Datica Legal Documentation

This is the public version of Datica's Legal Documentation. If you have any further questions, please reach out to us at hello@datica.com.

Effective Date: 09/01/2021

Welcome!  We are Datica, Inc. (“Datica”) and, if you are reading this, you are interested in licensing Datica’s Software-as-a-Service (“SaaS”) compliance platform, with the features and functionality currently included at the Standard tier and related documentation (the “Service”). These Terms of Service are the terms, conditions, and limitations that apply to your access and use of the Service. 

You may license access to the Service by entering into one or more Sales Orders with Datica to license access to the Service. By signing any Sales Order, you are signifying you have read, understood, and agree to be bound by these Terms of Service.  If you are obtaining use of the Service for an individual, “you” or “your” refers to you individually.  If you obtaining use of the Service for an entity, “you” and “your” refers to that entity. 

Terms of Service

  1. General

    1. Definitions, Included Terms and Policies. Capitalized terms used in these Terms of Service are defined in the Definitions section below.  These Terms of Service include and incorporate by reference any Sales Order(s) that you have entered into with Datica, as well as any additional policies associated with your service tier, even though such policies and terms may be hyperlinked or located on a separate webpage.

    2. Changes. Datica may from time to time, in its sole discretion, add to or change the Service or these Terms of Service, including pricing.  When Datica makes these changes, Datica will update the “Effective Date” at the top of this page and you agree that your continued use of the Service after such change signifies your acceptance of such changes as an amendment to these Terms of Service.

    3. You are responsible for all activity in your Datica account by End Users and authorize Datica to act on any changes to or requests made in or through your Datica account.  You agree changes of any kind to the Service made electronically through your Datica account, including changes that affect pricing (such as deploying new resources to your cloud account) are binding on you.  Datica may rely on any such changes as a specific directive to implement such change and, if applicable, to bill your payment method accordingly.  When you upgrade your subscription level to a higher tier, then you will be deemed to have agreed to Datica’s then-current terms, conditions, limitations and fees applicable to such higher tier.

  2. Rights Granted.

    1. By Datica. Datica grants you the non-exclusive, non-assignable, limited right during the License Term for you and End Users to access and use the Service in the United States, subject to the terms, conditions, and limitations in these Terms of Service. Datica reserves all rights to the Service and its components not granted by these Terms of Service including without limitation all software and other components used to provide the Service and all of its copyrights and trademarks reproduced through the Service, and these Terms of Service do not grant you any intellectual property rights in the Service or any of its components.

    2. By You.To enable Datica to provide the Service, you grant to Datica a non-exclusive, royalty-free, worldwide license during the License Term (as defined below) to use, transmit, distribute, modify, reproduce, display, and store Your Content to perform the Service.

  3. Pricing, Payments.

    1. Pricing. You agree to pay the fees and charges for the Service set forth in your Sales Order(s) with Datica, as such fees and charges may be updated from time-to-time. Fees and charges for any new services, new features and functionality for existing Service, and other components of the Service, will be published at www.datica.com or another site designated by Datica. Any changes to fees and charges are effective and will apply to you when Datica publishes the changes on www.datica.com unless otherwise specified by Datica by written notice to you. Datica may increase or add new fees and charges for any existing Service at any time and will use commercially reasonable methods to inform you in advance of the change, including by email or a pop-up window on Datica’s website. You agree that your continued use of the Service after any such change signifies your acceptance of such change as an amendment to these Terms of Service.

    2. Payments. You agree to provide Datica with a current, valid, method of payment then-accepted by Datica in order to use the Service. Datica will bill fees and charges due under any Sales Order(s) for your use of the Service to such payment method on a monthly basis. If a payment is not successfully settled, due to expiration, insufficient funds, or otherwise, you remain responsible for any uncollected amounts and authorize Datica to continue billing your specified payment method, as it may be updated.

    3. PAYMENTS ARE NONREFUNDABLE AND THERE ARE NO REFUNDS OR CREDITS FOR FEES PAID FOR PARTIAL MONTHS. If any amount you owe to Datica is not paid within 30 days of when due, you agree Datica may, by written notice to you, stop providing Professional Services, limit your use of the Service to read only, or suspend your use of the Service until such overdue amounts are paid in full. All overdue amounts will accrue interest until paid at the rate of the lesser of 1.5% per month or the highest rate allowed by law. If any amount remains unpaid for more than 60 days, Datica may immediately terminate these Terms of Service by providing you with written notice. Datica’s remedies under this Section are cumulative of other remedies available under these Terms of Service or at law.

    4. Taxes. Except Datica’s income taxes, taxes (e.g., sales, use, excise, property, VAT, and other similar taxes) arising out of these Terms of Service will be your responsibility. If Datica pays or is required to pay such taxes or related penalties or interest, you will promptly pay Datica all such amounts.

  4. Representations, Warranties

    1. Limitations. Datica does not guarantee uninterrupted or error-free operation of the Service or that all errors in the Service will be corrected. Datica will not be liable for errors or damages of any kind caused by Your Content, third party criminal acts, limitations inherent in the use of the Internet, or third party hardware, software, systems, or data.


  5. Your Responsibilities. You agree you are at least 18 years of age, have not previously been suspended or removed from the Service, and your use of the Service would not violate any laws or regulations applicable to you. If you are accessing the Service on behalf of another entity, you represent you have the authority to bind that entity to these Terms of Service. To access and use the Service, you must open and maintain a Datica account online throughout the term of these Terms of Service. Between you and Datica, you are responsible for (a) all access to and use of your Datica accounts and associated individual administrator and member accounts, if any, by you, End Users, or third parties, (b) the sufficiency of security, privacy, and other protections and controls applied to Your Content, including decisions to enable or disable Service features or to use or not use other products or services with the Service, and © for the reliability, integrity, legality, and medical accuracy and appropriateness of Your Content. Production environments are the only environments included in the Service that are intended for storing or processing protected health information. You understand that your use of the service requires access to and use of an account with a cloud service provider that you control. Datica is not responsible for troubleshooting or correcting any errors in your cloud service account, or for the availability of your cloud service account generally. If your cloud service account is or becomes unavailable, Datica will be under no obligation to provide the Service, and you will not be entitled to any refund for fees paid to Datica as a result of the unavailability of your cloud service account.

  6. Access Limitations

    1. General. The Service is licensed, not sold, to you by Datica and you receive no title to or ownership of the Service itself, or any copy thereof. You receive no rights to the Service other than those specifically set forth in these Terms of Service. Without limiting the foregoing, you will not: (a) use the Service for time-sharing, rental or service bureau purposes; (b) make the Service, in whole or in part, available to any other person, entity or business; (c) copy, reverse engineer, decompile or disassemble the Service, in whole or in part, or otherwise attempt to discover the source code to the software used in the Service; or (d) modify the Service or associated software or combine the Service with any other software or services not provided or approved by us. You agree to immediately notify Datica if you become aware of any activity in violation of this section that you become aware of, and you will take prompt action to mitigate the breach or suspected breach as Datica may reasonably direct, and cooperate with Datica in investigating and mitigating the breach.

  7. Confidentiality

    1. Nondisclosure. Neither party shall use the Confidential Information of the other party (defined, below in Datica’s case as “Datica’s Confidential Information” and in your case as “Your Confidential Information”) for any purpose other than to facilitate the transactions contemplated by this Agreement. The party receiving Confidential Information (the “Recipient”) from the other party (the “Discloser”) shall: (a) maintain in confidence the Discloser’s Confidential Information; (b) not disclose the Confidential Information received from the other party (the “Discloser”) to any employer or contractor of Recipient unless such person needs access to facilitate Recipient’s performance of this Agreement and executes a written agreement containing confidentiality terms that are substantially similar to, and no less restrictive than those of this Section 7; and (c) shall not disclose the Discloser’s Confidential Information to any other third party without the Discloser’s prior written consent. Without limiting the foregoing, each party as the Recipient shall protect the Discloser’s Confidential Information with the same degree of care that it uses to protect its own Confidential Information of similar nature and importance, but no less than a reasonable degree of care. Each party as the Recipient shall promptly notify the Discloser of any misuse or misappropriation of the Discloser’s Confidential Information that comes to the Recipient’s attention. Notwithstanding the foregoing, the Recipient may disclose the Discloser’s Confidential Information as required by applicable law or by proper legal or governmental authority. Recipient shall give Discloser prompt notice of any such legal or governmental demand and reasonably cooperate with Discloser in any effort to seek a protective order or otherwise to contest such required disclosure, at Discloser’s expense.

    2. Injunctive Relief. Recipient agrees that breach of this Section 7 would cause Discloser irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Discloser will be entitled to seek injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security.

    3. Termination and Return. Upon termination or expiration of this Agreement, Recipient shall return all copies of the Discloser’s Confidential Information to Discloser or certify, in writing, the destruction thereof.

    4. Retention of Rights. This Agreement does not transfer ownership of Confidential Information or grant a license thereto, unless another section of this Agreement specifically provides to the contrary.

  8. Data and Privacy.

    1. Business Associate Exhibit. To address the requirements of certain regulations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the parties agree to Datica’s Business Associate Terms.

    2. Datica Confidential Information. You agree that you will: (i) maintain in confidence Datica Confidential Information, (ii) limit access and use of the Service to your End Users in the United States and as described the Acceptable Use Policy below, and (iii) promptly notify Datica of any unauthorized access or use of the Service.

    3. Usage Data. Notwithstanding anything to the contrary in these Terms of Service, you agree that Datica shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Service and their related systems and technologies (collectively, “Usage Data”). Usage Data includes statistics, statistical models, parameters, algorithms, and other similar information and data generated from the operation of the Service. Datica is free (during and after the term of these Terms of Service) to (i) use such Usage Data to improve and enhance the Service and for other development, diagnostic and corrective purposes in connection with the Service and our other products or services and (ii) disclose such Usage Data to third parties.

  9. Intellectual Property. Datica retains all right, title and interest, as well as any associated intellectual property rights, and will have the right to use the Service for any purpose. Works of authorship created by Datica in the performance of these Terms of Service are not “works made for hire” as defined in the U.S. Copyright law. Other than as expressly provided in these Terms of Service, no license or right is granted to you by implication or otherwise with respect to or under any such intellectual property rights.

  10. Limitations of Liability


    2. Force Majeure. Datica is not liable under these Terms of Service for delay in performance or non-performance caused by events or conditions beyond the party’s reasonable control, including without limitation acts of God, fire, war, terrorism, third party criminal acts, any law or governmental regulations, or labor dispute, and the period of performance will be deemed extended to reflect such delay as agreed by the parties.

    3. Timing of Actions. The parties will first attempt to resolve any dispute related to these Terms of Service or the Service by good faith mutual discussions. Neither party will begin a lawsuit for any matter related to these Terms of Service or the Service more than twelve (12) months after the date the applicable cause of action arose, as may be extended for the period the parties are in good faith discussions to resolve the dispute. If a lawsuit is begun, the prevailing party may recover its attorneys’ fees and costs from the other party.

  11. Indemnification. You agree to defend or settle, and to indemnify and hold Datica Indemnitees harmless from, any Claim made against Datica Indemnitees by a third party alleging (i) Your Content infringes a United States patent, copyright, or trademark; (ii) any violation by you or your end users of your responsibilities set forth in Sections 5 or 6 of these Terms of Service; or (iii) related to or arising out of your or any End User’s use of (or inability to use) the Service, including Claims alleging negligence of Datica, its employees, or contractors.

  12. Term, Termination.

    1. Term. Unless otherwise specified in a Sales Order, your License Term for the Service will be for 1 year beginning on the Effective Date of the Sales Order. The License Term for a Sales Order will automatically renew for successive 1-year periods unless either party notifies the other party of its intention to not renew the License Term at least 30 days prior to the expiration of the then-current term.

    2. Termination. A party may terminate the License Term immediately if the other party fails to remedy a material breach within fifteen (15) days’ written notice or if the other party ceases actively doing business, begins winding up its business, or bankruptcy or insolvency proceedings are begun by or against such party and not promptly dismissed. Your and End Users’ right to access and use the Service will end when the License Term expires or terminates, and Datica may at its option store, return, or discard Your Content then in its possession. Datica may also terminate your use of the Service, and any Sales Order entered into pursuant to these Terms of Service, at any time by providing you with 90 days’ prior notice.

    3. Effect of Termination. If the License Term is ended by either party, for any reason, all of your rights under these Terms of Service will immediately end and all fees and charges (including any applicable taxes) owed by you to Datica are due immediately, including fees and charges for in-process tasks completed as of the date of termination. If Datica elects to not renew the License Term on 30 days’ notice as provided above, Datica will provide you with a reasonable opportunity (including, if necessary, past the Sales Order expiration date) to retrieve and transition Your Content. If you request, Datica may provide assistance to transition Your Content to another vendor, additional fees for Professional Services may apply. These Terms of Service will continue to apply during any post-expiration transition period Datica provides to you. You are responsible for making a copy of and deleting Your Content before cancelling your Datica account. Datica is not obligated to refund any amount to you if you cancel your account or downgrade Service. If you cancel your Datica account after the trial period but before the end of the then-current term, then you will still owe fees due for the Service through the end of the then-current term. YOU ARE SOLELY RESPONSIBLE FOR EXPORTING YOUR CONTENT FROM THE SERVICE PRIOR TO CLOSING YOUR ACCOUNT.

    4. Survival. Sections 1(b), 3(b) and (c), 4, 7-11, 12(d), and 13 will survive the expiration or termination of the License Term.

  13. Miscellaneous

    1. Entire Agreement. These Terms of Service, along with any Sales Order(s) entered into by you and Datica, are the entire agreement between the parties regarding its subject matter and supersedes all prior or contemporaneous representations, understandings, or agreements, and may not be modified or amended except by Datica pursuant to the terms of these Terms of Service or otherwise in an agreement in writing signed by the parties.

    2. Enforcement Remedies. The parties acknowledge that the remedies at law for any breach of these Terms of Service may be inadequate and that the non-breaching party will be entitled, and in addition to any remedy at law, to seek equitable relief by way of a restraining order, injunction or other prohibitory or mandatory relief, to prevent the breach or threatened breach of, or to seek to enforce the specific performance of any term, condition, covenant or provision of these Terms of Service. This provision with respect to injunctive relief and other equitable remedies will not diminish the right of the non-breaching party to claim and recover damages in addition to such relief.

    3. Subcontractors. Datica has and may subcontract any portion of the Service to other vendors (e.g., software and storage providers). If any such subcontractor or other party Datica engages in connection with providing the Service requires access to Your Content, then Datica may provide such access if the subcontractor or other vendor agrees in writing to comply with the same or similar restrictions that apply to Datica with respect to such information.

    4. Assignment. Sales Order(s) may be assigned by either party with the other party’s prior consent or in connection with a merger or sale of substantially all of such party’s assets, in each case so long as such party’s successor agrees to be bound by these Terms of Service. Any other assignment will be void.

    5. Relationship. Each party is an independent contractor in the performance of its obligations under any Sales Order. Neither party has the agency or authority to bind the other party in any way. No third-party beneficiaries are intended or created by these Terms of Service.

    6. Severability. If any provision of these Terms of Service are held to be unenforceable and severable from these Terms of Service, no such severability will be effective if it materially changes the economic benefit of these Terms of Service to either party.

    7. Government Restricted Rights. The Service is provided with Restricted Rights. Use, duplication, or disclosure for or by the government of the United States, including without limitation any of its agencies or instrumentalities, is subject to restrictions set forth, as applicable: (i) in subparagraphs (a) – (d) of the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19; or (ii) in similar clauses in other federal regulations, including the NASA FAR supplement. The contractor or manufacturer is Datica, Inc. You shall not remove or deface any restricted rights notice or other legal notice appearing the Service or on any other media or documentation associated with the Service. You shall require that your customers, distributors, and other recipients of the Service agree to and acknowledge the provisions of this Section 13(g).

    8. Export Restrictions. You shall not: (a) permit any third party to access or use the Service in violation of any U.S. law or regulation; or (b) export the Service or otherwise remove it or allow access from the United States except jin compliance with all applicable U.S. laws and regulations. Without limiting the generality of the foregoing, you shall not permit any third party to access or use the Service in, or export the Service to, any country subject to a United States embargo (as of the Effective Date, Cuba, Iran, North Korea, Sudan, and Syria).

    9. Communication; Notices. By using the Service, you consent to receiving electronic communications from Datica relating to your Datica account. These communications may involve sending emails to your email address provided when you opened your Datica account, or posting communications on www.datica.com or the landing page for your Datica account, and will include notices about your Datica account (e.g., payment authorizations, change in password or payment method, confirmation e-mails and other transactional information) and are part of your relationship with Datica. You agree that any notices, agreements, disclosures or other communications that Datica sends to you electronically will satisfy any legal communication requirements, including that such communications be in writing. You should maintain copies of electronic communications by printing a paper copy or saving an electronic copy. Otherwise, notices required or permitted under these Terms of Service will be in writing given to the party at the address specified in your Sales Order(s) by hand delivery, certified mail, return receipt requested, or by overnight delivery carrier service


“Claim” means any demand, action, or liability, however described, and related expenses, costs, and attorney fees.

“Our Confidential Information” means Datica Materials and all information concerning our business or the development, functionality, operation, use, implementation, or support of the Software, Service, and our other products and services, including the terms of these Terms of Service. Except for Datica Materials, which will always be Our Confidential Information, “Our Confidential Information” excludes information that (a) is or becomes publicly available through no fault of you or End Users, (b) was known to you on a non-confidential basis when we first provided you such information, (c) was lawfully disclosed to you on a non-confidential basis by an authorized third party, or (d) is independently developed by you without use of or reference to Our Confidential Information.

“Datica Materials" means software, programming tools, APIs, documentation, computational models, statistical models, algorithms, reports, content, data, know-how, methods, processes, and other inventions, works, and technologies, now existing or created after the the start of your License Term, including such items made by Datica in providing Service to you. We own and retain undivided ownership of all Our Materials.

“Indemnitees” means the applicable party, its shareholders, officers, directors, employees, and contractors.

“Your Content” means your software applications, tools, data, or information that consumes, interacts, or operates with the Service.

“Your Confidential Information” means all information, in whatever form, concerning your confidential business strategies and financial information. “Your Confidential Information” excludes information that (a) is or becomes publicly available through no fault of ours, (b) was known to Datica on a non-confidential basis when you first provided Datica with such information, (c) was lawfully disclosed to Datica on a non-confidential basis, (d) is independently developed by Datica without use of or reference to Your Confidential Information, or (e) relates to comments or ideas about the Service.

Business Associate Terms

Datica may have access to or receive protected health information in connection with providing the Service, and so the parties must agree to the terms of this Exhibit in order to address requirements of the Health Insurance Portability and Accountability Act of 1996, as amended, and its associated regulations (the “HIPAA Rules”).

  1. Applicability. This Exhibit applies only to the extent you actually use the Service to store or transmit PHI, Datica is a “business associate” as defined by the HIPAA Rules, and you have applied the required security configurations specified in Exhibit 4 (Acceptable Use Limitations).

  2. Definitions. The following terms used in this Exhibit will have the meaning given in the HIPAA Rules, except as modified below: breach (for purposes of Section 4(c)(ii) only, otherwise use of the word “breach” will have ordinary contract meaning), business associate, covered entity, disclosure, individual (including a person who is a personal representative under 45 CFR §164.502(g) of HIPAA Rules) Privacy Rule, protected health information (also referred to in this Exhibit as “PHI”, limited to the information received by Datica from you, or created or received by Datica on your behalf, and excluding information de-identified as permitted by the Datica SaaS Terms of Service), required by law, Secretary, security incident, Security Rule, and use.

  3. Permitted Uses and Disclosures of PHI.

    1. Provision of the Service. Datica may use and disclose PHI to provide the Service or to otherwise perform its obligations and exercise its rights under the Datica SaaS Terms of Service, or any Sales Order entered into by you and Datica, and to perform functions, activities, or services for you or on your behalf in connection with the Service or any agreements between you and Datica, including without limitation implementation, support, and other services.

    2. Management and Administration. Datica may use and disclose PHI as necessary for the proper management and administration of Datica and the Service. Disclosures under this section will only be made if Datica has reasonable assurances the recipient will use or disclose the PHI only as required by law or for the purpose for which it was disclosed to the recipient and the recipient will notify Datica if it becomes aware the confidentiality of the information was compromised.

  4. Datica Obligations.

    1. Limits on Use and Disclosure. Datica will use or disclose PHI only as permitted by these Business Associate Terms or the Datica SaaS Terms of Service or as required by law, provided that any such use or disclosure would not violate HIPAA Rules if done by a covered entity, unless permitted for a business associate by HIPAA Rules.

    2. Safeguards. Datica will use reasonable and appropriate safeguards, and comply when applicable with Subpart C of 45 CFR Part 164 regarding electronic PHI, to prevent use or disclosure of PHI other than as provided for by these Business Associate Terms and the Datcia SaaS Terms of Service.

    3. Reporting. Datica will use commercially reasonable efforts to ensure the availability of audit logging provided through the Service in order to support your reporting and compliance obligations under HIPAA Rules. The sole obligation of Datica with respect to reporting use or disclosure of PHI are as follows:

      1. Impermissible Uses and Disclosures; Security Incidents. Datica will report to you any use or disclosure of PHI not permitted by this Exhibit of which it becomes aware. Datica will report to you within 60 days any security incidents involving electronic PHI of which it becomes aware. Notice is hereby provided, and no additional notice will be provided, for unsuccessful attempts at such unauthorized access, use, disclosure, modification, or destruction, such as pings and other broadcast attacks on a firewall, denial of service attacks, port scans, unsuccessful login attempts, or interception of encrypted information where the key is not compromised, or any combination of the above.

      2. Other Breaches. Datica will report to you any breach of your unsecured PHI that Datica may discover to the extent required by 45 C.F.R. §164.410. Datica will make such report without unreasonable delay, and in no case later than 60 days after discovery of such breach. Datica undertakes no obligation to report network security related incidents which occur on its managed network that do not directly involve impermissible uses or disclosures, security incidents, or breaches.

    4. Subcontractors. Datica will ensure that its subcontractors who create, receive, maintain, or transmit PHI on behalf of Datica agree to implement reasonable and appropriate safeguards to protect PHI.

    5. Access to PHI. You agree Datica is not required by this Exhibit to disclose PHI to individuals or any person other than you, and so Datica does not expect to maintain documentation of such disclosure as described in 45 CFR §164.528. If Datica does make such disclosures, it will document the same as would be required for you to respond to a request by an Individual for an accounting of disclosures in accordance with 45 CFR §164.504(e)(2)(ii)(G) and §164.528, and will provide such documentation to you in the time and manner reasonably requested by you. If a request for an accounting is made directly to Datica, then Datica will forward such request to you within 5 business days.

    6. Accounting of Disclosures. At your request, Datica will make available to you information in its possession that may be required for you to provide an accounting of disclosures of PHI by Datica in accordance with 45 C.F.R. § 164.528. Because Datica cannot readily identify the types of PHI included in Your Content or specific individuals to whom it pertains, you will be solely responsible for identifying individuals whose PHI may have been included in Your Content disclosed by Datica and for describing the type of PHI disclosed.

    7. Internal Records. Datica will make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary or his designee for purposes of determining your compliance with HIPAA Rules. Datica does not waive any applicable privilege it may have or protection of its trade secrets or confidential information.

  5. Your Obligations.

    1. Appropriate Use. You are responsible for implementing appropriate privacy and security safeguards in order to protect PHI, including without limitation by: (i) not including protected health information (as defined in 45 CFR 160.103) in Service that are not or cannot be HIPAA compliant, (ii) utilizing the highest level of audit logging in connection with use of your applications by you and End Users, and (iii) maintaining the maximum retention of logs in connection with your use of the Service.

    2. Necessary Consents. You have and will maintain the necessary authorizations and other consents required by applicable law before loading or transmitting Your Content (including PHI) on or through the Service.

    3. Restrictions on Disclosures. You will not agree to any restrictions or limitations on the use and disclosure of PHI that would cause Datica to be in breach of these Business Associate Terms, HIPAA Rules, or other law, or place any such restrictions or limitations in any notice of privacy practices.

    4. Compliance with HIPAA. You agree not to request or cause Datica to use or disclose PHI in a manner that does not comply with HIPAA Rules or this Exhibit.

  6. Term and Termination.

    1. Termination. If either party learns of a material breach of this Exhibit by the other party, the non-breaching party will notify the breaching party and provide a reasonable opportunity to cure the breach, and if such breach is not cured within a reasonable time, terminate this Exhibit and the Service components that require or permit ongoing access to PHI. If it is not possible to cure such breach, then the non-breaching party may immediately terminate this Exhibit and the Service components that require or permit ongoing access to PHI.

    2. Effect of Termination. Upon termination of expiration of the License Term for your use of the Service or, if earlier, these Business Associate Terms, Datica will, if feasible, return or destroy all PHI. If Datica determines return or destruction is not feasible (e.g., retention of PHI is necessary to continue its proper management and administration or to carry out its legal obligations), Datica will so inform you and will extend the protections of this Exhibit to such PHI and limit further uses and disclosures to the purposes that make return or destruction of PHI infeasible for as long as Datica maintains such PHI.

  7. Miscellaneous.

    1. No Agency. Neither party is an agent of the other nor does any part of this Exhibit give you the right or authority to direct or control Datica in the performance of its obligations under these Business Associate Terms.

    2. Amendment. The parties agree to take such good faith action to amend this Exhibit from time to time to comply with actual or reasonably anticipated changes to requirements of the HIPAA Rules.

    3. Survival. The parties’ respective rights and obligations under Section 6 of this Exhibit will survive termination of the Exhibit.

    4. Interpretation. Any ambiguity in this Exhibit will be resolved to permit compliance with HIPAA Rules.

Legacy Product Terms

General Terms and Conditions

"For the avoidance of doubt, the terms posted on this page do not apply to Datica's Software-as-a-Service ("SaaS") compliance product. For terms applicable to that product, please see the Datica Software-as-a-Service ("SaaS") Terms of Service"

1. The Subscription Agreement

The Subscription Agreement references and fully incorporates the following documents:: (i) the Service Order that describes the Services the Customer is buying, along with related fees; (ii) these General Terms and Conditions containing the general terms and conditions applicable to all Services, (iii) the specific Product Terms and Conditions containing the additional terms for the particular Datica Services Customer is buying, and (iv) the Acceptable Use Policy. The term “Subscription Agreement” or “Agreement” in any of these documents refers to collectively to all of the documents outlines above.

The Agreement is effective as of the time that Customer signs the form of Agreement prepared by Datica, or accepts the Agreement as part of Datica’s online order process and registration. This Agreement’s terms may only be modified in writing where the Service Order specifically states the specific section, or term of this Agreement that is being modified.

2. Defined Terms

Datica Materials“ means all command line tools, devices, documents, data, know-how, methods, processes, sample code, software, software libraries, and other inventions, works, technologies and materials, including any and all Service software, computer hardware, programs, reports and specifications, WDSLs, client software and deliverables provided or used by Datica in connection with performing the Services, in each case developed or acquired by Datica independently of this Agreement.

"Datica Services ” or “Services” means any or all of the products and services offered by Datica and as identified in Customer’s underlying Service Order.

Customer” or “Datica Customer” means a current contractually bound customer of Datica.

Customer Content” means information, however described, including patient data, submitted or received by Customer or End Users through the Services, including matter transmitted, processed, or stored by Datica in performing the Services or otherwise received by Datica under this Agreement.

Customer Application” shall mean the software or application that Customer uploads on Provider’s Services.

Permitted Uses” means access and use of the Services by Customer for the benefit of Customer for Customer’s internal and external business operations within Customer’s network of clients, providers and patients.

Professional Services” means those ancillary services provided by Provider in connection with the delivery of Services to the Customer but invoiced as a separate line item from the Services itself such as, by way of example, set up, implementation, training, customization and other professional services.

3. Reservation of Rights.

Customer is entitled to access Services solely in accordance with the terms of this Agreement. Datica and its third party suppliers and partners hereby reserve all rights, title and interest in and to Services, including without limitation all software used to provide the Services and any associated Services and all logos and trademarks reproduced through Datica’s system. This Agreement does not grant Customer any intellectual property rights in, or to Services, or any of its components. Datica reserves all rights not expressly granted in this Agreement or any Service Order.

4. Customer Responsibilities.

4.1 Use of Datica Services

Customer will use Datica’s Services in order to host or develop Customer Applications on behalf of itself. Prior to using the Services, Customer represents and warrants that: (a) it has all rights, license and clearances necessary to use the Services, (b) the Services shall be accessed by Customer and its authorized users only. Customer will be solely responsible for all use (whether or not authorized) of the Datica Services and Datica Materials under its account, including for the quality and integrity of data that it uploads to the Services.

4.2 End User

An “End User” is an employee or contractor that Customer authorizes to access the Services. Customer will ensure that End Users comply with the terms of this Agreement. Customer will promptly notify Datica if it becomes aware of any breach of the terms of this Agreement that may affect Datica, or other Datica Customers. As between Customer and Datica, Customer will be solely responsible for the acts and omissions of End Users. Customer will take all reasonable precautions to prevent unauthorized access to or use of the Services and notify Datica promptly of any such unauthorized access or use.

4.3 Customer Content

To enable Datica to provide the Services, Customer grants to Datica a non-exclusive, royalty-free, worldwide license during the term of the Agreement to use, transmit, distribute, modify, reproduce, display, and store Customer Content only to perform the Services and as permitted by the Agreement. Datica will not disclose Customer’s Confidential Information to any third party, except: (i) with Customer’s consent, (ii) as required by law or court order, or (iii) as permitted under the Agreement.

Between Customer and Datica, Customer owns all Customer Content. Customer agrees that Datica may create, collect, and use data derived from Customer Content or that results from Customer’s and End Users’ use of the Services, including performance data about Customer’s and End Users’ access and use of the Services and patient data, so long as such data is de-identified to reasonably avoid identifying Customer or an individual. Such data will belong to Datica and may be used and disclosed to operate, analyze, improve, provide, and market Datica products and services. Customer agrees Datica may use, store, transmit, distribute, modify, copy, display, sublicense, and create derivative works of such de-identified Customer Content and other data even after this Agreement ends.

4.4 Restrictions

Customer will not rent, lease, lend, sell, sublicense, assign, distribute, publish, or otherwise make available the Services to third parties and/or use or authorize the use of Services or Datica Materials in any manner or for any purpose that is unlawful. Customer will ensure that the Services provided hereunder are used in accordance with all applicable laws, regulations and third party rights, as well as the terms of this Agreement. Customer agrees not to:

4.4.1Access (or attempt to access) the administrative interface of Services by any means other than through the interface that is provided by Datica in connection with the Services unless it has been specifically allowed to do so in a separate written agreement with Datica;

4.4.2 Attempt to disable or circumvent any security mechanisms used by Datica or any Datica applications excepting situations where Customer notifies Datica, in writing (with email accepted) of any such testing;

4.4.3Engage in any activity that intentionally interferes with or disrupts Services (or the servers and networks which are connected to the Services);

4.4.4Rent, lease, lend, sell, sublicense, assign, distribute, publish, transfer or otherwise make Services available to any third party, except as expressly permitted by this Agreement;

4.4.5Use or authorize the use of Services in any manner or for any purpose that is unlawful under applicable law and/or by any unauthorized user - and in the event of any such unauthorized access or use, promptly to notify Datica; and

4.4.6Attempt to reverse compile, disassemble, reverse engineer all or any part of Services or underlying software. Customer may use Services only to develop and run its Customer Applications on Services, and shall not develop Customer Applications to simulate or act as a single Application or otherwise access the Services in a manner intended to avoid incurring fees.

4.4.7Access the Services for the purpose of bringing an intellectual property infringement claim against Datica or for the purpose of creating a product or service competitive with the Services.

4.5 Customer Compliance

Customer shall comply with all applicable privacy laws, regulations and established industry standards pertaining to the protection and disclosure of personally identifiable information. Customer represents and warrants that, except to the extent caused by the Services or Datica, Customer’s Application and any associated services, products, materials, Uploaded data, content, and information used by Customer in connection with this Agreement as well as Customer’s access to and use of the Services do not, and will not, during the term of this Agreement operate in any manner that would violate any applicable law or regulation, including those under HIPAA and HITECH.

5 Fees

5.1 Fees

Customer agrees to pay the fees for Services set forth in the applicable Service Order, and as executed by both parties.

5.2 Net of Taxes

All payments required by this Agreement exclude all sales, value-added, use, and other taxes and obligations, all of which Customer shall pay in full, except for taxes based on Datica’s income or assets. Customer shall be solely responsible for all sales, service, commercial, gross receipts, privilege, surcharges, value-added, use, excise, consumption and any other taxes, license fees duties and charges of any kind, if any, whether charged to or against Datica, imposed by any applicable government, national or local on any amounts payable by Customer under this Agreement or any Service Order, other than any taxes imposed on, or with respect to, Datica’s income, revenues, gross receipts, personnel, real or personal property or other assets.

5.3 Invoicing and Payment

Datica shall invoice Customer for all fees for Services thirty (30) days in advance and payments are due on the 1st of each month. All payments must be made in U.S. dollars. Payment obligations are non-cancelable and fees paid are non-refundable. In addition to all other remedies available under this Agreement or at law (which Datica does not waive the exercise of any rights hereunder), if Customer is overdue on any payment and fails to cure such non-payment within ten (10) days of written notice of the non-payment, then Datica may assess, and Customer will pay, a late fee of the lesser of 1.5% per month or the maximum amount allowable by law. Datica may also suspend the Services associated with Customer’s account until such non-payment is corrected.

6 Ownership and Confidentiality

6.1 Ownership Rights

As between the parties, Datica exclusively owns and reserves all right, title and interest in and to the Services, Datica Materials and Datica’s Confidential Information. As between the parties, Customer exclusively owns and reserves all right, title and interest in and to the Customer Uploaded Data, Customer Applications, and Customer’s Confidential Information.

6.2 Use of Marks

You agree that Datica, in its sole discretion, may use your trade names, trademarks, service marks, logos, domain names and other distinctive brand features in presentations, marketing materials, customer lists, financial reports, use cases, and Web site listings (including links to your website) for the purpose of advertising or publicizing your use of the Datica Services.

6.3 Use of Ideas

You may choose to or we may invite you to submit comments or ideas about the Services, including without limitation about how to improve the Services or our products (“Ideas”). By submitting any Idea, you agree that your disclosure is gratuitous, unsolicited and without restriction and will not place Datica under any fiduciary or other obligation, and that we are free to use the Idea without any additional compensation to you, and/or to disclose the Idea on a non-confidential basis or otherwise to anyone.

6.4 Confidentiality

6.4.1 Definition

“Confidential Information” means this Agreement and any information or data, regardless of whether it is in tangible form, disclosed by either party that is marked or otherwise designated as confidential or proprietary or that should otherwise be reasonably understood to be confidential given the nature of the information and the circumstances surrounding disclosure. “Confidential Information” does not include any information which: (i) is publicly available through no fault of receiving party; (ii) was properly known to receiving party, without restriction, prior to disclosure by the disclosing party; (iii) was properly disclosed to receiving party, without restriction, by another person without violation of disclosing party’s rights; or (iv) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information.

6.4.2 Use and Disclosure

Each party agrees that it will use the Confidential Information of the other party solely in accordance with the provisions of this Agreement and it will not disclose such information to any third party without the other party’s prior written consent, except as otherwise permitted hereunder. Each party agrees to exercise due care in protecting the Confidential Information from unauthorized use and disclosure. Each party may disclose the Confidential Information of the other party, in whole or in part to its employees, representatives, actual or potential investors and subcontractors who have a need to know and are legally bound to keep such information confidential consistent with the terms of this Section. Either party may disclose the Confidential Information of the other party as required by law, upon prior written notice to the other party (where allowed by law); provided that such party will use its reasonable efforts to minimize such disclosure to the extent permitted by applicable law.

7 Disclaimer


8 Third Party Indemnification

8.1 Infringement Indemnity

8.1.1 Defense.Datica will defend, indemnify and hold Customer harmless against any claim, demand, suit, or proceeding (“Claim”) made or brought against Customer by a third party alleging that the use of the Services as permitted hereunder infringes or misappropriates a third party copyright, trade secret, trademark or United States patent. Datica will pay all costs, reasonable legal fees and any settlement amounts agreed to be paid by Datica or damages awarded against Customer in connection with any such Claim.

8.1.2 Infringement Options.If the use of the Services by Customer has become, or in Datica’s opinion is likely to become, the subject of any claim of infringement, Datica may at its option and expense: (i) procure for Customer the right to continue using the Datica Services as set forth herein; (ii) modify the Datica Services to make such services non-infringing; or (iii) if the foregoing options are not reasonably practicable, terminate this Agreement and refund Customer any unused pre-paid fees

8.1.3 Limitations.Datica will have no liability or obligation with respect to any Claim if such Claim is caused in whole or in part by: (i) use of the Services by Customer not in accordance with this Agreement; or (ii) the combination, operation or use of the Services with other applications, portions of applications, products or services where the Services would not by itself be infringing. This Section states Datica’s entire and exclusive obligation, and Customer’s exclusive remedy, for any claim of any nature related to infringement or misappropriation of intellectual property

8.1.4 Indemnification by Customer.Except as stated in Section 8.1 above, Customer will defend, indemnify and hold Datica harmless against any Claim arising out of or relating to Customer’s activities under this Agreement and Customer’s acts or omissions in connection with the provision and access and use of the Services, including without limitation, any intellectual property or privacy claims relating to the Customer’s Application, Customer Uploaded Data and any violation by Customer or End Users of the provisions of Section 4.4(Restrictions). Customer will pay all costs, reasonable legal fees and any settlement amounts agreed to be paid by Customer or damages awarded against Datica in connection with any such Claim.

8.1.5 Conditions of Indemnification.As a condition of the foregoing obligations: (a) the indemnified party (“Indemnified Party”) will promptly notify the indemnifying party (“Indemnifying Party”) of any Claim; (b) the Indemnifying Party will have the sole and exclusive authority to defend or settle any such Claim (provided that, the Indemnifying Party will obtain the Indemnified Party’s consent in connection with any act or forbearance required by the Indemnified Party, which consent will not be unreasonably withheld); and © the Indemnified Party will reasonably cooperate with the Indemnifying Party in connection with the Indemnifying Party’s activities hereunder, at the Indemnifying Party’s expense.

9 Exclusion of Damages; Limitation of Liability


10 Termination

10.1 Term

The term of this Agreement will commence on the date this Agreement is fully signed by the Customer and Datica and remains in effect until terminated.

10.2 Termination

Either party may terminate this Agreement in the event the other party commits any material breach of this Agreement and fails to remedy such breach within fifteen (15) days after written notice of such breach. Datica may also suspend the Services immediately upon notice for cause if: (a) Customer violates (or gives Datica reason to believe it has violated) any provision of the Datica Acceptable Use Policy; (b) if Customer is in breach of Section 5 of this Agreement, provided that the suspension will continue only for so long as reasonably necessary for Customer to remedy the breach; © if Datica determines, in its sole discretion, that its provision of any of the Datica Services is prohibited by applicable law, or has become impractical or unfeasible for any legal or regulatory reason; or (d) subject to applicable law, upon Customer’s liquidation, commencement of dissolution proceedings, disposal of Customer assets or change of control, a failure to continue business, assignment for the benefit of creditors, or if Customer become the subject of bankruptcy or similar proceeding. If Customer terminates this Agreement or an applicable Order Form due to Datica’s breach, Datica will refund a pro-rata share of any pre-paid fees. If all Service Order Forms under this Agreement have expired or been terminated, either party may terminate this Agreement for convenience by providing written notice. Upon expiration of this Agreement or a Service Order, Customer will notify its Users that their access to the Services has terminated, and Datica may withhold, remove or discard any content, data, or other information that Customer Users post or upload to Datica’s system while using the Services. Datica is not obligated to store, maintain or provide a copy of any content or data that Customer or its Users made available or provided when using the Services.

10.3 Survival

Upon termination or expiration of this Agreement, Customer’s payment obligations, the terms of this Section 10 and the terms of the following Sections will survive: Section 4.3 (Use of Data), Section 4.1 (Use of Datica Services), Section 4.4 (Restrictions), Section 6 (Ownership and Confidentiality), Section 7 (Disclaimer), Section 8 (Indemnification), Section 9 (Exclusion of Damages; Limitation of Liability) and Section 11 (Miscellaneous).

11 Miscellaneous

11.1 Compliance with Laws

Each party will comply with the applicable laws and regulations relating to their respective activities under this Agreement.

11.2 Assignment

Neither party hereto may assign or otherwise transfer this Agreement, in whole or in part, without the other party’s prior written consent, except that either party may assign this Agreement without consent to a successor to all or substantially all of its assets or business. Any attempted assignment, delegation, or transfer by either party in violation hereof will be null and void

11.3 Amendment Waiver

No modification to this Agreement, nor any waiver of any rights, will be effective unless consented to in a writing signed by both parties. Any waiver of any breach or default by either party will not constitute a waiver of any other right or any subsequent breach or default. Failure or delay by either party to enforce any provision of this Agreement will not be deemed a waiver of future enforcement of that or any other provision.

11.4 Relationship

Each party is an independent contractor in the performance of each and every part of this Agreement. Each party will be solely responsible for all of its employees and agents and its labor costs and expenses arising in connection therewith and for any and all claims, liabilities or damages or debts of any type whatsoever that may arise on account of its activities, or those of its employees or agents, in the performance of this Agreement. Neither party has the authority to commit the other party in any way and will not attempt to do so or imply that it has the right to do so.

11.5 Unenforceability

In the event that any provision of this Agreement is held by a court or other tribunal of competent jurisdiction to be unenforceable, such provision will be limited or eliminated to the minimum extent necessary to render such provision enforceable and, in any event, the remainder of this Agreement will continue in full force and effect.

11.6 Governing Law: Venue

This Agreement shall be governed by and construed in accordance with the internal laws of the State of California without reference to the conflict of laws provisions thereof. For any disputes relating to the interpretation, execution or enforcement of this Agreement or arising from the dealings between Provider, Customer and any third parties under this Agreement shall be dealt with under the exclusive jurisdiction and venue of the courts of the State of California, sitting in San Francisco County, or the United States Federal Court for the District of California, and the parties irrevocably submit for all purposes to the jurisdiction of each such court.

11.7 Dispute Resolution

The parties will attempt to resolve any dispute related to this Agreement through good faith and informal negotiations. If initial negotiation does not resolve the dispute, each party will escalate the dispute to the executive sponsor of this Agreement to attempt to resolve the dispute. If the parties are unable to resolve the dispute through negotiation, the parties will select a mutually agreed mediator in a mutually agreed location to attempt to resolve the dispute. In the event of any adjudication of any dispute under this Agreement, the prevailing party in such action may seek to recover reimbursement of its attorneys’ fees and related costs by the other party. Any breach of confidentiality obligations in this Agreement, or any unauthorized use of the services or a party’s intellectual property by the other party, may cause irreparable harm

11.8 Notices

Any notice required or permitted to be given hereunder will be given in writing to the party at the address specified in this Agreement or in any Service Order by personal delivery, certified mail, return receipt requested, or by overnight delivery.

11.9 Electronic Signature

Original signatures transmitted and received via electronic transmission of a scanned document (via secure email or a service such as provided by DocuSign) are true and valid signatures for all purposes hereunder and shall bind the parties to the same extent as that or an original signature. This Agreement may be executed in multiple counterparts, each of which shall be deemed to constitute an original but all of which together shall constitute only one document.

11.10 Other Terms

This Agreement supersedes all prior and contemporaneous proposals, statements, sales materials or presentations and agreements, oral and written. No oral or written information or advice given by Datica, its agents or employees will create a warranty or in any way increase the scope of the warranties in this Agreement. There will be no force or effect to any different terms of any related purchase order or similar form even if signed by the parties after the date hereof.

11.11 Force Majeure

A party is not liable under this Agreement for non-performance caused by events or conditions beyond that party’s control (each, a “Force Majeure Event”) if the party makes reasonable efforts to perform. Either party may terminate this Agreement on written notice to the other party if the Force Majeure Event continues more than 30 days.

11.12 Export Regulations

Customer agrees to comply with all applicable export and re-export control laws and regulations, including the Export Administration Regulations (“EAR”) maintained by the United States Department of Commerce. Specifically, Customer covenants that it shall not, directly or indirectly, sell, export, re-export, transfer, divert, or otherwise dispose of any software, source code, or technology (including products derived from or based on such technology) received from Provider under this Agreement to any country (or national thereof) subject to antiterrorism controls or U.S. embargo, or to any other person, entity, or destination prohibited by the laws or regulations of the United States, without obtaining prior authorization from the competent government authorities as required by those laws and regulations. Customer agrees to indemnify, to the fullest extent permitted by law, Provider from and against any fines or penalties that may arise as a result of Customer’s breach of this provision.

11.13 Entire Agreement: Counterparts

The Exhibits attached hereto are incorporated herein by this reference, are an integral part of the Agreement, and will be read and interpreted together with the Agreement as a single document. This Agreement (including all Exhibits and addendums attached hereto), together with the Service Orders and any applicable non-disclosure agreements, sets forth the complete, exclusive and final statement of the agreement between the parties as to the subject matter hereof and supersedes all prior and contemporaneous agreements, understandings, negotiations and discussions, whether oral or written, between the parties regarding such subject matter. This Agreement may only be modified, amended, or any rights under it waived, by a written document executed by the Parties. This Agreement may be executed in two or more counterparts, each of which will be deemed an original, but all of which together shall constitute one and the same instrument.

Datica Acceptable Use Policy

This Acceptable Use Policy describes actions that Datica prohibits when any person uses the Datica Services (“Services”), including parties (“Customerâ€) to a separate agreement with Datica who use the Datica Services. In the event of a conflict between this Acceptable Use Policy and an underlying Agreement with a Customer, the underlying Agreement shall govern.

The Datica Services may not be used in any illegal, abusive or other manner that interferes with the business or activities of any other party, including being used in violation of HIPAA. The following list gives examples of prohibited actions, including types of email and content. This list is provided by way of example and should not be considered exhaustive.

Prohibited Actions

  • Attempting to bypass or break any security mechanism on any of the Datica Services or using the Datica Services in any other manner that poses a security or service risk to Datica or any of its users or customers.

    • Testing or reverse-engineering the Datica Services in order to find limitations, vulnerabilities or evade filtering capabilities.

    • Removing any copyright, trademark or other proprietary rights notices contained in or on the Services;

    • Reformatting or framing any portion of the web pages that are part of the Services administration display without Datica’s permission.

    • Using the Datica Platform in connection with illegal peer-to-peer file sharing.

    • Launching or facilitating, whether intentionally or unintentionally, a denial of service attack on any of the Datica Services or any other conduct that adversely impacts the availability, reliability or stability of the Datica Services.

  • Reusing, without explicit permission, documentation, policies, or other content provided by Datica.

  • Utilizing Datica Services in a way that knowingly violates HIPAA rules.

Prohibited Content

  • Content that infringes a third party’s rights (e.g., copyright) according to applicable law;

  • Excessively profane content;

  • Any hate-related or violent content or contains any other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third party rights;

  • Content advocating racial or ethnic intolerance; Content intended to advocate or advance computer hacking or cracking;

  • Gambling;

  • Other illegal activity, including without limitation illegal export of controlled substances or illegal software;

  • Illegal drug paraphernalia;

  • Phishing;

  • Malicious content, sending, uploading, distributing or disseminating or offering to do the same with respect to any unlawful, defamatory, harassing, abusive, fraudulent, infringing, obscene, or otherwise objectionable content;

  • or

  • Other material, products or services that violate or encourage conduct that would violate any criminal laws, any other applicable laws, or any third-party rights.

Prohibited Email

  • Transmitting any material that contains viruses, trojan horses, worms or any other malicious, harmful, or deleterious programs.

  • Using the Datica Services in any manner that violates any applicable industry standards, third party policies or requirements that Datica may communicate to its users.

  • Engaging in any unsolicited advertising, marketing or other activities, including, without limitation, any activities that violate anti-spam laws and regulations including, but not limited to, the CAN SPAM Act of 2003.

  • Using the Datica Services in connection with any unsolicited or harassing messages (commercial or otherwise).

  • Using Datica Services to engage in fraudulent activity with respect to third parties.

  • Violating or facilitating the violation of any local or foreign law, including laws regarding the transmission of data or software.

  • Taking any action to encourage or promote any activity prohibited under this Acceptable Use Policy.

  • Transmitting any material that infringes the intellectual property rights or other rights of third parties.

  • Transmitting any material that is libelous, defamatory, discriminatory or otherwise malicious or harmful to any person or entity.

  • Creating a false identity or forged email address or header, or otherwise attempting to mislead others as to the identity of the sender or the origin of a message, imitating or impersonating another person or his, her or its email address, or creating false accounts for the purpose of sending spam.

  • Unauthorized data mining any web property (including Services) to find email addresses or other user account information.

  • Sending unauthorized email via open, third-party servers.

  • Sending emails to users who have requested to be removed from an applicable mailing list.

  • Selling, exchanging or distributing to a third party the email addresses of any person without any legally required consent to such disclosure.

  • Sending unsolicited emails to significant numbers of email addresses belonging to individuals and/or entities with whom Customer or its Authorized Users have no preexisting relationship in violation of applicable law.

Customer Content on the Services and Take Down Obligations

  • Customer agrees to promptly take down any content that violates this Acceptable Use Policy, including pursuant to a take-down request from Datica. In the event that Customer elects not to comply with a request from Datica to take down certain Content, Datica reserves the right to directly take down such Customer Content or to disable Applications upon reasonable prior written notice.

  • In the event that Customer becomes aware of any violation of this Agreement by a user of one of Customer’s applications, Customer shall promptly terminate such users’ account on the Customer application. Datica reserves the right to disable Customer’s applications in response to a violation or suspected violation of this Agreement.

  • Customer agrees that it is solely responsible for (and that Datica has no responsibility to it or to any third party for) the Customer application or any content that it creates, transmits or displays while using the Datica Services and for the consequences of its actions (including any loss or damage which Datica may suffer) by doing so, except to the extent caused by the Services or Datica.

  • Customer agrees that Datica has no responsibility or liability for the deletion or failure to store any Customer content and other communications maintained or transmitted through use of the Service.

PaaS Terms and Conditions

In addition to the General Terms and Conditions, use of the Datica Platform As A Service (PaaS) is subject to the following additional terms and conditions:

1 Additional Defined Terms

Audit Logging” means a secure storage Service for Customer Application and System logs that may be used for audit purposes. Specifics of the amount of log data stored and archival needs shall be separately defined by the underlying Service Order.

Disk Encryption” means that “data at rest” are encrypted on the hard disk(s) on which Customer Application is deployed.

Encryption In-transit” means that any and all network traffic to and from the Customer Application within the Datica Platform shall be encrypted.

Protected Health Information” or “PHI” or “ePHI” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103, limited to the information received by Datica from or on behalf of a Customer.

System Monitoring“ means monitoring services of Customer System. Some potential examples included, but are not limited to, tracking System performance, utilization, access controls, file integrity, and intrusion detection.

2 Encryption

All PaaS Customers will have Disk Encryption enabled by default. All network traffic will have Encryption In-transit enabled by default. Datica Encryption Policies are outlined in detail here.

3 Logging Services

Audit Logging will be enabled on request by Customer. Only the most recent fourteen (14) days of log data will be indexed and available. Older logs will be archived. Datica Auditing Policies are outlined in detail here.

4 Monitoring Services

All deployments will have System Monitoring enabled by default. Additional access and enablement of custom monitoring rules can be enabled on request; Datica reserves the right to charge additional fees for custom monitoring rules. Datica Auditing Policies are outlined in detail here.

5 Term

The term of the Subscription Agreement shall be twelve (12) months and payable monthly from the Service Order Effective Date. Following the initial term, the Service Order shall automatically renew for an additional 12 months at the prices then in effect for Services unless either party provides sixty (60) days’ prior written notice of its intent not to renew prior to the expiration of the then current term. Provider may terminate this Service Order in accordance with the Subscription Agreement. Customer may terminate the Service Order under which such Services were ordered by providing written notice to Provider at least sixty (60) days prior to the termination effective date. Customer shall have no right to terminate the Service Order unless the termination effective date is at least sixty (60) days after the Service Order Effective Date.

Service Level and Support Agreement

1 Defined Terms

“Business Day” means Monday through Friday excluding national United States holidays.

“Business Hours” means 9:00 a.m. to 5:00 p.m. Central time of a Business Day.

“Integrating Organization” means an organization with which Customer (via Datica) has an active interface.

“Authorized User” means individuals authorized to use a Service.

“Interface” means a secure bridge connecting a Customer and their Integrating Organization that transfers specific data in a particular direction (inbound to the Customer or outbound to the Integrating Organization), optionally based on a standard format e.g. HL7 ADT.

“Production Integration” means a specific Interface that has completed testing and is being used to transmit production data and electronic Patient Health Information (ePHI).

“Error” means a failure of a Service, including without limitation a failure to conform to the documentation, resulting in the inability to use, or material restriction in the use of a Service.

“Update”means either a Service modification or addition that, when made or added to the Service, corrects an Error, or a procedure or routine that, when observed in the regular operation of the Service, eliminates the practical adverse effect of the Error.

2 Service Availability and Service Availability Credits

Datica will use commercially reasonable efforts to make the Services Available as described below:

Service Category


Availability Requirement

The monthly availability percentage is ninety nine point nine percent (99.9%) as measured over the course of each calendar month during the Term, excluding interruptions described below.

Scheduled Downtime

7:00 pm – 12:00 am CST weekly on Tuesdays, or as Datica otherwise notifies Customer no less than twenty-four (24) hours in advance. Any such outages in excess of 2 hours, or outside the schedule above shall be considered Unplanned Outages (defined below).

Unplanned Outages

Maximum two (2) hours over a reference period of one (1) month. Datica will promptly notify Customer of any Unplanned Outage, including a description of the Unplanned Outage and the expected or estimated time until normal operations will resume.

Exceptions to Availability

No period of Service degradation or inoperability will be included in calculating Availability to the extent caused by:
(1) outages caused by the failure of public network or communications components;
(2) Customer’s misuse of Services; including their Integrating Organizations or their Authorized Users;
(3) unauthorized use or misuse by Customer or anyone using any of the Customer passwords, unless Customer has not taken industry standard steps to protect the Services from unauthorized access, intrusion, and disruption;
(4) failures of Customer or any of its Authorized Users’ internet connectivity;
(5) Scheduled Downtime as set forth above;
(6) Force Majeure Event;
(7) disabling, suspension or termination of the Services.

2.1 Customer Reporting

Customer shall report any Service degradation or impaired ability to use the Services, included unscheduled system downtime and any Error to Datica’s maintenance email (support@datica.com) promptly, but not more than twenty-four (24) hours upon becoming aware or receiving notice of such Service downtime, error, bug, or defect.

2.1 Sole Remedies for Failure to Meet the Service Availability commitment

For each calendar month in which a Service has Availability of:


less than 99.9% but above 95%, Datica shall, upon Customer’s request made within thirty (30) days of the end of the calendar month, provide Customer with a written plan for improving Datica’s Service Availability to attain the 99.9% availability as defined in Section 4 and Datica shall promptly implement such plan;

2.1.2 between 95% and 90%, Datica shall, upon Customer’s request made within thirty (30) days of the end of that calendar month, provide Customer with a service credit in an amount equal to one half of one month of the specific Service and the action plan under subpart (1) above;

2.1.3 less than 90%, Datica shall, upon Customer’s request made within thirty (30) days of the end of that calendar month, provide Customer with a service credit in an amount equal to one month of the specific service and the action plan under subpart (a) above. Customer may also terminate this Agreement upon thirty (30) days’ written notice (which notice must be given within sixty (60) days of the end of the calendar month in which the Service Availability was less than 90%.

Customer shall not exercise the rights in this Section 2.1 without a reasonable basis or belief that the applicable Service Availability commitment was not satisfied. If Customer believes that Datica has failed to achieve an Uptime commitment in any given month, Customer shall provide written notice to Datica and Datica shall promptly provide a report that contains true and correct information detailing Datica’s actual Service Availability performance. THIS SECTION 2.1 SETS FORTH CUSTOMER’S SOLE AND EXCLUSIVE REMEDY, AND DATICA’S ENTIRE LIABILITY, SOLELY FOR ANY FAILURE TO MEET THE SERVICE AVAILABILITY COMMITMENT.

3 Service Maintenance

3.1 Updates and Service Errors

Datica shall maintain the Services to optimize Availability. Such maintenance services shall include providing to Customer all updates, bug fixes, enhancements, new releases and other improvements to the Services that Datica makes at no additional charge to its other similarly situated customers.

Datica shall make commercially reasonable efforts to provide an Update designed to solve or bypass a reported Error. Datica shall reasonably determine the priority level of Errors, pursuant to the following protocols and take the following actions as provided in Section 3.2.

3.2 Support Service Level Requirements

3.2.1 Severity 1 Errors: Datica shall promptly initiate the following procedures: (1) assign personnel to correct the Error on an expedited basis; (2) provide ongoing communication on the status; and (3) begins to provide a temporary workaround or fix. A Severity One Error means the (i) production system is severely impacted or completely shut down, or (ii) system operations or mission-critical Services are down.

3.2.2 Severity 2 Errors:Datica shall assign a Datica personnel to begin an Update, and provide additional, escalated procedures as reasonably determined necessary by Datica Support Services staff. Datica exercises commercially reasonable efforts to provide a workaround or include a fix for the Severity 2 Errors in the next update or release. A Severity Two Error means (i) the production system is functioning with limited capabilities, or (ii) is unstable with periodic interruptions, or (iii) mission critical Services, while not being affected, has experienced system interruptions.

3.2.3 Severity 3 Errors: Datica may include an Update in the next release. A Severity Three Error means there (i) are errors in fully operational production systems, (ii) is a need to clarify procedures or information in documentation, or (iii) is a request for a product enhancement.

3.3 Support Requests and Response Time Service Levels**

Datica will respond to Customer reports of a problem based on the severity. Upon receipt of a request for support or report of a problem, Datica will respond to Customer with an assigned level of priority based on the response times shown in the following table.

Service Category


Initial Response Time

Priority One: Urgent. A crisis has occurred - a system is down, a major operational function is unavailable or a critical interface has failed

Production system is down or crashing frequently. A business critical operation cannot be performed

< 1 business hours

Priority Two: High. Any problem critical to Customer success and requiring immediate resolution

Any problem critical to Customer success and requiring immediate resolution

< 4 business hours

Priority Three: Normal. Priority three situations include problems to be resolved as soon as possible. Most of these have acceptable workarounds, or the Product recovers by itself.

Errors in production systems but still fully functional. Malfunction in non-critical functions

< 1 business day

Priority Four: Low. Priority four situations are technical questions or problems requiring resolution - many of which are of “how to” nature

Need clarification of procedures or information in documentation. Attributes or options do not operate as stated. Product enhancement requests. Documentation is incorrect

< 2 business days

4 Support Services Responsibilities

4.1 Online and email support

Datica shall provide email support during Business Hours and shall provide online access to technical support bulletins and forums, to the full extent Datica makes such resources available to its other customers.

4.2 Phone support

Datica shall provide phone support during Business Hours.

4.3 Correction of Service Errors

Datica shall correct all Service Errors in accordance with the Support Service Level Requirements as specified in Section 3.2.

4.4 Response and Resolution of Support Requests

Datica shall respond to and resolve Support requests as specified in this Section 4.

4.5 Conditions for providing support

Datica’s obligation to provide support services is conditioned upon the following: (a) the Customer and, where applicable the Integrating Organization, making reasonable efforts to solve the problem; and (b) the Customer and Integrating Organization providing Datica with reasonably sufficient information and resources to correct the problem as well as reasonable access to the personnel, hardware, and any additional systems involved in discovering and resolving the problem.

4.6 Exclusions from Datica’s support services

Datica is not obligated to provide support services in the following situations: (a) the problem is caused by Customer’s or Integrating Organization’s negligence, hardware malfunction or other causes beyond the reasonable control of Datica; (b) the problem is with third party software not made available through or used by Datica; © the problem is with an individual user’s desktop or browser software; (d) Customer has not paid services fees under the Agreement when due, or Customer or Integrating Organization has failed to install updates or follow written instructions provided to it by Datica regarding the Production Interface.

Website Privacy Policy

Datica Health, Inc. (“Datica” or the “Company”) is committed to protecting the privacy of your information. This Privacy Statement describes Datica’s Web site privacy practices.

1 Web Site Covered

This Privacy Statement covers the information practices of http://datica.com.

2 Information Collected

Datica offers a variety of services that are collectively referred to as the “Services.” Datica collects information from individuals who visit the Company’s Web site (“Visitors”) and individuals who register to use the Services (“Customers”).

When expressing an interest in obtaining additional information about the Services or registering to use the Services, Datica requires you to provide the Company with personal contact information, such as name, company name, address, phone number, and email address (“Required Contact Information”). When purchasing the Services, Datica requires you to provide the Company with financial qualification and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services (“Billing Information”). Datica may also ask you to provide additional information, such as company annual revenues, number of employees, or industry (“Optional Information”). Required Contact Information, Billing Information, and Optional Information are referred to collectively as “Data About Datica Customers.”

As you navigate the Company’s Web site, Datica may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Company’s Web site (such as the Web pages viewed and the links clicked).

3 Use of Information Collected

The Company uses Data About Datica Customers to perform the services requested. For example, if you fill out a “Contact Me” Web form, the Company will use the information provided to contact you about your interest in the Services.

The Company may also use Data About Datica Customers for marketing purposes. For example, the Company may use information you provide to contact you to further discuss your interest in the Services and to send you information regarding the Company and its partners, such as information about promotions or events.

Datica uses credit card information solely to check the financial qualifications of prospective Customers and to collect payment for the Services.

Datica uses Web Site Navigational Information to operate and improve the Company’s Web site. The Company may also use Web Site Navigational Information alone or in combination with Data About Datica Customers to provide personalized information about the Company.

4 Web Site Navigational Information

Datica uses commonly-used information-gathering tools, such as cookies and Web beacons, to collect information as you navigate the Company’s Web site (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information that may be collected on the Company’s Web site and how this information may be used.

4.1 Cookies

Datica uses cookies to make interactions with the Company’s Web site easy and meaningful. When you visit the Company’s Web site, Datica’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you. They merely recognize your Web browser. Unless you choose to identify yourself to Datica, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Me” Web form), you remain anonymous to the Company. Datica uses cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer.

If you have chosen to identify yourself to Datica, the Company uses session cookies containing encrypted information to allow the Company to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed your browser. These session cookies allow the Company to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use the Services.

Datica uses persistent cookies that only the Company can read and use to identify browsers that have previously visited the Company’s Web site. When you purchase the Services or provide the Company with personal information, a unique identifier is assigned you. This unique identifier is associated with a persistent cookie that the Company places on your Web browser. The Company is especially careful about the security and confidentiality of the information stored in persistent cookies. For example, the Company does not store account numbers or passwords in persistent cookies. If you disable your Web browser’s ability to accept cookies, you will be able to navigate the Company’s Web site, but you will not be able to successfully use the Services.

Datica may use information from session and persistent cookies in combination with Data About Datica Customers to provide you with information about the Company and the Services.

4.2 Web Beacons

Datica may use Web beacons alone or in conjunction with cookies to compile information about Customers and Visitors’ usage of the Company’s Web site and interaction with emails from the Company. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular Web site tied to the Web beacon, and a description of a Web site tied to the Web beacon. For example, Datica may place Web beacons in marketing emails that notify the Company when you click on a link in the email that directs you to one of the Company’s Web site. Datica uses Web beacons to operate and improve the Company’s Web site and email communications.

Datica may use information from Web beacons in combination with Data About Datica Customers to provide you with information about the Company and the Services.

4.3 Flash Cookies

Datica may use local shared objects, also known as Flash cookies, to store your preferences or display content based upon what you view on our site to personalize your visit. Third parties, with whom the Company partners to provide certain features on our site or to display advertising based upon your Web browsing activity, use Flash cookies to collect and store information.

Flash cookies are different from browser cookies because of the amount of, type of, and how data is stored. Cookie management tools provided by your browser will not remove Flash cookies. To learn how to manage privacy and storage settings for Flash cookies click here.

4.4 IP Addresses

When you visit Datica’s Web site, the Company collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, Datica uses IP addresses to monitor the regions from which Customers and Visitors navigate the Company’s Web site.

4.5 Third Party Cookies

From time-to-time, Datica engages third parties to track and analyze usage and volume statistical information from individuals who visit the Company’s Web site. Datica may also use other third-party cookies to track the performance of Company advertisements. The information provided to third parties does not include personal information, but this information may be re-associated with personal information after the Company receives it.

Datica may also contract with third-party advertising networks that collect IP addresses and other Web Site Navigational Information on the Company’s Web site and emails and on third-party Web sites. Ad networks follow your online activities over time by collecting Web Site Navigational Information through automated means, including through the use of cookies. They use this information to provide advertisements about products and services tailored to your interests. You may see these advertisements on other Web sites. This process also helps us manage and track the effectiveness of our marketing efforts.

5 Public Forums, Refer a Friend, and Customer Testimonials

Datica may provide bulletin boards, blogs, or chat rooms on the Company’s Web site. Any personal information you choose to submit in such a forum may be read, collected, or used by others who visit these forums, and may be used to send you unsolicited messages. Datica is not responsible for the personal information you choose to submit in these forums.

Customers and Visitors may elect to use the Company’s referral program to inform friends about the Company’s Web site. When using the referral program, the Company requests the friend’s name and email address. Datica will automatically send the friend a one-time email inviting him or her to visit the Company’s Web site. Datica does not store this information.

Datica may post a list of Customers and testimonials on the Company’s Web site that contain information such as Customer names and titles. Datica obtains the consent of each Customer prior to posting any information on such a list or posting testimonials.

6 Sharing of Information Collected

Datica may share Data About Datica Customers with the Company’s service providers so that these service providers can contact Customers and Visitors who have provided contact information on our behalf. Datica may also share Data About Datica Customers with the Company’s service providers to ensure the quality of information provided. 

Unless described in this privacy statement, Datica does not share, sell, rent, or trade any information provided with third parties for their promotional purposes.

From time to time, Datica may partner with other companies to jointly offer products or services. If you purchase or specifically express interest in a jointly-offered product or service from Datica, the Company may share Data About Datica Customers collected in connection with your purchase or expression of interest with our joint promotion partner(s). Datica does not control our business partners’ use of the Data About Datica Customers we collect, and their use of the information will be in accordance with their own privacy policies. If you do not wish for your information to be shared in this manner, you may opt not to purchase or specifically express interest in a jointly offered product or service.

Datica uses a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use Billing Information except for the sole purpose of credit card processing on the Company’s behalf.

Datica reserves the right to use or disclose information provided if required by law or if the Company reasonably believes that use or disclosure is necessary to protect the Company’s rights and/or to comply with a judicial proceeding, court order, or legal process.

7 Communications Preferences

Datica offers Customers and Visitors who provide contact information a means to choose how the Company uses the information provided. You may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of the Company’s marketing emails. Additionally, you may send a request specifying your communications preferences to support@datica.com. Customers cannot opt out of receiving transactional emails related to their account with Datica or the Services.

8 Correcting and Updating Your Information

Customers may update or change their registration information by logging in to their accounts at https://datica.com. Requests to access, change, or delete your information will be handled within 30 days.

9 Security

Datica uses appropriate administrative, technical, and physical security measures to protect Data About Datica Customers.

10 Changes to this Privacy Statement

Datica reserves the right to change this Privacy Statement. Datica will provide notification of the material changes to this Privacy Statement through the Company’s Web site at least thirty (30) business days prior to the change taking effect.

11 Contacting Us

Questions regarding this Privacy Statement or the information practices of the Company’s Web site should be directed to support@datica.com or by mailing Datica Privacy, 8362 Tamarack Village #119, Woodbury, MN 55125.

Last updated August 26th, 2021.

These policies are inspired by the policies of Google App Engine and Heroku. The original works have been modified. Datica is not affiliated with or sponsored by Google or Heroku.