The URL can be used to link to this page

Home My WebLink About064470 - General - Contract - Acid Remap, LLCCSC No. 64470 ADDENDUM TO SUBSCRIPTION AGREEMENT BETWEEN THE CITY OF FORT WORTH AND ACID REMAP, LLC This Addendum to the Subscription Agreement ("Addendum") is made and entered into by and between the City of Fort Worth ("City,") a Texas home rule municipality, and Acid Remap, LLC ("Vendor,") collectively the "parties." The Agreement documents shall include the following: 1. The Subscription Agreement; 2. The City of Fort Worth Addendum; 3. Exhibit A — Acid Remap Data Security Agreement; and 4. Exhibit B — Acid Remap Budgetary Quote. Notwithstanding any language to the contrary in the attached Subscription Agreement, including any schedules attached thereto, (collectively referred to herein as the "Agreement;" defined terms not otherwise descried in this Addendum shall take the meanings given them in the Agreement), the parties stipulate by evidence of execution of this Addendum below by a representative of each party duly authorized to bind the parties hereto, that the parties hereby agree that the provisions in this Addendum below shall be applicable to the Agreement as follows: 1. Term. The initial term of this Agreement is for one (1) year, beginning on the date that this Agreement is executed by the City's Assistant City Manager ("Effective Date"), unless terminated earlier in accordance with this Agreement ("Initial Term"). This Agreement may be renewed for an unlimited number of one-year renewals at the City's option, each a "Renewal Term." The City shall provide Vendor with written notice of its intent to renew at least thirty (30) days prior to the end of each term. Upon the Effective Date, this Agreement shall supersede and replace in its entirety that certain agreement identified as City Secretary Contract No. 63687, and the parties acknowledge and agree that City Secretary Contract No. 63687 shall be of no further force or effect. 2. Compensation. The City shall pay Vendor an annual amount not to exceed One Hundred Thousand Dollars ($100,000.00) in accordance with the provisions of this Agreement. Vendor shall not perform any additional services for the City not specified by this Agreement unless the City requests and approves in writing the additional costs for such services. The City shall not be liable for any additional expenses of Vendor not specified by this Agreement unless the City first approves such expenses in writing. City agrees to pay all invoices of Vendor within thirty (30) days of receipt of such invoice. Vendor may charge interest on late payments not to exceed one percent (1%). OFFICIAL RECORD CITY SECRETARY FT. WORTH, TX Addendum Page 1 of 12 3. Termination. a. Convenience. Either City or Vendor may terminate the Agreement at any time and for any reason by providing the other party with 60 days written notice of termination. b. Breach. If either parry commits a material breach of the Agreement, the non - breaching Party must give written notice to the breaching party that describes the breach in reasonable detail. The breaching party must cure the breach ten (10) calendar days after receipt of notice from the non -breaching party, or other time frame as agreed to by the parties. If the breaching parry fails to cure the breach within the stated period of time, the non -breaching party may, in its sole discretion, and without prejudice to any other right under the Agreement, law, or equity, immediately terminate the Agreement by giving written notice to the breaching parry. C. Fiscal Funding Out. In the event no funds or insufficient funds are appropriated by City in any fiscal period for any payments due hereunder, City will notify Vendor of such occurrence and the Agreement shall terminate on the last day of the fiscal period for which appropriations were received without penalty or expense to the City of any kind whatsoever, except as to the portions of the payments herein agreed upon for which funds have been appropriated. d. Duties and Obligations of the Parties. In the event that the Agreement is terminated by City for breach or by Vendor for convenience prior to the Expiration Date, City shall pay Vendor for services actually rendered up to the effective date of termination and Vendor shall continue to provide City with services requested by City and in accordance with the Agreement up to the effective date of termination; no refunds shall be made in the event the Agreement is terminated by City for convenience. In the event Vendor has received access to City information or data as a requirement to perform services hereunder, Vendor shall return all City provided data to City in a machine readable format or other format deemed acceptable to City. 4. Attorneys' Fees, Penalties, and Liquidated Damages. To the extent the attached Agreement requires either party to pay attorneys' fees for any action contemplated or taken, or penalties or liquidated damages in any amount, such terms are hereby deleted from the Agreement and shall have no force or effect. 5. Law and Venue. The Agreement and the rights and obligations of the parties hereto shall be governed by, and construed in accordance with the laws of the United States and state of Texas, exclusive of conflicts of laws provisions. Venue for any suit brought under the Agreement shall be in a court of competent jurisdiction in Tarrant County, Texas. To the extent the Agreement is required to be governed by any state law other than Texas or venue in Tarrant County, City objects to such terms and any such terms are hereby deleted from the Agreement and shall have no force or effect. 6. Linked Terms and Conditions. If the Agreement contains a website link to terms and conditions, the linked terms and conditions located at that website link as of the effective date of the Agreement shall be the linked terms and conditions referred to in the Agreement. To the extent that the linked terms and conditions conflict with any provision of either this Addendum or the Agreement, the provisions contained within this Addendum and the Agreement shall control. If any changes are made to the linked terms and conditions after the date of the Agreement, such changes are hereby deleted and void. Further, if Vendor cannot clearly and sufficiently demonstrate the exact terms and conditions as of the effective date of the Agreement, all of the linked terms and conditions are hereby deleted and void. 7. Insurance. The City is a governmental entity under the laws of the state of Texas and pursuant to Chapter 2259 of the Texas Government Code, entitled "Self -Insurance by Governmental Units," is self -insured and therefore is not required to purchase insurance. To the extent the Agreement requires City to purchase insurance, City objects to any such provision, the parties agree that any such requirement shall be null and void and is hereby deleted from the Agreement and shall have no force or effect. City will provide a letter of self -insured status as requested by Vendor. 8. Sovereign Immunity. Nothing herein constitutes a waiver of City's sovereign immunity. To the extent the Agreement requires City to waive its rights or immunities as a government entity; such provisions are hereby deleted and shall have no force or effect. Nothing herein obligates Vendor to assume any liability or obligations refused by the City by virtue of its sovereign immunity. 9. Limitation of Liability and Indemnity. Vendor agrees the exclusions or limits of liability, as may be stated elsewhere in the Agreement, shall not apply to the City's claim or loss arising from any of the following: (a) Vendor's gross negligence or willful misconduct; (b) Vendor's indemnity obligations, or (c) any other obligations that cannot be excluded or limited by applicable law. To the extent the Agreement, in any way, requires City to indemnify or hold Vendor or any third party harmless from damages of any kind or character, City objects to these terms and any such terms are hereby deleted from the Agreement and shall have no force or effect. 10. IP Indemnification. Vendor agrees to indemnify, defend, settle, or pay, at its own cost and expense, including the payment of attorney's fees, any claim or action against the City for infringement of any patent, copyright, trade mark, service mark, trade secret, or other intellectual property right arising from City's use of the Application, or any part thereof, in accordance with the Agreement, it being understood that the agreement to indemnify, defend, settle or pay shall not apply if the claim arises from(i) the use of a superseded or altered release of the Application if the infringement would have been avoided by the use of a current unaltered release of the Application and City was notified to cease use of the superseded release as a result of a claim of infringement, (ii) the modification of the Application by or on behalf of City, except where such modification was approved in writing by Vendor; provided, that the infringement would not have resulted but for the modification, (iii) the use of the Application other than in accordance with the documentation and this Agreement, or (iv) the use of any materials or information provided to Vendor by City, including, without limitation, City Data, where the infringement would not have occurred but for such use, for which City shall be solely responsible. So long as Vendor bears the cost and expense of payment for claims or actions against the City pursuant to this section 10, Vendor shall have the right to conduct the defense of any such claim or action and all negotiations for its settlement or compromise and to settle or compromise any such claim; however, City shall have the right to fully participate in any and all such settlement, negotiations, or lawsuit as necessary to protect the City's interest, and City agrees to cooperate with Vendor in doing so. In the event City, for whatever reason, assumes the responsibility for payment of costs and expenses for any claim or action brought against the City for infringement arising under the Agreement, the City shall have the sole right to conduct the defense of any such claim or action and all negotiations for its settlement or compromise and to settle or compromise any such claim; however, Vendor shall fully participate and cooperate with the City in defense of such claim or action. City agrees to give Vendor timely written notice of any such claim or action, with copies of all papers City may receive relating thereto. Notwithstanding the foregoing, the City's assumption of payment of costs or expenses shall not eliminate Vendor's duty to indemnify the City under the Agreement. If the Application, or any part thereof, is held to infringe and the use thereof is enjoined or restrained or, if as a result of a settlement or compromise, such use is materially adversely restricted, Vendor shall, at its own expense and as City's sole remedy, either: (a) procure for City the right to continue to use the Application; or (b) modify the Application to make them/it non -infringing, provided that such modification does not materially adversely affect City's authorized use of the Application; or (c) replace the Application with equally suitable, compatible, and functionally equivalent non -infringing Application at no additional charge to City; or (d) if none of the foregoing alternatives is reasonably available to Vendor, terminate the Agreement, subsequent to which termination City may seek any and all remedies available to City under law. 11. Data Breach. Vendor further agrees that it will monitor and test its data safeguards from time to time, and further agrees to adjust its data safeguards from time to time in light of relevant circumstances or the results of any relevant testing or monitoring. If Vendor suspects or becomes aware of any unauthorized access to any financial or personal identifiable information ("Personal Data") by any unauthorized person or third party, or becomes aware of any other security breach relating to Personal Data held or stored by Vendor under the Agreement or in connection with the performance of any services performed under the Agreement or any Statement(s) of Work ("Data Breach"), Vendor shall notify City as quickly as practicable in writing and shall cooperate with City at Vendor's expense to prevent or stop such Data Breach. In the event of such Data Breach, Vendor shall fully and promptly comply with applicable laws, and shall take the appropriate steps to remedy such Data Breach. Vendor will defend, indemnify and hold City, its Affiliates, and their respective officers, directors, employees and agents, harmless from and against any and all claims, suits, causes of action, liability, loss, costs and damages, including reasonable attorney fees, arising out of or relating to any third party claim arising from negligence by Vendor in its performance of its obligations contained in this Section, except to the extent resulting from the acts or omissions of City. All Personal Data to which Vendor has access under the Agreement, as between Vendor and City, will remain the property of City. City hereby consents to the use, processing and/or disclosure of Personal Data only for the purposes described herein and to the extent such use or processing is necessary for Vendor to carry out its duties and responsibilities under the Agreement, any applicable Statement(s) of Work, or as required by law. Vendor will not transfer Personal Data to third parties other than through its underlying network provider to perform its obligations under the Agreement, unless authorized in writing by City. Vendor's obligation to defend, hold harmless and indemnify City shall remain in full effect if the Data Breach is the result of the actions of a third party. All Personal Data delivered to Vendor shall be stored in the United States or other jurisdictions approved by City in writing and shall not be transferred to any other countries or jurisdictions without the prior written consent of City. For clarity, Vendor may use United States based sub -processors without the prior written consent of City. 12. No Mandatory Arbitration. To the extent the Agreement requires mandatory arbitration to resolve conflicts, City objects to these terms and any such terms are hereby deleted from the Agreement and shall have no force or effect. 13. Insurance. Vendor agrees that insurance coverage provided to City by Vendor is sufficient for purposes of the Agreement. 14. No Debt. In compliance with Article 11 § 5 of the Texas Constitution, it is understood and agreed that all obligations of City hereunder are subject to the availability of funds. If such funds are not appropriated or become unavailable, City shall have the right to terminate the Agreement except for those portions of funds which have been appropriated prior to termination. 15. Public Information. City is a government entity under the laws of the State of Texas and all documents held or maintained by City are subject to disclosure under the Texas Public Information Act. To the extent the Agreement requires that City maintain records in violation of the Act, City hereby objects to such provisions and such provisions are hereby deleted from the Agreement and shall have no force or effect. In the event there is a request for information marked Confidential or Proprietary, City shall promptly notify Vendor. It will be the responsibility of Vendor to submit reasons objecting to disclosure. A determination on whether such reasons are sufficient will not be decided by City, but by the Office of the Attorney General of the State of Texas or by a court of competent jurisdiction. 16. Addendum Controlling. If any provisions of the attached Agreement, conflict with the terms herein, are prohibited by applicable law, conflict with any applicable rule, regulation or ordinance of City, the terms in this Addendum shall control. 17. Immigration Nationality Act. Vendor shall verify the identity and employment eligibility of its employees who perform work under the Agreement, including completing the Employment Eligibility Verification Form (I-9). Upon request by City, Vendor shall provide City with copies of all I-9 forms and supporting eligibility documentation for each employee who performs work under the Agreement. Vendor shall adhere to all Federal and State laws as well as establish appropriate procedures and controls so that no services will be performed by any Vendor employee who is not legally eligible to perform such services. VENDOR SHALL INDEMNIFY CITY AND HOLD CITY HARMLESS FROM ANY PENALTIES, LIABILITIES, OR LOSSES DUE TO VIOLATIONS OF THIS PARAGRAPH BY VENDOR, VENDOR'S EMPLOYEES, SUBCONTRACTORS, AGENTS, OR LICENSEES. City, upon written notice to Vendor, shall have the right to immediately terminate the Agreement for violations of this provision by Vendor. 18. No Boycott of Israel. If Vendor has fewer than 10 employees or the Agreement is for less than $100,000, this section does not apply. Vendor acknowledges that in accordance with Chapter 2271 of the Texas Government Code, City is prohibited from entering into a contract with a company for goods or services unless the contract contains a written verification from the company that it: (1) does not boycott Israel; and (2) will not boycott Israel during the term of the contract. The terms "boycott Israel" and "company" shall have the meanings ascribed to those terms in Section 2271 of the Texas Government Code. By signing this Addendum, Vendor certifies that Vendor's signature provides written verification to City that Vendor: (1) does not boycott Israel; and (2) will not boycott Israel during the term of the Agreement. 19. Right to Audit. Vendor agrees that City shall, until the expiration of three (3) years after final payment under the Agreement, have access to and the right to examine any directly pertinent books, documents, papers and records of Vendor involving transactions relating to the Agreement. Vendor agrees that City shall have access during normal working hours to all necessary Vendor facilities and shall be provided adequate and appropriate workspace in order to conduct audits in compliance with the provisions of this section. City shall give Vendor reasonable advance notice of intended audits. 20. Prohibition on Boycotting nergy Companies. Vendor acknowledges that in accordance with Chapter 2276 of the Texas Government Code, the City is prohibited from entering into a contract for goods or services that has a value of $100,000 or more that is to be paid wholly or partly from public funds of the City with a company with 10 or more full-time employees unless the contract contains a written verification from the company that it: (1) does not boycott energy companies; and (2) will not boycott energy companies during the term of the contract. The terms "boycott energy company" and "company" have the meaning ascribed to those terms by Chapter 2276 of the Texas Government Code. To the extent that Chapter 2276 of the Government Code is applicable to this Agreement, by signing this Agreement, Vendor certifies that Contractor's signature provides written verification to the City that Contractor: (1) does not boycott energy companies; and (2) will not boycott energy companies during the term of this Agreement. 21. Prohibition on Discrimination Against Firearm and Ammunition Industries. Vendor acknowledges that except as otherwise provided by Chapter 2274 of the Texas Government Code, the City is prohibited from entering into a contract for goods or services that has a value of $100,000 or more that is to be paid wholly or partly from public funds of the City with a company with 10 or more full-time employees unless the contract contains a written verification from the company that it: (1) does not have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association; and (2) will not discriminate during the term of the contract against a firearm entity or firearm trade association. The terms "discriminate," "firearm entity" and "firearm trade association" have the meaning ascribed to those terms by Chapter 2274 of the Texas Government Code. To the extent that Chapter 2274 of the Government Code is applicable to this Agreement, by signing this Agreement, Vendor certifies that Contractor's signature provides written verification to the City that Contractor: (1) does not have a practice, policy, guidance, or directive that discriminates against a firearm entity or firearm trade association; and (2) will not discriminate against a firearm entity or firearm trade association during the term of this Agreement. 22. Insurance. 1.1. The Vendor shall carry the following insurance coverage with a company that is licensed to do business in Texas or otherwise approved by the City: 1.1.1. Commercial General Liability: 1.1.1.1. Combined limit of not less than $1,000,000 per occurrence; $2,000,000 aggregate; or 1.1.1.2. Combined limit of not less than $1,000,000 per occurrence; $2,000,000 aggregate and Umbrella Coverage in the amount of $4,000,000. Umbrella policy shall contain a follow -form provision and shall include coverage for personal and advertising injury. 1.1.1.3. Defense costs shall be outside the limits of liability. 1.1.2. Statutory Workers' Compensation and Employers' Liability Insurance requirements per the amount required by statute. 1.1.3. Technology Liability (Errors & Omissions) 1.1.3.1. Combined limit of not less than $2,000,000 per occurrence; $4million aggregate or 1.1.3.2. Combined limit of not less than $1,000,000 per occurrence; $2,000,000 aggregate and Umbrella Coverage in the amount of $4,000,000. Umbrella policy shall contain a follow -form provision and shall include coverage for personal and advertising injury. The umbrella policy shall cover amounts for any claims not covered by the primary Technology Liability policy. Defense costs shall be outside the limits of liability. 1.1.3.3. Coverage shall include, but not be limited to, the following: virus; 1.1.3.3.1. Failure to prevent unauthorized access; 1.1.3.3.2. Unauthorized disclosure of information; 1.1.3.3.3. Implantation of malicious code or computer 1.1.3.3.4. Fraud, dishonest or intentional acts with final adjudication language; 1.1.3.3.5. Intellectual Property Infringement coverage, specifically including coverage for intellectual property infringement claims and for indemnification and legal defense of any claims of intellectual property infringement, including infringement of patent, copyright, trade mark or trade secret, brought against the City for use of Deliverables, Software or Services provided by Vendor under this Agreement; 1.1.3.3.6. Technology coverage may be provided through an endorsement to the Commercial General Liability (CGL) policy, a separate policy specific to Technology E&O, or anumbrella policy that picks up coverage after primary coverage is exhausted. Either is acceptable if coverage meets all other requirements. Any deductible will be the sole responsibility of the Vendor and may not exceed $50,000 without the written approval of the City. Coverage shall be claims -made, with a retroactive or prior acts date that is on or before the effective date of this Agreement. Coverage shall be maintained for the duration of the contractual agreement and for two (2) years following completion of services provided. An annual certificate of insurance, or a full copy of the policy if requested, shall be submitted to the City to evidence coverage; and 1.1.3.3.7. Any other insurance as reasonably requested by City. 1.2. General Insurance Requirements: 1.2.1. All applicable policies shall name the City as an additional insured thereon, as its interests may appear. The term City shall include its employees, officers, officials, agents, and volunteers in respect to the contracted services. 1.2.2. The workers' compensation policy shall include a Waiver of Subrogation (Right of Recovery) in favor of the City of Fort Worth. 1.2.3. A minimum of Thirty (30) days' notice of cancellation or reduction in limits of coverage shall be provided to the City. Ten (10) days' notice shall be acceptable in the event of non-payment of premium. Notice shall be sent to the Risk Manager, City of Fort Worth, 1000 Throckmorton, Fort Worth, Texas 76102, with copies to the City Attorney at the same address. 1.2.4. The insurers for all policies must be licensed and/or approved to do business in the State of Texas. All insurers must have a minimum rating of A- VII in the current A.M. Best Key Rating Guide, or have reasonably equivalent financial strength and solvency to the satisfaction of Risk Management. If the rating is below that required, written approval of Risk Management is required, which such approval may waive any of the conditions set forth in this Section 22. 1.2.5. Any failure on the part of the City to request required insurance documentation shall not constitute a waiver of the insurance requirement. 1.2.6. Certificates of Insurance evidencing that the Vendor has obtained all required insurance shall be delivered to and approved by the City's Risk Management Division prior to execution of this Agreement. (signature page follows) [Executed effective as of the date signed by the Assistant City Manager below.] / [ACCEPTED AND AGREED:] City: �By: Dianna 2509:45:18 CST) Name: Dianna Giordano Title: Assistant City Manager Date: 12/16/2025 Acid Remap, LLC By: Name: Ben'amin Powers Title: Chief Operating Date: December 5, 2025 CITY OF FORT WORTH INTERNAL ROUTING PROCESS: Approval Recommended: By: Name: Kevin Gunn Title: Director, IT Solutions Approved as to Form and Legality: By: e� Name: Taylor Paris Title: Sr. Assistant City Attorney Contract Authorization: M&C: N/A Approval Date: N/A Form 1295: N/A Contract Compliance Manager: By signing I acknowledge that I am the person responsible for the monitoring and administration of this contract, including ensuring all performance and reporting requirements. By • Pe1 Ri c 8, 2025 12:53:01 CST)8, 2025 12:53:01 CST) Name: Pete Rizzo Title: Sr. IT Solutions Manager City Secretary: oovvan .044 FORT ��. 0100000000��d�d By: VV v°�o Name: Jannette Goodall 0 o =� � � 000 *� Title: City Secretary o 0 aaa �'EXA5o4a OFFICIAL RECORD CITY SECRETARY FT. WORTH, TX Exhibit A Acid Remap Data Security Agreement (Attached) DATA SECURITY AGREEMENT This Data Security Agreement (this "Agreement") dated as of the date first set forth above, is made by and between City of Fort Worth ("Client"), and Acid Remap LLC ("Acid Remap"). Client and Acid Remap may be collectively referred to herein as the "parties." The parties agree as follows: 1. Definitions. These terms shall be defined as follows: a. "Client Data" is any and all data that the Client has disclosed to Acid Remap. For the purposes of this Agreement, Client Data does not cease to be Client Data solely because it is transferred or transmitted beyond the Client's immediate possession, custody, or control. b. A "Data Breach" is the unauthorized access and acquisition of computerized data that materially compromises the security of confidential and/or sensitive personal information maintained by the Client as part of a fact base of distinctive information regarding a range of individuals and/or that leads to a breach and/or the Client has sufficient reason to believe will lead to loss or injury to any Client's properties. c. The "Subscription Agreement" is that certain Subscription Agreement by and between the parties dated upon execution, as it may be amended and renewed from time to time. d. The System is the range of equipment that provides the services set forth in the Subscription Agreement. This may consist of a distinct set of knowledge resources such as a server, software, storage devices arranged for the assembly, processing, treatment, application, sharing, dissemination, or constitution of information. 2. Data Security Requirements. In the performance of its obligations under that certain Subscription Agreement, Acid Remap may engage in activities that are subject to various (a) federal, state and local data security laws, rules and other binding legal authorities; (b) generally recognized and published data or other information security standards and best practices; and (c) the Security Controls set forth in Schedule A attached hereto and incorporated by reference herein ((a)-(c) collectively, "Data Security Requirements"). Acid Remap represents that it currently is, and, for so long as Acid Remap engages in activities in connection with the Subscription Agreement that are subject to the Data Security Requirements, Acid Remap shall remain (and shall ensure that its directors, officers, employees, contractors and agents remain), in compliance with such Data Security Requirements in all respects, except as otherwise agreed by the parties and set forth in Schedule A. Except as otherwise expressly set forth in the Subscription Agreement, the cost of compliance with Data Security Requirements hereunder shall be borne solely by Acid Remap and/or its agents and subcontractors as applicable, and not by Client. Measures Undertaken by Acid Remap. To comply with the Data Security Requirements, Acid Remap shall, among other measures: a. Limit administrative access to the System; b. Limit remote access to the System; c. Withdraw or dismantle applications and services that are not needed for the proper regulation of the System; d. Use official accounts and not shared accounts; e. Use standard industry -compliant services for substantiation and authorization; and £ Facilitate an appropriate level of audit and log for the system and its applications. 4. Data Breach. If Acid Remap becomes aware that Client Data may have been accessed, disclosed, or acquired without proper authorization and contrary to the terms of this Agreement, Acid Remap shall promptly notify the Client, which notice shall be within three (3) business days, and shall process measures to preserve forensic evidence and eliminate the cause of the Data Breach. Acid Remap shall diligently work to correct any Data Breach and shall provide the Client information reasonably necessary to enable the Client to understand the nature and scope of the Data Breach. Upon request, Acid Remap shall provide Client information about what Acid Remap has done or plans to do to mitigate any deleterious effect of the unauthorized use or disclosure of, or access to, Client Data. If a Data Breach requires Acid Remap's assistance in reinstalling or redeploying software, such assistance shall be provided at no cost to the Client. 5. Malicious Code. Acid Remap agrees that, to the best of its knowledge, the System does not contain any code or mechanism that collects personal information or maintains control of the System without the Client's permission or such action which may restrict the Client's access to or use of Client Data. Acid Remap further warrants that it will not knowingly introduce, via any means, spyware, adware, ransomware, rootkit, keylogger, virus, trojan, worm, or other code or mechanism designed to permit unauthorized access to Client Data, or which may restrict Client's access to or use of Client Data. 6. Reports of Violation. Acid Remap shall (i) promptly report to Client any privacy or information security complaint made by any person or entity related to Acid Remap's services (or those of its agents or subcontractors) under the Subscription Agreement and (ii) to the extent Acid Remap's obligations are not otherwise explicitly set forth in this Agreement. promptly report, and thereafter promptly investigate and use professional industry standard efforts to prevent or mitigate the effects of, suspected or actual violations of this Agreement or the Data Security Requirements by Acid Remap or its or its directors, officers, employees, contractors or agents of which Acid Remap has knowledge. 7. Compelled Disclosure. IfAcid Remap is served with any subpoena, discovery request, court order, or other legal request or command that calls for disclosure of any Client Data, Acid Remap shall promptly notify the Client in writing and reasonably cooperate with Client in any effort, taken at Client's expense, to obtain a court order or take any other action to prevent or otherwise limit the scope of the disclosure of Client Data. 8. Indemnification. a. Notwithstanding anything to the contrary in the Subscription Agreement, Acid Remap shall indemnify and hold harmless Client and its parent(s), its affiliates, subsidiaries, directors, officers, employees and agents from and against any claims, damages, fees, fines, penalties, liabilities, injuries, expenses (including reasonable attorney's fees and costs) or losses arising directly or indirectly from or in connection with any material violation of this Agreement arising out of the gross negligence or willful misconduct of Acid Remap, or its directors, officers, employees, contractors or agents acting on its behalf. b. Client shall give Acid Remap: (a) written notice within a reasonable time after Client is served with legal process in an action asserting such claims, provided that the failure or delay to notify Acid Remap shall not relieve Acid Remap from any liability that it may have to Client hereunder except to the extent the failure or delay unreasonably prejudiced the defense of such claim; (b) reasonable assistance in defending the claim; and (c) sole authority to settle such claim. c. This Section 8 shall survive for a period of five (5) years following the termination or expiration of this Agreement and the Subscription Agreement. 9. Limitation of Liability. a. EXCEPT FOR A CLAIM FOR INDEMNIFICATION MADE PURSUANT TO PARAGRAPH 8, IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE WHATSOEVER, INCLUDING WITHOUT LIMITATION, LOSS OF PROFITS OR OTHER ECONOMIC LOSS, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. b. This Section 9 shall survive the termination or expiration of this Agreement and the Subscription Agreement. 10. General Provisions. The following general provisions shall apply to this Agreement. a. Unless explicitly stated otherwise, the obligations of Acid Remap under this Agreement shall terminate upon the termination or expiration of the Subscription Agreement. b. Except as set forth in (i) any HIPAA Business Associate Agreement between the parties hereto and (ii) the Subscription Agreement, this Agreement constitutes the entire agreement of the parties on the subject matter hereof, supersedes all prior or contemporaneous agreements and understandings between the parties with respect to such subject matter, and shall control in the event of any conflict between its terms and those of the Subscription Agreement; all other terms of the Subscription Agreement shall remain in full force and effect. c. None of the provisions of this Agreement are intended to create, nor will they be deemed to create, any relationship between the parties other than that of independent parties contracting with each other solely for the purposes of effecting the provisions of this Agreement and the Subscription Agreement. d. No change, waiver or discharge of any liability or obligation hereunder on any one or more occasions shall be deemed a waiver of performance of any other continuing or other obligation, or shall prohibit enforcement of any obligation, on any other occasion. e. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, the remainder of the provisions of this Agreement will remain in full force and effect. f. This Agreement shall be governed by the laws of the State of California as applied to agreements made, entered into and performed entirely in California by California residents. All claims under, or otherwise with respect to, this Agreement shall be brought and maintained in the state and federal courts located in San Francisco, California USA, and the parties hereby expressly consent (and waive any right to otherwise object) to the exclusive venue and jurisdiction of such courts. g. This Section 10 shall survive the termination or expiration of this Agreement and the Subscription Agreement to the extent necessary to enforce those provisions of this Agreement that survive this Agreement's termination. IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the date above. CLIENT: City of Fort Worth By: Di.—Gwd—(D- 16,202509:1:17e5T) Dianna Giordano Assistant City Manager Acid Remap LLC By: Benjamin Powers Chief Operating Officer SCHEDULE A TO DATA SECURITY AGREEMENT SECURITY REQUIREMENTS With respect to Client Data including but not limited to Protected Health Information (PHI), Acid Remap has adopted, implemented, and maintains (and shall ensure that its employees, contractors and agents adopt, implement and maintain) the security controls as described below ("Security Controls"), to: (1) ensure the confidentiality, integrity, and availability of all Client Data Acid Remap accesses, creates, receives, processes, maintains, or transmits on Client's behalf, (2) protect against any reasonably anticipated threats or hazards to the security or integrity of such information; (3) protect against any reasonably anticipated uses or disclosures of such information that are not permitted by applicable law and the Subscription Agreement and the Data Security Agreement; and (4) ensure compliance by its workforce, including its contractors and agents. 1. Maintain a formal information security program, with a named individual responsible for its overall execution. Acid Remap's information security program has executive support and is based on the characteristics of its business. The information security program includes documented security plans, policies, and procedures designed to protect the confidentiality, integrity, and availability of its information assets. Acid Remap maintains staffing and technical resources at an appropriate level to ensure the information security program's plans, policies, procedures, ongoing operations, monitoring, and continuous improvement. 2. Periodically conduct an Information Technology (IT) security risk assessment. As part of the information security program, Acid Remap periodically conducts an IT risk assessment to identify threats and vulnerabilities that may affect the systems that are used to deliver services to Client. Acid Remap prioritizes identified risks based on potential business impact and likelihood of occurrence. Acid Remap develops remediation plans for identified vulnerabilities and prioritizes resources to implement remediation plans based on the prioritization of the associated risks. Risk assessment findings, remediation plans, and exceptions are reviewed and approved by Acid Remap's senior management. Risk assessment is updated periodically or after significant changes to Acid Remap's IT environment. 3. Maintain acceptable security rating. Acid Remap shall provide reasonable assistance to Client's third party risk management consultant to remediate vulnerabilities. Acid Remap will assign a point -of -contact to collaborate with Client on security risk observations detected in the platform that require Acid Remap investigation. Client will bear the costs associated with the review by and access to the third party risk management system. 4. Maintain formal documented instructions for reporting security breaches. Acid Remap maintains documentation for reporting security breaches, and Acid Remap users are trained on the process. If Acid Remap stores, processes, transmits, or accesses Client's PHI, additional breach reporting procedures and timelines may be defined by the Business Associate Agreement (BAA) between Client and Acid Remap. 5. Assess and manage security risks associated with contractors and subcontractors. Acid Remap maintains a program for assessing and managing information security risks associated with its contractors and subcontractors that have physical or logical access to Acid Remap's IT systems and networks. As appropriate, required security requirements should be incorporated into contracts between Acid Remap and its contractors and subcontractors. Contracts between Acid Remap and its contractors and subcontractors will flow down requirements for maintaining any applicable regulatory requirements, such as those for the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA), or the Payment Card Industry Data Security Standard (PCI DSS). 6. Maintain employee on -boarding and off -boarding policies and procedures. Ensure that new employees receive a level of screening appropriate for their roles, including, but not necessarily limited to, professional reference checks and criminal background checks. Require that new employees complete security awareness training, which should include relevant information on HIPAA and the handling of PHI, within 30 days of their hire date. Upon employee termination, ensure that access to Acid Remap's systems and networks (including remote access via VPN) is discontinued in a timely fashion, and any Acid Remap-issued IT assets (e.g., laptops, mobile phones, or portable storage media) are collected and/or wiped prior to the employee's separation from the company. Acid Remap shall ensure that terminated employees are not able to access systems or information related to the delivery of services to Client. 7. Ensure continuing employee awareness of and education on security policies, standards, and procedures. Acid Remap will maintain formal security policies, rules, procedures, and instructions for continued security awareness and education. Acid Remap will provide formal training on these policies to all employees and contract staff at a minimum frequency of once annually. 8. Evaluate and install security patches in a timely fashion. Acid Remap will maintain formally documented security patch management procedures. Acid Remap will evaluate, test, and install security patches based on a risk -based schedule prioritized by the Common Vulnerability Scoring System (CVSS) score, or a functionally equivalent approach. Security patches identified as a high priority, generally those that address vulnerabilities with a CVSS base score of 7.0 to 10.0, should be installed with 30 calendar days of release, including any system reboots that may be necessary to fully install the patch. Acid Remap will maintain a formal exception management process to review and address risks associated with high priority patches that cannot be installed during this window. 9. Protect systems against self -propagating malware. Endpoint security software is installed and maintained on all Acid Remap workstations and servers. The software will be properly configured and maintained with an up-to-date scan engine and anti -virus definition files. Endpoint security software will be configured to periodically perform an automated full scan of the system, as well as to actively scan incoming and outgoing network traffic (e.g., through email or web browsing) for viruses. Endpoint security software may be omitted from systems that are not commonly affected by malware (e.g., mainframes) based on Acid Remap's formal, documented risk assessment of those system. 10. Use standardized secure build processes to harden servers, workstations, laptops, and other network devices against attack. Acid Remap has policies and procedures in place for building all systems, including servers, workstations, laptops, mobile devices, and network devices, in a manner that hardens them against attacks. Secure build procedures should disable or remove unnecessary network services, applications, and data from systems before placing them into production use. 11. Use of non -US service providers and/or data center facilities is prohibited unless approved in writing by Client. Client reserves the right to terminate this Agreement if Acid Remap makes use of unapproved non -US service providers or data center facilities. 12. Maintain secure coding policies and practices. If Acid Remap develops software to provide services to Client, Acid Remap has implemented policies and procedures for secure coding practices based on industry standards, such as the Open Web Application Security Project (OWASP). Developers employed directly and indirectly by Acid Remap maintain awareness of security vulnerabilities and pursue professional training through qualified resources. Acid Remap is responsible for performing initial code testing to identify common security flaws. Manual application vulnerability tests and/or automated web application vulnerability scanning tools and/or mobile app code review tools may be used. Acid Remap will work with Client to outline long-term testing and maintenance responsibilities as part of the development life -cycle. 13. Access Client's network using Client approved secure remote access. Acid Remap shall only access Client's network using Client provided solutions. Access should occur on an as needed basis through use of Client's standard remote access protocols. Remote and onsite Acid Remap access should have access to minimum necessary information. All Acid Remap activities while accessing Client systems may be monitored by Client. Acid Remap accounts must be registered in Client's Acid Remap tracking tool. Exhibit B Acid Remap Budgetary Quote (Attached) Schedule A Description of product or service Period Fee USD Distribution and updates of the City of Forth Worth OMD protocols in a free -for - providers custom -branded OMD-only mobile app, derived from Paramedic Protocol Provider, on the Apple App Store (via B2B VPP) and Google Play for a term of 3 2/1 /26- ear s , and for an agency of up to 2500 staff under the Enterprise model of service. 1/31/27 $20,000 providers custom -branded OMD-only mobile app, derived from Paramedic Protocol 2/1/27- Provider, on the Apple App Store via 13213 VPP and Google Play fora term of 3 1/31/28 $20,000 Distribution and updates of the City of Forth Worth OVID protocols in a free -for - providers custom -branded OMD-only mobile app, derived from Paramedic Protocol Provider, on the Apple App Store (via B2B VPP) and Google Play for a term of 3 2/1 /28- ear s , and for an agency of up to 2500 staff under the Enterprise model of service. 1/31 /29 $20,000 Total contract amount 3 years $60,000 FORT WORTH. City Secretary's Office Contract Routing & Transmittal Slip Contractor's Name: Acid Remap, LLC Subject of the Agreement New Agreement with Acid Remap, LLC M&C Approved by the Council? * Yes ❑ No 8 If so, the M&C must be attached to the contract. Is this an Amendment to an Existing contract? Yes ❑ No 8 If so, provide the original contract number and the amendment number. Is the Contract "Permanent"? *Yes ❑ No 8 If unsure, see back page for permanent contract listing. Is this entire contract Confidential? *Yes ❑ No 8 If only specific information is Confidential, please list what information is Confidential and the page it is located. Effective Date: If different from the approval date. Expiration Date: If applicable. Is a 1295 Form required? * Yes ❑ No 8 *If so, please ensure it is attached to the approving M&C or attached to the contract. Project Number: If applicable. *Did you include a Text field on the contract to add the City Secretary Contract (CSC) number? Yes 8 No ❑ Contracts need to be routed for CSO processing in the following _ order: rder: 1. Katherine Cenicola (Approver) 2. Jannette S. Goodall (Signer) 3. Allison Tidwell (Form Filler) *Indicates the information is required and if the information is not provided, the contract will be returned to the department.