Loading...
The URL can be used to link to this page
Your browser does not support the video tag.
Home
My WebLink
About
Contract #: 1938 - From: 07-01-2025 To: 06-30-2026 - Tyler Technologies - IT
t e r @.k c;, inobgj,r,s SOFTWARE AS A SERVICE AGREEMENT This Software as a Service Agreement is made between Tyler Technologies, Inc. and Client. WHEREAS, Client selected Tyler to provide certain products and services set forth in the Investment Summary, including providing Client with access to Tyler's proprietary software products, and Tyler desires to provide such products and services under the terms of this Agreement; NOW THEREFORE, in consideration of the foregoing and of the mutual covenants and promises set forth in this Agreement,Tyler and Client agree as follows: SECTION A—DEFINITIONS • "Agreement" means this Software as a Service Agreement. • "Business Travel Policy" means our business travel policy. Our current Business Travel Policy is attached hereto as Exhibit B Schedule 1. • "Client" means the party indicated on the signature block or, in the absence of a signature block, the Investment Summary. • "Data" means your data necessary to use the Tyler Software. • "Data Storage Capacity" means the contracted amount of storage capacity for your Data, if any, identified in the Investment Summary. • "Defect" means a failure of the Tyler Software to substantially conform to the functional descriptions set forth in our written proposal to you (or the Documentation in the absence of a written proposal), or their functional equivalent. Future functionality may be updated, modified, or otherwise enhanced through our maintenance and support services, and the governing functional descriptions for such future functionality will be set forth in our then- current Documentation. • "Defined Users" means the number of users, if any,that are identified in the Investment Summary. If Exhibit A contains Enterprise Permitting & Licensing labeled software, defined users mean the maximum number of named users that are authorized to use the Enterprise Permitting & Licensing labeled modules as indicated in the Investment Summary. • "Developer" means a third party who owns the intellectual property rights to a Third-Party Product. • "Documentation" means any online or written documentation related to the use or functionality of the Tyler Software that we provide or otherwise make available to you, including instructions, user guides, manuals and other training or self-help documentation. • "Effective Date" means July 1, 2025. • "Force Majeure" means an event beyond the reasonable control of you or us, including, without limitation, governmental action, war, riot or civil commotion,fire, natural disaster, or any other cause that could not with reasonable diligence be foreseen or prevented by you or us. • "Investment Summary" means the agreed upon cost proposal for the products and services attached as Exhibit A. 1 • "Order Form" means an ordering document that includes a quote or investment summary and specifies the items to be provided by Tyler to Client, including any addenda and supplements thereto. • "Professional Services" means those services provided by Tyler or a third party related to the scope of this Agreement and identified in the Investment Summary. • "SaaS Fees" means the fees for the SaaS Services identified in the Investment Summary. • "SaaS Services" means software as a service consisting of system administration, system management, and system monitoring activities that Tyler performs for the Tyler Software and includes the right to access and use the Tyler Software, receive maintenance and support on the Tyler Software, including Downtime resolution under the terms of the SLA, and Data storage and archiving. SaaS Services do not include support of an operating system or hardware, support outside of our normal business hours, or training, consulting, or other professional services. • "SLA" means the service level agreement. A copy of our current SLA is attached hereto as Exhibit C. • "Support Call Process" means the support call process applicable to all our customers who have a right to use the Ty►er Software. Our current Support Call Process is attached hereto as Exhibit C Schedule 1. • "Third-Party Hardware" means the third-party hardware, if any, identified in the Investment Summary. • "Third-Party Products" means the Third-Party Software and Third-Party Hardware. • "Third-Party SaaS Services" means software as a service provided by a third party, if any, identified in the Investment Summary. • "Third-Party Services" means the third-party services, if any, identified in the Investment Summary. • "Third-Party Software" means the third-party software, if any, identified in the Investment Summary or included with the Tyler Software. • "Third-Party Terms" means the end user license agreement(s) or other terms, if any, for the Third-Party Products or other parties' products or services, as applicable, and attached or indicated at Exhibit D. • "Tyler" means Tyler Technologies, Inc., a Delaware corporation. • "Tyler Software" means our proprietary software, including any integrations, custom modifications, and/or other related interfaces identified in the Investment Summary and licensed by us to you through this Agreement. • "we," "us," 'bur" and similar terms mean Tyler. • "you" and similar terms mean Client. SECTION B—SAAS SERVICES 1. Rights Granted. We grant to you the non-exclusive, non-assignable limited right to use the SaaS Services solely for your governmental purposes, subject to any limits for Defined Users or Data Storage Capacity. You may add additional users or additional data storage capacity on the terms set forth in this Agreement. In the event you regularly and/or meaningfully exceed the Defined Users or Data Storage Capacity, we reserve the right to charge you additional fees commensurate with the overage(s). You acknowledge that we have no obligation to ship copies of the Tyler Software as part of the SaaS Services. Your right to use the SaaS Services applies to releases provided as part of our Maintenance and Support Services as further detailed in this Agreement. 2 2. Ownership. 2.1.We retain all ownership and intellectual property rights to the SaaS Services, the Tyler Software, and anything developed by us under this Agreement. You do not acquire under this Agreement any license to use the Tyler Software in excess of the scope and/or duration of the SaaS Services. 2.2.The Documentation is licensed to you and may be used and copied by your employees for internal, non-commercial reference purposes only. 3. Data. 3.1. You retain all ownership and intellectual property rights to the Data. You expressly recognize that except to the extent necessary to fulfill our obligations contained in this Agreement, we do not create or endorse any Data used in connection with the SaaS Services. 3.2. You expressly grant to us a limited, non-exclusive license to access, copy, transmit, download, display, and reproduce your Data to provide services pursuant to this Agreement. Additionally, you agree that Tyler may use deidentified Data for Client or third-party demonstrative or training purposes. 3.3.Our access to and use of your Data necessary to use the Tyler Software or SaaS Services will comply with applicable provisions of our Privacy Statement and applicable law. Our current Privacy Statement is attached hereto as Exhibit E. 3.4.Data Breach Notification. Tyler will provide notice of a breach of Client Data in accordance with applicable state and federal data breach notification laws. 4. Restrictions. 4.1.You may not: 4.1.1. make the Tyler Software or Documentation resulting from the SaaS Services available in any manner to any third party for use in the third party's business operations; 4.1.2. modify, make derivative works of, disassemble, reverse compile, or reverse engineer any part of the SaaS Services; 4.1.3. access or use the SaaS Services to build or support, and/or assist a third party in building or supporting, products or services competitive to us; or 4.1.4. license, sell, rent, lease,transfer, assign, distribute, display, host, outsource, disclose, permit timesharing or service bureau use, or otherwise commercially exploit or make the SaaS Services,Tyler Software, or Documentation available to any third party other than as expressly permitted by this Agreement. 4.1.5. Notwithstanding anything to the contrary in this Section 4.1, you may disclose, with our written consent, not to be unreasonably withheld, the Tyler Software, SaaS Services, or Documentation to a third party you consult with regarding the implementation or use of the Tyler Software and SaaS Services. You must ensure that any such third-party's use is subject to the terms of this Agreement, and you acknowledge and agree that you are liable for any breach of the terms of this Agreement by such third party. 5. Software Warranty. We warrant that the Tyler Software will perform without Defects during the term of this Agreement. If the Tyler Software does not perform as warranted,we will use all reasonable efforts, consistent with industry standards,to cure the Defect in accordance with our then-current Support Call Process. q oOoali0lr le 3 6. SaaS Services. 6.1.Audit& Compliance. Our SaaS Services are audited at least yearly in accordance with the AICPA's Statement on Standards for Attestation Engagements ("SSAE") No. 21. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or their equivalent,for so long as you are timely paying for SaaS Services. The foregoing notwithstanding, you acknowledge that the scope of audit coverage varies depending on the specific Tyler Software solution. We will provide you with a summary of our current compliance report(s) or its equivalent, upon your request. For the avoidance of doubt, if our SaaS Services are provided using a third-party data center, the compliance report may be for that third-party provider and be subject to confidential treatment in accordance with applicable law. If you want us to provide our compliance reports to a third-party auditor or similar entity, we reserve the right to require execution of an NDA by that third party. 6.2.Service Levels. The Tyler Software will be made available to you according to the terms of the SLA. Tyler SaaS Services will be provided via a third-party data center. Your Data will be inaccessible to our other customers. 6.3.Business Continuity. Data centers used to deliver SaaS Services for this Agreement have redundant telecommunications access, electrical power, and the required hardware to provide access to the SaaS Services in the event of a disaster or component failure. We test our disaster recovery plan on an annual basis. The plan is not client specific and is detailed in Tyler's System &Organization Control reports or their equivalent. In the event of a data center failure, we reserve the right to employ our disaster recovery plan for resumption of the SaaS Services. In that event, we commit to a Recovery Point Objective ("RPO")of 24 hours and a Recovery Time Objective ("RTO") of 24 hours. RPO represents the maximum duration of time between the most recent recoverable copy of your hosted Data and subsequent data center failure. RTO represents the maximum duration of time following data center failure within which your access to the Tyler Software must be restored. If we employ our disaster recovery plan, we will be responsible for restoring your Data and ensuring that the SaaS Services are online, and you will be responsible for validating your Data and confirming the functioning of the SaaS Services, including any integrations. 6.4.Security Measures. We provide secure Data transmission paths between your devices and the data center used to provide SaaS Services to you. Data centers used to provide SaaS Services are accessible only by authorized personnel with a unique key entry or comparable security. We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords, or other confidential information, and vulnerability and penetration test scanning of our network and systems (hosted or otherwise) are prohibited. Where applicable with respect to our applications that take or process card payment data, we comply with applicable requirements of PC] DSS. We agree to supply the then-current status of our PCI DSS compliance program in the form of an official Attestation of Compliance,which can be found at Exhibit F and, in the event of any change in our status, we will comply with applicable notice requirements. SECTION C—PROFESSIONAL SERVICES 4 1. Professional Services. We will provide you the various implementation-related services itemized in the Investment Summary. 2. Professional Services Fees. You agree to pay us the services fees in the amounts set forth in the Investment Summary. You acknowledge that the fees stated in the Investment Summary, unless expressly stated otherwise, are good-faith estimates of the amount of time and materials required for your implementation. We will bill you the actual fees incurred based on the in-scope services provided to you. Any discrepancies in the total values set forth in the Investment Summary will be resolved by multiplying the applicable rate by the quoted units. 3. Additional Services. The Investment Summary contains the scope of services and related costs (including programming and/or interface estimates) required for the project based on our understanding of the specifications you supplied. If additional work is required, or if you use or request additional services, we will provide you with an addendum or change order, as applicable, outlining the costs for the additional work. The price quotes in the addendum or change order will be valid for thirty(30) days from the date of the quote. 4. Cancellation. If you cancel services less than four(4) weeks in advance (other than for Force Majeure or breach by us), you will be liable for all (i) daily fees associated with cancelled professional services if we are unable to reassign our personnel and (ii) any non-refundable travel expenses already incurred by us on your behalf. We will make all reasonable efforts to reassign personnel in the event you cancel within four (4) weeks of scheduled commitments. 5. Services Warranty. We will perform services in a professional, workmanlike manner, consistent with industry standards. In the event we provide services that do not conform to this warranty, we will re-perform such services at no additional cost to you. 6. Site Access and Requirements. At no cost to us,you agree to provide us with reasonable access to your personnel,facilities, and equipment as may be reasonably necessary for us to provide implementation services, subject to any reasonable security protocols or other written policies provided to us as of the Effective Date, and thereafter as mutually agreed to by you and us. 7. Background Checks. All of our employees undergo criminal background checks prior to hire. All employees sign our confidentiality agreement and security policies. 8. Client Assistance. You acknowledge that the implementation of the Tyler Software is a cooperative process requiring the time and resources of your personnel. You certify that you will use reasonable efforts to cooperate with us and make your resources available for the performance of the Agreement in accordance with its terms and the mutually agreed project schedule. Additionally, you agree to use all reasonable efforts to cooperate with and assist us as may be reasonably required to support the efficient execution of the activities required for this Agreement. Accordingly,you will provide notice of any known inability to timely meet a project commitment so that appropriate project adjustments can be made. We will not be liable for failure to meet any project deadlines or milestones when such failure is due to Force Majeure or to the failure by you to comply with the requirements of this paragraph. 9. Maintenance and Support Services. tyler 5 9.1.For the duration of this Agreement, consistent with the terms set forth in our then-current Support Call Process, we will: 9.1.1. perform our maintenance and support obligations in a professional and workmanlike manner, consistent with industry standards, to provide support and resolve Defects in the Tyler Software (subject to any applicable release life cycle policy); 9.1.2. provide telephone support during our established support hours as indicated in our then-current Support Call Process; 9.1.3. maintain personnel that are sufficiently trained to be familiar with the Tyler Software and Third-Party Software, if any, in order to provide maintenance and support services; 9.1.4. provide releases to the Tyler Software (including updates and enhancements)that we make generally available without additional charge to customers with a current SaaS Agreement. 9.2.Your use of Tyler Software or SaaS Services requires that you remain current with supported releases of Tyler Software as indicated in any applicable release lifecycle policy. Our warranty and support commitments are contingent upon you using a supported version of the Tyler Software. Tyler may require you to update to a current version of the Tyler Software to address a critical issue(for example,to address an identified security vulnerability in the Tyler Software or a third-party component). Tyler will use commercially reasonable efforts to (i) minimize the number of such instances and (ii) provide as much advance notice as possible. 9.3.We will use all reasonable efforts to perform support services remotely. We reserve the right to use secure third-party connectivity tools to deliver maintenance and support services. We also reserve the right to collect Tyler Software or SaaS Services telemetry for product evaluation, quality assurance, and security monitoring and enhancement purposes. You agree to reasonably cooperate with us in providing access to your environments and Data for the purposes of providing maintenance and support services and acknowledge that our warranty, support, and service level obligations under this Agreement are contingent upon receiving reasonable access to your Data and systems. 9.4. For the avoidance of doubt, SaaS Fees do not include the following services: (a) onsite support; (b) application design; (c) other consulting services; or(d) telephone support outside our normal business hours as listed in our then-current Support Call Process. SECTION D—THIRD-PARTY PRODUCTS 1. Third-Party Hardware. We will sell and deliver any Third-Party Hardware set forth in the Investment Summary for the price indicated therein. Unless otherwise indicated, installation of Third-Party Hardware will be performed by Tyler or identified third party installers. 2. Third-Party Software. Your rights under this Agreement may include rights to certain Third-Party Software. We certify that we have acquired the right to provide the Third-Party Software to you. Your rights to the Third-Party Software will be governed by the Third-Party Terms and, in the absence of such terms,this Agreement. 3. Third Party Products Warranties. 3.1 We are authorized by each Developer or its authorized reseller to sell or grant access, tyler 6 applicable,to the Third-Party Products. 3.2 Unless otherwise expressly indicated,Third-Party Hardware will be new and unused. You will receive free and clear title to the Third-Party Hardware you purchase upon your payment in full of the purchase price. 3.3 You acknowledge that we are not the manufacturer of Third-Party Products. We do not warrant or guarantee the performance of the Third-Party Products. However, we grant and pass through to you any warranty that we may receive from the Developer or supplier of the Third- Party Products. 4. Third-Party Services. If you have purchased Third-Party Services,those services will be provided independently of Tyler by such third party at the rates set forth in the Investment Summary and in accordance with Exhibit B. SECTION E—TERM AND TERMINATION 1. Term. The term of this Agreement is three (3) years commencing on the Effective Date. Your right to access or use the Tyler Software and the SaaS Services will terminate at the end of this Agreement. 2. Termination. This Agreement may be terminated as set forth below. In the event of termination, you will pay us for all undisputed fees and expenses related to the software, products, and/or services you have received, or we have incurred or delivered, prior to the effective date of termination. Disputed fees and expenses in all terminations other than your termination for cause must have been submitted as invoice disputes in accordance with Section G(2). 2.1.Failure to Pay Fees. You acknowledge that continued access to the SaaS Services is contingent upon your timely payment of fees. We may terminate this Agreement if you do not cure a failure to pay within sixty(60) days of our notice to you that you have overdue payments. 2.2.For Cause. If you believe we have materially breached this Agreement, you will invoke the Dispute Resolution clause set forth in Section G(2). You may terminate this Agreement for cause after following the procedures set forth in Section G(2). 2.3.Force Majeure. Either party has the right to terminate this Agreement if a Force Majeure event suspends performance of the SaaS Services for a period of forty-five (4S) days or more. 2.4.Lack of Appropriations. If you should not appropriate or otherwise make available funds sufficient to utilize the SaaS Services, you may unilaterally terminate this Agreement upon thirty (30) days written notice to us. You will not be entitled to a refund or offset of previously paid, but unused SaaS Fees. You agree not to use termination for lack of appropriations as a substitute for termination for convenience. SECTION F—INDEMNIFICATION, LIMITATION OF LIABILITY AND INSURANCE 1. Intellectual Property Infringement Indemnification. 1.1. We will defend you against any third-party claim(s) that the Tyler Software or Documentation infringes that third-party's patent, copyright, or trademark, or misappropriates its trade secrets, and will pay the amount of any resulting adverse final judgment(or settlement to which we consent). You must notify us promptly in writing of the claim and give us sole control over its defense or settlement. You agree to provide us with reasonable assistance, cooperation, and information in defending the claim at our expense. tyler 7 1.2.Our obligations under this Section F(1) will not apply to the extent the claim or adverse final judgment is based on your use of the Tyler Software in contradiction of this Agreement, including with non-licensed third parties. 1.3.If an infringement or misappropriation claim is fully litigated and your use of the Tyler Software is enjoined by a court of competent jurisdiction, in addition to paying any adverse final judgment(or settlement to which we consent), we will, at our option, either: 1.3.1. procure the right to continue its use; 1.3.2. modify it to make it non-infringing; or 1.3.3. replace it with a functional equivalent. We may elect to employ these remedies in advance of litigation if we receive information concerning an infringement or misappropriation claim. 1.4.This section provides your exclusive remedy for third-party copyright, patent, or trademark infringement and trade secret misappropriation claims. 2. General Indemnification. 2.1.We will indemnify and hold harmless you and your agents, officials, and employees from and against any and all third-party claims, losses, liabilities, damages, costs, and expenses (including reasonable attorney's fees and costs) for(i) personal injury, death, or damage to tangible property, all to the extent caused by our negligence or willful misconduct; or(ii) our violation of law applicable to our performance under this Agreement. You must notify us promptly in writing of the claim and give us sole control over its defense or settlement. You agree to provide us with reasonable assistance, cooperation, and information in defending the claim at our expense. 2.2.The town of North Andover may only indemnify vendors to the extent allowed by relevant law and, if authorized, subject to appropriation. Article 62 of the Amended Constitution of the Commonwealth of Massachusetts states that "The credit of the commonwealth, and its political subdivisions, shall not in any manner be given or loaned to or in aid of any individual, or of any private association, or of any corporation which is privately owned and managed."The Massachusetts Constitution further mandates that all claims for money due and owing are "subject to appropriation". Any contract language which attempts to obligate the town of North Andover to indemnify or otherwise obligate the town to pay damages at some future date (in advance of an appropriation) is deemed void. Therefore, no contract may contain language obligating the town of North Andover to pay damages or to indemnify a Contractor(absent legislative language to the contrary) without an appropriation. Contractors may be indemnified "in accordance with law", such as if the town of North Andover is found liable for a breach or other damages that are awarded to a contractor through litigation or other contract claim, the contractor will be paid "subject to appropriation" by the Legislature. There can be no guaranteed entitlement to indemnification or damages. A contractor must always file a claim and prove damages.The town of North Andover is barred by law from providing any indemnification to Tyler or its Third-Party Software providers except for the "in accordance with law" exception detailed above. Tyler will notify the town of North Andover promptly in writing of the claim.Tyler agrees to provide the town of North Andover with reasonable assistance, cooperation, and information in � tyler 8 defending the claim at the town of North Andover's expense. 3. DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES PROVIDED IN THIS AGREEMENT AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW,WE HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS,WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO,ANY IMPLIED WARRANTIES, DUTIES, OR CONDITIONS OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. CLIENT UNDERSTANDS AND AGREES THAT TYLER DISCLAIMS ANY LIABILITY FOR ERRORS THAT RELATE TO USER ERROR. 4. LIMITATION OF LIABILITY. NOTWITHSTANDING ANYTHING TO THE CONTRARY SET FORTH IN THIS AGREEMENT,OUR LIABILITY FOR DAMAGES ARISING OUT OF THIS AGREEMENT, WHETHER BASED ON A THEORY OF CONTRACT OR TORT, INCLUDING NEGLIGENCE AND STRICT LIABILITY,SHALL BE LIMITED TO YOUR ACTUAL DIRECT DAMAGES, NOT TO EXCEED (i) DURING THE INITIAL TERM,AS SET FORTH IN SECTION E(1),TOTAL FEES PAID AS OF THE TIME OF THE CLAIM;OR(ii) DURING ANY RENEWAL TERM,THE THEN-CURRENT ANNUAL SAAS FEES PAYABLE IN THAT RENEWAL TERM. THE PARTIES ACKNOWLEDGE AND AGREE THAT THE PRICES SET FORTH IN THIS AGREEMENT ARE SET IN RELIANCE UPON THIS LIMITATION OF LIABILITY AND TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW,THE EXCLUSION OF CERTAIN DAMAGES,AND EACH SHALL APPLY REGARDLESS OF THE FAILURE OF AN ESSENTIAL PURPOSE OF ANY REMEDY. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO CLAIMS THAT ARE SUBJECT TO SECTIONS F(1)AND F(2). 5. EXCLUSION OF CERTAIN DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 6. Insurance. During the course of performing services under this Agreement, we agree to maintain the following levels of insurance: (i) Commercial General Liability of at least $1,000,000 per occurrence and $2,000,000 aggregate; (ii)Automobile Liability of$1,000,000 combined single limit; (iii) Professional Liability(inclusive of cyber protection) of$1,000,000 per claim and in the aggregate; (iv) Workers Compensation complying with applicable statutory requirements; and (v) Excess/Umbrella Liability of$5,000,000. We will add you as an additional insured to our Commercial General Liability and Automobile Liability policies, which will automatically add you as an additional insured to our Excess/Umbrella Liability policy as well. We will provide you with copies of certificates of insurance upon your written request. SECTION G—GENERAL TERMS AND CONDITIONS 1. Additional Products and Services. You may purchase additional products and services at the rates set forth in the Investment Summary for twelve (12) months from the Effective Date by executing a mutually agreed addendum. If no rate is provided in the Investment Summary, or those twelve (12) months have expired, you may purchase additional products and services at our then-current pricing, also by executing a mutually agreed addendum. The terms of this Agreement will control any such additional purchase(s), unless otherwise specifically provided in the addendum. 2. Performance Issues and Dispute Resolution. `: � tyler 9 2.1.Notice. You agree to provide us with written notice within thirty(30) days of receipt of an invoice (for invoice disputes) or, in the case of performance, becoming aware of an issue related to our performance under this Agreement. 2.2.Invoice Issues. 2.2.1. If the issue relates to an invoice, your notice must include the following: (i) the issue(s) with the invoice; (ii)the specific fee(s) at issue; and (iii)the corrective action(s)you are requesting of Tyler. 2.2.2. We will provide a response to your notice that (i) supports the validity of the invoice as issued by us; (ii) adjusts the invoice; or(iii) describes our plan to address the issues identified in your notice. 2.2.3. You agree to pay all undisputed fees by the due date. You acknowledge that you forfeit your right to dispute any fees under this Agreement when you fail to pay undisputed fees within sixty(60) days of our notice that the fees are overdue. 2.2.4. In addition to any other remedies available to us under this Agreement or law for non- payment, we reserve the right to recover from you our reasonable costs of collection associated with your failure to timely pay amounts due under this Agreement. 2.2.5. WE RESERVE THE RIGHT TO SUSPEND PERFORMANCE OF ANY SERVICE, INCLUDING ACCESS TO SAAS SERVICES, FOR FAILURE TO TIMELY PAY UNDISPUTED FEES FIFTEEN (15) DAYS FOLLOWING OUR NOTICE OF INTENTTO DO SO. 2.3.Dispute Resolution. You agree to cooperate with us in trying to reasonably resolve all disputes, including, if requested by either party, appointing a senior representative to meet and engage in good faith negotiations with our appointed senior representative. Senior representatives will convene within thirty(30) days of the written dispute notice, unless otherwise agreed. All meetings and discussions between senior representatives will be deemed confidential settlement discussions not subject to disclosure under Federal Rule of Evidence 408 or any similar applicable state rule. If we fail to resolve the dispute,then the parties shall participate in mediation in an effort to resolve the dispute. If the dispute remains unresolved after mediation, then either of us may assert our respective rights and remedies in a court of competent jurisdiction. Nothing in this section shall prevent you or us from seeking necessary injunctive relief during the dispute resolution procedures. 3. Taxes. The fees in the Investment Summary do not include any taxes, including, without limitation, sales, use, or excise tax. If you are a tax-exempt entity,you agree to provide us with a tax-exempt certificate. Otherwise, we will pay all applicable taxes to the proper authorities, and you will reimburse us for such taxes. If you have a valid direct-pay permit, you agree to provide us with a copy. For clarity, we are responsible for paying our income taxes, both federal and state, as applicable, arising from our performance of this Agreement. 4. Nondiscrimination. We will not discriminate against any employee or applicant in our employment practices or the performance of our duties, responsibilities, and obligations under this Agreement because of race, color, religion, gender, age, disability, religious beliefs, national, or ethnic origin. We will post, where appropriate, all notices related to nondiscrimination as may be required by applicable law. 5. E-Verify. We use the U.S. Department of Homeland Security's E-Verify system to confirm the eligibility of all current employees and persons hired during the contract term to perform services within the United States under this Agreement. tyler 10 6. Subcontractors. We will not subcontract any Professional Services specifically for this Agreement without your prior written consent, not to be unreasonably withheld. 7. Binding Effect; No Assignment. This Agreement shall be binding on, and shall be for the benefit of, either your or our successor(s) or permitted assign(s). Neither party may assign this Agreement without the prior written consent of the other party; provided, however, your consent is not required for an assignment by us as a result of a corporate reorganization, merger, acquisition, or purchase of substantially all of our assets. 8. Force Maieure. Except for your payment obligations, neither party will be liable for delays in performing its obligations under this Agreement to the extent that the delay is caused by Force Majeure; provided, however, that within ten (10) business days of the Force Majeure event,the party whose performance is delayed provides the other party with written notice explaining the cause and extent thereof, as well as a request for a reasonable time extension equal to the estimated duration of the Force Majeure event. 9. No Intended Third-Party Beneficiaries. This Agreement is entered into solely for the benefit of you and us. No third party will be deemed a beneficiary of this Agreement, and no third party will have the right to make any claim or assert any right under this Agreement. This provision does not affect the rights of third parties under any Third-Party Terms. 10. Entire Agreement;Amendment. This Agreement represents the entire agreement between you and us with respect to the subject matter hereof, and supersedes any prior agreements, understandings, and representations, whether written, oral, expressed, or implied. Purchase orders submitted by you, if any, are for your internal administrative purposes only, and the terms and conditions contained in those purchase orders will have no force or effect. This Agreement may only be modified in writing, signed by an authorized representative of the party against whom enforcement is sought. 11. Severability. If any term or provision of this Agreement is held invalid or unenforceable,the remainder of this Agreement will be considered valid and enforceable to the fullest extent permitted by law. 12. No Waiver. In the event that the terms and conditions of this Agreement are not strictly enforced by either party, such non-enforcement will not act as or be deemed to act as a waiver or modification of this Agreement, nor will such non-enforcement prevent such party from enforcing each and every term of this Agreement thereafter. 13. Independent Contractor. We are an independent contractor for all purposes under this Agreement. 14. Notices. All notices or communications required or permitted as a part of this Agreement, such as notice of an alleged material breach for a termination for cause or a dispute that must be submitted to dispute resolution, must be in writing and will be deemed delivered upon the earlier of the following: (i) actual receipt by the receiving party; or (ii) five (5) days following deposit with registered or certified mail with proper postage affixed and addressed to the other party at the address set forth in this Agreement or such other address as the party may have designated by ^ , lei" 11 proper notice. The consequences for the failure to receive a notice due to improper notification by the intended receiving party of a change in address will be borne by the intended receiving party. 15. Client Lists. You agree that we may identify you by name in client lists, marketing presentations, and promotional materials. 16. Confidentiality. Both parties recognize that their respective employees and agents, in the course of performance of this Agreement, may be exposed to confidential information and that disclosure of such information could violate rights to private individuals and entities, including the parties. Confidential information is nonpublic information that a reasonable person would believe to be confidential and includes, without limitation, personal identifying information (e.g., social security numbers) and trade secrets, each as defined by applicable state law. Each party agrees that it will not disclose any confidential information of the other party and further agrees to take all reasonable and appropriate action to prevent such disclosure by its employees or agents. The confidentiality covenants contained herein will survive the termination or cancellation of this Agreement. This obligation of confidentiality will not apply to information that: i. is in the public domain, either at the time of disclosure or afterwards, except by breach of this Agreement by a party or its employees or agents; ii. a party can establish by reasonable proof was in that party's possession at the time of initial disclosure; iii. a party receives from a third party who has a right to disclose it to the receiving party; or iv. is the subject of a legitimate disclosure request under the open records laws or similar applicable public disclosure laws governing this Agreement; provided, however,that in the event you receive an open records or other similar applicable request,you will give us prompt notice and otherwise perform the functions required by applicable law. 17. Business License. In the event a local business license is required for us to perform services hereunder, you will promptly notify us and provide us with the necessary paperwork and/or contact information so that we may timely obtain such license. 18. Governing Law. This Agreement will be governed by and construed in accordance with the laws of the commonwealth of Massachusetts, , without regard to its rules on conflicts of law. 19. Multiple Originals and Authorized Signatures. This Agreement may be executed in multiple originals, any of which will be independently treated as an original document. Any electronic,faxed, scanned, photocopied, or similarly reproduced signature on this Agreement or any amendment hereto will be deemed an original signature and will be fully enforceable as if an original signature. Each party represents to the other that the signatory set forth below is duly authorized to bind that party to this Agreement. 20. Cooperative Procurement. To the maximum extent permitted by applicable law, we agree that this Agreement may be used as a cooperative procurement vehicle by eligible jurisdictions. In such cases, we reserve the right to negotiate and customize the terms and conditions set forth herein, including but not limited to pricing, to the scope and circumstances of that cooperative procurement. 21. Data & Insights Solution Terms. Your use of certain Tyler solutions includes Tyler's Data & Insights r, V tyler 12 data platform. Your rights, and the rights of any of your end users,to use Tyler's Data & Insights data platform is subject to the Data & Insights SaaS Services Terms of Service, attached hereto as Exhibit G. By signing a Tyler Agreement or Order Form, or accessing, installing, or using any of the Tyler solutions listed at the linked terms, you certify that you have reviewed, understand, and agree to said terms. 22. Contract Documents. This Agreement includes the following exhibits: Exhibit A Investment Summary Exhibit B Invoicing and Payment Terms Schedule 1: Business Travel Policy Exhibit C Service Level Agreement Schedule 1: Support Call Process Exhibit D Third-Party Terms Schedule 1: DocOrigin End User License Agreement Schedule 2: End User License Agreement terms for ThinPrint Engine,ThinPrint License Server, and Connected Gateway Exhibit E Privacy Statement Exhibit F Attestation of Compliance Exhibit G Data & Insights SaaS Services Terms of Service IN WITNESS WHEREOF, a duly authorized representative of each party has executed this Agreement as of the date(s) set forth below. Tyler Technologies, Inc. Town of North Andover, Massachusetts ,., By: Name: Tina Mize Name: Melissa Murphy-Rodrigues, 5sq. Title: General Counsel. Title: TOWN MANAGER Public Administration Date: December 30, 2025 Date: � I Address for Notices: Address for Notices: Tyler Technologies, Inc. Town of North Andover 7701 College Boulevard 120 Main Street Overland Park, KS 66210 North Andover, MA 01845-2420 Attention:Chief Legal Officer Attention: X� ALA C , � -- 13 fly tyler, � es Exhibit A Investment Summary The Investment Summary details the products and services to be delivered by us, or a third party, as applicable, to you under the Agreement. This Investment Summary is effective as of the Effective Date regardless of any expiration date in the Investment Summary. Capitalized terms not otherwise defined will have the meaning assigned to such terms in the Agreement. REMAINDER OF PAGE INTENTIONALLY LEFT BLANK tyler S Quoted 6y: Charlie Hepbum ty er Quote .irati . /01/26 Quote Marra: Town of Norte Andover a ERP- hn- lop EPP RFP Saar ieffn Loo Sales Quotation For: Shipping Add NORTH ANDOVER,MA TOWN OF —1 own of North Andover 120 MAIN STREET 120 Main St NORTH I ANDOVER MA 01845 North Andover MA 01 5-2 20 Tier SaaS and Related Services all MEN=, Financial Management Accounting/GL/BG/AP 1 0 A-0,396.00 Cash Management 1 0 $3,552.00 .tract-1 Management 1 0 $2,288.00 Project&Grant Accounting 1 Q $8,780.00 Purchasing 1 0 58,174.00 €uman Resources Management HR Management 1 0 4f80500 Payroll w/ESS 1 0 S13,640.00 Recnwfinw 1 0 $5,082.00 Revenue t Accounts Receivable 1 0 $9,333.00 CAMA Bridge 1 3,477.1 Central Property File 1 0 1,W.00 Citizen Self Service 1 0 S7,233.00 General Bill-Ing 1 0 S4,736.00 2 25" 75- 3 CONFIDE AL Page i 1 MA Tax Title 1 0 $6,26100 Motor Vehicle Excise Tax 1 O S7,667.00 Tax Billing 1 O $2 ,792.00 Content Management Content Manager Core includes On boarding 1 O S 13,806a00 Data VWOts Enterprise I+ i and Reporting 1 0 S31,493.00 Additional Forms Processing Doc Origin Software 1 0 $6,237,00 G IS Site License 1 O $3,452,00 TOTAL 0 185,09440 Summary Ono Time Fees Recurring Fees Total Tyler License Fees $0.00 SO.00 Total SaaS $0.00 IE5,094.00 Total Tyler Services $0.00 $0.00 Total Third-Party Hardware,Software.,Services $0.00 $0.00 Summary Total $MOO $185,094,00 Client's purchase_se of the items listed above is subject to the Comments below Unless otherwise indicated in the contract or amendment thereto.pricing for optional items will held For six(6)months from the Quote date or the Effectwe Date of the Contract,whichever is later. Customer A_ is tee Print Name: -- _-F P,O. _. 2025-56 75-G6L8 3 CONFIDENTIAL Page 2 Vier 2 AI7 Pritnary values quoted in US Dollars Comments Client agrees that items in this sales quotation are,upon Client's signature or approval of same,hereby added to thee existing agreement "Agree t"% between the parties and subject to its terms.Additionally,payment for said items,as applicable but subject to any fisted assumptions herein;,shall conform to the foll ing to 3 License fees for Tyler and third party software are invoiced upon the earlier of(I)deliver of the license key or(ii)when Ty er makes such software available for download by the Client; • Fees for hardware are invoiced upon delivery: * Fees for year one of hardware maintenance are invoiced upon delivery of the hardware; Annual Maintenance and Support fees,SaaS fees,Hosting fees,and Subscription fees are first payable when Tyler makes the software mailable for download by the Client(for Maintenance)or on the first day of the month following the date this quotation was signed(for SaaS,Hostin& and Subscription),and any such fees are prorated to align with the applicable term under the Agreement,with renewals invoiced annually thereafter in accord-with the Agreement. Fees for services included in this sales quotation shall be invoiced as indicated below. • Implementation and other professional services fees shall be invoiced as delivered. • Fixed-fee Business Process Consulting servikes shall be invoiced 5 , upon delivery of the Best Practice Recommendations, ule, and 5 o upon delivery of custom desktop procedures,by module. • Fixed-fee conversions are invoiced o upon initial delivery of the converted data,by conversion module,and 509%upon dent acceptance to load the converted data into Live/Production Live/Production e ironment,by conversion module, • Except as otherwise provided,other fixed price services are invoiced upon complete delivery of the service.For the avoWance of doubt, ere"Project Planning Services'are provided,payment shall be invoiced upon delivery of the Implementation Planning document. Dedicated Project Management services,=1 any,Ml be invoiced monthly in arrears,beginning on the First day of the month immediately following initiation of project planning. ® If dent has purchased any change m-anagernent services,those services mill be invoiced in accordance with the Agreement. • Notwithstanding anything to the contrary stated above,the following payment terms shall apply to services fees _H lly for migrations:Tyler will invoice Client 5 of any Migration Fees listed above upon Client approval of the product suite migration 2025-566075-G6L8Q3 CONFIDENTIAL Page 3 -- _ schedule.The remaining 50%a by line item,will be billed upon the go4ive of the applicable product suite.Tyler will Invoice client for any Project Management Fees listed above upon the go-live of the first product suite,Unless otherwise indicated on this Sales quotation, annual services will be invoiced in advance,for annual terms cornrnening on the date this sales quotation is signed by the Client.If listed annual service(s)is an addition to the same ser0ce presently existing under the Agreement,the first term of the added annual ser% will be prorated to expire coterminous with the existing annual terms for the service,with renewals to occur as i€rdicated in the Agreement. Expensees associated with onsite services are Invoiced as incurred_ Tyler's quote contains estimates of the amount of services needed,based on our preliminary understanding of the scope,level of engagement, and timeline as defined in the Statement of Work(SOW)for your project.The actual amount of sertices required may vary,based on these factors° Tyle0s wising is based on the scope of proposed products and services contracted from,Tyler-Shouldportion.-of the scope of products or services be altered by the Client,Tyr reserves the right to adjust pnces for the remaining scope accordingly. Unless othenvise noted,prices submitted in the quote do not include travel expenses incurred in accordance with Tyler's then-current rat Business Travel Policy. T flees prices do not include applicable I 1,city or federal sales,use excise,personal property or other similar taxes or cluties,which you are responsible for determining and remitting.Installations are completed remotely otely but can be done onsite upon request at an additional cost. In the event client cancels services less than four(4)weeksin advance,dent is liable to Tyler for(i)all non-refundable expenses incurred by Tyler on Client's behalf;and(ii)daily fees associated with the cancelled services if Tyler is unable to re-assign its personnel, The Implementation Hours included in this quote assume a work split effort of y %Client and 30Y6 Tyler- Implementation Hours are scheduled and delivered in four(4)or eight(8)Maur increments. Tyler provides onsite tralr ng for a maar<murn of 12 people per class.In the event that more than 12 users wish to participate in a training class or more than one occurrence of a class is ,Tyler Will either provide additional days at then-current rates for training g or Tyler will utilize a Train-the-Trainer approach whereby the client designated attendees of the Initial training can thereafter train the remaining users. Content Manager Core includes up to 1TB of storage.Should additional storage be needed it may be purd aced as needed at an annual fee of 5 per TB, Financial library includes:1 Alp check-19FTV I,1 Purchase order,1 ,10991W,1099S,and 1099G- 2025-566075-G6LBQ3 CONFIDENTIAL Page 4 r T In the event Client acquires from Tyler any edition of Content Manager software other than Enterprise Edition,the license for Content Manager is restricted to use with Tyler applications only.if Client wishes to use Content Manager software with non-Tyler applications,Client must purchase or upgrade to Content Manager Enterprise Edition. Tyler's form library prices are based on the actual form quantities listed,and assume the forms will be provided according to the standard Enterprise ERA form template.Any forms in addition to the quoted amounts and types,including custom forms or forms that otherwise require custom programming,are subject to an additional fee.Please also note that use of the Tyler Forms functionality requires the use of approved printers as well.You may contact Tyler's support team for the most current list of approved printers.Any forms included in this quote are based on the standard form templates provided.Custom forms,additional forms and any custom programming are subject to additional fees not included in this quote.The additional fees would be quoted at the time of request,generally during the implementation of the forms.Please note that the form solution provided requires the use of approved printers.You may contact Tyler's support team for the most current list of approved printers. General Billing library includes:standard invoice,standard statement,standard general billing receipt and standard miscellaneous receipt. MA Tax Library-Standard forms(1 each)included:1st Qtr Real Estate,2nd Qtr Real Estate,(or combined 1 2 Quarter Personal Property),3rd Qtr Real Estate,4th Qtr Real Estate(or combined 3 4 Personal Poperty),Real Estate Demand,Personal Property Demand,Property Abatement, Motor Vehicle Excise,Motor Vehicle Demand,Boat Excise,Boat Demand and Municipal Lien Certificate. Payroll library includes:standard PR check,standard direct deposit,standard vendor from payroll check,standard vendor from payroll direct deposit,W2,W12c,ACA 1N-5B,ACA 1095C and 1099 R. 2025-566075-G6L8Q3 CONFIDENTIAL Page 5 %4% tyler f0 %o tyler : 00. f f("'chrd()p:�s Exhibit B Invoicing and Payment Terms We will provide you with the software and services set forth in the Investment Summary of the Agreement. Capitalized terms not otherwise defined will have the meaning assigned to such terms in the Agreement. Invoicing:We will invoice you for the applicable software and services in the Investment Summary as set forth below. Your rights to dispute any invoice are set forth in the Agreement. 1. Tyler Annual Services. 1.1. SoaS Services. SaaS Fees are invoiced on an annual basis, beginning on the commencement of the term as set forth in Section E(1) of this Agreement. Your annual SaaS fees for year one (1) of the term are set forth in the Investment Summary. SaaS Fees for years two (2) and three (3) of the term will not increase more than five percent (5%) on an annualized basis. 1.2. Other Annual Services. Fees for annual services other than SaaS Services are invoiced on an annual basis, beginning with the availability of the service. Your annual fees for the initial term are set forth in the Investment Summary. Upon expiration of the initial term, your annual fees will be at our then-current rates. 2. Tyler Services. 2.1. Professional Services Generally: Unless otherwise indicated below, fees for Tyler services are invoiced as delivered. 2.2. Consulting Services: Fixed fee Consulting Services will be invoiced 50% upon your acceptance of the Best Practice Recommendations, by module, and 50% upon your acceptance of custom desktop procedures, by module. 2.3. Conversions: Fixed-fee conversions are invoiced 50% upon initial delivery of the converted Data, by conversion option, and 50% upon Client acceptance to load the converted Data into Live/Production environment, by conversion option. Where conversions are quoted as estimated, we will bill you the actual services delivered on a time and materials basis. 2.4. Requested Modifications to the Tyler Software: Requested modifications to the Tyler Software are invoiced (i) 50% upon delivery of specifications and (ii) 50% upon delivery of the applicable modification. You must report any failure of the modification to conform to the specifications within thirty(30) days of delivery; otherwise, the modification will be deemed to be in compliance with the specifications after the 30-day window has passed. You may still report Defects to us as set forth in this Agreement. 2.5. Other Fixed Price Services: Other fixed price services are invoiced as delivered. For the avoidance of doubt, where "Project Planning Services" are provided, payment will be due upon delivery of the Implementation Planning document. Dedicated Project Management services, if any, will be billed monthly in arrears, beginning on the first day of the month immediately following initiation of project planning. Strategic Program Management Services, if any,will be billed monthly in arrears, beginning on the first day of the month immediately following initiation of program planning. ppuwF tyler 3. Hardware &Third-Party Products. 3.1. Hardware: Hardware costs, if any, are invoiced upon delivery. 3.2. Hardware Maintenance:The first year maintenance fee for hardware is invoiced upon delivery of the hardware. Subsequent annual maintenance fees for hardware are invoiced annually, in advance, at then-current rates, upon each anniversary thereof. 3.3. Third-Party Services: Fees for Third-Party Services, if any, are invoiced as delivered, along with applicable expenses, at the rates set forth in the Investment Summary. 3.4. Third Party Software. License Fees for Third Party Software, in any, are invoiced when the applicable Third Party Software is made available to you for download. 3.5. Third Party Software Maintenance:The first year maintenance fee for the Third Party Software is invoiced when it is made available to you for downloading. Subsequent annual maintenance fees for Third Party Software are invoiced annually, in advance, at then-current rates, upon each anniversary thereof. 3.6. Third-Party SoaS Services.Third-Party SaaS Services fees, if any, are invoiced on an annual basis, commencing with availability of the respective Third-Party SaaS Services. Pricing for the first year of Third-Party SaaS Services is indicated in the Investment Summary. Unless express stated otherwise, pricing for subsequent years will be at then-current rates. 4. Transaction Fees. Unless paid directly by an end user at the time of transaction, per transaction (call, message, etc.) fees are invoiced on a monthly basis. Fees are indicated in the Investment Summary and may be increased by Tyler upon notice of no less than thirty(30) days. 5. Expenses. The service rates in the Investment Summary do not include travel expenses. Expenses for Tyler delivered services will be billed as incurred and only in accordance with our then-current Business Travel Policy. Payment. Payment for undisputed invoices is due within forty-five (45) days of the invoice date. We prefer to receive payments electronically. Our electronic payment information is available by contacting AR@tylertech.com. tyler "'0 ty,ler f Exhibit B Schedule 1 Business Travel Policy 1. Air Travel A. Reservations &Tickets The Travel Management Company(TMC) used by Tyler will provide an employee with a direct flight within two hours before or after the requested departure time, assuming that flight does not add more than three hours to the employee's total trip duration and the fare is within $100 (each way) of the lowest logical fare. If a net savings of$200 or more (each way) is possible through a connecting flight that is within two hours before or after the requested departure time and that does not add more than three hours to the employee's total trip duration,the connecting flight should be accepted. Employees are encouraged to make advanced reservations to take full advantage of discount opportunities. Employees should use all reasonable efforts to make travel arrangements at least two (2) weeks in advance of commitments. A seven (7) day advance booking requirement is mandatory. When booking less than seven (7) days in advance, management approval will be required. Except in the case of international travel where a segment of continuous air travel is six(6) or more consecutive hours in length, only economy or coach class seating is reimbursable. Employees shall not be reimbursed for"Basic Economy Fares" because these fares are non-refundable and have many restrictions that outweigh the cost-savings. B. Baggage Fees Reimbursement of personal baggage charges are based on trip duration as follows: • Up to five(5) days=one (1) checked bag • Six (6) or more days =two (2) checked bags Baggage fees for sports equipment are not reimbursable. 1 2. Ground Transportation A. Private Automobile Mileage Allowance—Business use of an employee's private automobile will be reimbursed at the current IRS allowable rate, plus out of pocket costs for tolls and parking. Mileage will be calculated by using the employee's office as the starting and ending point, in compliance with IRS regulations. Employees who have been designated a home office should calculate miles from their home. B. Rental Car Employees are authorized to rent cars only in conjunction with air travel when cost, convenience, and the specific situation reasonably require their use. When renting a car for Tyler business, employees should select a "mid-size" or "intermediate" car. "Full" size cars may be rented when three or more employees are traveling together. Tyler carries leased vehicle coverage for business car rentals; except for employees traveling to Alaska and internationally(excluding Canada), additional insurance on the rental agreement should be declined. C. Public Transportation Taxi or airport limousine services may be considered when traveling in and around cities or to and from airports when less expensive means of transportation are unavailable or impractical. The actual fare plus a reasonable tip (15-18%)are reimbursable. In the case of a free hotel shuttle to the airport,tips are included in the per diem rates and will not be reimbursed separately. D. Parking&Tolls When parking at the airport, employees must use longer term parking areas that are measured in days as opposed to hours. Park and fly options located near some airports may also be used. For extended trips that would result in excessive parking charges, public transportation to/from the airport should be considered. Tolls will be reimbursed when receipts are presented. 3. Lodging Tyler's TMC will select hotel chains that are well established, reasonable in price, and conveniently located in relation to the traveler's work assignment. Typical hotel chains include Courtyard, Fairfield Inn, Hampton Inn, and Holiday Inn Express. If the employee has a discount rate with a local hotel,the hotel reservation should note that discount and the employee should confirm the lower rate with the hotel upon arrival. Employee memberships in travel clubs such as AAA should be noted in their travel profiles so that the employee can take advantage of any lower club rates. "No shows" or cancellation fees are not reimbursable if the employee does not comply with the hotel's cancellation policy. Tips for maids and other hotel staff are included in the per diem rate and are not reimbursed separately. 2 Employees are not authorized to reserve non-traditional short-term lodging, such as Airbnb,VRBO, and HomeAway. Employees who elect to make such reservations shall not be reimbursed. 4. Meals and Incidental Expenses Employee meals and incidental expenses while on travel status within the continental U.S. are in accordance with the federal per diem rates published by the General Services Administration. Incidental expenses include tips to maids, hotel staff, and shuttle drivers and other minor travel expenses. Per diem rates are available at www.gsa.gov/perdiem. Per diem for Alaska, Hawaii, U.S. protectorates and international destinations are provided separately by the Department of State and will be determined as required. A. Overnight Travel For each full day of travel, all three meals are reimbursable. Per diems on the first and last day of a trip are governed as set forth below. Departure Day Depart before 12:00 noon Lunch and dinner Depart after 12:00 noon Dinner Return DaV Return before 12:00 noon Breakfast Return between 12:00 noon &7:00 p.m. Breakfast and lunch Return after 7:00 p.m.* Breakfast, lunch and dinner *7:00 p.m. is defined as direct travel time and does not include time taken to stop for dinner. The reimbursement rates for individual meals are calculated as a percentage of the full day per diem as follows: Breakfast 15% Lunch 25% Dinner 60% B. Same Day Travel Employees traveling at least 100 miles to a site and returning in the same day are eligible to claim lunch on an expense report. Employees on same day travel status are eligible to claim dinner in the event they return home after 7:00 p.m.* *7:00 p.m. is defined as direct travel time and does not include time taken to stop for dinner. 3 Internet Access—Hotels and Airports Employees who travel may need to access their e-mail at night. Many hotels provide free high speed internet access and Tyler employees are encouraged to use such hotels whenever possible. If an employee's hotel charges for internet access it is reimbursable up to$10.00 per day. Charges for internet access at airports are not reimbursable. 5. International Travel All international flights with the exception of flights between the U.S. and Canada should be reserved through TMC using the"lowest practical coach fare" with the exception of flights that are six (6) or more consecutive hours in length. In such event, the next available seating class above coach shall be reimbursed. When required to travel internationally for business, employees shall be reimbursed for photo fees, application fees, and execution fees when obtaining a new passport book, but fees related to passport renewals are not reimbursable.Visa application and legal fees, entry taxes and departure taxes are reimbursable. The cost of vaccinations that are either required for travel to specific countries or suggested by the U.S. Department of Health& Human Services for travel to specific countries, is reimbursable. Section 4, Meals&Incidental Expenses, and Section 2.b., Rental Car, shall apply to this section. 4 1 ei�fti , t y I e r Exhibit C SERVICE LEVEL AGREEMENT I. Agreement Overview This SLA operates in conjunction with, and does not supersede or replace any part of, the Agreement. It outlines the information technology service levels related to the availability of the Tyler SaaS Services that you have requested us to provide. All other support services are documented in the Support Call Process. This SLA does not apply to any Third-Party SaaS Services. II. Definitions. Except as defined below, all defined terms have the meaning set forth in the Agreement. Actual Attainment: The percentage of time the Tyler Software is available during a calendar month, calculated as follows: (Service Availability—Downtime) _Service Availability. Client Error Incident:Any service unavailability resulting from your applications, content or equipment, or the acts or omissions of any of your service users or third-party providers over whom we exercise no control. Downtime: Those minutes during Service Availability, as defined below, when all users cannot launch, login, search or save primary data in the Tyler Software. Downtime does not include those instances in which only a Defect is present. Emergency Maintenance Window: (1) maintenance that is required to patch a critical security vulnerability; (2) maintenance that is required to prevent an imminent outage of Service Availability; or (3) maintenance that is mutually agreed upon in writing by Tyler and the Client. Planned Downtime: Downtime that occurs during a Standard or Emergency Maintenance window. Service Availability: The total number of minutes in a calendar month that the Tyler Software is capable of receiving, processing, and responding to requests, excluding Planned Downtime, Client Error Incidents, denial of service attacks and Force Majeure. Service Availability only applies to Tyler Software being used in the production environment. Standard Maintenance: Routine maintenance to the Tyler Software and infrastructure. Standard Maintenance is limited to five (5) hours per week. III. Service Availability a. Your Responsibilities Whenever you experience Downtime,you must make a support call according to the procedures outlined in the Support Call Process. You will receive a support case number. b. Our Responsibilities When our support team receives a call from you that Downtime has occurred or is occurring,we will work 1 with you to identify the cause of the Downtime (including whether it may be the result of Planned Downtime, a Client Error Incident, denial of service attack or Force Majeure). We will also work with you to resume normal operations. C. Client Relief Our targeted Attainment Goal is 100%. You may be entitled to credits as indicated in the Client Relief Schedule found below. Your relief credit is calculated as a percentage of the SaaS Fees paid for the calendar month. In order to receive relief credits, you must submit a request through one of the channels listed in our Support Call Process within fifteen (15) days of the end of the applicable month. We will respond to your relief request within thirty(30) days of receipt. The total credits confirmed by us will be applied to the SaaS Fee for the next billing cycle. Issuing of such credit does not relieve us of our obligations under the Agreement to correct the problem which created the service interruption. Credits are only payable when Actual Attainment results in eligibility for credits in consecutive months and only for such consecutive months. 99.99%-99.70% Remedial action will be taken 99.69%-98.50% 2%of SaaS Fees paid for applicable month 98.49%-97.50% 4% of SaaS Fees paid for applicable month 97.49%-96.50% 6%of SaaS Fees paid for applicable month 96.49%-95.50% 8% of SaaS Fees paid for applicable month Below 95.50% 10%of SaaS Fees paid for applicable month * Notwithstanding language in the Agreement to the contrary, Recovery Point Objective is one (1) hour. IV. Maintenance Notifications We perform Standard Maintenance during limited windows that are historically known to be reliably low-traffic times. If and when maintenance is predicted to occur during periods of higher traffic,we will provide advance notice of those windows and will coordinate to the greatest extent possible with you. Not all maintenance activities will cause application unavailability. However, if Tyler anticipates that activities during a Standard or Emergency Maintenance window may make the Tyler Software unavailable, we will provide advance notice, as reasonably practicable,that the Tyler Software will be unavailable during the maintenance window. 2 � � | �� ty,ler Exhibit C Schedule Support Call Process i Support Channels Tyler Technologies, Inc. provides the following channels of software support for authorized users*: (1) On-line submission (portal)—for less urgent and functionality-based questions, users may create support incidents through the Tyler Customer Portal available at the Tyler Technologies website. A built-in Answer Panel provides users with resolutions to most"how-to" and configuration- based questions through m simplified search interface with machine learning, potentially eliminating the need to submit the support case. /3\ Email—for less urgent situations, users may submit emails directly to the software support group. (3) Telephone—for urgent or complex questions, users receive toll-free,telephone software | support. | � / Channel availability may be8nnited/ur certain applications, � Support Resources A number of additional resources are available to provide a comprehensive and complete support experience: (1) Ty|erVVebsite—www.tvlertech.com—for accessing client tools,documentation,and other � � information including support contact information. ! (2\ Tyler Search-mknovw|edge based search engine that lets you search nnu|1|p|esources � . ' simultaneously to find the answers you need, 24x7. (3) Tyler Community—provides a venue for all Tyler clients with current maintenance agreements to collaborate with one another, share best practices and resources, and access documentation. (4) Tyler University—online training courses on Tyler products. � Support Availability Tyler Technologies support is available during the local business hours of 8 AM to 5 PM (Monday— Friday)across four US time zones(Paci#c, Mountain, Central and Eaotern).Tyler's holiday schedule is outlined below.There will beno support coverage on these days. New Year's Day Labor Day Martin Luther King,Jr. Day Thanksgiving Day Memorial Day Day after Thanksgiving Independence Day Christmas Day For support teams that provide after-hours service,vve will provide you with procedures for contacting support staff after normal business hours for reporting Priority Level 1 Defects only. Upon receipt of 1 such a Defect notification, we will use commercially reasonable efforts to meet the resolution targets set forth below. We will also make commercially reasonable efforts to be available for one pre-scheduled Saturday of each month to assist your IT staff with applying patches and release upgrades, as well as consulting with them on server maintenance and configuration of the Tyler Software environment. Incident Handling Incident Tracking Every support incident is logged into Tyler's Customer Relationship Management System and given a unique case number.This system tracks the history of each incident.The case number is used to track and reference open issues when clients contact support. Clients may track incidents, using the case number,through Tyler's Customer Portal or by calling software support directly. Incident Priority Each incident is assigned a priority level, which corresponds to the Client's needs.Tyler and the Client will reasonably set the priority of the incident per the chart below.This chart is not intended to address every type of support incident, and certain "characteristics" may or may not apply depending on whether the Tyler software has been deployed on customer infrastructure or the Tyler cloud.The goal is to help guide the Client towards clearly understanding and communicating the importance of the issue and to describe generally expected response and resolution targets in the production environment only. References to a "confirmed support incident" mean that Tyler and the Client have successfully validated the reported Defect/support incident. Priority Characteristics of Support Incident Resolution Targets* Level Support incident that causes (a) Tyler shall provide an initial response to Priority Level complete application failure or 1 incidents within one(1) business hour of receipt of application unavailability; (b) the incident. Once the incident has been confirmed, 1 application failure or unavailability in Tyler shall use commercially reasonable efforts to Critical one or more of the client's remote resolve such support incidents or provide a location; or(c) systemic loss of circumvention procedure within one (1) business multiple essential system functions. day. For non-hosted customers,Tyler's responsibility for lost or corrupted data is limited to assisting the Client in restoring its last available database. 2 Priority Characteristics of Support Incident Resolution Targets` Level Support incident that causes (a) Tyler shall provide an initial response to Priority Level repeated, consistent failure of 2 incidents within four(4) business hours of receipt of essential functionality affecting more the incident. Once the incident has been confirmed, than one user or(b) loss or corruption Tyler shall use commercially reasonable efforts to 2 of data. resolve such support incidents or provide a High circumvention procedure within ten (10) business days. For non-hosted customers,Tyler's responsibility for loss or corrupted data is limited to assisting the Client in restoring its last available database. Priority Level 1 incident with an Tyler shall provide an initial response to Priority Level existing circumvention procedure, or 3 incidents within one (1) business day of receipt of a Priority Level 2 incident that affects the incident. Once the incident has been confirmed, only one user or for which there is an Tyler shall use commercially reasonable efforts to 3 existing circumvention procedure. resolve such support incidents without the need for a Medium circumvention procedure with the next published maintenance update or service pack,which shall occur at least quarterly. For non-hosted customers, Tyler's responsibility for lost or corrupted data is limited to assisting the Client in restoring its last available database. Support incident that causes failure of Tyler shall provide an initial response to Priority Level 4 non-essential functionality or a 4 incidents within two (2) business days of receipt of cosmetic or other issue that does not the incident. Once the incident has been confirmed, Non- qualify as any other Priority Level. Tyler shall use commercially reasonable efforts to critical resolve such support incidents, as well as cosmetic issues,with a future version release. 'Response and Resolution Targets rnoy differ by product or business need Incident Escolotion If Tyler is unable to resolve any priority level 1 or 2 defect as listed above or the priority of an issue has elevated since initiation,you may escalate the incident to the appropriate resource, as outlined by each product support team. The corresponding resource will meet with you and any Tyler staff to establish a mutually agreeable plan for addressing the defect. Remote Support Tool Some support calls may require further analysis of the Client's database, processes or setup to diagnose a problem or to assist with a question. Tyler will, at its discretion, use an industry-standard remote support tool. Tyler's support team must have the ability to quickly connect to the Client's system and view the site's setup, diagnose problems, or assist with screen navigation. More information about the remote support tool Tyler uses is available upon request. 3 oeo."' tyler Exhibit D Third-Party Terms DocOrigin Terms. Your use of Tyler Forms software and forms is subject to the DocOrigin End User License Agreement,the current version of which is attached hereto as Exhibit D Schedule 1a By signing a Tyler Agreement or Order Form including Tyler forms software or forms, or accessing, installing, or using Tyler Forms software or forms, you agree that you have read, understood, and agree to such terms. ThinPrint Terms. Your use of Tyler Forms software and forms is subject to the End User License Agreement terms for ThinPrint Engine,ThinPrint License Server, and Connected Gateway,the current version of which is attached hereto as Exhibit D Schedule 2. By signing a Tyler Agreement or Order Form, or accessing, installing, or using Tyler Forms software or forms,you agree that you have read, understood, and agree to such terms. 1 oeo."o t y e r r ,Ys Exhibit D Schedule 1 DocOrigin End User License Agreement ATTENTION: THE SOFTWARE PROVIDED UNDER THIS AGREEMENT IS BEING LICENSED TO YOU BY ECLIPSE CORPORATION WSL, A FLORIDA PROFIT CORPORATION (THE "ECLIPSE CORPORATION"), AND IS NOT BEING SOLD. THIS SOFTWARE IS PROVIDED UNDER THE FOLLOWING AGREEMENT THAT SPECIFIES WHAT YOU MAY DO WITH THE SOFTWARE AND CONTAINS IMPORTANT LIMITATIONS ON REPRESENTATIONS,WARRANTIES, CONDITIONS, REMEDIES,AND LIABILITIES. DocOrigin SOFTWARE LICENSE IMPORTANT-READ CAREFULLY: This End-User License Agreement ("Agreement" or "EULA") is a legal agreement between you (either an individual person or a single legal entity,who will be referred to in this EULA as "You" and/or"Your") and Eclipse Corporation for the DocOrigin software product that accompanies this EULA, including any associated media, printed materials and electronic documentation (the "Software"). The Software also encompasses any software updates, add-on components, web services and/or supplements that may be provided to you or made available to you after the date you obtain the initial copy of the Software to the extent that such items are not accompanied by a separate license agreement or terms of use. By installing,copying,downloading,accessing or otherwise using the Software,you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA,do not install,access or use the Software; instead,you should remove the Software from all systems and receive a full refund. IF YOU ARE AN AGENT OR EMPLOYEE OF ANOTHER ENTITY YOU REPRESENT AND WARRANT THAT(1) THE INDIVIDUAL ACCEPTING THIS AGREEMENT IS DULY AUTHORIZED TO ACCEPT THIS AGREEMENT ON SUCH ENTITY'S BEHALF AND TO BIND SUCH ENTITY, AND (II) SUCH ENTITY HAS FULL POWER, CORPORATE OR OTHERWISE, TO ENTER INTO THIS AGREEMENT AND PERFORM ITS OBLIGATIONS HEREUNDER. 1. LICENSE TERMS 1.1 In this Agreement a "License Key" means any license key, activation code, or similar installation, access or usage control codes, including serial numbers digitally created and or provided by Eclipse Corporation ,designed to provide unlocked access to the Software and its functionality. 1.2 Evaluation License. Subject to all of the terms and conditions of this Agreement,Eclipse Corporation grants You a limited, royalty-free, non-exclusive, non-transferable license to download and install a copy of the Software from www.docorigin.com on a single machine and use it on a royalty-free basis for no more than 120 days from the date of installation (the"Evaluation Period"). You may use the Software during the Evaluation Period solely for the purpose of testing and evaluating it to determine if You wish to obtain a commercial, production license for the Software.This evaluation license grant will automatically end on expiry of the Evaluation Period and you acknowledge and agree that Eclipse Corporation will be under no obligation to renew or extend the Evaluation Period. If you wish to continue using the Software You may, on payment of the applicable fees, upgrade to a full license (as further described in section 1.3 below)on the terms of this Agreement and will be issued with a License Key for the same. If you do not wish to continue to license the Software after expiry of the 1 Evaluation Period, then You agree to comply with the termination obligations set out in section [7.3] of this Agreement.For greater certainty,any document generated by you under an evaluation license will have a 'spoiler' or watermark on the output document. Documents generated by DocOrigin software that has a valid license key file also installed will not have the 'spoiler' produced. You are not permitted to remove the watermark or 'spoiler' from documents generated using the software under an evaluation license. 1.3 Development and Testing Licenses. Development and testing licenses are available for purchase through authorized distributors and resellers of Eclipse Corporation only. Subject to all of the terms and conditions of this Agreement, Eclipse Corporation grants You, a perpetual (subject to termination by Eclipse Corporation due to your breach of the terms of this Agreement), non- exclusive, non-transferable, worldwide non-sub license able license to download and install a copy of the Software from www.docorigin.com on a single machine and use for development and testing to create collateral deployable to Your production system(s). You are not entitled to use a development and testing license for live production purposes. 1.4 Production Licenses. Production licenses are available for purchase through authorized distributors and resellers of Eclipse Corporation only. Subject to all of the terms and conditions of this Agreement, Eclipse Corporation grants You, a perpetual (subject to termination by Eclipse Corporation due to your breach of the terms of this Agreement), non-exclusive, non-transferable, worldwide non-sub license able license to use the Software in accordance with the license type purchased by you as set out on your purchase order as further described below. For greater certainty, unless otherwise agreed in a purchase order concluded with an approved distributor of the Software, and approved by Eclipse Corporation, the default license to the Software is a per-CPU license as described in A. below: A. Per-CPU.The total number of CPUs on a computer used to operate the Software may not exceed the licensed quantity of CPUs. For purposes of this license metric: (a) CPUs may contain more than one processing core, each group of two(2)processing cores is consider one (1)CPU., and any remaining unpaired processing core, will be deemed a CPU. (b)all CPUs on a computer on which the Software is installed shall be deemed to operate the Software unless You configure that computer (using a reliable and verifiable means of hardware or software partitioning)such that the total number of CPUs that actually operate the Software is less than the total number on that computer. Virtual Machines("VM's")are considered as a server. Installing and configuring the software on multiple VM's requires one license per VM server. An enterprise license is available upon request. Pricing varies based on the size of the company. These "Per-CPU" Licenses in Section 1.4(A.) do not include the maintenance and support services provided pursuant to Section 3 of this Agreement. B. Per-Document. This is defined as a fee per document based on the total number of documents generated annually by merging data with a template created by the Software. The combined data and template produce documents of one or more pages. A document may contain 1 or more pages. For instance, a batch of invoices for 250 customers may contain 1,000 pages,this will be counted as 250 documents which should correspond to 250 invoices.These"Per-Document"Licenses in Section 1.4(A.)do include the maintenance and support services provided pursuant to Section 3 of this Agreement subject to annual payment by You to Eclipse Corporation and subject to the terms and provisions set forth in Section 3 of this Agreement. 1.5 Disaster Recovery License. You may request a Disaster Recovery license of the Software for each production license You have purchased as a failover in the event of loss of use of the production server(s). This license is for disaster recovery purposes only and under no circumstance may the disaster recovery license be used for production simultaneously with a production license with which it is paired. 1.6 Backup Copies. After installation of the Software pursuant to this EULA, you may store a copy of the installation files for the Software solely for backup or archival purposes. Except as expressly provided in this EULA, you may not otherwise make copies of the Software or the printed materials 2 accompanying the Software. 1.7 Third-Party Software License Rights. If a separate license agreement pertaining to an item of third-party software is: delivered to You with the Software, included in the Software download package,or referenced in any material that is provided with the Software,then such separate license agreement shall govern Your use of that item or version of Third-Party Software. Your rights in respect to any third-party software, third-party data,third-party software or other third-party content provided with the Software shall be limited to those rights necessary to operate the Software as permitted by this Agreement. No other rights in the Software or third-party software are granted to You. 2. LICENSE RESTRICTIONS Any copies of the Software shall include all trademarks, copyright notices, restricted rights legends, proprietary markings and the like exactly as they appear on the copy of the Software originally provided to You. You may not remove or alter any copyright,trademark and/or proprietary notices marked on any part of the Software or related documentation and must reproduce all such notices on all authorized copies of the Software and related documentation. You shall not sublicense, distribute or otherwise make the Software available to any third party (including,without limitation, any contractor,franchisee, agent or dealer)without first obtaining the written consent and agreement of(a)Eclipse Corporation to that use,and (b)such third party to comply with this Agreement. You further agree not to (i)rent, lease, sell, sublicense, assign, or otherwise transfer the Software to anyone else; (ii) directly or indirectly use the Software or any information about the Software in the development of any software that is competitive with the Software, or (iii) use the Software to operate or as a part of a time-sharing service, outsourcing service,service bureau,application service provider or managed service provider offering. You further agree not to reverse engineer, decompile, or disassemble the Software. 3. UPDATES, MAINTENANCE AND SUPPORT 3.1 During the validity period of Your License Key, You will be entitled to download the latest version of the Software from the DocOrigin website (www.docorigin.com). You will be entitled to use of any updates provided to You and shall be governed by the terms and conditions of this Agreement. Eclipse Corporation reserves the right at any time to not release or to discontinue release of any Software and to alter prices, features, specifications, capabilities, functions, licensing terms, release dates, general availability or other characteristics of the Software. 3.2 On expiry of your maintenance and support contract, you will have the right to continue using the current version(s)of the Software which you downloaded prior to the date of expiry of your License Key. However, you will need to renew maintenance and support in order to receive a new License Key that will unlock the more current version(s) of the Software. For greater certainty, if you attempt to use an expired License Key to download the latest version of the Software,the Software will revert to being a locked, evaluation copy of that version of the Software. 4. INTELLECTUAL PROPERTY RIGHTS. This EULA does not grant you any rights in connection with any trademarks or service marks of Eclipse Corporation or DocOrigin. All title and intellectual property rights in and to the Software, the accompanying printed materials, and any copies of the Software are owned by Eclipse Corporation or its suppliers.All title and intellectual property rights in and to the content that is not contained in the Software,but may be accessed through use of the Software, is the property of the respective content owners and may be protected by applicable copyright or other intellectual property laws and treaties. This EULA grants you no rights to use such content. If this Software contains documentation that is provided only in electronic form, you may print one copy of such electronic documentation. 5. DISCLAIMER OF WARRANTIES. TO THE GREATEST EXTENT PERMITTED BY LAW, THE LICENSED SOFTWARE AND TECHNICAL SUPPORT PROVIDED BY ECLIPSE CORPORATION HEREUNDER ARE PROVIDED ON AN "AS IS" BASIS AND THERE ARE NO WARRANTIES, REPRESENTATIONS OR CONDITIONS, EXPRESS OR IMPLIED, WRITTEN OR ORAL, ARISING BY STATUTE, OPERATION OF LAW, COURSE OF DEALING, USAGE OF TRADE OR OTHERWISE, REGARDING THEM OR ANY OTHER PRODUCT OR SERVICE PROVIDED UNDER 3 THIS AGREEMENT OR IN CONNECTION WITH THIS AGREEMENT BY ECLIPSE CORPORATION ECLIPSE CORPORATION DISCLAIM ANY IMPLIED WARRANTIES OR CONDITIONS OF QUALITY, MERCHANTABILITY, MERCHANTABLE QUALITY, DURABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. ECLIPSE CORPORATION DOES NOT REPRESENT OR WARRANT THAT THE SOFTWARE SHALL MEET ANY OR ALL OF YOUR PARTICULAR REQUIREMENTS, THAT THE SOFTWARE WILL OPERATE ERROR-FREE OR UNINTERRUPTED OR THAT ALL ERRORS OR DEFECTS IN THE SOFTWARE CAN BE FOUND OR CORRECTED. In certain jurisdictions,some or all of the provisions in this Section may not be effective or the applicable law may mandate a more extensive warranty in which case the applicable law will prevail over this Agreement. 6. INDEMNIFICATION &LIMITATIONS OF LIABILITY. 6.1 Eclipse Corporation shall have the sole discretion and option to choose defend and/or settle, any claims, actions,allegations or proceedings against You to the extent arising out of or relating to misappropriation or infringement by the Software of any third party's proprietary or intellectual property right("Claims"),or the sole discretion and option to choose enter into any settlement amounts agreed by Eclipse Corporation; subject to the conditions that, You shall notify Eclipse Corporation promptly of any Claims against You, and You agree to permit Eclipse Corporation,at its sole discretion and option, to control the defense and settlement of such Claims and You agree to assist Eclipse Corporation, in defending or settling such Claims. Eclipse Corporation shall not be liable for any settlement amounts entered into by You without Eclipse Corporation's prior written approval. If Eclipse Corporation has reason to believe that it would be subject to an injunction or continuing damages based on the Software,then Eclipse Corporation may(and if Eclipse Corporation or any of its customers or third party software suppliers is subject to an injunction or continuing damages based on the Software), then notwithstanding any other provision in this Agreement, Eclipse Corporation shall be entitled to either modify the Software to make it non-infringing and/or remove the misappropriated material, replace the Software or portion thereof with a service or materials that provide substantially the same functionality or information, or, if neither of the foregoing is commercially practicable, require You to cease using the Software and Eclipse may refund to You (a) a pro rata portion of any one (1) time fees (based on a three (3) year, straight-line depreciation schedule from the date of payment), and (b) any fees that have been pre-paid by You but are unused. The foregoing notwithstanding, Eclipse Corporation shall have no liability for a claim of infringement or misappropriation to the extent caused by (i) the combination of the Software with any other service, software, data or products not provided or approved by Eclipse Corporation; or(ii) the use of any material provided by You or any end users, (iii) any breach by You of this Agreement. THE FOREGOING IS ECLIPSE CORPORATION'S SOLE AND EXCLUSIVE LIABILITY,AND YOUR SOLE AND EXCLUSIVE REMEDY FOR ANY INFRINGEMENT OR MISAPPROPRIATION OF ANY THIRD-PARTY INTELLECTUAL PROPERTY RIGHTS. TO THE GREATEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL ECLIPSE CORPORATION BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING WITHOUT LIMITATION, LEGAL EXPENSES, LOSS OF BUSINESS, LOSS OF PROFITS, LOSS OF REVENUE, LOST OR DAMAGED DATA, LOSS OF COMPUTER TIME, COST OF SUBSTITUTE GOODS OR SERVICES, OR FAILURE TO REALIZE EXPECTED SAVINGS OR ANY OTHER COMMERCIAL OR ECONOMIC LOSSES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF ECLIPSE CORPORATION HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES, OR SUCH LOSSES OR DAMAGES ARE FORESEEABLE. 6.2 You agree to indemnify,defend and hold harmless Eclipse Corporation from and against all damage,loss, cost, expense or liability (including reasonable attorney's fees) arising out of a claim by a third party against Eclipse Corporation based upon Your use and/or misuse of the Software.You agree to indemnify, defend and hold harmless Eclipse Corporation harmless from any loss or damages to Eclipse Corporation related to,or associated you're Your customizations,updates and/or corrections to the Software.You agree to indemnify and hold harmless Eclipse Corporation, and defend at Your expense, any action brought against Eclipse Corporation, its officers, directors, employees, shareholders, legal representatives, agents, successors and assigns to the extent that it is based on a claim that the customizations, updates and/or corrections developed by You infringing any intellectual property rights of any third parties. 6.3 THE ENTIRE LIABILITY OF ECLIPSE CORPORATION AND YOUR EXCLUSIVE REMEDY WITH RESPECT TO THE SOFTWARE AND TECHNICAL SUPPORT AND ANY OTHER PRODUCTS OR 4 SERVICES SUPPLIED BY ECLIPSE CORPORATION IN CONNECTION WITH THIS AGREEMENT FOR DAMAGES FOR ANY CAUSE AND REGARDLESS OF THE CAUSE OF ACTION, WHETHER IN CONTRACT OR IN TORT, INCLUDING FUNDAMENTAL BREACH OR NEGLIGENCE, WILL BE LIMITED IN THE AGGREGATE TO THE AMOUNTS PAID BY YOU FOR THE SOFTWARE,TECHNICAL SUPPORT OR SERVICES GIVING RISE TO THE CLAIM. 6.4 THE DISCLAIMER OF REPRESENTATIONS,WARRANTIES AND CONDITIONS AND LIMITATION OF LIABILITY CONSTITUTE AN ESSENTIAL PART OF THIS AGREEMENT.YOU ACKNOWLEDGE THAT BUT FOR THE DISCLAIMER OF REPRESENTATIONS, WARRANTIES AND CONDITIONS AND LIMITATION OF LIABILITY, NEITHER ECLIPSE CORPORATION NOR ANY OF ITS LICENSORS OR SUPPLIERS WOULD GRANT THE RIGHTS GRANTED IN THIS AGREEMENT. 7. TERM AND TERMINATION 7.1 The term of this Agreement will begin on download of the Software and, in respect of an Evaluation License, shall continue for the Evaluation Period, and in respect of all other license types defined in Section 1,shall continue for as long as You use the Software, unless earlier terminated sooner under this section 7. 7.2 Eclipse Corporation may terminate this Agreement in the event of any breach by You if such breach has not been cured within thirty (30)days of notice to You. No termination of this Agreement will entitle You to a refund of any amounts paid by You to Eclipse Corporation or its applicable distributor or reseller or affect any obligations You may have to pay any outstanding amounts owing to Eclipse Corporation or its distributor. 7.3 Your rights to use the Software will immediately terminate upon termination or expiration of this Agreement. Within thirty(30)days of termination or expiration of this Agreement,You shall purge all Software and all copies thereof from all computer systems and storage devices on which it was stored, and certify such to Eclipse Corporation 7.4 GENERAL PROVISIONS 7.5 No Waiver. No delay or failure in exercising any right under this Agreement, or any partial or single exercise of any right, will constitute a waiver of that right or any other rights under this Agreement. No consent to a breach of any express or implied term set out in this Agreement constitutes consent to any subsequent breach,whether of the same or any other provision. 7.6 Severability. If any provision of this Agreement is, or becomes, unenforceable, it will be severed from this Agreement and the remainder of this Agreement will remain in full force and effect. 7.7 Assignment. You may not transfer or assign this Agreement (whether voluntarily, by operation of law, or otherwise) without Eclipse Corporation 's prior written consent. Eclipse Corporation may assign this Agreement at any time without notice.This Agreement is binding upon and will inure to the benefit of both parties, and their respective successors and permitted assigns. 7.8 Governing Law and Venue.The interpretation and enforcement of this Agreement will be governed by the laws of the State of Alabama, without giving effect to the conflict of laws rules thereof. The parties hereto consent to the jurisdiction of any state or federal court holding in either Birmingham or Bessemer, Jefferson County,Alabama or in the U.S. District Court for the Alabama Northern District ("Venue").The parties, to the extent permitted by applicable law, waive any objection based on Venue or forum non conveniens with respect to any action instituted in any such court so identified and agree that such court shall be the exclusive Venue for any action under this Agreement, or concerning or relating to the relationship between the parties. 7.9 Entire Agreement.This Agreement is the entire understanding and agreement between You and Eclipse Corporation with respect to the subject matter hereof, and it supersedes all prior negotiations, commitments and understandings,verbal or written,and purchase order issued by You. This Agreement may be amended or otherwise modified by Eclipse Corporation from time to time and the most recent version of the Agreement will be available on the Eclipse Corporation website https://eclipsecorp.us/eula/. 5 Last Updated: Aprii 12,2024 6 lyt t y I e r tec hr Exhibit D Schedule 2 End User License Agreement terms for ThinPrint Engine, ThinPrint License Server, and Connected Gateway These Terms govern ® the use of thinprint.com,ThinPrint,and, • any other related Agreement or legal relationship with the Owner in a legally binding way. .Capitalized words are defined in the relevant dedicated section of this document. 'The User must read this document carefully. NotNrn iirn these Terms sire to any WalJoriship of employment, agericy, or partriersNp between the involved parbes. Tlhiinpdrit.com, TINnPHint is provided bya rNnPirint GmbH AIII-WaUt 91 a 10559 Beirfin Germany Email,address of the data protection officer: datalpirotectloin@tlhiinlpiriint.com Owner contact email: iir-ip-o@tp-ipr-ilpirfint.com The followk-ig documents wire iIncorporated by reference into the seTerms:: • End-user license a reernent • it appendix third party licenses (https://www,tliinprint.co�m/en/legal-, docs/#thirdparty-licenses) • ThinPrint Hub Terms(https�://www,,thinprint.com/en/legal.,�docs/#hardwal-e) • Sales Partner Program Terms (https://www,thinpi-int.com/en/legal-docs/#tespp) ® Legal Bases for the Privacy Policy and Sut.)processors of'ThinPrint GinbH (https�//www,tliinprint,com/en/legal,.docs/#pi-ivaqypolicy..�exilibit) • Data Processing Addendurn of ThinnPrint GmbH (https://www,t.-.Ilinprilit.conn/en/legal docs/#dpa) What the User should know at a glance • The Service/thinprintcorn,ThinPrint is only intended for Users that do not qualify as Consumers,such as Business Users. • The right of withdrawal only applies to European Consumers. TERMS OF USE Unless otheiWse speeffied, the terms of use detMed in this seGfion apply geneirafly w1hen using thinpdrit.com, TINnPidint, Single or additional conditions of use or access may apply in specific scenarios and in such cases are additionally indicated within this document. By using thinprint.com, ThinPrint, Users confirm to meet the following requirements: • Users may not qualify as Consumers; Content on thinprint.com, ThinPrint Unless where otherwise specified or clearly recognizable, all content available on thinprint.com, ThinPrint is owned or provided by the Owner or its licensors. The Owner undertakes its utmost effort to ensure that the content provided on thinprint.com, ThinPrint infringes no applicable legal provisions or third-party rights. However, it may not always be possible to achieve such a result. In such cases, without prejudice to any legal prerogatives of Users to enforce their rights, Users are kindly asked to preferably report related complaints using the contact details provided in this document. Access to external resources Through thinprint.com, ThinPrint Users may have access to external resources provided by third parties. Users acknowledge and accept that the Owner has no control over such resources and is therefore not responsible for their content and availability. Conditions applicable to any resources provided by third parties, including those applicable to any possible grant of rights in content, result from each such third parties' terms and conditions or, in the absence of those, applicable statutory law. Acceptable use Thinprint.com, ThinPrint and the Service may only be used within the scope of what they are provided for, under these Terms and applicable law. Users are solely responsible for making sure that their use of thinprint.com, ThinPrint and/or the Service violates no applicable law, regulations or third-party rights. Therefore, the Owner reserves the right to take any appropriate measure to protect its legitimate interests including by denying Users access to thinprint.com,ThinPrint or the Service, terminating contracts,reporting any misconduct performed through thinprint.com,Thin Print or the Service tothe competent authorities-such as judicial or administrative authorities- whenever Users engage or are suspected to engage in any oft e following activities: • violate laws,regulations and/or these Terms; • infringe any third-party rights; • considerably impair the Owner's legitimate interests; • offend the Owner or any third party. "Tell-a-friend" Thinprint.com, ThinPrint gives Users the opportunity to receive advantages if, as a result of their recommendation, any new User purchases a Product offered on thinprint.com, ThinPrint. In order to take advantage of this offer, Users may invite others to purchase the Products on thinprint.com, ThinPrint by sending them a tell-a-friend code provided by the Owner. Such codes can only be redeemed once. If upon purchase of the Products on thinprint.com, ThinPrint any of the persons invited redeems a tell-a-friend code, the inviting User shall receive the advantage or benefit (such as: a price reduction, an additional service feature, an upgrade etc.) specified on thinprint.com, ThinPrint. Tell-a-friend codes may be limited to specific Products among those offered on thinprint.com, ThinPrint. The Owner reserves the right to end the offer at any time at its own discretion. While no general limitation applies to the number of persons that can be invited, the amount of advantage or benefit that each inviting User can receive, may be limited. 2 Software license �cense Any intellectual or industrial property rights, and any other exclusive rights on software or technical applications embedded in or related tothinprini.com. ThinPrintans held by the Owner and/or its licensors. Subject to Users' compliance with and notwithstanding any divergent provision of these Tenna. the Owner merely grants Users a ns»mcab|e, non-exclusive, non-sub||cenaab|e and non-transferable license to use the software and/or any other technical means embedded in the Service within the scope and for the purposes ofthinprint.cpm' ThinPrint and the Service offered. This license does not grant Users any rights to access, usage or disclosure of the original source code. All techniques, algorithms, and procedures contained inthe software and any documentation thereto related ia the Owner's mr its licensors' sole property. All rights and license grants to Users shall immediately terminate upon any termination or expiration of the Agreement. Without prejudice to the above, under this license Users may download, |naia||, use and run the software on the permitted number of devices which fulfill the technical requirements specified in the relevant section mfthinprint.00m. ThinPrint. The Owner reserves the right to release updates, fixes and further developments of thinprint.com, ThinPrint and/or its related software. Users may need to download and install such updates to continue using thinprint.omnn. ThinPrint and/or its related software. However, in order to get access to completely new versions or releases of the software Users may need to purchase a separate license. The User may download, install, use and run the software on unlimited devices. However, it may not be permitted tm run the software mn more than one device atatime. Notwithstanding the foregoing' the User undertakes to immediately delete any copies of the amkwmne upon the expiry mf the license under which such software ia provided im the User. ������� ��N API terms Users may access their data relating \o\hinprin\.cOm. ThinPrin\via the Application Program Interface (API). Any use of the API, including use of the API through a third-party product/service that accesses thinprint.com, ThinPrint, is bound by these Terms and, in addition, by the following specific terms: � the User expressly understands and agrees that the Owner bears uo responsibility and shall not be held liable for any damages or losses resulting from the User's use of the API or dbeiruseofonytbird-pariyprodncts/serviccsthataccessdatuthrouAbdoeAP|. TERMS�������� � ���� /����������N����� ��� SALE ��m��� CONDITIONS mm�«m��� ��m� ����m_�� Paid Products � �N~u Some of the Products provided on \hinprint.cmnn. ThinPrint, as part ofthe 5en/ioe, are provided on the basis ofpayment. The fees, duration and conditions applicable to the purchase of such Products are described below and inthe dedicated sections mfthinprint.00m. ThinPrint. Product description Prices, descriptions or availability of Products are outlined in the respective sections ofihinphnLoom. ThinPhn1 and are subject io change without notice. While Products on 1h|npdnt.omm. ThinPr|ntane presented with the greatest accuracy technically possible, representation on thinprint.com, ThinPrint through any means (including, as the case may be, graphic ma\eria|, innagea, om|mra, sounds) is for reference only and implies nm warranty aa \mthe characteristics of the purchased Product. The characteristics of the chosen Product will beoutlined during the purchasing process. Purchasing~ � ����Nng process 3 Any steps taken from choosing a Product to order submission form part of the purchasing process. The purchasing process includes these steps: • Users must choose the desired Product and verify their purchase selection. • After having reviewed Lhe information displayed in Lhe purchase selecLion, Users may place the order by submitting it. ��r����r submission ~ s~ Order When the User submits an order, the following applies: • The submission of all order determines contract conclusion and therefore creates for the User the obligation to pay the price,taxes and possible further fees and expenses,as specified oo the order page. • In case the purchased Product requires an acLion from the User,such as the provision of personal information or data,specifications or special wishes,the order submission creates all obligation for the User to cooperate accordingly. • Upon submission of the order, Users will receive a receipt confirming that the order has been received. All notifications related to the described purchasing process shall be sent tothe email address provided bv the User for such purposes. Prices rices Users are informed during the purchasing process and before order submission, about any fees, taxes and costs (including, if any, delivery costs) that they will be charged. Prices onthinprint.nnm, ThinPrint are displayed: = either exclusive or inclusive of any applicable fees,taxes and costs,depending oil the section the User isbrowsing. Methods m� � � w�m�~"����� ��m ���������~ Information related to accepted payment methods is made available during the purchasing process. Some payment methods may only be available subject to additional conditions or fees. In such cases related information can be found in the dedicated section of thinprint.com, ThinPrint. All payments are independently processed through third-party services. Therefore, thinprint.com, ThinPrint does not collect any payment information —such as credit card details — but only receives a notification once the payment has been successfully completed. The User may read the privacy policy ofthinprint.nom. ThinPrint to learn more about the data processing and Users' rights regarding their data. |fa payment through the available methods fails or is refused by the payment service provider, the Owner shall be under no obligation to fulfill the purchase order. If payment fails or is refused, the Owner reserves the right to claim any related expenses ordamages from the User. Retention of Product ownership Until payment of the total purchase price is received by the Owner, any Products ordered shall not become the User's property. Retention of usage rights Users do not acquire any rights to use the purchased Product until the total purchase price is received by the Owner. Delivery =���"�very Delivery of digital content Unless otherwise stated, digital content purchased on thinphnt.00nn. ThinPhntis delivered via download pn the devioe(s) chosen byUsers. 4 Users acknowledge and accept that in order to download and/or use the Product, the intended device(s) may be required to meet the technical requirements specified on thinprint.com, ThinPrint. Users acknowledge and accept that the ability to download the purchased Product may be limited in time and space. Contract duration Trial period Users have the option to test thinprint.com, ThinPrint or selected Products during a limited and non- renewable trial period, at no cost. Some features or functions of thinprint.com, ThinPrint may not be available to Users during the trial period. Further conditions applicable to the trial period, including its duration, will be specified on thinprint.com, ThinPrint. The trial period shall end automatically and shall not convert into any paid Product unless the User actively purchases such paid Product. Subscriptions Subscriptions allow Users to receive a Product continuously or regularly over time. Details regarding the type of subscription and termination are outlined below. Open-ended subscriptions Paid subscriptions begin on the day the payment is received by the Owner. In order to maintain subscriptions, Users must pay the required recurring fee in a timely manner. Failure to do so may cause service interruptions. Termination of open-ended subscriptions Open-ended subscriptions may be terminated at any time by sending a clear and unambiguous termination notice tote Owner using the contact details provided in this document,or—if applicable—by using the corresponding controls inside this Application. Terminations shall take effect 7 days after the notice of termination has been received by the Owner. User rights Right of withdrawal Unless exceptions apply, the User may be eligible to withdraw from the contract within the period specified below (generally 14 days), for any reason and without justification. Users can learn more about the withdrawal conditions within this section. Who the right of withdrawal applies to Unless any applicable exception is mentioned below, Users who are European Consumers are granted a statutory withdrawal right under EU rules, to withdraw from contracts entered into online (distance contracts)within the specified period applicable to their case, for any reason and without justification. Users that do not fit this qualification, cannot benefit from the rights described in this section. The Consumer shall only be liable to the Seller for any diminution in the value of the goods resulting from handling the goods in a manner other than that necessary to acquaint him with the nature, characteristics and functionality of the goods. Exercising the right of withdrawal To exercise their right of withdrawal, Users must send to the Owner an unequivocal statement of their intention to withdraw from the contract. To this end, Users may use the model withdrawal form available from within the "definitions" section of this document. Users are, however, free to express their intention to withdraw from the contract by making an unequivocal statement in any other suitable way. In order to meet the deadline within which they can exercise such right, Users must send the withdrawal notice before the withdrawal period expires. When does the withdrawal period expire? 5 Effects of withdrawal Users who correctly withdraw from a contract will be reimbursed by the Owner for all payments made to the Owner, including, if any, those covering the costs of delivery. However, any additional costs resulting from the choice of a particular delivery method other than the least expensive type of standard delivery offered by the Owner, will not be reimbursed. Such reimbursement shall he made without undue delay and, in any event, nm later than 14days from the day en which the Owner is informed ef the User's decision te withdraw from the contract. Unless otherwise agreed with the User' reimbursements will he made using the same means of payment as used to process the initial transaction. In any event, the User shall not incur any costs or fees mam result ef such reimbursement. Liability and indemnification Indemnification The User agrees to indemnify and hold the Owner and its subsidiaries, affiliates, officers, directors, agents, co-branders, partners and employees harmless from and against any claim or demand — including but not limited to lawyer's fees and costs— made by any third party due tmmrinrelation with any culpable violation of these Terms, third-party rights or statutory provisions connected to the use mfthe Service by the User or its affiliates, officers, directors, agents, co-branders, partners and employees tothe extent allowed by applicable law. Limitation of liability Unless otherwise explicitly stated and without prejudice to applicable law, Users shall have no right to claim damages against the Owner (or any natural or legal person acting on its behalf). This does not apply to damages to life, health or physical integrity, damages resulting from the breach of material contractual obligations such ma any obligation strictly necessary 1e achieve the purpose of the contract, and/or damages resulting from intent or gross negligence, as long as thinprint.com, ThinPrint has been appropriately and correctly used by the User. Unless damages have been caused hy way ofintent or gross negligence, or they affect life, health or physical integrity, the Owner shall only he liable tmthe extent of typical and foreseeable damages at the moment the contract was entered into. In particular, within the limits stated above, the Owner shall net be liable for: w any losses that are not the direct consequence of a breach of the Terms by the Owner; • any loss of business opportunities and any other loss,even indirect,that may beincurred by the User (such as,but not limited to,trading losses,loss of revenue, income,profits or anticipated savings, loss of contracts or business relationships,loss of reputation or goodwill,etc.); • damages or losses resulting from interruptions or malfunctions of thinprint.com,ThinPrint due to acts of force majeure, or unforeseen and unforeseeable events and,in any case, independent of the will and beyond the control of the Owner,such as,but not limited to, failures or disruptions of telephone or electrical lines,the Internet and / or other n`euos of transmission,unavailability of websites,strikes,natural disasters,viruses and cyber attacks, interruptions in the delivery of products,third-party services or applications; • any damage,prejudice or loss occurring due to viruses or other malware contained in or connected to files available for download from the internet or via thinprint.com,ThinPrint. Users are responsible for implementing sufficient security measures -such as anti-viruses and firewalls to prevent any such infection or attack and for securing backup copies of all data or information exchanged via or uploaded to thinprint.coni,ThinPrint, Notwithstanding the above, the following limitation applies to all Users not qualifying as Consumers: In any event of liability, the compensation may not exceed the total payments that have been, will be or would be received by the Owner from the User based on the contract over a period of 12 months, or the period ofthe duration of the Agreement, ifshorter. Australian N~an Users sers 6 Limitation of liability Nothing in these Terms excludes, restricts or modifies any guarantee, condition, warranty, right or remedy which the User may have under the Competition and Consumer Act 2010 (Cth) or any similar State and Territory legislation and which cannot be excluded, restricted or modified (non- excludable right). To the fullest extent permitted by law, our liability to the User, including liability for a breach of a non-excludable right and liability which is not otherwise excluded under these Terms of Use, is limited, at the Owner's sole discretion, to the re-performance of the services or the payment of the cost of having the services supplied again. US Users Disclaimer of Warranties Thinprint.co m,ThinPrint is provided strictly on an"as is"and"as available"basis. Use oft e Service is at Users'own risk.Tote maximum extent permitted by applicable law,the Owner expressly disclaims all conditions,representations,and warranties—whether express,implied, statutory or otherwise'inc imp luding,but not limited to,any lied warranty of merchantability, fitness fora particular purpose,or non-infringement oft it - a rights.No advice or information,whether oral or written,obtained by the User from the Owner or through the Service will create any warranty not expressly stated herein. Without limiting the foregoing,the Owner,its subsidiaries,affiliates,licensors,officers, directors,agents,co-branders,partners,suppliers and employees do not warrant that the content is accurate,reliable or correct;that the Service will meet Users'requirements; that the Service will be available at any particular time or location,uninterrupted or secure;that any defects or errors will be corrected; or that the Service is free of viruses or other harmful components.Any content downloaded or otherwise obtained through the use oft e Service is downloaded at Users'own risk and Users shall be solely responsible for any damage to Users' computer system or mobile device or loss of data that results from such download or Users'use oft e Service. The Owner does not warrant,endorse,guarantee,or assume responsibility for any product or service advertised or offered by a third party through the Service or any hyp ell nlie d we site or service,and the Owner shall not be a party to or in any way monitor any transaction between Users and third-party providers of products or services. The Service may become inaccessible or it may not function properly with Users'web browser, mobile device,and/or operating system.The owner cannot be held liable for any perceived or actual damages arising from Service content,operation,or use oft is Service. Federal law,some states,and other jurisdictions,do not allow the exclusion and limitations of certain implied warranties.The above exclusions may not apply to Users.This Agreement gives Users specific legal rights,and Users may also have other rights is vary from state to state. The disclaimers and exclusions under this agreement shall not apply tot e extent prohibited by applicable law. Limitations of liability Tot e maximum extent permitted by applicable law,in no event shall the Owner,and its subsidiaries,affiliates,officers,directors,agents,co-branders,partners,suppliers and employees be liable for: • any indirect, punitive,incidental,special,consequential or exemplary damages, including without limitation damages for loss of profits,goodwill,use,data or other intangible losses,arising out of or relating tothe use of,or inability to use,the Service;and • any damage,loss or injury resulting from hacking,tampering or other unauthorized access or use oft e Service or User account or the information contained therein; • any errors,mistakes,or inaccuracies of content; • personal injury or property damage,of any nature whatsoever,resulting from User access to or use oft e Service; 7 • any unauthorized access to or use of the Owner's secure servers and/or any and all personal information stored therein, • any interruption or cessation of transmission to or from the Service; • any bugs,viruses,trojan horses, or the like that may be transmitted to or through the Service; • any errors or omissions in any content or for any loss or damage incurred as a result oft e use of any content posted, emailed,transmitted,or otherwise made available through the Service;and/or • the defamatory,offensive,or illegal conduct of any User or third party.In no event shall the Owner,and its subsidiaries,affiliates,officers, directors,agents,co- branders,partners,suppliers and employees be liable for any claims,proceedings, liabilities, obligations,damages,losses or costs in an amount exceeding the amount paid by User tote Owner hereunder in the preceding 12 months,or the period of duration oft is agreement between the Owner and User,whichever is shorter. This limitation of liability section shall apply tothe fullest extent permitted by law in the applicable jurisdiction whether the alleged liability is based on contract,tort,negligence,strict liability,or any other basis, even if the User has been advised of the possibility of such damage. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages,therefore the above limitations or exclusions may not apply tothe User. The terms give User specific legal rights,and User may also have other rights is vary from jurisdiction to jurisdiction.The disclaimers,exclusions,and limitations of liability under the terms shall not apply tothe extent prohibited by applicable law. Indemnification The User agrees to defend,indemnify and hold the Owner and its subsidiaries,affiliates,officers, directors,agents,co-branders,partners,suppliers and employees harmless from and against any and all claims or demands,damages,obligations,losses,liabilities, costs or debt,and expenses, including,but not limited to,legal fees and expenses,arising from • User's use of and access tothe Service,including any data or content transmitted or received by User; • User's violation oft ese terms, including,but not limited to, User's breach of any of the representations and warranties set forth in these terms; • User's violation of any third-party rights,including,but not limited to,any right of privacy or intellectual property rights; • User's violation of any statutory law,rule,or regulation; • any content that is submitted from User's account,including third party access with User's unique username,password or other security measure,if applicable, including,but not limited to,misleading, false,or inaccurate information; • User's wilful misconduct;or • statutory provision by User or its affiliates,officers,directors,agents,co-branders, partners,suppliers and employees tothe extent allowed by applicable law. Common provisions No Waiver The Owner's failure to assert any right or provision under these Terms shall not constitute a waiver of any such right or provision. No waiver shall be considered a further or continuing waiver of such term or any other term. Service interruption To ensure the best possible service level, the Owner reserves the right to interrupt the Service for maintenance, system updates or any other changes, informing the Users appropriately. 8 Within the limits mflaw, the Owner may also decide Um suspend ov discontinue the Service altogether. If the Service is discontinued, the Owner will cooperate with Users to enable them to withdraw Personal Data or information and will respect Users' rights relating to continued product use and/or compensation, am provided for by applicable law. Additionally, the Service might not be available due to reasons outside the Owner's reasonable oontro|, such os "force rn jeuns'' mvenia /infroatruotuns| breakdowns mr blackouts eto.\. Service reselling Users may not reproduce, duplicate, copy, sell, resell or exploit any portion of thinprint.com, ThinPrint and of its Service without the Owner's express prior written permission, granted either directly or through a legitimate reselling programme. Privacy ����N~��Y� � policy To learn more about the use of their Personal Data, Uaona may refer to the privacy policy of thinphnLcom. ThinPhnt, Intellectual ��������� rights property� �� Without prejudiceto any more specific provision of these Terms, any intellectual property rights, such as copyrights, toadennarkhghta, potenthqhbsonddesignhqhtana|abmdtothinphnt.cmm, ThinPrint are the exclusive property of the Owner or its licensors and are subject to the protection granted by applicable |owm or international treaties relating to inbs||eotuo| property. All trademarks — nominal or figurative—and all other marks, trade names, service marks, word morks, illustrations, imoQea, or logos appearing in connection with thinprint.cVrn' ThinPrintore' and remain, the exclusive property of the Owner or its licensors and are subject to the protection granted by applicable |owa or international treaties related to intellectual property. Changes to these Terms The Owner reserves the right to amend or otherwise modify these Terms at any time. In such cases, the Owner will appropriately inform the User of these changes. Such changes will only affect the relationship with the User from the date communicated to Users onwards. The continued use ofthe Service will signify the User's acceptance ofthe revised Terms. |fUsers do not wish to be bound by the changes, they must stop using the Service and may terminate the Agreement. The applicable previous version will govern the relationship prior to the User's acceptance. The User can obtain any previous version from the Owner. If legally required, the Owner will notify Users in advance of when the modified Terms will take effect. Assignment of contract The Owner reserves the right io transfer, assign, dispose ofbynovotion. or subcontract any orall rights or obligations under these Terms, taking the User's legitimate interests into account. Provisions regarding changes of these Terms will apply accordingly. Users may not oaaiQn or transfer their rights or obligations under these Terms in any vvoy, without the written permission mf the Owner. Contacts All communications relating to the use of thinprint.com, ThinPrint must be sent using the contact information stated in this document. Severab~N~ty 9 Should any provision of these Terms be deemed or become invalid or unenforceable under applicable law, the invalidity or unenforceability of such provision shall not affect the validity of the remaining provisions, which shall remain in full force and effect. US Users Any such invalid or unenforceable provision will be interpreted, construed and reformed to the extent reasonably required to render it valid, enforceable and consistent with its original intent. These Terms constitute the entire Agreement between Users and the Owner with respect to the subject matter hereof, and supersede all other communications, including but not limited to all prior agreements, between the parties with respect to such subject matter. These Terms will be enforced to the fullest extent permitted by law. EU Users Should any provision of these Terms be or be deemed void, invalid or unenforceable, the parties shall do their best to find, in an amicable way, an agreement on valid and enforceable provisions thereby substituting the void, invalid or unenforceable parts. In case of failure to do so, the void, invalid or unenforceable provisions shall be replaced by the applicable statutory provisions, if so permitted or stated under the applicable law. Without prejudice to the above, the nullity, invalidity or impossibility to enforce a particular provision of these Terms shall not nullify the entire Agreement, unless the severed provisions are essential to the Agreement, or of such importance that the parties would not have entered into the contract if they had known that the provision would not be valid, or in cases where the remaining provisions would translate into an unacceptable hardship on any of the parties. Governing law These Terms are governed by the law of the place where the Owner is based, as disclosed in the relevant section of this document, without regard to conflict of laws principles. Prevalence of national law However, regardless of the above, if the law of the country that the User is located in provides for higher applicable consumer protection standards, such higher standards shall prevail. Venue of jurisdiction The exclusive competence to decide on any controversy resulting from or connected to these Terms lies with the courts of the place where the Owner is based, as displayed in the relevant section of this document. Exception for Consumers in Europe The above does not apply to any Users that qualify as European Consumers, nor to Consumers based in the United Kingdom, Switzerland, Norway or Iceland. US Users Surviving provisions This Agreement shall continue in effect until it is terminated by either thinprint.com, ThinPrint or the User. Upon termination, the provisions contained in these Terms that by their context are intended to survive termination or expiration will survive, including but not limited to the following: • the User's grant of licenses under these Terms shall survive indefinitely; • the User's indemnification obligations shall survive for a period of five years from the date of termination; • the disclaimer of warranties and representations,and the stipulations under the section containing indemnity and limitation of liability provisions,shall survive indefinitely. Definitions and legal references Latest update: March 07,2024 to This document has been created with the iubenda Terms and Conditions Genera—tor.See also the EEjyagy and Cookie Balicy Generator.iLibenda hosts this content and only collects the Personal Data strictly necessary for it to be provided. .e. tyler Ier,4�r0c�g'� W,, Exhibit E Tyler Technologies, Inc. Privacy Statement Introduction and Scope Tyler Technologies, Inc. and its subsidiaries, along with their respective business "we," "us" or "our") are committed to protecting units and business lines ("Tyler", your privacy. This Tyler Privacy Statement explains our privacy practices when we collect, use, or transfer personal data. This Privacy Statement applies when you interact with Tyler through any of our online applications and features, digital services, communication channels, websites and mobile applications (collectively the "Tyler Platform"). It also applies to information Tyler collects through other means, including information collected offline. For purposes of this Privacy Statement, "personal data" generally means information that on its own or combined with other information, can directly or indirectly identify an individual. "Process" or "processing" generally means the collection, use, storage, disclosure, analysis, deletion or modification of personal data. We may revise this Privacy Statement periodically and will post any changes to the Tyler Platform. Changes to the Tyler Privacy Statement are effective at the time they are posted and your continued use of the Tyler Platform, or provision of information to us through other means after posting will constitute acceptance of, and agreement to be bound by, those changes. Please review this Privacy Statement from time to time to ensure you are aware of changes to it. If you do not agree with the Tyler Privacy Statement, please do not use the Tyler Platform. How this Privacy Statement and our privacy practices apply to you depends on your relationship with Tyler or use of the Tyler Platform. The following are just a few examples of situations where Tyler, as a company providing software solutions and services to our public sector clients and their end users, may process your personal data when you apply for a dog license, pay a property tax bill, or are a party in a court case. In those types of situations, the Tyler as a Data Processor section explains our role in the processing of your personal data. When Tyler processes personal data for its own business purposes, such as when you apply for a job at Tyler, the Tyler as a Data Controller section describes our privacy practices. 1 We strongly encourage you to read the following section that is applicable to your relationship with Tyler in its entirety. Tyler as a Data Processor This Tyler as a Data Processor section applies generally to the personal data we process as part of the application solutions and services we provide pursuant to a contract between Tyler and a client or a customer (a "Client"). In other words, Tyler as a Data Processor applies to Client directed processing activities. Many of Tyler's Clients are municipal or state government agencies or political subdivisions, including public administration, courts and public safety, and health and human services agencies, as well as K-12 educational entities. Our Clients use our products to provide services to their customers, constituents, employees, or students. Our Clients decide what personal data is collected, used, or shared in the Tyler Platform, and why. In these circumstances, our Clients are typically the data "controllers" and Tyler generally acts as a data "processor" because our Clients tell us what to do with the personal data, what to collect and the purpose for which it was collected. Our Clients own the data, not Tyler. For information related to the privacy practices of a Tyler Client who uses Tyler products or services, please contact the respective Client directly. Tyler does not manage and is not responsible for the privacy practices of Tyler Clients, which may differ from the privacy practices described in the Tyler Privacy Statement. Why We Disclose Personal Data as a Processor We do not sell, share, or otherwise transfer personal data we process on behalf of Clients to third parties for cross-context behavioral advertising or in exchange for monetary or other valuable considerations. We may, however, disclose personal data with sub-processors or service providers solely to help us provide products and services to Tyler Clients. Any such disclosure is limited to what is necessary to meet our contractual obligations and is carried out strictly in accordance with the Tyler Client's instructions. Tyler Client Responsibilities & Your Rights As a data processor, Tyler acts at the direction and on behalf of our Clients, which means your main point of contact for privacy questions or requests is the Tyler Client with which you interact. In addition to contacting the Tyler Client you interact with, you may control the information collected and use in the following ways: 2 • Geolocation Information. You can disable location-based services on your mobile device or web browser by adjusting the settings on your device or browser. This will prevent the Tyler Platform from accessing your Geolocation Information. Note that some Tyler services may not be available if you disable location-based services. • Cookies and Similar Technologies. You can refuse to accept third-party cookies by following your browser or device's instructions. If you do not accept cookies, you may experience some inconvenience in your use of the Tyler Platform. • User Requests. You should direct any request related to your personal data processed by us on behalf of a Tyler Client to the applicable Tyler Client. If we receive a request from you directly, we will take reasonable measures to facilitate your request, including contacting the applicable Tyler Client for which we are acting as a data processor with respect to your personal data if you have. We may be reached using our toll-free number: 1-800-772-2260 Option 7 or by email at 1.�Ciy Iertechcorn. Tyler as a Controller Tyler as a Controller applies where we collect, use, and transfer your personal data on our own behalf. It does not apply to the extent Tyler processes personal data in the role of a processor or service provider on behalf of our Clients. Depending on your interactions, more than one role may apply to your relationship with Tyler and the Tyler Platform. The Tyler Platform may contain links to websites operated by third parties ("Third-Party Sites").The Tyler Privacy Statement does not apply to those Third- Party Sites, or to any social media platforms where Tyler maintains its social media pages or which you may use to login to the Tyler Platform. What Personal Data We Collect as a Controller The personal data we collect depends on how you interact with Tyler and the Tyler Platform. For a description of the personal data Tyler collects as a Controller and the purposes for which we collect it as a Controller, please refer to the list below. • Biometric Information, for example, fingerprint scans. • Identifiers, for example, real name, postal address, email address, and IP address. • Sensitive Personal Data, for example, social security number, account log-in, and credit card. • Education Information, for example, student's and their parents' real name and postal address. ■ Audio, Electronic,Visual, Thermal, Olfactory, or Similar Information, for example, records of conversations with customer support representatives and camera and microphone data. 3 • Professional or Employment-related Information, for example, educational background and employment history. • Geolocation Data, for example, approximate and precise location of an individual. • Commercial Information, for example, information about purchases of Tyler products and services and information necessary to complete payments or facilitate transactions. • Internet or Other Electronic Network Activity Information, for example, information about your interactions with the Tyler Platform and aggregate information about traffic across the Tyler Platform. • Inferences, for example, preferences, characteristics, predispositions, and behavior. • Characteristics of Protected Classifications, for example, gender, race, and ethnicity. Why We Transfer Your Personal Data as a Controller We may sell, share, or otherwise disclose your personal data to third parties for cross-context behavioral advertising, targeted advertising, or in exchange for monetary or other valuable consideration. We do disclose personal data in the normal course of operating the Tyler Platform. This means we may disclose your personal data with sub-processors or service providers to facilitate the provision of services we provide to our Clients. We may also disclose your personal data if we believe it's necessary to comply with applicable laws or protect Tyler, our Clients, our users or employees. Each disclosure is limited to the purpose described below: • Tyler Clients and their end users, as necessary to provide the services or products they have purchased. • Service providers that assist with the operation of the Tyler Platform and allow us to provide services to Tyler Clients. Information shared with these service providers, as well as information that they collect on our behalf, is limited to what is necessary for providing their services and is safeguarded under contractual obligations that protect the information and limit its use to purposes that we allow. • Tyler affiliates and subsidiaries that support Tyler Platform operations, development, customer support, and internal administration. • Tyler, our service providers or Tyler Clients may disclose specific individual information if we or they reasonably believe it is necessary to: (i) comply with applicable law; (ii) protect or defend the rights, property and interests of Tyler, our employees, or the interests of our third party service providers and partners; or (iii) under exigent circumstances, to protect the personal safety of our users and customers, or the public. • Independent third parties may also collect and process your information, such as the payment providers you use when you facilitate a payment using a Tyler product or service, social media platforms you use to login to 4 the Tyler Platform via a social media account, or business sponsors or attendees when you register for or attend a webinar, event, or conference. These third parties will process your information independently in accordance with their own privacy notices. Tyler engages marketing service providers to assist with the advertising and marketing of our business and performing business analytics. Your Privacy Rights We want you to feel comfortable with how we collect, use, and share your personal data. You have privacy rights under your states laws if you are a resident of one of the following states: California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia. Depending on which of the previously mentioned states you are a resident, your state laws may entitle you to some or all of the following privacy rights: (i) erase or delete all or some of your personal data; (ii) change, update, or correct your personal data; (iii) restrict how we use all or some of your personal data, for example, opting out of targeted advertising, profiling, or automated decision making; (iv) access your personal data and, where applicable and feasible, request to receive that personal data in a commonly used electronic format (or ask for this information to be provided in that format to a third party); (v) disclose what personal data we collect, use, or share, and to whom; (vi) request that we stop sharing your personal data with third parties for certain purposes; (vii) appeal a refusal of your privacy request and, if unresolved, lodge a complaint with the relevant privacy or data-protection authority; or (viii) not be retaliated against for exercising any of these rights. Country Specific Information Certain countries where Tyler operates or where individuals live with whom Tyler interacts through the Tyler Platform for Tyler's own business purposes have enacted legislation that provides their residents with certain rights with respect to businesses' collection, use, and disclosure of residents' personal data. For more information about a particular jurisdiction, please see our country-specific notices below. ............. Data Retention e will retain your personal information for the length of time needed to fulfill the purposes outlined above, or for as long as the Tyler Client for which we are providing services directs us to retain it, unless you request that we delete your personal data and we honor such request, or a longer retention period is required or permitted by law, for the establishment, exercise and defense of a legal claim. Children Except in limited circumstances as part of a specific educational opportunity programs Tyler operates, including but not limited to the Maine App Challenge, the Tyler Platform is not directed to persons under the age of eighteen (18), and we do not knowingly collect, request, or use personal data of children without parental permission. Aside from the aforementioned instances, we do not have actual knowledge that we sell to or share with third parties, the personal data of individuals under 18 years of age. If we become aware that a child under 18 has provided us with personal data without parental consent, we will take steps to delete the information as soon as possible. If you believe that your child under the age of 18 has submitted personal data to Tyler, please contact us at p.,Eivapy Contact Us If you have any questions regarding our Privacy Statement or the use of your personal data, please feel free to contact our Privacy Team: Email: �y .y I_qg ;. „.corn Phone: 1-800-772-2260, Option Mail: Tyler Technologies, 5101 Tennyson Pkwy, Plano, TX 75024 This Privacy Statement is effective July 1,, 2025. To view our archived Privacy Statement, click mere, Privacy Statement Contents ;; ,,,,,,,,,,,,,ePersonal WI° r I" iscVos ,......,�,. mm, � to as Processor , • jTyler_ l'iLi_ -�� a� ,0s'ibi�,�,��� � our I°„ems 6 • What Personal Data We Collect as a Controller • Yyhy We-'-Fr n f r Your Personal Data as a Controller • YOUr.Privaq,�Ri h�ts • f,Qui2jLy3,pgLcLiILiq il-formation • Data Retention • Children 7 Docusign Envelope ID: 257395A344404AOD-87C5-5358AFDAD4D3 0 ty ,,!e r Exhibit F Attestation of Compliance Security ' Standards Cound Payment Card Industry Data Security Standard Attestation of Compliance for Report on Compliance - Service Providers Version 4.0 Docusign Envelope ID:257395A3-4440-4AOD-87C5-5358AFDAD4D3 Revision 2 Publication Date: August 2023 Docusign Envelope ID: 257395A3-44404AOD-87C5-5358AFDAD4D3 7f�Security ardsCouncil _.... ......._.... .... ...... ........ ..... ... _..,.�... .. ....... .........�..., _ ........ _. ......-_.. PCI DSS v4.0 Attestation of Compliance for Report on Compliance — Service Providers Entity Name: Tyler Technologies Assessment End Date: December 19th, 2024 Date of Report as noted in the Report on Compliance: December 20th, 2024 PC]DSS v4.0 Attestation of Compliance for Report on Compliance —Service Providers r2r2 August 2023 ©2006-2023 PC/Security Standards Council, LLC.All rights reserved. Page i I Domsign Emelope ID:257395A.3 44404AOD-87C5 5358A.FDAJ34D3 ltf�=Cuwm'�'� Section 1: Assessment Information .......... ........................__........... ........ ........ _........................ .......-..........................................__....... ........................ Instructions for Submission This Attestation of Compliance(AOC)must be completed as a declaration of the results of the service provider's assessment against the Payment Card Industry Data Security Standard(PC/DSS)Requirements and Testing Procedures ("Assessment").Complete all sections.The service provider is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the entity(ies)to which this AOC will be submitted for reporting and submission procedures. This AOC reflects the results documented in an associated Report on Compliance(ROC).Associated ROC sections are noted in each AOC Part/Section below. Capitalized terms used but not otherwise defined in this document have the meanings set forth in the PCI DSS Report on Compliance Template. MIW=q2lu"61 Part Ia.Assessed Entity(ROC Section 1.1) Company name: yler Technologies DBA(doing business as): yler Technologies Company mailing address: f5ll0" l Tennyson Parkway, Plano,TX 75024 -----------__ -__ ------- Company main website: Https:1Nvww.tyIertech.com Company contact name: Jeffrey Newball Company contact title: Manager InfoSec Compliance Contact phone number: 1-888-529-8248 Contact e-mail address: Jeffrey.newball@tylertech.com Part 1 b.Assessor(ROC Section 1.1) Provide the following information for all assessors involved in the Assessment. If there was no assessor for a given assessor type,enter Not Applicable. PCI SSC Internal Security Assessor(s) ISA name(s): 1,N A, Qualified Security Assessor Company name: International Business Machines(IBM) I.......... ........... Company mailing address: New Orchard Rd,Armonk, New York, 10504 Company website: www.ibm.com ..... ............. Lead Assessor name: Karl Kakadelis ............... .................................................................................... .....................__......................................................................................... ................................ ....... ............. .................... PCI DSS v4,0 Attesiation of Complianceftw Report on Coniphance Service Prewiders r2 Augwt 2023 C 2006 2023.PCI SercterityStandards Council,LLC All rights reserved, Page I Docusign Envelope ID:257395A3-4440-4AOD-87C5-5358AFDAD4D3 74 Security Standards CouncR ...... ........ ............... .......... ............. .......... .......... Assessor phone number: 864-978-5914 ........... Assessor e-mail address: Karl.Kakadelis@ibm.coni -1-111--.......... I _ I...........-............... ...... . ................. ........... Assessor certificate number: QSA 753-294 EMMCEMWOMMENNEMM Part 2a.Scope Verification Services that were INCLUDED in the scope of the Assessment(select all that apply): Name of service(s)assessed: Tyler Online Gateway Access(TOGA),Tyler Capital(TC),and Tyler Payments(TP) Type of service(s)assessed: ...............-.................... --------- Hosting Provider: Managed Services: Systems Payment Processing: Afi3ications i software sacity services IT support PUJ/card present HBware Infrastructure/ PUsical security N Internet/e-commerce NBvork TBninal Management System Other N@TO/Call Center ATM Paical space(co-location) sEjices(specify): O&r processing(specify): SlUage VkB-hosting services Sarity services 3-E]Secure Hosting Provider M[Mi-Tenant Service Provider O&r Hosting (specify): ____.__..._1..1__..1..............I -.................. ............... ............. AEbunt Management FEbd and Chargeback Payment Gateway/Switch .......... ...... ....................... .......... . .................................................. ........................ .... ........................ Bi&-Office Services IsEDer Processing PQ)aid Services ... ............... ...............1-1- ...........-.1111,.--.1.............. .................... BOg Management Laity Programs PBords Management ------------------ ............ . ... ........................ CE5ring and Settlement chant Services Government Payments ._.__1.............. ...... ............................... ......... El Network Provider Others(specify): Note:These categories are provided for assistance only and are not intended to limit orpredetermine an entity's service description.If these categories,do not apply to the assessed service,complete "Others."If it is not clear whether a category could apply to the assessed service,consult with the enthy(ies)to which this A OC will be submitted. .................... ..........I............................................................................................................-.................................... ..............................................................._.,.............................................................................. PC!DSS W.0 Attestation of Compliance for Report on Compliance .-Service Providers r2 August 2023 0 20062023 PCI Security Standards Council, C.All rights reserved. Page 2 Dccusign Envelope ID:257395A3-4440-4AOD-87C5-5358AFDAD4D3 Security TR y °b Stimd7rtis C;ourreil 1 "4/ Part 2a.Scope Verification (continued) Services that are provided by the service provider but were NOT INCLUDED in the scope of the Assessment (select all that apply): _. ... ..._... . _._ . _._.... ..._ .... ...... .._..... .,_._ ,_.. ._ ... _....m._... .. _._.._w -......_._._._.__ ._.. .._....._w_,._.... Name of service(s)not assessed: Physical Security(AS), Merchant Services is under another ssessment _. _...... . .. .,_...._.. _._ _.__ _.... _.._ Type of service(s)not assessed: ._.__..__. .____.....__ __ _,.... _.. _...._.._ ..... .............. .. __.... .. . ....... Hosting Provider: Managed Services. Systems Payment Processing: POI A lications/software sarityservices IT support Erd present Internet/e- Haware Infrastructure/ Z Physical security cBmerce MOTO/Call NBvork �}C ninal Management System Other CBter ATM PUsical space(co-location) sBices(specify): CEibr processing(specify): SEtage VEh-hosting services S®urity services 30 Secure Hosting Provider MOi-Tenant Service Provider O&r Hosting(specify): ................_..__........ _,,..... _...... __..._.................__.._...__. ..... _ „_,.__....... ........ __... ... . ABount Management PEhd and Chargeback P ment Gateway/Switch - __. _ ..... ..... ....__.,._._ _.. , ._ .._..m.. ...... _..._........__...... . B k-Office Services liDer Processing PQaid Services _,...._-._____,.._._._.--_-.................. ...._,.... ._.. .,_.__........_. ....,..-.__ ___...____. _ ............ __,,, _ .._.... ._.,,_...._ BE&g Management LQ-alty Programs REBords Management ..........._...----------. _._ __. _ ............ _. ....._........_ _ .. _,_..._._..._. _................. ........._... __.,.._......., ... __......__.__r._..._ CEbring and Settlement Merchant Services IRGovemment Payments NEEmork Provider Others(specify): _. ._ ,..___.._. _.... _ . Provide a brief explanation why any checked services were P ysical Services are handled by third party AWS and not included in the Assessment: 'th merchant services for the entity are assessed un' er another assessment. Part 2b. Description of Role with Payment Cards (ROC Section 2.1) Describe how the business stores, processes,and/or . .m-_w.Tyler Online Gateway Access(TOGA):All transaction s transmits account data. for this business function are a passthrough web-based transaction which transmits data securely to Chase Paymentech's Payment Gateway.Chase handles all the authorization and payment processes. Authorizations are returned to the transaction originator upon receipt from Chase.Cardholder data is not retained. Tyler Capital(TC):The Insite Web Portal PCI DSS W.0 Attestation:of'Compliance,fbr Report on Compliance—Service Providers r2 August 2023 0 2006 2023 PC/Security Standards Council,LLC.All rights reserved. Page 3 Docusign Envelope ID:257395A3-4440-4AOD-87C5-5358AFDAD4D3 secunty Slandards ....................... ........... .... ...................... collects customer payment and credit card information and initiates a secure session to the credit card processor for authorization.Once authorization is received, Insite posts the credit card transaction details in the Insite secure database, Eden/Tyler Payments (TP):Takes credit card payments without the consuming application directly handling any in-scope PCI DSS credit card data.Consumers enter their credit card information directly into the hosted Tyler Payments cloud platform via secure frames within their browser(Frames). ..................... ---------- ................ ................. ...... .......... -...............................-I.-...--___.__-_--................_ I..................... ...................... Describe how the business is otherwise involved in or has As a service provider,Tyler Technologies receives the ability to impact the security of its customers'account 'cardholder data from their customers'locally installed data. applications and processes them on their behalf. No cardholder data is stored post authorization for Eden/Tyler Payments or TOGA.Tyler Capital(TC) stores the credit card number to facilitate re-occurring payments.This credit card information is encrypted in a database within the CDE. ........... .. ........I.I.____............... ............ Describe system components that could impact the This PCI DSS assessment covers TOGA,Tyler Capital security of account data. and Eden/Tyler Payments web applications. No CHD is stored for TOGA and Eden. CHD is encrypted by the web application using ASP.NET and for Tyler Capital is stored in SQL DB.The isolated and segmented Tyler Technologies PCI environment is hosted in the AWS cloud.The CDE is composed of Windows web and DB servers,AWS firewall, router and switches;with connectivity to the Chase payment gateway. ............................ ...................... ......................................... PCI DSS W.0 Attestation of Compliance for Report on Compliance Service Providers r2 August 2023 0 20062023 PCI Security Standards Council,LLC All rights reserved. Page 4 Docusign Envelope ID: 257395A34440-4AOD-87C5-5358AFDAD4D3 IMIStAndayds cound Part 2c.Description of Payment Card Environment ............__—----------- ------- ............... Provide a high-level description of the environment covered by this Tyler Online Gateway Access(TOGA):All Assessment. transactions for this business function are a For example: passthrough web-based transaction which transmits data securely to Chase Paymentech's • Connections into and out of the cardholder data Payment Gateway.Chase handles all the environment(CDE). authorization and payment processes. • Critical system components within the CDE,such as POI Authorizations are returned to the transaction originator upon receipt from Chase.Cardholder devices, databases, web servers, etc., and any other data is not retained. necessary payment components, as applicable. Tyler Capital(TC): The Insite Web Portal collects • System components that could impact the security of customer payment and credit card information account data. and initiates a secure session to the credit card processor for authorization.Once authorization is received, Insite posts the credit card transaction details in the Insite secure database. Eden/Tyler Payments(TP):Takes credit card payments without the consuming application irectly handling any in-scope PCI IDSS credit and data. Consumers enter their credit card nformation directly into the hosted Tyler Payments ayments cloud platform via secure frames ithin their browser(Frames). s a service provider,Tyler Technologies receives cardholder data from their customers' locally installed applications and processes them on their behalf. No cardholder data is stored post authorization for Eden/Tyler Payments or TOGA. yler Capital (TC)stores the credit card number to facilitate re-occurring payments.This credit and information is encrypted in a database within the CDE. This PC[IDSS assessment covers TOGA,Tyler Capital and Eden/Tyler Payments web L-pplications. No CHD is stored for TOGA and Eden.CHID is encrypted by the web application using ASP.NET and for Tyler Capital is stored in QL DB.The isolated and segmented Tyler echnologies PCI environment is hosted in the WS cloud.The CDE is composed of Windows eb and DB servers,AWS firewall, router and witches;with connectivity to the Chase payment gateway. .......... .......... Indicate whether the environment includes segmentation to reduce the scope of the Assessment. Yes El No (Refer to the"Segmentation"section of PCI IDSS for guidance on segmentation) ............__..........__.___1........... ................................ .................................._....................................................... PCI DSS v4.0 Attestation of Compliance for Report on Compliance---Service Providers r2 August 2023 C)20062023 PCI Security Standards Council,LLC All rights reserved. -Page 5 Docusign Envelope ID:257395A3-4440-4AOD-87C5-5358AFDAD4D3 ............ Part'Zd.In-Scope Locations[FaclUtles(ROC Section 4.6) List all types of physical locations/facilities(for example,corporate offices,data centers,call centers and mail rooms)in scope for this Assessment. Total Number of Facility Type Locations Location(s)of Facility (How many locations of this (city,country) type are in scope) Example:Data centers 3 Boston, MA, USA AWS 2 US-EAST and US-WEST Corporate Office 1 Plano Texas ............ ------ .......... . ..... ......... ........ ........... ...................... ------- ................................... ------------PCIDSS v4.0 Attestation of Compliance for Report on Compliance--Service Providers r2 August 2023 Cc 023 PCI Security Standards Council, C.All rights reserved. Page 6 )2006—2 Docusign Envelope ID:25739SA34440-4AOD-87C5-5358AFDAD4D3 StandardsCoundX ...,�,,..._ rt 2. Executive Summary ]Part Ze.PCI SSC dallidated Products and Sum (ROC Section 33); _...... Does the entity use any item identified on any PCI SSC Lists of Validated Products and Solutions*? Yes ®No Provide the following information regarding each item the entity uses from PCI SSC s Lists of Validated Products s and Solutions: Name of PCI SSC- Version of PCI SSC Standard to PCI SSC Listing plry Date of Listing validated Product or Product or which Product or Reference Solution Solution Solution Was Validated Number YYYY-MM-DD . .- __........ _................ ........ .. .. ......... __.m.. _._............. . YYYY-MM-DD ......... . .... ....__ . ....... .._.._. ...... YYYY-MM-DD .m..m. .............. .__... .., .__ ...,_..._... ._....._ ..... . ....,_._..__n_. YYYY-MM-DD ...m _..r.. ._.. ...._. ...... .. YYYY-MM-DD ........._._. __........... ....._ __. _.. . .._.w..... _...m. YYYY-M M-DD • For purposes of this document, "Lists of Validated Products and Solutions"means the lists of validated products, solutions,and/or components appearing on the PCI SSC website(www.pcisecuritystandards.org)—for example, 3DS Software Development Kits,Approved PTS Devices,Validated Payment Software, Payment Applications(PA- DSS), Point to Point Encryption (P2PE)solutions, Software-Based PIN Entry on COTS(SPoC)solutions, and Contactless Payments on COTS(CPoC)solutions. PCI DSS W.OAttestation of Compliance fear Report can Compliance—Service Providers r2 August 2023 0 2006 2023 PCI Security Standards Council,LLC.All rights reserved Page 7 Docusign Envelope ID:257395A3-4440-4AOD-871 5-5358AFDAD4D3 Secunty 11 st'indards(aum:A Part 2f.Third-Party Service Providers (R,OC Section 4.4) .......................... For the services being validated,does the entity have relationships with one or more third-party service providers that: • Store,process,or transmit account data on the entity's behalf(for example, payment Yes El No gateways, payment processors, payment service providers(PSPs,and off-site storage)) • Manage system components included in the entity's Assessment(for example,via Yes El No network security control services, anti-malware services,security incident and event management(SIEM),contact and call centers,web-hosting companies,and laaS, PaaS, SaaS,and FaaS cloud providers) .............. • Could impact the security of the entity's CDE(for example,vendors providing support via Yes El No remote access, and/or bespoke software developers). .......... If Yes: Name of Service Provider: Description of Services Provided: ......................11-1- ....... .......... AWS laaS ............... -------- Paymentech LLC Payment Gateway .............. .......... ............. —----------------- ------- Note:Requirement 12.8 applies to all entities in this list. PC[DSS W.0 Attestation of Compliance for Report on Compliance Service Providers r2 August 2023 0 20062023 PCI Security Standards Council,LLC.All rights reserved. Page 8 Doeusign Envelope ID:257:345A3-4440-4AOI.)-87C 5-535RAFDA.1)41)3 r7k=CCUAL,8, '- - -- -- "art 2. Executive Summary (cotainued) Part 2g,Summary of Assessment(ROC Section 1.8.1) ........................_ .. .. . ...... .. ,, Indicate below all responses provided within each principal PCI DSS requirement. For all requirements identified as either"Not Applicable"or"Not Tested,"complete the"Justification for Approach"table below. Note:One table to be completed for each service covered by this AOC,.Additional copies of this section are available on the PCI SSC website. Name of Service Assessed:Tyler Online Gateway Access(TOGA),Tyler Capital(TC),and Tyler Payments(TP) Requirement Finding More than one response may be selected for a given at If Below Method(s) PCI DSS Used requirement.indicate all responses that apply. Requirement _ .....,.... _.._.w...•. _.._,. In Place of Not Tested Not In la ustomized Compensating pplir..able Approach Controls Requirement 1: ❑ ❑ ❑ ❑ ❑ Requirement2: El ❑ ❑ ❑ _ .. __. _..._.. _..... _ _ _......... _......_... Requirement : ® El ❑ Requirement : ❑ ❑ ❑ 11 Requirement 5: ❑ ❑ ❑ ❑ Requirement 6 ❑ ® ❑......,. Requirement T ® ❑ ❑ El _,,.... ... _. . . ......... Requirement 6: ❑ ❑ ❑ ❑ Requirement : ❑ ❑ El ❑ Requirement 10: El D ❑ ❑ _ ., . ..,_.__ _... _ ......_._ ....... .............. ...__,..... --------- _._., .._ ....... _ -----,.__ ... Requirement 11: ❑ ❑ ❑ _...._.. .. .. ...._ _ ...... .. .... _.._... _ ___.. _____ . ....... ... ..... ..... Requirement 2: ❑ ❑ ❑ ❑ ..__....... Appendix Al:: ❑ ❑ El ❑ ❑ Appendix I❑ ❑ l❑� .._._ . ....... _. _._....., .1_..._. _n ......_. ... .,_ ..... _- _._._.. _ _._ ._ ....,___._L_ _._. ..._.. ._. __.. Justification for Approach PCI DSS v4.0 Attestation cawj"Complian azfin-Report on Compliance--Service F'a-ovicders r2 August 2023 ' 2006 2td23 PCI Sec'aar lt} AStaradrxrcds Council,aC, LAC.All riphts reset weed. Pale 9 Docusign Envelope ID: 257395A3-44404AOD-87C5-5358AFDAD4D3 � Spa„u'Ity ' StanlerlmUyund ............................ .. ........ .. _.....,..._......, ....,.._. .........__.., — - — --' Ir�;feS3-"frT --- 31.2�2024 3.3.2-N/A 2024 3.3.3-N/A 2024 4.2-N/A PAN never Decrypted 3.5.1.1 -N/A 2024 3.5.1.2-N/A 2024 1 3.6.1.1 N/A 2024 31.7.9-N/A Keys never provided to customers 4I.2.1.1 -N/A2024 9.2.1-N/A2024 I 5.2.3.1 -N/A2024 I 5.3.2.1 -N/A2024 9.3.3-N/A 2024 61.3.2-N/A 2024 6.4.1 -N/A 2024 j 6.4.2-N/A 2024 6.4.3-N/A 2024 6i.5.2-N/A New infrastructure 7.2.4 N/A 2024 7.2.5-N/A 2024 7.2.5.1 -N/A 2024 $.3.10-No Access is granted to customers to the CDE is For any Not Applicable responses, identify which sub- given requirements were not applicable and the reason. 81.5.1 N/A 2024 1.6.1-N/A 2024 6.6.2-N/A 2024 6.3-N/A 2024 9.2.1.1.-No Physical Locations 9.3.4-No Physical Locations 9.5.1.1 -No Physical Locations 9.5.1.2-No Physical Locations 9.5.1.2.1 -No Physical Locations 9.5.1.3-No Physical Locations 10.4.2.1 -N/A 2024 1i0.7.2-N/A 2024 1':0.7.3-N/A 2024 10.7.3-N/A 2024 11.2.1 -No Wireless in Scope 11.2.2-No Wireless in Scope 11.3.1.1 -N/A 2024 11.3.1.2 -N/A 2024 11.4.7-N/A 2024 111.5.1.1 -N/A 2024 11.6.1 -N/A 2024 12.3.1 -N/A 2024 12.3.2-N/A 2024 PC]DSS v4.0 Attestation of Compliance for Report on Compliance—Service Providers r2 August 2023 C 2006-2023 PC]Security Standards Council,LLC.All rights reserved. Page 10 Docusign Envelope ID: 257395A34440-4AOD-87C5-5358AFDAD4D3 Standirds(aundl ............... 12.3.3-N/A 2024 12.3.4-N/A 2024 12.5.2.1 -N/A 2024 12.5.3-N/A 2024 12.6.2-NIA 2024 12.6.3.1 -N/A 2024 12.6.3.2-N/A 2024 12.10.4.1 -N/A 2024 12.10.5-N/A 2024 12.10.7-N/A 2024 For any Not Tested responses, identify which sub- requirements were not tested and the reason. .................... ......................................_.."........ ...................................... PCIDSS W.0 Attestation of Compliancefor Report on Compliance—Service Providers r2 August 2023 0 20062023 PCI Security Standards Council,LLC.All rights reserved. Page 11 Docusign Envelope ID: 257395A3-4440-4AOD-87C5-5358AFDAD4D3 Semity Standards OjuncR Section 2 Report on Compliance ...................................... ...........I................ ...............................I...,............................................................................................................................... (ROC Sections 1.2 and 1.3.2) ........... Date Assessment began: 2024-10-2 Note: This is the first date that evidence was gathered, or observations were made. . .............. Date Assessment ended: 2024-12-19 Note: This is the last date that evidence was gathered, or observations were made. Were any requirements in the ROC unable to be met due to a legal constraint? YE@ 0 No Were any testing activities performed remotely? Yes ❑No If yes,for each testing activity below, indicate whether remote assessment activities were performed: • Examine documentation Yes ❑ No .................... • Interview personnel Yes ❑ No . ........... • Examine/observe live data Yes El No • Observe process being performed Yes ❑ No �--- ............... • Observe physical environment Yes ❑ No • Interactive testing Yes ❑ No • Other: El Yes El No .... .......... ..................... .............. ...... ............................................................... PCIDSS W.0 Attestation of Compliance far Report on Compliance—Service Providers r2 .August 2023 0 20062023 PCISecurity Standards Council,LLC All rights reserved. Page 12 Docusign Envelope ID: Securitylr� ~ �ijndxd"(ounc ff Section 3 Validation and Attestation Details This AOC is based�m results noted in the ROC dated (Date o/Report aanoted in the ROC 2024-12-20). Indicate below whether a full ur partial PC| OGS assessment was completed: 0 Full Assessment—All requirements have been assessed and therefore no requirements were marked as Not Tested in the ROC. E)Partial Assessment—One or more requirements have not been assessed and were therefore marked as Not Tested in the ROC. Any requirement not assessed is noted as Not Tested in Part 2g above. Based on the results documented in the ROC noted above, each signatory identified in any of Parts 3b-3d, as applicable, assert(s)the following compliance status for the entity identified in Part 2of this document(select one): Compliant: All sections of the PC[ DSS ROC are complete,and all assessed requirements are marked as being either In Place or Not Applicable, resulting in an overall COMPLIANT rating;thereby Tyler Technologies has demonstrated compliance with all PCI DSS requirements except those noted as Not Tested above. El Non-Compliant: Not all sections of the PC[ DSS ROC are complete, or one or more requirements are marked as Not in Place, resulting in an overall NON-COMPLIANT rating; thereby (Service Provider Company Name) has not demonstrated compliance with PCI DSS requirements. Target Date for Compliance: YYYY-MM-DD An entity submitting this form with a Non-Compliant status may be required to complete the Action Plan in Part 4 of this document. Confirm with the entity to which this AOC will be submitted before completing Part 4. El Compliant but with Legal exception: One or more assessed requirements in the ROC are marked as Not in Place due to a legal restriction that prevents the requirement from being met and all other assessed requirements are marked as being either In Place or Not Applicable, resulting in an overall COMPLIANT BUT WITH LEGAL EXCEPTION rating;thereby(Service Provider Company Name)has demonstrated compliance with all PCI DSS requirements except those noted as Not Tested above or as Not in Place due to a legal restriction. This option requires additional review from the entity to which this AOC will be submitted. If selected, complete the following: Affected Requirement Details of how legal constraint prevents requirement from being met PCID8SW.0 Attestation Yf Cbnpliancmfor Report nn Compliance—Service Providers r2 August 2&3 C 2006-2023P{I Security Standards Council,IIC All rights reserved. Page}3 Docusign Envelope ID:257395A344404AOD-87C5-5358AFDAD4D3 7f� an Secubly Stu lards Coum H Part 3a.Service Provider Acknowledgement ................ ......... . ........ - ---__- - ....... Signatory(s)confirms: (Select all that apply) l ................. ........... he ROC was completed according to PCI DSS,Version 4.0 and was completed according to the irstructions therein. .................. .......... All information within the above-referenced ROC and in this attestation fairly represents the results of the Assessment in all material respects. PCI DSS controls will be maintained at all times,as applicable to the entity's environment. Part 3b.Service Provider Attestation Docuftnedby: UJa I rj ........ .. ...... 115F el P c X!A Signature of Service FrLovic;er u"PiNeofficer j��M Date:2024-12-20 .......... Service Provider Executive Officer Name:Jeremy Ward Title:Chief Information Security Officer Part 3c.Qualified Security Assessor(QSA)Acknowledgement ....... ... If a QSA was involved or assisted with this QSA performed testing procedures. Assessment, indicate the role performed: provided other assistance. If selected,describe all role(s)performed: ............- ...... Signed by. 6tXkLS ...................... . ....... oie E5UA4944M:7' 2024.,,12-20 Lead QSA Name: Karl Kakadelis [DocuSigned by, . .................._1 " ... ...... ............ Signature of Duly Authorized Officer of QSA Company i"?J Date:2024-12-20 Duly Authorized Officer Name: Gil Eng SA Company: IBM Part 3d. PC[SSC Internal Security Assessor(IISA)Involvement .......... ......... . ... If an ISA(s)was involved or assisted with this lQs)performed testing procedures. Assessment, indicate the role performed: .......... Us)provided other assistance. If selected,describe all role(s)performed: ...... .......�� . .......... ............................................ .............................. .......................................... PC]DSS W.0 Attestation oj'Complianeefor Report on Compliance--Service Providers r2 Ass st 2023 C 20062023 PCI Security Standards Council,LLC All rights reserved Page 14 Docusign Envelope ID: 25739SA3..4441-4AOIlI-87C"5-5358A,FDA:I;74D3 e � i Only complete Part 4 upon request of the entity to which this A OC will be submitted, and only if the Assessment has Non-Compliant results noted in Section 3, If asked to complete this section,select the appropriate response for"Compliant to PCI DSS Requirements"for each requirement below.For any" o"responses, include the date the entity expects to be compliant with the requirement and provide a brief description of the actions being taken to meet the requirement. Compliant to PCI Remediatton Date and PCI DSS DSS Requirements Actions Requirement rlpl of Requirement (Select One) (If"NO"selected for any _.....w. ...�.�Y.w ..._.�u. . ._ES NO Requirement) h 1 Install and maintain network security controls El 2Apply secure configurations to all system components 3 Protect stored account data Protect cardholder data with strong 4 cryptography during transmission over open, public networks 5 Protect all systems and networks from malicious software 6 Develop and maintain secure systems and software Restrict access to system components and cardholder data by business need to know S Identify users and authenticate access to system components 9 Restrict physical access to cardholder data 10 Log and monitor all access to system El components and cardholder data 11 Test security systems and networks regularly 12 Support information security with El organizational policies and programs Appendix Al Additional PCI DSS Requirements for Multi- El Tenant Service Providers dditional PCI DSS Requirements for Appendix A2 Entities using SSL/early TLS for Card El - Present POS POI Terminal Connections DISCOVER Global ,,j WVISA FIRE -..............................--................. .......... .............................................................----.......................-1-11......................................................-- ................. IBC ID,5,5 4.0 Alte,y,tatif)n(4'C e)na,laliarar�a�f asr.Rel.)ort on C.aaraap�lieane:e- Service Providers.r2 August 2023 (0 200l 2023.PC'I,Secair°itY 4teand are'is Council,LLC All rights reserved Page P tyler L W(;hY"14"kg'1e Exhibit G Data & Insights SaaS Services Terms of Service Updated 04/21/2022 This Data & Insights SaaS Services Terms of Services governs your use of the following solutions: Property & Recording • Assessment Connect • Open Assessment Enterprise Permitting & Licensing • Enterprise Permitting & Licensing Business Management Feeds • Enterprise Permitting & Licensing Community Development Feeds • Community Development Executive Insights • Enterprise Permitting & Licensing Advanced Automation with Executive Insights • Enterprise Analytics and Reporting with Executive Insights • Business Management Executive Insights • Enterprise ERP Revenue Insights • Citizen Connect • Economic Intelligence Enterprise ERP • Enterprise ERP Analytics & Reporting w Executive Insights • Enterprise ERP Financial Insights - Bundled • Enterprise ERP Payroll & HR Insights • Capital Project Explorer • Citizen Connect • Data & Insights Open Data • Open Finance • Economic Intelligence • Executive Insights, ERP Courts & Justice • Court Analytics • eFile Analytics • Probation Analytics/Supervision Analytics • Pre-trial Analytics Public Safety • Public Safety Analytics 1 • Law Enforcement Explorer • Citizen Connect • Law Enforcement Analytics • Performance Dashboards WHEREAS, Tyler has designed, developed, purchased or configured certain computer software systems which Tyler has designated as Data & Insights SaaS Services and has used such software in support of commercial and government programs; and WHEREAS, Client desires to acquire from Tyler and Tyler wishes to grant to Client a non-exclusive license to use the Data & Insights SaaS Services as further defined, permitted, conditioned, and restricted below. NOW, THEREFORE, in consideration of the foregoing and other good and valuable consideration, the receipt and sufficiency of which is acknowledged, and in consideration of covenants and obligations hereinafter set forth, the Parties agree to be bound by the terms and conditions as follows: These Data & Insights SaaS Services Terms of Service govern the use and license rights associated with the Data & Insights SaaS Services. The parties are referred to herein individually as Party or collectively as Parties. Capitalized terms used in these Data & Insights SaaS Services Terms of Service but not defined herein are defined in the Base Agreement or other agreement with us governing your use of the Tyler software and services. Section A — Definitions • `Base Agreement" means the agreement executed by you and Tyler to which you are adding Data & Insights SaaS Services through signature upon an Order Form. For the avoidance of doubt, a Base Agreement is not an agreement signed by an entity Tyler acquired. • "API" means application-programming interface. • "Client Data" means data, datasets, files, information, content and links uploaded or provided by Client through the use of the Data & Insights SaaS Services but excluding Third-Party Services. • Confidential Information" means nonpublic information that a reasonable person would believe to be confidential and includes, without limitation, personal identifying information (e.g., Social Security numbers) and trade secrets, each as defined by applicable state law. • "Data&Insights Agreement" means this Data & Insights SaaS Services Terms of Service and any special conditions agreed to by the Parties and included in the Order Form. • "Data &Insights SaaS Services" means the Data & Insights off the shelf, cloud- based software service and related services, including support services, as specified under this Data & Insights SaaS Services Terms of Service. Data & 2 Insights SaaS Services do not include support of an operating system or hardware, support outside of our normal business hours, or training, consulting, or other professional services. • "Data Storage" means the contracted amount of storage capacity for your Client Data. • "Dataset" means physical collection of information, typically modeled as a table of rows and columns of data. • "Effective Date" means the date subscription start date identified in the Order Form or Purchase Order. • "External API Calls" means any request made by a user that is not logged in against a SaaS Service. • "Monthly Active Users" or "Users" used interchangeably, means a user that is logged in and accesses the Data & Insights SaaS Services. • "Order Form" or "Purchase Order" means an ordering document, referencing or including a Quote or Investment Summary, specifying the Data & Insights SaaS Services and any Professional Services to be provided hereunder that is entered into between Client and Tyler, including any addenda and supplements thereto. • "Quote" or "Investment Summary"means an estimate provided by Tyler for the SaaS Services or Professional Services. • "Third-Party Data" means an aggregated dataset solution by a third-party data provider and shall be treated as Confidential Information. • "Third-Party Data Purpose" means to use the Third-Party Data alone or in conjunction with other intelligence, data, or logic for internal modeling, targeting, measurement, and internal reporting solely for the benefit of the Client. • "Third-Party Services" means if any, third-party web-based services, content, or platforms, including but not limited to third party stock photos and third-party map location services, which are available at no additional charge to you through the Data & Insights SaaS Services. • "Updates" means any enhancements, additions, new releases, bug fixes, patches, modifications or other error corrections of or to the SaaS Software or Third-Party Data licensed to Client that Tyler generally makes available free of charge to licensees of the solutions. • "we", It "our" and similar terms mean Tyler. • "you" and similar terms mean Client. Section B — Data & Insights SaaS Services 1. Rights Granted. As of the Effective Date, Tyler grants to Client the non-exclusive, non-assignable limited right to use the SaaS Services on a subscription basis according to the terms of the Base Agreement and this Data & Insights Agreement. The SaaS Services will be made available to Client according to the terms of the applicable Service Level Agreement. Client may use the SaaS Services to access Updates and enhancements to the SaaS Services, as described in herein. Unless otherwise terminated, Client's right to access or use the SaaS Services will terminate at the end of the subscription period defined in the Order Form or Base Agreement, as applicable. 2. SaaS Fees and Usage Limits. Client agrees to pay the fees identified in the Order Form in accordance with Tyler's Invoicing and Payment Policy. Client 3 acknowledges that continued access to the Data & Insights SaaS Services is contingent upon your timely payment of SaaS Fees. If you fail to timely pay the SaaS Fees, we may discontinue your access to the Data & Insights SaaS Services. We may also terminate this Data & Insights Agreement if you don't cure such failure to pay within forty-five (45) days of receiving written notice of our intent to terminate. During the subscription period, Tyler reserves the right to exercise the usage limits set forth in the Order Form. If Client exceeds the contractual usage limits, Tyler may work with Client to seek to reduce Client's usage so that it conforms to that limit. If Client is unable or unwilling to abide by a contractual usage limit, or if Client wishes to increase usage limits, it will require a written contract amendment, modification, or Client will execute an Order Form for increased usage limits. 3. Ownership and Reservation of Rights. a. This Data & Insights Agreement does not provide Client with title or ownership of the Data & Insights SaaS Services, or Third-Party Data, but only a right of limited use as further delineated herein. The SaaS Services, other services, workflow processes, user interface, designs, and other technologies provided by Tyler pursuant to this Data & Insights Agreement are the proprietary property of Tyler and its licensors. All right, title and interest in and to such items, including all associated intellectual property rights, remain only with Tyler. Tyler reserves all rights unless otherwise expressly granted in this Data & Insights Agreement. Client may not remove or modify any proprietary marking or restrictive legends from items or services provided under this Agreement. Third-Party Data vendors also retain ownership, title and all rights and interest, including, without limitation, Intellectual Property Rights in and to their own respective software, data, and documentation. b. When Client uploads or provides Client Data through the use of the Data & Insights SaaS Services, Client grants to Tyler a non- exclusive, worldwide, royalty-free, sub-licensable, and transferable license during the subscription period to use, reproduce, publicly display, distribute, modify, create derivative works of, index, and translate the Client Data as needed in response to, and as directed by, a User's use of the Data & Insights SaaS Services and as needed for the compliance of this Data & Insights Agreement and for the purpose of providing analytics to a User. c. Tyler may access and develop derivative data assets and insights based on combined, aggregated, anonymized views of Client Data, that Client has not made publicly available, for the purposes of providing new features and functionality, and performing aggregated statistical analysis by providing benchmarks and models. d. Client retains all ownership and intellectual property rights to the Client Data. Client expressly recognizes that except to the extent necessary to carry out our obligations contained in this Data & 4 Insights Agreement, Tyler does not create or endorse any data used in connection with the Data & Insights SaaS Services. e. If Client provides feedback, information, and/or or suggestions about the Data & Insights SaaS Services, or any other services provided hereunder, then Tyler (and those it allows to use its technology) may use such feedback, information, and/or suggestions under a royalty- free, paid-up, and irrevocable license without obligation to Client. 4. Restrictions. a. You may not: (a) except as explicitly provided for herein, make the Data & Insights SaaS Services or Documentation resulting from the Data & Insights SaaS Services available in any manner to any third party for use in the third party's business operations; (b) modify, make derivative works of, disassemble, reverse compile, or reverse engineer any part of the Data & Insights SaaS Services; (c) access or use the Data & Insights SaaS Services in order to build or support, and/or assist a third party in building or supporting, products or services competitive to us; (d) license, sell, rent, lease, transfer, assign, distribute, display, host, outsource, disclose, permit timesharing or service bureau use, or otherwise commercially exploit or make the Data & Insights SaaS Services or Documentation available to any third party other than as expressly permitted by this Data & Insights Agreement; (e) use the Data & Insights SaaS Services to store or transmit infringing, unsolicited marketing emails, libelous, or otherwise objectionable, unlawful or tortious material, or to store or transmit material in violation of third party rights; (f) interfere with or disrupt the integrity or performance of the Data & Insights SaaS Services (including without limitation, vulnerability scanning, penetration testing or other manual or automated simulations of adversarial actions, without Tyler's prior written consent); or (g) attempt to gain unauthorized access to the Data & Insights SaaS Services or its related systems or networks. b. Client acknowledges and understands that the Data & Insights SaaS Services are not designed to serve as the system of record and shall not be used in a manner where the interruption of the Data & Insights SaaS Services could cause personal injury (including death) or property damage. The Data & Insights SaaS Services are not designed to process or store data protected under the Family Education Rights and Privacy Act ("FERPA"), data from Criminal Justice Information Services ("CJIS"), or other sensitive data, and by using the Data & Insights SaaS Services, Client acknowledges and agrees that Client is using the Data & Insights SaaS Services at Client's own risk and that Client is solely responsible for use of data with the Data & Insights SaaS Services in any manner that is contrary to the uses for which the Data & Insights SaaS Services are designed and offered for use in this Agreement. If Client intends to use the Data & Insights SaaS Services to store or transmit Protected Health 5 Information (PHI), then the Parties will scope the additional usage and it will require a written contract amendment and will include a mutually agreeable Business Associate Agreement. c. Although we have no obligation to screen, edit or monitor the Client Data or Public User content posted on Data & Insights SaaS Services, if, in our reasonable judgment, we discover your use of the Data & Insights SaaS Services threatens the security, integrity, stability, or availability of the Data & Insights SaaS Services, or is otherwise in violation of this Data & Insights Agreement, we may temporarily suspend the Data & Insights SaaS Services, or User access thereto. Unless Client has conducted penetration testing or unscheduled performance testing, Tyler will use commercially reasonable efforts to provide Client with notice and an opportunity to remedy such violation or threat prior to such suspension. Any penetration testing or unscheduled performance testing conducted by Client will result in immediate suspension of the Data & Insights SaaS Services. 5. Access and Usage by Internal Client Users and Contractors. You may allow your internal users and third party contractors to access the Data & Insights SaaS Services and any technical or policy controls, in compliance with the terms of this Data & Insights Agreement, which access must be for your sole benefit. You are responsible for the compliance with this Data & Insights Agreement by your internal users and contractors. 6. Your Responsibilities. Client (a) must keep its passwords secure and confidential; (b) is solely responsible for all activity occurring under its account; (c) must use commercially reasonable efforts to prevent unauthorized access to its account and notify Tyler promptly of any such unauthorized access; (d) may use the Data & Insights SaaS Services only in accordance with the Documentation; and (e) shall comply with all federal, state and local laws, regulations and policies of Client, as to its use of the Data & Insights SaaS Services, Client Data, and instructions to Tyler regarding the same. 7. Client Data Backup. The data on the Data & Insights Platform is a copy of Client Data. Any laws and regulations governing Client for retention of Client Data remains Client's responsibility. CLIENT IS SOLELY RESPONSIBLE FOR BACKING UP CLIENT DATA unless otherwise specially agreed in writing between Tyler and Client in the Tyler hosting Agreement. 8. Return of Client Data. Upon request, Tyler will make the Data & Insights SaaS Services available to Client to export Client Data for a period of sixty (60) days following the termination of this Data & Insights Agreement. After such sixty (60) day period has expired, we have no obligation to maintain Client Data and may destroy the Client Data. 9. Data Security Measures. In order to protect your Confidential Information, we will: (a) implement and maintain all reasonable security measures appropriate to the nature of the Confidential Information including without limitation, technical, physical, administrative and organizational controls, and will maintain the confidentiality, security and integrity of such Confidential Information; (b) 6 implement and maintain industry standard systems and procedures for detecting, mitigating, and responding to attacks, intrusions, or other systems failures and regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures; (c) designate an employee or employees to coordinate implementation and maintenance of its Security Measures (as defined below); and (d) identify reasonably foreseeable internal and external risks to the security, availability, confidentiality, and integrity of Confidential Information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks (collectively, Security Measures). Client acknowledges and agrees that Tyler's obligations with respect to Security Measures is subject to Client Restrictions herein. 10.Notice of Data Breach. If Tyler knows that Confidential Information has been accessed, disclosed, or acquired without proper authorization and contrary to the terms of this Data & Insights Agreement, we will alert Client of any such data breach in accordance with applicable law, and take such actions as may be necessary to preserve forensic evidence and return the Data & Insights SaaS Services to standard operability. If so required, Tyler will provide notice in accordance with applicable federal or State data breach notification laws. 11.Confidentiality. In the absence of a corresponding provision in the Base Agreement, the following provision shall apply: Each party agrees that it will not disclose any Confidential Information of the other party and further agrees to take all reasonable and appropriate action to prevent such disclosure by its employees or agents. The confidentiality covenants contained herein will survive the termination or cancellation of this Data & Insights Agreement. This obligation of confidentiality will not apply to information that: a. is in the public domain, either at the time of disclosure or afterwards, except by breach of this Data & Insights Agreement by a party or its employees or agents; b. a party can establish by reasonable proof was in that party's possession at the time of initial disclosure; c. a party receives from a third party who has a right to disclose it to the receiving party; or d. is the subject of a legitimate disclosure request under the open records laws or similar applicable public disclosure laws governing this Data & Insights Agreement; provided, however, that in the event you receive an open records or other similar applicable request, you will give us prompt notice and otherwise perform the functions required by applicable law. Section C — Warranty 1. SaaS Services Warranty. Tyler warrants to Client that the functionality or features of the Data & Insights SaaS Services will substantially perform as communicated to Client in writing, or their functional equivalent, but Tyler has the right to update functionality. The support policies may change but will not materially degrade during the term. Tyler may deprecate features upon at least 30 days' notice to Client, but Tyler will use commercially reasonable efforts to support the previous features for at least 6 months following the deprecation notice. The deprecation notice will be posted at tt „sue/f �ort,socra.c;orr. Section D — Third-Party Services 1. Third -Party Services. Client may be provided with access and usage of Third- Party Services through use of the Data & Insights SaaS Services. Client may use the Third-Party Services at Client's election, but Client must agree to such Third- Party Service contracts if Client chooses to use those Third-Party Services. Third-Party Services will be solely governed by such Third-Party Service contracts and use may include separate fees and charges. Client will have access to the following Third-party Services for use within the software, however, the availability of any of these services is subject to change: • Getty Images: Within the platform's perspective story tool, customers have access to a library of images available for use in their story pages, terms and conditions located at Ott ://�nr !vv:ctgtt i� cgrUr onnectt rrns. ■ Mapbox: Within the platform's visualization suite, the current mapping visualizations are powered by Mapbox, terms and conditions located alt htt .s://w.ww.ma.p )c) ac om/l q,a9/to . • Mapquest: Geocoding provider that matches user-provided addresses with geographic coordinates for display on map visualizations terms and conditions located at �wR ://I�ellc�.l �a uest cp n/te_rrr aLo_f-use/. 2. Disclaimer. You acknowledge that we are not the provider of any Third-Party Services, We do not warrant or guarantee the performance of the Third-Party Services. Section E — Term 1. Term. The Data & Insights SaaS Services are acquired through a Base Agreement with a defined term for SaaS Services (in which case that term shall apply). Your right to access or use the Data & Insights SaaS Services or Third- Party Data will terminate at the end of this Data & Insights Agreement. Section F — Limitation of Liability 1. DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES PROVIDED IN THIS DATA & INSIGHTS AGREEMENT AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, WE HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES, DUTIES, OR CONDITIONS OF MERCHANTABILITY, TITLE OR FITNESS FOR A PARTICULAR PURPOSE. WHILE TYLER TAKES REASONABLE PHYSICAL, TECHNICAL AND ADMINISTRATIVE MEASURES TO SECURE THE DATA & INSIGHTS SAAS SERVICES, TYLER DOES NOT GUARANTEE THAT THE DATA & INSIGHTS SAAS SERVICES CANNOT BE COMPROMISED. YOU UNDERSTAND THAT THE DATA & INSIGHTS SAAS SERVICES MAY NOT BE ERROR FREE, AND USE MAY BE INTERRUPTED. 8 2. LIMITATION OF LIABILITY. Unless the Data & Insights SaaS Services are acquired through a Base Agreement with a Limitation of Liability clause (in which case that term shall apply), OUR LIABILITY FOR DAMAGES ARISING OUT OF THIS DATA & INSIGHTS AGREEMENT, WHETHER BASED ON A THEORY OF CONTRACT OR TORT, INCLUDING NEGLIGENCE AND STRICT LIABILITY, SHALL BE LIMITED TO YOUR ACTUAL DIRECT DAMAGES, NOT TO EXCEED THE THEN-CURRENT ANNUAL DATA & INSIGHTS SAAS FEES PAYABLE BY YOU. THE PARTIES ACKNOWLEDGE AND AGREE THAT THE PRICES SET FORTH IN THIS DATA & INSIGHTS AGREEMENT ARE SET IN RELIANCE UPON THIS LIMITATION OF LIABILITY AND TO THE MAXIMUM EXTENT ALLOWED UNDER APPLICABLE LAW, THE EXCLUSION OF CERTAIN DAMAGES, AND EACH SHALL APPLY REGARDLESS OF THE FAILURE OF AN ESSENTIAL PURPOSE OF ANY REMEDY. THE FOREGOING LIMITATION OF LIABILITY SHALL NOT APPLY TO THE INDEMNIFICATION OBLIGATIONS UNDER THE AGREEMENT. 3. EXCLUSION OF CERTAIN DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL WE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, PUNITIVE, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Section G — Additional Terms and Conditions for Data & Insights SaaS Services With Open Data Functionality 1. Tyler may make certain other Tyler Applications available to Client. The use of Open Assessment, Data & Insights Citizen Connect, Data & Insights Capital Project Explorer, Data & Insights Citizen Connect, Data & Insights Open Data, Data & Insights Open Finance, Open Finance, and/or X-Connect Applications, either alone or in connection with the Data & Insights SaaS Services, is governed by this Data & Insights Agreement and the Agreement. Client must also comply with the following terms and conditions when using the above named Applications. 2. The Data & Insights SaaS Services may provide you with functionality to make all or part of Client Data available to the general public through one or more public facing websites. If the functionality is provided, then Client determines which Client Data is shared publicly, and Client is solely responsible for determining the online terms of use and licenses relative to the use by public users ("Public User") of Client Data, and the enforcement thereof. Client is responsible to ensure all Users comply with the terms and conditions of this Amendment. Once an internal user makes Client Data publicly available using the Data & Insights SaaS Services, Tyler has no control over a Public User's use, distribution, or misuse of Client Data. Tyler has no liability or obligation to indemnify for such usage. If the Data & Insights SaaS Services provide you with this functionality, then Users have the ability within the Data & Insights SaaS Services to remove the public permissions applied to Client Data. 3. Tyler reserves the right to develop derivative data assets based on Client Data that exists in the public domain. Tyler may use, index, disclose, commercialize, and transfer the derivative data assets for any lawful purpose, including but not 9 limited to: aggregating and summarizing data; normalizing, standardizing and concatenating data to create new regional or national data assets; and developing key performance indicators and benchmarks. 4. APIs. The Data & Insights SaaS Services may provide access to the applicable application-programming interface ("API") as part of the Data & Insights SaaS Services under the terms of this Data & Insights Agreement. Subject to the other terms of this Data & Insights Agreement and if the Data & Insights SaaS Services provides access to the APIs, Tyler grants Client a non-exclusive, nontransferable, terminable license to interact only with the SaaS Services as allowed by the current APIs. a. Client may not use the APIs in a manner--as reasonably determined by Tyler--that exceeds the purposes defined in the Amendment Investment Summary, constitutes excessive or abusive usage, or fails to comply with any part of the APIs. If any of these occur, Tyler can suspend or terminate Client's access to the APIs on a temporary or permanent basis. b. Tyler may change or remove existing endpoints or fields in API results upon at least 30 days' notice to Client, but Tyler will use commercially reasonable efforts to support the previous version of the APIs for at least 6 months from deprecation notice. Tyler may add new endpoints or fields in API results without prior notice to Client. c. The APIs may be used to connect the SaaS Services to certain hosted or on premise software applications not provided by Tyler ("Non-Tyler Applications"). Client is solely responsible for development, license, access to and support of Non-Tyler Applications, and Client's obligations under this Data & Insights Agreement are not contingent on access to or availability of any Non- Tyler Application. d. Any open source code provided is provided as a convenience to you. Such open source code is provided AS IS and is governed by the applicable open source license that applies to such code; provided, however, that any such open source licenses will not materially interfere or prohibit Client's limited right to use the SaaS Services for its internal business purposes. Section H —Additional Terms and Conditions for Third-Party Data Vendor Solutions/Applications 1. Tyler may make certain Third-Party Data Vendor Applications available to Client. The use of Tyler Recovery Insights, Economic Intelligence, Small Business Revenue Metrics, Mobility Metrics, Consumer Spending Metrics, and/or Small Business Revenue Metrics either alone or in connection with the Data & Insights SaaS Services is governed by this Data & Insights Agreement and the Agreement. Client must also comply with the following terms and conditions when using the above mentioned Applications. 2. License Grant for Third-Party Data. Any use of Third-Party Data shall be limited to the Third-Party Data Purpose. Third-Party Data vendors also retain ownership, 10 title and all rights and interest, including, without limitation, Intellectual Property Rights in and to their own respective software, data, and documentation. 3. Restrictions for Third-Party Data. a. Client shall not at any time, directly or indirectly: (i) copy, modify, or create derivative works of the Third-Party Data, in whole or in part; (ii) rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer, or otherwise make available the Third-Party Data; (iii) re-identify, reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to the source code of the Third-Party Data, in whole or in part; (iv) remove any proprietary notices from the Third-Party Data; (v) use the Third-Party Data in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable Law; or (vi) make Third-Party Data available to for use or access to anyone other than Client. b. Client shall not publicly publish the dashboards that contain the Third- Party Data, but Client may publicly publish visualizations from the aggregate summary data. c. Client shall not remove any copyright or other proprietary notice or legend contained or included in Third-Party Data. d. Client expressly permits Tyler to share with the Third-Party Data providers Client's name, subscription term dates, applicable costs and fees for the Third-Party Data SKU(s) that Client subscribes to. e. Upon termination of the Agreement, or of a subscription that contains Third-Party Data, Client shall remove and destroy all copies of Third- Party Data. f. If any Third-Party Data is the subject of a legitimate disclosure request under the open records laws or similar applicable public disclosure laws governing the Agreement; Client will give Tyler prompt notice and otherwise perform the functions required by applicable law. g. Client shall not use the Third-Party Data to attempt to identify behavior of a known individual for any reason. h. Client acknowledges and agrees that if the Third-Party Data includes SafeGraph data, up to .05% of the data will be salted data or seeds used to fingerprint the data provided to Client. 4. Updates. Tyler may in its sole discretion provide Updates to the Third-Party Data or replace with functionally equivalent. 5. Third-Party Data Warranty. TYLER DOES NOT WARRANT THE CORRECTNESS, COMPLETENESS, OR CURRENTNESS OF THE THIRD- PARTY DATA OR THAT THE FUNCTIONS PERFORMED BY THE THIRD- PARTY DATA WILL MEET CLIENT'S REQUIREMENTS, THAT THE THIRD- PARTY DATA WILL BE ERROR FREE, OR THAT ALL THIRD-PARTY DATA DEFECTS ARE CORRECTABLE. THE FOREGOING WARRANTIES ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, THE THIRD-PARTY DATA IS PROVIDED "AS IS". North Andover, MA SaaS Renewal Contract 1230252 Final Audit Report 2025-12-30 Created: 2025-12-30 By: Stacey Gerard(stacey.gerar(]@tylertech.coni) Status: Signed Transaction ID: CBJCHBC,AABAAuTHIOSaECqeXOSQI PC-dRDTm-5edPE3_ "North Andover, MA SaaS Renewal Contract 123025 2" History f) Document created by Stacey Gerard (stacey.gerard@tylertech..com) 20251230-8:14:49 PM GMT-IP address-163.116.144.111 Document emailed to Tina Mize (tina.mize@tylertech.com)for signature 2025-12-30-8:16:14 PM GMT Email viewed by Tina Mize (tina.mize@tylertech.com) 2025-12-30 9:29:46 PM GMT-IP address:163.116.247.60 Document e-signed by Tina Mize (tina.rTiize@tylertech.corn) Signature Date:2025-12-30-9:40:35 PM GMT-Time Source:server-IP address: 163.116.247.60 Agreement completed. 2025-12-30-9:40:35 PM GMT wmd by -tyler Adobe tedhw��pe, Acrobat Sign