Terms of Service for DirectLine-IT

Last Updated: 09/03/25

These Terms of Service ("Terms") govern your use of the managed IT and cybersecurity services provided by DirectLine-IT LLC ("Company," "we," or "us"). By engaging our services, you ("Client") agree to comply with and be bound by these Terms.

1. Definitions

1.1 "Services": Refers to the managed IT services, cybersecurity services, consulting, and support provided by DirectLine-IT LLC, as selected by the Client and outlined in the Service Selection Checklist, Service Level Agreement (SLA), or Managed Services Agreement. Services may include, but are not limited to:

Comprehensive Plans: Unlimited on-site and remote support, automated support, 24/7 monitoring, Microsoft 365 services, endpoint protection, backup solutions, and VoIP support.
Standalone Plans: Remote Monitoring and Management (RMM) services for automated updates, monitoring, and maintenance without on-site or remote support.

The specific services included in this Agreement are determined by the Client's selections in the Scope of Services Selection Checklist in the Manager Services Agreement (see Section 6).

1.2 "Confidential Information": All non-public information disclosed by one party to the other, either directly or indirectly, in writing, orally, or by inspection of tangible objects, that is designated as confidential or should reasonably be understood to be confidential.

2. Acceptance of Terms

By using our Services, the Client agrees to abide by these Terms. If you do not agree to these Terms, you must not use our Services

3. Description of Services

3.1 Scope of Services: The Company agrees to provide Services as detailed in the Managed Services Agreement, Service Level Agreement (SLA), or Service Selection Checklist. Depending on the selected plan, Services may include:

Automated monitoring and maintenance via RMM software.
Unlimited on-site and remote support for hardware and software.
Microsoft 365 management and backup solutions.
Endpoint protection, threat detection, and remediation.
Cybersecurity training and compliance services.
VoIP phone system support and monthly reporting.

3.2 RMM-Only Plan: Clients subscribing to RMM-only services will receive automated monitoring, patching, malware remediation, and reporting. Direct technical support (remote or on-site) is not included and will incur additional fees as per Section 5.1.

3.3 Service Limitations: Services outside the standard scope, such as the setup of additional offices, system changes, or any other project work, will be billed separately at the current hourly rate of $175 for weekdays or $350 for weekends, after-hours and rush orders.

3.4 Third-Party Services and Vendor Management: Certain features of the Services may depend on third-party platforms, software, or vendors (e.g., Microsoft 365, security providers, cloud services). The Company maintains due diligence procedures for third-party vendors, including security assessments and contractual safeguards for data protection. However, the Company is not liable for disruptions, limitations, or failures caused by third-party services. Any warranties for such third-party services are subject to the terms provided by the respective vendor.

For regulated clients, third-party vendors are selected and managed according to applicable compliance requirements, including appropriate data handling agreements and security standards.

4. Client Responsibilities

4.1 Access and Cooperation: The Client agrees to provide all necessary access, cooperation, and resources, including data, information, systems, and personnel, to facilitate the provision of Services.

4.2 Compliance: The Client is responsible for ensuring that:

All hardware and software meet the Company's Managed Services Requirements, including operating systems and devices supported by current warranties.
Secure backups and appropriate network configurations are maintained.
All operations involving the Services adhere to applicable regulatory requirements, as well as federal and state laws governing IT services, data privacy, and cybersecurity.

4.3 Payment Obligations: The Client agrees to pay all fees as outlined in the Managed Services Agreement. Payments must be made monthly in advance via ACH debit, as authorized by the Client. Clients who opt not to use ACH for payments will incur an additional administrative fee of 2% of the total monthly invoice amount.

4.4 Acceptable Use: The Client agrees not to use the Services for illegal, harmful, or unethical purposes, including but not limited to unauthorized access to networks, data theft, or violating privacy laws. The Company reserves the right to suspend Services for misuse

5. Fees and Payment Terms

5.1 Fee Structure: The fees for Services are as specified in the Managed Services Agreement or Service Selection Checklist. Additional fees apply for:

Services outside the agreed scope.
Technical support for RMM-only clients at the rate of $175/hour (weekday) or $350/hour (after-hours/weekend).

5.2 Payment Terms: All payments are due on the 1st of each month. If payment is not received by the due date, the Company reserves the right to suspend Services until payment is made.

5.3 Late Payments: Interest on overdue invoices will accrue at a rate of 12% per annum. The Client is responsible for all costs of collection, including attorney fees, if applicable.

6. Confidentiality and Data Protection

6.1 Confidentiality: Both parties agree to maintain the confidentiality of any Confidential Information disclosed during the term of the agreement and thereafter.

6.2 Data Ownership and Transition: All data created and stored by the Client on systems managed by the Company remains the property of the Client. Upon termination, the Client must request data transfer or removal within 60 days. After this period, the Company is not responsible for retaining Client data.

6.3 Data Protection: The Company will employ reasonable administrative, physical, and technical measures to protect the Client’s data against unauthorized access, use, or disclosure.

6.4 Regulatory Compliance

When providing services to clients in regulated industries (healthcare, financial services, etc.), the Company implements additional security and compliance measures:

6.4.1 HIPAA Compliance (Healthcare Clients)

Protected Health Information (PHI) is handled according to HIPAA Security and Privacy Rules
All PHI is encrypted both at rest and in transit using industry-standard encryption methods
Access to PHI is restricted to authorized personnel on a need-to-know basis
Employees receive annual HIPAA training and sign confidentiality agreements
In the event of a security incident involving PHI, the Company will notify the Client within 60 days of discovery
A separate Business Associate Agreement (BAA) will govern HIPAA-specific obligations

6.4.2 FTC Safeguards Rule (Financial Services Clients)

Customer information is protected according to FTC Safeguards Rule requirements
Information security program includes administrative, technical, and physical safeguards
Access controls limit employee access to customer information based on business need
All customer information is encrypted during transmission and storage
Regular security testing and monitoring of information systems
Due diligence procedures for third-party service providers handling customer information

6.4.3 Data Security Standards

All sensitive data is encrypted using AES-256 encryption or equivalent
Multi-factor authentication required for system access
Regular security assessments and vulnerability testing
Incident response procedures with defined notification timelines
Employee background checks and ongoing security training
Secure disposal of electronic media and paper records

6.4.4 Compliance Limitations The Company provides tools, training, and advisory services to assist clients in meeting regulatory requirements. These services support, but do not replace, the Client's own compliance program. The Client remains solely responsible for ensuring compliance with all applicable laws and regulations. The Company does not act as the Client's Compliance Officer, legal counsel, or regulatory advisor.

7. Limitations of Liability

7.1 Disclaimer of Warranties: The Services are provided "as is." The Company makes no guarantees regarding uptime, availability, or error-free operation.

7.2 Service Availability: The Company will use commercially reasonable efforts to ensure service availability of 99.9% uptime for systems monitored under the RMM plan. Scheduled maintenance or force majeure events are excluded from this guarantee.

7.3 Limitation of Liability: The Company shall not be liable for any indirect, incidental, special, or consequential damages arising out of or in connection with the use of Services.

8. Indemnification

The Client agrees to indemnify, defend, and hold harmless the Company, its affiliates, officers, directors, employees, and agents from any claims, liabilities, losses, or damages arising from or related to the Client's use of the Services.

9. Termination

9.1 Termination for Convenience: Either party may terminate the agreement with 30 days' written notice. Termination before the end of the contract term may require payment of a termination fee.

9.2 Termination for Cause: Either party may terminate immediately if the other party breaches a material term of these Terms and fails to cure the breach within 10 business days of receiving notice.

10. Force Majeure

The Company shall not be liable for delays or failure to perform under this Agreement due to events beyond its reasonable control, including but not limited to natural disasters, acts of God, pandemics, labor strikes, or cyberattacks.

11. Dispute Resolution

11.1 Dispute Escalation: In the event of a dispute, both parties agree to make reasonable efforts to resolve the issue through direct communication and good-faith negotiations before initiating arbitration.

11.2 Binding Arbitration: If unresolved, disputes shall be settled by binding arbitration in Wasco County, Oregon, following the rules of the American Arbitration Association.

12. Entire Agreement

These Terms, along with any applicable service agreements, constitute the entire agreement between the Client and the Company regarding the Services and supersede all prior agreements.

13. Data Breach Response

13.1 Incident Response In the event of a confirmed or suspected data security incident, the Company will:

Immediately investigate and contain the incident
Document the incident details and affected systems/data
Notify affected clients according to contractual and regulatory requirements
Cooperate with client incident response activities
Implement corrective measures to prevent recurrence

13.2 Notification Timeline

Healthcare clients (HIPAA): Notification within 60 days of discovery
Financial services clients: Notification within 72 hours of discovery
Other clients: Notification within 72 hours of discovery
Law enforcement/regulatory notifications as required by applicable law

13.3 Client Cooperation Clients agree to cooperate with the Company's incident response procedures and provide necessary information to facilitate investigation and remediation efforts.

14. Contact Information

For any questions about these Terms, please contact:

DirectLine-IT LLC
514 State St Ste A, Hood River, OR 97031
1-541-386-7978
info@directline-it.com

CONTACT

Client Payment

DIRECTLINE-IT