DeepCura
LEGAL

Terms of Service & BAA

Last updated on February 16, 2026.

SERVICES AGREEMENT

Thank you for using the DeepCura AI website at https://deepcura.com (the “Site”) and using DeepCura's (“Company” or “we” or “our” or “us”) corresponding notes platform available through the Site (“Platform”) that, along with such other functionality as the Company may make available through the Platform from time to time, allows medical providers to learn, organize, and curate medical knowledge (the Platform, collectively with the Site and the “Services”). These Terms of Services (“Agreement”) govern your browsing, viewing and other use of the Services.

Please read this Agreement carefully, as it (among other things) provides: (a) in Section 14 that you and the Company will arbitrate certain claims instead of going to court and that you will not bring class action claims against the Company; (b) in Section 5 that certain terms and conditions apply with respect to recurring subscription charges for certain paid account types. Please only create a Services account or otherwise use the Services if you agree to be legally bound by all terms and conditions herein. Your acceptance of this Agreement creates a legally binding contract between you and the Company. If you do not agree with any aspect of this Agreement, then do not create a Services account or otherwise use the Services.

If you are viewing this on your mobile device, you can also view this Agreement via a web browser on your computer at https://deepcura.com/termsofservice/.

Note for Children. Use of the Services by anyone under the age of 18 is prohibited. By using the Services, you represent and warrant that are you at least 18 years of age.

The Company's Privacy Policy, at https://deepcura.com/privacypolicy (the “Privacy Policy”), describes the collection, use and disclosure of data and information by the Company in connection with the Services. The Privacy Policy, as may be updated by the Company from time to time in accordance with its terms, is hereby incorporated into this Agreement, and you hereby agree to the collection, use and disclose practices set forth therein.

You understand and agree that the Services are not intended to store personal information and/or protected health information of any patient or other third party (“Protected Information”). Protected Information is subject to the Health Insurance Portability and Accountability Act (“HIPAA”) and other laws, rules and regulations. We clearly stipulate under this agreement that all Protected Health information is not used for training of Artificial Intelligence models or stored in our servers permanently, PHI is only managed by DeepCura while in transit when the logic of our application perform the services that we promise under this agreement.

1. How the Services Work

In addition to other functionality we may make available from time to time through the Services, the Services allow users to aspire and analyze cases over a lifetime to promote clinical mastery. Functionality available through the Services may allow you to deepen and refine your knowledge base and share your notes with other users of the Services to optimize understanding and retention.

AI Receptionist

The Services include an AI-powered virtual receptionist (“AI Receptionist”) that handles inbound and outbound telephone communications on behalf of your practice. The AI Receptionist may perform the following functions: (i) answer and manage incoming calls; (ii) schedule, reschedule, and cancel patient appointments natively within the Platform; (iii) process payments, generate invoices, and manage recurring subscription billing on behalf of your practice through integrated third-party payment infrastructure; (iv) perform warm call transfers to designated members of your staff; and (v) respond to general practice inquiries based on information provided by you. The AI Receptionist is configured through a conversational onboarding process in which the AI interviews the authorized practice representative to learn about the practice's operations, preferences, and workflows, and may be further refined through subsequent conversations. You are solely responsible for the accuracy and completeness of all information provided to the AI Receptionist during setup and ongoing use, and for reviewing and approving the AI Receptionist's configuration before activating it for patient-facing communications.

2. Representations and Warranties; User Responsibilities

2A.1. Recording Functionality

The Services include functionality that captures audio recordings of clinical encounters for the purpose of generating AI-assisted clinical documentation. By activating the recording features of the Services, you acknowledge that audio from the clinical encounter will be captured, transmitted to third-party processing services (including speech-to-text and AI language model providers), and used to generate draft clinical notes.

2A.2. Provider's Obligation to Obtain Patient Consent

YOU ARE SOLELY RESPONSIBLE FOR OBTAINING INFORMED CONSENT FROM ALL PARTICIPANTS IN A CLINICAL ENCOUNTER BEFORE ACTIVATING ANY RECORDING FUNCTIONALITY. This includes, at minimum: (i) verbally informing each patient (or their legal representative) that the encounter will be audio-recorded; (ii) explaining that the recording will be processed by AI technology for documentation purposes; (iii) informing the patient that the recording will be transmitted to third-party processors under Business Associate Agreements; (iv) providing each patient a meaningful opportunity to decline recording without any adverse effect on the quality of care received; and (v) documenting the patient's consent or refusal in the medical record. In jurisdictions requiring written consent for audio recording or disclosure of medical information to third parties (including but not limited to California, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Pennsylvania, and Washington), you must obtain written consent prior to recording. The Company provides an automated audio disclaimer as a supplementary safeguard, but this does not substitute for your independent obligation to obtain patient consent.

2A.3. Automated Disclaimer

The Services include an automated audio disclaimer that plays prior to the commencement of recording. This disclaimer is a supplementary notice and does not constitute legally sufficient patient consent. You must not rely solely on this automated disclaimer to satisfy your consent obligations under applicable law.

2A.4. AI-Assisted Consent Collection

The Services may offer optional AI-assisted patient consent collection tools (such as a digital consent workflow). Use of these tools is optional and supplementary. You remain solely responsible for verifying that valid consent has been obtained in compliance with applicable law prior to activating any recording functionality, regardless of whether you use the AI-assisted consent collection features.

2A.5. Data Processing and Retention

Audio recordings captured through the Services are transmitted via encrypted channels to third-party processing services for transcription and AI-assisted note generation. Audio recordings are not permanently stored on Company servers and are deleted unless the user opt ins into our backup feature that allows to playback the recordings. Transcripts generated from recordings are retained only as necessary to deliver the Services and are subject to the data handling provisions of this Agreement and the BAA. The Company does not use audio recordings or transcripts containing Protected Health Information for training AI models.

2A.6. Deletion Requests

You or your patients may request deletion of audio recordings and associated transcripts by contacting contact@deepcura.com. The Company will confirm deletion within 30 business days of receiving a valid request. You acknowledge that once AI-generated clinical notes have been reviewed, approved, and incorporated into a medical record by a provider, such notes become part of the medical record and are subject to applicable medical record retention laws.

2A.7. Status of AI-Generated Documentation

AI-generated notes, summaries, and other documentation produced by the Services are draft materials intended solely as documentation aids for licensed healthcare providers. Such materials do not constitute official medical records until independently reviewed, edited, and approved by a licensed provider. You are solely responsible for the accuracy and completeness of any documentation incorporated into a patient's medical record.

2A.8. Prohibited Use Without Consent

You shall not use the recording functionality of the Services in any clinical encounter where informed consent has not been obtained from all participants. Violation of this provision constitutes a material breach of this Agreement.

2A.9. Indemnification for Recording

Without limiting Section 12, you agree to indemnify and hold the Company harmless from any claims, damages, or liabilities arising from your failure to obtain proper consent before recording, your failure to comply with applicable recording consent laws, or your misuse of the recording functionality.

2B. AI Receptionist

2B.1. Nature of Service

The AI Receptionist is an automated telephone communication tool powered by artificial intelligence. It is not a licensed healthcare provider, financial advisor, or legal professional. The AI Receptionist does not provide medical advice, diagnoses, or treatment recommendations. You are solely responsible for ensuring that the AI Receptionist's responses and actions are appropriate for your practice and comply with all applicable laws and regulations.

2B.2. Scheduling

The AI Receptionist may schedule, reschedule, or cancel appointments on behalf of your practice based on the availability rules and preferences you configure. You are solely responsible for reviewing and confirming all appointment changes and for ensuring your scheduling parameters are accurate and current. The Company is not liable for missed, double-booked, or incorrectly scheduled appointments resulting from inaccurate configuration, system latency, or AI error.

2B.3. Payment Processing and Financial Services

The AI Receptionist integrates with Stripe, Inc. (“Stripe”) and potentially other third-party payment processors to enable over-the-phone payment collection, invoice generation, and recurring subscription billing on behalf of your practice. By activating the AI Receptionist's payment features, you acknowledge and agree that:

(a) Your Stripe Account

You must establish and maintain your own Stripe account (or account with another supported payment processor) and agree to Stripe's (or such processor's) terms of service and connected account agreement. The Company is not a party to, and has no liability under, your agreement with Stripe or any other payment processor.

(b) Platform Fee

The Company charges a percentage-based platform fee on each transaction processed through the AI Receptionist's payment functionality (“Platform Fee”). The applicable Platform Fee rate will be disclosed to you prior to activation of the payment features and may be modified from time to time upon at least thirty (30) days' prior written notice. The Platform Fee is in addition to any fees charged by Stripe or other payment processors. By activating the payment features, you authorize the Company (or its payment processor) to deduct the Platform Fee from transaction proceeds or charge it to your designated payment method.

(c) No Financial Advice

The AI Receptionist does not provide financial, tax, or legal advice. You are solely responsible for determining appropriate pricing, billing practices, and compliance with all applicable financial regulations, including state and federal consumer protection laws, truth-in-lending requirements, and healthcare billing regulations.

(d) Transaction Accuracy

You are solely responsible for verifying the accuracy of all payments collected, invoices generated, and subscription plans created by the AI Receptionist. The Company does not guarantee the accuracy of any financial transaction processed through the AI Receptionist and shall not be liable for overcharges, undercharges, duplicate charges, failed transactions, or billing errors.

(e) Refunds and Disputes

You are solely responsible for managing all refund requests, chargebacks, and payment disputes arising from transactions processed through the AI Receptionist. The Company shall have no obligation to mediate or resolve payment disputes between you and your patients or customers.

(f) Recurring Billing

If you use the AI Receptionist to establish recurring subscription billing for patients or customers, you are solely responsible for obtaining proper authorization and consent from the payer, providing required disclosures under applicable law (including cancellation rights), and managing subscription modifications and cancellations. The Company is not liable for unauthorized recurring charges resulting from your failure to obtain proper consent or maintain accurate billing records.

(g) PCI Compliance

Payment card data processed through the AI Receptionist is handled by Stripe (or the applicable payment processor) in accordance with Payment Card Industry Data Security Standards (PCI DSS). The Company does not store, process, or have direct access to payment card numbers. You agree not to request or instruct the AI Receptionist to store payment card information outside of the integrated payment processor's systems.

2B.4. Warm Transfers

The AI Receptionist can transfer live calls to designated staff members based on your configuration. You are responsible for maintaining accurate and current contact information for staff members and for ensuring that transferred calls are handled appropriately. The Company is not liable for failed transfers, dropped calls, misdirected transfers, or the conduct of your staff following a transfer.

2B.5. Setup and Configuration

The AI Receptionist is configured through an interactive conversational process rather than traditional form-based setup. You acknowledge that (i) the quality and accuracy of the AI Receptionist's performance depends directly on the quality and accuracy of information you provide during setup and subsequent refinement conversations; (ii) you are responsible for testing the AI Receptionist's configuration before deploying it in a live patient-facing environment; and (iii) the Company does not guarantee that the AI Receptionist will perform flawlessly in all scenarios, and you should monitor its performance and update its configuration as needed.

2B.6. Telephone and Communications Compliance

You are solely responsible for compliance with all applicable telecommunications laws and regulations in connection with your use of the AI Receptionist, including but not limited to the Telephone Consumer Protection Act (TCPA), state telemarketing and auto-dialing laws, and any requirements to disclose that a caller is interacting with an AI system. You agree to configure appropriate disclosures and obtain required consents before deploying the AI Receptionist for outbound calls or communications.

2B.7. Limitation of AI Receptionist Liability

WITHOUT LIMITING THE GENERAL LIMITATION OF LIABILITY IN SECTION 13, THE COMPANY SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES ARISING FROM OR RELATED TO: (i) ERRORS, OMISSIONS, OR INACCURACIES IN THE AI RECEPTIONIST'S COMMUNICATIONS WITH CALLERS; (ii) LOST REVENUE, LOST PATIENTS, OR BUSINESS INTERRUPTION RESULTING FROM AI RECEPTIONIST DOWNTIME, ERRORS, OR MISCOMMUNICATION; (iii) ANY PAYMENT PROCESSING ERRORS, FAILED TRANSACTIONS, UNAUTHORIZED CHARGES, OR BILLING DISPUTES; (iv) SCHEDULING ERRORS OR MISSED APPOINTMENTS; (v) FAILED OR MISDIRECTED CALL TRANSFERS; OR (vi) ANY ACTIONS TAKEN OR NOT TAKEN BY THE AI RECEPTIONIST BASED ON INACCURATE, INCOMPLETE, OR OUTDATED INFORMATION PROVIDED BY YOU DURING SETUP OR OPERATION.

2B.8. Indemnification for AI Receptionist and Payment Processing

Without limiting Section 12, you agree to indemnify, defend, and hold the Company and its officers, directors, employees, agents, and affiliates harmless from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to: (i) your use or misuse of the AI Receptionist; (ii) your failure to comply with applicable telecommunications, financial, consumer protection, or healthcare regulations in connection with the AI Receptionist; (iii) payment disputes, chargebacks, refund claims, or billing errors arising from transactions processed through the AI Receptionist; (iv) your failure to obtain proper authorization for recurring billing; (v) any claims by patients, customers, or third parties arising from communications made by the AI Receptionist on your behalf; and (vi) inaccurate or incomplete information provided by you during AI Receptionist setup or operation.

2.1.

You represent, warrant and covenant that, in connection with this Agreement or the Services, you will not and will not attempt to: (i) violate any laws, third party rights or our community guidelines and other policies; (ii) re-join or attempt to use the Services if the Company has banned or suspended you; (iii) defraud the Company or another user; or (iv) use another user's account or allow another person to use your user account. Any illegal activities undertaken in connection with the Services may be referred to the authorities.

2.2.

By using the Services, you hereby expressly agree that you are solely responsible for ensuring: (i) the protection and maintenance of the hardware and software on which you use the Services (“Equipment”); (ii) adequate safeguards are in place to protect the Equipment and the physical location in which the Services are used; (iii) that the Equipment is protected from theft, damage, corruption, alteration, unauthorized access, virus, malware etc.; (iv) that the Services are not accessed by any unauthorized individual; (v) compliance with applicable data privacy laws relating to your use of the Services, including HIPAA, the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009, and related regulations.(vi) obtaining informed consent from all participants in any clinical encounter before activating any recording or transcription functionality of the Services, in compliance with all applicable federal and state laws regarding audio recording, wiretapping, and electronic surveillance, including two-party/all-party consent jurisdictions.

2.3.

The Services and Company Materials (as defined in Section 4), and any information contained or entered therein, in no way replaces or substitutes your professional judgment or skill. You accept all risks arising from, and are solely responsible for, your professional, advisory, analytical and technical services including patient examination, diagnosis, prescription, treatment and personal injury or loss of life. Neither Company nor its third-party service providers assume any responsibility for your actions. Without limiting the foregoing, you acknowledge and agree that any examples of potential diagnoses or other output generated using the artificial intelligence or machine learning functionality available on the Services (such as DeepCura AI) may be incorrect, harmful, or biased, and you will not rely on or substitute such examples or output for your own professional judgment.

2.4.

The Services and any Company Materials made available through the Services are a non-device clinical decision support software application within the meaning of Section 520(o)(1)(E) of the federal Food, Drug and Cosmetic Act, 21 U.S.C. Sec. 360j(o)(1), and the regulations and guidance issued by the U.S. Food and Drug Administration to implement that provision. By accessing or using the Services and Company Materials, you agree to only use the Services and Company Materials in this manner and solely for this purpose. The artificial intelligence or machine learning functionality available on the Services (“DeepCura AI”) are intended for use only by healthcare providers and are not intended for use by the general public. If you are not a healthcare provider, you are not authorized to and will not access or use the DeepCura AI functionality. If you access or use DeepCura AI, you attest that you are a healthcare provider and agree that the application is: (1) not intended to acquire, process, or analyze a medical image or a signal from an in vitro diagnostic device or a pattern or signal from a signal acquisition system; (2) intended for the purpose of displaying, analyzing, or printing medical information about a patient or other medical information; (3) intended for the purpose of supporting or providing recommendations to a health care professional about prevention, diagnosis, or treatment of a disease or condition; and (4) intended for the purpose of enabling such health care professional to independently review the basis for such recommendations that such software presents so that it is not the intent that such health care professional rely primarily on any of such recommendations to make a clinical diagnosis or treatment decision regarding an individual patient.

For further explicit clarification, here are the prohibited use cases:

  • Software function that uses a patient's image sets (e.g., CT, magnetic resonance (MR)) to create an individual treatment plan for review by an HCP
  • Software function that manipulates or analyzes images and other data obtained from a radiological device
  • Software function that manipulates or interpolates data from a patient's CT scan
  • Software function that identifies patients with possible and specific diagnosis
  • Software function that analyzes multiple signals (e.g., perspiration rate, heart rate, eye movement, breathing rate) from wearable products
  • Software function that analyzes near-infrared camera images
  • Software function that calculates the fractal dimension of a lesion and surrounding skin
  • Software function that analyzes CT images
  • Software function that is intended to perform image analysis for diagnosis.
  • Software function that analyzes any medical signals
  • Software function that analyzes patient-specific medical information to detect a lifethreatening condition
  • Software function that provides a prioritized list of possible diagnoses of a patient's abnormality based on analysis of its size, shape, appearance, or other functional aspects visible in an image
  • Software function that analyzes sound waves captured when users cough or recite certain sentences
  • Software function that analyzes breathing patterns from a sleep apnea monitor
  • Software function that analyzes images of body fluid preparations or digital slides (digital pathology) to perform cell counts and morphology reviews
  • Software function that uses a variant call format (VCF) file containing patient-specific genetic variants and mutations identified from a Next Generation Sequencing (NGS)
  • Software function that acquires and analyzes electrical signals from ECG leads to generate an ECG waveform
  • Software function that analyzes and interprets five sequential RR interval measurements from Holter monitor data

3. Ownership; Proprietary Rights

As between you and the Company, the Company owns all worldwide right, title and interest, including all intellectual property and other proprietary rights, in and to the Services, all content, text, information, data and other content displayed or made available through the Services, and all usage and other data generated or collected in connection with the use thereof (the “Company Materials”). Except for as expressly set forth herein, you agree not to license, distribute, copy, modify, publicly perform or display, transmit, publish, edit, adapt, create derivative works from, or otherwise make any unauthorized use of the Company Materials. You agree not to reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, algorithm or programs underlying the Company Materials. The Company reserves the right to modify or discontinue the Services or any version(s) thereof at any time in its sole discretion, with or without notice.

4. Third Party Sites

The Services may include advertisements or other links that allow you to access web sites or other online services that are owned and operated by third parties. You acknowledge and agree that the Company is not responsible and shall have no liability for the content of such third-party sites and services, products or services made available through them, or your use of or interaction with them.

5. Payments

5.1. General

Payment processing for the Services is provided by Wix.com Ltd. (“Wix”) or other third-party payment processors we may utilize from time to time (“Payment Processor”). Company does not collect or store your credit card information. You can find out more about our privacy practices in our Privacy Policy. By providing a credit card or other payment method accepted by Company and using the Services, you represent and warrant that you are authorized to use the designated payment method. If the payment method you provide cannot be verified, is invalid or is otherwise not acceptable, your account may be suspended or cancelled. You must resolve any problem we or our Payment Processor encounter in order to proceed with your use of your account.

5.2. Fees for Services Account

By signing up for any paid account and providing your payment information, you agree to pay us (and authorize our Payment Processor to charge you) the recurring and/or nonrecurring fees as displayed to you at the time you create your account and as may be modified from time to time as described in this Agreement, as well as any other fees you expressly choose to incur in connection with your use of the Services. Unless otherwise specified upon enrollment, for subscription products or services, your payment method will be authorized for up to a month for the applicable account type and on a monthly basis thereafter until you cancel the subscription. You acknowledge and agree that the payment method provided by you will be automatically charged the fees you incur in connection with your use of the Services and represent and warrant that you have all necessary rights relating to such payment instrument to authorize Company to make such charges. Your use of the Services may be suspended if we are unable to charge such payment instrument for any reason or if your account is otherwise past due. The fees applicable to your account may be subject to modification from time to time pursuant to notice (which may be given via e-mail) provided by us at least thirty (30) days in advance of the payment date for which the modification would be effective. You may at any time cancel your account as set forth below if you do not agree to any modified fees. All fees must be paid in U.S. dollars (or such other currency(ies) which may be accepted by Company from time to time, as indicated at the time of payment) and are non-refundable.

5.3. Cancellation of Platform Account

YOU MAY CANCEL YOUR SUBSCRIPTION AT ANY TIME BY CONTACTING US BY DOWNGRADING YOUR ACCOUNT IN THE SETTINGS SECTION ON THE SITE. IF YOU CANCEL YOUR SUBSCRIPTION, YOU MAY STILL USE YOUR SUBSCRIPTION UNTIL THE END OF YOUR THEN-CURRENT SUBSCRIPTION MONTH. TO NOT BE CHARGED FOR YOUR SUBSCRIPTION FOR THE FOLLOWING SUBSCRIPTION MONTH, YOU MUST CANCEL YOUR SUBSCRIPTION AT LEAST THIRTY (30) DAYS PRIOR TO THAT MONTH, OR YOU WILL OTHERWISE BE CHARGED FOR THAT MONTH'S SUBSCRIPTION. ALL CANCELLATION REQUESTS RECEIVED LESS THAN THIRTY (30) DAYS BEFORE THE FOLLOWING SUBSCRIPTION MONTH WILL APPLY TO THE FOLLOWING CYCLE.

5.4. AI Receptionist Payment Processing Fees

If you activate the AI Receptionist's payment processing features, the Company will charge a Platform Fee calculated as a percentage of the gross amount of each transaction processed through the AI Receptionist, as disclosed to you at the time of activation. The Platform Fee is earned by the Company upon successful processing of each transaction and is non-refundable, even if the underlying transaction is later refunded, disputed, or charged back. The Company reserves the right to modify the Platform Fee upon thirty (30) days' prior written notice. You may deactivate the payment processing features at any time if you do not agree to the modified Platform Fee. Transaction processing fees charged by Stripe or other payment processors are separate from and in addition to the Company's Platform Fee, and are governed by your separate agreement with such processors.

6. Your Content

6.1.

You understand that all of Your Content is provided to you through the Services only on an “as-available” basis and the Company does not guarantee that the availability of Your Content will be uninterrupted or bug free. You agree you are responsible for all of Your Content and all activities that occur under your user account. As stated at the top of this Agreement, you are not permitted to include Protected Information in Your Content on the Services.

6.2.

You own all rights in Your Content. We do not claim ownership of Your Content and you are free to share Your Content with anyone else, wherever you want. However, we need certain legal permissions from you (known as a “license”) to provide you use of the Services. Except as set forth in this paragraph, we will not share Your Content with any third parties. You hereby grant the Company during the term of this Agreement a worldwide, non-exclusive, fully paid-up, royalty-free license to use, reproduce, display, transmit and prepare derivative works of Your Content, and to additionally distribute and publicly perform (such distribution and public performance solely in connection with the sharing functionality described below in this paragraph) Your Content to the extent necessary to (i) provide the functionality of the Services, including the sharing of Your Content with our third party service providers solely for use on our behalf in the provision of the Services; and (ii) on an aggregated or de-identified basis for purposes of developing and improving the Company's technology, databases, products, and services; (iii) to the extent set forth in our Privacy Policy. To the extent you share Your Content with other users through the Platform, you also hereby grant to each such user of the Services a non-exclusive license to access, view and/or download Your Content as permitted by the functionality of the Services and this Agreement. Patient data, including de-identified data, will never be sold to third parties for commercial purposes. Except for the license granted in Subpart (ii) above, the licenses in this paragraph end when Your Content is deleted from our systems. You can delete Your Content individually or all at once by deleting your account (as described in Section 11).

Audio recordings captured through the Services are processed transiently and deleted after processing the note. The Company does not retain audio recordings beyond the processing period unless the user opt ins into “back up” mode in their settings page, this feature allows them to playback each recording. The user may request to delete these recordings at any time.

6.3.

In connection with Your Content, you further agree that you will not: (i) use material that is subject to third party intellectual property or proprietary rights, including privacy and publicity rights, unless you are the owner of such rights or have permission from their rightful owner to post the material and to grant the Company all of the license rights granted herein; (ii) use Protected Information; (iii) use material that is unlawful, defamatory, libelous, threatening, pornographic, obscene, harassing, hateful, racially or ethnically offensive or encourages conduct that would be considered a criminal offense, violate any law or is otherwise inappropriate; or (iii) include advertisements or marketing content or solicitations of business, or any content of a commercial nature. The Company may investigate an allegation that any of Your Content does not conform this to Agreement and may determine in good faith and in its sole discretion whether to remove such of Your Content, which it reserves the right to do at any time. If you are a copyright holder and believe in good faith that your content has been made available through the Platform without your authorization, you may follow the process outlined at contact@deepcura.com to notify the Company's designated agent (pursuant to 17 U.S.C. § 512(c)) and request that the Company remove such content.

6.4.

You hereby acknowledge that you may be exposed to content from other users that is inaccurate, offensive, obscene, indecent, or objectionable when using the Services, and further acknowledge that the Company does not control the content shared by users and does not have any obligation to monitor such content for any purpose.

7. Prohibited Uses

As a condition of your use of the Services, you will not use the Services for any purpose that is unlawful or prohibited by this Agreement. You may not use the Services in any manner that in our sole discretion could damage, disable, overburden, impair or interfere with any other party's use of it. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Services. You agree not to scrape or otherwise use automated means to access or gather information from the Services and agree not to bypass any robot exclusion measures we may put into place. In addition, you agree not to use false or misleading information in connection with your user account and acknowledge that we reserve the right to disable any user account with a profile which we believe (in our sole discretion) is false or misleading (including a profile that impersonates a third party).

8. Additional Terms

When you use certain features or materials on the Services, or participate in a particular promotion, event or contest through the Services, such use or participation may be subject to additional terms and conditions posted on the Services. Such additional terms and conditions are hereby incorporated within this Agreement, and you agree to comply with such additional terms and conditions with respect to such use or participation.

9. Termination

You may terminate this Agreement at any time, for any reason or for no reason, by deleting your Services account by contacting us at contact@deepcura.com. Note that deleting the App from your device will not terminate your Services account. You agree that the Company, in its sole discretion and for any or no reason, may terminate this Agreement, your account or your use of the Services, at any time and without notice. The Company may also in its sole discretion and at any time discontinue providing the Services, or any part thereof, with or without notice. You agree that the Company shall not be liable to you or any third-party for any such termination. Sections 2, 2B, 4, 5, 6.3, 6.4, and 7 through 16 will survive any termination of this Agreement.

10. Apple

You hereby acknowledge and agree that Apple, Inc.: (i) is not a party to this Agreement; (ii) has no obligation whatsoever to furnish any maintenance or support services with respect to the App; (iii) is not responsible for addressing claims by you or any third party relating to the App, including any product liability claims, claims under consumer protection laws or claims under any other law, rule or regulation; (iv) has no responsibility to investigate, defend, settle or discharge any claim that the App or use thereof infringes any third party intellectual property rights; and (v) is a third party beneficiary of this Agreement with the right to enforce its terms against you directly.

11. Disclaimers; No Warranties

THE SERVICES AND ANY CONTENT, INFORMATION OR OTHER MATERIALS MADE AVAILABLE IN CONJUNCTION WITH OR THROUGH THE SERVICES ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMISSIBLE PURSUANT TO APPLICABLE LAW, THE COMPANY AND ITS LICENSORS, SERVICE PROVIDERS AND PARTNERS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT OF PROPRIETARY RIGHTS. THE COMPANY AND ITS LICENSORS, SERVICE PROVIDERS AND PARTNERS DO NOT WARRANT THAT THE FEATURES AND FUNCTIONALITY OF THE SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT THE SERVICES OR THE SERVERS THAT MAKE AVAILABLE THE FEATURES AND FUNCTIONALITY THEREOF ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE FOREGOING DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MIGHT HAVE ADDITIONAL RIGHTS.

12. Indemnification

You agree to indemnify and hold the Company and its affiliated companies, and each of their officers, directors and employees, harmless from any claims, losses, damages, liabilities, costs and expenses, including reasonable attorney's fees, (any of the foregoing, a “Claim”) arising out of or relating to your use or misuse of the Services, including without limitation any use of examples of diagnoses or other output generated using the artificial intelligence or machine learning functionality available on the Services (such as DeepCura), your provision of professional, advisory, analytical and technical services including patient examination, diagnosis, prescription, treatment and personal injury or loss of life, breach of this Agreement, or infringement, misappropriation or violation of the intellectual property or other rights of any other person or entity, provided that the foregoing does not obligate you to the extent the Claim arises out of the Company's willful misconduct or gross negligence. The Company reserves the right, at our own expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of these claims.

13. Limitation of Liability and Damages

UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE, SHALL THE COMPANY OR ITS AFFILIATES, CONTRACTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR THIRD PARTY PARTNERS, LICENSORS OR SERVICE PROVIDERS, BE LIABLE TO YOU FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES THAT ARISE OUT OF OR RELATE TO THE SERVICES, INCLUDING YOUR USE THEREOF, OR ANY OTHER INTERACTIONS WITH THE COMPANY, EVEN IF THE COMPANY OR A COMPANY AUTHORIZED REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. APPLICABLE LAW MAY NOT ALLOW THE LIMITATION OR EXCLUSION OF LIABILITY OR INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU, IN WHICH CASE THE COMPANY'S LIABILITY WILL BE LIMITED TO THE EXTENT PERMITTED BY LAW. IN NO EVENT SHALL THE TOTAL LIABILITY OF COMPANY OR ITS AFFILIATES, CONTRACTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, OR THIRD-PARTY PARTNERS, LICENSORS OR SERVICE PROVIDERS TO YOU FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION ARISING OUT OF OR RELATING TO THIS AGREEMENT OR YOUR USE OF THE SERVICES EXCEED ONE HUNDRED U.S. DOLLARS.

This limitation of liability applies to all causes of action, whether based in contract, tort (including negligence), strict liability, or any other legal theory, and shall survive termination or expiration of this Agreement. Without limiting the foregoing, Company shall have no liability for: (i) any claim based on errors, omissions, interruptions, or delays in transmission of data; (ii) any claim arising from acts or omissions of third-party service providers; or (iii) any incidental, indirect, punitive, or consequential damages, including lost profits or business interruption.

14. Arbitration

14.1. Agreement to Arbitrate

This Section 14 (“Arbitration Agreement”) governs any and all controversies, claims, or disputes between you and the Company arising out of, relating to, or resulting from this Agreement or the Services. All such matters shall be resolved by binding arbitration and not in court (except for qualifying small claims court actions). The Federal Arbitration Act governs the interpretation and enforcement of this Arbitration Agreement.

14.1.1. Delegation of Authority

The arbitrator shall have exclusive authority to resolve any disputes regarding the interpretation, applicability, enforceability, or formation of this Arbitration Agreement, including any claim that all or part of this Agreement is void or voidable.

14.2. Class Action Waiver

EACH PARTY MAY BRING CLAIMS AGAINST THE OTHER ONLY IN AN INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY CLASS OR REPRESENTATIVE ACTION. Unless both parties agree otherwise, the arbitrator shall not consolidate claims or preside over any representative proceeding. Relief may be awarded only to the individual party to the extent necessary to resolve that party's own claim.

14.3. Procedures

Arbitration will be conducted by a neutral arbitrator in accordance with the American Arbitration Association (“AAA”) rules, as modified by this Agreement. Where inconsistent, this Agreement controls unless the arbitrator determines such application would result in a fundamentally unfair arbitration. The arbitrator must follow this Agreement, including its limitations of liability.

14.4. Venue

Arbitration shall occur in the State of Delaware, in the county where the Company's principal place of business is located, unless otherwise agreed. If the relief sought is $10,000 or less, either party may elect telephone or written submissions, subject to the arbitrator's discretion to require an in-person hearing. Attendance at any in-person hearing may be made by telephone unless the arbitrator requires otherwise.

14.5. Governing Law

The arbitrator will apply the laws of the State of Delaware, without regard to conflict-of-law rules, and will honor all applicable privileges.

14.6. Costs

Arbitration fees shall be governed by the AAA Rules. Each party is responsible for its own attorney fees, unless otherwise provided herein or by law.

14.7. Confidentiality

All aspects of the arbitration, including any award, shall remain strictly confidential.

14.8. Prevailing Party Costs

The prevailing party in any arbitration, court action, or other proceeding shall be entitled to recover reasonable attorneys' fees, costs, and expenses, including those on appeal or in enforcement of an award.

14.9. Repeat and Bad Faith Claims

If a party files multiple claims or proceedings based on substantially the same facts and such claims are dismissed or found meritless, the defending party shall be entitled to immediate dismissal of any related future claims and recovery of all defense costs.

14.10. Severability

If any term of this Arbitration Agreement other than 14.2 is found invalid or unenforceable, it shall be replaced with a valid term that most closely reflects the parties' intent, and the remainder shall remain enforceable. If 14.2 is found invalid, the entire Arbitration Agreement shall be void.

14A. Insurance and Defense

14A.1. Maintenance of Insurance

The Company shall maintain insurance policies that include coverage for defense costs for claims arising out of or relating to the Services. Coverage applies from the date a claim is first made, even if later deemed groundless, false, or fraudulent.

14A.2. Defense by Insurer

If covered, the insurer shall have the right and duty to defend such claims. The Company shall not be required to advance legal fees beyond applicable deductibles.

14A.3. No Waiver of Other Protections

Maintaining insurance does not limit any other disclaimers, limitations of liability, or indemnities in this Agreement.

14A.4. Survival

The obligations in this Section 14A shall survive termination or expiration of this Agreement for any claim made or occurring during the term of this Agreement.

15. Miscellaneous

The Company may make modifications, deletions, and/or additions to this Agreement (“Changes”) at any time. Changes will be effective: (i) thirty (30) days after the Company provides notice of the Changes, whether such notice is provided through the Services user interface, is sent to the e-mail address associated with your account, or otherwise; or (ii) when you opt-in or otherwise expressly agree to the Changes or a version of this Agreement incorporating the Changes, whichever comes first.

Under this Agreement, you consent to receive communications from the Company electronically.

This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, without giving effect to any principles of conflicts of law. You agree that any action at law or in equity arising out of or relating to this Agreement or the Services that is not subject to arbitration under Section 14 shall be filed only in the state or federal courts located in the State of Delaware, in the county where the Company's principal place of business is located, and you hereby consent and submit to the personal jurisdiction of such courts for the purposes of litigating any such action.

The failure of any party at any time to require performance of any provision of this Agreement shall in no manner affect such party's right at a later time to enforce the same. A waiver of any breach of any provision of this Agreement shall not be construed as a continuing waiver of other breaches of the same or other provisions of this Agreement.

If any provision of this Agreement shall be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from this Agreement and shall not affect the validity and enforceability of any remaining provisions.

This Agreement, and any rights and licenses granted hereunder, may not be transferred or assigned by you, but may be assigned by the Company without restriction.

This is the entire agreement between us relating to the subject matter herein and shall not be modified except in a writing signed by both parties, or by a change to this Agreement made by the Company as set forth herein.

15.1. Time Limit to Bring Claims

Any claim or cause of action arising out of or related to this Agreement or the Services must be filed within one (1) year after such claim or cause of action arose, or be forever barred.

16. More Information; Complaints

The services hereunder are offered by DeepCura, which can be contacted via contact@deepcura.com.

17. Google Workspace Integration

By utilizing any integrations involving Google Workspace as part of our services, you agree to subscribe and maintain an active Google Workspace account. You are required to obtain a Business Associate Agreement (BAA) from Google to ensure compliance with relevant regulations. Additionally, you are prohibited from using the free versions of Google Workspace or any other Google products in connection with our services.

Annexe I: Business Associates Agreement

This BUSINESS ASSOCIATE AGREEMENT (the “BAA”) is made and entered into by and between DeepCura Inc., a company incorporated under the laws of Delaware (“Business Associate”) and a client who has entered a Terms of Service Agreement (the “Agreement”) with the Business Associate (“Covered Entity”), in accordance with the meaning given to those terms at 45 CFR §164.501. This BAA applies to the processing carried out by the Business Associate on behalf of the Covered Entity. In this BAA, Covered Entity and Business Associate are each a “Party” and, collectively, are the “Parties”.

BACKGROUND

I. Covered Entity is either a “covered entity” or “business associate” of a covered entity as each are defined under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended by the HITECH Act (as defined below) and the related regulations promulgated by HHS (as defined below) (collectively, “HIPAA”) and, as such, is required to comply with HIPAA's provisions regarding the confidentiality and privacy of Protected Health Information (as defined below);

II. The Parties have entered into one or more agreements under which Business Associate provides or will provide certain specified services to Covered Entity (collectively, the “Agreement”);

III. In providing services pursuant to the Agreement, Business Associate will have access to Protected Health Information;

IV. By providing the services pursuant to the Agreement, Business Associate will become a “business associate” of the Covered Entity as such term is defined under HIPAA;

V. Both Parties are committed to complying with all federal and state laws and all other applicable regulations and laws governing the confidentiality and privacy of health information, including, but not limited to, the Standards for Privacy of Individually Identifiable Health Information found at 45 CFR Part 160 and Part 164, Subparts A and E (collectively, the “Privacy Rule”);

and

VI. Both Parties intend to protect the privacy and provide for the security of Protected Health Information disclosed to Business Associate pursuant to the terms of this Agreement, HIPAA and other applicable laws.

AGREEMENT

NOW, THEREFORE, in consideration of the mutual covenants and conditions contained herein and the continued provision of PHI by Covered Entity to Business Associate under the Agreement in reliance on this BAA, the Parties agree as follows:

1. Definitions

For purposes of this BAA, the Parties give the following meaning to each of the terms in this Section 1 below. Any capitalized term used in this BAA, but not otherwise defined, has the meaning given to that term in the Privacy Rule or other pertinent law.

  • A. “Affiliate” means a subsidiary or affiliate of Covered Entity that is, or has been, considered a covered entity, as defined by HIPAA.
  • B. “Breach” means the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI, as defined in 45 CFR §164.402.
  • C. “Breach Notification Rule” means the portion of HIPAA set forth in Subpart D of 45 CFR Part 164.
  • D. “Data Aggregation” means, with respect to PHI created or received by Business Associate in its capacity as the “business associate” under HIPAA of Covered Entity, the combining of such PHI by Business Associate with the PHI received by Business Associate in its capacity as a business associate of one or more other “covered entity” under HIPAA, to permit data analyses that relate to the Health Care Operations (defined below) of the respective covered entities. The meaning of “data aggregation” in this BAA shall be consistent with the meaning given to that term in the Privacy Rule.
  • E. “Designated Record Set” has the meaning given to such term under the Privacy Rule, including 45 CFR §164.501.B.
  • F. “De-Identify” means to alter the PHI such that the resulting information meets the requirements described in 45 CFR §§164.514(a) and (b).
  • G. “Electronic PHI” means any PHI maintained in or transmitted by electronic media as defined in 45 CFR §160.103.
  • H. “Health Care Operations” has the meaning given to that term in 45 CFR §164.501.
  • I. “HHS” means the U.S. Department of Health and Human Services.
  • J. “HITECH Act” means the Health Information Technology for Economic and Clinical Health Act, enacted as part of the American Recovery and Reinvestment Act of 2009, Public Law 111-005.
  • K. “Individual” has the same meaning given to that term in 45 CFR §§164.501 and 160.130 and includes a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).
  • L. “Privacy Rule” means that portion of HIPAA set forth in 45 CFR Part 160 and Part 164, Subparts A and E.
  • M. “Protected Health Information” or “PHI” has the meaning given to the term “protected health information” in 45 CFR §§164.501 and 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.
  • N. “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
  • O. “Security Rule” means the Security Standards for the Protection of Electronic Health Information provided in 45 CFR Part 160 & Part 164, Subparts A and C.
  • P. “Unsecured Protected Health Information” or “Unsecured PHI” means any “protected health information” as defined in 45 CFR §§164.501 and 160.103 that is not rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the HHS Secretary in the guidance issued pursuant to the HITECH Act and codified at 42 USC §17932(h).

2. Use and Disclosure of PHI

A. Except as otherwise provided in this BAA, Business Associate may use or disclose PHI as reasonably necessary to provide the services described in the Agreement to Covered Entity, and to undertake other activities of Business Associate permitted or required of Business Associate by this BAA or as required by law.

B. Except as otherwise limited by this BAA or federal or state law or other applicable law, Covered Entity authorizes Business Associate to use the PHI in its possession for the proper management and administration of Business Associate's business and to carry out its legal responsibilities. Business Associate may disclose PHI for its proper management and administration, provided that (i) the disclosures are required by law; or (ii) Business Associate obtains, in writing, prior to making any disclosure to a third party (a) reasonable assurances from this third party that the PHI will be held confidential as provided under this BAA and used or further disclosed only as required by law or for the purpose for which it was disclosed to this third party and (b) an agreement from this third party to notify Business Associate immediately of any breaches of the confidentiality of the PHI, to the extent it has knowledge of the breach.

C. Business Associate will not use or disclose PHI in a manner other than as provided in this BAA, as permitted under the Privacy Rule, or as required by law. Business Associate will use or disclose PHI, to the extent practicable, as a limited data set or limited to the minimum necessary amount of PHI to carry out the intended purpose of the use or disclosure, in accordance with Section 13405(b) of the HITECH Act (codified at 42 USC §17935(b)) and any of the act's implementing regulations adopted by HHS, for each use or disclosure of PHI.

D. Upon request, Business Associate will make available to Covered Entity any of Covered Entity's PHI that Business Associate or any of its agents or subcontractors have in their possession.

E. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).

F. Notwithstanding the foregoing, Business Associate may use or disclose, without limitation, any Protected Health Information that has been fully anonymized and de-identified prior to such use or disclosure.

G. Business Associate shall delete audio recordings of clinical encounters promptly upon completion of transcription processing, and in no event later than [24/48/72] hours thereafter, unless the User has enabled the optional Backup feature. When Backup is enabled, audio recordings shall be retained in encrypted form solely to provide playback functionality to the User. Business Associate shall delete all Backup recordings within 7 business days of receiving a deletion request from the User or a verified patient request. Business Associate shall maintain audit logs of all audio recording deletions sufficient to demonstrate compliance with this provision.

3. Safeguards Against Misuse of PHI

Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as provided by the Agreement or this BAA and Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate agrees to take reasonable steps, including providing adequate training to its employees to ensure compliance with this BAA and to ensure that the actions or omissions of its employees or agents do not cause Business Associate to breach the terms of this BAA.

4. Reporting Disclosures of PHI and Security Incidents

Business Associate will report to Covered Entity in writing any use or disclosure of PHI not provided for by this BAA of which it becomes aware and Business Associate agrees to report to Covered Entity any Security Incident affecting Electronic PHI of Covered Entity of which it becomes aware. Business Associate agrees to report any such event within five business days of becoming aware of the event.

5. Reporting Breaches of Unsecured PHI

Business Associate will notify Covered Entity in writing promptly upon the discovery of any Breach of Unsecured PHI in accordance with the requirements set forth in 45 CFR §164.410, but in no case later than 30 calendar days after discovery of a Breach.

6. Mitigation of Disclosures of PHI

Business Associate will take reasonable measures to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of any use or disclosure of PHI by Business Associate or its agents or subcontractors in violation of the requirements of this BAA.

7. Agreements with Agents or Subcontractors

Business Associate will ensure that any of its agents or subcontractors that have access to, or to which Business Associate provides, PHI agree in writing to the restrictions and conditions concerning uses and disclosures of PHI contained in this BAA and agree to implement reasonable and appropriate safeguards to protect any Electronic PHI that it creates, receives, maintains or transmits on behalf of Business Associate or, through the Business Associate, Covered Entity.

8. Audit Report

Upon request, Business Associate will provide Covered Entity, or upstream Business Associate, with a copy of its most recent independent SOC 2 certification report or other mutually agreed upon independent standards based third party audit report. Covered Entity agrees not to re-disclose Business Associate's audit report.

9. Access to PHI by Individuals

A. Upon request, Business Associate agrees to furnish Covered Entity with copies of the PHI maintained by Business Associate in a Designated Record Set in the time and manner designated by Covered Entity to enable Covered Entity to respond to an Individual's request for access to PHI under 45 CFR §164.524.

B. In the event any Individual or personal representative requests access to the Individual's PHI directly from Business Associate, Business Associate within ten business days, will forward that request to Covered Entity. Any disclosure of, or decision not to disclose, the PHI requested by an Individual or a personal representative and compliance with the requirements applicable to an Individual's right to obtain access to PHI shall be the sole responsibility of Covered Entity.

10. Amendment of PHI

A. Upon request and instruction from Covered Entity, Business Associate will amend PHI or a record about an Individual in a Designated Record Set that is maintained by, or otherwise within the possession of, Business Associate as directed by Covered Entity in accordance with procedures established by 45 CFR §164.526. Any request by Covered Entity to amend such information will be completed by Business Associate within 15 business days of Covered Entity's request.

B. In the event that any Individual requests that Business Associate amend such Individual's PHI or record in a Designated Record Set, Business Associate within ten business days will forward this request to Covered Entity. Any amendment of, or decision not to amend, the PHI or record as requested by an Individual and compliance with the requirements applicable to an Individual's right to request an amendment of PHI will be the sole responsibility of Covered Entity.

11. Accounting of Disclosures

A. Business Associate will document any disclosures of PHI made by it to account for such disclosures as required by 45 CFR §164.528(a). Business Associate also will make available information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosures in accordance with 45 CFR §164.528. At a minimum, Business Associate will furnish Covered Entity the following with respect to any covered disclosures by Business Associate: (i) the date of disclosure of PHI; (ii) the name of the entity or person who received PHI, and, if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure which includes the basis for such disclosure.

B. Business Associate will furnish to Covered Entity information collected in accordance with this Section 10, within ten business days after written request by Covered Entity, to permit Covered Entity to make an accounting of disclosures as required by 45 CFR §164.528, or in the event that Covered Entity elects to provide an Individual with a list of its business associates, Business Associate will provide an accounting of its disclosures of PHI upon request of the Individual, if and to the extent that such accounting is required under the HITECH Act or under HHS regulations adopted in connection with the HITECH Act.

C. In the event an Individual delivers the initial request for an accounting directly to Business Associate, Business Associate will within ten business days forward such request to Covered Entity.

12. Availability of Books and Records

Business Associate will make available its internal practices, books, agreements, records, and policies and procedures relating to the use and disclosure of PHI, upon request, to the Secretary of HHS for purposes of determining Covered Entity's and Business Associate's compliance with HIPAA, and this BAA.

13. Responsibilities of Covered Entity

With regard to the use and/or disclosure of Protected Health Information by Business Associate, Covered Entity agrees to:

A. Notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate's use or disclosure of PHI.

B. Notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate's use or disclosure of PHI.

C. Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate's use or disclosure of PHI.

D. Except for data aggregation or management and administrative activities of Business Associate, Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA or other applicable law if done by Covered Entity.

14. Data Ownership

Business Associate's data stewardship does not confer data ownership rights on Business Associate with respect to any data shared with it under the Agreement, including any and all forms thereof.

15. Term and Termination

A. This BAA will become effective from the date of signature of the Agreement, and will continue in effect until all obligations of the Parties have been met under the Agreement and under this BAA.

B. Covered Entity may terminate immediately this BAA, the Agreement, and any other related agreements if Covered Entity makes a determination that Business Associate has breached a material term of this BAA and Business Associate has failed to cure that material breach, to Covered Entity's reasonable satisfaction, within 30 days after written notice from Covered Entity. Covered Entity may report the problem to the Secretary of HHS if termination is not feasible.

C. If Business Associate determines that Covered Entity has breached a material term of this BAA, then Business Associate will provide Covered Entity with written notice of the existence of the breach and shall provide Covered Entity with 30 days to cure the breach. Covered Entity's failure to cure the breach within the 30-day period will be grounds for immediate termination of the Agreement and this BAA by Business Associate. Business Associate may report the breach to HHS.

D. Upon termination of the Agreement or this BAA for any reason, all PHI maintained by Business Associate will be returned to Covered Entity or destroyed by Business Associate. Business Associate will not retain any copies of such information. This provision will apply to PHI in the possession of Business Associate's agents and subcontractors but will not include the PHI produced by Business Associate within the framework of article 2.C.. If return or destruction of the PHI is not feasible, in Business Associate's reasonable judgment, Business Associate will furnish Covered Entity with notification, in writing, of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of the PHI is infeasible, Business Associate will extend the protections of this BAA to such information for as long as Business Associate retains such information and will limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible. The Parties understand that this Section 15.D. will survive any termination of this BAA.

16. Effect of BAA

A. This BAA is a part of and subject to the terms of the Agreement and as such shall be governed by, and shall be construed in accordance with, the same law as the Agreement. In case of contradiction between the terms of this BAA and any term of the Agreement, the terms of this BAA will prevail if it does not conflict with applicable laws.

B. Except as expressly stated in this BAA or as provided by law, this BAA will not create any rights in favor of any third party.

17. Regulatory References

A reference in this BAA to a section in HIPAA means the section as in effect or as amended at the time.

18. Notices

All notices, requests and demands or other communications to be given under this BAA to a Party will be made via electronic mail to the Party's address given below:

A. If to Covered Entity, to the e-mail address given when signing the Agreement:

B. If to Business Associate, to: contact@deepcura.com

19. Amendments and Waiver

This BAA may not be modified, nor will any provision be waived or amended, except in writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.