Site logo

Cloud Services Agreement

Last Updated: July 05, 2024

This Cloud Services Agreement (this “Agreement“) is a binding contract between Therapy for Cancer Lives (“Company”, “us”, “our” or “we”) and you (“Customer,” “you,” or “your“). 

THIS AGREEMENT TAKES EFFECT WHEN YOU CLICK THE “I ACCEPT” BUTTON BELOW OR BY ACCESSING OR USING THE CLOUD SERVICES (the “Effective Date“). BY CLICKING ON THE “I ACCEPT” BUTTON BELOW OR BY ACCESSING OR USING THE CLOUD SERVICES YOU (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT AND, IF ENTERING INTO THIS AGREEMENT FOR AN ORGANIZATION, THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ORGANIZATION; AND (C) ACCEPT THIS AGREEMENT AND AGREE THAT YOU ARE LEGALLY BOUND BY ITS TERMS. 

IF YOU DO NOT AGREE TO THESE TERMS, PLEASE SELECT THE “I DECLINE” BUTTON BELOW. IF YOU DO NOT ACCEPT THESE TERMS, YOU MAY NOT ACCESS OR USE THE CLOUD SERVICES. 

  1. Access and Use
    1. Provision of Access. Subject to Customer’s compliance with the terms and conditions of this Agreement, Company hereby grants Customer a non-exclusive, non-transferable (except in compliance with Section 11(g)) right to access and use the services provided by Company under this Agreement (the “Cloud Services”) listed on the “buy a plan” page Customer visits after leaving the “join as a therapist page” at www.therapyforcancerlives.com if and to the extent not expired or terminated (“Order”) during the Term (as defined in Section 10), by Customer and, if applicable, Customer’s employees, consultants, contractors, and agents (i) who are authorized by Customer to access and use the Cloud Services under the rights granted to Customer pursuant to this Agreement and (ii) for whom access to, and use of, the Cloud Services has been purchased hereunder (“Authorized Users”) in accordance with the terms and conditions herein. Company shall provide to Customer the necessary passwords and network links or connections to allow Customer to access the Cloud Services. The total number of Authorized Users hereunder shall be one.  
    2. Documentation License. Subject to the terms and conditions contained in this Agreement, Company hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable (except in compliance with Section 11(g)) license to use the Company’s user manuals, handbooks, and guides relating to the Cloud Services provided by Company to Customer either electronically or in hard copy form and end user documentation relating to the Cloud Services available at www.therapyforcancerlives.com (“Documentation”) during the Term.
    3. Use Restrictions. Customer shall not use the Cloud Services or Documentation for any purposes beyond the scope of the access and use granted in this Agreement. Customer shall not at any time, directly or indirectly, and shall not permit any Authorized Users to: (i) copy, modify, or create derivative works of the Cloud Services or Documentation, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, transfer or, except as expressly permitted by the Terms of Use available at www.therapyforcancerlives.com (the “Terms of Use”), distribute, publish, or otherwise make available the Cloud Services or Documentation; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Cloud Services, in whole or in part; (iv) remove any proprietary notices from the Cloud Services or Documentation; or (v) access or use the Cloud Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law or the Terms of Use, including using the Cloud Services other than for personal non-commercial use or internal business purposes.
    4. Reservation of Rights. Company reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the Cloud Services, the Documentation, and any and all intellectual property provided to Customer or any Authorized User in connection with the foregoing (“Company IP”).
    5. Suspension. Notwithstanding anything to the contrary in this Agreement, Company may temporarily suspend Customer’s and any Authorized User’s access to any portion or all of the Cloud Services if: (i) Company reasonably determines that (A) there is a threat or attack on any of the Company IP; (B) Customer’s or any Authorized User’s use of the Company IP disrupts or poses a security risk to the Company IP or to any other customer or vendor of Company; (C) Customer, or any Authorized User, is using the Company IP for fraudulent or illegal activities; (D) subject to applicable law, Customer has ceased to continue its business in the ordinary course, if Customer is a business; made an assignment for the benefit of creditors or similar disposition of its assets; or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (E) Company’s provision of the Cloud Services to Customer or any Authorized User is prohibited by applicable law; (ii) any vendor of Company has suspended or terminated Company’s access to or use of any third-party services or products required to enable Customer to access the Cloud Services; or (iii) in accordance with Section 4(a)(iii) (any such suspension described in subclause (i), (ii), or (iii), a “Service Suspension”). Company shall use commercially reasonable efforts to provide written notice of any Service Suspension to Customer and to provide updates regarding resumption of access to the Cloud Services following any Service Suspension. Company shall use commercially reasonable efforts to resume providing access to the Cloud Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured. Company will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User may incur as a result of a Service Suspension. 
    6. Aggregated Statistics. Notwithstanding anything to the contrary in this Agreement, Company may monitor Customer’s use of the Cloud Services and collect and compile data and information related to Customer’s use of the Cloud Services that is used by Company in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Cloud Services (“Aggregated Statistics”). As between Company and Customer, all right, title, and interest in Aggregated Statistics, and all intellectual property rights therein, belong to and are retained solely by Company. Customer acknowledges that Company may compile Aggregated Statistics based on information, data, and other content, in any form or medium, that is submitted, posted, or otherwise transmitted by or on behalf of Customer or an Authorized User through the Service other than Aggregated Statistics (“Customer Data”) input into the Cloud Services. Customer agrees that Company may (i) make Aggregated Statistics publicly available in compliance with applicable law, and (ii) use Aggregated Statistics to the extent and in the manner permitted under applicable law, provided that such Aggregated Statistics do not identify Customer or Customer’s Confidential Information. 
  2. Customer Responsibilities.
    1. General. Customer is responsible and liable for all uses of the Cloud Services and Documentation resulting from access provided by Customer, directly or indirectly, whether such access or use is permitted by or in violation of this Agreement. Without limiting the generality of the foregoing, Customer is responsible for all acts and omissions of Authorized Users, and any act or omission by an Authorized User that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer shall use reasonable efforts to make all Authorized Users aware of this Agreement’s provisions as applicable to such Authorized User’s use of the Cloud Services and shall cause Authorized Users to comply with such provisions.
    2. Third-Party Products. Company may from time to time make the third-party products available to Customer by providing them with, or incorporating them into, the Cloud Services Third-Party Products (“Third Party Products”). For purposes of this Agreement, the current Third-Party Products are Ele mentor Pro, Integrate Google Drive(PRO), Strong Testimonials, WooCommerce, Stripe WooCommerce, Audacity, Buzzsprout, My Listing, and subject to their own terms and conditions at www.therapyforcancerlives.com. If Customer does not agree to abide by the applicable terms and conditions for any Third-Party Products, then Customer should not use such Third-Party Products. Third-Party Products may be added or deleted by notice to Customer.
  3. Support Services. Subject to the terms and conditions of this Agreement, Company shall use commercially reasonable efforts to provide support services in accordance with Exhibit A for the Cloud Services with respect to which Customer has paid the then-current Fee (the “Support Services”).
  4. Fees and Payment
    1. Fees. Customer shall pay Company fees for access to and use of each of the Cloud Services without offset or deduction in the amounts, and no later than the due dates, specified in the Order for such Cloud Services (the “Fees”). Company may increase Fees annually. Customer shall make all payments hereunder in U.S. dollars. If Customer fails to make any payment when due, without limiting Company’s other rights and remedies: (i) Company may charge interest on the past due amount at the rate of 1.5% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; (ii) Customer shall reimburse Company for all reasonable costs incurred by Company in collecting any late payments or interest, including attorneys’ fees, court costs, and collection agency fees; and (iii) if such failure continues for five days or more, Company may suspend access by Customer and Authorized Users of Customer to any portion or all of the Cloud Services until such amounts are paid in full.
    2. Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Company’s income.
    3. Audits. Customer agrees to maintain complete and accurate records in accordance with generally accepted accounting principles during the Term and for a period of two years after the termination or expiration of this Agreement with respect to matters necessary for accurately determining amounts due hereunder. Company may, at its own expense, on reasonable prior notice, periodically inspect and audit Customer’s records with respect to matters covered by this Agreement; provided, that if such inspection and audit reveals that Customer has underpaid Company with respect to any amounts due and payable during the Term, Customer shall promptly pay the amounts necessary to rectify such underpayment, together with interest in accordance with Section 4(a). Customer shall pay for the costs of the audit if the audit determines that Customer’s underpayment equals or exceeds five percent for any quarter. Such inspection and auditing rights will extend throughout the Term of this Agreement and for a period of two years after the termination or expiration of this Agreement.
  5. Confidential Information. From time to time during the Term, either party may disclose or make available to the other party information about such party’s business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form, and whether or not marked, designated, or otherwise identified as “confidential” (collectively, “Confidential Information“). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving party at the time of disclosure; (c) rightfully obtained by the receiving party on a non-confidential basis from a third party; or (d) independently developed by the receiving party. The receiving party shall not disclose the disclosing party’s Confidential Information to any person or entity, except to the receiving party’s employees who have a need to know the Confidential Information for the receiving party to exercise receiving party’s rights or perform receiving party’s obligations hereunder. Notwithstanding the foregoing, each party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the party making the disclosure pursuant to the order shall first have given written notice to the other party and made a reasonable effort to obtain a protective order; or (ii) to establish a party’s rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving party shall promptly return to the disclosing party all copies, whether in written, electronic, or other form or media, of the disclosing party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing party that such Confidential Information has been destroyed. Each party’s obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire five years from the date first disclosed to the receiving party; provided, that with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.
  6. Intellectual Property Ownership; Feedback
    1. Company IP. Customer acknowledges that, as between Customer and Company, Company owns all right, title, and interest, including all intellectual property rights, in and to the Company IP and, with respect to any Third-Party Products, the applicable third-party providers own all right, title, and interest, including all intellectual property rights, in and to the Third-Party Products. 
    2. Customer Data. Company acknowledges that, as between Company and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data. Customer hereby grants to Company a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Company to provide the Cloud Services, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, distribute, modify, and otherwise use and display Customer Data incorporated within the Aggregated Statistics.
    3. Feedback. If Customer or, if applicable, any Authorized User sends or transmits any communications or materials to Company by mail, email, telephone, or otherwise, suggesting or recommending changes to the Company IP, including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (“Feedback“), Company is free to use such Feedback irrespective of any other obligation or limitation between the parties governing such Feedback. Customer hereby assigns to Company on Customer’s behalf, and on behalf of Authorized Users, all right, title, and interest in, and Company is free to use, without any attribution or compensation to any party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although Company is not required to use any Feedback.
  7. Limited Warranty; Warranty Disclaimer
    1. Warranty. Subject to Customer’s payment of the Fees, Company warrants that (i) the Cloud Services, when used as permitted and in accordance with the Documentation, will materially conform to the Documentation and (ii) the Support Services will be performed in a workmanlike and professional manner in accordance with generally recognized industry standards for similar services. Customer will notify Company in writing of any breach of this warranty, and request a correction of the warranted nonconformity. If Company is unable to provide a correction or work-around pursuant to the terms governing the provision of the Cloud Services and Support Services after using commercially reasonable efforts, Company may terminate this Agreement upon written notice to Customer.  This Section 7(a) sets forth Customer’s exclusive remedy, and Company’s entire liability, for breach of the warranty contained herein. THE FOREGOING WARRANTY DOES NOT APPLY, AND COMPANY STRICTLY DISCLAIMS ALL WARRANTIES WITH RESPECT TO ANY THIRD-PARTY PRODUCTS.
    2. Disclaimer. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 7(a), THE CLOUD SERVICES AND SUPPORT SERVICES ARE PROVIDED “AS IS” AND COMPANY HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. COMPANY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. EXCEPT FOR THE LIMITED WARRANTY SET FORTH IN SECTION 7(a), COMPANY MAKES NO WARRANTY OF ANY KIND THAT THE CLOUD SERVICES OR SUPPORT SERVICES, OR ANY RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE. 
  8. Indemnification
    1. Company Indemnification
      1. Company shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (“Losses“) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (“Third-Party Claim“) that the Cloud Services, or any use of the Cloud Services in accordance with this Agreement, infringes or misappropriates such third party’s U.S. intellectual property rights; provided, that Customer promptly notifies Company in writing of such Third-Party Claim, cooperates with Company, and allows Company sole authority to control the defense and settlement of such Third-Party Claim. 
      2. If a Third Party-Claim is made or appears possible, Customer agrees to permit Company, at Company’s sole discretion, to (A) modify or replace the Cloud Services, or component or part thereof, to make it non-infringing or (B) obtain the right for Customer to continue use. If Company determines that neither alternative is reasonably available, Company may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer. 
      3. This Section 8(a) will not apply to the extent that the alleged infringement arises from: (A) use of the Cloud Services in combination with data, software, hardware, equipment, or technology not provided by Company or authorized by Company in writing; (B) modifications to the Cloud Services not made by Company; (C) Customer Data; or (D) Third-Party Products. 
    2. Customer Indemnification. Customer shall indemnify, hold harmless, and, at Company’s option, defend Company from and against any Losses resulting from any Third-Party Claim that the Customer Data, or any use of the Customer Data in accordance with this Agreement, infringes or misappropriates such third party’s U.S. intellectual property rights and any Third-Party Claims based on Customer’s or any Authorized User’s (i) negligence or willful misconduct; (ii) use of the Cloud Services in a manner not authorized by this Agreement; (iii) use of the Cloud Services in combination with data, software, hardware, equipment, or technology not provided by Company or authorized by Company in writing; or (iv) modifications to the Cloud Services not made by Company; provided, that Customer may not settle any Third-Party Claim against Company unless Company consents to such settlement, which consent shall not unreasonably withheld, conditioned or delayed, and further provided that Company will have the right, at its option, to defend itself against any such Third-Party Claim or to participate in the defense thereof by counsel of its own choice. 
    3. Sole Remedy. THIS  8 SETS FORTH CUSTOMER’S SOLE REMEDIES AND COMPANY’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. 
  9. Limitations of Liability. IN NO EVENT WILL COMPANY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY, OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER COMPANY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL COMPANY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED THE TOTAL AMOUNTS PAID TO COMPANY UNDER THIS AGREEMENT IN THE 12-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM OR $50,000, WHICHEVER IS LESS. 
  10. Term and Termination
    1. Term. The initial term of this Agreement begins on the Effective Date and, unless terminated earlier pursuant to this Agreement’s express provisions, will continue in effect until one year from such date (the “Initial Term“). This Agreement will automatically renew for additional successive one-year terms unless earlier terminated pursuant to this Agreement’s express provisions or either party gives the other party written notice of non-renewal at least 90 days prior to the expiration of the then-current term (each a “Renewal Term” and together with the Initial Term, the “Term“).
    2. Termination. In addition to any other express termination right set forth in this Agreement:
      1. Company may terminate this Agreement, effective on written notice to Customer, if Customer: (A) fails to pay any amount when due hereunder, and such failure continues more than five days after Company’s delivery of written notice thereof; or (B) breaches any of Customer’s obligations under Section 1(c) or 5;
      2. either party may terminate this Agreement, effective on written notice to the other party, if the other party materially breaches this Agreement, and such breach: (A) is incapable of cure; or (B) being capable of cure, remains uncured 30 days after the non-breaching party provides the breaching party with written notice of such breach; or
      3. either party may terminate this Agreement, effective immediately upon written notice to the other party, if the other party: (A) becomes insolvent or is generally unable to pay, or fails to pay, such party’s debts as they become due; (B) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (C) makes or seeks to make a general assignment for the benefit of such party’s creditors; or (D) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of such party’s property or business.
    3. Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Company IP and, without limiting Customer’s obligations under 5, Customer shall delete, destroy, or return all copies of the Company IP. No expiration or termination will affect Customer’s obligation to pay all Fees that became due before such expiration or termination or entitle Customer to any refund. Additionally, in the event Company terminates his Agreement pursuant to Section 10(b)(i), Section 10(b)(ii) or Section 10(b)(iii), then Customer shall be obligated to pay the Fees would have become due for the remainder of the then-current Term had such termination not occurred.  
    4. Survival. Any right or obligation of the parties in this Agreement that, by its nature, should survive termination or expiration of this Agreement, will survive such expiration or termination.
  11. Miscellaneous
    1. Entire Agreement. This Agreement, including the exhibit and addendum hereto, together with the Terms of Use, the Website Privacy Policy available at www.therapyforcancerlives.com (the “Website Privacy Policy”) and each Order, constitute the sole and entire agreement of the parties with respect to the subject matter of this Agreement and supersede all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. If any terms and conditions contained in the Terms of Use, the Website Privacy Policy, the App Privacy Policy, the App End User Agreement or an Order conflict with the terms and conditions of this Agreement, the terms and conditions of this Agreement shall govern.
    2. Notices. Any notices to us must be sent to our headquarters address available at www.therapyforcancerlives.com and must be delivered either in person, by certified or registered mail, return receipt requested and postage prepaid, or by recognized overnight courier service, and are deemed given upon receipt by us. Notwithstanding the foregoing, you hereby consent to receiving electronic communications from us. These electronic communications may include notices about applicable fees and charges, transactional information, and other information concerning or related to the Cloud Services. You agree that any notices, agreements, disclosures, or other communications that we send to you electronically will satisfy any legal communication requirements, including that such communications be in writing.
    3. Force Majeure. In no event shall either party be liable to the other party, or be deemed to have breached this Agreement, for any failure or delay in performing such party’s obligations under this Agreement (except for any obligations to make payments), if and to the extent such failure or delay is caused by any circumstances beyond such party’s reasonable control, including but not limited to acts of God, pandemic, epidemic, flood, fire, earthquake, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo.
    4. Modifications; Waivers. You acknowledge and agree that we have the right, in our sole discretion, to modify this Agreement from time to time, and that modified terms become effective on posting. You will be notified of modifications through notifications or posts on www.therapyforcancerlives.com. You are responsible for reviewing and becoming familiar with any such modifications. Your continued use of the Cloud Services after the effective date of the modifications will be deemed acceptance of the modified terms. Company will provide at least 30 days’ advance notice of changes that Company reasonably anticipates may result in a material reduction in quality or services. No waiver by any party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the party so waiving. Except as otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof, and (ii) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.
    5. Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the parties shall negotiate in good faith to modify this Agreement so as to affect their original intent as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.
    6. Governing Law; Submission to Jurisdiction.  This Agreement is governed by and construed in accordance with the internal laws of the State of Oklahoma without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the State of Oklahoma. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the State of Oklahoma in each case located in the Oklahoma City in the County of Oklahoma, and each party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding.
    7. Assignment. Customer may not assign any of Customer’s rights or delegate any of Customer’s obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of Company, which consent shall not be unreasonably withheld, conditioned, or delayed. Any purported assignment or delegation in violation of this section will be null and void. No assignment or delegation will relieve the assigning or delegating party of any of such party’s obligations hereunder. This Agreement is binding upon and inures to the benefit of the parties and their respective permitted successors and assigns. 
    8. Export Regulation. Customer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), that prohibit or restrict the export or re-export of the Cloud Services or any Customer Data outside the U.S. 
    9. U.S. Government Rights. Each of the Documentation and the software components that constitute the Cloud Services is a “commercial product” as that term is defined at 48 C.F.R. § 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. § 12.212. Accordingly, if Customer is an agency of the U.S. Government or any contractor for the U.S. Government, Customer only receives those rights with respect to the Cloud Services and Documentation as are granted to all other end users, in accordance with (a) 48 C.F.R. § 227.7201 through 48 C.F.R. § 227.7204, with respect to the Department of Defense and their contractors, or (b) 48 C.F.R. § 12.212, with respect to all other US Government users and their contractors.
    10. Equitable Relief. Each party acknowledges and agrees that a breach or threatened breach by such party of any of such party’ obligations under 5 or, in the case of Customer, Section 1(c), would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other party may be entitled to equitable relief, including a restraining order, an injunction, specific performance, and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity, or otherwise. 



Exhibit A

SUPPORT SERVICES

  1. Scope. Subject to the terms and conditions of the Agreement, Company shall use commercially reasonable efforts to: 
    1. correct all reproducible defects in the Cloud Services operated on a browser and in accordance with such other technical requirements specified in the Documentation that causes the Cloud Services not to operate substantially in accordance with the Documentation (“Service Errors”);
    2. provide email support from 8 a.m. to 5 p.m. CST in Oklahoma on business days; and
    3. provide online access to technical support bulletins and other user support information, to the extent Company makes such resources available to its other customers for the Cloud Services.
  2. Support Service Levels.
    1. Support Requests. Customer shall notify Company of requests for Service Error corrections (each a “Support Request”) by email, telephone, or such other means as the parties may hereafter agree to in writing and Company shall classify them in accordance with the following descriptions:

Service Error

Service Error Classification

  • Issue affecting entire system or single critical production function;
  • System down or operating in materially degraded state;
  • Data integrity at risk;
  • Material financial impact; or
  • Widespread access interruptions.

Critical

  • Primary component failure that materially impairs its performance; or
  • Data entry or access is materially impaired on a limited basis.

High

  • Cloud Services are operating with minor issues that can be addressed with a work around.

Medium

  • Request for assistance, information, or services routine in nature.

Low

  1. Support Responses. Company shall use commercially reasonable efforts to respond to all Service Requests within the times specified below based on the Service Error severity, with response times measured from the time Company receives a Support Request until the time Company responds to it: 

Service Error Classification

Response Time

Critical

24-72 hours

High

24-72 hours

Medium

24-72 hours

Low

24-72 hours



BUSINESS ASSOCIATE ADDENDUM

THIS BUSINESS ASSOCIATE ADDENDUM (this “Addendum”) is incorporated into, and made a part of, the [Cloud Services Agreement] (the “Agreement”) to which it is attached between you (“Covered Entity,” “you,” or “your”) and Therapy for Cancer Lives (“Business Associate“) in order to comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“) and the amendments thereto and the regulations promulgated thereunder, including but not limited to the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act“), the American Recovery and Reinvestment Act of 2009 (“ARRA“), the regulations regarding the privacy, security, breach notification, and enforcement rules at 45 C.F.R. Part 160 and Part 164 (“HIPAA Rules“), the specific standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160-164, Subparts A and E (the “Privacy Rule“), the specific Security Standards for the Protection of Electronic Protected Health Information at 45 C.F.R. Parts 160-164, Subparts A and C (the “Security Rule”) and other applicable laws and regulations, in each case as they may be amended from time to time.

  1. DEFINITIONS. Unless the context clearly indicates otherwise, any term, whether or not capitalized, used, but not otherwise defined, in this BAA, shall have the same meaning given such term in the HIPAA Rules. Any reference in this BAA to a section in the HIPAA Rules means the section as in effect or as amended.
  2. GENERAL OBLIGATIONS OF BUSINESS ASSOCIATE
    1. Use or Disclosure. Business Associate agrees not to use or disclose protected health information as defined pursuant to 45 C.F.R. § 160.103 (“PHI”) other than as permitted or required by this BAA or as Required By Law, or if such use or disclosure does not otherwise cause a Breach of Unsecured PHI. 
    2. Safeguards. Business Associate agrees to use appropriate safeguards and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI, to prevent the use or disclosure of PHI other than as provided for by the BAA.
    3. Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate as a result of a use or disclosure of PHI by Business Associate in violation of this BAA’s requirements or that would otherwise cause a Breach of Unsecured PHI.
    4. Breach Notification. The Business Associate agrees to the following breach notification requirements:
      1. Business Associate agrees to report to Covered Entity any Breach of Unsecured PHI not provided for by the BAA of which it becomes aware within 30 calendar days of “discovery” within the meaning of the HITECH Act. Such notice shall include the identification of each individual whose Unsecured PHI has been or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed in connection with such Breach. Business Associate also shall provide any additional information reasonably requested by Covered Entity for purposes of investigating the Breach and any other available information that Covered Entity is required to include to the individual under 45 C.F.R. § 164.404(c) at the time of notification or promptly thereafter as information becomes available. Business Associate’s notification of a Breach of Unsecured PHI under this Section shall comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of ARRA, the HIPAA Rules, and related guidance issued by the Secretary or the delegate of the Secretary from time to time.
      2. In the event of Business Associate’s use or disclosure of Unsecured PHI in violation of HIPAA, the HITECH Act, or ARRA, Business Associate bears the burden of demonstrating that notice as required under this Section 2.4 was made, including evidence demonstrating the necessity of any delay, or that the use or disclosure did not constitute a Breach of Unsecured PHI.
    5. Subcontractors. Business Associate agrees, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.
    6. Designated Record Set. Business Associate agrees to make available PHI in a Designated Record Set to the Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524.
      1. Business Associate agrees to comply with an individual’s request to restrict the disclosure of her or his personal PHI in a manner consistent with 45 C.F.R. § 164.522, except where such use, disclosure, or request is required or permitted under applicable law.
      2. Business Associate agrees to charge fees related to providing individuals access to their PHI in accordance with 45 C.F.R. § 164.524(c)(4).
      3. Business Associate agrees that when requesting, using, or disclosing PHI in accordance with 45 C.F.R. § 164.502(b)(1) that such request, use, or disclosure shall be to the minimum extent necessary, including the use of a “limited data set” as defined in 45 C.F.R. § 164.514(e)(2), to accomplish the intended purpose of such request, use, or disclosure, as interpreted under related guidance issued by the Secretary from time to time.
    7. Amendments to PHI. Business Associate agrees to make any amendments to PHI in a Designated Record Set as directed or agreed to by Covered Entity pursuant to 45 C.F.R. § 164.526, or to take other measures as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.526.
    8. Records for Accounting of Disclosures. Business Associate agrees to maintain and make available the information required to provide an accounting of disclosures to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.528.
    9. Audit. Business Associate agrees to make its internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and Breach of any Unsecured PHI received from Covered Entity, or created or received by the Business Associate on behalf of Covered Entity, available to Covered Entity (or the Secretary) for the purpose of Covered Entity or the Secretary determining compliance with the Privacy Rule.
    10. Carrying Out Covered Entity Obligations. To the extent that Business Associate is to carry out one or more of Covered Entity’s obligations under Subpart E of 45 C.F.R. Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligations.
    11. Accounting for Disclosures. Business Associate agrees to account for the following disclosures:
      1. Business Associate agrees to maintain and document disclosures of PHI and Breaches of Unsecured PHI and any information relating to the disclosure of PHI and Breach of Unsecured PHI in a manner as would be required for Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
      2. Business Associate agrees to provide to Covered Entity, or to an individual at Covered Entity’s request, information collected in accordance with this Section 2.11, to permit Covered Entity to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and Breaches of Unsecured PHI.
      3. Business Associate agrees to account for any disclosure of PHI used or maintained as an electronic record of health-related information on an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff (“Electronic Health Record” or “EHR”) in a manner consistent with 45 C.F.R. § 164.528 and related guidance issued by the Secretary from time to time; provided that an individual shall have the right to receive an accounting of disclosures of EHR by the Business Associate made on behalf of the Covered Entity only during the three years prior to the date on which the accounting is requested from Covered Entity.
      4. In the case of an EHR that the Business Associate acquired on behalf of the Covered Entity as of January 1, 2009, paragraph (c) above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after January 1, 2014. In the case of an EHR that the Business Associate acquires on behalf of the Covered Entity after January 1, 2009, paragraph (c) above shall apply to disclosures with respect to PHI made by the Business Associate from such EHR on or after the later of January 1, 2011, or the date that it acquires the EHR.
    12. Prohibition on Sale. Business Associate agrees to comply with the “Prohibition on Sale of Electronic Health Records or Protected Health Information,” as provided in Section 13405(d) of Subtitle D (Privacy) of ARRA, and the “Conditions on Certain Contacts as Part of Health Care Operations,” as provided in Section 13406 of Subtitle D (Privacy) of ARRA and related guidance issued by the Secretary from time to time.
    13. Liability for Failure to Comply. Business Associate acknowledges that, effective on the Effective Date of this BAA, it shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended, for failure to comply with any of the use and disclosure requirements of this BAA and any guidance issued by the Secretary from time to time with respect to such use and disclosure requirements.
  3. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE.
    1. Services. Business Associate agrees to receive, create, use, or disclose PHI in a manner that is consistent with this BAA, the Privacy Rule, and Security Rule, and only in connection with providing services to Covered Entity; provided that the use or disclosure would not violate the Privacy Rule, including 45 C.F.R. § 164.504(e), if the use or disclosure would be done by Covered Entity. 
    2. Data Aggregation Services. Business Associate may use PHI to provide Data Aggregation Services to Covered Entity as permitted by HIPAA.
    3. Limited Data Set. Business Associate may de-identify any and all PHI and may create a “Limited Data Set” in accordance with 45 C.F.R. § 164.514(b) and 45 C.F.R. § 164.514(e). Covered Entity acknowledges and agrees that de-identified information is not PHI, and that Business Associate may use such de-identified information for any lawful purpose. Use or disclosure of a Limited Data Set must comply with 45 CFR 164.514(e).
    4. Management and Administration or Legal Responsibilities. Business Associate may disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of the Business Associate; provided that the disclosures are required by applicable law, or Business Associate obtains prior written reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and will be used or further disclosed only as required by applicable law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached, in accordance with the breach notification requirements of this BAA.
    5. Prohibition on Renumeration. Business Associate shall not directly or indirectly receive remuneration in exchange for any PHI of an individual without Covered Entity’s prior written approval and notice from Covered Entity that it has obtained from the individual, in accordance with 45 C.F.R. § 164.508, a valid authorization that specifies whether the PHI can be further exchanged for remuneration by Business Associate. The foregoing shall not apply to Covered Entity’s payments to Business Associate for services delivered by Business Associate to Covered Entity.
    6. Reporting of Violation. Business Associate may use PHI to report violations of law to appropriate federal and state authorities, consistent with 45 C.F.R. § 164.502(j)(1). 
    7. Required by Law. Business Associate may use or disclose PHI as Required By Law.
  4. COVERED ENTITY OBLIGATIONS.
    1. Notice of Privacy Practices. Covered Entity shall provide Business Associate with the Notice of Privacy Practices that Covered Entity produces in accordance with the Privacy Rule, and any changes or limitations to such notice under 45 C.F.R. § 164.520, to the extent that such changes or limitations may affect Business Associate’s use or disclosure of PHI
    2.  Notice of Restriction. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to comply with under 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI under this BAA. 
    3. Notice of Changes or Revocation. Covered Entity shall notify Business Associate of any changes in or revocation of permission by an individual to use or disclose PHI, if such change or revocation may affect Business Associate’s permitted or required uses and disclosures of PHI under this BAA.
    4. No Requested Violation. Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy and Security Rule if done by Covered Entity, except as provided under 3 of this BAA.
  5. SECURITY RULE COMPLIANCE.
    1. Administrative, Physical and Technical Safeguards. Business Associate shall implement the administrative safeguards set forth at 45 C.F.R. § 164.308, the physical safeguards set forth at 45 C.F.R. § 164.310, the technical safeguards set forth at 45 C.F.R. § 164.312, and the policies and procedures set forth at 45 C.F.R. § 164.316, to reasonably and appropriately protect the confidentiality, integrity, and availability of the ePHI that it creates, receives, maintains, or transmits on behalf of Covered Entity as required by the Security Rule. Business Associate acknowledges that, effective on the Effective Date of this BAA, (a) the foregoing safeguards, policies, and procedures requirements shall apply to Business Associate in the same manner that such requirements apply to Covered Entity, and (b) Business Associate shall be liable under the civil and criminal enforcement provisions set forth at 42 U.S.C. § 1320d-5 and 1320d-6, as amended from time to time, for failure to comply with the safeguards, policies, and procedures requirements and any guidance issued by the Secretary from time to time with respect to such requirements.
    2. Requirements for Subcontractors. Business Associate shall require that any agent, including a Subcontractor, to whom it provides such PHI agrees to implement reasonable and appropriate safeguards to protect the PHI.
    3. Security Incident Reporting. Business Associate shall report to the Covered Entity any Security Incident of which it becomes aware.
  6. TERM AND TERMINATION.
    1. Term. This BAA shall be in effect on as of the Effective Date and shall terminate on the earlier of the date that: (a) either party terminates for cause as authorized under 6.2; or (b) all of the PHI received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity. If it is not feasible to return or destroy PHI, protections are extended in accordance with 6.3.
    2. Termination. Upon either party’s knowledge of material breach by the other party, the non-breaching party shall provide an opportunity for the breaching party to cure the breach or end the violation; or terminate the BAA. If the breaching party does not cure the breach or end the violation within a reasonable timeframe not to exceed 30 days from the notification of the breach, or if a material term of the BAA has been breached and a cure is not possible, the non-breaching party may terminate this BAA and the Agreement upon written notice to the other party.
    3. Effect of Termination. Upon termination of this BAA for any reason, the parties agree that Business Associate shall return to Covered Entity or, if agreed to by Covered Entity, destroy all PHI received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, that the Business Associate still maintains in any form. The PHI shall be returned in a format that is reasonably expected to preserve its accessibility and usability. Business Associate shall retain no copies of the PHI. Provisions of this BAA which by their nature should apply beyond their terms will remain in force after any termination of this BAA.
  7. MISCELLANEOUS.
    1. Compliance. The parties agree to take such action as is necessary to amend this BAA to comply with the requirements of the Privacy Rule, the Security Rule, HIPAA, ARRA, the HITECH Act, the Consolidated Appropriations Act, 2021 (CAA-21), the HIPAA Rules, and any other applicable law.
    2. Interpretation. This BAA shall be interpreted in the following manner: (a) any ambiguity shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules; (b) any inconsistency between the BAA’s provisions and the HIPAA Rules, including all amendments, as interpreted by the HHS, a court, or another regulatory agency with authority over the Parties, shall be interpreted according to the interpretation of the HHS, the court, or the regulatory agency; and (c) any provision of this BAA that differs from those required by the HIPAA Rules, but is nonetheless permitted by the HIPAA Rules, shall be adhered to as stated in this BAA.

Entirety and Law. This BAA constitutes the entire agreement between the parties related to the subject matter of this BAA, except to the extent that the Agreement imposes more stringent requirements related to the use and protection of PHI upon Business Associate. Except to the extent preempted by federal law, this BAA shall be governed by and construed in accordance with the same internal laws as that of the Agreement.