Cloud Computing Service Agreement

1. Definitions

• “Service” means the MySummitKeep cloud-based troop management platform, including all features, modules, APIs, mobile applications, and related documentation made available by Provider to Customer.
• “Customer Data” means all data, information, and materials submitted, uploaded, or transmitted by Customer or its Authorized Users to the Service, including but not limited to scout records, troop information, event data, advancement records, and health forms.
• “Authorized Users” means individuals authorized by Customer to access the Service under Customer’s account, including but not limited to Scoutmasters, Assistant Scoutmasters, troop committee members, parents/guardians, and scouts as designated by the Customer’s administrative settings.
• “Subscription Term” means the period during which Customer has paid for and is authorized to access the Service, as specified in the applicable Order Form or subscription confirmation.
• “Order Form” means any ordering document, online subscription page, or written agreement referencing this Agreement that specifies the Service plan, fees, Subscription Term, and other commercial terms.

2. Service Provision

2.1 Grant of Access

Subject to the terms of this Agreement and payment of applicable fees, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Service during the Subscription Term solely for Customer’s internal troop management purposes in connection with Scouting America (Boy Scouts of America) programs.

2.2 Service Level

Provider shall use commercially reasonable efforts to maintain Service availability of 99.5% measured on a monthly basis, excluding scheduled maintenance windows. Provider shall provide reasonable advance notice of scheduled maintenance. In the event Provider fails to meet this Service Level, Customer’s sole remedy shall be a service credit as set forth in the applicable Service Level Agreement, if any.

2.3 Support

Provider shall provide Customer with technical support as described in the applicable support plan. Standard support includes email-based support during Provider’s regular business hours with a target initial response time of one (1) business day.

2.4 Updates and Modifications

Provider may, from time to time, update, modify, or enhance the Service. Provider shall not materially diminish the core functionality of the Service during a paid Subscription Term. Provider shall provide reasonable notice of material changes.

3. Customer Responsibilities

3.1 Account Management

Customer is responsible for maintaining the confidentiality of its account credentials and for all activities that occur under its account. Customer shall immediately notify Provider of any unauthorized use of its account.

3.2 Authorized Users

Customer shall ensure that all Authorized Users comply with the terms of this Agreement and the Acceptable Use Policy. Customer is responsible for the acts and omissions of its Authorized Users. Customer shall promptly deactivate access for any Authorized User who no longer requires access.

3.3 Data Accuracy

Customer is solely responsible for the accuracy, quality, integrity, and legality of Customer Data and the means by which Customer acquired such data. Customer represents and warrants that it has obtained all necessary consents and authorizations required to upload and process Customer Data through the Service.

3.4 Compliance with Laws

Customer shall use the Service in compliance with all applicable laws, regulations, and third-party rights, including but not limited to laws governing data protection, privacy, the protection of minors, and youth organization requirements.

3.5 Minors’ Data

To the extent Customer uploads data relating to individuals under the age of thirteen (13), Customer represents and warrants that it has obtained verifiable parental consent as required by the Children’s Online Privacy Protection Act (“COPPA”) and any applicable state laws. Provider acts as a service provider to Customer and relies on Customer’s representations regarding consent.

4. Fees and Payment

4.1 Fees

Customer shall pay all fees specified in the applicable Order Form or subscription confirmation. All fees are quoted in United States Dollars unless otherwise specified.

4.2 Payment Terms

Fees are due in advance on the first day of each billing period (monthly or annually, as selected). If Customer fails to pay any amount when due, Provider may suspend access to the Service upon fifteen (15) days’ written notice.

4.3 Taxes

All fees are exclusive of applicable taxes. Customer shall be responsible for all sales, use, and similar taxes imposed on the Service, excluding taxes based on Provider’s income.

4.4 Refunds

Prepaid fees are non-refundable except as expressly set forth in this Agreement or as required by applicable law.

5. Data Protection and Security

5.1 Data Ownership

As between Provider and Customer, Customer retains all right, title, and interest in and to Customer Data. Provider acquires no rights in Customer Data except the limited rights necessary to provide the Service.

5.2 Data Use

Provider shall process Customer Data solely for the purpose of providing and improving the Service. Provider shall not sell, rent, or otherwise commercially exploit Customer Data. Provider may use aggregated, anonymized, and de-identified data that does not identify Customer or any individual for product improvement, analytics, and benchmarking purposes.

5.3 Security Measures

Provider shall implement and maintain commercially reasonable administrative, technical, and physical security measures designed to protect Customer Data against unauthorized access, disclosure, alteration, or destruction. Such measures shall include, at a minimum:

• Encryption of data in transit using TLS 1.2 or higher.
• Encryption of data at rest using AES-256 or equivalent.
• Zero-knowledge encryption architecture for designated sensitive data fields (including health data).
• Role-based access controls aligned with the Scouting America organizational hierarchy.
• Regular vulnerability assessments and security testing.
• Employee security awareness training.
• Incident response and breach notification procedures.

5.4 Data Location

Customer Data shall be stored and processed within the United States. Provider shall not transfer Customer Data outside the United States without Customer’s prior written consent.

5.5 Data Return and Deletion

Upon termination or expiration of this Agreement, Customer may export its Customer Data using the Service’s data export features for a period of 30 days. After such period, Provider shall delete Customer Data from its systems within 60 days, except as required by law or to comply with legal obligations.

6. Intellectual Property

6.1 Provider IP

Provider retains all right, title, and interest in and to the Service, including all software, technology, algorithms, interfaces, documentation, and other intellectual property. This Agreement does not convey to Customer any ownership interest in the Service.

6.2 Feedback

If Customer provides suggestions, enhancement requests, or other feedback regarding the Service, Provider may use such feedback without restriction or obligation.

7. Confidentiality

Each Party (the “Receiving Party”) shall maintain in confidence all non-public information disclosed by the other Party (the “Disclosing Party”) that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information (“Confidential Information”). The Receiving Party shall not use the Disclosing Party’s Confidential Information for any purpose outside the scope of this Agreement and shall not disclose such information to any third party except as necessary to perform its obligations under this Agreement, subject to obligations of confidentiality no less protective than those set forth herein.

8. Representations and Warranties

8.1 Mutual Representations

Each Party represents and warrants that: (a) it has the legal power and authority to enter into this Agreement; and (b) this Agreement constitutes a valid and binding obligation of such Party, enforceable in accordance with its terms.

8.2 Provider Warranty

Provider warrants that the Service will perform materially in accordance with the applicable documentation during the Subscription Term. Customer’s sole remedy for breach of this warranty shall be, at Provider’s option, repair or replacement of the non-conforming Service or a pro-rata refund of prepaid fees for the affected period.

8.3 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE SERVICE IS PROVIDED “AS IS” AND PROVIDER DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, ARISING OUT OF OR RELATED TO THIS AGREEMENT, REGARDLESS OF THE THEORY OF LIABILITY.

EXCEPT FOR OBLIGATIONS UNDER SECTION 7 (CONFIDENTIALITY) AND SECTION 10 (INDEMNIFICATION), EACH PARTY’S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO PROVIDER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING THE CLAIM.

10. Indemnification

10.1 Provider Indemnification

Provider shall defend, indemnify, and hold harmless Customer from and against any third-party claim alleging that the Service, as provided by Provider and used in accordance with this Agreement, infringes any United States patent, copyright, or trademark, or misappropriates any trade secret.

10.2 Customer Indemnification

Customer shall defend, indemnify, and hold harmless Provider from and against any third-party claim arising from: (a) Customer Data; (b) Customer’s breach of this Agreement; or (c) Customer’s violation of applicable law.

11. Term and Termination

11.1 Term

This Agreement commences on the Effective Date and continues for the initial Subscription Term specified in the Order Form. Thereafter, the Agreement shall automatically renew for successive periods equal to the initial Subscription Term unless either Party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.

11.2 Termination for Cause

Either Party may terminate this Agreement upon written notice if the other Party: (a) materially breaches this Agreement and fails to cure such breach within thirty (30) days of written notice; or (b) becomes the subject of a petition in bankruptcy or any proceeding relating to insolvency.

11.3 Survival

Sections 5 (Data Protection), 6 (Intellectual Property), 7 (Confidentiality), 8.3 (Disclaimer), 9 (Limitation of Liability), 10 (Indemnification), and 12 (General) shall survive any termination or expiration of this Agreement.

12. General Provisions

• Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of laws provisions.
• Dispute Resolution. Any dispute arising under this Agreement shall be resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules, with arbitration conducted in Hillsborough County, Florida.
• Entire Agreement. This Agreement, together with all Order Forms, the Acceptable Use Policy, Privacy Policy, and BAA (if applicable), constitutes the entire agreement between the Parties regarding its subject matter.
• Severability. If any provision of this Agreement is held unenforceable, the remaining provisions shall remain in full force and effect.
• Assignment. Neither Party may assign this Agreement without the other Party’s prior written consent, except in connection with a merger, acquisition, or sale of substantially all assets.
• Force Majeure. Neither Party shall be liable for delays or failures in performance resulting from circumstances beyond the Party’s reasonable control.
• Notices. All notices shall be in writing and sent to the addresses specified in the Order Form, or by email to the contact addresses on file. Notices to Provider shall be sent to support@mysummitkeep.com.