Cloud ComputingServices Agreement

This Cloud Computing Services Agreement (this “CCSA”) is between ClearDATA Networks, Inc., a Delaware corporation (“ClearDATA”) and the company that signs an Order that incorporates this CCSA by reference (“you”) and is effective as of the date of your signature on the Order.


Capitalized terms have the meanings given in this Section, or in the Section where they are used.

Acceptable Use Policy or AUP means the ClearDATA Acceptable Use Policy published on the Effective Date at

Administrative Contact means an individual who has authority to make changes to your Cloud Platform implementation and approve adoption of new features as further described in Subsection 6.3 (Access Control Lists and Account Information).

Agreement means, collectively, the Order(s), this CCSA, the RACI, the Service Level Agreement, the Business Associate Agreement or Subcontractor Business Associate Agreement as applicable, the Acceptable Use Policy, and any document referenced in or attached to any of them.

Build Sheet is a document detailing implementation steps and a timeline for your cloud environment implementation. Build Sheets are not available for ClearDATA Comply or Locate.

Business Associate Agreement or BAA is the Business Associate Agreement or Subcontractor Business Associate Agreement, as applicable referenced in Subsection 2.3 (HIPAA BAA).

Business Associate has the meaning given in HIPAA.

Cloud Platform means ClearDATA’s proprietary platform for the deployment and management of healthcare compliant information technology infrastructure and related services.

Comply means Comply without any Healthcare Managed Services. Comply does not mean Comply Gold or Comply Platinum, which do include Healthcare Managed Services as described in their Service Descriptions.

Covered Service means a Public Cloud Provider Service that is eligible to process, transmit or store PHI/PII. Covered Services are listed at: No Public Cloud Provider Service is considered a Covered Service with respect to ClearDATA Comply.

Customer Portal means the web portal for interaction with ClearDATA Managed Services, Support and other administrative functions at Customer Portal is not available for ClearDATA Comply or Locate.

Confidential Information means information disclosed by one party to the other party, on any media, whether before or after the Effective Date that: (i) the recipient should reasonably understand to be confidential, such as (A) for you, all information transmitted to or from, or stored on, your cloud environment, and (B) for ClearDATA, unpublished prices and other terms of service, audit and security reports, product features, functionality and development plans, network configuration, vendors and other proprietary information or technology, or (ii) is marked or otherwise conspicuously designated as confidential by the disclosing party. Information that is independently developed by a party without reference to the other party’s Confidential Information, or that becomes available to a party, other than through violation of this Agreement or applicable law, is not “Confidential Information” of the other party. Confidential Information includes information disclosed by making tangible objects or premises available for inspection.

Covered Entity has the meaning given in HIPAA.

HIPAA means the Administrative Simplification Subtitle of the Health Insurance Portability and Accountability Act of 1996, as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, including the Privacy Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160 and 164, subparts A and E (the “Privacy Rule”), the Security Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. parts 160, 162 and 164, subpart C (the “Security Rule”), the Breach Notification Standards adopted by the U.S. Department of Health and Human Services , as they may be amended from time to time, 45 C.F.R. part 164, subpart D.

HITRUST means the Health Information Trust Alliance, or its successor.

Intellectual Property Rights means, on a worldwide basis, any and all tangible and intangible: (i) copyrights; (ii) trademarks, service marks, logos, trade dress, trade names, and the goodwill associated therewith; (iii) rights relating to know-how or trade secrets; (iv) patents; (v) rights in domain names, universal resource locator addresses, telephone numbers (including toll free numbers), and similar identifiers; (vi) all other intellectual and industrial property rights of every kind and nature, however designated, whether arising by operation of law, contract, license or otherwise; and (vii) all registrations, initial applications (including intent to use applications), renewals, extensions, continuations, divisions, or reissues of any of the foregoing now or hereafter in force (including any rights in any of the foregoing).

Healthcare Managed Services means ClearDATA’s provisioning and management of your access to and use of the Cloud Platform and your Public Cloud Provider’s platform as described in the Service Descriptions.

Order is any “Order” or “Service Order” that incorporates this CCSA by reference.

Protected Health Information or PHI has the meaning given in HIPAA.

Personal Data or PII means information about an identified or identifiable natural person, including information that may be used to identify an individual or with respect to which there is a reasonable basis to believe the information can be used to identify an individual. Specifically, but without limitation, Personal Data includes all of the following: (i) “electronic protected health information” as that term is defined in HIPAA, (ii) name, part of a name, initials, (iii) contact information such as phone, email, or physical address, (iv) user names and access codes for online services, (v) health insurance account numbers and access information, (v) financial account numbers and access information, (vii) device numbers, IP addresses or other means of identification to a particular computing or communication device or Internet address, (viii) identification numbers such as social security or driver’s license numbers, (ix) unique identifiers that are intended to associate a record with an individual, (x) photographs, and (xi) biometric information.

Public Cloud Provider means the provider of the cloud infrastructure and related services that are identified in your Order, such as Amazon Web Services, Inc. for AWS®, Google, Inc. for GCP®, and Microsoft Corporation for Azure®.

Public Cloud Provider Service means software or service functionality delivered by a Public Cloud Provider over the internet.

Responsibility Matrix or RACI means the applicable RACI chart(s) at that states which party is “responsible,” “accountable,” “consulted,” and “informed” as to each activity or decision for the Services.

Security Safeguards means the security controls and safeguards in the relevant RACI, BAA and ClearDATA’s compliance with its HITRUST Certification.

Service Descriptions means the materials describing the features, functions and approved configurations of the Healthcare Managed Services, Support and Software that ClearDATA makes generally available to its customers as described at

Service Level Agreement or SLA is defined in Subsection 15.7.

Services means Healthcare Managed Services and Support.

Service Term or Term is defined in Section 10 (Term, Termination, Suspension).

Software means ClearDATA software products listed as described in a Service Description and delivered to you via the Cloud Platform. Future features and functionality may be licensed separately.

Software Support means technical product assistance (such as bug-fixes) for Software as described at: but does not include Healthcare Managed Services.

Supported Services are Public Cloud Provider Services that are available for your use on the Cloud Platform and listed as a Supported Service in the Service Descriptions. Not all Supported Services are eligible to host, transmit or process PHI and PII. Only Covered Services are eligible to host, transmit or process PHI and PII.

Third Party Technology means a technology product or service that you purchase or license directly from a third party or through ClearDATA for use with your cloud environment that is not covered by the Service Description or RACI.

Unsupported Service means: (i) a Public Cloud Provider Service that is not listed as a Supported Service; any item designated in an Order or other agreement as “unsupported,” “one-off” “non-standard” “non-compliant,” “end of life,” “eol,” “custom service”; and (iii) a Public Cloud Provider Service used by you to store, transmit or process unencrypted PHI or PII as detailed in Section

Your Application means the software application(s) that you operate on a cloud environment and any related computer code or information, including any automation tools and third-party components.

Your Data means data and other information, including PHI and Personal Data, that you or your authorized users transfer to or from your cloud environment, or process or store on your cloud environment, including information that you or your authorized users create by using Your Application.


2.1 Limited License and Provision of Services. During the Term, subject to the terms and conditions of this Agreement including any Order or Service Order, ClearDATA: (a) grants you a non-exclusive right to access the Cloud Platform and to use the Software as indicated in this Section 2.1 and subject to the limitations contained in other portions of the CCSA; and (b) agrees to provide you the Services. Except as expressly provided in this Section 2.1, all Intellectual Property Rights worldwide therein or related thereto, is the exclusive property of ClearDATA, and/or its or their licensors/suppliers. All rights not expressly granted to you in this Agreement are reserved by ClearDATA, and Customer will have no other or different rights (implied, by estoppel, or otherwise) or privileges with respect to any Intellectual Property. Nothing in this Agreement does or will be deemed to grant, by implication, estoppel, or otherwise, a license under any of ClearDATA’s existing or future patents or other Intellectual Property Rights. Only Supported Services may be used on the Cloud Platform. Only Covered Services may be used to transmit, process, or store PHI or PII on the Cloud Platform.

2.2 Your Data and Applications. The Services do not include ClearDATA’s design, development or management of Your Application(s) or Your Data, transactions processing, or maintenance of a “designated record set,” as defined in HIPAA. ClearDATA will interact with Your Application(s) and Your Data only to the limited extent necessary to provide the Services and comply with the Agreement.


2.3.1 Business Associate Agreement. If you are a HIPAA Covered Entity and ClearDATA is your Business Associate, then the HIPAA Business Associate Agreement published at as of the date that ClearDATA becomes your Business Associate is incorporated in this CCSA by this reference.

2.3.2 Business Associate Subcontractor Agreement. If you are a Business Associate of a Covered Entity and ClearDATA is your Business Associate Subcontractor, then the HIPAA Business Associate Subcontractor Agreement published at as of the date that ClearDATA becomes your Business Associate Subcontractor is incorporated in this CCSA by this reference.

Only Covered Services may be used to process PHI.

Section 2.3 does not apply to ClearDATA Comply, which is not covered by a Business Associate Agreement.

2.4 HITRUST, HIPAA and Security.

2.4.1 HITRUST. ClearDATA will maintain a certification of compliance with the HITRUST Common Security Framework (“HITRUST Certification”). ClearDATA may, at its option, substitute an equivalent security framework, such as the AICPA Service Organization Controls or ISO 27017, upon ninety (90) days advance written notice. As your sole remedy, you may terminate the Agreement for convenience if you object to the new framework by providing written notice any time prior to the effective date of the new framework.

2.4.2 HIPAA Compliance. ClearDATA will provide the Services in compliance with HIPAA as specified in the applicable parts of its HITRUST Certification, the RACI and the BAA.

2.4.3 Security. ClearDATA is responsible for a security breach to the extent it results from its failure to act in accordance with the Security Safeguards.

Section 2.4 does not apply to ClearDATA Comply. The detailed compliance and security features of ClearDATA Comply are in its Service Description.

2.5 GxP. Before using Services as part of a quality-regulated system, such as a process regulated by the United States Food, Drug and Cosmetic Act, you must sign an Addendum to cover that use. ClearDATA will provide the Addendum on request.


3.1 Implementation. For ClearDATA Comply, ClearDATA will assign personnel to consult with you on the timing, process and design of your cloud environment implementation. You agree to assign personnel to actively participate in this planning and to promptly provide information that ClearDATA reasonably requires to successfully deploy your cloud environment implementation in a timely fashion. Before beginning your implementation ClearDATA personnel will prepare a Build Sheet. You will sign the Build Sheet to indicate your acceptance of it prior to the start of the deployment of your cloud environment. Utility based billing starts as soon as the Public Cloud Provider starts charging for use. From this point forward, any changes to the Build Sheet will be treated as a change request subject to the change process in Subsection 3.3 (Your Changes to Services).

3.2 Acceptance. For ClearDATA Comply, You are required to accept your cloud environment implementation (or applicable milestone) during a hand-off call when you will be asked to sign the final Build Sheet prior to production use and applicability of the SLA. This acceptance confirms the cloud environment meets all agreed upon specifications and functional requirements. You may only reject the cloud environment by specifying a difference between the cloud environment described in the Build Sheet you accepted in the kick-off call and the cloud environment documented in the Build Sheet provided during the hand-off call. ClearDATA will have 3 days from your rejection to cure any items of non-conformance. If you do not either accept or reject the cloud environment during the hand-off call ClearDATA may proceed as if you had signed off on the Build Sheet and treat the cloud environment as accepted.

3.3 Your Changes to Services. For ClearDATA Comply, your Administrative Contact may use the Cloud Platform to modify the cloud environment in accordance with the Build Sheet and to provision new Services as expressly permitted by the Service Description. You may request a change to the Services or cloud environment by submitting a ticket through the Customer Portal. ClearDATA will evaluate your request and respond per the SLA. No change request is a binding commitment by either you or ClearDATA unless it is agreed upon in a ticket. If the requested change requires a significant reconfiguration of your cloud environment, ClearDATA may request a new Order that includes additional fees and will manage the configuration change consistent with the implementation process described in Section 3.1 (Implementation”) and Section 3.2 (Sign Off). If, based on an emergency circumstance, ClearDATA implements a requested change prior to completion of the change process, you agree that you will negotiate in good faith with ClearDATA to agree to written terms covering the emergency change. Except as provided in this Section 3.3, you may not unilaterally change the Services or cloud environment. Any Services not provisioned in accordance with this Section 3.3 are considered an “Unsupported Service” provided AS IS and treated in accordance with Section 4 (Unsupported Services).

3.4 Healthcare Managed Services and Software Support. ClearDATA will provide technical assistance for Healthcare Managed Services and Software Support in accordance with the response times and other commitments described in the Service Descriptions and applicable RACI. ClearDATA has no obligation to provide Healthcare Managed Services or Software Support to any person not listed as an administrative or technical contact on your account. Healthcare Managed Services are not available for ClearDATA Comply or Locate.

3.5 Maintenance.

3.5.1 ClearDATA Maintenance. ClearDATA will perform scheduled maintenance during the maintenance window as defined by your Order. If ClearDATA is required to perform emergency maintenance outside of the maintenance window to address an unforeseen issue, ClearDATA will use reasonable efforts to notify you at least one (1) business day in advance of the maintenance. ClearDATA will notify you if it cancels or reschedules maintenance described in a prior notice. ClearDATA will notify you when each maintenance begins and when it ends. Maintenance notices will be sent to the technical contacts listed on your account electronically.

3.5.2 Public Cloud Provider. ClearDATA will promptly communicate information it receives from Public Cloud Providers regarding scheduled and unscheduled maintenance.

3.5.3. Customer Availability. You agree to promptly allow ClearDATA to perform scheduled and emergency maintenance including patching.

3.6 Changes to Software and Services. Over time, ClearDATA will employ different technologies and methods to satisfy our obligations. This may require ClearDATA to modify how we deliver the Software and Services. Our changes will be based on reasonable commercial factors including those necessary to meet legal, regulatory or industry-standard requirements. ClearDATA will not modify the technology utilized in, or features or functionality of our systems in a manner that would significantly adversely affect your use of the Services. If you provide us notice of any objection to a change within a thirty day notice period, we will discuss your objections and negotiate in good faith with you toward a prompt resolution.


Unsupported Services are provided AS IS. ClearDATA is not liable for any loss or damage from the use of Unsupported Services. ClearDATA Comply and Unsupported Services are not covered by ClearDATA’s indemnification obligations (provided however ClearDATA Comply is covered by indemnification for intellectual property claims), the Security Safeguards, or a BAA. ClearDATA Comply and Unsupported Services may not be used to store, transmit or process PHI or PII and may not interoperate successfully with other Service elements, such as backup and monitoring. ClearDATA has no obligation to provide Healthcare Managed Services or Software Support for Unsupported Services, and if any are they are provided AS IS. SLAs do not apply to ClearDATA Comply, Unsupported Services or any other aspect of the Services that are adversely affected by an Unsupported Service.


5.1 Cloud Platform. For ClearDATA Comply, ClearDATA will make the Cloud Platform available in accordance with the applicable SLA.

5.2. Services. Services shall be provided in material conformity with their Service Description.

5.3 Software Support. ClearDATA will provide Software Support in a good and professional manner.

5.4 Intellectual Property. ClearDATA warrants that Your use of the Services as permitted by the Agreement will not infringe the intellectual property rights of any unaffiliated third party, provided, however, that ClearDATA’s sole obligation with respect to a breach of this warranty, is indemnification for third party claims as provided in Subsection 12.1 (ClearDATA Indemnification of You).

5.5 Additional Services. If ClearDATA provides assistance that is not part of Software Support or Healthcare Managed Services, it is provided on an AS IS, AS AVAILABLE basis.

5.6 Warranty Disclaimer. Except for the warranties expressly stated in this Section, ClearDATA, its suppliers, licensors and subcontractors make no representations or warranties whatsoever and expressly disclaim any implied warranty of merchantability, fitness for a particular purpose, and any warranty that would have otherwise arisen through a course of dealing. If applicable law requires a warranty notwithstanding this limitation, then the warranty is made for a period of 30 days from the date the warranty is deemed to have been made. Specifically, but without limitation, CLEARDATA DOES NOT WARRANT THE SERVICES OR SOFTWARE OPERATION WILL BE UNINTERRUPTED, MEET THE REQUIREMENTS OF YOU, YOUR CUSTOMERS OR ANY OTHER PARTY, BE ERROR FREE, OR PROVIDE PERFECT PROTECTION FROM ALL VULNERABILITIES OR SECURITY ATTACKS, INTRUSIONS, OR SECURITY INCIDENTS.


6.1 Account Security. You must comply with the security measures and responsibilities documented in the RACI applicable to your Order, the Build Sheet, the Service Description you rely on to self-provision Services under Section 3.3 (Your Changes to Services), and any other agreed account management Service Description. You must otherwise use security precautions that satisfy HIPAA in connection with Services. For example, you must maintain the confidentiality of passwords and other access credentials, and you must follow ClearDATA’s procedures designed to prevent unauthorized access to your cloud environment. You must use reasonable care to avoid transmitting virus, spyware, ransomware, or other malware to your cloud environment. You must immediately contact ClearDATA if you discover the security of Your account, cloud environment, or Cloud Platform has been compromised.

6.2 Compliance with Law, Privacy Policy, and Acceptable Use. You must comply with HIPAA and other laws governing the collection and management of Your Data, and your transmission, storage and processing of Your Data by means of Your Application. You are not responsible for any violation of this Subsection that results from ClearDATA’s failure to provide Services in accordance with the Agreement. You must comply with your published Privacy Policy and the AUP. The ClearDATA services are only intended for use in a commercial or government context in connection with the provision of health care and related services. You represent and warrant that your use of Your Application, third-party Personal Data, and any other information, materials or technologies that you install, store, process, or transmit to or from your environment, and ClearDATA’s authorized use and disclosure of any of them as part of providing the Services, does not violate the rights of any third party, including but not limited to the rights of publicity or privacy of individuals whose Personal Data is part of Your Data (the “data subjects”) under data protection laws applicable to the Personal Data or data subjects. Specifically, but without limitation, you represent and warrant that, where required by the laws applicable to the Personal Data or the data subjects, you have obtained consent from the data subjects for ClearDATA’s use and disclosure of the Personal Data as required to provide Services under this Agreement.

6.3 Access Control Lists and Account Information. You are responsible for keeping your account access control permissions, billing, and other account information up to date at all times. ClearDATA will use the information you provide on your Order to establish the initial account contacts and access permissions necessary for it to provide the Services and Software Support. You must maintain it in a fully current status at all times using the Customer Portal or its successor. You must have current administrative and technical contacts on record at all times, and must include for each role the full name, title, email, and phone number. Your Administrative Contact has authority to make changes to your cloud environment including but not limited to adoption of new free or chargeable features and terms and conditions, via the Customer Portal or its successor, the Cloud Platform or other administrative console. Your personnel must be reasonably proficient in the use of information technologies and the operation of Your Application(s) in the cloud environment. You may change your contacts at any time via the Customer Portal or its successor. You represent and warrant to ClearDATA that the information you provide for purposes of establishing and maintaining your account is true, correct and complete.

6.4 Reasonable Cooperation. You must cooperate with ClearDATA’s investigation or remediation of Services outages, suspected security problems, or breaches of this Agreement as well as maintenance activities including patching.

6.5 Encryption.

6.5.1 In Transit. The Services include features that encrypt Your Data in transit to and from the cloud environment.

6.5.2 At Rest, In Motion. Unless ClearDATA has signed a written exception as described in Section, Your PHI Data, as defined in HIPAA, to the extent permitted under the Agreement, must be encrypted at all times while at rest and in motion within your cloud environment. At Rest. ClearDATA will encrypt data at rest unless otherwise provided in the relevant RACI or if the relevant Public Cloud Provider Service is not a Covered Service (HIPAA BAA). In Motion. Responsibility for encryption of data in motion is defined in the RACI in the Service Description, where applicable. Exceptions. You and ClearDATA may agree to a limited exception to the encryption requirements in this Section only in a written document signed by ClearDATA’s Chief Privacy and Security Officer or designee. ClearDATA is not required to agree to an exception request, and may impose conditions on any agreed upon exception. Even when approved, Services used to process unencrypted PHI are “Unsupported Services,” subject to the disclaimers stated in Section 4 (Unsupported Services). Remedies. If you fail to cure a violation of this section within a reasonable time following notice, ClearDATA may take steps to protect your Data, including encryption, deleting it from the production environment, or suspending normal access to the cloud environment.

Section 6.5 does not apply to ClearDATA Comply.

6.6 Backups. If data backup services are included in your Order, you must ensure that the Service is capturing and storing your Data properly, by among other things conducting periodic restoration tests. You must give prior notification to ClearDATA of any changes to Your Application, Your Data, or your encryption methods or other processes that might interfere with successful backups. You acknowledge that your use of back up services from ClearDATA does not, by itself, constitute compliance with the relevant portions of HIPAA.


7.1 Medical Devices/High Risk Use. You may not use the Services in any situation where use or failure or fault of the Services could directly lead to death or serious bodily injury of any person, or to physical or environmental damage. For example, you may not use, or permit any other person to use, the Services as a component of or to operate any medical device or in connection with any aircraft or other mode of human transportation, or nuclear or chemical facilities.

7.2 Services Management Agent. You may not interfere with any services management software agent(s) that ClearDATA installs on the cloud environment. ClearDATA may use the agents to track system information, manage various service issues, and identify security vulnerabilities. Your Services will be considered “Unsupported Services” as described in Section 4 (Unsupported Services) as soon as you disable or interfere with ClearDATA’s services management agent(s).

7.3 Authorized Users. Only your personnel and the personnel of your contractors who are contractually limited to using the Services in support of your business operations may use or access the Services.

7.4 Export. In addition to your obligation to comply with the export laws applicable to you, you may not use the Services in a way that causes ClearDATA to be in violation of the export laws of the United States or other jurisdiction from which the Services are provided. For example, you may not authorize any person to use the Services that is on the list of Specially Designated Nationals and Blocked Persons issued by the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) or who is located in or is a national of any country that is embargoed under United States export laws, or use or permit the use of the Services to process or store any data that is subject to the International Traffic in Arms Regulations maintained by the U.S. Department of State.


You are responsible for the use of the Services and compliance with this Agreement by any person to whom you give access to the Services, any person who gains access to the Services as a result of your failure to use reasonable security precautions, or through a violation of this Agreement, even if such use was not authorized by you.


9.1 Fees. You must pay the fees as stated in the Order. You must pay additional fees resulting from services you add through the Cloud Platform, auto-scaling systems or software defined capacity control mechanisms that increase your consumption or price of services. ClearDATA may pass through to you any fee increases from the Public Cloud Provider. ClearDATA may increase fees after the Initial Term on 90 days notice. You may not offset any credit or other amount due to you from ClearDATA against fees due under this Agreement. Fees are non-refundable and must be paid in United States Dollars. You agree to provide ClearDATA access to detailed cost and usage data from your Public Cloud Provider as it requires to calculate your fees.

9.2 Expenses. ClearDATA may require you to pay ClearDATA’s reasonable travel expenses for services performed onsite at your location if the Order requires the services to be performed onsite, or if you ask ClearDATA in writing to provide services onsite. Travel expenses include air and ground transportation, lodging and meals. ClearDATA will not incur any travel expenses unless you have approved them in advance in writing.

9.3 Invoices and Payments. Set up fees, required prepayments, and other one-time fees are due on the effective date of an Order. Recurring fees are invoiced monthly in arrears and are due upon receipt. Other fees are due upon receipt. ClearDATA may require you to pay its invoice for initial one-time fees prior to implementation or production use of the Services. ClearDATA may suspend all Services if your payment is refused and you do not pay the amount due within 4 business days of our written notice to your billing contact. You agree that if your Services are reinstated after a suspension for non-payment, ClearDATA may charge you $250 per hour for ClearDATA personnel’s time spent to reinstate the Services. ClearDATA may charge interest on overdue amounts at the lesser of 1.5% per month or the maximum legal rate. If any amount is overdue by more than 30 days and ClearDATA brings a legal action to collect, or engages a collection agency, you must also pay the reasonable costs of collection, including reasonable attorneys’ fees and court costs. Invoices not disputed within 90 days of invoice date are conclusively deemed accurate. ClearDATA is not obligated to issue any credit under an SLA while any fee is overdue or in dispute.

9.4 Fee Disputes. If you reasonably and in good faith dispute any invoiced fee, and submit a reasonably detailed explanation of the dispute prior to the day the fee is overdue, ClearDATA will not exercise any rights or remedies available to it for non-payment for thirty days from your notice, provided that you cooperate with ClearDATA to resolve the fee dispute and pay the undisputed part of the invoice before it is overdue.

9.5 Taxes. All fees are stated exclusive of sales, use, VAT, GST or similar tax (“Sales Tax”) unless expressly stated otherwise in the Order. Unless you have provided an exemption certificate or direct pay permit, you must remit to ClearDATA any applicable Sales Tax. You represent and warrant that your address shown on the Order is the correct address for purposes of determining Sales Tax, and that all other information you have provided to ClearDATA for Sales Tax purposes is accurate and complete. If you are required by law to withhold from ClearDATA’ fees any amounts as a withholding or like tax, then the ClearDATA fees subject to this requirement are increased by an amount that results in ClearDATA’ payment net of the withholding being equal to the fee. You are not required to pay any tax that is assessed on the basis of ClearDATA’s net income.


10.1 Term. The Agreement is effective on the date the last party signs an Order referencing this Agreement. The initial term for each Order begins on the start of implementation and continues for three (3) years. The Agreement will automatically renew at the end of the initial term and each subsequent term for an additional twelve (12) months. If ClearDATA terminates the Agreement or an Order for your breach, or you terminate the Agreement or an Order for convenience, you must pay an early termination fee as follows (for the Agreement or Order(s) as applicable): (i) any implementation or set up fee that remains unpaid, plus (ii) the monthly recurring fees for the remaining part of the initial term or then-current renewal term (with monthly recurring fees to be determined by the higher of: (a) the initial estimated monthly recurring fees; and (b) the average of the fees for the prior months).

10.2 Termination for Material Breach. Either party may terminate the Agreement if the other party is in violation of a material term of the Agreement and, if the breach is curable, has not cured the breach within 30 days of the other party’s written notice describing the breach in reasonable detail. ClearDATA may terminate the Agreement for breach if you violate the AUP more than once, even if each breach is cured. Failure to pay amounts due for more than (60) sixty days is a material breach.

10.3 Termination Other than for Breach. ClearDATA may terminate the Agreement on ninety (90) days advance written notice if its Public Cloud Provider materially alters its services in a way that makes the ClearDATA service commercially infeasible, or if there is a patent infringement claim that makes the provision of the Services commercially infeasible, and ClearDATA is not able to resolve the claim through the use of commercially reasonable efforts. Either party may terminate the Agreement if the other party is insolvent or files for bankruptcy or similar protection. Neither party has any liability with respect to a termination under this Subsection.

10.4 Reserved Services. A “reserved” Service is a Service component that is designated in the Order or other written agreement as “reserved,” “committed,” or with like terminology. You must pay the fees for the entire term of a reserved service even if you do not use it and they are not terminable for the committed period.

10.5 Suspension. ClearDATA may suspend access to your cloud environment, in whole or in part, during any period that you are in material breach of this Agreement or as reasonably necessary to address a serious potential security vulnerability that it discovers or reasonably suspects. ClearDATA will give you at least two (2) business days’ advance notice of the suspension, unless circumstances require suspension on less notice. ClearDATA will reinstate your access to the Services and cloud environment when the grounds for suspension are cured unless ClearDATA has already terminated the Agreement as described in this Section 10.

10.6 Survival. The following terms survive expiration or termination of the Agreement: Section 1 (Definitions) to the extent the terms defined are used in other surviving sections, Section 8 (Responsibility for Users, Unauthorized Use), Section 9 (Fees, Payments), this Section (Term, Termination, Suspension), Section 11 (Confidential Information), Section 12 (Indemnification), Section 13 (Limits on Liability), Section 14 (Notices), Section 15 (General), other terms that are expressly stated to survive termination, and terms that by their nature should reasonably be expected to survive termination.


Neither party may use the other party’s Confidential Information except in connection with the performance or use of the Services, as applicable, the exercise of the party’s legal rights under this Agreement, or as may be otherwise permitted under this Agreement or required by law. Each party agrees not to disclose the other party’s Confidential Information to any third person except as follows: (i) to the party’s respective service providers, agents and representatives, provided that such service providers, agents or representatives are bound by written confidentiality measures that are provide similar protection as these terms; (ii) in response to a subpoena or other compulsory legal process, provided that each of us agrees to give the other reasonable advance written notice under the circumstances prior to disclosure, unless the law or a reasonable interpretation of it, forbids such notice; or (iii) as required by law, such as a requirement under a data privacy regulation that a notice of data breach be given to a supervisory authority or regulatory agency. On expiration or earlier termination of the Agreement, each party will return or destroy the other party’s Confidential Information. ClearDATA’s obligations to safeguard Your Data and Your Application are stated in Section 2.4 (Security Safeguards) not than this Section. For Confidential Information other than Your Data and Your Application, ClearDATA will use commercially reasonable care to prevent its unauthorized use, disclosure, corruption and deletion. You will use commercially reasonable care to protect ClearDATA’s Confidential Information. Both parties are responsible for a breach of this Section by its service providers, agents and representatives to whom it has disclosed the other party’s Confidential Information. The parties obligations under this section are intended to be separate and distinct from their other obligations under this Agreement with respect to privacy, compliance and security.


12.1 ClearDATA Indemnification of You. ClearDATA will defend, indemnify and hold harmless you, your affiliates, officers, directors and personnel (“Your Indemnitees”) from final judgments and related attorney fees and other litigation related expenses as incurred (“Losses”) that result from claims by a party not affiliated with you or Your Indemnitees, to the extent these claims: (i) arise from ClearDATA’s material breach of the BAA, Subsection 2.4 (Security Safeguards), or Section 11 (Confidential Information) (this provision 12.1(i) does not apply to ClearDATA Comply), or (ii) assert that your use of the Services as permitted by the Agreement infringes their intellectual property rights in the United States or the European Economic Area. Notwithstanding anything in this subsection to the contrary, ClearDATA’s obligations under this subsection do not extend to a claim that is covered by your indemnification of ClearDATA, that is based on your failure to satisfy your obligations under this Agreement or your violation of Section 7 (“Restrictions”), your combination of the Services with technology not provided by ClearDATA, your unauthorized change to the cloud environment or Services, or ClearDATA’s compliance with your specific directives (the “Exclusions”).

12.2 Your Indemnification of ClearDATA. You will defend, indemnify and hold harmless ClearDATA, its affiliates, suppliers, and licensors, and each of their officers, directors and personnel (the “ClearDATA Indemnitees”) against Losses arising from claims by a party not affiliated with ClearDATA or the ClearDATA Indemnities: (i) by your customers, end users, providers of Your Application, or data subjects whose Personal Data is included in Your Data, except where such claim arises from ClearDATA’s material breach of the BAA, Subsection 2.4 (Security), or Section 11 (Confidential Information), (ii) asserting Your Application, Your Data or a Unsupported Service, infringes or violates the intellectual property rights or other rights of a third party in the United States or the European Economic Area, (iii) that is an Exclusion defined in 12.1, or (iv) asserts conduct that is a violation of this Agreement, including your representations and warranties. Your obligations under this subparagraph include claims arising out of the acts or omissions of your personnel, agents, and authorized users, any other person to whom you have given access to the Services, and any person who gains access to the Services as a result of your failure to use reasonable security precautions, even if the acts or omissions of such persons were not authorized.

12.3 Procedures. The indemnified party must give notice of the indemnified claim to the indemnifying party within ten (10) days of the date the claim, or threat of a claim, is made in writing, provided that failure to give notice within the ten (10) day period does not relieve the indemnifying party of its obligations under this Section except to the extent the delay prejudices the defense of the matter. ClearDATA has the right to select counsel to defend any indemnified claim under this Section, and has the right to control the defense of the claim, except that you may participate in the defense of the claim at your option and expense, with counsel of your choice. You must comply with any ClearDATA request for information or cooperation regarding the defense of the claim. ClearDATA may settle any indemnified claim, in its discretion, provided that the settlement fully resolves your liability and does not require you or Your Indemnitees to make an admission of culpability.


13.1 SLA Credits. Credits as stated in the SLA and your termination rights under Section 10 (Term and Termination), are your only remedy for ClearDATA’s failure to meet its service level commitments in the SLA.



13.4 Other. You acknowledge ClearDATA has set its prices and entered into this Agreement in reliance on the limitations of liability stated in this Section 13, and that these limitations reflect an agreed allocation of risk between the parties. These limitations apply from any cause of action whatsoever, whether in contract, tort, commercial code, strict liability or otherwise, even if a limited remedy fails of its essential purpose. Nothing in this Subsection precludes a party from seeking any available specific enforcement, injunctive relief or other non-monetary equitable remedy. If these limitations as written are not permitted by applicable law, they shall apply to the extent permitted.


Unless another method of notice is expressly required by this Agreement, notices must be given by electronic mail. ClearDATA’s notice to you must be given to your primary account contact. Your notices to ClearDATA must be given to Your notice of breach of this Agreement, request for indemnification or other legal matters must be copied to with a copy mailed via 1st class United States mail to ClearDATA Networks, Inc., ATTN LEGAL NOTICES, 835 West 6th Street, Floor 12, Austin, TX 78703.


15.1 Order Process. You may offer to purchase ClearDATA services by signing and submitting a, statement of work, service order or other documents provided to you by ClearDATA for your signature. Your offer is legally binding on ClearDATA and becomes effective if ClearDATA accepts the offer, either by signing and returning the form to you, or beginning to provide the services described in the form you signed. No change to a ClearDATA order form binds ClearDATA unless it has been made by ClearDATA prior to your signature and then signed by ClearDATA.

15.2 Non-Solicitation. Neither party shall directly or indirectly solicit any personnel of the other party with whom it has interacted in connection with the Agreement to terminate their employment with the other party, provided however, that this Section does not restrict a party from employing an individual who responds to a general employment advertisement or notice. This restriction shall survive expiration or termination of the Agreement for a period of twelve (12) months.

15.3 General Warranty. Each party represents and warrants to the other that: (i) it has the right, power, and authority to enter into the Agreement and to fully perform its obligations under the Agreement; and (ii) the making of the Agreement does not violate any agreement existing between it and any third party. You represent to ClearDATA that the information you have provided to ClearDATA to establish your account is accurate and complete. The individual signing the Order represents that he or she has the authority to bind the entity that is named in the Order to this Agreement.

15.4 Intellectual Property and Rights in Data.

15.4.1 Ownership. As between you and ClearDATA, (i) you retain ownership of Your Data, Your Application, and any other technology, information or materials that you transmit to or from, or store or process using the Services and all related intellectual property, including derivative works (“your IP”), and (ii) ClearDATA retains ownership of its cloud environment, Cloud Platform and any other technology, information know how, methods, techniques or materials provided as part of the Services and all related intellectual property, including derivative works, including any deliverables created for you as part of the Services or professional services (“ClearDATA IP”). Except as expressly stated otherwise in this Subsection, each party licenses its IP to the other party on a limited, basis solely as necessary for providing or using the Services, as applicable, or otherwise as necessary to perform its obligations or exercise its rights under the Agreement.

15.4.2 Suggestions. If you provide any feedback, comments, or suggestions for the improvement of the Services (“Suggestions”) you hereby license the Suggestions and all related intellectual property to ClearDATA on a non-exclusive, worldwide, fully paid, perpetual, irrevocable basis for ClearDATA to use, disclose, modify, reproduce, license, distribute (through multiple tiers), commercialize and otherwise freely exploit without restriction of any kind, without obligation to account for or share revenue or profits.

15.4.3 Use of De-Identified Data. ClearDATA may use your Personal Data to provide data aggregation services, in a manner that meets the HIPAA Privacy Rule de-identification requirements, and otherwise complies with the requirements for data aggregation services stated in HIPAA and the BAA.

15.4.4 Reservation of Rights. Except for the rights expressly granted in the Agreement, each party retains all right, title and interest in and to its intellectual property, and the parties agree that no rights in intellectual property are conferred by implication or estoppel. Neither party may reverse engineer, disassemble or decompile the other party’s intellectual property except to the extent necessary to use or provide the Services, or as permitted by applicable law notwithstanding this restriction. Neither party may remove any proprietary rights notices included by the other party on its licensed intellectual property.

15.5 Publicity. You agree ClearDATA may publicly disclose that it is providing Services to you and may use your name and logo in its online, printed and other marketing and publicity materials to identify you as a ClearDATA customer, subject to your reasonable trademark usage guidelines. ClearDATA may use any quotation provided or approved by you for marketing purposes in a press release or other publicity.

15.6 Assignment, Subcontractors. Either party may assign this Agreement without the other party’s prior written consent: (a) in connection with the sale of all or substantially all of its assets; (b) to the surviving entity in any merger or consolidation; (c) to an affiliate; or (d) to satisfy a regulatory requirement imposed upon a party by a governmental body with appropriate authority, provided, however, that as a predicate for an assignment by you, in each case your assignee must have a financial standing and creditworthiness equal to or better than yours, as reasonably determined by ClearDATA, through a generally accepted, third party credit rating index (i.e. D&B, S&P, etc). Any other assignment requires the prior written consent of the other party. ClearDATA may use subcontractors to perform all or any part of the Services, but remains responsible to you under this Agreement for Services performed by its subcontractors to the same extent as if ClearDATA performed the Services itself. Certain ClearDATA subcontractors require ClearDATA to include the following clauses: (i) none of ClearDATA’s subcontractors make any representations or warranties to you under this Agreement, and none of them has any liability directly to you in connection with the Services or any direct indirect, incidental or consequential damages arising from your use of the Services; (ii) you acknowledge that ClearDATA is not an agent for Amazon Web Services, Inc., Google, Inc., Microsoft Corporation, or its other subcontractors, and that ClearDATA and its subcontractors are independent contractors and not partners or joint venturers.

15.7 Public Cloud Provider Terms.

15.7.1 AWS. If the Public Cloud Provider for your cloud environment is AWS, you agree that ClearDATA may disclose to AWS the name and contact information associated with your AWS account ID, and that AWS may further disclose your name and geographic location to third parties who provide technology for your use as part of the AWS Services. If you authorize ClearDATA to access your accounts you have established under your agreement with AWS, then the AWS terms at is hereby incorporated into the Agreement.

15.7.2 Google. If the Public Cloud Provider for your cloud environment is Google, you agree that ClearDATA may disclose to Google your name and geographic location and other general information about your environment and company that Google may reasonably require under the terms of its agreement with ClearDATA. You also agree the Google Service Specific Terms at is hereby incorporated into the Agreement.

15.7.3 Microsoft. If the Public Cloud Provider for your cloud environment is Microsoft (Azure or otherwise), you agree that ClearDATA may disclose to Microsoft information about you and your use of the Microsoft services that Microsoft may reasonably require under the terms of its agreement with ClearDATA. If and to the extent ClearDATA resells Microsoft online services to you under this Agreement, then your use of the Microsoft online services is governed exclusively by the Microsoft Cloud Agreement, English version, a separate agreement between you and Microsoft Corporation, a current version of which is available at and you agree to cooperate with any process required by Microsoft that is designed to ensure that you have agreed to these terms.

Section 15.7 does not apply to ClearDATA Comply or Locate.

15.8 Third Party Technology and Services. Third Party Technologies are not part of the Services. Unless otherwise expressly agreed in an Order, ClearDATA has no obligation to support or maintain any Third Party Technology, and makes no warranty, covenant or representation whatsoever regarding any Third Party Technology including whether they are HIPAA compliant, or regarding the interoperability between the Third Party Technology and the Services. ClearDATA may, but is not obligated to, assist you in the use of a Third Party Technology, but any such assistance is provided AS IS. Your use of the third party’s services is governed by your separate agreement with the third party. ClearDATA may disclose to the third party information about you and your use of their services in accordance with the agreement between you and the third party to the same extent as if the third party collected information directly from you.

15.9 Disputes.

15.9.1 Mediation. Except for a request for temporary injunctive or other equitable relief, each party agrees that it shall not file a lawsuit or other legal action in connection with this Agreement unless it has first given the other party written notice of the dispute, and attempted to resolve the dispute through good faith negotiation. At the request of either party, the dispute will be submitted for non-binding mediation conducted by a mutually acceptable mediator in Travis County, Texas consent to not be unreasonably withheld, costs to be split evenly. If the dispute is not resolved through negotiation or mediation within forty-five (45) days of the date of the initial demand for mediation, the parties may file suit.

15.9.2 Jurisdiction, Venue, Law. Any lawsuit or other legal action related to this Agreement shall only be brought in state or federal courts having jurisdiction over Austin, Texas. Neither party shall dispute the jurisdiction, convenience, or venue of such courts. This Agreement is governed by and interpreted under the laws of the State of Texas, without giving effect to conflicts of law principles. The parties expressly waive the application of the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act. Neither the Services nor the Software are “goods” covered by any version of the Uniform Commercial Code.

15.9.3 Waiver of Jury Trial. To the extent permitted by applicable law, each party waives the right to a trial by jury in respect of any dispute arising out of this Agreement.

15.9.4 Prevailing Party Entitled to Fees and Costs. The prevailing party in any action to enforce this Agreement, including an action for equitable relief, may recover its costs and expenses of the action from the other party, including reasonable attorney fees.

15.9.5 Expenses Arising from Legal Disputes, Subpoenas Regarding Your Account. In addition to your indemnification obligations, you must also pay or reimburse ClearDATA’s reasonable actual attorneys’ fees and other expenses incurred in connection with any dispute between persons having a conflicting claim to control of your account, or to comply with any third-party subpoena, warrant or other mandated disclosure that is unrelated to any claim between you and ClearDATA.

15.10 Force Majeure. Except for your payment obligations, neither party is in violation of the Agreement if the failure to perform is due to an event beyond that party’s reasonable control, such as a significant failure of the power grid or Internet, denial of service attacks, natural disaster, war, riot, insurrection, epidemic, strikes or other organized labor action, terrorism, or other acts or events for which precautions are not generally taken in the industry.

15.11 Interpretations of Certain Words. The term “person” refers to any legal person, and may mean a natural person (individual), a legally created person (such as an entity, trustee, or executor), or an entity (such as a corporation, partnership, or limited liability company). The term “law” refers to statutes, regulations, executive orders, and other legally binding rules issued by a government agency having jurisdiction. The word “including” means “including, without limitation.” The words “will” and “shall” are words of obligation, not expressions of intent or expectation. All references to monetary amounts mean United States Dollars unless otherwise indicated. The term “parties,” either in lower- or upper-case form, refers to the signatories to this Agreement. Unless otherwise defined, the words “business day,” “business hours,” or the like mean Monday – Friday, 9:00 a.m. – 5:00 p.m., United States Central Time, excluding federal public holidays in the United States. A reference to “day” means a calendar day, unless expressly designated as a “business” day. The term “personnel” refers to employees of the person referred to and contractors of the person referred to if they are under the direct supervision of the person referred to. The word “affiliate” refers to an individual or entity that controls, is controlled by, or is under common control with the person referred to, where control means ownership of the majority of voting interests of an entity or the right to control the policies of the entity by means of a controlling number of seats on the entity’s governing body. All technology provided under this Agreement is licensed and not sold; any use of the term “sale” or like word means a sale of a license. Any requirement in this Agreement that a statement be written, in writing, or a like requirement is satisfied by an email or other digital form of writing unless expressly stated otherwise. Nouns stated in the singular may imply the plural as indicated by the context, and pronouns that are gender specific should be read to refer to either gender. The Section captions in this Agreement are for convenience only; they are not part of this Agreement and may not be used to interpret the terms of this Agreement. References to sections in any of the documents that comprise the Agreement are references to the sections of the document in which the references appear unless otherwise indicated.

15.12 Relationship Between the Parties. The parties are independent contractors, and neither party is the agent of the other or has the right to bind the other on any contract with a third party. The use of the words “partner” or “partnership” in this Agreement or otherwise refers only to a business relationship, and does not create or reflect any legal partnership, joint venture, or other fiduciary or other special relationship between the persons described as partners. Nothing in this Agreement creates an obligation of exclusivity or non-competition. Each party is free to purchase and sell services of the type described in the Agreement to any person, including competitors of the other party.

15.13 Modifications.

15.13.1 Changes to Online Terms. From time to time ClearDATA may modify the Web-published portions of the Agreement. Modifications are effective as to any Order that is signed after the date the modified version is published, and are effective as to existing Orders as of the first renewal term that begins at least thirty (30) days after the modification is published. If you execute a new Order that modifies an existing cloud environment, then the version of the Agreement or any portion thereof that is published on the date of that new Order controls as to all Orders for Services for that cloud environment.

15.13.2 Changes to Customer Specific Documents. A document that is part of the Agreement, executed by the parties and includes terms that deviate from ClearDATA’s web-published terms may be modified only by an amendment that is signed by the parties.

15.14 Order of Precedence. If there is a conflict between the documents that comprise the “Agreement,” the documents control in the following decreasing order of precedence: the Order, this CCSA, the AUP, the SLA, and any other document that is part of the Agreement, except that, any Business Associate Agreement that is incorporated into the Agreement by means of the Order shall apply in lieu of any BAA referenced in this CCSA.

15.15 Federal Agency Users. The Services were developed solely at private expense and are commercial computer software and related Service Description within the meaning the Federal Acquisition Regulations and applicable agency supplements.

15.16 Third Party Beneficiaries. Unless and to the extent specifically stated otherwise in some other section of this Agreement, there are no third-party beneficiaries to this Agreement. Neither party’s customers, end users, suppliers, or other person shall have the right to enforce this Agreement.

15.17 Severability. In the event one or more of the terms of this Agreement are adjudicated invalid, illegal, or unenforceable, the adjudicating body may either interpret this Agreement as if such terms had not been included, or may reform such terms to the limited extent necessary to make them valid, legal or enforceable, consistent with the economic and legal incentives underlying the Agreement.

15.18 Waiver. Except as otherwise provided herein, no right or remedy arising regarding this Agreement shall be waived by a course of dealing between the parties, or a party’s delay in exercising the right or remedy. A party may waive a right or remedy only by signing a written document that expressly identifies the right or remedy waived. Unless expressly stated in the waiver, a waiver of any right or remedy on one occasion will not be deemed a waiver of that right or remedy on any other occasion, or a waiver of any other right or remedy.

15.19 Counterparts, Signatures. This Agreement may be signed in multiple counterparts, which taken together shall be read as one Agreement. A signed agreement transmitted by facsimile, email attachment, or other electronic means shall be considered an original. The parties agree that electronic or digital signatures shall be given the same effect as a manual signature.

The Agreement is the complete and exclusive agreement between the parties regarding its subject matter and supersedes and replaces in their entirety any prior or contemporaneous agreement or understanding, written or oral. The parties represent to each other that they have not entered into the Agreement in reliance on any statement other than those included in the Agreement.

©ClearDATA Networks, Inc. 2019

CCSA Revision Date October 1, 2019