LAYRD HEALTH, INC.

1. INTRODUCTION AND ACCEPTANCE OF TERMS

1.1 Agreement Overview. These Customer Terms of Service (hereinafter referred to as this "Agreement" or these "Terms") constitute a legally binding agreement between you, whether an individual or a legal entity (hereinafter referred to as "Customer," "you," or "your"), and Layrd Health, Inc., a Delaware corporation with its principal place of business in the United States (hereinafter referred to as "Layrd Health," "Company," "we," "us," or "our"). This Agreement governs your access to and use of the software-as-a-service platform, applications, tools, features, functionalities, and related services provided by Layrd Health (collectively, the "Services"), including any updates, modifications, enhancements, or new features that may be introduced to the Services from time to time.

1.2 Acceptance of Terms. By creating an account, accessing, browsing, or otherwise using the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms and all applicable laws and regulations. You further acknowledge that these Terms constitute a binding legal agreement between you and Layrd Health. If you are using the Services on behalf of an organization, company, or other legal entity, you represent and warrant that you have the authority to bind such entity and its affiliates to these Terms, in which case the terms "Customer," "you," or "your" shall refer to such entity and its affiliates. If you do not have such authority, or if you do not agree with these Terms, you must not accept these Terms and may not use the Services.

1.3 Eligibility. You represent and warrant that you are at least eighteen (18) years of age or the age of legal majority in your jurisdiction, whichever is greater, and that you have the legal capacity to enter into this Agreement. If you are under the age of eighteen (18) or the age of legal majority in your jurisdiction, you may not use the Services. You further represent and warrant that you are not located in, under the control of, or a national or resident of any country to which the United States has embargoed goods or services, and that you are not identified as a "Specially Designated National" by the Office of Foreign Assets Control or placed on the U.S. Commerce Department's Denied Persons List.

1.4 Healthcare Provider Requirement. The Services are designed exclusively for use by licensed healthcare providers, medical practices, healthcare organizations, and their authorized personnel (collectively, "Healthcare Providers"). By using the Services, you represent and warrant that you are a licensed Healthcare Provider or are authorized to act on behalf of a Healthcare Provider, and that you will use the Services solely in connection with the provision of healthcare services to patients in compliance with all applicable laws, regulations, and professional standards.

2. DESCRIPTION OF SERVICES

2.1 Service Overview. Layrd Health provides an artificial intelligence-powered software platform designed to assist Healthcare Providers with chart preparation, clinical documentation, and related administrative tasks (the "Platform"). The Platform utilizes advanced machine learning algorithms and natural language processing technologies to extract, organize, and present clinical information from various sources, including but not limited to electronic health records, faxed documents, scanned files, and other unstructured data sources. The Platform is intended to serve as a tool to enhance efficiency and reduce administrative burden for Healthcare Providers.

2.2 Service Components. The Services may include, but are not limited to, the following components: (a) chart preparation and pre-visit planning tools; (b) document extraction and data processing capabilities; (c) clinical documentation assistance features; (d) integration capabilities with electronic health record systems and other healthcare information technology systems; (e) reporting and analytics functionalities; (f) user management and administrative tools; (g) application programming interfaces (APIs) for system integration; and (h) any additional features, tools, or functionalities that Layrd Health may introduce from time to time.

2.3 Not Medical Advice. THE SERVICES ARE NOT INTENDED TO PROVIDE MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT RECOMMENDATIONS. THE SERVICES ARE DESIGNED SOLELY TO ASSIST HEALTHCARE PROVIDERS WITH ADMINISTRATIVE AND DOCUMENTATION TASKS. ALL CLINICAL DECISIONS MUST BE MADE BY QUALIFIED HEALTHCARE PROFESSIONALS EXERCISING THEIR INDEPENDENT PROFESSIONAL JUDGMENT. LAYRD HEALTH DOES NOT PRACTICE MEDICINE AND DOES NOT PROVIDE ANY MEDICAL SERVICES. THE INFORMATION AND OUTPUT PROVIDED BY THE SERVICES SHOULD BE REVIEWED, VERIFIED, AND VALIDATED BY QUALIFIED HEALTHCARE PROFESSIONALS BEFORE BEING RELIED UPON FOR ANY CLINICAL PURPOSE.

2.4 Service Availability. Layrd Health shall use commercially reasonable efforts to make the Services available twenty-four (24) hours a day, seven (7) days a week, except for scheduled maintenance periods, unscheduled emergency maintenance, and circumstances beyond Layrd Health's reasonable control. Layrd Health does not guarantee that the Services will be uninterrupted, error-free, or free from vulnerabilities. Layrd Health reserves the right to modify, suspend, or discontinue the Services, or any part thereof, at any time with or without notice, and Layrd Health shall not be liable to you or any third party for any such modification, suspension, or discontinuation.

3. ACCOUNT REGISTRATION AND SECURITY

3.1 Account Creation. To access and use the Services, you must create an account by providing accurate, current, and complete information as prompted by the registration process ("Registration Data"). You agree to maintain and promptly update the Registration Data to keep it accurate, current, and complete at all times. Failure to provide accurate, current, and complete Registration Data may result in the suspension or termination of your account. Layrd Health reserves the right to refuse registration or cancel accounts at its sole discretion.

3.2 Account Credentials. You are solely responsible for maintaining the confidentiality of your account credentials, including your username and password, and for all activities that occur under your account. You agree to immediately notify Layrd Health of any unauthorized use of your account or any other breach of security of which you become aware. Layrd Health shall not be liable for any loss or damage arising from your failure to maintain the confidentiality of your account credentials or from any unauthorized access to or use of your account.

3.3 Account Security Requirements. You agree to implement and maintain appropriate security measures to protect your account and prevent unauthorized access, including but not limited to: (a) using strong, unique passwords that meet or exceed industry-standard complexity requirements; (b) enabling multi-factor authentication when available; (c) not sharing your account credentials with any third party; (d) logging out of your account at the end of each session; (e) implementing appropriate access controls within your organization; and (f) promptly reporting any suspected security incidents to Layrd Health.

3.4 Authorized Users. If you are using the Services on behalf of an organization, you may authorize individuals within your organization to access and use the Services under your account ("Authorized Users"). You are responsible for ensuring that all Authorized Users comply with these Terms and for all activities of your Authorized Users. You shall maintain appropriate controls and oversight over your Authorized Users' access to and use of the Services, and you shall promptly remove access for any Authorized User who no longer requires access or who has violated these Terms.

4. CUSTOMER DATA AND PRIVACY

4.1 Customer Data Ownership. As between you and Layrd Health, you retain all right, title, and interest in and to all data, information, content, and materials that you submit, upload, transmit, or otherwise make available through the Services, including all patient information, clinical data, and other healthcare-related data (collectively, "Customer Data"). Nothing in this Agreement shall be construed to transfer ownership of Customer Data from you to Layrd Health.

4.2 License to Customer Data. You hereby grant to Layrd Health a non-exclusive, worldwide, royalty-free license to access, use, process, copy, store, transmit, and display Customer Data solely to the extent necessary to provide the Services to you, to improve and enhance the Services, to comply with applicable laws and regulations, and to enforce these Terms. This license shall terminate upon the termination or expiration of this Agreement, except that Layrd Health may retain Customer Data as required by applicable law or as necessary to enforce its rights under this Agreement.

4.3 Protected Health Information. You acknowledge and agree that Customer Data may include protected health information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, "HIPAA"). Layrd Health agrees to handle all PHI in accordance with HIPAA requirements and the terms of the Business Associate Agreement ("BAA") entered into between you and Layrd Health. The BAA is incorporated into and made a part of this Agreement by reference. In the event of any conflict between the terms of this Agreement and the terms of the BAA with respect to the handling of PHI, the terms of the BAA shall control.

4.4 Data Security. Layrd Health shall implement and maintain reasonable administrative, technical, and physical safeguards designed to protect Customer Data against unauthorized access, use, disclosure, alteration, or destruction. Such safeguards shall include, but not be limited to: (a) encryption of Customer Data in transit and at rest using industry-standard encryption protocols; (b) access controls to limit access to Customer Data to authorized personnel on a need-to-know basis; (c) regular security assessments and vulnerability testing; (d) employee training on data security and privacy; (e) incident response procedures; and (f) business continuity and disaster recovery measures.

4.5 Data Processing. Customer Data may be processed by Layrd Health in the United States or in other countries where Layrd Health or its service providers maintain facilities. By using the Services, you consent to such processing and transfer of Customer Data. Layrd Health shall ensure that any transfer of Customer Data to countries outside the United States is conducted in compliance with applicable data protection laws and regulations.

4.6 Privacy Policy. Layrd Health's collection, use, and disclosure of personal information is governed by Layrd Health's Privacy Policy, which is available on Layrd Health's website and is incorporated into and made a part of this Agreement by reference. You acknowledge that you have read and understood the Privacy Policy and consent to the collection, use, and disclosure of personal information as described therein.

4.7 De-identified and Aggregated Data. Notwithstanding any other provision of this Agreement, Layrd Health may create de-identified and/or aggregated data derived from Customer Data ("Derived Data") in accordance with applicable law, including HIPAA. Layrd Health may use Derived Data for any lawful purpose, including but not limited to research, product development, analytics, and benchmarking, provided that such Derived Data does not identify you, your patients, or any individual. Layrd Health shall own all right, title, and interest in and to Derived Data.

5. FEES AND PAYMENT

5.1 Fees. You agree to pay all fees applicable to your use of the Services as set forth in the applicable order form, pricing schedule, or other agreement between you and Layrd Health (collectively, the "Fees"). Layrd Health reserves the right to modify the Fees at any time upon thirty (30) days' prior written notice to you. Any fee changes will become effective at the beginning of the next billing cycle following the effective date of the fee change. Your continued use of the Services after a fee change becomes effective constitutes your acceptance of the modified Fees.

5.2 Payment Terms. Unless otherwise specified in an applicable order form or agreement, all Fees are due and payable in advance on a monthly or annual basis, as applicable. Payment shall be made by credit card, ACH transfer, wire transfer, or such other payment method as Layrd Health may accept from time to time. All payments shall be made in United States dollars unless otherwise agreed in writing. You shall provide accurate and complete billing information, including legal name, address, and payment details, and you shall promptly update such information as necessary to ensure accurate billing.

5.3 Late Payments. Any Fees not paid when due shall accrue interest at the rate of one and one-half percent (1.5%) per month, or the maximum rate permitted by applicable law, whichever is less, from the date such payment was due until the date paid in full. In addition to any other remedies available to Layrd Health, Layrd Health reserves the right to suspend or terminate your access to the Services if any Fees remain unpaid for more than thirty (30) days past the due date. You shall be responsible for all costs and expenses, including reasonable attorneys' fees, incurred by Layrd Health in collecting any unpaid Fees.

5.4 Taxes. All Fees are exclusive of any applicable sales, use, value-added, excise, or other taxes, levies, or duties (collectively, "Taxes"). You shall be responsible for paying all Taxes associated with your use of the Services, excluding taxes based on Layrd Health's net income. If Layrd Health is required to collect or pay any Taxes on your behalf, such Taxes shall be invoiced to you and paid by you in addition to the applicable Fees.

5.5 No Refunds. Except as expressly provided in this Agreement or required by applicable law, all Fees are non-refundable. No refunds or credits will be provided for partial periods of service, unused features, or early termination of the Services.

5.6 Free Trials and Promotional Offers. Layrd Health may, at its sole discretion, offer free trials or promotional pricing for the Services. Upon expiration of any free trial or promotional period, standard Fees shall apply unless you cancel your subscription prior to the expiration of such period. Layrd Health reserves the right to modify, suspend, or discontinue free trials or promotional offers at any time without notice.

6. INTELLECTUAL PROPERTY RIGHTS

6.1 Layrd Health Intellectual Property. The Services, including all software, algorithms, models, code, databases, documentation, user interfaces, designs, graphics, logos, trademarks, service marks, trade names, and all other intellectual property embodied in or associated with the Services (collectively, "Layrd Health IP"), are and shall remain the exclusive property of Layrd Health and its licensors. Except for the limited license granted herein, nothing in this Agreement shall be construed to grant you any right, title, or interest in or to any Layrd Health IP.

6.2 Limited License. Subject to your compliance with these Terms and payment of all applicable Fees, Layrd Health hereby grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Services solely for your internal business purposes during the term of this Agreement. This license does not include the right to: (a) modify, adapt, translate, reverse engineer, decompile, disassemble, or create derivative works based on the Services; (b) sublicense, rent, lease, loan, sell, resell, distribute, or otherwise transfer the Services to any third party; (c) use the Services for the benefit of any third party; (d) access the Services to build a competitive product or service; (e) copy, reproduce, or duplicate any portion of the Services; or (f) remove, alter, or obscure any proprietary notices on the Services.

6.3 Feedback. If you provide Layrd Health with any feedback, suggestions, ideas, improvements, or other input regarding the Services (collectively, "Feedback"), you hereby grant Layrd Health a perpetual, irrevocable, worldwide, royalty-free, fully paid-up, non-exclusive license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, display, and otherwise exploit such Feedback for any purpose, without restriction, attribution, or compensation to you. You represent and warrant that you have all rights necessary to grant such license and that the Feedback does not infringe the intellectual property rights of any third party.

6.4 Reservation of Rights. All rights not expressly granted to you in this Agreement are reserved by Layrd Health. No license or right is granted to you by implication, estoppel, or otherwise except as expressly set forth in this Agreement.

7. ACCEPTABLE USE POLICY

7.1 Permitted Use. You may use the Services only for lawful purposes and in accordance with these Terms. You agree to use the Services only for the purposes for which they are intended and in compliance with all applicable laws, regulations, and professional standards, including but not limited to HIPAA, state healthcare privacy laws, professional licensing requirements, and standards of care applicable to Healthcare Providers.

7.2 Prohibited Conduct. You agree not to, and not to permit any third party to: (a) use the Services in any manner that violates any applicable federal, state, local, or international law or regulation; (b) use the Services to transmit, distribute, or store any material that is unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, or otherwise objectionable; (c) use the Services to transmit or distribute any viruses, worms, Trojan horses, or other malicious code or programs; (d) attempt to gain unauthorized access to the Services, other accounts, computer systems, or networks connected to the Services; (e) interfere with or disrupt the integrity or performance of the Services or the data contained therein; (f) attempt to probe, scan, or test the vulnerability of the Services or any related system or network; (g) use any automated means, including robots, crawlers, or scrapers, to access the Services without Layrd Health's prior written consent; (h) use the Services to collect, harvest, or compile information about other users without their consent; (i) impersonate any person or entity or misrepresent your affiliation with any person or entity; (j) use the Services for any purpose other than your internal business purposes as a Healthcare Provider; (k) sell, resell, license, sublicense, distribute, or otherwise commercially exploit the Services; (l) use the Services in a manner that could damage, disable, overburden, or impair the Services; (m) circumvent, disable, or otherwise interfere with security-related features of the Services; or (n) use the Services for any purpose that is competitive with Layrd Health.

7.3 Customer Responsibilities. You are solely responsible for: (a) the accuracy, quality, integrity, and legality of Customer Data; (b) the means by which Customer Data was acquired; (c) ensuring that your use of the Services complies with all applicable laws, regulations, and professional standards; (d) obtaining all necessary consents, authorizations, and permissions required for the collection, use, and disclosure of Customer Data; (e) maintaining appropriate backup copies of Customer Data; and (f) implementing and maintaining appropriate security measures to protect Customer Data under your control.

7.4 Enforcement. Layrd Health reserves the right, but does not assume the obligation, to investigate any suspected violation of these Terms or any misuse of the Services. If Layrd Health determines, in its sole discretion, that you have violated these Terms, Layrd Health may take any action it deems appropriate, including but not limited to issuing warnings, suspending or terminating your access to the Services, removing or disabling access to any content, reporting violations to law enforcement authorities, and pursuing any other legal remedies available to Layrd Health.

8. THIRD-PARTY SERVICES AND INTEGRATIONS

8.1 Third-Party Services. The Services may integrate with, link to, or otherwise interact with third-party services, applications, platforms, or content (collectively, "Third-Party Services"). Third-Party Services are not under Layrd Health's control, and Layrd Health is not responsible for the content, functionality, accuracy, legality, or availability of any Third-Party Services. Your use of Third-Party Services is at your own risk and is subject to the terms and conditions and privacy policies of such Third-Party Services. Layrd Health does not endorse, warrant, or guarantee any Third-Party Services and shall not be liable for any loss or damage caused by your use of or reliance on any Third-Party Services.

8.2 Electronic Health Record Integrations. The Services may integrate with electronic health record ("EHR") systems and other healthcare information technology systems. You are solely responsible for ensuring that your use of such integrations complies with all applicable laws, regulations, and contractual obligations, including any terms and conditions imposed by your EHR vendor. Layrd Health shall not be liable for any issues arising from the integration of the Services with Third-Party Services, including but not limited to data loss, data corruption, system failures, or security breaches.

8.3 Authorization. By enabling any integration with Third-Party Services, you authorize Layrd Health to access, retrieve, and process data from such Third-Party Services on your behalf to the extent necessary to provide the Services. You represent and warrant that you have all rights and authorizations necessary to enable such integrations and to authorize Layrd Health to access and process data from Third-Party Services on your behalf.

9. DISCLAIMERS AND LIMITATION OF LIABILITY

9.1 Disclaimer of Warranties. THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. LAYRD HEALTH DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR FREE FROM VIRUSES OR OTHER HARMFUL COMPONENTS. LAYRD HEALTH DOES NOT WARRANT THAT THE SERVICES WILL MEET YOUR REQUIREMENTS OR THAT ANY ERRORS OR DEFECTS IN THE SERVICES WILL BE CORRECTED. LAYRD HEALTH MAKES NO WARRANTY REGARDING THE ACCURACY, COMPLETENESS, RELIABILITY, OR TIMELINESS OF ANY INFORMATION OR CONTENT PROVIDED THROUGH THE SERVICES.

9.2 Healthcare Disclaimer. LAYRD HEALTH IS NOT A HEALTHCARE PROVIDER AND DOES NOT PROVIDE MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT. THE SERVICES ARE INTENDED SOLELY TO ASSIST HEALTHCARE PROVIDERS WITH ADMINISTRATIVE AND DOCUMENTATION TASKS AND ARE NOT A SUBSTITUTE FOR PROFESSIONAL MEDICAL JUDGMENT. HEALTHCARE PROVIDERS ARE SOLELY RESPONSIBLE FOR ALL CLINICAL DECISIONS AND FOR VERIFYING THE ACCURACY AND APPROPRIATENESS OF ANY INFORMATION OR OUTPUT PROVIDED BY THE SERVICES. LAYRD HEALTH SHALL NOT BE LIABLE FOR ANY INJURY, DEATH, DAMAGE, OR LOSS ARISING FROM OR RELATED TO ANY CLINICAL DECISIONS MADE IN RELIANCE ON THE SERVICES.

9.3 Limitation of Liability. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL LAYRD HEALTH, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SERVICE PROVIDERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, REVENUE, GOODWILL, USE, DATA, OR OTHER INTANGIBLE LOSSES, EVEN IF LAYRD HEALTH HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL LAYRD HEALTH'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE SERVICES EXCEED THE GREATER OF: (A) THE TOTAL FEES PAID BY YOU TO LAYRD HEALTH IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR (B) ONE HUNDRED UNITED STATES DOLLARS ($100.00 USD).

9.4 Basis of the Bargain. YOU ACKNOWLEDGE AND AGREE THAT THE DISCLAIMERS AND LIMITATIONS OF LIABILITY SET FORTH IN THIS SECTION REFLECT A REASONABLE AND FAIR ALLOCATION OF RISK BETWEEN YOU AND LAYRD HEALTH AND THAT THESE LIMITATIONS ARE AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES. LAYRD HEALTH WOULD NOT BE ABLE TO PROVIDE THE SERVICES TO YOU ON AN ECONOMICALLY REASONABLE BASIS WITHOUT THESE LIMITATIONS.

9.5 Jurisdictional Limitations. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR CERTAIN TYPES OF DAMAGES. ACCORDINGLY, SOME OF THE ABOVE DISCLAIMERS AND LIMITATIONS MAY NOT APPLY TO YOU. TO THE EXTENT THAT LAYRD HEALTH MAY NOT, AS A MATTER OF APPLICABLE LAW, DISCLAIM ANY IMPLIED WARRANTY OR LIMIT ITS LIABILITIES, THE SCOPE AND DURATION OF SUCH WARRANTY AND THE EXTENT OF LAYRD HEALTH'S LIABILITY SHALL BE THE MINIMUM PERMITTED UNDER SUCH APPLICABLE LAW.

10. INDEMNIFICATION

10.1 Customer Indemnification. You agree to indemnify, defend, and hold harmless Layrd Health, its affiliates, and their respective officers, directors, employees, agents, licensors, and service providers (collectively, the "Layrd Health Parties") from and against any and all claims, demands, actions, suits, proceedings, liabilities, damages, losses, costs, and expenses (including reasonable attorneys' fees and court costs) (collectively, "Claims") arising out of or relating to: (a) your use or misuse of the Services; (b) your violation of these Terms; (c) your violation of any applicable law, regulation, or professional standard; (d) your Customer Data, including any claim that your Customer Data infringes or misappropriates the intellectual property rights of any third party or violates any applicable law or regulation; (e) your breach of any representation or warranty made under this Agreement; (f) any dispute between you and any third party, including patients, other Healthcare Providers, or vendors; (g) your integration of the Services with Third-Party Services; and (h) any claim arising from the acts or omissions of your Authorized Users.

10.2 Indemnification Procedure. Layrd Health shall promptly notify you in writing of any Claim for which it seeks indemnification under this Section, provided that failure to provide such notice shall not relieve you of your indemnification obligations except to the extent you are materially prejudiced by such failure. You shall have the right to assume the defense of any Claim with counsel of your choice; provided, however, that Layrd Health reserves the right to participate in the defense of any Claim at its own expense. You shall not settle any Claim in a manner that adversely affects the rights of Layrd Health without Layrd Health's prior written consent. Layrd Health shall cooperate with you, at your expense, in the defense of any Claim.

11. TERM AND TERMINATION

11.1 Term. This Agreement shall commence on the date you first accept these Terms or access the Services (the "Effective Date") and shall continue in effect until terminated in accordance with this Section (the "Term"). Unless otherwise specified in an applicable order form or agreement, subscription periods shall automatically renew for successive periods of the same duration unless either party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current subscription period.

11.2 Termination by Customer. You may terminate this Agreement at any time by discontinuing your use of the Services and closing your account. To close your account, you must submit a termination request through the designated account management interface or by contacting Layrd Health's customer support. Termination shall be effective upon Layrd Health's confirmation of account closure. You shall remain responsible for all Fees incurred prior to the effective date of termination, and no refunds shall be provided for any prepaid Fees.

11.3 Termination by Layrd Health. Layrd Health may terminate this Agreement or suspend your access to the Services at any time, with or without cause, upon notice to you. Without limiting the foregoing, Layrd Health may immediately terminate or suspend your access to the Services if: (a) you breach any provision of these Terms; (b) you fail to pay any Fees when due; (c) you engage in conduct that Layrd Health determines, in its sole discretion, may result in liability for Layrd Health or harm to the Services or other users; (d) your account has been inactive for an extended period; (e) Layrd Health is required to do so by law, regulation, or court order; or (f) Layrd Health discontinues the Services or any material portion thereof.

11.4 Effect of Termination. Upon termination or expiration of this Agreement: (a) all rights and licenses granted to you under this Agreement shall immediately terminate; (b) you shall immediately cease all use of the Services; (c) you shall pay all Fees that have accrued prior to the effective date of termination; (d) Layrd Health may delete or otherwise dispose of Customer Data in accordance with its data retention policies, unless otherwise required by applicable law; and (e) any provisions of this Agreement that by their nature should survive termination shall survive, including but not limited to Sections 4, 5.3, 6, 9, 10, 11.4, 12, 13, and 14.

11.5 Data Export. Upon your request made within thirty (30) days following termination or expiration of this Agreement, Layrd Health shall make Customer Data available to you for export in a standard, machine-readable format. After such thirty (30) day period, Layrd Health shall have no obligation to retain or provide Customer Data and may delete all Customer Data in its possession, unless otherwise required by applicable law.

12. DISPUTE RESOLUTION AND ARBITRATION

12.1 Informal Resolution. Before initiating any formal dispute resolution proceedings, you agree to first contact Layrd Health to attempt to resolve any dispute informally. You may contact Layrd Health by sending a written notice describing the nature of the dispute and your contact information to the address set forth in Section 14. Layrd Health shall respond to your notice within thirty (30) days. The parties shall engage in good faith negotiations for a period of at least sixty (60) days from the date of your initial notice before initiating any formal dispute resolution proceedings.

12.2 Binding Arbitration. IF THE PARTIES ARE UNABLE TO RESOLVE A DISPUTE THROUGH INFORMAL NEGOTIATIONS, ANY DISPUTE, CLAIM, OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SERVICES, INCLUDING THE DETERMINATION OF THE SCOPE OR APPLICABILITY OF THIS AGREEMENT TO ARBITRATE, SHALL BE DETERMINED BY BINDING ARBITRATION IN SAN FRANCISCO, CALIFORNIA, BEFORE A SINGLE ARBITRATOR. THE ARBITRATION SHALL BE ADMINISTERED BY JAMS PURSUANT TO ITS COMPREHENSIVE ARBITRATION RULES AND PROCEDURES AND IN ACCORDANCE WITH THE EXPEDITED PROCEDURES IN THOSE RULES. JUDGMENT ON THE AWARD MAY BE ENTERED IN ANY COURT HAVING JURISDICTION.

12.3 Class Action Waiver. YOU AND LAYRD HEALTH AGREE THAT EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. UNLESS BOTH YOU AND LAYRD HEALTH AGREE OTHERWISE, THE ARBITRATOR MAY NOT CONSOLIDATE MORE THAN ONE PERSON'S CLAIMS AND MAY NOT OTHERWISE PRESIDE OVER ANY FORM OF A REPRESENTATIVE OR CLASS PROCEEDING.

12.4 Exceptions. Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation, or violation of a party's copyrights, trademarks, trade secrets, patents, or other intellectual property rights. Additionally, either party may bring an individual action in small claims court if the claim qualifies for small claims court jurisdiction.

12.5 Arbitration Costs. Payment of all filing, administration, and arbitrator fees shall be governed by the JAMS rules. If you demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, Layrd Health will pay as much of the filing, administration, and arbitrator fees as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive. Each party shall bear its own attorneys' fees, except as otherwise provided by applicable law or the arbitrator's award.

12.6 Opt-Out. You may opt out of this arbitration provision by sending written notice of your decision to opt out to the address set forth in Section 14 within thirty (30) days after first accepting these Terms. Your notice must include your name, mailing address, and a clear statement that you want to opt out of this arbitration provision. If you opt out of this arbitration provision, Layrd Health also will not be bound by it.

13. GOVERNING LAW AND JURISDICTION

13.1 Governing Law. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, without giving effect to any choice or conflict of law provision or rule that would cause the application of the laws of any other jurisdiction. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Agreement.

13.2 Jurisdiction. Subject to Section 12 (Dispute Resolution and Arbitration), you agree that any judicial proceeding arising out of or relating to this Agreement or the Services shall be brought exclusively in the federal or state courts located in San Francisco County, California, United States of America. You hereby consent to the personal jurisdiction of such courts and waive any objection to venue in such courts.

14. GENERAL PROVISIONS

14.1 Entire Agreement. This Agreement, together with the Privacy Policy, Business Associate Agreement, and any applicable order forms or other agreements entered into between you and Layrd Health, constitutes the entire agreement between you and Layrd Health with respect to the subject matter hereof and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written, between you and Layrd Health with respect to such subject matter. In the event of any conflict between these Terms and any other agreement between you and Layrd Health, these Terms shall control unless the other agreement expressly states that it supersedes these Terms with respect to the specific conflicting provision.

14.2 Amendments. Layrd Health reserves the right to modify, amend, or update these Terms at any time in its sole discretion. If Layrd Health makes material changes to these Terms, Layrd Health will notify you by posting the updated Terms on Layrd Health's website, by email, or by other means reasonably calculated to provide notice. Material changes will become effective thirty (30) days after such notice, except that changes addressing new functions of the Services or changes made for legal reasons will be effective immediately. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Terms. If you do not agree to the updated Terms, you must discontinue your use of the Services.

14.3 Waiver. No failure or delay by Layrd Health in exercising any right, power, or remedy under this Agreement shall operate as a waiver thereof, nor shall any single or partial exercise of any right, power, or remedy preclude any other or further exercise thereof or the exercise of any other right, power, or remedy. Any waiver must be in writing and signed by an authorized representative of Layrd Health to be effective.

14.4 Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid, legal, and enforceable while preserving the intent of the parties. If such modification is not possible, the invalid, illegal, or unenforceable provision shall be severed from this Agreement, and the remaining provisions shall continue in full force and effect.

14.5 Assignment. You may not assign, transfer, or delegate this Agreement or any of your rights or obligations hereunder without the prior written consent of Layrd Health. Any purported assignment, transfer, or delegation in violation of this Section shall be null and void. Layrd Health may freely assign, transfer, or delegate this Agreement or any of its rights or obligations hereunder without restriction. This Agreement shall be binding upon and inure to the benefit of the parties and their respective successors and permitted assigns.

14.6 Relationship of the Parties. Nothing in this Agreement shall be construed to create a partnership, joint venture, employment, agency, or franchise relationship between you and Layrd Health. Neither party shall have the authority to bind the other party or incur obligations on behalf of the other party. Each party is an independent contractor, and this Agreement does not create any relationship of employment, agency, partnership, joint venture, or franchise between the parties.

14.7 Third-Party Beneficiaries. This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns. Nothing in this Agreement, express or implied, is intended to or shall confer upon any other person or entity any legal or equitable right, benefit, or remedy of any nature whatsoever under or by reason of this Agreement.

14.8 Force Majeure. Layrd Health shall not be liable for any failure or delay in performing its obligations under this Agreement if such failure or delay results from circumstances beyond Layrd Health's reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, riots, civil unrest, government actions, embargoes, epidemics, pandemics, fire, floods, earthquakes, labor disputes, power failures, telecommunications failures, internet service provider failures, cyberattacks, or other events beyond Layrd Health's reasonable control (each, a "Force Majeure Event"). In the event of a Force Majeure Event, Layrd Health's obligations shall be suspended for the duration of the Force Majeure Event, and Layrd Health shall use commercially reasonable efforts to resume performance as soon as reasonably practicable.

14.9 Notices. All notices, requests, demands, and other communications under this Agreement shall be in writing and shall be deemed to have been duly given: (a) upon delivery if delivered personally; (b) upon receipt if sent by certified or registered mail, return receipt requested, postage prepaid; (c) upon receipt if sent by a nationally recognized overnight courier; or (d) upon transmission if sent by email, provided that no error message is received indicating delivery failure. Notices to Layrd Health shall be sent to: Layrd Health, Inc., Attention: Legal Department, at the address published on Layrd Health's website. Notices to you shall be sent to the address or email address associated with your account.

14.10 Export Compliance. You agree to comply with all applicable export control laws and regulations of the United States and other countries. You represent and warrant that you are not located in, under the control of, or a national or resident of any country or territory that is subject to a U.S. government embargo, and that you are not identified on any U.S. government list of prohibited or restricted parties. You shall not export, re-export, or transfer the Services, directly or indirectly, to any country, entity, or person prohibited by applicable export laws.

14.11 Government End Users. If you are a U.S. government entity or if this Agreement becomes subject to the Federal Acquisition Regulations ("FAR"), you acknowledge that the Services constitute "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212, and are provided to U.S. government end users (a) only as commercial items and (b) with only those rights as are granted to all other end users under this Agreement.

14.12 Headings. The headings in this Agreement are for convenience of reference only and shall not affect the interpretation of this Agreement.

14.13 Construction. The parties acknowledge that they have had the opportunity to review this Agreement and have agreed to its terms. Accordingly, the normal rule of construction that any ambiguities are to be resolved against the drafting party shall not apply to this Agreement. The terms "include," "includes," and "including" shall be deemed to be followed by the phrase "without limitation."

14.14 Language. This Agreement is written in English. If this Agreement is translated into any other language, the English version shall control.

14.15 Electronic Signatures and Records. You agree that this Agreement and any other agreements, notices, or communications regarding your use of the Services may be provided to you electronically, and you consent to receive such agreements, notices, and communications in electronic form. Electronic signatures and records shall have the same legal effect as original signatures and paper records.

15. CONTACT INFORMATION

15.1 Questions and Support. If you have any questions about these Terms or the Services, or if you need to contact Layrd Health for any reason, you may contact us at:

16. ACKNOWLEDGMENT

BY USING THE SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS OF SERVICE. YOU FURTHER ACKNOWLEDGE THAT THESE TERMS OF SERVICE CONSTITUTE A COMPLETE AND EXCLUSIVE STATEMENT OF THE AGREEMENT BETWEEN YOU AND LAYRD HEALTH WITH RESPECT TO THE SERVICES, AND THAT THESE TERMS SUPERSEDE ANY PRIOR OR CONTEMPORANEOUS AGREEMENTS, COMMUNICATIONS, OR UNDERSTANDINGS, WHETHER ORAL OR WRITTEN, BETWEEN YOU AND LAYRD HEALTH WITH RESPECT TO THE SERVICES.

IF YOU DO NOT AGREE TO THESE TERMS, YOU MAY NOT ACCESS OR USE THE SERVICES.

This Business Associate Agreement ("BAA") is entered into as of the Effective Date of the Customer Terms of Service by and between the Customer identified in the Customer Terms of Service ("Covered Entity") and Layrd Health, Inc. ("Business Associate").

ARTICLE I - PREAMBLE AND DEFINITIONS

Section 1.01 Pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), Covered Entity and Business Associate enter into this BAA that addresses the HIPAA requirements with respect to "business associates," as defined under the privacy, security, breach notification and enforcement rules at 45 C.F.R. Part 160 and Part 164 ("HIPAA Rules"). A reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended.

Section 1.02 This BAA is intended to ensure that Business Associate will establish and implement appropriate safeguards for the Protected Health Information ("PHI") (as defined under the HIPAA Rules) that Business Associate may receive, create, maintain, use or disclose in connection with the functions, activities and services that Business Associate performs for Covered Entity under the Customer Terms of Service (the "Underlying Agreement").

Section 1.03 Pursuant to changes required under the Health Information Technology for Economic and Clinical Health Act of 2009 (the "HITECH Act") and under the American Recovery and Reinvestment Act of 2009 ("ARRA"), this BAA also reflects federal breach notification requirements imposed on Business Associate when "Unsecured PHI" (as defined under the HIPAA Rules) is acquired by an unauthorized party and the expanded privacy and security provisions imposed on business associates.

Section 1.04 Unless the context clearly indicates otherwise, the following terms in this BAA shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, disclosure, Electronic Media, Electronic Protected Health Information (ePHI), Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured PHI and use.

Section 1.05 A reference in this BAA to the Privacy Rule means the Privacy Rule, in conformity with the regulations at 45 C.F.R. Parts 160-164 (the "Privacy Rule") as interpreted under applicable regulations and guidance of general application published by the HHS, including all amendments thereto for which compliance is required, as amended by the HITECH Act, ARRA and the HIPAA Rules.

ARTICLE II - GENERAL OBLIGATIONS OF BUSINESS ASSOCIATE

Section 2.01 Business Associate agrees not to use or disclose PHI, other than as permitted or required by this BAA or as Required By Law, or if such use or disclosure does not otherwise cause a Breach of Unsecured PHI.

Section 2.02 Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI, to prevent use or disclosure of PHI other than as provided for by the BAA.

Section 2.03 Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result of a use or disclosure of PHI by Business Associate in violation of this BAA's requirements or that would otherwise cause a Breach of Unsecured PHI.

Section 2.04 Business Associate agrees to report to Covered Entity any Breach of Unsecured PHI not provided for by the BAA of which it becomes aware within thirty (30) calendar days of "discovery" within the meaning of the HITECH Act. Such notice shall include the identification of each individual whose Unsecured PHI has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed in connection with such Breach. In addition, Business Associate shall provide any additional information reasonably requested by Covered Entity for purposes of investigating the Breach and any other available information that Covered Entity is required to include to the individual under 45 C.F.R. 164.404(c) at the time of notification or promptly thereafter as information becomes available. Business Associate's notification of a Breach of Unsecured PHI under this Section shall comply in all respects with each applicable provision of section 13400 of Subtitle D (Privacy) of ARRA, the HIPAA Rules and related guidance issued by the Secretary or the delegate of the Secretary from time to time.

Section 2.05 Business Associate agrees, in accordance with 45 C.F.R. 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any Subcontractors that create, receive, maintain or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions and requirements that apply to the Business Associate with respect to such information.

Section 2.06 Business Associate agrees to make available PHI in a Designated Record Set to the Covered Entity or, as directed by the Covered Entity, to an individual, in the time and manner that allows the Covered Entity to meet the requirements under 45 C.F.R. 164.524.

Section 2.07 Business Associate agrees to make any amendments to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 C.F.R. 164.526, in a time and manner that allows the Covered Entity to meet the requirements under 45 C.F.R. 164.526.

Section 2.08 Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to satisfy Covered Entity's obligations under 45 C.F.R. 164.528.

Section 2.09 Business Associate agrees to make its internal practices, books and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and Breach of any Unsecured PHI received from Covered Entity, or created or received by the Business Associate on behalf of Covered Entity, available to Covered Entity (or the Secretary) for the purpose of Covered Entity or the Secretary determining compliance with the Privacy Rule (as defined in Section 1.05).

Section 2.10 To the extent that Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).

Section 2.11 Business Associate agrees to account for the following disclosures:

• (a) Business Associate agrees to maintain and document disclosures of PHI and Breaches of Unsecured PHI and any information relating to the disclosure of PHI and Breach of Unsecured PHI in a manner as would be required for Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
• (b) Business Associate agrees to provide to Covered Entity, or to an individual at Covered Entity's request, information collected in accordance with this Section 2.11, to permit Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
• (c) Business Associate agrees to account for any disclosure of PHI used or maintained as an Electronic Health Record (as defined in Article V) ("EHR") in a manner consistent with 45 C.F.R. 164.528 and related guidance issued by the Secretary from time to time; provided that an individual shall have the right to receive an accounting of disclosures of EHR by the Business Associate made on behalf of the Covered Entity only during the three years prior to the date on which the accounting is requested from Covered Entity.

Section 2.12 Business Associate agrees to comply with the "Prohibition on Sale of Electronic Health Records or Protected Health Information," as provided in section 13405(d) of Subtitle D (Privacy) of ARRA, and the "Conditions on Certain Contacts as Part of Health Care Operations," as provided in section 13406 of Subtitle D (Privacy) of ARRA and related guidance issued by the Secretary from time to time.

ARTICLE III - PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE

Section 3.01 General Uses and Disclosures. Business Associate agrees to receive, create, use or disclose PHI only in a manner that is consistent with this BAA, the Privacy Rule or Security Rule (as defined in Article V) and only in connection with the functions, activities and services that Business Associate performs for Covered Entity under the Underlying Agreement; provided that the use or disclosure would not violate the Privacy Rule, including 45 C.F.R. 164.504(e), if the use or disclosure would be done by Covered Entity. For example, the use and disclosure of PHI will be permitted for "treatment, payment and health care operations," in accordance with the Privacy Rule.

Section 3.02 Business Associate may use or disclose PHI as Required By Law.

Section 3.03 Business Associate agrees to make uses and disclosures and requests for PHI consistent with the Covered Entity's Minimum Necessary policies and procedures.

Section 3.04 Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 C.F.R. Part 164 if done by the Covered Entity.

Section 3.05 Except as otherwise limited by this BAA, Business Associate may use PHI for the proper management and administration of Business Associate or to carry out legal responsibilities of Business Associate.

Section 3.06 Except as otherwise limited by this BAA, Business Associate may disclose PHI for the proper management and administration of Business Associate; provided, that disclosures are Required By Law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

Section 3.07 Business Associate may use PHI to de-identify the information in accordance with 45 C.F.R. 164.514(a)-(c).

Section 3.08 Except as otherwise limited by this BAA, Business Associate may use and disclose PHI to provide Data Aggregation Services to Covered Entity as permitted by HIPAA.

Section 3.09 Business Associate may use PHI to report violations of Law to appropriate federal and state authorities consistent with 45 C.F.R. 164.502(j)(1).

ARTICLE IV - OBLIGATIONS OF COVERED ENTITY

Section 4.01 Covered Entity shall:

• (a) Provide Business Associate with the Notice of Privacy Practices that Covered Entity produces in accordance with the Privacy Rule, and any changes or limitations to such notice under 45 C.F.R. 164.520, to the extent that such changes or limitations may affect Business Associate's use or disclosure of PHI.
• (b) Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 C.F.R. 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI under this BAA.
• (c) Notify Business Associate of any changes in or revocation of permission by an individual to use or disclose PHI, if such change or revocation may affect Business Associate's permitted or required uses and disclosures of PHI under this BAA.

Section 4.02 Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy and Security Rule if done by Covered Entity, except as provided under Article III of this BAA.

ARTICLE V - COMPLIANCE WITH SECURITY RULE

Section 5.01 Effective April 20, 2005, Business Associate shall comply with the HIPAA Security Rule, which shall mean the Standards for Security of Electronic Protected Health Information at 45 C.F.R. Part 160 and Subparts A and C of Part 164, as amended by ARRA and the HITECH Act. The term "Electronic Health Record" or "EHR" as used in this BAA shall mean an electronic record of health-related information on an individual that is created, gathered, managed and consulted by authorized health care clinicians and staff.

Section 5.02 In accordance with the Security Rule, Business Associate agrees to:

• (a) Implement the administrative safeguards set forth at 45 C.F.R. 164.308, the physical safeguards set forth at 45 C.F.R. 164.310, the technical safeguards set forth at 45 C.F.R. 164.312, and the policies and procedures set forth at 45 C.F.R. 164.316 to reasonably and appropriately protect the confidentiality, integrity and availability of the ePHI that it creates, receives, maintains or transmits on behalf of Covered Entity as required by the Security Rule. Business Associate acknowledges that, effective on the Effective Date of this BAA, (a) the foregoing safeguards, policies and procedures requirements shall apply to Business Associate in the same manner that such requirements apply to Covered Entity, and (b) Business Associate shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. 1320d-5 and 1320d-6, as amended from time to time, for failure to comply with the safeguards, policies and procedures requirements and any guidance issued by the Secretary from time to time with respect to such requirements;
• (b) Require that any agent, including a Subcontractor, to whom it provides such PHI agrees to implement reasonable and appropriate safeguards to protect the PHI; and
• (c) Report to the Covered Entity any Security Incident of which it becomes aware.

Section 5.03 Business Associate maintains comprehensive security controls and compliance standards. For detailed information regarding Business Associate's security posture and compliance certifications, Covered Entity may refer to Business Associate's Trust Report available at: https://trust.delve.co/layrd.

ARTICLE VI - TERM AND TERMINATION

Section 6.01 The term of this BAA shall commence on the Effective Date, and unless earlier terminated in accordance with this Article VI, shall end upon the later of (a) the termination or expiration of the term of the Underlying Agreement and (b) the expiration of any post-termination data retention period under the Underlying Agreement during which Covered Entity is permitted to obtain copies of the PHI included in the Customer Data (as defined in the Underlying Agreement).

Section 6.02 Upon either party's knowledge of material breach by the other party, the non-breaching party shall provide an opportunity for the breaching party to cure the breach or end the violation, or terminate the BAA. If the breaching party does not cure the breach or end the violation within a reasonable timeframe not to exceed thirty (30) days from the notification of the breach, or if a material term of the BAA has been breached and a cure is not possible, the non-breaching party may terminate this BAA and the Underlying Agreement, upon written notice to the other party.

Section 6.03 Upon termination of this BAA for any reason, except as otherwise provided below in this Section 6.03, Business Associate shall return to Covered Entity or destroy all PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of Subcontractors of Business Associate. In the event that Business Associate determines that returning or destroying the PHI is not feasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Business Associate shall extend the protections of this BAA to such PHI and limit further Uses and Disclosures of PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.

ARTICLE VII - MISCELLANEOUS

Section 7.01 The parties agree to take such action as is necessary to amend this BAA to comply with the requirements of the Privacy Rule, the Security Rule, HIPAA, ARRA, the HITECH Act, the HIPAA Rules and any other applicable law.

1. DEFINITION OF CONFIDENTIAL INFORMATION

"Confidential Information" shall mean any non-public, proprietary, or confidential information disclosed by either party to the other, whether disclosed orally, in writing, electronically, or by any other means, including but not limited to: (a) trade secrets; (b) patient information and Protected Health Information (PHI); (c) business plans, strategies, and methodologies; (d) marketing plans and strategies; (e) financial data, projections, and reports; (f) technical information, including software, algorithms, source code, and documentation; (g) product designs, specifications, and roadmaps; (h) customer and vendor lists and information; (i) pricing information and fee structures; (j) employee information; (k) any information identified as confidential or proprietary at the time of disclosure; and (l) any information that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure.

2. OBLIGATIONS OF CONFIDENTIALITY

2.1 Each party agrees to: (a) maintain the confidentiality of the other party's Confidential Information using the same degree of care that it uses to protect its own confidential information of like kind, but in no event less than reasonable care; (b) not disclose the other party's Confidential Information to any third party except as expressly permitted under this Agreement; (c) use the other party's Confidential Information solely for the purpose of performing its obligations or exercising its rights under this Agreement; and (d) limit access to the other party's Confidential Information to those employees, agents, and contractors who have a need to know such information and who are bound by confidentiality obligations at least as protective as those contained herein.

2.2 Layrd Health agrees to maintain strict confidentiality regarding all proprietary and sensitive information of Customer and use it solely for the purpose of providing the Services under this Agreement. Layrd Health shall not disclose, reproduce, or use Customer's Confidential Information for any other purpose without prior written consent of Customer. Layrd Health's obligations regarding Protected Health Information (PHI) are further governed by the Business Associate Agreement set forth in Exhibit A.

3. EXCEPTIONS TO CONFIDENTIALITY

The obligations of confidentiality under this Exhibit shall not apply to information that: (a) is already known to the receiving party at the time of disclosure, as demonstrated by written records; (b) is or becomes publicly available through no fault or breach of this Agreement by the receiving party; (c) is rightfully received by the receiving party from a third party without restriction on disclosure and without breach of any obligation of confidentiality; (d) is independently developed by the receiving party without use of or reference to the disclosing party's Confidential Information, as demonstrated by written records; or (e) is required to be disclosed by law, regulation, court order, or other governmental authority, provided that the receiving party provides prompt written notice to the disclosing party of such requirement (to the extent legally permitted) so that the disclosing party may seek a protective order or other appropriate remedy.

4. RETURN OR DESTRUCTION OF CONFIDENTIAL INFORMATION

Upon request by the disclosing party or upon termination or expiration of this Agreement, the receiving party shall promptly: (a) return to the disclosing party all Confidential Information, including all copies, summaries, and extracts thereof; (b) return or destroy any hardware, equipment, or other tangible items provided by the disclosing party that contain or relate to such Confidential Information; and (c) if requested, certify in writing that all Confidential Information has been returned or destroyed. Notwithstanding the foregoing, the receiving party may retain copies of Confidential Information to the extent required by applicable law or regulation, or as part of its standard backup and archival procedures, provided that such retained information remains subject to the confidentiality obligations set forth herein.

5. DURATION OF CONFIDENTIALITY OBLIGATIONS

The obligations of confidentiality under this Exhibit shall survive the termination or expiration of this Agreement and shall continue for as long as the Confidential Information remains confidential, or for a period of five (5) years following termination or expiration of this Agreement, whichever is longer. With respect to trade secrets, the obligations of confidentiality shall continue for as long as such information qualifies as a trade secret under applicable law.

6. REMEDIES FOR BREACH

Each party acknowledges that any violation of the confidentiality obligations set forth in this Exhibit, including but not limited to the unauthorized disclosure, dissemination, or use of the other party's Confidential Information, trade secrets, or proprietary materials, may cause irreparable harm to the disclosing party for which monetary damages may be inadequate. Accordingly, in addition to any other remedies available at law or in equity, the disclosing party shall be entitled to seek injunctive relief, specific performance, and any other equitable remedies to prevent or remedy any breach or threatened breach of this Exhibit, without the necessity of proving actual damages or posting any bond or other security. Any unauthorized disclosure of Confidential Information may also result in immediate termination of this Agreement.

By signing below or by clicking "I Accept" or similar affirmative action, Customer acknowledges that Customer has read, understood, and agrees to be bound by:

1. The Customer Terms of Service set forth above;
2. The Business Associate Agreement set forth in Exhibit A;
3. The Confidentiality and Non-Disclosure Provisions set forth in Exhibit B; and
4. Layrd Health's Privacy Policy, available at https://thelayrd.com.

Customer further acknowledges that these documents constitute the complete and exclusive statement of the agreement between Customer and Layrd Health with respect to the Services, and that these documents supersede any prior or contemporaneous agreements, communications, or understandings, whether oral or written.

Electronic acceptance (clicking "I Accept" or similar action) shall have the same legal effect as an original signature.