This Master Services Agreement (“Agreement”) is entered into by and between Aims Innovations PR, LLC, a limited liability company organized under the laws of the Commonwealth of Puerto Rico with its principal place of business at 151 Calle San Francisco, Suite 200, PMB 0565, San Juan, PR 00901 (“Aims”), and the undersigned customer (“Customer”). Aims and Customer are each a “Party” and together the “Parties.” This Agreement governs all Service Orders (as defined below) by which Customer purchases access to the Services (as defined below).
1. DEFINITIONS
Unless otherwise stated in a Service Order, capitalized terms have the meanings set out below.
|
Term |
Definition |
|
BAA |
The Business Associate Agreement executed by the Parties and incorporated into this Agreement as Exhibit B. |
|
Confidential Information |
Information disclosed by one Party (“Disclosing Party”) to the other (“Receiving Party”) that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Confidential Information includes PHI, PII, Customer Data, pricing, security documentation, product roadmaps, and non-public personal or business information. Confidential Information excludes information that (a) is or becomes public through no breach of this Agreement, (b) was rightfully in the Receiving Party’s possession without restriction before receipt, (c) is independently developed without use of the Disclosing Party’s Confidential Information, or (d) is rightfully received from a third party without duty of confidentiality. |
|
Customer Data |
Data, records, files, or information (including PHI, PII, FERPA-protected records, and data of minors) that Customer or its end users submit to or collect through the Services. |
|
Data Processing Agreement |
The agreement executed by the Parties that satisfies Article 28 of the EU General Data Protection Regulation (“GDPR”) and governs Aims’ processing of Personal Data relating to data subjects located in the European Economic Area or United Kingdom. |
|
De-identified Data |
Data originally derived from Customer Data that has been aggregated or otherwise processed so it cannot reasonably be used to identify Customer or any individual data subject, consistent with 45 C.F.R. § 164.514 and other applicable laws. |
|
Documentation |
The then-current user guides, security white papers, and technical documentation made available by Aims for the Services. |
|
Effective Date |
The date the first Service Order is fully executed by both Parties, unless a different effective date is stated in that Service Order. |
|
Future Study Contact Data |
The limited contact information defined in Section 6.2 that participants have consented to retain for future study notifications. |
|
Monthly Uptime Percentage (“MUP”) |
The total minutes in a calendar month, minus Downtime minutes, divided by the total minutes in the month and multiplied by 100. Downtime and exclusions are detailed in Exhibit C. |
|
Order of Precedence |
The document hierarchy described in Section 2 that governs in the event of conflict among contract documents. |
|
PHI / PII |
“Protected Health Information” as defined by HIPAA and “Personally Identifiable Information” under applicable privacy laws. |
|
Professional Services |
Non-recurring implementation, configuration, training, custom-development, or other consulting services provided by Aims under a Statement of Work. |
|
Provider Work Product |
Any and all software, source code, object code, scripts, templates, configurations, application-programming interfaces (APIs), algorithms, data models, documentation, reports, analyses, diagrams, inventions, know-how, and other works of authorship or materials that are conceived, created, developed, authored, prepared, collected, or delivered by or on behalf of Provider in connection with the performance of the Services, together with all updates, enhancements, derivative works, and copies thereof. Provider Work Product does not include: (a) Customer Data; (b) Background IP (i.e., software, libraries, tools, and other intellectual property owned or licensed by Provider prior to the Effective Date or developed independently of this Agreement); or (c) any third-party materials supplied under separate open-source or commercial licenses. |
|
Security Incident |
Any unauthorized access to, acquisition of, disclosure of, or loss of Customer Data that compromises its security, confidentiality, or integrity. |
|
Service Credit |
A monetary credit calculated as a percentage of the monthly Subscription Fees, issued to Customer as the sole contractual remedy for SLA failures, as set forth in Exhibit C. |
|
Service Order |
A mutually executed document (including Statements of Work) that identifies the specific Services, quantities, pricing, term, and any special terms. |
|
Services |
Aims’ proprietary SaaS research-management platform, intelligent virtual-assistant services, related APIs, Professional Services, support, and all associated software and Documentation provided to Customer under a Service Order. |
|
SLA |
The availability and support commitments set forth in Section 7 and Exhibit C. |
|
Subscription Fees |
The recurring fees payable for access to the Services, as specified in the applicable Service Order. |
|
Subscription Term |
The period of authorized access to the Services stated in a Service Order, including any renewal terms. |
|
Sub Processor |
A third-party service provider engaged by Aims to process Customer Data in order to provide the Services. |
2. ORDER OF PRECEDENCE
In the event of any conflict or inconsistency among documents, the following hierarchy will govern (each listed document prevailing over those that follow it):
If a later-dated document expressly states that it overrides a specific provision of a higher-level document, that statement will control for the identified provision only.
3. SERVICES AND SCOPE
3.1 Provision of Services. Subject to the terms of this Agreement and applicable Service Orders, Aims will make the Services available to Customer during the Subscription Term solely for Customer’s internal research and study management purposes.
3.2 Usage Restrictions. Customer shall not (a) license, sublicense, sell, resell, or distribute the Services; (b) reverse-engineer, decompile, or disassemble any component; (c) access the Services to build a competitive product; or (d) interfere with or disrupt the performance or integrity of the Services.
3.3 Professional Services. Any implementation, configuration, training, or custom development work will be described in a mutually executed Statement of Work and governed by this Agreement.
4. FEES, INVOICING, AND PAYMENT
4.1 Fees. Customer shall pay the fees specified in each Service Order.
4.2 Price Adjustments. Aims may increase recurring fees by up to five percent (5%) once per calendar year on at least sixty (60) days’ written notice. Customer may reject the increase by providing written notice prior to the renewal date, in which case the applicable Service Order will terminate at the end of the then-current term with no early-termination charge.
4.3 Invoicing & Payment Terms. Unless the Service Order states otherwise, Aims will invoice as follows: (1) SaaS subscription on an annual basis and (2) professional services, conversational AI usage, and other fees on a monthly basis. Amounts are due Net-45. Late payments accrue interest at one-and-one-half percent (1.5%) per month or the maximum rate permitted by law, whichever is lower. Payments shall be made in U.S. dollars via ACH or wire transfer to the account specified on the invoice.
4.4 Disputed Amounts. Customer shall notify Aims of good-faith fee disputes within forty-five (45) days of invoice; undisputed amounts remain payable. The Parties will work in good faith to resolve any dispute within thirty (30) days of notice.
4.5 Taxes. Fees are exclusive of taxes. Each Party is responsible for taxes based on its own income; Customer is responsible for sales, use, VAT, or similar taxes on the Services and will provide tax-exemption certificates where applicable.
5. TERM, RENEWAL, AND TERMINATION
5.1 Term of Agreement. This Agreement commences on the Effective Date and continues until all Service Orders expire or are terminated.
5.2 Subscription Term; Auto-Renewal. Each Service Order states an initial Subscription Term and, unless otherwise noted, renews for successive one-year periods.
5.3 Termination for Convenience (Customer). Customer may terminate any Service Order, in whole or in part, for convenience upon sixty (60) days’ written notice. Aims will refund any prepaid, unused fees pro-rated to the termination Effective Date.
5.4 Termination for Cause. Either Party may terminate this Agreement or an individual Service Order for material breach that remains uncured thirty (30) days after written notice. Either Party may also terminate immediately if the other Party enters bankruptcy, receivership, or a comparable insolvency proceeding.
5.5 Suspension. Aims may suspend access for undisputed, overdue amounts more than thirty (30) days past due, or for material security risk, but will provide reasonable prior notice unless immediate suspension is required by law. Service will be restored promptly once the suspension condition is cured, and Customer remains responsible for fees during suspension.
5.6 Effect of Termination. Upon termination, Customer’s right to access the Services ceases. Customer will have thirty (30) days from the Effective Date of termination to export Customer Data in a commonly used, machine-readable format (e.g., CSV, JSON, MP4 for recordings). After that window, and subject to Section 8.7 (Retention Period), Aims will securely delete Customer Data. Within thirty (30) days after the export window closes, each Party will return or destroy the other’s Confidential Information (except for archival copies maintained under standard backup procedures) and pay all undisputed amounts due.Notwithstanding the foregoing, Aims may retain Future Study Contact Data where each individual has provided written consent for re‑contact, solely for the purpose of inviting participation in future IRB‑approved studies. Aims shall maintain such data in accordance with HIPAA, and will delete it upon participant withdrawal of consent.
6. CUSTOMER RESPONSIBILITIES
Customer is responsible for: (a) the accuracy, quality, and legality of Customer Data and how it acquires such data; (b) user credentials and all activities occurring under its accounts; and (c) maintaining network connections to access the Services.
6.1 Minors and Parental Consent. For studies involving participants under eighteen (18) years of age, Customer shall obtain verifiable parental or guardian consent in compliance with the Children’s Online Privacy Protection Act (COPPA) and applicable state laws. The Services provide configurable consent-workflow features that facilitate, but do not replace, Customer’s regulatory obligations.
6.2 Participant Re-Contact Consent. Where participants provide explicit, IRB-approved written consent, Aims may retain limited contact information (full name, preferred contact method, language preference, demographic information, and prior study enrollment history) after study conclusion solely for notifying participants about future IRB-approved research opportunities. Such data shall be: (a) segregated from other Customer Data; (b) protected in accordance with Section 8 (Data Security) and the Business Associate Agreement; and (c) permanently deleted upon participant withdrawal of consent or at the end of the legally required retention period, whichever occurs first.
7. SERVICE LEVELS AND SUPPORT
This section sets forth Aims’ standard service levels. Enhanced service levels may be available under a separate Service Level Agreement executed between the parties for additional fees. The terms below represent baseline commitments for all customers.
7.1 Availability Commitment. The production Services will achieve 99.0% Monthly Uptime Percentage (“MUP”). Downtime exclusions and credit schedule are set forth in the SLA.
7.2 Chronic SLA Failure. If MUP falls below 96 % in any three (3) of six (6) consecutive calendar months, Customer may terminate the affected Service Order without penalty upon thirty (30) days’ written notice.
7.3 Support. Aims provides email and in-app support Mon-Fri 9 a.m.- 5 p.m. Eastern, excluding U.S. federal holidays, plus best efforts after-hours response for Severity-1 incidents, with guaranteed response the next business day.
7.4 Service Credits. If Monthly Uptime Percentage falls below the commitment in Section 7.1, Customer may request service credits equal to: (a) 5% of monthly subscription fees for each 0.5% below 99.0% uptime, (b) capped at 10% of monthly fees per incident. Credits apply to future invoices and represent Customer’s sole remedy for availability failures. Credit requests must be submitted within thirty (30) days of the incident with supporting documentation.
8. DATA SECURITY AND PRIVACY
8.1 Security Program. Aims will maintain an information-security program aligned with ISO 27001 and SOC 2 Type II, including: (a) encryption in transit (TLS 1.3 or higher) and at rest (AES-256); (b) least-privilege access controls; (c) annual penetration tests; (d) third-party security audits, with further technical details available to Customer upon request.
8.2 HIPAA & BAA. Where the Services involve PHI, the Parties shall execute the BAA attached as Exhibit B. The BAA supersedes any conflicting terms herein with respect to PHI.
8.3 FERPA. Aims shall comply with FERPA and will not redisclose Student Education Records except as permitted by 34 C.F.R. § 99.33.
8.4 Breach Notification. Aims will notify Customer in writing without undue delay, and in any event within seventy-two (72) hours of confirmation, of any Security Incident involving Customer Data, and will cooperate in remediation.
8.5 Data Residency. Customer Data will be stored and processed solely in HIPAA-compliant Microsoft Azure for Healthcare data centers located in the Eastern and Western United States regions, with primary hosting in Virginia and backup in California.
8.6 Retention Period. Aims will retain Customer Data for the minimum period required by applicable law (typically three (3) years for research data or six (6) years for PHI under HIPAA), unless a longer period is mandated by specific regulations or agreed in writing.
9. CONFIDENTIALITY
9.1 Each Party shall protect the other’s Confidential Information using the same degree of care it uses to protect its own similar information (but no less than reasonable care) and may use such information only to exercise rights or perform obligations under this Agreement.
9.2 Disclosures required by law or applicable public-records statutes (including Pennsylvania’s Right-to-Know Law) are permitted, provided the Receiving Party gives prior notice to the Disclosing Party (unless legally prohibited) and cooperates in any effort to seek protective treatment.
10. INTELLECTUAL PROPERTY RIGHTS
10.1 Ownership. (a) Customer Data. As between the Parties, Customer retains all right, title, and interest in and to Customer Data, except for Future Study Contact Data retained under Section 6.2. (b) Aims Materials. Aims retains all right, title, and interest in and to the Services, Documentation, algorithms, models, and all derivatives thereof, subject only to the limited license granted to Customer in Section 10.2. (c) Future Study Contact Data. Notwithstanding Section 10.1(a), and solely where each Participant has provided explicit, IRB-approved opt-in consent, Aims may retain and process Future Study Contact Data for the purpose of re-contacting Participants about future research studies. Aims shall (i) segregate Future Study Contact Data from other Customer Data, (ii) protect it in accordance with Section 8 (Data Security) and the Business Associate Agreement, and (iii) permanently delete it promptly upon Participant withdrawal of consent or at the end of the legally required retention period, whichever occurs first.
10.2 License to Aims. Customer grants Aims a non-exclusive license to host, copy, process, transmit, and display Customer Data as necessary to provide and improve the Services. Aims may create and use De-identified Data for internal analytics, benchmarking, and product improvement, provided such data cannot reasonably be used to identify Customer or any data subject and is not shared externally in a manner that would permit re-identification.
10.3 Customer-Exclusive Models. Models trained exclusively on Customer Data will not be provided to third parties without Customer’s prior written consent.
10.4 Academic Publication. Customer and its researchers may publish study results, methods, or statistical analyses that rely on the Services, provided no Aims trade secrets, proprietary source code, or identifiable participant data are disclosed without Aims’ prior written consent.
11. INDEMNIFICATION
11.1 By Aims. Aims will defend, indemnify, and hold harmless Customer, its trustees, officers, employees, and agents (“Customer Indemnitees”) against any third-party claim, suit, or proceeding (collectively, “Claim”) to the extent arising out of: (a) an allegation that the Services infringe a United States patent, copyright, or trademark or misappropriate a trade secret; (b) Aims’ violation of applicable data-privacy or security laws; or (c) bodily injury, death, or tangible property damage caused by Aims’ gross negligence or willful misconduct. Aims will pay all resulting damages, costs, and reasonable attorneys’ fees awarded by a court or agreed in settlement.
11.2 By Customer. Customer will defend, indemnify, and hold harmless Aims and its officers, employees, and agents (“Aims Indemnitees”) from any Claim arising out of: (a) Customer’s unlawful or unauthorized use of the Services; (b) Customer’s breach of this Agreement; or (c) Customer’s failure to obtain required consents for Customer Data.
11.3 Indemnification Procedure. The indemnified Party must (i) provide prompt written notice of the Claim, (ii) reasonably cooperate in the defense (at the indemnifying Party’s expense), and (iii) allow the indemnifying Party sole control of defense and settlement, provided no settlement admits liability or imposes obligations on the indemnified Party without its prior written consent (not to be unreasonably withheld).
12. INSURANCE
Aims shall maintain, at its own expense and for the Agreement’s duration, insurance with carriers rated A- or better by A.M. Best:
|
Coverage |
Minimum Limit |
|
Commercial General Liability |
US $1 million per occurrence / US $2 million aggregate |
|
Workers’ Compensation |
Statutory limits |
|
Technology Errors & Omissions and Network Security & Privacy Liability |
US $5 million each claim / US $5 million aggregate |
13. LIMITATION OF LIABILITY
Except for (i) either Party’s breach of confidentiality or intellectual-property obligations, (ii) indemnification obligations, or (iii) willful misconduct or gross negligence, each Party’s total cumulative liability under this Agreement shall not exceed the greater of (a) US $5,000,000 or (b) the fees paid or payable by Customer under the applicable Service Order during the twelve (12) months preceding the claim. Neither Party will be liable for any indirect, special, incidental, exemplary, or consequential damages, or lost profits, even if advised of the possibility.
14. AUDIT & RECORD RETENTION
14.1 Operational Audit. Customer may audit Aims’ security and compliance no more than once in any twelve (12)-month period, at Customer’s expense, during normal business hours.
14.2 Financial Records. Aims will retain records sufficient to substantiate charges and performance for at least three (3) years after final payment under each Service Order (or longer if required by 2 C.F.R. § 200.334 or other applicable law) and will make them available for inspection by Customer or government auditors.
15. SUB PROCESSORS
15.1 Use of Subprocessors. Aims may engage Sub processors to process Customer Data, provided each Subprocessor is bound by written obligations no less protective than those herein. For the avoidance of doubt, ‘Subprocessors’ refers to third-party service providers that process Customer Data to provide the Services, and does not include participants recruited by one Customer who consent to be contacted for other Customers’ future studies.
15.2 Subprocessor List. Upon Customer’s written request and under NDA, Aims will provide a current Subprocessor list updated within thirty (30) days of any changes. Customer may object to new Subprocessors within fifteen (15) days of list update on reasonable data-protection grounds.
15.3 Responsibility. Aims remains fully responsible for the acts and omissions of its Sub processors.
16. FORCE MAJEURE
Neither Party will be liable for delay or failure to perform due to events beyond its reasonable control, including natural disasters; war, terrorism, or civil unrest; labor disputes; and governmental actions, provided the affected Party promptly notifies the other and uses reasonable efforts to resume performance.
17. GOVERNING LAW & VENUE
This Agreement is governed by the laws of the state of Delaware, excluding its conflict-of-law rules. The state and federal courts located in Delaware shall have exclusive jurisdiction, and each Party consents to such venue.
18. ASSIGNMENT
Neither Party may assign this Agreement without the other Party’s prior written consent, except to a successor by merger, reorganization, or sale of substantially all assets, provided the successor agrees in writing to be bound by this Agreement.
19. NOTICES
Notices must be in writing and delivered by recognized courier, certified mail (return-receipt requested), or confirmed email to the addresses in the applicable Service Order. Notices are effective on receipt
20. EQUAL OPPORTUNITY & NON-DISCRIMINATION
Each Party will comply with Executive Order 11246, Section 503 of the Rehabilitation Act, the Vietnam Era Veterans’ Readjustment Assistance Act, and all applicable federal, state, and local equal-opportunity and non-discrimination laws and regulations.
21. PUBLICITY
Neither Party may issue press releases or public statements referencing the other without prior written consent. Customer, however, grants Aims a limited, revocable license to list Customer’s name and logo in customer lists and on Aims’ website unless Customer opts out in writing.
22. MISCELLANEOUS
22.1 Entire Agreement; Amendment. This Agreement (including Exhibits and Service Orders) constitutes the entire agreement and supersedes all prior agreements or communications. Amendments must be in writing and signed by both Parties.
22.2 Waiver & Severability. Failure to enforce any provision is not a waiver. If any provision is held unenforceable, the remainder remains in effect.
22.3 Export-Controls & Debarment. Each Party represents it (a) is not named on any U.S. government denied-party list, (b) will not export or permit access to the Services in violation of U.S. export-control laws, and (c) is not debarred, suspended, or proposed for debarment by any U.S. federal agency.
22.4 Counterparts; Electronic Signature. This Agreement may be executed in counterparts, including via reliable electronic signature, each deemed an original and together constituting one instrument.
22.5 Survival. Sections 1, 4 (with respect to amounts owed), 5.6, 7.2, 8–14, 17–22, and any other provision intended to survive, will survive termination or expiration of this Agreement.
