Government & Enterprise Terms Addendum

1. Scope

This Government & Enterprise Terms Addendum (“Enterprise Addendum”) applies when the Customer executes an Enterprise Order Form with GovCertix LLC (“AutoSAM”). It supplements the AutoSAM General Terms of Service and is intended for federal, state, and local government agencies, prime contractors, and enterprise organizations that require additional contractual commitments.

2. Governing terms hierarchy

In the event of a conflict between applicable documents, the following order of precedence applies (highest to lowest):

1. Executed Enterprise Order Form
2. This Enterprise Addendum
3. AutoSAM General Terms of Service

Where a provision in a higher-priority document directly conflicts with a lower-priority document, the higher-priority provision controls.

3. Data residency

All Customer data processed by AutoSAM is stored and processed exclusively within United States–based infrastructure. AutoSAM does not transfer, replicate, or store Customer data outside the continental United States. Sub-processors are contractually required to maintain US-only data residency for all Customer data.

4. Audit rights

Customers operating under an Enterprise Order Form may conduct or commission one (1) audit per twelve-month period to verify AutoSAM’s compliance with this Enterprise Addendum and applicable data protection obligations. Audits are subject to the following conditions:

• The Customer must provide at least thirty (30) days’ prior written notice to AutoSAM.
• Audits will be conducted during business hours and in a manner that minimizes disruption to AutoSAM’s operations.
• The Customer bears the cost of the audit unless the audit reveals a material breach by AutoSAM.
• AutoSAM will cooperate in good faith and provide reasonable access to relevant documentation, systems, and personnel.

5. Security assessment cooperation

Upon request, AutoSAM will provide Enterprise Customers with completed security questionnaires, SOC 2 Type II reports (when available), penetration test summaries, and other documentation reasonably necessary to support the Customer’s security and risk assessment processes. Requests should be directed to enterprise@autosam.io.

6. Business Associate Agreement (BAA)

For Customers subject to HIPAA or other regulations requiring a Business Associate Agreement, AutoSAM can provide a BAA upon request. Please contact our enterprise team at enterprise@autosam.io to initiate the BAA process.

7. FISMA & FedRAMP positioning

AutoSAM is not currently FedRAMP authorized. We are actively evaluating the FedRAMP authorization process as part of our product roadmap. AutoSAM’s infrastructure leverages SOC 2 compliant providers with US-only data residency, TLS 1.2+ encryption in transit, AES-256 encryption at rest, and row-level security for multi-tenant isolation.

Federal agencies and contractors requiring FISMA compliance should contact enterprise@autosam.io to discuss current security controls and our FedRAMP readiness timeline.

8. Modifications

AutoSAM will provide Enterprise Customers with at least sixty (60) days’ prior written notice before making material changes to this Enterprise Addendum. Changes will not apply retroactively to existing Order Forms unless mutually agreed in writing.

9. Contact

For enterprise contracting, security questionnaires, or questions about this Addendum, contact:

GovCertix LLC
Attn: Enterprise Contracts
2461 Eisenhower Ave, Suite 200
Alexandria, VA 22314
Email: enterprise@autosam.io

10. Export control (ITAR/EAR)

AutoSAM is not designed to process, store, or transmit data subject to the International Traffic in Arms Regulations (ITAR, 22 CFR §§ 120–130) or the Export Administration Regulations (EAR, 15 CFR §§ 730–774). Customers shall not use AutoSAM to process export-controlled technical data or defense articles without prior written authorization from GovCertix LLC.

If your organization requires export-controlled data handling, contact enterprise@autosam.io to discuss available controls and restrictions.

11. Section 889 NDAA compliance

GovCertix LLC represents that it does not use covered telecommunications equipment or services from the entities identified under Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. 115-232) in the provision of the AutoSAM platform. AutoSAM’s infrastructure is hosted on US-based cloud providers that maintain their own Section 889 compliance representations. Customers requiring a formal Section 889 representation letter may request one from enterprise@autosam.io.

12. Custom SLA terms

Enterprise Customers may negotiate custom Service Level Agreement (“SLA”) terms as part of their Order Form. Custom SLA terms specified in an executed Order Form supersede the standard Alert Guarantee and any publicly posted SLA commitments for the duration of the Order Form term. Contact enterprise@autosam.io to discuss custom SLA arrangements.