upon thirty (30) days' written notice to PERFORMA. Termination for convenience does not entitle Client to a refund of any fees paid for the Service, whether or not the Service has been used in full or in part. 10.2 Termination for Cause. Either party may terminate this Agreement upon 30 days' written notice of a material breach to the other party if such breach remains uncured at the expiration of such period. 10.3 Surviving Provisions. The following provisions shall survive the termination or expiration of this Agreement for any reason and shall remain in effect after any such termination or expiration for a period of three (3)years: Sections 5 (excluding Section 5.2), 6, 7, 8, 9, 10, and 11. 10.4 User Data after Termination. PERFORMA may retain User Data after termination, subject to the provision of Section 5.5 and 5.5.1 above. Client may request to receive an electronic copy of User Data upon termination. 10.5 Termination for Non-Allocation of Funds. The terms of this Agreement are contingent on the approval of funds by the appropriating government agency. If sufficient funds are not allocated, then the Client, upon at least 30 days' advance written notice to PERFORMA, may: 12 Performa SaaS Agreement 10.5.1 Modify the services provided by PERFORMA under this Agreement; or 10.5.2 Terminate this Agreement. 11. Dispute Resolution. 11.1 Negotiation. The parties shall attempt in good faith to resolve any dispute arising out of or relating to this Agreement by negotiation directly between executives of each party who have authority to settle the controversy. Any party may give the other party written notice of any dispute that arises under this Agreement. Within 15 days after delivery of the written notice, the receiving party shall provide a written response. The notice and response shall include with reasonable particularity (a) a statement of each party's position and a summary of arguments supporting that position, and (b) the name and title of the executive who will represent that party at the negotiation and of any other person who will accompany the executive. Within 30 days after delivery of the initial written notice, the designated executives of both parties may meet at a mutually acceptable time and place. 11.1.1 Unless otherwise agreed in writing by the negotiating parties, the above-described negotiation shall end at the close of the meeting of designated executives ("Meeting"). Ending the Meeting without a resolution shall not preclude further negotiation or mediation, if mutually desired by the parties. 11.1.2 All offers, promises, conduct and statements, whether oral or written, made in the course of the negotiation and the Meeting by any of the parties, their agents, employees, experts and attorneys are confidential, privileged, and inadmissible for any purpose, including impeachment, in an arbitration or other proceeding involving the parties, provided that evidence that is otherwise admissible or discoverable shall not be rendered inadmissible or non-discoverable as a result of its use in the negotiation. 11.2 Arbitration. If the procedure set out in Section 11.1 does not resolve any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation, or validity thereof, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in Fresno County, California before one arbitrator. The 13 Performa SaaS Agreement arbitration shall be administered by JAMS pursuant to its Comprehensive Arbitration Rules and Procedures. The arbitrator shall issue a written decision setting forth the bases for the arbitrator's ruling, and judgment on the arbitration award may be entered in any court having jurisdiction. This clause shall not preclude the parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. Except for claims for violation or breach of PERFORMA I Rights, in any arbitration arising out of or related to this Agreement, the arbitrator may not award any incidental, indirect, consequential, reliance, punitive, or exemplary damages, including damages for lost profits. 12. General Provisions. 12.1 Records Requests;Audits. From time to time during the Term of this Agreement, Client or its nominee, authorized agent, or representative may, in Client's reasonable discretion, (a) request documentation or records regarding Client's or its Users' use of the Service or User Data, including for Client to comply with governmental or regulatory requests or requirements (any such request, a "Records Request"); and (b) on at least three (3) business days' notice, inspect and audit PERFORMA's records solely as they relate to this Agreement (an "Audit" and, together with a Records Request, an "Inspection"). All Audits shall be conducted during regular business hours and no more frequently than once in any 12-month period (except as otherwise required to comply with applicable law), and in a manner that does not unreasonably interfere with PERFORMA's business operations. PERFORMA shall make available its books, records, equipment, information, and personnel as may be reasonably necessary to cooperate with any Inspection. Client shall only have access to and examine information directly related to Client's or its Users' use of the Service, and shall comply with all reasonable instruction communicated by PERFORMA in completing its Inspection. Client shall promptly reimburse PERFORMA for all expenses incurred by PERFORMA in connection with any Inspection, including but not limited to time and materials costs incurred to comply with any such request. 12.2 State Audit Requirements. If the compensation to be paid by Client under this Agreement exceeds$10,000, PERFORMA is subject to the examination and audit of the California State Auditor, as provided in Government Code section 8546.7, 14 Performa SaaS Agreement for a period of three years after final payment under this Agreement. This section survives the termination of this Agreement. 12.3 Choice of Law; Jurisdiction and Venue. This Agreement shall be governed by, and construed in accordance with, the laws of the State of California. This Agreement is signed and performed in Fresno County, California. Contractor consents to California jurisdiction for actions arising from or related to this Agreement, and, subject to the Government Claims Act, all such actions must be brought and maintained in Fresno County. 12.4 No Benefit to Third Parties. The representations, warranties, covenants, and agreements contained in this Agreement are for the sole benefit of the parties, and they are not to be construed as conferring any rights on any other persons. 12.5 Notices. 12.5.1 Contact Information. The persons and their addresses having authority to give and receive notices provided for or permitted under this Agreement include the following: For the County: Fresno County Sheriffs Office County of Fresno 2200 N Fresno Street Fresno, CA 93721 Email: Sheriff.Payables@fresnosheriff.org For the Contractor: Performa Labs, Inc. Attn.: Anderee Berengian 19600 Fairchild Rd., Suite 300 Irvine, CA 92612 Email: anderee(a)-performa-labs.com With a copy, which shall not constitute notice, to: Stradling Yocca Carlson & Rauth LLP Attn.: Chris Ivey 15 Performa SaaS Agreement 660 Newport Center Drive, Suite 1600 Newport Beach, CA 92660 Email: civey(a)stradlinglaw.com 12.5.2 Change of Contact Information. Either party may change the information in section 11.5.1 by giving notice as provided in section 11.5.3. 12.5.3 Method of Delivery. [If email addresses or fax numbers are not provided above, then revise this section to delete references to those methods of delivery.] Each notice between the County and the Contractor provided for or permitted under this Agreement must be in writing, state that it is a notice provided under this Agreement, and be delivered either by personal service, by first-class United States mail, by an overnight commercial courier service, or by Portable Document Format(PDF)document attached to an email. (A) A notice delivered by personal service is effective upon service to the recipient. (B) A notice delivered by first-class United States mail is effective three County business days after deposit in the United States mail, postage prepaid, addressed to the recipient. (C)A notice delivered by an overnight commercial courier service is effective one County business day after deposit with the overnight commercial courier service, delivery fees prepaid, with delivery instructions given for next day delivery, addressed to the recipient.A notice delivered by telephonic facsimile transmission or by PDF document attached to an email is effective when transmission to the recipient is completed (but, if such transmission is completed outside of County business hours, then such delivery is deemed to be effective at the next beginning of a County business day), provided that the sender maintains a machine record of the completed transmission. 12.5.4 Claims Presentation. For all claims arising from or related to this Agreement, nothing in this Agreement establishes, waives, or modifies any claims presentation requirements or procedures provided by law, including 16 Performa SaaS Agreement the Government Claims Act (Division 3.6 of Title 1 of the Government Code, beginning with section 810). 12.6 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. 12.7 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the provision shall be modified by the court and interpreted so as best to accomplish the objective of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement shall remain in effect. 12.8 Assignment. Neither party may assign or transfer this Agreement or any right or obligation hereunder without the other party's prior written consent; provided, that PERFORMA may assign this Agreement in connection with a sale or transfer of substantially all of the assets of, or a majority interest in the voting shares of, PERFORMA to, or the merger or consolidation of PERFORMA with or into, any other person or company. PERFORMA must promptly provide notice to Client of any such assignment. Any assignment made in violation of this provision shall be void. Client agrees that PERFORMA may subcontract the hosting and other services to be performed in connection with this Agreement, provided that any such subcontracting arrangement will not relieve PERFORMA of any of its obligations hereunder. 12.9 Force Majeure. Except for the obligation to pay money, neither party will be liable for failure or delay in performance under this Agreement due to any cause beyond its reasonable control, including act of war, acts of God, earthquake,flood, embargo, riot, sabotage, labor shortage or dispute, civil or military authority; terrorists, civil disturbance, fire or other catastrophe, parts shortages, governmental act, or failure of the Internet, provided that the delayed party: (a) gives the other party prompt notice of such cause, and (b) uses its reasonable commercial efforts to correct promptly such failure or delay in performance. 12.10 Use of Client's Name. Client agrees to allow PERFORMA to use Client's name on client lists used for promotional purposes. PERFORMA is permitted to issue press releases or press statements concerning Client's use of the service. 17 Performa SaaS Agreement 12.11 Entire Agreement. This Agreement and its attachments constitute the entire agreement between the parties as to its subject matter, and supersedes all previous and contemporaneous agreements, proposals, or representations, written or oral, concerning the subject matter of this Agreement. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment, or waiver is to be asserted. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Client purchase order or in any other Client order documentation shall be incorporated into or form any part of this Agreement and all such terms or conditions shall be null and void. 12.12 Counterparts. This Agreement may be executed in counterparts, which taken together shall form one legal instrument. [SIGNATURES ON FOLLOWING PAGE] 18 Performa SaaS Agreement The parties are signing this Agreement on the date stated in the introductory clause. Dated: PERFORM LABS, INC. By: k i�-- Anderee Berengian Chief Executive Officer COUNTY OF FRESNO Nathan Magsig, Chairman of the Board of Supervisors of the County of Fresno Attest: BERNICE E. SEIDEL Clerk of the Board of Supervisors County of Fresno, State of California By: Deputy Acct: 7311 Fund: 0001 Org.: 31116308 Subclass: 10000 19 Performa SaaS Agreement Exhibit A PRICE LIST AND SERVICE FEE CALCULATION MODULEITEM TRAINING DESCRIPTION Peace Officer Self-guided 1053 Training Module 1 Use of Force Year 2 439 $180.00 $79,020.00 (4 hrs — PSP) 2 Strategic Communications Year 2 439 $90.00 $39,510.00 (2 hrs - PSP) 3 De-Escalation Awareness & Year 2 439 $200.00 $87,800.00 Communication (4 hrs - CPT) 4 Domestic Violence Update Year 2 439 $100.00 $43,900.00 (2 hrs - CPT) 5 Police Vehicle Pursuits Year 2 439 $100.00 $43,900.00 (2 hrs - CPT) 6 Mental Health Decision Making Year 2 439 $200.00 $87,800.00 (4 hrs - CPT) Advanced DeEscalation Awareness 7 and Communications Year 2 439 $200.00 $87,800.00 (4 hrs - CPT) 8 Admin Dashboard Console Year 2 439 $15.00 $6,585.00 SUBSCRIPTION TERM Year 1 under County of Fresno Purchase Order: M07-0000022961 TOTAL SEAT LICENSING FEES $476,315.00 Year 2 means 1/1/25 to 10/31/25 TOTAL REMAINING UFDT $476,315.00 PROGRAM FEES A-1 Exhibit B PILOT PROGRAM 1. Background The State of California has approved a grant program to fund training as part of a three (3)-year pilot for select law enforcement agencies ("Pilot Agencies" or "Client") in the state focused on improving de-escalation and use of force skills for California peace officers. 1.1 Pilot Agency State Summary Each Pilot Agency ("Client") shall collect the following information: 1.1.1 The number of participants ("Pilot Students") that received and successfully completed the training. 1.1.2 Demographic data of each Pilot Student that includes: a. Race b. Gender c. Position 1.1.3 Use of force incidents data in the three previous calendar years (2020, 2021, and 2022). 1.1.4 Use of force incidents data in each calendar year for the duration of the pilot (e.g., 2024 and 2025). 1.1.5 Any quantitative and qualitative data, and other metrics that are collected by specific tools or trainings that are selected by the Pilot Agency. 1.1.6 Survey for Pilot Students (participants of the training) to rate their satisfaction of the training product or program. By December 1, 2025, each Pilot Agency shall provide a report to the Board of State and Community Corrections that includes the data described above, the names and descriptions of trainings selected and used, any information collected through surveys, and a detailed expenditure report of how grant funding was spent. 1.2 Performa Labs program: The Performa Labs ("Performa") training program is a mobile app-based platform for training de- escalation and other relevant skills. Courses consist of a mix of lecture-based learning modules and modules that expose students to real-world encounters captured via body-worn camera. Students demonstrate proficiency through repeated questioning within course content using multiple-choice and true-false type questions. Whereas traditional training techniques focus on training action and movement in tactical situations, Performa is unique in that its primary focus is training the information processing and decision-making expertise that should precede behavior. The Performa suite of training courses includes three core skills courses and a set of additional de-escalation skills courses for specific situations. The core courses are titled "Use of Force", "Strategic Communications", and "De-escalation & Awareness". Use of Force trains awareness of a wide variety of potentially volatile situations, the techniques and best practices for managing such situations, and the laws governing decisions to use force. Strategic Communications focuses on improving sensitivity to civilians who are highly emotional and/or who may have unique communication needs due to mental health issues, substance abuse, and/or disabilities, and training best practices and techniques for engaging with the public during such encounters. De- escalation &Awareness incorporates principles that overlap with both Use of Force and Strategic Communications, and trains techniques to help officers identify and manage a variety of potentially volatile and/or sensitive situations. Additional courses that provide `refresher' and B-1 advanced de-escalation training, as well as de-escalation training specific to such situations as domestic violence, traffic pursuits, injured individuals, and encounters requiring sensitivity to civilian mental health, substance use, and disabilities, are available as elective courses. Each of the Performa courses has three primary learning objectives that all students must master in terms of both understanding and application: de-escalation techniques, communication skills, and legal knowledge. Students must perform at a minimum level of 70% accuracy on the final course test for successful completion. 2. Responsibilities The following outline addresses Performa's involvement in each of the Pilot Agency Requirements and additional requirements strongly suggested by Performa. 2.1 Performa Responsibilities 2.1.1 Performa will assist the Pilot Agency in gathering data and reporting outcomes in conjunction with the Pilot Agency state requirements listed above. 2.1.2 Performa will provide data capturing the number of Pilot Students that receive and successfully complete training for each course and for each year Pilot Agency participates during the pilot. 2.1.3 Performa will produce a summary of analytical methods and reporting on course performance for other quantitative and qualitative metrics. 2.1.4 Performa will work in cooperation with the Pilot Agency in the creation of the mandated report to the Board of State and Community Corrections targeting the December 1, 2025 submission date. 2.2 Pilot Agency Responsibilities: 2.2.1 The Pilot Agency will assign Performa's training to its students following Performa's guidelines. a. Performa will require all Pilot Students to complete each course and an additional a 1-hour assessment course once per POST Mandate Cycle. i. The three core courses should be completed in the following order: Use of Force course, De-Escalation course, and Strategic Communications course. These should be completed within each POST Mandate Cycle. ii. The assessment course may be taken as a follow-up to the core courses. 2.2.2 The Pilot Agency is requested to provide demographic data from Pilot Students during the onboarding of each user (i.e., spreadsheet, user data file, etc.) to Performa's training platform. The demographic data of each Pilot Student will include: a. Race b. Gender c. Rank &Assignment at the time of each course completion d. Years of service e. Age 2.2.3 The Pilot Agency is requested to provide the following agency data for the previous three calendar years (2020-2022) within three (3) months of program start: a. "Use of force" incident data. b. "De-escalation" incident data. c. Crime statistics as tracked by the agency, as available. B-2 d. CPT and PSP compliance rates. e. Performa will select a minimum of three "de-escalation" incidents and three "use of force" incidents for further analysis. As part of this analysis, Performa staff will conduct interviews with involved officers, supervisors, and adjudicators to better understand the data being provided. Performa may request other data regarding incidents as needed based on the outcomes of these case studies. Scheduling of interviews will be at the availability of the appropriate persons. 2.2.4 The Pilot Agency is requested to provide the following agency data quarterly, and within thirty (30) days after each quarter end, for the duration of the pilot program (e.g., 2023-2025): a. "Use of force" incident data in each calendar year. b. "De-escalation" incident data in each calendar year. c. Crime statistics as tracked by the agency, as available. d. CPT and PSP compliance rates for the duration of the pilot. This includes annually and by POST Mandate Cycle. e. Performa will select a minimum of one "de-escalation" incident and one "use of force" incident annually for further analysis. As part of this analysis, Performa staff will conduct interviews with involved officers, supervisors, and adjudicators to better understand the data being provided. Performa may request other data regarding incidents as needed based on the outcomes of these case studies. Scheduling of interviews will be at the availability of the appropriate persons. 2.2.5 Pilot Students will be requested to complete a brief end-of-course feedback survey before receiving credit for the course. This survey will request feedback regarding aspects of user experience such as ease of use, video quality, clarity of the visual content, and suggestions for improvement. Pilot Students will be requested to complete short follow-up surveys to be administered for each course prior to taking the annual assessment course, or at the time of employment termination, as applicable. These surveys will request feedback regarding how useful each officer found the course to be in their everyday actions and decisions. Performa may conduct interviews with Pilot Students as approved by the Pilot Agency. B-3 Exhibit C Insurance Requirements 1. Required Policies Without limiting the County's right to obtain indemnification from the Contractor or any third parties, Contractor, at its sole expense, shall maintain in full force and effect the following insurance policies throughout the term of this Agreement. (A) Commercial General Liability. Commercial general liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and an annual aggregate of Four Million Dollars ($4,000,000). This policy must be issued on a per occurrence basis. Coverage must include products, completed operations, property damage, bodily injury, personal injury, and advertising injury. The Contractor shall obtain an endorsement to this policy naming the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, as additional insureds, but only insofar as the operations under this Agreement are concerned. Such coverage for additional insureds will apply as primary insurance and any other insurance, or self-insurance, maintained by the County is excess only and not contributing with insurance provided under the Contractor's policy. (B) Automobile Liability. Automobile liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for property damages. Coverage must include any auto used in connection with this Agreement. (C)Workers Compensation. Workers compensation insurance as required by the laws of the State of California with statutory limits. (D) Employer's Liability. Employer's liability insurance with limits of not less than One Million Dollars ($1,000,000) per occurrence for bodily injury and for disease. (E) Technology Professional Liability (Errors and Omissions). Technology professional liability (errors and omissions) insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence and in the aggregate. Coverage must encompass all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks. (F) Cyber Liability. Cyber liability insurance with limits of not less than Two Million Dollars ($2,000,000) per occurrence. Coverage must include claims involving Cyber Risks. The cyber liability policy must be endorsed to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. Definition of Cyber Risks. "Cyber Risks" include but are not limited to (i) Security Breach, which may include Disclosure of Personal Information to an Unauthorized Third Party; (ii) data breach; (iii) breach of any of the Contractor's obligations under Exhibit D of this Agreement; (iv) system failure; (v) data recovery; (vi) failure to timely disclose data breach or Security Breach; (vii) failure to comply with privacy policy; (viii) payment card liabilities and costs; (ix) infringement of intellectual property, including but not limited to infringement of copyright, trademark, and trade dress; (x) invasion of privacy, including release of private information; (xi) information theft; (xii) damage to or C-1 destruction or alteration of electronic information; (xiii) cyber extortion; (xiv) extortion related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; (xv)fraudulent instruction; (xvi) funds transfer fraud; (xvii) telephone fraud; (xviii) network security; (xix) data breach response costs, including Security Breach response costs; (xx) regulatory fines and penalties related to the Contractor's obligations under this Agreement regarding electronic information, including Personal Information; and (xxi) credit monitoring expenses. 2. Additional Requirements (A) Verification of Coverage. Within 30 days after the Contractor signs this Agreement, and at any time during the term of this Agreement as requested by the County's Risk Manager or the County Administrative Office, the Contractor shall deliver, or cause its broker or producer to deliver, to the County Risk Manager, at 2220 Tulare Street, 16th Floor, Fresno, California 93721, or HRRiskManagement@fresnocountyca.gov, and by mail or email to the person identified to receive notices under this Agreement, certificates of insurance and endorsements for all of the coverages required under this Agreement. (i) Each insurance certificate must state that: (1) the insurance coverage has been obtained and is in full force; (2) the County, its officers, agents, employees, and volunteers are not responsible for any premiums on the policy; and (3) the Contractor has waived its right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under any insurance policy required by this Agreement and that waiver does not invalidate the insurance policy. (ii) The commercial general liability insurance certificate must also state, and include an endorsement, that the County of Fresno, its officers, agents, employees, and volunteers, individually and collectively, are additional insureds insofar as the operations under this Agreement are concerned. The commercial general liability insurance certificate must also state that the coverage shall apply as primary insurance and any other insurance, or self-insurance, maintained by the County shall be excess only and not contributing with insurance provided under the Contractor's policy. (iii) The automobile liability insurance certificate must state that the policy covers any auto used in connection with this Agreement. (iv) The technology professional liability insurance certificate must also state that coverage encompasses all of the Contractor's obligations under this Agreement, including but not limited to claims involving Cyber Risks, as that term is defined in this Agreement. (v) The cyber liability insurance certificate must also state that it is endorsed, and include an endorsement, to cover the full replacement value of damage to, alteration of, loss of, or destruction of intangible property (including but not limited to information or data) that is in the care, custody, or control of the Contractor. (B) Acceptability of Insurers. All insurance policies required under this Agreement must be issued by admitted insurers licensed to do business in the State of California and C-2 possessing at all times during the term of this Agreement an A.M. Best, Inc. rating of no less than A: VI I. (C) Notice of Cancellation or Change. For each insurance policy required under this Agreement, the Contractor shall provide to the County, or ensure that the policy requires the insurer to provide to the County, written notice of any cancellation or change in the policy as required in this paragraph. For cancellation of the policy for nonpayment of premium, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 10 days in advance of cancellation. For cancellation of the policy for any other reason, and for any other change to the policy, the Contractor shall, or shall cause the insurer to, provide written notice to the County not less than 30 days in advance of cancellation or change. The County in its sole discretion may determine that the failure of the Contractor or its insurer to timely provide a written notice required by this paragraph is a breach of this Agreement. (D) County's Entitlement to Greater Coverage. If the Contractor has or obtains insurance with broader coverage, higher limits, or both, than what is required under this Agreement, then the County requires and is entitled to the broader coverage, higher limits, or both. To that end, the Contractor shall deliver, or cause its broker or producer to deliver, to the County's Risk Manager certificates of insurance and endorsements for all of the coverages that have such broader coverage, higher limits, or both, as required under this Agreement. (E) Waiver of Subrogation. The Contractor waives any right to recover from the County, its officers, agents, employees, and volunteers any amounts paid under the policy of worker's compensation insurance required by this Agreement. The Contractor is solely responsible to obtain any policy endorsement that may be necessary to accomplish that waiver, but the Contractor's waiver of subrogation under this paragraph is effective whether or not the Contractor obtains such an endorsement. (F) County's Remedy for Contractor's Failure to Maintain. If the Contractor fails to keep in effect at all times any insurance coverage required under this Agreement, the County may, in addition to any other remedies it may have, suspend or terminate this Agreement upon the occurrence of that failure, or purchase such insurance coverage, and charge the cost of that coverage to the Contractor. The County may offset such charges against any amounts owed by the County to the Contractor under this Agreement. (G)Subcontractors. The Contractor shall require and verify that all subcontractors used by the Contractor to provide services under this Agreement maintain insurance meeting all insurance requirements provided in this Agreement. This paragraph does not authorize the Contractor to provide services under this Agreement using subcontractors. C-3 Exhibit D Data Security A. Definitions. Capitalized terms used in this Exhibit D have the meanings set forth in this section A. "Authorized Employees" means the Contractor's employees who have access to Personal Information. "Authorized Persons" means: (i) any and all Authorized Employees; and (ii) any and all of the Contractor's subcontractors, representatives, agents, outsourcers, and consultants, and providers of professional services to the Contractor, who have access to Personal Information and are bound by law or in writing by confidentiality obligations sufficient to protect Personal Information in accordance with the terms of this Exhibit D. "Director" means the County's Director of Internal Services/Chief Information Officer or his or her designee. "Disclose" or any derivative of that word means to disclose, release, transfer, disseminate, or otherwise provide access to or communicate all or any part of any Personal Information orally, in writing, or by electronic or any other means to any person. "Non-Anonym ized Data and Personal Information" means electronic data or information compiled or derived by PERFORM based on User Data and Personal Information provided to PERFORM that has not been deidentified, aggregated or anonymized such that it cannot reasonably be linked to Client or a particular User. "Person" means any natural person, corporation, partnership, limited liability company, firm, or association. "Personal Information" means any and all information, including any data provided, or to which access is provided, to the Contractor by or upon the authorization of the County, including but not limited to vital records, that: (i) identifies, describes, or relates to, or is associated with, or is capable of being used to identify, describe, or relate to, or associate with, a person (including, without limitation, names, physical descriptions, signatures, addresses, telephone numbers, e-mail addresses, education, financial matters, employment history, and other unique identifiers, as well as statements made by or attributable to the person); (ii) is used or is capable of being used to authenticate a person (including, without limitation, employee identification numbers, government- D-1 Exhibit D Data Security issued identification numbers, passwords or personal identification numbers (PINs), financial account numbers, credit report information, answers to security questions, and other personal identifiers); or is personal information within the meaning of California Civil Code section 1798.3, subdivision (a), or 1798.80, subdivision (e). Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. "Privacy Practices Complaint" means a complaint received by the County relating to the Contractor's (or any Authorized Person's) privacy practices, or alleging a Security Breach. Such complaint shall have sufficient detail to enable the Contractor to promptly investigate and take remedial action under this Exhibit D. "Security Safeguards" means physical, technical, administrative or organizational security procedures and practices put in place by the Contractor(or any Authorized Persons)that relate to the protection of the security, confidentiality, value, or integrity of Non-Anonymized Data and Personal Information. Security Safeguards shall satisfy the minimal requirements set forth in subsection C.(5) of this Exhibit D. "Security Breach" means (i) any act or omission that compromises either the security, confidentiality, value, or integrity of any Non-Anonymized Data and Personal Information or the Security Safeguards, or(ii) any unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, any Non-Anonymized Data and Personal Information. "Use" or any derivative thereof means to receive, acquire, collect, apply, manipulate, employ, process, transmit, disseminate, access, store, disclose, or dispose of Non-Anonymized Data and Personal Information. B. Standard of Care. (1)The Contractor acknowledges that, in the course of its engagement by the County under this Agreement, the Contractor, or any Authorized Persons, may Use Personal Information and Non-Anonymized Data and Personal Information only as permitted in this Agreement. (2)The Contractor acknowledges that Non-Anonymized Data and Personal D-2 Exhibit D Data Security Information is deemed to be confidential information of, or owned by, the County (or persons from whom the County receives or has received Non-Anonymized Data and Personal Information) and is not confidential information of, or owned or by, the Contractor, or any Authorized Persons. The Contractor further acknowledges that all right, title, and interest in or to the Non-Anonymized Data and Personal Information remains in the County (or persons from whom the County receives or has received Non-Anonymized Data and Personal Information) regardless of the Contractor's, or any Authorized Person's, Use of that Non-Anonymized Data and Personal Information. (3)The Contractor agrees and covenants in favor of the County that the Contractor shall: (i) keep and maintain all Non-Anonymized Data and Personal Information and Personal Information in strict confidence, using such degree of care under this Subsection B as is reasonable and appropriate to avoid a Security Breach; (ii) Use Non-Anonymized Data and Personal Information exclusively for the purposes for which the Non-Anonymized Data and Personal Information is made accessible to the Contractor pursuant to the terms of this Exhibit D; (iii) not Use, Disclose, sell, rent, license, or otherwise make available Non-Anonymized Data and Personal Information for the Contractor's own purposes or for the benefit of anyone other than the County, without the County's express prior written consent, which the County may give or withhold in its sole and absolute discretion; and (iv) not, directly or indirectly, Disclose Non-Anonymized Data and Personal Information to any person (an "Unauthorized Third Party") other than Authorized Persons pursuant to this Agreement, without the Director's express prior written consent. Notwithstanding the foregoing paragraph, in any case in which the Contractor believes it, or any Authorized Person, is required to disclose Personal Information to government regulatory authorities, or pursuant to a legal proceeding, or otherwise as may be required by applicable law, the Contractor shall (a) immediately notify the County of the specific demand for, and legal authority for the disclosure, including providing the County with a copy of any notice, discovery demand, subpoena, or order, as applicable, received by the Contractor, or any Authorized Person, from any government regulatory authorities, or in relation to any legal proceeding, and (b) promptly notify the County before such Personal Information is offered by the Contractor for such disclosure so that the County may have sufficient time to obtain a court order or take any other action the D-3 Exhibit D Data Security County may deem necessary to protect the Personal Information from such disclosure, and the Contractor shall cooperate with the County to minimize the scope of such disclosure of such Personal Information. The Contractor shall remain liable to the County for the actions and omissions of any Unauthorized Third Party concerning its Use of such Personal Information as if they were the Contractor's own actions and omissions. C. Information Security. (1)The Contractor covenants, represents and warrants to the County that the Contractor's Use of Personal Information under this Agreement does and shall at all times comply with all federal, state, and local, privacy and data protection laws, as well as all other applicable regulations and directives, including but not limited to California Civil Code, Division 3, Part 4, Title 1.81 (beginning with section 1798.80), and the Song-Beverly Credit Card Act of 1971 (California Civil Code, Division 3, Part 4, Title 1.3, beginning with section 1747). If the Contractor Uses credit, debit, or other payment cardholder information, the Contractor shall at all times remain in compliance with the Payment Card Industry Data Security Standard ("PCI DSS") requirements, including remaining aware at all times of changes to the PCI DSS and promptly implementing and maintaining all procedures and practices as may be necessary to remain in compliance with the PCI DSS, in each case, at the Contractor's sole cost and expense. (2)The Contractor covenants, represents and warrants to the County that, as of the Effective Date, the Contractor has not received notice of any violation of any privacy or data protection laws, as well as any other applicable regulations or directives, and is not the subject of any pending legal action or investigation by, any government regulatory authority regarding same. (3)Without limiting the Contractor's obligations under subsection C.(1) of this Exhibit D, the Contractor's (or Authorized Person's) Security Safeguards shall be no less rigorous than accepted industry practices and, at a minimum, include the following: (i) limiting Use of Non-Anonymized Data and Personal Information strictly to the Contractor's and Authorized Persons' technical and administrative personnel who are necessary for the Contractor's, or Authorized Persons', Use of D-4 Exhibit D Data Security the Non-Anonymized Data and Personal Information pursuant to this Agreement; (ii) ensuring that all of the Contractor's connectivity to the County computing systems will only be through the County's security gateways and firewalls, and only through security procedures approved upon the express prior written consent of the Director; (iii) to the extent that they contain or provide access to Non-Anonymized Data and Personal Information, (a) securing the Contractor's business facilities, data centers, paper files, servers, back-up systems and computing equipment, operating systems, and software applications, including, but not limited to, all mobile devices and other equipment, operating systems, and software applications with information storage capability; (b) employing adequate controls and data security measures with respect to the Contractor Facilities and Equipment), both internally and externally, to protect (1)the Non-Anonymized Data and Personal Information from potential loss or misappropriation, or unauthorized Use, and (2)the County's operations from disruption and abuse; (c) having and maintaining network, device application, database and platform security; and (d) maintaining authentication and access controls within media, computing equipment, operating systems, and software applications; (iv) encrypting all Personal Information at advance encryption standards of Advanced Encryption Standards (AES) of 128 bit or higher(a) stored on any mobile devices, including but not limited to hard disks, portable storage devices, or remote installation, or(b)transmitted over public or wireless networks (the encrypted Personal Information must be subject to password or pass phrase, and be stored on a secure server and transferred by means of a Virtual Private Network (VPN) connection, or another type of secure connection, all of which is subject to express prior written consent of the Director); ; (v) having a patch management process including installation of all operating system/software vendor security patches; (vi) maintaining appropriate personnel security and integrity procedures and practices, including, but not limited to, conducting background checks of Authorized Employees consistent with applicable law; and (vii) providing appropriate privacy and information security training to Authorized Employees. (4) During the term of each Authorized Employee's employment by the Contractor, the Contractor shall cause such Authorized Employees to abide strictly by the Contractor's obligations under this Exhibit D. The Contractor further agrees that it shall maintain a disciplinary process to D-5 Exhibit D Data Security address any unauthorized Use of Personal Information by any Authorized Employees. (5)The Contractor shall, in a secure manner, backup daily, or more frequently if it is the Contractor's practice to do so more frequently, Non-Anonymized Data and Personal Information Personal Information received from the County, and the County shall have immediate, real time access, at all times, to such backups via a secure, remote access connection provided by the Contractor, through the Internet. D. Security Breach Procedures. (1) Promptly, and without undue delay, upon the Contractor's confirmation of a Security Breach, the Contractor shall (a) notify the Director of the Security Breach, such notice to be given first by telephone at the following telephone number, followed promptly by email at the following email address: (559) 600-8900/cybersecurity@fresnosheriff.org (which telephone number and email address the County may update by providing notice to the Contractor), and (b) preserve all relevant evidence (and cause any affected Authorized Person to preserve all relevant evidence) relating to the Security Breach. The notification shall include, to the extent reasonably possible, the identification of each type and the extent of Personal Information that has been, or is reasonably believed to have been, breached, including but not limited to, compromised, or subjected to unauthorized Use, Disclosure, or modification, or any loss or destruction, corruption, or damage. (2) Immediately following the Contractor's notification to the County of a Security Breach, as provided pursuant to subsection D.(1) of this Exhibit D, the Parties shall coordinate with each other to investigate the Security Breach. The Contractor agrees to fully cooperate with the County, including, without limitation: (i) assisting the County in conducting any investigation; (ii) providing the County with physical access to the facilities and operations affected; (iii)facilitating interviews with Authorized Persons and any of the Contractor's other employees knowledgeable of the matter; and (iv) making available all relevant records, logs, files, data reporting and other materials required to comply with applicable law, regulation, industry standards, or as otherwise reasonably required by the County. To that end, the Contractor shall, with respect to a Security Breach, be solely responsible, at its cost, for all notifications required by law and regulation, and the Contractor shall provide a written report of the investigation and reporting required to the Director within 30 D-6 Exhibit D Data Security days after the Contractor's discovery of the Security Breach. (3)The County shall promptly notify the Contractor of the Director's knowledge, or reasonable belief, of any Privacy Practices Complaint, and upon the Contractor's receipt of notification thereof, the Contractor shall promptly address such Privacy Practices Complaint, including taking any corrective action under this Exhibit D, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. In the event the Contractor discovers a Security Breach, the Contractor shall treat the Privacy Practices Complaint as a Security Breach. Within 24 hours of the Contractor's receipt of notification of such Privacy Practices Complaint, the Contractor shall notify the County whether the matter is a Security Breach, or otherwise has been corrected and the manner of correction, or determined not to require corrective action and the reason therefor. (4)The Contractor shall take prompt corrective action to respond to and remedy any Security Breach and take reasonable mitigating actions, including but not limiting to, preventing any reoccurrence of the Security Breach and correcting any deficiency in Security Safeguards as a result of such incident, all at the Contractor's sole expense, in accordance with applicable privacy rights, laws, regulations and standards. The Contractor shall reimburse the County for all reasonable costs incurred by the County in responding to, and mitigating damages caused by, any Security Breach, including all costs of the County incurred in relation to any litigation or other action described in subsection D.(5) of this Exhibit D to the extent applicable: (1)the cost of providing affected individuals with credit monitoring services for a specific period not to exceed 12 months, to the extent the incident could lead to a compromise of the data subject's credit or credit standing; (2) call center support for such affected individuals for a specific period not to exceed 30 days; and (3) the cost of any measures required under applicable laws. E. Oversight of Security Compliance. (1)The Contractor shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Contractor's operations and the nature and scope of its activities. (2) Upon the County's written request, to confirm the Contractor's compliance with this D-7 Exhibit D Data Security Exhibit D, as well as any applicable laws, regulations and industry standards, the Contractor grants the County at County's sole expense or, upon the County's election and sole expense, a third party on the County's behalf, permission to perform an assessment, audit, examination or review of all controls in the Contractor's physical and technical environment in relation to all Non-Anonymized Data and Personal Information that is Used by the Contractor pursuant to this Agreement. The Contractor shall fully cooperate with such assessment, audit or examination, as applicable, by providing the County or the third party on the County's behalf and sole expense, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Contractor for Non-Anonymized Data and Personal Information pursuant to this Agreement. In addition, the Contractor shall provide the County with the results of any audit by or on behalf of the Contractor that assesses the effectiveness of the Contractor's information security program as relevant to the security and confidentiality of Non-Anonymized Data and Personal Information Used by the Contractor or Authorized Persons during the course of this Agreement under this Exhibit D. (3)The Contractor shall ensure that all Authorized Persons who Use Non-Anonymized Data and Personal Information agree to the same restrictions and conditions in this Exhibit D. that apply to the Contractor with respect to such Non-Anonymized Data and Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Contractor and such Authorized Persons, or amending any written agreements to provide same. F. Return or Destruction of Personal Information. Upon the termination of this Agreement, the Contractor shall, and shall instruct all Authorized Persons to, promptly return to the County all Non-Anonymized Data and Personal Information as provided by the County, whether in written, electronic or other form or media, in its possession or the possession of such Authorized Persons, in a machine readable form used by the County at the time of such return, or upon the express prior written consent of the Director, securely destroy all such Non-Anonymized Data and Personal Information, and certify in writing to the County that such Non-Anonymized Data and Personal Information have been returned to the D-8 Exhibit D Data Security County or disposed of securely, as applicable. If the Contractor is authorized to dispose of any such Non-Anonymized Data and Personal Information, as provided in this Exhibit D, such certification shall state the date, time, and manner(including standard) of disposal and by whom, specifying the title of the individual. The Contractor shall comply with all reasonable directions provided by the Director with respect to the return or disposal of Non-Anonymized Data and Personal Information and copies thereof. If return or disposal of such Non-Anonymized Data and Personal Information or copies of Non-Anonymized Data and Personal Information is not feasible, the Contractor shall notify the County accordingly, specifying the reason, and continue to extend the protections of this Exhibit D to all such Non-Anonymized Data and Personal Information and copies of Non-Anonymized Data and Personal Information as such were provided by the County. The Contractor shall not retain any copy of any Non-Anonymized Data and Personal Information as provided by the County after returning or disposing of Non-Anonymized Data and Personal Information as required by this section F. The Contractor's obligations under this section F survive the termination of this Agreement and apply to all Non-Anonymized Data and Personal Information that the Contractor retains if return or disposal is not feasible and to all Non-Anonymized Data and Personal Information that the Contractor may later discover. G. Equitable Relief. The Contractor acknowledges that any breach of its covenants or obligations set forth in this Exhibit D may cause the County irreparable harm for which monetary damages would not be adequate compensation and agrees that, in the event of such breach or threatened breach, the County is entitled to seek equitable relief, including a restraining order, injunctive relief, specific performance and any other relief that may be available from any court, in addition to any other remedy to which the County may be entitled at law or in equity. Such remedies shall not be deemed to be exclusive but shall be in addition to all other remedies available to the County at law or in equity or under this Agreement. H. Indemnification. The Contractor shall defend, indemnify and hold harmless the County, its officers, employees, and agents, (each, a "County Indemnitee")from and against any and all infringement D-9 Exhibit D Data Security of intellectual property including, but not limited to infringement of copyright, trademark, and trade dress, invasion of privacy, information theft, and extortion, unauthorized Use, Disclosure, or modification of, or any loss or destruction of, or any corruption of or damage to, Personal Information, Security Breach response and remedy costs, credit monitoring expenses, forfeitures, losses, damages, liabilities, deficiencies, actions,judgments, interest, awards, fines, and penalties (including regulatory fines and penalties), costs or expenses of whatever kind, including attorney's fees and costs, the cost of enforcing any right to indemnification or defense under the Agreement and the cost of pursuing any insurance providers, arising out of or resulting from any third party claim or action against any County Indemnitee in relation to the Contractor's, its officers, employees, or agents, or any Authorized Employee's or Authorized Person's, performance or failure to perform under this Exhibit D or arising out of or resulting from the Contractor's failure to comply with any of its obligations under this section H. The provisions of this section H do not apply to the acts or omissions of the County. The provisions of this section H are cumulative to any other obligation of the Contractor to, defend, indemnify, or hold harmless any County Indemnity under this Agreement. The provisions of this section H shall survive the termination of this Agreement. I. Survival. The respective rights and obligations of the Contractor and the County as stated in this Exhibit D shall survive the termination of this Agreement. J. No Third Party Beneficiary. Nothing express or implied in the provisions of in this Exhibit D is intended to confer, nor shall anything herein confer, upon any person other than the County or the Contractor and their respective successors or assignees, any rights, remedies, obligations or liabilities whatsoever. L. No County Warranty. The County does not make any warranty or representation whether any Personal Information in the Contractor's (or any Authorized Person's) possession or control, or Use by the Contractor(or any Authorized Person), pursuant to the terms of this Agreement is or will be secure from unauthorized Use, or a Security Breach or Privacy Practices Complaint. D-10