Cloud Computing Services Agreement

This Cloud Computing Services Agreement (this “CCSA”) is between ClearDATA Networks, Inc. (“ClearDATA”) and the person who signs and submits an order form for ClearDATA services that incorporates this CCSA by reference (“you”).

1. DEFINED TERMS. Capitalized terms have the meanings given below in this Section, or in the Section where they are used.

Acceptable Use Policy or AUP means the ClearDATA Acceptable Use Policy published on the Effective Date at https://www.cleardata.com/legal/acceptable-use-policy-081216/ as it may be modified from time to time in accordance with this CCSA.

Agreement means, collectively, the Order(s), this CCSA, the Service Level Agreement, the Business Associate Agreement or Subcontractor Business Associate Agreement, if applicable, the Acceptable Use Policy, and any document referenced in or attached to any of them, each as they may be amended in accordance with this CCSA.

Business Associate Agreement or BAA has the meaning given in Subsection 2.3 (HIPAA BAA).

Business Associate has the meaning given in HIPAA.

Cloud Environment means the hosted configuration of servers and related technology elements provided as part of the Services for your use in operating Your Application, and processing, transmitting and storing Your Data.

Cloud Platform means ClearDATA’s proprietary platform for the deployment and management of healthcare compliant information technology infrastructure and related services.

Custom Services has the meaning given in Section 4 (Custom Services) below.

Customer Portal means the online customer portal at https://portal.cleardata.com.

Confidential Information means all information disclosed by one party to the other party, on any media, whether before or after the effective date of the Agreement that: (i) the recipient should reasonably understand to be confidential, such as (A) for you, all information transmitted to or from, or stored on, your Cloud Environment, and (B) for ClearDATA, unpublished prices and other terms of service, audit and security reports, product development plans, network configuration, vendors and other proprietary information or technology, or (ii) is marked or otherwise conspicuously designated as confidential. Information that is independently developed by one of us, without reference to the other’s Confidential Information, or that becomes available to one of us other than through violation of this Agreement or applicable law, is not “Confidential Information” of the other party. Confidential Information includes information disclosed by making tangible objects or premises available for inspection.

Covered Entity has the meaning given in HIPAA.

HIPAA means the Administrative Simplification Subtitle of the Health Insurance Portability and Accountability Act of 1996, as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, including the Privacy Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160 and 164, subparts A and E (the “Privacy Rule”), the Security Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160, 162 and 164, subpart C (the “Security Rule”), the Breach Notification Standards adopted by the U.S. Department of Health and Human Services, as they may be amended from time to time, at 45 C.F.R. part 164, subpart D (the “Breach Notification Rule”).

HITRUST means the Health Information Trust Alliance, or its successor.

HITRUST Safeguards has the meaning given in Subsection 2.1 (HITRUST Certification).

Law means statutes, regulations, executive orders, and other rules having binding legal force issued by an agency of the United States or any State, or other jurisdiction from which the Services are provided.

Order has the meaning given in Subsection 15.1 (Order Process).

Managed Services means the healthcare compliant information technology infrastructure and related services that ClearDATA provisions and manages pursuant to an Order and that you provision using the Cloud Platform.

Personal Data means information that may be used to identify an individual or with respect to which there is a reasonable basis to believe the information can be used to identify an individual. Specifically, but without limitation, Personal Data includes all of the following: (i) “electronic protected health information” as that term is defined in HIPAA, (ii) name, part of a name, initials; (iii) contact information such as phone, email, or physical address; (iv) user names and access codes for online services, (v) health insurance account numbers and access information; (v) financial account numbers and access information; (vii) device numbers, IP addresses or other means of identification to a particular computing or communication device or Internet address; (viii) identification numbers, such as social security or driver’s license numbers, (ix) unique identifiers that are intended to associate a record with an individual; (x) photographs, and (xi) biometric information.

Service Level Agreement or SLA means the Service Level Agreement identified in an Order.

Support means human provided technical assistance for Managed Services, access to the Customer Portal, and access to ClearDATA’s online support materials, such as its FAQ and White Papers.

Services means Managed Services, access to the Cloud Platform, and Support. “Services” does not include Custom Services.

Service Term or Term means the initial service term stated in the Order, and any renewals as described in Section 10 (Term and Termination).

Your Application means the software application(s) that you operate on the Cloud Environment and any related computer code or information, including any automation tools and third party components.

Your Data means data and other information, including Personal Data, that you or your authorized users transfer to or from your Cloud Environment, or process or store on your Cloud Environment, including information that you or your authorized users create by using Your Application.

2. COMPLIANT CLOUD SERVICES

2.1 Services. ClearDATA will provide the Services for the Term, on the terms, conditions and restrictions stated in the Agreement.

2.2 Your Data and Applications. Unless otherwise expressly stated in the Order, the Services do not include ClearDATA’s design, development or management of Your Application(s) or Your Data. ClearDATA will interact with Your Application(s) and Your Data only to the limited extent necessary to provide the Services, and comply with applicable Law and the applicable BAA. ClearDATA may agree to provide you with these types of services as part of a separate engagement for professional services.

2.3 HIPAA BAA.

2.3.1 Business Associate Addendum. If you are a HIPAA Covered Entity and ClearDATA is your Business Associate, then the HIPAA Business Associate Addendum published at https://www.cleardata.com/legal/business-associates-agreement/ as of the date that ClearDATA becomes your Business Associate is incorporated in this CCSA by this reference.

2.3.2 Business Associate Subcontractor Addendum. If you are a Business Associate of a Covered Entity and ClearDATA is your Business Associate Subcontractor, then the HIPAA Business Associate Subcontractor Addendum published at https://www.cleardata.com/legal/subcontractor-business-associate-agreement/ as of the date that ClearDATA becomes your Business Associate Subcontractor is incorporated in this CCSA by this reference.

You acknowledge that the applicable BAA states ClearDATA’s sole and exclusive obligations relative to the security, privacy, and breach notification requirements of HIPAA.

2.4 HITRUST Certification. ClearDATA will maintain during the Term a current certification of compliance with the HITRUST Common Security Framework. Except as otherwise stated in the applicable Order, ClearDATA will provide the Services in compliance with the controls and safeguards stated in its HITRUST certification report (the “HITRUST Safeguards”). You acknowledge that ClearDATA meets its obligation to provide administrative, physical and technical safeguards as described in the BAA by complying with the HITRUST Safeguards. You agree that ClearDATA is not responsible to you for any harm you may suffer as a result of a security breach unless the breach resulted from ClearDATA’s failure to provide the Cloud Environment in accordance with the HITRUST Safeguards or to otherwise provide the Services in accordance with the requirements stated in the Order. You acknowledge that ClearDATA’s compliance with the BAA and the HITRUST Safeguards will not, by itself, ensure your compliance with HIPAA. Except as otherwise agreed in the Order, you are responsible for compliance with those parts of HIPAA that apply to Your Application and Your Data. ClearDATA may, at its option, substitute an equivalent security framework for the HITRUST Common Security Framework, such as the AICPA Service Organization Controls or ISO 27017. Any substitute equivalent standard adopted by ClearDATA shall be applicable for purposes of this Section in lieu of HITRUST and all references to HITRUST shall be deemed amended to reference the substitute standard.

2.5 Applicable Law. ClearDATA will provide the Cloud Environment and other Services in compliance with the Laws applicable to the Services.

2.6 Privacy. ClearDATA will not use or disclose Personal Data except as expressly authorized in the Agreement or as required by applicable Law. ClearDATA will protect Personal Data that is part of Your Data using the HITRUST Safeguards, and will protect other Personal Data using commercially reasonable means. If your Order specifies a geographic region for your Cloud Environment, then your Cloud Environment will be provided from a data center in that region and ClearDATA will not move Your Application or Your Data from that region. On your request, ClearDATA will execute a data privacy agreement in the form of the Model Contract Clauses published by the European Union or like form for another jurisdiction that references the security measures described in this Agreement. ClearDATA will require its subcontractors to comply with privacy obligations in connection with your Personal Data at least as stringent as those requirements applicable to ClearDATA, either by Law or under this Agreement. ClearDATA will notify you within ten (10) business days of the date that it discovers an unauthorized use or disclosure of Personal Data (a “Data Breach”), and will cooperate with your reasonable requests to investigate and remediate a Data Breach.

3. OTHER TERMS APPLICABLE TO CLOUD SERVICES

3.1 Implementation. ClearDATA will assign personnel to consult with you and any relevant third parties on the timing, process, and other specifics of your Cloud Environment deployment. You agree to assign personnel to actively participate in the implementation planning and to promptly provide information that ClearDATA may reasonably request to successfully implement your Cloud Environment. Before beginning your implementation ClearDATA personnel will work with you to prepare an agreed implementation document detailing the implementation steps and timeline (a “Build Sheet”). You will have a chance to review the Build Sheet as part of a kick-off call with your support team. ClearDATA may require you to sign the Build Sheet to indicate your acceptance of the detailed implementation plans prior to beginning implementation. The Build Engineer will begin implementing your Cloud Environment immediately after the kick-off call. The agreed Build Sheet will serve as the basis for your acceptance of the Cloud Environment as described in Subsection 3.2 (Sign Off) below and your acknowledgement that utility based billing will begin as soon as the Build Engineer starts building your Cloud Environment. ClearDATA will use commercially reasonable efforts to deploy your Cloud Environment by the date stated in the Build Sheet, provided that information and participation from your personnel is both timely and accurate.

3.2 Sign Off. You are required to sign off on your Cloud Environment prior to production use and as a condition to the applicability of the BAA and SLA. On completion of your implementation (or any applicable milestones as stated in the Order), ClearDATA will give you the opportunity to review the final Build Sheet and your Cloud Environment as part of a hand-off call. During the hand off call, you will be asked to sign the final Build Sheet to accept your Cloud Environment. Your sign off is your representation that you have verified to your satisfaction that the Cloud Environment (or applicable milestone) meets all agreed specifications and functional requirements. To reject the Cloud Environment or milestone you must show a difference between the Build Sheet you agreed as part of the kick-off call and the Build Sheet provided on the hand-off call. Any changes or new requirements from those previously documented in the initial Build Sheet will be treated as a change request subject to the change process described in Subsection 3.3 (Your Changes to Services). ClearDATA will have 3 days from your rejection to cure the items of non-conformance stated in the Build Sheet and request your sign off. If you do not either accept or reject the Cloud Environment during the Hand Off call as described above ClearDATA may proceed as if you had signed off and the Build Sheet and treat the Cloud Environment as accepted.

3.3 Your Changes to Services. You may use the Cloud Platform to provision new servers in accordance with the existing build and security parameters established between you and ClearDATA during an implementation of your Services as described above. Otherwise, you may not unilaterally change the Services or Cloud Environment, and any Services resulting from a unilateral change will be considered a “Custom Service” provided AS IS and with the other disclaimers described in Section 4 (Custom Services) below. You may request a change to the Services or Cloud Environment by submitting a ticket to the customer portal. ClearDATA will evaluate your request and respond within the response time commitments in the SLA. No change request is a binding commitment by either you or ClearDATA unless it is agreed in a ticket. If the requested change requires a new or additional implementation of the Cloud Platform or Cloud Environment, a new Order may be requested to reflect additional fees and will be resolved consistent with the implementation sections above. If ClearDATA implements a requested change prior to completion of the change process based on an emergency circumstance, you agree to negotiate in good faith with ClearDATA to agree to written terms covering the emergency change.

3.4 Managed Services Support. ClearDATA will provide live technical assistance for Managed Services 24 x 7, year round, in accordance with the response times and other commitments described in the SLA. The Support phone, email and other contact details, and other Support terms are stated in your Order and on your Customer Portal. ClearDATA has no obligation to provide Support to any person who is not listed as an administrative or technical contact on your account. You agree not to refer your Cloud Environment users to ClearDATA for Support unless they are an administrative or technical contact on your account.

3.5 Maintenance. ClearDATA will notify you of ClearDATA maintenance as described in the SLA. ClearDATA will notify you when each maintenance begins, and again when it ends. ClearDATA will communicate maintenance information it receives from its cloud infrastructure service and other subcontractors promptly on receipt, and will use commercially reasonable efforts to cause the subcontractor maintenance to meet the requirements for ClearDATA maintenance stated in the SLA. ClearDATA will send maintenance notices via email to the technical contacts listed on your account.

3.6 ClearDATA Changes to Services. ClearDATA may make changes to the Services as reasonably necessary to conform to changes in the Law or industry standards, as they apply to health care compliant services or otherwise, to conform to or interoperate with changes made by Amazon Web Services, or to resolve an intellectual property infringement claim or threat. ClearDATA will confer with you in advance of any such changes and will cooperate with your reasonable requests in the implementation of the changes.

4. CUSTOM SERVICES

If you ask ClearDATA to implement a technology element for your use with your Cloud Environment that is not part of ClearDATA’s standard offering or that does not meet ClearDATA’s policies for BAA coverage, then ClearDATA may refuse to implement the element, or may agree to implement the element as a “Custom Service” by designating the element as “unsupported,” “one-off” “non-standard” “non-compliant,” “non-BAA,” “end of life,” “eol,” or with like term in the Order, the Build Sheet, the Cloud Platform, a change ticket, or other written agreement or correspondence. Examples of “Custom Services” are: (i) superseded operating systems (Windows XP, Windows 2003), (ii) AWS services not covered by the business associate agreement between AWS and ClearDATA, and (iii) third party network circuits. Except as expressly agreed otherwise in an Order: (i) Custom Services are provided AS IS, (ii) ClearDATA has no obligation to provide Support for Custom Services, and any Support for Custom Services that may be provided are provided AS IS; (ii) ClearDATA is not liable to you for any loss or damage arising from the provision of the Custom Services, (iv) SLAs do not apply to Custom Services or any other aspect of the Services that are adversely affected by the Custom Service, and (v) the Custom Service is not covered by the ClearDATA’s indemnification obligations or the BAA. You acknowledge that Custom Services may not interoperate successfully with standard Services elements, such as backup and monitoring.

5. SERVICES WARRANTIES

5.1 Cloud Environment. ClearDATA warrants that the Cloud Environment will be provided in accordance with the service commitments stated in the applicable SLA. The service commitments and your remedy for ClearDATA’s breach of the service commitments are subject to the terms and conditions stated in the SLA, and the credits stated in the SLA are your sole and exclusive remedy for ClearDATA’s breach of the service commitments.

5.2 Support. ClearDATA warrants that it will provide Support for Managed Services in accordance with the Support terms attached to your Order or posted on your customer portal, and otherwise in a good and professional manner. ClearDATA warrants that it will meet the response times stated in your SLA. The response time commitments and your credit remedy for ClearDATA’s breach of the response time commitments are subject to the terms and conditions stated in the SLA, and the credits stated in the SLA are your sole and exclusive remedy for ClearDATA’s breach of the response time commitments. You acknowledge that ClearDATA’s ability to provide effective Support depends on you providing clear and comprehensive information in your Support request.

5.3 Intellectual Property. ClearDATA warrants that your use of the Services as permitted by the Agreement will not infringe on the intellectual property rights of any unaffiliated third party, provided, however, that ClearDATA’s sole obligation with respect to a breach of this warranty, and your sole and exclusive remedy, is indemnification for third party claims as provided in Subsection 12.1 (ClearDATA Indemnification of You).

5.4 Additional Services. If you ask ClearDATA to provide assistance that is not part of Support, ClearDATA may accommodate your request, but you acknowledge that any such assistance in provided on an AS IS, AS AVAILABLE basis.

5.5 Warranty Disclaimer. Except for the warranties expressly stated in this Section, ClearDATA makes no representations or warranties whatsoever regarding the Services or Custom Services. ClearDATA expressly disclaims any implied warranty of merchantability, fitness for a particular purpose, and any warranty that may arise through a course of dealing. If applicable law requires a warranty notwithstanding this limitation, then the warranty is made for a period of 30 days from the date the warranty is deemed to have been made by law. Specifically, but without limitation, ClearDATA does not warrant that the Services will be uninterrupted or completely secure.

6. YOUR OBLIGATIONS

6.1 Account Security. You must comply with the security measures and responsibilities documented as part of your implementation process or otherwise included in your “run book” or other account management documentation, and must otherwise use reasonable security precautions in connection with your Services. For example, you must maintain the confidentiality of passwords and other access credentials, and you must follow ClearDATA’s procedures designed to prevent unauthorized access to your Cloud Environment. You must use reasonable care to avoid transmitting any virus, spyware, ransomware, or other malware to your Cloud Environment. You must contact ClearDATA immediately if you believe the security of your account or the Cloud Environment has been compromised.

6.2 Compliance with Law, Privacy Policy, and Acceptable Use. You must comply with HIPAA and other applicable Laws governing the collection and management of Your Data, and your transmission, storage and processing of Your Data by means of Your Application, provided, however, that you are not responsible for any violation of this Subsection that results from ClearDATA’s failure to provide the Services in accordance with the Agreement. You must comply with your published Privacy Policy and the AUP. The ClearDATA services are intended for use in a commercial or government context in connection with the provision of health care and related services. Generally you must use the services in a way that is appropriate in this context. The AUP states general restrictions, but is not an exhaustive ennumeration of restrictions. If there is a dispute between you and ClearDATA as to whether a certain use violates this AUP, ClearDATA’s reasonable interpretation will control. You represent and warrant that your use and disclosure of Your Application, Your Data, and any other information, materials or technologies that you install, store or transmit to or from you Cloud Environment (collectively, “Your Information”), and ClearDATA’s authorized use and disclosure of Your Information as part of providing the Services, does not infringe or violate the intellectual property rights or other legal rights of any third party, such as rights of publicity, privacy or under applicable data protection laws.

6.3 Access Control Lists and Account Information. You are responsible for keeping your account access control permissions, billing, and other account information up to date at all times. ClearDATA will use the information you provide on your Order to establish the initial account contacts and access permissions. You must update this information as necessary to maintain it in a fully current status at all times using either the customer portal or by sending an email to support@cleardata.com. You must have a current administrative and technical contact on record at all times, and must include his or her full name, title, email, and phone number. Your technical contact must be reasonably proficient in the use of information technologies and the operation of Your Application(s) in the Cloud Environment. You represent and warrant to ClearDATA that the information you provide for purposes of establishing and maintaining your account is true, correct and complete.

6.4 Reasonable Cooperation. You must cooperate with ClearDATA’s reasonable investigation of Service outages, security problems, and any suspected breach of this Agreement.

6.5 Encryption. You must encrypt Personal Data that you or your users store or process on your Cloud Environment, or that you or your users transmit to or from your Cloud Environment, both in transit and at rest. You may use the encryption tools provided as part of the Cloud Environment, or other tools approved by ClearDATA in advance. You agree that ClearDATA is not liable under this Agreement for a security breach that involves the loss of confidentiality, integrity or availability of Your Data to the extent the loss would not have occurred but for your failure to comply with this Subsection.

6.6 Back Ups. If data backup services are included in your Order, you must work closely with ClearDATA to ensure that the service is capturing your data properly, including conducting periodic restoration tests. You must notify ClearDATA of any changes to Your Application, Your Data, or your encryption methods or other processes that might interfere with successful backups. You acknowledge that your use of back up services from ClearDATA does not, by itself, constitute compliance with HIPAA Security Rules requirements such as those related to emergency planning, disaster recovery planning, and creation and maintenance of retrievable exact copies of electronic protected health information.

7. RESTRICTIONS

7.1 High Risk Use. You may not use the Services in any situation where failure or fault of the Services could lead to death or serious bodily injury of any person, or to physical or environmental damage. For example, you may not use, or permit any other person to use, the Services in connection with aircraft or other modes of human mass transportation, nuclear or chemical facilities, or the operation of any Class III medical devices under the Federal Food, Drug and Cosmetic Act.

7.2 Services Management Agent. You may not interfere with any services management software agent(s) that ClearDATA installs on the Cloud Environment. ClearDATA may use the agents to track system information, manage various service issues, and identify security vulnerabilities. Your Services will become “Custom Services” as described in Section 4 (Custom Services) above if you disable or interfere with ClearDATA’s services management agent(s).

7.3 Authorized Users. You may not authorize any individual to use the Cloud Environment other than your personnel and end users and the personnel and end users of your Covered Entity or Business Associate customer. The term “personnel” includes employees and individual contractors under the direct supervision and control of the person referred to.

7.4 Export. In addition to your obligation to comply with the export laws applicable to you, you may not use the Services in a way that causes ClearDATA to be in violation of the export laws of the United States or other jurisdiction from which the Services are provided. For example, you may not authorize any person to use the Services that is on the list of Specially Designated Nationals and Blocked Persons issued by the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) or who is located in or is a national of any country that is embargoed under United States export laws.

8. RESPONSIBILTY FOR USERS, UNAUTHORIZED USE

You are responsible for the use of the Services and compliance with this Agreement by your personnel, the personnel of your customers, any other person to whom you give access to the Services, and any person who gains access to the Services as a result of your failure to use reasonable security precautions or other violation of this Agreement, even if such use was not authorized by you. ClearDATA may exercise any right or remedy under this Agreement based on a violation of the Agreement by any of those persons to the same extent as if the violation were by you directly. ClearDATA is not responsible to you or any third party for unauthorized access to or use of Your Data, Your Application, or the Services unless the access or use results from ClearDATA’s violation of the Agreement.

9. FEES, PAYMENTS

9.1 Fees. You must pay when due the fees stated in the Order. You must pay additional fees resulting from services you add through the Cloud Platform, auto-scaling systems or software defined capacity control mechanisms that increase your consumption or price of services. ClearDATA may pass through to you any AWS fee increases for your Cloud Environment. ClearDATA may increase fees for the Services or Custom Services generally for any renewal term by giving you written notice of the fee increase at least 90 days prior to the beginning of the renewal term. You may not offset any credit or other amount due to you from ClearDATA against fees due under this Agreement. Unless otherwise agreed, fees are stated and must be paid in United States Dollars.

9.2 Expenses. ClearDATA may require you to pay ClearDATA’s reasonable travel expenses for services performed onsite at your location if the Order requires the services to be performed onsite, or if you ask ClearDATA in writing to provide services onsite. Travel expenses include air and ground transportation, lodging and meals. You are not required to pay any other ClearDATA expenses. ClearDATA will not incur any expenses for travel unless you have approved the travel in advance in writing.

9.3 Invoices and Payments. Set up fees, required prepayments, and other one-time fees are due on the Order effective date. Monthly recurring fees are invoiced monthly in arrears on or around the 3^rd day of each calendar month, and are due on invoice. Other fees are due on invoice. ClearDATA may require you to pay its invoice for initial one time fees as a condition to beginning the implementation or the production use of the Services. You must establish payment arrangements via credit card or ACH. ClearDATA may charge your card or account on or after the invoice date. ClearDATA may suspend all Services if the charge to your payment card or ACH is refused, and you do not pay the amount due within 4 business days of our written notice to your billing contact. You agree that if your Services are reinstated after a suspension for non-payment, ClearDATA may charge you $150 per hour for ClearDATA personnel’s time spent to reinstate the Services. ClearDATA may charge interest on overdue amounts at the lesser of 1.5% per month (or the maximum legal rate). If any amount is overdue by more than 30 days and ClearDATA brings a legal action to collect, or engages a collection agency, you must also pay the reasonable costs of collection, including reasonable actual attorneys’ fees and court costs. If your check is returned for insufficient funds, you must pay our returned check charge up to the maximum amount permitted by law. Invoices that are not disputed within 180 days of invoice date are conclusively deemed accurate. ClearDATA is not obligated to issue any credit under an SLA while any fee is overdue or in dispute.

9.4 Fee Disputes. If you reasonably and in good faith dispute any invoiced fee, and submit a reasonably detailed explanation of the dispute prior to the day the fee is overdue, ClearDATA will not exercise any rights or remedies available to it for non-payment for thirty days from your notice, provided that you cooperate with ClearDATA’s requests to resolve the fee dispute and you pay the undisputed part of the invoice before it is overdue. If the fee dispute is not resolved at the end of the thirty day period, then ClearDATA is free to pursue its rights and remedies under this Agreement or at law or equity.

9.5 Taxes. All fees are stated exclusive of sales, use, VAT, GST or similar tax (“Sales Tax”) unless expressly stated otherwise in the Order. Unless you have provided an exemption certificate or direct pay permit, you must remit to ClearDATA any applicable Sales Tax. Sales Tax is due on the payment terms applicable to the fees for the related Services. You represent and warrant that your address shown on the Order is the correct address for purposes of determining Sales Tax, and that all other information you have provided to ClearDATA for Sales Tax purposes is accurate and complete. If you are required by law to withhold from ClearDATA’ fees any amounts as a withholding or like tax, then the ClearDATA fees subject to this requirement are increased by an amount that results in ClearDATA’ payment net of the withholding being equal to the fee. For clarity, you are not required to pay any tax that is assessed on the basis of ClearDATA’s net income.

10. TERM, TERMINATION, SUSPENSION

10.1 Term. The Agreement is effective on the Order effective date. The initial services term begins on the start of implementation and continues for that number of months stated in the Order. Orders automatically renew at the end of the initial term for consecutive renewal terms of 12 months each unless either party has given a notice of non-renewal at least 90 days prior to the expiration of the initial term or the renewal term, as applicable. If an Order states that it is “coterminous” with an existing Order, then the initial term of the coterminous Order begins on the effective date of the coterminous Order and continues until the expiration of the then current initial term or renewal term, as applicable, of the Order to which it refers. Any Order that is “coterminous” renews on the same terms and for the same periods as the Order to which it refers.

10.2 Termination for Breach. Either party may terminate the Agreement for breach if the other party is in material violation of the Agreement and, if the breach is curable, has not cured the breach within 30 days of the party’s written notice describing the breach in reasonable detail. ClearDATA may terminate the Agreement for breach if you violate the AUP more than once, even if each breach is cured.

10.3 Termination Other than for Breach. ClearDATA may terminate the Agreement on 90 days advance written notice if its infrastructure services provider materially alters its services in a way that makes the ClearDATA service commercially infeasible, or if there is a patent infringement claim that makes the provision of the Services commercially infeasible, and ClearDATA is not able to resolve the claim through the use of commercially reasonable efforts. You may terminate the Agreement for convenience at any time on 30 days advance written notice, provided that you must pay the early termination fee stated below. Either party may terminate the Agreement if the other party is insolvent or files for bankruptcy or similar protection.

10.4 Suspension. ClearDATA may suspend your Services, any Custom Services, and access to your Cloud Environment, in whole or in part, during any period that you are in material breach of this Agreement or as reasonably necessary to address any material security vulnerability that it discovers or reasonably suspects. ClearDATA will give you at least two (2) business days’ advance notice of the suspension, unless emergency circumstances require suspension on less notice. ClearDATA will reinstate you access to the Services and Cloud Environment when the grounds for suspension are cured unless ClearDATA has already terminated the Agreement as described in this Section.

10.5 Early Termination Fee. If ClearDATA terminates the Agreement for your breach, or you terminate the Agreement or any Service element for convenience, you must pay an early termination fee as follows: (i) any implementation or set up fee that remains unpaid, plus (ii) monthly recurring fees for the remaining part of the then-current initial term or renewal term (with variable monthly fees to be calculated for this purpose as the average of the fees for the prior months) provided that if more than 12 months remains in the initial or renewal term, this part of the early termination fee is limited to 12 months of recurring fees. Some Service elements may permit early termination without a fee, as identified in your Order.

10.6 Survival. The following terms survive expiration or termination of the Agreement: Section 1 (Definitions) to the extent the terms defined are used in other surviving sections, Section 8 (Responsibility for Users, Unauthorized Use), Section 9 (Fees, Payments), this Section (Term and Termination), Section 11 (Confidential Information), Section 12 (Indemnification), Section 13 (Limitation of Liability), Section 14 (Notices), Section 15 (General), any other terms that are expressly stated to survive termination, and any terms that by their nature are intended to survive termination.

11. CONFIDENTIAL INFORMATION

Each party agrees not to use the other’s Confidential Information except in connection with the performance or use of the Services, as applicable, the exercise of the party’s respective legal rights under this Agreement, or as may be required by Law. Each of us agrees not to disclose the other’s Confidential Information to any third person except as follows: (i) to the party’s respective service providers, agents and representatives, provided that such service providers, agents or representatives are bound by written confidentiality measures that are at least as stringent as these terms; (ii) in response to a subpoena or other compulsory legal process, provided that each of us agrees to give the other advance written notice of at least seven days prior to disclosing Confidential Information under this subparagraph (or prompt notice in advance of disclosure, if seven days advance notice is not reasonably feasible), unless the law or a reasonable interpretation of it, forbids such notice. On expiration or earlier termination of the Agreement, each party will return or destroy the other party’s Confidential Information. ClearDATA will use the HITRUST Safeguards to protect Your Data and Your Application from unauthorized use, disclosure, corruption and deletion, and will use commercially reasonable care to protect your other Confidential Information. You will use commercially reasonable care to protect ClearDATA’s Confidential Information. Each of you and ClearDATA is responsible for a breach of this Section by its service providers, agents and representatives to whom it has disclosed the other party’s Confidential Information.

12. INDEMNIFICATION

12.1 ClearDATA Indemnification of You. ClearDATA will defend, at its expense, any claim brought by an unaffiliated third party against you, your officers, directors or personnel (“Your Indemnitees”) to the extent that the claim: (i) arises from or is based on ClearDATA’s violation of Law, the applicable BAA, Subsection 2.4 (Security), Subsection 2.6 (Privacy) or Section 11 (Confidential Information), or (ii) asserts that your use of the Services as permitted by the Agreement infringes the intellectual property rights of the third party recognized in the United States, the European Economic Area, Japan or Australia; and will pay any resulting final award of damages, costs, and expenses (including court costs and reasonable attorney fees) entered by a court or other tribunal with jurisdiction. Notwithstanding anything in this subsection to the contrary, ClearDATA’s obligations under this subsection do not extend to any claim covered by your indemnification of ClearDATA below, or any third party claim of intellectual property infringement to the extent the claim is based on your combination of the Services with technology not provided by ClearDATA, your unauthorized change to the Cloud Environment or Services, or ClearDATA’s compliance with your specific directives (the “Exclusions”).

12.2 Your Indemnification of ClearDATA. You will indemnify and hold harmless ClearDATA, its affiliates, suppliers, and licensors, and each of their officers, directors and personnel (the “ClearDATA Indemnitees”) against the following claims that may be made by an unaffiliated third party against them: (i) any claim made by your customers, end users, providers of Your Information (as defined in Subsection 6.2 above), or data subjects whose Personal Data is included in Your Data, except to the extent such claim arises from ClearDATA’s breach of its obligations to you under this Agreement, (ii) any claim brought a third party asserting that Your Application, Your Data or a Custom Service, infringes or violates the intellectual property rights or other rights of a third party; and (iii) any claim that is an Exclusion defined in 12.1 above, and (iv) any claim brought by a third party asserting conduct that is a tort, or that, if true, would be a violation of this Agreement, including your representations and warranties made in this Agreement. Your obligations under this subparagraph include claims arising out of the acts or omissions of your personnel, agents, and authorized users, any other person to whom you have given access to the Services, and any person who gains access to the Services as a result of your failure to use reasonable security precautions, even if the acts or omissions of such persons were not authorized by you.

12.3 Procedures. The indemnified party must give notice of the indemnified claim to the indemnifying party within 10 days of the date the claim is made, provided that failure to give notice within the 10 day period does not relieve the indemnifying party of its obligations under this Section except to the extent the delay prejudices the defense of the matter. ClearDATA has the right to select counsel to defend any indemnified claim under this Section, and has the right to control the defense of the claim, except that you may participate in the defense of the claim at your option and expense, with counsel of your choice. You must comply with any ClearDATA request for information or cooperation in connection with the defense of the claim. ClearDATA may settle any indemnified claim, in its discretion, provided that the settlement fully resolves your liability and does not require you or Your Indemnitees to make an admission of culpability. If you are the indemnifying party, you shall pay indemnified costs, expenses (including reasonable attorney fees), liabilities and other amounts due to ClearDATA under this Section as incurred.

13. LIMITS ON LIABILITY

13.1 SLA Credits. The credits stated in the SLA and your termination rights under Section 10 (Term and Termination) are your sole and exclusive remedy for ClearDATA’s failure to meet its service level commitments stated in the SLA.

13.2 No Consequential, Indirect Damages. Except for claims arising from a party’s breach of Section 11 (Confidential Information), or claims based on the party’s intentional breach of the other party’s intellectual property rights, neither party nor its affiliates, licensors or suppliers is liable to the other for any lost profits, lost revenue, lost business opportunity, or any indirect, special, incidental, punitive, or consequential loss or damage of any kind arising in connection with this Agreement, or any loss or damage that could have been avoided by the claiming party’s reasonable mitigation, even if the party has been advised of or should be aware of the possibility of such damages. For avoidance of doubt, damages of the type described in this subsection that are awarded by a court or other tribunal to a third party and are covered under Section 12 (Indemnification) are not excluded by this Subsection.

13.3 Maximum Liability. Notwithstanding anything to the contrary in this Agreement, excluding: (i) claims arising from a party’s gross negligence, recklessness, or intentional tort, (ii) claims arising from a party’s breach of Section 11 (Confidential Information), (iii) claims based on the party’s intentional breach of the other party’s intellectual property rights, and (v) payment obligations under Section 9 (Fees, Payments) , the maximum aggregate liability of a party and its affiliates, licensors and suppliers under or in connection with this Agreement shall not exceed the greater of One Hundred Thousand Dollars ($100,000.00) or the amount of fees paid or payable by you under the Order giving rise to the claim for the 12 months preceding the date the claim arose. For clarity, the maximum aggregate monetary limit stated in this subsection is not “per incident” but is an aggregate limitation applicable to all claims arising under or in connection with this Agreement.

13.4 Other. The parties acknowledge that ClearDATA has set its prices and entered into this Agreement on reliance on the limitations of remedies and liability stated in the Agreement, and that these limitations reflect an agreed allocation of risk between the parties. The limitations stated in this Section shall apply to any liability arising from any cause of action whatsoever, whether in contract, tort, commercial code, strict liability or otherwise, even if a limited remedy fails of its essential purpose. Nothing in this Subsection precludes a party from seeking specific enforcement, injunctive relief or other non-monetary equitable remedy that is available by law. If these limitations as written are not permitted by applicable law, they shall apply to the extent permitted by applicable law.

14. NOTICES

Unless another method of notice is expressly required by this Agreement, notices must be given by electronic mail. ClearDATA’s notice to you must be given to your primary account contact. Your notices to ClearDATA must be given to support@cleardata.com. Your notice of breach of this Agreement, request for indemnification or other legal matter must be copied to legalnotice@cleardata.com with a copy mailed via 1^st class United States mail to ClearDATA Networks, Inc., ATTN LEGAL NOTICES, 101 West 6^th Street, Suite 310, Austin, Texas 78701.

15. GENERAL

15.1 Order Process. You may offer to purchase ClearDATA services by signing and submitting a service description, statement of work, service order or other sales form prepared by ClearDATA for your signature. You offer is legally binding on ClearDATA and becomes an “Order” if ClearDATA accepts the offer, either by signing and returning the form to you, or beginning to provide the services described in the form you signed. You may not modify the form prepared by ClearDATA. If you do not wish to purchase the ClearDATA services on the terms stated in the form, you may contact ClearDATA to discuss different terms. If ClearDATA agrees to your request, it will send you a new form for your signature. No change to a ClearDATA order form is binding on ClearDATA unless it has been made by ClearDATA prior to your signature.

15.2 Non-Solicitation. Neither pay shall directly or indirectly, employ any personnel of the other party, or induce or attempt to influence any personnel, customer, or supplier of the other party to terminate employment or any other relationship with the other party. This restriction shall survive expiration or termination of the Agreement for a period of 12 months.

15.3 General Warranty. Each party represents and warrants to the other that it has the right, power, and authority to enter into the Agreement and to fully perform its obligations under the Agreement; and (ii) the making of the Agreement does not violate any agreement existing between it and any third party. You represent to ClearDATA that the information you have provided to ClearDATA to establish your account is accurate and complete. The individual signing the Order represents that he or she has the authority to bind the entity that is named in the Order to this Agreement.

15.4 Intellectual Property and Rights in Data.

15.4.1 Ownership. As between you and ClearDATA, (i) you retain ownership of Your Data, Your Application, and any other technology, information or materials that you transmit to or from, or store or process using the Services and all related intellectual property, including derivative works (your “IP”), and (ii) ClearDATA retains ownership of its Cloud Environment, Cloud Platform and any other technology, information or materials provided as part of the Services and all related intellectual property, including derivative works, and including any deliverables created for you as part of the Services or Professional Services (the ClearDATA “IP”). Except as expressly stated otherwise in this Subsection, each party licenses its IP to the other party on a limited, revocable basis solely for the purpose of providing or using the Services, as applicable, or otherwise as necessary to perform its obligations or exercise its rights under the Agreement.

15.4.2 Suggestions. If you provide any feedback, comments, or suggestions for the improvement of the Services (“Suggestions”), you hereby license the Suggestions and all related intellectual property to ClearDATA on a non-exclusive, worldwide, fully paid, perpetual, irrevocable basis for ClearDATA to use, disclose, modify, reproduce, license, distribute, commercialize and otherwise freely exploit without restriction of any kind, without right of accounting.

15.4.3 Use of De-Identified Data. You agree that on your prior written consent ClearDATA may use your Personal Data to provide data aggregation services, as permitted HIPAA Privacy Rule provided that it de-identifies the Personal Data in a manner that meets the HIPAA Privacy Rule de-identification requirements, and otherwise complies with the requirements for data aggregation services stated in the BAA.

15.4.4 Reservation of Rights. Except for the rights expressly granted in the Agreement, each party retains all right, title and interest in and to its intellectual property, and the parties agree that no rights in intellectual property are conferred by implication or estoppel. Neither party may reverse engineer, disassemble or decompile the other party’s intellectual property except to the extent necessary to use or provide the Services, or as permitted by applicable law notwithstanding this restriction. Neither party may remove any proprietary rights notices included by the other party on its licensed intellectual property.

15.5 Publicity. You agree that ClearDATA may publicly disclose that it is providing Services to you and may use your name and logo in its online, printed and other marketing and publicity materials to identify you as a ClearDATA customer, subject to your reasonable trademark usage guidelines. ClearDATA may use any quotation provided or approved by you for marketing purposes in a press release or other publicity.

15.6 Assignment, Subcontractors. Either party may assign this Agreement without the other party’s prior written consent: (a) in connection with the sale of all or substantially all of its assets: (b) to the surviving entity in any merger or consolidation; (c) to an affiliate; or (d) to satisfy a regulatory requirement imposed upon a party by a governmental body with appropriate authority, provided, however, that your assignee must have a financial standing and creditworthiness equal to or better than yours, as reasonably determined by ClearDATA, through a generally accepted, third party credit rating index (i.e. D&B, S&P, etc). Any other assignment requires the prior written consent of the other party. ClearDATA may use subcontractors to perform all or any part of the Services, but remains responsible to you under this Agreement for Services performed by its subcontractors to the same extent as if ClearDATA performed the Services itself.

15.7 Third Party Service Providers. As a convenience to you, ClearDATA may identify unaffiliated third parties who perform database management, migration, or other services useful to you. ClearDATA does not endorse any third party, and makes no representation or warranty whatsoever regarding third parties it identifies for your consideration. You are responsible for investigating the third party’s qualifications and skills.

15.8 Governing Law. This Agreement is governed by and interpreted under the laws of the State of Texas and the United States of America, as applicable, without giving effect to any conflicts of law principles that would require the application of the law of a different jurisdiction. The parties expressly and irrevocably disclaim and waive the application of the United Nations Convention on Contracts for the International Sale of Good and the Uniform Computer Information Transactions Act. The parties agree that neither the Services nor the Cloud Environment are considered “goods” covered by any State version of the Uniform Commercial Code.

15.9 Disputes.

15.9.1 Mediation. Except for a request for temporary injunctive or other equitable relief, each party agrees that it shall not file a lawsuit or other legal action in connection with this Agreement unless it has first given the other party written notice of the dispute, and attempted to resolve the dispute through good faith negotiation. At the request of either party, the dispute will be submitted for non-binding mediation conducted by a mutually acceptable mediator in Travis County, Texas. The mediator will be chosen by mutual agreement of the parties within twenty-one (21) days after written notice by either party demanding mediation. Neither party shall unreasonably withhold or delay consent to the selection of a mediator. The parties will share equally the costs of the mediation, exclusive of any fees paid by a party to its internal or external legal advisors, accountants and experts in connection with the dispute. The use of any mediation procedures will not be construed under the doctrines of laches, waiver or estoppel to affect adversely the rights of either party. If the dispute is not resolved through negotiation or mediation within forty-five (45) days of the date of the initial demand for mediation the parties are free to file a lawsuit or other action.

15.9.2 Jurisdiction, Venue. Each party agrees that it shall bring any lawsuit or other legal action related to this Agreement in the State or Federal courts sitting in Travis County, Texas. Neither party shall dispute the personal jurisdiction of such courts, and each party waives any objection it may have as to the venue of such court.

15.9.3 Waiver of Jury Trial. To the extent permitted by applicable law, each party waives the right to a trial by jury in respect of any litigation arising out of this Agreement and the parties’ activities in connection with this Agreement.

15.9.4 Time Bar. A party may not bring an action in relation to this Agreement more than two (2) years after the date that the cause of action accrued.

15.9.5 Prevailing Party Entitled to Fees and Costs. The prevailing party in any action to enforce this Agreement, including an action for equitable relief, may recover its costs and expenses of the action from the other party, including reasonable attorney fees.

15.9.6 Expenses Arising from Legal Disputes, Subpoenas Regarding Your Account. In addition to your indemnification obligations above, you must also pay or reimburse ClearDATA’s reasonable actual attorneys’ fees and other expenses incurred in connection with any dispute between persons having a conflicting claim to control of your account, or to comply with any third party subpoena, warrant or other mandated disclosure that is unrelated to any claim between you and ClearDATA.

15.10 Force Majeure. Except for your payment obligations, neither party is in violation of the Agreement if the failure to perform is due to an event beyond that party’s reasonable control, such as a significant failure of the power grid or Internet, denial of service attacks, natural disaster, war, riot, insurrection, epidemic, strikes or other organized labor action, terrorism, or other acts or events for which precautions are not generally taken in the industry.

15.11 Interpretations of Certain Words. The term “person” refers to any legal person, and may mean a natural person (individual), a legally created person (such as an entity, trustee, or executor), or an entity (such as a corporation, partnership, or limited liability company). The word “including” means “including, without limitation.” The words “will” and “shall” are words of obligation, not expressions of intent or expectation. All references to monetary amounts mean United States Dollars unless otherwise indicated. The term “parties,” either in lower- or upper-case form, refers to the signatories to this Agreement. Unless otherwise defined, the words “business day,” “business hours,” or the like mean Monday – Friday, 9:00 a.m. – 5:00 p.m., United States Central Time, excluding federal public holidays in the United States. A reference to “day” means a calendar day, unless expressly designated as a “business” day. The term “personnel” refers to employees of the person referred to and individual contractors of the person referred to if the individuals are under the direct supervision of the person referred to. The word “affiliate” refers to an individual or entity that controls, is controlled by, or is under common control with the person referred to, where control means ownership of the majority of voting interests of an entity or the right to control the policies of the entity by means of a controlling number of seats on the entity’s governing body. Any requirement in this Agreement that a statement be written, in writing, or a like requirement is satisfied by an email or other digital form of writing unless expressly stated otherwise. Nouns stated in the singular may imply the plural as indicated by the context, and pronouns that are gender specific should be read to refer to either gender. The Section captions in this Agreement are for convenience only; they are not part of this Agreement and may not be used to interpret the terms of this Agreement. References to sections in any of the documents that comprise the Agreement are references to the sections of the document in which the references appear unless otherwise indicated.

15.12 Relationship Between the Parties. The parties are independent contractors, and neither party is the agent of the other or has the right to bind the other on any contract with a third party. The use of the words “partner” or “partnership” in this Agreement or otherwise refers only to a business relationship, and does not create or reflect any legal partnership, joint venture, or other fiduciary or other special relationship between the persons described as partners. Nothing in this Agreement creates an obligation of exclusivity or non-competition. Each party is free to purchase and sell services of the type described in the Agreement to any person, including competitors of the other party.

15.13 Modifications.

15.13.1 Changes to Online Terms. ClearDATA may modify its Web-published CCSA, AUP, the SLA, and any other online document that is part of the Agreement. Modifications are effective as to any Order that is signed after the date the modified version is published, and are effective as to existing Orders as of the first renewal term that begins at least thirty (30) days after the modification is published. If you execute a new Order that modifies an existing Cloud Environment, then the version of the CCSA, AUP, and SLA published on the date of that new Order controls as to all Orders for that Cloud Environment and related Services.

15.13.2 Changes to Customer Specific Documents. A customer specific document that is part of the Agreement may be modified only by an amendment that specifically references that document and that is signed by the parties. Customer specific documents are documents that state transactions terms for your particular Cloud Environment or other terms that supplement or deviate from ClearDATA’s Web-published legal terms, such as Order(s), a Customer-specific Business Associate Agreement, or other legal terms applicable only to those customers or end –user identified in the document.

15.14 Order of Precedence. If there is a conflict between the documents that comprise the “Agreement,” the documents control in the following order of precedence: this CCSA, the AUP, the SLA, the Order, and any other document that is part of the Agreement, except that, any Business Associate Agreement that is incorporated into the Agreement by means of the Order shall apply in lieu of the BAA referenced in this CCSA.

15.15 Third Party Beneficiaries. Unless and to the extent specifically stated otherwise in some other section of this Agreement, there are no third-party beneficiaries to this Agreement. Neither party’s customers, end users, suppliers, or other person shall have the right to enforce this Agreement.

15.16 Severability. In the event one or more of the terms of this Agreement are adjudicated invalid, illegal, or unenforceable, the adjudicating body may either interpret this Agreement as if such terms had not been included, or may reform such terms to the limited extent necessary to make them valid, legal or enforceable, consistent with the economic and legal incentives underlying the Agreement.

15.17 Waiver. No right or remedy arising in connection with this Agreement shall be waived by a course of dealing between the parties, or a party’s delay in exercising the right or remedy. A party may waive a right or remedy only by signing a written document that expressly identifies the right or remedy waived. Unless expressly stated in the waiver, a waiver of any right or remedy on one occasion will not be deemed a waiver of that right or remedy on any other occasion, or a waiver of any other right or remedy.

15.18 Counterparts, Signatures. This Agreement may be signed in multiple counterparts, which taken together shall be read as one Agreement. A signed agreement transmitted by facsimile, email attachment, or other electronic means shall be considered an original. The parties agree that electronic or digital signatures shall be given the same effect as a manual signature.

This CCSA is the complete and exclusive agreement between the parties regarding its subject matter and supersedes and replaces in its entirety any prior or contemporaneous agreement or understanding, written or oral. The parties represent to each other than they have not entered into the Agreement in reliance on any statement other than those included in the Agreement.

CCSA Revision Date 01 31 17