Skip to content

TERMS AND CONDITIONS

TERMS AND CONDITIONS

Last Modified: May 1, 2026

These Terms of Service (this "Agreement") is a binding contract between You ("Customer," "Authorized User," "Client," "you," or "your") and Z3 Holdings LLC dba RISEDDS dba Z3 Florida LLC, and Regenero Solutions LLC ("Provider," "we," "our," or "us"). This Agreement governs your access to and use of our Website, Platform, related web pages, all products, and all services, which you may desire to use or access.

This Agreement covers all services provided by Z3 Holdings LLC dba RISEDDS ("Z3 Holdings" or "Rise") and Regenero Solutions LLC ("Regenero"), a wholly-owned subsidiary of Z3 Holdings LLC. Both entities are joint service providers under this Agreement. References to "Provider," "we," "our," "us," or "Rise" include both Z3 Holdings LLC and Regenero Solutions LLC, their officers, directors, employees, contractors, agents, vendors, and any third-party service providers or call center partners.

These platforms and services may involve access to, receipt of, processing of, and disclosure of Protected Health Information (PHI), personal information, call recordings, and other confidential data provided by Customer. By using any of these services or platforms, you agree to all terms set forth herein.

BRAND LICENSING AND CORPORATE STRUCTURE

RiseMD is a brand licensed to Z3 Holdings LLC. The RiseMD trademark and branding are owned by Rise MD LLC and are used by Z3 Holdings LLC pursuant to a valid brand license agreement. RiseDDS is a brand owned and operated by Z3 Holdings LLC. Regenero Solutions LLC is a wholly-owned subsidiary of Z3 Holdings LLC and operates Rise Recall and international scheduling services under the Rise brands. All services (Rise Platform, Rise Marketing, Rise Analytics, Rise Recall, Rise Maps, and related services) are provided by Z3 Holdings LLC and/or Regenero Solutions LLC. You acknowledge that these are licensed or owned brands and that your use of these brands is limited to accessing the services provided by Z3 Holdings LLC and Regenero Solutions LLC in accordance with these Terms.

YOU AUTOMATICALLY AGREE TO THESE TERMS OF SERVICE AND PRIVACY POLICY BY USING OR LOGGING INTO THE PROVIDER WEBSITE OR SERVICES AND/OR ENTERING INTO A SERVICE AGREEMENT WITH US. BY ACCESSING OR USING THE PROVIDER SERVICES OR WEBSITE YOU (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT AND, IF ENTERING INTO THIS AGREEMENT FOR AN ORGANIZATION, THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ORGANIZATION; AND (C) ACCEPT THIS AGREEMENT AND AGREE THAT YOU ARE LEGALLY BOUND BY ITS TERMS.

IF YOU DO NOT ACCEPT THESE TERMS, YOU MAY NOT ACCESS OR USE THE PROVIDER SERVICES OR WEBSITE. CONTINUED USE WILL BE CONSIDERED ACCEPTANCE OF THESE TERMS OF SERVICE.

Please carefully read these Terms. By entering into a service agreement with us, you signify that you have read, understood, and agree to be bound by the Terms, which hereby also incorporate the following:

  1. the provisions of these Terms and Conditions, or Terms of Service;
  2. the Business Associate Agreement referenced below in the HIPAA Business Associate Agreement Addendum, in Exhibit A (the "BAA Addendum" or "BAA");
  3. the Provider Privacy Policy (the "Privacy Policy"); and
  4. any additional guidelines and any future modification to any of the foregoing that may be issued by Provider from time to time.

1. Definitions.

"Authorized User(s)," "Customer," or "Client" used interchangeably means an entity or individual, including their representatives, employees, consultants, contractors, and agents, who is authorized to access and use the Provider services or website under the rights granted pursuant to this Agreement or related Service Agreement.

"Customer Data" means information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or any other Authorized User to the Provider services or website.

"Platform" means the digital and online platform operated by Provider and accessible via Provider's website or through any other designated digital means, which facilitates Users, including Authorized Users, designed for marketing attribution, demographic analysis, and patient, competition mapping, including but not limited to Rise Recall, Rise Platform, or Rise products or solutions. The Platform includes, but is not limited to, all software, applications, interfaces, associated media, documentation, updates, and upgrades that are provided or made available to Customer and Authorized Users by Provider.

"Provider IP" means all intellectual property owned by or licensed to Provider, including, without limitation, all patents, patent applications, trademarks, service marks, trade names, copyrights, trade secrets, and any other proprietary rights, as well as all software, technology, algorithms, databases, methodologies, and processes used or developed by Provider in connection with providing the Provider services or website including any updates, enhancements, or modifications thereto, as well as all related documentation and materials provided or made available by Provider.

"Provider Personnel" means all officers, directors, members, managers, employees, independent contractors (including 1099 contractors), subcontractors, agents, consultants, vendors, partners, and any other individuals or entities performing work for, on behalf of, or in connection with Z3 Holdings LLC, regardless of the nature of their engagement or contractual relationship with Z3 Holdings LLC.

"Provider Indemnified Parties" means Z3 Holdings LLC, Regenero Solutions LLC, and all Provider Personnel, collectively.

"Provider services or website" means the Rise Web-based, AI-powered platform and any and all related web pages thereto.

"Service Agreement" means a separate contractual agreement entered into between the Customer and the Provider, outlining the specific terms, conditions, and obligations related to the provision of services by the Provider to the Customer. The Service Agreement may detail the scope of services, service fees, payment terms, duration, and other relevant provisions agreed upon by the parties in connection with the use of the Provider services or website.

2. Access and Use.

2.1 Provision of Access. Subject to the terms and conditions of this Agreement, Provider hereby grants you a revocable, non-exclusive, non-transferable, non-sublicensable, limited right to access and use the Provider services or website in accordance with the terms and conditions herein.

2.2 Account. You may be required to create an account and specify a password in order to use certain services or features on the Provider services or website. To create an account, you must be at least 18 years old and you must provide truthful and accurate information about yourself.

2.3 Use Restrictions. You shall not and shall not permit any Authorized Users to use the Platform in any manner that is not expressly authorized by this Agreement. Specifically, the Authorized Users shall not: (i) copy, reproduce, modify, distribute, display, perform, publish, license, create derivative works from, transfer, or sell any information, software, products, or services obtained from the Platform; (ii) access or attempt to access any systems or servers on which the Platform is hosted, or modify or alter the Platform in any way; (iii) use the Platform for any purpose that is unlawful, prohibited by this Agreement, or infringe on the rights of Provider, its customers, or any third party; (iv) use the Platform to post or transmit any material that is inappropriate, offensive, defamatory, infringing, obscene, or unlawful; (v) use the Platform to advertise or offer to sell goods and services for any commercial purpose, unless specifically permitted by Provider; (vi) gather, collect, or store personal information about others without their explicit consent; or (vii) use the Platform for any purpose that could damage, disable, overburden, or impair any Provider server, or the network(s) connected to any Provider server, or interfere with any other party's use and enjoyment of the Platform. The Authorized User acknowledges that failure to adhere to these use restrictions may result in termination of access to the Platform, legal action, and/or other measures deemed necessary by Provider.

2.4 Right to Ban. Provider reserves the right, at its sole discretion, to ban any Customer or Authorized User from the Platform and to terminate their access to the Provider Services and Website for violating any of the terms of this Agreement or other applicable Platform Rules, as may be amended from time to time, including but not limited to the Use Restrictions and Acceptable Use Policy. Such ban may be temporary or permanent, as determined by Provider. The decision to ban a Customer or Authorized User and the duration of such ban shall be made by Provider in its sole discretion. Upon imposing such a ban, Provider shall notify the affected Customer or Authorized User of the decision and the reason for the ban. This right is in addition to any other rights and remedies available to Provider under this Agreement or applicable law.

2.5 Aggregated Statistics. Notwithstanding anything to the contrary in this Agreement, Provider may monitor Customer's use of the Provider services or website and collect and compile data and information related to your and the Authorized Users' use of the Provider services or website to be used by Provider in an aggregated and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Provider services or website ("Aggregated Statistics"). As between Provider and Customer, all right, title, and interest in Aggregated Statistics, and all intellectual property rights therein, belong to and are retained solely by Provider. You acknowledge that Provider may compile Aggregated Statistics based on Customer Data input into the Provider Services and Website. You agree that Provider may (i) make Aggregated Statistics publicly available in compliance with applicable law, and (ii) use Aggregated Statistics to the extent and in the manner permitted under applicable law.

2.6 Reservation of Rights. Provider reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, Customer or any third party any intellectual property rights or other right, title, or interest in or to the Provider IP.

3. Customer Responsibilities.

3.1 Acceptable Use Policy. The Platform is designed to provide marketing attribution, demographic analysis, patient and competition mapping, and related business intelligence services. As such, the Platform may be used solely for lawful business purposes consistent with the Platform's intended functionality. All users must comply with all applicable laws, regulations, and this Agreement in their use of the Platform. Specifically, users shall not use the Platform to:

  1. Engage in any illegal activity or the promotion of illegal activities, including but not limited to copyright infringement, trademark infringement, or the unauthorized use of intellectual property.
  2. Submit, input, or otherwise make available through the Platform any data or information that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, invasive of another's privacy, hateful, or racially, ethnically, or otherwise objectionable.
  3. Manipulate, falsify, or disguise the origin or authenticity of any data or information transmitted through the Platform.
  4. Input, submit, or otherwise make available through the Platform any data or information that the user does not have a right to use or disclose under any law or under contractual or fiduciary relationships (such as inside information, proprietary, and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements).
  5. Use the Platform in any manner that negatively affects other users' ability to access or use the Platform's services and functionality.
  6. Interfere with or disrupt the Platform, servers, or networks connected to the Platform, or disobey any requirements, procedures, policies, or regulations of networks connected to the Platform.

By accessing or using the Platform, you agree to comply with these guidelines and to use the Platform in a manner consistent with its intended purpose in a respectful, lawful, and professional manner.

3.2 Account Use. You are responsible and liable for all uses of the Provider services or website resulting from access provided by you, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, you are responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by you will be deemed a breach of this Agreement by you. You shall use reasonable efforts to make all Authorized Users aware of this Agreement's provisions as applicable to such Authorized User's use of the Provider services or website and shall cause Authorized Users to comply with such provisions.

3.3 Customer Data. You hereby grant Provider a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Provider to provide the Provider services or website to you.

3.4 De-Identification and Aggregation of Data. Provider may, in connection with the services provided under this Agreement, de-identify Protected Health Information and other Customer Data in accordance with the standards set forth in 45 CFR 164.514, including the safe harbor method (removal of all eighteen (18) categories of identifiers) or the expert determination method. Once data has been de-identified in accordance with 45 CFR 164.514, it shall no longer constitute Protected Health Information and may be used, disclosed, and retained by Provider without restriction for any lawful purpose, including but not limited to product improvement, analytics, research, benchmarking, and the creation of Aggregated Statistics as described in Section 2.5. Provider may also aggregate de-identified data with data from other sources and customers. Customer acknowledges and agrees that de-identified and aggregated data derived from Customer Data is the exclusive property of Provider.

3.5 Customer Data Minimization Obligation. Customer acknowledges and agrees that it shall transmit, submit, or otherwise make available to Provider only the minimum amount of Protected Health Information ("PHI") that is reasonably necessary for Provider to perform the specific services contemplated under this Agreement and any applicable Service Agreement. Customer shall not submit, upload, or transmit to Provider any PHI or other sensitive data that is not directly required for the services being performed. In the event Customer provides PHI in excess of what is reasonably necessary for Provider's services, Customer shall bear sole and exclusive responsibility for any exposure, breach, unauthorized access, or unauthorized disclosure of such excess PHI, and Customer's indemnification and hold harmless obligations under Sections 11 and 12 of this Agreement and Section VI of the BAA Addendum shall apply in full to any claims, losses, damages, fines, penalties, or costs arising from or related to such excess PHI. Provider shall have no liability whatsoever for excess PHI that Customer transmits in violation of this Section. Customer further agrees to cooperate with Provider in identifying the minimum necessary data fields and data sets required for the services, and to promptly comply with any reasonable request by Provider to reduce the scope or volume of PHI being transmitted.

3.6 Customer Credential and Breach Reporting Obligation. Customer shall notify Provider in writing within seventy-two (72) hours of becoming aware of, or having reasonable grounds to suspect, any of the following: (i) unauthorized access to or use of Customer's account credentials, login information, or access tokens for the Platform; (ii) unauthorized access to or compromise of Customer's patient management system, electronic health record ("EHR") system, or any other system from which PHI is transmitted to Provider; (iii) any suspected or confirmed breach, unauthorized access, or unauthorized disclosure of PHI that is in Customer's possession or control and that has been or may be transmitted to Provider; or (iv) any security incident, cyberattack, or malware infection affecting Customer's systems that could reasonably be expected to impact the security of PHI transmitted to or accessible by Provider. In the event Customer fails to provide timely notification as required under this Section, Provider shall be relieved of any liability, obligation, or responsibility to the extent that Customer's failure to notify caused, contributed to, or worsened the impact of any resulting breach or security incident. Customer shall indemnify, defend, and hold harmless all Provider Indemnified Parties from and against any and all additional losses, damages, liabilities, fines, penalties, costs, and expenses (including reasonable attorneys' fees) attributable to or arising from Customer's failure to provide timely notification under this Section.

3.7 Passwords and Access Credentials. You are responsible for keeping your passwords and access credentials associated with the Provider services or website confidential. You will not sell or transfer them to any other person or entity. You will promptly notify us about any unauthorized access to your passwords or access credentials.

3.8 Support. This Agreement does not entitle you to any support, maintenance, upgrades, or modifications for the Provider Services and Website.

3.9 Service Fee. In consideration of Provider's access grant, Customer shall pay to Provider the service fee in accordance with Service Agreement, which is incorporated herein by reference. The service fee must be paid by Customer in accordance with the payment terms set forth in the Service Agreement. Failure to make timely payments may result in suspension or termination of access to the Provider Services and Website, at Provider's sole discretion. This shall be in addition to any and all other remedies available under this Agreement, the Service Agreement, or law.

4. Acknowledgment of Inherent Risk in PHI Handling.

Customer acknowledges and agrees that the processing, storage, transmission, and handling of Protected Health Information ("PHI") inherently involves risk. No system, platform, technology, or security protocol — regardless of sophistication — is completely immune from unauthorized access, breach, cyberattack, human error, or other security incidents. By engaging Provider's services and authorizing Provider to access, receive, and process PHI in connection with the services contemplated under this Agreement, Customer expressly accepts the inherent risks associated with PHI handling. Customer further acknowledges that Provider's obligation is to implement and maintain commercially reasonable administrative, physical, and technical safeguards consistent with industry standards and the requirements of the HIPAA Rules, and that such obligation does not constitute a guarantee that a breach, unauthorized disclosure, or security incident will not occur. This acknowledgment shall not be construed to limit or waive any of Customer's indemnification obligations, hold harmless obligations, or other responsibilities set forth in this Agreement or the BAA Addendum.

5. Confidential Information.

During the term of this Agreement and thereafter, Customer shall maintain the confidentiality of any proprietary or confidential information disclosed by us ("Confidential Information") using the highest degree of care to prevent unauthorized use or disclosure. Confidential Information shall include, but is not limited to, any and all information related to our business, products, services, research, development, pricing, technology, algorithms, methodologies, source code, software, employees, customers, customer data, marketing plans, strategies, and any information designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Notwithstanding the foregoing, Confidential Information does not include information that: (a) was publicly known and made generally available in the public domain prior to the time of disclosure by us, as evidenced by written records; (b) becomes publicly known and made generally available after disclosure by us through no action or inaction of Customer or your representatives; (c) was already in the possession of Customer at the time of disclosure by us, as evidenced by Customer's written records dated prior to the time of disclosure and that was not obtained directly or indirectly from us; (d) is obtained by Customer from a third party who had a lawful right to disclose such information without any obligation of confidentiality. Customer shall not, during the term of this Agreement or the Service Agreement, whichever is later, and for a period of five (5) years after its termination or expiration (or indefinitely for information constituting trade secrets under applicable law), (i) disclose any Confidential Information to any third party without our prior written consent, or (ii) use any Confidential Information for any purpose other than performance under this Agreement. Customer shall not reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code or underlying ideas or algorithms of any Confidential Information. Customer shall ensure that all Authorized Users, employees, contractors, and agents who have access to Confidential Information are bound by written confidentiality obligations at least as protective as those set forth in this Agreement prior to being granted such access. Upon termination or expiration of this Agreement or Service Agreement, or upon our written request, Customer shall immediately return or destroy (at our election) all Confidential Information and any copies thereof in any form or medium. Customer acknowledges that any breach or threatened breach of this Section may cause irreparable harm to us for which monetary damages would be an inadequate remedy, and that we shall be entitled to seek equitable relief, including injunctive relief and specific performance, without the necessity of proving actual damages or posting a bond, in addition to all other remedies available at law or in equity.

6. Privacy Policy.

Provider complies with its privacy policy available at https://risedds.com/privacy-policy/ ("Privacy Policy") in providing the Provider Services and Website. The Privacy Policy is subject to change as described therein. By accessing, using, and providing information to or through the Provider Services and Website, you acknowledge that you have reviewed and accepted our Privacy Policy, and you consent to all actions taken by us with respect to your information in compliance with Privacy Policy, as may be amended from time to time.

7. Intellectual Property Ownership; Feedback.

7.1 Provider IP. As between you and us, we own all right, title, and interest, including all intellectual property rights, in and to the Provider IP.

7.2 Feedback. If you or any of your employees, contractors, or agents sends or transmits any communications or materials to us by mail, email, telephone, or otherwise, suggesting or recommending changes to the Provider Services and Website, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like ("Feedback"), we are free to use such Feedback irrespective of any other obligation or limitation between you and us governing such Feedback. All Feedback is and will be treated as non-confidential. You hereby assign to us on your behalf, and shall cause your employees, contractors, and agents to assign, all right, title, and interest in, and we are free to use, without any attribution or compensation to you or any third party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although we are not required to use any Feedback.

8. Disclaimer of Warranties.

THE PROVIDER IP IS PROVIDED "AS IS" AND PROVIDER HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. PROVIDER SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. PROVIDER MAKES NO WARRANTY OF ANY KIND THAT THE PROVIDER IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET YOUR OR ANY OTHER PERSON'S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.

9. Marketing Disclaimer.

Customer acknowledges and agrees that any form of marketing facilitated through the use of Provider's services or website is inherently speculative. Provider makes no guarantees, representations, or warranties regarding the success, effectiveness, or results of any marketing activities conducted through the Platform. Customer assumes all risks associated with marketing endeavors and understands that outcomes may vary significantly.

10. Artificial Intelligence Disclaimer.

Notwithstanding the foregoing, Z3 Holdings LLC expressly disclaims any warranty, representation, or liability related to or arising out of the Artificial Intelligence (AI) functionalities and services integrated within the Provider Services and Website, including but not limited to, the accuracy, reliability, or correctness of AI-generated content or predictions. The AI functionalities are provided "AS IS" and "AS AVAILABLE" for your use, without warranties of any kind, either express or implied, including all implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement. In no event will Z3 Holdings LLC be liable for any direct, indirect, incidental, consequential, special, exemplary, punitive, or any other damages or losses, including but not limited to loss of profits, revenue, data, or use, incurred by you or any third party, whether in an action in contract or tort, arising from your access to, or use of, the AI functionalities or any other part of the Provider Services and Website. Z3 Holdings LLC does not assume any responsibility, and will not be liable, for any damages to, or viruses that may infect, your computer equipment or other property on account of your access to, use of, or browsing in the Provider Services and Website or your downloading of any materials, data, text, images, video, or audio from the Provider Services and Website. The use of AI functionalities within the Provider Services and Website is at your own discretion and risk, and you are solely responsible for any damage to your computer system or loss of data that results from the use of such AI functionalities.

11. Indemnification.

(a) Customer Indemnification Obligation. Customer shall indemnify, hold harmless, and, at Provider's option, defend all Provider Indemnified Parties from and against any losses, damages, liabilities, or costs (including reasonable attorneys' fees and costs of defense) resulting from any third-party claim, suit, action, or proceeding ("Third-Party Claim") arising out of or related to:

(i) the negligence or willful misconduct of Customer, its employees, contractors, or agents;

(ii) use of Provider IP in a manner not authorized by this Agreement;

(iii) use of Provider IP in combination with data, software, hardware, equipment, or technology not provided by Provider or authorized by Provider in writing;

(iv) Customer's failure to obtain any required patient consents, authorizations, or approvals necessary for Provider's access to or use of Protected Health Information ("PHI") as contemplated under this Agreement;

(v) Customer's provision to Provider of inaccurate, incomplete, or unauthorized PHI;

(vi) Customer's transmission of PHI in excess of the minimum necessary as described in Section 3.5; or

(vii) any violation by Customer of applicable federal or state privacy or data security laws, including but not limited to the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), and any regulations promulgated thereunder, to the extent such violation gives rise to a Third-Party Claim against any Provider Indemnified Party.

(b) No Provider Indemnification. For the avoidance of doubt, nothing in this Agreement shall be construed as an obligation of Provider or any Provider Indemnified Party to indemnify, hold harmless, or defend Customer against any claims, losses, damages, liabilities, or costs of any kind, except as may be expressly set forth in a separate written agreement executed by an authorized officer of Z3 Holdings LLC.

(c) Notice of Claims. In the event Provider seeks indemnification or defense from Customer under this provision, Provider shall notify Customer in writing within thirty (30) calendar days of Provider's becoming aware of such Third-Party Claim. Notwithstanding the foregoing, any failure or delay by Provider to provide such notice shall not relieve Customer of its indemnification obligations hereunder except to the extent Customer demonstrates that it was materially prejudiced by such failure or delay.

(d) Control of Defense. Provider reserves the right, at its option and in its sole discretion, to assume full control of the defense of any Third-Party Claim with legal counsel of Provider's choice. In the event Provider exercises this right, Customer shall remain responsible for all reasonable costs and expenses incurred in connection with such defense, including but not limited to attorneys' fees, expert witness fees, and court costs.

(e) Settlement Restrictions. Customer may not enter into any third-party agreement that would, in any manner whatsoever, affect the rights of any Provider Indemnified Party, constitute an admission of fault by any Provider Indemnified Party, or bind any Provider Indemnified Party in any manner, without Provider's prior written consent.

(f) HIPAA and PHI Hold Harmless. Customer acknowledges that Provider accesses, receives, and processes Protected Health Information ("PHI") solely in connection with the services described in this and any Provider agreement and in accordance with any applicable Business Associate Agreement ("BAA") between the parties. Customer shall indemnify, defend, and hold all Provider Indemnified Parties completely harmless from and against any and all claims, demands, actions, investigations, proceedings, fines, penalties, sanctions, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees, regulatory defense costs, forensic investigation costs, notification costs, credit monitoring costs, and costs of remediation) arising out of or in any way related to:

(i) any actual or alleged breach, unauthorized access, unauthorized disclosure, or loss of PHI, regardless of cause, including but not limited to breaches resulting from the acts or omissions of Customer, Customer's employees, agents, contractors, subcontractors, or any third party other than Provider;

(ii) any investigation, audit, enforcement action, or proceeding initiated by the U.S. Department of Health and Human Services ("HHS"), the Office for Civil Rights ("OCR"), any state attorney general, or any other federal, state, or local regulatory body relating to the privacy or security of PHI, to the extent such investigation, audit, enforcement action, or proceeding arises from or is attributable to Customer's acts, omissions, systems, policies, or practices;

(iii) any failure by Customer to comply with any applicable provision of HIPAA, the Health Information Technology for Economic and Clinical Health Act ("HITECH"), or any federal or state law, rule, or regulation governing the privacy, security, or breach notification of PHI or personally identifiable health information;

(iv) any claim by a patient, data subject, or third party alleging unauthorized use or disclosure of PHI, to the extent such use or disclosure resulted from Customer's failure to implement adequate administrative, physical, or technical safeguards, or Customer's failure to obtain required consents or authorizations; or

(v) any inaccuracy, deficiency, or unauthorized content in the PHI or other data provided by Customer to Provider, including data transmitted from Customer's patient management system, electronic health record ("EHR") system, or any other source under Customer's control.

This hold harmless obligation applies regardless of whether any Provider Indemnified Party is named as a party, co-respondent, or target in any such claim, investigation, or proceeding, and regardless of any concurrent negligence or alleged fault of any Provider Indemnified Party, except to the extent a court of competent jurisdiction determines by final, non-appealable judgment that such claim arose solely and directly from Provider's gross negligence or willful misconduct.

(g) Survival. The obligations set forth in this Indemnification section shall survive the expiration or termination of this Agreement for any reason, and shall remain in full force and effect with respect to any Third-Party Claims arising out of or related to events occurring during the term of this Agreement.

12. Personnel Liability Shield; Covenant Not to Sue.

(a) Claims Against Provider Entity Only. Customer acknowledges and agrees that any and all claims, demands, actions, suits, or proceedings arising out of or related to this Agreement, the services provided hereunder, or the access, use, processing, storage, or disclosure of Protected Health Information or Customer Data, shall be brought solely and exclusively against Z3 Holdings LLC as a legal entity. Customer expressly waives, and covenants not to assert, any right to bring any claim, demand, action, suit, or proceeding — whether in contract, tort (including negligence), strict liability, statutory violation, or otherwise — directly against any Provider Personnel in their individual or personal capacity for any act or omission occurring within the scope of such individual's work for, or on behalf of, Z3 Holdings LLC.

(b) Covenant Not to Sue Provider Personnel. Customer irrevocably covenants and agrees that it shall not, and shall cause its officers, directors, employees, agents, contractors, successors, and assigns not to, commence, join, participate in, assist, or fund (whether directly or indirectly) any claim, action, suit, arbitration, proceeding, investigation, or complaint against any Provider Personnel in their individual or personal capacity arising out of or related to this Agreement, the BAA Addendum, or the services provided hereunder. This covenant extends to claims of any nature, including but not limited to claims arising under HIPAA, HITECH, any federal or state privacy or data security law, common law negligence, breach of fiduciary duty, or any other legal or equitable theory. Customer further agrees not to seek to add, name, join, or implead any Provider Personnel as a party, third-party defendant, cross-defendant, or co-respondent in any action, suit, arbitration, or proceeding relating to this Agreement or the services provided hereunder.

(c) Exception. The protections set forth in Sections 12(a) and 12(b) shall not apply if, and only if, Z3 Holdings LLC provides its express prior written consent, signed by an authorized officer of Z3 Holdings LLC, specifically identifying the individual Provider Personnel against whom a claim may be brought and the scope of such permitted claim. No such consent shall be implied, and no course of dealing, verbal authorization, or email communication shall constitute the required written consent under this Section.

(d) Insider Threat and Rogue Actor Limitation. Customer acknowledges that Provider engages independent contractors (including 1099 contractors), subcontractors, and other third-party service providers to perform substantial portions of the services contemplated under this Agreement, and that such engagement is a known and accepted element of Provider's business model. In the event that any Provider Personnel engages in unauthorized conduct — including but not limited to unauthorized access to, use of, disclosure of, theft of, or tampering with Protected Health Information or Customer Data — where such conduct is outside the scope of such individual's authorized duties, constitutes a violation of Provider's internal policies, or is undertaken without Provider's knowledge or authorization (each, a "Rogue Actor Event"), the following shall apply:

(i) Provider's liability for any Rogue Actor Event shall be limited exclusively to the contractual remedies set forth in this Agreement, including the liability cap set forth in Section 15, and Customer expressly waives any claim for punitive, exemplary, or multiplied damages arising from a Rogue Actor Event;

(ii) Customer acknowledges that a Rogue Actor Event does not, standing alone, constitute gross negligence or willful misconduct by Z3 Holdings LLC as an entity, provided that Z3 Holdings LLC maintained commercially reasonable administrative, physical, and technical safeguards, including reasonable workforce screening, access controls, and monitoring procedures, at the time of the Rogue Actor Event;

(iii) Provider shall use commercially reasonable efforts to investigate, contain, and remediate any Rogue Actor Event promptly upon discovery, and shall cooperate with applicable law enforcement and regulatory authorities as required by law; and

(iv) Customer's sole and exclusive remedy for a Rogue Actor Event shall be as set forth in Section 16 (Exclusive Remedy) of this Agreement, and all claims arising from a Rogue Actor Event shall be subject to the limitations and caps set forth in Sections 15 and 16.

(e) Indemnification of Provider Personnel. Customer's indemnification obligations under Section 11 of this Agreement and Section VI of the BAA Addendum extend to and expressly cover all Provider Personnel in their individual capacities. Any claim, investigation, or proceeding brought or threatened against any Provider Personnel arising out of or related to this Agreement or the services provided hereunder shall be subject to Customer's indemnification, defense, and hold harmless obligations to the same extent as if such claim had been brought against Z3 Holdings LLC directly.

(f) Enforceability. Customer acknowledges that this Section 12 is a material inducement for Provider to enter into this Agreement and to provide the services contemplated herein, and that Provider and all Provider Personnel are intended third-party beneficiaries of the covenants set forth herein. Any breach of this Section 12 shall constitute a material breach of this Agreement, and Z3 Holdings LLC and/or the affected Provider Personnel shall be entitled to seek injunctive relief, specific performance, and all damages (including reasonable attorneys' fees) arising from such breach, without the necessity of proving actual damages or posting a bond.

13. Subcontractor and Partner Liability.

(a) Acknowledgment of Contractor Model. Customer acknowledges and agrees that Z3 Holdings LLC utilizes independent contractors (including 1099 contractors), subcontractors, vendors, technology partners, and other third-party service providers (collectively, "Provider Subcontractors") to perform substantial portions of the services contemplated under this Agreement, including services that may involve the access, receipt, processing, storage, or transmission of Protected Health Information. Customer consents to this business model and acknowledges that the use of Provider Subcontractors is an integral and accepted component of Provider's service delivery.

(b) Liability for Provider Subcontractors. Provider's total aggregate liability for the acts, omissions, errors, negligence, or misconduct of any Provider Subcontractor shall be subject to the same limitations, exclusions, and liability caps that apply to Provider under Sections 15 and 16 of this Agreement and Section VI(b) of the BAA Addendum. In no event shall Provider's liability for the acts or omissions of any Provider Subcontractor exceed the total liability cap set forth in Section 15 of this Agreement.

(c) No Direct Claims Against Provider Subcontractors. Customer agrees that its sole and exclusive recourse for any claim arising from the acts or omissions of any Provider Subcontractor shall be against Z3 Holdings LLC as the contracting entity, and Customer shall not bring, commence, join, participate in, assist, or fund any claim, action, suit, or proceeding directly against any Provider Subcontractor unless Z3 Holdings LLC provides its express prior written consent in accordance with Section 12(c). This restriction applies regardless of whether Customer has a direct or indirect relationship with any Provider Subcontractor, and regardless of the legal theory on which such claim is based.

(d) Subcontractor Safeguards. Provider shall require all Provider Subcontractors who access, receive, create, maintain, or transmit Protected Health Information on behalf of Provider to enter into written agreements imposing privacy, security, and confidentiality obligations that are no less protective than those set forth in this Agreement and the BAA Addendum prior to being granted access to Protected Health Information. Provider's compliance with this Section 13(d) shall constitute Provider's sole obligation with respect to Provider Subcontractor oversight, and Provider shall not be required to guarantee or warrant the performance of any Provider Subcontractor beyond the exercise of commercially reasonable diligence in selection, contracting, and periodic oversight.

14. Limitation of Liability for IT and Communication Issues.

Provider shall not be held liable for any issues related to Customer IT systems, including but not limited to the failure of contact forms to be received through the website, or any disruptions in the functionality of the Client's website, social media profiles, including but not limited to Google My Business or Google Business profiles. The Client acknowledges and agrees that it is solely responsible for ensuring the proper operation of its IT systems and any associated contact forms, and any lost revenue or damages arising from such IT or communication issues shall be the sole responsibility of the Client and its IT service provider. Provider expressly disclaims any and all liability for any interruptions, delays, or incapacitations of such systems, and Client agrees to indemnify Provider from any claims arising therefrom.

15. Limitations of Liability.

PLEASE NOTE THAT PROVIDER WILL NOT BE HELD LIABLE FOR ANY DAMAGES OR LOSSES INCURRED BY CUSTOMER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY, OR OTHERWISE. IN NO EVENT WILL PROVIDER OR ANY PROVIDER INDEMNIFIED PARTY BE RESPONSIBLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, OR FOR ANY INCREASED COSTS, DIMINUTION IN VALUE, OR LOSS OF BUSINESS, PRODUCTION, REVENUES, OR PROFITS. FURTHERMORE, PROVIDER WILL NOT BE HELD RESPONSIBLE FOR ANY LOSS OF GOODWILL OR REPUTATION, USE, INTERRUPTION, DELAY OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY. PLEASE NOTE THAT PROVIDER'S TOTAL LIABILITY UNDER THIS AGREEMENT, REGARDLESS OF THE LEGAL OR EQUITABLE THEORY, WILL NOT EXCEED THE TOTAL AMOUNT PAID BY CUSTOMER FOR THE SERVICES RECEIVED BY PROVIDER IN THE THREE MONTHS PRECEDING AN ALLEGED EVENT OR CLAIM OF DAMAGE.

THE FOREGOING LIMITATIONS OF LIABILITY SHALL APPLY TO ALL CLAIMS ARISING UNDER OR RELATED TO THIS AGREEMENT, THE BAA ADDENDUM, OR THE SERVICES PROVIDED HEREUNDER, INCLUDING WITHOUT LIMITATION ANY AND ALL CLAIMS ARISING UNDER OR RELATED TO THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 ("HIPAA"), THE HEALTH INFORMATION TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ACT ("HITECH"), ANY FEDERAL OR STATE PRIVACY OR DATA SECURITY LAW, OR ANY REGULATION PROMULGATED THEREUNDER. CUSTOMER EXPRESSLY ACKNOWLEDGES AND AGREES THAT THE LIABILITY LIMITATIONS SET FORTH IN THIS SECTION APPLY TO CLAIMS INVOLVING PROTECTED HEALTH INFORMATION, DATA BREACHES, UNAUTHORIZED DISCLOSURES, REGULATORY ACTIONS, AND ACTS OR OMISSIONS OF PROVIDER PERSONNEL AND PROVIDER SUBCONTRACTORS, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

Third-Party Criminal Act Exclusion. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, PROVIDER SHALL HAVE NO LIABILITY WHATSOEVER FOR ANY BREACH, UNAUTHORIZED ACCESS, UNAUTHORIZED DISCLOSURE, LOSS, THEFT, OR COMPROMISE OF PROTECTED HEALTH INFORMATION OR CUSTOMER DATA TO THE EXTENT CAUSED BY THE CRIMINAL ACTS OF THIRD PARTIES, INCLUDING BUT NOT LIMITED TO HACKERS, CYBERCRIMINALS, RANSOMWARE OPERATORS, STATE-SPONSORED THREAT ACTORS, OR ANY OTHER UNAUTHORIZED THIRD PARTY (EACH, A "THIRD-PARTY CRIMINAL ACT"), PROVIDED THAT PROVIDER MAINTAINED COMMERCIALLY REASONABLE ADMINISTRATIVE, PHYSICAL, AND TECHNICAL SAFEGUARDS AT THE TIME OF SUCH THIRD-PARTY CRIMINAL ACT. CUSTOMER EXPRESSLY WAIVES AND RELEASES ANY AND ALL CLAIMS AGAINST ALL PROVIDER INDEMNIFIED PARTIES ARISING FROM OR RELATED TO A THIRD-PARTY CRIMINAL ACT, TO THE EXTENT PROVIDER CAN DEMONSTRATE THAT IT MAINTAINED COMMERCIALLY REASONABLE SAFEGUARDS. FOR PURPOSES OF THIS SECTION, "COMMERCIALLY REASONABLE SAFEGUARDS" SHALL MEAN SAFEGUARDS THAT ARE CONSISTENT WITH INDUSTRY STANDARDS FOR COMPANIES OF SIMILAR SIZE AND SCOPE PROVIDING COMPARABLE SERVICES, AND THAT COMPLY WITH THE REQUIREMENTS OF THE HIPAA SECURITY RULE (45 CFR PART 164, SUBPART C).

16. Exclusive Remedy.

THE REMEDIES PROVIDED TO CUSTOMER IN THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO ANY INDEMNIFICATION OBLIGATIONS EXPRESSLY ASSUMED BY PROVIDER IN A SEPARATE WRITTEN AGREEMENT, ARE CUSTOMER'S SOLE AND EXCLUSIVE REMEDIES AND PROVIDER'S ENTIRE LIABILITY FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE BAA ADDENDUM, THE SERVICES PROVIDED HEREUNDER, OR THE ACCESS, USE, PROCESSING, STORAGE, OR DISCLOSURE OF PROTECTED HEALTH INFORMATION OR CUSTOMER DATA. THIS EXCLUSIVE REMEDY PROVISION APPLIES TO ALL CLAIMS, INCLUDING BUT NOT LIMITED TO CLAIMS ARISING FROM ROGUE ACTOR EVENTS (AS DEFINED IN SECTION 12(d)), THIRD-PARTY CRIMINAL ACTS (AS DEFINED IN SECTION 15), ACTS OR OMISSIONS OF PROVIDER SUBCONTRACTORS, DATA BREACHES, UNAUTHORIZED DISCLOSURES, AND REGULATORY ACTIONS. CUSTOMER EXPRESSLY WAIVES ANY AND ALL OTHER REMEDIES, WHETHER AT LAW, IN EQUITY, OR OTHERWISE, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

17. Non-Disparagement.

Customer agrees not to make, publish, or communicate to any person or entity or in any public forum any false or misleadingly false statements, comments, or remarks that could reasonably be expected to harm the reputation of Provider, its business, or its services. Any violation of this Section shall be considered a material breach of this Agreement.

18. Customer Cooperation in Breach Response and Investigations.

(a) Cooperation Obligation. In the event of any actual or suspected breach, unauthorized access, unauthorized disclosure, loss of Protected Health Information, security incident, or any investigation, audit, or enforcement action by any regulatory body relating to the privacy or security of Protected Health Information (each, a "Security Event"), Customer shall cooperate promptly, fully, and in good faith with Provider and Provider's designated representatives in connection with Provider's investigation, response, remediation, and defense efforts. Such cooperation shall include, but is not limited to:

(i) providing Provider with timely access to all relevant records, systems, logs, and documentation within Customer's possession or control;

(ii) making Customer's employees, contractors, and agents reasonably available for interviews, depositions, and testimony;

(iii) preserving and not altering, destroying, or disposing of any evidence, records, data, or communications that may be relevant to the Security Event;

(iv) promptly notifying Provider of any communications, inquiries, or demands received by Customer from any regulatory body, law enforcement agency, patient, or third party relating to the Security Event; and

(v) complying with all reasonable instructions and timelines provided by Provider or Provider's legal counsel in connection with the investigation and response.

(b) Failure to Cooperate. Customer acknowledges and agrees that Provider's ability to investigate, contain, and remediate a Security Event depends on Customer's timely and complete cooperation. In the event Customer fails to cooperate as required under this Section 18, Provider shall be relieved of any liability, obligation, or responsibility to the extent that Customer's failure to cooperate caused, contributed to, or worsened the Security Event or its consequences. Customer shall indemnify, defend, and hold harmless all Provider Indemnified Parties from and against any and all additional losses, damages, liabilities, fines, penalties, costs, and expenses (including reasonable attorneys' fees) attributable to or arising from Customer's failure to cooperate as required under this Section.

(c) Costs. Unless otherwise agreed in writing, each party shall bear its own costs in connection with its cooperation obligations under this Section. Notwithstanding the foregoing, all costs and expenses associated with individual notification under 45 CFR 164.404, media notification under 45 CFR 164.406, and any remediation directed at patients or data subjects shall be the sole responsibility of Customer.

19. Data Retention and Auto-Purge.

(a) Retention Period. Provider shall retain Protected Health Information received from or on behalf of Customer only for so long as such information is reasonably necessary for Provider to perform the services contemplated under this Agreement and any applicable Service Agreement. Unless otherwise specified in a Service Agreement or agreed to in writing between the parties, Provider shall retain Protected Health Information for the duration of active service delivery plus thirty (30) calendar days following the termination or expiration of the applicable Service Agreement or this Agreement, whichever is later (the "Retention Period").

(b) Auto-Purge and De-Identification Rights. Upon expiration of the Retention Period, or at any time during the term of this Agreement when Provider reasonably determines that specific Protected Health Information is no longer necessary for active service delivery, Provider shall have the unilateral right, without requiring Customer's prior consent, to: (i) de-identify such Protected Health Information in accordance with the safe harbor method set forth in 45 CFR 164.514(b) or the expert determination method set forth in 45 CFR 164.514(a), at which point such data shall no longer constitute Protected Health Information and may be retained and used by Provider without restriction; or (ii) permanently and securely destroy such Protected Health Information using commercially reasonable methods consistent with industry standards for data destruction.

(c) No Liability for Purge or De-Identification. Customer acknowledges and agrees that Provider shall have no liability whatsoever for de-identifying or destroying Protected Health Information in accordance with this Section 19, and Customer expressly waives any claim against any Provider Indemnified Party arising from or related to such de-identification or destruction. Customer is solely responsible for maintaining its own copies and backups of all Customer Data, including Protected Health Information, and Provider shall have no obligation to maintain backups or archives beyond the Retention Period.

(d) Customer Cooperation. Customer shall cooperate with Provider in connection with any data retention review, including responding promptly to Provider's inquiries regarding whether specific data sets remain necessary for active service delivery. If Customer fails to respond to a written inquiry from Provider regarding data retention within fifteen (15) calendar days, Provider may proceed with de-identification or destruction of the applicable data at its discretion.

(e) Survival of De-Identified Data. For the avoidance of doubt, any data that has been de-identified in accordance with 45 CFR 164.514 is not subject to the return-or-destroy obligations set forth in this Section or in the BAA Addendum, and Provider may retain, use, and disclose such de-identified data indefinitely and without restriction.

20. Contractual Statute of Limitations.

ANY CLAIM, ACTION, SUIT, OR PROCEEDING ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE BAA ADDENDUM, THE SERVICES PROVIDED HEREUNDER, OR THE ACCESS, USE, PROCESSING, STORAGE, OR DISCLOSURE OF PROTECTED HEALTH INFORMATION OR CUSTOMER DATA MUST BE COMMENCED WITHIN ONE (1) YEAR AFTER THE DATE ON WHICH THE CLAIMANT KNEW OR REASONABLY SHOULD HAVE KNOWN OF THE FACTS GIVING RISE TO SUCH CLAIM, REGARDLESS OF THE LEGAL OR EQUITABLE THEORY ON WHICH SUCH CLAIM IS BASED. ANY CLAIM NOT BROUGHT WITHIN THIS ONE (1) YEAR PERIOD SHALL BE FOREVER BARRED AND WAIVED. THIS LIMITATION SHALL APPLY TO ALL CLAIMS, INCLUDING BUT NOT LIMITED TO CLAIMS FOR BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY, STATUTORY VIOLATIONS (INCLUDING HIPAA AND HITECH), INDEMNIFICATION, AND ANY OTHER LEGAL OR EQUITABLE THEORY. CUSTOMER ACKNOWLEDGES THAT THIS CONTRACTUAL LIMITATION PERIOD MAY BE SHORTER THAN THE STATUTE OF LIMITATIONS OTHERWISE APPLICABLE UNDER FLORIDA LAW OR ANY OTHER APPLICABLE LAW, AND EXPRESSLY WAIVES ANY LONGER LIMITATIONS PERIOD TO THE FULLEST EXTENT PERMITTED BY LAW.

21. Waiver of Jury Trial.

EACH PARTY HEREBY IRREVOCABLY AND UNCONDITIONALLY WAIVES, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, ANY AND ALL RIGHT TO A TRIAL BY JURY IN ANY ACTION, SUIT, PROCEEDING, CLAIM, OR COUNTERCLAIM ARISING OUT OF OR RELATED TO THIS AGREEMENT, THE BAA ADDENDUM, THE SERVICES PROVIDED HEREUNDER, OR THE ACCESS, USE, PROCESSING, STORAGE, OR DISCLOSURE OF PROTECTED HEALTH INFORMATION OR CUSTOMER DATA, WHETHER NOW EXISTING OR HEREAFTER ARISING, AND WHETHER IN CONTRACT, TORT, EQUITY, OR OTHERWISE. EACH PARTY CERTIFIES AND ACKNOWLEDGES THAT (A) NO REPRESENTATIVE OF THE OTHER PARTY HAS REPRESENTED, EXPRESSLY OR OTHERWISE, THAT SUCH OTHER PARTY WOULD NOT SEEK TO ENFORCE THE FOREGOING WAIVER IN THE EVENT OF ANY SUCH ACTION, SUIT, OR PROCEEDING; (B) EACH PARTY HAS CONSIDERED THE IMPLICATIONS OF THIS WAIVER; (C) EACH PARTY MAKES THIS WAIVER KNOWINGLY AND VOLUNTARILY; AND (D) EACH PARTY HAS BEEN INDUCED TO ENTER INTO THIS AGREEMENT BY, AMONG OTHER THINGS, THE MUTUAL WAIVERS AND CERTIFICATIONS IN THIS SECTION.

22. Term and Termination.

The term of this Agreement begins on the Effective Date and, unless terminated earlier pursuant to this Agreement's express provisions, will continue in effect until Customer discontinues use of Provider Services and Website. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Provider IP and, without limiting Customer's obligations under Section 5. No expiration or termination of this Agreement will affect Customer's obligation to pay all fees that may have become due before such expiration or termination, or entitle Customer to any refund. This Section 22 and Sections 4, 5, 7, 8, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, and 28(g) survive any termination or expiration of this Agreement in addition to any sections or provisions that shall survive by their express terms.

23. Modifications.

You acknowledge and agree that we have the right, in our sole discretion, to modify the Provider services or website from time to time with or without notice. This will include but is not limited to, the right to change or suspend functionality, features, or change fees. Your continued use of the Provider services or website after the effective date of such modifications will be deemed acceptance of the modifications. You are free to discontinue use but will remain obligated for any fees due in accordance with any Service Agreement in effect between you and us.

24. Amendment and Notification.

Provider reserves the right to modify or amend this Agreement any time. Users will be notified of any material changes to this Agreement by email to the address associated with their account and/or by posting a notice on the Platform at least thirty (30) days prior to the effective date of such changes. Continued use of the Platform after the effective date of any changes constitutes acceptance of the modified policy.

25. Governing Law, Jurisdiction, and Venue.

This Agreement shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of laws principles. Any legal suit, action, or proceeding arising out of or related to this Agreement or the transactions contemplated hereby shall be instituted exclusively in the State of Florida, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding. The parties irrevocably and unconditionally waive any objection to the laying of venue of any suit, action, or any proceeding in such courts and irrevocably waive and agree not to plead or claim in any such court that any such suit, action, or proceeding brought in any such court has been brought in an inconvenient forum.

26. Dispute Resolution.

In connection with the use of the Platform, related website pages, and services, all users, including but not limited to, Customers, Authorized Users, and Clients (collectively, "Users"), agree to resolve all disputes, with Z3 Holdings LLC as to any dispute, whether in equity or law, in accordance with the following Dispute Resolution Policy. This policy applies to the extent that disputes arise through the use of our Platform, related websites, or services.

This Dispute Resolution Policy shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of laws principles.

(a) Mediation: In the event of any dispute, controversy, or claim arising from or related to this Agreement, or the breach thereof, the parties hereto agree to attempt in good faith to settle the dispute through mediation administered by the American Arbitration Association under its Commercial Mediation Procedures before resorting to arbitration or any other dispute resolution procedure. The mediation shall be conducted in the State of Florida, unless both parties agree otherwise in writing. Each party will bear its own costs in the mediation and will share equally the fees of the mediator unless otherwise agreed. The parties agree to participate in the mediation in good faith with the aim to resolve the dispute within forty-five (45) days from the date of notice of dispute by one party to the other.

(b) Binding Arbitration: Any dispute, controversy, claim, or disagreement arising out of or relating to this Agreement, inclusive of issues of provision interpretation, or the breach thereof, which cannot be resolved through mediation as set forth in the Mediation Clause of this Agreement, shall be settled by binding arbitration administered by the American Arbitration Association in accordance with its Commercial Arbitration Rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. The place of arbitration shall be the State of Florida, and the arbitration shall be conducted in the English language. The parties agree that the decision of the arbitrator(s) shall be final and binding on the parties. Notwithstanding the foregoing, Z3 Holdings LLC reserves the right to seek injunctive or other equitable relief in a court of competent jurisdiction to protect or enforce its intellectual property rights or in cases where arbitration is not permitted by law.

(c) Class Action Waiver. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, CUSTOMER AND PROVIDER AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS, WHETHER IN ARBITRATION, MEDIATION, OR COURT, WILL BE CONDUCTED SOLELY ON AN INDIVIDUAL BASIS AND NOT AS A CLASS ACTION, COLLECTIVE ACTION, REPRESENTATIVE ACTION, OR PRIVATE ATTORNEY GENERAL ACTION. CUSTOMER EXPRESSLY WAIVES ANY RIGHT TO PARTICIPATE IN OR BRING A CLASS ACTION, COLLECTIVE ACTION, CONSOLIDATED ACTION, OR REPRESENTATIVE ACTION AGAINST PROVIDER OR ANY PROVIDER INDEMNIFIED PARTY. THE ARBITRATOR SHALL HAVE NO AUTHORITY TO COMBINE OR AGGREGATE CLAIMS OF MORE THAN ONE CUSTOMER OR AUTHORIZED USER, TO CONDUCT ANY CLASS, COLLECTIVE, OR REPRESENTATIVE PROCEEDING, OR TO MAKE AN AWARD TO ANY PERSON OR ENTITY NOT A PARTY TO THE ARBITRATION. IF THIS CLASS ACTION WAIVER IS FOUND TO BE UNENFORCEABLE WITH RESPECT TO ANY PARTICULAR CLAIM OR REQUEST FOR RELIEF, THEN THAT CLAIM OR REQUEST FOR RELIEF SHALL BE SEVERED FROM THE ARBITRATION AND BROUGHT IN A COURT OF COMPETENT JURISDICTION IN THE STATE OF FLORIDA, AND ALL REMAINING CLAIMS SHALL CONTINUE IN ARBITRATION. THIS CLASS ACTION WAIVER IS AN ESSENTIAL PART OF THIS DISPUTE RESOLUTION PROVISION AND SHALL SURVIVE THE TERMINATION OR EXPIRATION OF THIS AGREEMENT.

27. Attorney Fees.

In the event of any litigation, arbitration, or other legal proceedings between us and you arising out of or related to this Agreement, the prevailing party shall be entitled to recover from the non-prevailing party all reasonable costs, attorneys' fees, and other expenses incurred by the prevailing party in such litigation, arbitration, or other proceedings.

28. General Terms.

(a) Entire Agreement: This Agreement, together with the BAA Addendum attached hereto as Exhibit A and any Service Agreement in effect between the parties, constitutes the entire agreement and understanding between the parties hereto with respect to the subject matter hereof and supersedes all prior and contemporaneous understandings, agreements, representations, and warranties, both written and oral, with respect to such subject matter.

(b) Notices: Any notices to us must be sent to our corporate headquarters address available at Slusher & Rosenblum, P.A. 444 W Railroad Ave Ste 470, West Palm Beach, FL 33401 and must be delivered either in person, by certified or registered mail, return receipt requested and postage prepaid, or by recognized overnight courier service, and are deemed given upon receipt by us.

(c) Communication Consent: Notwithstanding the foregoing, you hereby consent to receiving electronic communications from us. These electronic communications may include notices about applicable fees and charges, transactional information, and other information concerning or related to the Provider Services and Website. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that such communications be in writing.

(d) Severability: The invalidity, illegality, or unenforceability of any provision herein does not affect any other provision herein or the validity, legality, or enforceability of such provision in any other jurisdiction. If any provision of this Agreement is held to be invalid or unenforceable, such provision shall be reformed to the minimum extent necessary to make it valid and enforceable while preserving the original intent of the parties to the greatest extent possible.

(e) Waiver: Any failure to act by us with respect to a breach of this Agreement by you or others does not constitute a waiver and will not limit our rights with respect to such breach or any subsequent breaches.

(f) Assignment: This Agreement is personal to you and may not be assigned or transferred for any reason whatsoever without our prior written consent and any action or conduct in violation of the foregoing will be void and without effect. We expressly reserve the right to assign this Agreement and to delegate any of its obligations hereunder.

(g) The HIPAA Business Associate Agreement Addendum attached hereto as Exhibit A is incorporated into this Agreement by reference.

EXHIBIT A: HIPAA BUSINESS ASSOCIATE AGREEMENT ADDENDUM

This HIPAA BUSINESS ASSOCIATE AGREEMENT ADDENDUM (the "BAA Addendum"), by and between Z3 Holdings LLC (hereinafter referred to as "Business Associate") and the above-referenced Client (hereinafter referred to as "Covered Entity"), is hereby incorporated into the above Terms and Conditions, specifically by Section 28(g) thereof, and is effective as of the Effective Date of the Agreement.

RECITALS

A. Covered Entity and Business Associate are parties to one or more agreements (each such agreement, a "Covered Contract," and collectively, the "Agreement") pursuant to which Business Associate provides certain services to Covered Entity, and, in connection with those services, Covered Entity discloses to Business Associate certain health information (the "Protected Health Information" as defined in 45 CFR 160.103) that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH"), and certain regulations promulgated by the U.S. Department of Health and Human Services to implement certain provisions of HIPAA (herein "HIPAA Regulations" found at 45 CFR Parts 160–164), all as may be amended from time to time.

B. Business Associate, as a recipient of Protected Health Information from Covered Entity, is a "Business Associate" as that term is defined in the HIPAA Regulations.

C. Pursuant to the HIPAA Regulations, all Business Associates of the Covered Entity must, as a condition of receiving Protected Health Information in the course of doing business with Covered Entity, agree in writing to certain mandatory provisions regarding, among other things, the use and disclosure of Protected Health Information.

D. The purpose of this Addendum is to satisfy the requirements of the HIPAA Regulations, including, but not limited to, 45 CFR §164.504(e), as the same may be amended from time to time.

I. DEFINITIONS

Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required By Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.

Specific definitions:

(a) Business Associate. "Business Associate" shall generally have the same meaning as the term "Business Associate" at 45 CFR 160.103, and in reference to the party to this agreement, shall mean Z3 Holdings LLC.

(b) Covered Entity. "Covered Entity" shall generally have the same meaning as the term "Covered Entity" at 45 CFR 160.103, and in reference to the party to this agreement, shall mean the Client named on one or more Order Forms or Subscription and Service Agreements.

(c) HIPAA Rules. "HIPAA Rules" shall mean the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164.

II. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE

Business Associate agrees to:

(a) Not use or disclose protected health information other than as permitted or required by the Agreement or as required or permitted by law;

(b) Use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information, to prevent use or disclosure of protected health information other than as provided for by the Agreement; Access to Business Associate's computer networks and systems and the Protected Health Information will be controlled via a user ID and password. BUSINESS ASSOCIATE IS NOT RESPONSIBLE FOR ANY UNAUTHORIZED USE OR DISCLOSURE OF A USER ID OR PASSWORD, OR FOR ANY BREACH OF THIS BAA ADDENDUM ARISING AS A RESULT OF ANY SUCH UNAUTHORIZED USE OR DISCLOSURE BY COVERED ENTITY;

(c) Report to Covered Entity any use or disclosure of protected health information not provided for by the Agreement of which it becomes aware, including breaches of unsecured protected health information, and any security incident of which it becomes aware, as required by 45 CFR 164.400–414. Such notification shall be made in writing within a reasonable period not to exceed sixty (60) calendar days following Business Associate's discovery of the breach or security incident, consistent with the requirements of 45 CFR 164.410. Notifications from Z3 Holdings LLC to Covered Entity shall include the information required under 45 CFR 164.404(c) to the extent reasonably available at the time of notification. Covered Entity shall take all further actions under this subsection, including but not limited to individual notification under 45 CFR 164.404 and media notification under 45 CFR 164.406, at its sole cost and expense;

(d) Prior to providing any subcontractor access to protected health information, and in accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit protected health information on behalf of the Business Associate have entered into written agreements imposing the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;

(e) To the extent Business Associate maintains any protected health information in a designated record set, make available protected health information in a designated record set to the Covered Entity as necessary to enable Covered Entity to meet its obligations under 45 CFR 164.524;

(f) To the extent Business Associate maintains any protected health information in a designated record set, make any amendment(s) to protected health information in a designated record set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to enable Covered Entity to meet its obligations under 45 CFR 164.526;

(g) Maintain and make available the information required to provide an accounting of disclosures to the Covered Entity as necessary to enable Covered Entity to satisfy its obligations under 45 CFR 164.528;

(h) To the extent the Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164, comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s); and

(i) Make its internal practices, books, and records available to the Secretary of HHS for purposes of determining compliance with the HIPAA Rules.

III. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE

(a) Covered Entity and Business Associate agree that Business Associate may disclose protected health information to other business associates of Covered Entity for Business Associate's performance of services contemplated in the Agreements at Covered Entity's direction, provided that such other business associates have entered into agreements imposing the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information. In addition, Business Associate may use de-identified information as set forth in Section 3.4 of the Agreement.

(b) Business Associate may use or disclose protected health information as required or permitted by law.

(c) Business Associate agrees to make uses and disclosures consistent with Covered Entity's minimum necessary policies and procedures. Business Associate will refer any requests for protected health information directly to Covered Entity for processing and resolution in accordance with this BAA Addendum Section IV(d).

(d) Business Associate may not use or disclose protected health information in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity. However, Business Associate may use or disclose protected health information for its own management and administration and legal responsibilities as set forth in paragraphs (e), (f), or (g) below.

(e) Business Associate may use protected health information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.

(f) Business Associate may disclose protected health information for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required or permitted by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

(g) In addition to its rights under Agreement Section 3.4, Business Associate may provide data aggregation services relating to the health care operations of the Covered Entity.

(h) De-Identification Safe Harbor. To the extent Business Associate de-identifies protected health information in connection with the services provided under the Agreement, such de-identification shall be performed in accordance with the safe harbor method set forth in 45 CFR 164.514(b), by removing all eighteen (18) categories of identifiers specified therein, or by the expert determination method set forth in 45 CFR 164.514(a). Once information has been de-identified in accordance with 45 CFR 164.514, it shall no longer constitute Protected Health Information and shall not be subject to the restrictions of this BAA Addendum. Business Associate shall maintain reasonable documentation of its de-identification methodology sufficient to demonstrate compliance with 45 CFR 164.514 upon request.

IV. PROVISIONS FOR COVERED ENTITY TO INFORM BUSINESS ASSOCIATE OF PRIVACY PRACTICES AND RESTRICTIONS

(a) Covered Entity shall notify Business Associate of any limitation(s) in the notice of privacy practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate's use or disclosure of protected health information.

(b) Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her protected health information, to the extent that such changes may affect Business Associate's use or disclosure of protected health information.

(c) Covered Entity shall notify Business Associate of any restriction on the use or disclosure of protected health information that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate's use or disclosure of protected health information.

(d) Covered Entity will be solely responsible for obtaining from its customers/patients all authorizations relating to the disclosure of Protected Health Information that are required under HIPAA to enable Business Associate and/or its subcontractors to facilitate communication between Covered Entity and its customers/patients and their family members and for Business Associate to otherwise perform its obligations under the Agreement. Covered Entity hereby represents and warrants to Business Associate that it will have received the necessary authorization from a customer/patient prior to the disclosure of such customer/patient's Protected Health Information to Business Associate. Business Associate will forward to Covered Entity for processing and resolution any and all requests for information it may receive. Covered Entity will be solely responsible for responding to these requests.

(e) Covered Entity shall promptly notify Business Associate of any breach of any HIPAA obligations that may affect Business Associate's use or disclosure of protected health information.

V. PERMISSIBLE REQUESTS BY COVERED ENTITY

Covered Entity shall not request Business Associate to use or disclose protected health information in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity. Provided, however, that the Business Associate may use or disclose protected health information for data aggregation or management and administration and legal responsibilities of the Business Associate as may be set forth in the Agreement or as permitted by law.

VI. INDEMNIFICATION AND LIMITATION OF LIABILITY

(a) Covered Entity Indemnification. Covered Entity shall indemnify, defend, and hold Business Associate and all Provider Indemnified Parties (as defined in Section 1 of the Agreement) completely harmless from and against any and all claims, demands, actions, investigations, proceedings, fines, penalties, sanctions, losses, damages, liabilities, costs, and expenses (including reasonable attorneys' fees, regulatory defense costs, forensic investigation costs, notification costs, credit monitoring costs, and costs of remediation) arising out of or in any way related to:

(i) any act or omission of Covered Entity, its employees, agents, or contractors that results in an actual or alleged breach, unauthorized access, unauthorized disclosure, or loss of Protected Health Information;

(ii) any investigation, audit, enforcement action, or proceeding initiated by the U.S. Department of Health and Human Services, the Office for Civil Rights, any state attorney general, or any other federal, state, or local regulatory body relating to the privacy or security of Protected Health Information, to the extent such investigation, audit, enforcement action, or proceeding arises from or is attributable to Covered Entity's acts, omissions, systems, policies, or practices;

(iii) any failure by Covered Entity to comply with any applicable provision of HIPAA, HITECH, or any federal or state law, rule, or regulation governing the privacy, security, or breach notification of Protected Health Information;

(iv) any claim by a patient, data subject, or third party alleging unauthorized use or disclosure of Protected Health Information, to the extent such use or disclosure resulted from Covered Entity's failure to implement adequate administrative, physical, or technical safeguards, Covered Entity's failure to obtain required consents or authorizations, or Covered Entity's provision of inaccurate, incomplete, or unauthorized Protected Health Information to Business Associate;

(v) any violation of this BAA Addendum or the Agreement by Covered Entity; or

(vi) Covered Entity's failure to perform any of its obligations set forth in Section IV of this BAA Addendum, including but not limited to its obligation to obtain patient authorizations prior to disclosing Protected Health Information to Business Associate.

This indemnification obligation shall apply regardless of whether any Provider Indemnified Party is named as a party, co-respondent, or target in any such claim, investigation, or proceeding, and regardless of any concurrent negligence or alleged fault of any Provider Indemnified Party, except to the extent a court of competent jurisdiction determines by final, non-appealable judgment that such claim arose solely and directly from Business Associate's gross negligence or willful misconduct.

(b) Limitation of Liability. IN NO EVENT SHALL BUSINESS ASSOCIATE BE LIABLE TO COVERED ENTITY OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, EXEMPLARY, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS BAA ADDENDUM OR THE SERVICES PROVIDED HEREUNDER, REGARDLESS OF THE FORM OF ACTION AND WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, EVEN IF BUSINESS ASSOCIATE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BUSINESS ASSOCIATE'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS BAA ADDENDUM SHALL NOT EXCEED THE TOTAL FEES ACTUALLY PAID BY COVERED ENTITY TO BUSINESS ASSOCIATE UNDER THE AGREEMENT DURING THE THREE (3) MONTH PERIOD IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO SUCH LIABILITY. THE LIMITATIONS SET FORTH IN THIS SECTION SHALL APPLY TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, INCLUDING WITHOUT LIMITATION TO ALL CLAIMS ARISING UNDER OR RELATED TO HIPAA, HITECH, OR ANY FEDERAL OR STATE PRIVACY OR DATA SECURITY LAW.

(c) No Business Associate Indemnification Obligation. For the avoidance of doubt, nothing in this BAA Addendum or the Agreement shall be construed as an obligation of Business Associate to indemnify, hold harmless, or defend Covered Entity against any claims, losses, damages, liabilities, or costs of any kind, except as may be expressly set forth in a separate written agreement executed by an authorized officer of Z3 Holdings LLC.

(d) Personnel Liability Shield and Subcontractor Liability. The provisions of Sections 12 (Personnel Liability Shield; Covenant Not to Sue) and 13 (Subcontractor and Partner Liability) of the Agreement are hereby incorporated into this BAA Addendum by reference and shall apply with equal force to all Provider Indemnified Parties under this BAA Addendum.

VII. TERM AND TERMINATION

(a) Term. The Term of this BAA Addendum shall be effective as of the Effective Date of the Agreement, and shall terminate as set forth in the Agreement.

(b) Termination for Cause by Either Party. Business Associate authorizes termination of this BAA Addendum according to terms and conditions set forth in the Agreement. In addition, Business Associate shall have the right to immediately terminate this BAA Addendum and any related Covered Contracts upon written notice to Covered Entity if:

(i) Covered Entity materially breaches any of its obligations under this BAA Addendum and fails to cure such breach within thirty (30) calendar days after receiving written notice of the breach from Business Associate;

(ii) Business Associate reasonably determines that Covered Entity has engaged in a pattern of activity or practice that constitutes a material violation of HIPAA, HITECH, or any applicable federal or state privacy or security law;

(iii) Covered Entity fails to obtain required patient authorizations or consents as required under Section IV(d) of this BAA Addendum and such failure exposes Business Associate to regulatory risk; or

(iv) Covered Entity becomes the subject of an enforcement action or investigation by HHS, OCR, or any state attorney general relating to the privacy or security of Protected Health Information, and Business Associate reasonably determines that continued receipt of Protected Health Information from Covered Entity would pose a material risk to Business Associate's regulatory compliance.

Upon any such termination by Business Associate, Covered Entity shall remain liable for all fees and obligations accrued through the date of termination and all indemnification obligations under Section VI shall survive.

(c) Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, Business Associate, with respect to protected health information received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, shall:

  1. Retain only that protected health information which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;
  2. Return to Covered Entity or, if agreed to by Covered Entity, destroy the remaining protected health information that the Business Associate still maintains in any form;
  3. Continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic protected health information to prevent use or disclosure of the protected health information, other than as provided for in this Section, for as long as Business Associate retains the protected health information;
  4. Not use or disclose the protected health information retained by Business Associate other than for the purposes for which such protected health information was retained and subject to the same conditions set out at paragraphs (e) and (f) above under "Permitted Uses and Disclosures by Business Associate" which apply prior to termination; and
  5. Return to Covered Entity or, if agreed to by Covered Entity, destroy the protected health information retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.

(d) Survival. The obligations of Business Associate under this Section VII, and all obligations of Covered Entity under Sections IV, VI, and the Personnel Liability Shield and Subcontractor Liability provisions incorporated by Section VI(d), shall survive the termination of the BAA Addendum and the Agreement.

VIII. FORCE MAJEURE

Business Associate shall not be liable for any delay or failure to perform its obligations under this BAA Addendum (including but not limited to breach notification obligations under Section II(c)) to the extent such delay or failure is caused by circumstances beyond Business Associate's reasonable control, including but not limited to acts of God, natural disasters, epidemics or pandemics, war, terrorism, civil unrest, government orders or sanctions, cyberattacks by third parties (including ransomware, distributed denial-of-service attacks, or state-sponsored intrusions), power failures, internet or telecommunications outages, or failures of third-party hosting or cloud service providers (each, a "Force Majeure Event"). In the event of a Force Majeure Event, Business Associate shall:

(a) Notify Covered Entity as soon as reasonably practicable of the Force Majeure Event and its anticipated effect on Business Associate's performance;

(b) Use commercially reasonable efforts to mitigate the impact of the Force Majeure Event and resume performance of its obligations as promptly as possible; and

(c) Continue to maintain all safeguards required under this BAA Addendum to the extent reasonably feasible under the circumstances.

For the avoidance of doubt, a Force Majeure Event shall not relieve Business Associate of its underlying obligations to implement and maintain appropriate administrative, physical, and technical safeguards as required by the HIPAA Rules, nor shall it excuse any failure to implement such safeguards that existed prior to the Force Majeure Event. This Section shall apply solely to delays in performance (including notification timelines) and shall not be construed to limit Covered Entity's indemnification obligations under Section VI.

IX. MISCELLANEOUS

(a) Regulatory References. A reference in this Agreement to a section in the HIPAA Rules means the section as in effect or as amended.

(b) Amendment. The Parties agree that Business Associate may amend this BAA Addendum as is necessary from time to time for compliance with requirements of the HIPAA Rules and any other applicable law. Business Associate shall provide Covered Entity with written notice (which may be provided by email or through Business Associate's platform) of any material amendments to this BAA Addendum at least thirty (30) calendar days prior to the effective date of such amendments. Covered Entity's continued use of Business Associate's services following the effective date of any such amendment shall constitute Covered Entity's acceptance of the amended terms. If Covered Entity does not agree to any amendment, Covered Entity's sole remedy shall be to terminate this BAA Addendum and the Agreement in accordance with the termination provisions herein.

(c) Relationship of the Parties. Covered Entity and Business Associate agree that Business Associate's services hereunder are being carried out as an independent contractor and not as an employee or agent of the Covered Entity.

(d) Interpretation. Any ambiguity in this BAA Addendum shall be resolved to comply with the HIPAA Regulations. There are no third-party beneficiaries to this BAA Addendum, except that all Provider Personnel (as defined in Section 1 of the Agreement) are express intended third-party beneficiaries of the protections set forth in Section VI(d) of this BAA Addendum and Sections 12 and 13 of the Agreement.

(e) Entire Agreement. This BAA Addendum, together with the Agreement, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior or contemporaneous oral or written agreements, understandings, or representations relating to the protection of Protected Health Information between Business Associate and Covered Entity.