Skip to content

1(877)755-4279, Worldwide

MINDBODY Software Service Agreement

Please carefully review the following, sign at the bottom of page 14, and return the signed document to MINDBODY, Inc. at 4051 Broad Street, San Luis Obispo, CA 93401. If you did not receive a receipt from MINDBODY, Inc. via separate email in connection with this agreement, please contact the MINDBODY Customer Service Team at 877-755-4279 before accessing or using the SOFTWARE SERVICE, defined below. If you access or use the SOFTWARE SERVICE in any manner whatsoever, you acknowledge that you are bound by the terms of this agreement.

THIS SOFTWARE SERVICE AGREEMENT (this "AGREEMENT") is entered into by and between MINDBODY, Inc., a California corporation dba MINDBODY, Inc., ("MINDBODY") and a business or individual, ("CLIENT"), collectively referred hereinafter as the "PARTIES".

Now therefore, in consideration of the mutual covenants set forth herein, the parties agree as follows:

Article I - Definitions

  1. BUSINESS MODE shall mean CLIENT’s use of the SOFTWARE SERVICE by logging into the system as an administrative user to input and maintain CLIENT DATA, including information for view by customers in CONSUMER MODE.
  2. CARDHOLDER DATA shall mean credit card numbers, expiration dates, billing addresses, and cardholder names of CLIENT’s customers.
  3. CLIENT DATA shall mean any data stored by CLIENT on MINDBODY’s host computer system using the SOFTWARE SERVICE, including CARDHOLDER DATA entered by CLIENT using the SOFTWARE SERVICE.
  4. CONFIDENTIAL INFORMATION shall have the meaning provided in Section VII(A).
  5. CONSUMER MODE shall mean CLIENT’s use of the SOFTWARE SERVICE to provide a link from CLIENT’s website to display CLIENT DATA, such as class and appointment schedules, and products and services for sale to consumers.
  6. EFFECTIVE DATE shall mean the earlier of two (2) weeks from the date of purchase of the SOFTWARE SERVICE or the first date on which CLIENT uses SOFTWARE SERVICE, unless separately arranged between the parties in writing.
  7. MONTHLY SUBSCRIPTION FEE shall mean the monthly fee for the SOFTWARE SERVICE as set forth in the RECEIPT.
  8. ONSITE TRAINING shall mean training provided by MINDBODY to CLIENT at CLIENT’s facilities for an additional fee. ONSITE TRAINING is only available in certain geographical areas, as determined by MINDBODY in its sole discretion.
  9. PCI DSS shall mean the requirements of the Payment Card Industry Data Security Standard, as detailed on https://www.pcisecuritystandards.org /.
  10. RECEIPT shall mean the receipt received by CLIENT via email at the time it received this AGREEMENT describing the SOFTWARE SERVICE.
  11. REMOTE TRAINING shall mean live training provided by a MINDBODY professional trainer to CLIENT via telephone and optional Internet link.
  12. SCHEDULED MAINTENANCE shall mean periodic planned outages of less than one (1) hour in duration, as may be necessary from time to time to maintain optimum system performance.
  13. SERVICES shall have the meaning provided in Section III(A).
  14. SOFTWARE SERVICE shall mean the MINDBODY SOFTWARE SERVICE identified in the RECEIPT as the service purchased by CLIENT subject to this AGREEMENT. The SOFTWARE SERVICE includes any user manual, multimedia content, and relevant documentation made available through the SOFTWARE SERVICE and MINDBODY’s website, and any other materials provided to CLIENT by MINDBODY pursuant to this AGREEMENT.

Article II - Description of SOFTWARE SERVICE

  1. Operation, Maintenance, and Security of SOFTWARE SERVICE

    • MINDBODY will operate and maintain the SOFTWARE SERVICE. MINDBODY reserves the right to replace, modify, and/or upgrade the SOFTWARE SERVICE purchased by CLIENT in its sole discretion, and will notify CLIENT of any pending user interface changes resulting from such replacements, modifications, and upgrades at least one (1) week in advance of releasing such change. Any replacement or upgrade to such SOFTWARE SERVICE shall be treated as part of the SOFTWARE SERVICE for the purpose of this AGREEMENT.
    • MINDBODY will provide all equipment, software, and security services necessary for the operation and maintenance of its host computer system, set forth in further detail on Exhibit A and incorporated herein by reference. MINDBODY reserves the right to change the configuration of its host computer system and change or delete equipment or software at any time.
    • MINDBODY will provide sufficient bandwidth and processor capability to enable CLIENT and its customers use the BUSINESS MODE and CONSUMER MODE, respectively.

  2. Ownership and Maintenance of CLIENT DATA

    • CLIENT DATA is and will remain CLIENT's proprietary information, and will not be disclosed by MINDBODY to any third party, without the prior written consent of CLIENT.
    • CLIENT is solely responsible for the operation and maintenance of BUSINESS MODE and CONSUMER MODE, including, but not limited to all CLIENT DATA entered in BUSINESS MODE and all materials that appear publicly in CONSUMER MODE.
    • CLIENT will be responsible for compliance with all laws and regulations applicable to the use and maintenance of CLIENT DATA, including, but not limited to ensuring that the CLIENT DATA does not breach or infringe upon the rights of any third party and ensuring that materials posted in CONSUMER MODE are not inappropriate, illegal, or defamatory.

  3. Security of CARDHOLDER DATA

    • MINDBODY expressly disclaims any and all liability for CLIENT's handling of CARDHOLDER DATA. MINDBODY recommends that when handling CARDHOLDER DATA, CLIENT follow the requirements of the PCI DSS. MINDBODY further recommends that CLIENT follow the Cardholder Data Recommended Practices attached hereto as Exhibit B.
    • MINDBODY is responsible for storing and protecting the CARDHOLDER DATA within CLIENT DATA only when such data has been properly entered in the encrypted credit card fields provided in the SOFTWARE SERVICE in accordance with the PCI DSS by CLIENT in BUSINESS MODE or by CLIENT's customers in CONSUMER MODE.

  4. Access to CLIENT DATA

    • CLIENT may download portions of CLIENT DATA directly from the SOFTWARE SERVICE in Microsoft Excel® format by using the reporting and export tools provided MINDBODY within the SOFTWARE SERVICE.
    • CLIENT may request a complete downloaded copy of current CLIENT DATA, except for CARDHOLDER DATA, stored on MINDBODY's host computer system in Microsoft SQL Server® or Microsoft Access® format at any time. MINDBODY will provide that copy via Internet file transfer protocol (ftp), electronic mail or hard copy CD-ROM within forty-eight (48) business hours of such request. If hard copy CD-ROM is requested, CLIENT shall pay MINDBODY a fee of Fifteen Dollars ($15) plus mailing costs.
    • MINDBODY reserves the right to charge CLIENT for additional bandwidth usage fees for more than one (1) download per month. In addition, for a mutually agreed upon additional recurring fee and schedule specified on RECEIPT, CLIENT may request services to automatically download a copy of CLIENT's current database stored in Microsoft SQL Server® format to a secure internet connected computer belonging to CLIENT.
    • CLIENT is responsible for maintaining the security of any copy of CLIENT DATA received pursuant to this Section II(D).

Article III - Other Services

  1. Other Services Included. The SERVICES, as provided below, are included in the fees set forth in Section IV(A):

    1. Contact Upload. CLIENT may elect in writing to MINDBODY to have MINDBODY import CLIENT's customer names and contact information upon startup of the SOFTWARE SERVICE. This election must be made within thirty (30) days of the EFFECTIVE DATE. If CLIENT makes this election, then the following will apply:

      1. MINDBODY will provide a one-time importation of CLIENT's customer names, notes and contact information from any single open database format, including, but not limited to .txt, .xls., and .csv.
      2. CLIENT will provide MINDBODY with its customer names and contact information in an open, unlocked, un-password protected format within thirty (30) days of the EFFECTIVE DATE.

    2. REMOTE TRAINING. REMOTE TRAINING not to exceed the following training times per business location identified in the RECEIPT for each software module purchase by CLIENT, as noted in the RECEIPT:

      1. Classes and Events Tracking Module - fifty (50) minutes training;
      2. Appointments Tracking Module - two (2) hours training;
      3. Boutique Retail Point of Sale Module - fifty (50) minutes training;
      4. Online Store - fifty (50) minutes training;
      5. Contact Management Module - thirty (30) minutes training.

    3. Linking. MINDBODY will provide CLIENT, or a web developer designated by CLIENT, with up to one (1) hour of assistance in the development of dynamic links between CLIENT's existing website and CONSUMER MODE.

  2. Additional Services. The following services may be available to CLIENT at an additional fee. If CLIENT is interested in any of the additional services described below, then it should contact MINDBODY for further information.

    1. Importation of Transactional Histories.

      1. CLIENT may be eligible for importation of its transactional histories for an additional fee, as determined by MINDBODY in its sole discretion.
      2. CLIENT may be eligible for importation of transactional histories and other business data directly from other proprietary software databases provided by CLIENT free of charge, as determined by MINDBODY in its sole discretion.

    2. Additional Training

      1. In the event that CLIENT wishes to have any REMOTE TRAINING in addition to such training provided pursuant to Section III(A)(2), such additional REMOTE TRAINING may be provided to CLIENT at an additional charge based on MINDBODY's hourly rates in effect at the time of such additional REMOTE TRAINING, as provided on MINDBODY's website at http://MINDBODYonline.com/purchase/. These fees are subject to change at any time.
      2. In the event that CLIENT wishes to have ONSITE TRAINING at CLIENT's facility, such training may be provided at MINDBODY's discretion at the fee displayed on MINDBODY's website at http://MINDBODYonline.com/purchase/. These fees are subject to change at any time.

Article IV - Payment

  1. Fees

    1. CLIENT has paid MINDBODY the online software setup fee identified on the RECEIPT.

    2. CLIENT shall pay MINDBODY the MONTHLY SUBSCRIPTION FEE via CLIENT authorized automatic payments.

  2. Payment Options

    1. Monthly Automatic Payment. In the event that CLIENT elects to pay MINDBODY the MONTHLY SUBSCRIPTION FEE on an automatic monthly payment schedule, CLIENT shall sign the Monthly Payment Agreement attached hereto as Exhibit C and return the signed Monthly Payment Agreement to MINDBODY as provided therein.

    2. Annual Prepayment. In the event that CLIENT elects to prepay MINDBODY for one (1) full year of service, CLIENT will receive the twelfth month of SOFTWARE SERVICE free of charge. In order to be eligible for annual prepayment pursuant to this section, CLIENT must provide such payment no later than ten (10) days from the EFFECTIVE DATE.

  3. Changes in Fees. The MONTHLY SUBSCRIPTION FEE shall remain unchanged through the first anniversary of the EFFECTIVE DATE. MINDBODY reserves the right to change the MONTHLY SUBSCRIPTION FEE effective on each anniversary of the EFFECTIVE DATE, provided that MINDBODY shall give CLIENT at least thirty (30) days advance written notice of any change in such fees.

  4. Payment Terms. All amounts set forth in this section shall be due and payable when specified above. Any payment not received within thirty (30) days of the applicable due date is a breach of this AGREEMENT and MINDBODY shall be entitled to terminate this AGREEMENT as provided below and to deactivate CLIENT’s account with MINDBODY. In the event that MINDBODY deactivates CLIENT’s account for late payment and MINDBODY decides to reactivate such account at CLIENT’s request, CLIENT shall pay MINDBODY a One Hundred and Fifty Dollar ($150) reactivation fee per CLIENT database prior to any such reactivation.

Article V - Intellectual Property

  1. MINDBODY Intellectual Property. MINDBODY shall have sole and exclusive ownership of all right, title, and interest in and to the SOFTWARE SERVICE (including any MINDBODY provided images, photographs, animations, video, audio, music, text, and “applets”) and all modifications and enhancements thereof (including ownership of all trade secrets and copyrights pertaining thereto), subject only to the rights and privileges expressly granted to CLIENT herein by MINDBODY. This AGREEMENT does not provide CLIENT with title or ownership of the SOFTWARE SERVICE, but only a right of limited use as specified in Article VI.

  2. CLIENT Intellectual Property. CLIENT shall have sole and exclusive ownership of all right, title, and interest in all CLIENT DATA.

Article VI - License

  1. Rights Granted. MINDBODY grants CLIENT a non-exclusive, non-transferable right to access, use, display, run, or otherwise interact with the SOFTWARE SERVICE subject to the terms and conditions set forth in this AGREEMENT. MINDBODY grants CLIENT’s customers the right to use the CONSUMER MODE to schedule classes, to make purchases of CLIENT’s products and services, and for any other use that MINDBODY shall make available using the CONSUMER MODE in the future.

  2. Limitation on Rights Granted. MINDBODY reserves all rights not expressly granted herein.

  3. Restrictions. CLIENT will not reverse engineer, disassemble, decompile, modify, or alter the SOFTWARE SERVICE in whole or in part.

Article VII - Confidentiality

  1. CONFIDENTIAL INFORMATION. For the purposes of this Article VII, “CONFIDENTIAL INFORMATION” shall include the SOFTWARE SERVICE, the CLIENT DATA, and any accompanying or related documentation. CONFIDENTIAL INFORMATION does not include information which is: (i) developed by the non-disclosing party independently of the disclosing party as supported by the non-disclosing party’s written records, (ii) rightfully obtained without restriction by the non-disclosing party from a third party, (iii) at the time of disclosure or thereafter becomes publicly available other than through the fault or negligence of the non-disclosing party, (iv) released without restriction by the disclosing party to anyone including the U.S. Government as supported by the non-disclosing party’s written records, or (v) known to the non-disclosing party at the time of disclosure as supported by the non-disclosing party.

    1. CLIENT has paid MINDBODY the online software setup fee identified on the RECEIPT.

    2. CLIENT shall pay MINDBODY the MONTHLY SUBSCRIPTION FEE via CLIENT authorized automatic payments.

  2. Protection of CONFIDENTIAL INFORMATION.

    1. Throughout the duration of this AGREEMENT and for five (5) years after its termination, the parties shall treat the CONFIDENTIAL INFORMATION of the other party with safeguards at least as restrictive as industry standard in the protection of proprietary information, including such measures as are reasonably necessary to ensure compliance with this AGREEMENT.

    2. The CONFIDENTIAL INFORMATION is received in confidence by the parties, and the parties agree to maintain the CONFIDENTIAL INFORMATION in confidence and not to disclose the same outside of such party. The parties further agree to disclose the CONFIDENTIAL INFORMATION of the other party only to any employees of such party who have a “need-to-know” for the purposes stated herein and who are bound by the confidentiality obligation set forth herein.

    3. The CONFIDENTIAL INFORMATION is being disclosed to the parties and the parties receive the CONFIDENTIAL INFORMATION solely for the purpose stated herein and specifically agree not to use the CONFIDENTIAL INFORMATION for any other purpose.

Article VIII - Interoperability Requirements

  1. CLIENT Responsibilities.

    1. CLIENT will maintain the functional operation of all of its workstations, networks and Internet connections necessary to ensure proper operation of the SOFTWARE SERVICE, including installation and operation of any associated operating system and web browser according to applicable manufacturer specifications and recommendations.

    2. Prior to contacting MINDBODY with allegations of connectivity problems, CLIENT shall verify that it is able to properly connect to the Internet by verifying navigation through common sites such as www.cnn.com or www.google.com and verify that it is running the most recent release of Internet Explorer ®, Mozilla Firefox ®, or Safari ®, as detailed in Section VIII(B).

  2. Technical Requirements. The communications and network interoperability for the SOFTWARE SERVICE require a high-speed Internet connection and the following web browsers only:

    1. For Personal Computers/Windows: Internet Explorer ® version 7.0 or greater; and

    2. For Macintosh Computers: MAC OS X running Mozilla Firefox ® or Safari ®, with the exception that some peripheral hardware may not be compatible.

Article IX - Limited Warranty/Limitation on Liability

  1. SOFTWARE SERVICE Warranty

    1. MINDBODY warrants that the SOFTWARE SERVICE shall be 99.9% available twenty-four (24) hours per day, seven (7) days per week, three-hundred and sixty-five (365) days per year. This translates to eight (8) hours and forty-five (45) minutes of unplanned outage time per contract year. Our server inventory will be expanded to accommodate the CLIENT’s progressive data expansion. Hardware expansion will keep up with the needs of CLIENT so that the CLIENT’s site performance will not be slowed by either the CLIENT’s data expansion or the addition of new clients to the MINDBODY servers.

    2. If the cumulative service level for the SOFTWARE SERVICE drops below 99.9% for any contract year of service, as determined on each anniversary of the EFFECTIVE DATE, MINDBODY will credit CLIENT with additional complimentary service to be used in the following year of service, according to the following schedule:

      1. 98% - 99.8% availability of SOFTWARE SERVICE - one (1) free month of service;
      2. 95% - 97.9% availability of SOFTWARE SERVICE - two (2) free months of service;
      3. 90% - 94.9% availability of SOFTWARE SERVICE - six (6) free months of service; and
      4. Less than 90% availability of SOFTWARE SERVICE - twelve (12) free months of service.

    3. In order to receive any credit of free service pursuant to this Article IX, CLIENT shall notify MINDBODY in writing no later thirty (30) days after the end of the contract year in which the availability of the SOFTWARE SERVICE fell below the warranted level of CLIENT’s intent to collect the free service related to such shortcoming in availability during the following year of service.

    4. CLIENT shall not receive any credit or refund under this Article IX in connection with any failure or deficiency caused by or associated with any of the following:

      1. Circumstances beyond MINDBODY's reasonable control, including, but not limited to, war, insurrection, sabotage, terrorism, armed conflict, embargo, fire, flood, earthquake, Internet virus or denial of service attacks;
      2. Major telecommunications or Internet failure outside of MINDBODY's control;
      3. Acts or omissions of CLIENT, its employees, or its agents, including, without limitation, custom scripting or coding, any negligence, willful misconduct, or use of the SOFTWARE SERVICE outside the scope of this AGREEMENT; and
      4. SCHEDULED MAINTENANCE conducted between the hours of 9 PM and 9 AM in CLIENT's local time zone and CLIENT is notified at least forty-eight (48) hours in advance of such Scheduled Maintenance.

  2. DISCLAIMER OF FURTHER WARRANTIES. EXCEPT AS EXPRESSLY PROVIDED IN THIS SECTION, THE SOFTWARE SERVICE IS PROVIDED “AS IS” AND WITH ALL FAULTS. NO WARRANTY OR ASSURANCE, EXPRESS, IMPLIED, OR STATUTORY, IS GIVEN BY MINDBODY WITH RESPECT TO THE SOFTWARE SERVICE OR ANY OTHER MATTER, INCLUDING, WITHOUT LIMITATION (AND MINDBODY EXPRESSLY DISCLAIMS) ALL WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, LACK OF VIRUS, LACK OF NEGLIGENCE, OR LACK OF WORKMANLIKE EFFORT ON THE PART OF MINDBODY.

  3. LIMITATION OF LIABILITY.

    1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE PARTIES BE LIABLE, WHETHER IN CONTRACT, IN TORT, OR UNDER ANY OTHER LEGAL THEORY (INCLUDING, BUT NOT LIMITED TO STRICT LIABILITY AND NEGLIGENCE) FOR LOST PROFITS OR REVENUES, LOSS OR INTERRUPTION OF USE, LOST OR DAMAGED DATA, REPORTS, DOCUMENTATION, OR SECURITY, OR SIMILAR ECONOMIC LOSS, LOSS OF PRIVACY, OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR SIMILAR DAMAGES ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OR NON-PERFORMANCE OF THIS AGREEMENT.

    2. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL MINDBODY BE LIABLE FOR ANY CLAIM MADE AGAINST CLIENT BY ANY OTHER PARTY, EVEN IF MINDBODY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH CLAIM.

    3. IN NO EVENT SHALL MINDBODY’S LIABILITY UNDER ANY CLAIM MADE BY CLIENT EXCEED THE TOTAL AMOUNT OF FEES THERETOFORE PAID BY CLIENT IN THE CURRENT CONTRACT YEAR. NO ACTION, REGARDLESS OF FORM, ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT MAY BE BROUGHT BY CLIENT MORE THAN ONE (1) YEAR AFTER THE FIRST TO OCCUR OF (i) THE TERMINATION OR EXPIRATION OF THIS AGREEMENT OR (ii) THE EVENT GIVING RISE TO SUCH CAUSE OF ACTION.

Article X - Cancellation and Refund Policy

  1. SOFTWARE SERVICECLIENT has thirty (30) days from the date of purchase, as noted on the RECEIPT, to evaluate the SOFTWARE SERVICE for suitability to CLIENT’s purposes. During that thirty (30) day period, MINDBODY will make a good faith effort to resolve any issues or difficulties CLIENT may have in using the SOFTWARE SERVICE. If during the thirty (30) day period CLIENT determines that the SOFTWARE SERVICE does not meet its needs, CLIENT may notify MINDBODY that it wishes to terminate the SOFTWARE SERVICE provided hereunder and receive a refund of the corresponding fee paid by CLIENT, less the cost of any SERVICES provided prior to such cancellation based on MINDBODY’s fees in effect at the time of such cancellation.

  2. Limitation on Cancellation/Refund Policy. CLIENT will not have the right to cancel any portion of this AGREEMENT and receive a refund pursuant to Article X if CLIENT has breached this AGREEMENT, including a failure by CLIENT to pay for any applicable fees set forth in this AGREEMENT when such fees are due.

  3. Current MINDBODY Fees. For the purposes of this Article X, MINDBODY’s current fees may be found at http://MINDBODYonline.com/purchase/. These fees are subject to change at any time.

Article XI - Term / Termination

  1. Term. The term of this AGREEMENT shall be for one (1) year from the EFFECTIVE DATE. The term of this AGREEMENT shall automatically renew for an additional one (1) year term on each anniversary of the EFFECTIVE DATE until terminated by either party pursuant to Section XI(B).

  2. Termination

    1. Termination at Time of Renewal. Either party may terminate this AGREEMENT on any anniversary of the EFFECTIVE DATE by providing at least thirty (30) days advance written notice to the other party of its intent to terminate this AGREEMENT on such anniversary of the EFFECTIVE DATE.

    2. Breach. In the event of any breach or default of this AGREEMENT by either party for any reason, the non breaching party shall have the right to terminate this AGREEMENT by giving thirty (30) days notice to the breaching party; provided, however, that the non breaching party may effect cure during such thirty (30) day notice period, in which case this AGREEMENT will remain in effect.

  3. Effect of Termination. Upon termination of this AGREEMENT for any reason, all fees set forth in Article III shall become immediately due and payable

Article XII - Idemnity

The parties agree to indemnify, defend, and hold each other, their officers, directors, shareholders, and employees harmless from and against any and all claims, damages and expenses (including, without limitation, attorneys’ fees) resulting directly or indirectly from (i) The operation, maintenance and content of the SOFTWARE SERVICE, (ii) CLIENT’s use of the SOFTWARE SERVICE, and (iii) any breach of this AGREEMENT by the parties. This Article XII shall survive the termination of this AGREEMENT.

Article XIII - Miscellaneous

  1. Dispute Resolution. This AGREEMENT will be interpreted in accordance with the laws of the State of California, including all matters of construction, validity, performance and enforcement, without giving effect to any principles of conflict of laws. Any dispute or proceeding concerning this AGREEMENT or arising out of or in connection with this AGREEMENT will be resolved by binding arbitration to be held in San Luis Obispo, California before one (1) arbitrator. The arbitration shall be administered by the Judicial Arbitration and Mediation Services (“JAMS”). Judgment on the award may be entered in any court having jurisdiction. This clause shall not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction.
  2. Assignment and Assumption.CLIENT may assign this AGREEMENT to a third party; provided that the assignee expressly assumes all obligations of CLIENT pursuant to this AGREEMENT in writing. CLIENT shall notify MINDBODY within ten (10) days of any assignment pursuant to this Section by providing MINDBODY with signed letter indicating the business name, owner(s), and contact information of the assignee, and the effective date of the assignment.
  3. Notices.
    1. All notices, requests, demands, and other communications shall be validly given if delivered in person, faxed, sent by electronic mail, or forwarded by registered or certified mail addressed to the other party at the address provided in the signature block of this AGREEMENT, unless such party has notified the other party of a substitute contact information in writing pursuant to this section.
    2. Notices delivered in person or sent via facsimile or electronic mail during normal business hours shall be deemed to be received on the same date. Notices forwarded by registered or certified mail shall be deemed to be delivered three (3) days after such notice was mailed.
  4. Relationship. The parties shall do business at their own risk and for their own profit. Nothing in this AGREEMENT shall constitute a partnership or agency relationship between CLIENT and MINDBODY or authorize either party to make any representation on behalf of or in any way to bind the other party to any obligation of any kind, express or implied, to any third party, or to incur any liability on behalf of the other party.
  5. Government Regulations. CLIENT shall at its own expense comply with all laws, ordinances, rules, regulations and other requirements of the government having jurisdiction pertaining to or in relation to any matter connected with or arising out of this AGREEMENT.
  6. Severability. If any of the provisions of this AGREEMENT shall be held by a court or other tribunal of competent jurisdiction to be unenforceable, the other portions of this AGREEMENT shall remain in full force and effect.
  7. Force Majeure. No liability hereunder shall result to a party by reason of delay in performance caused by force majeure, that is, circumstances beyond the reasonable control of the party, including, without limitation, acts of God, fire, flood, war, terrorist attack, civil unrest, labor unrest, or shortage of or inability to obtain material as equipment.
  8. No Waiver. The failure of either party to enforce at any time or for any period of time the provisions hereof in accordance with their terms will not be construed to be a waiver of such provisions or of the right of such party thereafter to enforce each and every such provision.
  9. No Third Party Beneficiary.The benefits and protection provided by this AGREEMENT shall inure solely to the benefit of the parties. This AGREEMENT shall not be deemed to create any right in any person or entity who is not a party to this AGREEMENT and shall not be construed in any respect to be a contract in whole or in part for the benefit of any third party.
  10. Questions.All questions and requests for customer service and/or technical support should be directed to MINDBODY Customer Service Team at 4051 Broad Street, Suite 220, San Luis Obispo, CA 93401. Phone: (805) 476-2700. Email: Support@MINDBODYonline.com.

IN WITNESS WHEREOF, the parties hereto have signed this Agreement as of the date and year first written above.

MINDBODY:
MINDBODY, Inc. ___________________________
dba MINDBODY, Inc.

By: _______________________________________
Name: _____________________________________
Title: ______________________________________
Address: __________________________________
Fax: ______________________________________
Email: _____________________________________

CLIENT:
By: _______________________________________
Name: _____________________________________
Title: ______________________________________
Address: __________________________________
Fax: ______________________________________
Email: _____________________________________

EXHIBIT A - MAINTENANCE AND SECURITY OF CLIENT DATA

  1. Provisions for Service Reliability. MINDBODY hosts CLIENT DATA at two (2) redundant secure data centers in California.

    1. The primary data center is located at Digital West Networks in San Luis Obispo, California ("PRIMARY DATA CENTER"). It features:

      • Multiple redundant, enterprise switching hardware at every stage;
      • Multiple active firewalls protecting against unauthorized access;
      • Web and data servers clustered into a redundant network configuration that prevents any single component failure from causing loss of service;
      • Battery powered uninterruptible power supplies ("UPS") that ensure continuous power to all servers and network components until backup generators start and are brought online;
      • Emergency backup generators, which start automatically within one (1) minute of a detected loss of utility power. These generators are tested regularly to industry standards and are capable of running all server loads for an extended period of time until normal utilities are restored;
      • Raised floor and redundant environmental control to maintain proper temperature and humidity for optimum component reliability;
      • Preaction automatic fire sprinklers so that fires and the subsequent water are isolated to one region of the server facility;
      • Remote monitoring, so that technical personnel are alerted at any time at the first sign of abnormal conditions (e.g. loss of temperature control, server failure, or loss of normal power);
      • Access at any time for select technicians employed by MINDBODY, controlled by biometric scan and personal identification number ("PIN"), with separate locks for all MINDBODY server cabinets, so that problems can be responded to rapidly and unauthorized access prevented; and
      • Nightly backup of all CLIENT DATA to the BACKUP DATA CENTER, defined below.
    2. The backup data center is located at One Wilshire in Los Angeles, California. (“BACKUP DATA CENTER”). The BACKUP DATA CENTER receives nightly backup of all CLIENT DATA, current through close of business that day. During normal conditions, this server is available at all times for read only access and report downloading by CLIENT, via the URL http//backup.MINDBODYonline.com. The BACKUP DATA CENTER has the following features to ensure maximum security and reliability:

  2. Security Provisions

    1. Personal Security

      • All MINDBODY technical or management personnel with access to CLIENT DATA are subjected to background checks prior to hiring, and must sign a non-disclosure and data security agreements that protect both MINDBODY and CLIENT DATA.
      • Physical access to the PRIMARY DATA CENTER and the BACKUP DATA CENTER is restricted by lock and key, security cameras, and alarm systems, with limited number of authorized personnel granted access.
      • No MINDBODY personnel are permitted to transfer CLIENT DATA onto any hard drive or storage device, except those contained within either the PRIMARY DATA CENTER or BACKUP DATA CENTER. CLIENT DATA is never transferred to MINDBODY office workstations.

    2. Data Security

      • All CLIENT DATA is located on secure servers, or backup directories that require access authentication.
      • All secure servers are protected by multiple, redundant firewalls and intrusion detection and prevention systems that are regularly monitored and tested (details of firewall configuration are not shared publicly for maximum security).
      • 128-bit Secure Sockets Layer ("SSL") data encryption is employed to protect all data access across the Internet.
      • Credit card numbers are stored in 128-bit encrypted format.

    3. Obligations And Activities For HIPPA Compliance. MINDBODY maintains the following HIPPA Compliance standards, sufficient for any CLIENT who may be a “HIPPA COVERED ENTITY,” as defined by United States regulations pursuant to 45 CFR §164.524:

      • MINDBODY will not disclose Protected Health Information, as defined by applicable law, other than as permitted or required by the AGREEMENT or as required by law;
      • MINDBODY uses appropriate safeguards to prevent use or disclosure of the Protected Health Information other than as provided for by the AGREEMENT;
      • MINDBODY will mitigate, to the extent practicable, any harmful effect that is known to MINDBODY of a use or disclosure of Protected Health Information by MINDBODY in violation of the requirements of the AGREEMENT;
      • MINDBODY will report to CLIENT any use or disclosure of the Protected Health Information not provided for by the AGREEMENT of which it becomes aware; . MINDBODY will not disclose Protected Health Information to any agent or subcontractor;
      • MINDBODY will document any disclosures of Protected Health information and information related to such disclosures as would be required for CLIENT to respond to a request by an individual for an accounting of disclosures of Protected Health Information in accordance with 45 CFR §164.528; and
      • MINDBODY will make internal practices, books, and records, including policies and procedures and Protected Health Information, relating to the use and disclosure of Protected Health Information received from, or created or received by MINDBODY on behalf of CLIENT available to CLIENT, or to the U.S. Secretary of Health and Human Services, in a mutually agreed upon time and manner, or as designated by the Secretary, for purposes of the Secretary verifying MINDBODY compliance to United States regulations pursuant to 45 CFR §164.524.

EXHIBIT B

CARDHOLDER DATA BEST PRACTICES

Any merchant who accepts Visa, MasterCard, American Express, or Discover credit cards for payment is subject to the Payment Card Industry Data Security Standard (PCI DSS), which outlines credit card processing merchants’ responsibilities for the protection of CARDHOLDER DATA. If CLIENT uses MINDBODY’s integrated merchant account processing service, MINDBODY is responsible to protecting CARDHOLDER DATA only after it is properly uploaded and encrypted into CLIENT DATA by the SOFTWARE SERVICE. CLIENT remains responsible for the proper handling and protection of CARDHOLDER DATA up to the point that it is properly uploaded and encrypted by the SOFTWARE SERVICE.

MINDBODY hereby refers CLIENT to the PCI DSS website, for a complete list of all rules and restrictions that may apply: https://www.pcisecuritystandards.org/.

At a minimum, MINDBODY recommends that CLIENT implement the practices set forth below.

  1. CLIENT should do the following:

    • Maintain updated anti-virus software on all workstations engaged in credit card processing and remove any programs that the anti-virus software flags as potentially malicious.
    • Restrict permission to install software on those computers to CLIENT business owner and/or trusted senior staff.
    • Maintain up-to-date versions of operating systems (e.g. Microsoft Windows® or Macintosh OS®) and web browsers (e.g. Internet Explorer®, Safari® or Firefox®), with all security updates and patches installed.
    • Ensure that every individual that logs into the SOFTWARE SERVICE has a unique username and password that is known only by that individual.
    • Only store credit card account numbers in encrypted credit card fields designed for that purpose in the SOFTWARE SERVICE system. vi. Destroy any hard copy documents that have CARDHOLDER DATA written on them.

  2. CLIENT should not do the follow:

    • Record CARDHOLDER DATA in "Notes," "Contact Logs," or other unencrypted text field within the SOFTWARE SERVICE.
    • Record CARDHOLDER DATA in any locally installed software program, unless that program and CLIENT's computer network meet all PCI DSS requirements for data.
    • Email customer credit card numbers, or ask them to email their credit card numbers to you.
    • Record credit card track data.

EXHIBIT C

MONTHLY SUBSCRIPTION PAYMENT AGREEMENT

IF CLIENT IS OPTING FOR MONTHLY AUTOMATIC CHARGING OF THE MONTHLY SUBSCRIPTION FEE PURSUANT TO THE SOFTWARE SERVICE AGREEMENT (THE “AGREEMENT”) TO CLIENT’S CREDIT CARD OR CHECKING ACCOUNT, CLIENT MUST SIGN THE AUTHORIZATION BELOW AND FAX TO (866) 759-7958, or scan and email CLIENT’s signed document to accounting@MINDBODYonline.com ALL CAPITALIZED TERMS NOT OTHERWISE DEFINED HEREIN SHALL HAVE THE MEANING SET FORTH IN THE AGREEMENT.

(a) I agree to pay the Monthly Hosting and Support Fees as an automatic monthly charge to my credit card, or automatic debit to my checking account each month for a period of at least twelve (12) months. I understand that I am responsible for the full twelve (12) months of the MONTHLY SUBSCRIPTION FEE payment, unless MINDBODY's service is cancelled by me within thirty (30) days of my initial purchase date, as identified in the RECEIPT.

(b) I hereby certify that I am the holder of the credit card, or an authorized signer on the bank checking account detailed below.

(c) I understand that I will be notified if my credit card or checking account payment fails to authorize for any reason, and that a Ten Dollar ($10) late fee will apply if I do not provide a valid credit card or checking account ACH information within ten (10) calendar days of the original rejection date.

(d) I understand that any payment not received within thirty (30) days of the applicable due date is a breach of the AGREEMENT and MINDBODY shall be entitled to terminate the AGREEMENT as provided below and to deactivate CLIENT’s account with MINDBODY. In the event that MINDBODY deactivates CLIENT’s account for late payment and MINDBODY decides to reactivate such account at CLIENT’s request, CLIENT shall pay MINDBODY a One Hundred and Fifty Dollar ($150) reactivation fee.

Signature: __________________________________________________
Date: ______________________________________________________
Printed Name: _______________________________________________
Title: ______________________________________________________