Skip to content

Co-Delivery Agreement — Template

DRAFT — 2026-05-11. Pending review by counsel. Use for early co-delivery engagements where Base2ML LLC is providing the AuditForge platform free of charge. Revise once 2–3 co-deliveries have completed and counsel has reviewed the language in light of how the actual engagements unfolded.

Parties

This Co-Delivery Agreement ("Agreement") is entered into on [DATE] between:

  • Base2ML LLC ("Base2ML"), a [Pennsylvania] limited liability company, with principal place of business at [ADDRESS]; and

  • [PARTNER FIRM NAME] ("Firm"), with principal place of business at [ADDRESS],

each a "Party" and collectively the "Parties."

Engagement

Base2ML will provide the AuditForge platform — an AI-assisted document review engine — to the Firm at no charge, for the purpose of jointly delivering one (1) audit engagement on the following terms.

Field Detail
Firm engagement reference [Firm's internal engagement ID / project name]
End client [Firm's client name — not a party to this Agreement]
Audit type [e.g., CMMC Level 2 readiness assessment / SOC 2 Type 1 gap analysis]
Expected start date [DATE]
Expected deliverable date [DATE, typically 2-3 weeks from start]
Approximate corpus size [N documents, ~M megabytes]

What Base2ML provides

  • Access to the AuditForge platform at metis-demo.base2ml.com for the duration of the engagement
  • Self-serve corpus upload + ingestion (~5-10 minutes for typical corpus sizes)
  • The complete seven-stage audit pipeline, ten audit primitives, adversarial verification
  • Partner-facing review UI for accepting, rejecting, or refining each finding
  • White-label DOCX, Markdown, JSON deliverable export with the Firm's brand
  • Per-engagement audit log of every LLM call (for procurement-review defensibility)
  • Up to four (4) hours of live support during the engagement (corpus ingestion call, finding-review walkthrough, deliverable handoff)

What the Firm provides

  • The audit's end client (not a party to this Agreement) and the corpus of documents to be audited
  • Partner-level review and sign-off on every finding before delivery to the end client
  • Application of the Firm's professional judgment, methodology, and brand to the deliverable
  • A 30-minute post-engagement debrief call with Base2ML (within 14 days of deliverable handoff) to discuss what worked, what didn't, and what would have made the engagement more useful

Roles and responsibilities — express clarification

The Firm is the auditor of record. The deliverable is the Firm's professional work product. Base2ML is the technology provider. AuditForge is a tool, used by the Firm under partner oversight. Every finding in the deliverable has been reviewed and validated by a senior partner of the Firm before delivery to the end client.

The methodology disclaimer baked into every deliverable expressly states this relationship and forms part of the deliverable as delivered to the end client.

Case study and publicity

Following the engagement, Base2ML may publish a case study referencing this Co-Delivery. The Firm and Base2ML will agree in writing on:

  • Whether the Firm and end client are named or anonymized
  • Specific findings or quotes included in the case study
  • Quantitative metrics included (engagement duration, findings produced, etc.)

The Firm has approval rights over the final case study text before publication. Base2ML will not publish without the Firm's written consent.

Data and confidentiality

  • All documents uploaded by the Firm to AuditForge are stored in a dedicated S3 bucket isolated from other engagements
  • Data is encrypted at rest (AES-256) and in transit (TLS) at all times
  • No customer data is used to train any AI model — the underlying LLM API providers (Anthropic, OpenAI) are used in their no-training default modes
  • Sub-processors are listed at docs.base2ml.com/auditforge/sub-processors
  • Either Party may request deletion of all engagement data at any time, including up to 30 days after deliverable handoff; the data is deleted within 7 business days of the request

Liability

Base2ML provides the AuditForge platform on an "as is" basis for this Co-Delivery. Base2ML's aggregate liability under this Agreement, regardless of legal theory, is limited to one hundred dollars ($100). Neither Party will be liable for indirect, consequential, special, or punitive damages arising from this Agreement.

The Firm acknowledges that:

  • AuditForge surfaces candidate findings; the Firm's partner-level review determines which findings reach the end client
  • The Firm is responsible for the accuracy and completeness of the deliverable to its end client
  • The Firm carries its own professional liability and errors & omissions insurance covering its audit work

Term and termination

This Agreement begins on the date signed by both Parties and ends on the earlier of:

  • 60 days after signing
  • Deliverable handoff to the Firm's end client
  • Either Party providing 5 business days written notice of termination

Termination does not affect (a) data-deletion obligations, (b) liability limits, or (c) confidentiality obligations, all of which survive.

Pricing for future engagements (non-binding indication)

After this Co-Delivery completes, the Firm may engage AuditForge for additional engagements at $1,500 per engagement (pending Base2ML's published pricing at the time of engagement). The Firm is under no obligation to engage further. Base2ML is under no obligation to offer further co-delivery engagements free of charge.

Miscellaneous

  • Governing law: Commonwealth of Pennsylvania
  • Notices: by email to the contacts in the signature block
  • Entire agreement: this document is the entire agreement between the Parties as to the Co-Delivery; supersedes all prior discussions; may only be amended in writing signed by both Parties

Signatures

Base2ML LLC

By: ______

Name: ______

Title: Founder

Email: chris@base2ml.com

Date: ___

[PARTNER FIRM NAME]

By: ______

Name: ______

Title: ______

Email: ______

Date: ___

Operator note (delete before sending): This template assumes the Firm has its own professional liability insurance and is the audit's signatory of record. Do not use this template if the end client is in a regulated industry where the Firm's E&O policy may not cover an AI-assisted methodology, or if the engagement is high-stakes enough that a $100 liability cap will be a deal-breaker. In those cases, route to counsel for a custom agreement.