The Terms of Service described herein constitute a legal agreement (this “Agreement”) entered into by and between, Bask Health, Inc., a Delaware corporation, (the “Company” or “Bask”) and any individual or entity using the Platform (defined below) as a participating medical provider (the “Provider”). Company and Provider are each referred to as “Party” and collectively, as the “Parties.” The effective date of this Agreement is the date Provider is notified by Bask of its acceptance as a participating provider on the Platform (the “Effective Date”).

1. “Confidential Information” means all business, technical or third party information of a party, including trade secrets, know-how, processes, pricing and financial data, software and documentation, which are provided, disclosed, or made available to the other party under this Agreement that is either identified, orally or in writing, as confidential or would be understood to be confidential by a reasonable person under the circumstances of disclosure.

2. “Documentation” means the Company’s user manuals, handbooks, and guides relating to the Services provided by Company to Provider either electronically or in hard copy form and end user documentation relating to the Service available at https://baskhealth.com, https://mybaskhealth.com, https://bask.bio/ and https://bask.health/ and all subdomains.

3. “Order Form” means each order form, statement of work, medical service agreement, entered into by the Parties and expressly referencing this Agreement.

4. “Service” means the Company’s proprietary software infrastructure platform (the “Platform”) together with all tools, functionalities and technologies available on thereon (including any API, software or other service offered by the Company in connection therewith) and all updates and upgrades thereto, which is designed to (i) enable merchants and businesses (each, a “Merchant”) to market telehealth and related services in partnership with participating providers and pharmacies; and (ii) facilitate billing and collection of the agreed-upon fees between the Merchants and their patients, which include the fees to be remitted for medical services furnished by Provider. For the avoidance of doubt, nothing in this Agreement shall be construed to prohibit the Company from billing patients or third parties for non-clinical services furnished by the Company.

The Company shall assist Provider to implement Provider’s access to the Service. Provider will provide assistance and/or information as reasonably requested by the Company in connection with such implementation. The Company will be excused from meeting specified deadlines or performing specified responsibilities to the extent the Company’s delays or failures are caused by Provider’s delays or failures in providing the Company with reasonable cooperation or access to information or documentation necessary for the performance of the Company’s implementation services.

Subject to the terms of this Agreement and the applicable Order Form, the Company hereby grants Provider a non-exclusive right to access and use the Service solely for Provider’s business operations during the Term.

Provider will not, and will not permit any third party to: (a) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, or underlying structure, ideas, know-how or algorithms relevant to the Service (except to the extent such restrictions are contrary to applicable law); (b) modify, translate, copy, or create derivative works based on the Service; (c) use the Service for timesharing or service bureau purposes or otherwise for the benefit of a third party; (d) use the Service to create or develop a competitive product or service; (e) attempt to gain unauthorized access to the Service or make the Service available to any third party; (f) send or store material containing software viruses, worms, Trojan horses or other harmful computer code, files, scripts, agents or programs through the Service; (g) interfere with or disrupt the integrity or performance of the Service; (h) circumvent, remove, alter or thwart any technological measure or content protections of the Service; (i) use any spider, crawler, scraper or other automatic device, process or software that intercepts, mines, scrapes, extracts or otherwise accesses the Service to monitor, extract, copy or collect information or data from or through the Service; (j) access or use the Service outside of the United States of America; or (k) otherwise use the Service except as expressly permitted herein.

Provider will be deemed the “Site Owner” under this Agreement. If the individual registering for the Service is doing so on behalf of their employer, then such individual must use their employer-issued email address. The Site Owner’s name must be clearly visible on Provider’s Site and although a Site Owner may have multiple websites, only one Site Owner is allowed to be associated with any one Site. Provider agrees to use Bask Health Checkout for each Site.

The Site Owner can create one or more staff accounts (“Staff Accounts”) allowing other people to access the Service. Each Staff Account must include a full legal name and a valid email account. With Staff Accounts, the Site Owner can set permissions and let other people work in the Site Owner’s account while determining the level of access by Staff Accounts to specific business information (for example, a Site Owner can limit Staff Account access to sales information on the Reports page or prevent Staff Accounts from changing general store settings). Provider is responsible for: (a) ensuring its employees, agents, and subcontractors, including via Staff Accounts, comply with this Agreement; and (b) any breach of this Agreement by Provider’s employees, agents, or subcontractors.

Upon registering for the Service, the Company will create an account on Provider’s behalf, using the e-mail address used by Provider in registering for the Service. Depending upon Provider’s location, the Company may also create a payment account on Provider’s behalf. Provider acknowledges that the payment account will be Provider’s default payments gateway and that it is Provider’s sole responsibility as the Site Owner to activate and maintain these accounts. If Provider does not wish to keep the payment account active, it is Provider’s responsibility to deactivate them. For the avoidance of doubt, the payment account is a Third Party Service, as defined below

The Company may modify, amend, alter, supplement or replace the Service from time to time, in whole or in part, without any notice to Provider; provided that the Company will use reasonable efforts to provide Provider written notice if the Company believes that any modification, amendment, alteration, supplement or replacement will cause a material adverse effect on Provider’s access or use of the Service. Provider agrees that its entry into this Agreement is not contingent on the Company developing, delivering or otherwise making available any future functionality or features of the Service, or dependent on any oral or written public comments made by the Company regarding future functionality or features of the Service.

The Service contains certain features and functionalities that integrate and/or interoperate with certain third party products, services or applications (the “Third Party Services”). All use of Third Party Services are subject to the applicable terms of the provider of such Third Party Service. The Company is not responsible for any Third Party Service, including for the availability or reliability of a Third Party Service, or the accuracy or completeness of information shared by or available through such Third Party Service, or the privacy practices of the provider of such Third Party Service.

From time to time, the Company may make certain features or functionalities available to Provider that are identified as “beta”, “pilot”, “limited release” or other similar designation (the “Beta Offerings”). Provider may choose to try such Beta Offerings or not in its sole discretion. Notwithstanding anything to the contrary in this Agreement, Provider’s access and use of the Beta Offerings shall be on “AS IS” basis without warranty of any kind and the Company shall not have any liability of any kind with respect to Provider’s access and use of a Beta Offering.

The Parties agree that Provider is a Covered Entity and Company is a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and each Party shall comply with its respective obligations under the Business Associate Addendum attached hereto as Exhibit A and incorporated herein (the “Business Associate Addendum” or “BAA”).

Provider must maintain an accurate location in the administrative console of Provider’s account. If Provider changes jurisdictions, Provider must promptly update its location in the administrative console.

Provider acknowledges and agrees that the Service is not a pharmacy or healthcare provider. Provider is the seller of record for all items Provider sells through the Service, and Provider is solely responsible for the creation and operation of Provider’s Site(s), the goods and services that Provider may sell through the Service, and all aspects of the transactions between Provider and end users.

All use of the Service by a Provider end user accessing Provider’s Site through the Service will be subject to the Company’s standard terms of service available at https://bask.health/terms.

THE COMPANY IS NOT AUTHORIZED TO PROVIDE SERVICES REQUIRING PROFESSIONAL LICENSURE AND ALTHOUGH THE COMPANY PROVIDES ADMINISTRATIVE SERVICES TO HEALTHCARE PROVIDERS, THE COMPANY DOES NOT OFFER CLINICAL HEALTHCARE SERVICES OR PHARMACY SERVICES ITSELF. ANY CONTENT OR OTHER INFORMATION AVAILABLE ON THE SERVICE IS FOR INFORMATIONAL OR COMMUNICATIVE PURPOSES ONLY AND DOES NOT CONSTITUTE MEDICAL OR OTHER HEALTHCARE ADVICE FROM THE COMPANY. PROVIDER’S USE OF THE SERVICE, AND PROVIDER’S PROVISION OF SERVICES TO END USERS ARE SOLELY PROVIDER’S RESPONSIBILITY AND PROVIDED AT PROVIDER’S OWN RISK. PROVIDER MAY NOT USE THE SERVICE TO PROVIDE EMERGENCY MEDICAL OR MENTAL HEALTH CARE SERVICES. EVEN IF THE SERVICE PROVIDES SAMPLE FORMS OR TEMPLATES, PROVIDER IS SOLELY RESPONSIBLE FOR ALL CLINICAL DOCUMENTATION AND CODING DECISIONS. ANY AND ALL RESPONSIBILITY FOR DIAGNOSING, TREATING AND/OR PROVIDING ANY OTHER MEDICAL CARE TO ANY OF PROVIDER’S END USERS AND FOR ENSURING COMPLIANCE WITH ANY APPLICABLE LAWS, RULES AND REGULATIONS, AND PROFESSIONAL ETHICAL GUIDELINES WHICH MAY APPLY TO PROVIDER AND/OR PROVIDER’S MEDICAL PROVIDERS, RESTS EXCLUSIVELY WITH PROVIDER OR THE APPLICABLE PROVIDER TREATING SUCH PATIENT.

Provider may generate or send email through the Service using the Bask email services (the “Email Services”). This Section 4 applies to Provider’s access and use of the Email Services.

The Company employs certain controls to scan the content of emails delivered using the Email Services prior to delivery (“Content Scanning”). Such Content Scanning is intended to limit spam, phishing, or other malicious content that contravenes this Agreement (collectively, “Threats”). By using the Email Services, Provider explicitly grants the Company the right to employ such Content Scanning. The Company does not warrant that the Email Services will be free from Threats, and Provider is responsible for all content generated by its Sites.

Provider will:

• use the Email Services in compliance with all applicable laws. Examples of applicable laws include laws relating to spam or unsolicited commercial email (“UCE”), privacy, security, obscenity, defamation, intellectual property, pornography, terrorism, homeland security, gambling, child protection, and other applicable laws.

• not send sensitive personal information, including information regarding an individual’s medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs, or other sensitive data (collectively, “Sensitive Data”) through the Email Services unless it is secured (e.g., a password protected Zip file) or Provider has obtained patient consent to send such information via email.

• use the Email Services in compliance with all applicable guidelines established by the Company including the following:

  • Provider must not use non-permission based email lists (i.e., lists in which each recipient has not explicitly granted permission to receive emails from Provider by affirmatively opting-in to receive those emails);
  • Provider must not use purchased or rented email lists;
  • Provider must not use third party email addresses, domain names, or mail servers without proper permission;
  • Provider must not send emails to non-specific addresses (e.g., webmaster@domain.com or info@domain.com);
  • Provider must not send emails that result in an unacceptable number of spam or UCE complaints (even if the emails themselves are not actually spam or UCE);
  • Provider must include a working “unsubscribe” link in each email that allows the recipient to remove themselves from Provider’s mailing list and must comply with any request from a recipient to be removed from Provider’s mailing list within 10 days of receipt of the request;
  • Provider must include in each email a link to the then-current privacy policy applicable to that email;
  • Provider must not disguise the origin or subject matter of any email or falsify or manipulate the originating email address, subject line, headers, or transmission path information for any email;
  • Provider must include in each email Provider’s valid physical mailing address or a link to that information;
  • Provider must not include “junk mail,” “chain letters,” “pyramid schemes,” incentives (e.g., coupons, discounts, awards, or other incentives) or other material in any email that encourages a recipient to forward the email to another recipient.

If Provider sends certain communications to end users via short message service (SMS) messaging (for example, sending appointment confirmation notifications via SMS) (the “SMS Services”), Provider must comply with all applicable laws of the jurisdiction from which Provider sends messages, and in which Provider’s messages are received.

The Service allows Provider to add pixels to the Service to enable Provider or a third party to track Patient events (the “Bask Pixel Manager”). Provider may manage its pixels from within the user interface in the administrative console of the Service. Provider will:

• comply with all applicable laws (including but not limited to HIPAA) and obtain all necessary consents from every site visitor and Provider whose events Provider tracks;

• obtain all necessary rights and consents prior to providing Bask with any data collected using pixels, including names, email addresses, phone numbers, or other data that personally identifies an individual;

• permit the Company to disable any pixels that the Company identifies as malicious, in the Company’s sole discretion; and

• not, and will not allow any third parties to, use pixels

  • to engage in or promote any unlawful, infringing, defamatory or otherwise harmful activity; or
  • to disable, interfere with or circumvent any aspect of the Service.

The Company may collect information associated with the Bask Pixel Manager, such as how pixels are used, and how and what scripts are added. The Company may use this data to improve, maintain, protect and develop the Bask Pixel Manager. However, the Company has no obligation to monitor Provider’s use of the Bask Pixel Manager.

Provider is solely responsible for all data, content, information, and other materials uploaded, posted or otherwise provided to or through the Service by Provider, its Staff Accounts and its end users (the “Provider Data”). Provider is responsible for (a) the accuracy, quality and legality of Provider Data, and (b) the means by which Provider acquired Provider Data. Provider represents and warrants that Provider has provided all necessary and appropriate notices and opt-outs, and has obtained all necessary and appropriate consents, approvals and rights to collect, process, use, store, enhance and disclose the Provider Data and allow the Company to use, store, disclose and otherwise process such Provider Data as contemplated by this Agreement. Provider hereby grants the Company a non-exclusive, royalty-free, fully-paid worldwide license (with the right to sublicense to the Company’s subcontractors performing services for the Company and to third party service providers used by the Company in providing the Service) to access, use, reproduce and create derivative works of all Provider Data to (i) provide the Service and any related Support Services or Professional Services to Provider during the Term and (ii) to improve and enhance the Service and for other development, diagnostic and corrective purposes in connection with the Service and other Company offerings during and after the Term. Furthermore, the Company shall have the right to collect and analyze data and other information relating to Provider’s use and access of the Service (“Usage Data”) and the Company will be free (during and after the Term) to use such Usage Data for any lawful purpose, provided that any disclosure of Usage Data shall be solely in aggregate or other de-identified form.

The Company shall own and retain all right, title and interest in and to the Service, and all improvements, enhancements or modifications thereto, and all intellectual property rights related to any of the foregoing. All rights to the Service not expressly granted under this Agreement are reserved by the Company.

Provider acknowledges that all suggestions for corrections, changes, additions or modifications to the Service, and any other feedback provided by Provider (collectively, “Feedback”) are the exclusive property of the Company and Provider hereby assigns all rights in and to any Feedback to the Company.

As between the parties, subject to the Company’s rights to use the Provider Data as granted by Provider above, Provider owns all right, title and interest in and to the Provider Data.

Provider shall pay the fees specified in each Order Form, if applicable. Provider may be required to provide information regarding Provider’s credit card or other payment instrument. Provider represents and warrants to the Company that such information is true and that Provider is authorized to use the payment instrument. Provider hereby authorizes the Company (or the Company’s third party payment processor) to charge Provider’s authorized payment method for Fees until Provider’s use of the Service is terminated and any and all outstanding Fees have been paid in full. Provider will promptly update Provider’s account information with the Company or the payment processor, as applicable, of any changes (for example, a change in billing address or credit card expiration date) that may occur.

The Company may change the Fees upon thirty (30) days’ advance notice. Provider’s continued use of the Service after the price change becomes effective constitutes Provider’s agreement to pay the changed amount.

Any Fee dispute must be notified to the Company within sixty (60) days after the date that Provider is charged, or within such longer period of time as may be required under applicable law. The Parties agree to negotiate in good faith to resolve any such Fee dispute.

Payments made by Provider hereunder are final and non-refundable, unless otherwise determined by Bask. Unpaid Fees are subject to a finance charge of 1.5% per month, or the maximum permitted by law, whichever is lower. Provider shall be responsible for all taxes associated with its use of the Service other than taxes based on the Company’s net income.

Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose Confidential Information. Confidential Information of the Company includes non-public information regarding features, know-how, functionality and performance of the Service, financial information, pricing terms for the Service and the terms of this Agreement. The Receiving Party agrees: (a) to use at least the same care and precaution in protecting the Disclosing Party’s Confidential Information as the Receiving Party uses to protect its own proprietary information and trade secrets, but in no event less than a reasonable degree of care and (b) not to use or disclose to any third person any of Disclosing Party’s Proprietary Information except for the Receiving Party’s employees, attorneys, advisors and potential investors who are bound by written agreement to keep such information confidential. Without limiting the foregoing Provider expressly agrees that it shall not use or share Company’s Confidential Information for purposes of unfair or improper competition. This Section 9 will not apply to Provider Data, which is subject to the terms of Section 6.

The Disclosing Party agrees that the foregoing Section 9.1 shall not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public, (b) was in its possession or known by it prior to receipt from the Disclosing Party, (c) was rightfully disclosed to it without restriction by a third party or (d) was independently developed without use of any Proprietary Information of the Disclosing Party.

Notwithstanding this Section 9, the Receiving Party may disclose the Confidential Information of the Disclosing Party in the event that the Receiving Party receives a subpoena or other government process that purports to require the production of Confidential Information of the Disclosing Party for use in an action or proceeding, provided that the Receiving Party shall (a) promptly inform the entity issuing such subpoena or other government process of the existence of this Agreement, (b) promptly inform the Disclosing Party of the receipt of such subpoena or other government process and (c) not oppose any effort by the Disclosing Party to quash or limit any such subpoena or other government process. In the event the Disclosing Party fails to intervene to quash or limit such subpoena or other government process after being given notice and a reasonable opportunity to do so or such intervention fails or is denied by a court of competent jurisdiction, such Confidential Information may be produced; provided, that such Confidential Information shall not lose its confidential status through such use and the Receiving Party shall take all reasonable and necessary steps to maintain the confidentiality of such Confidential Information during such use.

Upon the request of either party, copies and embodiments of such party’s Confidential Information shall be promptly returned to such party by the Receiving Party or destroyed by the Receiving Party, and the Receiving Party agrees to confirm such destruction in writing.

Each Party agrees that, for a period of two years from the Effective Date, neither Party nor any of its respective agents, officers, or directors will (or will assist or encourage others to) directly or indirectly, solicit for employment or cause to leave the employ of the other Party any individual who is an employee of the other Party as of the date of this Agreement. Provided however, this shall not prohibit the general solicitation (i.e., a job board posting) of individuals employed by the other Party or hiring of any such individual as a result of such general solicitation.

In its performance of this Agreement and any Order Form the Company may identify business connections for Provider, including, without limitation, pharmacies and Merchants utilizing Company’s Platform (a “Business Connection”). For the duration of this Agreement, and for a period of two (2) years thereafter, neither the Provider nor any of its Affiliates (defined below) shall, in any manner access, contact, solicit or conduct any business outside of the Platform with a Business Connection that has been revealed to Provider by Company. The Provider shall not in any way whatsoever circumvent or attempt to circumvent Company and shall not enter into direct or indirect offers, negotiations or transactions with a Business Connection revealed by Company. The Provider shall not obviate or interfere with the relationship between Company and a Business Connection for the purpose of gaining any benefit, whether such benefit is monetary or otherwise. The Provider shall not make use of any third party to circumvent this paragraph.

For the purposes of this Section 9.6, an “Affiliate” shall mean: Any business entity, trust or natural person that directly or indirectly, through one or more intermediaries, controls or is controlled by, or is under common control with, the Provider. Affiliates shall additionally mean the Provider’s present and future related parties, including, but not limited to, partners, directors, officers, managers, equityholders, associates, agents, representatives, assignees, employees, contractors, successors, and any other entities or persons contractually bound in any instance by them.

In the event of circumvention by Provider, whether direct and/or indirect, the Company shall be entitled to a legal monetary compensation equal to ten times the maximum service fees it would have been realized from the circumvented transaction(s), plus any and all expenses, including any and all legal fees incurred in enforcing these non- circumvention rights.

Subject to earlier termination as provided below, this Agreement will commence on the Effective Date and continue for the Initial Term (as defined in the Order Form) and shall be automatically renewed for additional periods of the same duration as the Initial Term (collectively, the “Term”), unless either party provides the other with written notice of non-renewal at least thirty (30) days prior to the end of the then-current Term.

During the Initial Term and subsequent renewals, either party may terminate this Agreement upon written notice if the other party materially breaches any of the terms or conditions of this Agreement and fails to cure such breach within thirty (30) days of notice thereof.

Without limiting the Company’s rights under Section 10.2, the Company may immediately suspend access to the Service if Provider breaches this Agreement until such breach is cured.

Each Party acknowledges and agrees that the actual damages Company would incur in the event this Agreement is terminated by Provider (other than for breach in accordance with Section 10.2 above) prior to the end of the Initial Term would be material, but impracticable or extremely difficult to determine. In recognition of the foregoing, the Parties agree that in the event of any termination of this Agreement (except if terminated by Provider under Section 10.2), then Provider shall pay to Company a Termination Fee as liquidated damages calculated as set forth below, in addition to all other amounts then due and owing, and without prejudice to any other rights and remedies of Company. The Parties agree that the Termination Fee is reasonable in proportion to the probable damages likely to be sustained by Company and its costs, and are not intended to compel performance of this Agreement or constitute a penalty or punitive damages for any purpose. For purposes of this Agreement, the “Termination Fee” shall mean Three Hundred Thousand Dollars ($300,000) payable in three equal monthly installments, with the initial installment due upon the effective date of termination.

No termination of this Agreement shall affect any rights or liabilities of a party that accrued prior to the date of termination, including any Fees accrued or payable to the Company prior to the effective date of termination.

The provisions of Sections 1, 3.2, 3.4, 5 through 9, 10.4, 10.5, 10.6, 11 through 15 shall survive any termination of this Agreement.

Each party represents and warrants to the other party that: (a) it is duly organized, validly existing, and in good standing under the laws of the state of its formation or incorporation and has full right and power to enter into this Agreement and to perform fully all of its obligations hereunder; and (b) it is not party to any other agreements, written or oral, with any third party in conflict herewith.

Provider shall obtain and maintain all applicable licenses, permits or permissions required to prescribe, dispense, or sell Provider’s products or otherwise operate Provider’s business through the Service. PROVIDER ACKNOWLEDGES THAT THE COMPANY DOES NOT VERIFY THE VALIDITY OF PROVIDER’S CREDENTIALS AND PROVIDER IS SOLELY RESPONSIBLE FOR HAVING THE CREDENTIALS REQUIRED TO PROVIDE THE SERVICES PROVIDED BY PROVIDER THROUGH ITS SITE(S).

Provider will comply with all applicable state and federal laws and other regulatory requirements when prescribing, dispensing, and monitoring prescription medications and otherwise relating to the sale of medical related products, both in Provider’s jurisdiction and in the jurisdiction of end users when using the Service. Additionally, and without limiting the foregoing, (a) Provider must comply will all laws and regulations relating to unfair and deceptive trade practices, including price gouging by not charging excessive process or engaging in deceptive pricing practices for medications or medical related products, (b) any medical, scientific, or other claims Provider makes must be true and supported by documented evidence and, where required by law, an adequate and proper test of such claims, as any products falsely claiming to treat or cure a disease will be removed from all Sites, and (c) Provider must ensure accurate delivery of any products Provider sell to Provider’s end users, and (d) Provider must comply with all applicable law in connection with prescribing compounded medications, including, without limitation, guidance from the FDCA, the United States Pharmacopeia (USP) standards, the National Formulary (NF) monograph (if applicable), as well as the relevant regulations enforced by the U.S. Food and Drug Administration (FDA).

The Company represents and warrants that the Service will operate in conformity with the Documentation set forth in writing by the Company in all material respects. In the event of a breach of the warranty in this Section 11.4, Provider shall notify the Company in writing of the alleged issue, providing details of the problems, and upon confirmation of the issue by the Company, the Company will use commercially reasonable efforts to promptly correct any identified problem or provide work-arounds that address the identified issue to enable the Service to perform in accordance with this limited warranty. If the Company is unable to correct any identified problem, the Company shall notify Provider and Provider have the right to terminate this Agreement upon thirty (30) days’ written notice to the Company and the Company will refund Provider any pre-paid amounts for periods that have not yet occurred on the date of termination. The foregoing shall be the Company’s sole obligation and exclusive liability, and Provider’s sole and exclusive remedy, for any breach of the warranty in this Section 11.4. This Section 11.4 shall not apply to Provider’s use of any Beta Offering or during a pilot period.

THE USE OF THE SERVICE DOES NOT CREATE A DOCTOR-PATIENT RELATIONSHIP OR OTHER PRIVILEGED RELATIONSHIP BETWEEN THE COMPANY AND PROVIDER. THE COMPANY DOES NOT REFER, RECOMMEND OR ENDORSE PROVIDER OR ANY PARTICULAR PROFESSIONAL, PRODUCT, PROCEDURE, OPINION, OR OTHER INFORMATION THAT MAY APPEAR THROUGH THE SERVICE, AND PROVIDER MAY NOT REPRESENT OTHERWISE TO END USERS.

EXCEPT FOR THE WARRANTIES EXPLICITLY SET FORTH IN THIS SECTION 11, THE SERVICE AND ALL DATA AND INFORMATION PROVIDED BY THE COMPANY ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. WITHOUT LIMITING THE FOREGOING, TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE COMPANY HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. THE COMPANY DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICE OR THAT THE QUALITY OF THE SERVICE, SUPPORT SERVICES, PROFESSIONAL SERVICES, OR ANY DATA, INFORMATION, OR OTHER MATERIAL OBTAINED THROUGH USE OF THE SERVICE, WILL MEET PROVIDER’S EXPECTATIONS.

The Company will (a) defend harmless Provider from any claim, suit or proceeding (“Claim”) brought against Provider by a third party alleging that the Service infringes any intellectual property right of such third party and (b) indemnify and hold Provider harmless from any damages, losses, expenses, costs or liabilities finally awarded against Provider by a court of competent jurisdiction as a result of such Claim. Notwithstanding the foregoing, the Company will have no obligation under this Section 12.1 or otherwise with respect to any Claim to the extent based upon (i) any unauthorized use, reproduction, or distribution of the Service or any breach of this Agreement by Provider, (ii) any combination of the Service with other products, equipment, software or data not supplied by the Company (including any Provider property management system), (iii) any modification of the Service by any person other than the Company or its authorized agents or contractors or (iv) any activity after the Company has provided Provider with a work around or modification that would have avoided such issue without materially adversely affecting the functionality or availability of the Service (items (i) through (iv), the “Excluded Activities”). If the Company reasonably believes that all or any portion of the Service, or the use thereof, is likely to become the subject of any infringement Claim, the Company may procure, at the Company’s expense, for Provider the right to continue using the Service in accordance with the terms hereof, replace or modify the allegedly infringing Service to make it non-infringing, or, in the event the preceding is infeasible or not commercially practicable, the Company may, in its sole discretion, terminate this Agreement upon written notice to Provider and the Company will refund Provider any pre-paid amounts for periods that have not yet occurred on the date of termination. This Section 12.1 shall be Provider’s sole and exclusive remedy, and the Company’s sole and exclusive liability, with respect to any infringement claims relating to Provider’s use of the Service. This Section 12.1 will not apply to any Beta Offering, Third Party Service or use of the Service during a pilot period.

Provider will indemnify, defend and hold harmless the Company from any damages, losses, expenses, costs or liabilities incurred by the Company in connection with any Claim brought against the Company by a third party arising from or related to (a) an Excluded Activity, (b) Provider’s use of the Service in breach of the terms of this Agreement, and (c) the diagnosis, treatment, and/or billing of any of Provider’s or any affiliate’s end users.

A party seeking indemnification under this Section 12 will provide the indemnifying party with prompt written notice of the relevant Claim (provided that the failure to provide prompt notice will only relieve the indemnifying party of its obligations to the extent it is materially prejudiced by such failure) and permit the indemnifying party to control the defense of such Claim. The indemnified party may employ counsel at its own expense to assist it with respect to such Claim; provided, however, that if such counsel is necessary because the indemnifying party does not assume control, the indemnifying party will be responsible for the expense of such counsel. The party controlling the defense of a Claim shall keep the other party advised of the status of such Claim and the defense thereof. Neither party shall have the authority to settle a claim on behalf of the other party.

TO THE EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT FOR AMOUNTS PAYABLE IN CONNECTION WITH EITHER PARTY’S BREACH OF SECTION 9, AND PROVIDER’S BREACH OF SECTION 2.3, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY OR ANY PARTY CLAIMING THROUGH THE OTHER PARTY FOR (A) ANY INDIRECT, PUNITIVE, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS) ARISING OUT OF THIS AGREEMENT OR ANY DELAY OR INABILITY TO USE THE SERVICE OR (B) EXCEPT FOR AMOUNTS PAYABLE BY ONE PARTY TO THE OTHER PARTY UNDER THIS AGREEMENT, ANY DAMAGES IN EXCESS OF THE AGGREGATE FEES PAID OR PAYABLE TO EITHER PARTY HEREUNDER IN THE SIX (6) MONTH PERIOD PRIOR TO THE DATE THE CLAIM FIRST AROSE, IN EACH CASE WHETHER BASED IN CONTRACT, TORT, STRICT LIABILITY OR OTHERWISE, AND EVEN IF EITHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.

Provider may not remove or export from the United States or allow the export or re-export of the API, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority. As defined in FAR section 2.101, the API (including the software, documentation and data related thereto) are “commercial items” and according to DFAR section 252.227 7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.

Neither party may assign this Agreement, except with the other Party’s prior written consent; provided, however that either party may assign this Agreement in connection with a merger or sale of all or substantially all of such party’s assets or stock. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable. This Agreement may be amended or modified in whole or in part at any time only by a writing executed by both parties. This Agreement, together with the exhibit attached hereto and any Order Form entered into between the Parties, constitutes the full and entire understanding and agreement of the parties with regard to the subject matter hereof, and supersedes all prior agreements or understandings, written or oral, between the parties with respect to the subject matter hereof. In the event of any conflict between the terms of an Order Form and this Agreement, the terms of the Order Form shall govern but solely with respect to the terms set forth therein. This Agreement and any dispute arising hereunder shall be governed by the laws of the State of New York, without regard to the conflicts of law provisions thereof. All disputes arising out of or in connection with this Agreement shall be settled by arbitration in New York, New York before a neutral single arbitrator, whose decision will be final and binding and the arbitral proceedings will be administered by JAMS under its Comprehensive Arbitration Rules and Procedures then in effect. Judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. The parties undertake to keep confidential all awards in their arbitration, together with all materials in the proceedings created for the purpose of the arbitration and all other documents produced by another party in the proceedings not otherwise in the public domain, save and to the extent that disclosure may be required of a party by legal duty, to protect or pursue a legal right or to enforce or challenge an award in legal proceedings before a court or other judicial authority. Notwithstanding the foregoing, either party hereto shall be entitled to seek injunctive or equitable relief from a court of competent jurisdiction without the necessity of posting bond or proving actual damages. Without limiting anything herein, and except for Provider’s payment obligations, neither party shall have any liability for any failure or delay resulting from any condition beyond the reasonable control of such party, including, but not limited to, governmental action or acts of terrorism, earthquake or other acts of God, labor conditions, epidemics, pandemics and power failures. For all purposes under this Agreement each party shall be and act as an independent contractor and shall not bind nor attempt to bind the other to any contract. As part of the Company’s sales and marketing efforts, the Company may publicly identify Provider by name as a Provider and may describe the services provided to Provider in general and Provider hereby grants the Company a non-exclusive license to use and reproduce Provider’s name, logos and trademarks as part of the Company’s such sales and marketing efforts. Any notices in connection with this Agreement will be in writing and sent to the address specified in the signature blocks of the Parties.

THIS BUSINESS ASSOCIATE AGREEMENT (this “Agreement”), effective as of the Effective Date is by and between Provider (“Covered Entity”) and Company (“Business Associate”), each individually a “Party” and collectively the “Parties”.

WHEREAS, Business Associate has agreed to Order Form(s), Provider Terms of Service, and other agreements incorporated by reference in the foregoing, with Covered Entity for the purposes of performing certain services on behalf of Covered Entity (the “Services Agreement”) and Business Associate may create, receive, maintain, or transmit Protected Health Information (defined below) in conjunction with the services being provided under the Services Agreement, thus necessitating a written agreement that meets applicable requirements of HIPAA (defined below);

WHEREAS, pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, and all regulations promulgated thereunder, as amended from time to time (collectively, “HIPAA”); and

WHEREAS, Business Associate and Covered Entity desire to satisfy HIPAA’s requirements through this Agreement and otherwise to address related matters regarding HIPAA.

NOW THEREFORE, in consideration of the mutual agreements and undertakings of the Parties, and for other good and valuable consideration, the sufficiency of which is hereby acknowledged, the Parties, intending to be legally bound, agree as follows:

The following terms shall have the following meaning when used in this Agreement:

1. "Electronic Protected Health Information” or “ePHI” shall have the same meaning given to such term as 45 C.F.R. § 160.103, limited to the information created, received, or maintained or transmitted from or on behalf of Covered Entity.

2. “Individual” shall have the same meaning as the term “individual” in 45 C.F.R. §160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. §164.502(g).

3. “Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, except limited to the information received from Covered Entity, or created, maintained or received on behalf of Covered Entity. For avoidance of doubt, PHI shall include ePHI.

4. “Subcontractor” shall have the same meaning as the term “subcontractor” in 45 C.F.R. §160.103, except limited to any such individual or entity who creates, receives, maintains, or transmits PHI on behalf of Business Associate.

Any capitalized term not specifically defined herein shall have the same meaning as is set forth in the Services Agreement. Any capitalized term not specifically defined herein or in the Services Agreement shall have the same meaning as is set forth in 45 C.F.R. Parts 160 and 164, where applicable. The terms “use,” “disclose” and “discovery,” or derivations thereof, although not capitalized, shall also have the same meanings set forth in HIPAA.

1. Business Associate agrees to not use or disclose PHI other than as permitted or required by this Agreement, the Services Agreement, or as Required By Law.

2. Business Associate agrees to use appropriate safeguards and comply, where applicable, with Subpart C of 45 C.F.R. Part 164 with respect to Electronic PHI, to prevent use or disclosure of the PHI other than as provided for by this Agreement.

3. Business Associate agrees to report to the Covered Entity any use or disclosure of PHI not provided for by this Agreement, including, without limitation, Breaches of Unsecured PHI as required at 45 C.F.R. 164.410, and any Security Incident of which it becomes aware. The Parties acknowledge and agree that this Section 2.3 constitutes notice by Business Associate to Covered Entity of the ongoing existence and occurrence of attempted but unsuccessful Security Incidents for which no additional notice to Covered Entity shall be required. Unsuccessful Security Incidents shall include, but not be limited to, pings and other broadcast attacks on Business Associate’s firewall, port scans, unsuccessful log-on attempts, denials of service and any combination of the above, so long as such incidents do not result, to the extent Business Associate is aware, in unauthorized access, use or disclosure of Electronic PHI.

4. In accordance with 45 C.F.R. § 164.502(e)(1)(ii) and § 164.308(b)(2), if applicable, Business Associate agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree in writing to substantially the same restrictions, conditions, and requirements that apply to Business Associate under this Agreement with respect to such PHI.

5. Business Associate agrees to make available PHI in a Designated Record Set to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524.

6. Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. § 164.526 or take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526.

7. Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528.

8. To the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to Covered Entity in the performance of such obligations.

9. Business Associate agrees to make its internal practices, books, and records available to the Secretary for purposes of determining compliance with HIPAA.

1. Business Associate may only use or disclose PHI as necessary to perform its obligations under the Services Agreement. In addition, Business Associate is authorized to use PHI to de-identify the PHI in accordance with 45 C.F.R. 164.502(d) and 164.514(a)-(c). For the avoidance of doubt, such de-identified data will no longer be considered PHI.

2. Business Associate may use or disclose PHI as permitted or Required By Law.

3. Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures.

4. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by Covered Entity, except for the specific uses and disclosures set forth in Sections 3.5, 3.6 and 3.7, below.

5. Business Associate may use PHI for its proper management and administration or to carry out its legal responsibilities.

6. Business Associate may disclose PHI for its proper management and administration or to carry out its legal responsibilities, provided the disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as Required By Law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the information’s confidentiality has been breached.

7. Business Associate may provide Data Aggregation services relating to the Health Care Operations of Covered Entity.

1. Covered Entity shall promptly notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 C.F.R. 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.

2. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI, prior to the effective date of such revocation.

3. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 C.F.R. 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI, prior to the effective date of such restriction.

4. Covered Entity shall obtain any authorization or consents as may be Required by Law for any of the uses or disclosures of PHI pursuant to this Agreement or the Services Agreement.

5. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 C.F.R. Part 164 if done by Covered Entity.

The Term of this Agreement shall commence as of the Effective Date and shall terminate upon the termination of the Services Agreement or on the date Covered Entity terminates this Agreement for cause as authorized in Section 5.2, whichever is sooner.

Each Party authorizes termination of this Agreement by the other Party if a Party determines the other Party has breached a material term of this Agreement and the breach is not cured within thirty (30) days after the breaching Party’s receipt of written notice of the alleged breach.

Upon termination of this Agreement for any reason, Business Associate shall:

1. Retain only that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;

2. Return to Covered Entity or Covered Entity’s designee (to the extent permitted by HIPAA) if feasible, or, if feasible and agreed to by Covered Entity, destroy the remaining PHI that the Business Associate still maintains in any form;

3. Continue to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to Electronic PHI to prevent use or disclosure of the PHI, other than as provided for in this Section, for as long as Business Associate retains PHI;

4. Not use or disclose PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set out at Section 3.5 and 3.6, above, which applied prior to termination; and

5. Return to Covered Entity, or, if agreed to by Covered Entity, destroy PHI retained by Business

Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.

The obligations of Business Associate under this Section 5 shall survive the termination of this Agreement.

Any notice, consent, request or other communication required or permitted under this Agreement shall be in writing and delivered and delivered in the manner as set forth in the Services Agreement.

A reference in this Agreement to HIPAA means the provision as in effect or as amended.

The Parties agree to take such action as is necessary to amend this Agreement from time to time as is necessary for the Covered Entity to comply with the requirements of HIPAA and any other applicable law.

Any ambiguity in this Agreement shall be resolved to permit compliance with HIPAA.

The construction, interpretation and performance of this Agreement and all transactions under this Agreement shall be governed and enforced pursuant to the laws of Delaware, without giving effect to its conflicts of laws provisions, except to the extent Delaware law is preempted by any provision of federal law, including HIPAA. The Parties agree that all disputes arising out of or relating to this Agreement will be subject to mandatory binding arbitration under the rules of Judicial Administration and Arbitration Services (“JAMS”) in effect at the time of submission, as modified by this Section 6.4. The arbitration will be heard and determined by a single arbitrator selected by the Parties’ mutual agreement, or, failing agreement within thirty (30) days following the date of the respondent’s receipt of the claim, by JAMS. Such arbitration will take place in San Francisco, California. The arbitration award so given will be a final and binding determination of the dispute and will be fully enforceable in any court of competent jurisdiction. Except in a proceeding to enforce the arbitration’s results or as otherwise required by law, neither Party nor any arbitrator may disclose the existence, content or results of any arbitration hereunder without the prior written agreement of both Parties.

Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the Parties’ respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.

In the event that it is impossible to comply with both the Services Agreement and this Agreement, the provisions of this Agreement shall control with respect to those provisions of each agreement that expressly conflict with regard to the subject matter herein. This Agreement shall supersede and replace any prior business associate agreements between the Parties, with respect to any actions of Business Associate after the Effective Date.

This Agreement shall be binding upon, and shall inure to the benefit of, the Parties and their respective successors, assigns, heirs, executors, administrators and other legal representatives.

In the event any provision of this Agreement is rendered invalid or unenforceable under any new or existing law or regulation or declared null and void by any court of competent jurisdiction, the remainder of this Agreements’ provisions shall remain in full force and effect if it reasonably can be given effect.