Z7 Solutions LLC · Legal
The master terms for paid Z7 Solutions engagements. Every Z7 Statement of Work references these Terms.
Plain-English summary (not legally binding)
The master terms behind any paid Z7 engagement: how work is ordered, who owns what, our security and compliance posture, and the limits on our liability. Accepting an SOW that references these Terms forms a binding contract. This summary is for convenience and is not part of the contract.
These Statement of Work Terms of Business (the “Terms“) govern all professional, advisory, engineering, managed, and implementation services that Z7 Solutions LLC provides to a client under a Statement of Work, quote, order form, or proposal that references these Terms. By signing a Statement of Work, accepting a quote, creating an account, issuing a purchase order against a Z7 quote, or paying a Z7 invoice, the client expressly accepts and agrees to be bound by these Terms, and acceptance forms a binding contract.
These Terms are written to serve sophisticated and regulated clients, including legal, defense, federal, state, and local government, education, healthcare, financial services, and critical infrastructure organizations. Schedules at the end of these Terms apply additional obligations where the engagement, the data, or the client type triggers them.
1.1 “Z7,” “we,” “us,” or “our” means Z7 Solutions LLC, a Florida limited liability company with its principal place of business at 7380 W Sand Lake Rd, Suite 500-110, Orlando, FL 32819.
1.2 “Client,” “you,” or “your” means the organization identified on the applicable Statement of Work.
1.3 “Statement of Work” or “SOW” means any Z7 quote, order form, proposal, or statement of work that describes Services and references these Terms, together with any schedules or exhibits attached to it.
1.4 “Services” means the work Z7 performs as described in an SOW.
1.5 “Deliverables” means the reports, configurations, documentation, designs, code, or other work product that Z7 delivers to Client under an SOW.
1.6 “Client Data” means data, content, and materials that Client or its users provide to Z7, or that Z7 accesses or processes in performing the Services.
1.7 “Confidential Information” means non-public information disclosed by one party to the other that is marked confidential or that a reasonable person would understand to be confidential given its nature and the circumstances of disclosure.
1.8 “Policy Documents” means the Product and Resale Terms, the Service Level Agreement, the Acceptable Use Policy, the Privacy Policy, the Data Processing Addendum, and any Business Associate Agreement, each as referenced in Section 3 and as updated from time to time.
1.9 “Effective Date” means the date Client first signs or accepts an SOW that references these Terms.
1.10 “Third-Party Products” means software, hardware, cloud services, or subscriptions provided by parties other than Z7 that are resold, provisioned, integrated, or relied upon in delivering the Services.
2.1 These Terms govern the overall relationship. Each SOW describes the specific Services, Deliverables, fees, and timeline for one engagement and is incorporated into and governed by these Terms.
2.2 In the event of a conflict, the documents control in the following order of precedence, from highest to lowest: (a) a separately negotiated and mutually signed master agreement, if one exists between the parties; (b) the applicable Schedule to these Terms that is triggered by the engagement; (c) the body of the SOW for the specific conflicting point; (d) these Terms; (e) the Policy Documents. A term that provides greater protection for Client Data or that is required by applicable law controls over a less protective term to the extent of the legal requirement.
2.3 Pre-printed or standard terms on a Client purchase order, vendor portal, supplier registration, or click-through that conflict with these Terms are rejected and have no effect, unless expressly accepted in writing by an authorized officer of Z7.
The following are incorporated by reference: the Product and Resale Terms at z7solutions.com/product-and-resale-terms, which govern Client’s purchase of hardware, software licenses, cloud subscriptions, and other Products; the Service Level Agreement at z7solutions.com/sla; the Acceptable Use Policy at z7solutions.com/aup; the Privacy Policy at z7solutions.com/privacy-policy; the Data Processing Addendum at z7solutions.com/data-processing-addendum, which applies when Z7 processes personal data on Client’s behalf; and a Business Associate Agreement, signed separately when Client is a HIPAA Covered Entity or Business Associate. Among the Policy Documents, where they conflict for the matter each governs, the order is: the Business Associate Agreement for Protected Health Information, then the Data Processing Addendum for Personal Data, then the Service Level Agreement for service levels, then the Product and Resale Terms for Products, then the Acceptable Use Policy, then the Privacy Policy.
4.1 Scope. Z7 will perform the Services described in each SOW in a professional and workmanlike manner consistent with prevailing industry standards. Services not expressly listed in an SOW are out of scope.
4.2 Out-of-Scope Work. Any request outside the defined scope requires: (a) written acknowledgment that the task is out of scope; (b) mutual agreement on approach and estimated effort; and (c) Client approval before execution. Z7 reserves the right to defer or decline out-of-scope work until formally authorized. Approved out-of-scope work is billable at Z7’s then-current time-and-materials rates unless the SOW states otherwise.
4.3 Service Hours. Standard hours are 8:00 a.m. to 6:00 p.m. Eastern Time, Monday through Friday, excluding US federal holidays. After-hours, weekend, and holiday work is billable at the rates in the SOW or, if unstated, at 1.5 times standard time-and-materials rates.
4.4 Performance Standards and Service Levels. Specific response and resolution targets, where applicable, are set in the SLA. Service credits, where offered, are described in the SLA and are Client’s sole and exclusive financial remedy for a failure to meet a service level, except for any chronic-failure termination right stated in the SLA. Service credits do not stack with the warranty remedy in Section 11.2.
4.5 Subcontractors. Z7 may use qualified subcontractors. Z7 remains responsible for subcontractor performance and ensures subcontractors are bound by confidentiality, security, and compliance obligations no less protective than those in these Terms. For engagements involving regulated, controlled, or government data, Z7 will, on Client request, identify subcontractors with access to that data and give Client a reasonable right to object on documented security or compliance grounds, and Z7 will not transfer that data outside the United States or grant access to foreign persons except as permitted in the SOW. Subcontractor personnel handling regulated data are screened as required by the applicable Schedule.
4.6 Third-Party Products. Third-Party Products are governed by their own license and service terms. Z7 passes through manufacturer warranties where permitted and disclaims independent warranties for Third-Party Products beyond that pass-through. The purchase and resale of hardware, software licenses, cloud subscriptions, and other Products are governed by the Product and Resale Terms.
4.7 Z7 Tools and Methods. Z7 retains all rights in its proprietary tools, methods, templates, scripts, frameworks, and know-how, including improvements developed during an engagement. Z7 grants Client a non-exclusive, royalty-free license to use Z7 Deliverables solely for Client’s internal business purposes, subject to full payment.
4.8 AI and Automated Services. Where the Services include artificial intelligence, machine learning, or automated outputs, Client acknowledges that such outputs are probabilistic and may be incomplete or inaccurate. Client is responsible for human review and validation before relying on any AI output for a material, legal, financial, safety, or regulated decision, and will not use the Services to make a high-risk automated decision about an individual without appropriate human oversight. Z7 disclaims any warranty as to the accuracy or fitness of AI outputs. Z7 will not use Client Confidential Information or Client Data to train general-purpose models, except in de-identified form and only as permitted in the SOW. Underlying third-party AI provider terms and acceptable-use policies pass through to Client, and each party will comply with applicable artificial-intelligence laws.
4.9 Suspension for Policy Violation. In addition to suspension for non-payment under Section 6.3, Z7 may suspend Services or a user’s access, in whole or in part, immediately and without prior notice where Z7 reasonably determines that continued operation poses an imminent risk of harm to Z7, the Services, Client, or a third party, or where required by law or to comply with the Acceptable Use Policy. For a violation that does not pose imminent harm, Z7 will give notice and a reasonable opportunity to cure before suspending. Z7 will limit the scope and duration of any suspension to what is reasonably necessary and will restore Services promptly once the cause is resolved. Suspension under this Section does not relieve Client of fee obligations for Services that remain available and is not a termination. Repeated or uncured material violations of the Acceptable Use Policy are a material breach for which Z7 may terminate under Section 7.3.
Client will: (a) provide timely access to systems, personnel, facilities, and information that Z7 reasonably requires; (b) designate a single primary point of contact authorized to approve out-of-scope work and prioritize work; (c) maintain all licenses and subscriptions required to operate Client’s systems, except where Z7 procures licensing on Client’s behalf under an SOW; (d) promptly notify Z7 of any suspected security incident, unauthorized access, or material change in Client’s environment; (e) cooperate with Z7’s reasonable security and architecture recommendations; and (f) use the Services only for lawful purposes and in compliance with the Acceptable Use Policy. Z7’s liability for any loss arising from Client’s failure to implement a reasonable recommendation that Z7 documented in writing is reduced or eliminated to the extent the loss would have been prevented by that recommendation. Ultimate responsibility for system configuration choices, operational decisions, and the Client’s compliance posture remains with the Client.
6.1 Fees. Fees are set in the applicable SOW. Recurring fees are billed monthly in advance unless the SOW states otherwise. One-time and fixed-scope fees are billed on execution, or on the schedule stated in the SOW.
6.2 Payment Terms. Net 15 from invoice date unless the SOW states otherwise. Payment by ACH, wire, or credit card. Credit card payments may incur a processing surcharge to the extent permitted by law.
6.3 Late Payment. Past-due amounts are subject to a late-payment charge at the lesser of 1.5 percent per month or the maximum rate permitted by applicable law. Z7 may suspend Services on any account 30 or more days past due after 7 days written notice. Suspension does not relieve Client of fee obligations. This Section is modified for government Clients as set out in Schedule A.
6.4 Disputed Charges. Client must dispute a charge in writing within 30 days of the invoice date or the charge is deemed accepted. The parties will work in good faith to resolve disputed amounts; undisputed amounts remain payable when due.
6.5 Annual Adjustment. Recurring fees may be adjusted annually on the SOW anniversary by the greater of 5 percent or the increase in the US Consumer Price Index for All Urban Consumers (US City Average) over the prior 12 months, not to exceed 9 percent in any year, with at least 30 days written notice.
6.6 Pass-Through Costs. Manufacturer or vendor price increases on Third-Party Products are passed through at cost plus Z7’s then-current administrative margin, with reasonable notice.
6.7 Taxes. Fees exclude sales, use, value-added, and similar taxes. Client is responsible for all applicable taxes other than taxes on Z7’s net income. Tax-exempt Clients will provide a valid exemption certificate.
7.1 Term. The term of each SOW is stated in the SOW. If unstated, the initial term is 12 months for recurring Services, or runs until completion and acceptance for fixed-scope Services.
7.2 Renewal. Recurring SOWs renew for successive 12-month terms unless either party gives written non-renewal notice at least 60 days before the end of the then-current term. Auto-renewal is modified for government Clients as set out in Schedule A.
7.3 Termination for Cause. Either party may terminate an SOW or these Terms for material breach not cured within 30 days of written notice.
7.4 Termination for Convenience. Client may terminate a recurring SOW for convenience with 90 days written notice and payment of an early-termination fee equal to 50 percent of the remaining recurring fees for the then-current term. Government Clients are governed by Schedule A.
7.5 Effect of Termination. On termination: all fees accrued through the effective date become immediately due; Z7 ceases the Services; Z7 returns or destroys Client Data per Section 8; and provisions that by their nature survive remain in effect, including Sections 1, 4.7, 4.8, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, and 17, and the applicable Schedules.
7.6 Off-Boarding. Z7 will provide reasonable transition assistance at time-and-materials rates. Z7 is not obligated to migrate, re-platform, or rebuild Client systems for a successor provider beyond returning Client Data and reasonable knowledge transfer.
8.1 Ownership. Client retains all right, title, and interest in Client Data. Z7 processes Client Data solely to provide the Services and as instructed by Client.
8.2 Return and Destruction. On written request, Z7 will return Client Data in a commercially reasonable format within 30 days and will then destroy remaining copies, except copies required for legal hold or routine backup retention, which Z7 will continue to protect until deleted in the ordinary course. On request, Z7 will provide written certification of destruction. Residual copies retained for legal hold or routine backup are purged in the normal backup rotation, not to exceed 90 days, and remain protected under Section 8 until purged. Where a Schedule or a Business Associate Agreement requires stricter handling, that requirement controls.
8.3 Confidentiality. Each party will protect the other’s Confidential Information with at least reasonable care, use it only to perform under these Terms, and disclose it only to employees, subcontractors, and advisors with a need to know who are bound by confidentiality obligations. Confidentiality does not apply to information that is publicly known through no fault of the receiving party, rightfully received from a third party without restriction, or independently developed without use of the disclosing party’s information. A party compelled to disclose Confidential Information by law or court order will give prompt notice where legally permitted and disclose only what is required.
8.4 Survival. Confidentiality obligations survive for 5 years after termination, and indefinitely for trade secrets and for any classified, controlled, or regulated data identified in a Schedule.
8.5 Privacy. Where Z7 processes personal data on Client’s behalf, the Data Processing Addendum governs that processing. Privacy obligations specific to particular data types are addressed in the Schedules. To the extent Client Data includes Personal Data as defined in the Data Processing Addendum, that Addendum governs the processing of that Personal Data and controls over this Section to the extent of any conflict.
9.1 Security Program. Z7 maintains administrative, physical, and technical safeguards designed to protect Client Data, with controls aligned to the practices in NIST SP 800-171 and ISO/IEC 27001 and to the CMMC Level 2 control set. Z7’s CMMC posture is self-assessed under DFARS 252.204-7019 and 252.204-7020. Z7 does not hold or represent a third-party (C3PAO) CMMC certification, and does not represent that it holds an ISO 27001 or SOC 2 certification, unless a current certificate or attestation is provided to Client. Any certification or attestation Z7 holds is evidenced only by the corresponding current certificate or report and is not expanded by this Section.
9.2 Incident Notification. Z7 will notify Client of a confirmed security incident affecting Client Data without undue delay after Z7 confirms the incident, and will use commercially reasonable efforts to provide initial notice within 72 hours of confirmation, with the information then reasonably available about the nature of the incident, the data involved, the steps Z7 is taking, and recommended Client actions. The notification period runs from Z7’s confirmation of an incident, not from initial detection or suspicion, and a reasonable delay required to investigate and confirm an incident is not a breach of this Section. Engagement-specific or regulatory notification timelines in a Schedule control where shorter.
9.3 Audit. Once per year on reasonable advance notice, Client may, at Client’s expense, assess Z7’s compliance through a written security questionnaire or by reviewing Z7’s then-current third-party audit reports. Additional audit rights for government and regulated engagements are set in the Schedules. Nothing in this Section limits the legally mandated access of a regulator or government auditor, or the audit and access rights required by an applicable Business Associate Agreement, CJIS Security Addendum, or Schedule, which control over this Section for that engagement.
9.4 Framework-Specific Obligations. Where an engagement involves controlled, regulated, or government data, the applicable Schedule governs handling, safeguarding, reporting, and flow-down obligations and controls over the general language of this Section.
9.5 Breach-Related Costs. Except as an SOW expressly provides otherwise, each party bears its own costs of responding to a security incident, including forensic investigation, legal, public-relations, and breach-notification costs. These response costs are indirect or consequential damages excluded under Section 12.4, and nothing in this Section expands the General Cap or the Super-Cap. Where the parties agree in an SOW that Z7 will fund specified breach-response costs for an engagement, that funding is subject to the Super-Cap in Section 12.2.
10.1 Pre-Existing IP. Each party retains all right, title, and interest in its pre-existing intellectual property.
10.2 Z7 Marks. Z7 and Z7 Solutions and their logos are marks of Z7 Solutions LLC. Each party may reference the other as a customer or vendor only as permitted in Section 17.9.
10.3 Deliverables. Custom Deliverables created exclusively for Client under an SOW become Client’s property on full payment, except that Z7 retains all rights in its pre-existing tools, methods, templates, and frameworks, in general know-how, and in any Deliverable component that is part of Z7’s general product or service offerings. Z7 grants Client a perpetual, non-exclusive license to use those retained components solely as incorporated in the Deliverables for Client’s internal business purposes.
10.4 Government Data Rights. For government Clients, rights in technical data and computer software are limited to the rights expressly granted in the SOW. Absent a contrary written agreement, the government receives no greater than limited rights in technical data and restricted rights in computer software, and Z7 retains all rights not expressly granted, consistent with FAR and DFARS data-rights principles. Details are in Schedule A.
10.5 Feedback. Suggestions and feedback Client provides about Z7’s Services are owned by Z7 without obligation to Client.
11.1 Mutual. Each party warrants that it has authority to enter these Terms and will comply with laws applicable to its performance.
11.2 Service Warranty. Z7 warrants that the Services will be performed in a professional and workmanlike manner consistent with industry standards. Client’s exclusive remedy for breach of this warranty is, at Z7’s option, re-performance of the deficient Services or refund of the fees paid for the deficient Services, provided Client notifies Z7 in writing within 30 days of the deficient performance.
11.3 Security Disclaimer. Z7 implements controls designed to reduce risk in accordance with industry best practices. No security control, configuration, assessment, or service eliminates all risk. Z7 does not warrant that any system will be uninterrupted or error-free, or that the configured controls will prevent all unauthorized access, intrusion, data exfiltration, malware, social engineering, insider misconduct, or compromise. Client remains responsible for end-user conduct, for devices and networks outside Z7’s control, and for acting on Z7’s documented recommendations.
11.4 General Disclaimer. Except as expressly stated in these Terms, Z7 disclaims all warranties, express or implied, including implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
11.5 Beta and Early-Access. Features or services that Z7 designates as beta, preview, early-access, pilot, or evaluation are provided as is, are excluded from the Service Warranty in Section 11.2, the SLA, and any service credits, and may be modified or discontinued at any time.
12.1 General Cap. Except for the Excluded Claims in Section 12.3 and the Super-Cap in Section 12.2, each party’s total cumulative liability arising from or related to these Terms and any SOW is capped at the amounts paid or payable by Client to Z7 under the applicable SOW in the 12 months preceding the event giving rise to the claim. This cap applies regardless of the theory of liability, whether in contract, tort, negligence, strict liability, statute, or otherwise, and notwithstanding the failure of essential purpose of any limited or exclusive remedy.
12.2 Super-Cap for Security and Data Claims. For claims arising from a security incident or from a breach of Z7’s confidentiality or data-security obligations under these Terms or an SOW, including such an incident caused by Z7’s negligent performance of the Services, Z7’s cumulative liability is capped at the greater of two times the amounts paid or payable by Client under the applicable SOW in the 12 months preceding the event, or any higher fixed amount stated in the SOW. Z7 will maintain the cyber liability insurance required by Section 14 to support this obligation. The availability or amount of insurance proceeds neither reduces nor limits Z7’s liability under this Section. This Super-Cap is the sole expansion of the General Cap for such claims.
12.3 Excluded Claims and Indemnity Cap. Sections 12.1 and 12.2 do not limit: (a) Client’s payment obligations; (b) a party’s gross negligence, willful misconduct, or fraud; or (c) liabilities that cannot be limited under applicable law. A party’s indemnification obligations under Section 13, and any claim for infringement or misappropriation of the other party’s intellectual property, are capped at the greater of two times the amounts paid or payable by Client to Z7 under the applicable SOW in the 12 months preceding the claim, or any higher fixed amount stated in the SOW.
12.4 Indirect Damages. Except for the Excluded Claims, neither party is liable for indirect, incidental, special, consequential, punitive, or exemplary damages, including lost profits, lost revenue, loss of data, loss of business, anticipated savings, or loss of goodwill, even if advised of the possibility of such damages.
12.5 Allocation of Risk. Client acknowledges that the fees reflect this allocation of risk and that Z7 would not enter these Terms without these limits.
12.6 Relationship to Website Terms of Use. These Terms govern paid Services engagements and control over the website Terms of Use at z7solutions.com in any conflict concerning the Services. The website Terms of Use, including any lower liability cap stated there, govern only general use of the website and do not limit Z7’s or Client’s rights and obligations under these Terms.
13.1 By Z7. Z7 will defend Client against a third-party claim alleging that the Services, used as authorized, infringe a US patent, copyright, or trademark, and will pay damages finally awarded or amounts Z7 agrees in settlement. Excluded are claims based on Client modifications, combination with non-Z7 products, use after Z7 notice to discontinue, or Client-supplied materials. If the Services become, or in Z7’s opinion are likely to become, subject to an infringement claim, Z7 may at its option and expense procure for Client the right to continue using the affected Services, modify or replace them so they are non-infringing, or, if neither is commercially reasonable, refund the prepaid unused fees for the affected Services and terminate them. This Section states Z7’s entire liability and Client’s exclusive remedy for intellectual-property infringement by the Services. Z7’s liability under this Section is subject to the cap in Section 12.3.
13.2 By Client. Client will defend Z7 against a third-party claim arising from Client Data, including an allegation that Z7’s authorized processing of Client Data infringes a third party’s rights or violates law, from Client’s breach of the Acceptable Use Policy, or from Client’s negligent or willful acts. Client indemnification is modified for government Clients as set out in Schedule A.
13.3 Procedure. The indemnified party will promptly notify the indemnifying party, give it sole control of defense and settlement, and cooperate reasonably at the indemnifying party’s expense. The indemnifying party will not settle a claim in a way that imposes a non-indemnified obligation on the indemnified party without consent.
14.1 Z7 maintains, during the term, commercially reasonable insurance coverage appropriate to its business and the Services, including commercial general liability, professional liability (errors and omissions), and cyber liability insurance, together with workers compensation insurance as required by law. The coverage types and limits Z7 carries are determined by Z7, and specific limits for a particular engagement may be stated in the applicable SOW.
14.2 On reasonable written request, Z7 will provide certificates of insurance. Where an SOW requires, and at Client’s cost for any premium difference, Z7 will name Client as an additional insured on the Commercial General Liability policy, provide a waiver of subrogation, or raise limits, subject to availability on commercially reasonable terms.
During the term of any SOW and for 12 months after, neither party will, without the other’s prior written consent, knowingly solicit for employment or hire an employee or contractor of the other who was materially involved in the Services. This does not restrict general public job postings or hiring a person who responds to one without targeted solicitation. A breaching Client will pay Z7 a placement fee equal to 50 percent of the individual’s first-year total compensation. This Section is modified where prohibited by law for government Clients.
Neither party is liable for delay or failure to perform, other than payment obligations, caused by circumstances beyond its reasonable control, including acts of God, natural disaster, war, terrorism, civil unrest, pandemic, government action, internet or utility failure, labor dispute, or supplier failure. The affected party will use reasonable efforts to mitigate and resume performance. If a force majeure event continues for more than 60 days, either party may terminate the affected SOW on written notice without penalty, and Client remains responsible only for Services performed and accepted through the date of termination.
17.1 Good-Faith Negotiation. The parties will first attempt to resolve a dispute through good-faith negotiation between senior executives, escalated within 15 business days of written notice of the dispute.
17.2 Mediation and Arbitration. If negotiation fails within 30 days, the parties will submit to non-binding mediation in Orange County, Florida under American Arbitration Association rules. A dispute not resolved by mediation will be finally settled by binding arbitration in Orange County, Florida before a single arbitrator under AAA Commercial Rules, and judgment may be entered in any court of competent jurisdiction. Either party may seek injunctive relief in court for breach of confidentiality, intellectual property, or non-solicitation without first mediating or arbitrating. Dispute resolution for government Clients is governed by Schedule A, and nothing in this Section waives a government Client’s sovereign immunity or rights under applicable law.
17.3 Governing Law. These Terms are governed by the laws of the State of Florida without regard to conflict-of-laws principles, except that for a federal government Client these Terms are governed by applicable federal law, and for a state or local government Client the governing law of the Client’s jurisdiction applies to the extent its law requires.
17.4 Attorneys’ Fees. Except where prohibited for a government Client, the prevailing party in a dispute is entitled to recover reasonable attorneys’ fees and costs.
17.5 Independent Contractors. Z7 is an independent contractor. Nothing creates a partnership, joint venture, agency, or employment relationship.
17.6 Assignment. Neither party may assign these Terms without the other’s prior written consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets, and except as restricted by an SOW with a government Client.
17.7 Notices. Notices must be in writing and delivered by hand, certified mail with return receipt, recognized overnight courier, or email to the addresses designated on the SOW. Email notice is effective on the next business day after sending, unless the sender receives a bounce or non-delivery message. A notice of breach or termination sent by email must also be sent by one of the non-email methods.
17.8 Compliance with Laws and Ethics. Each party will comply with applicable laws, including anti-corruption laws such as the US Foreign Corrupt Practices Act, anti-kickback and gratuities rules for government work, and economic-sanctions and export-control laws. Neither party will offer or accept an improper payment or gift in connection with the Services.
17.9 Publicity. Neither party will use the other’s name or marks in marketing without prior written consent, except that either party may include the other in a factual customer or vendor list. Z7 will not publicize a government or legal Client engagement without that Client’s prior written consent.
17.10 No Waiver; Severability; Headings. Failure to enforce a provision is not a waiver. If a provision is unenforceable, the rest remains in effect and the unenforceable provision is reformed to the minimum extent necessary. Headings are for convenience only.
17.11 Entire Agreement. These Terms, the applicable SOWs, the Schedules, and the Policy Documents are the entire agreement on the subject and supersede prior or contemporaneous agreements. Conflicting pre-printed terms on a Client document are rejected.
17.12 Amendments. Amendments to these Terms in a specific engagement must be in a signed SOW or signed writing. Z7 may update these Terms and the Policy Documents prospectively with reasonable notice; if an update materially reduces Client’s rights, Client may terminate the affected SOW for convenience within 30 days of the update without the early-termination fee.
17.13 No Third-Party Beneficiaries. These Terms do not create rights in any person who is not a party, except an indemnified party as expressly provided.
17.14 Counterparts and Electronic Signature. An SOW may be executed in counterparts and by electronic signature, each of which has the same effect as an original.
17.15 Survival. Provisions that by their nature should survive termination do so, including Sections 1, 4.7, 4.8, 6, 8, 9, 10, 11, 12, 13, 14, 15, 16, and 17, and the applicable Schedules.
This Schedule applies when Client is a federal, state, local, tribal, or territorial government entity, or a prime or higher-tier contractor passing government requirements to Z7. Where this Schedule conflicts with the body of these Terms, this Schedule controls for that engagement.
A.1 Commercial Item Terms. Services and Deliverables are offered as commercial products and commercial services. To the extent the engagement is subject to the Federal Acquisition Regulation, the parties intend that FAR 52.212-4, and the clauses in FAR 52.212-5 that apply by operation of law to commercial items, are the baseline, and only mandatory flow-down clauses apply to Z7.
A.2 Flow-Down Clauses. Mandatory flow-down clauses required by the Client’s prime contract or by law apply only to the extent required and only as adapted so that the rights and obligations run between Client and Z7 rather than between the government and the prime. Client will identify in the SOW the specific clauses that flow down. Clauses not identified and not required by law do not apply.
A.3 Availability of Funds. For government Clients, payment obligations are subject to the availability and appropriation of funds. The government Client may terminate or suspend an SOW for non-appropriation on written notice, and is liable only for Services performed and accepted through the effective date of termination.
A.4 Termination for Convenience by Government. A government Client may terminate an SOW for convenience as provided by its governing law or its prime contract. On such termination, Z7 is entitled to payment for Services performed and accepted, plus reasonable termination settlement costs to the extent allowed by the governing authority.
A.5 No Auto-Renewal; Term Limits. Auto-renewal, multi-year commitments, and early-termination fees apply to a government Client only to the extent permitted by its governing law and appropriations. Where prohibited, those provisions are deemed deleted for that engagement.
A.6 Indemnification and Liability by Government. Where a government Client is prohibited by law from indemnifying Z7, agreeing to a liability cap that runs against the government, consenting to binding arbitration, agreeing to attorneys’ fee shifting, or selecting Florida law or venue, those provisions are deemed modified to the minimum extent required by the Client’s governing law, and the engagement otherwise continues in force. Nothing in these Terms waives sovereign immunity.
A.7 Disputes. For a federal prime engagement, disputes are handled under the Contract Disputes Act and the disputes clause of the prime contract. For a state or local government Client, disputes follow the Client’s governing law and the SOW, and the arbitration provision in Section 17.2 applies only if permitted by that law.
A.8 Reps and Certifications. Z7 represents that, as of the Effective Date, it is not debarred, suspended, or proposed for debarment, and is not on any US government exclusion list. Z7 will notify Client if that changes during the term.
A.9 Prohibited Telecommunications and Supply Chain. Consistent with Section 889 of the FY2019 NDAA and related supply-chain rules, Z7 will not knowingly provide covered telecommunications equipment or services as a substantial or essential component of the Services, and will not knowingly use prohibited covered equipment or services in performing for a government Client. Z7 will provide supply-chain information reasonably requested to support the Client’s compliance.
A.10 Labor and Equal Opportunity. Where applicable by law to the engagement, Z7 complies with equal-opportunity, E-Verify, anti-human-trafficking, and service-contract labor requirements that flow down by operation of law.
A.11 Records and Audit. For government engagements, Z7 will retain records related to the Services for the period required by the Client’s governing law or prime contract, and will provide access to the Client and to authorized government auditors to the extent required by law for that engagement.
A.12 Accessibility. Where required for the engagement, Deliverables that are electronic information technology will be designed to conform to Section 508 of the Rehabilitation Act and WCAG 2.1 Level AA or its successor, to the extent specified in the SOW.
A.13 Payment and Pricing for Government Clients. Invoice review, charge disputes, and payment timing for a government Client follow the Prompt Payment Act and the Client’s governing contract rather than Sections 6.3 and 6.4. Pricing is firm for any committed fixed-price period, and the annual adjustment in Section 6.5 applies to a government Client only on renewal and only as permitted by the Client’s governing law and appropriations.
This Schedule applies when the engagement involves Controlled Unclassified Information, Covered Defense Information, or DoD or defense-industrial-base systems.
B.1 Safeguarding. Z7 will provide adequate security for covered information consistent with NIST SP 800-171 and DFARS 252.204-7012, as specified in the SOW.
B.2 Cyber Incident Reporting. Z7 will rapidly report a cyber incident affecting covered information or affected systems, and will support the reporting timelines and content required by DFARS 252.204-7012, including reporting within 72 hours of discovery where that clause applies to the engagement.
B.3 Assessment and SPRS. Where the engagement requires, Z7 will maintain a current NIST SP 800-171 self-assessment and the corresponding Supplier Performance Risk System posture, and will pursue the CMMC level specified in the SOW. Z7 states its CMMC and NIST posture accurately and does not represent a third-party certification it does not hold.
B.4 Cloud Services. Cloud services used to store, process, or transmit covered information will meet the security requirements specified in the SOW, including FedRAMP Moderate baseline or DoD equivalency where required.
B.5 Flow-Down. Z7 will flow down the safeguarding and reporting requirements to subcontractors that handle covered information.
This Schedule applies the obligations below to the corresponding data type when present in an engagement, as specified in the SOW.
C.1 Protected Health Information (HIPAA). Where the Services involve Protected Health Information, the parties will execute a Business Associate Agreement, which governs that data and controls over conflicting terms.
C.2 Education Records (FERPA). For an education Client, Client is the educational agency or institution and Z7 acts as a school official with a legitimate educational interest. Z7 will use education records only to provide the Services, will not re-disclose them except as FERPA permits, and will follow Client instructions on access and disclosure. For a Florida education Client, Z7 will comply with Florida Statutes Sections 1002.221 and 1002.222, including restrictions on use of student data for targeted advertising and on creating non-educational profiles of students.
C.3 Criminal Justice Information (CJIS). Where the engagement involves Criminal Justice Information, Z7 will comply with the FBI CJIS Security Policy as specified in the SOW, including personnel screening, access control, and any required CJIS Security Addendum.
C.4 Federal Tax Information (IRS Publication 1075). Where the engagement involves Federal Tax Information, Z7 will comply with IRS Publication 1075 safeguards as specified in the SOW.
C.5 Financial Data (GLBA, PCI DSS, SOX). Where the engagement involves financial customer information, payment card data, or systems subject to financial-reporting controls, Z7 will support the applicable Gramm-Leach-Bliley Act Safeguards, Payment Card Industry Data Security Standard, or internal-control requirements as specified in the SOW.
C.6 Privacy Laws (GDPR, UK GDPR, US State Laws). Where Z7 processes personal data subject to the EU or UK General Data Protection Regulation or US state privacy laws, the Data Processing Addendum applies, Z7 acts as a processor or service provider, and the parties will implement required transfer mechanisms such as the EU Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, and the Swiss addendum, as applicable.
This Schedule applies when an engagement involves controlled technical data, controlled software, or restricted destinations or persons.
D.1 ITAR and EAR. Z7 will comply with the International Traffic in Arms Regulations and the Export Administration Regulations applicable to the Services. Client will identify in writing any technical data or item subject to export control before providing it to Z7.
D.2 Foreign Persons and Deemed Exports. Where the engagement requires US-person handling or restricts access by foreign persons, Z7 will staff and control access accordingly, as specified in the SOW.
D.3 Sanctions. Each party will comply with US economic sanctions administered by the Office of Foreign Assets Control and will not use the Services in violation of sanctions or with sanctioned parties or destinations.
Work performed under an SOW is accepted on the earliest of: written confirmation from Client that the task or Deliverable is complete; no material written objection raised within ten business days of delivery or completion; or continued use of the delivered configuration, guidance, or output in a production or operational environment. Acceptance applies to advisory, configuration, policy enforcement, and implementation support delivered under the SOW. For a government Client, the inspection and acceptance terms of FAR 52.212-4(a) or the SOW control. A different acceptance procedure stated in an SOW or required by a Schedule controls for that engagement.
By signing an SOW, accepting a Z7 quote, or paying a Z7 invoice that references these Terms, Client expressly accepts and agrees to these Terms, and acceptance forms a binding contract. A quote is valid for 28 days unless stated otherwise, and Z7 reserves the right to amend prices due to supplier factors before acceptance. The latest version of these Terms is published at https://z7solutions.com/statement-of-work-terms/.
Z7 Solutions LLC · 7380 W Sand Lake Rd, Suite 500-110, Orlando, FL 32819 · (844) 974-8669 · z7solutions.com
