Umbrella NDA and General Contract

This contract is written to be clear, transparent, and meet GDPR requirements. My goal is to be immediately helpful and as responsive as possible. The following guidelines for our work together should help you decide rather quickly if I’m the resource you’re looking for. While it would be great if everyone were to sit down and read this with the same eagerness as their favorite novel, I realize that’s unlikely. I would be very glad to spend time going over this with you FOR FREE before you become a client to make very sure you understand how I work in this regard. I want you to be happy, successful, and pleased to continue working with me. This contract can also be modified for our individual business arrangement.

Download Sample PDFs: Project Plan | Timeline

  1. Invoicing
    1. I bill at a negotiated rate to agencies, and a rate based on the selected FlexSupport plan if this is a direct relationship outside of an agency.
    2. Cognitive services (such as team reviews, research, meetings, and consultations) appear on invoices as their own line items. Cognitive services costs are included in estimates as a subjective guess based on a complexity rating assigned to your request. Cognitive Services are billed by the hour according to the active FlexSupport Plan, and are never provided as a fixed-cost. Production services, on the other hand, are offered as a fixed-cost within the context of a Project Plan and it’s associated Timeline.
    3. Production Services are found on invoices related to project level work and appear as fixed-cost milestones on the Project Timeline. Milestones apply to project level work such as web design or technical writing.  It is rare that an estimated fixed-cost milestone changes in price unless something occurs which modifies the scope of the project. In fact, aside from Cognitive Services Fees, all Production Services are usually rendered with a fixed fee derived from analysis in consultations (Cognitive Services).
    4. Invoice Terms are Net 15 unless we’ve arranged otherwise in advance. Invoices are issued on the 1st and 15th each month. They will contain line items by Date of Service for Milestones and Cognitive Services so you can easily see the two types of charges and your current spend. The Project Timeline will also show these amounts as you can see in the sample timeline.
    5. I use a Verification and Authorization System that logs your approval of a given milestone, and pre-authorizes billable time for cognitive services so that there is no confusion when you are about to incur such charges. For instance, let’s say I’ve finished the Table of Contents for a technical document under consideration and now we need to review it together, making sure everything is in order before moving to the next phase of the document project.  That review is considered a cognitive service, and is billable at the FlexSupport hourly rate. To make sure it is no surprise, you will get an e-mail from my Verification and Authorization System alerting you to this fact and asking you to explicitly approve the billable meeting in advance. My system makes this as easy as a few clicks, and you’re all set. This system allows you to review all past authorizations and verifications as well. Per GDPR requirements, a report on all information stored by me regarding you is available with some notice.
    6. Sometimes work is tied to a Service Request, especially if it is support-related. I use a structured support methodology inspired by W. Edwards Deming. You can view it here.  Invoices will reference these Service Requests (powered by Atlassian Jira). You will have direct log-in access to the Service Request System, but will also be able to participate with it by simply replying to e-mails.
    7. Although I bill once a milestone is reached, you will still want to confirm that whatever was completed met the requirements of the Project Plan. Since my terms are net 15 by default, this gives us plenty of time to review the work together prior to the invoice due date. If a milestone is reached and that review does not happen within 15 days because you are unable to make that review a priority, the invoice will be considered fully due and payable without further review. This also changes the dynamic of our working relationship such that I won’t agree to further work or cognitive services (including the meeting to review the work) until the outstanding invoice is paid. The end result is the same, either way: if something is not to the specification already contained within the approved Project Plan,  I will correct it at no additional charge as long as invoicing is current.
    8. I’d prefer we meet within 3 business days of milestone. I realize that might not always happen, so just stay in communication so I know what to expect. I’m flexible.
    9. A link to my company’s secure e-payment credit card page appears on all invoices.  I take checks too. I’m working on taking crypto-currency.
  2. Non-Disclosure Agreement:
    1. I assume everything I am doing is “top secret, tell nobody, we were never here” and I also consider that this assumption carries legal weight. If you need me to sign an NDA to help you (your investors might require this for example if I’m helping out with a technical documentation issue) that’s usually not a problem. Just send it to me and I’ll look it over.
    2. Unless you have explicitly allowed it, I will not reference our work together in an identifiable way in any of my online advertising, marketing, or public speaking engagements.
    3. I agree not to disclose or discuss sensitive information, including anything internal to your organization such as processes, vendor agreements, client base, strategies, or anything at all that would be inappropriate for outsiders to learn.
  3. Non-Compete
    1. Unless you have explicitly requested I do so, I will not interact directly with your client or contact them directly for work outside of our arrangement.
    2. FlexTech Media will not compete directly for client contracts for as long as a relationship between our two organizations exist. In fact, it’s unlikely to ever be a factor. FlexTech Media’s business model is not predicated on direct client business consumption of services, so such an endeavor would be counterproductive.
  4. FlexTech Media will provide the collaborative virtual environments for design, website prototyping, writing, and training, when desirable and when possible.
  5. You will provide one e-mail address for corresponding on matters of invoicing, and another on verification system notifications, or they may be the same.
  6. Everything I do is agreed to be on a “best effort” basis and once Verified as Accepted is considered final and complete. Any issues discovered after such Verification are considered outside the scope of the task agreement, though that won’t prevent me from seeing if there is an “easy fix” or other minor adjustment that can remedy the issue.
  7. INDEMNITY: You agree to hold FlexTech Media and it’s owner, Michael Penner, harmless for any actions which inadvertently result in data loss, harm to systems, or reputation in the course of our normal work together. You agree to maintain backups of all live elements I might be asked to modify. This extends to plug-ins or other third-party code bases which may be used to fulfill your project. You agree that FlexTech Media is not responsible for the performance, evolution, or deficiencies that may reside within plug-ins or other third-party code bases. FlextTech Media, in return, promises to perform all reasonable due-diligence to make sure third party resources being used are in fact stable and safe.
  8. I do not normally interact directly with agency clients, either by e-mail, in person, or by phone. I’m sure there might be exceptions to this rule. I leave that up to you.
  9. I know some heavy-hitting software engineers (custom SAP-level plant operations monitoring and ordering systems…that’s the level we’re talking about), IT professionals, drone photographers, writers, and media designers. If something is beyond my scope, I will gladly refer you to them. In most cases these are people I’ve worked with for over a decade, and they are in either California, Idaho, or Washington State. I don’t sub-contract. If I cannot do it myself, I don’t do it. You would work directly with them and me, with them as separate and independent contractors.
  10. If you are an agency working on behalf of a government entity, such as an educational district office or government awarded project, I can provide precedence for having the normal insurance requirements excused in my case. I’ve worked with UC Davis (California) and the Tulare County Office of Education (California) on several initiatives, and was able to get the insurance requirement waived each time. If that cannot be achieved for our work together, I will not be able to participate.
  11. If you want the original creative (Like PSD, .ai, or .proj files) used for a given project I’ll need to clean those files up a bit before handing them over. I’ll charge a fee for that, usually about an hour of time, but otherwise you’re welcome to them, including all rights to their use. Essentially this is a “Work For Hire” situation (as defined by the Copyright Act of 1976), so I have no problem giving them to you if you need them.
  12. I test the websites I build extensively, both during development and then again after go-live. I make every effort to assure that what I build takes into account performance and security. This satisfies article 25 of GDPR Compliance. If things go wrong once the site is live, I am usually able to take counter-measures and/or corrective action that is effective. However, it is not possible to anticipate every attack, glitch, or inappropriate behavior by site members or visitors that can cause problems. Nor am I in control, to any degree, over the performance of the selected web hosting solution. The web hosting I prefer is communicated to you during our discussions because it has been proven to be robust, resilient, and responsive to me when things go wrong. Given the amount of QA effort I expend to minimize the possibility of problems, you agree to hold FlexTech Media harmless for any loss of revenue, reputation, or any other form of damage resulting from website performance problems including but not limited to website crashes, server downtime, offensive material posted to your website due to hacking, offensive site redirects due to hacking, unavailable pages, search engine ranking issues, and server error messages: essentially any unanticipated or unintended website behavior, due to hacking or other malicious behavior (including the behavior of site members), which could be deemed damaging, will not be held against FlexTech Media. My promise to you is that if such things happen I will make every reasonable effort to help you (and it will be documented), though it may not always be possible to do so free of charge. If the problem is something I caused, I certainly will fix it free of charge, but I still require the same disclaimer of liability in that case as well.No warranty or expectation of 100% site uptime is provided by FlexTech Media. There exists not a single website I am aware of that has ever enjoyed 100% uptime, but I will do everything in my power to minimize the chances that downtime occurs. You agree and understand that:
    • It is not possible for FlexTech Media to respond on an emergency basis for any reason, and if your site goes down or is hacked it could take up to 4 business days for analysis and / or remediation of the problem to begin. This is certainly a worst-case scenario, and I will of course always make such problems a priority.
    • It is your responsibility to monitor the membership activity and behavior on your website of your members.
    • If your website is hacked and the exploit poses a danger to the hosting service, it is within the hosting service’s authority (indeed it is their responsibility) to immediately suspend your website from service without prior warning. This is usually only a problem on cheaper web hosting platforms that don’t host websites in virtual isolation. While this may seem a bit technical, it’s important to understand that this is one way such companies cut costs. It’s not a corner we think is good to cut because of the danger described here.
    • FlexTech Media takes security very seriously, and will at any time furnish to you a document detailing steps taken to secure your website and harden it against attack. This satisfies Article 25 of the GDPR. If you approve the website for go-live, you are thereby also agreeing that these measures were sufficient to the best of your understanding, and that they were explained clearly to your satisfaction or you did not feel any such explanation was needed.
    • You are, ultimately, responsible for the security and control of all information stored in databases and files hosted with your website. FlexTech Media will not be held liable for the theft and / or misuse of such information, or any violations of the GDPR. That said, my approaches make it really tough for hackers to get access to this information, and I will council you on any additional security measures, or warn you against certain practices, to minimize this concern for you.
    • FUTURE PROOFING NOTICE: At this point in the 21st century it is still possible to hack a website. Even the federal government and large banks with dedicated security resources can be compromised. The security of your site is also the responsibility of your web hosting service and by using FlexTech Media to build your website you are agreeing to this statement.  Cheap web hosting usually means little or no real attention to site security. Getting hacked with a cheap web host can mean you get shut down by that web host so they can prevent compromises to other clients they are hosting websites for in the same data center. It’s not a good situation for you to be in, and so that’s why I don’t like working with cheap web hosts. It’s just not in your best interest most of the time. I cannot provide emergency response services for any reason, so if your site gets hacked please be aware of this. That said, I take extraordinary measures to minimize the likelihood of hacking. With hackers it is a similar mindset as with burglars…if your house is more secure than the one next door, the burglar would rather just go next door.
    • Keeping your version of WordPress updated is an important aspect of hacker defense, but brings with it issues you need to be aware of as the website’s owner. These issues are not trivial and you really need to take a moment to understand them. Although software developers are quick to point out that keeping WordPress patched to the current version is a best practice to harden against hacking, it is not in fact always the case. Despite software developers’ claims to the contrary, direct experience shows that any new release of software brings with it the risk of undocumented and unknown problems, and so a balance needs to be achieved.With a public-facing content management system (CMS) such as WordPress one of the complicating factors is the reliance on plug-ins to furnish advanced features for very little cost (I do this with my vetted Expansion Library), bypassing the need to hire seasoned programmers to build these capabilities on a custom basis unless nothing else will suffice. Plug-ins are modules of ready-to-use code, developed by freelancers or third party companies, that can be implemented to instantly provide all kinds of great capabilities in WordPress. Plug-ins are not always compatible with each other or the latest version of WordPress. Plug-ins and WordPress are often built by unrelated businesses and individuals, and so it is extremely important to thoroughly vet these things prior to accepting them into your website. I have a rather involved acceptance procedure before I will allow a plug-in to be used in a production environment.
    • “Future proofing” means making sure future updates to WordPress are also compatible with all the components used to build your site on WordPress, and these components include plug-ins.There is a tradeoff, there is a hidden cost. It is not possible to totally future proof a website without you, the client, incurring additional costs down the road and it is not possible to anticipate specifically what those costs might be. WordPress is regularly updated to address security vulnerabilities or improve how it runs. This is not always the case with plug-ins. Sometimes a plug-in will no longer work once WordPress has been upgraded, and if the plug-in does not offer a compatibility upgrade, it will have to be abandoned and a replacement plug-in researched, tested, and implemented. It is not possible to anticipate how threats will evolve, what aspects of WordPress will be exploited by hackers, or how the WordPress Open Source Community will address a vulnerability in the next release of WordPress. Auto-updating WordPress to the most recent version is possible with the push of a button. Doing so is also a sure fire way to increase the chances your site will no longer operate correctly due to component incompatibilities, such as plug-in conflicts, if your site is of a more sophisticated bent. Once you push that button, you cannot reverse the update. It can be quite a problem if you don’t know what you’re doing. This is why FlexTech Media charges a fee to maintain WordPress websites. It takes a lot of prep and testing. I really wish WordPress didn’t give the illusion that simply pushing a button gets you updated. It works fine for small personal sites, but for professional-grade websites with any sort of sophistication it’s a recipe for disaster.
    • What of the unlikely event in which a site cannot be readily upgraded beyond its current WordPress version smoothly because a plug-in being used, that is core to the site’s operation, is not compatible? In that case we have to consider abandoning the plug-in and implementing a new one (which later could become incompatible with the endless parade of WordPress updates) at expense to you, the client, if it is decided that the latest version of WordPress is a must-have. Given the cost savings of using highly tested plug-ins, the additional cost is still a huge savings over what would be required if you had the feature built from scratch by professional developers.The other choice is to simply stay with the current version of WordPress for the foreseeable future until new hacking approaches evolve to the point where that becomes untenable.
  13. All Stakeholders Must Be Present: I require all stakeholders to participate in a given project…technical writing, web builds, UX design, anything at all. If a stakeholder sits behind the scenes then begins to participate while we are in process, there is a good chance new requirements will be brought to my attention along with additional meetings that are then needed to define, review, and approve their functionality in any prototyping work. If this occurs, you agree to release me from the previously agreed upon timeline, the associated budgetary scope, and any or all aspects of the Project Plan or other architectural document we are working from. We will then need to produce revisions of those documents as part of cognitive services charges.
  14. This agreement is subject to change without notice.
Enter title here...
Enter content here...
Main Menu