TERMS OF SERVICE

DirectLine-IT LLC

Last Updated: October 10th, 2025

TThese Terms of Service ("Terms") govern your use of the managed IT and cybersecurity services provided by DirectLine-IT LLC ("Company," "we," or "us"). By engaging our services, you ("Client") agree to comply with and be bound by these Terms.

1. Definitions

1.1 "Services": Refers to the managed IT services, cybersecurity services, consulting, and support provided by DirectLine-IT LLC, as selected by the Client and outlined in the Service Selection Checklist, Service Level Agreement (SLA), or Managed Services Agreement. Services may include, but are not limited to:

• Comprehensive Plans: Unlimited on-site and remote support, automated support, 24/7 monitoring, Microsoft 365 services, endpoint protection, backup solutions, and VoIP support.

• Standalone Plans: Remote Monitoring and Management (RMM) services for automated updates, monitoring, and maintenance without on-site or remote support.

The specific services included in this Agreement are determined by the Client's selections in the Scope of Services Selection Checklist in the Managed Services Agreement (see Section 6).

1.2 "Confidential Information": All non-public information disclosed by one party to the other, either directly or indirectly, in writing, orally, or by inspection of tangible objects, that is designated as confidential or should reasonably be understood to be confidential.

2. Acceptance of Terms

By using our Services, the Client agrees to abide by these Terms. If you do not agree to these Terms, you must not use our Services.

3. Description of Services

3.1 Scope of Services: The Company agrees to provide Services as detailed in the Managed Services Agreement, Service Level Agreement (SLA), Basecamp Service Agreement, or Service Selection Checklist. Services vary by tier and client agreement. Depending on the selected plan, Services may include automated monitoring and maintenance, unlimited on-site and remote support (Ascend/Summit tiers only), Microsoft 365 management, endpoint protection, cybersecurity training, monthly reporting, and virtual CIO/CTO services including technology refresh budget planning and assistance. Basecamp tier clients receive limited support (2 tickets per month) and do NOT receive unlimited support, hardware provision, server backups, or Microsoft 365 licensing unless separately purchased.

3.2 RMM-Only Plan: Clients subscribing to RMM-only services will receive automated monitoring, patching, malware remediation, and reporting. Direct technical support (remote or on-site) is not included and will incur additional fees as per Section 5.1.

3.3 Service Limitations: Services outside the standard scope, such as the setup of additional offices, system changes, or any other project work, will be billed separately at the current hourly rate of $175 for weekdays or $350 for weekends, after-hours and rush orders.

3.4 Third-Party Services and Vendor Management: Certain features of the Services may depend on third-party platforms, software, or vendors (e.g., Microsoft 365, security providers, cloud services). The Company maintains due diligence procedures for third-party vendors, including security assessments and contractual safeguards for data protection. However, the Company is not liable for disruptions, limitations, or failures caused by third-party services. Any warranties for such third-party services are subject to the terms provided by the respective vendor.

4. Client Responsibilities

4.1 Access and Cooperation: The Client agrees to provide all necessary access, cooperation, and resources, including data, information, systems, and personnel, to facilitate the provision of Services.

4.2 Compliance: The Client is responsible for ensuring that:

(a) All desktop PCs, laptops, and network equipment (routers, switches, firewalls) are less than 5 years old from the original manufacturer date, regardless of Client purchase date;

(b) All servers are less than 7 years old from the original manufacturer date, regardless of Client purchase date;

(c) Equipment that exceeds these age limits is replaced promptly. Work to diagnose, restore, or replace equipment exceeding age requirements will be billed as additional services;

(d) All hardware and software meet the Company's Managed Services Requirements as documented;

(e) Secure backups and appropriate network configurations are maintained;

(f) All operations involving the Services adhere to applicable regulatory requirements, as well as federal and state laws governing IT services, data privacy, and cybersecurity.

4.3 Payment Obligations: The Client agrees to pay all fees as outlined in the Managed Services Agreement. Payments must be made monthly in advance via ACH debit, as authorized by the Client. Clients who opt not to use ACH for payments will incur an additional administrative fee of 2% of the total monthly invoice amount.

4.4 Acceptable Use and Professional Conduct: The Client agrees not to use the Services for illegal, harmful, or unethical purposes, including but not limited to unauthorized access to networks, data theft, or violating privacy laws.

Additionally, Client agrees to maintain professional standards of conduct in all interactions with Company personnel, including:

(g) Communicating respectfully without engaging in abusive, threatening, harassing, discriminatory, or profane language or behavior toward Company staff;

(h) Refraining from making unreasonable or excessive demands that materially disrupt the Company's ability to provide Services to Client or other clients;

(i) Not engaging in behavior that creates a hostile, intimidating, or unsafe environment for Company personnel;

(j) Providing accurate information and cooperating reasonably with troubleshooting and service delivery processes.

Enforcement: The Company reserves the right to suspend Services immediately for violations of acceptable use or professional conduct standards. The Company may terminate this Agreement pursuant to Section 9.2 for continued violations after written warning, or immediately pursuant to Section 9.3 for conduct involving threats, harassment, or safety concerns. Services suspended for violations will be reinstated only after: (i) the violation is remedied, (ii) Client acknowledges the violation in writing, and (iii) Client pays any associated investigation or remediation costs.

4.5 Communication Recording: The Company may record telephone calls, video conferences, and other communications with Client for quality assurance, training, dispute resolution, and safety purposes. By using the Services, Client consents to such recording. Oregon is a one-party consent state; however, the Company will make reasonable efforts to notify participants when recording is in progress. Recordings may be used as evidence in any dispute resolution proceedings.

5. Fees and Payment Terms

5.1 Fee Structure: The fees for Services are as specified in the Managed Services Agreement or Service Selection Checklist. Additional fees apply for services outside the agreed scope and technical support for RMM-only clients at the rate of $175/hour (weekday) or $350/hour (after-hours/weekend). Emergency cybersecurity incident response (including but not limited to ransomware, data breaches, active intrusions, or other security emergencies) is billed at $350 per hour with a 4-hour minimum, regardless of time of day.

5.2 Payment Terms: All payments are due on the 1st of each month. If payment is not received by the due date, the Company reserves the right to suspend Services until payment is made.

5.3 Late Payments: Interest on overdue invoices will accrue at a rate of 12% per annum. The Client is responsible for all costs of collection, including attorney fees, if applicable.

5.4 Fee Protection: For clients under multi-year agreements, the monthly service fee is locked for the duration of the initial contract term. At renewal, the Company may adjust fees with 60 days advance notice, not to exceed 5% or the Consumer Price Index (CPI-U) percentage increase for the preceding 12-month period, whichever is greater.

5.5 Inflation Protection Adjustment: If the Consumer Price Index (CPI-U) increases by more than 7% in any 12-month period during an initial contract term, the Company may implement a one-time adjustment equal to (CPI increase - 3%) with 90 days advance notice, to partially offset extraordinary inflationary cost increases. Client may terminate the agreement without penalty within 30 days of receiving such notice if the adjustment exceeds 5%.

6. Confidentiality and Data Protection

6.1 Confidentiality: Both parties agree to maintain the confidentiality of any Confidential Information disclosed during the term of the agreement and thereafter.

6.2 Data Ownership and Transition: All data created and stored by the Client on systems managed by the Company remains the property of the Client. Upon termination, the Client must request data transfer or removal within 60 days. After this period, the Company is not responsible for retaining Client data.

6.3 Data Protection: The Company will employ reasonable administrative, physical, and technical measures to protect the Client's data against unauthorized access, use, or disclosure.

6.4 Regulatory Compliance: When providing services to clients in regulated industries (healthcare, financial services, etc.), the Company implements additional security and compliance measures:

6.4.1 HIPAA Compliance (Healthcare Clients)

• Protected Health Information (PHI) is handled according to HIPAA Security and Privacy Rules

• All PHI is encrypted both at rest and in transit using industry-standard encryption methods

• Access to PHI is restricted to authorized personnel on a need-to-know basis

• Employees receive annual HIPAA training and sign confidentiality agreements

• In the event of a security incident involving PHI, the Company will notify the Client within 60 days of discovery

• A separate Business Associate Agreement (BAA) will govern HIPAA-specific obligations

6.4.2 FTC Safeguards Rule (Financial Services Clients)

• Customer information is protected according to FTC Safeguards Rule requirements

• Information security program includes administrative, technical, and physical safeguards

• Access controls limit employee access to customer information based on business need

• All customer information is encrypted during transmission and storage

• Regular security testing and monitoring of information systems

• Due diligence procedures for third-party service providers handling customer information

6.4.3 Data Security Standards

• All sensitive data is encrypted using AES-256 encryption or equivalent

• Multi-factor authentication required for system access

• Regular security assessments and vulnerability testing

• Incident response procedures with defined notification timelines

• Employee background checks and ongoing security training

• Secure disposal of electronic media and paper records

6.4.4 Compliance Limitations

The Company provides tools, training, and advisory services to assist clients in meeting regulatory requirements. These services support, but do not replace, the Client's own compliance program. The Client remains solely responsible for ensuring compliance with all applicable laws and regulations. The Company does not act as the Client's Compliance Officer, legal counsel, or regulatory advisor.

7. Limitations of Liability

7.1 Disclaimer of Warranties: The Services are provided "as is." The Company makes no guarantees regarding uptime, availability, or error-free operation.

7.2 Service Availability: The Company will use commercially reasonable efforts to ensure service availability of 99.9% uptime for systems monitored under the RMM plan. Scheduled maintenance or force majeure events are excluded from this guarantee.

7.3 Limitation of Liability: The Company shall not be liable for any indirect, incidental, special, or consequential damages arising out of or in connection with the use of Services. The Company's maximum cumulative liability for any claims shall not exceed thirty thousand dollars ($30,000).

8. Indemnification

The Client agrees to indemnify, defend, and hold harmless the Company, its affiliates, officers, directors, employees, and agents from any claims, liabilities, losses, or damages arising from or related to the Client's use of the Services, violation of these Terms, or violation of any applicable laws or third-party rights.

9. Termination

9.1 Termination for Convenience: Either party may terminate the agreement with 30 days' written notice. Termination before the end of the contract term may require payment of a termination fee as specified in the Managed Services Agreement.

9.2 Termination for Cause: Either party may terminate immediately if the other party breaches a material term of these Terms and fails to cure the breach within 10 business days of receiving notice. Material breach includes, but is not limited to:

(k) Failure to pay amounts due within 30 days of billing;

(l) Violation of Acceptable Use or Professional Conduct requirements (Section 4.4);

(m) Breach of confidentiality obligations (Section 6.1);

(n) Failure to meet security or compliance requirements that create material risk;

(o) Any other failure to perform material obligations under these Terms.

9.3 Immediate Termination: Notwithstanding Section 9.2, the Company may terminate this Agreement immediately without prior notice or cure period in cases involving:

(p) Threats, violence, or harassment toward Company personnel;

(q) Illegal use of Services or actions that violate applicable laws;

(r) Material security breaches caused by Client negligence or intentional misconduct;

(s) Actions that create imminent risk to Company systems, data, or other clients;

(t) Behavior that creates an unsafe work environment for Company personnel.

In cases of immediate termination under this Section 9.3, Client remains responsible for all fees through the termination date and any applicable termination fees. The Company is not required to provide refunds for prepaid services.

10. Force Majeure

The Company shall not be liable for delays or failure to perform under this Agreement due to events beyond its reasonable control, including but not limited to natural disasters, acts of God, pandemics, labor strikes, cyberattacks, war, civil disturbances, or government actions. In the event of Force Majeure, the Company will make commercially reasonable efforts to minimize disruption and will notify the Client of the situation and expected duration.

11. Dispute Resolution

11.1 Dispute Escalation: In the event of a dispute, both parties agree to make reasonable efforts to resolve the issue through direct communication and good-faith negotiations before initiating arbitration.

11.2 Binding Arbitration: If unresolved after 30 days of good-faith negotiation, disputes shall be settled by binding arbitration in Wasco County, Oregon, following the rules of the American Arbitration Association. The arbitration shall be conducted by an arbitrator experienced in information technology services. Disputes involving amounts within small claims court jurisdiction may be brought in small claims court as an alternative to arbitration.

11.3 Costs: The prevailing party in any arbitration or litigation shall be entitled to recover reasonable attorney fees and costs.

12. Entire Agreement

These Terms, along with any applicable Managed Services Agreement, Service Level Agreement, and related service agreements, constitute the entire agreement between the Client and the Company regarding the Services and supersede all prior agreements, understandings, and communications, whether written or oral. Any modifications to these Terms must be made in writing and signed by both parties.

13. Data Breach Response

13.1 Incident Response: In the event of a confirmed or suspected data security incident, the Company will:

• Immediately investigate and contain the incident

• Document the incident details and affected systems/data

• Notify affected clients according to contractual and regulatory requirements

• Cooperate with client incident response activities

• Implement corrective measures to prevent recurrence

13.2 Notification Timeline:

• Healthcare clients (HIPAA): Notification within 60 days of discovery

• Financial services clients: Notification within 72 hours of discovery

• Other clients: Notification within 72 hours of discovery

• Law enforcement/regulatory notifications as required by applicable law

13.3 Client Cooperation: Clients agree to cooperate with the Company's incident response procedures and provide necessary information to facilitate investigation and remediation efforts.

14. Amendments and Updates

The Company reserves the right to update these Terms from time to time. Material changes will be communicated to active clients via email at least 30 days before taking effect. Continued use of Services after the effective date of changes constitutes acceptance of the updated Terms. The current version of these Terms is always available at https://www.directline-it.com/terms.

15. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Oregon, without regard to its conflict of law principles. Exclusive jurisdiction and venue for any legal proceedings shall be in Wasco County, Oregon, and both parties consent to the personal jurisdiction of such courts.

16. Severability

If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

17. Waiver

No waiver of any term or condition of these Terms shall be deemed a further or continuing waiver of such term or condition or any other term or condition. The Company's failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision.

18. Contact Information

For any questions about these Terms, please contact: