FRANCHISEE AGREEMENT

THIS AGREEMENT is made effective on the date specified on the signature page below (the “Effective Date”) between the duly licensed franchisee of Boston Pizza Canada Limited Partnership (“BPCLP”) specified on the signature page below (“Franchisee”) and BEVY LABS, INC. (“Bevy”), and is made pursuant to an Order Form and Bevy Labs, Inc. SaaS Agreement made effective October 31, 2022 between Boston Pizza International Inc. (“BPI”) and Bevy (the “Master Agreement”).

WHEREAS:

  1. Bevy is in the business of providing a software-as-a-service (“SaaS”) platform for community building;
  2. Pursuant to the Master Agreement, BPI has agreed to subscribe and pay for, and Bevy has agreed to provide, the following SaaS services to franchisees of BPCLP: (i) the product known as Bevy Community; (ii) Gold Support – Community Add-Ons; (iii) Social Sign On; and (iv) custom domain; all in accordance with the Master Agreement (the “Services”); and
  3. In order for Franchisee to be granted access to the Services, Franchisee and Bevy must enter into this Agreement;

NOW THEREFORE in consideration of the premises, mutual covenants and agreements contained in this Agreement and other good and valuable consideration (the receipt and sufficiency of which is hereby acknowledged), Franchisee and Bevy covenant and agree as follows:

 

    1. SERVICES AND SUPPORT

      1. The parties acknowledge and agree that: (i) this Agreement is being made pursuant to the Master Agreement and that BPI is paying Bevy fees under the Master Agreement in order to permit Franchisee to have access to the Services pursuant to this Agreement; (ii) this Agreement will automatically terminate in the event that the Master Agreement expires or is terminated for any reason; and (iii) neither BPI nor BPCLP will be liable to Bevy for any act or omission of Franchisee, any breach by Franchisee of this Agreement or for any loss or damage suffered by Bevy as a result of Franchisee’s use of the Services.

      2. Subject to the terms and conditions of this Agreement, Bevy will provide Franchisee with access to the Services through the Internet, solely for BPI’s and Franchisee’s internal use. The software underlying the Services will be hosted on a server under the control or direction of Bevy or its hosting provider. The Services are subject to modification from time to time at Bevy’s sole discretion, for any purpose deemed appropriate by Bevy; provided that Bevy will not materially decrease the aggregate features and/or functionalities of the Services during the Term of this Agreement.

      3. Bevy reserves the right to suspend Franchisee’s access to the Services: (i) for scheduled or emergency maintenance, or (ii) in the event Franchisee is in breach of this Agreement, including without limitation, failure to pay any amounts due to Bevy. Bevy will give Franchisee written notice prior to any suspension, unless such suspension is for emergency maintenance.

      4. Subject to the terms and conditions hereof, Bevy will provide reasonable support to Franchisee for the Services.

    2. RESTRICTIONS AND RESPONSIBILITIES

      1. Franchisee will reasonably cooperate with Bevy in connection with the performance of this Agreement by making available such personnel and information as may be reasonably required, and taking such other actions as Bevy may reasonably request to assist in its provision of the Services. Franchisee will also cooperate with Bevy in establishing a password or other procedures for verifying that only designated employees of Franchisee have access to any administrative functions of the Services. Each Franchisee end-user of the Services (collectively, “Authorized Users”) must (a) be a current employee, consultant, contractor or agent of Franchisee using the Services only on Franchisee’s behalf and for Franchisee’s, BPCLP’s or BPI’s direct benefit, and (b) be bound by confidentiality obligations that are no less protective of the Services than the terms set forth in this Agreement.  Franchisee will be directly responsible to Bevy with respect to all actions and/or inactions of its Authorized Users.

      2. Franchisee hereby agrees to defend, indemnify and hold Bevy harmless against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees), in each case, that are paid or payable to un-Affiliated third parties in connection with any claim or action that alleges any (i) infringement, violation or misappropriation of any intellectual property or proprietary right(s) by any Customer Data (as defined below), including, without limitation, in connection with distribution and/or analysis thereof through the Services, and/or (ii) violation of applicable law(s) and/or regulations by Franchisee in performance of its obligations and/or exercise of its rights pursuant to this Agreement; provided Franchisee is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and sole control over defense and settlement thereof. “Affiliate” means any entity controlling, controlled by, or under common control with a party hereto, where “control” means the ownership of more than 50% of the voting securities in such entity.

      3. Bevy hereby agrees to defend, indemnify and hold Franchisee harmless against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees), in each case, that are paid or payable to un-Affiliated third parties as a result of any third party claim or action that (i) alleges the infringement, violation or misappropriation of any intellectual property or proprietary right(s) of any third party by the Services (excluding all Customer Data), or (ii) arising from violation of applicable law(s) and/or regulations by Bevy in performance of its obligations and/or exercise of its rights pursuant to this Agreement; provided that Bevy is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and sole control over defense and settlement thereof. The foregoing obligations do not apply with respect to portions or components of the Services provided by Bevy (i) not created by or on behalf of Bevy, (ii) resulting in whole or in part in accordance from BPI’s or Franchisee’s specifications, (iii) that are modified after delivery by Bevy, (iv) combined with other data, products, processes or materials where the alleged infringement arises out of such combination, (v) where Franchisee continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Franchisee’s use of the Services is not strictly in accordance with this Agreement and all related documentation.

      4. Bevy hereby will at all times during the Term (defined below) comply with the Security and Compliance policy attached to this Agreement.  To the extent that Bevy processes any payments on behalf of Franchisee, Bevy will comply at all times with the PCI-DSS requirements then in effect.

    1. CONFIDENTIALITY

      1. Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose information relating to the Disclosing Party’s technology or business (hereinafter referred to as “Proprietary Information” of the Disclosing Party). Notwithstanding the foregoing, the Services are Bevy’s Proprietary Information, and the Customer Data provided by Franchisee is Franchisee’s Proprietary Information.

      2. The Receiving Party agrees: (i) except as required to perform its respective obligations and/or exercise its rights pursuant to this Agreement, not to disclose to any third party any such Proprietary Information, (i) to give access to such Proprietary Information solely to those employees and contractors with a need to have access thereto for purposes of this Agreement (and who are bound by written confidentiality obligations as protective of the Disclosing Party’s Proprietary Information as this Agreement), and (iii) to take the same security precautions to protect against unauthorized access to or unauthorized use of such Proprietary Information that such party takes with its own proprietary information, but in no event will a party apply less than reasonable precautions to protect such Proprietary Information. The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party, (b) was in its possession or known by it prior to receipt from the Disclosing Party, (c) was or is rightfully disclosed to it without restriction by a third party, or (d) was or is independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this Agreement will prevent the Receiving Party from disclosing Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party (to the extent legally permissible) gives the Disclosing Party reasonable prior notice of such disclosure to contest such order. Notwithstanding anything to the contrary, Bevy may collect data with respect to, use, and report on, the aggregate response rate and other aggregate measures of the Services’ performance and Franchisee’s use of the Services (including without limitation, Customer Data); provided that Bevy will not identify (or disclose any information or data that could reasonably be used to identify) Franchisee or any individual without Franchisee’s prior written consent.

      3. Both parties will have the right to disclose the existence but not the terms and conditions of this Agreement, unless such disclosure is approved in writing by both Parties prior to such disclosure, or is included in a filing required to be made by a party with a governmental authority (provided such party will use reasonable efforts to obtain confidential treatment or a protective order) or is made on a confidential basis as reasonably necessary to potential investors and/or acquirors. 

    2. INTELLECTUAL PROPERTY RIGHTS

      1. Except as expressly set forth herein, Bevy alone (and its licensors, where applicable) will retain all intellectual property rights relating to the Services and related software provided by Bevy to Franchisee hereunder. Franchisee will not copy, distribute, reproduce or use any of the foregoing except as expressly permitted under this Agreement. Except as expressly set forth herein, this Agreement is not a sale and does not convey to Franchisee any rights of ownership in or related to the Services or related software, or any intellectual property rights. Notwithstanding anything to the contrary, Franchisee hereby grants Bevy a perpetual, worldwide, transferable, sublicensable, royalty-free, non-exclusive license to use, disclose and otherwise fully exploit any suggestions, enhancement requests, feedback, and/or recommendations provided by or on behalf of Franchisee regarding the Services.

      2. Franchisee and its licensors shall (and Franchisee hereby represents and warrants that they do) have and retain all right, title and interest (including, without limitation, sole ownership of) all content and data provided by or on behalf of Franchisee and/or its Authorized Users (collectively, “Customer Data”) and the intellectual property rights with respect to that Customer Data. If Bevy receives any notice or claim that any Customer Data, or activities hereunder with respect to any Customer Data, may infringe or violate rights of a third party or any applicable law or regulation, Bevy may (but is not required to) suspend activity hereunder with respect to that Customer Data. Franchisee, on behalf of itself and its suppliers and licensors (as applicable) hereby grants Bevy a worldwide, non-transferable, non-sublicensable, nonexclusive license to view, copy, reformat, distribute, display and analyze the Customer Data solely in connection with Bevy’s performance of the Services.

    3. TERMINATION

      1. Unless earlier terminated in accordance with this Section 5, this Agreement shall commence on the Effective Date and expire on October 30, 2023 (the “Initial Term”).  After the Initial Term, this Agreement will automatically renew for successive renewal terms of twelve (12) months each (collectively with the Initial Term, the “Term”), unless and until either party provides the other with at least thirty (30) days’ written notice of its intention not to renew prior to the end of the then-current Term.

 

 

    1. Franchisee’s access to the Services, and any licenses granted hereunder to Franchisee, shall terminate upon any termination of this Agreement. Subject to the foregoing, the following Sections will survive any termination of this Agreement: 2.1, 2.3, 2.4, 3 through 5, 7 through 10, and any accrued rights to payment.

  1. GENERAL WARRANTIES

Each party represents and warrants to the other party that (a) it has the legal right and power to enter into this Agreement, (b) the performance of its obligations hereunder will not violate or conflict with any agreements, contracts or other arrangements to which it is a party, and (c) the execution of this Agreement and the performance by it of the transactions contemplated hereby have been duly authorized by all necessary corporate action and any other consents required to be obtained by it have been obtained. 

  1. WARRANTY DISCLAIMER

EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE SERVICES, DOCUMENTATION, AND ANYTHING ELSE PROVIDED BY BEVY IN CONNECTION WITH THIS AGREEMENT ARE PROVIDED ON AN “AS IS” BASIS. FRANCHISEE ASSUMES ALL RESPONSIBILITIES FOR SELECTION OF THE SERVICES TO ACHIEVE FRANCHISEE’S INTENDED RESULTS, AND FOR THE USE OF, AND RESULTS OBTAINED FROM, THE SERVICES. BEVY HEREBY DISCLAIMS ANY AND ALL ADDITIONAL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. BEVY SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, QUALITY AND FITNESS FOR A PARTICULAR PURPOSE. BEVY DOES NOT WARRANT THAT THE SERVICES, DATA PROVIDED, AND/OR ANYTHING ELSE PROVIDED IN CONNECTION WITH THIS AGREEMENT WILL BE ERROR-FREE OR THAT THE SERVICES WILL WORK WITHOUT INTERRUPTIONS. THE FOREGOING LIMITATIONS WILL APPLY EVEN IF THE ABOVE STATED REMEDY FAILS OF ITS ESSENTIAL PURPOSE. 

  1. LIMITATION OF LIABILITY

IN NO EVENT WILL EITHER PARTY HERETO OR THEIR LICENSORS BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF THE SERVICES, OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT, ANY DELAY OR INABILITY TO USE THE SERVICES OR ANYTHING PROVIDED IN CONNECTION WITH THIS AGREEMENT OR OTHERWISE ARISING FROM THIS AGREEMENT, INCLUDING WITHOUT LIMITATION, LOSS OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS OR LOST SALES, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES. 

EXCEPT FOR GROSS NEGLIGENCE, WILLFUL MISCONDUCT OR BREACH OF SECTION 3, OR INDEMNITY FOR THE INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, THE TOTAL LIABILITY OF EACH PARTY AND ITS LICENSORS, WITH RESPECT TO THIS AGREEMENT, AND/OR ANY SERVICES PROVIDED, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE OR STRICT LIABILITY), OR OTHERWISE, WILL NOT EXCEED, IN THE AGGREGATE, THE AMOUNT OF FEES PAID TO BEVY UNDER THE MASTER AGREEMENT IN THE TWELVE-MONTH PERIOD ENDING ON THE DATE THAT A CLAIM OR DEMAND IS FIRST ASSERTED (OR, IN THE CASE A CLAIM OR DEMAND IS ASSERTED WITHIN THE FIRST TWELVE (12) MONTHS DURING THE TERM OF THE MASTER AGREEMENT, THE AMOUNT OF FEES THAT WOULD BE PAYABLE DURING THE FIRST TWELVE (12) MONTHS OF THE TERM OF THE MASTER AGREEMENT). WITH RESPECT TO BREACH OF ANY INFORMATION SECURITY OBLIGATIONS, OR SECURITY BREACH, THE FOREGOING CAP IS HEREBY INCREASED BY FOUR TIMES (4x). THE FOREGOING LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

  1. U.S. GOVERNMENT MATTERS

Notwithstanding anything to the contrary, Franchisee  may not provide to any person or export or re-export or allow the export or re-export of the Services or any software or anything related thereto or any direct product thereof (collectively “Controlled Subject Matter”), in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. Without limiting the foregoing Franchisee acknowledges and agrees that the Controlled Subject Matter will not be used or transferred or otherwise exported or re-exported to countries as to which the United States maintains an embargo (collectively, “Embargoed Countries”), or to or by a national or resident thereof, or any person or entity on the U.S. Department of Treasury’s List of Specially Designated Nationals or the U.S. Department of Commerce’s Table of Denial Orders (collectively, “Designated Nationals”). The lists of Embargoed Countries and Designated Nationals are subject to change without notice. Use of the Services is representation and warranty that the user is not located in, under the control of, or a national or resident of an Embargoed Country or Designated National. The Controlled Subject Matter may use or include encryption technology that is subject to licensing requirements under the U.S. Export Administration Regulations. As defined in FAR section 2.101, any software and documentation provided by Bevy are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement. 

  1. MISCELLANEOUS

If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement is not assignable, transferable or sublicensable by either party, except with the other party’s prior written consent; provided that each party may transfer and/or assign this Agreement to a successor in connection with a sale of all or substantially all of its business or assets to which this Agreement relates. Both parties agree that this Agreement is the complete and exclusive statement of the mutual understanding of the parties hereto, and supersedes and cancels all previous written and oral agreements, communications and other understandings between the parties hereto relating to the subject matter of this Agreement, and that all waivers and modifications must be in a writing signed or otherwise agreed to by both parties, except as otherwise provided herein. No agency, partnership, joint venture, or employment is created as a result of this Agreement and neither party has any authority of any kind to bind the other in any respect whatsoever. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; and upon receipt, if sent by certified or registered mail (return receipt requested), postage prepaid. Neither party shall be liable to the other for any delay or non-performance of its obligations (excluding payment of any Fees) under this Agreement to the extent that such delay or non-performance is due to a Force Majeure Event. “Force Majeure Event” means any cause not within the reasonable control of a party, including, without limitation, any act of God, natural disaster, pandemic, war, terrorism, and/or general infrastructure outages or failures. This Agreement will be governed by the laws of the State of New York, U.S.A. without regard to its conflict of laws provisions.

IN WITNESS WHEREOF, the Parties hereto have entered into this Agreement with effect as of the Effective Date.

 

SECURITY AND COMPLIANCE POLICY

Information Security Continuity Policy 

  1. Overview 

Information security is at the heart of the business continuity process within our organization and the overarching approach to our ISMS is a fundamental part of the business continuity consideration itself. The way the ISMS is designed is to make it iterative, dynamic and evolving as the business continues to evolve and grow and that informs the business continuity management process too. 

  1. Purpose 

This document outlines important considerations with respect to information security continuity at Bevy. 

  1. Scope 

A base understanding of information security continuity is relevant to all staff. Matters regarding actual implementation are particularly important for ISMS board, management and engineering. 

  1. Policy 

1.1.Planning information security continuity 

Risk management is at the core of information security continuity at Bevy. Information, assets, risks and policies/controls created throughout our ISMS are done with the intention of understanding interruptions and their impact on the business. Business continuity is designed based on the probability of occurrence taking into account the confidentiality, integrity and availability of the information and assets on the business' ability to continue performing as expected. 

As part of the broader risk assessment, events that can cause interruptions to business processes are identified, along with the probability and impact of such interruptions and their consequences for information security. 

Any assessments and related treatment plans are hosted in our cloud-based ISMS, which in turn is certified against numerous information security-related standards, as visible at https://www.isms.online/our-credentials/. This ensures a reasonable level of confidence of our plans being available to members of our staff as needed, though snapshots of plans can also be downloaded for offline access. 

1.2.Implementing information security continuity 

Again, risk management is a critical aspect of information security management at Bevy and likewise at the very core of business continuity within the organization. Many risks in our register are informed by potential impact on business continuity. As per our documented risk management methodology, the scoring of risks based on potential impact on confidentiality, integrity and availability (CIA) and the risk’s likelihood of occurrence allows clear prioritization. This in turn informs prioritization of individual implementation projects. 

It should be noted that information security continuity implementation is greatly aided by the very nature of our organization: 

  1. We are a distributed team without a single, main office. 
  2. All our support services are cloud-based. 
  3. Everyone on the team is proven to be comfortable with numerous different modes of synchronous and asynchronous communication. 
  4. Due to the very nature of the software we are providing as a service, we have had to embrace principles of resiliency in architecture/design. 
  5. We have also embraced agile process approaches to software and product development. 6. (1) through (5) have resulted in a culture of proactive, independent problem solving without having to rely on co-located/rigid management structure 

1.3.Verify, review and evaluate information security continuity 

Testing and maintaining the business continuity plan to ensure it is consistent with our information security objectives is done on the basis of the following: 

 

In the spirit of learning from the thinking and practices of some of the most forward-thinking software service organizations, we fully intend to implement chaos engineering practices to proactively and routinely test and evaluate the resiliency of our services and processes. 

  1. Compliance 

Bevy security will verify compliance with this policy through various methods, including in particular internal and/or external audits. 

  1. Feedback 

Comments or questions about this document should be directed to Bevy Security at security@bevylabs.com or Bevy-internal in the #security Slack channel. 

  1. History 

Date 

Version 

Author 

Changes

May 15, 2018 

1.0 

Alex Bendig 

Initial version.

March 21, 2021 

1.1 

Constantine 

Abanda

Annual Review

April 21, 2021 

1.2 

Constantine 

Abanda

Annual Review

May 23, 2022 

1.3 

Constantine 

Abanda

Annual Review

 

Version 1.3 Bevy Labs - Proprietary