From 06202f4d773b433f524d63ad82a2a3996ee2310d Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 10:02:45 +0800 Subject: [PATCH 01/13] docs: view updated terms --- CHANGELOG.md | 44 +++++++++++++++++++++++++++++++++++--------- STANDARD_TERMS.md | 12 +++++++----- 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d3a4463..00691d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,25 +6,46 @@ at least 14 days before changes take effect. --- -## v1.0 — 2026-03-29 +## v1.1.0 — 2026-04-01 + +**Standard Terms:** + +- General Provisions — Entire Agreement clause now cross-references the + Supersession clause in Special Terms rather than restating it +- Notices clause line length fixed for formatting consistency + +**Special Terms template:** + +- Supersession clause preserved and clarified + +--- + +## v1.0.0 — 2026-03-29 Initial release of the Standard Terms and Special Terms template. **Standard Terms covers:** - Services, including record-keeping obligations -- Compensation — hourly, per-project, and milestone-based +- Engagement Modes — Retainer (hourly, no Work Order per task) and + Project/Milestone (formal Work Order required per engagement) +- Work Orders — GitHub issues only, issued by Authorised Issuers listed in + Special Terms, accepted by contractor comment. Applies to Project/Milestone + engagements only +- Compensation structured around Engagement Mode — Retainer hourly rate set at + signing; Project/Milestone fees defined per Work Order - Expenses and reimbursement - Independent contractor status - Communication channels and logging requirements - Representations and warranties - Confidential information, including return and deletion on termination +- Information Sharing — applies to all contractors universally - Intellectual property ownership and assignment - Non-solicitation of employees and clients - Non-compete restricted to specific clients worked with under this Agreement -- Termination with 7 days notice, with payment terms covering all three - payment types — including good faith negotiation for partially completed - milestones within 14 days, falling back to arbitration if unresolved +- Termination with 7 days notice, covering Retainer, Per Project, and + Milestone-Based payment types — including good faith negotiation for partially + completed milestones within 14 days, falling back to arbitration if unresolved - Indemnification and liability cap - General provisions - Dispute resolution and arbitration in Hong Kong under HKIAC rules @@ -32,12 +53,17 @@ Initial release of the Standard Terms and Special Terms template. **Special Terms template covers:** -- Company and contractor details -- Role and designated manager -- Services and information sharing -- Compensation section with three payment type options +- Company and contractor details including GitHub handle, Telegram and WhatsApp +- Engagement Details — Primary Capacity and designated manager +- Authorised Issuers (pre-filled: CEO and Co-Founder) +- Services +- Rate Card — Retainer hourly rate set at signing; Project/Milestone fees + defined per Work Order +- Work Order template for GitHub issue structure (Project/Milestone only) +- Commencement date - Supersession clause — this Agreement immediately replaces all prior agreements on signing, while preserving any accrued unpaid amounts from previous agreements +- Signature block --- diff --git a/STANDARD_TERMS.md b/STANDARD_TERMS.md index b4a9aad..0e379b5 100644 --- a/STANDARD_TERMS.md +++ b/STANDARD_TERMS.md @@ -245,15 +245,17 @@ ## General Provisions 1. **Entire Agreement.** Together with the Special Terms and the Standard Terms - version referenced therein, this Agreement constitutes the entire agreement and - supersedes all prior negotiations. + version referenced therein, this Agreement constitutes the entire agreement. + Prior agreements are superseded as set out in the Supersession clause of the + Special Terms. 2. **Counterparts.** Signed in parts count as one original. 3. **Amendment.** Changes to the Special Terms only in writing signed by both Parties. Changes to the Standard Terms are governed by the [Updates](#updates-to-these-standard-terms) section. -4. **Notices.** In English, in writing, delivered by email to the addresses in the - Special Terms (for contractual notices only), or by GitHub release notification as described in the - [Updates](#updates-to-these-standard-terms) section. +4. **Notices.** In English, in writing, delivered by email to the addresses in + the Special Terms (for contractual notices only), or by GitHub release + notification as described in the [Updates](#updates-to-these-standard-terms) + section. 5. **Assignment.** No assignment without the other Party's written consent. 6. **Governing Law.** Hong Kong law applies (no conflict of law rules). 7. **No Waiver.** Delaying a right does not waive it. From 306e246d78a00c4e71e3c789023c2e8a90e2dc27 Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 10:47:41 +0800 Subject: [PATCH 02/13] docs: view updated terms --- CHANGELOG.md | 21 +++++++++++++++++---- STANDARD_TERMS.md | 43 ++++++++++++++++++++++++++++--------------- 2 files changed, 45 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 00691d2..6772ca3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,14 +10,27 @@ at least 14 days before changes take effect. **Standard Terms:** +- Confidential Information — general business information obligation reduced + from indefinite to 3 years from termination date; trade secrets remain + indefinitely confidential +- Intellectual Property — pre-existing IP carve-out added; Contractor retains + ownership of pre-existing tools, methodologies, and general knowledge; Company + receives a perpetual non-exclusive license to use any pre-existing IP + incorporated into Work Product +- Intellectual Property — moral rights waiver qualified to "to the extent + permitted by applicable law" to accommodate jurisdictions where moral rights + are inalienable (e.g. Italy, EU) +- Non-Solicitation — employee non-solicitation made mutual; + client non-solicitation reduced from 3 years to 1 year, and narrowed to services + substantially similar to those provided under this Agreement +- Indemnification — mutual indemnification added; Company now indemnifies + Contractor against its own gross negligence, willful misconduct, breach, and + third-party IP claims related to materials provided by the Company; Notice + clause made mutual - General Provisions — Entire Agreement clause now cross-references the Supersession clause in Special Terms rather than restating it - Notices clause line length fixed for formatting consistency -**Special Terms template:** - -- Supersession clause preserved and clarified - --- ## v1.0.0 — 2026-03-29 diff --git a/STANDARD_TERMS.md b/STANDARD_TERMS.md index 0e379b5..8c39d9e 100644 --- a/STANDARD_TERMS.md +++ b/STANDARD_TERMS.md @@ -146,8 +146,9 @@ ## Confidential Information -1. **Obligation.** The Contractor (and its staff) must keep all - Company information confidential indefinitely. +1. **Obligation.** The Contractor (and its staff) must keep all general Company + information confidential for 3 years from the date of termination of this + Agreement. Trade secrets must be kept confidential indefinitely. 2. **Scope.** Covers IP, projects, technology, business matters, client data, and third-party secrets. 3. **Permitted Use.** Only for Company work; no disclosure except to authorized @@ -175,8 +176,14 @@ created for the Company is owned 100% by the Company as "work made for hire." 2. **Assignment.** The Contractor assigns all IP rights to the Company from the date of creation. -3. **Moral Rights.** The Contractor waives all moral rights (e.g., authorship claims). -4. **Assistance.** The Contractor will sign documents or assist the Company to +3. **Pre-Existing IP.** Notwithstanding the foregoing, all Contractor + pre-existing intellectual property, tools, methodologies, and general + knowledge shall remain the Contractor's property. The Company receives a + perpetual, non-exclusive license to use any pre-existing IP incorporated + into Work Product. +4. **Moral Rights.** To the extent permitted by applicable law, the Contractor + waives all moral rights in Work Product (e.g., authorship claims). +5. **Assistance.** The Contractor will sign documents or assist the Company to protect its IP during and after the term. --- @@ -185,8 +192,9 @@ 1. **Employees.** During the term and for 1 year after termination, neither Party shall solicit or hire the other's employees without prior written consent. -2. **Clients.** During the term and for 3 years after termination, the Contractor - shall not solicit the Company's clients with whom it worked under this Agreement. +2. **Clients.** During the term and for 1 year after termination, the Contractor + shall not solicit any client of the Company with whom the Contractor worked under this Agreement for + services substantially similar to those provided under this Agreement. --- @@ -230,13 +238,18 @@ ## Indemnification -1. **Indemnity.** The Contractor indemnifies the Company (and its officers, - directors, employees, agents) against claims arising from: (i) the Contractor's - negligence or intentional acts; (ii) breach of this Agreement; (iii) issues - with Work Product. -2. **Notice.** The Company notifies the Contractor promptly of any claims. -3. **Survival.** This section survives termination. -4. **Liability Cap.** The Contractor's total liability under this Agreement is +1. **Contractor Indemnity.** The Contractor indemnifies the Company (and its + officers, directors, employees, agents) against claims arising from: + (i) the Contractor's negligence or intentional acts; (ii) breach of this + Agreement by the Contractor; (iii) issues with Work Product. +2. **Company Indemnity.** The Company shall indemnify the Contractor against + claims arising from: (i) the Company's gross negligence or willful misconduct; + (ii) the Company's breach of this Agreement; (iii) third-party intellectual + property claims related to materials provided by the Company to the Contractor. +3. **Notice.** Each Party notifies the other promptly of any claims for which + indemnification may be sought. +4. **Survival.** This section survives termination. +5. **Liability Cap.** The Contractor's total liability under this Agreement is limited to the total fees paid to the Contractor, except for liability arising from the Contractor's willful misconduct or gross negligence. @@ -291,8 +304,8 @@ they may terminate this Agreement under the [Termination](#termination) section within the 14-day notice period without penalty. 5. **Version on Record.** The version of the Standard Terms that applies to each - signed Agreement is the version tagged at the time of signing, as recorded in the - Special Terms. Any updates apply prospectively only. + signed Agreement is the version tagged at the time of signing, as recorded in + the Special Terms. Any updates apply prospectively only. --- From 0898944da6e2bc40e7b3ce3d3ef2ee9744c76c61 Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 11:08:25 +0800 Subject: [PATCH 03/13] docs: view updated terms --- README.md | 26 +++++++++++++------------- SPECIAL_TERMS.md | 6 +++--- STANDARD_TERMS.md | 2 +- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index da3c5fb..45b4f69 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ Each contractor engagement produces two documents: **1. Standard Terms** (`STANDARD_TERMS.md`) The boilerplate legal terms governing all contractor relationships. Versioned -by git tags (e.g. `v1.0`). The tag is the version — git timestamps it +by git tags (e.g. `v1.0.0`). The tag is the version — git timestamps it automatically. Never edited retroactively. **2. Special Terms** (`SPECIAL_TERMS.md`) @@ -40,7 +40,7 @@ version in the private HR repository alongside any signed artifacts. The contractor signs a document that references both: -- The Standard Terms by tag (e.g. `v1.0`) +- The Standard Terms by tag (e.g. `v1.0.0`) - The Special Terms by the commit of their filled-in copy --- @@ -53,7 +53,7 @@ Copy `SPECIAL_TERMS.md` to the private HR repository. Fill in all `` fields. In the Compensation section, keep only the subsection that applies to this contractor (Hourly, Per Project, or Milestone-Based) and delete the other two. Record the Standard Terms tag -currently in effect (e.g. `v1.0`) at the top of the document. +currently in effect (e.g. `v1.1.0`) at the top of the document. ### 2. Send for signing @@ -109,12 +109,12 @@ Once approved and merged: ```bash git checkout main git pull -git tag v1.1 # increment the version number -git push origin v1.1 +git tag v1.1.0 # increment the version number +git push origin v1.1.0 ``` -Then go to **GitHub → Releases → Draft a new release**, select the tag, -and publish. Copy the release URL — you will need it for contractor notifications. +Then go to [GitHub → Releases → Draft a new release](https://github.com/holdex/contractor-terms/releases/new), select +the tag, and publish. Copy the release URL — you will need it for contractor notifications. ### 6. Notify contractors @@ -124,17 +124,17 @@ Send an email to all active contractors with: - A link to the new release - The date the new terms take effect (minimum 14 days from the email date) -Use the subject line: `Holdex Contractor Terms Update — v1.1 effective [DATE]` +Use the subject line: `Holdex Contractor Terms Update — [version_number] effective [DATE]` --- ## Versioning Convention -| Tag | Meaning | -| ------ | -------------------------------------------------------------------------- | -| `v1.0` | Initial release | -| `v1.1` | Minor update — clarification, new clause, small change | -| `v2.0` | Major update — significant change to rights, obligations, or payment terms | +| Tag | Meaning | +| -------- | -------------------------------------------------------------------------- | +| `v1.0.0` | Initial release | +| `v1.1.0` | Minor update — clarification, new clause, small change | +| `v2.0.0` | Major update — significant change to rights, obligations, or payment terms | When in doubt, increment the minor version. Use a major version bump when the change materially affects contractor obligations or Company rights — diff --git a/SPECIAL_TERMS.md b/SPECIAL_TERMS.md index 3517f6f..19993ff 100644 --- a/SPECIAL_TERMS.md +++ b/SPECIAL_TERMS.md @@ -5,7 +5,7 @@ > the Standard Terms published at: > [github.com/holdex/contractor-terms](https://github.com/holdex/contractor-terms) > -> **Standard Terms version applicable to this Agreement:** +> **Standard Terms version applicable to this Agreement:** --- @@ -100,8 +100,8 @@ the issue must follow this structure: ```text **Work Order — [Brief Title]** -Agreement: [Contractor Full Name] — Special Terms v[X] / Standard Terms v[X] -Payment Type: [Per-Project / Milestone-Based / Retainer + Commission] +Agreement: [Contractor Full Name] — Special Terms v[X.Y.Z] / Standard Terms v[X.Y.Z] +Payment Type: [Per-Project / Milestone-Based / Hourly] **Scope:** [Description of work to be delivered] diff --git a/STANDARD_TERMS.md b/STANDARD_TERMS.md index 8c39d9e..72883c2 100644 --- a/STANDARD_TERMS.md +++ b/STANDARD_TERMS.md @@ -294,7 +294,7 @@ to time by publishing a new tagged release to the repository at github.com/holdex/contractor-terms. 2. **Notice of Updates.** The Company will notify the Contractor of any update by: - (i) tagging a new release in the repository (e.g., v1.1), and (ii) sending an + (i) tagging a new release in the repository (e.g., v1.1.0), and (ii) sending an email to the Contractor's registered Gmail address at least 14 days before the updated terms take effect. The email will include a link to the new release and a summary of material changes. From 4f5754bcbc401e93d7c8f062504f553dff98e7ad Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 12:56:18 +0800 Subject: [PATCH 04/13] docs: view updated terms --- CHANGELOG.md | 45 ++++++++++++++++ SPECIAL_TERMS.md | 28 ++++++++-- STANDARD_TERMS.md | 132 +++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 193 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6772ca3..a767aae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,14 @@ at least 14 days before changes take effect. - Intellectual Property — moral rights waiver qualified to "to the extent permitted by applicable law" to accommodate jurisdictions where moral rights are inalienable (e.g. Italy, EU) +- Intellectual Property — added Prior Inventions Disclosure: pre-existing IP the + Contractor wishes to retain must be listed in the Special Terms schedule at + signing; unlisted IP incorporated into Work Product is presumed Company-owned; + the list cannot be amended after signing without mutual written consent +- Intellectual Property — added Third-Party IP Warranty: the Contractor warrants + Work Product is original, contains no unlicensed third-party or open source + materials that would restrict the Company's use, and that the Contractor has full + authority to assign; breach triggers a contractor indemnity obligation - Non-Solicitation — employee non-solicitation made mutual; client non-solicitation reduced from 3 years to 1 year, and narrowed to services substantially similar to those provided under this Agreement @@ -30,6 +38,43 @@ at least 14 days before changes take effect. - General Provisions — Entire Agreement clause now cross-references the Supersession clause in Special Terms rather than restating it - Notices clause line length fixed for formatting consistency +- Services — added Subcontracting clause: the Contractor may not subcontract any + part of the Services without prior written approval; if approved, the Contractor + remains fully liable and must bind any subcontractor to equivalent obligations +- Services — added Audit Right: the Company may request the Contractor's trace log + and supporting records on 5 business days' notice; overbilling identified by an + audit must be repaid within 14 days +- Engagement Modes — added Monthly Hours Cap clause for Retainer engagements: hours + above the cap set in the Special Terms require prior written approval from an + Authorised Issuer; unapproved excess hours are not payable +- Work Orders — added Rejection and Cure clause: an Authorised Issuer must provide + written reasons when rejecting a deliverable; the Contractor then has at least 5 + business days to remedy and resubmit; if no written rejection is given within + 10 business days of submission, the deliverable is deemed accepted +- Compensation — added Invoice Submission Deadline: invoices must be submitted + within 30 days of the billing period end (Retainer) or written acceptance + (Project/Milestone); the Company is not obligated to pay late invoices +- New section: Data Protection and Information Security — requires PDPO compliance + and adherence to applicable data protection laws; restricts use of Company data + to performance of Services; mandates minimum security measures (full-disk + encryption, strong unique credentials with MFA, up-to-date software, secure + networks); requires 24-hour written incident notification; makes the Contractor + financially responsible for remediation costs where a breach results from their + non-compliance with this section; obligations survive termination +- Termination — added Termination for Cause: the Company may terminate immediately + and without notice for material breach (unremedied after 5 business days), fraud, + criminal conduct, confidentiality breach, or violation of applicable law; payment + on cause termination is limited to work accepted before the termination date, net + of any amounts owed by the Contractor +- Updates — added Summary for Convenience Only clause: any changelog or summary + provided in an update notification is informational only; the full text of the + Standard Terms prevails in the event of inconsistency + +**Special Terms template:** + +- Rate Card — added Monthly Hours Cap field to the Retainer section +- Added Prior Inventions Schedule section (between Supersession and Signatures) + for the Contractor to disclose pre-existing IP at the time of signing --- diff --git a/SPECIAL_TERMS.md b/SPECIAL_TERMS.md index 19993ff..0bbf418 100644 --- a/SPECIAL_TERMS.md +++ b/SPECIAL_TERMS.md @@ -71,10 +71,11 @@ > Applies only if Engagement Mode is Retainer. Leave blank otherwise. -| Field | Value | -| --------------- | ---------------------- | -| Rate (USD/hour) | | -| Payment Cycle | Monthly | +| Field | Value | +| ----------------- | ---------------------------------------- | +| Rate (USD/hour) | | +| Payment Cycle | Monthly | +| Monthly Hours Cap | | ### Project and Milestone Fees @@ -140,6 +141,25 @@ but unpaid amounts — remain valid and are not affected by this supersession. --- +## Prior Inventions Schedule + +> This schedule is required by the Intellectual Property section of the Standard +> Terms. List all pre-existing intellectual property, tools, methodologies, and +> materials that the Contractor owns or has rights to and that may be incorporated +> into Work Product delivered under this Agreement. If there are no Prior +> Inventions to disclose, write "None" in the table below. +> +> This schedule cannot be amended after the Agreement is signed without the +> written consent of both Parties. + +| # | Description of Prior Invention | Ownership / Licence Basis | +| - | ----------------------------------- | ------------------------- | +| 1 | | | + +> Add rows as needed. + +--- + ## Signatures By signing below, both Parties confirm they have read, understood, and agreed to diff --git a/STANDARD_TERMS.md b/STANDARD_TERMS.md index 72883c2..39e1514 100644 --- a/STANDARD_TERMS.md +++ b/STANDARD_TERMS.md @@ -28,6 +28,23 @@ hours worked (if Retainer), milestones or project deliverables completed, and any relevant Work Order or task references. This log must be retained for the duration of the Agreement and for 1 year following its termination. +4. **Subcontracting.** The Contractor may not subcontract, delegate, or assign + any part of the Services to any third party without the prior written approval + of the Company. If approval is granted, the Contractor remains fully liable for + all acts and omissions of any approved subcontractor as if they were the + Contractor's own. Any approved subcontractor must be bound in writing by + obligations at least equivalent to those imposed on the Contractor under this + Agreement, including obligations relating to confidentiality, intellectual + property, and data protection. +5. **Audit Right.** The Company may, on not less than 5 business days' written + notice, request that the Contractor provide a copy of the trace log referred + to in the Record-Keeping clause above, together with any supporting records (including PR histories, + commit logs, time-stamped work records, and communications) for any period + during the preceding 12 months. The Contractor must comply within the notice + period. If an audit reveals that the Contractor has been paid for hours or + deliverables not actually performed or delivered, the Contractor must repay + the relevant amount to the Company within 14 days of written demand. This + right does not limit any other remedy available to the Company. --- @@ -39,7 +56,13 @@ tasks assigned through the default GitHub channel, logs hours via PRs, and is paid monthly at the hourly rate in the Special Terms. Research and learning time is not paid unless pre-agreed in writing as part of task scoping. -2. **Project and Milestone.** Where the Engagement Mode in the Special Terms is +2. **Retainer — Monthly Hours Cap.** Where a Monthly Hours Cap is specified in + the Special Terms Rate Card, the Contractor may not bill hours in any calendar + month that exceed that cap without prior written approval from an Authorised + Issuer. Hours billed above the cap without such approval are not payable by + the Company. Where no Monthly Hours Cap is specified in the Special Terms, no + cap applies unless separately agreed in writing. +3. **Project and Milestone.** Where the Engagement Mode in the Special Terms is Project/Milestone, each discrete engagement requires a formal Work Order before work begins, as defined in the Work Orders section. Payment terms are defined per Work Order. @@ -67,6 +90,17 @@ otherwise and is countersigned by both Parties. 6. **No Guarantee of Work.** This Agreement does not guarantee the Company will issue any minimum number of Work Orders or volume of work to the Contractor. +7. **Rejection and Cure.** If an Authorised Issuer does not accept a deliverable + submitted under a Work Order, the Authorised Issuer must provide written + reasons for the rejection within a reasonable time of submission. The Contractor + shall then have a cure period of not less than 5 business days (or such longer + period as the Parties agree in writing) to address the stated reasons and + resubmit the deliverable. This process may be repeated if the resubmitted + deliverable is again rejected. A deliverable is deemed accepted if the + Authorised Issuer does not provide written reasons for rejection within + 10 business days of submission or resubmission. Payment obligations under the + Compensation section are triggered only upon written acceptance or deemed + acceptance under the Rejection and Cure clause above. --- @@ -86,9 +120,15 @@ 4. **Milestone-Based Fee.** Each milestone payment is due upon written acceptance of that milestone's deliverables by an Authorised Issuer, as defined in the Work Order. -5. **Taxes.** The Contractor handles all their own taxes, withholdings, +5. **Invoice Submission Deadline.** The Contractor must submit invoices within + 30 days of: (i) the end of each calendar month, for Retainer + engagements; or (ii) the date of written acceptance of the relevant project + deliverables or milestone, for Project and Milestone engagements. The Company + is not obligated to process or pay any invoice submitted after this deadline. + Late invoices may be accepted at the Company's sole discretion. +6. **Taxes.** The Contractor handles all their own taxes, withholdings, and benefits. The Company makes no deductions. -6. **Finality of Payment.** Any payment made by the Company for approved hours, +7. **Finality of Payment.** Any payment made by the Company for approved hours, completed projects, or accepted milestones constitutes full and final settlement of all claims relating to the Services covered by that payment. The Contractor waives any right to dispute or make further claims in respect of that payment @@ -161,6 +201,44 @@ --- +## Data Protection and Information Security + +1. **PDPO Compliance.** The Contractor shall comply with the Personal Data + (Privacy) Ordinance (Cap. 486, Hong Kong) ("PDPO") as it applies to the + Company's operations, and all other applicable + data protection laws when handling any personal data accessed in connection + with the Services. Personal data shall be used only for the purpose for which + it was collected and only to the extent necessary to perform the Services. +2. **Permitted Use.** The Contractor shall not collect, process, copy, transfer, + or otherwise use Company data or personal data for any purpose other than + performing the Services under this Agreement without the Company's prior written + consent. +3. **Security Measures.** The Contractor must implement and maintain appropriate + technical and organisational security measures to protect Company data and + personal data against unauthorised access, disclosure, alteration, or + destruction. Required measures include, at minimum: (i) full-disk encryption + on all devices used to access Company systems or data; (ii) use of unique, + strong credentials for each Company system, managed using a reputable password + manager, combined with multi-factor authentication (MFA) where available; + (iii) maintaining up-to-date operating systems, applications, and anti-malware + software on all devices used for Services; and (iv) using secure network + connections (e.g., Company-provided VPN) when accessing sensitive Company + systems or data from external networks. Credentials must not be shared with + or disclosed to any person not authorised by the Company. +4. **Incident Notification and Recovery.** The Contractor must notify the Company in writing + within 24 hours of becoming aware of any actual or suspected security incident, + data breach, or unauthorised access involving Company data or personal data. + The notification must describe the nature of the incident, the data affected, + and the steps taken or proposed to contain and remediate it. If any such + incident is caused by the Contractor's failure to comply with its obligations + under this Data Protection and Information Security section, the Contractor + shall be responsible for the reasonable costs incurred by the Company for the + investigation, containment, and recovery of the incident. +5. **Survival.** The obligations in this section survive termination or expiration + of this Agreement. + +--- + ## Information Sharing 1. **Multiple Projects.** The Contractor may be assigned to projects for Holdex @@ -181,10 +259,28 @@ knowledge shall remain the Contractor's property. The Company receives a perpetual, non-exclusive license to use any pre-existing IP incorporated into Work Product. -4. **Moral Rights.** To the extent permitted by applicable law, the Contractor +4. **Prior Inventions Disclosure.** To benefit from the Pre-Existing IP + carve-out in the Pre-Existing IP clause above, the Contractor must list all + relevant pre-existing intellectual property, tools, methodologies, and materials + (collectively, "Prior Inventions") in the Prior Inventions schedule in the + Special Terms at the time of signing. Any Prior Invention not listed in that + schedule that is incorporated into Work Product shall be presumed to be owned + by the Company and subject to the full assignment under the Assignment clause. The list may not be amended + after signing without written consent of both Parties. +5. **Moral Rights.** To the extent permitted by applicable law, the Contractor waives all moral rights in Work Product (e.g., authorship claims). -5. **Assistance.** The Contractor will sign documents or assist the Company to +6. **Assistance.** The Contractor will sign documents or assist the Company to protect its IP during and after the term. +7. **Third-Party IP Warranty.** The Contractor warrants that: (i) all Work + Product delivered under this Agreement is original and created solely by the + Contractor, except for any third-party or open source materials expressly + disclosed to and approved by the Company in writing before incorporation; + (ii) the Work Product does not include any unlicensed third-party intellectual + property or open source code that would restrict the Company's ability to use, + distribute, or commercialise the Work Product; and (iii) the Contractor has + full authority to assign the rights in the Work Product to the Company as + required by this Agreement. The Contractor shall indemnify the Company against + any claim arising from a breach of this warranty. --- @@ -233,6 +329,22 @@ will be resolved under the [Dispute Resolution](#dispute-resolution) section. Any IP created as part of a partially completed milestone transfers to the Company regardless of whether payment has been agreed. +5. **Termination for Cause.** Notwithstanding the Notice clause above, the Company may terminate + this Agreement immediately, without notice and without any payment obligation + for the notice period, upon the occurrence of any of the following: (i) material + breach of this Agreement by the Contractor that is not remedied within 5 business + days of written notice (or is not capable of remedy); (ii) fraud or wilful + misrepresentation by the Contractor in connection with this Agreement or any + invoice; (iii) criminal conduct by the Contractor; (iv) breach of the + Confidential Information or Data Protection and Information Security sections + of these Standard Terms; or (v) violation of any applicable law by the + Contractor in connection with the performance of Services. Termination for + cause does not affect the Company's right to seek damages or other remedies. + Upon termination for cause, the Company's payment obligation is limited to work + completed and accepted by an Authorised Issuer prior to the date of termination. + Any such payment shall be net of any amounts due from the Contractor to the Company + under this Agreement, including costs for which the Contractor is responsible + under the Data Protection and Information Security section. --- @@ -298,12 +410,16 @@ email to the Contractor's registered Gmail address at least 14 days before the updated terms take effect. The email will include a link to the new release and a summary of material changes. -3. **Acceptance.** Continued provision of Services after the 14-day notice period +3. **Summary for Convenience Only.** Any summary of changes provided in an update + notification (including in the email, release notes, or changelog) is for + informational convenience only. In the event of any inconsistency between that + summary and the full text of the updated Standard Terms, the full text prevails. +4. **Acceptance.** Continued provision of Services after the 14-day notice period constitutes the Contractor's acceptance of the updated Standard Terms. -4. **Right to Terminate.** If the Contractor does not accept the updated terms, +5. **Right to Terminate.** If the Contractor does not accept the updated terms, they may terminate this Agreement under the [Termination](#termination) section within the 14-day notice period without penalty. -5. **Version on Record.** The version of the Standard Terms that applies to each +6. **Version on Record.** The version of the Standard Terms that applies to each signed Agreement is the version tagged at the time of signing, as recorded in the Special Terms. Any updates apply prospectively only. From fe2a296ad2c5aec1845a933c7b7c24ec5bac03ce Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:02:08 +0800 Subject: [PATCH 05/13] docs: view updated terms --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 45b4f69..09edcb4 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ currently in effect (e.g. `v1.1.0`) at the top of the document. ### 2. Send for signing Share the filled-in Special Terms with the contractor for review and signature. -Signatures can be collected digitally (e.g. DocuSign) or as a signed PDF scan. +Signatures can be collected digitally (e.g. PandaDoc) or as a signed PDF scan. Store the signed copy in the private HR repository. ### 3. Confirm the version on record From 5ee7a4ecacaa4acfd193d59cc8439400ea1898dd Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:04:14 +0800 Subject: [PATCH 06/13] docs: view updated terms --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 09edcb4..838e67d 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ The contractor signs a document that references both: ### 1. Prepare the Special Terms -Copy `SPECIAL_TERMS.md` to the private HR repository. Fill in all +Copy [SPECIAL_TERMS.md](SPECIAL_TERMS.md) to the private HR repository and name it `AGREEMENT.md`. Fill in all `` fields. In the Compensation section, keep only the subsection that applies to this contractor (Hourly, Per Project, or Milestone-Based) and delete the other two. Record the Standard Terms tag @@ -59,7 +59,7 @@ currently in effect (e.g. `v1.1.0`) at the top of the document. Share the filled-in Special Terms with the contractor for review and signature. Signatures can be collected digitally (e.g. PandaDoc) or as a signed PDF scan. -Store the signed copy in the private HR repository. +Store the signed `AGREEMENT_SIGNED.pdf` file in the private HR repository. ### 3. Confirm the version on record From 5f7b15ae4ddbc2b79d69280874509cbf5a418793 Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:16:34 +0800 Subject: [PATCH 07/13] ci: run markdown check --- .github/workflows/lint.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index cf42b7f..8f64d83 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,9 +13,14 @@ on: - ready_for_review jobs: - lint: + checks: if: github.event.pull_request.draft == false - uses: holdex/github-actions/.github/workflows/markdown-check.yml@main + uses: holdex/github-actions/.github/workflows/pr-checks.yml@ + with: + run-prettier: false + run-markdown: true + run-commits: true + package-manager: bun check-links: if: github.event.pull_request.draft == false From 9dc6f16b00b63f3dbc0d9af1454a8c13f28ab5d8 Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:18:48 +0800 Subject: [PATCH 08/13] ci: run markdown check --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8f64d83..8c77e11 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -24,7 +24,7 @@ jobs: check-links: if: github.event.pull_request.draft == false - needs: lint + needs: checks runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 From eb1ef0621d48249b9af824a9fbbd46e46f9038af Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:20:03 +0800 Subject: [PATCH 09/13] ci: run markdown check --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8c77e11..b6279f2 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -15,7 +15,7 @@ on: jobs: checks: if: github.event.pull_request.draft == false - uses: holdex/github-actions/.github/workflows/pr-checks.yml@ + uses: holdex/github-actions/.github/workflows/pr-checks.yml@05eefbf with: run-prettier: false run-markdown: true From 8a8ed9e9093f0d4924785fa43ff49fbdc1a4ffab Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:20:46 +0800 Subject: [PATCH 10/13] ci: run markdown check --- .github/workflows/lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b6279f2..428993c 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -15,7 +15,7 @@ on: jobs: checks: if: github.event.pull_request.draft == false - uses: holdex/github-actions/.github/workflows/pr-checks.yml@05eefbf + uses: holdex/github-actions/.github/workflows/pr-checks.yml@05eefbf2dfd772dbb2c12b9985d21ac24c5da0e5 with: run-prettier: false run-markdown: true From 76d5196b0a46cd08d1f42711e20aec7aec906cb0 Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:24:26 +0800 Subject: [PATCH 11/13] ci: run markdown check --- .github/workflows/lint.yml | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 428993c..b07ee6d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -15,20 +15,25 @@ on: jobs: checks: if: github.event.pull_request.draft == false - uses: holdex/github-actions/.github/workflows/pr-checks.yml@05eefbf2dfd772dbb2c12b9985d21ac24c5da0e5 - with: - run-prettier: false - run-markdown: true - run-commits: true - package-manager: bun - - check-links: - if: github.event.pull_request.draft == false - needs: checks runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - uses: holdex/github-actions/.github/actions/base/checkout@main + with: + ref: 05eefbf2dfd772dbb2c12b9985d21ac24c5da0e5 + + - uses: ./.holdex-actions/.github/actions/base/setup-runtime + with: + package-manager: bun + + - uses: ./.holdex-actions/.github/actions/composed/pr-checks + with: + run-prettier: false + run-markdown: true + run-commits: true + package-manager: bun + - name: Check links uses: lycheeverse/lychee-action@v1 with: From 420d363dcbe68b4a9786b7e2506ada463283818b Mon Sep 17 00:00:00 2001 From: Vadim Zolotokrylin Date: Wed, 1 Apr 2026 13:33:46 +0800 Subject: [PATCH 12/13] ci: run markdown check --- .github/workflows/lint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b07ee6d..fd611c9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -41,6 +41,7 @@ jobs: --verbose --no-progress --exclude-mail + --exclude-path node_modules '**/*.md' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From a4524807364b48bf43420541ff5f1704ee4f63cc Mon Sep 17 00:00:00 2001 From: Vadim Date: Wed, 1 Apr 2026 13:48:23 +0800 Subject: [PATCH 13/13] Apply suggestions from code review Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Vadim Signed-off-by: Vadim --- .github/workflows/lint.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fd611c9..848550e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -19,7 +19,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: holdex/github-actions/.github/actions/base/checkout@main + - uses: holdex/github-actions/.github/actions/base/checkout@05eefbf2dfd772dbb2c12b9985d21ac24c5da0e5 with: ref: 05eefbf2dfd772dbb2c12b9985d21ac24c5da0e5 @@ -41,6 +41,7 @@ jobs: --verbose --no-progress --exclude-mail + --exclude-path .holdex-actions --exclude-path node_modules '**/*.md' env: