Terms of Service

1. Definitions

• “Agreement” — These Terms, together with any Order Form, BAA, SLA, and all policies incorporated by reference.
• “Authorized Users” — Customer's employees, contractors, and agents who are authorized to access the Services under Customer's subscription.
• “Customer Data” — All data, including PHI, that Customer or its Authorized Users submit to, store in, or process through the Services.
• “Documentation” — User guides, technical specifications, API documentation, and other materials describing the functionality of the Services.
• “Order Form” — A mutually executed document specifying the Services, fees, term, and any service-specific terms.
• “PHI” — Protected Health Information as defined in 45 CFR § 160.103.
• “Services” — The Hoss Care platform, software, APIs, and related professional services as described in the applicable Order Form.
• “Subscription Term” — The period during which Customer has paid access to the Services, as specified in the Order Form.

2. Eligibility and Account Registration

• You must be at least eighteen (18) years old and have the legal authority to bind the organization you represent to these Terms.
• You must be a healthcare provider, health plan, healthcare clearinghouse, or a business associate of such entities, or otherwise have a lawful basis to access and use healthcare technology services.
• You are responsible for maintaining the confidentiality of account credentials and for all activity under your account.
• You agree to provide accurate, current, and complete registration information and to update it as necessary.
• You must immediately notify us at security@hosscare.com of any unauthorized use of your account or any security breach.

3. Description of Services

Hoss Care provides a cloud-based healthcare technology platform including, but not limited to:

• Remote Patient Monitoring (RPM) with device integration and clinical workflows
• Chronic Care Management (CCM) tools and care plan management
• Behavioral Health Integration (BHI) modules
• Transitional Care Management (TCM) coordination
• Annual Wellness Visit (AWV) scheduling and documentation
• Clinical documentation and reporting
• EHR/EMR integration via HL7 FHIR, API, and other standard interfaces
• Patient engagement and communication tools
• Analytics and population health dashboards
• Implementation, training, and ongoing support services

Specific Services, features, and service levels are defined in the applicable Order Form. We reserve the right to modify, enhance, or discontinue features with reasonable notice, provided that no material reduction in functionality occurs during a paid Subscription Term without Customer consent.

4. Authorized Use and Restrictions

Subject to these Terms and payment of applicable fees, we grant you a non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the Subscription Term solely for your internal healthcare operations.

You shall NOT:

• License, sublicense, sell, resell, rent, lease, or distribute the Services to third parties
• Reverse engineer, decompile, disassemble, or attempt to derive the source code of the Services
• Modify, adapt, or create derivative works based on the Services
• Use the Services to build a competing product or service
• Circumvent or disable any security or access control features
• Transmit malware, viruses, or other harmful code through the Services
• Use the Services in violation of any applicable law, regulation, or third-party right
• Access the Services on behalf of or for the benefit of any entity other than Customer without our prior written consent
• Exceed usage limits specified in your Order Form or use automated means to overload the Services

5. Healthcare Regulatory Compliance

Both parties acknowledge their respective obligations under applicable healthcare laws and regulations:

• HIPAA/HITECH — We maintain compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. The parties' respective obligations regarding PHI are governed by the Business Associate Agreement.
• State Privacy Laws — We comply with applicable state health information privacy laws where they provide protections that are more stringent than HIPAA.
• 42 CFR Part 2 — If Customer processes substance abuse treatment records, additional restrictions apply and must be documented in the Order Form or BAA addendum.
• Anti-Kickback Statute / Stark Law — Nothing in this Agreement is intended to constitute or create a referral arrangement. Fees are based on fair market value for services rendered.
• Customer Responsibility — Customer remains responsible for its own regulatory compliance, including ensuring appropriate patient consents, clinical decision-making, professional licensing, and compliance with Medicare/Medicaid conditions of participation.

6. PHI and Data Ownership

• Customer Ownership — Customer retains all right, title, and interest in and to Customer Data, including all PHI. Nothing in this Agreement transfers ownership of Customer Data to Hoss Care.
• Limited License — Customer grants us a limited, non-exclusive license to use Customer Data solely to provide and improve the Services, perform our obligations under this Agreement, and comply with applicable law.
• De-Identified Data — We may create de-identified data from Customer Data in accordance with 45 CFR § 164.514. De-identified data is not Customer Data and may be used for analytics, benchmarking, and product improvement.
• No Sale — We will never sell Customer Data or PHI. We do not use Customer Data for advertising or marketing purposes.
• Data Segregation — Customer Data is logically segregated from other customers' data using tenant isolation controls.

7. Business Associate Agreement

If Customer is a Covered Entity or Business Associate under HIPAA and the Services involve processing PHI, the parties will execute a Business Associate Agreement (“BAA”) prior to any PHI being transmitted to or processed by the Services. The BAA is incorporated into and forms part of this Agreement. In the event of a conflict between these Terms and the BAA regarding PHI, the BAA shall control. Our standard BAA is available at hosscare.com/baa and may be executed electronically. No PHI shall be submitted to the Services until a BAA is fully executed.

8. Service Levels and Availability

• Uptime Commitment — We target 99.9% monthly uptime for the production Services, excluding scheduled maintenance and force majeure events.
• Scheduled Maintenance — We will provide at least seventy-two (72) hours' advance notice for planned maintenance windows and will schedule maintenance during off-peak hours when possible.
• Service Credits — If monthly uptime falls below the committed level, Customer may be eligible for service credits as described in the applicable Order Form or SLA addendum.
• Support — Standard support includes email and ticketing during business hours. Enhanced support tiers (24/7, dedicated CSM, priority response) are available per Order Form.
• Disaster Recovery — We maintain documented disaster recovery procedures with defined Recovery Time Objective (RTO) and Recovery Point Objective (RPO) commitments as specified in our SLA documentation.

9. Fees and Payment Terms

• Fees — Customer shall pay all fees specified in the Order Form. Fees are exclusive of applicable taxes unless otherwise stated.
• Payment Terms — Unless otherwise specified, invoices are due within thirty (30) days of the invoice date. We accept payment via ACH, wire transfer, and major credit cards.
• Late Payment — Overdue amounts accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law. We may suspend access to the Services for accounts more than thirty (30) days overdue after providing ten (10) days' written notice.
• Price Changes — We may adjust fees upon renewal with at least sixty (60) days' written notice prior to the start of a renewal term.
• Taxes — Customer is responsible for all sales, use, VAT, or similar taxes. Customer shall provide valid exemption certificates where applicable.

10. Intellectual Property

• Company IP — We retain all right, title, and interest in the Services, Documentation, and all related technology, including all patents, copyrights, trade secrets, trademarks, and other intellectual property rights.
• Customer IP — Customer retains all rights in Customer Data, Customer's trademarks, and any materials provided by Customer for use with the Services.
• Feedback — If Customer provides suggestions, enhancement requests, or other feedback regarding the Services, we may freely use such feedback without obligation or compensation to Customer.
• No Implied Rights — Except as expressly stated herein, neither party grants the other any rights to its intellectual property.

11. Confidentiality

• Definition — “Confidential Information” means all non-public information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential, including business plans, pricing, technical data, Customer Data, and security assessments.
• Obligations — The receiving party shall: (a) use Confidential Information only to perform its obligations under this Agreement; (b) protect Confidential Information using at least the same degree of care as it uses for its own confidential information (but no less than reasonable care); and (c) limit access to those with a need to know who are bound by confidentiality obligations.
• Exclusions — Confidential Information does not include information that: is or becomes publicly known through no fault of the receiving party; was rightfully in the receiving party's possession prior to disclosure; is independently developed without reference to Confidential Information; or is rightfully obtained from a third party without restriction.
• Compelled Disclosure — If compelled to disclose by law, the receiving party shall provide prompt notice (where legally permitted) and cooperate to obtain protective treatment.
• Duration — Confidentiality obligations survive termination for three (3) years, except for trade secrets (indefinite) and PHI (governed by BAA/HIPAA).

12. Representations and Warranties

Company represents and warrants that:

• The Services will perform materially in accordance with the Documentation during the Subscription Term
• We will provide the Services in a professional and workmanlike manner consistent with industry standards
• We maintain appropriate security measures as described in our HIPAA Compliance documentation
• We have the legal right and authority to enter into this Agreement and provide the Services
• The Services, to our knowledge, do not infringe the intellectual property rights of any third party

Customer represents and warrants that:

• Customer has the legal right and authority to enter into this Agreement and to provide Customer Data for processing
• Customer's use of the Services complies with all applicable laws, regulations, and professional standards
• Customer has obtained all necessary consents and authorizations for the processing of data through the Services
• Customer's Authorized Users will comply with these Terms and all applicable policies

13. Disclaimer of Warranties

EXCEPT FOR THE EXPRESS WARRANTIES IN SECTION 12, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.

THE SERVICES DO NOT CONSTITUTE MEDICAL ADVICE, DIAGNOSIS, OR TREATMENT. WE ARE A TECHNOLOGY PROVIDER AND DO NOT PRACTICE MEDICINE. ALL CLINICAL DECISIONS REMAIN THE SOLE RESPONSIBILITY OF LICENSED HEALTHCARE PROFESSIONALS. CUSTOMER ACKNOWLEDGES THAT THE SERVICES ARE TOOLS TO SUPPORT, NOT REPLACE, PROFESSIONAL CLINICAL JUDGMENT.

14. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• Consequential Damages Exclusion — Neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, or loss of profits, revenue, data (other than obligations related to Customer Data under the BAA), or business opportunity, regardless of the theory of liability, even if advised of the possibility.
• Liability Cap — Each party's total aggregate liability under this Agreement shall not exceed the greater of (a) the total fees paid or payable by Customer in the twelve (12) months preceding the claim, or (b) one hundred thousand dollars ($100,000 USD).
• Carve-Outs — The limitations in this section do NOT apply to: (i) breaches of confidentiality obligations related to PHI; (ii) indemnification obligations under Section 15; (iii) either party's willful misconduct or gross negligence; (iv) Company's obligations under the BAA regarding PHI breaches; or (v) fees owed by Customer.

15. Indemnification

Company Indemnification:We will defend, indemnify, and hold harmless Customer from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) our breach of the BAA or unauthorized disclosure of PHI caused by our failure to implement required safeguards; (b) infringement of third-party intellectual property rights by the Services; or (c) our gross negligence or willful misconduct.

Customer Indemnification:Customer will defend, indemnify, and hold harmless Company from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) Customer Data or Customer's use of the Services in violation of law or these Terms; (b) Customer's breach of its representations and warranties; or (c) disputes between Customer and its patients or end users related to clinical care decisions.

Procedure:The indemnified party must: provide prompt written notice; grant the indemnifying party sole control of the defense and settlement (provided no settlement admits liability for the indemnified party without consent); and provide reasonable cooperation at the indemnifying party's expense.

16. Term and Termination

• Term — The initial Subscription Term is specified in the Order Form. Unless either party provides written notice of non-renewal at least sixty (60) days before the end of the then-current term, the Agreement automatically renews for successive one-year periods.
• Termination for Cause — Either party may terminate this Agreement upon thirty (30) days' written notice if the other party materially breaches and fails to cure within the notice period. Either party may terminate immediately upon written notice if the other party becomes insolvent, files for bankruptcy, or ceases operations.
• Termination for Convenience — Customer may terminate for convenience upon sixty (60) days' written notice, subject to payment of fees for the remainder of the then-current term unless otherwise agreed.
• Effect of Termination — Upon termination: (a) Customer's access to the Services will cease; (b) Customer must pay all outstanding fees; (c) each party must return or destroy the other party's Confidential Information; and (d) obligations regarding PHI survival per the BAA (Section 17 below).

17. Data Portability and Transition Assistance

• Data Export — Upon termination or expiration, and upon Customer's written request made within sixty (60) days after termination, we will make Customer Data available for export in a standard, machine-readable format (e.g., CSV, JSON, HL7 FHIR) at no additional charge.
• Transition Period — We will provide a transition assistance period of up to sixty (60) days following termination to facilitate orderly migration of Customer Data and services.
• Deletion After Transition — After the transition period (or if Customer does not request data export), all Customer Data and PHI will be securely destroyed in accordance with the BAA and NIST SP 800-88. Written certification of destruction is available upon request.
• Extended Transition — Additional transition assistance beyond the standard period is available at our then-current professional services rates.

18. Governing Law and Dispute Resolution

• Governing Law — This Agreement shall be governed by and construed in accordance with the laws of the State of New York, without regard to its conflict of law principles.
• Informal Resolution — Before initiating formal dispute resolution, the parties agree to attempt in good faith to resolve any dispute through direct negotiation between senior executives for a period of thirty (30) days.
• Arbitration — If informal resolution fails, disputes shall be resolved through binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. Arbitration shall take place in New York, New York before a single arbitrator with healthcare industry experience. The arbitrator's decision is final and binding and may be entered as a judgment in any court of competent jurisdiction.
• Injunctive Relief — Notwithstanding the above, either party may seek injunctive or equitable relief in any court of competent jurisdiction to prevent unauthorized use or disclosure of Confidential Information or PHI, infringement of intellectual property rights, or other irreparable harm.
• Class Action Waiver — The parties agree to resolve disputes individually and waive any right to participate in a class, collective, or representative action.

19. Force Majeure

Neither party shall be liable for any failure or delay in performing its obligations (other than payment obligations) where such failure or delay results from Force Majeure events, including but not limited to: natural disasters, pandemics, acts of government, war, terrorism, civil unrest, labor disputes, power failures, internet or telecommunications outages, or cyberattacks beyond the affected party's reasonable control. The affected party must provide prompt notice and use commercially reasonable efforts to mitigate the impact and resume performance. If a Force Majeure event continues for more than sixty (60) days, either party may terminate the affected portion of this Agreement without liability.

20. Severability

If any provision of this Agreement is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions shall continue in full force and effect. The invalid provision shall be reformed to the minimum extent necessary to make it valid and enforceable while preserving the parties' original intent. If reformation is not possible, the provision shall be severed and the remaining Agreement shall be interpreted as if the invalid provision were never included.

21. Entire Agreement and Amendments

This Agreement, including all Order Forms, the BAA, and all policies incorporated by reference, constitutes the entire agreement between the parties regarding its subject matter and supersedes all prior agreements, representations, and understandings. No modification to this Agreement shall be effective unless: (a) made in writing and signed by both parties; or (b) for updates to these Terms generally, we provide at least thirty (30) days' written notice and Customer continues to use the Services after the effective date of changes. Material changes that adversely affect Customer's rights during a Subscription Term require Customer's affirmative consent.

22. Assignment and Notices

• Assignment — Neither party may assign this Agreement without the other party's prior written consent, except in connection with a merger, acquisition, or sale of all or substantially all assets (provided the assignee assumes all obligations and the assignment does not diminish PHI protections).
• Notices — All legal notices must be in writing and delivered via email (with confirmed receipt), certified mail, or overnight courier to the addresses specified in the Order Form or as updated by written notice.