Cloud Computing Services Agreement

This Cloud Computing Services Agreement (this “Agreement” or “CCSA”) is entered into between ClearDATA Networks, Inc., a Delaware corporation (“ClearDATA”) and the company and the company that signs an Order that incorporates this CCSA by reference (“you”) and is effective as of the date of your signature on the Order (“Effective Date”).

For good and valuable consideration, the receipt of which is hereby acknowledged, the Parties agree as follows:

  1. DEFINED TERMS. Capitalized terms have the meanings given in this section, or in the section where they are used.

Acceptable Use Policy or AUP means the ClearDATA Acceptable Use Policy published at https://www.cleardata.com/legal/acceptable-use-policy-032118.

Agent(s) means services management software installed on the Public Cloud Provider environment.

Agreement means this CCSA, the SOW(s) and any document referenced in or attached to any of them.

Authorized Users means Customer employees and contractors authorized by Customer to use the Services or Software in support of Customer’s business operations as further described in Section 6.4 (Access Control Lists and Account Information).

Build Sheet is a specification of the implementation of Customer’s Public Cloud Provider Services.

Business Associate Agreement or BAA is the Business Associate Agreement or Subcontractor Business Associate Agreement, as referenced in Subsection 4.1 (HIPAA BAA) or Subsection 4.2 (HIPAA Subcontractor BAA).

Business Associate has the meaning given in HIPAA.

ClearDATA Data means all data developed by ClearDATA in the course of providing Services pursuant to this Agreement, including but not limited to Usage Data and De-identified Data (as that term is defined by HIPAA). ClearDATA Data excludes any Customer Data.

Confidential Information means information disclosed by one Party to the other Party, orally or on any media, whether before or after the Effective Date that: (i) the recipient should reasonably understand to be confidential, such as (A) for Customer, all information transmitted to or from, or stored on, the Public Cloud Provider Services, and (B) for ClearDATA, this Agreement, prices and other terms of service, audit and security reports, product features, functionality and development plans, network configuration, vendors and other proprietary information or technology, or (ii) is marked or otherwise conspicuously designated as confidential by the disclosing Party. Confidential Information includes information disclosed by making tangible objects or premises available for inspection. Confidential Information does not include information that:  (i) is or becomes publicly known through no fault of recipient or persons to whom recipient has rightfully disclosed the Confidential Information, (ii)  is or becomes rightfully known by recipient without confidential or proprietary restriction from a source other than discloser who, to recipient’s knowledge, does not owe a duty of confidentiality to discloser with respect to such information; (iii) is or was developed by recipient without the use of or reference to the Confidential Information of discloser.

Covered Entity has the meaning given in HIPAA.

Customer Application means the software application(s) that Customer operates through Public Cloud Provider Services and any related computer code, information, automation tools and third-party components.

Customer Data means any Personal Data to which Customer provides access through the use of Services.

De-Identified Data has the meaning ascribed to it in the HIPAA Privacy Rule.

Feedback means any suggestion or idea for modifying or improving any of ClearDATA products including the Software and Services.

Hardened Image means a snapshot of a virtual machine (“VM”) hardened to reduce system vulnerabilities to help protect against denial of service, unauthorized data access and other cyber threats.

HIPAA means the Health Insurance Portability and Accountability Act of 1996, as amended by Subtitle D of the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, including the Privacy Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. Part 160 and Part 164, Subparts A and E (the “Privacy Rule”), the Security Standards adopted by the U.S. Department of Health and Human Services as they may be amended from time to time, 45 C.F.R. Part 160 and Part 164, Subpart A and C (the “Security Rule”), the Breach Notification Standards adopted by the U.S. Department of Health and Human Services, as they may be amended from time to time, 45 C.F.R. Part 164, subpart D.

HIPAA Compliant Service means a Public Cloud Provider Service that is listed as a HIPAA Compliant Service in the Service Descriptions.

HIPAA Eligible Service means a Public Cloud Provider Service that the Public Cloud Provider has deemed eligible to host, transmit, or process PHI but ClearDATA has not listed as a HIPAA Compliant Service. If Customer hosts, transmits, or processes PHI with a HIPAA Eligible Service that is not listed as a HIPAA Compliant Service in the Service Descriptions, Customer is responsible for ensuring HIPAA compliance.

HITRUST means the Health Information Trust Alliance, or its successor.

Intellectual Property means, on a worldwide basis, any and all tangible and intangible: (i) copyrights; (ii) trademarks, service marks, logos, trade dress, trade names, and the goodwill associated therewith; (iii) rights relating to know-how or trade secrets; (iv) patents; (v) rights in domain names, universal resource locator addresses, telephone numbers (including toll free numbers), and similar identifiers; (vi) all other intellectual and industrial property rights of every kind and nature, however designated, whether arising by operation of law, contract, license or otherwise; and (vii) all registrations, initial applications (including intent to use applications), renewals, extensions, continuations, divisions, or reissues of any of the foregoing now or hereafter in force (including any rights in any of the foregoing).

Managed Services means ClearDATA’s provisioning and management of Customer’s access to and use of the Software and Customer’s Public Cloud Provider Services as described in the Service Descriptions.

Onboarding includes the initial deployment of the ClearDATA environment and configuration and provisioning of Public Cloud Provider Services.  Scope and requirements will be reviewed during Onboarding.

Personal Data means information about an identified or identifiable natural person, including information that may be used to identify an individual or with respect to which there is a reasonable basis to believe the information can be used to identify an individual.  Specifically, but without limitation, Personal Data includes all of the following: (i) “electronic protected health information” and PHI as defined in HIPAA, (ii) name, (iii) contact information such as phone, email, or physical address, (iv) user names and access codes for online services, (v) health insurance account numbers and access information, (v) financial account numbers and access information, (vii) device numbers, IP addresses or other means of identification to a particular computing or communication device or Internet address, (viii) identification numbers such as social security or driver’s license numbers, (ix) unique identifiers that are intended to associate a record with an individual, (x) photographs, and (xi) biometric information.

Professional Services means configuration, installation and other services designated as professional services in a SOW.

Public Cloud Provider means the provider of Public Cloud Provider Services and related services as identified in a SOW, such as Amazon Web Services, Inc. for AWS®, Google, Inc. for GCP®, and Microsoft Corporation for Azure®.

Public Cloud Provider Service means cloud infrastructure and related software or service functionality delivered by a Public Cloud Provider.

Responsibility Matrix or RACI means the applicable RACI chart(s) or assignments of responsibility as described in the Service Descriptions that state which Party or other entity is “responsible,” “accountable,” “consulted,” and “informed” as to activities or decisions for the Services.

Security Controls mean the safeguard(s) or countermeasure(s) required by HIPAA to protect the confidentiality, integrity, and availability of Personal Data.

Service Descriptions means the descriptions of the Services and of the features, functions and approved configurations of the Services at https://www.cleardata.com/services-descriptions/.

Service Level Agreement or SLA means an agreement that describes the response times and other commitments with respect to the performance of the Managed Services and Software Support.

Services means Managed Services, Professional Services and Software Support provided by ClearDATA, as defined in their Service Descriptions.

Service Term or Term is defined in Section 9 (Term, Termination, Suspension).

Software means the ClearDATA software products listed in a SOW and as described in a Service Description.

Software Support means technical product assistance for Software as described at https://www.cleardata.com/services-descriptions/.

Statement of Work or SOW means a statement of work that references this CCSA.

Supported Services are Public Cloud Provider Services that are available for Customer’s use and listed as a Supported Service in the Service Descriptions. A Supported Service is eligible to host, transmit or process PHI and PII only if specifically described as such or is listed as a HIPAA Compliant Service.

Third Party Technology means a technology product or service that Customer purchases or licenses directly from a third party or through ClearDATA for use with your Workload that is not covered by the Service Description or RACI.

Unsupported Service means: (i) Third Party Technology or a Public Cloud Provider Service that is not listed as a Supported Service; (ii) any item designated in a SOW or other agreement as “unsupported,” “one-off” “non-standard” “non-compliant,” “end of life,” “eol,” “custom service”; and (iii) a Public Cloud Provider Service used by Customer to store, transmit or process unencrypted PHI or PII.

Usage Data means statistical data and other information collected by ClearDATA with respect to Customer’s use of the Services, Software in aggregated or as De-identified Data.

Workload means a collection and configuration of customer resources, Public Cloud Provider Services, Services, and other code and information that is required for enabling execution of an application or technology process.

  1. OWNERSHIP, LICENSES AND INTELLECTUAL PROPERTY

2.1 Ownership.  As between Customer and ClearDATA, Customer retains ownership of any Customer Data, Customer Confidential Information, and any Intellectual Property that Customer transfers to ClearDATA or to which ClearDATA has access in providing the Services.  As between Customer and ClearDATA, ClearDATA retains ownership of ClearDATA Confidential Information, ClearDATA Data, the Software and ClearDATA Intellectual Property.

2.2  Limited License.

2.2.1 ClearDATA License to Customer.  During the Term, ClearDATA grants Customer, subject to the terms and conditions of this Agreement, including but not limited to payment of the proper fees and compliance with the other obligations and limitations of the CCSA, a limited, non-exclusive, non-transferable, non-sublicensable license to use the ClearDATA Confidential Information and Software (“ClearDATA IP”) solely for purposes of using ClearDATA Services. Customer may not, and may not authorize or allow any third-party, to: (i) gain unauthorized access to any portion of ClearDATA IP; (ii) copy, modify, change or otherwise prepare derivative works of any part of ClearDATA IP; (iii) transmit malicious code through them; (iv) reverse engineer, disassemble, or decompile or otherwise attempt to reconstruct, identify or discover any source code, underlying ideas, user interface techniques, or algorithms used by any part of ClearDATA IP; (v) use ClearDATA IP for fraudulent or illegal activities; (vi) input, upload, transmit or otherwise provide to or through ClearDATA IP, any information or materials that are unlawful or injurious to ClearDATA or the rights of any third parties; or (vii) use ClearDATA IP for any purpose not expressly permitted by this Agreement. All rights not expressly granted to Customer are reserved by ClearDATA, and Customer has no other or different rights or privileges (implied, by estoppel, or otherwise).

2.2.2 Customer License to ClearDATA. Customer grants ClearDATA a worldwide, non-exclusive, perpetual, royalty-free, fully paid-up license to use Usage Data for business and marketing purposes, including improving the operation of the Services (including development, maintenance, support, and training services), developing products and services, creating benchmarks, performing research, conducting statistical analysis, and distributing aggregated statistics.  Neither Party may remove any proprietary rights notices included by the other Party on its Intellectual Property.

2.3 Feedback. ClearDATA owns and Customer hereby assigns to ClearDATA all Intellectual Property rights in any Feedback (as defined below) Customer communicates to ClearDATA during the Term, without additional consideration, without any obligation to report on such use, and without any other restriction.

  1. CLEARDATA SERVICES

3.1 HIPAA Compliance.   ClearDATA will provide the Software and Services in compliance with HIPAA as specified in the applicable parts of its HITRUST Certification and the BAA.

3.2  Security.  ClearDATA is responsible for a security breach to the extent it results from its failure to act in accordance with the Security Controls.

3.3 Customer Data and Applications.  Software and Services do not include ClearDATA’s design, development or management of Customer Application(s) or Customer Data, HIPAA standard transactions processing, or maintenance of a “designated record set” (as defined in HIPAA). ClearDATA will interact with Customer Application(s) Customer Data only to the extent necessary to provide the Services.

3.4 Changes to Software and Services.  ClearDATA may, from time to time make changes, updates, or improvements to the Software and Services so long as any such changes do not materially reduce the core functionality set forth in the Service Description or any SOW. ClearDATA will use reasonable efforts to notify Customer prior to implementing any material changes. Customer agrees to utilize the most recent version of the Services and Software.

3.5 Unsupported Services are provided AS IS.  ClearDATA is not liable for Customer’s use of Unsupported Services. Customer will not use Unsupported Services to store, transmit or process PHI or PII. ClearDATA has no obligation to provide Managed Services or Software Support for Unsupported Services. SLAs do not apply to Unsupported Services or any other aspect of Services adversely affected by an Unsupported Service.

3.6 Third Party Technology and Services.  Third Party Technologies that the Customer provides are not part of the Services.  Unless otherwise expressly agreed in a SOW, ClearDATA has no obligation to support or maintain any Third Party Technology, and makes no warranty, covenant or representation whatsoever regarding any Third Party Technology including whether they are HIPAA compliant, or their interoperability with the Services. ClearDATA may, but is not obligated to, assist Customer in the use of a Third-Party Technology, but any such assistance is provided AS IS. Customer’s use of the third party’s services is governed by Customer’s separate agreement with the third party. ClearDATA may disclose to the third-party information about Customer and Customers’ use of their services in accordance with the agreement between Customer and the third party to the same extent as if the third party collected information directly from Customer.

3.7 Quality-Regulated Systems.  Customer may not use the Software and Services as part of a quality-regulated system, such as a process regulated by the United States Food, Drug and Cosmetic Act, until Customer signs an Addendum for such use.

3.8 GDPR.  Customer may not use the Software and Services for data that is subject to the European Union’s General Data Protection Regulation (“GDPR”) until Customer signs an Addendum for that use.

  1. HIPAA BUSINESS ASSOCIATE AGREEMENT AND HITRUST CERTIFICATION

4.1 Business Associate Agreement.  If ClearDATA is Customer’s Business Associate, then the HIPAA Business Associate Agreement published at http://www.cleardata.com/legal/business-associate-agreement/ shall be effective and fully incorporated herein as of the Effective Date of this CCSA.

4.2 Business Associate Subcontractor Agreement.  If ClearDATA is Customer’s  Business Associate Subcontractor, then the HIPAA Business Associate Subcontractor Agreement published at http://www.cleardata.com/legal/subcontractor-business-associate-agreement/ shall be effective and fully incorporated herein as of the Effective Date of this CCSA.

4.3 HITRUST CERTIFICATION. ClearDATA will maintain a certification of compliance with the HITRUST Common Security Framework (“HITRUST Certification”).  ClearDATA may substitute an equivalent security framework, such as the AICPA Service Organization Controls or ISO 27017, upon ninety (90) days’ advance written notice to Customer.  If Customer objects to the new framework, Customer’s sole remedy is to terminate the Agreement under Section 9 for convenience.

  1. SERVICE COMMITMENTS, WARRANTIES AND WARRANTY DISCLAIMERS

5.1 Services. Services and Software shall be provided in material conformity with the Service Descriptions.

5.2 Software Support.  ClearDATA will provide Software Support in a good and professional manner consistent with the SLA and applicable industry standards.

5.3  Intellectual Property.  ClearDATA warrants that Customer’s use of the Services as permitted by this Agreement an any applicable SOW will not infringe the intellectual property rights of any unaffiliated third party, provided, however, that ClearDATA’s sole obligation with respect to a breach of this warranty is indemnification for third party claims as provided in Subsection 11.1 (ClearDATA Indemnification of Customer).

5.4  Additional Services.  If ClearDATA provides incidental or ad-hoc assistance that is not part of the Services it is provided on an AS IS, AS AVAILABLE basis.

5.5 Warranty Disclaimer.  Except for the warranties expressly stated in this Section 5, ClearDATA, its suppliers, licensors and subcontractors make no representations or warranties whatsoever and expressly disclaim any implied warranty of merchantability, fitness for a particular purpose, and any warranty that would have otherwise arisen through a course of dealing.    ClearDATA does not warrant THAT the Services or Software operation will be uninterrupted, meet Your requirements, be error free, OR PROVIDE PERFECT PROTECTION FROM ALL VULNERABILITIES OR SECURITY ATTACKS, INTRUSIONS, OR SECURITY INCIDENTS.  If applicable law requires a warranty notwithstanding this limitation, then the warranty is made for a period of 30 days from the date the warranty WAS made.

  1. CUSTOMER OBLIGATIONS

6.1 Account Security. Customer will (a) comply with the encryption, security measures and other responsibilities documented in RACI, Build Sheets and Service Descriptions and will otherwise use HIPAA compliant security precautions in connection with Services; (b) use reasonable care to avoid transmitting virus, spyware, ransomware, or other malware to Customer’s Workload or otherwise; and (c) immediately contact ClearDATA if Customer believes the security of its account or its Public Cloud Provider Services have been compromised.

6.2  Compliance with Law, Privacy Policy.  Customer will comply with HIPAA and other laws governing the collection, management, transmission, storage and processing of Customer Data as well as its HIPAA Notice of Privacy Practices.

6.3 Third Party Rights. Customer warrants its Customer Application, third-party Personal Data, and any other information, materials  or technologies that Customer installs, stores, processes, or transmits to ClearDATA through use of the Services, and ClearDATA’s authorized use and disclosure of such materials in providing the Services, will not violate the rights of any third party, including but not limited to the privacy rights of individuals whose Personal Data is part of Customer Data (the “Data Subjects”). Specifically, but without limitation, Customer warrants that it has obtained consent from the Data Subjects for its and ClearDATA’s use and disclosure of Personal Data as required for ClearDATA to provide Services under this Agreement.

6.4 Access Control Lists and Account Information.  Customer must keep account access control permissions, Authorized Users, billing, and other account information up to date.  Customer’s Authorized Users have the authority to change Customer’s Workload and Public Cloud Provider Services including but not limited to adoption of new free or chargeable features and associated terms and conditions.

6.5 Backups.  Customer will conduct periodic restoration tests as necessary (a) to verify the integrity and recoverability of Customer Data as necessary to create and maintain retrievable exact copies of Customer Data; and (b) to ensure that Customer meets disaster recovery and business continuity obligations required by the HIPAA Security Rule including but not limited to §164.308(a)(7)(ii)(A) and its own business continuity requirements. Customer will give ClearDATA prior notification of any changes to the Public Cloud Provider Service or Customer Application, data models, encryption methods or other processes that could interfere with successful backups conducted by ClearDATA.  You acknowledge that your ClearDATA public cloud data backup services does not, by itself, constitute compliance with HIPAA.

6.6  Customer Cooperation

6.6.1 Customer will: (i) provide qualified personnel capable of performing Customer’s duties and tasks; (ii) provide ClearDATA prompt and timely access to Customer’s site, facilities and Public Cloud Provider Services as reasonably required by ClearDATA to perform its obligations including but not limited to performing scheduled and emergency maintenance and patching, investigation or remediation of Services outages, suspected security problems, or breaches of the Agreement; (iii) provide office support (e.g., internet connectivity, printers) as ClearDATA may reasonably request; and (iv) make accurate and complete data, reports, information and other materials required by ClearDATA to perform its obligations (collectively, “Customer Materials”).

6.6.2 ClearDATA is excused for delayed or insufficient performance of Services resulting from Customer’s failure or delay in providing requested cooperation, access, or Customer Materials. In addition to any other remedies available, ClearDATA may reschedule Professional Services and charge rescheduling fees after Customer’s failure or delay in providing requested cooperation, access, or Customer Materials. If ClearDATA re-performs Professional Services for any of the foregoing reasons, ClearDATA’s fees may exceed the amounts stated in a SOW.

  1. RESTRICTIONS
    • Medical Devices/High Risk Use. The Software and Services are not designed, developed, tested, or intended to be reliable where use or failure could lead to death or serious bodily injury or property or environmental damage. ClearDATA has no responsibility for, and Customer will indemnify, defend and hold harmless ClearDATA, its affiliates and representatives from all claims, suits, demands, and proceedings alleging, claiming, seeking, or asserting, any liability, loss, obligation, risk, cost, damage, award, penalty, settlement, judgment, fine or expense (including attorneys’ fees) arising from or in connection with Customer’s use of the Software and Services on or in a high-risk system.

7.2 Services Management Agent.  ClearDATA may use Agents to track system information, manage various service issues, and identify security vulnerabilities. Customer’s Services will be Unsupported Services if Customer disables or interferes with Agents.

7.3 Authorized Users.   Customer is responsible for all acts or omissions of its Authorized Users as well as access to or use of the Software and Services through Authorized Users’ credentials or anyone to whom Customer or its Authorized Users allow such access or use.

7.4  Export.  Customer will not use the Services or Software in a way that causes ClearDATA to be in violation of the export laws of the United States or other jurisdiction from which the Services or Software are provided.  By way of example only, Customer may not authorize any person to use the Services or Software who is on the list of Specially Designated Nationals and Blocked Persons issued by the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) or who is located in or is a national of any country that is embargoed under United States export laws, and Customer may not use or permit the use of the Services or Software to process or store any data that is subject to the International Traffic in Arms Regulations maintained by the U.S. Department of State.

  1. TERM, TERMINATION, SUSPENSION

9.1  Term.  This Agreement and any SOW issued under this Agreement will commence as of their respective Effective Date and continue in full force and effect for a term of three (3) years (“Initial Term”). Each will automatically renew for subsequent twelve (12) month terms (each, a “Renewal Term” and together with the Initial Term, the “Term”), unless either Party provides at least ninety (90) days prior written notice of non-renewal, in which case this Agreement and/or SOW will expire at the end of their respective Initial Term or Renewal Term.

 

9.2  SOWs. Expiration or termination of an individual SOW will not effect any other SOW or this Agreement. Upon the termination or expiration of a SOW: (i) Customer will pay ClearDATA any fees incurred up to and including the date of expiration or termination; (ii) Customer will cease using the Software and Services described in the applicable SOW, and (iii) Customer will promptly destroy any ClearDATA Confidential Information or Deliverables provided or acquired pursuant to the applicable SOW and provide written certification of such destruction.

 

9.3 Termination for Material Breach.  If either Party materially breaches this Agreement, the other Party will provide notice and an opportunity to cure the breach. If the breaching Party does not cure the breach within thirty (30) days of notice, the non-breaching Party may terminate, or suspend performance under this Agreement.  ClearDATA may also terminate the Agreement if Customer violates the AUP more than once, even if the earlier breach has been cured.  Failure to pay undisputed amounts due for more than (60) sixty days is a material breach. If Customer terminates the Agreement or an SOW for convenience, or ClearDATA terminates the Agreement or an SOW for Customer’s  breach, it must pay an early termination fee as follows: (i) any implementation or set up fee that remains unpaid, plus (ii) the monthly recurring fees for the remaining part of the initial term of the Agreement or SOW, as applicable, with monthly recurring fees to be determined by the higher of:  (a) the initial estimated monthly recurring fees; and (b) the average of the fees for the prior months in the initial term or renewal term as the case may be.  You may terminate the Agreement for convenience on ninety (90) days advance written notice after the initial term of the Agreement or the relevant SOW whichever is later without penalty.

9.4. Termination for Violation of Law or Regulation. If either Party determines that its continued performance under this Agreement would cause it to violate applicable law or would place it at material risk of suffering any sanction, penalty, or liability, then that Party may terminate this Agreement immediately upon written notice to the other Party.

9.5  Termination Other than for Breach.  ClearDATA may terminate the Agreement on ninety (90) days advance written notice if Customer’s Public Cloud Provider materially alters its services in a way that makes the ClearDATA service commercially infeasible, or if there is an infringement claim that makes the provision of the Services commercially infeasible and ClearDATA is not able to resolve the claim with commercially reasonable efforts.  Either Party may terminate the Agreement if the other Party is insolvent or files for bankruptcy or similar protection.

9.6 Suspension. ClearDATA may suspend access to the Software and Services, in whole or in part, as reasonably necessary to address a serious potential security vulnerability. ClearDATA will give Customer at least two (2) business days’ advance notice of the suspension unless circumstances require suspension on shorter notice.  ClearDATA will reinstate Customer access to the Software and Services when the grounds for suspension are cured unless ClearDATA has already terminated the Agreement as described in this Section 9.

9.7  Survival.  The following terms survive expiration or termination of the Agreement:  Section 1 (Definitions) to the extent the terms defined are used in other surviving sections, Section 7 (RESTRICTIONS),  9 (Term, Termination, Suspension), Section 10 (Confidential Information), Section 12 (Limits on Liability), Section 13 (Notices), Section 14 (General), other terms that expressly state they survive termination, and terms that by their nature should reasonably be expected to survive termination.

9.8 Preservation of Data.  Unless earlier destruction of Customer Data is required by HIPAA, ClearDATA will make Customer Data available for a complete and secure (i.e., encrypted and appropriated authenticated) download for sixty (60) days after termination or expiration of the relevant SOW or CCSA. After such sixty (60) day period, ClearDATA shall have no obligation to maintain or provide Customer Data to You and shall, unless legally prohibited, delete all Customer Data in its systems or otherwise in its possession or under its control.

9.9 Effect of Termination. Upon the termination or expiration of this Agreement: (i) all SOWs will terminate; (ii) Customer will cease using the Services and Software; and (iii) Customer will pay ClearDATA any fees incurred up to and including the date of termination or expiration. The termination or expiration of this Agreement will not affect or impair the rights, liabilities, and obligations of either Party that may have accrued prior to such termination or expiration. Except as otherwise provided, remedies described herein are cumulative, not exclusive, and will include all remedies available to a Party at law or in equity.

  1. CONFIDENTIAL INFORMATION

Neither Party may use the other Party’s Confidential Information except in connection with the performance or use of the Services, the exercise of the Party’s legal rights under this Agreement, or as required by law. Each Party agrees to protect the confidentiality of the other Party’s Confidential Information using the same degree of care as it uses to protect the confidentiality of its own similar Confidential Information, but in any event no less than reasonable care, and to not intentionally disclose the other Party’s Confidential Information to any third person except as follows: (i) to the Party’s respective service providers, agents and representatives, provided that such service providers, agents or representatives are bound by written confidentiality obligations that provide similar protection as  these terms; (ii) in response to a subpoena or other legal process, provided that each will give the other reasonable advance written notice prior to disclosure; or (iii) as required by law, such as a requirement under a data privacy regulation that a notice of data breach be given to a supervisory authority or regulatory agency. On expiration or earlier termination of the Agreement, each Party will return or destroy the other Party’s Confidential Information.  ClearDATA’s obligations to safeguard Customer Data are defined and covered by obligations in the HIPAA Business Associate Agreement, not this Section. Each Party is responsible for a breach of this Section by third parties  to whom it has disclosed the other Party’s Confidential Information. The Parties’ obligations under this section are separate and distinct from other obligations under this Agreement with respect to privacy, compliance and security including but not limited to maintenance of the Security Controls.

  1. INDEMNIFICATION

11.1 ClearDATA Indemnification of Customer.  ClearDATA will defend, indemnify and hold harmless Customer and its affiliates, officers, directors and personnel (“Customer Indemnitees”) from final judgments, related attorney fees, and litigation-related third party expenses (“Losses”) that result from claims by a party not affiliated with Customer Indemnitees, to the extent these claims: (i) arise from ClearDATA’s material breach of the Security Controls or (ii) assert that Customer’s use of the Services infringe Intellectual Property rights in the United States or the European Economic Area. ClearDATA’s obligations under this subsection do not extend to a claim to the extent that it (a) is covered by Customer’s indemnification of ClearDATA, (b) is based on Customer’s breach of this Agreement or negligence, or (c) results from Customer’s combination of the Services with technology not provided by ClearDATA, Customer’s use of Unsupported Services, Customer’s unauthorized change to the Public Cloud Provider Services, Software, or Services, or ClearDATA’s compliance with Customer’s specific directives (“Exclusion(s)”).

11.2  Customer Indemnification of ClearDATA.  Customer will defend, indemnify and hold harmless ClearDATA and its affiliates, suppliers, and licensors, and each of their officers, directors and personnel (the “ClearDATA Indemnitees”) against Losses that result from claims by a party not affiliated with ClearDATA Indemnities, to the extent those claims: (i) are raised by Customer’s personnel, end users, providers of Customer Application(s), or Data Subjects whose Personal Data is included in Customer Data, unless such claim arises from ClearDATA’s breach of the Security Controls, (ii) asserting the Customer Application or Customer Data infringes or violates the Intellectual Property rights or other rights of a third party in the United States or the European Economic Area, (iii) result from Customer’s use of an Unsupported Service, or (iv) are an Exclusion.  Customer’s obligations under this Section 11.2 include claims arising out of the acts or omissions of its personnel, agents, Authorized Users, and any other person to whom Customer has given access to the Public Cloud Provider Services, the Software, or Services, and any person who gains access to any of them as a result of Customer’s failure to use reasonable security precautions, even if the acts or omissions of such persons were not authorized.

11.3  Procedures.  The indemnified Party must give notice of the claim for indemnification to the indemnifying Party within ten (10) days of the date the claim, or threat of a claim, is made in writing, provided that failure to give notice does not relieve the indemnifying Party of its obligations unless the delay prejudices defense of the claim.  The indemnifying Party has the right to select counsel to defend any claim under this Section and has the right to control the defense of the claim, except that the indemnified Party may participate in the defense of the claim at its option and expense, with counsel of its choice.  The indemnified Party must comply with any request for information or cooperation regarding the defense of the claim made by the indemnifying Party.  The indemnifying Party may settle any indemnified claim, in its discretion, provided that the settlement fully resolves the indemnified Party’s liability and does not require the indemnified Party’s to make an admission of culpability.

  1. LIMITATIONS OF LIABILITY

12.1  NO CONSEQUENTIAL, INDIRECT DAMAGESEXCEPT FOR CLAIMS BASED ON INTENTIONAL BREACH OF THE INTELLECTUAL PROPERTY RIGHTS, OR OBLIGATIONS REGARDING CONFIDENTIALITY IN SECTION 10, NEITHER PARTY NOR ITS AFFILIATES, LICENSORS,  SUPPLIERS OFFICERS, DIRECTORS, PERSONNEL, OR SUBCONTRACTORS IS LIABLE TO THE OTHER PARTY FOR ANY LOST PROFITS, LOST REVENUE, LOST BUSINESS OPPORTUNITY, OR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL LOSS OR DAMAGE OF ANY KIND, OR ANY LOSS OR DAMAGE THAT COULD HAVE BEEN AVOIDED BY THE  CLAIMING PARTY’S REASONABLE MITIGATION, EVEN IF THE OTHER PARTY HAD BEEN ADVISED OF OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF SUCH DAMAGES.  For avoidance of doubt, Losses as defined in Section 11 (Indemnification) are not excluded by this Subsection.

12.2  MAXIMUM LIABILITYNOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS AGREEMENT, EXCLUDING (I) CLAIMS ARISING FROM A PARTY’S WILFULL MISCONDUCT OR INTENTIONAL TORT, (II) CLAIMS ARISING FROM A PARTY’S BREACH OF SECTION 10 (CONFIDENTIAL INFORMATION), (III) CLAIMS BASED ON A PARTY’S INFRINGEMENT OR MISAPPROPRIATION OF INTELLECTUAL PROPERTY RIGHTS, AND (IV) PAYMENT OBLIGATIONS, ALL OF WHICH SHALL BE UNLIMITED, THE MAXIMUM AGGREGATE LIABILITY OF A PARTY AND ITS AFFILIATES, LICENSORS, SUPPLIERS AND SUBCONTRACTORS UNDER OR IN CONNECTION WITH THIS AGREEMENT FOR ANY TYPE OF DAMAGES SHALL NOT EXCEED THE GREATER OF ONE HUNDRED THOUSAND DOLLARS ($100,000.00) OR THE FEES PAID OR PAYABLE BY YOU FOR THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM UNDER THE RELEVANT SOW.  

12.3  Other.  Customer acknowledges ClearDATA has set its prices and entered into this Agreement in reliance on the limitations of liability stated in this Section 12, and they reflect an agreed allocation of risk between the Parties. These limitations apply to any cause of action whatsoever, whether in contract, tort, commercial code, strict liability or otherwise, even if a limited remedy fails of its essential purpose. Nothing herein precludes a Party from seeking specific enforcement, injunctive relief or other non-monetary equitable remedy. If these limitations as written are not permitted by applicable law, they shall apply to the extent permitted.

  1. NOTICES

Notices must be given by electronic mail.  ClearDATA’s notice to Customer must be given to Customer’s primary account contact.  Customer’s notices to ClearDATA must be given to support@cleardata.com.   Customer’s notice of breach of this Agreement, request for indemnification or other legal matters must also be copied to legalnotice@cleardata.com and mailed via 1st class United States mail or overnight delivery to ClearDATA Networks, Inc., ATTN CHIEF FINANCIAL OFFICER, 7415 Southwest Parkway, Building 6, Suite 500, Box 590, Austin, TX 78735 .  ClearDATA’s notice of breach of this Agreement, request for indemnification or other legal matters must be sent to the contact information of Customer in the signature block below.

  1. GENERAL

14.1  Order Process.  Customer may offer to purchase ClearDATA Services by signing and submitting a SOW, or other document provided to Customer by ClearDATA for signature.  No SOW or other document binds ClearDATA unless it is also executed by ClearDATA.

14.2  Non-Solicitation. Neither Party shall directly or indirectly solicit any personnel of the other Party with whom it has interacted in connection with the Agreement to terminate their employment with the other Party, provided however, that this Section does not restrict a Party from employing an individual who responds to a general employment advertisement or notice.  This restriction shall survive expiration or termination of the Agreement for a period of twelve (12) months.

14.3  General Warranty.  Each Party warrants to the other that: (i) it has the right, power, and authority to enter into the Agreement and to fully perform its obligations; and (ii) the making of the Agreement does not violate any agreement existing between it and any third party.  The individual signing the CCSA and any SOW represents that he or she has the authority to bind the entity on whose behalf they are signing.

14.4  Publicity.  ClearDATA may publicly disclose it is providing Services to Customer and may use Customer’s name and logo in its online, printed and other marketing and publicity materials to identify Customer as a ClearDATA customer, subject to reasonable trademark usage guidelines. ClearDATA may use any quotation provided or approved by Customer for marketing purposes in a press release or other publicity.

14.5  Assignment.  Either Party may assign this Agreement without the other Party’s prior written consent: (a) in connection with the sale of all or substantially all of its assets; (b) to the surviving entity in any merger or consolidation; (c) to an affiliate; or (d) to satisfy a regulatory requirement imposed by a governmental body. Any other assignment requires the prior written consent of the other Party without which the assignment is null and void.

14.6   Subcontractors. ClearDATA may use subcontractors to perform all or any part of the Services but remains responsible as if ClearDATA performed the Services itself.  Certain ClearDATA subcontractors require ClearDATA to include the following clauses: (i) none of ClearDATA’s subcontractors make any representations or warranties to Customer under this Agreement, and none of them has any liability directly to Customer in connection with the Services or any direct indirect, incidental or consequential damages arising from Customer’s use of the Services; and (ii) Customer acknowledges that ClearDATA is not an agent for Amazon Web Services, Inc.,  Google, Inc., Microsoft Corporation, or its other subcontractors, and that ClearDATA and its subcontractors are independent contractors and not partners or joint venturers.

14.7  Disputes.

14.7.1  Mediation.  Except for a request for temporary injunctive or other equitable relief, each Party agrees that it shall not file a lawsuit or other legal action in connection with this Agreement unless it has first given the other Party written notice of the dispute and attempted to resolve the dispute through good faith negotiation.  At the request of either Party, the dispute will be submitted for non-binding mediation conducted by a mutually acceptable mediator in Travis County, Texas consent to not be unreasonably withheld, costs to be split evenly. If the dispute is not resolved within forty-five (45) days of the date of the initial demand for mediation, a Party may file suit.

14.7.2  Jurisdiction, Venue, Law, Jury Trial.  Any action related to this Agreement shall be brought in state or federal courts having jurisdiction over Austin, Texas. Neither Party shall dispute the jurisdiction, convenience, or venue of such courts. This Agreement is governed by and interpreted under the laws of the State of Texas, without giving effect to its conflicts of law principles. The Parties expressly waive the application of the United Nations Convention on Contracts for the International Sale of Goods and the Uniform Computer Information Transactions Act. Neither the Services nor the Software are “goods” subject to any version of the Uniform Commercial Code. Each Party waives the right to a trial by jury in respect of any dispute arising out of this Agreement.

14.7.3 Expenses Arising from Legal Disputes, Subpoenas Regarding Customer’s Account. Customer agrees to pay or reimburse ClearDATA’s reasonable and actual attorneys’ fees and other expenses incurred in connection with: any dispute challenging control of Customer’s account, or to comply with any third-party subpoena, warrant or other mandated disclosure unrelated to a claim between Customer and ClearDATA.

14.8 Force Majeure.  Except for Customer’s payment obligations, neither Party is in violation of the Agreement if the failure to perform is due to an event beyond that Party’s reasonable control, such as a significant failure of the power grid or Internet, denial of service attacks, natural disaster, war, riot, insurrection, epidemic, strikes or other organized labor action, terrorism, or other acts or events for which precautions are not generally taken in the industry.

14.9  Interpretations of Certain Words.  “business day” means Monday – Friday, 9:00 a.m. – 5:00 p.m., United States Central Time, excluding federal holidays in the United States. The word “affiliate” refers to an individual or entity that controls, is controlled by, or is under common control with the person referred to, where control means ownership of the majority of voting interests of an entity or the right to control the policies of the entity by means of a controlling number of seats on the entity’s governing body.  Any requirement that a statement be written is satisfied by an email or other digital form of writing unless expressly stated otherwise.  Section captions are for convenience only; they are not part of this Agreement and may not be used to interpret the terms of this Agreement.

14.10  Relationship Between the Parties.  The Parties are independent contractors.  Neither is the agent of the other or has the right to bind the other on any contract with a third party.  The use of the words “partner” or “partnership” does not create or reflect any legal partnership, joint venture, or other fiduciary relationship.  Nothing in this Agreement creates an obligation of exclusivity or non-competition.

14.11  Modifications.  Web-published portions of the Agreement are subject to modifications which are effective: (a) to any SOW that is signed after a modification is published, and (b) to existing SOWs, as of the first renewal after the modification is published.

14.12  Whole Agreement and Order of Precedence.  The following are incorporated by reference:  all exhibits, SOW(s), all content at hyperlinks and the AUP.  If there is a conflict between the documents that comprise the “Agreement,” the documents control in the following decreasing order of precedence: (i) the Business Associate Agreement, (ii) the SOW or similar entered into under the Agreement, (iii) this CCSA and (iv) the AUP.  No terms or conditions, other than in the Agreement, and no prior agreements or understandings, oral or written regarding the subject matter herein, shall modify or add to these terms and conditions, whether contained in any promotional materials, proposals, acknowledgements, sales or purchase orders, shipping forms, orally or elsewhere are binding.

14.13 Federal Agency Users.  The Services were developed solely at private expense and are commercial computer software and related services within the meaning the Federal Acquisition Regulations and applicable agency supplements.

14.14  Third Party Beneficiaries.  Unless and to the extent specifically stated there are no third-party beneficiaries to this Agreement. Neither Party’s customers, end users, suppliers, Data Subjects, or other persons shall have the right to enforce this Agreement.

14.15  Severability.  In the event one or more of the terms of this Agreement are adjudicated as invalid, illegal, or unenforceable, the adjudicating body may either interpret this Agreement as if such terms had not been included or may reform such terms to the limited extent necessary to make them valid, legal or enforceable, consistent with the economic and legal incentives underlying the Agreement.

14.16  Waiver.  Except as otherwise provided herein, no right or remedy arising regarding this Agreement shall be waived by a course of dealing between the Parties, or a Party’s delay in exercising the right or remedy.  A Party may waive a right or remedy only by signing a written document that expressly identifies the right or remedy waived.  Unless expressly stated in the waiver, it will not be deemed a waiver on any other occasion of the same right or remedy, or any other right or remedy.

14.17  Counterparts; Signatures.  This Agreement may be signed in multiple counterparts, which taken together shall be read as one Agreement.  A signed agreement transmitted by facsimile, email attachment, or other electronic means shall be considered an original.  The Parties agree that electronic or digital signatures shall be given the same effect as a manual signature.

The Agreement is the complete and exclusive agreement between the Parties regarding its subject matter and supersedes and replaces in their entirety any prior or contemporaneous agreement or understanding, written or oral.  The Parties have not entered into the Agreement in reliance on any statement other than those in the Agreement.

© ClearDATA Networks, Inc. 2024

CCSA Revision Date January 1, 2024