Services Agreement

Synacor Master Services Agreement

by Synacor
October 11th, 2007
 

EXHIBIT 10.17.2
CONFIDENTIAL TREATMENT REQUESTED
EXECUTION COPY
1. PARTIES and EFFECTIVE DATE
1.1 Parties (each a “Party” and collectively, the “Parties).
                     
Synacor, Inc.   (“Synacor”)   ACC Operations, Inc. (“Client”)
Attention:
  George Chamoun   Attention:   Jeff Turner        
 
  (the “Synacor Representative”)       (the “Adelphia Representative”)        
Address:
  50 Fountain Plaza, Suite 1520   Address:   DTC Parkway        
 
  Buffalo, New York 14202
      Englewood, Colorado 80111        
Telephone:
  716-853-1362 ext. 216   Telephone:   303-268-6362        
Fax:
  716-332-0081   Fax:   303-268-6382        
1.2 Effective Date. July 13, 2004
2. SYNACOR SERVICES AND RESPONSIBILITIES
2.1 Services. Subject to the terms and conditions of this Master Services Agreement (this “Agreement”), Synacor will provide the services contracted for hereunder, as more particularly described in this Agreement, including the Content Distribution Addendum (the “Addendum”), Schedule A, Schedule B, Schedule C, and any other schedules, attachments, exhibits, addenda, amendments or riders that may be attached to this Agreement from time to time (collectively, the “Services”). Synacor may provide the Services directly to Client, or indirectly using contractors or other third party vendors or service providers; provided that, Synacor shall first obtain a written agreement from any such contractor or third party that such contractor or third party shall be bound by confidentiality obligations at least as protective of the Proprietary Information (as defined in Section 5.1 herein) of the Parties as the provisions of Section 5 of this Agreement and Synacor shall in all events be responsible to Client for any action or inaction of such contractors or third parties. Each party shall provide the other with reasonable cooperation, assistance, information and access as may be necessary to initiate Client’s and its registered users’ use of the Services (such as, for example, developing any content, user interfaces or appearance specific to the Services contracted for by Client). The Services will be available to customers of Client subscribing to Client’s high speed internet (“HSI”) access service through a unique, HSI account number issued by Client (collectively, “Users”).
2.2 Additional Services. Upon mutual agreement of the Parties, Client may engage Synacor to provide development services or other professional services in addition to the Services. Such additional services shall be provided pursuant to a separately executed Professional Services Addendum. From time to time, Synacor may offer additional services to Client that are beyond the scope of this Agreement. All such additional services shall be provided upon terms and conditions as the Parties may mutually establish in writing which, provided that such additional services result in software, computer programs or other work product which is developed exclusively for Client (collectively, “Work Product”), shall include provisions relating to the ownership of such Work Product, including, without limitation, the intellectual property rights in such Work Product by Client as “works made for hire” for all purposes of copyright law.
2.3 Technical Support. Synacor will provide the Services and technical support services in accordance with the requirements set forth in this Agreement, including, without limitation, Schedule B — Service Level Agreement, attached hereto and made a part hereof.
2.4 Limitations. Synacor will not be responsible for, nor liable hereunder in connection with, any failure in the Services due to or resulting from: (a) any Client Materials (as defined in Section 3.3 herein) or other content provided by or for Client by parties other than Synacor; (b) Client’s negligence or Client’s acts or omissions; (c) telecommunications or equipment failures outside of Synacor’s facilities, except for those facilities owned, operated or maintained by Synacor, or by a third party on behalf of Synacor, necessary for Synacor to connect to the Internet; and (d) scheduled maintenance as set forth in Schedule B. Further, except for breaches of Synacor’s representation and warranty set forth in Section 8.1(g) hereof, Synacor will not be responsible for, or liable hereunder, in connection with, any failure in the Services due to or resulting from unauthorized access, breach of firewalls or other hacking by third parties of the System.

 


 

2.5 User Information. As between Synacor and Client, Client shall own all User names, login IDs, passwords and other User registration information provided by Client and Users in connection with the Services (“Account Information”). Unless otherwise agreed to by Client in advance and in writing, Synacor shall not disclose to third parties or use any Account Information except as reasonably necessary to perform its obligations under this Agreement or to comply with any legal or regulatory requirement; provided that, to the extent not otherwise prohibited by law, Synacor shall provide Client with prompt notice of any such legal or regulatory requirement in order that Client may comply with the provisions of Client’s privacy policy and/or any applicable federal, state and local privacy laws, rules and regulations and/or seek a protective order with respect to such Account Information. To avoid uncertainty, each Party hereby acknowledges and agrees that, subject at all times to Section 5.2 herein, Synacor may disclose aggregate information (not personally identifiable) of Users and Service usage and performance derived from Account Information to Synacor Providers (as defined in the Addendum), Synacor customers and Synacor investors; provided that, no such information shall identify Client or any User or contain any Client-specific or User-specific information.
3. CLIENT RESPONSIBILITIES
3.1 Client Support; Synacor Status. Client acknowledges that the continuing performance of certain Services may depend on Client’s cooperation, assistance, information and access to Synacor. If Client fails to timely provide any of the foregoing, then Synacor will not be liable for any delay in its performance. The Parties’ Representatives (designated in Section 1.1) are responsible for facilitating communication between Synacor and Client regarding all technical and business matters.
3.2 Regulations. Client will use the Services only in compliance with all applicable federal, state and local laws, rules and regulations (including, without limitation, laws related to “spamming,” privacy, obscenity and defamation) (collectively, the “Regulations”). Client acknowledges and agrees that each User’s access to the Services is subject to such User’s acceptance of an “end user agreement” or “terms of use” regarding the Service and continuing compliance with the Regulations. Synacor has no obligation to monitor the Client Materials or other content provided by or for Client, except for Synacor Sourced Services (as defined in the Addendum). Synacor may do so, however, and may remove any content or disable or terminate any use of the Services that Synacor, in good faith, believes may be (or which is alleged to be) in violation of any Regulation.
3.3 Materials and Equipment. Client will provide (on its own behalf, or on behalf of its sponsors or advertisers) certain materials, domain names, Client Sourced Services (as defined in the Addendum) and other information (collectively, “Client Materials”) to Synacor as reasonably needed by Synacor to perform the Services. Client represents and warrants that it has the right to provide all Client Materials, and that use of such Client Materials hereunder will not violate Client’s obligations under any other agreement, the Regulations and any privacy policies covering any Client Materials. Except for any hardware, software and other technology used by Synacor to provide the Services, Client shall be responsible for obtaining, operating and maintaining in good working order all equipment and ancillary services under Client’s control needed in order for Users to connect to, access or otherwise use the Services via the Internet, including modems, authentication/provisioning servers, network hardware/software and such network and communication services necessary to connect Users to the Internet (“Equipment”). Client shall ensure that all Equipment is compatible with the Services (and, to the extent applicable, any software interface) and that the Equipment complies with all configurations and specifications set forth in the Synacor Specifications, attached hereto as Schedule C, which Schedule C the Parties hereby acknowledge is subject to finalization, upon mutual agreement, within the thirty (30)-day period immediately following the Effective Date. Client shall be responsible for the maintenance and integrity and security of its Equipment (physical, electronic and otherwise), Account Information, passwords, Client Materials and other data provided by Client to Synacor.
4. CLIENT LICENSE; SYNACOR PROPRIETARY RIGHTS.
4.1 License Grant. Client hereby grants to Synacor during the Term a nonexclusive, worldwide and royalty-free right and license to use, reproduce, modify, distribute, perform and display the Client’s Marks (as defined herein) solely in connection with the Services hereunder.
4.2 No Implied Licenses. Except for the limited rights and licenses expressed hereunder, each Party shall retain all right, title and interest in and to its logos and product and service names, which shall at all times remain trademarks

2


 

of such party (the “Marks”), technology and other intellectual property (including, without limitation, in the case of Synacor, the Services and the software used by Synacor to provide the Services (the “Software”)). Neither Party shall take any action inconsistent with such ownership. Each Party acknowledges that, as between the Parties, Client’s Marks and Synacor’s Marks are the exclusive property of the respective Party and/or one or more entities affiliated with such Party and neither Party has, nor will acquire, any proprietary rights thereto by reason of this Agreement or otherwise. This is a contract for services only. All software, hardware and other technology used to provide the Services will be installed, accessed and maintained only by or for Synacor and no license therein is granted to Client. Client shall not use Synacor’s Marks, Software or Services in any manner except as specifically provided herein. Synacor shall not use Client’s Marks in any manner, except as specifically provided herein. No title to or ownership of any Client Sourced Service, Client Marks or Client Materials and/or any part thereof is hereby transferred to Synacor or any third party, nor shall any rights therein accrue to Synacor or any third party as the result of the performance of this Agreement by either Party.
4.3 Restrictions. Except as specifically permitted in this Agreement, Client shall not, directly or indirectly: (a) use any of Synacor’s Proprietary Information (as such term is defined in Section 5.1) to create any software that is similar to the Software; (b) decompile, disassemble, reverse engineer or use any similar means to attempt to discover the source code of the Software or the trade secrets therein, or otherwise circumvent any technological measure that controls access to the Software or Services; (c) encumber, transfer (except as expressly permitted pursuant to Section 12 herein), rent, lease, or time-share the Software or Services, or use the Software or Services in any service bureau arrangement or otherwise for the benefit of any third party, except for Users; (d) access, copy, distribute, manufacture, adapt, create derivative works of or otherwise modify the Software; (e) remove any proprietary notices; or (f) permit any third party to engage in any of the acts proscribed in clauses (a) through (e).
5. CONFIDENTIALITY.
5.1 Proprietary Information. Each Party understands that the other Party or its representatives has disclosed or may disclose during the course of this Agreement Proprietary Information (as defined below) and each of the Parties desire to protect the confidentiality of its own Proprietary Information. For purposes of this Agreement, “Proprietary Information” means any information disclosed by either Party in the following forms: (a) information originally disclosed in written, graphic, machine-readable or any other tangible medium, to the extent marked with a “confidential,” proprietary” or similar legend, or (b) information disclosed orally, to the extent identified as Proprietary Information at the time of such original disclosure. For purposes hereof, any and all Account Information shall be deemed Proprietary Information of Client whether or not marked as such, or identified as such, prior to disclosure. Proprietary Information shall not include any information that the receiving Party can demonstrate by its written records (i) is or becomes generally available to the public without breach of this Agreement; (ii) was in its possession or known by it prior to receipt from the disclosing Party at a time when the receiving Party was under no obligation to the disclosing Party to keep such information confidential; (iii) was rightfully disclosed to it by a third party; or (iv) was independently developed without use of any Proprietary Information of the disclosing Party. The Party claiming that any of the foregoing exceptions applies shall have the burden of proving such applicability. Any issue that the receiving Party may have as to the confidentiality expectations of the disclosing Party regarding particular information shall be submitted to the disclosing Party for determination.
5.2 Non-Disclosure. Each Party shall refrain from copying the other Party’s Proprietary Information, in whole or in part, except as required in furtherance of the uses permitted by this Agreement and subject to the accurate reproduction of all proprietary legends and notices located in the originals, and shall limit dissemination of the other Party’s Proprietary Information to employees and agents of the receiving Party, or of the receiving Party’s affiliates, who have a need to know such Proprietary Information in furtherance of the uses permitted by this Agreement. Except for the specific rights granted by this Agreement, neither Party shall use or disclose any Proprietary Information of the other Party without its written consent. The receiving Party shall treat the Proprietary Information of the other Party with the same degree of confidentiality with which it treats its own Proprietary Information, and, in any event, the receiving Party shall use a commercially reasonable degree of care to protect the Proprietary Information of the other Party. Each Party shall bear the responsibility for any breach of confidentiality by its employees, agents, auditors and contractors. The terms and conditions of this Agreement shall be kept confidential, except for (a) disclosure as may be required by law, regulation, court or government agency of competent jurisdiction (redacted to the greatest extent possible); or (b) disclosure to each Party’s respective officers, directors, employees and attorneys, in their capacity as such; provided that, such parties shall be subject to this

3


 

Section 5.2. Notwithstanding the foregoing, each Party may disclose the general nature, but not any specific terms, of this Agreement without the prior consent of the other Party.
5.3 Required Disclosure. Nothing herein shall prevent a receiving Party from disclosing all or part of the other’s Proprietary Information as necessary pursuant to the lawful requirement of a governmental agency or when disclosure is required by operation of law; provided that, prior to any such disclosure, the receiving Party uses reasonable efforts to (a) promptly notify the disclosing Party in writing of such requirement to disclose, to the extent not otherwise prohibited by law; (b) cooperate fully with the disclosing Party in protecting against any such disclosure or obtaining a protective order; (c) only disclose that portion of Proprietary Information which it is advised in writing by counsel it is required to disclose; and (d) obtain safeguards that confidential treatment reasonably acceptable to the disclosing Party will be accorded to such Proprietary Information. Any such required disclosure shall not, in and of itself, change the status of the disclosed information as Proprietary Information under the terms of this Section 5.
5.4 Return of Proprietary Information; Ownership. All Proprietary Information shall remain the exclusive property of the disclosing Party and a valuable trade secret of such Party and the original and all copies thereof, on whatever physical, electronic or other media such Proprietary Information may be stored, shall be returned upon the earlier to occur of: (a) the expiration or earlier termination of this Agreement, or (b) within ten (10) business days of the disclosing Party’s request. Nothing in this Agreement shall be construed as granting any license or other rights under any patents or copyrights of either Party, or any rights in or to Proprietary Information of either Party, except for the limited rights to use and disclose such Proprietary Information expressly granted to the other Party in this Agreement.
5.5 Relief. The Parties each acknowledge that the rights being protected by this Section 5 are of a special, unique, unusual and extraordinary character, which gives them a particular value, and that money damages will not be an adequate remedy if Section 5 is breached and, therefore, the disclosing Party shall, in addition to any other legal or equitable remedies, be entitled to seek an injunction or similar equitable relief against such breach or threatened breach without the necessity of posting any bond.
6. SYNACOR FEES, PAYMENT TERMS AND TAXES.
6.1 Fees. Synacor’s fees for the Services are set forth in the Pricing Schedule attached hereto as Schedule A and made a part hereof.
6.2 Payment Terms. Except as otherwise provided in this Agreement or any amendment, addendum, attachment, exhibit, rider or schedule attached hereto as the same may be amended from time to time pursuant to their terms, all payments shall be due [*] after receipt of an applicable invoice. All payments shall be made in full in United States Dollars, at Synacor’s usual business address or to an account designated by Synacor. Other than amounts disputed in good faith by Client, any amount not paid when due shall bear a late payment charge, until paid, at the rate of [*] or, if less, the maximum amount permitted by law. Synacor, in its sole discretion, may terminate this Agreement or cease providing services if Client fails to pay any invoice [*] after the Client receives written notice from Synacor that it has failed to pay an invoice and such invoice, or any part thereof, is not in dispute. Client must notify Synacor of any disputed invoice amounts [*] of receipt of such invoice and provide a full explanation for any disputed amounts.
6.3 Taxes. Client shall be responsible for and shall pay any and all sales, use, personal property or other taxes imposed on the delivery, licensing or use of the Client Branded Portal (as defined in Schedule A) or the provision of the Services. Synacor shall pay all other taxes arising under this Agreement, including without limitation, taxes based upon Synacor’s net income or ad valorem, personal, or real property taxes imposed on Synacor’s property.
7. TERM AND TERMINATION.
7.1 Term. This Agreement shall commence as of the date hereof and, unless earlier terminated pursuant to the terms hereof, shall continue thereafter in full force and effect for a period of [*] from the Effective Date (the “Initial Term”) and, except as provided in the immediately following sentence, will automatically renew thereafter for up to [*] each (each a “Renewal Term”) (the Initial Term and all
 
*CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

4


 

Renewal Terms being referred to as the “Term”). Either Party may prevent the automatic renewal of this Agreement by providing written notice to the other Party of such non-renewal not less than [*] prior to the expiration of the Initial Term or the then-current Renewal Term.
7.2 Termination for Cause. In addition to any of its other remedies, either Party may terminate this Agreement: (a) in the event that the other Party materially breaches any provision of the Agreement and the breaching Party fails to cure such breach within thirty (30) days after receiving written notice of such breach from the non-breaching party; or (b) effective immediately upon written notice, in the event any assignment is made by the other Party for the benefit of creditors, or if a receiver, trustee in bankruptcy or similar officer shall be appointed to take charge of any or all of such other Party’s property, or if a voluntary or involuntary petition under federal bankruptcy laws or similar state statutes is filed against the other Party, or if it dissolves or fails to operate in the ordinary course. Synacor acknowledges that Client is a debtor and debtor in possession pursuant to Chapter 11 of Title 11 of the United States Code (the “Bankruptcy Code”), in the case entitled In Re Adelphia Communications Corporation, et al., Case No. 02-41729 (REG) (the “Bankruptcy Case”), pending in the United States Bankruptcy Court for the Southern District of New York (the “Bankruptcy Court”). Notwithstanding anything in this Agreement to the contrary, the Bankruptcy Case shall not be cause for termination under this Section 7.2 or any other provision of this Agreement.
7.3 Effects of Termination. Upon any expiration or earlier termination of this Agreement, all rights and obligations of the Parties shall cease, except that: (a) all obligations that accrued prior to the effective date of termination (including, without limitation, all payment obligations) shall survive termination; (b) each Party shall destroy (upon the written request of the other Party) or return to the other Party all of the other’s Proprietary Information in its possession or under its control pursuant to Section 5.4; and (c) Synacor shall, after providing Client with an electronic copy of such information and data in a mutually agreeable format, delete archived Account Information and other transaction data. The provisions of Sections 4.2 and 4.3 (Proprietary Rights), 5 (Confidentiality), 6 (Synacor Fees, Payment Terms and Taxes), 8 (Representations and Warranties; Indemnities), 9 (Limitations of Liability and Disclaimers), 12 (General Provisions) and this Section 7 shall survive any termination of this Agreement.
[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

5


 

8. REPRESENTATIONS AND WARRANTIES; INDEMNITIES.
8.1 Synacor Representations and Warranties. Synacor represents, covenants and warrants to Client that (a) Synacor is duly organized and validly existing under the laws of its state of incorporation and has full power and authority to enter into this Agreement and to carry out the provisions hereof; (b) the execution, delivery and performance of this Agreement by Synacor does not conflict with any agreement, instrument or contract, to which Synacor is bound; (c) Synacor shall perform the Services [*]; (d) Synacor owns all right, title and interest in and to the Software, the Synacor Sourced Services and the System, each element thereof, and all intellectual property rights embodied therein or licensed to Client pursuant to this Agreement; or, in the case of any third party content, software, technology or information included therein, Synacor possesses, or has otherwise obtained all rights and valid licenses necessary to grant to Client all rights and licenses set forth in this Agreement; (e) Synacor has all necessary rights in the Software and the Services and all rights of publicity with respect to any artists, artwork, text material, images, sound or video, if any, associated with the Services; (f) the Software, the Synacor Sourced Services, the System, the Services and the Client Branded Portal, in whole or in part, do not and shall not infringe or interfere with any right of publicity, patent, trademark, copyright, trade name or other intellectual property rights or misappropriate any trade secret of any third party; (g) Synacor shall [*] protect its network in accordance with [*] to insure that Synacor’s network and the Services are secure from unauthorized access and are free from any viruses, worms, or other code that will damage, interrupt or interfere with any software, content, data or hardware; and (h) the Services and the Software (excluding any tools, applets or other software included in or comprising any Synacor Sourced Services and any tools developed by Synacor which have expressly been discussed with Client and which Client has agreed shall be made available to Users) shall not cause any disruption, interruption or failure to any of Users’ end user equipment or Users’ ability to access the Internet. Synacor further represents and warrants that, to its knowledge, the Synacor Sourced Services and the Services are not defamatory, obscene, or otherwise unlawful in any jurisdiction, Synacor further represents and warrants to Client that during the Term, the Services shall be provided in accordance with applicable United States federal law and the laws of such other jurisdictions as may be applicable thereto by qualified personnel. Synacor shall use commercially reasonable efforts, consistent with applicable industry standards and practices, to provide the Services in a manner designed to minimize errors and interruptions. Nonetheless, Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency repairs, by Synacor or by third-party providers, or because of other causes beyond Synacor’s reasonable control, subject at all times to the provisions of Paragraph 8 of Schedule A and to Schedule B.
8.2 Client Representations and Warranties. Client represents, covenants and warrants to Synacor that (a) Client is duly organized and validly existing under the laws of its state of incorporation and has full power and authority to enter into this Agreement and to carry out the provisions hereof; (b) the execution, delivery and performance of this Agreement by Client does not conflict with any agreement, instrument or contract, to which Client is bound; (c) Client owns all right, title and interest in and to the Client Materials, including, but not limited to, the Client Sourced Services, each element thereof, and all intellectual property rights embodied therein or licensed to Synacor pursuant to this Agreement; or, in the case of any third party content, software, technology or information included therein, Client possesses, or has otherwise obtained all rights and valid license necessary to grant to Synacor all rights and licenses set forth in this Agreement; and (d) to Client’s knowledge the Client Materials are not defamatory, obscene, or otherwise unlawful and do not infringe or interfere with any intellectual property, contract, right of publicity, or any other proprietary right of any individual or entity. Client shall be fully responsible for, and shall reimburse Synacor for any and all liabilities arising out of, any warranty concerning the Services made by Client to any User, prospect or other third party, except as expressly authorized in advance in writing by Synacor.
8.3 Synacor Indemnifications. Synacor shall indemnify, defend and hold harmless Client, its permitted assigns and each of Client’s and its permitted assigns respective present and former officers, shareholders, directors, employees, partners and agents from and against any and all liabilities, claims, judgments, costs, damages, suits, actions, proceedings, and expenses, including without limitation, reasonable attorneys’ fees, and/or other losses (collectively “Claims”) suffered or incurred by Client, arising out of or resulting in any manner from: (i) Synacor’s breach of any of its obligations under this Agreement, or its representations and warranties set forth herein; (ii) the failure of any of the representations or warranties made by Synacor herein to be true; (iii) any third party claims relating to the matters covered by the foregoing breaches or failures; (iv) any injuries to persons or damage to property caused by the negligent, willful or intentional acts or omissions of Synacor, its agents or employees; and (v) any third party claims relating to the Services.
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

6


 

8.4 Client Indemnifications. Client shall indemnify, defend and hold harmless Synacor and its present and former officers, shareholders, directors, employees, partners and agents from any and all Claims suffered or incurred by Synacor, arising out of or resulting in any manner from: (i) Client’s breach of any of its obligations under this Agreement, or its representations and warranties set forth herein; (ii) the failure of any of the representations or warranties made by Client herein to be true; (iii) any third party claims relating to the matters covered by the foregoing breaches or failures; and/or (iv) any third party claims relating to Client Materials.
8.5 Claims. In case any Claim is brought by a third party for which indemnification is or may be made pursuant to this Agreement, the indemnified Party shall provide prompt written notice thereof to the other Party; provided, however, that the failure of the indemnified Party to comply with the foregoing notification provision shall not relieve the indemnifying Party of its indemnification obligations hereunder, except to the extent the indemnifying Party is actually and materially prejudiced thereby. Where obligated to indemnify such Claim, the indemnifying Party shall, upon the demand and at the option of the indemnified Party, assume the defense thereof (at the expense of the indemnifying Party) within [*] to the time a response is due in such case, claim or proceeding, whichever occurs first. The Parties shall cooperate reasonably with each other in the defense of any Claim, including making available (under seal if desired, and if allowed) all records reasonably necessary to the defense of such Claim, and the indemnified Party shall have the right to join and participate actively in the indemnifying Party’s defense of the Claim. Each Party shall be entitled to prior notice of any settlement of any Claim to be entered into by the other Party and to reasonable approval of a settlement to the extent such Party’s rights would be directly and materially impaired. Without limiting the foregoing, in the event of any Claim or threatened Claim of infringement involving a portion of any portion of the Software and/or Services provided by Synacor: (i) upon Client’s request and at Synacor’s expense, Synacor will use its best efforts to procure the right or license, on commercially reasonable license terms, for Client to continue to use and otherwise exploit in accordance with the terms hereof such portion of the Software and/or Services at no additional cost or expense to Client other than the fees set forth herein; or (ii) at Synacor’s sole discretion, but upon as much prior written notice to Client as is reasonably practicable, Synacor may modify or alter (to the extent that Synacor has rights to so modify or alter), or delete any such portion of the Software and/or Services, as the case may be, so as to make such portion non- infringing while maintaining substantially comparable functionalities and capabilities of such parts of the Software and/or Services that are material to Client’s then-current or demonstrably anticipated use hereunder. If options (i) and (ii) are not achievable as to any such infringing portion of the Software and/or Services: (1) Client may terminate the rights and licenses granted hereunder, in its sole discretion, as to such infringing portion; provided that, if the termination of such infringing portion materially impairs the core functionality and/or capabilities of the Software, then such infringement shall be deemed a material breach under this Agreement, and Client may thereafter pursue all of its rights and remedies available under this Agreement and at law or in equity in addition to terminating as to such infringing portion pursuant to this clause (1), or (2) to the extent Synacor used commercially reasonable efforts to obtain a license or modify the Software and/or Services as set forth in subsections (i) or (ii), and Synacor is reasonably exposed to liability from Client’s continued use of such portion of the of the Software and/or Services, Synacor may, in its discretion, terminate the rights and licenses granted hereunder with respect to such portion; [*].
8.6 Insurance. Synacor shall obtain, before the commencement of the Services herein described, and, during the term of this Agreement, maintain in full force and effect, the insurance coverage described in this Section with an insurance carrier or carriers approved by Client, which approval shall not be unreasonably withheld. Synacor shall include Client as an additional insured party in Synacor’s liability insurance policies obtained hereunder. The minimum acceptable limits and types of coverage shall be not less than [*] combined single limit per occurrence for each of the following categories: (a) commercial general liability, covering the risks of bodily injury, property damage and personal injury (including death); and (b) automobile liability (owned and unowned) covering the risks of public liability and property damage. Additionally, Synacor shall, throughout the Term and for a period of not less that twelve (12) months following the expiration or earlier termination of this Agreement, maintain in full
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

7


 

force and effect professional liability (technology errors and omissions) insurance in an amount not less than [*]. Synacor shall obtain, before the commencement of the Services herein, and, during the term of this Agreement, maintain, in full force and effect, worker’s compensation coverage in amounts commensurate with the statutory requirements of the states in which the Services are to be performed. Client will not be responsible for payment of worker’s compensation premiums or for any other claim or benefit for Synacor, or any employees, agents, contractors or subcontractors of Synacor, which might arise under the worker’s compensation laws during the performance of Services under this Agreement. Synacor shall require any and all of its contractors and subcontractors to take out and maintain similar policies of insurance as described in this Section 8.6 or be properly certified under applicable state law as self-insured. A certificate of such insurance policy carried shall be furnished to Client upon request. Synacor shall, prior to the commencement of work under this Agreement, provide to Client a certificate of insurance evidencing such coverage as mentioned above, which shall also provide that Client will be notified in writing at least thirty (30) days prior to renewal, cancellation of, or any change in, coverage during the term of this Agreement.
9. LIMITATIONS OF LIABILITY AND DISCLAIMERS.
ANYTHING HEREIN TO THE CONTRARY NOTWITHSTANDING, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY, ITS AGENTS, AFFILIATES, CLIENTS, OR ANY OTHER PERSONS, FOR ANY LOST PROFITS OR INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, CONSEQUENTIAL OR SIMILAR DAMAGES, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES. HOWEVER, WITH RESPECT TO LOST REVENUES OR LOST PROFITS, THE FOREGOING DISCLAIMER SHALL NOT PRECLUDE EITHER PARTY FROM SEEKING OR OBTAINING LOST REVENUES OR LOST PROFITS TO THE EXTENT THAT SUCH ARE EXPRESSLY PROVIDED FOR BY STATUTE OR OTHERWISE ALLOWED BY LAW AS THE MEASURE OF DIRECT DAMAGES (INCLUDING TREBLE DAMAGES RESULTING FROM WILLFUL INFRINGEMENT) WITH RESPECT SOLELY TO (A) ANY BREACH BY EITHER PARTY OF ITS OBLIGATIONS OF CONFIDENTIALITY UNDER SECTION 5 (CONFIDENTIALITY), OR (B) LIABILITIES ARISING IN CONNECTION WITH A PARTY’S INDEMNIFICATION OBLIGATIONS UNDER SECTION 8 (BUT WITH RESPECT TO THIRD PARTY DAMAGES ONLY). EXCEPT WITH RESPECT TO ITS INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8.3 HEREIN AND ITS CONFIDENTIALITY OBLIGATIONS SET FORTH IN SECTION 5 HEREIN TO WHICH NO LIMITATION SHALL APPLY, IN NO EVENT WILL SYNACOR’S LIABILITY FOR ANY AND ALL CLAIMS, IN THE AGGREGATE, ARISING OUT OF, RELATING TO OR IN CONNECTION WITH THIS AGREEMENT OR THE PERFORMANCE OF ITS OBLIGATIONS HEREUNDER EXCEED THE GREATER OF: (1) THE AMOUNT SYNACOR HAS RECEIVED FROM CLIENT IN THE AGGREGATE UNDER THIS AGREEMENT DURING THE TERM HEREOF, OR, (2) [*].
EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT TO THE CONTRARY, SERVICES ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. SYNACOR DOES NOT WARRANT THAT THE SERVICES WILL MEET THE REQUIREMENTS OF CLIENT OR THOSE OF ANY THIRD PARTY AND, IN PARTICULAR, SYNACOR DOES NOT WARRANT THAT THE SYSTEM WILL BE ERROR FREE OR WILL OPERATE WITHOUT INTERRUPTION.
EXCEPT AS EXPRESSLY SET FORTH IN SECTION 8.1 ABOVE, SYNACOR MAKES NO WARRANTY WITH RESPECT TO ANY SERVICES AND EXPRESSLY DISCLAIMS ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SYNACOR DOES NOT WARRANT OR MAKE ANY REPRESENTATION REGARDING THE ACCURACY, ADEQUACY OR COMPLETENESS OF THE CONTENTS OF ANY CONTENT OR THE RESULTS TO BE OBTAINED FROM THEIR USE. EXCEPT WITH RESPECT TO ITS INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8.3 HEREIN, SYNACOR SHALL NOT BE LIABLE TO THIRD PARTIES FOR ANY LOST PROFITS OR INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, CONSEQUENTIAL OR SIMILAR DAMAGES, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES.
EXCEPT AS EXPRESSLY SET FORTH IN SECTION 8.2 ABOVE, CLIENT MAKES NO WARRANTY WITH RESPECT TO ANY CLIENT SOURCED SERVICE AND EXPRESSLY DISCLAIMS ANY WARRANTY,
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

8


 

EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT WITH RESPECT TO ITS INDEMNIFICATION OBLIGATIONS SET FORTH IN SECTION 8.4 HEREIN, CLIENT SHALL NOT BE LIABLE TO THIRD PARTIES FOR ANY LOST PROFITS OR INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, CONSEQUENTIAL OR SIMILAR DAMAGES, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES.
10. PUBLIC RELATIONS. Except as it relates to Client’s marketing of portal and related matters to Users and as otherwise permitted by the last sentence of Section 5.2 herein, neither Party will issue any press release, nor otherwise disclose any information concerning this Agreement without the prior written consent of the other. The Parties agree that a joint press release regarding the establishment of their relationship is appropriate and that each will dedicate appropriate resources to such effort.
11. RECORDS AND AUDIT.
(a) Throughout the Term and for a period of one (1) year after the expiration or earlier termination of this Agreement, each of the Parties shall maintain books and records regarding the Services, and other matters relating to this Agreement, including, without limitation, server logs, and customer usage logs, in accordance with generally accepted accounting principles. Each Party shall have the right to audit such books and records of the other party solely and directly relating to this Agreement and all amendments, addendums, attachments, schedules, riders and/or exhibits attached hereto exhibits, upon reasonable notice and at its expense, not more frequently than once per consecutive twelve (12)-month period during the Term and for a period of one (1) year thereafter and to take extracts from and/or make copies of such records. Each party shall maintain at its principal place of business during the Term and for a period of one (1) year thereafter all books, records, accounts, and technical materials regarding its activities in connection herewith sufficient to determine and confirm all amounts payable to the other Party and all compliance with all other material obligations hereunder. Upon a Party’s written request (to be provided at least ten (10) business days prior to the date of the audit), the other Party will permit one (1) or more representatives of an auditor or agent of the requesting Party’s choice to examine and audit, during normal business hours, such books, records, accounts, documentation and materials solely and directly relating to this Agreement and/or the provision of the Services hereunder, and take extracts therefrom or make copies thereof for the purpose of verifying the correctness of payments made pursuant hereto and/or compliance with the other material obligations hereunder; provided that, the auditing Party shall first obtain a written agreement from any such auditor or agent that such auditor or agent shall be bound by the confidentiality obligations set forth in Section 5 herein and the auditing Party shall in all events be responsible to the audited Party for any action or inaction of such auditor or agent that would violate Section 5 of this Agreement. Unless otherwise agreed by the Parties in writing, such examination shall be in accordance with generally accepted accounting principles. The audited Party shall pay any unpaid, non-disputed delinquent amounts within thirty (30) days of the other Party’s request. To the extent such examination discloses an underpayment of the greater of (i) 5% of the aggregate amount paid or payable to the other Party during the period which is the subject of the audit, or (ii) $15,000, the audited Party shall fully reimburse the other Party, promptly upon demand, for the reasonable fees and disbursements due the auditor for such audit; provided that, such prompt payment shall not be in lieu of any other remedies or rights available to such other Party hereunder. In all other events, all fees and expenses of the auditing Party’s auditor or agent under this Section shall be paid by the auditing Party. If an audit reveals an overpayment, the auditing Party shall promptly notify the other and shall pay the amount of any such overpayment to the other Party within thirty (30) days thereafter.
(b) If any report of an audit under the provisions of subsection (a) of this Section discloses to the auditing Party any underpayments or overpayments, a copy of such audit report shall be promptly delivered to the audited Party. Unless the amount of any underpayment or overpayment shown on such report is disputed by the audited Party in writing (a “Notice of Dispute”) within twenty (20) days after receipt of the audit report, the audit report shall be deemed accepted and all amounts due thereunder shall be paid according to the applicable provisions of subsection (a) of this Section. In the event that Client and Synacor have not resolved all disputed items to their mutual satisfaction within thirty (30) days after a Notice of Dispute has been received by the auditing Party, the Parties shall promptly submit such audit report and all supporting work papers to an independent accounting firm (i.e., an accounting firm that does not, and has not, provided any services to either Party or to any of the Parties’ subsidiaries or affiliated entities) of national stature in the United States selected by mutual agreement of Client and Synacor for binding review of any disputed items. All costs and expenses of such review shall be apportioned between the

9


 

Parties on the basis of each Party bearing the expense of that portion of the review which shall be related to disputed items that are resolved against such Party. If Client and Synacor are unable to agree upon the selection of an independent accounting firm of national stature in the United States to perform the binding review of any disputed items, the determination and selection of the independent accounting firm of national stature shall be settled by arbitration in Buffalo, New York in accordance with the rules and regulations of the American Arbitration Association.
12. GENERAL PROVISIONS. This Agreement is not transferable by either Party without the other’s prior written consent (which shall not be unreasonably conditioned, delayed or withheld), except that either Party may (without consent) assign its rights and obligations hereunder to any entity that is controlled by, controls, or is under common control with the assigning Party or to any successor entity to all or substantially all of its business (by sale or other transfer of equity or assets, merger, consolidation, reorganization or otherwise). Without limiting the foregoing, Client shall also have the right to assign this Agreement, without consent of Synacor, pursuant to (a) the terms of a plan of reorganization in connection with the Bankruptcy Case; or (b) a sale of assets of Client, which includes this Agreement, pursuant to either Section 363 of the Bankruptcy Code or approval of such sale by the Bankruptcy Court (collectively, the “Bankruptcy Assignment Rights”). Except in connection with the exercise of the Bankruptcy Assignment Rights, Client may not, without the prior written consent of Synacor, assign this Agreement to any third party with whom Synacor has, as of the date of the proposed assignment, a valid, written agreement with respect to the provision of services that are, in all material respects, identical to the Services being provided in the aggregate hereunder. This Agreement will be binding upon, and inure to the benefit of, the successors, representatives and permitted assigns of the Parties. This Agreement (including any schedules, exhibits, riders, addendums, amendments and attachments) constitutes the entire agreement, and supersedes all prior negotiations, understandings or agreements (oral or written), between the Parties concerning the subject matter of this Agreement. No change, modification or waiver to this Agreement will be effective unless in writing and signed by both parties. In the event of any conflict or inconsistency between the terms and conditions in this Agreement and any schedule, exhibit, rider, attachment or addenda attached hereto, the terms and conditions of the Agreement will prevail. Except as expressly provided herein, any different or additional terms on any related purchase order, confirmation or similar form, even if signed by the Parties after the date hereof, shall have no force or effect on this Agreement. The Parties agree that Synacor and its employees and agents will be serving Client as independent contractors for all purposes and not as employees or partners of, or joint venturers with, Client, No agency, partnership, joint venture, or employment is created as a result of this Agreement and neither Party has any authority of any kind to bind the other in any respect. Neither Synacor nor Client shall be or become liable or bound by any representation, act or omission whatsoever of the other. This Agreement is intended for the sole and exclusive benefit of the Parties hereto and their permitted assigns. Except as expressly provided in Section 8(g) of the Addendum, neither Party intends to benefit any other person or entity, including, without limitation, a “third party beneficiary,” as that term may be defined by applicable statutory or case law, and no other person or entity who is not a party (including, without limitation, an obligor, borrower, or guarantor) shall have any right to rely upon this Agreement for any purpose whatsoever. The failure of either Party to enforce its rights under this Agreement at any time for any period shall not be construed as a waiver of such rights. In the event that any provision of this Agreement shall be determined to be illegal or unenforceable, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement shall otherwise remain in full force and effect and enforceable. All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after being sent, if sent for next day delivery by recognized overnight delivery service; or upon receipt, if sent by certified or registered mail, return receipt requested. This Agreement shall be governed by and construed in accordance with the laws of the State of New York, USA without regard to the conflicts of laws provisions thereof. In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover its reasonable costs and attorney’s fees. Headings are for convenience of reference only and shall in no way affect interpretation of the Agreement. This Agreement may be executed in one or more counterparts, each of which (once executed) shall be deemed an original, but all of which taken together shall constitute one and the same instrument. Neither Party shall have any rights against the other Party hereto for the non-operation of facilities or the non-furnishing of services or fulfillment of obligations if such non-operation, non-furnishing or non-fulfillment is due to an act of God or other cause beyond such Party’s reasonable control. All remedies, whether at law, in equity or pursuant to this Agreement shall be cumulative.
[SIGNATURE BLOCKS FOLLOW ON NEXT PAGE]

10


 

                             
SYNACOR, INC.       ACC OPERATIONS, INC. (CLIENT)
 
                           
By:
  /s/ George Chamoun
 
      By:   /s/ Marwan Fawaz
 
           
 
  Name: George Chamoun           Name: Marwan Fawaz            
 
  Title: SVP           Title: CTO/SVP            
Date:
  7/21/2004       Date:   July 13th, 2004            

11


 

SCHEDULE A
TO
SYNACOR MASTER SERVICES AGREEMENT
PRODUCT & PRICING SCHEDULE
     This Schedule A forms a part of, and is governed by, the Synacor Master Services Agreement dated July 21 2004, by and between Synacor, Inc. and ACC Operations, Inc., including any schedules, attachments, exhibits, addenda, amendments or riders attached thereto (collectively, the “Agreement.”) Any capitalized terms used in this Schedule A and not defined herein shall have the meanings ascribed to such terms in the Agreement.
The product deliverables and fees payable by Client to Synacor pursuant to the Agreement are set forth below.
1. Portal Features and Functionality (including Portelus Technology).
     (a) Portal deliverables consist of the following product elements:
  (i)   development of a Client Branded Portal with elements of Synacor’s standard portal template branded with Client presentation layer (look and feel, logos, trademarks, etc.) formatted as provided in Section 1(b) below and as further defined in the Synacor Specifications);
 
  (ii)   Content Publishing and Administration Components, as defined in the Synacor Specifications;
 
  (iii)   personalization elements of Client Branded Portal for establishment of User preferences on display;
 
  (iv)   Application Portal Interfaces (“API’s”) for unified registration, login and update associated with mutually agreed portal components, as further described in the Synacor Specifications. Client will work in good faith to conform to Synacor’s current API structure. Synacor will work in good faith to perform, at no additional cost to Client, any reasonable and limited enhancements or modifications to the standard Synacor API structure as necessary in order to assist the Client to fit its operational support system;
 
  (v)   hosting of portal framework and content within Synacor’s data center or Client’s internet protocol (“IP”) network, according to Paragraph 8 of Schedule A and Schedule B. Initial service will begin with hosting in Synacor’s data center, with the ability, upon Client’s request, [*]. To the extent that Synacor, in its reasonable discretion, determines that any Client Sourced Service requires an inordinate amount of capacity to “nest” and host within Synacor’s data center, Synacor may request that Client host such content within Client’s data center;
 
  (vi)   internetwork peering connection (“Peering”) between Synacor and Client for the purpose of transmitting data from Synacor’s network to Client’s network, pursuant to the terms and conditions of a Peering Agreement to be mutually agreed upon by the Parties as promptly as practicable following execution of the Agreement. Client shall be responsible for providing and maintaining the equipment necessary to maintain the Peering connection to Client’s IP network, including, without limitation, router ports, cross-connects, and fiber and/or circuit
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

A-1


 

      connections. Synacor shall be responsible for providing and maintaining the equipment necessary to maintain the Peering connection to Synacor’s data center, including, without limitation, routers, cross-connects and necessary hardware; and
 
  (vii)   assistance from Synacor in obtaining Peering connections to Synacor Provider Content which Client accesses utilizing the Service.
     (b) The Portal deliverable shall be Synacor’s standard portal product, together with User Authentication (as defined in the Synacor Specifications) (the “Portal Deliverable”), customized with Client’s color scheme, logo, design elements and other ‘look and feel” elements as determined by Client (the “Appearance Requirements,” as more fully described in the Synacor Specifications), which shall be delivered within ninety (90) days after the Effective Date, unless the Parties otherwise mutually agree. The Client Branded Portal will provide the functionality described in the Synacor Specifications. If Client desires additional appearance or functionality for the Client Branded Portal, the Parties will, upon Client’s request, negotiate in good faith for at least thirty (30) days with respect to additional deliverables and the cost to Client for such additional deliverables. Client will use good faith efforts to launch the Client Branded Portal to Users within sixty (60) days after acceptance of the Client Branded Portal as provided in Paragraph 7 of this Schedule A.
     (c) The fees associated with delivery of Client Branded Portal and Portelus Technology are listed below:
          (i) [*]
          (ii)[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

A-2


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

A-3


 

[*]
2. Portal Content:
     (a) The below-listed initial Content (the “Initial Information Services”) will be integrated into the Client Branded Portal [*]:
          (i) Switchboard: Including Yellow, White Pages, Maps, Restaurant Search;
          (ii) [*] Search;
          (iii) Horoscopes;
          (iv) Auto Channel — currently provided by [*];
          (v) Career Channel — currently provided by [*]; and
          (vi) Travel Channel — currently provided by [*].
     (b) The following Portal content may be integrated into the Client Branded Portal, for the costs listed below, which will be pass-through costs from third party content providers to Client, with no mark-up by Synacor:
          (i) [*] News service (stories, pictures, videos, etc.) as set forth below (“[*] News Service”) is included in the portal so that when a User clicks on a news story or video the User will remain within the portal. The [*] News Service includes:
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

A-4


 

    National News
 
    World News
 
    Sports News
 
    Entertainment News
 
    Health News
 
    Business and Finance News
 
      [*]
          (ii) Local movie listings by Zip Code
     [*]
3. Synacor Sourced Services Fees. For purposes of creating a fee structure, relevant Synacor Sourced Services may be bundled into products as described below (the “Synacor Products”) at the request of Client, and subject to Client’s prior written approval. In the event Client elects any such Synacor Product, each month, Synacor shall bill Client for an amount determined [*]. For purposes hereof, a “Subscription Account” is defined as an account that allows a User access to a given Synacor Product utilizing Unified Login.
     Synacor Products may be made available from time to time to Client for distribution to Users as described in separate Content Attachments (as defined in Paragraph 9 of the Addendum) and for the monthly fees described in such Content Attachments.
      [*]
     The first annual billing cycle shall end on the first anniversary of the Effective Date.
4. High Capacity Bandwidth and Hardware Fees. Synacor would prefer for the Client to host products such as video streaming, which are considered high capacity Internet bandwidth (“High Capacity”) services. Client agrees to reasonably pay, on a monthly basis, the fees or other charges incurred by Synacor (at Synacor’s cost), for the additional internet connectivity bandwidth and/or hardware required to host High Capacity services hosted directly on Synacor’s network, at Client’s choosing.
5. Content Integration Fees. Client will pay to Synacor an integration fee in connection with any new third party premium content or services (each a “Client Sourced Service”), that is not a Synacor Sourced Service and which Client requests Synacor to integrate into the Client Branded Portal and that requires utilization of Unified Login. Provided that such integration requires [*] of software development time, such fee will be [*]. Subsequent to such integration, such Client Sourced Service shall, so long as Client continues to make such Client Sourced Service available to Users by way of the Client Branded Portal, be managed by Synacor, [*], pursuant to the terms of the Agreement as if it were a Synacor Sourced Service, including, without limitation, Unified Login Registration and Revision Management (each as defined in the Synacor Specifications). If such integration is reasonably anticipated by Synacor to require [*] of software development time, Synacor will prepare a detailed statement of work for such integration, including the fee payable to Synacor, which shall be approved by Client prior to the commencement of work. [*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

A-5


 

[*]
6. Professional Services. The following services are considered professional services:
     (i) Integration beyond Synacor’s APIs;
     (ii) Portal customization beyond the look, feel, element placement and similar options embedded in the Synacor Portal template (as defined in the Synacor Specifications) as of the date of the Agreement;
     (iii) Onsite Training and Travel; and
     (iv) Other programming or customizations not specified in the Synacor Specifications.
     Such Professional Services shall be billed at the rate of [*].
7. Acceptance Process. Client may test and approve the Client Branded Portal prior to launching it to Users. Commencing upon the delivery to Client of the Client Branded Portal as set forth in the Synacor Specifications and continuing up to [*] days thereafter (the “Test Period”), Client shall have the right and will use its best efforts to test that the Client Branded Portal substantially meets both the Appearance Requirements and the Synacor Specifications. Within five (5) business days after the expiration of the Test Period, Client will provide Synacor with (a) written acceptance of the Client Branded Portal, or (b) written rejection, including a reasonably detailed explanation therefor (a “First Rejection Notice”), if the Client determines in good faith that the Client Branded Portal does not substantially meet the Appearance Requirements and/or the Synacor Specifications. In the event the Client does not deliver a First Rejection Notice as provided herein, the Client Branded Portal shall be conclusively deemed to have been accepted by the Client. In the event that Client provides a First Rejection Notice, then Synacor will use its best efforts to correct the identified failures as soon as commercially reasonable and, in no event, later than [*] days after receipt of such First Rejection Notice Synacor shall resubmit the Client Branded Portal to Client for further testing for a period of not more than [*] days (the “Second Test Period”) by Client with respect to the specific failed criteria. Within [*] days after the expiration of the Second Test Period, Client will provide Synacor with either (i) written acceptance of the Client Branded Portal, or (ii) written rejection if Client determines in good faith that the failed criteria identified in the First Rejection Notice have not been corrected, including a reasonably detailed explanation therefor (a “Second Rejection Notice”). In the event the Client does not deliver a Second Rejection Notice as provided herein, the Client Branded Portal shall be conclusively deemed to have been accepted by the Client. In the event that Client provides a Second Rejection Notice, Client shall resubmit the Client Branded Portal to Synacor and Synacor will use its best efforts to correct the identified failures as soon as commercially reasonable and, in no event, later than [*] days after receipt of such Second Rejection Notice, Synacor shall resubmit the Client Branded Portal to Client for final testing. Client shall conduct final testing for a period of not more than [*] days (the “Final Test Period”) with respect to the specified failed criteria. Within [*] days after the expiration of the Final Test Period, Client will provide Synacor with (A) written acceptance of the Client Branded Portal, or (B) written rejection if Client determines in good faith that the failed criteria identified in the First Rejection Notice or Second Rejection Notice have still not been corrected (a “Final Rejection Notice”). In the event the Client does not deliver a Final Rejection Notice as provided herein, the Client Branded Portal shall be conclusively deemed to have been accepted by the Client. If Client provides a Final Rejection Notice and Client has not otherwise agreed to pursue further development and/or testing of the Client Branded Portal, the Final Termination Notice shall constitute a notice of termination of the Agreement without further liability of either Party to the other, provided, however, that Synacor shall return [*] to Client within [*] after receipt of the Final Rejection Notice.
8. Technical Support. Synacor will provide Client Tier 2 e-mail and telephone support to Client’s escalation specialists. These specialists will be trained by Synacor to offer support to Client’s First-Level Support staff. Synacor shall make its support center standard hours available 24 hours per day, 365 days per year throughout the Term.
     (a) Escalation and Tracking Process. Synacor will provide an effective process to track escalations from Client Technical Support. Synacor Customer Service will process two (2) types of escalation methods from Client:
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

A-6


 

  (i)   E-mail: Client personel will e-mail Synacor Support: [email protected]
  a.   Synacor’s e-mail system will send Client support questions to Synacor’s Tier 2 customer support agent(s).
 
  b.   A Synacor customer agent will respond with the answer to the question or a Ticket Tracking number assigned to an escalation (as set forth below).
 
  c.   The Synacor customer agent will then notify the Client escalation group with the appropriate timeline for the escalation to be resolved.
  (ii)   Phone: In the event that a support issue so requires (e.g., Priority 1, Portal Unavailability, or Synacor/Client Unavailability), or is otherwise better addressed by a telephone call rather than e-mail, Client may by-pass Escalation Level 1 (as defined below) support and apply Escalation Level 2 support and initiate a call directly to a Synacor support specialist. Such calls will be placed solely from a Client escalation group person who is responsible for initiating Level 2 support requests. Following each such call, a Client escalation Level 2 support person will send an e-mail confirming all the technical details regarding the issue. Synacor will follow the same process of tracking such issues via the e-mail Ticket Tracking system.
 
  (iii)   The Ticket Tracking number allows a Client support agent to easily follow the progress of the case resolution process and maintain the integrity of the e-mail exchange thread.
 
  (iv)   Each incoming e-mail from Client will be queued in a Client-specific queue (partnersupport) until a Synacor support agent assigns it to himself/herself and marks it as “work in progress” until the case is resolved.
     (b) The escalation process starts with the troubleshooting, diagnosis, and resolution as Client’s service team receives alerts, they are prioritized and assigned to a Synacor support technician. The Synacor support technician then attempts to diagnose and fix the problem quickly and efficiently. Should the problem be too severe for simple solution by Client, the problem incident is escalated to the Synacor development team as soon as practical.
  (i)   Escalation Process Example
  a.   Registered End User has a question about Product
 
  b.   User calls the Client Technical Support number or e-mails Client
 
  c.   User reports an issue believed to stem from use of Portal
 
  d.   Client Support agent is unable to provide a resolution and contacts Synacor Customer Service via e-mail or telephone
 
  e.   Client Support agent will send e-mail to Synacor with all the details of the issue following a telephone call
 
  f.   Client Support agent collects the User’s e-mail address and telephone number, notes the nature of the inquiry and submits the relevant information to Synacor Customer Service (using the Escalation Process).
 
  g.   Synacor receives the information from Client, and proceeds with the investigation applying the escalation process
 
  h.   Synacor supplies Client with a solution to the problem and resolves the issue as appropriate
  (ii)   Synacor Escalation Response Times
         
Escalation Levels   Escalation Response Time   Contact Information
Level 1 — Email
Technical Support Agent
  Synacor Technical Support Agents available 24 hours   E-mail: [email protected].

A-7


 

         
Escalation Levels   Escalation Response Time   Contact Information
 
  per day, 7 days per week.    
 
       
Level 2 — Voice
Support Specialist
  If Level 1 issue is not answered within 4 hours from Level 1, Synacor automatic escalation to Level 2.   [*]
 
       
Level 3
Support Management
  If Level 2 issue is not answered within 4 hours from Level 2, Synacor automatic escalation to Level 3.   [*]
 
       
Level 4
Account Manager
  If Level 3 issue not answered within 1 hour from Level 3, automatic Synacor escalation to Level 4.   [*]
 
       
Level 5
Product Management
  If Level 4 issue not answered within 30 minutes from Level 4, Synacor automatic escalation to Level 5.   [*]
 
       
Level 6
VP Engineering
  If Level 5 issue not answered within 30 minutes from Level 5, Synacor automatic escalation to Level 6.   [*]
  a.   Priority 1 or Portal Unavailability Issues:
    All support issues regarding Priority 1 or Portal Unavailability will be immediately escalated to Level 6 upon contact by Client support personnel.
  b.   Service Level
    Customer service — general product information related to Product
 
    Hours of operations: 24 x 7, 365 days per year
 
    Service language: English
 
    Issue reporting methods: electronic mail in English
 
    Technical support — assistance with technical issues related to Product
 
    Service language: English
     (c) Incident Management
Synacor’s Client Support Group will be responsible for the control and management of incident calls and their assignment of priority and escalation to resources within Synacor in their sole and absolute discretion.
The following priority allocations will apply:

Priority 1 — These cases are defined as a Synacor system condition where, with respect to authentication, [*] or more of Users utilizing Unified Login are affected in their ability to access services as a result of an outage or, with respect to access to the Client Branded Portal, [*] or more Users are affected in their ability to access the Client Branded Portal, regardless of the status of Unified Login.
Time Frame — Response to Client within fifteen (15) minutes of identification or receipt of notification.
Follow-up — Provide updates to Client every sixty (60) minutes until the problem is resolved. Client will also receive in writing a complete post-mortem of the outage within two (2) business days, to include, but not be limited to, the number of Users using the Client Branded Portal during the outage, reason for the outage, duration, and resolution.

A-8

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

Priority 2 — These cases are defined as a Synacor system condition where less than [*] of Users are affected in their ability to access services as a result of partial functionality.
Time Frame — Response to Client within sixty (60) minutes of identification or receipt of notification.
Follow-up — Provide updates to Client every sixty (60) minutes until problem is resolved. Client will also receive in writing a complete post-mortem of the outage within two (2) business days, to include, but not be limited to, the number of Users using the Client Branded Portal during the outage, reason for the outage, duration, and resolution.

Priority 3 — These cases are problems other than those meeting the specifications of Priority 1 or Priority 2.
Time Frame — Response to Client within twenty-four (24) hours of identification or receipt of notification.
Follow-up — Provide updates to Client as soon as practical.
  (d)   Customer Info Required for Synacor Support:
  (i)   User ID
 
  (ii)   Domain Name
 
  (iii)   Password (if possible)
 
  (iv)   E-mail Address
  (e)   Escalation Information:
  (i)   Premium Service Vendor
 
  (ii)   Date/Time Incident Occurred
 
  (iii)   PC /Macintosh information
 
  (iv)   Operating System
 
  (v)   Browser type / version
 
  (vi)   Internet Connection Dial / Broadband
 
  (vii)   Detailed Description of Escalation
  (f)   FAQ Documentation. Synacor will build a FAQ (frequently asked questions) prior to the Portal launch and updated as frequently as necessary during the term by Synacor, for the portal that Client can review and modify at Client’s choosing. The FAQ page will contain both Client Branded Portal and Content questions that consumers have asked in the past.
9. Training. Synacor will build a training manual for the Client Branded Portal and Content that Client can modify. Synacor will be responsible for training Client’s customer support trainers on the Client Branded Portal and Content that are sourced through Synacor. Synacor will train for up to six (6) days without charging additional professional services. If travel is required, Client will be responsible for reasonable travel expenses as mutually agreed upon by Synacor and Client prior to Synacor incurring such expenses.

A-9

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

SCHEDULE B
TO
SYNACOR MASTER SERVICES AGREEMENT
SERVICE LEVEL AGREEMENT
     This Schedule B forms a part of, and is governed by, the Synacor Master Services Agreement dated July 21 2004, by and between Synacor, Inc. and ACC Operations, Inc., including any schedules, attachments, exhibits, addenda, amendments or riders attached thereto (collectively, the “Agreement.”) Any capitalized terms used in this Schedule B and not defined herein shall have the meanings ascribed to such terms in the Agreement.
I. General
Synacor shall provide the agreed upon service levels seven (7) days a week, twenty-four (24) hours a day, three hundred sixty-five (365) days a year, consisting of monitoring, notification, repair of service outages and maintenance, as set forth in this Service Level Agreement (this “SLA”).
It is expected that the evaluation of Synacor’s performance against this SLA will be evaluated on a quarterly basis, beginning ninety (90) days from the date of the Agreement.
Client has the right to review any service level agreement of any Synacor Provider (each, a “Synacor Provider SLA”) whose Content is proposed to be made available to Users. If Client chooses to include such Synacor Provider’s Content, then Client shall have the right to enforce the service level requirements set forth in the pertinent Synacor Provider SLA against Synacor as apply to such Synacor Provider vis a vis Synacor under such Synacor Provider SLA and Synacor shall extend fee credits and any other adjustments to Client in amounts or percentages identical to the amounts or percentages to which Synacor may be entitled under such Synacor Provider SLA. Synacor and Client shall work in good faith to appropriately modify this SLA if Client chooses to migrate the Services directly to Client’s IP network as set forth in Paragraph l (a)(v) of Schedule A to the Agreement.
II. Monitoring
In an effort to detect potential problems before they impact the availability and performance of the System or the Services, Synacor monitors the status of its systems using both automated and manual tools employed in its 24 by 7 system monitoring and administration. Synacor will work with Client to create any reasonable scripts necessary for accessing performance data, agreed upon by Synacor and Client, necessary for Client’s network operations center to perform health checks on the Services and to use in the event that customer troubleshooting is needed. Synacor shall also share any performance data it has available including, but not limited to, what is defined herein with Client upon Client’s written request within five (5) business days of such request.
Such monitoring includes, but is not limited to:
System availability, Service availability, database connectivity and performance, System load, network availability and performance, System usage.
III. Reporting
Synacor will provide access to the following standard reporting tools, which will deliver reports through a web-based interface:
SUBSCRIBER DATA
  1.   Number of Users
 
  2.   User Cancellations
MONTHLY USAGE DATA
  3.   Unique Users accessing Synacor Sourced Services
 
  4.   Unique Users accessing Client Sourced Services
 
  5.   Unique Users accessing Client Branded Portal
 
  6.   Hits/redirects to Client Branded Portal content, Synacor Sourced Services and Client Sourced Services

B-1


 

     Such reporting tools can be enhanced as mutually agreed upon by the Parties at Synacor’s standard professional services rates.
IV. System Availability
“System Availability” is defined as the operable state of Synacor’s entire service platform in that service functionality, including, but not limited to, the Client Branded Portal, Synacor/Client Authentication, the method in which billing data is derived and transmitted to Client, routers, switches, servers, operating systems, and any software application running on the servers that supports the Client, is available to Client and its Users [*]% of the time during any given calendar month (i.e., the System will be available at all times throughout the pertinent month, except for up to forty-three (43) minutes cumulative downtime time during such month), excluding scheduled maintenance. System Availability does not take into account: (i) the performance or inability of Users to access Synacor’s systems as a result of such Users’ Internet/network connection; (ii) Synacor Providers’ ability to update or deliver content, excluding the unified login functionality between Synacor and the third party providers, although any Synacor Provider SLA will apply to such Synacor Provider’s Content as set forth above; or (iii) occasions where, due to the architectural design of the Internet, access to Synacor’s systems is prohibited based on a User’s Internet Service Provider’s (“ISP”) fault or failure or by the path (route) traveled in accessing Synacor’s systems, except those facilities in which Synacor is in direct control. The Parties hereby acknowledge and agree that the instances described in clauses (i), (ii) and (iii) of this Paragraph IV shall not be included in the calculation of System Availability against which the SLA applies.
V. System Availability; Performance
System Intrusion or Denial of Service “DOS” Attack In the event of a System intrusion by a “cracker,” “hacker”, any other third party, or DOS attacks, such intrusion shall be deemed a Priority One (as defined in Schedule C) event and the notification protocol applicable to a Priority One event will be followed. Client will be notified by Synacor and a solution will be implemented by Synacor as set forth in Schedule C. Notification by Synacor will occur upon identification of intrusion. If extensive damage is incurred, including to, but not limited to, Client data, user data, Systems, due to the failure of Synacor to follow its published Security Policy (as defined in the Synacor Specifications) then this SLA will apply.
System Availability; Data Integrity; SLA Credits:
The SLA credits set forth below will be based off of any failure of System Availability, or Data Integrity (as defined in the System Specifications). In the event that Synacor fails to meet the provisions of this SLA cumulatively during any calendar month during the Term, then the following credits will apply against the aggregate Portal Fees, combined with the aggregate Content Access Fees due for the pertinent month (collectively, the “Aggregate Fees”) in which such failure occurs:
  a.   Portal Unavailability: Defined as a condition which exists where the Client Branded Portal is unavailable to Client or any User or where Client or any User makes an HTTP request, or similar request via other protocol used on the Client Branded Portal by Client or Users, and Synacor’s Systems do not respond, including, but not limited to Client Branded Portal content, Synacor/ Client authentication, or Unified Login, any third party content provided through the Client Branded Portal, or a security violation due to the failure of Synacor to follow the Security Policy. For the avoidance of doubt, the failure of Unified Login or third party Content due to the fault of the third party Content providers is not included in this SLA.
  i.   Cumulative Mean Time to Repair (per calendar month):
  1.   [*]
 
  2.   [*]
  b.   Synacor API Unavailability
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

B-2


 

  i.   Synacor/ Client Authentication Unavailability: Defined as a condition which exists where the authentication between Synacor and Client is unavailable through the fault of Synacor where Users are unable to authenticate through the Client Branded Portal and services that require authentication are unavailable. Examples: Client E-care Support, Unified Login, Client Webmail, Content. For the avoidance of doubt, the failure of Unified Login or third party Content due to the fault of third party Content providers is not included in this SLA.
 
  ii.   Synacor/ Third Party Content Provider Unavailability: Defined as a condition which Unified Login between Synacor and any third party Content provider due to a failure of Synacor’s System. For the avoidance of doubt, a condition where the third party Content provider alters their API’s or the interface, or where such third party’s web site is unavailable, would not be included in this SLA.
  1.   Cumulative Mean Time to Repair (per calendar month):
 
  2.   [*]
 
  3.   [*]
  c.   [*]
Performance
The Performance (“Performance”) of the Client Branded Portal is defined as the System response time for each Portal page (as defined in the Synacor Specifications), as agreed upon by the Parties prior to the launch of the pertinent Portal page (each, a “Response Time”), measured via HTTP requests, or similar requests via other protocol used on the Client Branded Portal by Client or Users, performed by Client servers directly from any Client IP backbone location. Performance of Response Times will be tested against a steady-state Portal page of similar type and size to the pertinent Portal page, which steady-state Portal page will reside on the same Host (as defined in the Synacor Specifications) as the Client Branded Portal. Synacor’s responsibility for Performance includes, but is not limited to, web server response, Authentication performance, routers, switches, Internet transit or Peering connections (Network hardware, cross-connects, or circuits that are Synacor’s responsibility) that are at 90% peak utilization or below, or any other device in Synacor’s direct control. If Synacor is unable to perform in accordance with any pertinent Response Time, then Synacor will be responsible for the following remedy:
  1.   Synacor will use its best efforts to correct the identified performance failures as soon as commercially reasonable and, in no event, later than [*] after receipt of written notice from Client describing in reasonable detail the performance failure of the Client Branded Portal, Synacor shall resubmit the Performance changes, in detail, to Client for testing. Client shall conduct a testing period (“Test Period”) of no more than [*] with respect to the specified failed criteria. Within [*] after the expiration of the Test Period, Client will provide Synacor with a written response accepting the Performance or rejecting the Performance. Synacor shall have an additional [*] to correct the identified performance failures. Client shall conduct final testing for a period of not more than [*] (the “Final Test Period”) with respect to the specified failed criteria. Within [*] after the expiration of the Final Test Period, Client will provide Synacor with (A) written response accepting the Performance, or (B) written rejection if Client determines in good faith that the failed criteria identified in the First Rejection
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

B-3


 

      Notice have still not been corrected (a “Final Rejection Notice”). In the event the Client does not deliver a Final Rejection Notice as provided herein, the Performance shall be conclusively deemed acceptable by the Client. If Client provides a Final Rejection Notice and the President of Synacor and the Chief Technology Officer of Client do not otherwise agree to pursue further Performance testing/ remedies of the System, the Final Termination Notice shall constitute a notice of termination of the Agreement without further liability of either Party.
VI. Scheduled Maintenance Windows
Synacor has reserved a two (2)-hour window from 3:00 a.m., EST, to 5:00 a.m., EST, every Sunday evening -Monday morning for weekly maintenance, should the need for such maintenance arise. In the event that this window will be needed in a given week, Synacor will provide Client no less than three (3) business days prior to the window via Clients change control organization (“Change Management”). The form of notification must conform to Client’s current Change Management process. If it is determined during the window that the scheduled maintenance will run over the two (2)-hour window, Client will be notified immediately and receive updates every sixty (60) minutes or less until the maintenance is complete. During these scheduled maintenance periods, the System and Services may be unavailable to Client and Users. If the maintenance period exceeds three (3) hours in any given week, or a cumulative of twelve (12) hours in any given month in total duration, then the System Availability SLA will apply. Scheduled Maintenance Windows that do not exceed set limits (i.e., three (3) hours in any given week, or a cumulative of twelve (12) hours in any given calendar month) are not counted against System Availability percentages.
VII. Emergency Maintenance Notification
In the event that emergency maintenance (defined as any maintenance that exists that is not within the standard maintenance window described above, or as to which three (3) business days’ prior notification is not given) is required, during which time the System and Services will be unavailable to Client and Users, Synacor will notify the Client as promptly as practicable and, if possible, during the repair window, and so as not to prolong or negatively effect system service or its availability. Emergency maintenance windows are counted against System Availability percentages.
VIII. Incident Management
Synacor’s Client Support Group will be responsible for the control and management of incident calls and their assignment of priority and escalation to resources within Synacor in their sole and absolute discretion.
When analyzing a case, it is important that Client understands that the Synacor Support Group will expect Client to aid in the analysis by providing any information and performing any actions or tasks requested by the pertinent Synacor Support Group analyst and that is reasonably necessary to assist the Synacor Support Group in analyzing such case. If Client is not willing to assist such analyst, Client understands that the case may take longer to solve and will not be included in the measurement of this SLA.
IX. Product Revision Management
Client will be notified in writing ten (10) business days in advance with respect to minor product enhancements, which do not substantially affect the Client Branded Portal. For example, adding personalization to a news component or modifying a Gameblast component so Client can include additional games within the Client Branded Portal.
For major modifications to the Client Branded Portal, Client and Synacor personnel must first agree on the appropriate launch date after negotiating in good faith for a period of not less than ten (10) days; provided that, such launch shall not exceed [*] days after the date after which Client requests such modification unless the Parties are unable to agree upon the launch date after negotiating for such ten (10)-day period. For example, creating a Flash or DHTML version of the Portal that allowed for dragging and dropping of components.
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

B-4


 

X. Limitations on Content Publishing
Client personnel shall not, unless agreed to in advance by Synacor, upload video files onto Synacor’s servers.

B-5


 

SCHEDULE C
TO
SYNACOR MASTER SERVICES AGREEMENT
SYNACOR SPECIFICATIONS
[*]

C-1

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]

C-2

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]

C-3

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]

C-4

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]

C-5

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]

C-6

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]

C-7

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]
Synacor System Security (“Security”)
Security Policy
Access Control
Synacor’s network topology is devised to keep machines hosting sensitive data (IE. Client specific data) inaccessible from the Internet. In order to facilitate this goal, the machines are connected only to a Private Network (defined as a network which has no public route to the Internet and cannot be accessed by any unauthorized Third Party), with no additional public routes defined, and a set of filtering rules, including but not limited to TCP/ IP, UDP, and ICMP (“Internet Traffic”), which discards any traffic from foreign networks or Internet Traffic going to an inappropriate Port.
Hosts (as defined herein) providing public services are insulated from the Internet by being hosted on a Private Network, with access provided only through a Layer 4 switch (“Load Balancer”), which only forwards connections to designated Ports (Defined: A port number represents an endpoint or “channel” for network communications. Port numbers allow different applications on the same computer to utilize network resources without interfering with each other)
Access to Servers with Client content or sensitive Client information (“Hosts”) residing on the Private Network is limited solely to system administration tasks such as maintenance, monitoring and software/operating system upgrades; company employees not directly involved with the maintenance of the Hosts are limited to a separate Private Network designated for their use.
Those cases where less stringent access restrictions are necessary, such as the Hosts used by our vendors to upload Content to use, are also kept separate from the more sensitive Private Networks, where no outbound route from the Public Network to the Private Network is available, so as to isolate Third Party access.
Split horizon DNS is used in order to protect the Hosts, as well as their layout, from all but authorized Synacor personnel.
Ownership of operating system objects, such as files, directories, and processes are handled with the principle of least possible privilege — e.g. read and write privileges are only granted where a demonstrable need exists. “Jails” are used to further isolate running processes from the rest of the file system whenever feasible. (Defined: A Jail is when a process is launched with diminished permissions, i.e. access to a limited set of files and directories, in order to reduce the damage in the event of malicious execution of the process.)
No file sharing protocols, such as NFS (Defined: As Network File System, allow machines to mount a disk partition on a remote machine as if it were on a local hard drive) or SMB (Defined: Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes

C-8

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

and mail slots between computers), are utilized when accessing secured hosts from the Public Network; secure transfers will only be over encrypted mediums using SSH/SCP (as defined herein).
Software Integrity
The installed base of software on each Host is kept as small as possible. Software packages which have been deemed unnecessary or redundant have been eliminated so as to minimize the potential number of access points on any given Server.
When an advisory for installed software is released from sources including CERT, SecurityFocus/BugTraq, and/or Synacor vendors, Synacor will immediately perform an evaluation of the relative risk. Highest priority (eg. Priority 1) is given where a known exploit is published that affects services accessible to public networks. Depending on the nature of the advisory a given service may be further restricted or shut down as we prepare an update.
The time frames between an advisory, triage, testing and patching differ based on the severity of the advisory. A critical patch will be applied as soon as it has been staged and tested, and will receive the highest level of attention from Synacor staff; Adelphia will be notified either while the patch is being evaluated, or as soon afterward as possible, when relevant to the customer’s service. Non-critical patches will be applied as part of the Maintenance Window; however, Synacor may not reveal all details (other than affected services) to the customer until after the patch has been applied to prevent potential security breaches.
With few exceptions, such as a fundamental design issue that necessitates changes that cannot be easily ported to installed versions, any updates related to security are applied to the existing version of the software, even if the fix is released by an upstream source in new release. This is to avoid ancillary changes which may result in undesired behavior or even new security risks.
Regardless of source, any updates are tested independently for suitability before general deployment, both to test the correctness of the fix itself as well as general functionality. This review process is, of course, expedited in the case of a serious risk. The review process is: apply patch, build package, install on a test host, review by QA and System Administration personnel with an attempt to run any known exploit if one exists, install on a pilot machine, review again, and general deployment.
Data Backups, backup handling:
All data backups are performed once per night, only over a secured Private Network to a protected Host residing in a locked rack. Backups are kept off-site as defined herein. The on-call Synacor Systems Administrator is alerted in the event of a backup failure for immediate resolution. Alltapes that have been used to contain sensitive data are stored in a locked cabinet in the Synacor operations center, accessible only by Synacor personnel as described in the Physical Security section below, or in a locked office at Synacor’s corporate headquarters, accessible only to Synacor’s Systems staff and Controller.
Failover Testing
In order to ensure that the redundancy of Synacor’s architecture is working, Synacor will perform failover testing on the following components during initial deployment, and once every six (6) months, including but not limited to, web servers, database servers, and redundant network equipment. Additionally, load balancers will be failover tested once every three (3) months.
Monitoring and Auditing
Monitoring of hosts is performed both through the use of a central server and agents running on the individual machines. Among other things, log files and running processes are periodically checked against a checklist specifically given to that class of Host. Any deviation is immediately brought to the attention of the on-call Synacor personnel.
The polling occurs every 5 minutes for each Host. Push updates from the clients are also on a 5 minute interval with slight delay randomization. There are processes running on two separate machines which

C-9


 

ensure connectivity to the monitoring server and contact a Synacor administrator in case of failure. In addition, a test message is sent through the Monitoring notification infrastructure every 30 minutes in order to ensure that Monitoring infrastructure is operating to the designed specifications.
In addition to local logging, each host reports a subset of system events to a central Host, which is monitored by the Synacor staff for any suspicious activity. Logs are archived for a period of one (1) year.
Physical Security
Twenty-Four (24) hour by Seven (7) days a week building security, including but not limited to uniformed guard service, interior and exterior closed-circuit television surveillance, provided by the Main Place Liberty Group.
The collocation facility, provided by Switch and Data, includes several forms of security and access control including but not limited to individual pass card access to the administration facility, with an additional secured door protecting the server room. Inside the facility is an additional closed-circuit television system, with the additional capability for off-site monitoring by authorized personnel.
Staffing of the facility is maintained Twenty-Four (24) hour by Seven (7) days a week, providing constant monitoring and a point of contact for any non-secured personnel. Visitors are required to be signed in and are provided with escort until such time as they vacate the secured area.
The only personnel allowed physical access to Synacor’s servers are authorized Synacor employees, paid contractors, and vendors or other entities escorted by authorized Synacor staff members.
Authentication and Authorization
Accounts on any Host are created on a strictly discretionary basis, with access on most Hosts being restricted solely to Synacor administration staff. Superuser (root) access is even more stringently restricted, with no one outside the current Synacor administration staff having access to the passwords.
When each account is created it is created it is assigned a one time (Non-Dictionary) password, which is transmitted to the intended user face-to-face or through a phone call in which the recipient’s identity is verifiable , in order to facilitate the user setting their own. All passwords, including those which are strictly temporary, are verified with the ‘cracklib’ (Defined: A password library which can be used to prevent users from creating passwords which can easily be guessed by and intruder) module to be sufficiently strong.
Once accounts are created, authentication is done solely via encrypted channels: either TLS (“Transport Layer Security”) or SSH (“Secure Shell”).
Incident Management
Synacor has adopted the following Incident Response Plan. Incidents are defined as malicious attacks to gain access to Synacor systems, including hacking attempts and other intrusions. Identifiable denial-of-service attacks are also included, when they target equipment controlled by Synacor.
Security Incident Response Team (“SIRT”)
The primary SIRT team will be comprised of the following roles:
The SIRT Team Leader, currently the Systems Manager, is responsible for overseeing the team and conducting policy review once a year and after each incident.

C-10


 

The SIRT Incident Lead will be selected based on the nature of the incident, and will either be a Synacor System Administrator, Network Administrator, or the IT Manager. The Incident Lead is responsible for coordinating and reporting on the response.
The SIRT Communications Lead is responsible for managing communications between the response team, internal interested parties such as account managers and Synacor executives, and external clients as appropriate. This role is currently assigned to the Senior Account Manager.
Incident Response Plan
Notification
When an incident is identified, either as the result of internal monitoring or other notification, the on-call Synacor Systems Administrator will immediately notify the Team Leader, who will assign an Incident Lead and notify the Communications Lead. The on-call Systems Administrator will follow an escalation procedure to notify technology managers if the Team Leader is unavailable. The time from initial identification to the start of the assessment stage is not to exceed thirty (30) minutes.
The following types of events will trigger notification to the on-call Systems Administrator:
    detected intrusions on servers
 
    detected intrusions on network equipment
 
    privilege exceptions
 
    unexpected changes to system configurations
The following incidents will be relayed from external sources to the on-call Systems Administrator and will be treated as serious incidents for immediate risk assessment:
    provider network equipment intrusions
 
    intrusions on third-party equipment adjacent to Synacor’s network
The following types of events will be logged and will be analyzed by a member of the Systems team on a regular basis, with any suspicious activity being escalated to the SIRT Team Lead for investigation.
    logins and login errors
 
    privileged executions
 
    suspicious web log entries
 
    SQL errors
 
    Unexpected process halts
 
    process restarts
Initial Assessment
The Incident Lead will determine the nature and extent of the incident, and will communicate this to the rest of the team. The Incident Lead will also begin to record all activities in a manual log and isolate evidence pertaining to the incident.
Incident Communication
Depending on the severity, scope, and possible originators of the incident, not all details will be immediately disclosed to the Clients. The Communications Lead will initially notify Clients in accordance with the Service Level Agreements in place, concerning any service disruptions. When the incident has been contained and all evidence secured, the Communications Lead will provide detailed written reports about the incident and any remaining service restoration issues.
Damage Identification, Containment and Recovery
The Incident Lead will determine the following:
    duration of attack
 
    the effects of isolating/turning off compromised systems
 
    the extent of compromised systems
 
    the duration of the attack
The Incident Lead will also attempt to determine:
    the origin of the attack

C-11


 

    the intent of the attack
In general, attacks against redundant systems, including web servers, load balancers, database servers, or any other redundant network, hardware device, or software in Synacor’s direct control will be addressed by removal of the affected system from the production environment, if deemed appropriate.
In some cases, it may be necessary to disable service completely. This will be necessary in cases where the intrusion is either widespread across an entire set of redundant servers and is malicious in nature, or when the intrusion did significant damage to justify restoration from backups. In this case, the length of the outage will depend on the extent of the damage.
Once the incident has been contained and service has been restored, the Incident Lead will perform the following tasks:
    audit of affected systems and all other systems for malicious software, and document.
 
    audit of system logs on affected systems
 
    conduct comparison of filesystem on affected systems against the base
 
    server installation to identify attack details
 
    audit of in-memory processes on all systems
The Incident Lead is responsible for archiving all evidence, including logs and possibly entire filesystems, for future civil or criminal investigation. This will involve burning disk contents or logfiles on to CD-R (eg. Writable CD ROM), saving the actual hard disks, or other archival methods depending on the incident specifics. The evidence will be kept in a locked cabinet for a period of time to be determined based on the nature of the incident and the media; CD-R disks, for example, will be kept for several years after the investigation has ended.
In the event that preserving data would compromise the recovery effort, the Team Lead will make the decision concerning the balance of evidence preservation vs. recovery time.
Post-Incident Monitoring
The Incident Lead, Team Leader and other parties will determine if additional processes are necessary to monitor for this type of attack in the future; if so, these processes will be specified and developed. In addition, manual audits may be required for a period of time after the incident to verify the integrity of the systems.
Civil/Criminal Investigation
Synacor will make the determination about whether to involve law enforcement or pursue a civil suit based on a number of factors including:
    the nature of the attack
 
    the extent and quality of the forensic evidence
 
    the identity and location of the perpetrator, if known
 
    the likelihood of another such attack
 
    the resource cost of the investigation
 
    impact on user privacy
 
    impact on company/client reputation
 
    advice of counsel
Disaster Recovery Plan
The following disaster recovery plan is specific to the Adelphia implementation.
Overview:
All data, software, and configurations will be backed up every twenty-four (24) hours to an offsite location such that should a disaster occur, they can be copied to and installed at a new data center. The data center

C-12


 

could be an Adelphia data center with appropriate hardware available or at a third party location such as Rackspace.
Possible Disaster Recovery Scenarios
Synacor’s Disaster Recovery Plan takes into account the partial or full destruction of Synacor’s data center. This may be caused by fire, earthquake, or the building or data center becoming unavailable for any other reason.
The building housing Synacor’s data center is also the primary location where many of the Tier 1 providers bring their networks into Buffalo. If something happens to the building in whole or in part, it may become necessary to activate the disaster recovery plan.
Recovery Time Objectives
Within 12 hours:
One webserver will be brought online at the disaster recovery location. A static website explaining what is wrong with the service will be brought up at the disaster recovery location.
Nameservice will need be changed to point websites to the new location.
This time period can be shortened drastically by having a machine on standby at Adelphia, and by ensuring that the TTL of the nameservice is sufficiently low.
Within 48 hours
A cluster of webservers and application servers will be brought online at the disaster recovery location.
A non-configurable portal site with some content and an Adelphia-branded pages will be brought online at the disaster recovery location.
Within 96 hours
A cluster of servers will be built to mimic the original configuration.
All data will be copied to disaster recovery location.
All software will be installed and running at disaster recovery location.
At this time we expect we can have all services operating as close to normal as possible.
Recovery Point Objectives
Synacor will back up all data, software, and configurations once per twenty four (24) hour (“Daily”) period to an offsite location. In the event of a disaster, Synacor will be able to restore services to the state at that time, which will be a regular time in the early morning.
Roles and Responsibilities
Synacor and Adelphia will mutually agree on the choice of a disaster recovery site upon execution of contract. If an option other than a third-party managed hosting provider such as Rackspace is chosen, Synacor and Adelphia will need to determine how to ensure that the hardware required is available for quick installation.
Synacor will be responsible for ensuring the integrity of the Daily data backups.
Synacor will be responsible for setting up all servers and networks and restoring services at the disaster recovery location. Synacor will provide all necessary manpower to return services as defined herein. If the disaster recovery site is located in an Adelphia data center, Synacor may solicit Adelphia resources to accelerate the recovery process.
Adelphia will be responsible for DNS modifications.

C-13


 

[*]

C-14

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]

C-15

 
     
*   CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-16


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-17


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-18


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-19


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-20


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-21


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C -22


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-23


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-24


 

[*]
 
   
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-25


 

[*]
 
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-26


 

[*]
 
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-27


 

[*]
 
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-28


 

[*]
 
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-29


 

[*]
 
* CERTAIN INFORMATION IN THIS EXHIBIT HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS.

C-30