FY2024 Product Descriptions
Product Descriptions
Enterprise Services Agreement
Data Processing Addendum
Clickwrap Order Form Rider
Free Trial License Agreement
Terms of Service
Privacy Policy
Sandbox Trial License Agreement

FY2024 Product Descriptions

Version

Effective March 6, 2023

Download

Ironclad CLM

Ironclad CLM provides access to create, manage, and store contracts. CLM also automatically extracts important contract data for verification when a customer uploads contracts to their repository.

Ironclad CLM User Types

Requester Seats have the ability to:

Create contract requests using workflow launch forms
View, comment on, and search for contracts that they have launched and/or participated in
Sign contracts

Standard Seats are for business users who interact with all aspects of the Ironclad platform, but do not make changes to admin settings or workflow configurations. In addition to the abilities of Requester Seats, they have the ability to:

Manage and update contract versions using Ironclad Editor, Share Document, and document upload/download functionality
Search and view contracts in the Repository and Dashboard
Be designated as a workflow approver in Workflow Designer
Create and view reports in Insights

Administrator Seats have full access to Ironclad's platform, allowing them to control user permissions, workflow configurations, integrations, and other admin settings. In addition to the abilities of Standard Seats, they have the ability to:

Create and maintain workflow configurations in Workflow Designer
Manage Groups, API Access, User Management, and Integration settings

Note: For all user types, a user account is associated with a single email address. Multiple individuals may not share the same user account unless those individuals also have their own independent accounts.

Ironclad CLM Add-ons

Ironclad's Coupa Integration streamlines the contract process for procurement with the ability to:

Launch an Ironclad Workflow from a requisition request
Automatically approve workflows in Ironclad based on Coupa approvals
Automatically hold purchase order generation until a contract is executed in Ironclad

Ironclad's Salesforce Integration includes access to Ironclad’s Salesforce Managed Package through the Salesforce AppExchange, and access to Ironclad-side configuration settings to configure the following functionality:

Workflow Launch: Launch workflows from within Salesforce using a custom Lightning Web Component and map Salesforce fields to Ironclad workflow attributes
Workflow Sync: Sync Ironclad process data to Salesforce via a custom object and provide users with the ability to refresh Ironclad workflows with updated source data from Salesforce
Record Sync: Sync completed contracts and properties from Ironclad’s Repository to Salesforce’s standard Contract object or a custom object

API Access: API access includes access to REST endpoints, webhooks, authentication tokens, and Ironclad-side configuration settings for Ironclad Workflows and Repository. API Access is capped at the total of 100 API calls per user per 24-hour period * the number of seats on your Ironclad CLM platform. API Access does not include access to Ironclad Clickwrap API endpoints.

Additional API calls: Additional API calls per user per 24-hour period beyond the standard 100 API calls per user per 24-hour period * the number of seats on your Ironclad CLM platform.

Additional Smart Import Uploads: Additional Smart Import uploads beyond the annual imports that come with an Ironclad CLM subscription.

Non-production Separate Instance: Ironclad instance for non-production uses such as training and testing.

Use of Ironclad's EU data center: Ironclad's European Union data center is based in Belgium with a backup center in Germany. This data center allows EU customers to store their data locally within the EU.

Additional 1TB of Storage: Additional storage beyond the standard 1 TB amount.

Ironclad Public Workflows

Ironclad's Public Workflows include self-service, publicly hosted contracts triggered by a launch form and accepted either using Click-to-Accept or an integration with an esignature provider. Ironclad’s Public Workflows come with 2 Administrator seats, which give users full access to Ironclad's platform, allowing them to control the user permissions, workflow configurations, integrations, and other settings needed to set up and maintain public workflows.

Ironclad Public Workflow Add-ons

Additional Click-to-Accepts (CTAs): Additional CTAs beyond the annual CTAs that come with your Public Workflow package.

Ironclad Legal Centers

Legal Centers provide the ability to manage, publish, and host legal terms online and incorporate them by reference in other documents. Package includes:

1 Legal Center link
Branding with company logo
Standard domain (No HTML/CSS customization)

Ironclad Clickwrap

Ironclad Clickwrap editions vary in features offered and may include access to some or all of the following:

Embedded Contracts: Your license will include access to embedded contracts
API (Application programming interface): Ironclad Clickwrap provides activity and REST APIs for customers to access clickwrap functionalities programmatically
JavaScript Snippet: The code snippet to be embedded on the customer website to display clickwrap agreements
SDK (Software development kit): SDKs are wrapper for customers to access Ironclad Clickwrap APIs in their programming languages
Snapshots: Snapshots allows users to configure, manage, and capture visual evidence of the clickwrap acceptance records
Legal Centers: Web pages that Ironclad Clickwrap generates automatically to present your legal contracts
Public Workflows: Self-service, publicly hosted contracts triggered by a launch form and accepted either using Click-to-Accept or an integration with an esignature provider
Static Clickwrap records: Electronic records of acceptance that are created by Embedded Contracts that have no dynamic fields or conditions in the contract
Dynamic Clickwrap records: Electronic records of acceptance that are created by Embedded Contracts that do have dynamic fields or conditions in the contract

Higher tier packages also include features like additional API access, dynamic and multi-language clickwrap agreements, custom branding and domains, Snapshot automation, developer sandboxes, and more.

Additional entitlements can be purchased, and are outlined in the section “Ironclad Clickwrap Add-Ons”.

Ironclad Clickwrap Add-ons

Additional Static Clickwrap records provide additional Static Clickwrap records that are created and stored. These additional records are bought on an annual basis and must be used within the term of the Ironclad Clickwrap subscription.

Additional Dynamic Clickwrap records provide additional Dynamic Clickwrap records that are created and stored. These additional records are bought on an annual basis and must be used within the term of the Ironclad Clickwrap subscription.

Custom Service Level Agreement provides customers on Ironclad Clickwrap Professional and Enterprise a guaranteed level of system availability.

Success Plans

The Standard Success Plan helps you achieve your goals with self-guided resources and access to 8AM-8PM EST Technical Support. Included in this package are:

24/7 Success Resources: Unlimited access to live and self-paced training available on Ironclad Academy and Knowledge Base content in the Ironclad Help Center, and access to the Ironclad Community forums.
Technical Support: Access to Ironclad Technical Support Experts from 8AM-8PM EST through written cases.
Technical Support first response times for issues as classified by Ironclad:
- P0: 4 hours
- P1: 8 hours
- P2: 24 hours
- P3: 48 hours

The Priority Success Plan helps you achieve your goals with self-guided resources and accelerated response times with our Technical Support team. Included in this package are:

24/7 Success Resources: Unlimited access to live and self-paced training available on Ironclad Academy and Knowledge Base content in the Ironclad Help Center, and access to the Ironclad Community forums.
Technical Support: Access to Ironclad Technical Support Experts from 8AM-8PM EST through written cases.
Technical Support first response times for issues as classified by Ironclad:
- P0: 4 hours
- P1: 6 hours
- P2: 12 hours
- P3: 24 hours

The Premier Success Plan provides you with access to success management assistance for adoption guidance during business hours as well as accelerated response times with our Technical Support team. Included in this package are:

24/7 Success Resources: Unlimited access to live and self-paced training available on Ironclad Academy and Knowledge Base content in the Ironclad Help Center, and access to the Ironclad Community forums.
Success Management: Aligned Success Manager to assist with adoption, best practices, and use-case optimization on the Ironclad platform. This includes 1:1 account and optimization reviews 2-3 times per year, in addition to an annual business review.
Technical Support: Access to Ironclad Technical Support Experts from 8AM-8PM EST through written cases.
Technical Support first response times for issues as classified by Ironclad:
- P0: 2 hours
- P1: 4 hours
- P2: 12 hours
- P3: 24 hours

The Enterprise Success Plan provides you with our highest level of access to success management assistance during business hours, including proactive health monitoring and adoption guidance.

24/7 Success Resources: Unlimited access to live and self-paced training available on Ironclad Academy and Knowledge Base content in the Ironclad Help Center, and access to the Ironclad Community forums.
Success Management: Aligned Success Manager for ongoing 1:1 personalized and recurring planning sessions, business reviews, and joint success plans centered around strategic goals and performance metrics.
Technical Support: Access to Ironclad Technical Support Experts from 8AM-8PM EST through written cases and live chat.
Technical Support first response times for issues as classified by Ironclad:
- P0: 1 hour
- P1: 2 hours
- P2: 4 hours
- P3: 8 hours

For all Success Plans, the following definitions apply:

P0 - Ironclad production issue affecting all users, including system unavailability and data integrity issues with no workaround available. Software is materially non-functional.
P1 - Significant or ongoing interruptions of use of critical software functions with no acceptable workaround available.
P2 - Minor or limited interruptions of use of a non-critical software function. Issue affecting some but not all users. Short-term workaround is available.
P3 - General questions and issues pertaining to the software. Information requested about software capabilities, usability, deployment or configuration.

Product Descriptions

Version

Effective October 11, 2022

Download

Subscription Packages

Ironclad CLM provides access to create, manage, and store contracts. Our CLM packages are designed to meet a range of needs, and vary in the number of workflows, number of users, and type of success plans they provide. While they’ve been developed based on the usage patterns of our customer base, we know that each customer is unique, and that customers may need more entitlements over time. Additional entitlements can be purchased, and are outlined in the section, “Subscription Add-Ons”.

Ironclad Clickwrap provides access to Ironclad Clickwrap. Our packages are designed to meet a range of needs, and vary in the features offered, as well as the number of embedded contracts and APIs/month they provide. All packages include APIs, JS Snippets, and SDKs; configurable clickwrap layouts and styles; and ability to manage online terms with Legal Centers. Higher tier packages may also include features like dynamic and multi-language support clickwrap agreements; custom branding, HTML, CSS of Legal Centers; custom domain; snapshots and more. While our packages have been developed based on the usage patterns of our customer base, we know that each customer is unique, and that customers may need more entitlements over time. Additional entitlements can be purchased, and are outlined in the section, “Subscription Add-Ons”.

Subscription Add-Ons

Workflows are processes configured in Workflow Designer to create, review, sign, and archive contracts. Workflows can accommodate multiple templates, depending on Customer’s business process and templates, but, as a best practice, Ironclad recommends limiting a single workflow to one contract type, with no more than three unique contract templates.

Standard Users have the ability to:

View contracts in the Repository and Dashboard
Create contract requests using workflow launch forms or via the Salesforce integration, if applicable.
Manage and update contract versions using Ironclad Editor, Share Document, and document upload/download functionality.
Collaborate and track workflow steps using Activity Feed, @mentions, and ad-hoc approvals.

A user account is associated with a single email address. Multiple individuals may not share the same user account unless those individuals also have their own independent accounts.

Power Users have the same permissions as Standard Users as well as the abilities to:

Be designated as a workflow approver or signer.
Create and maintain workflows in Workflow Designer.
Manage Groups, API Access, User Management, and Integration settings.

Smart Import – Smart Import automatically extracts important contract data for verification when a customer uploads contracts to their Repository. Customers receive 500 trial uploads included with the Ironclad CLM platform at no additional cost and may purchase additional access after 500 uploads.

Additional 1TB of Storage – Additional storage beyond the standard 1 TB amount.

API Access includes access to REST endpoints, webhooks, authentication tokens, and Ironclad-side configuration settings for Ironclad Workflows and Repository. API Access is capped at 100 API calls per user per 24-hour period. API Access does not include access to Ironclad Clickwrap API endpoints for interacting with Ironclad's clickwrap transaction platform.

Salesforce Integration includes access to Ironclad’s Salesforce Managed Package through the Salesforce AppExchange and access to Ironclad-side configuration settings to configure the following functionality:

Workflow Launch: Launch workflows from Salesforce using a custom button and map Salesforce fields to Ironclad workflow attributes.
Workflow Sync: Sync Ironclad process data to Salesforce via a custom object and provide users with the ability to refresh Ironclad workflows with updated source data from Salesforce.
Record Sync: Sync completed contracts and properties from Ironclad’s Repository to Salesforce’s standard Contract object or a custom object.

Coupa Integration streamlines the contract process for procurement with the ability to:

Launch an Ironclad Workflow from a requisition request.
Automatically approve workflows in Ironclad based on Coupa approvals.
Automatically hold purchase order generation until a contract is executed in Ironclad.

Non-Production Separate Instance – Ironclad instance for non-production uses such as training and testing.

Production Separate Instance – Ironclad instance for production uses that would separate the included Ironclad accounts from Customer’s other Ironclad production instances.

Clickwrap for CLM enables:

Click-to-Accept as a mode of acceptance within Workflow Designer
A specified number of Click-to-Accept agreements (shown in the Order Form) per year across all workflows
Public Workflows

Embedded Contract Locations allow users of Ironclad Clickwrap to choose online terms to be presented in a clickwrap agreement, clickwrap layout and style, and additional options for tracking acceptance of clickwrap agreements.

Additional Embedded Contract Locations provide additional configurations to track separate, distinct locations of clickwrap agreements such as clickwrap agreements for different brands, applications, websites, or mobile apps.

Snapshot Locations are defined as locations or URLs where Snapshots will be taken. Snapshot Locations can be set up with an Embedded Contract Location to capture metadata of a clickwrap agreement as well as visual evidence of what the clickwrap agreement looked like when it was presented to the counterparty. Snapshot Locations can be set up to automatically capture this visual evidence on a daily, weekly, or monthly cadence for web and mobile web URLs.

Success Plans

The Standard Success Plan helps you achieve your goals with self-guided resources and access to 8AM-8PM EST Technical Support.

Community Success: Unlimited access to live and self-paced training available on Ironclad Academy and Knowledge Base content in the Ironclad Help Center, and exclusive access to the Ironclad Community.
Technical Support: Access to Ironclad Technical Support Experts from 8AM-8PM EST.

The Premier Success Plan provides you with access to success management assistance during business hours, including proactive health monitoring; adoption guidance and 24x7 technical support for mission critical incidents.

Community Success:Unlimited access to live and self-paced training available on Ironclad Academy and Knowledge Base content in the Ironclad Help Center, and exclusive access to the Ironclad Community.
Digital Success Management: Access to on-demand success resources to assist with providing adoption; best practices and use-case optimization on the Ironclad platform.
Technical Support: Access to Ironclad Technical Support Experts from 8AM-8PM EST including 24x7 access for mission critical incidents.

The Enterprise Success Plan provides you with our highest level of access to success management assistance during business hours, including proactive health monitoring, adoption guidance and 24x7 technical support for mission critical incidents.

Community Success: Unlimited access to live and self-paced training available on Ironclad Academy and Knowledge Base content in the Ironclad Help Center, and exclusive access to the Ironclad Community.
Designated Success Manager: Direct access to a designated Customer Success Manager, responsible for leading business reviews with usage metric analysis
Technical Support: Access to Ironclad Technical Support Experts from 8AM-8PM EST including 24x7 access for mission critical incidents.

Enterprise Services Agreement

Version

Effective December 19, 2022

Download

If you would like to discuss the terms of this agreement, please reach out to your Ironclad representative. Please do not download and redline from a PDF version.

ENTERPRISE SERVICES AGREEMENT

This Enterprise Services Agreement is entered into by and between Ironclad, Inc. (“Ironclad”) and the organization (“Customer”) executing an Order Form or similar form referencing or otherwise incorporating this Agreement (“Order Form”). This Agreement shall be effective as of the “Effective Date” of the first Order Form between Customer and Ironclad.

DEFINITIONS
1. “Affiliate” means a legal entity that controls, is controlled by, or is under common control with a party, where “control” is defined as owning more than 50% of the voting shares of such entity.
2. “Agreement” means this Enterprise Services Agreement, any Exhibits, and each Order Form(s).
3. “Authorized User” means an employee or contractor of Customer or its Affiliates that Customer has registered to access and use the Enterprise Services.
4. “Confidential Information” means any business or technical information disclosed by one party to the other party, including Customer Data, provided that it is identified as confidential at the time of disclosure or that under the circumstances, a person exercising reasonable business judgment would understand it to be confidential or proprietary.
5. “Customer Data” means the data and information input or uploaded into the Enterprise Services by Customer or Authorized Users.
6. “Enterprise Services” means the cloud-based web platform delivered and accessible through https://www.ironcladapp.com that provides contract management and workflow-related services (the “CLM Services”), and/or the cloud-based web platform delivered and accessible through Ironclad’s website located at: https://app.pactsafe.com that provides contract acceptance, clickwrap, and legal term-management-related services (the “Clickwrap Services”), and the services performed by Ironclad to configure and rollout the platform(s) to Customer and Authorized Users, as described in an applicable Order Form.
7. “Order Form” means the document that Customer uses to order the Enterprise Services that is signed by both Customer and Ironclad.
8. “Intellectual Property Rights” means patent rights (including, without limitation, patent applications and disclosures), copyrights, trade secrets, moral rights, know-how, and any other intellectual property rights recognized in any country or jurisdiction.
ENTERPRISE SERVICES
1. Enterprise Services. Customer and its Authorized Users may access and use the Enterprise Services solely for Customer’s own business purposes in accordance with the Agreement.
2. Cooperation and Assistance. Customer will cooperate with Ironclad in good faith and provide to Ironclad the information and personnel that Ironclad reasonably requests and requires to provide the Enterprise Services. Customer, at its option, may utilize certain third-party software and services with the Enterprise Services and is responsible for acquiring and maintaining all such third-party software and services required to access, use, or integrate with the Enterprise Services, including all costs related to the foregoing.
3. Authorized Users. Customer will keep its user IDs and passwords for the Enterprise Services confidential and will be responsible for all actions taken under an Authorized User’s account. Customer will comply with all applicable laws, rules and regulations in connection with its use of the Enterprise Services. Customer will promptly notify Ironclad of any suspected violation of this Agreement by an Authorized User and will cooperate with Ironclad to address the suspected violation. Ironclad may suspend an Authorized User’s access to the Enterprise Services upon notice to Customer in the event that Ironclad reasonably determines that such Authorized User violated this Agreement.
4. Restrictions. Customer will not allow anyone other than Authorized Users to access or use the Enterprise Services from Customer’s accounts. Customer will not and will ensure that its Authorized Users do not: (i) attempt to interfere with or disrupt the Enterprise Services (or any related systems or networks) or use the Enterprise Services other than directly for Customer’s benefit; (ii) copy, modify or distribute any portion of the Enterprise Services; (iii) rent, lease, or resell the Enterprise Services; (iv) transfer any of its rights hereunder; or (v) reverse-engineer or access the Enterprise Services in order to build a competitive product or service.
5. Customer Data. Customer is responsible for obtaining any necessary right and licenses for use of the Customer Data by Customer and Ironclad as contemplated in this Agreement. Customer agrees that it has the legal right and authority to access, use and disclose to Ironclad any Customer Data. Customer authorizes Ironclad to access, process, and use the Customer Data as necessary to perform and fulfill its obligations hereunder. Ironclad will process and maintain Customer Data consistent with the Data Processing Addendum located at https://legal.ironcladapp.com/#dpa on the Effective Date and hereby incorporated by reference.
6. Information Security. Ironclad will use commercially reasonable and industry standard technical and organizational measures designed to prevent unauthorized access, use, alteration or disclosure of the Enterprise Services or Customer Data.
7. Usage Data. Ironclad may collect and analyze data and other information relating to the provision, use and performance of the Enterprise Services and related systems and technologies therefrom (“Usage Data”) in order to improve and enhance the Enterprise Services. Insights drawn from Usage Data may be disclosed to Customer and other users of the Enterprise Services in connection with their respective use of the Enterprise Services; provided that, if Ironclad discloses insights drawn from Usage Data, then all Usage Data in such disclosures will be anonymized and aggregated, will not identify Customer or Customer’s users, and will not be disclosed in a manner that would permit a third party to determine Customer’s or Customer’s users’ identity.
8. Electronic Signatures. Customer acknowledges and agrees that: (i) as between Ironclad and Customer, Customer has exclusive control and responsibility for the content, quality, and format of any documents used with the Enterprise Services; (ii) certain types of documents, agreements, or contracts may be excluded from general electronic signature laws (such as wills, trusts, court orders, or family law matters), or may have specific regulations that are applicable to them; and, (iii) Customer is solely responsible for ensuring that the documents, agreements or contracts it uses with the Enterprise Services are appropriate for electronic signatures, and Ironclad is not responsible or liable for any such determination or use; (iv) Consumer protection laws or regulations may impose specific requirements for electronic transactions involving consumers, Customer is solely responsible for ensuring it complies with all such laws/regulations, and Ironclad has no obligations to make such determination or assist with fulfilling any requirements therein; (v) Ironclad is not responsible for determining how long any contracts, documents, or other records are required to be retained or stored under any applicable laws; and (vi) Ironclad is not responsible for or liable to produce any of Customer’s contracts or other documents to any third parties. If Customer is using an API or other service that allows Customer to perform any end user/participant/signer authentication, then Customer is solely responsible and liable for such authentication.
FEES; EXPENSES; TAXES
1. Fees. Customer will pay to Ironclad the fees in accordance with the terms set forth in the applicable Order Form(s) and this Section 3.
2. Invoices; Payment. Ironclad will invoice Customer annually in advance for the Enterprise Services and each invoice will be due and payable in accordance with the Order Form. All payment obligations are non-cancellable, and other than as provided in the Agreement, all amounts paid are non-refundable. If any undisputed amounts payable by Customer are still outstanding more than fifteen (15) days after Customer receives notice of non-payment, Ironclad will be entitled, in its sole discretion, to withhold performance and discontinue Customer’s access to the Enterprise Services until all undisputed amounts past due are paid in full.
3. Taxes. All Fees and other amounts stated or referred to in this Agreement are exclusive of all taxes, duties, levies, tariffs, and other governmental charges (collectively, “Taxes”). Customer will be responsible for payment of all Taxes and any related interest and/or penalties resulting from any payments made hereunder, other than any taxes based on Ironclad’s net income. If Ironclad has the legal obligation to pay or collect Taxes for which Customer is responsible, the appropriate amount shall be invoiced to and paid by Customer unless Customer provides Ironclad with a valid tax exemption certificate authorized by the appropriate taxing authority.
PROPRIETARY RIGHTS.
1. Customer owns and retains: (i) the Customer Data; (ii) Customer’s name, logo and other trademarks; and (iii) all Intellectual Property Rights in and to any of the foregoing.
2. Ironclad owns and retains: (i) the Enterprise Services, and all improvements, enhancements or modifications made by any party; (ii) the Usage Data; (iii) any software, applications, inventions or other technology developed by Ironclad in connection with providing the Enterprise Services; (iv) Ironclad’s name, logo, and other trademarks; and (v) all Intellectual Property Rights in and to any of the foregoing.
CONFIDENTIALITY
1. Use and Nondisclosure. A receiving party will not use the disclosing party’s Confidential Information except as necessary under this Agreement and will not disclose Confidential Information to any third party except: (a) to those of its employees and contractors who have a business need to know such Confidential Information; provided that each such employee and contractor is bound to confidentiality restrictions at least as restrictive as the terms set forth in this Agreement or (b) as further described in the Data Processing Addendum. Each receiving party will protect the disclosing party’s Confidential Information from unauthorized use and disclosure using efforts equivalent to the efforts that the receiving party uses with respect to its own confidential information and in no event less than a reasonable standard of care. The provisions of this Section 5(a) will remain in effect during the Term and for a period of five (5) years after the expiration or termination thereof, except with regard to trade secrets of the disclosing party, which will be held in confidence for as long as such information remains a trade secret.
2. Exclusions. The obligations and restrictions set forth in Section 5(a) will not apply to any information that: (i) is or becomes generally known to the public through no fault of or breach of this Agreement by the receiving party; (ii) is rightfully known by the receiving party at the time of disclosure; (iii) is independently developed by the receiving party without access to the disclosing party’s Confidential Information; or (iv) the receiving party rightfully obtains from a third party who has the right to disclose such information without breach of any confidentiality obligation to the disclosing party.
3. Permitted Disclosures. The provisions of this Section 5 will not restrict either party from disclosing the other party’s Confidential Information: (i) pursuant to the order or requirement of a court, administrative agency, or other governmental body; provided that to the extent legally permitted, the party required to make such a disclosure gives reasonable notice to the other party to enable it to contest such order or requirement or limit the scope of such request; (ii) on a confidential basis to its legal or professional financial advisors; (iii) as required under applicable securities regulations.
4. Injunctive Relief. The receiving party acknowledges that disclosure of Confidential Information could cause substantial harm for which damages alone may not be a sufficient remedy, and therefore that upon any such disclosure by the receiving party, the disclosing party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.
WARRANTY
1. Warranty for Enterprise Services. Ironclad warrants solely to Customer that (i) the Enterprise Services will materially conform to the description set forth in this Agreement and the applicable Order Form; and (ii) the Enterprise Services will materially comply with all applicable laws, including federal, state, and local; in each case under normal use and circumstances when used consistently with the terms of this Agreement. As Ironclad’s sole and exclusive liability and Customer’s sole and exclusive remedy for any breach of the warranties set forth in this Section 6(a) Ironclad will use commercially reasonable efforts to modify the Enterprise Services to correct the non-conformity.
2. Disclaimer. EXCEPT AS EXPRESSLY PROVIDED IN SECTION 6(a), IRONCLAD MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, EXPRESS OR IMPLIED, IN CONNECTION WITH THIS AGREEMENT OR THE ENTERPRISE SERVICES AND IRONCLAD HEREBY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, ACCURACY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. IRONCLAD DISCLAIMS ANY WARRANTY THAT THE ENTERPRISE SERVICES WILL BE ERROR FREE OR UNINTERRUPTED OR THAT ALL ERRORS WILL BE CORRECTED. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED FROM IRONCLAD OR ELSEWHERE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT. Customer assumes sole responsibility and liability for results obtained from the use of the Enterprise Services and for conclusions drawn from such use. Ironclad will have no liability for any claims, losses, or damages caused by errors or omissions in any Customer Data or other information provided to Ironclad by Customer in connection with the Enterprise Services or any actions taken by Ironclad at Customer’s direction. Ironclad will have no liability for any claims, losses or damages arising out of or in connection with Customer’s or any Authorized User’s use of any third-party products, services, software or web sites that Customer may choose to integrate or use with the Enterprise Services.
TERM AND TERMINATION
1. Term. This Agreement will commence on the Effective Date and continue for the period specified in the Order Form (the “Term”), unless terminated earlier as provided in this Agreement.
2. Termination for Cause. Either party may terminate this Agreement upon written notice if the other party breaches any material terms of this Agreement and fails to correct the breach within thirty (30) days following written notice from the non-breaching party specifying the breach.
3. Rights and Obligations Upon Expiration or Termination. Upon expiration or termination of this Agreement, Customer’s and Authorized Users’ right to access and use the Enterprise Services will immediately terminate and each will immediately cease all use of the Enterprise Services. Upon expiration or termination of this Agreement, Ironclad will deliver a then-current export of the Customer Data to Customer.
4. Survival. The rights and obligations of Ironclad and Customer contained in Sections 2(g) (Usage Data), 3 (Fees; Expenses; Taxes), 4 (Proprietary Rights), 5 (Confidentiality), 7(c) (Rights and Obligations Upon Expiration or Termination), 7(d) (Survival), 8 (Indemnification), 9 (Limitation of Liability), and 10 (General) will survive any expiration or termination of this Agreement.
INDEMNIFICATION
1. Indemnification by Ironclad. Ironclad will defend Customer, its officers, directors and employees, from and against any suit or action brought by a third-party against Customer: (i) alleging that the Enterprise Services, as provided by Ironclad and when used by Customer pursuant to this Agreement, infringes any Intellectual Property Right of a third party (the “IP Indemnity”); or (ii) resulting from unauthorized disclosure and misuse of Customer Data directly resulting from Ironclad’s breach of its obligations under Section 2(e) (Customer Data) or Section 2(f) (Information Security) (the “Data Indemnity”). Ironclad shall indemnify and hold harmless Customer from and against any damages and costs awarded against Customer or agreed in settlement by Ironclad (including reasonable attorneys’ fees) resulting from such claim, provided that: (x) Customer provides Ironclad with prompt written notice of such claim; (y) Customer provides reasonable cooperation to Ironclad, at Ironclad’s expense, in the defense and settlement of such claim; and (z) Ironclad has sole authority to defend or settle such claim, provided that it may not settle any claim in a manner that imposes any material liability upon Customer or requires Customer to admit wrongdoing.
2. Injunctions. If Customer’s use of the Enterprise Services is, or in Ironclad’s opinion is likely to be, enjoined due to the type of claim specified in Section 8(a)(i), then Ironclad may at its sole option and expense: (i) replace or modify the Enterprise Services to make them non-infringing and of equivalent functionality; (ii) procure for Customer the right to continue using the Enterprise Services under the terms of this Agreement; or (iii) if Ironclad is unable to accomplish either (i) or (ii) despite using its commercially reasonable efforts, terminate Customer’s rights and Ironclad’s obligation under this Agreement with respect to such Enterprise Services and refund to Customer a pro-rata portion of the Fees paid for the remaining portion of the Term during which Customer would have had access to the Enterprise Services.
3. Exclusions. Notwithstanding the terms of Section 8(a), Ironclad will have no liability for any claim of any kind to the extent that it results from: (i) the combination, operation or use of the Enterprise Services with equipment, devices, or software not supplied by Ironclad, if a claim would not have occurred but for such combination, operation or use; or (ii) Customer’s or an Authorized User’s use of the Enterprise Services other than in accordance with this Agreement.
4. Sole Remedy. THE FOREGOING STATES IRONCLAD’S AND ITS LICENSORS’ SOLE LIABILITY AND CUSTOMER’S SOLE AND EXCLUSIVE REMEDY WITH RESPECT TO ANY ALLEGED OR ACTUAL INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS BY THE ENTERPRISE SERVICES.
5. Indemnification by Customer. Customer will defend Ironclad, its officers, directors and employees, from and against any action or suit brought against Ironclad by a third party based on a claim that the Customer Data infringes or violates the rights of a third party. Customer will indemnify and hold harmless Ironclad from and against any damages and costs awarded against Ironclad or agreed in settlement by Customer (including reasonable attorneys’ fees) resulting from such claim, provided that (i) Ironclad provides Customer with prompt written notice of such claim; (ii) Ironclad provides reasonable cooperation to Customer, at Customer’s expense, in the defense and settlement of such claim; and (iii) Customer has sole authority to defend or settle such claim, provided that it may not settle any claim in a manner that imposes any material liability upon Ironclad or requires Ironclad to admit wrongdoing.
LIMITATION OF LIABILITY.
1. Exclusion of Damages. To the fullest extent permitted by law, except for Excluded Claims (as defined below in Section 9(c) and for which there will be no cap on liability), neither Customer nor Ironclad, and its Affiliates and suppliers, will be liable under this Agreement for (i) indirect, special, incidental, consequential, exemplary, or punitive damages; or (ii) loss of use, data, business, revenues, or profits (in each case whether direct or indirect), even if the party knew or should have known that such damages were possible, even if a remedy fails of its essential purpose, and regardless of the type of action or theory of liability.
2. Total Liability. To the fullest extent permitted by law, except for Excluded Claims (for which there shall be no cap on liability) or Special Claims (which are subject to the Enhanced Liability Cap set forth in Section 9(d)), neither party’s aggregate liability under this Agreement will exceed the greater of $100,000 or the amount paid by Customer to Ironclad during the twelve months prior to the event giving rise to liability.
3. Excluded Claims. “Excluded Claims” means: (i) any intentional misconduct or gross negligence by either party; (ii) any amounts payable to third parties pursuant to Ironclad’s IP Indemnity obligations under Section 8(a)(i); or (iii) any amounts payable to third parties pursuant to Customer’s indemnification obligations under Section 8(e) (Indemnification by Customer).
4. Special Claims. “Special Claims” means (i) any breach by Ironclad of Section 2(e) (Customer Data), Section 2(f) (Information Security), or Section 5 (Confidentiality) resulting in unauthorized disclosure and misuse of Customer Data; or (ii) any amounts payable to third parties pursuant to Ironclad’s Data Indemnity obligations under Section 8(a)(ii). For any and all Special Claims, Ironclad’s aggregate liability shall be subject to an enhanced liability cap not to exceed ten times (10x) the amount paid by Customer to Ironclad during the twelve months prior to the event giving rise to liability (the “Enhanced Liability Cap”).
GENERAL
1. Governing Law. This Agreement will be governed by the laws of the State of California, without regard to its conflict of law provisions. Any legal action or proceeding relating to this Agreement will be brought exclusively in the state or federal courts located in San Francisco, CA. Ironclad and Customer hereby agree to submit to the jurisdiction of, and agree that venue is proper in, those courts in any such legal action or proceeding.
2. Order of Preference. In the event of a conflict between the Enterprise Services Agreement and Order Form, the order of preference will be the Enterprise Services Agreement, then the Order Form, unless the Special Contractual Terms section of the Order Form clearly specifies that it modifies the Enterprise Services Agreement.
3. Waiver. The waiver by either party of any default or breach of this Agreement will not constitute a waiver of any other or subsequent default or breach. No waiver of any provision of this Agreement will be effective unless it is in writing and signed by the party granting the waiver.
4. Notices. Notices will be sent to the addresses set forth in the Order Form. The notices will be deemed to have been given upon: (i) the date actually delivered in person; (ii) the day after the date sent by overnight courier; (iii) three (3) days following the date such notice was mailed by first class mail; or (iv) the date sent by email to Ironclad at legal@ironcladhq.com or Customer at the Customer’s email address specified in the Order Form.
5. Severability. In the event any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement will remain in full force and effect.
6. Force Majeure. Neither party will be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money owed) on account of events beyond the reasonable control of such party, which may include without limitation denial-of-service attacks, strikes, shortages, riots, insurrection, fires, flood, storm, explosions, pandemics, acts of God, war, terrorism, governmental action, labor conditions, earthquakes, rolling blackouts, and internet connectivity disruptions.
7. Relationship Between the Parties. Nothing in this Agreement will be construed to create a partnership, joint venture or agency relationship between the parties.
8. Assignment. Neither party may assign its rights or obligations under this Agreement without the other party’s prior written consent. Notwithstanding the foregoing, either party may assign its rights and obligations under this Agreement to an Affiliate as part of a reorganization, or to a purchaser of its business entity or substantially all of its assets or business to which rights and obligations pertain without the other party’s consent, provided that: (a) the purchaser is not insolvent or otherwise unable to pay its debts as they become due; (b) the purchaser is not a competitor of the other party; and (c) any assignee is bound hereby. Other than the foregoing, any attempt by either party to transfer its rights or obligations under this Agreement will be void.
9. Entire Agreement. This Agreement (including any Exhibits hereto) constitutes the complete and exclusive agreement between the parties concerning its subject matter and supersedes all prior or contemporaneous agreements or understandings, written or oral, concerning the subject matter of this Agreement.
10. Amendment. This Agreement may not be modified or amended except in a writing signed by a duly authorized representative of each party.
11. No Third-Party Beneficiaries. This Agreement is intended for the sole and exclusive benefit of the signatories and is not intended to benefit any third party. Only the parties to this Agreement may enforce it.

Exhibit A

IRONCLAD SERVICE LEVEL AGREEMENT & TECHNICAL SUPPORT SCHEDULE

This Ironclad Service Level Agreement (“SLA”) & Technical Support Schedule (“TSS”) shall be governed by and incorporated by reference into the Enterprise Services Agreement and the applicable Order Form entered into between the parties. All capitalized terms contained but not defined herein shall have the meaning ascribed to them in the Agreement.

A.CLM Services - Service Level Agreement. This Section A shall apply solely to CLM.

Defined Terms.
1. “Emergency Maintenance” means maintenance performed to fix critical functionality, vulnerabilities, or material defects that may substantially impair the usability or performance of the CLM Services.
2. “Excused Maintenance” means Emergency Maintenance and Scheduled Maintenance.
3. “Scheduled Availability Time” means twenty-four (24) hours a day, seven (7) days a week, excluding: (i) Excused Maintenance, (ii) any downtime due to defects caused by Customer, one of its vendors, third party connections, utilities, or equipment, or caused by other forces beyond the reasonable control of Ironclad (such as denial of service attacks, internet or third-party service outages or outages with respect to Customer’s network or internet access).
4. “Scheduled Maintenance” is any system maintenance performed during a Maintenance Window. The Maintenance Window, if one is scheduled, will be available at https://status.ironcladapp.com/ at least two weeks prior to the Maintenance Window.
5. “Service Credits” are credits for which Customer may be eligible if Ironclad fails to meet the Target Uptime. The availability of the CLM Services per calendar month and corresponding Service Credits are set forth in the table below.

Availability Per Calendar Month	Service Credit
< 99.7% - >= 99.0%	1% of the Annual Subscription Fee
< 99.0% - >= 95.0%	2% of the Annual Subscription Fee
< 95.0%	3% of the Annual Subscription Fee

“Service Credit Request” means a request to Ironclad at support@ironcladhq.com stating that Customer believes that Ironclad has failed to meet the Target Uptime.

Target Uptime. During the Term of the Agreement, Ironclad will use all commercially reasonable efforts to make the CLM Services available and operational to the Customer for 99.7% of the Scheduled Availability Time (the “Target Uptime”). If Ironclad does not meet the Target Uptime, and if Customer meets its obligations below, Customer will be eligible to receive the applicable Service Credits.
Service Credits. To receive a Service Credit, Customer must issue a Service Credit Request within 7 days of the last day of the month in which Customer believes Ironclad’s failure to meet the Target Uptime occurred. Promptly after receipt of a Service Credit Request, Ironclad will investigate the request and notify Customer that either: (i) a Service Credit is due; or (ii) no Service Credit is due and state the basis of this determination. If Ironclad determines a Service Credit is due, then Ironclad will apply the applicable Service Credits to Customer’s account for future fees due. Service Credits have no cash value and are Customer's sole and exclusive remedy for any failure by Ironclad to meet the Target Uptime.

B.Clickwrap Services - Service Level Agreement. This Section B shall apply solely to Clickwrap Services.

Defined Terms.
1. “Activity API” means the portions of the Clickwrap Services that programmatically display contracts inside of a web page or mobile app, retrieve acceptance data for individual users, and send acceptance of contracts.
2. “Emergency Maintenance” means maintenance performed to fix critical functionality, vulnerabilities, or material defects that may substantially impair the usability or performance of the Clickwrap Services.
3. “Excused Maintenance” means Emergency Maintenance and Scheduled Maintenance.
4. “REST API” means the portions of the Clickwrap Services that are accessed programmatically for integrations into third party applications.
5. “Scheduled Availability Time” means twenty-four (24) hours a day, seven (7) days a week, excluding: (i) Excused Maintenance, (ii) any downtime due to defects caused by Customer, one of its vendors, third party connections, utilities, or equipment, or caused by other forces beyond the reasonable control of Ironclad (such as denial of service attacks, internet or third-party service outages or outages with respect to Customer’s network or internet access).
6. “Scheduled Maintenance” is any system maintenance performed during a Maintenance Window. The Maintenance Window, if one is scheduled, will be available at https://status.pactsafe.com/ at least two weeks prior to the Maintenance Window.
7. “Service Credits” are credits for which Customer may be eligible if Ironclad fails to meet the Target Uptime. The availability of the Clickwrap Services per calendar month and corresponding Service Credits are set forth in the table below.

Availability Per Calendar Month	Service Credit
< 99.5% - >= 99.0%	1% of the Annual Subscription Fee
< 99.0% - >= 95.0%	2% of the Annual Subscription Fee
< 95.0%	3% of the Annual Subscription Fee

“Service Credit Request” means a request to Ironclad at support@ironcladhq.com stating that Customer believes that Ironclad has failed to meet the Target Uptime.
“Application User Interface” means the dashboard portion of the Clickwrap Services accessed via the Internet through a web browser to create and publish contracts, download electronic records of acceptance, and send contracts.

Target Uptime. During the Term of the Agreement, Ironclad will use all commercially reasonable efforts to make the Application User Interface, REST API, and Activity API available and operational to the Customer for 99.5% of the Scheduled Availability Time (the “Target Uptime”), as tracked by each such measure on https://status.pactsafe.com/. If Ironclad does not meet the Target Uptime as to any of the three measures, and if Customer meets its obligations below, Customer will be eligible to receive the applicable Service Credits.
Service Credits. To receive a Service Credit, Customer must issue a Service Credit Request within 7 days of the last day of the month in which Customer believes Ironclad’s failure to meet the Target Uptime occurred. Promptly after receipt of a Service Credit Request, Ironclad will investigate the request and notify Customer that either: (i) a Service Credit is due; or (ii) no Service Credit is due and state the basis of this determination. If Ironclad determines a Service Credit is due, then Ironclad will apply the applicable Service Credits to Customer’s account for future fees due. Service Credits have no cash value and are Customer's sole and exclusive remedy for any failure by Ironclad to meet the Target Uptime.

C.Ironclad Technical Support Schedule.

Maintenance. Ironclad will make available to Customer all generally available updates and bug fixes to the Enterprise Services. Ironclad will take commercially reasonable efforts to perform Scheduled Maintenance during off-peak hours.
Support. Ironclad is available to receive Enterprise Services support inquiries via email (support@ironcladhq.com). Ironclad’s support hours are 08:00 AM to 8:00 PM Eastern Standard Time Monday through Friday (excluding standard U.S. holidays) for technical information, technical advice, and technical consultation regarding Customer’s use of the Enterprise Services.
Help Center Access. Customer shall have 24x7 access to our online Help Center (https://support.ironcladapp.com) for any best practices, integration instructions, or product questions.
Email & Web Form Cases. Customer shall have the ability to submit support requests 24x7 through email (support@ironcladhq.com) or the web form accessible via the Ironclad website or Help Center (https://support.ironcladapp.com).

Data Processing Addendum

Version

Effective March 20, 2023

Download

Please reach out to your account representative if you need to amend your existing DPA with Ironclad to include the 2021 EU SCCs or UK IDTA.

This Data Processing Addendum (“Addendum”) may be referenced and incorporated by reference into an Enterprise Services Agreement (the “Agreement”) between Ironclad, Inc. (“Ironclad”) and a customer (“Customer” (collectively the “Parties”)).

Subject Matter and Duration.
1. Subject Matter. This Addendum reflects the Parties’ commitment to abide by Applicable Data Protection Laws concerning the Processing of Customer Personal Data in connection with Ironclad’s execution of the Agreement. All capitalized terms that are not expressly defined in this Data Processing Addendum will have the meanings given to them in the Agreement. If and to the extent language in this Addendum or any of its Exhibits conflicts with the Agreement, this Addendum shall control.
2. Duration and Survival. This Addendum will become legally binding upon the Effective Date of the Agreement or upon the date upon which both Parties have signed this Addendum, if it is completed after the Effective Date of the Agreement. Ironclad will Process Customer Personal Data until the relationship terminates as specified in the Agreement. Ironclad’s obligations and Customer’s rights under this Addendum will continue in effect so long as Ironclad Processes Customer Personal Data.
Definitions. For the purposes of this Addendum, the following terms and those defined within the body of this Addendum apply.
1. “Applicable Data Protection Law(s)” means the relevant data protection and data privacy laws, rules and regulations to which the Customer Personal Data are subject. “Applicable Data Protection Law(s)” shall include, but not be limited to, EU General Data Protection Regulation 2016/679 (“GDPR”) principles and requirements, the United Kingdom Data Protection Act 2018, the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act) (“CCPA”), and its implementing regulations, and other United States state data protection and privacy laws and regulations similar to or modeled on the California Privacy Law, including, when effective, the Virginia Consumer Data Protection Act, the Colorado Privacy Act and related regulations, the Utah Consumer Privacy Act, and the Connecticut Act Concerning Personal Data Privacy and Online Monitoring. For the avoidance of doubt, if Ironclad’s processing activities involving Customer Personal Data are not within the scope of an Applicable Data Protection Law, such law is not applicable for purposes of this Addendum.
2. “Customer Personal Data” means Personal Data pertaining to Customer’s users or employees Processed by Ironclad to provide the Services. The Customer Personal Data and the specific uses of the Customer Personal Data are detailed in Exhibit 1 attached hereto, as required by the GDPR.
3. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
4. “Personal Data” shall have the meaning assigned to the terms “personal data” or “personal information” under Applicable Data Protection Law(s).
5. “Process,” “Processes,” “Processing,” “Processed” means any operation or set of operations which is performed on data or sets of data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
6. “Processor” means a natural or legal person, public authority, agency or other body which Processes Customer Personal Data on behalf of Customer subject to this Addendum.
7. “Security Incident(s)” means the breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data Processed by Ironclad.
8. “Services” means any and all services that Ironclad performs under the Agreement.
9. “Standard Contractual Clauses” means the UK Standard Contractual Clauses, and/or the 2021 Standard Contractual Clauses.
10. “Third Party(ies)” means Ironclad’s authorized contractors, agents, vendors and third party service providers that Process Customer Personal Data.
11. “UK Standard Contractual Clauses” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, available at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/ and completed as described below.
12. “2021 Standard Contractual Clauses" means the Standard Contractual Clauses issued pursuant to the EU Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available at http://data.europa.eu/eli/dec_impl/2021/914/oj and completed as described below.
Data Use and Processing.
1. Compliance with Laws. Customer Personal Data shall be Processed in compliance with the terms of this Addendum and all Applicable Data Protection Law(s). Ironclad will provide the same level of protection for Customer Personal Data subject to the CCPA as is required of Customer under the CCPA.
2. Purpose Limitation. Ironclad will not Process Customer Personal Data for any purpose other than for the specific purposes set forth in the Agreement or outside the direct business relationship between Customer and Ironclad, unless obligated to do otherwise by applicable law. In such case, Ironclad will inform Customer of that legal requirement before the Processing unless legally prohibited from doing so. Ironclad shall comply with any applicable restrictions under Applicable Data Protection Law(s) on combining Customer Personal Data with personal data that Ironclad receives from, or on behalf of, another person or persons, or that Ironclad collects from any interaction between it and any individual. Notwithstanding the foregoing, Ironclad may Process Customer Personal Data for any purposes permitted by Applicable Data Protection Law(s) for “service providers” (as defined in the CCPA) or Processors to undertake. Further details regarding Ironclad’s processing operations, including the purposes for processing Customer Personal Data, are set forth in Exhibit 1.
3. Documented Instructions. Ironclad and its Third Parties shall Process Customer Personal Data only in accordance with the documented instructions of Customer. The Agreement, including this Addendum, along with any applicable statement of work, constitute Customer’s complete and final instructions to Ironclad regarding the Processing of Customer Personal Data, including for purposes of the Standard Contractual Clauses. Ironclad will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer’s instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer’s instructions.
4. Authorization to Use Third Parties. To the extent necessary to fulfill Ironclad’s contractual obligations under the Agreement or any statement of work, Customer hereby authorizes (i) Ironclad to engage Third Parties and (ii) Third Parties to engage subprocessors.
5. Ironclad and Third Party Compliance. Ironclad agrees to (i) enter into a written agreement with Third Parties regarding such Third Parties’ Processing of Customer Personal Data that imposes on such Third Parties (and their subprocessors) data protection and security requirements for Customer Personal Data that are at least as restrictive as the obligations in this Addendum; and (ii) remain responsible to Customer for Ironclad’s Third Parties’ (and their subprocessors if applicable) failure to perform their obligations with respect to the Processing of Customer Personal Data.
6. Right to Object to Third Parties. Ironclad’s list of Third Parties that Process Customer Personal Data is available at https://ironcladapp.com/subprocessors/. Prior to engaging any new Third Parties that Process Customer Personal Data, Ironclad will notify Customer via email and allow Customer thirty (30) days to object. If Customer has legitimate objections to the appointment of any new Third Party, the parties will work together in good faith to resolve the grounds for the objection for no less than thirty (30) days, and failing any such resolution, Customer may terminate the part of the service performed under the Agreement that cannot be performed by Ironclad without use of the objectionable Third Party.
7. Confidentiality. Any person or Third Party authorized to Process Customer Personal Data must agree to maintain the confidentiality of such information or be under an appropriate statutory or contractual obligation of confidentiality.
8. Personal Data Inquiries and Requests. Upon written request from Customer, Ironclad agrees to provide reasonable assistance and comply with all reasonable instructions from Customer related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Applicable Data Protection Laws (e.g., access, rectification, erasure, data portability, etc.). If a request is sent directly to Ironclad, Ironclad shall promptly notify Customer and shall not respond to the request unless Customer has authorized Ironclad to do so. Where necessary, Customer shall inform Ironclad of any other individual rights requests that Ironclad must comply with, and provide the information necessary for Ironclad to comply with the request.
9. Government Access Requests. Unless prohibited by applicable law or a legally-binding request of law enforcement, Ironclad shall promptly notify Customer of any request by government agency or law enforcement authority for access to or seizure of Customer Personal Data, and shall render reasonable assistance to Customer, if Customer wishes to contest the access or seizure.
10. Data Protection Impact Assessment and Prior Consultation. Upon written request from Customer, Ironclad agrees to provide reasonable assistance at Customer’s expense to Customer where, in Customer’s judgment, the type of Processing performed by Ironclad is likely to result in a high risk to the rights and freedoms of natural persons (e.g., systematic and extensive profiling, Processing sensitive Personal Data on a large scale and systematic monitoring on a large scale, or where the Processing uses new technologies) and thus requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.
11. Sale or “Sharing” of Customer Personal Data Prohibited. Ironclad shall not sell or share Customer Personal Data as the terms "sell" and “share” are defined by the CCPA.
12. CCPA Certification. Ironclad hereby certifies that it understands its restrictions and obligations set forth in this Addendum and will comply with them. Ironclad will notify Customer if Ironclad makes a determination that it can no longer meet its obligations under Applicable Data Protection Laws. Customer shall have the right, upon seven (7) business days’ notice, to take reasonable and appropriate steps to stop and remediate any unauthorized use of Customer Personal Data by Ironclad.

Cross-Border Transfers of Personal Data.
1. Cross-Border Transfers of Personal Data. Customer authorizes Ironclad and its Third Parties to transfer Customer Personal Data across international borders, including from the European Economic Area (the “EEA”), the United Kingdom, and Switzerland to the United States. Ironclad and Customer agree to use the Standard Contractual Clauses as the adequacy mechanism supporting the transfer and Processing of Customer Personal Data, as further detailed below.
2. 2021 Standard Contractual Clauses. For transfers of Customer Personal Data out of the EEA that are subject to Section 4(a) of this DPA, the 2021 Standard Contractual Clauses will apply and are incorporated into this Addendum. For purposes of this Addendum, the 2021 Standard Contractual Clauses will apply as set forth in this Section 4(b). “Module Two: Transfer controller to processor” will apply and all other module options will not apply. Under Annex 1 of the 2021 Standard Contractual Clauses, the “data exporter” is Customer and the “data importer” is Ironclad and the information required by Annex 1 can be found in Exhibit 1. For the purposes of Annex 2 of the Standard Contractual Clauses, the technical and organizational measures implemented by the data importer are those listed in Section 5 of this Addendum. Clause 7 will not apply. For clause 9, the Parties choose Option 2 and the Parties agree that the time period for prior notice of Third Party changes will be as set forth in 3(f) of this Addendum. For clause 11, the optional language will not apply. For clause 17, the Parties choose Option 1 and the Parties agree that the governing law will be the Republic of Ireland. For clause 18, the Parties agree that the courts of the Republic of Ireland will apply for subsection (b).
3. UK Standard Contractual Clauses. For transfers of Customer Personal Data out of the United Kingdom that are subject to Section 4(a) of this Addendum, the UK Standard Contractual Clauses will apply and are incorporated into this Addendum. For purposes of this Addendum, the UK Standard Contractual Clauses will apply as set forth in this Section 4(c). For Table 1 of the UK Standard Contractual Clauses, (i) the Parties’ details shall be the Parties and their affiliates to the extent any of them is involved in such transfer, including those set forth in Annex 1 of the 2021 Standard Contractual Clauses and (ii) the Key Contacts shall be the contacts set forth in Annex 1 of the 2021 Standard Contractual Clauses. The Approved EU SCCs referenced in Table 2 shall be the 2021 Standard Contractual Clauses as executed by the Parties pursuant to this Addendum. For Table 3, Annex 1A, 1B, and II shall be set forth in Annex 1 of the 2021 Standard Contractual Clauses. For Table 4, either party may end the UK Standard Contractual Clauses as set out in Section 19 of the UK Standard Contractual Clauses.
4. Switzerland Transfers. For transfers of Customer Personal Data out of Switzerland that are subject to Section 4(a) of this DPA, the 2021 Standard Contractual Clauses will apply and will be deemed to have the differences set forth in this Section 4(d), to the extent required by the Swiss Federal Act on Data Protection (“FADP”). References to the GDPR in the 2021 Standard Contractual Clauses are to be understood as references to the FADP insofar as the data transfers are subject exclusively to the FADP and not to the GDPR. The term “member state” in the 2021 Standard Contractual Clauses shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the 2021 Standard Contractual Clauses. References to personal data in the 2021 Standard Contractual Clauses also refer to data about identifiable legal entities until the entry into force of revisions to the FADP that eliminate this broader scope.Under Annex I(C) of the 2021 Standard Contractual Clauses (Competent supervisory authority): where the transfer is subject exclusively to the FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner, and where the transfer is subject to both the FADP and the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the FADP, and the supervisory authority is as set forth in the 2021 Standard Contractual Clauses insofar as the transfer is governed by the GDPR.
5. Each party’s signature to this Addendum shall be considered a signature to the Standard Contractual Clauses. If required by the laws or regulatory procedures of any jurisdiction, the Parties shall execute or re-execute the Standard Contractual Clauses as separate documents. In case of conflict between the Standard Contractual Clauses and this Addendum, the Standard Contractual Clauses will prevail.
Information Security Program.
1. Ironclad agrees to implement appropriate technical and organizational measures designed to protect Customer Personal Data as required by Applicable Data Protection Law(s) (the “Information Security Program”). Such measures shall be designed to include:
  1. Pseudonymisation of Customer Personal Data where appropriate, and encryption of Customer Personal Data in transit and at rest;
  2. The ability to ensure the ongoing confidentiality, integrity, availability of Ironclad’s Processing and Customer Personal Data;
  3. The ability to restore the availability and access to Customer Personal Data in the event of a physical or technical incident;
  4. A process for regularly testing, assessing and evaluating the effectiveness of Ironclad’s Information Security Program to ensure the security of Customer Personal Data from reasonably suspected or actual accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
Security Incidents.
1. Security Incident Procedure. Ironclad will deploy and follow policies and procedures to detect, respond to, and otherwise address Security Incidents including procedures to (i) identify and respond to reasonably suspected or known Security Incidents, mitigate harmful effects of Security Incidents, document Security Incidents and their outcomes, and (ii) restore the availability or access to Customer Personal Data in a timely manner.
2. Notice. Ironclad agrees to provide prompt written notice without undue delay and within the time frame required under Applicable Data Protection Law(s) (but in no event longer than forty-eight (48) hours) to Customer’s Designated POC upon becoming aware that a Security Incident has taken place. Such notice will include all available details required under Applicable Data Protection Law(s) for Customer to comply with its own notification obligations to regulatory authorities or individuals affected by the Security Incident.
Audits.
1. Right to Audit; Permitted Audits. Ironclad shall make available to Customer and its regulators all information necessary to demonstrate compliance with Applicable Data Protection Laws and this Addendum. Customer and its regulators shall have the right to inspect Ironclad’s architecture, systems, and documentation which are relevant to the security and integrity of Customer Personal Data, or as otherwise required by a governmental regulator:
  1. Following any notice from Ironclad to Customer of an actual or reasonably suspected Security Incident involving Customer Personal Data;
  2. Upon Customer’s reasonable belief that Ironclad is not in compliance with Applicable Data Protection Laws, this Addendum or its security policies and procedures under the Agreement;
  3. As required by governmental regulators;
  4. For any reason, or no reason at all, once annually.
2. Audit Terms. Any audits described in this Section shall be:
  1. Conducted by Customer or its regulator, or through a third party independent contractor selected by one of these parties, and to whom Ironclad does not reasonably object.
  2. Conducted during reasonable times.
  3. Conducted upon reasonable advance notice to Ironclad.
  4. Of reasonable duration and scope and shall not unreasonably interfere with Ironclad’s day-to-day operations.
  5. Conducted in such a manner that does not violate any agreement between Ironclad and its service providers, including cloud providers, or violate or cause Ironclad to violate its reasonable policies related to security and confidentiality.
3. Third Parties. In the event that Customer conducts an audit through a third party independent auditor or a third party accompanies Customer or participates in such audit, such third party shall be required to enter into a non-disclosure agreement containing confidentiality provisions substantially similar to those set forth in the Agreement to protect Ironclad’s and Ironclad’s customers’ confidential and proprietary information. For the avoidance of doubt, regulators shall not be required to enter into a non-disclosure agreement.
4. Audit Results. Upon Ironclad’s request, after conducting an audit, Customer shall notify Ironclad of the manner in which Ironclad does not comply with any of the applicable security, confidentiality or privacy obligations or Applicable Data Protection Laws herein. Upon such notice, Ironclad shall make any necessary changes to ensure compliance with such obligations at its own expense and without unreasonable delay and shall notify Customer when such changes are complete. Notwithstanding anything to the contrary in the Agreement, Customer may conduct a follow-up audit within six (6) months of Ironclad’s notice of completion of any necessary changes. To the extent that a Customer audit identifies any material security vulnerabilities, Ironclad shall promptly remediate those vulnerabilities.
Data Storage and Deletion.
1. Data Storage. Ironclad will not store or retain any Customer Personal Data except as necessary to perform the Services under the Agreement.
2. Data Deletion. Ironclad will abide by the following with respect to deletion of Customer Personal Data:
  1. Within ninety (90) calendar days of the Agreement’s expiration or termination, Ironclad will securely destroy (per subsection (iii) below) all copies of Customer Personal Data (including automatically created archival copies).
  2. Upon Customer’s request, Ironclad will promptly return to Customer a copy of all Customer Personal Data within thirty (30) calendar days and, if Customer also requests deletion of the Customer Personal Data, will carry that out as set forth above.
  3. All deletion of Customer Personal Data will be conducted in accordance with standard industry practices for deletion of sensitive data.
  4. Tapes, printed output, optical disks, and other physical media will be physically destroyed by a secure method, such as shredding performed by a bonded provider.
  5. Upon Customer’s request, Ironclad will provide evidence that Ironclad has deleted all Customer Personal Data. Ironclad will provide the “Certificate of Deletion” within thirty (30) calendar days of Customer’s request.
Contact Information.
1. Ironclad and the Customer agree to designate a point of contact for urgent privacy and security issues (a “Designated POC”). The Designated POC for both parties are:
  - Ironclad Designated POC: John Fiedler, support@ironcladhq.com
  - Customer Designated POC: The individual and/or email specified in the Notices section of the Agreement.

Exhibit 1

Category	Description
1.1 Subject Matter of Processing	The subject matter of Processing is the Services pursuant to the Agreement, specifically the provision and use of Ironclad’s contract management SaaS application.
1.2 Duration of Processing	The Processing will continue until the expiration or termination of the Agreement.
1.3 Categories of Data Subjects	Includes the following: Prospects, customers, business partners and vendors of Customer (who are natural persons) Employees or contact persons of Customer’s prospects, customers, business partners and vendors Employees, agents, advisors, freelancers of Customer (who are natural persons)
1.4 Nature and Purpose of Processing	Includes the following: Nature: Processing of the data uploaded by Customer to Ironclad's contract management SaaS application. The purpose of Processing of Customer Personal Data by Ironclad is the performance of the Services pursuant to the Agreement.
1.5 Types of Personal Information	Includes the following: First and last name Title Position Employer Contact information (company, email, phone, physical business address) Identification Data (notably email addresses and phone numbers) Electronic identification data (notably IP addresses and mobile device IDs)

Contracts

FY2024 Product Descriptions

Effective March 6, 2023

Table of Contents

Ironclad CLM

Ironclad CLM User Types

Ironclad CLM Add-ons

Ironclad Public Workflows

Ironclad Public Workflow Add-ons

Ironclad Legal Centers

Ironclad Clickwrap

Ironclad Clickwrap Add-ons

Success Plans

Product Descriptions

Effective October 11, 2022

Table of Contents

Subscription Packages

Effective February 4, 2022 to October 11, 2022

Table of Contents

Subscription Packages

Effective January 20, 2022 to February 4, 2022

Table of Contents

Subscription Packages

Effective October 20, 2021 to January 20, 2022

Table of Contents

Subscription Packages

Effective October 12, 2021 to October 20, 2021

Table of Contents

Subscription Packages

Effective October 11, 2021 to October 12, 2021

Table of Contents

Subscription Packages

Effective October 11, 2021 to October 11, 2021

Table of Contents

Subscription Packages

Effective October 11, 2021 to October 11, 2021

Table of Contents

Subscription Packages

Effective June 9, 2021 to October 11, 2021

Table of Contents

Effective June 9, 2021 to June 9, 2021

Table of Contents

Effective June 9, 2021 to June 9, 2021

Table of Contents

Effective June 9, 2021 to June 9, 2021

Table of Contents

Effective June 9, 2021 to June 9, 2021

Table of Contents

Effective June 9, 2021 to June 9, 2021

Table of Contents

Enterprise Services Agreement

Effective December 19, 2022

Table of Contents

Effective November 18, 2022 to December 19, 2022

Table of Contents

Effective November 18, 2022 to November 18, 2022

Table of Contents

Effective October 25, 2022 to November 18, 2022

Table of Contents

Effective February 4, 2022 to October 25, 2022

Table of Contents

Effective January 14, 2022 to February 4, 2022

Table of Contents

Effective January 4, 2022 to January 14, 2022

Table of Contents

Effective October 28, 2021 to January 4, 2022

Table of Contents

Effective October 8, 2021 to October 28, 2021

Table of Contents

Data Processing Addendum

Effective March 20, 2023

Table of Contents

Effective January 19, 2023 to March 20, 2023

Table of Contents

Effective December 29, 2022 to January 19, 2023

Table of Contents

Effective August 30, 2022 to December 29, 2022

Table of Contents

Effective August 30, 2022 to August 30, 2022

Table of Contents