MSA-ID CIV-V2.6-MAY2026 · CIVITAS LLC · Sovereign instrumentation · Canonical excerpt §§1–3.2
CIVITAS LLC MASTER SERVICES AGREEMENT VERSION 2.6 (MAY 2026)
This Master Services Agreement ("Agreement") is made and entered into as of the date of the last signature on the Order Form ("Effective Date") by and between CIVITAS LLC, a Delaware limited liability company with offices located at 1501 Tulane Street, Houston, TX 77008 ("CIVITAS"), and the Client identified on the Order Form ("Client"). CIVITAS and Client may be referred to individually as a "Party" and collectively as the "Parties."
SERVICES & SOVEREIGN DOCTRINE
1.1. Provision of Services. Subject to the terms of this Agreement, CIVITAS will provide Client with access to its proprietary RTFCT Substrate, a predictive evidence management infrastructure ("Services"), as further detailed in the applicable Service Schedule(s).
1.2. Architectural Isolation. Client acknowledges and agrees that CIVITAS is the sole contracting entity. Any upstream development partners, including but not limited to GRYFFON GROUP, are non-parties to this Agreement and shall have no direct legal relationship, duty, or liability to Client.
1.3. PRO-CRM Standard. The Parties agree that this Agreement governs a proactive, predictive relationship. As a gesture of institutional confidence, CIVITAS will provision infrastructure and API access immediately upon execution ("Trust-First Provisioning"). Client acknowledges that such provisioning does not alter or waive Client's payment obligations under Section 4.
NEUTRAL STORAGE & ZERO-TELEMETRY
2.1. Deterministic Infrastructure. CIVITAS will provide the technical substrate for the Services, consisting of The FORGE (Interceptor) and The VLT (1,095-day Vault).
2.2. Non-Review Clause. CIVITAS serves as a technical steward and does not review, assess, or interpret the specific data payloads ("Content") transmitted through the FORGE.
2.3. Legal Architecture. Client is solely responsible for the "Logic Gates" and policies ingested into the FORGE. CIVITAS provides the infrastructure; Client provides the legal architecture. CIVITAS shall not be liable for the legal sufficiency or consequences of Client's chosen policies.
2.4. Enforcement Limitations. The RTFCT Substrate is a deterministic enforcement engine and does not guarantee against all unauthorized AI interactions, zero-day vulnerabilities, or intentional employee circumvention. The Substrate is a component of Client's compliance framework, not a replacement for it.
SECURITY & INCIDENT RESPONSE
3.1. Encryption Protocol. The Substrate utilizes AES-256-GCM encryption with an RSA-OAEP key exchange. Client holds the private decryption key.
3.2. Access Limitation. CIVITAS is technically barred from accessing raw Content. In the event of a subpoena or government request, CIVITAS can only provide encrypted artifacts. Client is solely responsible for decryption.
3.3. Data Processing & Privacy. CIVITAS represents and warrants that any processing of metadata for the purpose of generating "Fault Line Reports" as described in Service Schedule A complies with applicable US data privacy laws. CIVITAS does not process or decrypt raw Content.
FEES & PAYMENT
4.1. Fees. Client will pay all fees specified in the applicable Order Form(s). Except as otherwise stated in an Order Form, all fees are quoted and payable in United States dollars.
4.2. Invoicing & Payment Terms. Fees will be invoiced in advance pursuant to the frequency stated in the Order Form. Unless otherwise stated in the Order Form, all invoices are due and payable net thirty (30) days from the invoice date.
4.3. Late Payments. Any undisputed payment not received by the due date may accrue late charges at the rate of 1.5% of the outstanding balance per month, or the maximum rate permitted by law, whichever is lower, from the date such payment was due until the date paid.
4.4. Suspension of Service. If Client's account is 30 days or more overdue, CIVITAS may, without limiting other rights and remedies, suspend Services access until such amounts are paid in full. CIVITAS will provide at least 10 days' prior notice before any suspension.
TERM & TERMINATION
5.1. Term. This Agreement commences on the Effective Date and continues until all Service Schedules have expired or been terminated.
5.2. Termination for Cause. Either Party may terminate this Agreement for cause: (i) upon 30 days' written notice of a material breach to the other Party, if such breach remains uncured at the end of the 30-day period; or (ii) if the other Party becomes the subject of a bankruptcy petition or similar proceeding.
5.3. Effects of Termination. Upon any termination, CIVITAS will stop providing the Services and all usage rights granted will immediately cease. Client remains responsible for all fees and charges incurred through the effective date of termination. Per Service Schedule A, Client may elect to port their VLT records to a local environment.
INDEMNIFICATION
6.1. Indemnification by CIVITAS. CIVITAS will defend, indemnify, and hold Client harmless against any third-party claim that the Services infringe or misappropriate any intellectual property rights, provided Client promptly notifies CIVITAS of the claim and gives CIVITAS sole control over its defense.
6.2. Indemnification by Client. Client will defend, indemnify, and hold CIVITAS harmless against any third-party claim arising from or related to: (i) Client's Logic Gates or policies ingested into the FORGE; or (ii) any operational disruption, system failure, or lost revenue caused directly by incorrectly formatted or overly restrictive Logic Gates authored by Client. This indemnity is contingent upon CIVITAS promptly notifying Client of the claim and giving Client sole control over its defense.
LIMITATION OF LIABILITY
7.1. Liability Cap. Except for liability arising under Sections 6, 8, or 9.3, in no event will either Party's total cumulative liability arising from this Agreement exceed the total fees paid or payable by Client in the 12 months preceding the incident giving rise to the liability.
7.2. Exclusion of Certain Damages. Except for liability arising under Sections 6, 8, or 9.3, in no event will either Party be liable for any indirect, special, incidental, consequential, or punitive damages, or for loss of profits, revenue, or data, whether an action is in contract or tort and regardless of the theory of liability.
7.3. Carve-Outs. The limitations in Sections 7.1 and 7.2 do not apply to liability arising from a Party's: (i) gross negligence or willful misconduct; (ii) indemnification obligations; or (iii) breach of Section 8.
CONFIDENTIALITY
8.1. Definition. "Confidential Information" means all information disclosed by a Party ("Disclosing Party") to the other Party ("Receiving Party"), whether orally or in writing, that is designated as confidential or reasonably should be understood as confidential given the nature of the information and circumstances of disclosure. CIVITAS' Confidential Information includes the Services and Content. Client's Confidential Information includes Client Data.
8.2. Protection. The Receiving Party will use the same degree of care to protect Confidential Information that it uses to protect its own confidential information of like kind (but not less than reasonable care).
8.3. Compelled Disclosure. The Receiving Party may disclose Confidential Information to the extent compelled by law, provided it gives the Disclosing Party prior notice (if legally permitted) and reasonable assistance, at the Disclosing Party's cost, to contest the disclosure.
GENERAL PROVISIONS
9.1. Governing Law & Venue. This Agreement is governed by and construed in accordance with the laws of the State of Delaware, without giving effect to any choice or conflict of law provision. Any legal action arising from this Agreement must be brought exclusively in the state or federal courts located in Wilmington, Delaware. Each Party consents to the jurisdiction of such courts.
9.2. Entire Agreement. This Agreement, including all exhibits and addenda, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements and understandings with respect to its subject matter. No modification or waiver of any provision shall be effective unless in writing and signed by both Parties.
9.3. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be unenforceable, that provision will be modified to the minimum extent necessary to make it enforceable or, if not possible, severed from this Agreement. The remaining provisions remain in full force and effect.
9.4. Assignment. Neither Party may assign this Agreement without the other Party's prior written consent, except that either Party may assign this Agreement in its entirety without consent to an Affiliate or as part of a merger, acquisition, or sale of substantially all of its assets. Any attempt to assign this Agreement in violation of this section is null and void.
9.5. Relationship of the Parties. The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties.
9.6. Waiver. No failure or delay by either Party in exercising any right under this Agreement constitutes a waiver of that right.
9.7. No Third-Party Beneficiaries. This Agreement does not confer any rights or remedies upon any third party, including without limitation any end-users of a Wholesale Sub-Vault provisioned under Service Schedule A. Client is solely responsible for administering Sub-Vaults and has no authority to create a duty of care between CIVITAS and Sub-Vault end-users.
9.8. Client Security Obligations. Client agrees to implement and maintain industry-standard security practices, including but not limited to secure management of encryption keys. CIVITAS will not be liable for any breach resulting from Client's failure to properly secure its decryption keys or other access credentials.
9.9. Trade Secrets & Evidentiary Production. The underlying architecture, codebase, database schemas, storage silo configurations, and proprietary enforcement algorithms of the RTFCT Substrate constitute protected Trade Secrets of CIVITAS. In the event of any subpoena, investigation, or legal dispute involving Client or its Sub-Vault end-users, CIVITAS will produce only the cryptographically signed, encrypted payload artifacts comprising the VLT Records and associated Chain of Custody access logs. CIVITAS will not produce, and Client agrees not to seek or compel the production of, CIVITAS' source code, technical schematics, or infrastructure configurations under any circumstances.
Client agrees to indemnify and hold CIVITAS harmless against any costs, expenses, or legal fees incurred in defending against any attempt to compel disclosure of CIVITAS' Trade Secrets, whether arising from an action involving Client or its Sub-Vault end-users. In the event CIVITAS is served with any subpoena, discovery request, or court order seeking disclosure of its Trade Secrets, Client will, at its own expense, take all necessary steps to defend against such request and obtain a protective order or other assurance that CIVITAS' Trade Secrets will be protected from disclosure.
9.10. Force Majeure. Neither Party will be liable for failures or delays in performance due to causes beyond its reasonable control, except for payment obligations.
9.11. Subpoena Response. In the event CIVITAS receives a subpoena or other legal request related to Client or its Sub-Vault end-users, CIVITAS will promptly notify Client. Client is solely responsible for managing the response process. CIVITAS' sole obligation is to provide the encrypted VLT Records and Chain of Custody logs to Client upon request, subject to the Trade Secret protections in Section 9.9. CIVITAS will not communicate directly with Sub-Vault end-users or government agencies regarding Sub-Vault data.
9.12. Data Breach Notification. In the event of a data breach originating from a Wholesale Sub-Vault, Client is solely responsible for all notification obligations under applicable data breach notification laws. CIVITAS' only duty is to promptly inform Client of the breach. Client will indemnify and hold CIVITAS harmless against any claims, fines, or penalties arising from Client's failure to comply with its notification obligations.
9.13. Intellectual Property Indemnification. CIVITAS' indemnification obligations under Section 6.1 extend only to Client, not to any Sub-Vault end-users. Client will indemnify and hold CIVITAS harmless against any intellectual property infringement claims brought by its Sub-Vault end-users.
9.14. No Service Level Agreement. Unless otherwise agreed in writing, CIVITAS provides the RTFCT Substrate "as is" and makes no guarantees regarding uptime, availability, or fitness for a particular purpose. Any service level agreements must be negotiated separately and incorporated into this Agreement via an addendum signed by both parties.
9.15. Third-Party Integrations. Client is solely responsible for any integrations of the RTFCT Substrate with third-party applications or services. CIVITAS will have no liability for any errors, failures, or damages arising from such integrations. Client will indemnify and hold CIVITAS harmless against any claims related to Client's third-party integrations.
9.16. Data Retention. CIVITAS' data retention obligations are limited to the term of this Agreement plus a period of 90 days post-termination. Any long-term data preservation beyond this period is the sole responsibility of Client. Extended retention periods may be available for an additional fee, subject to a separate written agreement.
9.17. Right to Modify Services. CIVITAS reserves the right to modify, upgrade, or deprecate features, reporting capabilities, and service level commitments of the RTFCT Substrate at any time, provided such modifications do not materially degrade the core functionality of the Sovereign Vault tier as described in Service Schedule A. Specific operational details, including reporting frequencies and SLAs, shall be set forth in the applicable Order Form or Service Level Addendum, which may be updated from time to time at CIVITAS' discretion.
9.18. Limitation of Personal Liability. No director, officer, employee, or agent of either party will be personally liable to the other party for any action or failure to act under this Agreement, except in cases of intentional misconduct or gross negligence. Each party agrees to look solely to the other party, and not to any individual, for satisfaction of any claims arising out of this Agreement. The parties will include in any agreements with their Sub-Vault end-users a substantially similar limitation of personal liability applicable to CIVITAS and its personnel.