Free UK Software Development Agreement Template

SOFTWARE DEVELOPMENT AGREEMENT

Bespoke Build · SGSA 1982  ·  CDPA 1988  ·  England And Wales  ·  4 June 2026

This Software Development Agreement (the "Agreement") is made on 4 June 2026 between Cromer Retail Holdings Limited (Companies House No. 08329451) of 8 Berkeley Square, Mayfair, London, W1J 6BR (the "Customer") and Tendring Software Studios Ltd (Companies House No. 11483672) of Suite 4, Brunel Court, Cambridge, CB4 0WT (the "Developer"). The Developer is engaged to design, develop, test, deliver and (where applicable) deploy the bespoke software product described in clause 1 (the "Project"). This Agreement applies the implied terms of the Supply of Goods and Services Act 1982, the Copyright, Designs and Patents Act 1988, and (where personal data is processed) the UK GDPR + Data Protection Act 2018 read with the Data (Use and Access) Act 2025.

1.1 Project. The Project is Cromer PIM 2.0 — Product Information Management Platform.

1.2 Scope of work. Design, build and deploy a multi-tenant Product Information Management (PIM) platform for Cromer Retail Holdings' 14 UK retail brands.
Core modules: catalogue ingestion (CSV / XML / API), attribute taxonomy management, multi-locale content workflow, output syndication (PDFs / web / 3rd-party marketplaces).
Tech stack: TypeScript + Node.js + PostgreSQL on AWS UK. UI: React. Tested with Playwright + Vitest. CI/CD via GitHub Actions.
Deliverables: (i) Phase 1 MVP (catalogue + workflow + 1 syndication target); (ii) Phase 2 (multi-locale + 3 additional syndication targets); (iii) Phase 3 (analytics dashboard + AI-assisted attribute extraction).

1.3 Target completion. The Developer shall use reasonable endeavours to deliver the Project by 31 March 2027. Time is not of the essence save where expressly stated in a Milestone or Change Order.

1.4 Implied terms. The Developer shall perform the development with reasonable care and skill (section 13 SGSA 1982), within a reasonable time (section 14 SGSA 1982), and for the price stated (section 15 SGSA 1982). The Customer shall cooperate with the Developer in the conduct of the Project (implied duty of cooperation per Salt Ship Design AS v Prysmian PowerLink Srl [2021] EWHC 2633 (TCC)).

This Agreement, and any dispute or claim arising out of or in connection with it (including non-contractual disputes), shall be governed by and construed in accordance with the laws of England and Wales. The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any such dispute or claim.

2.1 Hybrid pricing. Phase 1 of the Project (as described in the Specification) is delivered on a Fixed Price basis at £385,000. Subsequent phases or material changes to scope are charged on a time-and-materials basis at £1,250 per Developer day.

2.2 Invoicing and payment. Payment is made against the achievement of agreed Milestones. Each Milestone payment is invoiced on acceptance of the corresponding Deliverable; payment is due within thirty (30) days of invoice.

2.3 Milestones. (i) Phase 1 MVP delivery: £165,000 on acceptance;
(ii) Phase 2 multi-locale + 3 syndication targets: £140,000 on acceptance;
(iii) Phase 3 analytics dashboard + AI extraction: £80,000 on acceptance.

2.4 Late payment. Late payment shall bear interest at the Bank of England base rate plus 8% per annum under the Late Payment of Commercial Debts (Interest) Act 1998, plus the Developer's reasonable recovery costs.

3.1 Change requests. Either party may request a change to the Scope by written Change Request. The Developer shall, within 5 Business Days, provide an estimate of the time and cost impact (the "Change Order").

3.2 Approval threshold. Changes with an aggregate cost impact below £3,500 shall be absorbed by the Developer at its expense, subject to an annual aggregate cap of £15,000. Changes above the threshold (or above the cap) require the Customer's written acceptance of the Change Order before work commences.

3.3 No verbal changes. No change to the Scope shall be effective unless agreed in writing. The Developer shall not be required to perform unauthorised work; the Customer shall not be required to pay for unauthorised work performed without an executed Change Order.

4.1 Acceptance test cycles. Each Deliverable is subject to 2 acceptance test cycle(s), each of 14 Business Days. On delivery, the Customer shall test against the Specification and Acceptance Criteria (set out in the Project Plan); the Customer shall give written notice of acceptance or rejection (with reasonable defect detail) within the test period. Silence at end of cycle = deemed acceptance.

4.2 Defect categories. Defects are categorised as: P1 (system unusable or material function unusable); P2 (significant defect, workaround possible); P3 (minor defect, cosmetic or non-critical).

4.3 Remedies on failure. The Developer shall remedy P1 and P2 defects at its expense and re-deliver for a new test cycle. If P1 / P2 defects persist after the final cycle, the Customer may at its option (a) require continued remedy at the Developer's expense, or (b) reject the Deliverable and recover all Fees paid for that Deliverable (subject to a credit for any operating value already received).

4.4 Warranty period. For 90 days after acceptance of the final Deliverable, the Developer shall remedy at its expense any defect arising from a breach of the Specification, save where the defect is caused by Customer misuse, third-party modification or external factors. This is in addition to (and not in substitution for) the Customer's statutory rights under the SGSA 1982.

5.1 Foreground IP. The Customer shall own outright the Foreground IP (assigned by the Developer as in the standard assignment above), save that the Developer retains a perpetual, royalty-free, non-exclusive licence to use, modify and exploit those generic elements of the Foreground IP that are not unique to the Customer's business (e.g. development frameworks, build tools, generic UI patterns, telemetry libraries) in the Developer's subsequent projects, provided that no Customer Confidential Information is reused. This is UK Series A / B2B SaaS standard.

5.2 Background IP licence. The Customer receives a perpetual, royalty-free, non-exclusive licence to use, modify and sublicense the Developer's Background IP to its Affiliates, subcontractors and successors-in-business to the extent reasonably necessary to operate, support and exploit the Deliverables.

5.3 Open-source policy. The Developer may use permissively licensed open-source components (MIT, Apache 2.0, BSD, ISC) without prior consent, subject to maintaining a current OSS inventory. Use of copyleft licences (GPL, AGPL, LGPL) requires the Customer's prior written consent. The Developer shall not introduce any "viral" copyleft into the Foreground IP without consent.

5.4 Developer IP warranty. The Developer warrants that the Foreground IP, as delivered, does not infringe any third-party intellectual property rights (subject to the Open-Source policy in clause 5.3) and indemnifies the Customer against any third-party claim of such infringement, capped in line with clause 8 (Limitation of Liability).

5.5 AI-generated code provenance. The Developer shall maintain a provenance log of any AI-generated code components in the Deliverables, identifying (a) the AI model and version used; (b) the source and training data (where known); (c) any Customer Confidential Information sent to the AI model. The Developer shall not send Customer Confidential Information to a third-party AI model without the Customer's prior written consent.

6.1 Tri-party escrow. The Developer shall, within 30 days of Completion of each Milestone, deposit the full source code, build instructions, third-party dependency lists, environment configuration and test data for the Deliverables with NCC Group Escrow Services Limited under their standard tri-party escrow agreement, with the Customer as the named Beneficiary.

6.2 Release triggers. The escrow agent shall release the source code to the Customer upon: (a) the Developer's insolvency, winding-up, bankruptcy, IVA, or appointment of an administrator / receiver / liquidator; (b) the Developer ceasing to carry on business or to provide maintenance services for the Deliverables; (c) any material breach by the Developer of clause 7 (Support) that the Developer fails to remedy within 30 days of written notice; (d) persistent failure to meet the Silver SLA in clause 7.1 for two consecutive quarters; or non-renewal of the support agreement at the end of any term..

6.3 Customer use rights. On release, the Customer may use the released source code solely to maintain, modify and operate the Deliverables for its internal business purposes (or those of its successors-in-business). The Customer may engage a Permitted Third Party (any reputable IT services provider, on a confidentiality undertaking) to assist.

6.4 Maintenance. The Developer shall update the escrowed materials at each material release of the Deliverables and shall pay the escrow agent's fees during the Term and for 24 months thereafter.

7.1 Support (Silver). The Developer shall provide email and telephone support during extended hours (8am-8pm UK time, Mon-Fri). Response targets: P1 (system unusable) — first response within 4 hours; resolution within 8 business hours. P2 — first response within 1 business day; resolution within 5 business days. P3 — first response within 5 business days. SLA: 99.5% availability of supported Service per calendar quarter; SLA credits of 5% / 10% / 25% of quarterly support fee for breaches of 0.5pp / 1pp / 2pp.

7.2 Specific support terms. Support fee: £4,500 per month, payable monthly in advance. Annual support fee uplift: lower of 3% or RPI. Support excludes user training, third-party integration changes outside the Developer's control, and modifications by Customer or third parties.

8.1 Fitness for purpose. The Developer warrants that the Deliverables shall be fit for the Customer's stated business purpose (set out in the Specification or otherwise notified to the Developer at proposal stage and acknowledged in writing). This warranty incorporates the standard in Pegler v Wang [2000] EWHC 137 (TCC) — fitness for actual business use, not merely conformity to a written specification.

8.2 Limitation of liability. Subject to clause 8.3 below, each party's aggregate liability under this Agreement, whether in contract, tort (including negligence), breach of statutory duty or otherwise, shall not exceed one hundred percent (100%) of the total Fees paid by the Customer to the Developer under this Agreement.

8.3 Excluded categories (no cap). Neither party limits its liability for: (a) fraud or fraudulent misrepresentation; (b) death or personal injury caused by negligence; (c) any other liability that cannot be limited by law. The Developer's indemnity for IP infringement (clause 5.4) is subject to the cap in clause 8.2. The parties exclude liability for indirect or consequential loss, loss of profits, loss of business opportunity, loss of goodwill and loss of anticipated savings (consistent with reasonable allocation of B2B IT risk per Watford Electronics v Sanderson [2001] EWCA Civ 317).

9.1 UK GDPR processor role. The Developer is a processor of Customer personal data under the UK GDPR and the Data Protection Act 2018 read with the Data (Use and Access) Act 2025. The parties shall execute an Article 28 Data Processing Addendum (the "DPA") in the form attached as Schedule 1 (or, where not attached, in the Developer's standard form satisfying Article 28(3) UK GDPR). The Developer shall implement appropriate technical and organisational measures (Article 32) and shall notify the Customer of any personal data breach without undue delay and in any event within 24 hours of becoming aware.

9.2 ADM under DUAA 2025. Where the Developer builds an automated decision-making (ADM) system that produces legal or similarly significant effects on individuals, the Developer shall design the system to meet the requirements of section 50 of the Data (Use and Access) Act 2025 (data subject information notice; right to human review on request; meaningful information about the logic involved; significance and envisaged consequences). The Developer shall document the design decisions for ADM compliance and provide the documentation to the Customer at acceptance.

10.1 ECCTA 2023 flow-down. The Developer shall maintain reasonable fraud-prevention procedures consistent with the published government guidance under section 199 of the Economic Crime and Corporate Transparency Act 2023 (live from 1 September 2025 for "large organisations"). The Developer shall: (a) not facilitate or fail to prevent any associated person from committing fraud for the benefit of the Customer; (b) promptly report any suspected fraud or facilitation to the Customer; (c) comply with the Customer's anti-bribery policies under the Bribery Act 2010.

11.1 Termination. Either party may terminate this Agreement on 30 days' written notice for material breach un-remedied within that period; or immediately on the other party's insolvency. The Customer may terminate for convenience at any time, paying for work performed plus reasonable wind-down costs.

11.2 Counterparts. This Agreement may be executed in any number of counterparts; electronic execution permitted.

11.3 Variation. Variation shall be in writing signed by both parties.

EXECUTED as an agreement on the date set out at the start of this Agreement.

IN WITNESS WHEREOF, the parties have executed this Agreement as of the date indicated.