Launchpad Provider Agreement

This Launchpad Provider Agreement (the “Agreement”) is effective (), between Pegasystems Inc., a Massachusetts corporation located at One Main Street, Cambridge, MA, 02142 (“Pegasystems”), and (), located at () (“Provider”). Definitions are stated on Exhibit A or elsewhere in this Agreement. 

Introduction. 

• Pegasystems and Provider desire to enter into an arrangement to allow Provider to use Launchpad to develop and commercialize an application or applications (each a “Provider Application”) according to the terms of the applicable Order and this Agreement. 

• Pegasystems will host and make Launchpad available to Provider.  

• Provider will make their Provider Application(s) available to Subscribers and provide support to the Subscribers. 

• Provider shall pay Pegasystems according to the terms set forth on the applicable Order(s). 

1. Provider Rights and Responsibilities. 

(a) Provider Designation.  Subject to the terms and conditions set forth in this Agreement, Pegasystems grants Provider non-exclusive rights to deliver the Provider Application(s) to Subscribers, and Provider accepts such appointment.  Provider is not authorized to distribute the Provider Application(s) without Pegasystems’ express prior written consent.  Provider shall have full discretion to set its own prices for Subscriber subscriptions to any Provider Application.   

(b) Provider Application.  The Provider Application(s) shall at all times materially conform to the description set forth in the applicable Order.  Pegasystems reserves the right to review the Provider Application(s) at any time during the Term to verify that it continues to conform to the description in the applicable Order.  

(c) New Services and Modifications.  Pegasystems may, at any time, add new functionality or services which may be included as part of Launchpad in its sole discretion. Pegasystems may also modify Launchpad in its sole discretion. 

(d) Subcontractors.  Provider may use subcontractors to assist Provider in creating, supporting, or delivering the Provider Application(s) on behalf of Provider, provided that Provider will require each such subcontractor to sign a written agreement no less protective of Pegasystems and its suppliers than the terms and conditions of this Agreement, and Provider shall be responsible for all acts or omissions of any such subcontractor regarding Launchpad, the Documentation and any Confidential Information provided by Pegasystems, and Provider shall indemnify and hold Pegasystems harmless from and against any liabilities, losses, damages, costs and expenses (including reasonable attorneys’ fees) resulting from any such acts or omissions of any such subcontractor. 

2. Access; Initial Validation; Security Tests. 

(a) Access.  Pegasystems will email to Provider a URL to allow Provider to access Launchpad.  Launchpad shall be deemed irrevocably accepted upon delivery of such URL.  

(b) Initial Validation.  Prior to any Provider Application launch, Provider will test, and will provide Pegasystems with the opportunity to test and approve such Provider Application.   

(c) Security Testing. Prior to any distribution by Provider of the Provider Application(s), Pegasystems may conduct a security evaluation of the Provider Application(s), which may include a qualitative assessment involving review of a completed questionnaire, an interview with appropriate Provider personnel, and/or security testing.  Pegasystems may periodically conduct such security evaluations throughout the term of this Agreement.  Pegasystems conducts such security evaluations for its own benefit and Provider may not rely on or promote the Provider Application’s successful passage of such evaluation.  Security testing may include remote application-level security testing of the Provider Application(s), and network-level security testing including a vulnerability threat assessment.  Pegasystems may conduct such testing itself or through a third party.  Pegasystems will provide reasonable notice to Provider before starting such testing.  Pegasystems will also cooperate reasonably with Provider to minimize the effects of such testing on Provider’s business and operations.  Provider agrees to cooperate reasonably with such testing.  Any nonpublic information to which Pegasystems obtains access during such security testing will be considered Confidential Information of Provider.  

3. Pegasystems Services. 

(a) Hosting.  Pegasystems will host or engage one or more third-party hosting services providers to host Launchpad, and Pegasystems will provide Provider with access to Launchpad and their Provider Application(s), which Providers can make available to Subscribers, all in accordance with this Agreement, the Order(s) and the Documentation. 

(b) Maintenance and Technical Support.   Provider will provide helpdesk and first-line technical support to its Subscribers.  Provider will be supported with Launchpad as defined in the ‘Service Availability and Support for Launchpad’ section of the Documentation. Subscribers will not have access to Launchpad support tools. Pegasystems may implement updates to Launchpad at its sole discretion on a case-by-case basis. 

4. License Grants; Ownership. 

(a) Provider Access.  Subject to the terms and conditions of this Agreement, Pegasystems grants to Provider a non-exclusive, non-transferable, fee-bearing license to access and use Launchpad in accordance with this Agreement, the Documentation and the Order(s).   

(b) Subscriber Access.  Subject to the terms and conditions of this Agreement, Pegasystems grants to Provider a non-exclusive, non-transferable, fee-bearing license to grant Subscribers a non-exclusive, limited right to access Launchpad for the sole purpose of using Provider Application(s).  All use of Provider Application(s) by Subscribers shall be subject to the Subscriber’s acceptance of the terms and conditions of the Provider’s End User Subscription Agreement which shall include the terms and conditions set forth in Exhibit C and any other terms and conditions necessary for Provider to comply with its obligations under this Agreement.   Provider agrees to update its End User Subscription Agreement to reflect any additional or different terms and conditions which may be provided by Pegasystems to Provider from time to time. If any Subscriber fails to perform any material obligation with respect to the End User Subscription Agreement, Provider shall promptly notify Pegasystems and cooperate with Pegasystems to protect and enforce Pegasystems’ rights and title with respect to Launchpad. 

(c) Restrictions.  

i. Provider’s use of Launchpad and the Documentation will comply with the terms and conditions of this Agreement and the Acceptable Use Policy. 

ii. Provider shall not: (a) distribute, transfer, sell, license or otherwise make available Launchpad; (b) customize, modify, enhance, create derivative works of, or otherwise exploit Launchpad or the Documentation other than as expressly permitted by this Agreement or as approved by Pegasystems in writing on a case-by-case basis; or (c) use the functionality of Launchpad for its own internal business operations unless otherwise set forth in a specific Order. 

iii. Provider will not, and will not cause or permit Subscribers or others to, rent, sell, lease, lend, convey, redistribute, sublicense or otherwise provide any third party with access to or use of Launchpad or the Documentation, except as expressly permitted by this Agreement. 

iv. Provider agrees that except as may be expressly permitted by applicable law, Provider will not cause or permit the reverse engineering, translation, or disassembly of Launchpad.  Provider shall not remove, obscure, or alter any Pegasystems or other proprietary rights notice affixed to or contained within Launchpad. 

v. Provider will not, and will not cause or permit Subscribers or others to, (a) damage, disrupt or impede the operation of, or gain unauthorized access to or use of Launchpad; (b) circumvent, disable or modify any security mechanisms used by Pegasystems; (c) use any robot, spider, site search/retrieval application or other device to retrieve or index any content or data included in Launchpad/Provider Application(s) or to collect information on other users; or (d) introduce to Launchpad or Provider Application(s) any viruses, worms, defects, Trojan horse, time bombs, or other programming that may damage, detrimentally interfere with, surreptitiously intercept or expropriate any system, data or other personal information. 

vi. Provider will not publish or disseminate any results of benchmark or other testing run on Launchpad or Provider Application(s) without Pegasystems’ prior written approval. 

(d) Intellectual Property Protection. Provider will immediately bring to the attention of Pegasystems any improper or wrongful use of Launchpad, Provider Application(s), the Documentation, the Pegasystems Marks, or any other Intellectual Property Rights of Pegasystems of which Provider becomes aware.  Provider shall not adopt, use or attempt to register any trademarks or trade names that are confusingly similar to the Pegasystems Marks or in such a way as to create combination marks with the Pegasystems Marks.  Provider shall not use any Pegasystems Marks in any manner that could disparage, tarnish, or otherwise damage Pegasystems reputation or brand. Any use of Pegasystems Marks shall comply with trademark guidelines found at https://www.pega.com/about/media-resources/trademark-guidelines. Provider represents and warrants that it shall not use or combine any open-source software or third-party software with or in conjunction with Launchpad that would require Pegasystems to make any of its software publicly available under any open-source license or other third-party license. 

(e) Press Releases.  All press and media releases by Provider referencing Launchpad must be approved in writing by Pegasystems prior to the release thereof.   

(f) Launchpad Ownership. 

i. Launchpad and Documentation are licensed, not sold to Provider.  As between the parties, all right, title, and interest in and to any Intellectual Property Rights in or related to Launchpad and the Documentation shall at all times remain with Pegasystems and its licensors.  All rights not expressly granted under this Section 4 are reserved to Pegasystems.  For the avoidance of doubt, and subject to Pegasystems’ Intellectual Property Rights set forth above, Pegasystems shall have no rights in or to the Provider Application built on Launchpad. 

ii. If and to the extent that Provider acquires any ownership interest in or to any technology or Intellectual Property Rights in or related to Launchpad or the Documentation, Provider assigns all such interests and rights to Pegasystems. 

(g) Provider IP Ownership 

i. As between the parties, all right, title, and interest in and to any Intellectual Property Rights in or related to the Provider Application(s), and its applicable processes, methodologies, software, trademarks and documentation (collectively the “Provider IP”) shall at all times remain with Provider and its licensors. All rights not expressly granted by Provider hereunder are reserved to Provider. 

ii. If and to the extent that Pegasystems acquires any ownership interest in or to any technology or Intellectual Property Rights in or related to the Provider IP, Pegasystems shall assign all such interests and rights to Provider. 

5. Subscriber Data and Security 

(a) Provider represents and warrants that it has complied, and will throughout the term of Provider’s use of Launchpad and Provider Application(s) comply, with all applicable data privacy laws and regulations in relation to Subscriber Data, including, without limitation, that it has provided any necessary notices and obtained any necessary consents relating to Provider’s collection and use in relation to Launchpad and Provider Application(s) of such Subscriber Data. 

(b) During the term, Pegasystems will provide the Security Standards describing Pegasystems’ information and physical security program (attached as Exhibit B to this Agreement). 

(c) During the term of Provider’s use of Launchpad, each party will comply with its respective obligations set forth in the Provider Responsibilities and Launchpad Security Controls, which are incorporated by reference. 

(d) To the extent the Provider’s use of Launchpad involves the processing by Pegasystems of Subscriber Data which includes PII on Provider’s behalf the Launchpad DPA is incorporated by reference.   

(e) Pegasystems and Provider agree that each party may store, access, and process the other party’s Business Contact Data for the purpose of performing any obligations under this Agreement.  Each party may share the other party’s Business Contact Data with its contractors, partners, assignees and others acting on such party’s behalf under this Agreement. 

6. Fees; Payment. 

(a) Fees.  Provider agrees to pay Pegasystems the fees for Launchpad as set forth in the applicable Order.  Provider shall have full discretion to set its own prices for Subscriber subscriptions to any Provider Application. In addition, any discounting that it offers a Subscriber on the Provider Application(s) will be consistent with discounting on any other solutions or services that it offers the Subscriber.     

(b) Payment.  All amounts for subscription fees are due and payable in accordance with the terms in the applicable Order. All overdue amounts shall bear interest at the rate of 0.667% per month or the maximum legal rate, if less. Payments shall be in U.S. dollars.  Pegasystems reserves the right to suspend service entirely should Provider be more than thirty (30) days past due on any payment.  Provider’s payment to Pegasystems is not contingent on Provider’s receipt of payment from its Subscriber.   

(c) Taxes.  Unless otherwise provided in the applicable Order, the fees do not include any governmental excise, sales, use, personal property, value-added, income or ad-valor taxes, levies, duties or fees of any type or amount (collectively, the “Taxes”).  Any and all such Taxes payable in connection with the sale or delivery of Launchpad or any other Pegasystems or Provider products or services shall be in addition to such fees and prices and shall be the sole responsibility of the Provider.  If Provider is required to deduct or withhold any Taxes from any payment due to Pegasystems, then (i) the amount payable to Pegasystems shall be increased as necessary so that after making all required deductions (including deductions applicable to additional sums payable under this Section 6(c)), Pegasystems receives an amount equal to the amount it would have received had no such deductions been made, (ii) Provider shall make such deductions, (iii) Provider shall pay the full amount deducted to the relevant governmental authority in accordance with applicable law, and (iv) Provider shall promptly provide Pegasystems satisfactory evidence of such payment upon request.  Provider shall indemnify and hold Pegasystems harmless from and against any such Taxes. 

7. Limited Warranties and Representations. 

(a) Limited Launchpad Warranty. Pegasystems represents and warrants to Provider that Launchpad will operate substantially in accordance with the Documentation during the term of the Order(s).  If there is any failure of this warranty which can be replicated or verified, Pegasystems will, at its election, either promptly repair Launchpad to resolve such failure or terminate Launchpad and provide a refund for any pre-paid unused fees for the remaining portion of the then current term of any Order(s) to which the breach relates.  These remedies will be Provider’s exclusive remedy for any failures of these warranties.  To invoke the remedies described in this Section 7(a), Provider must provide written notice to Pegasystems within the applicable warranty period, expressly outlining the nature of the alleged failure or breach.  Pegasystems will have no obligation to undertake correction of errors or performance degradation caused by (i) modification of Launchpad by Provider or any third party; (ii) the Provider Application(s); or (iii) the combination or use of Launchpad furnished hereunder with materials or services not furnished by Pegasystems (including the Provider Application). No disruptive or corrupting software that would damage, disable or compromise the security of a Provider Application will be intentionally or knowingly introduced into Launchpad by Pegasystems or its employees. 

(b) Disclaimer of Warranties.  EXCEPT AS SET FORTH IN SECTION 7(a) ABOVE, LAUNCHPAD AND ANY OTHER SERVICES PROVIDED BY PEGASYSTEMS ARE PROVIDED “AS IS,” AND PEGASYSTEMS DISCLAIMS ANY AND ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD THERETO, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT.  PEGASYSTEMS FURTHER DISCLAIMS ANY WARRANTY THAT LAUNCHPAD WILL MEET PROVIDER’S OR ANY SUBSCRIBER’S REQUIREMENTS, WILL OPERATE IN ALL THE COMBINATIONS WHICH MAY BE SELECTED FOR USE BY PROVIDER OR ANY SUBSCRIBER, OR THAT THE OPERATION OF LAUNCHPAD WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED OR REPAIRED.  

(c) No Warranty Pass Through. Provider shall not be entitled to make or pass through any warranties to any third parties regarding Launchpad. Provider shall be responsible for all representations and warranties it makes to Subscribers regarding the Provider Application(s). Provider indemnifies and holds Pegasystems harmless from and against any liabilities, losses, damages, costs and expenses, including attorneys’ fees and costs, incurred by Pegasystems resulting from any claims based on or related to any representation or warranty made by Provider regarding Launchpad or the Provider Application(s) that was not specifically authorized in writing by Pegasystems.  

5. Limitation of Liability. 

(a) Each party will have unlimited liability to the other party under this Agreement for actual, direct damages arising out of, or related to: 

i. a party’s obligation to indemnify the other party for third party claims under Section 9 of this Agreement (including related reasonable attorneys’ fees and court costs); or 

ii. a breach of a party’s confidentiality obligations under Section 10 of this Agreement or a party’s infringement or misappropriation of the other party’s intellectual property rights. 

(b) Notwithstanding anything to the contrary in Section 8(a)(ii) or elsewhere in this Agreement, Pegasystems’ liability for damages related to Subscriber Data shall be limited to actual direct damages in the amount of up to two times the fees received by Pegasystems from Provider in the prior twelve (12) months in connection with the Order under which such damages arose, or to which such damages relate. 

(c) Each party’s liability for all other claims or damages arising under, or related to, this Agreement (regardless of the type of damages, and whether for breach of contract, breach of warranty, tort or otherwise) will be limited to the amount of fees received by Pegasystems from Provider in the prior twelve (12) months in connection with the Order(s) under which such damages arose, or to which such damages relate (except any claim by Pegasystems for payments owed by Provider will be limited to the amount owed plus any additional amounts owed for use that exceeds the Scope of Use described in the Order(s)). 

9. Indemnification. 

(a) Pegasystems Indemnity.   

i. Pegasystems will indemnify and defend Provider against any third-party claim that Launchpad infringes any United States, Australian, Canadian or European Union trademark, copyright, trade secret or patent (“IPR”).  In the event Launchpad is found to be infringing or if Pegasystems deems it advisable as the result of a claim or threatened claim, Pegasystems will, in its reasonable discretion (a) procure for Provider the right to continue using Launchpad; (b) replace or modify Launchpad so that it becomes non-infringing; or (c) if (a) and (b) are not reasonably practicable as determined by Pegasystems in its discretion, terminate this Agreement as to the infringing Launchpad service.  These remedies will be Provider’s sole remedy for any IPR infringement claim. 

ii. Pegasystems shall have no liability for any claim of infringement based on or arising from (a) use of any version other than the latest version of Launchpad made available to Provider, to the extent the infringement would have been avoided by use of such version; (b) modification of Launchpad by Provider or any third party; (c) misuse of the Provider Application or Launchpad by Subscribers; (d) the Provider Application(s) or (e) the combination or use of the Launchpad furnished hereunder with materials or services not furnished by Pegasystems (including the Provider Application), to the extent such infringement would have been avoided by use of Launchpad alone (the “Excluded Activities”). 

iii. PEGASYSTEMS OBLIGATIONS IN THIS SECTION 9(a) SHALL BE ITS SOLE AND EXCLUSIVE LIABILITY TO PROVIDER, AND PROVIDER’S SOLE AND EXCLUSIVE REMEDY, WITH RESPECT TO ANY CLAIM OF INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS INVOLVING LAUNCHPAD. 

(b) Provider Indemnity.  Provider shall indemnify, defend and hold Pegasystems, its officers, directors, employees, shareholders and agents harmless from and against any and all liabilities, losses, damages, cost and expenses (including reasonable attorneys’ fees) incurred or suffered by Pegasystems as the result of (i) any material breach of this Agreement by Provider; (ii) any acts, omissions or breaches of any other agreements or commitments by Provider, including any agreements relating to the Provider Applications and Provider’s services; (iii) any claim against Pegasystems, including from any Subscriber, related to the Provider Application(s) or any Provider services; (iv) any claim against Pegasystems that the  Provider Application(s) or any Provider services infringes any patent, trademark, copyright, trade secret or other third-party intellectual property rights; or (v) the Excluded Activities.   

(c) In asserting any claim for indemnification, the relevant party must provide prompt written notice describing the claim and cooperate fully with the indemnifying party.  The indemnifying party will be entitled to control any proceedings or litigation for which it is indemnifying the other party, except that the indemnifying party will not, without the other party’s prior written consent (not to be unreasonably withheld), enter into any settlement that would require the other party to take any action, or refrain from taking any action, other than permitting the indemnifying party to pay money damages on its behalf. 

10. Confidentiality. 

(a) “Confidential Information” means all non-public information provided by or on behalf of a party to the other party unique to the disclosing party’s business, including but not limited to Launchpad and the Documentation.   

(b) Each party agrees that any Confidential Information is the exclusive proprietary property of the disclosing party or its licensors and may include trade secrets and other highly confidential information.   

(c) Each party agrees to receive and hold any Confidential Information supplied by the other party in confidence and agrees:  

i. not to disclose or publish any such Confidential Information to third parties except as provided in Section 10(c)(iii);  

ii. not to use any such Confidential Information except for those purposes specifically authorized by the disclosing party;  

iii. to disclose such Confidential Information only to those of its officers, directors, agents, subprocessors and employees who have a need to know, have been advised of the confidential nature of the Confidential Information, and who are under obligations of confidentiality to the receiving party; and 

iv. to follow the other party’s reasonable on-site security procedures.  

(d) The above confidentiality provisions will not apply to information that: 

i. is in the public domain at the time of its disclosure; 

ii. is disclosed with the prior written consent of the disclosing party; 

iii. becomes known to the receiving party from a source other than the disclosing party, provided such source is legally entitled to have and disclose the information; or 

iv. is independently developed by a receiving party without use of the Confidential Information of the disclosing party, as demonstrated by written records of such receiving party. 

(e) In the event that a receiving party is required by a court of law or by a governmental, regulatory or administrative agency, body or tribunal to disclose any of the Confidential Information of a disclosing party, the receiving party shall (i) provide the disclosing party with prompt prior written notice of such requirement so that the disclosing party may seek appropriate relief to prevent or limit such disclosure, and (ii) furnish only that portion of the Confidential Information which is legally required to be furnished or disclosed.   

(f) If, in connection with Launchpad, Provider communicates suggestions for improvements to Launchpad, Provider assigns to Pegasystems all of its right, title and interest (including all intellectual property rights) in such suggestions for improvements and Pegasystems will own all right, title, and interest in and to the same and shall be entitled use the same without restriction.   

Term and Termination. 

(a) Term.  This Agreement shall begin on the Effective Date and, unless earlier terminated in accordance with this Agreement, shall remain in place while any Order remains in effect.   

(b) Termination Rights.   

i. Upon any material breach of this Agreement that is not cured during a thirty (30) day period following written notice thereof from the non-breaching party to the other party, the non-breaching party may, on five (5) days’ written notice and without prejudice to any of its other rights and remedies, terminate this Agreement.   

ii. Pegasystems may terminate this Agreement on ten (10) days’ written notice, if Provider sells all or substantially all of its stock or assets to, or merges with or into another corporation or entity in which the surviving entity is, a direct competitor of Pegasystems, as determined by Pegasystems in its sole but reasonable discretion. 

(c) Effects of Termination.  Upon the effective date of any expiration or termination of this Agreement, regardless of cause, (i) all of Provider’s rights to market and access the Provider Application(s) and for Subscribers to access the Provider Application(s) shall immediately and automatically cease (unless and to the extent otherwise agreed by Pegasystems in writing); and (ii) Provider shall immediately return to Pegasystems, or at Pegasystems’ request, destroy, without the retention of copies in any media,  Documentation, marketing materials, Confidential Information and any other property of Pegasystems in Provider’s possession or under its control, including any possession by any employee, consultant, agent or representative of Provider.  Upon termination of the Agreement or any Order (other than for termination due to Pegasystems’ breach of the Agreement), the payment obligation for all fees for the full applicable term will be paid to Pegasystems at the time of termination of this Agreement or the Order. 

(d) Survival.  Notwithstanding any termination or expiration of this Agreement, the provisions of Sections 4(b) (Restrictions), 4(c) (Intellectual Property Protection), 4(e) (Ownership), 6 (Fees; Payment), 7(b) (Disclaimer of Warranties), 7(c) (No Warranty Pass Through), 8 (Limitation of Liability), 9 (Indemnification), 10 (Confidentiality), 11(c) (Effects of Termination), 11(d) (Survival), and 12 (General), shall survive any expiration or termination of this Agreement.  

12. General 

(a) Force Majeure.  Neither party will be responsible for any failure or delay of performance, other than for an obligation to pay money, due to causes beyond its reasonable control, including, without limitation, acts of God or nature; pandemics; labor disputes; sovereign acts of any federal, state or foreign government; or shortage of materials (each, a “Force Majeure Event”). 

(b) Independent Contractors.  Pegasystems and Provider are independent contractors and will so represent themselves in all regards.  Neither party may bind the other in any way.  Nothing in this Agreement will be construed to make either party the agent or legal representative of the other or to make the parties partner or joint venturers. 

(c) Non-solicitation.  Neither party will hire or contract with, either as an employee or an independent contractor (either directly or through a third party), any Covered Personnel of the other party.  The term “Covered Personnel” of a party will mean that party’s employees or any contractors retained by that party who were involved in the performance of this Agreement within the preceding six-month period, or any person who would have been considered Covered Personnel but for having terminated employment or contractual relationship within the past six months.  Breach of this Section 12(c) will constitute a material breach of this Agreement.   

(d) Assignment.  Provider may not assign this Agreement or the rights and licenses granted to Provider hereunder, whether by operation of law or otherwise, without the prior written consent of Pegasystems, which consent will not be unreasonably withheld. Any purported assignment in contravention of this section is null and void and shall be deemed a material breach of this Agreement. A transfer of a controlling interest in the equity of Provider shall be deemed an assignment for purposes of this subsection. Pegasystems may freely assign this Agreement without notice to or the consent of Provider. Subject to the foregoing, this Agreement will bind and inure to the benefit of any successors or assigns. 

(e) Anti-Corruption.  Pegasystems and Provider each represent and warrant to the other: (i) that it is aware of all anti-corruption legislation that applies to this Agreement and in particular the US Foreign Corrupt Practices Act 1977 and the U.K. Bribery Act 2010; (ii) it has implemented rules and procedures that enable it to comply with this legislation and adapt to any future amendments thereto; (iii) it has implemented appropriate rules, systems, procedures and controls for preventing the commission of Corrupt Acts, either by itself or its staff, and for ensuring that any evidence or suspicion of the commission of a Corrupt Act will be thoroughly investigated and unless prohibited by confidentiality or law, reported to the other party; (iv)  its records relating to its business, including accounting documents, are maintained and kept so as to ensure their accuracy and integrity; and (v) it has not made or offered or received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of the other party’s employees or agents in connection with this Agreement (reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction). If either party learns of any violation of the above restrictions, it will use reasonable efforts to promptly notify the other party at the address for notices in above.   

(f) Export Compliance. The export and re-export of Launchpad (including, for the avoidance of doubt, any Provider Application) is subject to the export control and sanctions laws, regulations, and orders of the United States, including but not limited to the Export Administration Regulations (“EAR”), International Traffic in Arms Regulations (“ITAR”), and regulations and orders administered by the Treasury Department’s Office of Foreign Assets Control (“OFAC”) (collectively, “Export Control Laws”). Provider agrees that it will not export, reexport, or transfer Launchpad to, allow access to Launchpad by, or use Launchpad in connection with transactions or dealings involving, persons (a) on lists of sanctioned or restricted parties maintained by the U.S. government, including but not limited to OFAC, the Commerce Department, or the State Department or (b) operating, organized, or resident in countries or territories that are the target of U.S. sanctions (currently, Cuba, Iran, Syria, North Korea, the Crimea region of Ukraine, and the so-called Donetsk People’s Republic and so-called Luhansk People’s Republic regions of Ukraine).  Further, Provider agrees that it will not export, reexport, or transfer Launchpad to any party, allow a party to access to Launchpad, or otherwise use Launchpad in violation of Export Control Laws. The export and re-export of Launchpad may also be subject to export and import controls under the laws and regulations of other countries. Provider agrees, at all times, to comply fully with the Export Control Laws and the local export and import controls of other countries. 

(g) U.S. Government Contracts.  This subsection applies when Launchpad is acquired directly or indirectly by or on behalf of the United States Government:  Launchpad is a commercial product, licensed on the open market; developed entirely at private expense; and without the use of any U.S. Government funds.  Use, duplication or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software Restricted Rights clause at FAR 52.227-19.  Use, duplication and disclosure by DOD agencies is subject solely to the terms of this Agreement as stated in DFARS 227.7202. 

(h) Cooperation; Usage and Distribution Validation.  Pegasystems and Provider agree that each will execute and deliver documents, including confirmations to Pegasystems’ auditors, and take such other actions as may reasonably be requested to achieve the transactions contemplated by this Agreement.  Pegasystems, at its sole expense, reserves the right, upon reasonable prior notice and without interfering with Provider’s business activities, to validate (i) Provider’s usage and distribution of Launchpad, and each Subscriber’s usage of Provider Application(s), including without limitation having reasonable access to system generated files from Subscribers and the Provider Application(s), and (ii) Provider’s compliance under this Agreement sufficient to show all related financial treatment and accounting for related transactions. Provider agrees to maintain sufficient, written records during the term of this Agreement and for at least three (3) years after the expiration of this Agreement to permit Pegasystems to validate the items in (i) and (ii) above. Pegasystems shall not have access to any of Provider’s trade secrets, proprietary tools, methodologies, or any components of Provider’s fixed sums, rates, mark-up, or internal cost information, and Provider shall be entitled to withhold or redact materials relating to such items or information. 

(i) Notices.  Any notices under this Agreement will be in writing and sent by certified mail, return receipt requested, or by a nationally or internationally recognized overnight delivery service, to the business address stated in this Agreement or to such other address as such party may have specified to the other in writing. 

(j) No Waiver.  Neither a failure of a party to exercise any power or right under this Agreement, nor a custom or practice of the parties with regard to the terms or performance under this Agreement, will constitute a waiver of the rights of such party to demand full compliance with the terms of this Agreement. 

(k) Entire Agreement.  This Agreement, its Exhibits and the Order(s) constitute the entire understanding of the parties and supersedes all previous agreements, statements and understandings from or between the parties regarding the subject matter of this Agreement. This Agreement also supersedes any conflicting language contained in any applicable past or future purchase order(s) regarding the subject matter of this Agreement.  In the event of any conflict between the terms of this Agreement and the terms of any Order, the terms of the applicable Order will control. This Agreement will not be modified except in a writing signed by an authorized representative of each party. 

(l) Enforceability.  If any portion of this Agreement is declared by a court of competent jurisdiction to be overbroad or unenforceable, the remainder of this Agreement will be valid and enforceable to the fullest extent permitted. 

(m) Counterparts. This Agreement may be signed in counterparts, including facsimile or PDF counterparts or electronic signatures, each of which will be a legally binding method of execution of this Agreement. 

(n) Governing Law.  This Agreement shall be governed by the laws of the Commonwealth of Massachusetts, excluding its conflicts of laws provisions. 

Agreed: 

EXHIBIT A 

DEFINITIONS 

“Acceptable Use Policy” means the current Pegasystems acceptable use policy as published from time to time at https://www.pega.com/acceptable-use 

“Business Contact Data” means business contact information (the names, titles and roles, business phone and facsimile numbers, business office and email addresses) of Provider’s, Subscriber’s, or Pegasystems’ employees and contractors.  

“Corrupt Act” means any act of seeking, authorizing, offering, promising or granting a financial or other benefit (including a payment, loan, gift or transfer of anything of value) for the purpose of inducing a private person or public official to perform his or her duties dishonestly or in breach of his or her professional, legal or contractual obligations and/or to obtain or retain business for Pegasystems and or Subscriber in an undue or dishonest manner.  

“Documentation” means the specifications and operating guides associated with Launchpad as published from time to time on Pegasystems’ web site at:  https://www.pegalaunchpad.com/terms 

“End User Subscription Agreement” means the contract between Provider and its Subscriber(s) that authorizes the Subscriber to access and use the Provider Application(s), which governs the use of such Provider Application(s) and which contains at a minimum the term list on Exhibit C. 

“Error” means a defect in Launchpad that prevents it from functioning in substantial conformity with the Documentation. 

“Intellectual Property Right” means any patent, copyright, trade name, trademark, trade secret, know-how, or any other intellectual property right or proprietary right whether registered or unregistered, and whether now known or hereafter recognized in any jurisdiction. 

“Order” means an agreement signed by both parties for Provider to receive Launchpad from Pegasystems.  Each Order will be non-cancelable and non-refundable, except to the extent expressly provided in this Agreement or such Order or under applicable law. 

“Launchpad” shall mean the Pegasystems-proprietary as-a-service application development platform for Provider’s use in building and delivering the Provider Application(s), including any enhancements, upgrades, updates, modifications, or other releases made available by Pegasystems under this Agreement.  

“Launchpad Data Storage” means the storage location of business data and application configuration data in Launchpad. 

“Launchpad DPA” means the Data Processing Addendum, available at the following link:  https:// pega.com/launchpad/dpa 

“Launchpad File Storage” means the volume of storage allocation provided for files associated with features such as object attachments.  

“Launchpad Security Controls” means Pegasystems’ and Provider’s controls regarding the security of Launchpad and Provider Applications(s) available at:  https://docs.pega.com/bundle/launchpad-subscription-documentation/page/launchpad/launchpad-security-standards-pega-launchpad.html  

“Pegasystems Marks” means Pegasystems’ trade names, trademarks and logos associated with Launchpad. 

“PII” means any Subscriber Data or other information relating to any identified or identifiable natural person, or otherwise regulated under data privacy laws applicable to Pegasystems, that is transferred, processed or stored by Launchpad by or on behalf of Provider or Subscriber. 

https://docs.pega.com/supportpega-client-handbook/supportpega-client-handbook “Provider Responsibilities” are the obligations of the Provider to follow best practices and guidance from Pegasystems to ensure the configuration of the Provider Application(s) are secure, performant and stable. For further information see Launchpad Provider Guide: https://docs.pega.com/bundle/launchpad-subscription-documentation/page/launchpad/launchpad-provider-responsibilities-pega-launchpad.html  

“Subscriber” means any third-party customer that is granted by Provider the right to access and use Provider Application(s). 

“Subscriber Data” means any information received from or on behalf of Provider or Subscriber that is stored, transferred, or processed by Launchpad or Provider Application(s).  

EXHIBIT B 

SECURITY STANDARDS 

1. Security Practices & Review 

1.1 Pegasystems shall maintain an information and physical security program for the protection of Provider and Subscriber personal information and confidential information in environments and on equipment controlled by Pegasystems (the “Pegasystems Security Program”).  

1.2 Pegasystems regularly re-evaluates and updates the Pegasystems Security Program as the industry evolves, new technologies emerge, or new threats are identified.  Upon request, Pega will maintain and make available on at least an annual basis, a reasonable information security questionnaire completed with answers concerning Pegasystems Security Program specific to the services provided under the applicable Order. 

1.3 The Pegasystems Security Program consists of the following: 

1. Physical Access  

• Pegasystems maintains physical security standards designed to prohibit unauthorized physical access to Pegasystems facilities and equipment. This is accomplished by the following practices: 
• physical access to locations is limited to Pegasystems employees, subcontractors and authorized visitors; 
• Pegasystems employees, subcontractors and authorized visitors are issued identification cards that must be worn while on premises; 
• monitoring access to Pegasystems facilities, including restricted areas and equipment within Pegasystems facilities; 
• all access to the data centers where Subscriber personal data is hosted is logged, monitored, and tracked; and 
• data centers are secured with alarm systems and video cameras.  

Access Control and Administration 

Pegasystems maintains the following standards for access control and administration in environments and on equipment controlled by Pegasystems or Pegasystems contractors.  

• administrator accounts are only be used for the purpose of performing administrative activities;  
• each account with administrative privileges must be traceable to a uniquely-identifiable individual; 
• all access to computers and servers must be authenticated and within the scope of an employee’s job function; 
• initial passwords must be changed by the user on first use; 
• the display and printing of passwords must be masked, suppressed, or otherwise obscured such that unauthorized parties will not be able to observe or subsequently recover them; 
• passwords must be uniquely identifiable to an individual; 
• passwords must be encrypted when transmitted or stored; 
• password complexity should never be less than three (3) out of four (4) character classes and must have character class choices such as upper-case letters, lower case letters, numeric digits, or special characters; 
• passwords must not contain three (3) or more identical consecutive characters; 
• password length must be configured to be at least twelve (12) characters; 
• passwords shall expire between ninety (90) and one hundred eighty (180) days depending on its length; twelve (12) characters – ninety (90) days, sixteen (16) characters – one hundred thirty-five (135) days, twenty plus (20+) characters – one hundred eighty (180) days; 
• automatic time-out of access to computers and servers if left idle with the requirement for password authentication for re-access; and 
• per Pega policy, accounts must be set to lockout after six (6) erroneous failed login attempts. 

Virus Scanning and Logging 

• Computers and servers have commercially reasonable up-to-date versions of system security software which may include host firewall, anti-virus protection and up-to-date patches and virus definitions. Such software is configured to scan for and promptly remove or fix identified findings.  
• Pegasystems maintains logs of various components of the infrastructure and an intrusion detection system to monitor, detect, and report misuse patterns, suspicious activities, unauthorized users, and other actual and threatened security risks.   

Encryption 

• Pega encrypts all data in transit over public networks. 
• Data originating from or residing within Pega networks is encrypted at rest.    

2. Pegasystems Personnel  

2.1. Employees and contractors are required by policy to be trained on Pegasystems’ privacy and security policies and made aware of their responsibilities regarding privacy and security practices.   

2.2. Pegasystems employees and contractors are contractually bound to maintain the confidence of Provider and Subscriber personal information or confidential information and comply with applicable Pegasystems policies, standards or requirements in relation to the processing of Provider and Subscriber personal information. Failure to comply with those policies, standards or requirements will be subject to investigation which may result in disciplinary action up to and including termination of employment or engagement by Pegasystems and legal action as appropriate. 

3. Security Breach Notification and Security Incident Management 

3.1 Pegasystems will notify Provider within twenty-four (24) hours of becoming aware of a Security Incident.  A “Security Incident” means the unauthorized access to or use of Provider or Subscriber information on environments or equipment controlled by Pegasystems affecting the confidentiality, availability and integrity of such Provider or Subscriber confidential information. Pegasystems will provide Provider with updates on the status of the Security Incident until the matter has been remediated. The reports will include, without limitation, a description of the Security Incident, actions taken and remediation plans. 

• Notice of a Security Incident shall be sent via email to the security contacts that Provider designates.    
• Similarly, if Provider becomes aware of a Security Incident that affects the Services, Provider shall, without undue delay, notify Pegasystems of such and inform Pegasystems of the scope of the Security Incident.  Such notice from Provider to Pegasystems should be provided to: [email protected] and/or 1-617-866-6800. 

3.2 Proportionate to acts or omissions of Pegasystems resulting in a Security Incident, and subject to terms and limitations set forth in the Agreement, Pegasystems agrees to pay reasonable costs for: (i) required notice to individuals affected by the Security Incident; and (ii) credit monitoring service for twelve (12) months for affected data subjects, except to the extent applicable law specifies a longer period for applicable credit monitoring services, in which case such longer period shall then apply. 

3.3 Pegasystems will, at the request and cost of the Provider: 

• Provide reasonable assistance to the Provider in notifying a Security Incident to the supervisory authority competent under the privacy laws applicable to the Provider; and  
• Provide reasonable assistance to the Provider in communicating a Security Incident to data subjects in cases where the Security Incident is likely to result in a high risk to the rights and freedoms of individuals. 

EXHIBIT C 

END USER SUBSCRIPTION AGREEMENT TERMS AND CONDITIONS 

Every End User Subscription Agreement shall include contractual provisions which: 

1. Restrict the Subscriber's use of Provider Application(s) to use only within the scope of the applicable Order and only in object code form, and state that such usage rights do not transfer any ownership interest in Launchpad or Provider Application(s), and that the End User Subscription Agreement is terminable for uncured material breach.  Except for the usage rights granted, all right title and interest in and to Launchpad and any derivatives, modifications and enhancements remain with Pegasystems. 

2. Prohibit any assignment, timesharing or rental of Provider Application(s), or its use by any third party other than the Subscriber. The Launchpad provided to Provider hereunder shall extend solely to Subscribers for their internal business use of Provider Application(s), and not for outsourcing or third-party processing as provided by the Agreement. 

3. Prohibit any reverse engineering, disassembly, recompilation, modification, or duplication (except for routine back-up purposes) of Launchpad or Provider Application(s). 

4. Disclaim the Subscriber’s right to assert claims for damages against, or recover damages from, Pegasystems arising from the Subscriber’s use of Launchpad or Provider Application(s) by clearly stating that Provider is the party whom any claim or recovery by the Subscriber should be asserted against. 

5. Require the Subscriber, at the termination of its End User Subscription Agreement, to immediately discontinue use of Launchpad and Provider Application(s) and immediately return to Provider all copies of any documentation provided pursuant to an End User Subscription Agreement or otherwise. 

6. Prohibit publication or dissemination by the Subscriber of any results of benchmark or other testing run on Launchpad or Provider Application(s) without Pegasystems’ prior written approval. 

7. Require the Subscriber to maintain the non-public and proprietary character of Launchpad and Provider Application(s). 

8. Require the Subscriber to comply fully with all applicable laws and regulations (including relevant export U.S. restrictions, regulations to assure that Launchpad is not, directly or indirectly, provisioned or exported in violation of U.S. law, and all relevant anti-corruption legislation). 

9. Require the Subscriber to not use shared User IDs, or aggregating technologies such as concentrators, multiplexers, gateways or edge servers, to avoid or reduce the counting of individuals that use Launchpad or Provider Application(s). 

10. Reserve the right to validate Subscriber’s usage of Provider Application(s) and its compliance under the terms of this Exhibit C, including audit and other usage validation rights, including having access to system generated files from Subscriber applications. 

11. Disclaim Pegasystems’ liability for any direct, indirect, incidental, special, punitive, or consequential, (including any loss of profits, revenue, use, or data, arising from the use of Launchpad or Provider Application(s)). 

12. Disclaim any warranties, express or implied, from Pegasystems to the Subscriber, including, without limitation, implied warranties of merchantability, fitness for a particular purpose, title, or non-infringement. 

13. Require Subscriber to comply, throughout Subscriber’s use of the Provider Application(s), with all applicable data privacy laws and regulations in relation to Subscriber Data, including, without limitation, to provide any necessary notices and obtain any necessary consents relating to Subscriber’s collection and use in relation to Launchpad or Provider Application(s) of such Subscriber Data. 

14. To the extent the Subscriber’s use of the Provider Application(s) involves the processing by Pegasystems of Subscriber Data which includes PII on Subscriber’s behalf, require that a DPA including sufficient data privacy protections be incorporated by reference.  

15. Reserve Pegasystems’ right to store, access, and process the Subscriber’s Business Contact Data for the purpose of performing any obligations under this Agreement, and Pegasystems’ right to share Subscriber’s Business Contact Data with its contractors, partners, assignees and others acting on Pegasystems’ behalf under this Agreement.