← Back to home

ONSIDE TECHNOLOGY SOLUTIONS — MASTER SERVICES AGREEMENT

Version 2026-07 — Updated as of July 7, 2026

Prior versions of this Agreement are archived and available on request.


ABOUT THIS AGREEMENT

This Master Services Agreement (the "Agreement" or "MSA") is published by Onside Technology Solutions, Inc., a California corporation with its principal place of business at 3230 Arena Blvd STE 245 #404, Sacramento, CA 95834 ("Provider").

This Agreement governs the provision of services by Provider to each client ("Client") that executes a Service Order referencing this Agreement. By executing a Service Order that references this Agreement, Client accepts and agrees to be bound by the version of this Agreement identified in that Service Order, effective as of the Service Order Effective Date. A complete copy of the referenced version of this Agreement in PDF form is attached to each Service Order at execution, and Provider maintains all published versions of this Agreement at stable URLs for audit and reference.

Provider and Client may be referred to individually as a "Party" and collectively as the "Parties."

Recitals

WHEREAS, Provider is in the business of providing managed information technology services, cloud services resale, cybersecurity services, professional services, and related technology support;

WHEREAS, Client desires to engage Provider to provide such services under the terms and conditions set forth in this Agreement and one or more Service Orders;

WHEREAS, the Parties desire a commercially reasonable agreement that balances risk, ensures service continuity, and reflects modern vendor, security, and regulatory realities;

NOW, THEREFORE, in consideration of the mutual promises and covenants contained herein, the Parties agree as follows.


1. SCOPE OF SERVICES

1.1 Provider shall provide the services described in the applicable Service Order(s) (the "Services"), which may include, without limitation: managed IT support (end-user systems, servers, infrastructure); cloud services resale and management (e.g., Microsoft 365, Azure, third-party SaaS); cybersecurity monitoring and response; backup, disaster recovery, and business continuity services; and professional services, onsite support, and hardware/software resale.

1.2 Specific Services for Client are defined in the applicable Service Order, which identifies the Service Tier (Exhibit B) applicable to Client. Services shall be delivered in accordance with the SLA in Exhibit C. SLA credits are Client's sole and exclusive remedy for failure to meet the response-time and uptime targets in Exhibit C; this sentence does not limit Client's remedies for material breach of this Agreement, data loss caused by Provider, or matters governed by Sections 8 and 11.

1.3 Client shall provide timely access to systems, data, facilities, and personnel reasonably required for Provider to perform the Services, and shall comply with the Acceptable Use Policy in Exhibit D.

1.4 Changes to Services require a written amendment to the Service Order or a new Service Order signed by both Parties. Work outside the scope of the applicable Service Tier and Service Order will be billed at Provider's then-current professional services rates. Verbal scope changes do not bind either Party.

2. DEFINITIONS

2.1 "Acceptable Use Policy" or "AUP" means the policy attached as Exhibit D.

2.2 "Change of Control" means (a) a merger, consolidation, or reorganization involving Client in which the voting securities of Client outstanding immediately prior thereto cease to represent at least fifty percent (50%) of the combined voting power of the surviving entity; or (b) the sale or transfer of more than fifty percent (50%) of Client's voting securities or substantially all of its assets.

2.3 "Client Data" means data, files, content, credentials, and information provided by or on behalf of Client for purposes of receiving the Services.

2.4 "Committed Term" means the term length stated in a Service Order (default twelve (12) months).

2.5 "Confidential Information" means any non-public information disclosed by one Party to the other, including business, technical, financial, operational, customer, employee, or security-related information, whether disclosed orally, electronically, or in writing.

2.6 "CPI" means the U.S. Consumer Price Index for All Urban Consumers (CPI-U), U.S. City Average, All Items, as published by the U.S. Bureau of Labor Statistics.

2.7 "Product Terms" means the third-party vendor terms and conditions applicable to a specific third-party product or service resold or provisioned under a Service Order. The Service Order identifies applicable Product Terms by vendor, product, and location (URL or attachment) as of the Service Order Effective Date.

2.8 "Service Order" means the document executed by both Parties that references this Agreement by version date, identifies the Client, Service Tier, Size Category, included SKUs, quantities, rates, applicable Product Terms, Effective Date, and Committed Term, in substantially the form of Exhibit A.

2.9 "Service Tier" means Standard or Pro, as defined in Exhibit B.

2.10 "SLA" means the Service Level Agreement attached as Exhibit C.

2.11 "User" means an individual with a Microsoft 365 or equivalent license provided or managed under the Services.

2.12 "Vendor Cost Pass-Through" means an increase in third-party vendor pricing passed through to Client under Section 4(d).

3. ORDER OF PRECEDENCE

3.1 The Agreement between the Parties consists of: (a) the executed Service Order(s), including any client-specific addenda; (b) the Product Terms identified in the Service Order; and (c) this MSA body and its Exhibits.

3.2 In the event of a conflict: with respect to a third-party product or service, the applicable Product Terms control to the extent required by the third-party vendor as a condition of access, resale, use, or continued provisioning; in all other respects, the Service Order controls over this MSA, and this MSA controls in the absence of conflict. The documents shall be read to be consistent with one another to the maximum extent possible.

4. SERVICE ORDERS, PRICING, AND PAYMENT

4(a) Service Orders

Each Service Order shall identify: Client legal name and notice addresses (including a designated billing contact); the Service Tier and Size Category; included SKUs with quantities, unit rates, and applicable markup; applicable Product Terms by vendor and product; the Effective Date; and the Committed Term. Service Orders may include client-specific addenda (authorized after-hours contacts, on-site allotments, special billing arrangements, site lists); such addenda modify this MSA only as provided in Section 3. Modifications to a Service Order require a written amendment signed by both Parties.

4(b) Pricing; Usage Reconciliation

Pricing is set forth in the Service Order, organized by Service Tier per Exhibit B, with per-SKU rates. All fees are stated in U.S. dollars. Recurring fees are billed monthly in advance; usage-based and time-and-materials fees are billed monthly in arrears. Client is responsible for all applicable taxes, excluding taxes on Provider's net income.

Seat, license, and device counts are reconciled monthly against license and device inventories, which Provider will make available to Client for review on request. Additions bill from the month they occur. Reductions take effect at the next Service Order renewal, reflecting Provider's own non-cancelable annual license commitments to vendors; where a reduced seat, license, or device charge carries no such vendor commitment, Provider will apply the reduction at the next monthly invoice.

4(c) Annual Rate Review

(i) Provider may adjust recurring rates effective upon each anniversary of the Service Order Effective Date.

(ii) Any such adjustment shall not exceed the greater of seven percent (7%) or the cumulative change in CPI over the twelve (12) months most recently published prior to the notice date.

(iii) Provider shall give Client written notice no fewer than sixty (60) days prior to the effective date of any annual adjustment, delivered to Client's designated billing contact and identified on the face of an invoice or accompanying statement. An adjustment not noticed in time takes effect at the following anniversary.

(iv) This Section 4(c) does not apply to Vendor Cost Pass-Throughs under Section 4(d), which are separate and do not consume the cap in this Section.

(v) This Section governs pricing for Service Orders entering automatic renewal. Pricing for a Service Order renewed by mutual rewrite is freely negotiated, and this Section does not limit it.

4(d) Vendor Cost Pass-Through

(i) Where a third-party vendor whose products or services are resold or embedded in the Services increases its pricing to Provider, Provider may pass such increase through to Client at Provider's increased cost plus the markup percentage stated in the Service Order for the affected SKU (or, if none is stated, twenty percent (20%)), upon thirty (30) days' written notice; provided that where the vendor imposes the increase on Provider with less than thirty days' notice, Provider shall give notice as soon as commercially practicable and in no event less than fifteen (15) days where vendor timing permits.

(ii) Pass-through notices shall identify the vendor, the affected product or SKU, the prior rate, the new rate, the effective date, and, where reasonably available, the vendor's notice or publication establishing the increase, and shall be delivered to Client's designated billing contact.

(iii) Vendor Cost Pass-Throughs do not constitute an annual rate adjustment under Section 4(c) and do not consume the Section 4(c) cap.

(iv) If a single Vendor Cost Pass-Through increases the price of an affected product or SKU by more than twenty-five percent (25%), Client may elect, by written notice within fifteen (15) days of the pass-through notice, to discontinue the affected product or SKU as of the pass-through effective date. The remainder of the Services continues unaffected. Discontinuation under this subsection does not relieve Client of fees for non-cancelable third-party commitments already incurred on Client's behalf.

4(e) Payment Terms

Invoices are issued monthly and payable net thirty (30) days from invoice date. Late payments accrue interest at 1.5% per month or the maximum rate permitted under California law (Civ. Code § 3289), whichever is lower. Provider may suspend Services for accounts more than fifteen (15) days delinquent following notice; during the first thirty (30) days of any such suspension, Provider will continue only automated security monitoring as then deployed (RMM monitoring, endpoint protection, and SOC alerting) and response to active, in-progress security incidents — all other Services, including non-emergency support, onsite work, and project work, may be suspended. Provider may require prepayment, a security deposit, or a letter of credit where outstanding commitments exceed twenty percent (20%) of Client's trailing twelve-month fees.

4(f) Disputed Invoices

Client must notify Provider in writing of any disputed invoice amount, with reasonable detail, within thirty (30) days of invoice receipt; amounts not disputed within that period are deemed accepted. Undisputed portions of an invoice remain due per normal terms. The Parties shall work in good faith to resolve disputed amounts promptly.

5. TERM AND TERMINATION

5.1 Term of Agreement. As between Provider and a given Client, this Agreement is effective from the Effective Date of Client's first executed Service Order and continues so long as any Service Order remains in effect.

5.2 Term of Service Orders. Each Service Order runs for its Committed Term (default twelve (12) months) and automatically renews for successive twelve (12)-month periods unless either Party gives written notice of non-renewal at least ninety (90) days prior to the end of the then-current term.

5.3 Termination for Cause. Either Party may terminate the affected Service Order (or this Agreement, if the breach goes to the Agreement as a whole) for material breach not cured within thirty (30) days after written notice.

5.4 Early Termination. Either Party may terminate a Service Order prior to the end of its Committed Term upon ninety (90) days' written notice. If Client terminates under this Section (other than for Provider's uncured material breach), Client shall pay, as an agreed early-termination charge and not as a penalty: (a) all fees for Services delivered through the effective termination date, and (b) the recurring fees for the remainder of the then-current Committed Term, and (c) any non-cancelable third-party commitments incurred by Provider on Client's behalf that are not already included in (b). If Provider terminates under this Section, Client pays only through the effective termination date plus non-cancelable third-party commitments.

5.5 Payment Default; Financial Impairment. Provider may terminate upon written notice if Client fails to pay undisputed amounts when due and does not cure within fifteen (15) days of notice. To the extent permitted by applicable law (including 11 U.S.C. § 365(e)), Provider may also terminate if Client ceases operations or makes a general assignment for the benefit of creditors, or where Client fails, upon reasonable written request following a payment default, to provide adequate assurance of future payment (such as a deposit or prepayment). Upon termination under this Section, amounts then due, together with fees attributable to non-cancelable third-party commitments incurred on Client's behalf, become immediately due and payable. This provision allocates commercial risk and is not a penalty.

5.6 Trailing Service Orders. If this Agreement terminates while one or more Service Orders remain in their Committed Terms, the version of this Agreement referenced by each such Service Order continues to govern that Service Order until it expires or terminates.

5.7 Effect of Termination; Transition; Data Return. Upon termination: (a) all fees due for Services delivered become immediately payable; (b) upon Client's request and provided Client's account is current, Provider will assist with service transition for up to twenty (20) hours at Provider's then-current standard professional-services rate (after-hours transition work at Provider's then-current after-hours rate), during the sixty (60) days following termination, with additional assistance by mutual agreement; (c) Provider will deliver to Client, within fifteen (15) business days of request, an export of Client Data in Provider's possession in a commercially standard format, and will transfer or restore administrative access to Client-owned systems and tenants (including transfer of administrative roles, break-glass accounts, tenant ownership, and registrar/DNS access in Provider's possession or control); and (d) each Party shall return or destroy the other Party's Confidential Information upon request, subject to legal retention requirements and backup/archive practices.

6. SERVICE TIERS

6.1 Provider offers two Service Tiers — Standard and Pro — defined in Exhibit B. Client's Service Tier is identified in the Service Order. Tier changes require a Service Order amendment.

6.2 Within each Service Tier, pricing scales per Exhibit B. Size Category (seat-count band) classification is reviewed quarterly against license counts; reconciliation of seat additions and reductions is governed by Section 4(b).

7. CONFIDENTIALITY

7.1 Each Party shall protect the other's Confidential Information using commercially reasonable administrative, technical, and physical safeguards informed by recognized industry frameworks and applicable laws.

7.2 Confidentiality obligations survive for three (3) years following termination, except that obligations with respect to trade secrets, credentials, and security-related information survive for so long as such information retains its confidential or trade-secret character.

7.3 Standard exceptions apply: information publicly available without breach, independently developed, rightfully received from a third party, or disclosed pursuant to legal compulsion (with notice to the disclosing Party where legally permitted).

8. DATA PROTECTION AND PRIVACY

8.1 Data Processing (CCPA/CPRA). Provider processes Client Data solely for the specific business purposes of providing, securing, maintaining, and supporting the Services described in the applicable Service Order, and in accordance with applicable data protection laws, including the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), where applicable. To the extent Client Data includes personal information subject to the CCPA/CPRA, Provider acts as a "service provider" and: (a) shall not sell or share such personal information; (b) shall not retain, use, or disclose it for any purpose other than the specific business purposes above, or outside the direct business relationship with Client, except as permitted by the CCPA/CPRA; (c) shall flow down equivalent obligations to any subcontractor that processes such personal information; (d) shall notify Client if it determines it can no longer meet its obligations under the CCPA/CPRA; (e) shall reasonably cooperate with Client's compliance obligations, including verified consumer requests requiring Provider action; (f) shall provide the same level of privacy protection as is required of businesses under the CCPA/CPRA; (g) grants Client the right, upon reasonable notice, to take reasonable and appropriate steps to confirm Provider's use of personal information is consistent with this Section, through security questionnaires, policy summaries, third-party attestations where available, or a mutually agreed review process; and (h) acknowledges Client's right, upon notice, to require Provider to stop and remediate any unauthorized use of personal information.

8.2 Security Incident Notice. Provider shall notify Client without undue delay, and in no event more than seventy-two (72) hours after discovery, of any confirmed or reasonably suspected material unauthorized access to Client Data or to Client's managed environment or credentials (routine alerts resolved as benign through Provider's standard triage do not constitute reasonably suspected access), and will reasonably cooperate in investigation and remediation, consistent with California Civil Code § 1798.82.

8.3 Data Breach Liability Cap. Provider's total liability for a data breach caused by Provider's negligence is capped at two times (2x) the fees paid by Client in the twelve (12) months preceding the breach. For the avoidance of doubt, this cap does not apply to a breach caused by Provider's gross negligence or willful misconduct, which are uncapped under Section 11.3. This Section controls over any inconsistent limitation elsewhere in the Agreement.

9. INTELLECTUAL PROPERTY

9.1 Each Party retains ownership of its pre-existing intellectual property.

9.2 Provider retains ownership of its pre-existing and generally applicable tools, scripts, methodologies, templates, and know-how. Client-specific configurations, documentation, network diagrams, runbooks, policies, reports, and scripts deployed in Client's environment are licensed to Client on a perpetual, non-exclusive, royalty-free basis for Client's internal business use, surviving termination. Provider will include current copies of such materials in the transition deliverables under Section 5.7.

9.3 Subject to Sections 11 and 12, Provider shall indemnify Client against third-party claims that the Services infringe intellectual property rights, subject to prompt notice and Provider's control of the defense (excluding claims arising from third-party vendor products, which are governed by the applicable Product Terms). Client shall indemnify Provider against claims arising from Client Data or Client-provided materials, subject to the same Sections.

10. WARRANTIES AND DISCLAIMERS

10.1 Provider warrants that the Services will be performed in a workmanlike manner consistent with generally accepted industry standards.

10.2 EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT (INCLUDING SECTIONS 9.3 AND 10.1 AND EXHIBIT C), THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" TO THE MAXIMUM EXTENT PERMITTED BY LAW, AND PROVIDER DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

10.3 Third-Party Products and Providers. Client acknowledges that certain Services depend on third-party products and providers (e.g., Microsoft, internet service providers, hosting vendors, OEMs, and cloud marketplaces). Provider is not responsible for third-party outages, security failures, changes, or discontinuations outside Provider's reasonable control, except to the extent caused by Provider's negligence in configuration or administration within Provider's scope.

11. LIMITATION OF LIABILITY

11.1 Except as provided in Section 8.3 and Section 11.3, Provider's aggregate liability under this Agreement shall not exceed the fees paid by Client in the twelve (12) months preceding the event giving rise to the claim.

11.2 Neither Party shall be liable for indirect, incidental, consequential, special, or punitive damages.

11.3 The limitations in Sections 11.1 and 11.2 do not apply to: (a) a Party's gross negligence or willful misconduct; or (b) a Party's indemnification obligations under Section 12.1 arising from its willful misconduct or intentional violation of law. All other indemnification obligations remain subject to the caps in this Section and Section 8.3.

11.4 Total SLA credits shall not exceed the caps stated in Exhibit C.

12. INDEMNIFICATION; INSURANCE

12.1 Each Party (the "Indemnifying Party") shall indemnify, defend, and hold harmless the other against third-party claims to the extent arising from: (a) the Indemnifying Party's infringement of intellectual property rights (for Provider, as provided in Section 9.3); (b) bodily injury or tangible property damage caused by the Indemnifying Party's negligence; (c) the Indemnifying Party's violation of applicable law; (d) unauthorized access to or disclosure of personal information caused by the Indemnifying Party's breach of this Agreement; or (e) the Indemnifying Party's willful misconduct — in each case subject to prompt notice, the Indemnifying Party's reasonable control of the defense, and reasonable cooperation.

12.2 Insurance. Each Party shall maintain insurance coverage commercially appropriate to its obligations under this Agreement. Client's coverage shall include cyber liability insurance with limits of not less than $1,000,000 per occurrence, and Client shall provide proof of coverage upon request.

13. INDEPENDENT CONTRACTOR; WORKER CLASSIFICATION

13.1 Provider is an independent contractor. Nothing in this Agreement creates an employment, agency, partnership, or joint venture relationship between the Parties or between Client and any Provider personnel.

13.2 The Parties acknowledge and intend that this is a bona fide business-to-business relationship consistent with California Labor Code §§ 2775-2776, and that in fact: Provider is free from Client's control and direction in performing the Services and controls its own means, methods, hours, and (except where onsite work is required) location of work; Provider maintains its own business location separate from Client's; Provider provides services of the same nature to multiple clients and advertises its services publicly; Provider furnishes its own tools, equipment, and platforms; Provider negotiates its own rates; the Parties contract directly with each other under this written Agreement; Provider maintains the business registrations and licenses required for its trade; and the Services are outside the usual course of Client's business.

13.3 Provider personnel are employees or contractors of Provider, not of Client. Provider is solely responsible for their compensation, benefits, taxes, and workers' compensation coverage, and shall indemnify Client against claims that Provider personnel are employees of Client, except to the extent caused by Client's direction and control of such personnel in breach of this Agreement.

14. FORCE MAJEURE

Neither Party shall be liable for delays or failures caused by events beyond its reasonable control, excluding (a) payment obligations and (b) cyber events attributable to a Party's negligence.

15. DISPUTE RESOLUTION; GOVERNING LAW; VENUE

15.1 The Parties shall first attempt to resolve disputes through good-faith negotiation. If unresolved, disputes shall be submitted to mediation in Sacramento County, California.

15.2 If mediation is unsuccessful, the Parties agree that exclusive venue for any litigation shall be the state or federal courts located in Sacramento County, California.

15.3 The prevailing Party in any litigation shall be entitled to recover reasonable attorneys' fees and costs.

15.4 California law governs this Agreement, without regard to conflict-of-laws principles.

16. NOTICES

16.1 Routine business notices (invoices, scope changes, service notifications, SLA reports) may be given by email to the notice addresses listed in the Service Order and are effective upon transmission absent a bounce or delivery failure. Rate-adjustment notices under Section 4(c) and pass-through notices under Section 4(d) must be sent to Client's designated billing contact and identified on the face of an invoice or accompanying statement, and are effective upon the invoice date of the invoice on which they appear or the email transmission date, whichever provides Client the longer notice period.

16.2 Legal notices (breach, termination, indemnification claims) must be given by email and by certified mail or nationally recognized courier to the addresses listed in the Service Order, and are effective upon the earlier of confirmed receipt or three (3) business days after mailing.

16.3 Either Party may update its notice addresses by written notice. The Parties consent to electronic communications and electronic signatures for all purposes under this Agreement.

17. MISCELLANEOUS

17.1 Publication and Amendment of this MSA. Provider publishes this Agreement at www.onsideinc.com/master-services-agreement with a visible version date, and retains all prior versions at stable URLs. Provider may publish updated versions from time to time. When Provider publishes an update, Provider will give active Clients at least sixty (60) days' notice, including a summary of the material changes. An updated version binds a Client upon the commencement of the next renewal term of Client's Service Order following such notice; if an update materially and adversely affects Client, Client may instead elect, by written notice within sixty (60) days of the update notice, to let the affected Service Order expire at the end of its then-current term without the update taking effect, Client remaining responsible for non-cancelable third-party commitments. During any Committed Term, the version of this Agreement attached to the executed Service Order governs.

17.2 Assignment; Change of Control. Either Party may assign this Agreement in connection with a merger or sale of substantially all assets upon written notice; other assignments require the other Party's consent. Client shall provide written notice of a Change of Control as soon as legally and commercially practicable. Upon a Change of Control, the successor entity may assume the Service Order in writing subject to Provider's reasonable approval (including credit review). If not assumed, Client remains responsible for all fees due through the end of the then-current term, any non-cancelable third-party commitments, and a $2,000 transfer fee for transition, migration, and handover, which the Parties agree is a reasonable estimate of Provider's administrative and transition costs and which will be credited against any transition assistance charges under Section 5.7 for the same work.

17.3 Severability. If any provision is held invalid, the remainder is enforceable, and the invalid provision will be reformed to the minimum extent necessary.

17.4 Waiver. Failure to enforce any provision is not a waiver of it.

17.5 Entire Agreement. This Agreement, together with the applicable Service Order(s), Product Terms, and Exhibits, constitutes the entire agreement between the Parties regarding its subject matter.

17.6 Counterparts; Electronic Signatures. Service Orders may be executed in counterparts, and electronic signatures are binding.

17.7 Survival. Provisions that by their nature survive (including accrued fees and payment, confidentiality, data protection, intellectual property licenses under Section 9.2, limitations of liability, indemnification, and dispute resolution) survive termination.

17.8 Export Controls. Client shall not use the Services in violation of U.S. export laws or sanctions.

17.9 Protection of Confidential Information (Personnel). Client shall not use Provider's Confidential Information to induce any Provider employee or contractor to breach an agreement with Provider. Nothing in this Agreement restricts hiring, general solicitations, or employee-initiated contact.

17.10 Publicity. Provider may identify Client as a Provider customer in marketing materials; Client may opt out at any time on written request.


EXHIBIT A — SERVICE ORDER TEMPLATE

SERVICE ORDER #[YYYY-MM-NNN]

Pursuant to the Onside Technology Solutions Master Services Agreement
published at www.onsideinc.com/master-services-agreement
(version dated [VERSION DATE]), which is incorporated by reference into
this Service Order. A complete PDF copy of that version is attached to
this Service Order at execution.

CLIENT
  Legal name:          [Client Legal Name]
  Address:             [Address]
  Notice email:        [Legal notice email]
  Billing contact:     [Name, email]   <- Section 4(c)/4(d) notices go here
  Authorized signer:   [Name, Title]

PROVIDER
  Onside Technology Solutions, Inc.
  3230 Arena Blvd STE 245 #404, Sacramento, CA 95834
  Notice email:        billing@onsideinc.com / legal@onsideinc.com

SERVICE TIER:        [Standard | Pro]
SIZE CATEGORY:       [Micro | Small | Mid | Large | Enterprise]
COMMITTED TERM:      12 months
EFFECTIVE DATE:      [YYYY-MM-DD]
RENEWAL:             Automatic 12-month renewals per MSA Section 5
                     (90-day non-renewal notice, either party)

SERVICES & PRICING

  | SKU                                   | Qty | Unit Rate       | Markup | Monthly  |
  |---------------------------------------|-----|-----------------|--------|----------|
  | Managed Seat - [Standard | Pro]       |     | [rate / seat]   | n/a    |          |
  | Site / Core Infrastructure Mgmt       |     | [rate / site]   | n/a    |          |
  | Managed Server                        |     |                 | n/a    |          |
  | Microsoft 365 [SKU]                   |     | passthrough     | +20%   | per Pax8 |
  | [add-ons per Exhibit B]               |     |                 |        |          |
  |---------------------------------------|-----|-----------------|--------|----------|
  | TOTAL RECURRING MONTHLY               |     |                 |        |          |

  Onsite/standard PS:        [rate]/hr (1-hr minimum)
  After-hours/emergency PS:  [rate]/hr (1-hr minimum)
  Hardware/software resale:  cost + 20%
  Travel:                    at cost + 10% admin (outside 50-mile radius)

PRODUCT TERMS (MSA Section 2.7 / 3)
  | Vendor     | Product            | Terms location (URL/attachment)    |
  |------------|--------------------|-------------------------------------|
  | Microsoft  | M365 [SKU]         | Microsoft Customer Agreement [URL]  |
  | [vendor]   | [product]          | [URL or attached]                   |

ANNUAL RATE REVIEW:   Per MSA Section 4(c). Anniversary: [EFFECTIVE DATE].
                      Cap: greater of 7% or CPI. 60-day notice to billing contact.
VENDOR PASS-THROUGH:  Per MSA Section 4(d). 30-day notice; does not
                      consume the Section 4(c) cap.

CLIENT-SPECIFIC ADDENDA (control per MSA Section 3)
  Authorized after-hours contacts:  [names/contact]
  On-site allotment:                [hours/quarter or none]
  Special billing notes:            [if any]
  Site list:                        [if multi-site]

SIGNATURES
  Provider: ____________________   Date: __________
            Jay Arendt, President
  Client:   ____________________   Date: __________
            [Name, Title]

EXHIBIT B — SERVICE TIER DETAIL

Tier rates, the per-site fee, and add-on pricing are set out in each Client's Service Order. This Exhibit defines what each tier includes and how recurring fees are calculated.

Standard Tier

Included scope: remote helpdesk support, 8am-5pm M-F Pacific (excluding federal and California holidays); 24x7 RMM monitoring and alerting; operating system and third-party patching; Microsoft Defender endpoint protection management; email security (managed anti-phishing platform); Microsoft 365 license management (licenses billed passthrough + 20%); up to 4 company-owned devices per User (excess billed at the per-device rate stated in the Service Order).

Response SLA: per Exhibit C (Standard column)

Pro Tier

Everything in Standard, plus: managed EDR with SOC monitoring and response; security awareness training and phishing simulation program; dark web identity monitoring; monthly executive report; quarterly business review (QBR).

Response SLA: per Exhibit C (Pro column)

Managed Server is a separate per-server SKU available at either tier and is not included in the per-seat rate.

Recurring Pricing Model

Recurring monthly fees are computed as: (Users × Service Tier per-seat rate) + (Sites × Site / Core Infrastructure Management fee) + separate SKUs (Managed Server, add-ons) + license passthrough.

Limited User Add-On

Billed at the per-user rate stated in the Service Order. Phone support only (password resets and basic cloud-service troubleshooting), no onsite support, no device support/management/monitoring. Intended for email/SharePoint-only users. The Microsoft 365 Business Basic license for a Limited User is billed separately as license passthrough (+20%), consistent with all Microsoft licensing under this Agreement. Limited Users are not counted in Size Category totals.

Add-Ons (passthrough + 20% unless stated)

Premium licenses (Visio, Project, E3/E5 differentials, Adobe Acrobat Pro, Power Automate Premium) and other client-specific SKUs, itemized on the Service Order.

Exclusions (both tiers)

Personal or non-company-owned devices; structured cabling; office relocations and physical moves; procurement of non-IT items beyond approved resale; tasks outside defined IT scope (billed T&M at then-current PS rates).


EXHIBIT C — SERVICE LEVEL AGREEMENT

1. Scope and Measurement

This SLA applies to Managed Systems: the endpoints, servers, and network devices under Provider's active management as identified in the Service Order and enrolled in Provider's monitoring platform. It does not apply to third-party SaaS platforms (including Microsoft 365), internet connectivity, or systems not under Provider management. Uptime is measured monthly per Managed System from Provider's monitoring platform records, which Provider will share with Client on request. Excluded from uptime measurement: scheduled maintenance (noticed at least 48 hours in advance, or emergency security maintenance); Client-caused downtime; and, for endpoints, periods when a device is powered off, sleeping, disconnected by the user, traveling, lost or stolen, or otherwise not reporting for reasons outside Provider's control. The uptime target applies in practice to servers and Provider-managed network infrastructure; endpoint coverage is measured by response-time targets rather than uptime.

2. Priorities and Response Targets (Business Hours)

Priority Standard Tier Pro Tier
P1 Critical Outage 1 hr response (remote) 30 min response (remote)
P2 High Impact 4 hr response (remote) 2 hr response (remote)
P3 Standard Request Next business day Next business day

Where onsite presence is required for a P1, Provider will dispatch on a commercially reasonable basis, targeting same-business-day arrival for sites within 50 miles of Provider's office, subject to site access and safety.

Business hours: 8am-5pm M-F Pacific, excluding federal and California holidays, unless the Service Order states otherwise. "Response" means a qualified technician has begun active diagnosis and has communicated with the reporting contact.

3. Uptime Target and Credits

99.9% monthly uptime per Managed System (servers and Provider-managed network infrastructure, per Section 1 above). Credits are 5% per 1% below target, computed on the monthly recurring fee for the affected service line: the affected server's Managed Server SKU; the affected site's Site / Core Infrastructure Management fee; or, for a response-time credit granted at Provider's discretion, the affected User's per-seat fee. Credits are capped at 10% of the affected service line's monthly fee for the affected month; total annual credits are capped at 20% of annual recurring fees. Credit claims must be submitted within thirty (30) days of the month in question.

4. Escalation

P1 incidents escalate to management after 2 hours without resolution during business hours.

5. Remedy

SLA credits are Client's sole and exclusive remedy for failure to meet the response-time and uptime targets in this Exhibit. This Exhibit does not limit remedies otherwise available under the Agreement for material breach, data loss, or security incidents.


EXHIBIT D — ACCEPTABLE USE POLICY

This Acceptable Use Policy ("AUP") applies to all persons and entities (collectively, "Users") using the Services provided by Onside Technology Solutions, Inc. ("Provider") to its clients ("Client"). Provider may modify this AUP as part of a published update to this Agreement under Section 17.1.

1. Compliance with Laws and Regulations

Users must comply with all applicable local, state (including California), federal, and international laws, treaties, and regulations, including those related to data privacy (e.g., CCPA/CPRA), intellectual property, and electronic communications. Provider is not responsible for determining whether any specific use is lawful.

2. Prohibited Uses

Users may not use the Services to:

3. System and Network Security

Users must not violate or attempt to violate the security of any system or network, including probing, scanning, or testing vulnerabilities without authorization. Users are responsible for maintaining the security of their accounts, passwords, and devices.

4. Monitoring and Enforcement

Provider reserves the right to monitor usage to ensure compliance with this AUP, investigate violations, and cooperate with law enforcement. Violations may result in suspension or termination of Services (subject to the Agreement), and Provider may pursue legal remedies. Provider is not liable for damages resulting from lawful enforcement actions.

5. Reporting Violations

Users must report any known or suspected violations to Provider immediately at help@onsideinc.com.

This AUP is incorporated into the Agreement. Claims arising from AUP violations are governed by the indemnification and liability provisions of the Agreement (Sections 11 and 12). By using the Services, Users agree to abide by this policy.