QuarqAI Master Service Agreement
This Master Service Agreement (“Agreement”) is entered into as of the Effective Date stated in the applicable Order Form, by and between Thrum, Inc. (dba QuarqAI,) (“QuarqAI”, “we”, “us”, or “Service Provider”) and the customer identified in such form (“Customer”).
1. Introduction and Purpose
This Agreement governs each statement of work, order, or service engagement and sets forth obligations for delivery and use of QuarqAI’s Services, including platform access, integrations, consulting, and AI-related solutions.
2. Definitions
Services: QuarqAI cloud-hosted software, integrations, APIs, support, platform features, and AI-related solutions, as described in applicable Order Forms or Statements of Work (SOWs).
Customer Data: All data, information, or materials provided by or collected on behalf of Customer, including uploads and inputs, excluding Anonymized Data.
Anonymized Data: Data de-identified such that no individual, tenant, or Customer can be reasonably re-identified.
AI Outputs: Any content, predictions, recommendations, mapping, or analytics generated by QuarqAI algorithms.
Confidential Information: All nonpublic information of a disclosing party, including but not limited to Customer Data, business plans, pricing, and source code, marked as confidential or reasonably understood as such by its nature or context.
3. Scope of Services
QuarqAI will deliver Services set forth in Order Forms or SOWs, and may use subprocessors (including Syncari.com and Google Cloud, “GCP”) with industry-standard safeguards for tenant isolation and security.
Customer Responsibilities: Customer will provide timely access to information, resources, and personnel as needed for service delivery and compliance with applicable laws.
4. Fees and Payment Terms
Fees, payment schedule, and billing methods are as stated in each Order Form. Unless otherwise stated, all invoices are due within 30 days. Overdue amounts accrue 1.5% interest monthly (or the highest rate allowed by law), and QuarqAI may suspend Services after 60+ days of sustained nonpayment.
5. Confidentiality & NDA
5.1 Mutual Confidentiality
Each party will protect the other’s Confidential Information with at least the same care as its own (but not less than reasonable care), use it solely for purposes of this Agreement, and avoid unauthorized use or disclosure.
5.2 Exclusions
Confidential Information excludes information that: (a) is or becomes public through no fault of the recipient; (b) was already lawfully known; (c) is independently developed; or (d) is received lawfully from a third party without duty of confidentiality.
5.3 Compelled Disclosure
If a party is compelled by law to disclose Confidential Information, it shall (if legally permissible) give the other party prompt notice and cooperate in seeking a protective order.
5.4 NDA Survival
Obligations of confidentiality survive for five (5) years after termination (except for Customer Data, which is always confidential).
6. Data Privacy and Security
6.1 Data Handling & Minimization
Only collects what’s necessary for the Service; encrypts all Customer Data in-transit & at-rest using cloud-native (GCP) KMS/AES-256/TLS 1.2+, with strong access controls (least privilege, SSO/SAML/MFA, RBAC/ABAC).
No plaintext storage of Customer Data or secrets.
Role-based access, audit logging, and documented retention/deletion workflows are enforced.
6.2 Tenant Isolation
All Customer data, logs, embeddings, and caches are strictly isolated per tenant (customer); no cross-tenant indexing, analytics, or co-mingling will occur.
6.3 Third-party LLMs/APIs
QuarqAI will only transmit data to external AI/LLM providers bound by written no-training/no-retention commitments and will redact sensitive fields and minimize payloads.
6.4 Feature Engineering & AI Use
QuarqAI will not use Customer Data to train any foundation/generalized models unless specifically agreed in writing; AI-generated metrics, field mapping, normalization, and schema inference are always run in tenant isolation.
Global mapping/training on customer data is prohibited unless Customer consents in writing.
6.5 Analytics & Logging
Only deidentified (anonymized) or aggregated outputs may be used for cross-tenant analytics or benchmarking.
Capture of logs/metrics avoids all sensitive content by default.
6.6 Compliance/Certifications
QuarqAI aligns controls with SOC 2/ISO 27001 standards and leverages Syncari and GCP’s certified infrastructure, but is not formally certified as of the Effective Date. Security audit summaries or SOC 2/ISO 27001 status may be provided on request.
6.7 Right of Deletion and Retention
Customer may request deletion of its data and QuarqAI will, within 30 days, complete secure erasure including backups (unless legal retention is required). No orphaned or stranded customer data is retained after expiration or termination.
6.8 Data Breach Notification
QuarqAI shall promptly (within 48 hours) notify Customer of any confirmed data breach involving Customer Data, providing sufficient information for Customer to meet applicable regulatory obligations.
6.9 Subprocessors
A public or provided list of authorized subprocessors (including, but not limited to, Syncari and GCP) is maintained. Customers will be notified of any material changes.
7. Intellectual Property
7.1 QuarqAI IP
All platform technology, methodologies, and pre-existing IP are retained by QuarqAI.
7.2 Customer IP
All Customer Data and pre-existing intellectual property remains Customer property.
7.3 AI Outputs
Unless otherwise stated, Customer owns rights to AI Outputs, subject to underlying third-party data or models.
7.4 Restrictions On Use
Customer Data will never be used for training unrelated models. Anonymized aggregate data may be used by QuarqAI for platform improvement and system analytics only in a way that does not re-identify any customer or individual.
8. Term and Termination
Agreement starts on the Effective Date and continues as specified in the Order Form or SOW. Either party may terminate: (a) for uncured material breach after 30 days’ notice; (b) immediately for bankruptcy or regulatory prohibition.
On termination, data export and transition services will be provided for 30 days, and all Customer Data will be securely deleted upon transition completion.
9. Service Level Agreement (SLA)
QuarqAI will use commercially reasonable efforts to maintain 99.9% system uptime (except maintenance/force majeure).
Critical support: 1 hour response
Non-critical: Next business day
Service credits for failures are as stated on the Order Form.
10. Warranties & Disclaimers
QuarqAI warrants services will be performed in a workmanlike manner and in compliance with applicable law. QuarqAI makes no other warranties, including merchantability, fitness for a particular purpose, or that AI Outputs will be completely accurate or free from error.
All AI Outputs are provided “as-is” for expert human review and are not a substitute for professional or substantive decision-making.
11. Limitation of Liability
Except for breach of confidentiality, data breach, or indemnification obligations:
QuarqAI’s total liability will not exceed fees paid in the twelve months prior to the claim.
For confirmed breach of Customer Data, the cap is two times annual fees.
In no event will either party be liable for indirect, special, incidental, consequential, or punitive damages.
12. Indemnification
Each party indemnifies the other for third-party claims arising from:
(a) breach of confidentiality,
(b) IP infringement (QuarqAI indemnifies for Service; Customer for use data/content unlicensed/unlawful),
(c) violation of law.
AI Outputs used outside documented/integrated scope are excluded from QuarqAI indemnity.
13. Dispute Resolution
Any dispute not resolved by good faith negotiation within ten (10) business days shall be escalated to senior management. If unresolved, disputes will be submitted to binding arbitration administered by the American Arbitration Association in either Denver, Colorado or Wilmington, Delaware (as selected in the Order Form), under its Commercial Arbitration Rules. Each party bears its own costs.
14. Miscellaneous Provisions
Force Majeure: Neither party is liable for failure to perform due to events beyond reasonable control.
Amendments: Only effective if in writing, signed by both parties.
Assignment: Requires written consent, except for merger/acquisition.
Notices: In writing, sent to contacts designated in the Order Form.
Entire Agreement: Includes all exhibits, SOWs, schedules; supersedes prior agreements.
Severability: If a provision is held invalid, the remainder remains enforceable.
Survival: NDA, privacy, payment, and limitation of liability provisions survive termination.
15. Governing Law
This Agreement is governed by the laws of either Colorado or Delaware, without regard to its conflict of law rules (as selected in the Order Form).
16. Signatures
This Agreement is effective upon signature by authorized representatives of each party.
Appendices:
Appendix A: Sample SOW
Appendix B: Pricing/Payment Schedule
Appendix C: Technical Documentation & Security Overview (including the privacy/security matrix reviewed above)
[END OF AGREEMENT]