Master Services Agreement

Service Provider: Authentic Ventures Limited, a company registered in England and Wales (company number 16833527) whose registered office is at Glen Road, Stourbridge, West Midlands, DY8 2BB ("Authentic")

Client: The individual or organisation that accepts these terms by signing up for, subscribing to, or commencing a free trial of Authentic's services ("the Client").

Together referred to as "the Parties" and each a "Party".

This Master Services Agreement, together with its Schedules, sets out the terms on which Authentic will provide services to the Client.

Acceptance

By signing up for, subscribing to, or commencing a free trial of any of Authentic's services, the Client agrees to be bound by this Agreement in full. The Client confirms that:

1. it has read and understood this Agreement before proceeding;
2. it has the authority to enter into this Agreement on behalf of the organisation it represents; and
3. this Agreement constitutes a legally binding contract between the Client and Authentic Ventures Limited from the date of sign-up, subscription, or trial commencement ("Effective Date").

If you do not agree to these terms, do not sign up for, subscribe to, or use any of Authentic's services.

1. Purpose

This Master Services Agreement ("MSA" or "Agreement") governs the overall relationship between Authentic and the Client.

Specific services, deliverables, and fees are set out in the Schedules attached to this Agreement and in any separately agreed statements of work or order forms ("Service Orders") entered into under it.

This Agreement is a B2B agreement. It does not apply to consumers.

2. Structure and Order of Precedence

The documents forming this Agreement are, in descending order of precedence:

1. this MSA;
2. any Service Orders agreed in writing between the Parties; and
3. the Schedules (Schedule A and Schedule B).

In the event of any conflict or inconsistency between documents, the document higher in the order of precedence shall prevail to the extent of the inconsistency.

Entering into a Schedule or Service Order does not create a separate contract. All such documents are incorporated into and governed by this MSA.

3. Nature of Relationship

Authentic will use reasonable care and skill in delivering the Services. However, the Parties acknowledge that the Services are advisory, operational, and technology-based in nature, and that outcomes, results, or performance improvements cannot be guaranteed.

Nothing in this Agreement creates a partnership, joint venture, employment, or agency relationship between the Parties.

Authentic retains the right to determine how the Services are delivered, subject to the requirements set out in the applicable Schedule or Service Order.

4. Client Responsibilities

The Client shall:

• provide Authentic with timely access to information, systems, personnel, and materials reasonably required to deliver the Services;
• ensure that all information provided to Authentic is accurate, complete, and up to date;
• comply with all applicable laws and regulations in connection with its use of the Services;
• not use the Services for any unlawful, fraudulent, or harmful purpose; and
• promptly notify Authentic of any material changes to its business or requirements that may affect the delivery of the Services.

Authentic shall not be liable for any failure or delay in delivering the Services to the extent that such failure or delay arises from the Client's failure to comply with its responsibilities under this clause.

5. Client Data Warranties

The Client warrants that:

• all personal data provided to Authentic is collected lawfully with an appropriate basis under UK GDPR;
• all electronic marketing sent via Authentic's systems complies with PECR;
• the Client will not provide special category personal data (Article 9 UK GDPR) to Authentic's systems without prior written agreement; and
• the Client will promptly notify Authentic of any changes to its lawful basis or any data subject complaints relating to data processed through Authentic's services.

6. Fees and Payment

The Client shall pay the fees set out in the applicable Schedule or Service Order ("Fees") in advance on a monthly basis, unless otherwise agreed in writing.

The Client shall maintain a valid payment card or approved payment method on file with Authentic. Authentic is authorised to charge Fees to that payment method on the due date.

All Fees are exclusive of VAT, which shall be charged at the applicable rate where required by law.

Fees are non-refundable except where Authentic is in material breach of this Agreement and has failed to remedy such breach within the period set out in Clause 7.2.

If any payment is not received by the due date, Authentic reserves the right to:

• suspend the Services (in whole or in part) on not less than 7 days' written notice to the Client; and
• charge interest on overdue amounts at the rate of 8% per annum above the Bank of England base rate, in accordance with the Late Payment of Commercial Debts (Interest) Act 1998.

Authentic shall notify the Client in advance where practicable of any third-party costs that will be passed through to the Client, as further described in Schedule A.

7. Term and Termination

This Agreement shall commence on the Effective Date and shall continue unless and until terminated in accordance with this clause.

Either Party may terminate this Agreement or any Schedule for convenience by giving the other Party not less than 30 days' written notice.

Either Party may terminate this Agreement or any Schedule immediately (or on not less than 7 days' written notice at the terminating Party's election) if:

• the other Party commits a material breach of this Agreement and, where that breach is capable of remedy, fails to remedy it within 14 days of receiving written notice specifying the breach and requiring it to be remedied; or
• the other Party becomes insolvent, enters administration, receivership, or liquidation, makes a composition or arrangement with its creditors, ceases or threatens to cease to carry on business, or is subject to any analogous event or proceeding in any jurisdiction.

On termination for any reason:

• all outstanding Fees that have accrued up to the date of termination become immediately due and payable;
• each Party shall promptly return or destroy the other Party's Confidential Information as directed; and
• any provision of this Agreement that is expressed to survive, or by its nature is intended to survive, termination shall continue in full force and effect.

8. Intellectual Property

Authentic retains all intellectual property rights in the Services, its platforms, tools, methodologies, processes, software, know-how, and any materials created or developed by Authentic in connection with this Agreement ("Authentic IP"), whether pre-existing or created during the term.

Authentic grants the Client a non-exclusive, non-transferable, revocable licence to use the Authentic IP solely for the Client's internal business purposes and solely for the duration of this Agreement or the relevant Schedule, as applicable.

The Client shall not copy, adapt, reverse-engineer, sublicense, or otherwise exploit the Authentic IP without Authentic's prior written consent.

Where the Client provides materials, data, or content to Authentic for the purpose of delivering the Services, the Client grants Authentic a non-exclusive licence to use such materials solely for that purpose. The Client retains all intellectual property rights in its own materials.

Nothing in this Agreement transfers ownership of any intellectual property from one Party to the other.

9. Confidentiality

"Confidential Information" means any non-public information disclosed by one Party (the "Disclosing Party") to the other (the "Receiving Party") in connection with this Agreement, whether disclosed orally, in writing, electronically, or by any other means, and whether or not marked as confidential, including but not limited to business plans, financial information, pricing, technical data, client lists, and proprietary processes.

The Receiving Party shall:

• keep the Disclosing Party's Confidential Information strictly confidential;
• not disclose it to any third party without the Disclosing Party's prior written consent; and
• use it only for the purposes of performing or receiving the Services under this Agreement.

The obligations in Clause 9.2 do not apply to information that:

• is or becomes publicly available other than through a breach of this Agreement by the Receiving Party;
• was already known to the Receiving Party before disclosure, as evidenced by written records predating the disclosure;
• is independently developed by the Receiving Party without reference to the Disclosing Party's Confidential Information; or
• is required to be disclosed by applicable law, regulation, court order, or regulatory authority, provided that the Receiving Party gives the Disclosing Party as much prior written notice as is practicable in the circumstances and cooperates reasonably with any steps the Disclosing Party takes to limit or resist the disclosure.

The obligations in this clause shall survive termination of this Agreement for a period of 2 years from the date of termination.

10. Data Protection

Each party shall comply with applicable data protection legislation, including the UK GDPR and the Data Protection Act 2018. Authentic's role as controller, processor, or joint/independent controller varies by context and is set out in Schedule F (Role Allocation Matrix). Where Authentic acts as data processor, the terms of Schedule C apply. Each party remains responsible for its own compliance.

11. Warranties and Disclaimers

Authentic warrants that it will perform the Services with reasonable care and skill.

Subject to Clause 10.1 and to the fullest extent permitted by applicable law, the Services are provided "as is". Authentic excludes all other representations, warranties, conditions, or terms, whether express or implied by statute, common law, or otherwise, including any implied warranties of satisfactory quality, fitness for a particular purpose, or non-infringement.

Nothing in this clause affects any rights that the Client may have that cannot be excluded or limited under English law.

12. Liability

Cap on liability: Authentic's total aggregate liability to the Client under or in connection with this Agreement (whether in contract, tort including negligence, breach of statutory duty, or otherwise) shall not exceed an amount equal to the total Fees paid by the Client to Authentic in the 3 months immediately preceding the event giving rise to the claim.

Exclusion of consequential loss: To the fullest extent permitted by applicable law, neither Party shall be liable to the other for any:

• indirect or consequential loss;
• loss of revenue, profit, or anticipated savings;
• loss of data or corruption of data;
• loss of business, contracts, or opportunity; or
• damage to reputation or goodwill, in each case howsoever arising, whether or not that Party had been advised of the possibility of such loss.

Carve-outs: Nothing in this Agreement limits or excludes either Party's liability for:

• death or personal injury caused by its negligence or the negligence of its employees, agents, or subcontractors;
• fraud or fraudulent misrepresentation; or
• any other liability that cannot lawfully be excluded or limited under English law.

13. Client Indemnity

The Client shall indemnify Authentic against any losses, regulatory fines, or third-party claims arising from:

• breach of the Client Data Warranties;
• the Client's unlawful use of personal data through Authentic's systems; or
• any PECR breach from Client-directed communications.

This indemnity applies provided Authentic promptly notifies the Client of any claim, gives the Client reasonable control of the defence, and provides reasonable cooperation.

14. Subcontracting

Authentic may subcontract the performance of any part of the Services to a third party without the Client's prior consent, provided that Authentic:

• remains fully responsible to the Client for the acts and omissions of any subcontractor as if they were Authentic's own; and
• ensures that any subcontractor is bound by obligations of confidentiality no less onerous than those set out in Clause 9.

Authentic shall not subcontract the whole of the Services without the Client's prior written consent.

15. Force Majeure

Neither Party shall be in breach of this Agreement or liable for delay in performing, or failure to perform, any of its obligations under this Agreement if such delay or failure results from events, circumstances, or causes beyond its reasonable control ("Force Majeure Event"), including but not limited to acts of God, pandemic, government action, war, civil unrest, fire, flood, or failure of third-party infrastructure.

The affected Party shall:

• notify the other Party as soon as reasonably practicable on becoming aware of the Force Majeure Event; and
• use reasonable endeavours to mitigate the effect of the Force Majeure Event and to resume performance as soon as reasonably practicable.

If the Force Majeure Event continues for more than 30 consecutive days, either Party may terminate the affected part of this Agreement on written notice to the other Party, without liability.

16. Governing Law and Jurisdiction

This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.

Each Party irrevocably submits to the exclusive jurisdiction of the courts of England and Wales to settle any dispute or claim arising out of or in connection with this Agreement.

17. Entire Agreement

This Agreement (including its Schedules and any Service Orders) constitutes the entire agreement between the Parties in relation to its subject matter and supersedes all prior agreements, representations, warranties, and understandings between the Parties relating to that subject matter.

Each Party acknowledges that it has not relied on any representation, warranty, or undertaking given by the other Party that is not set out in this Agreement.

Any amendments to this Agreement must be made in writing. Authentic may update this Agreement from time to time and will provide reasonable notice of material changes. Continued use of the Services following notice of a change constitutes acceptance of the updated terms.

18. Notices

Any notice or other communication required or permitted to be given under this Agreement shall be in writing and may be delivered by:

• email to the other Party's last known email address, in which case the notice shall be deemed received on confirmed receipt or written acknowledgement by the recipient; or
• recorded postal delivery to the other Party's registered address, in which case the notice shall be deemed received 2 business days after the date of posting.

Each Party is responsible for maintaining up-to-date contact details and notifying the other Party promptly of any change.

Notices to Authentic shall be sent to: hello@theauthentic.uk.

Notices to the Client shall be sent to the email address provided at the time of sign-up.

19. Assignment

Neither Party may assign, transfer, novate, charge, or otherwise deal with its rights or obligations under this Agreement without the prior written consent of the other Party, such consent not to be unreasonably withheld or delayed.

Notwithstanding Clause 19.1, Authentic may assign or transfer its rights and obligations under this Agreement to:

• any member of its group of companies (being any subsidiary, holding company, or subsidiary of a holding company of Authentic within the meaning of section 1159 of the Companies Act 2006); or
• any successor entity resulting from a merger, acquisition, or sale of all or substantially all of Authentic's business or assets, without the Client's prior consent, provided that Authentic notifies the Client promptly in writing following such assignment or transfer.

Any purported assignment in breach of this clause shall be void.

Schedule A – Services (Including Authentic OS)

Authentic OS – Platform Access

Subject to this Agreement and the Fees being paid in full, Authentic grants the Client access to its proprietary platform, Authentic OS, for the duration of the applicable service term.

Authentic OS is provided as a managed platform. Authentic shall use reasonable endeavours to maintain availability of the platform, but does not guarantee uninterrupted or error-free access.

Planned maintenance and updates will be carried out by Authentic from time to time. Authentic will endeavour to provide reasonable advance notice of planned downtime where practicable.

Third-Party Dependencies and Costs

Authentic OS and the Services may incorporate or depend upon third-party services, platforms, or infrastructure, including but not limited to messaging services, telephony providers, artificial intelligence tools, and hosting infrastructure ("Third-Party Services").

The cost of Third-Party Services is the Client's responsibility and is not included in Authentic's Fees unless expressly stated in the applicable Service Order.

Where practicable, Authentic shall notify the Client in advance of any third-party costs that will be passed through to the Client, including the estimated amounts and the basis on which they are calculated.

Authentic shall not be liable for any failure, degradation, or unavailability of the Services that arises from the failure of any Third-Party Service beyond Authentic's reasonable control.

Permitted Use and Acceptable Use

The Client shall use Authentic OS and the Services only for lawful business purposes and in accordance with any acceptable use guidelines provided by Authentic from time to time.

The Client shall not:

• use the platform to transmit unlawful, harmful, defamatory, or fraudulent content;
• attempt to gain unauthorised access to any part of the platform or its underlying systems;
• resell, sublicense, or otherwise make the platform available to third parties without Authentic's prior written consent; or
• use the platform in any way that infringes the intellectual property rights of any third party.

Support

Authentic shall provide reasonable support in relation to Authentic OS as described in the applicable Service Order or as separately agreed in writing.

Support is limited to issues within Authentic's reasonable control. Support does not include issues arising from the Client's own systems, third-party integrations not managed by Authentic, or misuse of the platform.

Support is provided during 9am-5pm, Monday-Friday. Authentic does not guarantee response or resolution times unless set out in a separate service level agreement.

Suspension

Authentic may suspend the Client's access to Authentic OS:

• immediately in the event of a serious security threat, suspected unlawful use, or risk of harm to Authentic's platform or other clients; or
• on 7 days' written notice in the event of non-payment of Fees in accordance with Clause 6.5 of the MSA.

Authentic will restore access promptly once the relevant issue has been resolved to Authentic's reasonable satisfaction.

Schedule B – Consultancy and Advisory Services

Scope of Consultancy Services

Authentic shall provide consultancy and advisory services ("Consultancy Services") as agreed between the Parties in writing from time to time, whether by Service Order, email confirmation, or such other form as the Parties may agree.

The Consultancy Services may include, without limitation: business strategy advice, operational guidance, systems implementation support, and coaching or facilitation services.

Each engagement for Consultancy Services shall specify, as a minimum:

• the nature and scope of the work;
• the expected timelines or milestones (if applicable); and
• the applicable Fees or day/hourly rates.

Nature of Advisory Services

Authentic's Consultancy Services are advisory in nature. Authentic will provide recommendations and guidance based on the information made available to it, but the Client retains full responsibility for all decisions it makes in reliance on that advice.

Authentic does not guarantee any specific outcome, result, or return on investment arising from the Consultancy Services.

Intellectual Property in Deliverables

Subject to Clause 8 of the MSA, any deliverables, reports, frameworks, or materials created by Authentic specifically for the Client as part of the Consultancy Services ("Client Deliverables") shall be owned by Authentic unless the Parties expressly agree otherwise in writing.

Authentic grants the Client a non-exclusive, perpetual, royalty-free licence to use the Client Deliverables for its own internal business purposes.

Authentic retains the right to use any know-how, methodologies, or learnings developed during the engagement in its general business, provided Authentic does not disclose the Client's Confidential Information in doing so.

Liability

Authentic's liability in connection with the Consultancy Services is subject to the cap and exclusions set out in Clause 12 of the MSA.

In particular, Authentic shall not be liable for any loss, cost, or damage arising from the Client's implementation of, or reliance upon, any advice or recommendation provided as part of the Consultancy Services, except to the extent caused by Authentic's negligence or wilful misconduct.

Termination of Consultancy Engagements

Either Party may terminate a specific Consultancy Services engagement on 30 days' written notice to the other Party, or on such shorter notice as may be agreed in the relevant Service Order.

The general termination provisions of Clause 7 of the MSA (including the rights to terminate for material breach or insolvency) apply equally to Consultancy Services engagements.

On termination of a Consultancy Services engagement, the Client shall pay Authentic for all work completed and reasonable expenses incurred up to the date of termination.

Marketing and Client References

Authentic shall not reference the Client's name, brand, logo, or the existence of this engagement in any marketing, promotional, or publicity materials without the Client's prior written consent.

Any approval granted by the Client under Clause 6.1 of this Schedule may be withdrawn by the Client at any time on reasonable written notice, and Authentic shall cease such use within a reasonable period following receipt of that notice.

Schedule C – Data Protection Terms

C1. Scope

This Schedule applies where Authentic acts as a data processor on behalf of the Client in the delivery of the Services. Where Authentic acts as an independent or joint controller, the parties shall agree appropriate arrangements in a separate written document.

C2. Processor Obligations

Where Authentic acts as data processor, Authentic shall:

1. process personal data only on the Client's documented instructions, unless required to do so by applicable law;
2. ensure that all persons authorised to process personal data are subject to appropriate duties of confidentiality;
3. implement appropriate technical and organisational security measures as described in Schedule E;
4. not engage new sub-processors without providing reasonable prior written notice to the Client (currently approved sub-processors are listed in Schedule D);
5. assist the Client, so far as reasonably practicable and at the Client's cost, with: data subject rights requests under Articles 15–22 UK GDPR; data protection impact assessments; and notification of personal data breaches to the ICO and affected individuals;
6. on termination of this Agreement, delete or return all Client personal data within 30 days of written request, unless retention is required by applicable law; and
7. on reasonable written notice of no less than 30 days and at the Client's cost, make available such information as is reasonably necessary to demonstrate compliance with this Schedule, and permit or contribute to audits conducted by the Client or its appointed auditor (subject to reasonable confidentiality protections).

C3. Client Controller Obligations

The Client, as data controller, shall:

1. ensure it has a valid lawful basis for all personal data it provides to Authentic;
2. provide Authentic with clear and complete processing instructions; and
3. not instruct Authentic to process personal data in a manner that would breach applicable data protection law.

C4. Sub-Processors

The Client grants general authorisation to Authentic's use of the sub-processors listed in Schedule D. Authentic shall provide reasonable advance written notice of any intended new sub-processor. The Client may object in writing within 14 days of notification. Where the parties cannot resolve an objection, either party may terminate the affected services on 30 days' written notice without penalty to either party.

C5. International Transfers

Where personal data is transferred outside the UK, Authentic shall ensure appropriate transfer mechanisms are in place (including UK International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses as applicable) with relevant sub-processors. Details of transfer mechanisms are described in Schedule D.

C6. AI Tools

Where AI-powered tools are used in delivering the Services:

1. the Client shall not provide special category personal data (Article 9 UK GDPR) to any AI-enabled system without Authentic's prior written agreement;
2. AI-generated outputs are for assistance only and shall be subject to human review before use in communications or decisions affecting individuals; and
3. Authentic shall take reasonable steps to ensure AI tools used in the Services are subject to appropriate data processing terms with their providers.

C7. PECR

The Client is solely responsible for ensuring all electronic marketing communications sent via Authentic's systems comply with the Privacy and Electronic Communications Regulations 2003 (PECR). Authentic does not review or validate the lawfulness of Client communications, consent records, or marketing lists.

C8. Personal Data Breaches

Each party shall notify the other without undue delay upon becoming aware of a personal data breach affecting the other party's data. Where Authentic is acting as processor, Authentic shall provide the Client with such information as is reasonably available to assist with any notifications required under UK GDPR Articles 33 and 34, and shall cooperate with the Client in managing the breach response.

C9. Liability

Nothing in this Schedule increases Authentic's liability beyond the cap set out in the Liability clause of the Master Services Agreement. Authentic shall not be liable for any data breach or regulatory action arising from the Client's failure to fulfil its obligations under this Schedule or the Client Data Warranties clause.

Schedule D – Approved Sub-Processors and Platform Providers

This Schedule lists Authentic's current approved sub-processors and platform providers used in delivering the Services. The Client has granted general authorisation for use of these providers in accordance with Schedule C, Clause C4.

This list is updated periodically. Authentic will notify the Client of material changes in accordance with Schedule C, Clause C4. Clients may request an up-to-date copy of this Schedule at any time.

Schedule E – Technical and Organisational Measures (TOMs)

This Schedule describes the technical and organisational security measures Authentic has in place to protect personal data processed in connection with the Services.

E1. Access Controls

Access to personal data is limited to authorised personnel only. Role-based access controls are applied to restrict access to the minimum necessary for each individual's role.

E2. Authentication

Password policies are enforced across Authentic's systems. Multi-factor authentication is applied where supported by the relevant platform.

E3. Data Minimisation

Personal data is processed only to the extent necessary for service delivery. Authentic does not retain personal data beyond the period required to fulfil its obligations.

E4. Encryption

Data is encrypted in transit using TLS (Transport Layer Security). At-rest encryption is applied where supported by the relevant platform provider.

E5. Sub-Processor Oversight

All sub-processors engaged by Authentic are subject to written data processing terms that impose obligations substantially equivalent to those in Schedule C.

E6. Incident Response

Authentic maintains an internal process for identifying, escalating, and responding to personal data incidents. Breaches affecting Client data are notified in accordance with Schedule C, Clause C8.

E7. Staff Awareness

Personnel who handle personal data in the course of delivering the Services receive appropriate data protection awareness. Persons with access to personal data are subject to confidentiality obligations.

E8. Platform Security

Where Services are delivered via third-party platforms (see Schedule D), the security of those platforms is governed by the relevant provider's own security standards. Authentic takes reasonable steps to select providers that maintain appropriate security measures.

Note: These measures reflect Authentic's current standard practices and are subject to review and update over time. They are not intended as an exhaustive security certification or guarantee.

Schedule F – Role Allocation Matrix

This Schedule sets out Authentic's data protection role in common service scenarios, for the purposes of Clause 10 of the Master Services Agreement and Schedule C.

Where Authentic is acting as an Independent or Joint Controller, the parties should agree appropriate arrangements (including any joint controller agreement under Article 26 UK GDPR) in a separate written document. Authentic will flag this to the Client at the point of engagement where relevant.