1. INTRODUCTION AND APPLICABILITY

 Relationship to General Partner Agreement. This Technology Partner Agreement (“Tech Agreement“) is a type-specific agreement that supplements the Smackdab Inc. General Partner Agreement (“General Agreement“) located at https://smackdab.ai/legal/general-partner-agreement. All terms of the General Agreement are incorporated by reference into this Tech Agreement. In the event of any conflict between this Tech Agreement and the General Agreement, this Tech Agreement shall prevail with respect to the subject matter herein. Capitalized terms used but not defined in this Tech Agreement shall have the meanings given to them in the General Agreement or the Master Definitions Document.

 Applicability. This Tech Agreement applies to Partners who participate in the Smackdab Partner Program as a Technology Partner, as defined in the General Agreement. By accepting this Tech Agreement, Partner agrees to be bound by both this Tech Agreement and the General Agreement.

 Participation Requirements. To participate as a Technology Partner, Partner must:

Complete the Technology Partner application process;

Accept both the General Agreement and this Tech Agreement;

Meet and maintain the requirements for the applicable partner tier as set forth in Section 7; and

Comply with all terms and conditions of both agreements.

Definitions. In addition to terms defined elsewhere in this Tech Agreement or in the General Agreement, capitalized terms shall have the meanings set forth in the Master Definitions Document available at https://smackdab.ai/legal/master-definitions-document. Key terms specifically relevant to this Tech Agreement include “Integration,” “Marketplace,” “Integration User,” and “Technical Documentation.”

 “Technical Documentation” means technical specifications, integration guides, API documentation, security guidelines, and other technical materials provided by Smackdab to Partner for the purpose of developing, maintaining, and supporting the Integration.

⚠️ ATTORNEY REVIEW NOTE: Review this section to ensure the relationship between the General Agreement, the Master Definitions Document, and this Tech Agreement is clearly established. Verify that the incorporation by reference of the General Agreement and the Master Definitions Document is enforceable under Florida law and in other jurisdictions where partners may be located.

2. TECHNOLOGY PARTNER PROGRAM OVERVIEW

 Program Purpose. The Technology Partner Program enables Partners to develop, maintain, and distribute Integrations between their own applications or services and the Services, providing enhanced functionality and value to mutual customers. The Program is designed to create a robust ecosystem of Integrations that extend the functionality of Smackdab’s core CRM/ERP platform while maintaining security, performance, and quality standards.

 Integration Types. Technology Partners may develop various types of Integrations, including but not limited to:

 Data synchronization between Partner’s application and the Services;

 Embedded Smackdab functionality within Partner’s application;

 Embedded Partner functionality within the Services;

 Extension of the Services’ capabilities through add-ons;

Workflow automation between Partner’s application and the Services;

Single sign-on and identity management integrations;

Data visualization and reporting based on Client Data;

AI and machine learning models that enhance the Services;

Industry-specific solutions that extend the core CRM/ERP functionality; and

 Mobile applications or extensions that interact with the Services.

Program Benefits. Depending on Partner’s tier, Program Benefits may include:

Access to Smackdab’s APIs, SDKs, and development resources;

Development environment and sandbox accounts;

Technical Documentation and integration guides;

Developer support;

Listing in the Marketplace;

Co-marketing opportunities;

Certification of Partner’s Integration;

Potential Commission opportunities for referrals generated through the Integration;

Early access to new APIs and beta features;

Participation in Smackdab’s integration advisory council (Strategic Partners only);

Joint webinars and case studies;

Invitation to Smackdab’s annual partner summit;

Access to technical training and certification programs; and

Participation in the Technology Partner community and forums.

License Restrictions and Requirements.

All licenses granted to Partner under this Agreement are conditioned on Partner’s continued compliance with this Tech Agreement and the General Agreement.

All rights not expressly granted to Partner are reserved by Smackdab.

Partner shall not use the APIs or any other Smackdab resources for any purpose other than developing, maintaining, and supporting the Integration.

Partner shall not sublicense, sell, transfer, or otherwise distribute the APIs or any other Smackdab resources except as explicitly permitted in this Tech Agreement.

Partner shall not use Smackdab’s APIs or Services to develop or enhance Partner’s own products or services that compete directly with the Services.

Partner shall not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, techniques, processes, algorithms, know-how, or other information from the APIs or Services.

Costs and Expenses.

Unless otherwise specified in an Order Form or separate written agreement, each party shall bear its own costs and expenses related to its performance under this Tech Agreement, including:

(a) Development and maintenance of the Integration;

(b) Marketing and promotion activities;

(c) Support and technical assistance to Clients; and

(d) Personnel, facilities, and equipment costs.

Partner is responsible for any taxes, duties, or other governmental charges related to its participation in the Program.

If Partner charges fees to Clients for the use of its Integration, Partner shall be solely responsible for:

(a) Establishing and communicating its pricing structure to Clients;

(b) Billing and collecting payments from Clients;

(c) Providing receipts and other documentation required by applicable law; and

(d) Addressing any payment disputes with Clients.

Program Structure and Documentation.

The Program is governed by the following documents, in order of precedence:

(a) Any Order Form or Statement of Work executed by both parties;

(b) This Tech Agreement;

(c) The General Agreement;

(d) The Technical Documentation; and

(e) Any additional policies or guidelines referenced in this Tech Agreement.

Smackdab may update the Technical Documentation from time to time to reflect changes to the APIs, security requirements, or other technical aspects of the Program. Smackdab will provide notice of material changes to the Technical Documentation in accordance with Section 6.2.

Partner is responsible for reviewing updates to the Technical Documentation and ensuring its Integration remains compliant with current requirements.

⚠️ ATTORNEY REVIEW NOTE: Review Section 2.4.5 regarding non-competition to ensure it is specific enough to be enforceable while providing adequate protection against Partners creating competing products. Consider whether the integration types and program benefits accurately reflect Smackdab’s technical capabilities and business objectives. Consider whether any integration types should be excluded or whether certain types of integrations require additional approvals or compliance requirements.

3. INTEGRATION DEVELOPMENT AND MAINTENANCE

Development Process. Partner shall follow Smackdab’s recommended Integration development process, which includes:

Reviewing the Technical Documentation and integration guidelines;

Designing the Integration in accordance with Smackdab’s best practices;

Developing the Integration using the appropriate Smackdab APIs and SDKs;

Testing the Integration thoroughly in the Smackdab sandbox environment;

Submitting the Integration for Smackdab’s review and approval; and

Addressing any issues identified during Smackdab’s review process.

Integration Standards. Partner’s Integration must meet the following standards:

Adhere to Smackdab’s technical specifications and requirements;

Function properly and as described;

Follow Smackdab’s user interface guidelines if the Integration includes visual elements within the Services;

Meet all security requirements set forth in Section 11;

Include appropriate error handling and logging;

Maintain acceptable performance standards, with minimal impact on the Services’ performance;

Support Smackdab’s supported environments and versions;

Include complete and accurate documentation for end users;

Comply with all applicable accessibility requirements as specified in Section 14.2; and

Implement data protection measures in accordance with Section 14.1.

Integration Maintenance.

Partner shall maintain its Integration throughout the Term of this Tech Agreement, including:

(a) Monitoring the Integration for issues and promptly addressing any bugs or defects;

(b) Updating the Integration to maintain compatibility with new versions of the Services and APIs;

(c) Implementing enhancements to improve functionality and user experience;

(d) Ensuring continued compliance with security requirements and best practices; and

(e) Responding to user feedback and feature requests when commercially reasonable.

Partner shall update its Integration within the following timeframes:

(a) Critical security updates: Within 7 calendar days of notification;

(b) Major API version updates: Within 30 calendar days of release;

(c) Breaking changes: Within the deprecation timeline provided by Smackdab (typically 90 days); and

(d) Minor API updates: Within 60 calendar days of release.

Version Control and Release Management.

Partner shall maintain proper version control for its Integration, including:

(a) Clear version numbering following semantic versioning principles (MAJOR.MINOR.PATCH);

(b) Detailed release notes for each version;

(c) Proper testing of each release before deployment, including security testing, functionality testing, and backwards compatibility testing;

(d) Maintaining backward compatibility when possible or providing clear migration paths; and

(e) Maintaining a detailed changelog for audit and troubleshooting purposes.

Partner shall notify Smackdab of major version releases at least 7 days before release to the production environment.

Partner shall notify Integration Users of major changes, deprecations, or breaking changes with reasonable advance notice, which shall not be less than:

(a) 30 days for major version changes that include breaking changes;

(b) 14 days for significant functionality changes; and

(c) 7 days for minor updates that may impact user experience.

Partner shall maintain at least the current version and one previous major version of the Integration to allow Clients adequate time to upgrade.

Integration Approval Process.

Before releasing an Integration or major update, Partner must submit it to Smackdab for review and approval, which includes:

(a) Functional testing to verify the Integration works as described;

(b) Security review to identify potential vulnerabilities;

(c) Performance testing to ensure the Integration doesn’t negatively impact the Services;

(d) Documentation review to verify accuracy and completeness; and

(e) Data processing review to ensure compliance with applicable data protection laws.

Smackdab will complete its review within 14 business days of submission and provide one of the following responses:

(a) Approval for release;

(b) Approval with conditions that must be addressed before or after release; or

(c) Rejection with specific issues that must be addressed before resubmission.

Partner shall not release the Integration or update to production until receiving Smackdab’s approval.

Integration Development Dispute Resolution.

Technical Disputes. For disputes specifically related to Integration development, technical specifications, API functionality, or other technical matters:

(a) Technical Expert Review: Before initiating the formal escalation procedure in Section 9 of the General Agreement, the parties shall: (i) Jointly select a neutral technical expert with relevant expertise; (ii) Submit technical documentation and position statements to the technical expert; (iii) Participate in a technical review session facilitated by the expert; and (iv) Receive a non-binding recommendation from the expert within fifteen (15) business days of selection.

(b) Expedited Technical Resolution Process: For urgent technical disputes that materially impact the Services or Integrations: (i) The parties shall designate technical representatives with decision-making authority; (ii) These representatives shall meet within two (2) business days of dispute notification; (iii) If not resolved within five (5) business days, the dispute shall be immediately escalated according to the process outlined in Appendix 4: Dispute Resolution Flowchart; and (iv) All technical dispute proceedings shall be documented in writing, with copies provided to both parties.

(c) Technical Documentation Requirements: The party raising a technical dispute shall provide: (i) Detailed technical description of the issue; (ii) Reproduction steps or test cases demonstrating the issue; (iii) Relevant logs, error messages, or other diagnostic information; and (iv) Proposed technical resolution with implementation details.

(d) Technical Dispute Categories: Technical disputes shall be categorized as: (i) Critical: Immediately impacting production Services or Integrations; (ii) High: Affecting development or testing capabilities; (iii) Medium: Affecting documentation or non-essential functionality; or (iv) Low: Relating to future development or improvement suggestions.

The categorization shall determine the applicable timelines for resolution.

Development Scope Disputes. If a dispute arises regarding the scope or requirements of an Integration:

(a) The dispute shall first be addressed through good faith negotiations between the parties’ designated technical representatives;

(b) If the dispute is not resolved within ten (10) business days, it shall be escalated to the parties’ respective management representatives;

(c) If the dispute remains unresolved, it shall be addressed through the dispute resolution process set forth in Section 9 of the General Agreement and further detailed in Appendix 4: Dispute Resolution Flowchart; and

(d) During the pendency of such dispute, Partner shall continue development in accordance with the undisputed requirements while the disputed requirements are being resolved.

Approval Process Disputes. If Partner disagrees with Smackdab’s review decision under Section 3.5.2:

(a) Partner may submit a written appeal within five (5) business days of receiving the decision;

(b) The appeal must include a detailed explanation of the basis for disagreement and any supporting documentation;

(c) Smackdab will review the appeal and provide a final decision within ten (10) business days; and

(d) If Partner disagrees with the final decision, the dispute shall be resolved in accordance with Section 9 of the General Agreement and Appendix 4: Dispute Resolution Flowchart.

⚠️ ATTORNEY REVIEW NOTE: Review the integration development and maintenance provisions to ensure they create clear requirements while providing reasonable timeframes and flexibility. Add specific language regarding the consequences if Partner fails to meet the update timeframes in Section 3.3.2, as this could expose Smackdab to security risks. Verify that the dispute resolution process in Section 3.6 aligns with the master dispute resolution provisions in the General Agreement and Appendix 4: Dispute Resolution Flowchart.

4. API USAGE AND LIMITATIONS

API License. Subject to the terms and conditions of this Agreement, Smackdab grants to Partner a limited, non-exclusive, non-transferable, non-sublicensable, revocable license during the Term to access and use Smackdab’s APIs solely for the purpose of developing, testing, maintaining, and supporting Partner’s Integration with the Services.

API Credentials.

Smackdab will provide Partner with API credentials necessary to access the APIs.

Partner shall:

(a) Keep all API credentials secure and confidential;

(b) Not share API credentials with third parties;

(c) Use proper secure credential management practices, including encryption of stored credentials and secure key rotation processes;

(d) Implement multi-factor authentication where available for API access management;

(e) Segregate production and development API credentials; and

(f) Promptly notify Smackdab of any suspected credential compromise.

Partner is solely responsible for all activities that occur using its API credentials.

In the event of a suspected compromise, Smackdab may immediately suspend the compromised credentials and issue new credentials after the security issue has been adequately addressed.

Rate Limits.

Smackdab imposes rate limits on API usage to ensure system stability and fair usage. Current rate limits are documented in the API documentation and may include:

(a) Requests per minute;

(b) Requests per hour;

(c) Requests per day;

(d) Concurrent requests; and

(e) Data transfer volumes.

Rate limits vary by Partner tier as specified in Section 7.

Partner shall implement appropriate rate limiting in its Integration to prevent exceeding these limits, including:

(a) Throttling requests when approaching limits;

(b) Queuing non-time-sensitive operations during peak periods;

(c) Implementing exponential backoff for retries; and

(d) Monitoring usage to identify and address inefficient patterns.

Repeatedly exceeding rate limits may result in temporary API access suspension or permanent rate limit reductions.

API Versioning and Deprecation.

Smackdab uses versioned APIs and follows these versioning practices:

(a) Major version changes (e.g., v1 to v2) may include breaking changes and require integration updates;

(b) Minor version changes maintain backward compatibility within the same major version; and

(c) API versions are included in the URL path (e.g., /api/v1/resource).

Smackdab’s API deprecation policy is as follows:

(a) Deprecated APIs will continue to function for at least 90 days after deprecation notice;

(b) Deprecated APIs will be clearly marked in documentation;

(c) Smackdab will provide migration guides for deprecated APIs; and

(d) Notification of deprecation will be provided via email to Partner contacts and through the Partner Portal.

Partner is responsible for updating its Integration to use supported API versions before deprecated versions are decommissioned.

API Usage Restrictions. In addition to the restrictions in the General Agreement and Section 5.3 of this Tech Agreement, Partner shall not:

Use the APIs in a manner that exceeds rate limits or places excessive load on Smackdab’s systems;

Use the APIs to harvest or collect data for purposes unrelated to the Integration’s functionality;

Use the APIs to replicate core Smackdab functionality for competitive purposes;

Cache Smackdab data accessed through the APIs longer than necessary for the Integration’s functionality or beyond the caching periods specified in the API documentation;

Attempt to bypass or circumvent any API security measures or access controls;

Use the APIs to access data to which Partner does not have authorized access; or

Use the APIs for any purpose prohibited by applicable law or the General Agreement.

API Monitoring and Enforcement.

Smackdab monitors API usage for security, performance, and compliance purposes.

If Smackdab detects potential API misuse, it may:

(a) Temporarily throttle Partner’s API access;

(b) Suspend Partner’s API access;

(c) Require changes to Partner’s Integration; or

(d) Terminate Partner’s API access if serious violations occur.

Smackdab will notify Partner of API usage concerns and provide reasonable opportunity to remediate issues before taking enforcement action, except in cases of Security Emergencies as defined in Section 8.5.2.

⚠️ ATTORNEY REVIEW NOTE: Review the API license scope in Section 4.1 to ensure it provides adequate protections for Smackdab’s intellectual property while giving Partners sufficient rights to develop integrations. Verify that the specific rate limits for different partner tiers are appropriate and legally enforceable, and that the enforcement mechanisms are reasonable. Review the definition of “Security Emergencies” in Section 4.6.3 to ensure it aligns with the definition in Section 8.5.2 and provides clear guidelines for when Smackdab can take immediate action without notice.

5. PARTNER OBLIGATIONS

General Obligations. In addition to the obligations set forth in the General Agreement, Partner shall:

Develop, maintain, and support its Integration in accordance with this Tech Agreement;

Ensure sufficient technical expertise to properly develop and maintain the Integration;

Comply with all API usage requirements and limitations;

Maintain accurate documentation for the Integration;

Properly secure its applications and systems that connect to Smackdab’s APIs;

Comply with the requirements for Partner’s specific tier as set forth in Section 7;

Provide reasonably prompt support to users of the Integration;

Notify Smackdab of any known issues, bugs, or security vulnerabilities in the Integration;

Maintain appropriate insurance coverage, including errors and omissions insurance with coverage limits of at least $1,000,000 per occurrence for Premium and Strategic Integration Partners, and $500,000 per occurrence for Standard Integration Partners; and

Comply with all applicable laws, regulations, and industry standards relevant to the development, distribution, and support of the Integration, including data protection laws, consumer protection laws, and applicable export control regulations.

Technical Expertise.

Partner shall:

Maintain sufficient personnel with expertise in:

(a) Software development and API integration;

(b) Security best practices for web applications;

(c) The specific programming languages and frameworks used in the Integration; and

(d) Smackdab’s APIs and data models.

Ensure development personnel complete recommended Smackdab training.

Maintain knowledge of API changes and best practices by reviewing Smackdab’s developer documentation and announcements.

Prohibited Integration Activities. In addition to the prohibited activities set forth in the General Agreement, Partner shall not:

Develop Integrations that replicate core Smackdab functionality for the purpose of competing with Smackdab;

Develop Integrations that enable circumvention of Smackdab’s licensing or usage limitations;

Implement functionality that could damage or impair the operation of the Services;

Access, use, or expose data from the Services without proper authorization from the applicable Client;

Introduce malicious code or security vulnerabilities into the Services;

Make representations or warranties about Smackdab features or functionality beyond what is documented by Smackdab; or

Misrepresent the scope, capabilities, or limitations of the Integration.

Data Protection.

When Partner’s Integration accesses, processes, stores, or transmits Client Data, including Personal Data, Partner shall:

(a) Process such data only for the purpose of providing and maintaining the Integration;

(b) Implement appropriate technical and organizational measures to protect such data;

(c) Not use such data for Partner’s own purposes unrelated to the Integration;

(d) Not sell, rent, transfer, or otherwise make available such data to third parties without Client consent;

(e) Delete such data when no longer needed for Integration purposes or when requested by Client;

(f) Comply with all applicable data protection laws and regulations; and

(g) Maintain appropriate documentation of all data processing activities as required by applicable law.

Partner shall act as a “Processor” (under GDPR), “Service Provider” (under CCPA/CPRA), or equivalent role under applicable Data Protection Laws with respect to any Client Data, and shall process such data only on documented instructions from Smackdab or the applicable Client.

Partner acknowledges that, depending on the nature of the Integration and the data processed, it may be required to enter into additional data processing agreements with Clients and/or Smackdab.

Integration Documentation. Partner shall create and maintain comprehensive documentation for its Integration, including:

Clear description of Integration capabilities and limitations;

Installation and configuration instructions;

User guides and tutorials;

Technical specifications;

Security information; and

Troubleshooting guides and support information.

⚠️ ATTORNEY REVIEW NOTE: Review the insurance requirements in Section 5.1.9 to ensure they are commercially reasonable and appropriately scaled for different partner types. Consider updating the language for data protection obligations in Section 5.4 to address international data transfer requirements and data localization laws for Smackdab’s planned 2026 international expansion. Ensure that the prohibition on developing competing products in Section 5.3.1 is narrowly tailored and enforceable under antitrust laws.

6. SMACKDAB OBLIGATIONS

General Obligations. In addition to the obligations set forth in the General Agreement, Smackdab shall:

Provide Partner with access to Smackdab’s APIs necessary for the development and maintenance of Partner’s Integration;

Provide reasonably detailed API documentation and integration guidelines;

Provide a sandbox or test environment for Integration development and testing;

Review and approve Partner’s Integration within the timeframe specified in Section 3.5.2;

List approved Integrations in Smackdab’s Marketplace in accordance with Section 8; and

Provide Partner with reasonable support for Integration development and maintenance issues.

API Stability and Notifications.

Smackdab will make commercially reasonable efforts to maintain API stability and backward compatibility within each major API version.

Smackdab will provide advance notification of significant API changes as follows:

(a) Breaking changes: At least 90 days’ notice;

(b) Major new API versions: At least 60 days’ notice;

(c) Deprecation of API features: At least 90 days’ notice; and

(d) Minor enhancements: At least 30 days’ notice when feasible.

Notifications will be provided via:

(a) Email to Partner’s designated technical contacts;

(b) Announcements in the Partner Portal; and

(c) Updates to API documentation.

Notwithstanding the foregoing, Smackdab may make changes to the APIs without prior notice if necessary to address:

(a) Critical security vulnerabilities;

(b) Emergency compliance requirements imposed by law or regulation; or

(c) Technical issues that could substantially impair the Services if not promptly addressed.

Smackdab will provide notice of such emergency changes as soon as reasonably practicable.

For deprecations of major API versions, Smackdab will:

(a) Provide migration guides with code examples;

(b) Maintain the deprecated version for at least 12 months after initial deprecation notice; and

(c) Offer technical consultation to Strategic Integration Partners to assist with migration.

Technical Support.

Smackdab will provide Partner with technical support for Integration development and maintenance as follows:

(a) Documentation and self-help resources;

(b) Developer forum access;

(c) Email support during Business Hours with response times based on Partner’s tier; and

(d) For eligible Partner tiers, scheduled technical consultation sessions.

Technical support is limited to:

(a) Assistance with API usage questions;

(b) Clarification of API documentation;

(c) Troubleshooting Integration issues related to Smackdab’s APIs; and

(d) Guidance on best practices for Integration development.

Technical support does not include:

(a) Custom development services;

(b) Code review beyond security and performance considerations; or

(c) Debugging Partner’s Integration code unrelated to Smackdab’s APIs.

Service Levels.

The Smackdab APIs are subject to the Service Level Agreement available at https://smackdab.ai/legal/service-level-agreement.

Smackdab does not guarantee 100% API availability and may experience occasional downtime for maintenance, upgrades, or unforeseen issues.

Smackdab will make commercially reasonable efforts to minimize API downtime and to schedule maintenance during off-peak hours.

⚠️ ATTORNEY REVIEW NOTE: Review the notification periods for API changes to ensure they are appropriate for your development cycle and whether additional provisions are needed regarding API versioning and deprecation. The SLA reference in Section 6.4.1 should be reviewed to ensure it properly addresses API availability and performance metrics specifically, rather than just general service availability. Consider adding language regarding limitations of liability for API downtime to align with the General Agreement’s limitation of liability provisions.

7. PARTNER TIERS AND REQUIREMENTS

Technology Partner Tiers.

Standard Integration Partner

(a) Requirements:

(b) Benefits:

Premium Integration Partner

(a) Requirements:

(b) Benefits:

Strategic Integration Partner

(a) Requirements:

(b) Benefits:

Tier Assessment and Changes.

Smackdab will evaluate Partner’s tier status quarterly based on the Partner’s performance and compliance with tier requirements.

Partners may be promoted to a higher tier upon meeting the applicable requirements and submitting a tier upgrade request.

Partners may be downgraded to a lower tier if they fail to maintain the requirements of their current tier for two consecutive quarters.

Tier changes, including promotions or downgrades, will take effect from the first day of the month following Smackdab’s notification to Partner.

API rate limits and other benefits applicable to the new tier will apply from the effective date of the tier change.

Smackdab reserves the right to modify tier requirements and benefits in accordance with Section 11.5 of the General Agreement.

Integration Certification.

Smackdab may offer certification programs for Integrations that meet enhanced quality, security, and functionality standards.

Certification requirements include:

(a) Passing an enhanced technical review;

(b) Demonstrating adherence to Integration best practices;

(c) Implementing comprehensive error handling and logging;

(d) Providing excellent user experience;

(e) Maintaining comprehensive documentation; and

(f) Meeting enhanced security requirements.

Certified Integrations receive:

(a) A “Certified Integration” badge for use in marketing materials;

(b) Enhanced visibility in the Marketplace;

(c) Inclusion in Smackdab’s certified Integration directory; and

(d) Preferential consideration for co-marketing opportunities.

Certification must be renewed annually through a recertification process.

Performance and Customer Satisfaction Metrics.

Smackdab may measure Integration performance and customer satisfaction through:

(a) User surveys and feedback;

(b) Integration usage metrics;

(c) Support ticket volume and resolution metrics;

(d) User ratings and reviews; and

(e) Technical performance metrics (e.g., response times, error rates).

Partners shall maintain the following minimum customer satisfaction metrics:

(a) Standard Integration Partners: Minimum 3.5/5.0 average rating

(b) Premium Integration Partners: Minimum 4.0/5.0 average rating

(c) Strategic Integration Partners: Minimum 4.5/5.0 average rating

Partners shall maintain the following technical performance metrics:

(a) Standard Integration Partners:

(b) Premium Integration Partners:

(c) Strategic Integration Partners:

Smackdab will provide Partners with access to relevant metrics through the Partner Portal.

If a Partner fails to meet the applicable metrics for two consecutive quarters, Smackdab may:

(a) Require the Partner to submit and implement a remediation plan;

(b) Downgrade the Partner to a lower tier; or

(c) Remove the Integration from the Marketplace until performance improves.

⚠️ ATTORNEY REVIEW NOTE: Review the technical performance metrics in Section 7.4.3 to ensure they are objectively measurable and create reasonable obligations. Consider adding a grace period for new Integrations to meet these metrics, as they may require time to optimize performance. Also review Section 7.4.5 to ensure the remedies for failing to maintain metrics are proportionate and provide adequate notice and opportunity to cure before downgrading or removal.

8. MARKETPLACE LISTING AND DISTRIBUTION

Marketplace Listing.

Subject to approval of Partner’s Integration and compliance with this Agreement, Smackdab will list Partner’s approved Integration in Smackdab’s Integration Marketplace.

Partner shall provide accurate listing information, including:

(a) Integration name;

(b) Integration description;

(c) Key features and benefits;

(d) Screenshots or demo videos;

(e) Installation and setup instructions;

(f) Support contact information;

(g) Partner company information; and

(h) Integration version and compatibility information.

Partner represents and warrants that all listing information is accurate, not misleading, and complies with applicable laws and regulations.

Marketplace Placement.

Standard placement in the Marketplace is based on objective metrics including:

(a) Relevance to search terms and categories;

(b) User engagement metrics (installation rate, retention rate, usage frequency);

(c) User ratings and reviews (weighted for verified users);

(d) Technical performance metrics (response time, error rate, uptime); and

(e) Currency of updates and compatibility with the latest API versions.

Featured placement and promotional opportunities shall be allocated based on the following criteria:

(a) Premium Integration Partners: (i) Maintain a minimum 4.0/5.0 user satisfaction rating across at least 15 verified user reviews (ii) Demonstrate at least 95% uptime over the preceding 90-day period (iii) Record fewer than 1 critical support issue per 100 active users per quarter (iv) Complete at least 2 quarterly security assessments with all critical findings remediated (v) Maintain full compatibility with current API versions within required timeframes

(b) Strategic Integration Partners: (i) Maintain a minimum 4.5/5.0 user satisfaction rating across at least 30 verified user reviews (ii) Demonstrate at least 99% uptime over the preceding 90-day period (iii) Record fewer than 0.5 critical support issues per 100 active users per quarter (iv) Complete quarterly security assessments with all critical findings remediated (v) Maintain full compatibility with current API versions within required timeframes (vi) Demonstrate significant user adoption growth (minimum 15% quarter-over-quarter)

Featured placement opportunities shall be equitably distributed among qualifying Partners, with no single Partner receiving more than 20% of featured placement opportunities in any 90-day period, unless insufficient qualifying Partners are available.

Smackdab shall document all placement decisions and make placement criteria metrics available to Partners through the Partner Portal.

Notwithstanding the foregoing, Smackdab reserves the right to determine the final placement of all Integrations in the Marketplace and may adjust placement algorithms to ensure Marketplace quality, relevance, and user experience.

Rating and Reviews.

Smackdab shall implement a rating and review system for Integrations in the Marketplace that:

(a) Requires users to be verified Integration Users before submitting ratings or reviews;

(b) Collects both quantitative ratings (1-5 stars) and qualitative feedback;

(c) Includes mandatory disclosure of the user’s length of experience with the Integration;

(d) Enables users to update their reviews as their experience with the Integration evolves; and

(e) Identifies reviews from users who received implementation assistance from Partner.

Users may submit ratings and reviews based on their experience with the Integration, provided such reviews:

(a) Relate directly to the Integration’s functionality, performance, or support;

(b) Do not contain false, defamatory, or offensive content;

(c) Do not disclose confidential information or Personal Data; and

(d) Comply with Smackdab’s review guidelines published in the Marketplace.

Prohibited Review Practices. Partner shall not engage in any of the following prohibited practices:

(a) Creating or using multiple accounts to submit reviews for its own or competitors’ Integrations;

(b) Submitting, soliciting, or coordinating false, misleading, or inauthentic reviews;

(c) Offering any compensation, discount, incentive, refund, or other benefit in exchange for reviews (regardless of whether positive or negative);

(d) Conditioning technical support, feature implementation, or other services on users’ agreement to submit positive reviews or to modify existing reviews;

(e) Harassing, coercing, threatening, or exerting undue pressure on users who have left or may leave reviews;

(f) Attempting to improperly influence users’ ratings through selective review solicitation that targets only satisfied users;

(g) Using automated systems or scripts to generate or submit reviews; or

(h) Engaging in any pattern of activity that Smackdab reasonably determines is intended to manipulate the review system.

Review Monitoring and Removal.

(a) Smackdab shall actively monitor reviews and may: (i) Remove reviews that violate Smackdab’s review guidelines or appear to be fraudulent (ii) Suspend review privileges for users who repeatedly submit violating reviews (iii) Apply algorithmic adjustments to detect and mitigate coordinated review manipulation (iv) Implement statistical analyses to identify anomalous review patterns

(b) Partner shall promptly report to Smackdab any reviews that it believes violate Smackdab’s review guidelines by using the reporting feature in the Partner Portal, but shall not contact users directly regarding negative reviews unless the user has explicitly requested such contact.

(c) Smackdab shall provide Partners with the opportunity to appeal the removal of positive reviews or the retention of negative reviews that potentially violate Smackdab’s review guidelines, provided that: (i) Appeals must be submitted within five (5) business days of the review’s publication or removal (ii) Appeals must include specific reasons why the review violates guidelines or should be reinstated (iii) Smackdab shall make the final determination on all appeals within ten (10) business days

Partner Responses to Reviews.

(a) Partner may respond to reviews of its Integration, provided that such responses: (i) Are professional, respectful, and constructive (ii) Address the specific points raised in the review (iii) Do not contain promotional content unrelated to the review (iv) Do not disclose Personal Data or confidential information (v) Do not harass, threaten, or disparage the reviewer

(b) Partner’s responses shall be publicly visible alongside the corresponding review and subject to the same content standards as user reviews.

(c) Smackdab may remove Partner responses that violate these requirements.

Review Manipulation Consequences.

(a) If Smackdab reasonably determines that Partner has engaged in prohibited review practices, Smackdab may, in its sole discretion: (i) Issue a warning to Partner (ii) Remove or discount affected reviews (iii) Limit Partner’s ability to respond to reviews (iv) Reduce Partner’s visibility in Marketplace search and browsing results (v) Suspend or remove Partner’s Integration from the Marketplace (vi) Downgrade Partner’s tier status (vii) Terminate this Agreement pursuant to Section 13

(b) The severity of the consequence shall be proportionate to the nature, extent, and frequency of the violation, with repeated or severe violations resulting in more significant consequences.

(c) Partner shall have the opportunity to appeal any determination of review manipulation through the dispute resolution process in Section 16.

Integration Categories and Discoverability.

Smackdab will categorize Integrations to enhance discoverability based on:

(a) Functionality;

(b) Industry focus;

(c) Use case;

(d) Partner type; and

(e) Other relevant factors.

Partner may suggest appropriate categories but Smackdab makes final categorization decisions.

Integration Removal.

Smackdab may temporarily or permanently remove Partner’s Integration from the Marketplace for:

(a) Violation of this Agreement or the General Agreement;

(b) Security vulnerabilities that pose a risk to Clients;

(c) Consistent poor user ratings (below 3.0/5.0 for three consecutive months);

(d) Incompatibility with current API versions that is not remediated within required timeframes;

(e) Excessive support issues or user complaints;

(f) Misrepresentation of Integration capabilities;

(g) Engaging in prohibited review practices specified in Section 8.3.3;

(h) Violation of applicable laws or regulations; or

(i) Partner’s request.

Security Emergencies.

(a) For purposes of this Agreement, a “Security Emergency” means any of the following: (i) A vulnerability in the Integration that could lead to unauthorized access to, or compromise of, Client Data (ii) A vulnerability that enables privilege escalation within the Services or Client systems (iii) Malicious code or functionality discovered in the Integration (iv) Data breach or security incident affecting the Integration or Partner systems that process Client Data (v) Exploitation of the Integration by malicious actors that is actively occurring or has occurred (vi) Any other security issue that Smackdab reasonably determines poses an immediate and substantial risk to the security of the Services or Client Data

(b) In the event of a Security Emergency, Smackdab may immediately remove the Integration from the Marketplace without prior notice to Partner.

(c) Smackdab shall notify Partner of such removal within 24 hours, including the specific Security Emergency that necessitated removal.

(d) Partner shall address the Security Emergency with the highest priority and provide Smackdab with a remediation plan within 48 hours of notification.

Expedited Remediation Process.

(a) For security vulnerabilities that do not constitute a Security Emergency (“Security Vulnerability”), Smackdab shall: (i) Notify Partner of the specific Security Vulnerability (ii) Provide a reasonable timeframe for remediation based on the severity of the vulnerability (iii) Collaborate with Partner on developing a remediation plan (iv) Consider temporary mitigation measures as an alternative to removal

(b) If Partner fails to address a Security Vulnerability within the specified timeframe, Smackdab may temporarily remove the Integration until the vulnerability is remediated.

Standard Removal Process. Except in cases of Security Emergencies, legal compliance issues, or failures to address Security Vulnerabilities, Smackdab will provide Partner with:

(a) Written notice at least five (5) business days before removing the Integration;

(b) The specific reason for removal with reference to the applicable Agreement provision;

(c) The steps Partner can take to remediate the issue and restore the listing;

(d) A timeframe for remediation, which shall be reasonable under the circumstances but not less than ten (10) business days; and

(e) An opportunity to respond and present a remediation plan.

User Data and Continuity.

(a) If an Integration is removed from the Marketplace, Smackdab shall: (i) Maintain user reviews and ratings in an archived state not visible to the public (ii) Provide existing users with notice of the removal and any potential impact (iii) Facilitate migration to alternative solutions where appropriate (iv) Preserve Integration User data to enable restoration if the Integration is reinstated

(b) If the Integration is reinstated, Smackdab shall: (i) Restore archived reviews and ratings (ii) Notify existing users of the Integration’s availability (iii) Restore the Integration’s Marketplace listing with appropriate notation about the prior removal period

(c) If an Integration is permanently removed, Smackdab shall: (i) Provide a reasonable transition period for existing users to migrate to alternative solutions (ii) Allow Partner controlled access to support existing users during the transition period (iii) Provide export functionality for user-generated Integration data where technically feasible

Appeal Process. Partner may appeal any Integration removal by following the dispute resolution process outlined in Section 3.6.3 and Appendix 4.

Marketing of Integrations.

Partner may market its Integration to potential users, provided that:

(a) All marketing materials accurately represent the Integration’s capabilities;

(b) Partner complies with Smackdab’s trademark usage guidelines; and

(c) Partner does not misrepresent its relationship with Smackdab.

Smackdab may promote selected Integrations through:

(a) Featured listings in the Marketplace;

(b) Blog posts and social media;

(c) Email newsletters;

(d) Webinars and events; and

(e) Other marketing channels.

Selection for promotional activities is at Smackdab’s discretion, with preference given to Premium and Strategic Integration Partners.

⚠️ ATTORNEY REVIEW NOTE: Review the grounds for Integration removal in Section 8.5 to ensure they create a fair and legally defensible process with adequate notice and appeal rights. Review the definition of “Security Emergency” in Section 8.5.2 to ensure it provides sufficient clarity while maintaining flexibility for Smackdab to address genuine security threats. Review the consequences for review manipulation in Section 8.3.6 to ensure they are proportionate and enforceable. Review Section 8.5.5 regarding the handling of user data and reviews if an Integration is removed to ensure it balances user needs with Partner interests.

9. COMMISSIONS AND PAYMENTS

Referral Commission Eligibility

Premium and Strategic Integration Partners may be eligible for referral Commissions when their integration directly results in new Clients subscribing to the Services, as defined in Section 1.4.1 of the Solution & Affiliate Partner Agreement, which includes Smackdab’s subscription-based software applications, platforms, products, modules, add-ons, and features made generally available by Smackdab to its clients, as more fully described in Appendix 3 (Services Description) of the S&A Agreement.

Standard Integration Partners are not eligible for referral Commissions unless specifically approved by Smackdab in writing.

Qualified Referrals

 A “Qualified Referral” is a sale of Services that meets all of the following criteria:

(a) The prospect was referred directly from Partner’s integration or application through an approved tracking method;

(b) The prospect has not previously used the Services or been engaged in an active sales process with Smackdab or another Partner;

(c) The prospect converts to a paying Client of Smackdab;

(d) The Client has paid Smackdab in full for the applicable Services;

(e) The Client does not cancel the Services during any applicable trial period or money-back guarantee period; and

(f) Smackdab has not, in its reasonable discretion, disqualified the referral for any reason, including but not limited to suspicion of fraud, abuse, or violation of this Agreement.

Commission Rates and Structure

Premium Integration Partner Commissions: 10% of Client’s first-year subscription revenue.

Strategic Integration Partner Commissions: 15% of Client’s first-year subscription revenue.

Multi-Year Commission Structure:

For multi-year contracts resulting from Qualified Referrals, Commissions shall be calculated as follows:

(a) First Year: 100% of the applicable tier-based Commission rate on first-year subscription revenue.

(b) Second Year: 50% of the applicable tier-based Commission rate on second-year subscription revenue.

(c) Third Year and Beyond: No additional Commissions unless specifically agreed in writing.

Commission Calculation

Commissions are calculated based on the revenue actually received by Smackdab from the Client for the applicable subscription Services, excluding:

(a) Taxes, regulatory fees, and similar charges;

(b) Implementation, training, or consulting services fees;

(c) Add-on or premium features not included in the base subscription;

(d) Third-party services or products;

(e) Transaction fees or payment processing charges; and

(f) Hardware, equipment, or physical goods.

If a Client cancels, downgrades, or receives a refund for the Services, Smackdab may recalculate and adjust future Commission payments to reflect the actual revenue received, or invoice Partner for the overpaid amount.

Commission Payments

 Commissions will be paid monthly within thirty (30) days after the end of each calendar month for Qualified Referrals where payment has been received during that month.

Commissions will be paid via the payment method selected by Partner in the Partner Portal, which may include direct deposit, PayPal, or other methods offered by Smackdab.

Smackdab will provide Partner with a detailed report of the Commission calculation and Qualified Referrals.

Commissions will not be paid until the total accrued unpaid Commissions exceed $50 USD. Accrued amounts below this threshold will roll over to the next payment period.

Partner is responsible for providing and maintaining accurate payment information. Smackdab is not responsible for payment delays or failures resulting from incorrect or outdated payment information.

Taxes on Commissions

 All Commission amounts are exclusive of taxes. Partner is solely responsible for determining and paying all taxes applicable to Commissions received under this Agreement.

Partner shall provide Smackdab with appropriate tax documentation (e.g., W-9, W-8BEN, VAT registration) as required by applicable law.

Smackdab may withhold any taxes from Commission payments if required by applicable law unless Partner provides documentation showing that an exemption applies.

Disputes and Audits

Partner must report any Commission discrepancies or disputes within sixty (60) days from the date the Commission was paid or should have been paid. Failure to report within this timeframe constitutes acceptance of the Commission payment.

Smackdab reserves the right to audit Partner’s compliance with this Agreement, including verification of Qualified Referrals and Commission calculations. Partner shall cooperate with such audits and provide information as reasonably requested by Smackdab.

If an audit reveals overpayment of Commissions, Smackdab may offset such amounts against future Commission payments or invoice Partner for immediate repayment.

⚠️ ATTORNEY REVIEW NOTE: Review the commission structure to ensure it provides appropriate incentives for integration partners while remaining financially viable for Smackdab. Consider whether the qualification criteria for referrals are sufficiently clear and whether the attribution methodology is well-defined. The monthly payment schedule is standard industry practice, which should be fine, but verify this aligns with Smackdab’s financial operations.

10. INTELLECTUAL PROPERTY – SPECIFIC PROVISIONS

Integration Ownership

Partner owns and retains all right, title, and interest in and to its integration, except for Smackdab’s intellectual property incorporated therein, subject to the following:

(a) If an integration is developed exclusively for the Services, Smackdab shall have a perpetual, irrevocable, worldwide, royalty-free, non-exclusive license to use, market, and distribute such integration; and

(b) If an integration is developed as a general connector to multiple platforms, including the Services, Smackdab shall have a non-exclusive license to use, market, and distribute such integration in connection with the Services.

Partner grants to Smackdab a non-exclusive, worldwide, royalty-free license during the Term to:

(a) List, market, and promote Partner’s integration in the marketplace and other channels;

(b) Use Partner’s name, logo, and trademarks to identify the integration in the marketplace;

(c) Reproduce and display screenshots and demos of the integration for promotional purposes; and

(d) Allow Clients to download, install, and use the integration in connection with the Services.

Partner represents and warrants that it has all necessary rights and authority to grant the licenses described in Section 10.1.2 and that it owns or has properly licensed all components of the integration.

For the avoidance of doubt, nothing in this Agreement grants Partner any ownership rights in Smackdab’s APIs, SDKs, or other intellectual property.

Integration Improvements

If Partner develops improvements, enhancements, or new features for the integration, Partner retains ownership of such improvements, subject to the licenses granted to Smackdab herein.

If Smackdab suggests improvements or provides feedback on the integration, Partner shall own any implementation of such suggestions or feedback, subject to Smackdab’s ownership of its underlying intellectual property and the licenses granted herein.

Trademark Usage

Partner may use Smackdab’s name, logo, and trademarks solely to identify the integration as compatible with the Services, subject to Smackdab’s trademark usage guidelines.

Partner shall submit all materials containing Smackdab’s trademarks to Smackdab for approval prior to publication or distribution.

Partner shall not:

(a) Use Smackdab’s trademarks in a manner that suggests partnership, endorsement, or sponsorship beyond the scope of this Agreement;

(b) Incorporate Smackdab’s trademarks into Partner’s own trademarks, service marks, company names, domain names, or product names;

(c) Use Smackdab’s trademarks in a manner that is misleading, defamatory, infringing, libelous, disparaging, obscene, or otherwise objectionable to Smackdab; or

(d) Use Smackdab’s trademarks for any purpose other than as expressly authorized in this Agreement.

Open Source Components

If Partner’s integration includes open source components, Partner represents and warrants that:

(a) Such components are licensed under terms that do not require Smackdab to disclose, license, distribute, or make available any part of the Services in source code form;

(b) Such components do not subject the Services to any license obligations or restrictions, including any “copyleft” or “share-alike” requirements;

(c) Use of such components does not impose any additional restrictions or conditions on the use of the Services by Clients; and

(d) Partner is in compliance with all applicable open source license terms.

Partner shall provide Smackdab with a list of all open source components included in the integration, including license information, upon request.

Patent Non-Assert

Partner hereby covenants and agrees not to assert any patent rights against Smackdab or its Clients based on their use of the Services in connection with the integration.

This non-assert provision shall survive termination of this Agreement.

⚠️ ATTORNEY REVIEW NOTE: Review the intellectual property provisions to ensure they adequately protect Smackdab’s rights while providing reasonable protection for partners’ integration IP. The open source component provisions are particularly important to review to ensure they provide adequate protection against “copyleft” licenses that could potentially contaminate Smackdab’s proprietary code. Consider whether additional detail is needed regarding trademark usage guidelines.

11. TECHNICAL SECURITY REQUIREMENTS

Security Standards and Compliance

Partner shall develop, maintain, and operate its integration in accordance with industry standard security practices and applicable laws and regulations, including but not limited to:

(a) Implementing secure coding practices based on OWASP guidelines and SANS Top 25 Most Dangerous Software Errors;

(b) Maintaining compliance with applicable provisions of PCI DSS if processing payment information;

(c) Following secure API usage practices as specified in Smackdab’s API Security Guidelines available at https://smackdab.ai/developers/api-security-guidelines;

(d) Implementing appropriate access controls following the principle of least privilege;

(e) Regularly updating and patching components to address security vulnerabilities;

(f) Adhering to applicable data protection regulations, including GDPR, CCPA, and other relevant privacy laws in jurisdictions where the integration is offered;

(g) Implementing appropriate security measures for any artificial intelligence or machine learning components that may be included in the integration, including preventing data leakage, algorithmic bias, and unauthorized model manipulation; and

(h) Ensuring secure data analytics practices, including anonymization or pseudonymization of data used for analytical purposes.

For Premium and Strategic Integration Partners, additional security requirements apply, including:

(a) Annual comprehensive security assessments conducted by qualified personnel;

(b) Penetration testing performed at least annually by qualified third-party security professionals;

(c) Automated vulnerability scanning performed at least quarterly; and

(d) Security certifications appropriate to Partner’s industry (e.g., SOC 2 Type II, ISO 27001).

Data Security Measures

Partner shall implement appropriate technical and organizational measures to protect Client Data, including Personal Data, accessed or processed by the integration, including:

(a) Encryption of data in transit using industry-standard protocols (TLS 1.2 or higher);

(b) Encryption of sensitive data at rest using strong encryption methods;

(c) Secure storage and handling of access credentials and authentication tokens;

(d) Implementation of role-based access controls;

(e) Regular security testing and monitoring; and

(f) Secure and timely deletion of data when no longer needed.

Partner shall maintain a security program that includes:

(a) Regular security assessments;

(b) Employee security training;

(c) Security incident response procedures;

(d) Vulnerability management; and

(e) Security monitoring and logging.

Authentication and Authorization

Partner’s integration shall implement secure authentication methods, including:

(a) OAuth 2.0 or other Smackdab-approved authentication protocols;

(b) Secure token handling and storage;

(c) Appropriate session management; and

(d) Protection against common authentication attacks.

Partner shall implement appropriate authorization controls to ensure that:

(a) Users can only access data they are authorized to access;

(b) Client Data is isolated between different Clients; and

(c) Integration actions are limited to authorized operations.

 Secure Development Practices

Partner shall follow secure development practices, including:

(a) Security reviews during the design phase;

(b) Regular code reviews with security focus;

(c) Static and dynamic code analysis;

(d) Dependency vulnerability scanning; and

(e) Pre-release security testing.

Partner shall maintain secure development environments with:

(a) Separate development, testing, and production environments;

(b) Access controls limiting developer access to production environments; and

(c) Secure code management and version control.

 Vulnerability Management

Partner shall maintain a vulnerability management program, including:

(a) Regular vulnerability scanning;

(b) Timely patching of identified vulnerabilities based on severity:

(c) Monitoring of security advisories relevant to integration components; and

(d) Security testing after significant changes.

Partner shall promptly notify Smackdab of any security vulnerabilities discovered in the integration that could impact the Services or Client Data.

 Security Incident Response

Partner shall maintain a security incident response plan, including:

(a) Procedures for identifying, containing, and remediating security incidents;

(b) Roles and responsibilities during incident response;

(c) Communication procedures; and

(d) Post-incident analysis.

Partner shall notify Smackdab of any security incidents that:

(a) Impact or may impact the Services;

(b) Involve unauthorized access to Client Data; or

(c) May require notification to Clients or regulatory authorities.

Notification shall be provided:

(a) Within 24 hours of discovery for incidents involving unauthorized access to Client Data; and

(b) Within 72 hours of discovery for other security incidents.

Following a security incident, Partner shall:

(a) Cooperate with Smackdab’s investigation;

(b) Take appropriate remediation measures;

(c) Provide Smackdab with a post-incident report; and

(d) Implement measures to prevent similar incidents.

Security Compliance Monitoring

Smackdab may periodically assess Partner’s compliance with these security requirements through:

(a) Security questionnaires;

(b) Documentation review;

(c) Integration security testing; and

(d) For Premium and Strategic Integration Partners, security audits or assessments.

Partner shall cooperate with Smackdab’s security compliance activities and promptly address any identified issues.

⚠️ ATTORNEY REVIEW NOTE: Review the security requirements to ensure they provide appropriate protection for client data while establishing reasonable and achievable security standards for partners. Consider whether specific compliance requirements (e.g., GDPR, CCPA) should be referenced more explicitly. The vulnerability remediation timeframes should be reviewed to ensure they are reasonable and align with industry standards.

12. SUPPORT AND MAINTENANCE

Integration Support

Partner shall provide first-line support for users of its integration, including:

(a) Responding to user inquiries about integration functionality;

(b) Troubleshooting integration issues;

(c) Assisting with integration configuration; and

(d) Coordinating with Smackdab support when necessary.

Partner shall provide support during its normal business hours through channels specified in the integration documentation.

Partner shall establish and maintain the following support resources for integration users:

(a) Documentation and knowledge base;

(b) Support contact information;

(c) Issue tracking system; and

(d) Troubleshooting guides.

Support Levels and Response Times

Partner shall provide support in accordance with the following minimum standards:

(a) For Standard Integration Partners:

(b) For Premium Integration Partners:

(c) For Strategic Integration Partners:

“Response” means acknowledgment of the issue and the initiation of efforts to address it, not necessarily resolution of the issue.

Priority levels are defined as follows:

(a) Critical: Integration is non-functional or has a severe error that prevents essential operations with no workaround available.

(b) High: Significant functionality is impaired with limited or no workaround available.

(c) Medium: Non-critical functionality is impaired, but workarounds are available.

(d) Low: Minor issues, questions, or enhancement requests.

Maintenance Windows and Notifications

Partner shall notify integration users of scheduled maintenance that may impact the integration’s functionality at least 48 hours in advance.

Partner shall schedule routine maintenance during off-peak hours when possible.

For emergency maintenance, Partner shall provide as much advance notice as reasonably possible.

Issue Resolution and Escalation

Partner shall maintain an issue tracking system for integration issues, including:

(a) Issue categorization and prioritization;

(b) Assignment and ownership;

(c) Status tracking; and

(d) Resolution documentation.

Partner shall establish an escalation process for unresolved issues, including:

(a) Timeframes for escalation based on issue priority;

(b) Escalation paths and contacts; and

(c) Management involvement for critical issues.

For issues requiring Smackdab’s assistance, Partner shall:

(a) Verify the issue is related to the Smackdab APIs or Services before escalation;

(b) Provide all relevant diagnostic information and logs; and

(c) Coordinate with Smackdab support to resolve the issue.

Support Metrics and Reporting

Partner shall track and maintain support metrics, including:

(a) Response times;

(b) Resolution times;

(c) Issue categories and trends; and

(d) Customer satisfaction.

Premium and Strategic Integration Partners shall:

(a) Maintain a minimum customer satisfaction rating of 4.0/5.0 for support interactions;

(b) Provide Smackdab with quarterly support metrics upon request; and

(c) Address any support quality issues identified by Smackdab.

Support Coordination

Partner and Smackdab shall coordinate support activities for issues that span both the integration and the Services, in accordance with Section 9.4 and 9.5 of the S&A Agreement.

For complex issues involving both the integration and the Services, the parties shall:

(a) Designate primary point of contact from each party;

(b) Share relevant information and diagnostics;

(c) Conduct joint troubleshooting as needed; and

(d) Coordinate client communications.

Solution Partner Coordination. For Clients using both the Services and integrations developed by Partner, Partner shall:

(a) Coordinate support activities with relevant Solution Partners to ensure proper integration support;

(b) Establish clear support responsibilities with Solution Partners; and

(c) Participate in joint troubleshooting when issues involve both the Services and the integration.

Implementation and Support Dispute Resolution. Any disputes related to integration implementation or support services shall be resolved according to the following process:

(a) Initial Technical Review: Technical representatives from Partner and Smackdab shall meet within five (5) business days of either party identifying a dispute to discuss the technical aspects of the issue.

(b) Documentation and Assessment: The parties shall document the issue, including: (i) Nature and scope of the dispute (ii) Technical details and relevant circumstances (iii) Impact on Client (iv) Proposed resolution approaches

(c) Escalation Path: If not resolved at the technical level within ten (10) business days: (i) The dispute shall be escalated to the parties’ respective managers (ii) Managers shall meet within five (5) business days of escalation (iii) If not resolved at the manager level within ten (10) business days, the dispute shall proceed according to the full dispute resolution process in Appendix 4: Dispute Resolution Flowchart

(d) Client Involvement: For disputes involving Client satisfaction or deliverables: (i) Client feedback shall be solicited when appropriate (ii) Joint communication to Client shall be developed (iii) Client shall be kept informed of resolution progress

⚠️ ATTORNEY REVIEW NOTE: Review the support requirements to ensure they establish appropriate service levels while remaining achievable for partners of different sizes and capabilities. Consider whether additional detail is needed regarding coordination of support activities between partner and Smackdab support teams, particularly for critical or complex issues affecting multiple customers.

13. TERM AND TERMINATION – SPECIFIC PROVISIONS

Integration Continuity

If this Agreement is terminated, Partner shall:

(a) Provide Clients with at least 30 days’ notice before discontinuing the integration;

(b) Cooperate with Smackdab to minimize disruption to Clients;

(c) Provide reasonable transition assistance to Clients; and

(d) Provide Smackdab with all reasonably necessary documentation and information to enable Clients’ transition to alternative solutions.

Notwithstanding termination of this Agreement, Partner may continue to support existing instances of the integration for up to 90 days following termination to allow for appropriate transition.

If termination is due to Partner’s material breach, Smackdab may, at its option, assume direct support of the integration for existing Clients during the transition period, and Partner shall provide all reasonably necessary assistance to enable Smackdab to provide such support.

Termination Documentation Requirements.

(a) All termination notices shall follow the templates provided in Appendix 5: Termination Notice Templates, and shall include at minimum: (i) Clear identification of the terminating party (ii) The specific ground for termination, including reference to the applicable Agreement section (iii) The effective date of termination (iv) A detailed transition plan for active Clients (v) A list of post-termination obligations for both parties

(b) Partner shall provide an Integration Transition Document within ten (10) business days after providing or receiving a termination notice, which shall include: (i) A complete list of active Clients using the integration (ii) Integration architecture and technical specifications (iii) Configuration details for each Client (iv) Known issues and workarounds (v) Support history and open support tickets (vi) Upcoming planned updates or maintenance activities

(c) Smackdab shall provide a Termination Confirmation Document within five (5) business days of receiving the Integration Transition Document, which shall include: (i) Confirmation of the termination effective date (ii) Detailed transition plan and timeline for each Client (iii) Designated transition coordinator from Smackdab (iv) Process for handling final Commission payments (v) Schedule for return or deletion of Confidential Information

(d) The parties shall conduct a formal transition meeting within fifteen (15) business days before the effective termination date to review and finalize the transition plan.

Notwithstanding termination of this Agreement, Partner may continue to support existing instances of the integration for up to 90 days following termination to allow for appropriate transition.

If termination is due to Partner’s material breach, Smackdab may, at its option, assume direct support of the integration for existing Clients during the transition period, and Partner shall provide all reasonably necessary assistance to enable Smackdab to provide such support.

API Access Post-Termination

Upon termination:

(a) Partner’s API access will be terminated within 5 business days after the effective date of termination;

(b) Partner shall cease using the APIs and delete any cached or stored data obtained through the APIs; and

(c) Partner shall cease all development, distribution, and marketing of the integration.

To support Client transition, Smackdab may, in its sole discretion, grant limited API access for up to 90 days following termination, provided that:

(a) Such access is limited to supporting existing Clients;

(b) Partner complies with all applicable terms of this Agreement during this period; and

(c) Partner does not use such access for development or distribution of new integration versions.

ntegration Listing Post-Termination

Upon termination, Smackdab will remove Partner’s integration from the marketplace within 5 business days.

Smackdab will notify Clients of the integration’s removal and, if applicable, provide information about alternative integrations.

Survival of Client License Rights

Licenses granted to Clients for existing installations of the integration before termination shall survive termination, provided that:

(a) Such licenses are limited to the version of the integration in use at the time of termination;

(b) No new installations or upgrades are permitted; and

(c) Partner complies with all applicable support and maintenance obligations for existing Clients.

Commissions Upon Termination

If Partner terminates this Agreement for convenience, Smackdab will pay any accrued but unpaid Commissions as of the effective date of termination.

If Smackdab terminates this Agreement for convenience, Smackdab will pay:

(a) Any accrued but unpaid Commissions as of the effective date of termination; and

(b) Commissions for Qualified Referrals that convert to paying Clients within 30 days after termination.

If Smackdab terminates this Agreement due to Partner’s material breach, fraud, or illegal conduct, Smackdab may, in its sole discretion, withhold any unpaid Commissions.

If Partner terminates this Agreement due to Smackdab’s material breach, Smackdab shall pay Partner:

(a) All accrued but unpaid Commissions within thirty (30) days of the effective date of termination; and

(b) Commissions for Qualified Referrals that convert to paying Clients within 60 days after termination.

Integration Support Post-Termination

 If Smackdab continues to allow Clients to use the integration after termination, Partner shall:

(a) Provide reasonable support to existing Clients for a transition period of up to 90 days;

(b) Notify Clients of any support limitations or changes; and

(c) Cooperate with Smackdab to ensure a smooth transition.

Partner may charge reasonable fees for continued support beyond the transition period, provided that:

(a) Such fees are disclosed to Clients in advance;

(b) Clients have the option to decline continued support; and

(c) Fees are consistent with Partner’s standard support pricing.

⚠️ ATTORNEY REVIEW NOTE: Review the termination provisions to ensure they provide appropriate protections for both Smackdab and the partner, particularly regarding client continuity and transition. Consider whether the timeframes for continued API access and client support are appropriate and whether additional detail is needed regarding data handling post-termination.

14. PRIVACY AND ACCESSIBILITY COMPLIANCE

Data Privacy Requirements

Partner shall implement and maintain a comprehensive privacy program for its integration that complies with all applicable data protection laws, including but not limited to GDPR, UK GDPR, CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, and other applicable state, federal, and international privacy laws.

Partner shall provide a clear and accessible privacy policy that accurately describes its data collection, use, and sharing practices related to the integration, which shall be made available to users before they access or use the integration.

Partner shall obtain all necessary consents and provide all required notices for the collection, use, and sharing of Personal Data through the integration, as required by applicable law, including implementing appropriate consent management mechanisms where required.

Partner shall implement data minimization principles, collecting and processing only the Personal Data necessary for the integration’s functionality and retaining such data only for as long as necessary.

For cross-border transfers of Personal Data, Partner shall implement appropriate safeguards as required by applicable law, which may include:

(a) Standard Contractual Clauses approved by the relevant regulatory authorities;

(b) Binding Corporate Rules;

(c) Approved certification mechanisms; or

(d) Compliance with regional data localization requirements.

Partner shall implement procedures to promptly respond to data subject/consumer requests to exercise their rights under applicable privacy laws, including rights of access, deletion, correction, portability, restriction of processing, and objection to processing.

Data Subject Request Procedures. Partner shall maintain procedures to promptly identify, review, and respond to data subject requests under applicable Data Protection Laws, including:

(a) Response Timeframes: (i) Initial acknowledgment of receipt: Within 3 business days (ii) Substantive response: Within 15 calendar days (or such shorter period as may be required by applicable law) (iii) Complete fulfillment of request: Within 30 calendar days (or such shorter period as may be required by applicable law), with a possible extension of up to 60 additional days for complex requests where permitted by law

(b) Documentation Requirements: (i) All requests must be documented in a secure request tracking system (ii) Documentation must include the nature of the request, verification of the requestor’s identity, actions taken, and response provided (iii) Documentation shall be retained for at least 24 months or longer if required by applicable law

(c) Verification Procedures: (i) Partner shall implement reasonable procedures to verify the identity of individuals making requests (ii) Verification methods shall be proportionate to the sensitivity of the information requested (iii) Partner shall not require individuals to create accounts to submit requests (iv) Partner shall accept requests through multiple channels including email and web forms

(d) Response Format: (i) Responses shall be provided in a concise, transparent, intelligible, and easily accessible form (ii) Responses shall use clear and plain language (iii) Responses shall be provided in writing or electronically, or verbally if requested by the data subject (iv) Information provided in response to access requests shall be in a structured, commonly used, and machine-readable format when required by applicable law

(e) Coordination with Smackdab: (i) Partner shall notify Smackdab within 2 business days of receiving any data subject request that relates to Personal Data processed on behalf of Smackdab or Clients (ii) Partner shall coordinate with Smackdab on the response to such requests (iii) Partner shall implement Smackdab’s instructions regarding such requests (iv) Partner shall maintain a record of all coordination activities

Cross-Border Data Transfers and Data Localization.

(a) General Principles. For cross-border transfers of Personal Data from jurisdictions with restrictions on such transfers (including the EEA, UK, and Switzerland), Partner shall implement appropriate safeguards in accordance with applicable Data Protection Laws. This section will be particularly relevant upon Smackdab’s planned international expansion in 2026.

(b) Transfer Mechanisms. Depending on the jurisdictions involved and applicable law, Partner may rely on one or more of the following mechanisms:

(i) Standard Contractual Clauses (SCCs): – Partner shall implement the most current version of the SCCs approved by the relevant authority (e.g., European Commission, UK Information Commissioner’s Office) – Partner shall complete all appendices and annexes to the SCCs with accurate and complete information about the data transfer – Partner shall conduct and document a transfer impact assessment prior to implementing SCCs, addressing the legal regime of the destination country and any supplementary measures implemented – Partner shall review and update SCCs as required by changes in applicable law

(ii) Binding Corporate Rules (BCRs): If Partner has approved BCRs, Partner may rely on its BCRs for intra-group transfers, provided that the BCRs cover the categories of Personal Data being transferred

(iii) Adequacy Decisions: Where available, Partner may rely on adequacy decisions issued by relevant authorities (e.g., European Commission) recognizing that a particular jurisdiction provides adequate protection for Personal Data

(iv) Derogations: In limited circumstances, Partner may rely on derogations (e.g., explicit consent, necessity for contract performance) as permitted by applicable law, but shall prioritize the implementation of systematic transfer mechanisms when possible

(v) Regional Transfer Mechanisms: Partner shall implement region-specific transfer mechanisms as required, including but not limited to: – UK International Data Transfer Agreements (IDTAs) for UK data transfers – Swiss-specific addenda for Swiss data transfers – Other regional mechanisms that may emerge following Smackdab’s 2026 international expansion

(c) Supplementary Measures. In addition to the formal transfer mechanisms, Partner shall implement appropriate supplementary measures where necessary to ensure that transferred Personal Data receives an essentially equivalent level of protection, which may include:

(i) Technical Measures: – End-to-end encryption with keys managed exclusively in the data exporter’s jurisdiction – Pseudonymization or tokenization techniques that render data unintelligible without additional information kept separately in the data exporter’s jurisdiction – Multi-factor authentication and strict access controls – Technical measures specific to the integration as outlined in Section 11 of this Agreement

(ii) Contractual Measures: – Additional contractual safeguards beyond those in the SCCs – Transparency obligations regarding government access requests – Commitments to challenge government access requests where legally possible – Regular compliance certifications and audits

(iii) Organizational Measures: – Documented and tested procedures for handling government access requests – Data minimization practices to limit exposure of sensitive data – Staff training on cross-border data protection requirements – Clear allocation of responsibilities for data protection compliance

(d) Data Localization Requirements. Partner acknowledges that some Clients may be subject to data localization requirements that restrict cross-border transfers of their data. In such cases, Partner shall:

(i) Adhere to any data localization requirements specified in the Client’s agreement with Smackdab (ii) Process Client Data only in authorized jurisdictions (iii) Implement technical controls to ensure compliance with localization requirements (iv) Maintain auditable records of data processing locations

(e) Suspension of Transfers. If Partner determines that it cannot comply with its obligations regarding cross-border data transfers due to changes in law or other circumstances, it shall promptly notify Smackdab, and the parties shall cooperate to implement alternative transfer mechanisms or, if no such mechanisms are available, suspend the affected transfers.

Accessibility Compliance

Partner shall make commercially reasonable efforts to ensure its integration complies with applicable accessibility laws and standards, including:

(a) The Web Content Accessibility Guidelines (WCAG) 2.1 Level AA or current equivalent;

(b) Section 508 of the Rehabilitation Act, if applicable; and

(c) The Americans with Disabilities Act (ADA) and similar state laws, if applicable.

Partner shall periodically test its integration for accessibility compliance and promptly address identified issues.

Partner shall provide accessibility documentation for its integration, including any known limitations.

⚠️ ATTORNEY REVIEW NOTE: Review this section to ensure it adequately addresses current data privacy and accessibility requirements. With Smackdab’s planned international expansion in 2026, consider adding more specific provisions regarding cross-border data transfers and international privacy compliance. Ensure the accessibility requirements align with the latest standards and case law in this rapidly evolving area.

15. NON-COMPETITION AND NON-SOLICITATION

Limited Non-Competition

During the Term of this Agreement and for one (1) year thereafter, Partner shall not develop, market, sell, or distribute any product or service that:

(a) Is substantially similar to the Services; and

(b) Directly competes with the core functionality of the Services; and

(c) Is marketed primarily to the same target customers as the Services.

Nothing in this section shall prohibit Partner from:

(a) Developing, marketing, selling, or distributing products or services that integrate with or complement the Services;

(b) Continuing to develop, market, sell, or distribute products or services that existed prior to this Agreement; or

(c) Developing, marketing, selling, or distributing general-purpose products or services that may have some overlapping features with the Services but are not direct replacements for the Services.

This limited non-competition provision is narrowly tailored to protect Smackdab’s legitimate business interests while allowing Partner to continue its business activities that do not directly compete with the Services.

Non-Solicitation of Clients

During the Term of this Agreement and for one (1) year thereafter, Partner shall not, directly or indirectly:

(a) Solicit or attempt to solicit any Client to terminate or reduce their relationship with Smackdab for the purpose of obtaining services that directly compete with the Services; or

(b) Assist any third party in soliciting any Client to terminate or reduce their relationship with Smackdab for the purpose of obtaining services that directly compete with the Services.

Nothing in this section shall prohibit Partner from:

(a) Engaging in general marketing or advertising not specifically targeted at Clients;

(b) Providing services to Clients that do not compete with the Services; or

(c) Responding to unsolicited requests from Clients for services that do not compete with the Services.

Non-Solicitation of Employees

During the Term of this Agreement and for one (1) year thereafter, neither party shall, directly or indirectly, solicit or attempt to solicit any employee or contractor of the other party with whom it had material contact during the Term to terminate their employment or engagement with the other party.

This section shall not apply to:

(a) General solicitations not specifically directed at employees or contractors of the other party (such as job postings on public websites); or

(b) Solicitations of employees or contractors who have ceased to be employed or engaged by the other party for at least six (6) months prior to the solicitation.

Geographic Scope

The restrictions in this Section 15 apply only within the United States during the Term of this Agreement.

After termination of this Agreement, the restrictions apply only within the states or regions where both:

(a) Smackdab had active Clients as of the termination date; and

(b) Partner provided integration services for Clients as of the termination date.

Acknowledgment of Reasonableness

Partner acknowledges that the restrictions contained in this Section 15 are reasonable in terms of duration, scope, and geographic area and are necessary to protect Smackdab’s legitimate business interests, including but not limited to:

(a) Protection of confidential and proprietary information;

(b) Preservation of client relationships;

(c) Protection of goodwill; and

(d) Prevention of unfair competition.

Partner acknowledges that it has received sufficient consideration for the restrictions contained in this Section 15.

⚠️ ATTORNEY REVIEW NOTE: Carefully review the non-competition and non-solicitation provisions to ensure they are enforceable under applicable state laws. Non-competition agreements are subject to strict scrutiny in many jurisdictions, and some states (such as California) generally prohibit them except in limited circumstances. Consider modifying the geographic scope, duration, or substantive restrictions based on the jurisdictions where enforcement would be most important. Also, ensure that the “legitimate business interests” being protected are explicitly identified and that the restrictions are no broader than necessary to protect those interests.

16. DISPUTE RESOLUTION AND GOVERNING LAW

Governing Law. This Tech Agreement shall be governed by and construed in accordance with the laws of the State of Florida, United States of America, without regard to its conflict of law provisions. The United Nations Convention on Contracts for the International Sale of Goods does not apply to this Tech Agreement.

Compliance with Export Control Laws. Each party shall comply with all applicable export control laws and regulations, including the Export Administration Regulations maintained by the U.S. Department of Commerce, and shall not export, re-export, or transfer, directly or indirectly, any technical data or products received from the other party, or the direct product of such technical data, to any destination, person, or entity prohibited or restricted by applicable laws or regulations, without obtaining prior authorization from the relevant government authorities as required by those laws and regulations.

Dispute Resolution.

All disputes arising out of or in connection with this Tech Agreement shall be resolved in accordance with the dispute resolution provisions set forth in Section 9 of the General Agreement.

For disputes specifically related to technical aspects of the integration, including but not limited to API functionality, integration performance, and security requirements, the parties agree to engage technical experts with relevant domain expertise during the dispute resolution process described in Section 9.1 of the General Agreement.

Force Majeure. Neither party shall be liable for any failure or delay in performance under this Tech Agreement (except for payment obligations) due to causes beyond its reasonable control, in accordance with the force majeure provisions set forth in Section 11.8 of the General Agreement.

Assignment. Neither party may assign or transfer this Tech Agreement, in whole or in part, without the other party’s prior written consent, which shall not be unreasonably withheld, conditioned, or delayed, except that either party may assign this Tech Agreement without consent to its successor in interest in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Any attempted assignment in violation of this section shall be void and without effect.

Severability. If any provision of this Tech Agreement is held to be invalid or unenforceable, the remaining provisions will remain in effect and the parties will substitute a valid, legal, and enforceable provision that most closely achieves the intent and economic effect of the invalid provision.

Waiver. No failure or delay by either party in exercising any right under this Tech Agreement will constitute a waiver of that right. No waiver under this Tech Agreement will be effective unless made in writing and signed by an authorized representative of the party being deemed to have granted the waiver.

Notices. All notices and other communications under this Tech Agreement shall be in writing and shall be deemed to have been given in accordance with Section 11.2 of the General Agreement.

Relationship of the Parties. The parties are independent contractors. This Tech Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the parties.

Entire Agreement. This Tech Agreement, together with the General Agreement and any applicable Order Forms, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Tech Agreement shall be effective unless in writing and signed by both parties.

⚠️ ATTORNEY REVIEW NOTE: Review these additional legal provisions for consistency with the General Agreement’s legal terms. Confirm that the dispute resolution procedures referenced in Section 16.3 align properly with Section 9 of the General Agreement, particularly regarding the jurisdiction and venue for any legal proceedings. Consider whether additional language is needed to address potential compliance requirements for international partners as Smackdab expands beyond the US in 2026. The export control provisions should be reviewed to ensure they adequately address both US export control laws and potential international regulations.

17. CONTACT INFORMATION

For questions or concerns regarding this Agreement or the Technology Partner Program, please contact:

Technology Partner Program Team:
 Email: [email protected]
Phone: +1 (555) 456-7890

Technical Support:
 Email: [email protected]
Phone: +1 (555) 567-8901

Legal Department:
 Email: [email protected]
Mail: Smackdab Inc., 372 Live Oak Ln, Marco Island, FL 34145
United States

Data Privacy Inquiries:
 Email: [email protected]
Phone: +1 (555) 678-9012

© 2025 Smackdab Inc. All rights reserved.

⚠️ ATTORNEY REVIEW NOTE: This Technology Partner Agreement works in conjunction with the General Partner Agreement to establish the terms for partners who develop integrations with Smackdab’s platform. This structure allows for clear delineation of general terms that apply to all partners versus specific terms that apply only to Technology Partners. The document should be reviewed by legal counsel familiar with technology agreements, particularly regarding API access, intellectual property provisions, and security requirements.

The Technical Security Requirements section (Section 11) should be carefully reviewed to ensure it adequately addresses current security threats and compliance requirements, particularly given the expansion of data privacy regulations in recent years. Consider whether additional provisions are needed to address AI/ML applications, data sharing for analytics, or emerging integration technologies.

The Privacy and Accessibility Compliance section (Section 14) should be reviewed for alignment with the latest developments in privacy laws across multiple jurisdictions as well as recent ADA litigation concerning digital accessibility. In light of Smackdab’s planned international expansion in 2026, consider whether this section should include specific provisions for cross-border data transfers or region-specific compliance requirements.

Now that this document includes substantial requirements regarding insurance, security, accessibility, and privacy compliance, assess whether the agreement creates overly burdensome barriers to entry for smaller technology partners while still providing adequate protections for Smackdab and its clients.