SUBSCRIPTION AGREEMENT

Last Updated: September 15, 2023

This Subscription Agreement (“Agreement”) is accepted as of the Effective Date for a subscription to the Service(s) and for the Term defined in the applicable Order From between Vetspire, LLC (“Company”) and Customer. This Agreement governs the applicable Order Form and contains, among other things, warranty disclaimers, liability limitations and use limitations.  There shall be no force or effect to any different terms of any related purchase order or similar form issued by Customer except where specified in an Order Form signed by the parties.  Capitalized terms that are used in this Agreement but not defined herein shall have the meanings set forth in the Order Form.

1. SERVICES AND SUPPORT

1.1Subject to the terms of this Agreement, Company will use commercially reasonable efforts to provide Customer the veterinary practice management platform known as Vetspire, as well as ancillary and related services (including professional services), as more fully described on the Order Form (collectively, the “Services”) in accordance with this Agreement. As part of the registration process, Customer will identify an administrative username and password for Customer’s Company account.  Company reserves the right to refuse registration of or cancel passwords it deems inappropriate.  Company has the right to make changes to the Services if such changes do not materially lessen the Service’s functionality, and Company may provide additional terms that apply to Customer’s use of updates or new features.

1.2 The Order Form will set forth the Services selected by Customer. Monthly subscription fees are charged on a per doctor basis, excluding any doctor that works less than ten (10) shifts in a calendar month (i.e. temporary/relief doctors). Certain Services functionality is automatically available and incurs a fee per use (e.g. texting and faxes) at the then applicable rates. Customer must select an implementation services tier, which will be stated on the Order Form (the “Implementation Services”). Customer may elect for Company to perform data migration and/or conversion of existing medical record files from Customer’s existing legacy practice management system (the “Legacy PIMS”) into the Vetspire platform (the “Migration Services”), which if elected, will be stated on the Order Form. Customer may also elect to enable other functionality within the Services (e.g. booking tool), as specified on the Order Form and at the then applicable pricing.

1.3Subject to the terms hereof, during the term of a subscription to the Services, Company will provide Customer with reasonable technical support in accordance with the Support Program set forth in Exhibit B.

1.4If the Services are provided for evaluation purposes (“Evaluation Trial”), Customer shall not use the Evaluation Trial for production use. The Evaluation Trial shall terminate on the end date of the pre-determined evaluation period or immediately upon notice from Company in its sole discretion. Notwithstanding any other provision contained herein, the Evaluation Trial services are provided “AS IS” without indemnification, support, or warranty of any kind, express or implied. Except to the extent such terms conflict with this Section, all other terms of this Agreement shall apply to the Evaluation Trial.

1.5 Company will use commercially reasonable efforts to provide the Implementation Services selected by Customer. Company will evaluate Customer’s Legacy PIMS prior to the Effective Date and inform Customer whether Company is able to migrate Customer data to the Vetspire platform. If Customer elects to receive Migration Services, Company will use commercially reasonable efforts to provide the Migration Services. Customer acknowledges and agrees that conversion may not be possible or may be limited and that some or all of Customer’s existing data may not be accessible through the Service after conversion. Company’s conversion of Customer data from the Customer's Legacy PIMS is at Customer’s sole risk. Customer is responsible for assessing this risk and backing up its Legacy PIMS data. Data quality, reconciliation, and validation are Customer’s sole responsibility.

1.6Customer expressly acknowledges and holds Company harmless for any loss of data from the Data Migration Services. Customer also acknowledges and agrees that Company may use third parties to perform some or all of the Data Migration and/or Implementation Services, which may involve such third parties accessing Customer’s data. Customer further acknowledges and agrees that Company’s provision of the Implementation Services will be contingent on Customer’s participation and providing appropriate guidance, resources, and decisions for set-up. 

2. RESTRICTIONS AND RESPONSIBILITIES

2.1Customer will not, directly or indirectly: reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software or data related to the Services (“Software”) or the documentation for the Software or Services (“Documentation”); modify, translate, or create derivative works based on the Services or any Software except to the extent expressly permitted by Company or authorized within the Services; use the Services or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third party; remove any proprietary notices or labels; or attach or integrate any third party equipment, interfaces or applications to the Service that have not been tested and approved in advance by Company. Customer is solely responsible for its use of any such third party equipment, interfaces and/or applications and shall indemnify, defend and hold harmless Company from any third party claims relating to or arising from such third party equipment, interfaces or applications.  With respect to any Software that is distributed or provided to Customer for use on Customer premises or devices, Company hereby grants Customer a non-exclusive, non-transferable, non-sublicensable license to use such Software during the Term only and only in connection with the Services.

2.2 Customer is responsible for all export of the Services outside of the United States in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign agency or authority.  As defined in FAR section 2.101, the Software and documentation are “commercial items” and according to DFAR section 252.227-7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation.” Consistent with DFAR section 227.7202 and FAR section 12.212, any use modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the terms of this Agreement.

2.3Customer represents, covenants, and warrants that Customer’s use the Services and Customer Data will be in compliance with this Agreement, Company’s standard published policies then in effect, and all applicable laws, regulations, and/or applicable standards (e.g. the PCI Data Security Standard) (collectively “Applicable Laws”, and individually, “Applicable Law”). Customer hereby agrees to indemnify, defend, and hold harmless Company against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from an alleged violation of the foregoing or otherwise from Customer’s use of Services or the Customer Data. Although Company has no obligation to monitor Customer’s use of the Services, Company may do so and may prohibit any use of the Services it believes may be (or may be alleged to be) in violation of the foregoing.

2.4Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). 

2.5As part of the platform, Customer will be able to access its data through an application programming interface (“API”). This API will be made available as a GraphQL interface. The API will be subject to limits imposed by Company to preserve the functionality of the Services and may be subject to additional rates if such limits are exceeded. If no limit is set forth in Customer’s Order Form, Company reserves the right to suspend Services where Customer’s API calls are impacting the functionality of the Services and thereafter establish limits. These limits will be subject to change at the Company's sole discretion from time to time. The Company also reserves the right to suspend or terminate API access from Customer if such use of the API poses a risk or danger to the platform, other customers' use of the platform, or any other risk to the

2.6As part of the platform, the Services include mobile messaging capabilities, including the ability to send transactional and marketing messages (the "SMS Services"). To the extent that Customer utilizes the SMS Services, the SMS Specific Terms, attached hereto as Exhibit C and incorporated herein by this reference, apply.

3. CONFIDENTIALITY; PROPRIETARY RIGHTS

3.1Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business (hereinafter referred to as “Proprietary Information” of the Disclosing Party).  Proprietary Information of Company includes non-public information regarding features, functionality and performance of the Service.  Proprietary Information of Customer includes non-public data provided by Customer to Company to enable the provision of the Services (“Customer Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Proprietary Information, (ii) to only use the Disclosing Party’s Proprietary Data to exercise the Receiving Party’s rights or perform its obligations hereunder and (iii)  not to disclose the Disclosing Party's Proprietary Information to any person or entity, except to the Receiving Party's employees, agents, subcontractors, service providers or affiliates who have a need to know and/or use the Proprietary Information for the Receiving Party to exercise its rights or perform its obligations hereunder and who are required to protect the Proprietary Information in a manner no less stringent than required under this Agreement. The Disclosing Party agrees that the foregoing shall not apply with respect to any information other than personally identifiable Customer Data after five (5) years following the expiration or termination of the  subscription hereunder or any information that the Receiving Party can document (a) is or becomes generally available to the public, or (b) was in its possession or known by it prior to receipt from the Disclosing Party, or (c) was rightfully disclosed to it without restriction by a third party, or (d) was independently developed without use of any Proprietary Information of the Disclosing Party or (e) is required to be disclosed by law.  For the avoidance of doubt, Customer acknowledges and agrees that Company may need to share data (including certain Customer Data) with third parties for purposes of fulfilling Company’s rights and obligations under this Agreement, including for billing, accounting, invoicing and platform monitoring and improvement purposes. The confidentiality provisions of the Agreement shall otherwise apply in full force and effect for any such disclosure. 

3.2Customer shall own all right, title and interest in and to the Customer Data. Company shall own and retain all right, title and interest in and to (a) the Services and Software, all improvements, enhancements or modifications thereto (even if Customer pays fees for improvements or enhancements to the Services or Software, (b) any software, applications, inventions or other technology developed in connection with implementation services or support, (c) any medical research developed using the Services or Software, and (c) all intellectual property rights related to any of the foregoing.

3.3Subject to the terms and conditions of this Agreement, Customer grants to Company the non-exclusive, nontransferable worldwide right to copy, store, record, transmit, display, view, print, analyze, or otherwise use (a) Customer Data to the extent necessary to provide the Services to Customer and/or monitor Customer’s use of the Services, (b) any trademarks that Customer provides Company for the purpose of including them in Customer’s user interface of the Service or on any print materials generated by the Software, (c) De-Identified Customer Data (as defined below) about Customer’s use of the Services to improve and enhance the Services, and (d) De-Identified Customer Data (defined below) for purposes of Company or its licensors performing medical, veterinary, or pharmaceutical research, or for the development and research of artificial intelligence. Customer acknowledges that Company shall own and retain all right, title, and interest in and to the Services or commercial endeavors resulting from such use of the Customer’s Data. “De-Identified Customer Data” means personal, health, or usage information from which all identifiers that could reasonably be anticipated to identify an individual by an anticipated recipient - such as individual's name, contact information, or government identifiers - have been removed. 

3.4Any suggestions, enhancement requests, suggestions, recommendations or other feedback to Customer related to improvement or future features of the Service (“Feedback”) are offered voluntarily, and Customer acknowledges that Company may have similar development ideas to the Feedback, the Feedback is not confidential or proprietary information of Customer or any third party, and Company shall have an unlimited right to use and/or incorporate such Feedback into the Services without any obligations or compensation to Customer.

3.5Customer understands that the technical processing and transmission of Customer’s electronic communications is fundamentally necessary to Customer’s use of the Service.  Customer agrees that Company is not responsible for any electronic communications and/or Customer Data that are lost, altered, intercepted or stored without authorization during the transmission of any data whatsoever across networks not owned and/or operated by Company.

3.6Customer represents and warrants that its use of the Service and all Customer Data will comply with applicable law, including laws relating to the maintenance of the privacy, security, and confidentiality of patient and other health information. Customer will ensure that any use of the Service by Customer’s Users is in accordance with the terms of this Agreement. Customer agrees to notify Company immediately of any unauthorized use of any password or account or any other known or suspected breach of security or any known or suspected distribution of Customer Data.

3.7Neither Company’s grant of the rights or licenses hereunder nor its performance of any Services or other obligations under this Agreement conflict with or violate any applicable law, including any law relating to data privacy, data security, or Personal Information. “Personal Information” means information relating to an identified or identifiable natural person and (if and as applicable) a household.

3.8This Section 3 will supersede and terminate any separately signed non-disclosure agreement by and between the parties governing preliminary confidential discussions regarding the Services.

4. PAYMENT OF FEES

4.1Customer will pay Company the fees set forth on the Order Form for the Services in accordance with the terms therein (the “Fees”).  If the Order Form fails to specify, all Fees are due net thirty (30) days of an invoice.   Company reserves the right to change the monthly subscription Fees and to institute new charges and Fees at the end of the Initial Service Term or then-current renewal term, upon thirty (30) days prior notice to Customer (which may be sent by email). Company may update any other Fees (e.g. texting rates) at any time during the Term, effective upon notice to Customer. If Customer believes in good faith that Company has billed Customer incorrectly, Customer must contact Company no later than 60 days after the closing date on the first billing statement in which the error or problem appeared in order to receive an adjustment or credit.  Inquiries should be directed to Company’s customer support department. All fees are otherwise nonrefundable.

4.2Company may choose to bill through an invoice (as indicated in an Order Form), in which case, full payment for invoices issued in any given month must be received by Company thirty (30) days after the later of the date of the of the invoice or Customer’s receipt of the invoice.  Unpaid amounts are subject to a finance charge of 1.5% per month on any outstanding balance, or the maximum permitted by law, whichever is lower, plus all expenses of collection and may result in immediate termination of Service. Customer shall be responsible for all taxes associated with Services other than U.S. taxes based on Company’s net income. 

4.3 Customer may be required to create an account with a third party payment vendor specified by Company in order for Customer to utilize certain features or functionality of the Services (e.g. Wellness Plans) and/or to facilitate a systems integration requested by Customer. If Customer creates an account with the payment vendor specified by Company, Customer hereby authorizes Company to access Customer’s payment vendor account to the extent necessary to: (1) facilitate the associated integrations, features and/or functionality, (2) deduct fees owed to Company for providing the associated Services, and/or (3) as otherwise reasonably necessary to provide the Services.

5. TERM AND TERMINATION

5.1Subject to earlier termination as provided below, this Agreement begins on the Effective Date and continues until the end of the Initial Service Term, as specified in the Order Form  The term shall be automatically renewed for additional periods of the same duration as the Initial Service Term (each, a “Renewal Term;” collectively, the Initial Service Term and any Renewal term, the “Term”), unless either party requests termination at least thirty (30) days prior to the end of the then-current term.  The Initial Service Term begins on the earlier of (a) completion of the Implementation Services and Migration Services (if any) or (b) thirty weeks from the Effective Date. Customer is liable for minimum monthly subscription Fees and other Fees and charges set forth on the Order form, even if Customer requests early termination or ceases to use the Service during the Term. Service Fees are non-refundable and non-cancellable, regardless of the frequency of billing.

5.2In addition to any other remedies it may have, either party may also terminate this Agreement upon thirty (30) days’ notice (or without notice in the case of nonpayment), if the other party materially breaches any of the terms or conditions of this Agreement and the breaching party does not cure within thirty (30) days.  

5.3Upon any termination, Company will make all Customer Data available to Customer for electronic retrieval for a period of thirty (30) days, but thereafter Company may, but is not obligated to, delete stored Customer Data. All sections of this Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, governing law, indemnity and limitations of liability.

6. Data Protection

6.1Data Privacy. Some of the Customer Data may include Personal Information. To the extent Customer Data includes Personal Information, Company acknowledges and agrees that (a) Company is a processor/service provider, as applicable and as defined by Applicable Law, of such Personal Information and (b) Customer is a controller/business of such Personal Information.  Company further agrees that it is acting as Customer’s “service provider” as that term is defined in California Civil Code section 1789.140(v).  To the extent both Parties control the purposes and means of processing the Personal Information, they will do so independently. Company may only use Personal Information it obtains from, on behalf of, or in the course of performing the Services for Customer, to perform the Services for Customer, in accordance with Applicable Law and this Agreement.  The Parties will comply with their obligations under Applicable Law with respect to such Personal Information.  The Parties will execute and comply with the terms of Company’s data processing addendum set forth in Exhibit D. The Parties acknowledge and agree that each Party will provide for all applicable notices and/or obtain all consents and authorizations required of that Party under Applicable Law to enable the collection, transfer, and processing between the Parties of Personal Information in connection with the provision of the Services.

6.2Data Security. Company will take commercially reasonable precautions, including, without limitation, technical (g., firewalls and data encryption), organizational, administrative, and physical measures, to help safeguard Customer Data against unauthorized use, disclosure, or modification. Customer must protect all applications or devices using commercially reasonable security measures. Customer is solely responsible to keep all user identifications and passwords secure. Customer must monitor use of the Services for possible unlawful or fraudulent use. Customer must notify Company immediately if Customer becomes aware or has reason to believe that the Services are being used fraudulently or without authorization by any end user or third party. Failure to notify Company may result in the suspension or termination of the Services and additional charges to Customer resulting from such use. Company will not be liable for any charges resulting from unauthorized use of Customer’s Account.

6.3Data Subject Requests. It is the Customer’s responsibility to respond to any data subject request involving Customer Data. Some of the Company Services may provide direct technical means to enable Customer to fulfil its duties to respond to requests from data subjects under applicable data protection laws. If Customer is unable to address the data subject's request through such technical means, or where such functionality is not available, Company shall, taking into account the nature of the processing, provide reasonable assistance to Customer, to enable Customer to respond to such data subject requests. In the event that such request is made directly to Company, Company shall promptly direct the data subject to contact the Customer and will use commercially reasonable efforts to notify Customer. Company is not responsible for data subject requests received that pertain to Customer Data unless otherwise required by applicable law.

6.4Other Customer Obligations and Responsibilities.

1. Customer shall be responsible for maintaining the security of the Equipment, Customer’s account, passwords (including but not limited to administrative and user passwords) and files, for all uses of Customer’s account or the Equipment with or without Customer’s knowledge or consent.
2. Customer will maintain appropriate security with regard to all personnel, systems, and administrative processes used by it to transmit, store and process Customer Data through the use of the Services. Furthermore, it is Customer’s responsibility to (i) create, monitor and manage each authorized user’s access rights to the Service and (ii) implement safeguards and processes that authorized users submit payment card information, personal information and other confidential information into the Service solely via designated fields or channels.
3. Customer and each authorized user may only access a person’s personal information contained in the Service if such person (i) has an appointment at an applicable location, (ii) previously had an appointment at an applicable location, (iii) is interested in modifying or confirming an appointment, (iv) in support of wellness plans or (v) requests modification or updating of such person’s account.  In all such cases, Customer may only use such person’s Personally Identifiable Information contained in the Service for the purposes of supporting the foregoing activities (6.4(c)(i)-(v).  All other access to Personally Identifiable Information is strictly prohibited.  “Personally Identifiable Information” includes but is not limited to: name, address, telephone number, credit card number, membership number, driver’s license or other government ID number
4. Section 6 shall survive termination of this Agreement and each Party shall remain responsible for complying with all Applicable Laws related to the use, storage, and disclosure of Personal Information for as long as the Party retains such information or as long as required by Applicable Law, whichever is longer.

7. LIMITED WARRANTY

Company warrants that the Services shall operate in accordance with service level agreement set forth in Exhibit A. Professional Services will be provided in a good and workmanlike manner in accordance with the standards of service expected of professional services firms that provide services similar to the professional Services. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption.  Scheduled maintenance will be targeted during the periods of lowest anticipated usage, and Company will provide Customer with at least twenty-four (24) hours advance notice of scheduled maintenance.  Customer’s remedies for breach of this warranty are described in the SLA.

 COMPANY DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICES AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND COMPANY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

8. INDEMNITY

Company shall defend and hold Customer harmless  against any third party claim against Customer that its use of the Service made available for a fee infringes any United States patent or copyright or misappropriates a trade secret, provided Company is promptly notified of any and all threats, claims and proceedings related thereto and given reasonable assistance and the opportunity to assume sole control over defense and settlement. Company will not be responsible for any settlement it does not approve in writing.  The obligations set forth herein do not apply with respect to portions or components of the Service (i) not supplied by Company, (ii) made in whole or in part in accordance with Customer specifications, (iii) that are modified after delivery by Company, (iv) combined with other products, processes or materials where the alleged infringement relates to such combination, (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) where Customer’s use of the Service is not strictly in accordance with this Agreement.  If, due to a claim of infringement, the Services are held by a court of competent jurisdiction to be or are believed by Company to be infringing, Company may, at its option and expense (A) replace or modify the Service to be non-infringing provided that such modification or replacement contains substantially similar features and functionality, (B) obtain for Customer a license to continue using the Service, or (C) if neither of the foregoing is commercially practicable, terminate this Agreement and Customer’s rights hereunder and provide Customer a refund of any prepaid, unused fees for the Service.

9. LIMITATION OF LIABILITY

IN NO EVENT SHALL EITHER PARTY OR THEIR RESPECTIVE OFFICERS, DIRECTORS, PARTNERS OR EMPLOYEES, BE LIABLE TO THE OTHER PARTY FOR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, RELIANCE OR SPECIAL DAMAGES, OR ANY LOSS OF USE, DATA OR, BUSINESS, PROFITS, ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE UNDER THIS AGREEMENT; REGARDLESS OF THE FORM OF THE ACTION OR CLAIM AND REGARDLESS OF WHETHER THE ACTION OR CLAIM IS BASED ON ANY ALLEGED ACT OR OMISSION OF THE THIRD PARTY LICENSOR (OR ITS SUPPLIERS), INCLUDING BUT NOT LIMITED TO ANY ACTION BASED ON CONTRACT, TORT, NEGLIGENCE, BREACH OF WARRANTY, STRICT LIABILITY OR OTHERWISE, EVEN IF THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE AGGREGATE LIABILITY OF COMPANY AND ITS AFFILIATES, DIRECTORS, EMPLOYEES, AND AGENTS, AND THE SOLE REMEDY AVAILABLE FOR ANY CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT OR  THE SERVICES, PROVIDED HEREUNDER SHALL BE LIMITED TO TERMINATION OF THIS AGREEMENT AND DAMAGES NOT TO EXCEED THE TOTAL AMOUNT PAID OR PAYABLE TO COMPANY UNDER THIS AGREEMENT DURING THE TWELVE MONTHS PRIOR THE CAUSE OF ACTION GIVING RISE TO SUCH LIABILITY.

COMPANY IS NOT ENGAGED IN THE PRACTICE OF VETERINARY MEDICINE. THE CUSTOMER ACKNOWLEDGES THAT THE COMPANY SERVICE DOES NOT TAKE INTO ACCOUNT THE UNIQUE NATURE OF A PATIENT ENCOUNTER. USE OF THE COMPANY SERVICE DOES NOT ABSOLVE THE CUSTOMER OF ITS PROFESSIONAL OBLIGATIONS TO EXERCISE INDEPENDENT MEDICAL JUDGMENT IN RENDERING VETERINARY CARE SERVICES TO PATIENTS (INCLUDING BILLING, CODING AND COMPLIANCE), AND SUCH OBLIGATIONS LIE SOLELY WITH THE CUSTOMER. THE CUSTOMER ACKNOWLEDGES THAT THE COMPANY SERVICE IS NOT A SUBSTITUTE FOR THE CARE PROVIDED BY LICENSED VETERINARY CARE PRACTITIONERS.  COMPANY UNDERTAKES NO OBLIGATION TO SUPPLEMENT OR UPDATE CONTENT OF THE COMPANY SERVICE. THE COMPANY SERVICE DOES NOT ENDORSE DRUGS, DIAGNOSE PATIENTS, OR RECOMMEND THERAPY. THE COMPANY SERVICE IS AN INFORMATIONAL RESOURCE DESIGNED TO ASSIST LICENSED VETERINARY CARE PRACTITIONERS IN DOCUMENTING THE CARE OF THEIR PATIENTS. THE INFORMATION CONTAINED WITHIN THE COMPANY SERVICE IS INTENDED FOR USE ONLY BY CLINICIANS AND OTHER VETERINARY CARE PROFESSIONALS WHO SHOULD RELY ON THEIR CLINICAL DISCRETION AND JUDGMENT IN DIAGNOSIS AND TREATMENT. CUSTOMER FURTHER ACKNOWLEDGES THAT CUSTOMER IS SOLELY RESPONSIBLE FOR THE COMPLIANCE WITH ANY DATA COLLECTION, DISCLOSURE, AND RETENTION OBLIGATIONS.

10. MISCELLANEOUS

Notwithstanding anything to the contrary in this Agreement, Company may monitor Customer's use of the Services and collect and compile data and information related to Customer's use of the Services in and to the extent permitted under applicable law, including, without limitation, to monitor and/or review Customer’s use of the Services in order to establish whether Company’s usage is in accordance with this Agreement. All such monitoring shall be subject to any applicable confidentiality restrictions set forth in this Agreement. If Company determines that Customer’s usage of the Service exceeds the usage permitted by the Agreement, Customer shall pay to Company all fees due for such excess usage of the Service, plus any reasonable costs incurred by Company in verifying usage compliance, within thirty (30) days of the date of written notification of the compliance verification results. If any provision of this Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.  Neither party shall assign any of its rights, interests or obligations under this Agreement, without the other party’s prior written consent; provided, however, that Company may assign its rights or delegate its obligations, in whole or in part, without such consent, to an entity that is an affiliate or acquires all or substantially all of the business or assets of such party to which this Agreement pertains, whether by merger, reorganization, acquisition, sale or otherwise. Customer agrees that Company may list Customer on its customer list, use its name and logo for marketing purposes, and issue a mutually agreed press release regarding the parties working together.  This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of this Agreement, and all waivers, amendments.  Company may make modifications to this Agreement by posting the updated agreement on its website, and Customer, by its continued use of the Service after the updated terms have been posted, assets to such terms. No agency, partnership, joint venture, or employment is created as a result of this Agreement and neither party has any authority of any kind to bind the other party in any respect whatsoever.  In any action or proceeding to enforce rights under this Agreement, the prevailing party will be entitled to recover costs and attorneys’ fees.  All notices under this Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested.  This Agreement may be executed and delivered, including by way of electronic signature (PDF formats included) in counterparts,  each of which shall be deemed an original, but all of which together shall constitute one and the same instrument. Company shall not be responsible for any delay or failure to provide the Service or any associated services, in whole or in part, due to the following factors as they affect Company, its licensors, agents or representatives or the Service: federal, state or municipal action or regulation; strikes or other labor troubles; fire; damage; delay in transportation; shortages of raw materials, labor, fuel or supplies; sabotage; insurrection, riot or other acts of civil disobedience or public enemy; and failures or interruptions in Internet service or other communication failures (collectively, a “Force Majeure Event”). This Agreement shall be governed by the laws of the State of Delaware without regard to its conflict of laws provisions.

EXHIBIT A

Service Level Terms

The Services shall be available 99.9%, measured monthly, excluding scheduled maintenance. Any downtime calculation will exclude periods affected by such maintenance.  Further, any downtime resulting from (a) outages of third party connections, (b) failure of Customer’s equipment, services, or other technology utilities need for use of the Services, (c) by reason of Customer’s acts, omissions, or misuse of the Services in violation of this Agreement, (d) a Force Majeure Event, or (e) other reasons beyond Company’s control will also be excluded from any such calculation.

Customer’s sole and exclusive remedy, and Company’s entire liability, in connection with Service availability shall be that for each period of downtime lasting longer than one hour, Customer may request from Company a credit of 5% of Service fees for each period of 60 or more consecutive minutes of downtime; provided that no more than one such credit will accrue per day and a maximum of 25% of month’s fees per calendar quarter.  Downtime shall begin to accrue as soon as Customer (with notice to Company) recognizes that downtime is taking place and continues until the availability of the Services is restored, unless the cause of such downtime is an exclusion from the calculation.  To receive downtime credit, Customer must notify Company in writing within 30 days from the time of confirmed downtime, and failure to provide such notice will forfeit the right to receive downtime credit.  Such credits may not be redeemed for cash.   Service credits will only be issued to Customers with no outstanding invoices, expire upon termination of this Agreement or expiration of a Service that is not renewed.  Service credits  may be used against future Service fees only. Unused Services Credits are forfeited. Service credits are the sole and exclusive remedy for any failure by Company to meet any obligations in this SLA.

EXHIBIT B

Support Policy

This Support policy sets for the target timing and procedures for response by Company’s technical support team to issues with the Services that affect Customer’s access to and/or use of the Services described below (“Errors”).

The following table sets forth Company’s target response times for Error by severity designations.  Technical support will be available via in-app chat support during normal business hours defined as between 9:00am and 5:00pm Central Time Monday through Friday.

Upon Company determination of the Severity Level of an Error, Company will use commercially reasonable efforts to provide an initial response to Customer within the applicable Target Initial Response Time indicated above.  Thereafter, Company will provide Customer with periodic reports on the status of corrections.

Exhibit C

SMS Specific Terms

1. Customer understands and agrees that all messages it sends via the SMS Services will be sent, and certifies that any subscriber list Customer decides to import into the Services was collected, in compliance with all applicable federal, provincial, state, and local laws, regulations, and rules governing SMS messages, advertising, and telemarketing, including, without limitation, Section 5 of the FTC Act (15 U.S.C. § 45), the CAN-SPAM Act (15 U.S.C. §§ 7701-7713), the Telemarketing Consumer Fraud and Abuse Prevention Act (15 U.S.C. §§ 6101-6108), the Federal Trade Commission Telemarketing Sales Rule (16 C.F.R. § 310 et seq.), the Telephone Consumer Protection Act (47 U.S.C. §§ 227), the Federal Communications Commission regulations (47 C.F.R. 64.1200 et seq.) and orders implementing the Telephone Consumer Protection Act, all federal and state Do Not Call and calling-time restriction laws and regulations, and, as applicable for SMS to Canadian numbers, the CRTC’s Unsolicited Telecommunications Rules, including the CRTC Telemarketing Rules, National DNCL Rules, and Automatic Dialing and Announcing Device Rules, Telecom Decision CRTC 2007-48, as amended.; and all applicable industry guidelines and best practices, including, without limitation, the CTIA Short Code Monitoring Handbook and Messaging Principles and Best Practices (collectively, “Applicable Message Requirements”). Company provides the software and carrier-connectivity through which Customer sends messages via a third party (currently Twillio); Customer is solely and exclusively responsible for complying with Applicable Message Requirements (and shall defend and indemnify Company from any claims in which it is alleged that Customer failed to do so). If for any reason Company suspects that Customer’s use of its Services in any way is contrary to any Applicable Message Requirements, Company reserves the right to request a written explanation from Customer, including the method of collecting the subscriber’s phone numbers and a guarantee signed by Customer that all the people on Customer’s subscriber list provided you prior express written consent to receive text messages from you of the type that you had sent, or, if applicable, the legal justification for why written consent is not required (e.g. transactional SMS messages). Customer agrees to provide all such information and documents reasonably requested by Company. Company reserves the right to take any action it thinks appropriate in the case of non-compliance, including but not limited to suspension and/or cancellation of the account, without any liability to Customer therefor.
2. Customer agrees that Customer will include clear opt-out/unsubscribe information on Customer’s messages when required to do so by any applicable law or regulation and otherwise adhere to the Consumer Best Practices Guidelines promulgated by the Mobile Marketing Association, if applicable to Customer’s messages, and that Customer will promptly process all such do-not-text or do-not-call requests and maintain those numbers on Customer’s internal do-not-call/text list.
3. Customer shall schedule its messages responsibly and in a manner that is courteous to the recipients pursuant to local, state, national, and international calling time rules and regulations. Customer is solely responsible for obtaining any rights or licenses to any data, including without limitation sound files, pictures or videos for inclusion in any outbound messages. If Customer is unfamiliar or unclear on the legalities of any message that Customer intends to initiate through the SMS Services, Customer must consult with its attorney prior to its use of the SMS Services.
4. Customer represents and warrants that it has all power and authority and has procured all rights and licenses necessary to use and text enable those phone numbers utilized for the SMS Services.
5. Customer shall indemnify, defend and hold harmless Company from any third party claims relating to or arising from a breach of this Exhibit C, SMS Specific Terms.

Exhibit D

Data Processing Addendum

This Data Processing Addendum (“Addendum”) is entered into between Customer and Company in connection with Company’ provision the Services pursuant to the Agreement. This Addendum is effective as of the Effective Date of the Agreement and is hereby incorporated into the Agreement. All capitalized terms not defined in this Addendum will have the meaning given in the Agreement. In the event of any inconsistency or conflict between this Addendum and the Agreement, this Addendum will govern.

1. DEFINITIONS.

“CCPA” means the California Consumer Privacy Act of 2018 and its implementing regulations.

“Consumer” means a natural person who is a California resident, as defined in Section 17014 of Title 18 of the California Code of Regulations, as that section read on September 1, 2017, however identified, including by any unique identifier.

“Personal Information” means information that Company Processes on behalf of Customer that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonable be linked, directly or indirectly, with a particular Consumer or household.

“Process” or “Processing” means any operation or set of operations that are performed on Personal Information or on sets of Personal Information, whether or not by automated means.

“Verifiable Consumer Request” means a request that is made by a Consumer, by a Consumer on behalf of the Consumer’s minor child, or by a natural person or a person registered with the California Secretary of State, authorized by the Consumer to act on the Consumer’s behalf, and that Customer can reasonably verify to be the Consumer about whom Customer has collected Personal Information.

2. COMPANY RESPONSIBILITIES.

Company will:

(a) not collect, retain, use, disclose or otherwise Process the Personal Information for any purpose other than for the specific purpose of performing the Services on behalf of Customer. Without limiting the foregoing, Company will not (i) collect, retain, use or disclose the Personal Information for a commercial purpose other than providing the Services, (ii) sell the Personal Information, (iii) combine the Personal Information received from Customer with personal information received from other entities except to the extent necessary to detect data security incidents or protect against fraudulent or illegal activity, and (iv) collect, retain, use or disclose the Personal Information outside the direct business relationship between Company and Customer;

(b) notwithstanding the limitations in clause (a), Process the Personal Information as necessary to (i) retain and employ subcontractors, subject to the requirements in clause (f) below, (ii) build or improve the quality of Company’ services, provided such use does not include building or modifying Consumer profiles that will be used to provide services to another business or to correct or augment data acquired from another source, (iii) detect data security incidents or protect against fraudulent or illegal activity, or (iv) comply with Company’ legal obligations;

(c) delete or provide access to Personal Information at Customer’s request;

(d) promptly notify Customer of any Verifiable Consumer Request Company receives;

(e) at Customer’s request, assist Customer in responding to Verifiable Consumer Requests;

(f) impose contractual obligations on its subcontractors that are at least equivalent to those obligations imposed on Company under this Addendum; and

(g) protect Personal Information in accordance with CCPA requirements.  Without limiting the foregoing, Company will use measures to protect Personal Information that will meet or exceed the requirements specified in Attachment 1 attached hereto and incorporated herein. 

Addendum Attachment 1 - Data Security Attachment

1. Program. Company will implement and maintain a comprehensive written information security program, which contains appropriate administrative, technical and organizational safeguards compliant with this Attachment 1.
2. Access Controls. Company will: (a) abide by the “principle of least privilege,” pursuant to which Company will permit access to Personal Information by its personnel (including subcontractors) solely on a need-to-know basis; and (b) promptly terminate its personnel’s access to Personal Information when such access is no longer required for performance under the Agreement.
3. Account Management. Company will use reasonable measures to manage the creation, use, and deletion of all account credentials used to access the facilities, systems, equipment, hardware, and software used in connection with any processing of Personal Information (“Company Systems”), including by implementing: (a) a segregated account with unique credentials for each user; (b) strict management of administrative accounts; (c) password best practices, including the use of strong passwords; and (d) periodic audits of accounts and credentials.
4. Vulnerability Management. Company will: (a) use automated vulnerability scanning tools to perform appropriate scans of the Company Systems; (b) log vulnerability scan reports; (c) conduct periodic reviews of vulnerability scan reports over time; (d) use appropriate patch management and software update tools for the Company Systems; (e) prioritize and remediate vulnerabilities by severity; and (f) use compensating controls if no patch or remediation is immediately available.
5. Security Segmentation. Company will monitor, detect and restrict the flow of information on a multilayered basis within the Company Systems using appropriate tools such as firewalls, proxies, and network-based intrusion detection systems.
6. Data Loss Prevention. Company will use reasonable data loss prevention measures to identify, monitor and protect Personal Information in use, in transit and at rest. Such data loss prevention processes and tools will include, at a minimum: (a) the prohibition of, or secure and managed use of, portable devices; (b) use of appropriate certificate-based security; and (c) secure key management policies and procedures.
7. Encryption. Company will encrypt, using industry-standard encryption tools, all Personal Information that Company: (a) transmits or sends wirelessly or across public networks; (b) stores on laptops or storage media, and (c) stores on portable devices or within the Company System. Company will safeguard the security and confidentiality of all encryption keys associated with encrypted Personal Information.
8. Secure Software Development. Company represents and warrants that any software used in connection with the processing of Personal Information is or has been developed using secure software development practices, including by: (a) segregating development and production environments; (b) filtering out potentially malicious character sequences in user inputs; (c) using secure communication techniques, including encryption; (d) using sound memory management practices; (e) using web application firewalls to address common web application attacks such as cross-site scripting, SQL injection and command injection; (f) implementing the OWASP Top Ten recommendations, as applicable; (g) patching of software; (h) testing object code and source code for common coding errors and vulnerabilities using code analysis tools; and (i) testing of web applications for vulnerabilities using web application scanners.
9. PCI Compliance. To the extent any Personal Information includes “cardholder data,” as such term is defined by the Payment Card Industry Data Security Standard (“PCI DSS”), Company will: (a) comply with the PCI DSS and other applicable payment card issuer, brand or association rules and requirements; (b) fully cooperate with any security review or investigation as may be required by any payment card issuer, brand or association or law enforcement entity regarding compliance with the PCI DSS, including by providing data security reports; (c) pay any fines and penalties in the event Company or any of its subcontractors fail to comply with such rules or requirements; and (d) on no less than an annual basis, at its own expense, undergo a PCI DSS compliance audit or self-assessment, as applicable, and provide the results of such audit or self-assessment, along with evidence of compliance (in the form of an Attestation of Compliance) to Company upon request.
10. Physical Safeguards. Company will maintain physical access controls that secure relevant Company Systems used to process any Personal Information, including an access control system that enables Company to monitor and control physical access to each Company facility.
11. Administrative Safeguards. Prior to providing access to Personal Information to any of its personnel, Company will: (a) conduct appropriate reliability evaluations of such personnel, including by performing appropriate background screening; and (b) provide appropriate security training to such personnel. Company will periodically provide additional training to its personnel as may be appropriate to help ensure that Company’s information security program meets or exceeds prevailing industry standards.