Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.

• Business, for the purpose of the CCPA (California Consumer Privacy Act), refers to the Company as the legal entity that collects Consumers' personal information and determines the purposes and means of the processing of Consumers' personal information, or on behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California.

• Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Turquoise Health Co., 421 Broadway #5108, San Diego, CA 92101.

• Consumer, for the purpose of the CCPA (California Consumer Privacy Act), means a natural person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.

• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

• Country refers to: California, United States

• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

• Do Not Track (DNT) is a concept that has been promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites.

• Personal Data is any information that relates to an identified or identifiable individual.

  For the purposes of the CCPA, Personal Data means any information that identifies, relates to, describes or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.

• Sale, for the purpose of the CCPA (California Consumer Privacy Act), means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer's personal information to another business or a third party for monetary or other valuable consideration.

• Service refers to the Website.

• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

• Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.

• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

• Website refers to Turquoise Health, accessible from www.turquoise.health

• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• Email address

• First name and last name

• Phone number

• Usage Data

Usage Data

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

• Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
• Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies: Cookies: What Do They Do?.

We use both Session and Persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies

  Type: Session Cookies

  Administered by: Us

  Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.

• Cookies Policy / Notice Acceptance Cookies

  Type: Persistent Cookies

  Administered by: Us

  Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

• Functionality Cookies

  Type: Persistent Cookies

  Administered by: Us

  Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

• Tracking and Performance Cookies

  Type: Persistent Cookies

  Administered by: Third-Parties

  Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.

For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

• To provide and maintain our Service, including to monitor the usage of our Service.

• To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.

• For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.

• To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

• To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.

• To manage Your requests: To attend and manage Your requests to Us.

• For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.

• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

We may share Your personal information in the following situations:

• With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
• For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
• With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
• With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
• With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with You and view Your profile.
• With Your consent: We may disclose Your personal information for any other purpose with Your consent.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Detailed Information on the Processing of Your Personal Data

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

Analytics

We may use third-party Service providers to monitor and analyze the use of our Service.

• Google Analytics

  Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

  You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

  For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

Email Marketing

We may use Your Personal Data to contact You with newsletters, marketing or promotional materials and other information that may be of interest to You. You may opt-out of receiving any, or all, of these communications from Us by following the unsubscribe link or instructions provided in any email We send or by contacting Us.

We may use Email Marketing Service Providers to manage and send emails to You.

• Mailchimp

  Mailchimp is an email marketing sending service provided by The Rocket Science Group LLC.

  For more information on the privacy practices of Mailchimp, please visit their Privacy policy: https://mailchimp.com/legal/privacy/

CCPA Privacy

This privacy notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.

Categories of Personal Information Collected

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.

Please note that the categories and examples provided in the list below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact collected by Us, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if You provided such personal information directly to Us.

• Category A: Identifiers.

  Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, passport number, or other similar identifiers.

  Collected: Yes.

• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

  Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

  Collected: Yes.

• Category C: Protected classification characteristics under California or federal law.

  Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

  Collected: No.

• Category D: Commercial information.

  Examples: Records and history of products or services purchased or considered.

  Collected: No.

• Category E: Biometric information.

  Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

  Collected: No.

• Category F: Internet or other similar network activity.

  Examples: Interaction with our Service or advertisement.

  Collected: Yes.

• Category G: Geolocation data.

  Examples: Approximate physical location.

  Collected: No.

• Category H: Sensory data.

  Examples: Audio, electronic, visual, thermal, olfactory, or similar information.

  Collected: No.

• Category I: Professional or employment-related information.

  Examples: Current or past job history or performance evaluations.

  Collected: No.

• Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

  Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

  Collected: No.

• Category K: Inferences drawn from other personal information.

  Examples: Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

  Collected: No.

Under CCPA, personal information does not include:

• Publicly available information from government records
• Deidentified or aggregated consumer information
• Information excluded from the CCPA's scope, such as:
  • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
  • Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994

Sources of Personal Information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from You. For example, from the forms You complete on our Service, preferences You express or provide through our Service.
• Indirectly from You. For example, from observing Your activity on our Service.
• Automatically from You. For example, through cookies We or our Service Providers set on Your Device as You navigate through our Service.
• From Service Providers. For example, third-party vendors to monitor and analyze the use of our Service, or other third-party vendors that We use to provide the Service to You.

Use of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose personal information We collect for "business purposes" or "commercial purposes" (as defined under the CCPA), which may include the following examples:

• To operate our Service and provide You with our Service.
• To provide You with support and to respond to Your inquiries, including to investigate and address Your concerns and monitor and improve our Service.
• To fulfill or meet the reason You provided the information. For example, if You share Your contact information to ask a question about our Service, We will use that personal information to respond to Your inquiry.
• To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• As described to You when collecting Your personal information or as otherwise set forth in the CCPA.
• For internal administrative and auditing purposes.
• To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.

Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how we use this information, please refer to the "Use of Your Personal Data" section.

If We decide to collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes We will update this Privacy Policy.

Disclosure of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:

• Category A: Identifiers

• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

• Category F: Internet or other similar network activity

Please note that the categories listed above are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.

When We disclose personal information for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

Sale of Personal Information

As defined in the CCPA, "sell" and "sale" mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal Iinformation, but not necessarily a monetary benefit.

Please note that the categories listed below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return.

We may sell and may have sold in the last twelve (12) months the following categories of personal information:

• Category A: Identifiers

• Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

• Category F: Internet or other similar network activity

Share of Personal Information

We may share Your personal information identified in the above categories with the following categories of third parties:

• Service Providers

• Our affiliates

• Our business partners

• Third party vendors to whom You or Your agents authorize Us to disclose Your personal information in connection with products or services We provide to You

Sale of Personal Information of Minors Under 16 Years of Age

We do not sell the personal information of Consumers We actually know are less than 16 years of age, unless We receive affirmative authorization (the "right to opt-in") from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, You (or Your authorized representative) may submit a request to Us by contacting Us.

If You have reason to believe that a child under the age of 13 (or 16) has provided Us with personal information, please contact Us with sufficient detail to enable Us to delete that information.

Your Rights under the CCPA

The CCPA provides California residents with specific rights regarding their personal information. If You are a resident of California, You have the following rights:

• The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
• The right to request. Under CCPA, You have the right to request that We disclose information to You about Our collection, use, sale, disclosure for business purposes and share of personal information. Once We receive and confirm Your request, We will disclose to You:
  • The categories of personal information We collected about You
  • The categories of sources for the personal information We collected about You
  • Our business or commercial purpose for collecting or selling that personal information
  • The categories of third parties with whom We share that personal information
  • The specific pieces of personal information We collected about You
  • If we sold Your personal information or disclosed Your personal information for a business purpose, We will disclose to You:
    • The categories of personal information categories sold
    • The categories of personal information categories disclosed
• The right to say no to the sale of Personal Data (opt-out). You have the right to direct Us to not sell Your personal information. To submit an opt-out request please contact Us.
• The right to delete Personal Data. You have the right to request the deletion of Your Personal Data, subject to certain exceptions. Once We receive and confirm Your request, We will delete (and direct Our Service Providers to delete) Your personal information from our records, unless an exception applies. We may deny Your deletion request if retaining the information is necessary for Us or Our Service Providers to:
  • Complete the transaction for which We collected the personal information, provide a good or service that You requested, take actions reasonably anticipated within the context of our ongoing business relationship with You, or otherwise perform our contract with You.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if You previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which You provided it.
• The right not to be discriminated against. You have the right not to be discriminated against for exercising any of Your consumer's rights, including by:
  • Denying goods or services to You
  • Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties
  • Providing a different level or quality of goods or services to You
  • Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services

Exercising Your CCPA Data Protection Rights

In order to exercise any of Your rights under the CCPA, and if You are a California resident, You can contact Us:

• By email: [email protected]

Only You, or a person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable request related to Your personal information.

Your request to Us must:

• Provide sufficient information that allows Us to reasonably verify You are the person about whom We collected personal information or an authorized representative
• Describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it

We cannot respond to Your request or provide You with the required information if we cannot:

• Verify Your identity or authority to make the request
• And confirm that the personal information relates to You

We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonable necessary and with prior notice.

Any disclosures We provide will only cover the 12-month period preceding the verifiable request's receipt.

For data portability requests, We will select a format to provide Your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance.

Do Not Sell My Personal Information

You have the right to opt-out of the sale of Your personal information. Once We receive and confirm a verifiable consumer request from You, we will stop selling Your personal information. To exercise Your right to opt-out, please contact Us.

The Service Providers we partner with (for example, our analytics or advertising partners) may use technology on the Service that sells personal information as defined by the CCPA law. If you wish to opt out of the use of Your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.

Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that You use.

Website

You can opt out of receiving ads that are personalized as served by our Service Providers by following our instructions presented on the Service:

• The NAI's opt-out platform: http://www.networkadvertising.org/choices/
• The EDAA's opt-out platform http://www.youronlinechoices.com/
• The DAA's opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If you change browsers or delete the cookies saved by your browser, You will need to opt out again.

Mobile Devices

Your mobile device may give You the ability to opt out of the use of information about the apps You use in order to serve You ads that are targeted to Your interests:

• "Opt out of Interest-Based Ads" or "Opt out of Ads Personalization" on Android devices
• "Limit Ad Tracking" on iOS devices

You can also stop the collection of location information from Your mobile device by changing the preferences on Your mobile device.

"Do Not Track" Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Service does not respond to Do Not Track signals.

However, some third party websites do keep track of Your browsing activities. If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser.

Your California Privacy Rights (California's Shine the Light law)

Under California Civil Code Section 1798 (California's Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties' direct marketing purposes.

If you'd like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided below.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.

To request removal of such data, and if You are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.

Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By email: [email protected]

THESE TERMS GOVERN YOUR ACCESS TO AND USE OF THE TURQUOISE VERIFIED PROGRAM (THE “PROGRAM”) OFFERED BY TURQUOISE HEALTH CO., A DELAWARE CORPORATION (“TURQUOISE”, “US” or “WE”) TO CERTAIN HEALTHCARE PROVIDERS AND PAYERS THAT HAVE MADE AVAILABLE TO TURQUOISE CERTIFIED ELECTIVE PROCEDURE DATA (“VERIFIED PARTNERS”). THESE TERMS OF SERVICE ALONG WITH ALL SUPPLEMENTAL TERMS THAT MAY BE PRESENTED TO YOU FOR YOUR REVIEW AND ACCEPTANCE (COLLECTIVELY, THE “AGREEMENT”), GOVERN YOUR ACCESS TO AND USE OF THE SERVICES BY ACCEPTING THESE TERMS OR COMPLETING THE REGISTRATION PROCESS YOU REPRESENT THAT (1) YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THE AGREEMENT, (2) YOU ARE OF LEGAL AGE TO FORM A BINDING CONTRACT WITH COMPANY, AND (3) YOU HAVE THE AUTHORITY TO ENTER INTO THE AGREEMENT PERSONALLY OR ON BEHALF OF THE LEGAL ENTITY IDENTIFIED DURING THE ACCOUNT REGISTRATION PROCESS, AND TO BIND THAT LEGAL ENTITY TO THE AGREEMENT. THE TERM “YOU” OR “PARTNER” REFERS TO THE INDIVIDUAL OR SUCH LEGAL ENTITY, AS APPLICABLE. PROVIDER OR PAYER AND TURQUOISE MAY BE REFERRED TO INDIVIDUALLY AS “PARTY” AND COLLECTIVELY AS THE “PARTIES.”

Changes to the Agreement

The Agreement is subject to change by Turquoise in its sole discretion at any time. When changes are made, Turquoise will make a copy of the updated Agreement available and update the “Last Updated Date” at the top of these Terms of Service. If we make any material changes to the Agreement, we will provide notice of such material changes on our website and attempt to notify you by sending an e-mail to the e-mail address provided in your account registration. Any changes to the Agreement will be effective immediately for new Verified Partners and will be effective for existing Verified Partners upon the earlier of (a) thirty (30) days after the “Last Updated Date” at the top of these Terms of Service, or (b) your consent to and acceptance of the updated Agreement if Turquoise provides a mechanism for your immediate acceptance in a specified manner (such as a click-through acceptance).

Obligations of Partner

a) Partner will make available to Turquoise a machine readable file, detailing negotiated rates for elective or non-elective services offered by Partner, including cash and commercial plans (the “Partner Data”).

b) Partner represents that the Partner Data is (1) in compliance with CMS-1717-F2 or CMS-9915-F and (2) is accurate and complete.

c) Partner agrees to notify Turquoise Health within 10 business days after new machine-readable files detailing negotiated rates for elective or non-elective services are made publicly available.

d) Partner agrees to respond to reasonable requests for information from Turquoise regarding the Partner Data.

Obligations of Turquoise

Turquoise will prioritize Verified Partner in search results on the Turquoise platform (the “Platform”) in the Partner’s markets.

Term and Termination

This Agreement shall remain in effect until terminated by either party. Either party may terminate this Agreement by providing written notice to the other party pursuant to Section 7(c). The written notice can be sent to [email protected]. The sections titled “Representations, Warranties and Disclaimers,” “Indemnification,” “Limitation of Liability,” and “General Provisions” will survive any termination of this Agreement.

Disclaimers

WHILE TURQUOISE MAY PROVIDE ELECTIVE SERVICE PRICING INFORMATION THROUGH THE PLATFORM, SUCH INFORMATION IS SOLELY INFORMATIONAL. THE PLATFORM MAY PROVIDE THE ABILITY TO INTERACT AND CONTRACT WITH OTHER USERS OF THE PLATFORM. TURQUOISE DOES NOT TAKE PART IN, AND TURQUOISE ASSUMES NO RESPONSIBILITY OR LIABILITY FOR, THE INTERACTION BETWEEN USERS. TURQUOISE DOES NOT HAVE CONTROL OVER THE INTEGRITY OR ANY ACTIONS OR INACTIONS OF ANY USERS OF THE PLATFORM. PARTNER ACKNOWLEDGES AND AGREES THAT, IN ENTERING INTO THIS AGREEMENT, EXCEPT AS EXPRESSLY SET FORTH HEREIN, IT HAS NOT RELIED UPON ANY WARRANTIES, EXPRESS OR IMPLIED, AND THAT TURQUOISE HAS NOT MADE ANY REPRESENTATIONS, ASSURANCES, OR PROMISES THAT THE PARTNER WILL RECEIVE ANY NEW BUSINESS AS A RESULT OF PARTICIPATION IN THE PROGRAM.

Limitation of Liability

a) Exclusion of Certain Damages. EXCEPT FOR A PARTY’S LIABILITY FOR ITS WILLFUL MISCONDUCT, IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

b) Liability Cap. EXCEPT FOR A PARTY’S LIABILITY FOR ITS WILLFUL MISCONDUCT, IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY RELATING TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY PARTNER TO TURQUOISE HEREUNDER IN THE 12 MONTHS PRECEDING THE DATE ON WHICH THE FIRST CLAIM GIVING RISE TO LIABILITY AROSE.

General Provisions

a) Attribution. Partner agrees that Turquoise may use Partner’s name, logo, and any other trademarks or service marks provided to Turquoise by Partner (“Partner Marks”) to indicate that Partner is a Verified Partner on Turquoise’s website, marketing materials, and in communications with existing or prospective Turquoise customers. Any such attribution will be consistent with Partner’s reasonable style guidelines or requirements as communicated to Turquoise by Partner. Partner retains ownership of all Partner Marks and hereby grants Turquoise a non-exclusive license during the Term to use the Partner Marks for the purpose of exercising Turquoise’s rights under this Section. Any changes to the Partner’s name, logo, or any other trademarks or service marks can be requested via [email protected] or made through the user profile on the Turquoise platform.

b) Assignment. Neither Party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other Party. Notwithstanding the foregoing, either Party may assign or transfer this Agreement in its entirety, without the consent of the other Party, in connection with a merger or sale of all or substantially all of its assets. Any purported assignment in violation of this Section will be null and void. This Agreement will bind and inure to the benefit of the Parties, their respective successors, and permitted assigns.

c) Governing Law; Venue. This Agreement, and any disputes arising out of or related hereto, will be governed exclusively by the internal laws of the State of California. The state and federal courts located in San Diego, California will have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each Party hereby consents to the exclusive jurisdiction of such courts. Each Party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.

d) Notices. Where Company requires that you provide an e-mail address, you are responsible for providing Company with your most current e-mail address. In the event that the last e-mail address you provided to Company is not valid, or for any reason is not capable of delivering to you any notices required/ permitted by the Agreement, Company’s dispatch of the e-mail containing such notice will nonetheless constitute effective notice. You may give notice to Company at the following address:

Turquoise Health Co.
421 Broadway #5108
San Diego, CA 92101
Attention: Chris Severn
[email protected]

e) Other. The Parties are independent contractors and this Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. There are no third party beneficiaries to this Agreement. No failure or delay by either Party in exercising any right under this Agreement will constitute a waiver of that right. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, such provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in full force and effect. No modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by each of the Parties. As used herein, the words “include” and “including” shall be deemed to be followed by the words “without limitation.”

Contact Us

If you have any questions about these Terms and Conditions, You can contact us:

• By email: [email protected]

These Turquoise Health Co. Supplemental AI Terms and Conditions (“Supplemental Terms”) are between Turquoise Health Co. (“Turquoise”) and the entity identified as Customer (“Customer” or “you”) with the registered account on the Services or in the relevant Order (“Order Form”). By clicking “Accept” or using the Turquoise AI Tools (as defined below), you agree to these Supplemental Terms, which upon acceptance, supplement and are incorporated into, the Platform Access Agreement between the parties (“Agreement”). IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF CUSTOMER, THEN YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THIS AGREEMENT. Capitalized terms not defined herein have the meaning given to them in the Agreement. In the event of any inconsistency between the terms of the Agreement and these Supplemental Terms, these Supplemental Terms shall control.

PLEASE NOTE THAT THE SUPPLEMENTAL TERMS ARE SUBJECT TO CHANGE BY TURQUOISE IN ITS SOLE DISCRETION AT ANY TIME. WHEN CHANGES ARE MADE, TURQUOISE WILL MAKE A COPY OF THE UPDATED SUPPLEMENTAL TERMS AVAILABLE VIA THE PLATFORM AND UPDATE THE “LAST UPDATED” DATE AT THE TOP OF THESE SUPPLEMENTAL TERMS. IF TURQUOISE MAKES ANY MATERIAL CHANGES TO THE SUPPLEMENTAL TERMS, TURQUOISE WILL PROVIDE NOTICE OF SUCH MATERIAL CHANGES ON THE PLATFORM AND ATTEMPT TO NOTIFY YOU BY SENDING AN E-MAIL TO THE E-MAIL ADDRESS PROVIDED IN YOUR ACCOUNT REGISTRATION. ANY CHANGES TO THE AGREEMENT WILL BE EFFECTIVE IMMEDIATELY. IF YOU DO NOT AGREE TO THE UPDATED SUPPLEMENTAL TERMS, YOU MUST STOP USING ALL SERVICES UPON THE EFFECTIVE DATE OF THE UPDATED SUPPLEMENTAL TERMS. OTHERWISE, YOUR CONTINUED USE OF ANY OF THE SERVICES AFTER THE EFFECTIVE DATE OF THE UPDATED SUPPLEMENTAL TERMS CONSTITUTES YOUR ACCEPTANCE OF THE UPDATED SUPPLEMENTAL TERMS. YOU AGREE THAT TURQUOISE’S CONTINUED PROVISION OF THE SERVICES IS ADEQUATE CONSIDERATION FOR THE CHANGES IN THE UPDATED SUPPLEMENTAL TERMS.

1. Turquoise AI Tools.

Subject to these Supplemental Terms, Turquoise makes available to Customer certain artificial intelligence tools in connection with Customer’s use of the Services, which may include: the Turquoise Generative-AI features, which automate analysis of the Customer Data, Turquoise Data, or other materials in the Services (the “Turquoise AI Tools”). Except where expressly specified otherwise in these Supplemental Terms, the Turquoise AI Tools constitute a “Service” for the purposes of the Agreement and the Agreement shall apply in full to Customer’s use of the Turquoise AI Tools.

The Turquoise AI Tools leverage third party large language models and artificial intelligence algorithms and platforms (“Third-Party Services”) to generate analysis (collectively, the “Output”) in response to the Customer’s prompts or the Customer’s other actions within the Services (“Prompts”). Turquoise does not make any representations with respect to Third-Party Services or any Output provided in connection therewith. Such Third-Party Services are not under the control of Turquoise. Turquoise is not responsible for any Third-Party Services or Output generated thereby and Customer uses such Third-Party Services and Output at its own risk.

As between the parties, each of the Prompts and Output are considered “Customer Data” for the purposes of the Agreement, provided that: such Prompts (including related Customer Data) may be provided to Third-Party Services in order for you to access the Turquoise AI tools, subject to the terms and conditions or policies governing the Third-Party Services (the “Third-Party Terms”). To the extent the Third-Party Services are provided by Microsoft, the Third-Party Terms governing such services, can be found here.

2. Ownership; Responsible Use of Turquoise AI Tools.

Customer shall comply with all obligations and commitments in the Agreement with respect to Customer Data in connection with Customer’s use of the Turquoise AI Tools. Customer is solely responsible for the Prompts, its Outputs and its use thereof. Without limiting the disclaimers in Section 3, Customer is responsible for reviewing any Output prior to its use and exercising its own business and legal judgment as to its suitability for use.

Without limiting the foregoing or Customer’s representations and warranties under the Agreement, Customer shall not use any Prompts or Output that: (a) infringes or misappropriates any third party’s intellectual property rights or other proprietary rights; (b) is deceptive, discriminatory, biased, unethical, defamatory, obscene, pornographic or illegal; (c) contains any viruses, worms or other malicious computer programming codes that may damage the Platform; (d) contains any personal information, such as financial, medical or other sensitive personal information such as government IDs, passport numbers or social security numbers. Turquoise reserves the right to suspend or terminate your access to the Turquoise AI Tools for any failure by Customer or an Authorized User to comply with this Section. In addition to the foregoing, Customer’s obligations under the Agreement with respect to use of the Services, its representations and warranties and indemnification obligations, shall apply in full with respect to Customer’s use of the Turquoise AI Tools.

PLEASE READ THE FOLLOWING TERMS AND CONDITIONS (THE “TERMS”), WHICH ALONG WITH ANY APPLICABLE ORDER FORM REFERENCING THESE TERMS (AN “ORDER”) AND ALL SUPPLEMENTAL TERMS THAT MAY BE PRESENTED TO YOU FOR YOUR REVIEW AND ACCEPTANCE (COLLECTIVELY, THE “AGREEMENT”) CONSTITUTE THE AGREEMENT BETWEEN THE ENTITY ACCESSING OR USING THE SERVICE (“YOU” or “CUSTOMER”), AND TURQUOISE HEALTH CO. (“TURQUOISE”). THIS AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SERVICE BETWEEN THE PARTIES AND IT SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION, OR UNDERSTANDING BETWEEN THE PARTIES. TURQUOISE AND CUSTOMER ARE HEREINAFTER JOINTLY DEFINED AS THE “PARTIES” OR INDIVIDUALLY A “PARTY”.

BY EXECUTING AN ORDER THAT REFERENCES THESE TERMS, OR BY ACCESSING OR USING, OR SUBSCRIBING TO USE, THE SERVICE, YOU ARE ACCEPTING AND AGREEING TO BE BOUND BY AND TO COMPLY WITH ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT (PERSONALLY AND ON BEHALF OF ANY COMPANY OR OTHER LEGAL ENTITY THAT YOU REPRESENT WHEN USING THE SERVICE OR THAT YOU NAME AS THE USER WHEN YOU CREATE AN ACCOUNT), AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY, AND CAPACITY TO ENTER INTO THIS AGREEMENT AND TO BIND ANY SUCH COMPANY OR LEGAL ENTITY TO THIS AGREEMENT. EACH ORDER IS INCORPORATED HEREIN BY REFERENCE. IF YOU DO NOT AGREE WITH ALL OF THE PROVISIONS OF THIS AGREEMENT, YOU MAY NOT ACCESS AND/OR USE THE SERVICE.

Turquoise may change these Terms from time to time at its sole discretion, and if it makes any material changes, it will attempt to notify You by sending You an email to the last email address You provided to Turquoise and/or posting a notice on Turquoise’s website. Therefore, You agree to promptly notify Turquoise of any changes in your email address. Any material changes to these Terms will be effective upon the (1) earlier of your acceptance of the new Terms or (2) next renewal date of the Agreement pursuant to the applicable Order. Notwithstanding the previous sentence, if you are an Invitee (as defined below), changes to the Terms will be effective immediately.

1. Definitions

• “Access Credentials” means login information, passwords, security protocols, and policies through which Authorized Users access the Service.
• “Affiliate” of a Party means: (a) any entity that such Party controls; (b) any entity that controls such Party; or (c) any entity under common control with such Party. To “control,” for purposes of this definition, means owning or otherwise controlling more than 50% of the voting interests of an entity.
• “Authorized User” means an employee or contractor of Customer who is authorized by Customer to access and use the Service on Customer’s behalf, and who has been issued a Service account by Customer that is associated to a unique email address with a domain name owned or controlled by Customer.
• “Customer Data” means all data, content, and information submitted by Authorized Users into the Service and the Customer-specific output that is generated by Authorized Users’ use of the Service.
• “Documentation” means the user manuals, specifications, and policies, as may be updated from time to time, that describe the functionality, features, operation, or use of the Service and that are made available by Turquoise to Customer.
• “Order” means all written order forms entered into by the parties hereunder and referencing this Agreement, identifying the applicable Service to be made available by Turquoise, and containing the pricing, subscription term, and other specific terms and conditions applicable to the Services.
• “Professional Services” means any professional services related to Customer’s use of the Service, such as consulting, implementation, or training services, provided by Turquoise to Customer as expressly identified in the Order.
• “Service” means Turquoise’s software-as-a-service platform (excluding Customer Data), the provision by Turquoise of the Turquoise Data through such platform, and any other products purchased via an Order. References to the “Service” in this Agreement include the Documentation.
• “Turquoise Data” means publicly available data that has been modified and aggregated by Turquoise using custom data elements, including machine learning programming, to create certain inventions, compilations, creative works, and data sets that are protected by copyright and other intellectual property laws, and made available by Turquoise to Customer through the Service.

2. Turquoise Responsibilities

2.1. Provision of the Service. Subject to the terms and conditions of this Agreement and during the Term, Turquoise will make the Service available to Customer for use by Authorized Users solely for the internal business operations of Customer. Turquoise hereby grants to Customer a non-exclusive, non-transferable (except in accordance with Section 11.3), and non-sublicensable right to access and use the Service as made available by Turquoise.

2.2. Data License. During the Term (as defined below), and subject to the terms of this Agreement, including payment of the fees set forth in any Order, Turquoise hereby grants to Customer a non-exclusive, non-transferable (except in accordance with Section 11.3), and non-sublicensable right to internally use the Turquoise Data.

2.3. Updates and Upgrades. The terms of this Agreement will also apply to updates and upgrades of the Service subsequently provided by Turquoise to Customer. Turquoise may update the functionality, user interfaces, usability, and Documentation from time to time in its sole discretion as part of its ongoing mission to improve the Service. Turquoise may provide ongoing updates to the Turquoise Data and may notify Customer of any changes. However, Turquoise makes no representations or warranties that any particular information or data will be a part of the Turquoise Data and incurs no obligation herein to furnish any specific updates.

2.4. Protection of Customer Data. Turquoise will maintain commercially reasonable administrative, physical, and technical safeguards designed to prevent unauthorized access to or use of Customer Data under the control of Turquoise.

2.5. Compliance with Laws. Turquoise will comply with all laws applicable to Turquoise’s provisioning of the Service to its customers generally (i.e., without regard to the specific nature of the Customer Data or Customer’s particular use of the Service).

2.6. Support. As part of the Service, Turquoise will provide Customer with Turquoise’s standard support, Documentation, and other online resources to assist Customer in its use of the Service.

2.7. Professional Services. If Professional Services are purchased in the Order, Turquoise will provide to Customer such Professional Services in accordance with the Order. Unless stated otherwise in the Order, any timelines provided in connection with Professional Services are good faith projections and not guarantees.

3. Access to and Use of the Service

3.1. Access Credentials. Customer will safeguard, and ensure that all Authorized Users safeguard, the Access Credentials. Customer will notify Turquoise immediately if it learns of any unauthorized use of any Access Credentials or any other known or suspected breach of security regarding the Service or any Turquoise Data.

3.2. Business Associate Agreement. Customer shall not use the Service for accessing, sharing, transmitting, storing, or otherwise processing Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and regulations promulgated thereunder (HIPAA) without first executing a Business Associate Agreement with Turquoise (the “Business Associate Agreement”). Each of Turquoise and Customer will comply with the terms and conditions of the obligations set forth in the Business Associate Agreement entered into by the Parties. In the event that Turquoise discovers that Customer is using the Service for processing PHI, Turquoise shall notify Customer for the purposes of ensuring that a Business Associate Agreement is in place or to address the Customer’s inadvertent disclosure of PHI through the Service.

3.3. Customer Responsibilities. Customer will: (a) obtain any permissions and consents required for Customer and Authorized Users to access Turquoise Data and Customer Data in connection with the Service; (b) be responsible for Authorized Users’ compliance with this Agreement; (c) be responsible for the accuracy, appropriateness, and legality of Customer Data; (d) use commercially reasonable efforts to prevent unauthorized access to or use of the Service and Turquoise Data, and promptly notify Turquoise of any such unauthorized access or use; and (e) use the Service and Turquoise Data only in accordance with applicable laws and government regulations.

3.4. Usage Restrictions. Customer may not: (a) make the Service or any Turquoise Data available to, or use the Service or any Turquoise Data for the benefit of, anyone other than Customer and the Authorized Users; (b) upload, post, transmit, or otherwise make available to the Service any content that (i) is unlawful or tortious, or (ii) Customer does not have a right to make available under any applicable law or under contractual or fiduciary relationships, or that infringes, misappropriates, or otherwise violates any intellectual property, privacy, publicity, or other proprietary rights of any person; (c) sublicense, resell, time share, or similarly exploit the Service or any Turquoise Data; (d) upload, post, transmit, or otherwise make available any content or information designed to interrupt, interfere with, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (e) reverse engineer, modify, adapt, or hack the Service, or otherwise attempt to gain unauthorized access to the Service or its related systems or networks, or any Turquoise Data; or (f) access the Service to build a competitive product or service.

3.5 Turquoise Data Restrictions. Unless otherwise authorized pursuant to an Order or other agreement between Turquoise and Customer, Customer shall not (a) directly or indirectly, use any Turquoise Data for any purpose other than its own internal business operations or (b) access or use any Turquoise Data to create a product or service that competes with any Turquoise products or services, including the Turquoise Data.

4. Fees

4.1. Fees, Invoicing, and Payment. Customer will pay all fees specified in the Order. Payment obligations are non-cancelable and, except as expressly set forth herein, fees paid are non-refundable. All fees will be invoiced by Turquoise in accordance with the terms set forth in the Order. Full payment for invoices issued must be received within the applicable time period set forth in the Order. If any fees owed by Customer (excluding amounts disputed in reasonable and good faith) have not been paid by the applicable due date, Turquoise reserves the right to apply a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, and be reimbursed for all expenses of collection.

4.2. Taxes. The fees are exclusive of, and Customer will be solely responsible for, all applicable taxes in connection with this Agreement, including any sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties (but excluding taxes based on Turquoise’s net income). Should any payment for the services provided by Turquoise be subject to withholding tax by any taxing authority, Customer will reimburse Turquoise for such withholding tax.

4.3. Auditing Rights and Required Records. Customer agrees to maintain complete and accurate records during the Term and for a period of one (1) year after the termination or expiration of this Agreement with respect to matters necessary for accurately determining Customer’s compliance with this Agreement. Turquoise may, at its own expense, on reasonable prior notice, periodically inspect and audit Customer's records and systems to determine Customer’s compliance with this Agreement, provided that if such inspection and audit reveals that Customer has breached any term of this Agreement, Customer shall reimburse Turquoise for the costs of the audit. Such inspection and auditing rights will extend throughout the Term and continue for a period of two (2) years after the termination or expiration of this Agreement.

5. Proprietary Rights

5.1. Turquoise Property. Subject to the limited rights expressly granted to Customer hereunder, Turquoise reserves and retains, and as between Turquoise and Customer, Turquoise exclusively owns, all rights, title, and interest in and to the Service and Turquoise Data, including all modifications, derivative works, upgrades, and updates thereto, and all related intellectual property rights therein. Customer further acknowledges and agrees that: (a) the Turquoise Data is an original compilation protected by United States copyright laws; (b) Turquoise has dedicated substantial resources to collect, manage, and compile the Turquoise Data; and (c) the Turquoise Data constitutes valuable trade secrets of Turquoise. No rights are granted by Turquoise hereunder other than as expressly set forth herein. If Customer or any Authorized User provides Turquoise any feedback or suggestions regarding the Service or any Turquoise Data, then Customer grants Turquoise an unlimited, irrevocable, perpetual, sublicensable, royalty-free license to use any such feedback or suggestions for any purpose without any obligation or compensation to Customer or any Authorized User. Unless otherwise set forth in the Order, Turquoise retains exclusive ownership of all work product created by Turquoise in connection with its performance of Professional Services.

5.2. Customer Data. Customer grants to Turquoise and its Affiliates a worldwide, non-exclusive, limited term license to access, use, copy, distribute, perform, and display Customer Data, and provide necessary access to third party service providers acting on Turquoise’s behalf, such as Turquoise’s hosting services provider, only: (a) to provide, maintain, and update the Service; (b) to prevent or address service or technical problems or at Customer's request in connection with support matters; (c) as compelled by law; or (d) as expressly permitted in writing by Customer. Subject to the limited licenses granted herein, Turquoise acquires no right, title, or interest under this Agreement in or to any Customer Data.

5.3. Analyses. Customer acknowledges and agrees that Turquoise may, during and after the Term, (i) compile statistical and other information related to the performance, operation, and use of the Service, and (ii) collect, use, and analyze information derived from Customer Data in de-identified form (collectively “Analyses”), to create statistical analyses, to improve and enhance the Service, and for research and development purposes in connection with the Service or any other Turquoise offerings. Turquoise retains all right, title, and interest, including all intellectual property rights, in and to Analyses.

6. Confidentiality

6.1. Definition. “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including all copies thereof. Confidential Information of Customer includes Customer Data, Confidential Information of Turquoise includes the Service (including its software and content, other than Customer Data), Turquoise Data, and the work product created from its performance of any Professional Services, and Confidential Information of each Party includes the terms of this Agreement. However, Confidential Information will not include any information that: (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party without use of or reliance on the Confidential Information of the Disclosing Party.

6.2. Protection. The Receiving Party will: (a) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care); (b) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement; and (c) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of the Receiving Party’s and its Affiliates’ employees, contractors, and agents who need such access for purposes consistent with this Agreement and who are subject to confidentiality obligations at least as restrictive as those herein. The Receiving Party will provide prompt written notice to the Disclosing Party of any unauthorized use or disclosure of the Disclosing Party’s Confidential Information. Upon request of the Disclosing Party during the Term, the Receiving Party will promptly return, or at the Disclosing Party’s option destroy, any or all Confidential Information of the Disclosing Party in the Receiving Party’s possession or under its control.

6.3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided that the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's expense, if the Disclosing Party wishes to contest the access or disclosure.

7.Representations, Warranties, and Disclaimers

7.1. Mutual Representations. Each Party represents that: (a) it is duly organized, validly existing, and in good standing under its jurisdiction of organization and has the right to enter into this Agreement; (b) the execution, delivery, and performance of this Agreement are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party, and constitute a valid and binding agreement of such Party; and (c) the execution, delivery and performance of this Agreement does not and will not contravene or conflict with or constitute a default or violation of any terms of any other agreement to which such Party is a party.

7.2. Turquoise Warranties. Turquoise warrants to each Customer that: (a) the Service will perform materially in accordance with the applicable Documentation; and (b) Turquoise will perform Professional Services in a professional manner. If Turquoise breaches any of the foregoing warranties in this Section, Customer’s exclusive remedy and Turquoise’s entire liability will be the correction of the breach, or if Turquoise cannot substantially correct the breach within a commercially reasonable amount of time, Customer may terminate this Agreement and Turquoise will refund to Customer any prepaid fees covering the period remaining in the Term after the effective date of such termination.

7.3. Customer Warranties. Customer warrants that it has obtained and will maintain all rights, consents, and permissions necessary for Customer to access and use the Service and Turquoise Data, and to make available the Customer Data to Turquoise for its use as contemplated herein. Customer represents and warrants that Customer has been granted a license through the American Medical Association (“AMA”) or is otherwise permitted independently of this Agreement to utilize any Current Procedural Terminology (“CPT”) or related coding data (“CPT Data”) in the manner that Customer is using or accessing the CPT Data, and that Customer is not relying on any license Turquoise may possess in relation to any CPT Data and hereby waives any claim against or claim to indemnification from Turquoise relating to Customer’s receipt, accessing, or use of any CPT Data.

7.4. Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES PROVIDED TO THE CUSTOMERS IN SECTION 7.2, THE SERVICE, TURQUOISE DATA, TURQUOISE AI-POWERED TOOLS, AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND TURQUOISE EXPRESSLY DISCLAIMS ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. TURQUOISE DOES NOT WARRANT THAT THE SERVICE OR TURQUOISE DATA WILL BE UNINTERRUPTED OR ERROR-FREE. TURQUOISE SPECIFICALLY MAKES NO, AND HEREBY DISCLAIMS ALL, REPRESENTATIONS, WARRANTIES, AND COVENANTS REGARDING, AND ALL LIABILITY FOR, THE ACCURACY, QUALITY, TRUTHFULNESS, COMPLETENESS, OR LEGALITY OF ANY TURQUOISE DATA, OR THAT ANY DATA, INFORMATION, OR MATERIALS THEREIN OR WITHIN THE SERVICE, OR THE RESULTS GENERATED BY THE USE THEREOF, WILL MEET CUSTOMER’S REQUIREMENTS OR ACHIEVE ANY RESULTS. TURQUOISE IS NOT RESPONSIBLE FOR THE SELECTION OF PATIENTS, PROVIDERS, OR PAYORS, ANY PAYOR COVERAGE OR REIMBURSEMENT DETERMINATIONS, OR ANY PATIENT INJURY RESULTING FROM ANY MEDICAL SERVICE IN CONNECTION WITH THE USE OF THE SERVICE. NOTHING IN THIS AGREEMENT MAY BE CONSTRUED TO MAKE TURQUOISE A PARTY TO A CONTRACT OR TRANSACTION PROCESSED THROUGH THE SERVICE. ALTHOUGH TURQUOISE MAY DESIGNATE CERTAIN PROVIDERS AS “VERIFIED PROVIDERS,” TURQUOISE DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY DATA OR INFORMATION PROVIDED OR NOT PROVIDED BY SUCH PROVIDERS. THE SERVICE MAY INCLUDE THE USE OF ARTIFICIAL INTELLIGENCE WHICH SHALL BE SUBJECT TO THE SUPPLEMENTAL TERMS AVAILABLE ON THE TURQUOISE WEBSITE.

7.5. Informational Purposes Only. WHILE TURQUOISE MAY PROVIDE ELECTIVE SERVICE PRICING INFORMATION THROUGH THE SERVICE AND/OR TURQUOISE DATA, SUCH INFORMATION IS SOLELY INFORMATIONAL. THE SERVICE MAY INCLUDE THE ABILITY TO INTERACT AND CONTRACT WITH OTHER USERS OF THE SERVICE. TURQUOISE DOES NOT TAKE PART IN, AND TURQUOISE ASSUMES NO RESPONSIBILITY OR LIABILITY FOR, THE INTERACTION BETWEEN USERS. TURQUOISE DOES NOT HAVE CONTROL OVER THE INTEGRITY OR ANY ACTIONS OR INACTIONS OF ANY USERS OF THE SERVICE. WITH REGARD TO CONTRACTS BETWEEN USERS FOR SPECIFIC PROCEDURES AND RELATED PAYMENT RESPONSIBILITIES, TURQUOISE IS NOT RESPONSIBLE FOR THE SELECTION OF PATIENTS, PROVIDERS, OR PAYORS, ANY PAYOR COVERAGE OR REIMBURSEMENT DETERMINATIONS, OR ANY PATIENT INJURY RESULTING FROM ANY MEDICAL SERVICE IN CONNECTION WITH THE USE OF THE SERVICE OR ANY TURQUOISE DATA. ALTHOUGH TURQUOISE MAY DESIGNATE CERTAIN PROVIDERS AS “VERIFIED PROVIDERS,” TURQUOISE DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY DATA OR INFORMATION PROVIDED OR NOT PROVIDED BY SUCH PROVIDERS. NEITHER TURQUOISE NOR ITS AFFILIATES OR LICENSORS IS RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER OF THE SERVICE.

8. Indemnification

8.1. Turquoise Indemnification. Turquoise will defend Customer and its Affiliates from and against any lawsuit or proceeding brought by a third party to the extent alleging that Customer’s use of the Service as permitted hereunder infringes or misappropriates such third party’s intellectual property rights, and Turquoise will indemnify Customer and its Affiliates for any damages and any reasonable attorneys’ fees finally awarded against them arising from such lawsuit or proceeding; provided, however, that Turquoise will have no liability under this Section to the extent any such lawsuit or proceeding arises from: (a) Customer Data; (b) Customer’s or any of its Affiliates’ or Authorized Users’ negligence, misconduct, or breach of this Agreement; or (c) any modification or combination of the Service that is not performed or approved by Turquoise or specifically set out in the Documentation.

8.2. Customer Indemnification. Customer will defend Turquoise and its Affiliates from and against any lawsuit or proceeding brought by a third party to the extent alleging that any Customer Data infringes, misappropriates, or otherwise violates the rights, including privacy and publicity rights, of any other party, or that Customer’s or any Authorized User’s particular use of the Service violates applicable law, and Customer will indemnify Turquoise and its Affiliates for any damages and any reasonable attorneys’ fees finally awarded against them arising from such lawsuit or proceeding.

8.3. Procedures. The indemnified party will provide the indemnifying party with: (a) prompt written notice of any matter that is subject to indemnification hereunder; (b) the right to assume the exclusive defense and control of any such matter (provided that the indemnified party may participate in the defense at its own expense); and (c) cooperation with any reasonable requests assisting the indemnifying party’s defense of such matter. The indemnifying party may not settle any such lawsuit or proceeding without the indemnified party’s prior written consent.

8.4. Exclusive Remedy. This Section 8 states the indemnifying party’s sole liability, and the indemnified party’s exclusive remedy, for any type of claim described in this Section 8.

9. Limitation of Liability

9.1. Exclusion of Certain Damages. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

9.2. Liability Cap Applicable to Customers. EXCEPT FOR CUSTOMER’S LIABILITY FOR ITS PAYMENT OBLIGATIONS UNDER SECTION 4, OR CUSTOMER’S LIABILITY FOR ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, OR CUSTOMER’S LIABILITY FOR ITS BREACH OF ITS CONFIDENTIALITY OBLIGATIONS UNDER SECTION 6, OR CUSTOMER’S LIABILITY FOR ITS WILLFUL MISCONDUCT, IN NO EVENT WILL CUSTOMER’S AGGREGATE LIABILITY RELATING TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY CUSTOMER TO TURQUOISE HEREUNDER IN THE 12 MONTHS PRECEDING THE DATE ON WHICH THE FIRST CLAIM GIVING RISE TO LIABILITY AROSE. MULTIPLE CLAIMS WILL NOT ENLARGE THIS LIMITATION.

9.3. Liability Cap Applicable to Turquoise. EXCEPT FOR TURQUOISE’S LIABILITY FOR ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, OR TURQUOISE’S LIABILITY FOR ITS BREACH OF ITS CONFIDENTIALITY OBLIGATIONS UNDER SECTION 6, OR TURQUOISE’S LIABILITY FOR ITS WILLFUL MISCONDUCT, IN NO EVENT WILL TURQUOISE’S AGGREGATE LIABILITY RELATING TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY CUSTOMER TO TURQUOISE HEREUNDER IN THE 12 MONTHS PRECEDING THE DATE ON WHICH THE FIRST CLAIM GIVING RISE TO LIABILITY AROSE. MULTIPLE CLAIMS WILL NOT ENLARGE THIS LIMITATION.

9.4. Scope. For the avoidance of doubt, the exclusions and limitations set forth in Section 9.1, Section 9.2, or Section 9.3 will apply with respect to all legal theories of liability, whether in contract, tort, or otherwise. The Parties agree that the exclusions and limitations set forth in Section 9.1, Section 9.2 and Section 9.3 allocate the risks between the Parties under this Agreement, and that they have relied on these exclusions and limitations in determining whether to enter into this Agreement.

10. Term, Termination, and Suspension

10.1. Term of the Agreement. The term of this Agreement commences on the effective date set forth in the Order and, unless earlier terminated in accordance with the terms of this Agreement, will continue for the “Initial Term” specified in the Order (the “Initial Term”). Thereafter, this Agreement will automatically renew for successive additional periods of 1 year each (each, a “Renewal Term”) unless either Party provides the other with written notice of non-renewal at least 30 days prior to the expiration of the Initial Term or the then-current Renewal Term. Customer agrees that Turquoise may modify the fees for each Renewal Term by providing Customer with written notice of such modification at least 45 days prior to the expiration of the Initial Term or the then-current Renewal Term, as applicable. The Initial Term and each Renewal Term, if any, are collectively referred to herein as the “Term.”

10.2. Termination for Cause. Turquoise or Customer may terminate this Agreement effective after 30 days’ written notice if the other Party materially breaches this Agreement and such breach is not cured within such 30-day period. Upon any termination for cause by Customer, Turquoise will promptly refund Customer any prepaid fees covering the period remaining in the Term after the effective date of such termination. Upon any termination for cause by Turquoise, Customer will promptly pay Turquoise any unpaid fees covering the period remaining in the Term after the effective date of such termination.

10.3. Suspension. Turquoise may suspend Customer’s or any or all Authorized Users’ access to the Service, in whole in part, if: (a) Customer or any Authorized User is using the Service in violation of this Agreement or any applicable law; (b) Customer’s or any Authorized Users’ systems or accounts have been compromised or unlawfully accessed; (c) suspension of the Service is necessary, in Turquoise’s reasonable discretion, to protect the security of the Service or the infrastructure of Turquoise or its Affiliates; (d) suspension is required by applicable law; or (e) any fees owed by Customer (excluding amounts disputed in reasonable and good faith) are 30 days or more overdue, provided Turquoise has given Customer 10 or more days’ prior notice.

10.4. Effects of Termination. In no event will any termination of this Agreement relieve Customer of its obligation to pay any fees payable to Turquoise for the period of time prior to the effective date of such termination. Upon any termination of this Agreement, Customer and all Authorized Users must immediately cease all use of the Service (including all Turquoise Data). For a period of 30 days following any termination of this Agreement, Turquoise will, upon Customer’s request, provide Customer with an export of all current Customer Data in the format agreed by the Parties. After such 30-day period, Turquoise will have no obligation to maintain or provide any Customer Customer Data and Turquoise will, unless prohibited by applicable law, delete all Customer Customer Data in its systems or otherwise in its possession or under its control in accordance with Turquoise’s then-current data retention and deletion policies. Subject to this Section and the Business Associate Agreement, if applicable, upon any termination of this Agreement and the Disclosing Party’s request, the Receiving Party will promptly return, or at the Disclosing Party’s option destroy, any or all Confidential Information of the Disclosing Party in the Receiving Party’s possession or under its control.

10.5. Survival. The sections titled “Protection of Customer Data,” “Turquoise Data Restrictions,” “Fees,” “Proprietary Rights,” “Confidentiality,” “Indemnification,” “Limitation of Liability,” “Termination for Cause,” “Effects of Termination,” “Survival,” and “General Provisions” will survive any termination of this Agreement.

11. General Provisions

11.1. Attribution. Customer agrees that Turquoise may use Customer’s name, logo, and any other trademarks or service marks provided to Turquoise by Customer (“Customer Marks”) in connection with Customer’s use of the Service and to indicate that Customer is a customer of Turquoise for the Service on Turquoise’s website, marketing materials, and in communications with existing or prospective Turquoise customers. Any such attribution will be consistent with Customer’s reasonable style guidelines or requirements as communicated to Turquoise by Customer. Customer retains ownership of all Customer Marks and hereby grants Turquoise a non-exclusive license during the Term to use the Customer Marks for the purpose of exercising Turquoise’s rights under this Section.

11.2. Force Majeure. Except for payment obligations, neither Party will be liable hereunder by reason of any failure or delay in the performance of its obligations due to events beyond the reasonable control of such Party, which may include natural disasters, fires, epidemics, pandemics, riots, war, terrorism, denial of service attacks, internet outages, labor shortages, and judicial or government action.

11.3. Assignment. Neither Party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other Party. Notwithstanding the foregoing, either Party may assign or transfer this Agreement in its entirety, without the consent of the other Party, in connection with a merger or sale of all or substantially all of its assets. Any purported assignment in violation of this Section will be null and void. This Agreement will bind and inure to the benefit of the Parties, their respective successors, and permitted assigns.

11.4. Governing Law; Venue. This Agreement, and any disputes arising out of or related hereto, will be governed exclusively by the internal laws of the State of California, without regard to its conflicts of laws rules or the United Nations Convention on the International Sale of Goods. The state and federal courts located in San Diego, California will have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement. Each Party hereby consents to the exclusive jurisdiction of such courts. Each Party hereby waives any right to jury trial in connection with any action or litigation in any way arising out of or related to this Agreement.

11.5. Notices. All notices under this Agreement will be in writing addressed to the Parties at the addresses set forth on the Order and will be deemed to have been duly given: (a) upon receipt if personally delivered or sent by certified or registered mail with return receipt requested; and (b) the first business day after sending by email or by next day delivery by a recognized overnight delivery service.

11.6. Relationship of the Parties; Third Party Beneficiaries. The Parties are independent contractors and this Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. There are no third party beneficiaries to this Agreement.

11.7. Waiver. No failure or delay by either Party in exercising any right under this Agreement will constitute a waiver of that right.

11.8. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, such provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in full force and effect.

11.9. Entire Agreement. This Agreement, including any addenda hereto and all Orders, together with the Business Associate Agreement, if applicable, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning Customer’s purchase and use of the Service (including the Turquoise Data) and any Professional Services. No modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by each of the Parties. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any addendum hereto or any Order, the terms of such addendum or Order will prevail. For the avoidance of doubt, in the event of a conflict between this Agreement and the Business Associate Agreement associated with the use or disclosure of PHI, the terms of the Business Associate Agreement shall govern and control. Notwithstanding any language to the contrary therein, no terms or conditions stated in any Customer purchase order or other Customer order documentation (excluding Orders) will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void. As used herein, the words “include” and “including” shall be deemed to be followed by the words “without limitation.”

Contact Us

If you have any questions about these Terms and Conditions, You can contact us:

• By email: [email protected]

This Business Associate Agreement (this “Agreement”) is entered into by and between Turquoise Health Co. (“Business Associate”) and the entity that has entered or may enter into a Service Agreement (defined below) and that accepts this Agreement by clicking the “I ACCEPT” button during the account setup process. (“Covered Entity”). This Agreement is entered into as of the date of such acceptance (“Effective Date”) for the purposes of complying with the Health Insurance Portability and Accountability Act of 1996 and regulations promulgated thereunder (“HIPAA”) and the security provisions of the American Recovery and Reinvestment Act of 2009, also known as the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”). BY CLICKING THE “I ACCEPT” BUTTON DURING THE ACCOUNT SETUP PROCESS, COVERED ENTITY IS ACCEPTING AND AGREEING TO BE BOUND BY AND TO COMPLY WITH ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT.

Whereas, Covered Entity is a covered entity as such term is defined under HIPAA and as such is required to comply with the requirements thereof regarding the confidentiality and privacy of Protected Health Information; and

Whereas, Covered Entity has entered or may enter into a service agreement to access and use Business Associate’s contracting management platform and/or other agreement(s) with Business Associate (collectively, “Service Agreement”), pursuant to which Business Associate may receive Protected Health Information for or on behalf of Covered Entity; and

Whereas, by providing services pursuant to the Service Agreement and receiving Protected Health Information for or on behalf of Covered Entity, Business Associate shall become a business associate of Covered Entity, as such term is defined under HIPAA, and will therefore have obligations regarding the confidentiality and privacy of Protected Health Information that Business Associate receives from or on behalf of, Covered Entity.

Now Therefore, in consideration of the mutual covenants, promises, and agreements contained herein, the parties hereto agree as follows:

1. Definitions.

For the purposes of this Agreement, capitalized terms shall have the meanings ascribed to them below. All capitalized terms used but not otherwise defined herein will have the meaning ascribed to them by HIPAA.

• (a) “Protected Health Information” or “PHI” is any information, whether oral or recorded in any form or medium that is created, received, maintained, or transmitted by Business Associate for or on behalf of Covered Entity, that identifies an individual or might reasonably be used to identify an individual and relates to: (i) the individual’s past, present or future physical or mental health; (ii) the provision of health care to the individual; or (iii) the past, present or future payment for health care.
• (b) “Secretary” shall refer to the Secretary of the U.S. Department of Health and Human Services.
• (c) “Unsecured PHI” shall mean PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary (e.g., encryption). This definition applies to both hard copy PHI and electronic PHI.

2. Obligations of Business Associate.

(a) General Compliance with Law

Business Associate represents and warrants that it, its agents and its subcontractors: (i) shall use or disclose PHI only in connection with fulfilling its duties and obligations under this Agreement and the Service Agreement; (ii) shall not use or disclose PHI other than as permitted or required by this Agreement or required by law; (iii) shall not use or disclose PHI in any manner that violates applicable federal and state laws or would violate such laws if used or disclosed in such manner by Covered Entity; and (iv) shall only use and disclose the minimum necessary PHI for its specific purposes.

(b) Use and Disclosure of Protected Health Information

Subject to the restrictions set forth throughout this Agreement, Business Associate may use PHI received from Covered Entity if necessary for (i) the proper management and administration of Business Associates; or (ii) to carry out the legal responsibilities of Business Associate; or (iii) product development purposes.

Subject to the restrictions set forth throughout this Agreement, Business Associate may disclose PHI for the proper management and administration of Business Associate, provided that: (i) disclosures are required by law, or (ii) Business Associate obtains reasonable assurances from the person or entity to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person or entity, and the person or entity notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.

Business Associate is permitted, for Data Aggregation purposes to the extent permitted under HIPAA, to use, disclose, and combine PHI created or received on behalf of Covered Entity by Business Associate pursuant to this Agreement with PHI, as defined by 45 C.F.R. 160.103, received by Business Associate in its capacity as a business associate of other covered entities, to permit data analyses that relate to the Health Care Operations of the respective covered entities and/or Covered Entity.

Business Associate acknowledges that, as between Business Associate and Covered Entity, all PHI shall be and remain the sole property of Covered Entity, including any and all forms thereof developed by Business Associate in the course of its fulfillment of its obligations pursuant to the Agreement and Service Agreement.

Business Associate may de-identify any and all PHI created or received by Business Associate under this Agreement. Once PHI has been de-identified pursuant to 45 CFR 164.514(b), such information is no longer Protected Health Information and no longer subject to this Agreement.

(c) Covered Entity Obligations

To the extent that Business Associate is to carry out any of Covered Entity’s obligations that are regulated by HIPAA, Business Associate shall comply with the HIPAA requirements that apply to the Covered Entity in the performance of such obligation.

(d) Safeguards

Business Associate shall employ appropriate administrative, technical and physical safeguards, consistent with the size and complexity of Business Associate’s operations, to protect the confidentiality of PHI and to prevent the use or disclosure of PHI in any manner inconsistent with the terms of this Agreement. Business Associate shall comply, where applicable, with Subpart C of 45 C.F.R. Part 164 with respect to electronic PHI to prevent use or disclosure of such electronic PHI other than as provided for by this Agreement.

(e) Availability of Books and Records

Business Associate shall permit the Secretary and other regulatory and accreditation authorities to audit Business Associate’s internal practices, books and records at reasonable times as they pertain to the use and disclosure of PHI in order to ensure that Covered Entity and/or Business Associate is in compliance with the requirements of HIPAA.

(f) Individuals’ Rights to Their PHI

(i) Access to Information

To the extent Business Associate maintains PHI in a Designated Record Set, in order to allow Covered Entity to respond to a request by an Individual for access to PHI pursuant to 45 CFR Section 164.524, Business Associate, within ten (10) business days upon receipt of written request by Covered Entity, shall make available to Covered Entity such PHI. In the event that any Individual requests access to PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within seven (7) business days.

Covered Entity will be responsible for making all determinations regarding the grant or denial of an Individual’s request for PHI and Business Associate will make no such determinations. Except as Required by Law, only Covered Entity will be responsible for releasing PHI to an Individual pursuant to such a request. Any denial of access to PHI determined by Covered Entity pursuant to 45 CFR Section 164.524, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.

(ii) Amendment of Information

To the extent Business Associate maintains PHI in a Designated Record Set, in order to allow Covered Entity to respond to a request by an Individual for an amendment to PHI, Business Associate shall, within ten (10) business days upon receipt of a written request by Covered Entity, make available to Covered Entity such PHI. In the event that any Individual requests amendment of PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within seven (7) business days.

Covered Entity will be responsible for making all determinations regarding the grant or denial of an Individual’s request for an amendment to PHI and Business Associate will make no such determinations. Any denial of amendment to PHI determined by Covered Entity pursuant to 45 CFR Section 164.526, and conveyed to Business Associate by Covered Entity, shall be the responsibility of Covered Entity, including resolution or reporting of all appeals and/or complaints arising from denials.

Within ten (10) business days of receipt of a request from Covered Entity to amend an individual’s PHI in the Designated Record Set, Business Associate shall incorporate any approved amendments, statements of disagreement, and/or rebuttals into its Designated Record Set as required by 45 CFR Section 164.526.

(iii) Accounting of Disclosures

In order to allow Covered Entity to respond to a request by an Individual for an accounting pursuant to 45 CFR Section 164.528, Business Associate shall, within ten (10) business days of a written request by Covered Entity for an accounting of disclosures of PHI about an Individual, make available to Covered Entity such PHI. At a minimum, Business Associate shall provide Covered Entity with the following information: (a) the date of the disclosure; (b) the name of the entity or person who received the PHI, and if known, the address of such entity or person; (c) a brief description of the PHI disclosed; and (d) a brief statement of the purpose of such disclosure. In the event that any Individual requests an accounting of disclosures of PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within seven (7) business days. Covered Entity will be responsible for preparing and delivering an accounting to Individual. Business Associate shall implement an appropriate record keeping process to enable it to comply with the requirements of this Agreement.

(g) Disclosure to Subcontractors and Agents

Notwithstanding anything to the contrary in the Service Agreement, Business Associate, subject to the restrictions set forth in this provision, may use subcontractors and agents to fulfill its obligations under this Agreement. Business Associate shall obtain and maintain a written agreement with each subcontractor or agent that has or will have access to PHI, which is received from, or created or received by, Business Associate for or on behalf of Covered Entity, pursuant to which such subcontractor and agent agrees to be bound by the same or substantially similar restrictions, terms, and conditions that apply to Business Associate under this Agreement with respect to such PHI.

(h) Reporting Obligations

In the event of a Breach of any Unsecured PHI that Business Associate accesses, maintains, retains, modifies, records, or otherwise holds or uses on behalf of Covered Entity, Business Associate shall report such Breach to Covered Entity as soon as practicable, but in no event later than five (5) business days after the date the Breach is discovered. Notice of a Breach shall include, to the extent such information is available to Business Associate: (i) the date of the Breach, if known, and the date of discovery of the Breach; (ii) the scope of the Breach; and (iii) the Business Associate’s response to the Breach. Given the nature of Business Associate’s services, Business Associate cannot provide the identification of individuals PHI that may have been the subject of a Breach.

In the event of a use or disclosure of PHI that is improper under this Agreement but does not constitute a Breach, Business Associate shall report such use or disclosure to Covered Entity within ten (10) business days after the date on which Business Associate becomes aware of such use or disclosure.

In the event of any successful Security Incident, Business Associate shall report such Security Incident in writing to Covered Entity within ten (10) business days of the date on which Business Associate becomes aware of such Security Incident. The parties acknowledge that unsuccessful Security Incidents that occur within the normal course of business shall not be further reported pursuant to this Agreement. Such unsuccessful Security Incidents include, but are not limited to, port scans or “pings,” and unsuccessful log-on attempts, broadcast attacks on Business Associate’s firewall, denials of service or any combination thereof if such incidents are detected and neutralized by Business Associate’s anti-virus and other defensive software and not allowed past Business Associate’s firewall.

Business Associate will identify and respond internally to any suspected or known Breach of any Unsecured PHI, Security Incident or other improper use or disclosure of PHI, and will mitigate, to the extent practicable, their harmful effects, document their outcomes, and provide documentation of any successful Security Incident and Breach of any Unsecured PHI to Covered Entity upon request.

3. Obligations Of Covered Entity.

(a) Permissible Requests

Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would violate applicable federal and state laws if such use or disclosure were made by Covered Entity. Covered Entity may request Business Associate to disclose PHI directly to another party only for the purposes allowed by HIPAA and the HITECH Act.

(b) Notifications

Covered Entity shall notify Business Associate of any limitation in any applicable notice of privacy practices in accordance with 45 CFR Section 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.

Covered Entity shall notify Business Associate of any changes in, or revocation of, permission by individual to use or disclose PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.

Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR Section 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.

4. Term and Termination.

(a) General Term and Termination

This Agreement shall become effective on the Effective Date set forth above and shall terminate upon the termination or expiration of the Service Agreement and when all PHI provided by either party to the other, or created or received by Business Associate on behalf of Covered Entity is, in accordance with this Section, destroyed, returned to Covered Entity, or protections are extended.

(b) Material Breach

Where either party has knowledge of a material breach by the other party, the non-breaching party shall provide the breaching party with an opportunity to cure. Where said breach is not cured to the reasonable satisfaction of the non-breaching party within twenty (20) business days of the breaching party’s receipt of notice from the non-breaching party of said breach, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the Service Agreement affected by the breach. Where either party has knowledge of a material breach by the other party and cure is not possible, the non-breaching party shall, if feasible, terminate this Agreement and the portion(s) of the Service Agreement affected by the breach.

(c) Return or Destruction of PHI

Upon termination of this Agreement for any reason, Business Associate shall: (i) if feasible as determined by Business Associate, return or destroy all PHI received from, or created or received by Business Associate for or on behalf of Covered Entity that Business Associate or any of its subcontractors and agents still maintain in any form, and Business Associate shall retain no copies of such information; or (ii) if Business Associate determines that such return or destruction is not feasible, extend the protections of this Agreement to such information and limit further uses and disclosures to those purposes that make the return or destruction of the PHI infeasible, in which case Business Associate’s obligations under this Section shall survive the termination of this Agreement. Notwithstanding the foregoing, Business Associate may retain a copy of PHI received from, or created or received by Business Associate for or on behalf of Covered Entity which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities, provided that Business Associate extend the protections of this Agreement to such information.

5. Indemnification.

Each party shall indemnify, defend and hold harmless the other party and its directors, officers, subcontractors, employees, affiliates, agents, and representatives from and against any and all third party liabilities, costs, claims, suits, actions, proceedings, demands, losses and liabilities of any kind (including court costs and reasonable attorneys’ fees) incurred by and/or brought by a third party, arising from or relating to the acts and/or omissions of the breaching party and/or any of its directors, officers, subcontractors, employees, affiliates, agents, and representatives in connection with the performance of its obligations under this Agreement; provided, however, Business Associate’s indemnification obligations hereunder shall not exceed one million dollars ($1,000,000) per incident.

6. Miscellaneous.

(a) Amendment

If any of the regulations promulgated under HIPAA or the HITECH Act are amended or interpreted in a manner that renders this Agreement inconsistent therewith, the parties shall amend this Agreement to the extent necessary to comply with such amendments or interpretations.

(b) Interpretation

Any ambiguity in this Agreement shall be resolved to permit the parties to comply with HIPAA and the HITECH Act.

(c) Conflicting Terms

In the event that any terms of this Agreement conflict with any terms of the Service Agreement, the terms of this Agreement shall govern and control.

(d) Notices

Any notices pertaining to this Agreement shall be given in writing and shall be deemed duly given when personally delivered to a Party or a Party’s authorized representative or sent by means of a reputable overnight carrier, or sent by means of certified mail, return receipt requested, postage prepaid. Notices shall be deemed given upon receipt. Notices shall be addressed to Business Associate at Turquoise Health Co., 421 Broadway #5108, San Diego, CA 92101, and shall be addressed to Covered Entity at the address provided by Covered Entity in its registered account with Business Associate.

(e) Severability

The provisions of this Agreement shall be severable, and if any provision of this Agreement shall be held or declared to be illegal, invalid or unenforceable, the remainder of this Agreement shall continue in full force and effect as though such illegal, invalid or unenforceable provision had not been contained herein.

Contact Us

If you have any questions about these Terms and Conditions, You can contact us:

• By email: [email protected]

This Data Use Agreement (“Agreement”) governs the ways in which you may access and use the data that Turquoise Health Co., a Delaware corporation (“Turquoise”), makes available for non-commercial, scholarly, research, and academic uses. Such persons and entities who access the data for these reasons shall be referred to as “Researcher(s)” under this Agreement. If you have any question about whether you qualify for access under this Agreement, please send such inquiries to [email protected].

Recitals

Turquoise has aggregated publicly available data and modified that publicly available data using custom data elements, including machine learning programming, to create certain inventions, compilations, creative works, and data sets that are protected by copyright and other forms of intellectual property (“Licensed Material”).

Researcher wishes to access the Licensed Material pursuant to the terms of this Agreement. By accessing and using the data, Researcher agrees to be bound by this Agreement. If you access or use the data on behalf of an entity, university, or other organization, you represent you have the authority to bind them to this Agreement.

1. Limited License Terms

• A. License. While accessing the data in compliance with this Agreement, Researcher shall receive, and Turquoise hereby grants to Researcher, a non-exclusive, revocable, worldwide, non-assignable, non-transferrable, non-sublicensable right to use the Licensed Material. Researcher may only reproduce, distribute, publicly perform, publicly display, digitally transmit, and otherwise use the Licensed Materials in any medium or format with (i) with the express, written permission of Turquoise, which may be refused or granted for any reason or no reason; (ii) that must be requested with at least 14 days’ written prior notice before the need to publish or reproduce any data or information that includes any part of the Licensed Materials. For the avoidance of doubt, Turquoise owns any and all data, and any derivative works that you might create in using the data, to the extent that such creations are permitted, shall belong to Turquoise, to the maximum extent permissible under the law.

• B. Specifically Prohibited Activities. The following activities are expressly prohibited under this Agreement. You may not: (i) engage in commercial use of any kind; (ii) create any format in which a third party could view or reconstruct the Licensed Material; (iii) violate any law or regulation in any relevant jurisdiction; (iv) create derivative works without permission; (v) publish, disseminate, perform or otherwise transmit Licensed Material without express written permission from Turquoise; (vi) use the data in a way that competes with Turquoise. Any person or entity who attempts to access this data that is not affiliated with a registered 501(c)(3) nonprofit, college, university, or other institution that is using this data for research reasons, shall have their license immediately revoked. Turquoise reserves the right to waive this at its sole discretion. Such requests may be sent to [email protected].

• C. Right of Revocation. Turquoise reserves the right to revoke any of the above licenses or permissions, at any time, for any reason or no reason.

2. Researcher’s Obligations

• A. Attribution. Researcher shall include (a) appropriate and direct attribution to Turquoise as the source of the Licensed Material in any dissemination of Licensed Material, and (b) a statement that the views and opinions expressed reflect only the author’s sentiment and do not necessarily reflect the official position of Turquoise Health.

• B. Nondisclosure. Researcher shall not use the Licensed Material for any purpose other than those expressly permitted in this Agreement (“Purpose”). Researcher: (i) shall not disclose Licensed Material to any employee or contractor of Researcher unless such person needs access in order to facilitate the Purpose; and (ii) shall not disclose Licensed Material to any other third party without Turquoise’s prior written consent. Without limiting the generality of the foregoing, Researcher shall protect Licensed Material with the same degree of care it uses to protect its own confidential information of similar nature and importance, but with no less than reasonable care. Researcher shall promptly notify Turquoise of any misuse or misappropriation of Licensed Material that comes to Researcher’s attention. Notwithstanding the foregoing, Researcher may disclose Licensed Material as required by applicable law or by proper legal or governmental authority. Researcher shall give Turquoise prompt notice of any such legal or governmental demand and reasonably cooperate with Turquoise in any effort to seek a protective order or otherwise to contest such required disclosure, at Discloser’s expense.

3. Warranties; Disclaimer of Warranties and Limitation of Liability

• A. As Is. Turquoise makes no representations or warranties about quality, truthfulness, or accuracy of any data included in the Licensed Material.

• B. Updates. Turquoise may provide ongoing updates to the Licensed Material and may notify Researcher of any changes. Turquoise makes no representations or warranties that any particular information or data will be a part of the Licensed Material.

• C. Indemnification. Researcher agrees to indemnify and hold harmless Turquoise and its directors, officer, agents, attorneys, staff, contractors, and employees from and against all taxes, losses, damages, liabilities, costs and expenses, including attorneys’ fees and other legal expenses, arising directly or indirectly from or in connection with damages resulting from Researcher’s use of the data.

• D. Limitation of Liability. NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL, PUNITIVE, OR INDIRECT DAMAGES ARISING FROM OR RELATING TO ANY BREACH OF THIS AGREEMENT, REGARDLESS OF ANY NOTICE OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, TURQUOISE SHALL NOT BE LIABLE TO RESEARCHER FOR ANY AMOUNT THAT IS GREATER THAN THE AMOUNT PAID TO TURQUOISE UNDER THIS AGREEMENT

• E. Disclaimer of Warranties. TURQUOISE HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHER (INCLUDING ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE OR TRADE PRACTICE), AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON- INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, TURQUOISE MAKES NO WARRANTY OF ANY KIND THAT THE LICENSED MATERIAL OR ANY OTHER PRODUCTS, INFORMATION, MATERIALS AND SERVICES OR THE RESULTS OF THE USE OF ANY OF THEM, WILL MEET RESEARCHER’S, AN AUTHORIZED USER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY OTHER SYSTEM, GOODS, MATERIALS OR SERVICES.

4. Term and Termination.

Turquoise has the right to terminate this Agreement at any time, for any reason or no reason.

5. Other Terms and Conditions.

• A. Choice of Law. This Agreement will be governed by and construed in accordance with the substantive laws of the State of California, without regard to its conflict of law principles. The venue for any dispute shall be the state and federal courts of San Diego, California.

• B. Injunction. Researcher agrees that breach of this Agreement would cause Turquoise irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Discloser will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security.

• C. No endorsement. Nothing in this Agreement constitutes or may be construed as permission to assert or imply that Researcher is, or that Researcher’s use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, Turquoise.

• D. Severability. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect.

• E. Arbitration. The parties agree that all controversies, claims or disputes with anyone (including Researcher and any employee, officer, director, shareholder or benefit plan of Researcher) arising out of, relating to or resulting from Turquoise’s performance of the services under this Agreement or the termination of this Agreement, including but not limited to any material breach of this Agreement, shall be subject to binding arbitration. Researcher may not under any circumstances commence or maintain against Turquoise any class action, class arbitration, or other representative action or proceeding. While arbitration is a faster, less costly, and less publicized avenue for resolving disputes, you should know that in agreeing to arbitration, you are waiving your right to a trial by jury. Such arbitration shall be conducted in accordance with procedures established by the American Arbitration Association. The decision of the arbitrator(s) shall be final and binding on the parties. Judgment on any arbitration award may be entered in accordance with the provisions of the Uniform Arbitration Act and pursuant to the laws of the State of California (the “Rules”).

• F. Amendment and Assignment. Turquoise may modify this Agreement at any time. If you have provided the Company with your email address, Turquoise will attempt to email you with such changes. Turquoise may assign this Agreement in the event of a sale of all or substantially all of its stock or assets.

• G. Entire Agreement. This Agreement sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to its subject matter. Neither party has relied upon any such prior or contemporaneous communications. This Agreement does not commit either party to enter into any business relationship or execute any additional contract, including without limitation related to the Subscription.

Contact Us

If you have any questions about these Terms and Conditions, You can contact us:

• By email: [email protected]

PLEASE READ THE FOLLOWING TERMS AND CONDITIONS (THE “TERMS”), WHICH ALONG WITH ANY APPLICABLE ORDER FORM REFERENCING THESE TERMS (AN “ORDER”) AND ALL SUPPLEMENTAL TERMS THAT MAY BE PRESENTED TO YOU FOR YOUR REVIEW AND ACCEPTANCE (COLLECTIVELY, THE “AGREEMENT”) CONSTITUTE THE AGREEMENT BETWEEN THE ENTITY ACCESSING OR USING THE SERVICE (“YOU” or “CUSTOMER”), AND TURQUOISE HEALTH CO. (“TURQUOISE”). THIS AGREEMENT REPRESENTS THE ENTIRE AGREEMENT CONCERNING THE SERVICE BETWEEN THE PARTIES AND IT SUPERSEDES ANY PRIOR PROPOSAL, REPRESENTATION, OR UNDERSTANDING BETWEEN THE PARTIES. TURQUOISE AND CUSTOMER ARE HEREINAFTER JOINTLY DEFINED AS THE “PARTIES” OR INDIVIDUALLY A “PARTY”.

BY EXECUTING AN ORDER THAT REFERENCES THESE TERMS, OR BY ACCESSING OR USING, OR SUBSCRIBING TO USE, THE SERVICE, YOU ARE ACCEPTING AND AGREEING TO BE BOUND BY AND TO COMPLY WITH ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT (PERSONALLY AND ON BEHALF OF ANY COMPANY OR OTHER LEGAL ENTITY THAT YOU REPRESENT WHEN USING THE SERVICE OR THAT YOU NAME AS THE USER WHEN YOU CREATE AN ACCOUNT), AND YOU REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, AUTHORITY, AND CAPACITY TO ENTER INTO THIS AGREEMENT AND TO BIND ANY SUCH COMPANY OR LEGAL ENTITY TO THIS AGREEMENT. EACH ORDER IS INCORPORATED HEREIN BY REFERENCE. IF YOU DO NOT AGREE WITH ALL OF THE PROVISIONS OF THIS AGREEMENT, YOU MAY NOT ACCESS AND/OR USE THE SERVICE.

Turquoise may change these Terms from time to time at its sole discretion, and if it makes any material changes, it will attempt to notify You by sending You an email to the last email address You provided to Turquoise and/or posting a notice on Turquoise’s website. Therefore, You agree to promptly notify Turquoise of any changes in your email address. Any material changes to these Terms will be effective upon the (1) earlier of your acceptance of the new Terms or (2) next renewal date of the Agreement pursuant to the applicable Order.

1. Definitions

• “Access Credentials” means login information, passwords, security protocols, and policies through which Authorized Users access the Service.

• “Affiliate” of a Party means: (a) any entity that such Party controls; (b) any entity that controls such Party; or (c) any entity under common control with such Party. To “control,” for purposes of this definition, means owning or otherwise controlling more than 50% of the voting interests of an entity.

• “Authorized User” means an employee or contractor of Customer who is authorized by Customer to access and use the Service on Customer’s behalf, and who has been issued a Service account by Customer that is associated to a unique email address with a domain name owned or controlled by Customer.

• “Customer Data” means all data, content, and information submitted by Authorized Users into the Service and the Customer-specific output that is generated by Authorized Users’ use of the Service.

• “Documentation” means the user manuals, specifications, and policies, as may be updated from time to time, that describe the functionality, features, operation, or use of the Service and that are made available by Turquoise to Customer.

• “Order” means all written order forms entered into by the parties hereunder and referencing this Agreement, identifying the applicable Service to be made available by Turquoise, and containing the pricing, subscription term, and other specific terms and conditions applicable to the Services.

• “Professional Services” means any professional services related to Customer’s use of the Service, such as consulting, implementation, or training services, provided by Turquoise to Customer as expressly identified in the Order.

• “Service” means Turquoise’s software-as-a-service platform (excluding Customer Data) and the provision by Turquoise of the Turquoise Data through such platform, and any other products purchased via an Order. References to the “Service” in this Agreement include the Documentation.

• “Turquoise Data” means publicly available data that has been modified and aggregated by Turquoise using custom data elements, including machine learning programming, to create certain inventions, compilations, creative works, and data sets that are protected by copyright and other intellectual property laws, and made available by Turquoise to Customer through the Service.

2. Turquoise Responsibilities

• 2.1. Provision of the Service. Subject to the terms and conditions of this Agreement and during the Term, Turquoise will make the Service available to Customer for use by Authorized Users solely for the internal non-commercial operations of Customer. Turquoise hereby grants to Customer a non-exclusive, non-transferable (except in accordance with Section 11.4), and non-sublicensable right to access and use the Service as made available by Turquoise.

• 2.2. Data License. During the Term (as defined below), and subject to the terms of this Agreement, including payment of the fees set forth in any Order, Turquoise hereby grants to Customer a non-exclusive, revocable, non-transferable (except in accordance with Section 11.4), and non-sublicensable right to internally use the Turquoise Data. Customer may only reproduce, distribute, publicly perform, publicly display, digitally transmit, and otherwise use the Turquoise Data in any medium or format with (i) with the express, written permission of Turquoise, which may be refused or granted for any reason or no reason; (ii) that must be requested with at least 14 days’ written prior notice before the need to publish or reproduce any data or information that includes any part of the Turquoise Data. For the avoidance of doubt, Turquoise owns any and all data, and any derivative works that you might create in using the data, to the extent that such creations are permitted, shall belong to Turquoise, to the maximum extent permissible under the law.

• 2.3. Specifically Prohibited Activities. The following activities are expressly prohibited under this Agreement. Customer may not: (i) engage in commercial use of any kind; (ii) create any format in which a third party could view or reconstruct the Turquoise Data; (iii) violate any law or regulation in any relevant jurisdiction; (iv) create derivative works without permission; (v) publish, disseminate, perform or otherwise transmit Turquoise Data without express written permission from Turquoise; (vi) use the data in a way that competes with Turquoise. Any person or entity who attempts to access this data that is not affiliated with a registered 501(c)(3) nonprofit, college, university, or other institution that is using this data for research or similar non-commercial reasons, shall have their license immediately revoked. Turquoise reserves the right to waive this at its sole discretion. Such requests may be sent to [email protected].

• 2.4. Updates and Upgrades. The terms of this Agreement will also apply to updates and upgrades of the Service subsequently provided by Turquoise to Customer. Turquoise may update the functionality, user interfaces, usability, and Documentation from time to time in its sole discretion as part of its ongoing mission to improve the Service. Turquoise may provide ongoing updates to the Turquoise Data and may notify Customer of any changes. However, Turquoise makes no representations or warranties that any particular information or data will be a part of the Turquoise Data and incurs no obligation herein to furnish any specific updates.

• 2.5. Protection of Customer Data. Turquoise will maintain commercially reasonable administrative, physical, and technical safeguards designed to prevent unauthorized access to or use of Customer Data under the control of Turquoise.

• 2.6. Compliance with Laws. Turquoise will comply with all laws applicable to Turquoise’s provisioning of the Service to its customers generally (i.e., without regard to the specific nature of the Customer Data or Customer’s particular use of the Service).

• 2.7. Support. As part of the Service, Turquoise will provide Customer with Turquoise’s standard support, Documentation, and other online resources to assist Customer in its use of the Service.

• 2.8. Professional Services. If Professional Services are purchased in the Order, Turquoise will provide to Customer such Professional Services in accordance with the Order. Unless stated otherwise in the Order, any timelines provided in connection with Professional Services are good faith projections and not guarantees.

3. Access to and Use of the Service

• 3.1. Access Credentials. Customer will safeguard, and ensure that all Authorized Users safeguard, the Access Credentials. Customer will notify Turquoise immediately if it learns of any unauthorized use of any Access Credentials or any other known or suspected breach of security regarding the Service or any Turquoise Data.

• 3.2. Business Associate Agreement. Customer shall not use the Service for accessing, sharing, transmitting, storing, or otherwise processing Protected Health Information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996, as amended, and regulations promulgated thereunder (HIPAA) without first executing a Business Associate Agreement with Turquoise (the “Business Associate Agreement”). Each of Turquoise and Customer will comply with the terms and conditions of the obligations set forth in the Business Associate Agreement entered into by the Parties. In the event that Turquoise discovers that Customer is using the Service for processing PHI, Turquoise shall notify Customer for the purposes of ensuring that a Business Associate Agreement is in place or to address the Customer’s inadvertent disclosure of PHI through the Service.

• 3.3. Customer Responsibilities. Customer will: (a) obtain any permissions and consents required for Customer and Authorized Users to access Turquoise Data and Customer Data in connection with the Service; (b) be responsible for Authorized Users’ compliance with this Agreement; (c) be responsible for the accuracy, appropriateness, and legality of Customer Data; (d) use commercially reasonable efforts to prevent unauthorized access to or use of the Service and Turquoise Data, and promptly notify Turquoise of any such unauthorized access or use; and (e) use the Service and Turquoise Data only in accordance with applicable laws and government regulations.

• 3.4. Usage Restrictions. Customer may not: (a) make the Service or any Turquoise Data available to, or use the Service or any Turquoise Data for the benefit of, anyone other than Customer and the Authorized Users; (b) upload, post, transmit, or otherwise make available to the Service any content that (i) is unlawful or tortious, or (ii) Customer does not have a right to make available under any applicable law or under contractual or fiduciary relationships, or that infringes, misappropriates, or otherwise violates any intellectual property, privacy, publicity, or other proprietary rights of any person; (c) sublicense, resell, time share, or similarly exploit the Service or any Turquoise Data; (d) upload, post, transmit, or otherwise make available any content or information designed to interrupt, interfere with, destroy or limit the functionality of any computer software or hardware or telecommunications equipment; (e) reverse engineer, modify, adapt, or hack the Service, or otherwise attempt to gain unauthorized access to the Service or its related systems or networks, or any Turquoise Data; or (f) access the Service to build a competitive product or service.

• 3.5. Turquoise Data Restrictions. Unless otherwise authorized pursuant to an Order or other agreement between Turquoise and Customer, Customer shall not (a) directly or indirectly, use any Turquoise Data for any purpose other than its own internal non-commercial operations or (b) access or use any Turquoise Data to create a product or service that competes with any Turquoise products or services, including the Turquoise Data.

• 3.6. Source Credit. Customer shall include (a) appropriate and direct attribution to Turquoise as the source of the Licensed Material in any dissemination of Licensed Material, and (b) a statement that the views and opinions expressed reflect only the author’s sentiment and do not necessarily reflect the official position of Turquoise Health.

4. Fees

• 4.1. Fees, Invoicing, and Payment. Customer will pay all fees specified in the Order. Payment obligations are non-cancelable and, except as expressly set forth herein, fees paid are non-refundable. All fees will be invoiced by Turquoise in accordance with the terms set forth in the Order. Full payment for invoices issued must be received within the applicable time period set forth in the Order. If any fees owed by Customer (excluding amounts disputed in reasonable and good faith) have not been paid by the applicable due date, Turquoise reserves the right to apply a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, and be reimbursed for all expenses of collection.

• 4.2. Taxes. The fees are exclusive of, and Customer will be solely responsible for, all applicable taxes in connection with this Agreement, including any sales, use, excise, value-added, goods and services, consumption, and other similar taxes or duties (but excluding taxes based on Turquoise’s net income). Should any payment for the services provided by Turquoise be subject to withholding tax by any taxing authority, Customer will reimburse Turquoise for such withholding tax.

• 4.3. Auditing Rights and Required Records. Customer agrees to maintain complete and accurate records during the Term and for a period of one (1) year after the termination or expiration of this Agreement with respect to matters necessary for accurately determining Customer’s compliance with this Agreement. Turquoise may, at its own expense, on reasonable prior notice, periodically inspect and audit Customer's records and systems to determine Customer’s compliance with this Agreement, provided that if such inspection and audit reveals that Customer has breached any term of this Agreement, Customer shall reimburse Turquoise for the costs of the audit. Such inspection and auditing rights will extend throughout the Term and continue for a period of one (1) year after the termination or expiration of this Agreement.

5. Proprietary Rights

• 5.1. Turquoise Property. Subject to the limited rights expressly granted to Customer hereunder, Turquoise reserves and retains, and as between Turquoise and Customer, Turquoise exclusively owns, all rights, title, and interest in and to the Service and Turquoise Data, including all modifications, derivative works, upgrades, and updates thereto, and all related intellectual property rights therein. Customer further acknowledges and agrees that: (a) the Turquoise Data is an original compilation protected by United States copyright laws; (b) Turquoise has dedicated substantial resources to collect, manage, and compile the Turquoise Data; and (c) the Turquoise Data constitutes valuable trade secrets of Turquoise. No rights are granted by Turquoise hereunder other than as expressly set forth herein. If Customer or any Authorized User provides Turquoise any feedback or suggestions regarding the Service or any Turquoise Data, then Customer grants Turquoise an unlimited, irrevocable, perpetual, sublicensable, royalty-free license to use any such feedback or suggestions for any purpose without any obligation or compensation to Customer or any Authorized User. Unless otherwise set forth in the Order, Turquoise retains exclusive ownership of all work product created by Turquoise in connection with its performance of Professional Services.

• 5.2. Customer Data. Customer grants to Turquoise and its Affiliates a worldwide, non-exclusive, limited term license to access, use, copy, distribute, perform, and display Customer Data, and provide necessary access to third party service providers acting on Turquoise’s behalf, such as Turquoise’s hosting services provider, only: (a) to provide, maintain, and update the Service; (b) to prevent or address service or technical problems or at Customer's request in connection with support matters; (c) as compelled by law; or (d) as expressly permitted in writing by Customer. Subject to the limited licenses granted herein, Turquoise acquires no right, title, or interest under this Agreement in or to any Customer Data.

• 5.3. Analyses. Customer acknowledges and agrees that Turquoise may, during and after the Term, (i) compile statistical and other information related to the performance, operation, and use of the Service, and (ii) collect, use, and analyze information derived from Customer Data in de-identified form (collectively “Analyses”), to create statistical analyses, to improve and enhance the Service, and for research and development purposes in connection with the Service or any other Turquoise offerings. Turquoise retains all right, title, and interest, including all intellectual property rights, in and to Analyses.

6. Confidentiality

• 6.1. Definition. “Confidential Information” means all confidential information disclosed by a party (“Disclosing Party”) to the other party (“Receiving Party”), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including all copies thereof. Confidential Information of Customer includes Customer Data, Confidential Information of Turquoise includes the Service (including its software and content, other than Customer Data), Turquoise Data, and the work product created from its performance of any Professional Services, and Confidential Information of each Party includes the terms of this Agreement. However, Confidential Information will not include any information that: (a) is or becomes generally available to the public without breach of any obligation owed to the Disclosing Party; (b) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party; (c) is received from a third party without breach of any obligation owed to the Disclosing Party; or (d) was independently developed by the Receiving Party without use of or reliance on the Confidential Information of the Disclosing Party.

• 6.2. Protection. The Receiving Party will: (a) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care); (b) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement; and (c) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of the Receiving Party’s and its Affiliates’ employees, contractors, and agents who need such access for purposes consistent with this Agreement and who are subject to confidentiality obligations at least as restrictive as those herein. The Receiving Party will provide prompt written notice to the Disclosing Party of any unauthorized use or disclosure of the Disclosing Party’s Confidential Information. Upon request of the Disclosing Party during the Term, the Receiving Party will promptly return, or at the Disclosing Party’s option destroy, any or all Confidential Information of the Disclosing Party in the Receiving Party’s possession or under its control.

• 6.3. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided that the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's expense, if the Disclosing Party wishes to contest the access or disclosure.

7. Representations, Warranties, and Disclaimers

• 7.1. Mutual Representations. Each Party represents that: (a) it is duly organized, validly existing, and in good standing under its jurisdiction of organization and has the right to enter into this Agreement; (b) the execution, delivery, and performance of this Agreement are within the corporate powers of such Party and have been duly authorized by all necessary corporate action on the part of such Party, and constitute a valid and binding agreement of such Party; and (c) the execution, delivery and performance of this Agreement does not and will not contravene or conflict with or constitute a default or violation of any terms of any other agreement to which such Party is a party.

• 7.2. Turquoise Warranties. Turquoise warrants to each Customer that: (a) the Service will perform materially in accordance with the applicable Documentation; and (b) Turquoise will perform Professional Services in a professional manner. If Turquoise breaches any of the foregoing warranties in this Section, Customer’s exclusive remedy and Turquoise’s entire liability will be the correction of the breach, or if Turquoise cannot substantially correct the breach within a commercially reasonable amount of time, Customer may terminate this Agreement and Turquoise will refund to Customer any prepaid fees covering the period remaining in the Term after the effective date of such termination.

• 7.3. Customer Warranties. Customer warrants that it has obtained and will maintain all rights, consents, and permissions necessary for Customer to access and use the Service and Turquoise Data, and to make available the Customer Data to Turquoise for its use as contemplated herein. Customer represents and warrants that Customer has been granted a license through the American Medical Association (“AMA”) or is otherwise permitted independently of this Agreement to utilize any Current Procedural Terminology (“CPT”) or related coding data (“CPT Data”) in the manner that Customer is using or accessing the CPT Data, and that Customer is not relying on any license Turquoise may possess in relation to any CPT Data and hereby waives any claim against or claim to indemnification from Turquoise relating to Customer’s receipt, accessing, or use of any CPT Data.

• 7.4. Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES PROVIDED TO THE CUSTOMERS IN SECTION 7.2, THE SERVICE, TURQUOISE DATA, AND ALL RELATED COMPONENTS AND INFORMATION ARE PROVIDED ON AN “AS IS” BASIS WITHOUT ANY WARRANTIES OF ANY KIND, AND TURQUOISE EXPRESSLY DISCLAIMS ANY AND ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. TURQUOISE DOES NOT WARRANT THAT THE SERVICE OR TURQUOISE DATA WILL BE UNINTERRUPTED OR ERROR-FREE. TURQUOISE SPECIFICALLY MAKES NO, AND HEREBY DISCLAIMS ALL, REPRESENTATIONS, WARRANTIES, AND COVENANTS REGARDING, AND ALL LIABILITY FOR, THE ACCURACY, QUALITY, TRUTHFULNESS, COMPLETENESS, OR LEGALITY OF ANY TURQUOISE DATA, OR THAT ANY DATA, INFORMATION, OR MATERIALS THEREIN OR WITHIN THE SERVICE, OR THE RESULTS GENERATED BY THE USE THEREOF, WILL MEET CUSTOMER’S REQUIREMENTS OR ACHIEVE ANY RESULTS. THE SERVICE MAY INCLUDE THE ABILITY TO INTERACT AND CONTRACT WITH OTHER USERS OF THE SERVICE. TURQUOISE HAS NO CONTROL OVER, DOES NOT TAKE PART IN, AND ASSUMES NO RESPONSIBILITY OR LIABILITY FOR, THE INTERACTIONS BETWEEN USERS. WITH REGARD TO CONTRACTS, TURQUOISE IS NOT RESPONSIBLE FOR THE SELECTION OF PATIENTS, PROVIDERS, OR PAYORS, ANY PAYOR COVERAGE OR REIMBURSEMENT DETERMINATIONS, OR ANY PATIENT INJURY RESULTING FROM ANY MEDICAL SERVICE IN CONNECTION WITH THE USE OF THE SERVICE. NOTHING IN THIS AGREEMENT MAY BE CONSTRUED TO MAKE TURQUOISE A PARTY TO A CONTRACT OR TRANSACTION PROCESSED THROUGH THE SERVICE. ALTHOUGH TURQUOISE MAY DESIGNATE CERTAIN PROVIDERS AS “VERIFIED PROVIDERS,” TURQUOISE DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY DATA OR INFORMATION PROVIDED OR NOT PROVIDED BY SUCH PROVIDERS. THE SERVICE MAY INCLUDE THE USE OF ARTIFICIAL INTELLIGENCE WHICH SHALL BE SUBJECT TO THE SUPPLEMENTAL TERMS AVAILABLE ON THE TURQUOISE WEBSITE.

• 7.5. Informational Purposes Only. WHILE TURQUOISE MAY PROVIDE ELECTIVE SERVICE PRICING INFORMATION THROUGH THE SERVICE AND/OR TURQUOISE DATA, SUCH INFORMATION IS SOLELY INFORMATIONAL. THE SERVICE MAY INCLUDE THE ABILITY TO INTERACT AND CONTRACT WITH OTHER USERS OF THE SERVICE. TURQUOISE DOES NOT TAKE PART IN, AND TURQUOISE ASSUMES NO RESPONSIBILITY OR LIABILITY FOR, THE INTERACTION BETWEEN USERS. TURQUOISE DOES NOT HAVE CONTROL OVER THE INTEGRITY OR ANY ACTIONS OR INACTIONS OF ANY USERS OF THE SERVICE. WITH REGARD TO CONTRACTS BETWEEN USERS FOR SPECIFIC PROCEDURES AND RELATED PAYMENT RESPONSIBILITIES, TURQUOISE IS NOT RESPONSIBLE FOR THE SELECTION OF PATIENTS, PROVIDERS, OR PAYORS, ANY PAYOR COVERAGE OR REIMBURSEMENT DETERMINATIONS, OR ANY PATIENT INJURY RESULTING FROM ANY MEDICAL SERVICE IN CONNECTION WITH THE USE OF THE SERVICE OR ANY TURQUOISE DATA. ALTHOUGH TURQUOISE MAY DESIGNATE CERTAIN PROVIDERS AS “VERIFIED PROVIDERS,” TURQUOISE DOES NOT ASSUME ANY RESPONSIBILITY OR LIABILITY FOR ANY DATA OR INFORMATION PROVIDED OR NOT PROVIDED BY SUCH PROVIDERS. NEITHER TURQUOISE NOR ITS AFFILIATES OR LICENSORS IS RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER OF THE SERVICE.

8. Indemnification

• 8.1. Turquoise Indemnification. Turquoise will defend Customer and its Affiliates from and against any lawsuit or proceeding brought by a third party to the extent alleging that Customer’s use of the Service as permitted hereunder infringes or misappropriates such third party’s intellectual property rights, and Turquoise will indemnify Customer and its Affiliates for any damages and any reasonable attorneys’ fees finally awarded against them arising from such lawsuit or proceeding; provided, however, that Turquoise will have no liability under this Section to the extent any such lawsuit or proceeding arises from: (a) Customer Data; (b) Customer’s or any of its Affiliates’ or Authorized Users’ negligence, misconduct, or breach of this Agreement; or (c) any modification or combination of the Service that is not performed or approved by Turquoise or specifically set out in the Documentation.

• 8.2. Customer Indemnification. Customer will defend Turquoise and its Affiliates from and against any lawsuit or proceeding brought by a third party to the extent alleging that any Customer Data infringes, misappropriates, or otherwise violates the rights, including privacy and publicity rights, of any other party, or that Customer’s or any Authorized User’s particular use of the Service violates applicable law, and Customer will indemnify Turquoise and its Affiliates for any damages and any reasonable attorneys’ fees finally awarded against them arising from such lawsuit or proceeding.

• 8.3. Procedures. The indemnified party will provide the indemnifying party with: (a) prompt written notice of any matter that is subject to indemnification hereunder; (b) the right to assume the exclusive defense and control of any such matter (provided that the indemnified party may participate in the defense at its own expense); and (c) cooperation with any reasonable requests assisting the indemnifying party’s defense of such matter. The indemnifying party may not settle any such lawsuit or proceeding without the indemnified party’s prior written consent.

• 8.4. Exclusive Remedy. This Section 8 states the indemnifying party’s sole liability, and the indemnifying party’s exclusive remedy, for any type of claim described in this Section 8.

9. Limitation of Liability

• 9.1. Exclusion of Certain Damages. IN NO EVENT WILL EITHER PARTY HAVE ANY LIABILITY TO THE OTHER PARTY OR TO ANY OTHER PARTY FOR ANY LOST PROFITS OR REVENUES OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, WHETHER OR NOT THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY APPLICABLE LAW.

• 9.2. Liability Cap Applicable to Customers. EXCEPT FOR CUSTOMER’S LIABILITY FOR ITS PAYMENT OBLIGATIONS UNDER SECTION 4, OR CUSTOMER’S LIABILITY FOR ITS INDEMNIFICATION OBLIGATIONS UNDER SECTION 8, OR CUSTOMER’S LIABILITY FOR ITS BREACH OF ITS CONFIDENTIALITY OBLIGATIONS UNDER SECTION 6, OR CUSTOMER’S LIABILITY FOR ITS WILLFUL MISCONDUCT, IN NO EVENT WILL CUSTOMER’S AGGREGATE LIABILITY RELATING TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY CUSTOMER TO TURQUOISE HEREUNDER IN THE 12 MONTHS PRECEDING THE DATE ON WHICH THE FIRST CLAIM GIVING RISE TO LIABILITY AROSE. MULTIPLE CLAIMS WILL NOT ENLARGE THIS LIMITATION.

• 9.3. Liability Cap Applicable to Turquoise. EXCEPT FOR TURQUOISE’S LIABILITY FOR ITS WILLFUL MISCONDUCT, IN NO EVENT WILL TURQUOISE’S AGGREGATE LIABILITY RELATING TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT ACTUALLY PAID BY CUSTOMER TO TURQUOISE HEREUNDER IN THE 12 MONTHS PRECEDING THE DATE ON WHICH THE FIRST CLAIM GIVING RISE TO LIABILITY AROSE. MULTIPLE CLAIMS WILL NOT ENLARGE THIS LIMITATION.

• 9.4. Scope. For the avoidance of doubt, the exclusions and limitations set forth in Section 9.1, Section 9.2, or Section 9.3 will apply with respect to all legal theories of liability, whether in contract, tort, or otherwise. The Parties agree that the exclusions and limitations set forth in Section 9.1, Section 9.2 and Section 9.3 allocate the risks between the Parties under this Agreement, and that they have relied on these exclusions and limitations in determining whether to enter into this Agreement.

10. Term, Termination, and Suspension

• 10.1. Term of the Agreement for Customers. For Customers the term of this Agreement commences on the effective date set forth in the Order and, unless earlier terminated in accordance with the terms of this Agreement, will continue for the “Initial Term” specified in the Order (the “Initial Term”). Thereafter, this Agreement may renew for successive additional periods of 1 year each (each, a “Renewal Term”) upon prior written approval by both Parties. The Initial Term and each Renewal Term, if any, are collectively referred to herein as the “Term.”

• 10.2. Termination for Cause. Turquoise or Customer may terminate this Agreement effective after 30 days’ written notice if the other Party materially breaches this Agreement and such breach is not cured within such 30-day period. Upon any termination for cause by Customer, Turquoise will promptly refund Customer any prepaid fees covering the period remaining in the Term after the effective date of such termination. Upon any termination for cause by Turquoise, Customer will promptly pay Turquoise any unpaid fees covering the period remaining in the Term after the effective date of such termination.

• 10.3. Suspension. Turquoise may suspend Customer’s or any or all Authorized Users’ access to the Service, in whole in part, if: (a) Customer or any Authorized User is using the Service in violation of this Agreement or any applicable law; (b) Customer’s or any Authorized Users’ systems or accounts have been compromised or unlawfully accessed; (c) suspension of the Service is necessary, in Turquoise’s reasonable discretion, to protect the security of the Service or the infrastructure of Turquoise or its Affiliates; (d) suspension is required by applicable law; or (e) any fees owed by Customer (excluding amounts disputed in reasonable and good faith) are 30 days or more overdue, provided Turquoise has given Customer 10 or more days’ prior notice.

• 10.4. Effects of Termination. In no event will any termination of this Agreement relieve Customer of its obligation to pay any fees payable to Turquoise for the period of time prior to the effective date of such termination. Upon any termination of this Agreement, Customer and all Authorized Users must immediately cease all use of the Service (including all Turquoise Data). For a period of 30 days following any termination of this Agreement, Turquoise will, upon Customer’s request, provide Customer with an export of all current Customer Data in the format agreed by the Parties. After such 30-day period, Turquoise will have no obligation to maintain or provide any Customer Customer Data and Turquoise will, unless prohibited by applicable law, delete all Customer Customer Data in its systems or otherwise in its possession or under its control in accordance with Turquoise’s then-current data retention and deletion policies. Subject to this Section and the Business Associate Agreement, if applicable, upon any termination of this Agreement and the Disclosing Party’s request, the Receiving Party will promptly return, or at the Disclosing Party’s option destroy, any or all Confidential Information of the Disclosing Party in the Receiving Party’s possession or under its control.

• 10.7. Survival. The sections titled “Protection of Customer Data,” “Turquoise Data Restrictions,” “Fees,” “Proprietary Rights,” “Confidentiality,” “Indemnification,” “Limitation of Liability,” “Termination for Cause,” “Effects of Termination,” “Survival,” and “General Provisions” will survive any termination of this Agreement.

11. General Provisions

• 11.1. Attribution. Customer agrees that Turquoise may use Customer’s name, logo, and any other trademarks or service marks provided to Turquoise by Customer (“Customer Marks”) in connection with Customer’s use of the Service and to indicate that Customer is a customer of Turquoise for the Service on Turquoise’s website, marketing materials, and in communications with existing or prospective Turquoise customers. Any such attribution will be consistent with Customer’s reasonable style guidelines or requirements as communicated to Turquoise by Customer. Customer retains ownership of all Customer Marks and hereby grants Turquoise a non-exclusive license during the Term to use the Customer Marks for the purpose of exercising Turquoise’s rights under this Section.

• 11.2. No endorsement. Nothing in this Agreement constitutes or may be construed as permission to assert or imply that Customer is, or that Customer’s use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, Turquoise.

• 11.3. Force Majeure. Except for payment obligations, neither Party will be liable hereunder by reason of any failure or delay in the performance of its obligations due to events beyond the reasonable control of such Party, which may include natural disasters, fires, epidemics, pandemics, riots, war, terrorism, denial of service attacks, internet outages, labor shortages, and judicial or government action.

• 11.4. Assignment. Neither Party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the prior written consent of the other Party. Notwithstanding the foregoing, either Party may assign or transfer this Agreement in its entirety, without the consent of the other Party, in connection with a merger or sale of all or substantially all of its assets. Any purported assignment in violation of this Section will be null and void. This Agreement will bind and inure to the benefit of the Parties, their respective successors, and permitted assigns.

• 11.5. Governing Law; Venue. This Agreement, and any disputes arising out of or related hereto, will be governed exclusively by the internal laws of the State of California, without regard to its conflicts of laws rules or the United Nations Convention on the International Sale of Goods. The state and federal courts located in San Diego, California will have exclusive jurisdiction to adjudicate any dispute arising out of or relating to this Agreement.

• 11.6. Arbitration. The parties agree that all controversies, claims or disputes with anyone (including Customer and any employee, officer, director, shareholder or benefit plan of Customer) arising out of, relating to or resulting from Turquoise’s performance of the services under this Agreement or the termination of this Agreement, including but not limited to any material breach of this Agreement, shall be subject to binding arbitration. Customer may not under any circumstances commence or maintain against Turquoise any class action, class arbitration, or other representative action or proceeding. While arbitration is a faster, less costly, and less publicized avenue for resolving disputes, you should know that in agreeing to arbitration, you are waiving your right to a trial by jury. Such arbitration shall be conducted in accordance with procedures established by the American Arbitration Association. The decision of the arbitrator(s) shall be final and binding on the parties. Judgment on any arbitration award may be entered in accordance with the provisions of the Uniform Arbitration Act and pursuant to the laws of the State of California (the “Rules”).

• 11.7. Notices. All notices under this Agreement will be in writing addressed to the Parties at the addresses set forth on the Order and will be deemed to have been duly given: (a) upon receipt if personally delivered or sent by priority, certified or registered mail with a tracking mechanism; and (b) the first business day after sending by email or by a recognized delivery service.

• 11.8. Relationship of the Parties; Third Party Beneficiaries. The Parties are independent contractors and this Agreement does not create a partnership, franchise, joint venture, agency, fiduciary, or employment relationship between the Parties. There are no third party beneficiaries to this Agreement.

• 11.9. Waiver. No failure or delay by either Party in exercising any right under this Agreement will constitute a waiver of that right.

• 11.10. Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, such provision will be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by law, and the remaining provisions of this Agreement will remain in full force and effect.

• 11.11. Entire Agreement. This Agreement, including any addenda hereto and all Orders, together with the Business Associate Agreement, if applicable, constitutes the entire agreement between the Parties and supersedes all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning Customer’s purchase and use of the Service (including the Turquoise Data) and any Professional Services. No modification, amendment, or waiver of any provision of this Agreement will be effective unless in writing and signed by each of the Parties. To the extent of any conflict or inconsistency between the provisions in the body of this Agreement and any addendum hereto or any Order, the terms of such addendum or Order will prevail. For the avoidance of doubt, in the event of a conflict between this Agreement and the Business Associate Agreement associated with the use or disclosure of PHI, the terms of the Business Associate Agreement shall govern and control. Notwithstanding any language to the contrary therein, no terms or conditions stated in any Customer purchase order or other Customer order documentation (excluding Orders) will be incorporated into or form any part of this Agreement, and all such terms or conditions will be null and void. As used herein, the words “include” and “including” shall be deemed to be followed by the words “without limitation.”

Contact Us

If you have any questions about these Terms and Conditions, You can contact us:

• By email: [email protected]