Master Services Agreement

1. Structure of Agreement

This Master Services Agreement constitutes the complete and controlling legal framework governing all services provided by ChaceTech, LLC, a Texas limited liability company, to the client executing a Statement of Work that expressly references and incorporates this Master Services Agreement. This Master Services Agreement establishes the legal, operational, financial, cybersecurity, risk allocation, enforcement, and dispute resolution architecture applicable to every service engagement between the parties. Services may include managed information technology services, cybersecurity monitoring, endpoint detection and response administration, firewall management, cloud administration, backup services, disaster recovery assistance, licensing procurement and administration, hardware procurement, remediation projects, consulting services, infrastructure support, and related professional services.

No services of any kind shall be provided except pursuant to a written Statement of Work, order form, or electronically accepted authorization that expressly incorporates this Master Services Agreement by reference. Each Statement of Work shall define the scope of services, pricing, quantities, technical parameters, service categories, and billing methodology applicable to that engagement. All legal protections, limitations of liability, exclusions of damages, indemnification obligations, cybersecurity risk allocations, insurance requirements, enforcement rights, and dispute resolution provisions shall be governed exclusively by this Master Services Agreement and shall apply uniformly to all services unless expressly modified by a written amendment signed by an authorized officer of ChaceTech, LLC.

In the event of any inconsistency between this Master Services Agreement and any Statement of Work, purchase order, onboarding document, vendor questionnaire, procurement template, request for proposal response, or other client generated document, the provisions of this Master Services Agreement shall control with respect to limitation of liability, indemnification, cybersecurity allocation of responsibility, payment enforcement, suspension rights, attorney fee recovery, limitation of actions, and all other legal protections afforded to ChaceTech, LLC. No modification shall be valid unless set forth in a written amendment that specifically references the provision being modified and is executed by an authorized officer of ChaceTech, LLC. The client acknowledges that the liability limitations and risk allocation provisions contained herein are material inducements for ChaceTech, LLC to enter into the service relationship and that pricing and service availability are expressly based upon this allocation of risk.

2. Term and Renewal

This Master Services Agreement shall commence on the effective date specified in the applicable Statement of Work and shall remain in effect for the initial term expressly stated therein. If no initial term is specified, the initial term shall be thirty six months. The parties acknowledge that the pricing structure, onboarding labor, inherited remediation of prior configurations, deployment of monitoring tools, configuration of cybersecurity safeguards, licensing commitments, staffing allocation, and vendor platform integration undertaken by ChaceTech, LLC require a stable contractual commitment in order to justify investment and resource planning. The initial term is therefore a material element of the economic structure of this agreement and is not incidental.

Upon expiration of the initial term, this Master Services Agreement shall automatically renew for successive one year renewal terms unless either party provides written notice of non renewal at least sixty days prior to expiration of the then current term. Written notice must be delivered in accordance with the formal notice provisions of this Master Services Agreement and must clearly state the intent not to renew. Failure to provide timely notice shall result in automatic renewal without further action by either party. Renewal shall not require execution of a new agreement, and all terms, conditions, limitations of liability, indemnification provisions, exclusions of damages, dispute resolution mechanisms, and risk allocation provisions shall continue in full force and effect during any renewal term.

The client acknowledges that automatic renewal is intended to prevent disruption of cybersecurity monitoring, licensing continuity, backup retention, vendor integration, and operational stability. Interruption of managed services creates material cybersecurity exposure. Accordingly, renewal structure is intended to preserve continuity of protection and stability of services.

3. Termination and Suspension

Either party may terminate this Master Services Agreement for material breach by the other party upon written notice describing the alleged breach in reasonable detail and allowing thirty days to cure. A material breach shall mean a substantial failure to perform a contractual obligation that defeats the essential purpose of the agreement. Failure to pay undisputed amounts when due constitutes material breach. Disputed amounts shall not relieve the client of the obligation to pay undisputed portions of any invoice when due.

If the client terminates this Master Services Agreement or any applicable Statement of Work prior to expiration of the initial term for any reason other than an uncured material breach by ChaceTech, LLC, the client shall immediately pay all unpaid amounts due and owing together with all remaining recurring service fees that would have been payable through the end of the initial term. The parties agree that ChaceTech, LLC makes substantial upfront investments in onboarding, remediation of inherited vulnerabilities, documentation reconstruction, cybersecurity deployment, staffing allocation, vendor licensing commitments, and capacity planning. Early termination causes financial harm that is difficult to calculate with precision. Accordingly, payment of remaining recurring fees constitutes reasonable liquidated damages and not a penalty.

ChaceTech, LLC may suspend services without terminating this Master Services Agreement if payment is more than fifteen days past due, if the client disables or refuses recommended security safeguards, if administrative access necessary to perform services is withheld, if required insurance is not maintained, or if continued service presents a material cybersecurity risk. Suspension shall not relieve the client of payment obligations and ChaceTech, LLC shall have no liability for damages arising from suspension undertaken in accordance with this section.

4. Fees and Payment

The client agrees to pay all fees specified in each applicable Statement of Work, including recurring managed service fees, cybersecurity platform fees, licensing fees, monitoring fees, project fees, onboarding fees, hardware procurement charges, vendor pass through costs, subscription renewals, and any applicable taxes. Unless otherwise specified in a Statement of Work, invoices are due upon receipt and shall be considered past due if not paid within fifteen days. Amounts not paid when due shall accrue interest at the rate of one and one half percent per month or the maximum rate permitted by law, whichever is lower, calculated from the due date until paid in full.

ChaceTech, LLC may require enrollment in automatic electronic payment as a material condition of service. Failure of a payment method does not excuse timely payment. The client remains responsible for ensuring that funds are received within the required timeframe. ChaceTech, LLC may increase recurring service fees annually by up to ten percent to account for increased labor costs, insurance premiums, inflationary pressures, cybersecurity insurance adjustments, and operational expenses. ChaceTech, LLC may also adjust pricing immediately to reflect increases imposed by third party vendors, licensing providers, cloud service operators, cybersecurity platforms, regulatory changes, or supply chain disruptions.

The client authorizes ChaceTech, LLC to audit asset counts and licensing quantities. Devices connected to monitored systems, enrolled in management platforms, or receiving security services are billable assets. Underreported assets may be invoiced retroactively. The client shall reimburse ChaceTech, LLC for reasonable collection costs, including attorney fees, arbitration fees, court costs, and administrative expenses incurred in enforcing payment obligations.

5. No Setoff or Withholding

The client agrees that payment obligations under this Master Services Agreement are absolute, unconditional, and independent of any other obligations under this agreement. The client shall not withhold, offset, deduct, reduce, or defer payment of any invoice based on alleged service dissatisfaction, performance disputes, cybersecurity incidents, service interruptions, vendor outages, regulatory investigations, or pending claims. Any dispute regarding services shall be resolved pursuant to the dispute resolution provisions set forth in this Master Services Agreement, but payment obligations shall remain enforceable pending resolution.

The client acknowledges that ChaceTech, LLC relies upon predictable recurring revenue to maintain staffing, monitoring infrastructure, vendor licensing commitments, and cybersecurity safeguards. Unilateral withholding of payment materially disrupts operations and shifts financial risk in a manner inconsistent with the parties’ agreed allocation of risk. Nothing in this section limits the client’s right to pursue a claim in accordance with this Master Services Agreement; however, payment obligations shall remain enforceable and collectible during the pendency of any dispute. The client expressly waives any right to assert setoff as a defense to payment of invoices.

6. Client Responsibilities

The client retains ultimate ownership and responsibility for its information technology environment, business operations, regulatory compliance, internal policies, and risk tolerance decisions. ChaceTech, LLC provides technical services and recommendations but does not assume control of the client’s business judgment, strategic decisions, regulatory interpretation, or operational management. The client shall provide timely and complete administrative access to systems, cloud environments, applications, network devices, credentials, encryption keys, and user accounts necessary to perform services. The client represents that it has authority to grant such access.

The client shall maintain systems in vendor supported status, including operating systems, firmware, and hardware devices. If ChaceTech, LLC recommends replacement of unsupported or end of life systems, the client shall approve and fund such replacement within a commercially reasonable timeframe. The client shall not disable recommended security safeguards, including multifactor authentication, endpoint detection and response tools, encryption controls, firewall configurations, logging mechanisms, or backup protections, without written acknowledgment of increased risk. Failure to comply with these responsibilities may void service level commitments and may limit or eliminate liability of ChaceTech, LLC to the maximum extent permitted by law.

7. Commercially Reasonable Efforts Standard

Unless expressly stated otherwise in a written Statement of Work, all services provided under this Master Services Agreement shall be performed using commercially reasonable efforts consistent with generally accepted industry practices applicable to managed service providers serving similarly situated small and mid market organizations. Commercially reasonable efforts do not constitute a warranty, guarantee, or assurance of uninterrupted service, absolute security, regulatory compliance, or specific outcome. The client acknowledges that commercially reasonable efforts do not require continuous manual monitoring, constant on site presence, or real time prevention of every security event, vulnerability, or operational disruption.

Commercially reasonable efforts are evaluated in light of the information available at the time services are performed and do not impose strict liability for evolving threats, zero day vulnerabilities, supply chain compromises, insider misconduct, or unforeseen technical interactions between third party systems. The client further acknowledges that information technology environments are dynamic and that industry standards evolve over time. Compliance with commercially reasonable efforts shall not be judged with hindsight based upon later discovered vulnerabilities or threat intelligence.

This section is intended to define the standard of care applicable to all services provided under this Master Services Agreement and to prevent imposition of a heightened fiduciary, insurer, or guarantor standard. This section survives termination and applies to all claims arising from services performed during the term.

8. Cybersecurity Shared Responsibility

The parties acknowledge that cybersecurity is a shared responsibility that requires continuous cooperation between ChaceTech, LLC and the client. ChaceTech, LLC provides monitoring, configuration assistance, patch management, alerting, endpoint detection and response administration, firewall management, vulnerability remediation guidance, and security related recommendations as described in the applicable Statement of Work. However, no cybersecurity program, regardless of sophistication, can guarantee absolute prevention, detection, or elimination of all cyber threats. The client expressly acknowledges that threat actors include criminal organizations, insider threats, nation state actors, supply chain adversaries, automated attack tools, and unknown actors deploying previously undiscovered vulnerabilities. Such threats may include ransomware, phishing, social engineering, credential theft, zero day exploits, distributed denial of service attacks, cloud platform compromise, and lateral movement within networks.

The client retains sole responsibility for data classification, legal interpretation of regulatory obligations, business continuity planning, ransom payment decisions, regulatory notification decisions, public communications, and procurement of cyber insurance coverage. ChaceTech, LLC does not warrant that all threats will be detected, that all unauthorized access will be prevented, that all malicious code will be blocked, or that systems will remain invulnerable. The client acknowledges that cybersecurity risk cannot be eliminated and that commercially reasonable efforts do not constitute a guarantee of outcome.

If the client declines, delays, or disables recommended safeguards, including multifactor authentication, encryption, network segmentation, advanced email filtering, immutable backups, or logging retention controls, the client assumes increased risk associated with such refusal. ChaceTech, LLC shall not be liable for incidents reasonably related to the client’s refusal to implement recommended security measures. All cybersecurity services are provided subject to the limitation of liability and exclusion of consequential damages provisions contained in this Master Services Agreement.

9. Backup and Disaster Recovery

Backup services provided by ChaceTech, LLC are intended to reduce the risk of catastrophic data loss but do not eliminate such risk. Backup solutions depend upon proper configuration, adequate storage capacity, stable network connectivity, functional hardware, vendor platform availability, credential integrity, encryption key retention, and absence of malicious interference. ChaceTech, LLC shall use commercially reasonable efforts to configure and monitor backup systems as described in the applicable Statement of Work. However, ChaceTech, LLC does not guarantee completeness of backup data, absence of corruption, successful capture of all files, successful retention of historical versions, or recovery within any specific timeframe.

The client acknowledges that backups may fail for reasons beyond the control of ChaceTech, LLC, including storage failure, credential expiration, vendor outage, ransomware encryption prior to detection, malicious deletion by authorized users, insufficient retention configuration, or preexisting data corruption. Restoration of data is contingent upon the integrity and availability of backup repositories and underlying infrastructure. The client is responsible for participating in periodic restoration testing and for reviewing backup reports made available through dashboards or notifications. Failure to test restorations upon recommendation may limit or eliminate liability of ChaceTech, LLC for backup integrity claims.

Disaster recovery services, if provided, are designed to assist in restoration of operations but do not guarantee uninterrupted business continuity, uninterrupted productivity, or avoidance of revenue loss. Recovery time objectives and recovery point objectives are estimates based on assumptions of system integrity and infrastructure availability. Business interruption losses remain the responsibility of the client and are excluded as consequential damages.

10. Third Party Products and Services

ChaceTech, LLC may integrate, resell, manage, or support products and services provided by third party vendors, including cloud service providers, telecommunications carriers, cybersecurity platform operators, software publishers, hardware manufacturers, and infrastructure hosting providers. The client acknowledges that such third party products and services are governed by the terms and conditions imposed by the applicable vendor and that ChaceTech, LLC does not control vendor performance, availability, security posture, pricing, financial stability, or operational continuity.

ChaceTech, LLC shall not be responsible for service interruptions, data loss, security incidents, vendor insolvency, supply chain disruption, licensing revocation, software defects, or contractual disputes arising from third party vendor failures. Remedies for vendor failures are limited to those provided by the vendor. Where ChaceTech, LLC facilitates procurement, title to hardware passes directly from vendor to client unless otherwise specified. All vendor pass through costs, including subscription increases, incident response fees imposed by vendors, data egress fees, and licensing true up charges, shall be the responsibility of the client.

The client acknowledges that cloud platforms operate under shared responsibility models and that certain security and configuration responsibilities remain with the client. ChaceTech, LLC does not guarantee vendor uptime, vendor compliance posture, or vendor infrastructure resilience.

11. Regulatory Disclaimer

ChaceTech, LLC provides technical services and does not provide legal advice, regulatory certification, audit services, or formal compliance determinations. The client acknowledges that compliance with applicable laws and regulations, including health information privacy laws, financial safeguarding regulations, consumer privacy statutes, payment card standards, and sector specific cybersecurity mandates, remains the sole responsibility of the client. Technical implementation of safeguards does not constitute legal certification of compliance.

The client is responsible for engaging qualified legal counsel and compliance professionals to interpret regulatory obligations. ChaceTech, LLC may provide technical assistance intended to support compliance objectives, but such assistance does not constitute a warranty, certification, or legal assurance. Regulatory fines, penalties, notification costs, investigation expenses, and remediation expenses arising from alleged non compliance remain the responsibility of the client except to the extent directly caused by proven willful misconduct of ChaceTech, LLC.

Regulatory frameworks evolve over time, and ChaceTech, LLC does not guarantee continued compliance in light of future regulatory changes unless expressly stated in a separate written agreement. All services are provided subject to the limitation of liability and exclusion of consequential damages.

12. No Independent Audit Obligation

Unless expressly set forth in a written Statement of Work signed by an authorized officer of ChaceTech, LLC, ChaceTech, LLC has no duty to independently audit, certify, or verify the client’s compliance with any regulatory framework, statutory requirement, industry standard, or contractual obligation. Provision of technical safeguards, configuration assistance, monitoring tools, or security recommendations does not create an obligation to monitor ongoing regulatory compliance or to identify every deviation from applicable legal standards.

The client retains sole responsibility for conducting periodic compliance assessments, engaging qualified legal counsel or auditors, and determining whether implemented safeguards satisfy regulatory requirements. Any compliance related review performed by ChaceTech, LLC is limited to technical implementation and does not constitute legal advice or certification.

This clarification is intended to prevent imposition of implied compliance auditing duties and to reinforce the shared responsibility model. This section survives termination.

13. Limitation of Liability

To the maximum extent permitted by law, the total aggregate liability of ChaceTech, LLC arising out of or related to this Master Services Agreement shall not exceed the total recurring service fees paid by the client during the twelve month period preceding the event giving rise to the claim. If services have been provided for less than twelve months, the limitation shall be calculated based on fees paid during that period. The parties agree that this limitation is cumulative and applies to all claims of every kind, whether asserted in contract, tort, negligence, statutory liability, or any other legal theory.

In no event shall ChaceTech, LLC be liable for indirect, incidental, special, exemplary, punitive, or consequential damages, including loss of profits, loss of revenue, business interruption, reputational harm, regulatory fines, data reconstruction costs, or loss of goodwill, regardless of foreseeability. The parties agree that exclusion of consequential damages is independent of and in addition to the monetary limitation of liability.

All indemnification obligations, including defense costs, settlements, and judgments, are included within and not in addition to the limitation of liability. The limitation of liability shall apply even if any exclusive remedy fails of its essential purpose. The only exception shall be proven willful misconduct, defined as intentional wrongdoing committed with actual knowledge that harm is substantially certain to occur. Gross negligence, ordinary negligence, or error in judgment shall not constitute willful misconduct.

14. Exclusion of Downtime and Loss of Use

Without limiting the exclusion of consequential damages, the parties expressly agree that loss of use of systems, loss of productivity, operational downtime, interruption of access to data, inability to transact business, delay in processing transactions, loss of business opportunity, and diminished system functionality shall be deemed excluded damages regardless of how characterized. Such damages shall be considered indirect or consequential even if a court were to determine that they might otherwise be characterized as direct damages.

The client acknowledges that information technology services inherently involve risk of temporary interruption due to maintenance, vendor outage, security response, or external events beyond the control of ChaceTech, LLC. The parties agree that allocation of downtime risk to the client is reflected in the pricing structure and limitation of liability set forth herein.

This exclusion applies to all claims, including claims arising from cybersecurity incidents, data breaches, ransomware encryption, vendor failures, system upgrades, suspension of services, and termination. This section survives termination and shall be interpreted broadly to enforce the parties’ intent to exclude downtime related damages.

15. Aggregation of Liability and Related Events

The limitation of liability set forth in this Master Services Agreement applies in the aggregate to all claims arising out of or related to the same or related acts, omissions, events, security incidents, or series of connected occurrences. Multiple claims arising from a single cybersecurity incident, ransomware event, system outage, data breach, or related sequence of technical events shall be deemed a single claim for purposes of calculating the limitation of liability. The limitation applies regardless of the number of claims, claimants, theories of liability, or legal causes of action asserted.

The client agrees that it shall not attempt to avoid or expand the limitation of liability by characterizing related events as separate incidents or by asserting alternative legal theories, including negligence, gross negligence, breach of contract, statutory violation, misrepresentation, or indemnification. All such claims shall be subject to the single aggregate limitation.

This section reinforces the parties’ agreed allocation of risk and is a material inducement to ChaceTech, LLC entering into this Master Services Agreement. The limitation applies to cybersecurity incidents, data breaches, ransomware events, business email compromise, regulatory investigations, and all other claims arising from services provided. This section survives termination and applies regardless of when a claim is asserted.

16. Indemnification

The client shall defend, indemnify, and hold harmless ChaceTech, LLC and its officers, members, managers, employees, contractors, and agents from and against third party claims, damages, fines, penalties, settlements, judgments, and expenses arising out of the client’s data, regulatory obligations, business operations, failure to implement recommended safeguards, or violation of law. The duty to defend includes payment of reasonable attorney fees and litigation expenses.

ChaceTech, LLC shall indemnify the client solely against third party claims directly caused by proven willful misconduct of ChaceTech, LLC, subject to the limitation of liability. All indemnification obligations are subject to and included within the limitation of liability.

The indemnifying party shall control the defense of covered claims, and no settlement shall impose liability on the indemnified party without written consent.

17. Third Party Claim Limitation

All indemnification obligations set forth in this Master Services Agreement apply solely to third party claims asserted by persons or entities other than the parties to this Agreement. Indemnification does not apply to direct claims between ChaceTech, LLC and the client arising out of alleged breach of this Master Services Agreement, performance disputes, or contractual disagreements. Direct claims between the parties are governed exclusively by the limitation of liability and exclusion of damages provisions set forth herein.

The parties acknowledge that indemnification is intended to allocate responsibility for external claims and not to expand remedies available between the contracting parties. All defense costs, settlements, judgments, and indemnified amounts remain subject to and included within the aggregate limitation of liability. This clarification is intended to prevent expansion of liability beyond the negotiated cap and survives termination.

18. Waiver of Subrogation

The client shall cause its insurers to waive subrogation rights against ChaceTech, LLC and shall provide evidence of such waiver upon request. The purpose of this section is to prevent indirect expansion of liability through insurance recovery mechanisms. If an insurer asserts a subrogation claim, the client shall defend and indemnify ChaceTech, LLC for such claim to the extent it exceeds the limitation of liability.

19. Confidentiality

Each party acknowledges that during the course of performing or receiving services under this Master Services Agreement it may receive, access, review, transmit, or otherwise become aware of confidential, proprietary, or nonpublic information of the other party. Confidential information includes, without limitation, network diagrams, system configurations, security architecture, administrative credentials, encryption keys, internal policies, remediation strategies, incident response procedures, pricing structures, financial records, employee information, customer information, vendor contracts, regulatory materials, and any other information that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure. Confidential information may be disclosed in written, electronic, visual, oral, or other tangible form.

Each party agrees to use the other party’s confidential information solely for purposes of performing obligations or exercising rights under this Master Services Agreement and to protect such confidential information using at least the same degree of care that it uses to protect its own confidential information of similar importance, but in no event less than reasonable care. Confidential information shall not be disclosed to any third party except to employees, contractors, subcontractors, insurers, auditors, legal counsel, or professional advisors who have a legitimate need to know such information and who are bound by confidentiality obligations at least as protective as those contained herein.

Confidential information does not include information that becomes publicly available without breach of this Master Services Agreement, was lawfully known to the receiving party without restriction prior to disclosure, was independently developed without use of the disclosing party’s confidential information, or is received from a third party without breach of any obligation of confidentiality. If disclosure is required by law, regulation, or court order, the receiving party shall provide prompt written notice to the disclosing party to the extent legally permitted so that protective measures may be sought.

The confidentiality obligations set forth in this section shall survive termination of this Master Services Agreement for a period of not less than three years, and with respect to trade secrets or security sensitive information, for so long as such information remains protected under applicable law.

20. Intellectual Property and Ownership

The client retains all right, title, and interest in and to its data, including business records, communications, files, customer information, and operational content stored within the client’s information technology environment. Nothing in this Master Services Agreement transfers ownership of client data to ChaceTech, LLC. The client grants ChaceTech, LLC a limited, nonexclusive, nontransferable, revocable license to access, process, and use client data solely as necessary to perform services described in the applicable Statement of Work.

ChaceTech, LLC retains all right, title, and interest in and to its methodologies, processes, scripts, automation tools, monitoring templates, documentation frameworks, configuration baselines, remediation procedures, technical playbooks, security workflows, and proprietary intellectual property, whether developed prior to or during the term of this Master Services Agreement. Any improvements, modifications, enhancements, or derivative works created by ChaceTech, LLC in the course of providing services shall remain the exclusive property of ChaceTech, LLC unless expressly transferred by written agreement signed by an authorized officer.

To the extent that deliverables provided to the client incorporate proprietary tools, scripts, automation, or processes of ChaceTech, LLC, such proprietary elements remain the property of ChaceTech, LLC. The client receives a limited license to use documentation and deliverables created specifically for the client’s environment for internal operational purposes during the term of service. The client shall not reverse engineer, duplicate, distribute, commercialize, sublicense, or disclose ChaceTech, LLC’s proprietary methodologies or materials without prior written consent.

This section survives termination and preserves the intellectual property rights of both parties consistent with the agreed allocation of ownership and risk.

21. Force Majeure

ChaceTech, LLC shall not be liable for any failure, delay, degradation, interruption, or inability to perform services caused by events or circumstances beyond its reasonable control. Such events include, without limitation, acts of God, natural disasters, fire, flood, hurricane, tornado, earthquake, war, terrorism, civil unrest, governmental action, labor disputes, embargo, sanctions, power outages, internet backbone failures, telecommunications carrier disruptions, widespread cybersecurity incidents, global ransomware outbreaks, exploitation of zero day vulnerabilities, supply chain compromise, cloud infrastructure failure, vendor platform outage, or insolvency of third party providers.

The client acknowledges that modern managed services depend upon a complex ecosystem of interconnected infrastructure providers, telecommunications carriers, cloud platforms, software vendors, and hardware manufacturers. Disruptions within this ecosystem may materially affect service delivery despite commercially reasonable safeguards. During the continuation of a force majeure event, performance obligations shall be suspended to the extent affected without liability to the client. ChaceTech, LLC shall use commercially reasonable efforts to resume performance when feasible, but restoration timelines may depend upon third party recovery efforts that are outside the direct control of ChaceTech, LLC.

The client agrees that no service credits, refunds, termination penalties, or damages shall be owed for delays or failures caused by force majeure events. The limitation of liability and exclusion of consequential damages apply fully to events falling within this section. The allocation of risk reflected herein is intended to account for the inherent unpredictability of external disruptions affecting information technology environments.

22. Dispute Resolution and Governing Law

This Master Services Agreement shall be governed by and construed in accordance with the laws of the State of Texas without regard to conflict of law principles. The parties acknowledge that uniform application of Texas law is a material component of the risk allocation and pricing structure underlying this agreement. Any dispute, claim, controversy, or proceeding arising out of or relating to this Master Services Agreement, any Statement of Work, any services provided, any invoice, any cybersecurity incident, any suspension, or any termination shall be brought exclusively in the state courts located in Harris County, Texas, or, if federal jurisdiction exists, in the federal courts serving Harris County, Texas.

The parties consent to personal jurisdiction and venue in such courts and waive any objection based upon forum non conveniens, lack of jurisdiction, or improper venue. The parties waive any right to trial by jury and waive participation in any class action, collective action, or representative proceeding. All disputes must be brought solely in an individual capacity.

Prior to initiating litigation, the parties shall provide written notice of the dispute and engage in good faith discussions to attempt resolution; however, this requirement shall not delay ChaceTech, LLC’s right to pursue collection of unpaid amounts or seek injunctive relief to protect its intellectual property or confidential information. The prevailing party in any dispute shall be entitled to recover reasonable attorney fees and costs as provided elsewhere in this Master Services Agreement. This section survives termination and applies to all disputes regardless of when they arise.

23. Limitation of Actions

Any claim, demand, lawsuit, arbitration, or other legal proceeding arising out of or related to this Master Services Agreement, any Statement of Work, any services provided, any cybersecurity incident, any billing dispute, any alleged breach, or any representation made in connection with services must be filed within one year after the claim accrues. A claim accrues when the party asserting the claim knew or reasonably should have known of the facts giving rise to the claim, regardless of whether the full extent of damages is known at that time.

The parties acknowledge that information technology environments generate logs and records that may be retained for limited periods and that delay in asserting claims can materially prejudice the ability to investigate and defend. The one year limitation period is therefore reasonable and necessary in the context of managed services relationships involving dynamic technical environments.

Failure to bring a claim within the specified period permanently bars the claim. This limitation applies to all theories of liability, including contract, tort, negligence, statutory claims, and equitable claims, to the fullest extent permitted by law. This section does not limit ChaceTech, LLC’s right to pursue collection of unpaid amounts under longer statutory limitation periods applicable to debt enforcement.

24. Attorney Fees

In any action, proceeding, arbitration, or dispute arising out of or related to this Master Services Agreement, any Statement of Work, any services provided, any cybersecurity incident response, any invoice, any suspension, any termination, or any enforcement of rights under this agreement, the prevailing party shall be entitled to recover reasonable attorney fees and costs from the non prevailing party. Recoverable costs include court costs, filing fees, service of process fees, deposition costs, expert witness fees, investigation expenses, travel expenses reasonably incurred for litigation, mediation fees, and post judgment enforcement costs.

ChaceTech, LLC shall be entitled to recover attorney fees and costs incurred in connection with collection of unpaid amounts, enforcement of suspension rights, enforcement of termination rights, enforcement of liquidated damages obligations, and defense of third party claims subject to indemnification. Recovery includes fees incurred at trial, on appeal, in arbitration, and in post judgment proceedings.

The parties agree that prevailing party fee recovery is intended to discourage frivolous claims, discourage strategic withholding of payment, and ensure that the party required to enforce contractual rights is made whole. This section survives termination of this Master Services Agreement.

25. Assignment and Subcontracting

ChaceTech, LLC may assign, delegate, or subcontract performance of services to qualified third parties, including subcontractors used for remote support, on site dispatch, cybersecurity monitoring, backup services, disaster recovery services, or specialized technical projects. The client acknowledges that managed services frequently require integration with third party tools and specialized providers. ChaceTech, LLC remains responsible for managing subcontractors consistent with the scope of services purchased, but subcontracting does not expand liability beyond the limitation of liability set forth herein.

The client may not assign this Master Services Agreement without prior written consent of ChaceTech, LLC. Any attempted assignment without consent is void. A change of control, merger, acquisition, or sale of substantially all assets of the client shall be treated as an assignment requiring written notice and consent because such transaction may materially alter scope, risk, and service demands.

ChaceTech, LLC may assign this Master Services Agreement in connection with a merger, reorganization, or sale of its business or assets. This Master Services Agreement remains enforceable against successors and assigns.

26. Non Solicitation of Personnel

During the term of this Master Services Agreement and for a period of twelve months following termination, the client shall not directly or indirectly solicit, recruit, hire, or engage any employee, contractor, or subcontractor of ChaceTech, LLC who was materially involved in providing services to the client, without prior written consent of ChaceTech, LLC. This restriction does not prohibit general advertisements not specifically targeted at such personnel.

The parties acknowledge that ChaceTech, LLC invests substantial time, training, and resources in recruiting and retaining skilled technical personnel and that loss of such personnel to a client would cause operational disruption and financial harm. In the event the client hires or engages such personnel in violation of this section, the client shall pay liquidated damages equal to one year of the individual’s total compensation at the time of departure. The parties agree that this amount represents a reasonable estimate of damages and not a penalty.

27. Data Retention and Transition

Upon termination or expiration of services for any reason, whether voluntary, involuntary, for breach, non renewal, or otherwise, the client shall be solely responsible for securing and preserving its data, documentation, credentials, and operational records. ChaceTech, LLC does not provide archival storage services and does not maintain terminated client data beyond a limited transition period described herein. The client must submit a written request for return of data, administrative credentials, configuration documentation, and related materials no later than fifteen days following the effective date of termination. Any requested data export, credential transfer, documentation compilation, or coordination with a successor service provider constitutes professional services and shall be billable at ChaceTech, LLC’s then current rates unless expressly included in an active Statement of Work.

ChaceTech, LLC shall have no obligation to preserve, archive, or maintain client data beyond fifteen days following termination. After that fifteen day period, ChaceTech, LLC may permanently delete all client data, backup repositories, stored credentials, configuration files, documentation, and other client related materials in its possession or control without further notice. The client acknowledges that deletion may be irreversible and agrees that ChaceTech, LLC shall have no liability whatsoever for data loss, business interruption, regulatory consequences, operational disruption, or other damages arising from deletion occurring after the expiration of the fifteen day transition period.

Release of any data, credentials, or documentation during the transition period is expressly conditioned upon payment in full of all outstanding invoices, accrued interest, liquidated damages, and transition service fees. The client acknowledges that it is solely responsible for maintaining independent copies of its data and for implementing its own data retention policies. ChaceTech, LLC disclaims any ongoing data retention obligation following termination, and this section survives termination to ensure that no post termination duty to store or safeguard client data is implied or imposed.

28. Survival of Obligations

The parties agree that certain provisions of this Master Services Agreement are intended by their nature and by express agreement to survive termination or expiration of the agreement. Termination or expiration of this Master Services Agreement, whether for breach, non renewal, convenience, or otherwise, shall not affect any rights, obligations, liabilities, or remedies that accrued prior to the effective date of termination. Without limitation, provisions relating to limitation of liability, exclusion of consequential damages, indemnification obligations, waiver of subrogation, cybersecurity allocation of responsibility, confidentiality, intellectual property ownership, dispute resolution, limitation of actions, attorney fee recovery, non solicitation of personnel, data retention, payment obligations, collection rights, and any other provision that by its terms contemplates performance or enforcement following termination shall survive and remain in full force and effect.

The parties acknowledge that risk allocation provisions are fundamental to the economic structure of this Master Services Agreement and that allowing such provisions to lapse upon termination would materially alter the agreed allocation of risk. Accordingly, any claim arising out of services performed during the term of this Master Services Agreement shall remain subject to all limitations, exclusions, waivers, and defenses set forth herein regardless of whether the claim is asserted before or after termination. Survival applies to claims based in contract, tort, negligence, statutory liability, indemnification, or any other legal theory.

The client further acknowledges that termination does not relieve it of responsibility for unpaid invoices, accrued interest, liquidated damages, or indemnification obligations arising from acts or omissions occurring during the term. This survival provision shall be interpreted broadly to preserve the enforceability of the parties’ agreed allocation of risk and remedies and shall apply to the maximum extent permitted by law.

29. Severability

If any provision of this Master Services Agreement, or any portion thereof, is determined by a court of competent jurisdiction to be unenforceable, invalid, or illegal, such determination shall not affect the validity or enforceability of the remaining provisions. The parties intend that this Master Services Agreement be enforced to the fullest extent permitted by law and that only the specific provision or portion thereof determined to be unenforceable shall be limited or severed. The remaining provisions shall remain in full force and effect and shall continue to reflect the original allocation of rights and risk between the parties.

The parties further agree that if any provision is deemed overly broad in scope, duration, or subject matter, the court shall modify the provision to the minimum extent necessary to render it enforceable while preserving the intent of the parties as closely as possible. The parties expressly request judicial modification rather than wholesale invalidation of any provision, particularly provisions relating to limitation of liability, indemnification, waiver of subrogation, non solicitation, and exclusion of consequential damages. The invalidity of any single provision shall not be interpreted as evidence that the parties would not have entered into this Master Services Agreement absent such provision.

The parties acknowledge that managed services agreements involve complex allocation of technical and financial risk and that preserving the overall enforceability of the agreement is essential. Accordingly, severability shall be applied in a manner that maintains the economic and legal balance originally negotiated between the parties to the maximum extent permitted by applicable law.

30. No Fiduciary Duty and Independent Contractor Status

The parties expressly acknowledge and agree that the relationship between ChaceTech, LLC and the client is strictly contractual in nature. Nothing in this Master Services Agreement shall be construed to create any fiduciary relationship, partnership, joint venture, agency, trustee relationship, or other special relationship imposing heightened duties upon ChaceTech, LLC beyond those expressly set forth in this Agreement. ChaceTech, LLC is and shall remain an independent contractor at all times. The client retains sole authority over business decisions, regulatory determinations, financial controls, risk tolerance decisions, employee supervision, and operational strategy.

The client acknowledges that ChaceTech, LLC provides technical services and recommendations but does not assume discretionary authority over corporate governance, internal controls, financial management, legal compliance strategy, or executive decision making. The mere provision of administrative credentials, system access, monitoring authority, or technical configuration capability does not create a fiduciary obligation or a relationship of trust and confidence beyond the express contractual obligations set forth herein.

The client further acknowledges that managed information technology services inherently involve shared responsibility and cooperative risk management, not unilateral assumption of duty. No provision of this Master Services Agreement shall be interpreted to impose upon ChaceTech, LLC any duty of loyalty, duty of care beyond commercially reasonable efforts, or other fiduciary standard. Any claim asserting breach of fiduciary duty is expressly waived to the fullest extent permitted by law. This section survives termination and is a material component of the agreed allocation of risk.

31. Services Not Insurance and No Guarantee of Security

The client acknowledges that the services provided under this Master Services Agreement are not insurance and are not intended to serve as a substitute for insurance coverage. The fees charged by ChaceTech, LLC reflect compensation for technical services and commercially reasonable efforts, not risk transfer premiums. ChaceTech, LLC does not assume the role of insurer, guarantor, or surety with respect to cybersecurity incidents, data loss, business interruption, regulatory penalties, or financial losses.

The client acknowledges that no cybersecurity system, monitoring platform, endpoint detection tool, firewall configuration, backup system, or technical safeguard can guarantee absolute prevention of intrusion, unauthorized access, data encryption, social engineering, insider misconduct, or operational disruption. The client further acknowledges that threat actors continuously evolve tactics and may exploit human error, credential compromise, zero day vulnerabilities, or supply chain weaknesses beyond the reasonable control of ChaceTech, LLC.

By entering into this Master Services Agreement, the client confirms that it has independently evaluated the need for cyber liability insurance, business interruption insurance, and other risk transfer mechanisms appropriate for its size and industry. The client agrees that ChaceTech, LLC shall not be liable for losses that could have been mitigated or transferred through commercially available insurance products. This section reinforces the limitation of liability and exclusion of consequential damages provisions and shall survive termination.

32. Client Insurance Requirements

The client shall maintain commercially reasonable insurance coverage throughout the term of this Master Services Agreement sufficient to protect against risks associated with its business operations and information technology environment. At a minimum, the client shall maintain general liability insurance and cyber liability insurance with limits not less than one million dollars per occurrence and two million dollars aggregate, or such greater limits as are commercially reasonable for the client’s size, industry, and regulatory exposure.

Cyber liability insurance shall include coverage for network security liability, privacy liability, data breach response costs, notification expenses, credit monitoring, regulatory investigations, business interruption, ransomware response, and third party liability arising from security incidents. The client shall ensure that such policies do not exclude coverage for acts or omissions of third party service providers.

Upon reasonable request, the client shall provide certificates of insurance evidencing required coverage. Failure to maintain required insurance constitutes a material breach of this Master Services Agreement and may result in suspension of services. The client acknowledges that the limitation of liability contained herein assumes the existence of client maintained insurance coverage and that the pricing structure reflects allocation of catastrophic risk to the client and its insurers. This section survives termination to the extent claims arise from acts or omissions occurring during the term.

33. Preexisting Conditions and Inherited Environment Disclaimer

The client acknowledges that, at the commencement of services, its information technology environment may contain preexisting vulnerabilities, misconfigurations, unsupported systems, inadequate documentation, prior security compromises, unlicensed software, or regulatory deficiencies created by prior service providers or internal personnel. ChaceTech, LLC does not warrant or represent that it can identify every preexisting condition during onboarding, nor does it assume liability for conditions that predate commencement of services.

Unless expressly identified in a written remediation plan within a Statement of Work, ChaceTech, LLC shall not be responsible for remediation of inherited vulnerabilities, undocumented administrative accounts, shadow information technology systems, prior data exfiltration, or latent security defects. The client acknowledges that remediation of legacy issues may require separate projects, additional cost, and reasonable time to implement.

ChaceTech, LLC shall not be liable for cybersecurity incidents, operational disruptions, regulatory consequences, or financial losses arising from preexisting conditions or inherited deficiencies unless directly caused by proven willful misconduct occurring after commencement of services. This disclaimer applies even if the preexisting condition is discovered after a security incident occurs. The client accepts responsibility for funding remediation of inherited risk once identified. This section survives termination and is integral to risk allocation in onboarding scenarios.

34. Internal Misconduct and Social Engineering Disclaimer

The client acknowledges that cybersecurity incidents frequently result from employee misconduct, credential sharing, failure to follow established security policies, phishing susceptibility, social engineering, unauthorized use of administrative privileges, or intentional internal wrongdoing. ChaceTech, LLC does not control the actions of the client’s employees, contractors, temporary personnel, or third party users with authorized access to systems.

ChaceTech, LLC shall not be liable for losses resulting from business email compromise, wire transfer fraud, credential compromise due to phishing, disclosure of multifactor authentication tokens, intentional disabling of safeguards by client personnel, or failure of client personnel to adhere to security training and internal controls. The effectiveness of technical safeguards depends upon user compliance and responsible conduct.

The client agrees to implement internal approval procedures for financial transactions, privileged access management, and credential handling. Failure to implement internal control procedures consistent with industry practice may increase risk and shall limit or eliminate liability of ChaceTech, LLC to the fullest extent permitted by law. This section reinforces the shared responsibility model and survives termination.

35. Regulatory Response and Investigation Assistance

In the event of a regulatory inquiry, investigation, audit, subpoena, civil investigative demand, or similar governmental action relating to the client’s information technology environment, any assistance requested from ChaceTech, LLC beyond ordinary managed services shall constitute billable professional services at then current rates. Such assistance may include document collection, system log extraction, participation in interviews, preparation of written explanations, forensic coordination, or consultation with legal counsel.

ChaceTech, LLC does not assume responsibility for legal strategy, regulatory interpretation, privilege determinations, or communications with governmental authorities unless separately retained under a written agreement. The client shall bear sole responsibility for engaging legal counsel and regulatory advisors.

ChaceTech, LLC shall not be responsible for regulatory fines, penalties, settlements, or consent decrees except to the extent directly caused by proven willful misconduct. Cooperation with investigations shall not expand liability beyond the limitation of liability set forth in this Master Services Agreement. This section survives termination and clarifies that regulatory response efforts are outside the scope of standard managed services.

36. Preservation of Evidence Disclaimer After Termination

Following termination or expiration of this Master Services Agreement, ChaceTech, LLC shall have no obligation to preserve system logs, backup repositories, configuration records, security alerts, or other electronically stored information unless the client enters into a separate written preservation agreement prior to deletion. The client acknowledges that managed service platforms are designed for operational monitoring and not indefinite archival storage for litigation purposes.

Absent a written preservation agreement executed prior to deletion, ChaceTech, LLC may delete operational data in accordance with its standard data lifecycle practices without liability for spoliation, evidentiary prejudice, or inability to reconstruct historical events. The client is solely responsible for implementing litigation holds and notifying ChaceTech, LLC in writing if preservation of specific data is required prior to termination.

This section is intended to prevent the imposition of implied post termination duties to preserve evidence and to clarify that deletion conducted pursuant to the Data Retention and Transition section does not constitute wrongful destruction. This section survives termination.

37. Electronic Execution and Binding Effect

The parties agree that this Master Services Agreement and any Statement of Work may be executed and accepted electronically. Electronic signatures, digital signatures, electronic acceptance through electronic mail, online portal confirmation, or electronic signature platform execution shall be deemed legally binding and enforceable to the same extent as handwritten signatures. Each party represents that the individual executing or electronically accepting this Master Services Agreement has authority to bind the respective entity.

The parties waive any defense based upon lack of physical signature, lack of original counterpart, or alleged defect in electronic execution. This provision ensures enforceability of electronically executed agreements and prevents disputes regarding contract formation. This section survives termination to the extent necessary to enforce rights and obligations arising from electronic acceptance.

38. Entire Agreement

This Master Services Agreement, together with each Statement of Work that expressly incorporates it by reference, constitutes the entire and exclusive agreement between the parties concerning the subject matter addressed herein and supersedes all prior and contemporaneous agreements, proposals, negotiations, representations, communications, and understandings, whether written or oral. The client acknowledges that it has not relied upon any statement, promise, assurance, marketing material, sales presentation, or representation not expressly set forth in this Master Services Agreement or an executed Statement of Work. Any claim of reliance upon extracontractual representations is expressly disclaimed to the fullest extent permitted by law.

The parties agree that purchase orders, procurement documents, onboarding questionnaires, vendor risk assessment forms, and other client generated documents shall not modify or supplement the terms of this Master Services Agreement unless a written amendment expressly referencing the affected provision is signed by an authorized officer of ChaceTech, LLC. Operational communications, including support tickets, email exchanges, or informal statements by personnel, shall not modify the legal structure of this agreement.

No amendment, modification, or waiver of any provision of this Master Services Agreement shall be effective unless set forth in a written instrument executed by an authorized officer of ChaceTech, LLC. The parties acknowledge that this entire agreement provision is intended to prevent after the fact expansion of duties or liability and to preserve the clarity of the agreed allocation of risk. This section survives termination and shall be interpreted broadly to preserve contractual certainty.