Master Subscription Agreement

1. Definitions

"Agreement" means these Core Terms, the applicable Schedule(s), each Order Form, the Privacy Notice, the Data Processing Addendum ("DPA"), and any Supplier Quality Addendum ("SQA") executed by the parties.

"Provider" means S.G. Systems, LLC for customers contracting in the United States, Canada, Latin America, APAC and the Middle East, and SG Traceability Systems Ltd (Ireland, CRO 732738) for customers contracting in the EU, EEA, United Kingdom and Switzerland. The Order Form names the contracting Provider entity.

"Customer" means the legal entity identified on the Order Form.

"V5 Ultimate" or "Software" means the V5 Ultimate manufacturing-execution and compliance platform, in either the Cloud or On-Premises distribution form.

"Cloud Service" means the hosted, multi-tenant SaaS offering described in Schedule A.

"On-Premises Software" means the containerised distribution Customer installs in its own environment under Schedule B.

"Order Form" means a written or electronic ordering document referencing this Agreement, signed or click-accepted by Customer.

"Subscription Term" means the period stated on the Order Form during which Customer is licensed to use the Software.

"Customer Data" means data Customer or its Authorised Users submit to or generate within the Software, including regulated records, e-signatures and audit trail entries.

"Authorised User" means an employee, contractor or agent of Customer that Customer permits to use the Software.

2. The Agreement and ordering

Each Order Form incorporates this Agreement by reference. In the event of conflict the order of precedence is: (a) DPA, (b) Order Form, (c) applicable Schedule, (d) Core Terms, (e) Privacy Notice. A Statement of Work or implementation document does not vary this Agreement unless it expressly says so and is signed by both parties.

Relationship to the online Terms of Service. The click-through Terms of Service govern self-serve sign-ups (free trial, individual plans) where no Order Form has been signed. Once Customer signs an Order Form referencing this Agreement, this Agreement supersedes the Terms of Service for the subject matter covered, and the Terms of Service continue to apply only where this Agreement is silent.

3. Grant of rights

Subject to payment of Fees and to the Agreement, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right during the Subscription Term to use the Software for Customer's internal business operations, in accordance with the applicable Schedule and any user / site / volume limits stated on the Order Form.

Customer shall not (i) resell, time-share or service-bureau the Software, (ii) reverse-engineer or attempt to derive source code (except where local law makes this right non-waivable), (iii) remove proprietary notices, (iv) use the Software to build a competing product, or (v) exceed the user or site count purchased.

4. Customer responsibilities

Customer is responsible for: the accuracy and lawfulness of Customer Data; configuring its Authorised Users, roles and approvers; maintaining the security of its SAML / SCIM identity provider; the qualification (IQ/OQ/PQ) of the Software in its regulated environment to the extent required by Customer's quality system; and complying with all laws applicable to its use of the Software, including 21 CFR Part 11, EU Annex 11, GDPR, HIPAA (where applicable) and export control laws.

5. Fees and payment

Fees are stated on the Order Form. Unless otherwise stated, Fees are billed annually in advance, are non-cancellable and non-refundable except as expressly provided, and are exclusive of taxes. Late amounts accrue interest at the lower of 1.5% per month or the maximum rate permitted by law. Provider may suspend the Software after fifteen (15) days' written notice of non-payment.

6. Term, renewal and termination

The Subscription Term auto-renews for successive periods equal to the initial Subscription Term unless either party gives written notice of non-renewal at least sixty (60) days before the end of the then-current term. Either party may terminate for the other's material breach not cured within thirty (30) days of written notice, or immediately on the other party's insolvency, liquidation or assignment for the benefit of creditors.

On termination Customer shall cease use of the Software and, for Cloud, may export Customer Data per Section 9 for thirty (30) days; for On-Premises, the term licence ends and Customer shall uninstall the Software and certify destruction within thirty (30) days.

7. Confidentiality

Each party shall protect the other's Confidential Information with at least reasonable care and use it only for purposes of this Agreement. The obligation survives termination for five (5) years, or indefinitely for trade secrets. Customer Data is Customer's Confidential Information.

8. Data protection and security

Provider's security posture is described at v5ultimate.com/security and incorporated by reference. The DPA governs processing of personal data and is deemed accepted on execution of the first Order Form referencing this Agreement. Provider will notify Customer without undue delay (and in any event within seventy-two (72) hours) of confirmation of a personal data breach affecting Customer Data.

For regulated buyers, an SQA covering GxP-specific obligations (change control notification, deviation reporting, audit rights, validation deliverables) is available on request and, once signed, takes precedence over conflicting provisions in this Agreement for the matters it covers.

9. Customer Data — ownership and portability

As between the parties Customer owns all right, title and interest in Customer Data. Provider receives only the rights necessary to provide and improve the Software in line with the Agreement. Customer may export Customer Data at any time during the Subscription Term and for thirty (30) days after termination, in signed-PDF and machine-readable JSON formats. No Customer Data is used to train AI models.

10. Warranties and disclaimers

Provider warrants that the Software will perform materially in accordance with its then-current documentation. Customer's sole remedy for breach of this warranty is, at Provider's option, correction of the non-conformity or pro-rata refund of pre-paid Fees for the affected period. Except as expressly stated, the Software is provided "as is" and Provider disclaims all other warranties, express or implied, including merchantability, fitness for a particular purpose and non-infringement.

11. Indemnification

Provider will defend Customer against third-party claims alleging the Software infringes a patent, copyright, trademark or trade-secret right, and pay damages finally awarded or in a Provider-approved settlement, provided Customer promptly notifies Provider, gives sole control of the defence and reasonable cooperation. Customer will defend Provider against third-party claims arising from Customer Data, Customer's use of the Software in breach of the Agreement, or Customer's regulated decisions made in reliance on outputs of the Software.

12. Limitation of liability

Except for (a) either party's indemnification obligations, (b) Customer's payment obligations, (c) breach of confidentiality, or (d) a party's gross negligence or wilful misconduct, neither party's aggregate liability arising out of or related to the Agreement shall exceed the Fees paid by Customer to Provider in the twelve (12) months preceding the event giving rise to liability. Neither party is liable for indirect, consequential, special, incidental or punitive damages, or for lost profits, revenue or data, even if advised of the possibility.

13. Governing law and venue

For Order Forms with Provider entity S.G. Systems, LLC: this Agreement is governed by the laws of the State of Texas, USA, and the parties submit to the exclusive jurisdiction of the state and federal courts in Travis County, Texas. For Order Forms with Provider entity SG Traceability Systems Ltd (Ireland, CRO 732738): this Agreement is governed by the laws of Ireland and the parties submit to the exclusive jurisdiction of the courts of Dublin. The UN Convention on Contracts for the International Sale of Goods does not apply.

14. General

This Agreement, with the Schedules, Order Forms, DPA and SQA (if any), constitutes the entire agreement between the parties on its subject matter and supersedes all prior agreements. Amendments require signed writing. Neither party may assign without the other's consent (not to be unreasonably withheld), except to an affiliate or in connection with a merger, acquisition or sale of substantially all assets. Notices to Provider go to info@sgsystemsglobal.com; to Customer at the address on the Order Form. Force majeure suspends performance for the duration of the event. If any provision is held unenforceable, the rest survives.

Schedule A — Cloud (SaaS) Service

This Schedule A applies when the Order Form selects V5 Ultimate Cloud.

A.1 Service description

Provider hosts the Software in its production environment and grants Customer access over the public internet at the URL identified on the Order Form. Customer may select data residency (US or EU) at workspace creation, subject to availability.

A.2 Service Level Agreement (SLA)

Uptime target: 99.9% Monthly Uptime Percentage, measured as (Total Minutes in Month − Unavailable Minutes) ÷ Total Minutes × 100, excluding Scheduled Maintenance and Excluded Events (force majeure, Customer-caused outages, third-party identity-provider failure).

Service credits: If Monthly Uptime falls below 99.9% in a given calendar month, Customer is entitled, on written request submitted within thirty (30) days of month-end, to service credits applied against the next invoice: 10% of one month's Fees for <99.9%; 25% for <99.0%; 50% for <95.0%. Service credits are Customer's sole and exclusive remedy for SLA breach.

Scheduled maintenance: Announced at least seventy-two (72) hours in advance, performed in low-traffic windows, capped at four (4) hours per month.

Backup and recovery: Encrypted backups every twenty-four (24) hours, retained thirty (30) days. Recovery Point Objective (RPO) 24 hours; Recovery Time Objective (RTO) 8 hours for severity-1 incidents.

Support response (Cloud): Severity 1 (production down) — 1 business hour. Severity 2 (major impairment) — 4 business hours. Severity 3 (minor) — 1 business day. Severity 4 (question / request) — 2 business days. Business hours are 09:00–18:00 Customer-local on weekdays, excluding Provider's published holidays.

A.3 Sub-processors and hosting

The current sub-processor list is published on v5ultimate.com/security and notified by email to designated Customer contacts at least thirty (30) days before adding a new sub-processor; Customer may object on reasonable grounds within that period.

A.4 Updates

Provider rolls out updates to the Cloud Service continuously and at no additional charge. Material changes that reduce functionality are notified at least sixty (60) days in advance.

Schedule B — On-Premises Term Licence

This Schedule B applies when the Order Form selects V5 Ultimate On-Premises.

B.1 Licence model

Provider grants Customer an annual term licence (not perpetual) to install and operate the On-Premises Software in Customer's own environment, for the user and site counts stated on the Order Form, for the Subscription Term. The licence terminates at the end of the Subscription Term unless renewed; on termination Customer shall uninstall the Software and certify destruction within thirty (30) days. No source code is licensed.

B.2 Delivery and installation

Provider delivers the On-Premises Software as signed OCI / Docker container images via Customer-accessible registry, together with deployment manifests and the current Installation Guide. Customer is responsible for provisioning and operating the underlying infrastructure (compute, storage, network, identity provider, backup, monitoring) to the minimum requirements published in the Installation Guide.

B.3 Updates and maintenance

During the Subscription Term Provider provides, at no additional charge: (a) all minor and major version updates of the On-Premises Software, (b) security patches with severity classifications and recommended deployment windows, (c) updated documentation, and (d) one (1) supported upgrade path from any version released within the prior twenty-four (24) months. Customer is responsible for staging and applying updates in its own environment. Provider supports each released version for twenty-four (24) months from its general-availability date.

B.4 Support response (On-Premises)

Severity 1 (production down) — 2 business hours. Severity 2 (major impairment) — 1 business day. Severity 3 (minor) — 2 business days. Severity 4 (question / request) — 3 business days. Support is provided remotely; on-site support is available under a separate Statement of Work. Because Customer operates the environment, Provider's response obligations apply only to defects reproducible in a supported deployment configuration.

B.5 No SLA on Customer-operated availability

Provider does not warrant uptime of the On-Premises Software because availability depends on Customer's infrastructure, network, identity provider and operations. Provider warrants only that the On-Premises Software, in a supported configuration, will perform materially as documented per Section 10.

B.6 Audit of licence compliance

On thirty (30) days' written notice and no more than once per calendar year, Provider may audit Customer's deployment to verify user / site counts. Audits are conducted during business hours, at Provider's expense, and Customer shall provide reasonable cooperation. If the audit reveals usage exceeding the licensed quantities by more than 5%, Customer shall pay the under-reported Fees plus reasonable audit costs.

B.7 Data, security and validation

For On-Premises deployments, all Customer Data remains within Customer's environment; Provider has no access to Customer Data except as expressly authorised by Customer (e.g. log files Customer provides during a support incident). Validation deliverables (architecture overview, GAMP 5 categorisation, sample IQ/OQ scripts, traceability matrix template) are provided as part of the standard Validation Pack on request.