ALCHEMY SOFTWARE DEVELOPMENT, SUPPORT, AND TECHNOLOGY AGREEMENT
EXHIBIT 10.4
ALCHEMY SOFTWARE DEVELOPMENT, SUPPORT, AND TECHNOLOGY AGREEMENT
This Software Development, Support, and Technology Agreement (this “Agreement”) is entered into as of September 13, 2021 (the “Effective Date”), by and between Fluidfi, Inc. dba Alchemy Technologies (“Alchemy”), a Delaware corporation with its principal place of business at 000 Xxxx Xxxx Xxxxxx Xxxxx, Xxxxx 000, Xxxxxxxx Xxxx, Xxxx 00000 and Business Warrior Corporation (“Client”), a Wyoming corporation with its principal place of business at Business Warrior Corporation. Alchemy, on the one hand, and Client, on the other hand, may each be referred to herein as a “Party” and, collectively, the “Parties.”
WHEREAS, Alchemy has developed and maintains an integrated suite of services for lending companies to use in connection with loan origination, management, and servicing (the “Services”); and
WHEREAS, the Services are provided by means of several elements consisting of a central, cloud-based operating system; a web-based administrative portal; web-based user and partner interfaces; and APIs to integrate with credit, banking, and identity verification services (together, all such elements are referred to as the “Alchemy Application”); and
WHEREAS, Client wishes to engage Alchemy in order to deliver an instance of the Alchemy Application customized specifically for Client (the “Work Product”), and Alchemy is willing to accept the engagement on the terms and subject to the conditions set forth in this Agreement.
NOW, THEREFORE, in consideration of the mutual promises and covenants set forth herein, and intending to be legally bound, the Parties hereto agree as follows:
1. ENGAGEMENT OF ALCHEMY.
1.1. Subject to the terms and conditions of this Agreement, Client hereby retains the services of Alchemy to design, develop, and implement the Work Product and to provide the Services through the Alchemy Application thereunder. The specifications, requirements, and deliverables (the “Specifications”) and the time schedule (the “Schedule”) related thereto set forth in Exhibit A attached hereto and incorporated herein by reference as though fully set forth herein.
1.2. Alchemy will (a) create the Work Product in accordance with the Specifications provided in Exhibit A; (b) use best efforts to deliver the Work Product to Client in accordance with the Schedule provided in Exhibit A; and (c) assign a product manager who is responsible for managing day-to-day activities, reporting, and resource allocation.
1.3. Client will provide all assistance and cooperation to Alchemy reasonably necessary to complete the Work Product in a timely and efficient manner. Client will be responsible for making, at its own expenses, any changes or additions to Client’s current systems, software, and hardware that may be required to support the operation of the Work Product.
1.4. At any time during the term of this Agreement, should Client wish to make any modification to the Specifications, Client will provide a detailed written description of the requested changes to Alchemy (each, a “Change Request”). Alchemy will evaluate the Change Request and submit a written response to the Change Request within three (3) business days following receipt thereof (each, a “Change Request Response”). Alchemy’s Change Request Response will include a statement of the availability of Alchemy’s personnel and resources, as well as any impact that the proposed changes will have on the price, delivery dates, deliverables, or warranty provisions of this Agreement. Client will accept, reject, or propose modifications to each such Change Request Response within three business days following receipt thereof. Upon Client’s acceptance of the applicable Change Request Response, the Specifications shall promptly be amended by means of a written, jointly executed addendum to Exhibit A of this Agreement to reflect the updated Specifications and Schedule.
2. DESCRIPTION OF WORK PRODUCT.
2.1. Operating System. Throughout the Term, Alchemy shall provide Client with access to an instance of the Alchemy operating system, hosted by Alchemy in a private cloud, customized in accordance with the Specifications described on Exhibit A hereto.
2.2. Administrative Portal. In connection with the operating system referred to in Section 2.1, Alchemy will provide Client with access to a web-based administrative portal through which Client may perform tasks related to loan origination, management, and servicing, as further described in Exhibit A hereto.
2.3. User Interface. Client may provide access to the Work Product to each of Client’s borrower customers, through a web-based user interface. Client also may arrange to provide various industry partners with access to an Instance via one or more customized partner portals, as may be set forth in Exhibit A. Client’s borrower customers and any industry partners permitted by Client to access the Work Product are referred to herein as the “Users.”
2.4. APIs. Client may choose to integrate the Work Product with one or more APIs that have been developed by Alchemy and/or to provide access to various credit, banking, and identity verification services. Any API integrations in addition to those described on Exhibit A hereto will be added pursuant to the procedure described in Section 1.4 of this Agreement and may be subject to additional setup charges and ongoing monthly access charges, to be determined by Alchemy in good faith on a case-by-case basis. Client may also request Alchemy to build a custom API to integrate its instance of the Alchemy Application with new services. Such new API integrations will be added to Exhibit A pursuant to the procedure described in Section 1.4 of this Agreement and may be subject to additional development charges, setup charges and ongoing monthly access charges, to be determined by Alchemy in good faith on a case-by-case basis.
2 |
3. ACCEPTANCE OF WORK PRODUCT.
3.1. Acceptance Test Plan. Client shall, in cooperation with Alchemy, prepare and be responsible for a plan for the Client acceptance test (“Acceptance Test Plan”), with acceptance test procedures suitable for verifying that the Work Product meets the agreed requirements of the Specification. The Acceptance Test Plan will describe how the Client acceptance test will be carried out, and will contain a detailed description of the tests to be performed, as well as the acceptance criteria.
3.2. Acceptance Period. Following the date of delivery of the Work Product, Client will have ten (10) business days to inspect, test, and assess the Work Product and determine whether it satisfies the acceptance criteria, in accordance with the Acceptance Test Plan.
3.3. Approval. The acceptance test will be deemed approved upon the earliest to occur of (i) notification of approval in writing from Client to Alchemy; (ii) ten (10) business days after the scheduled completion of the acceptance test, according to the Acceptance Test Plan, if no notice has been delivered to Alchemy stating that it is not approved; or (iii) the election by Client to put the Work Product into operation.
3.4. Rejection and Repair.
a. In order to reject the acceptance test, Client will be required to provide written notice to Alchemy, stating the reasons for rejection, within ten (10) business days after the scheduled completion of the acceptance test, according to the Acceptance Test Plan.
b. If Alchemy believes that the rejection is unjustified, written notice shall be given to such effect within five (5) business days after receipt of Client’s rejection notice.
c. If Alchemy does not provide such written notice, repairs shall be undertaken promptly, with notice to Client specifying the repairs to be performed and the expected time frame. Upon completion of such repairs, Alchemy shall give written notice to Client and Client shall promptly resume its acceptance test.
3.5. Commissioning. The Work Product shall be put into regular operation after the Client acceptance test has been successfully completed and approved.
4. LICENSE GRANT.
4.1. License to Use Services. Alchemy hereby grants to Client: (a) a non-exclusive, nontransferable, worldwide license to access and use the Services and the Alchemy Application in accordance with this Agreement; and (b) an exclusive, nontransferable worldwide license throughout the Initial Term and any Renewal Terms of this Agreement to access and use the Work Product (collectively, the “License”). All rights not expressly granted to Client under the License are reserved by Alchemy.
3 |
4.2. Limitations on Use. The license to use the content on the Alchemy Application and within the Services (the “Content”) is for only Client and its assigned Users. Except as permitted by this Agreement, the Content may not be decompiled, reverse engineered, disassembled, transferred, distributed, resold, sublicensed, or used to create any competing works. Except as permitted by this Agreement, Client shall not (i) license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any non-User third party the Services or the Content in any way; (ii) modify or make competing works based upon the Alchemy Application, the Services, or the Content; or (iii) “frame” or “mirror” any Content on any other server or wireless or Internet-based device. Client may use the Alchemy Application and Services only as permitted by this Agreement for its internal business purposes, and shall not: (a) send spam or otherwise duplicative or unsolicited messages in violation of applicable law; (b) send or store infringing, obscene, threatening, libelous, or otherwise unlawful or tortious material in violation of applicable law, including material harmful to children or material in violation of third party privacy rights; (c) send or store material containing software viruses, worms, Trojan horses or other malicious, harmful computer code, files, scripts, agents or programs; (d) interfere with or disrupt the integrity or performance of the Alchemy Application, Services, or the data contained therein; or (e) attempt to gain unauthorized access to the Alchemy Application, Services, or its related systems or networks.
5. FEES AND PAYMENTS.
5.1. Fees. Client will be charged the following fees: (a) a monthly subscription fee. Please see exhibit A.
5.2. Setup Fees and Custom Coding. The Work Product will be designed, developed, and implemented by Alchemy in accordance with the provisions of Exhibit A, and in exchange for the fees set forth therein. Additional custom coding work performed by Alchemy as requested by Client following implementation of the Work Product will be billed at hourly rates as determined by Alchemy in good faith on a case-by-case basis.
5.3. Payment. All fees and amounts due under this Agreement will be billed by Alchemy on a monthly basis, in arrears, payable upon receipt of invoice.
5.4. No Circumvention of Charges. Client shall not take any actions, including the use of any other software, that would have the effect of reducing the amounts to be paid under this Agreement based on the number of applications or other transactions, including arrangements for circumventing the features contained in the software for tracking loan origination, management, and servicing activity. Client agrees to use best efforts to prevent unauthorized individuals from accessing the Work Product.
4 |
6. INTELLECTUAL PROPERTY.
6.1. Alchemy IP. The Alchemy Application and its Contents (but not including any Client IP) (“Alchemy IP”) are owned or licensed by Alchemy and protected by U.S. and international copyright, trademark, service xxxx, patent and/or other proprietary rights and laws. Except as expressly provided in this Agreement, nothing contained herein shall be construed as conferring to Client any license or right under copyright or other intellectual property right law. No part of the Alchemy IP may be altered, copied, photocopied, reproduced, translated or reduced to any electronic medium or machine-readable form, in whole or in part, except as specifically provided in this Agreement. Client shall not take any action that interferes with or diminishes Alchemy’s right in any of the Alchemy IP.
6.2. Client IP. Client’s creations, designs, content, copywriting, data, mailing lists, customer lists, trademarks, service marks, trade names, business names, and pre-existing intellectual property rights (“Client IP”) that are provided to Alchemy, or are incorporated per Client’s request in the Work Product, shall be and remain the sole and exclusive property of Client. Alchemy may not use Client IP in any manner except incorporating Client IP into the Work Product as directly by Client solely to provide Services to Client. In no event will the incorporation of Client IP into the Work Product affect Alchemy’s ownership of and rights to the Alchemy Application or Alchemy IP.
a. Alchemy shall at all times maintain the escrow deposit materials (“Deposit Materials”) to provide Client with the source code (as hereinafter defined) necessary to run and utilize the Work Product. Provided that Client remains in good standing throughout the term of the Agreement and according to the terms of the Escrow Agreement, Client shall be entitled to receive the Deposit Materials upon the occurrence of a Bankruptcy Event, as hereinafter defined. Client shall only use the Deposit Materials to support the Work Product as provided for in the Agreement, and Client shall at all times maintain the confidentiality of the Deposit Materials and shall not distribute, duplicate or otherwise share the Deposit Materials.
b. “Bankruptcy Event” means any of the following events: (a) Alchemy, or any affiliate or entity controlled by or controlling it (each, an “Affiliate” and, together, the “Affiliates”), commences a case or other proceeding under any bankruptcy, reorganization, arrangement, adjustment of debt, relief of debtors, dissolution, insolvency or liquidation or similar law of any jurisdiction relating to Alchemy or any Affiliate, (b) there is commenced against Alchemy or any Affiliate any such case or proceeding that is not dismissed within 60 days after commencement, (c) Alchemy or any Affiliate is adjudicated insolvent or bankrupt or any order of relief or other order approving any such case or proceeding is entered, (d) Alchemy or any Affiliate suffers any appointment of any custodian or the like for it or any substantial part of its property that is not discharged or stayed within 60 calendar days after such appointment, (e) Alchemy or any Affiliate makes a general assignment for the benefit of creditors, (f) Alchemy or any Affiliate calls a meeting of its creditors with a view to arranging a composition, adjustment or restructuring of its debts or (g) Alchemy or any Affiliate, by any act or failure to act, expressly indicates its consent to, approval of or acquiescence in any of the foregoing or takes any corporate or other action for the purpose of effecting any of the foregoing.
5 |
7. DATA MANAGEMENT.
7.1. Definitions.
a. “Authorized Personnel” means Alchemy’s employees and contractors who have a need to know or otherwise access Project Data to enable Alchemy to perform its obligations under this Agreement.
b. “Project Data” means any and all (i) data related to Client and Users that is input into and/or generated by the Work Product, and/or (ii) other system information or data related to Users provided by or at the direction of Client or any User to Alchemy, in the course of Alchemy’s performance under this Agreement.
c. “Data Breach” means an actual or suspected unauthorized disclosure or exposure of Project Data.
7.2. Data Management.
a. Alchemy acknowledges and agrees that, in the course of its engagement by Client, Alchemy may create, receive, or have access to Project Data. Alchemy shall comply with the terms and conditions set forth in this Agreement in its and its Authorized Employees’ creation, collection, receipt, transmission, storage, disposal, use, and disclosure of such Project Data.
b. Project Data is deemed to be Confidential Information of Client and is not Confidential Information of Alchemy.
c. In recognition of the foregoing, Alchemy agrees and covenants that it shall:
i) keep and maintain all Project Data in strict confidence, using such degree of care as is appropriate to avoid unauthorized access, use, or disclosure;
ii) not create, collect, receive, access, or use Project Data in violation of law;
iii) use and disclose Project Data solely and exclusively for the purposes for which the Project Data, or access to it, is provided pursuant to the terms and conditions of this Agreement, and not use, sell, rent, transfer, distribute, or otherwise disclose or make available Project Data for Alchemy’s own purposes or for the benefit of anyone other than Client, in each case, without Client’s prior written consent; and
iv) not disclose Project Data to any person other than its Authorized Personnel without Client’s prior written consent, unless and to the extent required by applicable law, in which case Alchemy shall notify Client before such disclosure or as soon thereafter as reasonably possible.
6 |
d. Client possesses and retains all right, title, and interest in and to Project Data, and Alchemy’s use and possession thereof is solely on Client’s behalf. Client may access and copy any Project Data in Alchemy’s possession at any time, and Alchemy shall reasonably facilitate such access and copying promptly after Client’s request.
e. Alchemy shall not erase Project Data, or any copy thereof, without Client’s prior written consent and shall follow any written instructions from Client regarding retention and erasure of Project Data. Unless prohibited by applicable law, Alchemy shall purge all systems under its control of all Project Data at such time as Client may request. Promptly after erasure, Alchemy shall certify such erasure to Client in writing. In purging or erasing Project Data as required by this Agreement, Alchemy shall leave no data recoverable on its computers or other media, to the maximum extent commercially feasible.
7.3. Data Security. The Parties acknowledge that data security for the Work Product is a shared endeavor, with responsibility shared at different levels by and between Amazon Web Services (“AWS”), Alchemy, and Client.
a. AWS Responsibilities. As the cloud service provider for each instance of the Alchemy Application, AWS operates, manages and controls the components from the host operating system and virtualization layer down the to the physical security of the facilities in which the Work Product operates. AWS is responsible for protecting the infrastructure that runs the Work Product, including the hardware, software, networking, and facilities that run AWS cloud services. A more complete description of the security provided by AWS is set forth in Exhibit B.
b. Alchemy Responsibilities. Alchemy is responsible for establishing and managing each AWS cloud container where an instance of the Alchemy Application is hosted, including providing software maintenance and updates when required. In addition, Alchemy has administrative access both to the AWS cloud container where each instance is hosted and to the Work Product via a system administrator login. As a result, Alchemy shall exercise commercially reasonable efforts to prevent unauthorized exposure or disclosure of Project Data, including by following the security procedures and protocols described in Exhibit B. Alchemy also shall implement and maintain a program for managing actual or suspected unauthorized disclosure or exposure of Project Data (a “Data Breach”). In the event of a Data Breach, or in the event that Alchemy suspects a Data Breach, Alchemy shall (i) promptly notify Client by telephone or in person and (ii) cooperate with Client and law enforcement agencies, where applicable, to investigate and resolve the Data Breach, including, without limitation, by providing reasonable assistance to Client in notifying injured third parties. Alchemy shall give Client prompt access to such records related to a Data Breach as it may reasonably request; provided such records will be Alchemy’s Confidential Information and Alchemy will not be required to provide Client with records belonging to, or compromising the security of, its other customers.
7 |
c. Client Responsibilities. Client also will have administrative access to the Work Product and all data stored therein, including Project Data. As a result, Client shares responsibility for maintaining the security of Project Data stored in the Work Product. Client therefore shall exercise commercially reasonable efforts to prevent unauthorized exposure or disclosure of Project Data, and shall promptly notify Alchemy of any suspected Data Breach.
8. WARRANTIES AND DISCLAIMERS. Alchemy represents, warrants and covenants to Client that:
8.1. Alchemy has the right, power and authority, including all permits and licenses required, to provide the Services and grant and perform all rights and licenses granted or required to be granted by it under this Agreement;
8.2. the Work Product will not infringe, misappropriate or otherwise violate any intellectual property right or other right of any third party;
8.3. the Work Product will conform to and perform in accordance with the Specifications and all requirements of this Agreement; and
8.4. it will perform all services required of it under this Agreement in a timely, professional and workmanlike manner with a level of care, skill, practice and judgment consistent with generally prevailing industry standards.
9. INDEMNITY AND INSURANCE.
9.1. Indemnification by Alchemy. Alchemy shall defend, indemnify, and hold harmless Client and its officers, directors, employees, agents, and permitted assigns (each, a “Client Indemnitee”) from and against all claims, actions, proceedings, suits, losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, penalties, fines, costs, and expenses of whatever kind, including reasonable attorneys’ fees, the cost of enforcing any right to indemnification hereunder, and the cost of pursuing any insurance providers, arising out of or resulting from any claim by a third party for (i) a Data Breach determined to be caused directly by Alchemy’s failure to comply with its obligations under Section 7.3 of this Agreement or (ii) any actual or alleged infringement of intellectual property rights relating to the Work Product, the Alchemy Application or Client’s use thereof.
9.2. Indemnification by Client. Client shall defend, indemnify, and hold harmless Alchemy and its officers, directors, employees, agents, and permitted assigns (each, an “Alchemy Indemnitee”) from and against all claims, actions, proceedings, suits, losses, damages, liabilities, deficiencies, actions, judgments, interest, awards, penalties, fines, costs, and expenses of whatever kind, including reasonable attorneys’ fees, the cost of enforcing any right to indemnification hereunder, and the cost of pursuing any insurance providers, arising out of or resulting from any claim by a third party for (i) a Data Breach determined to be caused directly by Client’s failure to comply with its obligations under Section 7.3 of this Agreement or (ii) any alleged compliance violations arising out of Client’s use of the Work Product.
8 |
10. LIMITATION OF LIABILITY.
EXCEPT FOR INDEMNIFICATION OBLIGATIONS UNDER SECTION 9, TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR (A) ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES OR ANY LOSS OF BUSINESS OR PROFITS, REGARDLESS OF LEGAL THEORY, WHETHER OR NOT SUCH PARTY HAS BEEN WARNED OF THE POSSIBILITY OF SUCH DAMAGES, AND EVEN IF A REMEDY FAILS OF ITS ESSENTIAL PURPOSE; OR (B) AGGREGATE LIABILITY FOR ALL CLAIMS MORE THAN THE AGGREGATE OF THE AMOUNTS PAID AND PAYABLE BY CLIENT TO ALCHEMY FOR THE PAST 12 MONTHS.
11. SUPPORT AND MAINTENANCE.
11.1. Technical Support. Alchemy shall provide support Client according to the terms of Alchemy’s Service Level Agreement (included in Alchemy’s “Security and Support – Procedures and Protocols” document attached to this Agreement as Exhibit B) are incorporated herein by reference.
11.2. Expedited Support. Should Client desire support on an expedited basis, Alchemy may provide such support for an additional hourly fee. Expedited support typically will be billed at $150/hour.
11.3. Maintenance. Alchemy reserves the right to schedule routine system maintenance periods, and shall provide reasonable advance notice of such maintenance periods to Client.
12. TERM OF AGREEMENT.
12.1. Initial Term. The term of this Agreement shall commence upon its Effective Date and continue for twelve (12) months (the “Initial Term”).
12.2. Renewal Terms. This Agreement shall automatically renew at the end of the Initial Term for an additional twelve (12) month period (a “Renewal Term”), unless either Party notifies the other Party in writing of its intention not to renew at least thirty (30) days before the expiration of the Initial Term. At the end of a Renewal Term, this Agreement shall automatically renew for an additional Renewal Term, unless either Party notifies the other Party in writing of its intention not to renew at least thirty (30) days before the expiration of the operative Renewal Term. The Initial Term and any Renewal Terms are collectively referred to as the “Term”.
12.3. Termination on Breach. Each Party may terminate this Agreement upon material breach by the other Party of one or more of the terms and conditions of this Agreement, provided that the breaching Party is notified in writing of the material breach and such breach is not cured within ten (10) business days after receipt of such written notice. Termination for breach will not alter or affect the terminating Party’s right to exercise any other remedy for breach.
9 |
12.4. Effect of Termination. The termination or expiration of this Agreement for any reason shall not affect a Party’s rights or obligations that expressly or by their nature continue and survive (including, without limitation, the provisions concerning confidentiality, privacy, data security, warranties, and indemnities).
13. NOTICES.
13.1. All notices and statements to be sent to the Parties hereunder shall be addressed to the Parties at the following addresses:
To Client:
Business Warrior Corporation
000 X Xxxxxx Xx, #000000
Xxx Xxxxx, XX 00000
Attn: Xxxxxxxx Xxxxxx
xxxxxxx@xxxxxxxxxxxxxxx.xxx
To Alchemy:
FluidFi, Inc. dba Alchemy Technologies
000 Xxxx Xxxx Xxxxxx Xxxxx, Xxxxx 000
Xxxxxxxx Xxxx, Xxxx 00000
Attn: Xxxxxxx Xx
xxxxxxx.xx@xxxxxxxxxxxx.xxx
or at such other address as the Parties shall designate in writing from time to time.
13.2. All notices shall be in writing and shall either be served by personal delivery, email with confirmation of receipt, or by a reputable overnight delivery service that furnishes proof of delivery. Delivery shall be deemed to occur at the time of actual delivery.
14. MISCELLANEOUS.
14.1. Governing Law. This Agreement is governed by the laws of the United States and the state of California, without regard for the conflicts of laws provisions of any jurisdiction. If any dispute arises concerning this Agreement, venue shall be laid exclusively in the state and federal courts of Orange County, State of California, which will have exclusive jurisdiction over such dispute, and the Parties consent to the personal jurisdiction of such courts.
14.2. Entire Agreement. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter of this Agreement, and supersedes and replaces any other prior written and prior or contemporaneous oral agreements or understandings with respect thereto. This Agreement may not be amended except by a writing signed by both Parties.
10 |
14.3. Severability. In case of any one or more of the provisions of this Agreement should be held invalid, illegal or unenforceable, each such provision shall be modified, if possible, to the minimum extent necessary to make it valid and enforceable, or if it cannot be so modified, then severed, and the remaining provisions contained in this Agreement shall not in any way be affected or impaired.
14.4. No Waiver. The failure by any Party to enforce strict performance of any provision of this Agreement will not constitute a waiver of a right to subsequently enforce such a provision. No written waiver shall constitute, or be construed as, a waiver of any other obligation or condition of this Agreement.
14.5. Assignment. Neither Party may assign its rights under this Agreement without the prior written consent of the other Party. Any assignment permitted hereunder will be subject to the written consent of the assignee to all of the terms and provisions of this Agreement. Any attempted assignment in derogation of this section will be null and void. Notwithstanding the foregoing, either Party may, without the other Party’s consent, assign its rights under this Agreement to any person or entity in connection with a merger, acquisition, divestiture, or sale of all or substantially all of its assets to which this Agreement relates.
14.6. Counterparts. The Parties may execute this Agreement in multiple counterparts, each of which constitutes an original, and all of which together constitute one agreement. The delivery of signed counterparts by facsimile, email or other electronic transmission that includes a copy of the sending Party’s signature is as effective as signing and delivering the counterpart in person.
14.7. Applicable Laws. Both parties warrants they comply with all applicable laws, regulations, licensing and tribal laws.
14.8. Due Diligence. Client shall have the right at any time, upon reasonable advance notice to inspect (on-site or remotely) all records and materials of Alchemy’s as part of the Clients ongoing due diligence maintenance.
14.9. Rights of Termination. Either party has the right to terminate this Agreement, without liability to the other in the event of non-compliance.
[Signature Page Follows]
11 |
IN WITNESS WHEREOF, the Parties hereto have signed this Agreement as of the day and year written above.
Business Warrior Corporation | |||
By: | |||
|
| Xxxxxxxx Xxxxxx | |
President | |||
| FluidFi, Inc. dba Alchemy Technologies |
| |
|
|
|
|
| By: |
| |
|
| Xxxxxxx Xx |
|
|
| CEO |
|
12 |
EXHIBIT A
Alchemy System Development
WORK PRODUCT SPECIFICATIONS
Included in the Work Product for Client will be:
1. Business Warrior Lending System
a) Decision Engine API (Module)
| ■ | Able to pull data points needed to make an underwriting decision |
| · | Credit |
|
|
|
| · | KYB/KYC |
|
|
|
| · | Alchemy will work with Business Warrior to define the underwriting rule. |
| ■ | Provide business installment products through API back to Business Warrior’s front end and backend platform |
| · | Interest Rate, Loan Amount Assignment |
|
|
|
| · | Alchemy will work with Business Warrior and their funding partners on product setup. |
| ■ | Ability to send sms/email to end clients with various messages. |
b) Loan Management System API (Module)
| · | Integration with payment providers to collect fees and down payments and repayment of the loans (ACH or Wire, etc.). |
|
|
|
| · | Ability to serve Business Warrior loans with collections module and loan modification tools. |
|
|
|
| · | Ability to add additional bank accounts / payment instruments to repay the solar contract. |
c) We will install the entire app to our client’s site xxx.xxxxxxxxxxxxxxx.xxx
| · | We will do all DNS / Nameserver configuration |
2. Design – Design/UI/UX to be provided by Alchemy or client
3. System architecture: Node.js; Postgres DB; AWS Infrastructure
Exhibit A-1 |
PRICING, BUDGET & PAYMENT TERMS
Pricing:
Customization (Setup Phase) | $80/hr/Engineer, QA, Dev Ops $40/hr/Project manager Invoice Paid weekly |
Estimate Timing:
5 wks, $16k for 0 xxxx xxxxx xxxxxxxxx.
0 xxx , x0x for QA/DevOps/Project Management
$24k approximate budget for this project.
Additional Customization:
Development work for additional customization work, including any non-standard API work, workflow, custom integration to customer CRM, loan migration etc, will be billed at $80/hr/engineer and $40/hr/project management.
Project Timeline:
30~45 Days
Ongoing Monthly Subscription Fee:
$10k per month – flat fee ($96k if paid 12 months in advance.)
*Subscription fee starts after first application has been taken (e.g. Post production launch).
Servicing FTE Fee (optional):
$4,000 per month per FTE – flat. (English/Spanish) Monday to Friday (Sun rise to Sun down) Servicing is month to month and FTE’s can be added or removed with 2-weeks’ notice.
Purchase Option
Client may in exchange for a perpetual and royalty-free license for the software code and other required intellectual property needed to operate the custom application, all of which Client shall keep confidential and secure, pay Alchemy a fixed fee of one million Dollars and 00/100 ($1,000,000), which shall be payable in equal installments of fifty thousand Dollars and 00/100 ($50,000) (the “Fixed Fee”) over twenty(20) months (the “Fixed Fee Period”). During the Fixed Fee Period, each Fixed Fee payment shall be made on the first day of each calendar month, commencing 30 days from delivery and installation of the software code. Alchemy may terminate the license immediately if Client breaches its confidentiality and/or security obligations.
Exhibit A-2 |
EXHIBIT B
Security and Support – Procedures and Protocols
Summary
Alchemy utilizes infrastructure-as-a-service from Amazon Web Services (AWS), one of the world’s premier cloud service providers, and is a trusted technology partner of international brands and government agencies. For a list of AWS customer case studies, visit the AWS Case Studies Page.
The following is a very high-level summary of the Alchemy security and infrastructure framework hosted with AWS. For a comprehensive explanation of the AWS IaaS offering, please view the Intro to Security Processes Whitepaper.
The IT infrastructure that AWS provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards, including:
| · | SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II) |
| · | SOC2 |
| · | SOC3 |
| · | FISMA |
| · | FedRAMP |
| · | DOD SRG Levels 2 and 4 |
| · | PCI DSS Level 1 |
| · | EU Model Clauses |
| · | ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 |
| · | ITAR |
| · | IRAP |
| · | FIPS 140-2 |
| · | MLPS Level 3 |
| · | MTCS |
In addition, the flexibility and control that the AWS platform provides allows customers to deploy solutions that meet several industry-specific standards, including:
| · | HIPAA |
| · | Cloud Security Alliance (CSA) |
| · | Motion Picture Association of America (MPAA) |
AWS provides a wide range of information regarding its IT control environment to customers through white papers, reports, certifications, accreditations, and other third-party attestations. More information is available in the Risk and Compliance Whitepaper.
Exhibit B-1 |
Physical and Environmental Security
| · | Fire detection and suppression |
| · | Power redundancy |
| · | Climate and temperature controls and monitoring |
| · | Storage Device Decommissioning |
Business Continuity Management
| · | N+1 redundancy on core applications |
| · | Data stored across multiple availability zones with rapid failover capability |
| · | 24x7/364 incident response |
| · | Company-wide executive review of security policies |
| · | Daily incremental backups using EBS point-in-time snapshots with fast recoverability and the ability to mount a volume instantly |
| · | Comprehensive backups are retained for 30 days |
| · | Official exhibits are retained for 6 months. |
| · | If deleted by a user, data can be restored to production within these retention windows for a professional service fee |
Network Security
| · | Secure Access Points |
| · | Transmission Protection |
| · | Amazon Corporate Segregation |
| · | Fault-tolerant design |
AWS Identity and Access Management and Multi-Factor Authentication
Access to the Alchemy cloud management console requires two-factor authentication using a password and a Time-based One-time Password (TOTP) security token. Individual servers are accessed through an SSH connection using a password encrypted private key. Alchemy servers are networked within an AWS Virtual Private Cloud (VPC) effectively isolating network traffic between servers.
Data Security
All access to the database (including application access) requires authentication. Passwords stored in the database are obfuscated using a one-way cryptographic hash algorithm.
Network Monitoring and Protection against:
| · | DDoS Attacks |
| · | MITM Attacks |
| · | IP Spoofing |
| · | Port Scanning |
| · | Packet Sniffing by other tenants |
Exhibit B-2 |
Alchemy utilizes the following AWS services:
| · | Amazon Virtual Private Cloud (VPC) |
| · | Amazon Elastic Load Balancing (ELB) |
| · | Amazon Elastic Compute Cloud (EC2) |
| · | Amazon Relational Database Service (RDS) |
| · | Amazon Elastic Block Store (EBS) |
| · | Amazon ElastiCache |
| · | Amazon CloudWatch |
| · | Amazon Scalable Cloud storage (S3) |
| · | Amazon DNS and Domain registration (Route 53) |
| · | Amazon Lambda |
| · | Amazon Auto Scaling* |
| · | Amazon Simple Notification Services* |
| · | Amazon Simple Queue Services* |
* As needed
AWS services status can be tracked at the AWS Service Health Dashboard.
Product Security
There are two distinct products in Alchemy Application. The frontend and backend WebApp provides access to authorized users. The front end is customer facing portal for customers to login and view information while the backend is a role based system for admin and other backend users to view and perform their roles such as underwriting and approval.
Authentication
Alchemy incorporates authentication protocols to prevent unauthorized access to the system. Authentication information is always transmitted encrypted using SSL. The authentication token consists of a unique login name and user defined password. Passwords are obfuscated from view as the user enters them. Users only have access to the system through the Alchemy Application, which restricts access based on account login and assigned role associations.
Secure Transmission
Once authenticated to the system, all data requests from the application interface are validated with a secure key before data is transmitted. All data is transmitted through encrypted, SSL connections.
Exhibit B-3 |
Service Level Agreement (SLA)
Service Availability
We employ a wide range of technologies, engineering expertise, and streamlined failover processes to guarantee business continuity. Services such as site recovery management, offsite backup, and customizable run-book policies keep data protected and accessible at all times.
Alchemy shall make the Work Product Available, as measured over the course of each calendar month during the Term, at least 99.95% of the time. “Available” means the Services are available and operable for access and use by Client, Lenders and the Users over the Internet in conformity with the Specifications.
If an Instance is not Available at least 99.95% of the time during a calendar month (not including any scheduled maintenance periods or periods where the Instance is not Available due to factors outside Alchemy’s reasonable control), Client may request a service credit that may be applied to the following month’s invoice, according to this schedule:
| · | If an Instance is Available between 97% and 99.95% of the time, Client will be entitled to a credit of $2,000. |
|
|
|
| · | If an Instance is Available between 95% and 96.99% of the time, Client will be entitled to a credit of $3,000. |
|
|
|
| · | If an Instance is Available less than 95% of the time, Client will be entitled to a credit of $5,000. |
If an Instance is Available less than 90% of the time during a calendar month (not including any scheduled maintenance periods or periods where the Instance is not Available due to factors outside Alchemy’s reasonable control), Client shall have the right to terminate the Agreement.
Support and Maintenance Services
Alchemy shall provide to Client all updates, bug fixes, enhancements, new releases, new versions and other improvements to the Services, including the Alchemy Application, that Alchemy provides at no additional charge to its other similarly situated customers.
Alchemy will respond to and make reasonable attempts to resolve all support questions or concerns sent to xxxxxxx@xxxxxxx.xxx or phone calls made to (000) 000-0000, according to the priority/severity schedule below (as reasonably classified by Alchemy), Monday to Friday during normal business hours of 8am to 8pm EST.
Exhibit B-4 |
Priority | Severity | Definition | Response | Resolution Time | Example |
1 | Emergency | Service not available (All users and functions are not available) | 1 hour | 4 hours | Server down |
2 | Critical | Significant degradation of services (Large number of users or core business process is affected | 2 hours | 8 hours | Could not connect to credit bureau |
3 | Major | Limited degradation of service - Business process can continue with workarounds | 8 hours | 24 hours | Cannot make payment from frontend. CS can take payments |
4 | Normal | Small service degradation | 16 hours | 24 hours | Small amount of Users cannot access bank transaction |
5 | Low | Low impact issues | 24 hours | 72 hours | Some transactions are slow; Message not clear |
N/A | Request | General request from Client | 2 days | 72 hours | How do I…? |
Incident Response and Handling
Purpose
To ensure that security incidents are addressed appropriately to protect Alchemy customer resources and data.
Policy
An incident is an event or series of events that comprise a threat to the security (i.e., confidentiality, integrity, availability) of Alchemy’s systems or data. Sources of incidents include (but are not limited to) viruses, worms, and attacks from outside Alchemy.
All security incidents are responded to immediately using a strategy of:
1. Identification – To determine whether one or more events comprise an incident and to assign a severity level to the incident.
2. Containment – To prevent further damage to a targeted system or spread of an attack to other systems.
Exhibit B-5 |
3. Recovery and Investigation – To eradicate the attack and any resulting damage, return to a normal state of operation, preserve evidence of the attack, and identify exploited vulnerabilities to prevent future attacks.
The IT Team responds to any incident and immediately escalates any incident to the Head of Development (HD). If the HD is unavailable, the IT Team brings the incident to the attention of the CEO.
Procedures
Identify
1. Once an event or series of events is suspected to be an incident, it should be escalated promptly to the IT Team.
2. The IT Team evaluates the evidence and circumstances, confirms that an incident exists, and escalates the incident to the HD.
3. The IT Team and HD discuss the incident, and the HD assigns a severity level using the following guidelines:
| · | Level 1: The incident poses an immediate threat to Alchemy’s critical systems. |
| · | Level 2: The incident represents an incursion on a non-critical system or is an indication of an impending attack. |
The HD bears responsibility for the severity level assignment. In cases where the severity is unclear or ambiguous, the HD may err on the conservative side and assign it a level 1 severity.
4. Level 1 incidents should be reported to the CEO immediately so that they may consider any impact to business operations.
The HD, IT Team, or a delegate documents the incident and responses to the incident. Items that should be recorded include:
| · | The date and time of the incident |
| · | How the incident was discovered or reported |
| · | The apparent target / intent of the incident |
| · | The apparent source of the incident |
| · | The severity level of the incident |
| · | Actions taken to respond to the incident |
| · | Evidence gathered during the course of the response |
Exhibit B-6 |
Contain
The IT Team monitors the attack by tracking network and system activity and determines a suitable approach to contain the attack. Containment tactics may include blocking an IP address or port at the firewall, disabling a compromised account, stopping a targeted network service, or unplugging a network cable. Level 1 attack may require a complete and abrupt shutdown of one or more systems. Though this tactic should be used with caution, the HD and IT Team have the authority to apply this tactic during severe situations. Such actions should be discussed and reported to the President as timely as possible.
Recover and Investigate
The HD oversees the recovery of the affected systems and consults with the IT Team to determine an approach to the recovery.
| 1. | The IT Team makes every reasonable effort to preserve evidence of the incident. They might preserve logs and any other signs of system activity or produce images of entire systems for investigation. When warranted, they may obtain professional forensic investigation services. |
| 2. | The team investigates any vulnerability that was exploited during the course of the incident and addresses it by appropriate means (e.g., applying patches, changing configurations). |
| 3. | All passwords on affected systems are changed. |
| 4. | The approach to recovery may include restoring damaged files, restoring from backup, or rebuilding a system. Restoration of individual files or system components should only be pursued if the team is highly confident that the attack was contained. If the team opts to restore from backup, the team should be highly confident that backup volumes are not affected by the attack. |
| 5. | Documentation of the incident is completed with all supporting documentation of evidence and the investigation. |
| 6. | Regardless of the approach to recovery, system activity is closely monitored for five business days following recovery with thorough logging and frequent monitoring. |
| 7. | After five days of seamless system operation, the incident may be declared closed at the discretion of the HD. The IT Team finalizes documentation of the incident and the HD signs off on the incident’s closure. |
Client Notification
When required by law, Alchemy will notify affected customers of an incident within 72 hours through email or other electronic means.
Exhibit B-7 |