Client Policies v1.0 · May 2025 Internal Use · Confidential

Commercial Policies Manual

Xipe Software · Custom Software Development (Work-for-Hire)

This document defines the operational and commercial policies Xipe Software applies across all client engagements for custom software development (work-for-hire).

These policies serve three concrete purposes:

  • Legally protect Xipe in every engagement.
  • Set clear expectations before any project begins.
  • Eliminate gray areas that lead to disputes, unpaid rework, and projects without formal closure.

These policies apply from the first formal commercial interaction (quote or proposal) through the expiration of the post-delivery warranty period.

01 Commercial and Contractual Policies

Policy 1.1 Proposals and Quotes
  • Every proposal is valid for 15 calendar days from its issue date.
  • After expiration, prices and conditions may change without prior notice.
  • A quote does not constitute a capacity reservation or project start.
  • Proposals are issued exclusively in writing (email or signed document); no verbal figure is binding.
  • Unless explicitly stated, all quotes exclude: cloud infrastructure, third-party licenses, hosting services, and domain names.
Policy 1.2 Contracts and Scope
  • Every project requires a signed contract before any work begins, without exception.
  • Scope is defined exclusively by the Technical Annex attached to the contract.
  • Any functionality not described in the Technical Annex constitutes a scope change and triggers a change order with additional cost.
  • The client may not assume something is "included" by analogy or habit: if it is not written, it is not included.
  • Features marked as "to be defined" in the Annex will not be executed until a formally approved specification exists.
Policy 1.3 Deposits and Payment Schedules
  • Every project requires a minimum deposit of 40% of the total value before work begins.
  • Projects over $50,000 MXN are structured into milestone-based payments tied to specific deliverables.
  • A missed payment automatically pauses the project with no liability to Xipe.
  • Late payments accrue a 2% monthly charge on the outstanding balance.
  • Access credentials and source code will not be delivered until the balance is paid in full.
Policy 1.4 Cancellation by the Client
  • If the client cancels before 25% completion: the full deposit is retained.
  • If the client cancels between 25% and 75% completion: work completed is invoiced at the standard rate; any deposit surplus is not refunded.
  • If the client cancels after 75% completion: 100% of the project value is charged.
  • Cancellation must be communicated in writing; verbal cancellations are not accepted.
Policy 1.5 Project Pause or Abandonment by the Client
  • If the client provides no response or feedback within 10 business days, the project enters a paused state.
  • A pause releases team capacity; resuming the project at the same date is not guaranteed.
  • If the pause extends beyond 30 calendar days, the project is considered abandoned and the cancellation policy applies.
  • Resuming an abandoned project may require a new deposit and a price adjustment.

02 Delivery and Quality Policies

Policy 2.1 Deliverables and Formal Acceptance
  • Each deliverable or milestone is accompanied by a Delivery Record that the client must sign or approve in writing.
  • The client has 5 business days to review and formally approve or reject a deliverable.
  • If no response is received within that period, the deliverable is considered tacitly accepted.
  • Acceptance may be given by email; a physical signature is not required, but explicit confirmation is.
  • A rejection must include specific, concrete observations; "I don't like it" is not a valid observation.
Policy 2.2 Included Revisions and Corrections
  • Each deliverable includes up to 2 rounds of corrections at no additional cost.
  • A correction applies to errors or deviations from the approved Technical Annex.
  • A new feature or design change is not a correction; it generates a change order.
  • A third revision round onward is charged at 15% of the module's value.
  • Xipe defines the technical criteria for what constitutes a bug versus a functional improvement.
Policy 2.3 Post-Delivery Warranty
  • Xipe provides a 30-calendar-day warranty starting from the accepted final delivery.
  • The warranty covers only bugs directly caused by the delivered code.
  • It does not cover: requirement changes, errors caused by client modifications, third-party infrastructure issues, or integrations not contemplated in the contract.
  • The warranty is activated by a written report; verbal reports are not accepted.
  • Xipe has up to 5 business days to address a warranty report.
Policy 2.4 Version Control and Code Backup
  • All development is managed in Git repositories; the client may request read access at any time.
  • Code is backed up automatically; however, Xipe is not liable for losses caused by disasters in the client's infrastructure.
  • At project close, the full repository including commit history is delivered to the client.
  • Any architecture agreed upon in the contract is documented in a README at minimum before the final delivery.

03 Intellectual Property Policies

Policy 3.1 IP Transfer
  • Intellectual property of the developed code transfers to the client only upon receipt of full payment.
  • While any balance remains outstanding, Xipe retains usage and distribution rights to the code.
  • The client may not use, distribute, or modify the code before full payment without written authorization.
  • The transfer applies exclusively to code developed for this project; it does not include frameworks, libraries, or third-party components used as a base.
Policy 3.2 Portfolio and Commercial References
  • Xipe may include the project in its public portfolio (client name, general description, screenshots) unless the client requests express written confidentiality.
  • Xipe may mention the client as a commercial reference to prospects, unless an NDA is in place.
  • Xipe will never disclose the client's confidential technical, commercial, or financial information without authorization.
Policy 3.3 Third-Party Components and Open Source Licenses
  • Xipe may include open source libraries in projects; the client accepts the corresponding licenses (MIT, Apache 2.0, etc.) when approving the Technical Annex.
  • If the client requires a 100% proprietary solution with no open source dependencies, this must be stated explicitly in the Annex and may carry additional cost.
  • Xipe will not include libraries with restrictive licenses (GPL, AGPL) without prior notification to the client.

04 Communication and Operations Policies

Policy 4.1 Official Communication Channels
  • The official channel for binding agreements and decisions is corporate email.
  • WhatsApp may be used for lightweight operational coordination, but no WhatsApp agreement is binding without email confirmation.
  • Xipe does not commit to scope, pricing, or timelines over a call without written follow-up.
  • Any relevant verbal conversation must be confirmed by email within 24 hours.
Policy 4.2 Response Times
  • Email: response within 1 business day.
  • Messaging channels (WhatsApp, Slack): response within 4 hours during business hours.
  • Warranty bug reports: acknowledgment within 24 hours, resolution within 5 business days.
  • Outside business hours (M–F 9:00–18:00 CST) and weekends: no response obligation.
  • Xipe does not provide 24/7 support unless a specific SLA is contracted.
Policy 4.3 Meetings
  • Project meetings must be scheduled at least 24 hours in advance.
  • Every meeting starts with a clear objective; Xipe does not attend "status update" meetings without an agenda.
  • Xipe writes meeting minutes for every relevant meeting and sends them by email within 24 hours.
  • If the client does not confirm or misses the meeting without prior notice, the meeting may be charged as a consulting hour.
  • The client designates a single point of contact (Project Owner) with authority to approve decisions.
Policy 4.4 Scope Change Management
  • All scope changes must be requested in writing.
  • Xipe issues a Change Order with description, estimated cost, and timeline impact.
  • The project does not advance in the direction of the change until the client's written approval is received.
  • Urgent changes do not exempt the process; urgency may carry a 20–30% surcharge over the standard cost.
  • Xipe is under no obligation to absorb scope changes under any argument.
Policy 4.5 Access and Credentials
  • The client provides all necessary access (hosting, APIs, repositories) in a timely manner; delays in access are not deducted from Xipe's delivery timeline.
  • Xipe does not store credentials in plain text; all access is managed in secure password managers.
  • At project close, Xipe delivers an access inventory and revokes its own credentials.
  • The client is responsible for changing any credentials shared with Xipe after project close.

05 Confidentiality and Data Policies

Policy 5.1 Non-Disclosure Agreements (NDA)
  • Xipe signs NDAs when requested by the client, provided they are mutual.
  • A unilateral NDA applying only to Xipe requires evaluation and may carry additional cost.
  • Without a signed NDA, shared information is protected under this manual, but without additional legal commitments.
  • Xipe will not disclose the client's technical or commercial information to identifiable direct competitors.
Policy 5.2 End-User Data Handling
  • If the project involves processing personal data of the client's end users, a Data Processor Agreement is signed.
  • Xipe acts as data processor (not controller) of personal data.
  • The client is the Data Controller and must ensure it has obtained the required consent from its users.
  • Xipe does not extract, analyze, or monetize the client's user data under any circumstances.
  • On projects involving personal data, Xipe applies minimum security practices: encryption in transit, role-based access, and no storage of sensitive data in plain text.
Policy 5.3 Xipe's Internal Administrative and Tax Information
  • Xipe is not obligated to share its own tax, administrative, corporate, or financial information — nor that of its partners, employees, or suppliers — unless explicitly requested and approved in the contract.
  • This includes, among others: tax ID, financial statements, internal tax receipts, payroll records, contracts with third parties, corporate structure, shareholder data, subcontractor information, and any fiscal or regulatory documentation.
  • A verbal, email, or messaging request does not create an obligation to deliver; only a specific contractual clause does.
  • Xipe may decline any such request without it constituting a contractual breach or grounds for termination.
  • Also expressly excluded: tax compliance opinions, tax payment receipts (income tax, VAT, social security, or any other contribution), tax returns, and any document certifying Xipe's or its collaborators' tax status.
  • The sole exception is documentation required by direct legal mandate (e.g., a tax registration certificate for invoicing purposes), shared to the minimum strictly necessary extent.
Note: This policy protects Xipe against clients who use administrative information requests as a pressure mechanism or unsolicited due diligence tool.
Policy 5.4 Engagement Model
  • Xipe operates exclusively as a work-for-hire software development firm: it delivers software products with contractually defined scope, timelines, and deliverables. It does not operate as an outsourcing provider or staff augmentation agency.
  • In Xipe's standard model, developers work under Xipe's technical direction, not the client's. Staff augmentation compliance requirements (e.g., Mexico's REPSE registry) do not apply to standard engagements.
  • Xipe is not required to obtain, process, or maintain REPSE registration as a condition of service, except in the case described below.
  • Exception — Staff Augmentation Model: if the client explicitly requires Xipe personnel to work continuously on client premises under direct client supervision, this constitutes a different model subject to a specific contract and a minimum 25% surcharge over the base rate to cover the applicable administrative, tax, and compliance obligations.
  • Requesting REPSE compliance outside of this exception creates no obligation and Xipe's refusal does not constitute a breach.
Note: This policy applies in Mexican territory under the 2021 labor reform (DOF April 23, 2021) and the current Federal Labor Law.

06 Dispute Resolution

In the event of a disagreement between the parties, the following escalation process applies:

STAGE 1Negotiation
The parties attempt to resolve the dispute within 10 business days through written communication between their designated representatives.
STAGE 2Mediation
If no agreement is reached, the matter is referred to mediation before a neutral third party agreed upon by both parties.
STAGE 3Arbitration / Litigation
If mediation fails, the matter is brought before the competent courts of Mexico City, with waiver of any other jurisdiction.

Xipe reserves the right to suspend active services during a dispute if there is a risk of financial harm.

07 Validity and Updates

  • This manual takes effect upon internal publication and applies to all projects initiated from that date forward.
  • Xipe may update these policies at any time. Projects in progress are governed by the version in effect at the time the contract was signed.
v1.0

May 2025 — Xipe Software

Leer en español: Versión en español →
An unhandled error has occurred. Reload 🗙