Provisio EHS

Invoice reference

Subscription services are governed by the Provisio EHS Master Subscription Agreement available at https://www.provisioehs.com/subscription-agreement. Executed Order Forms and signed agreements control over this web version.

Provisio EHS Master Subscription Agreement

Last updated: June 3, 2026

Provider: Safety-Chat, LLC DBA Provisio EHS

This Master Subscription Agreement (this "Agreement") is entered into as of the last signature below (the "Effective Date") by and between Safety-Chat, LLC DBA Provisio EHS, a Utah limited liability company with its principal place of business at 537 E 1150 N, Logan, UT 84341 ("Provider"), and the customer entity identified in the applicable Order Form ("Customer"). Provider and Customer are each referred to as a "Party" and collectively as the "Parties."

RECITALS

WHEREAS, Provider offers the Provisio EHS Safety Management Suite as a software-as-a-service solution, including modules for incident management, training, inspections, AI-assisted tools, and related features; and

WHEREAS, Customer desires to access and use the Services, and Provider agrees to provide such access and use, subject to the terms and conditions of this Agreement.

NOW, THEREFORE, in consideration of the mutual covenants and agreements herein, the Parties agree as follows:

1. AGREEMENT STRUCTURE AND ORDERING

1.1 Order Forms

The specific products, subscription quantities, annual fees, subscription term (e.g., 1, 2, or 3 years), enabled Add-On Modules, usage limits (including Platform User Licenses, LMS Learner Licenses, SDS Document Limits, Purchased SDS Refreshes, and Purchased New SDS Requests), and any implementation or professional services will be set forth in one or more ordering documents executed by the Parties that reference this Agreement (each, an "Order Form"). Each Order Form is incorporated into this Agreement by reference. All recurring subscription fees are billed annually in advance as set forth in Section 5.2.

1.2 Precedence

In the event of a conflict between the documents comprising this Agreement, the following order of precedence shall apply: (a) the applicable Order Form; (b) the Data Processing Addendum, solely with respect to data protection matters; (c) this Agreement; and (d) the Service Level Agreement and Acceptable Use Policy.

1.3 Incorporated Documents

The following documents are attached to and incorporated into this Agreement:

  • Service Level Agreement (SLA)
  • Data Processing Addendum (DPA)
  • Acceptable Use Policy (AUP)

Commercial terms (products, fees, quantities, and term) are set forth in separately executed Order Forms under Section 1.1.

2. DEFINITIONS

2.1 Affiliate

Affiliate means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where "control" means ownership or control of more than 50% of the voting interests of the subject entity.

2.2 Add-On Module

Add-On Module means an optional feature set enabled under an Order Form, including without limitation the Safety Data Sheet (SDS) Database, Learning Management System (LMS), Audit App, Asset Database, Client Management, Ergonomic Evaluations, and Contractor Management modules.

2.3 Customer Data

Customer Data means all electronic data or information submitted to or processed through the Services by or on behalf of Customer or its Users.

2.4 Confidential Information

Confidential Information means any non-public information disclosed by one Party (the "Discloser") to the other Party (the "Recipient") that is designated as confidential or that, given the nature of the information or circumstances of disclosure, should reasonably be understood to be confidential.

2.5 Documentation

Documentation means Provider's user guides, policies, help files, and training materials for the Services, as updated from time to time, and made available to Customer.

2.6 LMS Learner License

LMS Learner License means a single annual entitlement for one (1) unique User to be assigned one (1) or more courses through the LMS module during a twelve (12) month LMS License Term, as specified in the Order Form. LMS Learner Licenses are consumed upon first assignment or enrollment and are non-transferable as set forth in Section 3.7.3.

2.7 New SDS Request

New SDS Request means Customer's request for Provider to locate, ingest, review, and publish an SDS Document not previously included in Customer's subscribed SDS Document count.

2.8 Platform User License

Platform User License means a subscription entitlement for one (1) unique User authorized to access the Services (excluding LMS-only subscriptions, which may be limited to LMS access only), as specified in the Order Form.

2.9 SDS Document

SDS Document means a Safety Data Sheet record hosted, indexed, or made available to Customer through the SDS Database module.

2.10 SDS Refresh

SDS Refresh means Provider's processing of an update or replacement to an existing SDS Document already assigned to Customer, including review, extraction, approval, and publication of a newer revision. SDS Refreshes do not include net-new SDS Documents unless expressly purchased as New SDS Requests. SDS Refreshes are not included in the SDS Database module subscription fee and must be purchased separately as set forth in Section 3.7.4.

2.11 Purchased SDS Refreshes

Purchased SDS Refreshes means the quantity of SDS Refreshes Customer has expressly purchased on an Order Form for the applicable contract period, at the fees stated thereon. Unless the Order Form states otherwise, the default is zero (0) Purchased SDS Refreshes.

2.12 Services

Services means the Provisio EHS / Safety-Chat Safety Management Suite provided as SaaS, including modules enabled in the applicable Order Form (e.g., incident management, inspections, tasks, documents/SOPs, training tracker, AI-assisted tools, and any purchased Add-On Modules).

2.13 Subscription Term

Subscription Term means the initial subscription period specified in an Order Form and any subsequent renewal terms, as further defined in Section 4.2.

2.14 Usage Data

Usage Data means de-identified, aggregated data or system metadata relating to the use and performance of the Services that does not identify Customer, its Users, or any natural person.

2.15 User

User means an individual authorized by Customer to access and use the Services under Customer's account in accordance with this Agreement.

3. ACCESS AND USE OF SERVICES

3.1 License Grant

Subject to the terms of this Agreement and the applicable Order Form, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable, revocable, worldwide right during the Subscription Term for its Users to access and use the Services solely for Customer's internal business purposes.

3.2 Use Restrictions

Customer shall not, and shall ensure its Users do not:

  • (a) license, sublicense, sell, resell, rent, lease, distribute, or otherwise make the Services available to any third party (except as expressly permitted for Users);
  • (b) reverse engineer, decompile, disassemble, or attempt to derive the source code of the Services, except to the extent permitted by applicable law;
  • (c) use the Services to store, transmit, or process infringing, unlawful, or harmful content;
  • (d) interfere with, disrupt, or attempt to gain unauthorized access to the Services or their underlying systems;
  • (e) use the Services to develop, train, or improve a competing product or service; or
  • (f) violate the Acceptable Use Policy.

3.3 Customer Responsibilities

Customer shall:

  • (a) ensure that its Users comply with this Agreement and the Acceptable Use Policy;
  • (b) be responsible for the accuracy, quality, legality, and appropriateness of Customer Data;
  • (c) maintain the confidentiality of User credentials and promptly notify Provider of any suspected unauthorized use or security breach; and
  • (d) comply with all applicable laws, including data protection, privacy, and export control laws, in its use of the Services.

3.4 Suspension of Access

Provider may suspend Customer's or any User's access to the Services upon reasonable notice if:

  • (a) any payment is more than 30 days past due, after at least 7 days' prior written notice;
  • (b) Customer's or a User's use of the Services poses a security risk, violates the Acceptable Use Policy, or is otherwise unlawful; or
  • (c) Customer materially breaches this Agreement.

Provider will promptly restore access upon Customer's cure of the underlying issue.

3.5 Service Modifications

Provider may modify the features or functionality of the Services from time to time but will not materially degrade the core value or functionality of the Services during the Subscription Term. If a material degradation occurs and Provider cannot reasonably remedy it within 30 days of Customer's written notice, Customer may terminate the affected Order Form and receive a pro-rata refund of prepaid, unused fees for the terminated portion.

3.6 Trial and Beta Features

Any beta, preview, or trial features are provided "AS IS" without warranties or service level commitments. Provider may modify or discontinue such features at its discretion with notice to Customer.

3.7 Module Add-Ons and Usage Limits

3.7.1 Order Form Controls

Access to Add-On Modules, quantities, and usage limits are governed exclusively by the applicable Order Form. If an Add-On Module is not listed on the Order Form, it is not included in the subscription.

3.7.2 Platform User Licenses

Customer's Platform User License count limits the number of Users who may hold active login access to the Services. Platform User Licenses are distinct from LMS Learner Licenses.

3.7.3 LMS Learner Licenses

  • (a) Term. Each LMS Learner License is valid for twelve (12) months from the Order Form's LMS subscription start date or renewal date (the "LMS License Term"), unless a different term is stated in the Order Form.
  • (b) Consumption. An LMS Learner License is deemed consumed when a User is first assigned to, enrolled in, or otherwise granted access to any LMS course, learning path, package, or training assignment during the LMS License Term, whether or not the User completes the training.
  • (c) Non-Transferability. Once consumed, an LMS Learner License may not be reassigned, transferred, or recycled to another User during the same LMS License Term, including if the original User is deactivated, terminated, leaves Customer's organization, or no longer requires training.
  • (d) No Carryover. Unused LMS Learner Licenses do not roll over to subsequent LMS License Terms unless expressly stated in the Order Form.
  • (e) Training Records Only. LMS completion records, certificates, and progress data reflect activity within the Services only and do not, by themselves, satisfy regulatory training requirements unless Customer independently confirms content, duration, qualified instructor requirements, and record retention rules.
  • (f) No Accreditation. Unless expressly stated in an Order Form, Provider does not represent that any course is OSHA-approved, ANSI-accredited, state-approved, or equivalent to a third-party credential.

3.7.4 SDS Database

  • (a) SDS Database Module Fee. The SDS Database Add-On subscription fee covers access to the SDS Database module, including hosting, indexing, search, favorites, and management of SDS Documents up to the SDS Document Limit specified on the Order Form. The SDS Database module fee does not include SDS Refreshes, New SDS Requests, priority processing, integrations, or other SDS-related professional services unless those items are separately listed on the Order Form with their own quantities and fees.
  • (b) SDS Refreshes Are a Separate Add-On. SDS Refreshes are not included in the regular SDS Database module fee. Customer must purchase SDS Refreshes explicitly on the Order Form (or a subsequent written add-on) as Purchased SDS Refreshes, at Provider's then-current refresh rates unless otherwise negotiated. If the Order Form does not list Purchased SDS Refreshes, Customer has zero (0) SDS Refreshes for that contract period.
  • (c) No Automatic or Implied Refreshes. Provider does not grant automatic, recurring, bundled, promotional, tier-default, or implied SDS Refreshes as part of the SDS Database module or any base subscription. Each SDS Refresh consumes one (1) Purchased SDS Refresh until the purchased quantity is exhausted.
  • (d) Refresh vs. New Request. Updating or replacing an existing SDS Document counts as one (1) SDS Refresh (and requires an available Purchased SDS Refresh). Adding an SDS Document that increases Customer's total hosted SDS count counts as one (1) New SDS Request (if purchased separately on the Order Form) and also counts toward the SDS Document Limit.
  • (e) Hard Limits. Provider may suspend or decline SDS Refresh processing, New SDS Request processing, or additional SDS hosting once applicable limits are reached until Customer purchases additional Purchased SDS Refreshes, New SDS Requests, or SDS Document capacity on a written add-on or Order Form amendment.
  • (f) Not the Authoritative SDS. SDS Documents and extracted data displayed in the Services are provided for convenience and workflow support only. They do not replace, supersede, or constitute the manufacturer's or supplier's official Safety Data Sheet.
  • (g) Customer Verification Required. Before any workplace use, storage, handling, labeling, training, exposure assessment, emergency planning, or regulatory submission, Customer must obtain, review, and rely upon the current official SDS issued by the chemical manufacturer, importer, or authorized distributor.
  • (h) Manufacturer Prevails. In the event of any conflict between information in the Services and the manufacturer's official SDS, the official SDS controls.

3.7.5 Module-Linked Courses and Content

  • (a) The LMS and other modules may display courses, packages, learning paths, or features that require an Add-On Module (e.g., Contractor Management, SDS Database). Unless that Add-On Module is enabled on Customer's Order Form, Customer may not access, assign, enroll in, or complete such content.
  • (b) Provider may show locked or preview listings for add-on content Customer has not purchased. Locked content does not grant any license or usage rights.
  • (c) Base LMS or platform subscriptions do not include add-on module content unless expressly listed on the Order Form.

3.7.6 Measurement

Provider's internal usage meters, administrative records, and subscription configuration control for purposes of billing, suspension, and limit enforcement.

3.8 Customer Compliance and Regulatory Responsibility

  • (a) Customer is solely responsible for its workplace safety, health, environmental compliance, and regulatory obligations, including without limitation OSHA, EPA, DOT, state, local, and industry-specific requirements. The Services are administrative and informational tools only. Provider does not act as Customer's safety officer, industrial hygienist, legal counsel, or compliance consultant.
  • (b) Provider does not warrant or guarantee that Customer's use of the Services will result in compliance with any law, regulation, standard, audit, inspection, citation, or third-party requirement. Customer remains responsible for all citations, penalties, fines, violations, recordkeeping deficiencies, and enforcement actions arising from Customer's operations, data, decisions, or failure to maintain compliant programs.
  • (c) Customer is responsible for the accuracy, completeness, timeliness, and legality of all Customer Data, including incident records, inspection results, training records, JSA/JHA content, LOTO procedures, contractor data, and chemical inventory information.

3.9 AI-Assisted and Automated Features

  • (a) AI-driven chat, search, extraction, classification, labeling, quiz generation, hazard identification, and similar features produce informational outputs only. They are not legal, regulatory, medical, industrial hygiene, or professional safety advice.
  • (b) Customer must independently review, validate, and approve all AI-generated or auto-extracted content before use in the workplace or in official records.
  • (c) Provider has no obligation to manually verify AI outputs for accuracy, regulatory fit, or completeness.

3.10 Consultant and Client Organizations

  • (a) Client Management Add-On. If Customer purchases the Client Management Add-On (or equivalent consultant functionality on the Order Form), Customer may create and manage separate client organizations within the Services for end-customer or affiliated entities Customer serves as a consultant, advisor, or multi-site operator ("Client Orgs").
  • (b) Separate Tenant Data. Each Client Org's Customer Data is logically segregated by company identifier in the Services. Customer is responsible for: (i) which Users may access each Client Org; (ii) the accuracy, legality, and permissions for all data entered into each Client Org; (iii) ensuring it has contractual and legal authority to process data for each Client Org; and (iv) communicating applicable terms, notices, and policies to Client Org Users and stakeholders.
  • (c) No Agency. Provider's provision of multi-tenant or consultant tooling does not make Provider a party to Customer's agreements with Client Orgs. Customer remains solely responsible to its Client Orgs for compliance, support, and data handling unless Provider has a direct agreement with that entity.
  • (d) Fees and Limits. Client Org counts, Platform User Licenses, and Add-On Modules may be metered per Customer account and/or per Client Org as stated on the Order Form. Customer may not exceed purchased Client Org or license limits.

3.11 Related Portals and Access Surfaces

  • (a) Main Application. The primary Provisio EHS / Safety-Chat application (e.g., suite.provisioehs.com or Customer's configured custom domain) provides the core Safety Management Suite modules enabled on the Order Form.
  • (b) Contractor Portal. If Customer purchases Contractor Management (or equivalent portal access), authorized contractors and related Users may access a separate Contractor Portal hosted on Provider-designated infrastructure (e.g., contractor portal hostnames operated by Provider). Contractor Portal access is limited to features and data Provider enables for that portal. Contractor Portal Users are subject to this Agreement and the Acceptable Use Policy.
  • (c) SDS Portal. SDS ingestion, review, refresh, and related operational workflows may be performed through a separate SDS Portal (e.g., SDS-focused hostnames operated by Provider). SDS Portal access is generally restricted to Provider personnel and Customer Users authorized for SDS administration. Customer Data processed in the SDS Portal remains subject to this Agreement.
  • (d) Dual Access. Where Provider supports a single identity accessing both the main application and a related portal, Customer is responsible for role assignment, invite acceptance, and ensuring Users access only data and functions appropriate to their role and organization.
  • (e) Scope of License. Access to each portal, hostname, or surface is included only if the corresponding Add-On Module or feature is enabled on the Order Form. Provider may change hostnames, URLs, or technical entry points with reasonable notice, provided core functionality remains available.

3.12 Public, QR Code, and Kiosk Flows

  • (a) Customer may enable public or lightly authenticated workflows (e.g., QR code links for inspections, incidents, LOTO, equipment, qualifications, contractor registration, or kiosk-mode training access) ("Public Flows").
  • (b) Customer is solely responsible for: (i) where QR codes, links, and kiosks are posted; (ii) physical and logical access to devices running Public Flows; (iii) policies and notices displayed to submitters and workers (including privacy, safety, and acceptable use); (iv) determining what information Public Flows collect; and (v) reviewing, verifying, and acting on submissions.
  • (c) Public Flows may allow submissions without full User authentication. Customer accepts the risk that submissions may be incomplete, inaccurate, or submitted by unauthorized persons, and Customer must implement its own controls (including supervision and follow-up) appropriate to its workplace.
  • (d) Provider does not guarantee identity of Public Flow submitters unless a specific identity-verification feature is expressly purchased and configured.

3.13 Third-Party Integrations

  • (a) The Services may interoperate with third-party systems (e.g., HRIS/payroll such as Paycor, Google Calendar, identity providers for SSO/SAML/OAuth, email, storage, or training content providers) ("Integrations").
  • (b) Integrations are optional and may require Customer configuration, credentials, and acceptance of third-party terms. Provider does not control third-party services and is not responsible for their availability, accuracy, security, pricing, or policy changes.
  • (c) Customer is solely responsible for: (i) authorizing and maintaining Integration connections; (ii) accuracy and legality of data synced from or sent to third-party systems; (iii) mapping of employees, departments, and organizational data; and (iv) disabling or correcting Integrations when employment or organizational data changes.
  • (d) Customer grants Provider permission to access and process Customer Data as reasonably necessary to operate enabled Integrations on Customer's instructions. Provider may suspend an Integration if it poses a security risk or violates this Agreement.
  • (e) SSO and identity Integrations authenticate Users based on Customer's identity provider configuration. Customer is responsible for provisioning, deprovisioning, and role assignment in its identity systems and in the Services.

3.14 In-Application Disclaimers and Notices

  • (a) Provider may display in-Service notices, banners, labels, and disclaimers (e.g., regarding SDS verification, AI-generated content, training certificates, regulatory compliance, or Public Flows).
  • (b) Customer acknowledges that such in-application notices supplement this Agreement and that Customer is responsible for ensuring its Users read and follow applicable notices before relying on Service outputs.
  • (c) In-application disclaimers do not reduce Customer's obligations under this Agreement or Customer's regulatory responsibilities.

4. TERM, RENEWAL, AND TERMINATION

4.1 Agreement Term

This Agreement commences on the Effective Date and continues until all Order Forms have expired or been terminated in accordance with this Agreement.

4.2 Subscription Term and Auto-Renewal

Each Order Form specifies its initial Subscription Term (e.g., 1, 2, or 3 years). Unless otherwise specified in the Order Form, each Subscription Term will automatically renew for successive one-year periods at Provider's then-current list price (or a capped increase if specified in the Order Form) unless either Party provides written notice of non-renewal at least 60 days prior to the end of the then-current Subscription Term. Renewal fees are annual fees payable in advance under Section 5.2. Provider will comply with all applicable auto-renewal disclosure and notice laws.

4.3 Early Termination for Convenience

If Customer terminates an Order Form prior to the end of the Subscription Term for convenience, Customer shall pay an Early Termination Fee as specified in the applicable Order Form, which is: 100% of the fees remaining for the Subscription Term.

4.4 Termination for Cause

Either Party may terminate this Agreement or an affected Order Form upon written notice if the other Party:

  • (a) materially breaches this Agreement and fails to cure such breach within 30 days (or 10 days for payment obligations) after receiving written notice; or
  • (b) becomes insolvent, files for bankruptcy, or is subject to similar insolvency proceedings.

4.5 Effect of Termination

Upon expiration or termination of an Order Form or this Agreement:

  • (a) Customer shall immediately cease all use of the Services;
  • (b) except as expressly provided herein, all fees paid are non-refundable and non-cancelable;
  • (c) if Customer terminates for Provider's uncured material breach, Provider will refund any prepaid, unused fees for the terminated portion of the Subscription Term; and
  • (d) for 30 days following termination, Customer may export Customer Data in a commercially reasonable, machine-readable format (e.g., CSV or JSON). Thereafter, Provider may delete Customer Data in accordance with its data retention policies, unless prohibited by applicable law.

4.6 Survival

The following provisions shall survive any expiration or termination of this Agreement: Sections 4.5 (Effect of Termination), 5 (Fees and Payment), 6 (Customer Data; Security; Privacy), 7 (Confidentiality), 8 (Intellectual Property; Feedback), 9 (Warranties; Disclaimers), 11 (Indemnification), 12 (Limitation of Liability), 13 (Compliance; Insurance; Publicity), 14 (Miscellaneous), and any accrued payment obligations.

5. FEES AND PAYMENT

5.1 Fees

Customer shall pay all fees as specified in each Order Form. Fees are quoted and payable in U.S. dollars (USD) and are non-cancelable and non-refundable except as expressly provided in this Agreement. Unless the Order Form expressly identifies a fee as one-time (e.g., implementation or professional services), subscription and recurring add-on fees are annual fees billed in accordance with Section 5.2.

5.2 Payment Terms — Annual in Advance Only

  • (a) Annual billing only. All subscription fees and recurring Add-On Module fees are payable annually in advance. Provider does not offer monthly, quarterly, semi-annual, or other installment billing for subscription fees.
  • (b) Invoice timing. For each twelve (12)-month period within the Subscription Term, the full annual subscription fees for that period are invoiced at the start of that period, as specified on the Order Form. If the Subscription Term is longer than one (1) year, Customer pays a separate annual invoice at the beginning of each successive twelve (12)-month period unless the Order Form expressly states a single upfront payment for the entire Subscription Term.
  • (c) Renewals. Renewal fees are annual fees invoiced in advance for each renewal period in accordance with Section 4.2.
  • (d) Add-ons and overages. Fees for add-on capacity, overages, or mid-term purchases are invoiced in advance for the remainder of the then-current annual period (or for the full next annual period if purchased at renewal), unless the Order Form states otherwise.
  • (e) No implied payment plans. No oral or implied agreement, quote, or checkout flow modifies this annual-in-advance requirement unless both Parties sign a written amendment.

5.3 Invoicing and Late Payments

Invoices are due within 30 days of the invoice date. Overdue amounts shall accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law, plus reasonable collection costs (including attorneys' fees).

5.4 Taxes

Fees exclude all applicable taxes, levies, or duties (e.g., sales, use, VAT/GST), which are Customer's responsibility, except for taxes based on Provider's net income.

5.5 Excess Usage and Add-On Overages

If Customer's use exceeds quantities or usage limits specified in the Order Form, including Platform User Licenses, LMS Learner Licenses, SDS Document Limit, Purchased SDS Refreshes, Purchased New SDS Requests, or other metered features, Provider may invoice Customer for overages at Provider's then-current annual add-on rates, prorated for the remainder of the then-current annual period, and/or suspend the relevant feature until additional capacity is purchased. SDS Refreshes are not available under the SDS Database module fee; excess refresh or new-request volume is not performed unless expressly purchased in writing at the applicable add-on rates.

5.6 Audit Rights

Upon reasonable notice and no more than twice per 12-month period, Provider may audit Customer's use of the Services to verify compliance with the Order Form. Customer shall reasonably cooperate with such audits. If an audit reveals underpayment of more than 5%, Customer shall promptly pay the shortfall plus reasonable audit costs.

5.7 Money Back Guarantee

If Customer elects to terminate this Agreement for any reason within thirty (30) days following the Effective Date of the applicable Order Form, Provider will refund any Subscription Fees actually paid by Customer under such Order Form. This money-back guarantee applies only to the initial Subscription Term of the first Order Form entered into between the Parties and does not apply to renewals, add-on services, or subsequent Order Forms.

6. CUSTOMER DATA, SECURITY, AND PRIVACY

6.1 Ownership of Customer Data

Customer retains all right, title, and interest in and to Customer Data, including all intellectual property rights therein.

6.2 Use of Customer Data

Provider may process Customer Data solely to: (a) provide, secure, support, and maintain the Services; (b) improve the Services through aggregated and de-identified analytics; and (c) prevent or address technical or security issues. Provider shall not sell Customer Data or use it for targeted advertising.

6.3 Security Measures

Provider shall implement and maintain industry-standard administrative, physical, and technical safeguards to protect Customer Data, including:

  • (a) encryption of data in transit and at rest;
  • (b) access controls and least-privilege role management;
  • (c) vulnerability management and regular security assessments;
  • (d) logging and monitoring of access and system activity; and
  • (e) disaster recovery and business continuity measures with periodic backups.

Provider shall maintain a Platform-Level Security (or equivalent industry-standard security certification) during the Subscription Term, subject to Section 6.10 regarding SOC 2 status.

6.4 Security Incident Notification

Provider shall notify Customer without undue delay, and in no event later than 72 hours, after becoming aware of a confirmed security incident involving unauthorized access to or disclosure of Customer Data.

6.5 Data Processing Addendum

If Provider processes Personal Data on behalf of Customer, the Data Processing Addendum shall apply. If the Services involve protected health information under HIPAA, the Parties shall execute a Business Associate Agreement prior to such processing.

6.6 Usage Data

Provider may collect and use Usage Data to operate, analyze, and improve the Services, provided such data is de-identified, aggregated, and does not identify Customer or any individual.

6.7 Data Export and Deletion

During the Subscription Term and for 30 days thereafter, Customer may export Customer Data in a commercially reasonable, machine-readable format (e.g., CSV or JSON). Provider may charge reasonable professional services fees for export assistance beyond standard functionality. After such 30-day period, Provider may delete Customer Data in accordance with its retention policies, unless prohibited by applicable law.

6.8 Sub-processors

Provider may engage sub-processors to provide portions of the Services, provided such sub-processors are bound by data protection obligations at least as protective as those in this Agreement. Provider shall maintain an up-to-date list of sub-processors (available upon request or at a URL Provider designates) and notify Customer of material additions or replacements to sub-processors at least thirty (30) days in advance where practicable.

Customer may object to a new or replaced sub-processor on reasonable, data-protection-related grounds by written notice within thirty (30) days of Provider's notification. The Parties shall work together in good faith to address the objection. If the Parties cannot resolve a legitimate objection within a reasonable period, Customer's exclusive remedy is to terminate the affected Services (or Order Form) upon written notice and receive a pro-rata refund of prepaid, unused fees for the terminated portion, unless the Parties agree otherwise in writing.

6.9 Data Location and Residency

Unless otherwise specified in the Order Form or DPA, Customer Data is processed and stored in the United States. Customer shall not use the Services in a manner that requires data residency, localization, or processing outside the United States (including in the European Economic Area or United Kingdom) without Provider's prior written agreement and applicable DPA terms. Customer is responsible for ensuring its use of the Services complies with cross-border transfer requirements applicable to Customer.

6.10 Security Certifications, SOC 2, and Enterprise Audit Documentation

  • (a) Security Program. Provider maintains a security program aligned with industry practices for SaaS providers handling Customer Data.
  • (b) SOC 2 Status. Provider is currently undergoing an initial SOC 2 examination. Unless Provider expressly confirms completion in writing, Provider does not represent that a SOC 2 Type I or Type II report is available or that certification is complete. Customer acknowledges that audit timelines and outcomes are outside Provider's full control.
  • (c) Reports When Available. After Provider completes an applicable SOC 2 (or equivalent) report covering the Services, Provider may make summary or report materials available to Customer upon written request, subject to confidentiality restrictions and reasonable frequency limits (typically once per twelve (12) months per Customer entity), and may require execution of a non-disclosure agreement.
  • (d) No Reliance During Audit. Customer may not rely on SOC 2 or similar reports that do not yet exist or that do not cover the specific Services Customer uses. Provider's security obligations under this Agreement are as stated herein and in the Data Processing Addendum, not as implied by future audit status.
  • (e) Questionnaires. Provider may respond to reasonable security questionnaires from Customer no more than once per twelve (12) months, unless required by a material regulatory event or enterprise Order Form addendum.

7. CONFIDENTIALITY

7.1 Obligations

Each Party shall:

  • (a) protect the other Party's Confidential Information with at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care;
  • (b) use Confidential Information solely for the purposes of this Agreement; and
  • (c) disclose Confidential Information only to its employees, contractors, or Affiliates who have a need to know and are bound by confidentiality obligations at least as restrictive as those herein.

7.2 Exclusions

Confidential Information does not include information that:

  • (a) is or becomes publicly available without breach of this Agreement;
  • (b) was known to the Recipient prior to disclosure without restriction;
  • (c) is independently developed by the Recipient without use of or reference to the Discloser's Confidential Information; or
  • (d) is rightfully received by the Recipient from a third party without confidentiality restrictions.

7.3 Compelled Disclosure

If the Recipient is compelled by law to disclose Confidential Information, it shall provide the Discloser with prompt notice (if legally permitted) and reasonable cooperation to limit or contest such disclosure. Any disclosure shall be limited to the minimum extent required by law.

7.4 Return or Destruction

Upon termination of this Agreement or at the Discloser's written request, the Recipient shall promptly return or destroy all Confidential Information, except as required to be retained by law or for archival purposes under confidentiality obligations.

8. INTELLECTUAL PROPERTY AND FEEDBACK

8.1 Provider's Intellectual Property

Provider and its licensors retain all right, title, and interest in and to the Services, Documentation, and all related intellectual property, including any improvements, modifications, or derivative works. No rights are granted to Customer except as expressly set forth in this Agreement.

8.2 Feedback License

If Customer or its Users provide suggestions, enhancement requests, or other feedback regarding the Services, Customer grants Provider a worldwide, perpetual, irrevocable, royalty-free, fully paid-up license to use, reproduce, modify, distribute, and incorporate such feedback into the Services or other offerings without restriction or obligation to Customer.

9. WARRANTIES AND DISCLAIMERS

9.1 Provider Warranties

Provider warrants that, during the Subscription Term: (a) the Services will materially conform to the Documentation when used in accordance with this Agreement; and (b) Provider will use commercially reasonable efforts to prevent the introduction of malicious code into the Services.

9.2 Customer Warranties

Customer represents and warrants that:

  • (a) it has all necessary rights and permissions to provide Customer Data to Provider for use in accordance with this Agreement; and
  • (b) its use of the Services and provision of Customer Data will comply with all applicable laws, including data protection, privacy, export control, and anti-corruption laws.

9.3 Remedy for Breach of Warranty

If the Services fail to conform to the warranty in Section 9.1(a), Provider's sole obligation, and Customer's exclusive remedy, shall be to use commercially reasonable efforts to correct such non-conformance. If correction is not commercially feasible within 30 days of notice, Customer may terminate the affected Order Form and receive a pro-rata refund of prepaid, unused fees for the terminated portion.

9.4 Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN SECTION 9, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." PROVIDER DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. PROVIDER DOES NOT WARRANT THAT: (i) THE SERVICES WILL ENSURE REGULATORY OR OSHA COMPLIANCE; (ii) SDS DOCUMENTS OR EXTRACTED DATA ARE COMPLETE, CURRENT, OR AUTHORITATIVE; (iii) AI-GENERATED CONTENT IS ACCURATE OR FIT FOR CUSTOMER'S WORKPLACE; OR (iv) CUSTOMER WILL AVOID INSPECTION CITATIONS, PENALTIES, OR ENFORCEMENT ACTIONS.

10. SUPPORT AND SERVICE LEVELS

10.1 Support and SLA

Provider shall provide support and meet the service levels as set forth in the Service Level Agreement. Service credits, if any, shall be Customer's sole and exclusive remedy for Provider's failure to meet the SLA. Service credits are calculated with reference to annual subscription fees under Section 5.2, as further described in the Service Level Agreement.

10.2 Updates and Upgrades

Provider may provide updates or upgrades to the Services at its discretion, provided such updates do not materially reduce the core functionality of the Services during the Subscription Term.

11. INDEMNIFICATION

11.1 By Provider

Provider shall defend, indemnify, and hold harmless Customer and its Affiliates, officers, directors, and employees from and against any third-party claim alleging that the Services, when used in accordance with this Agreement, infringe a valid U.S. patent, copyright, or trade secret. Provider shall pay all damages and costs (including reasonable attorneys' fees) finally awarded or agreed in settlement, provided Customer:

  • (a) promptly notifies Provider in writing of the claim;
  • (b) grants Provider sole control of the defense and settlement; and
  • (c) provides reasonable cooperation at Provider's expense.

If an infringement claim arises, Provider may, at its option: (i) procure the right for Customer to continue using the Services; (ii) modify or replace the Services to make them non-infringing without materially reducing functionality; or (iii) terminate the affected Order Form and refund prepaid, unused fees for the terminated portion.

11.2 Exclusions

Provider shall have no obligation under Section 11.1 for claims arising from:

  • (a) Customer Data or Customer's use of the Services in violation of this Agreement;
  • (b) modifications to the Services not made by Provider;
  • (c) combinations of the Services with third-party products or services not provided or approved by Provider; or
  • (d) use of the Services after Provider has notified Customer to discontinue use due to an infringement claim.

11.3 By Customer

Customer shall defend, indemnify, and hold harmless Provider and its Affiliates, officers, directors, and employees from and against any third-party claim arising from:

  • (a) Customer Data or Customer's use of the Services in violation of this Agreement or applicable law;
  • (b) Customer's breach of its representations or warranties under Section 9.2; or
  • (c) Customer's reliance on SDS Documents, labels, AI outputs, or training records without independent verification against official manufacturer documentation or applicable law.

Customer shall pay all damages and costs (including reasonable attorneys' fees) finally awarded or agreed in settlement, provided Provider complies with the procedural requirements in Section 11.1(a)–(c).

11.4 Exclusive Remedy

This Section 11 sets forth each Party's sole and exclusive obligations and remedies with respect to third-party claims of intellectual property infringement or misappropriation.

12. LIMITATION OF LIABILITY

12.1 Liability Cap

Except for Excluded Claims (defined below), each Party's aggregate liability arising out of or related to this Agreement, whether in contract, tort, or otherwise, shall not exceed the total fees paid or payable by Customer to Provider under the applicable Order Form in the 12 months preceding the event giving rise to the claim.

12.2 Exclusion of Damages

Except for Excluded Claims, neither Party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, or business opportunities, even if advised of the possibility of such damages.

12.3 Excluded Claims

"Excluded Claims" means:

  • (a) a Party's indemnification obligations under Section 11;
  • (b) a Party's breach of Section 7 (Confidentiality);
  • (c) Customer's payment obligations under Section 5; or
  • (d) a Party's willful misconduct or gross negligence.

13. COMPLIANCE, INSURANCE, AND PUBLICITY

13.1 Compliance with Laws

Each Party shall comply with all applicable laws, regulations, and ordinances in connection with this Agreement, including data protection, privacy, export control, and anti-corruption laws. Customer shall comply with the Acceptable Use Policy.

13.2 Insurance

During the Subscription Term, Provider shall maintain commercially reasonable insurance coverage, including:

  • (a) technology errors and omissions/cyber liability insurance with limits of at least $1,000,000 per occurrence; and
  • (b) commercial general liability insurance with limits of at least $1,000,000 per occurrence and $2,000,000 in the aggregate.

Provider shall provide certificates of insurance upon Customer's reasonable request.

13.3 Publicity

Provider may identify Customer (including its name and logo) as a customer in marketing materials and customer lists, subject to Customer's right to opt out by providing written notice to Provider. Any other publicity or use of a Party's trademarks requires prior written consent.

13.4 Export Controls

Customer acknowledges that the Services may be subject to U.S. and international export control laws and agrees not to export, re-export, or transfer the Services or any related technology without complying with such laws.

13.5 Public and Unauthenticated Access

Customer is responsible for all use of Public Flows (Section 3.12), including posted policies, workplace notices, and supervision of submissions. Provider's provision of Public Flow capabilities does not constitute approval of Customer's workplace policies or verification of submitter identity.

14. MISCELLANEOUS

14.1 Governing Law and Venue

This Agreement shall be governed by and construed in accordance with the laws of the State of Utah without regard to its conflict of laws principles. Any legal action arising under this Agreement shall be brought exclusively in the state or federal courts located in Salt Lake City, Utah, and each Party consents to the personal jurisdiction and venue of such courts.

Optional (only if expressly initialed on the Order Form): The Parties agree that any disputes shall be resolved through binding arbitration under the Commercial Arbitration Rules of the American Arbitration Association (AAA) in Salt Lake City, Utah, with each Party bearing its own costs.

14.2 Assignment

Neither Party may assign this Agreement or any Order Form without the prior written consent of the other Party, except to an Affiliate or in connection with a merger, acquisition, or sale of substantially all of its assets, provided the assignee is not a direct competitor of the non-assigning Party and agrees in writing to be bound by this Agreement. Any attempted assignment in violation of this Section is void.

14.3 Notices

All notices under this Agreement must be in writing and are deemed given:

  • (a) when delivered personally;
  • (b) when receipt is electronically confirmed, if sent by email to the designated notice contacts;
  • (c) one business day after deposit with a nationally recognized overnight courier; or
  • (d) three business days after deposit in the U.S. mail, certified, return receipt requested.

Provider's notice address is 537 E 1150 N, Logan, UT 84341 and email is support@provisioehs.com. Customer's notice contacts shall be as specified in the Order Form.

14.4 Force Majeure

Neither Party shall be liable for delays or failures to perform (except for payment obligations) due to causes beyond its reasonable control, including natural disasters, wars, acts of government, labor disputes, or failures of third-party suppliers or hosting providers, provided the affected Party notifies the other promptly and uses reasonable efforts to mitigate the impact.

14.5 Entire Agreement

This Agreement, including the Service Level Agreement, Data Processing Addendum, Acceptable Use Policy, and all Order Forms, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous agreements, whether written or oral. Any amendments must be in writing and signed by both Parties.

14.6 Waiver

No waiver of any provision of this Agreement shall be effective unless in writing and signed by the waiving Party. No waiver of a breach shall constitute a waiver of any subsequent breach.

14.7 Severability

If any provision of this Agreement is held invalid or unenforceable, it shall be modified to the minimum extent necessary to make it enforceable, and the remaining provisions shall remain in full force and effect.

14.8 Counterparts and Electronic Signatures

This Agreement may be executed in counterparts, each of which is deemed an original, and may be signed electronically, with such signatures having the same legal effect as original signatures.

14.9 No Third-Party Beneficiaries

This Agreement is for the sole benefit of the Parties and their permitted assigns, and there are no third-party beneficiaries.

14.10 Independent Contractors

The Parties are independent contractors, and nothing in this Agreement creates a partnership, joint venture, agency, or employment relationship.

SERVICE LEVEL AGREEMENT (SLA)

Availability Commitment

Provider shall use commercially reasonable efforts to ensure the Services achieve a monthly uptime percentage of 99.2%, excluding Scheduled Maintenance and force majeure events. For context, 99.2% allows up to approximately 5 hours and 46 minutes of unplanned downtime per calendar month.

Scheduled Maintenance

Provider may perform Scheduled Maintenance for up to 2 hours per week during low-traffic periods, with at least 48 hours' prior notice to Customer. Scheduled Maintenance is excluded from uptime calculations. Emergency maintenance may be performed as needed with reasonable notice.

Service Credits

Subscription fees are billed annually in advance under Section 5.2. For SLA service credits only, the Monthly Fee Equivalent for a calendar month means one-twelfth (1/12) of the annual subscription fees payable under the applicable Order Form for the Services subject to this SLA during that month (excluding one-time fees, taxes, and pass-through charges).

If the monthly uptime percentage (measured per calendar month) falls below 99.2%, Customer may request service credits within 30 days of the end of the affected month, calculated as follows:

  • 99.0%–<99.2%: 10% of the Monthly Fee Equivalent
  • 98.0%–<99.0%: 25% of the Monthly Fee Equivalent
  • <98.0%: 50% of the Monthly Fee Equivalent

Credit cap. Total service credits for any single calendar month shall not exceed 50% of the Monthly Fee Equivalent for that month.

Service credits are Customer's sole and exclusive remedy for uptime failures and will be applied to future annual invoices (or, if no future invoice is due, paid as a credit or refund at Provider's option).

Support Hours

Support is available from 8:00 a.m. to 4:00 p.m. Mountain Time, Monday through Friday, excluding Provider's observed holidays.

Response Time Targets

  • Priority 1 (Critical Outage): Acknowledgment within 1 hour; workaround or resolution target within 4 hours.
  • Priority 2 (Degraded Key Function): Acknowledgment within 2 hours; workaround or resolution target within 1 business day.
  • Priority 3 (Minor Issue or Inquiry): Acknowledgment within 1 business day; prioritized in Provider's support backlog.

Exclusions

Uptime calculations exclude downtime caused by:

  • (a) Customer's systems or third-party networks;
  • (b) Customer's misuse or unauthorized modifications of the Services; or
  • (c) force majeure events as defined in Section 14.4.

DATA PROCESSING ADDENDUM

Roles and Scope

Customer is the Data Controller, and Provider is the Data Processor with respect to Personal Data processed under this Agreement. Provider shall process Personal Data only to provide the Services in accordance with Customer's documented instructions and this Agreement.

Security Measures

Provider shall implement technical and organizational measures to protect Personal Data, including encryption in transit and at rest, access controls, logging and monitoring, vulnerability management, and disaster recovery plans.

Sub-processors

Provider may engage sub-processors under written agreements imposing data protection obligations no less protective than those in this Agreement. Provider shall maintain an up-to-date list of sub-processors and notify Customer of material changes, with Customer having the right to object on reasonable grounds within thirty (30) days (consistent with Section 6.8).

International Data Transfers

Where applicable, Provider shall ensure that international transfers of Personal Data comply with valid transfer mechanisms, such as Standard Contractual Clauses or other approved frameworks.

Data Breach Notification

Provider shall notify Customer without undue delay, and in no event later than 72 hours, after becoming aware of a Personal Data Breach and shall cooperate with Customer to investigate and mitigate the breach.

Data Subject Requests

Provider shall promptly notify Customer of any data subject requests (e.g., access, deletion) and provide reasonable assistance to Customer in fulfilling such requests.

Data Return or Deletion

Upon termination of the Services, Provider shall, at Customer's direction, return or delete Personal Data, except where retention is required by applicable law.

Precedence

In the event of a conflict between the Data Processing Addendum and this Agreement with respect to Personal Data, the Data Processing Addendum shall control.

Note: A full, executable Data Processing Addendum can be provided upon request.

ACCEPTABLE USE POLICY (AUP)

Customer and its Users shall not use the Services to:

  • (a) engage in unlawful, fraudulent, harmful, or infringing activities or transmit unlawful or infringing content;
  • (b) attempt unauthorized access, security testing, or interference with the Services or their underlying systems;
  • (c) transmit malware, viruses, or spam;
  • (d) violate the privacy, intellectual property, or other rights of third parties;
  • (e) disrupt or degrade the performance of the Services; or
  • (f) use the Services to train, develop, or improve a competing product or service.

Provider may update this AUP from time to time and will notify Customer of material changes. Continued use of the Services constitutes acceptance of the updated AUP.

Contact

Safety-Chat, LLC DBA Provisio EHS

537 E 1150 N, Logan, UT 84341

support@provisioehs.com

Provisio EHS - Safety, Strategically

This document is published for informational purposes. Executed Order Forms and signed agreements control over this web version. Have legal counsel review before reliance.

See also: Website Terms of Service and Privacy Policy.