Terms and Conditions

Terms of Use (T&U) and End User License Agreement (EULA)

Updated: 24th March 2025

This is a legal agreement between you (“you” or “your”) and Corti Inc. or Corti ApS (“Corti,” “we,”
“us,” or “our”). These Platform Terms of Use and End User License Agreement specify the terms
under which you may access and use our proprietary software as a service (SaaS) platform that
is made available to you as a web application and/or a mobile application (if any) (the
“Platform”).

Acknowledgment


PLEASE READ THESE TERMS OF THIS END USER LICENSE AGREEMENT AND
TERMS OF SERVICE (THE “AGREEMENT”) CAREFULLY. BY ACCESSING AND/OR
USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD,
AND AGREE TO BE LEGALLY BOUND BY THESE END USER LICENSE AGREEMENT
AND TERMS OF USE, AND THE TERMS AND CONDITIONS OF OUR PRIVACY POLICY
(THE “PRIVACY POLICY”), WHICH IS HEREBY INCORPORATED INTO THESE TERMS OF
USE AND MADE A PART HEREOF BY REFERENCE (COLLECTIVELY, THE “AGREEMENT”).
IF YOU DO NOT AGREE TO ANY OF THE TERMS IN THIS AGREEMENT, THEN PLEASE DO
NOT USE THE PLATFORM.


If you accept or agree to the Agreement on behalf of a company or other legal entity, you
represent and warrant that you have the authority to bind that company or other legal entity to
the Agreement and, in such event, “you” and “your” will refer and apply to that company or other
legal entity.


We reserve the right, at our sole discretion, to modify, discontinue, or terminate the Platform, or
to modify the Agreement, at any time and without prior notice. If we modify the Agreement, we
will post the modification on the Platform. By continuing to access or use the Platform after we
have posted a modification on the Platform, you are indicating that you agree to be bound by
the modified Agreement. If the modified Agreement is not acceptable to you, your only recourse
is to cease using the Platform.


THE SECTIONS BELOW TITLED “BINDING ARBITRATION” AND “CLASS ACTION WAIVER”
CONTAIN A BINDING ARBITRATION AGREEMENT AND CLASS ACTION WAIVER. THEY
AFFECT YOUR LEGAL RIGHTS. PLEASE READ THEM.


Capitalized terms not defined in these Terms of Use shall have the meaning set forth in our
Privacy Policy.


1. LICENSE AND RIGHT TO ACCESS AND USE THE PLATFORM

Subject to the terms of this Agreement, we hereby grant you during the Term of this Agreement
a limited, non-exclusive, non-transferable, non-sublicensable, revocable right and license, to
authorize your Authorized Users to access and use the Platform solely for your internal
business purposes to evaluate the Platform.


1. RESTRICTIONS


The Platform is available only for individuals aged 18 years or older. If you are under 18 years of
age, then please do not access and/or use the Platform. By entering into this Agreement, you
represent and warrant that you are 18 years or older.


You will not (and will not authorize, permit, or encourage any third party to): (i) reverse engineer,
decompile, disassemble, or otherwise attempt to discern the source code or interface protocols
of the Platform; (ii) modify, adapt, or translate the Platform, or any portion or component thereof;
(iii) make any copies of the Platform, or any portion or component thereof; (iv) lease, resell,
distribute, transmit, host, outsource, disclose or sublicense the Platform, or any portion or
component thereof; (v) remove, alter, obscure or modify any proprietary markings or restrictive
legends placed on the Platform; (vi) use the Platform, or any portion or component thereof in
violation of any applicable law, in order to build a competitive product or service, or for any
purpose not specifically permitted in this Agreement; (vii) introduce, post, or upload to the
Platform any virus, worm, “black door,” Trojan Horse, or similar harmful code; (viii) save, store,
or archive any portion of the services (including, without limitation, any data contained therein)
outside the Platform other than those outputs generated through the intended functionality of the
Platform without the prior, written permission of Corti in each instance; (ix) use the Platform in
connection with service bureau, timeshare, service provider or like activity whereby you operate
the Platform for the benefit of a third party; or (x) circumvent any processes, procedures, or
technologies that we have put in place to safeguard the Platform.


If you violate this section, we reserve the right in our sole discretion to immediately deny you
access to the Platform, or any portion of thereof, without notice. We reserve the right to change
the availability of any feature, function, or content relating to the Platform, at any time, without
notice or liability to you.


2. AUTHORIZED USERS


Your employees and contractors who access and use the Platform on your behalf are referred to
herein as “Authorized Users.” Each Authorized User must create an account by providing
his/her email address and creating a password (collectively “Login Credentials”). Login
Credentials cannot be shared between Authorized Users or by any Authorized User with a third
party. Login Credentials must be kept confidential. You agree to immediately notify us of any
unauthorized use or suspected unauthorized use of any Login Credentials. You are fully
responsible for all activities, and use or misuse of the Platform, that is associated with any
Authorized User’s Login Credentials. You are also responsible for ensuring that your Authorized
Users comply with these Terms of Use. You will promptly inform us of any need to deactivate or change any Login Credentials. We have the right to disable any Platform account username or
password at any time for any reason, including if in our sole discretion we believe that you have
failed to comply with these Terms of Use.


3. USE OF PERSONAL INFORMATION


Your use of the Platform may involve the transmission to us of certain personal information. Our
policies with respect to the collection and use of such personal information are governed
according to our Privacy Policy, which is hereby incorporated by reference in its entirety.


4. OWNERSHIP


The Platform contains material, such as software, text, graphics, images, sound recordings,
audiovisual works, and other material provided by or on behalf of Corti (collectively referred to
as the “Content”). The Content may be owned by us or by third parties. The Content is protected
under both United States and foreign laws. Unauthorized use of the Content may violate
copyright, trademark, and other laws. You have no rights in or to the Content, and you will not
use the Content except as permitted under this Agreement. No other use is permitted without
prior written consent from us. You must retain all copyright and other proprietary notices
contained in the original Content on any copy you make of the Content. You may not sell,
transfer, assign, license, sublicense, or modify the Content or reproduce, display, publicly
perform, make a derivative version of, distribute, or otherwise use the Content in any way for
any public or commercial purpose. The use or posting of the Content on any other website or in
a networked computer environment for any purpose is expressly prohibited.

The Platform, including without limitation all copyrights, patents, trademarks, trade secrets and
other intellectual property rights are, and shall remain, the sole and exclusive property of the
Company.

The Services are licensed, not sold to You, for use only in accordance with this Agreement. We
reserve all rights not expressly granted to You. The Services are protected by United States
copyright laws and international copyright treaties, as well as by other intellectual property laws
and treaties. Except as expressly permitted herein, You may not make a copy of the Services or
any associated User Documentation. Additionally, You may reproduce all User Documentation
for use solely by Administrators and Users provided that; You reproduce all copyright,
confidentiality and other proprietary notices that are on the original copy of the User
Documentation.

If you violate any part of this Agreement, your permission to access and/or use the Content, and
the Platform automatically terminates and you must immediately destroy any copies you have
made of the Content. The trademarks, service marks, and logos of Corti (the “Corti
Trademarks”) used and displayed on the Platform are registered and unregistered trademarks
or service marks of Corti. Other company, product, and service names located on the Platform
may be trademarks or service marks owned by others (the “Third-Party Trademarks,” and, collectively with Corti Trademarks, the “Trademarks”). Nothing on the Platform should be
construed as granting, by implication, estoppel, or otherwise, any license or right to use the
Trademarks, without our prior written permission specific for each such use. Use of the
Trademarks as part of a link to or from any website is prohibited unless establishment of such a
link is approved in advance by us in writing. All goodwill generated from the use of Corti
Trademarks inures to our benefit.

Elements of the Platform are protected by trade dress, trademark, unfair competition, and other
state and federal laws and may not be copied or imitated in whole or in part, by any means,
including, but not limited to, the use of framing or mirrors. None of the Content may be
retransmitted without our express, written consent for each and every instance.


5. YOUR DATA; USAGE DATA; DE-IDENTIFIED DATA; AGGREGATE DATA; AND OUTPUT


For purposes of this Agreement, “Your Data” means any data and information that you and your
Authorized Users submit to the Platform, including but not limited to, Patient Recordings (as
defined below) and the personal information of Authorized Users; “Patient Recordings” means:
(i) the audio and/or video recordings of the sessions between you (or your Authorized Users)
and patient (and the patient’s parents, or other family members or friends, to the extent
participating in such sessions) that you or your Authorized Users conduct and upload to the
Platform; and (ii) the information and data collected and/or gathered by you (or your Authorized
Users) during such sessions that you or your Authorized Users upload to the Platform;
“Protected Health Information” or “PHI” means as that term is defined under the Health
Insurance Portability and Accountability Act of 1996, as amended, and related regulation
(“HIPAA”); ‘’Personal information’’ under GDPR includes all information that is not classified as
special categories of information (sensitive personal information). Health information is
considered as sensitive personal data under GDPR. “Usage Data” means analytical data that
we collect concerning the performance and use of the Platform by you and your Authorized
Users, including, without limitation, date and time that you access the Platform, the portions of
the Platform visited, the frequency and number of times such pages are accessed, the number
of times the Platform is used in a given time period and other usage and performance data;
“Output” meaning includes, without limitation, the medical documentation generated by
processing Your Data through the Platform and provided to you and your Authorized Users
through the Platform.


You own all right, title, and interest in and to Your Data and Output, including all modifications,
improvements, adaptations, enhancements, or translations made thereto, and all intellectual
rights therein. You hereby grant us a non-exclusive, worldwide, fully paid-up, royalty-free right
and license, with the right to grant sublicenses, to reproduce, execute, use, store, archive,
modify, perform, display and distribute Your Data: (i) during the term of this Agreement, in
furtherance of our obligations hereunder; and (ii) for our internal business purposes, including
using such data to analyze, update, and improve the Platform and our analytics capabilities. We
will process any Personal Information orPHI included in Your Data in accordance with the Data Processing Agreement or the Business Associate Agreement attached hereto as Schedule A
(‘’DPA’’ or “BAA”) respectively. You will have sole responsibility for the accuracy, quality, and
legality of Your Data. If the terms of this Agreement conflict with the terms of the DPA or the
BAA, the terms of the DPA or the BAA shall control solely with respect to processing of Personal
Information or PHI. By providing Your Data, you agree to be legally bound by the terms and
conditions of the DPA or the BAA, which is made part of this Agreement.

Pursuant to Section 2a of the BAA, we have the right in our sole discretion to use De-identified
Data and to disclose such De-identified Data to third parties. We may also link your De-identified
Data with your customer ID and use it to customize and train our Platform based on your
specific styles and requirements that can be identified from Your Data.

Notwithstanding anything to the contrary herein, we may use, and may permit our third-party
service providers to access and use, Your Data, as well as any Usage Data that we may collect,
in an anonymous and aggregated form (“Aggregate Data”) for the purposes of operating,
maintaining, managing, and improving our products and services including the Platform.
Aggregate Data does not identify you. You hereby agree that we may collect, use, publish,
disseminate, sell, transfer, and otherwise exploit such Aggregate Data.


6. RETENTION OF YOUR DATA


We retain Your Data in the Platform for the Term of this Agreement and will delete your
information no more than 30 days after the termination of the Agreement.


7. FEES


In exchange for your access to and use of the Platform, you agree to pay the fees for the
applicable subscription plan that you selected at registration within thirty (30) days of receipt of
the invoice. We reserve the right to update and modify our pricing structure with reasonable
notice, with any updated pricing for your subscription plan to go into effect the next announced
period of service. We reserve the right to institute new or additional fees, at any time upon
notice to you. By purchasing a subscription, you agree to pay us through a third-party payment
processor of our choosing. We reserve the right to change our third-party payment processor at
any time.


8. PLATFORM RULES AND CONFIDENTIALITY


By accessing and/or using the Platform, you hereby agree to comply with the following
guidelines:
- You will not use the Platform for any unlawful purpose;
- You will not access or use the Platform to collect any market research for a competing
business;
- You will not upload, post, e-mail, transmit, or otherwise make available any content that:
infringes any copyright, trademark, right of publicity, or other proprietary rights of any person or entity; or constitutes promotion or advertising of any third-party website, product, or service; or is
defamatory, libelous, indecent, obscene, pornographic, sexually explicit, invasive of another’s
privacy, promotes violence, or contains hate speech (i.e., speech that attacks or demeans a
group based on race or ethnic origin, religion, disability, gender, age, veteran status, and/or
sexual orientation/gender identity); or discloses any sensitive information about another person,
including that person’s e-mail address, postal address, phone number, credit card information,
or any similar information.

  • You will not impersonate any person or entity or falsely state or otherwise misrepresent your affiliation with a person or entity.
  • You will not decompile, reverse engineer, or disassemble any software or other products or processes accessible through the Platform.
  • You will not cover, obscure, block, or in any way interfere with any advertisements and/or safety features on the Platform.
  • You will not circumvent, remove, alter, deactivate, degrade, or thwart any of the protections in the Platform.
  • You will not use automated means, including spiders, robots, crawlers, data mining tools, or the like to download or scrape data from the Platform, directly or indirectly, except for Internet search engines (e.g., Google) and non-commercial public archives (e.g., archive.org) that comply with our robots.txt file.
  • You will not take any action that imposes or may impose (in our sole discretion) an unreasonable or disproportionately large load on our technical infrastructure.
  • You will not interfere with or attempt to interrupt the proper operation of the Platform through the use of any virus, device, information collection or transmission mechanism, software or routine, or access or attempt to gain access to any data, files, or passwords related to the Platform through hacking, password or data mining, or any other means.


We reserve the right, in our sole and absolute discretion, to deny you (or any device) access to
the Platform, or any portion thereof, without notice.

You acknowledge and agrees that any and all information emanating from our business in any
form is “Confidential Information,” and You agree that it will not, during or after the term of this
Agreement, permit the duplication, use, or disclosure of any such Confidential Information to
any person (other than an employee, agent, or representative of the other party who must have
such information for the performance of its obligation hereunder), unless such duplication, use,
or disclosure is specifically authorized by the other party in writing. You shall:

a. Not disclose any Confidential Information to any third person without the express written
consent of the disclosing party;

b. not use, directly, indirectly, or in concert with any other person, any Confidential
Information for any purpose other than the performance of their obligations under this
Agreement;

c. use reasonable diligence, and in no event less than that degree of care that such party
uses in respect to its own confidential information of like nature, to prevent the unauthorized disclosure or reproduction of such information. Without limiting the
generality of the foregoing, to the extent that this Agreement permits the copying of
Confidential Information, all such copies shall bear the same confidentiality notices,
legends, and intellectual property rights designations that appear in the original versions.


For the purposes of this Section, the term “Confidential Information” shall not include:
information that is in the public domain; information known to the recipient party as of the date of
this Agreement as indicated by the recipient’s written records, unless the recipient party agreed
to keep such information in confidence at the time of its receipt; and information properly
obtained hereafter from a source who is not under an obligation of confidentiality with respect to
such information; is independently developed by the receiving party through persons who have
not had, either directly or indirectly, access or knowledge of such Confidential Information which
can be verified by independent evidence; or is obligated to be produced under a court order of
competent jurisdiction or a valid administrative or congressional subpoena. You acknowledge
that a breach or threatened breach of its obligations hereunder would cause immediate and
irreparable harm to us for which monetary damages would be an inadequate remedy, and that
We shall be entitled to injunctive relief without the necessity of posting bond or other security.
Unless otherwise agreed to by the Parties in writing, We may use Customer’s name and/or logo
to refer to You as our customer on our website and other marketing materials.


9. MODIFICATIONS AND UPDATES TO THE PLATFORM


We reserve the right to modify, suspend or discontinue, temporarily or permanently, the Platform
or any service to which it connects, with or without notice and without liability to You. We may
from time to time provide enhancements or improvements to the features/functionality of the
Platform, which may include patches, bug fixes, updates, upgrades and other modifications.
Updates may modify or delete certain features and/or functionalities of the Platform. You agree
that we have no obligation to (i) provide any Updates, or (ii) continue to provide or enable any
particular features and/or functionalities of the Platform to You. You further agree that all
updates or any other modifications will be (i) deemed to constitute an integral part of the
Platform, and (ii) subject to the terms of this Agreement.

10. RESTRICTIONS

The Platform is available only for individuals aged 18 years or older. If you are under 18 years of
age, then please do not access and/or use the Platform. By entering into this Agreement, you
represent and warrant that you are 18 years or older.


11. FEEDBACK


We welcome and encourage you to provide feedback, comments, and suggestions for
improvements to the Platform and our services (“Feedback”). Although we encourage you to
e-mail us, we do not want you to, and you should not, e-mail us any content that contains confidential information. With respect to any Feedback you provide, we shall be free to use and
disclose any ideas, concepts, know-how, techniques, or other materials contained in your
Feedback for any purpose whatsoever, including, but not limited to, the development, production
and marketing of products and services that incorporate such information, without compensation
or attribution to you.


12. NO WARRANTIES; LIMITATION OF LIABILITY


THE PLATFORM, THE CONTENT AND OUR SERVICES ARE PROVIDED ON AN “AS IS”
AND “AS AVAILABLE” BASIS, AND NEITHER WE NOR OUR SUPPLIERS MAKE ANY
WARRANTIES WITH RESPECT TO THE SAME OR OTHERWISE IN CONNECTION WITH
THIS AGREEMENT, AND WE HEREBY DISCLAIM ANY AND ALL EXPRESS, IMPLIED, OR
STATUTORY WARRANTIES, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
AVAILABILITY, ERROR-FREE OR UNINTERRUPTED OPERATION, AND ANY WARRANTIES
ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF
TRADE. TO THE EXTENT THAT WE AND OUR SUPPLIERS MAY NOT AS A MATTER OF
APPLICABLE LAW DISCLAIM ANY IMPLIED WARRANTY, THE SCOPE AND DURATION OF
SUCH WARRANTY WILL BE THE MINIMUM PERMITTED UNDER SUCH LAW. THE
PLATFORM, THE CONTENT, AND THE OUTPUT ARE NOT INTENDED TO DIAGNOSE,
TREAT, CURE, OR PREVENT ANY DISEASE OR HEALTH CONDITION OR INTENDED FOR
ANY OTHER MEDICAL PURPOSE. YOU AND YOUR AUTHORIZED USERS ARE SOLELY
RESPONSIBLE AND LIABLE FOR ANY MEDICAL CONCLUSIONS OR TREATMENT
DECISIONS YOU MAKE BASED UPON ANY OUTPUT PROVIDED AND/OR MADE
AVAILABLE THROUGH THE PLATFORM. THE PLATFORM, THE CONTENT AND THE
OUTPUT IS NOT INTENDED TO BE A SUBSTITUTE FOR PROFESSIONAL MEDICAL
ADVICE, DIAGNOSIS OR TREATMENT. WE DO NOT WARRANT, GUARANTEE OR MAKE
ANY REPRESENTATION TO YOU OR ANY AUTHORIZED USER REGARDING THE USE OR
PERFORMANCE OF THE PLATFORM, OR ANY COMPONENT THEREOF OR ANY OUTPUT
PRODUCED BY THE PLATFORM. WE WILL HAVE NO LIABILITY FOR ANY HARM OR
DAMAGE ARISING OUT OF OR IN CONNECTION WITH ANY USE OF THE PLATFORM,
AND/OR THE OUTPUT. WE ARE NOT RESPONSIBLE FOR ANY DECISIONS TAKEN BY
YOU OR ANY OF YOUR AUTHORIZED USERS BASED ON THE OUTPUT PRODUCED
AND/OR MADE AVAILABLE THROUGH THE PLATFORM. YOU AND EACH OF YOUR
AUTHORIZED USER AGREES THAT ITS USE OF THE PLATFORM, THE OUTPUT, OR ANY
COMPONENT THEREOF IS ENTIRELY AT HIS/HER OWN RISK.
WITHOUT LIMITING THE FOREGOING, WE DO NOT WARRANT, GUARANTEE OR MAKE
ANY REPRESENTATION, NOR SHALL WE BE RESPONSIBLE FOR (A) THE
CORRECTNESS, ACCURACY, RELIABILITY, COMPLETENESS OR CURRENCY OF THE
PLATFORM; OR (B) ANY RESULTS ACHIEVED OR ACTION TAKEN BY YOU IN RELIANCE
ON THE PLATFORM OR THE OUTPUT OF THE PLATFORM. ANY DECISION, ACT OR
OMISSION OF YOURS THAT IS BASED ON THE PLATFORM OR OUTPUT OF THE
PLATFORM IS AT YOUR OWN AND SOLE RISK. THE PLATFORM AND THE OUTPUT IS PROVIDED AS A CONVENIENCE ONLY AND DOES NOT REPLACE THE NEED TO REVIEW
THE OUTPUT ACCURACY, COMPLETENESS AND CORRECTNESS.
IN CONNECTION WITH ANY WARRANTY, CONTRACT, OR COMMON LAW TORT CLAIMS:
(I) WE SHALL NOT BE LIABLE FOR ANY INCIDENTAL OR CONSEQUENTIAL DAMAGES,
LOST PROFITS, OR DAMAGES RESULTING FROM LOST DATA OR BUSINESS
INTERRUPTION RESULTING FROM THE USE OR INABILITY TO ACCESS AND USE THE
PLATFORM, THE CONTENT, THE OUTPUT, OR ANY RELATED SERVICES, EVEN IF WE
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; AND (II) ANY DIRECT
DAMAGES THAT YOU AND YOUR AUTHORIZED USERS MAY SUFFER AS A RESULT OF
YOUR USE OF THE PLATFORM, THE CONTENT, THE OUTPUT, OR ANY RELATED
SERVICES SHALL BE LIMITED TO THE GREATER OF ONE HUNDRED DOLLARS ($100) OR
THE TOTAL FEES PAID BY YOU TO USE IN THREE (3) MONTHS IMMEDIATELY
PRECEDING THE DATE ON WHICH THE CLAIM ARISES.


13. EXTERNAL SITES


The Platform may contain links to third-party websites (“External Sites”). These links are
provided solely as a convenience to you and not as an endorsement by us of the content on
such External Sites. The content of such External Sites is developed and provided by others.
You should contact the website administrator or webmaster for those External Sites if you have
any concerns regarding such links or any content located on such External Sites. We are not
responsible for the content of any linked External Sites and do not make any representations
regarding the content or accuracy of materials on such External Sites. You should take
precautions when downloading files from all websites to protect your computer from viruses and
other destructive programs. If you decide to access linked External Sites, you do so at your own
risk.


14. REPRESENTATIONS AND WARRANTIES


You represent and warrant that you have: (i) all rights and permissions necessary to provide us
with or grant us access to and use of Your Data, and (ii) obtained all necessary and appropriate
consents, permissions, and authorizations in accordance with all applicable laws and
regulations with respect to Your Data provided hereunder, including but not limited to, consents
from patients, their parents and/or legal guardians, including consents to record patient’s visit
sessions and authorization for the use, exchange and disclosure of any applicable PHI
(collectively, “Consents”).


15. INDEMNIFICATION


You will indemnify, defend, and hold us, our affiliates, and our and their respective shareholders,
members, officers, directors, employees, agents, and representatives (collectively, “Corti
Indemnitees”) harmless from and against any and all damages, liabilities, losses, costs, and
expenses, including reasonable attorney’s fees (collectively, “Losses”) incurred by any Corti Indemnitee in connection with a third-party claim, action, or proceeding (each, a “Claim”) arising
from your or your Authorized User’ (i) breach of this Agreement, including but not limited to, any
breach of your representations and warranties; (ii) misuse of the Platform, the Output, and/or
the Content; (iii) negligence, gross negligence, willful misconduct, fraud, misrepresentation or
violation of law and regulation; or (iv) violation of any third-party right, including without limitation
any copyright, trademark, property, or privacy right; provided, however, that the foregoing
obligations shall be subject to our: (i) promptly notifying you of the Claim; (ii) providing you, at
your expense, with reasonable cooperation in the defense of the Claim; and (iii) providing you
with sole control over the defense and negotiations for a settlement or compromise.


16. COMPLIANCE WITH APPLICABLE LAWS


You will comply with laws and regulations that apply to your business and data, including laws,
regulations and industry standards concerning privacy and data protection.
The platform is based on Microsoft Azure for all data hosting services.
Microsoft has designed Azure with industry-leading security controls, compliance tools, and
privacy policies to safeguard data stored in the cloud, including:
HIPAA/HITECH - Health Insurance Portability and Accountability Act and Health Information
Technology for Economic and Clinical Health Act for protection of Protected Healthcare
Information (PHI) within the US
ISO/IEC 27018 - Code of practice for protection of Personally Identifiable Information (PII) in
public clouds acting as PII processors
EU-U.S. Privacy Shield Framework for transfer of personal data to the US
EU GDPR - General Data Protection Regulations for personal data protection and privacy within
the European Union
California Consumer Privacy Act (CCPA) for personal data protection and privacy for residents
of California

More info is available on Microsoft Azure website:
https://learn.microsoft.com/en-us/azure/compliance/

The Platform is based in the United States. We make no claims concerning whether the
Platform may be viewed or be appropriate for use outside of the United States. If you access the
Platform from outside of the United States, you do so at your own risk. Whether inside or
outside of the United States, you are solely responsible for ensuring compliance with the laws
and regulations of your specific jurisdiction.You shall not use the platform in violation of any law
or regulation. You will indemnify us of any harm to us of any use that is in violation of any law or
regulation.


You represent that You are not named on any U.S. government denied-party list.
You shall ensure that your use of the Software and the Services complies with all applicable
laws, including, without limitation, the Health Insurance Portability and Accountability Act
(“HIPAA”) and other data privacy laws. You represent and warrant that you shall be solely responsible for obtaining and maintaining any and all consents, authorizations, or permissions
that maybe required by the HIPAA Privacy Rule, 42 CFR Part 2 (“Confidentiality of
SubstanceUse Disorder Patient Records or other applicable federal or state data privacy laws
and regulations before disclosing to Business Associate the Protected Health Information
pertaining to an Individual. Without limiting the generality of the foregoing, you shall not request
us to use or disclose Protected Health Information (as defined in the BAA) in any manner that
would not be permissible under HIPAA if done by you (unless permitted by HIPAA for a
Business Associate).


17. TERMINATION


Your right to access and use the Platform will commence upon your acceptance of these Terms
of Use and will continue for the duration of the subscription plan that you selected at registration
(the “Term”). Thereafter, the Term will automatically renew for consecutive terms equivalent to
the duration of your subscription plan, unless either of us notifies the other at least thirty (30)
days prior to the expiration of the then-current renewal term of its intention to not renew.
We reserve the right to change, suspend, discontinue or terminate your access and use of all or
any part of the Platform at any time without prior notice or liability. Sections 4, 5, 6, 7, and 9-21
shall survive the termination of these Terms of Use.


18. BINDING ARBITRATION


(a) Any controversy or claim, whether based on contract, tort, strict liability, fraud,
misrepresentation, or any other legal theory, related directly or indirectly to this Agreement (the
“Dispute”) shall be resolved solely in accordance with the terms of this Section. Each party
reserves the right to seek an injunction or other equitable relief in court to prevent or stop a
breach of this Agreement or a violation of any rights that such party has under statutory law.

(b) If the Dispute cannot be settled by good faith negotiation between the parties, We and You
will submit the Dispute to non-binding mediation. If complete agreement cannot be reached
within thirty (30) days of submission to mediation, any remaining issues will be resolved by
binding arbitration in accordance with paragraphs (c) and (d) below. The Federal Arbitration Act,
9 U.S.C. Sections 1 to 15, not state law, will govern the arbitrability of all Disputes.

(c) A single arbitrator who, unless otherwise agreed, is an attorney knowledgeable in the
computer software field or in commercial matters will conduct the arbitration. The arbitrator’s
decision and award will be final and binding and may be entered in any court with jurisdiction.
The arbitrator will not have authority to limit, expand or otherwise modify the terms of this
Agreement. The place of the arbitration shall be Miami, Florida. The arbitrator will not be
empowered to determine issues of arbitrability nor to award exemplary or punitive damages. On
motion, the arbitrator may determine to offer limited discovery, but in determining whether to
permit discovery shall balance the benefit of the requested discovery against the burden on the
party against whom discovery is sought.

(d) The mediation and, if necessary, the arbitration will be conducted under the then current
rules of the alternate dispute resolution (“ADR”) firm selected by the parties, or if the parties are
unable to agree on an ADR firm, the parties will conduct the mediation and, if necessary, the
arbitration under the then current rules and supervision of the American Arbitration Association.
Each party will each bear its own attorneys’ fees associated with the mediation and, if
necessary, the arbitration. The parties will pay all other costs and expenses of the
mediation/arbitration as the rules of the selected ADR firm provide. The parties and their
representatives shall hold the existence, content and result of the mediation and arbitration in
confidence.

The parties shall cooperate in good faith in the voluntary and informal exchange of all
non-privileged documents and other information (including electronically stored information)
relevant to the Dispute immediately after commencement of the arbitration. As set forth in
Section 17, nothing in this Agreement will prevent us from seeking injunctive relief in any court
of competent jurisdiction as necessary to protect our proprietary interests.


19. CLASS ACTION WAIVER


You agree that any arbitration or proceeding shall be limited to the Dispute between us and you
individually. To the full extent permitted by law, (i) no arbitration or proceeding shall be joined
with any other; (ii) there is no right or authority for any Dispute to be arbitrated or resolved on a
class action basis or to utilize class action procedures; and (iii) there is no right or authority for
any Dispute to be brought in a purported representative capacity on behalf of the general public
or any other persons. YOU AGREE THAT YOU MAY BRING CLAIMS AGAINST US ONLY IN
YOUR INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY
PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.


19. EQUITABLE RELIEF


You acknowledge and agree that in the event of a breach or threatened violation of our
intellectual property rights and confidential and proprietary information by you, we will suffer
irreparable harm and will therefore be entitled to injunctive relief to enforce this Agreement. We
may, without waiving any other remedies under this Agreement, seek from any court having
jurisdiction any interim, equitable, provisional, or injunctive relief that is necessary to protect our
rights and property pending the outcome of the arbitration referenced above. You hereby
irrevocably and unconditionally consent to the personal and subject matter jurisdiction of the
federal and state courts in the State of Florida for purposes of any such action by us.


20. CONTROLLING LAW; EXCLUSIVE FORUM


The Agreement and any action related thereto will be governed by the laws of the State of
Florida without regard to its conflict of laws provisions. The Parties hereby consent and agree to
the exclusive jurisdiction of the state and federal courts located in the State of Florida for all

suits, actions, or proceedings directly or indirectly arising out of or relating to this Agreement,
and waive any and all objections to such courts, including but not limited to, objections based on
improper venue or inconvenient forum, and each party hereby irrevocably submits to the
exclusive jurisdiction of such courts in any suits, actions, or proceedings arising out of or relating
to this Agreement.


21. MISCELLANEOUS


You may not assign any of your rights, duties, or obligations under these Terms of Use to any
person or entity, in whole or in part, without written consent from us. Our failure to act on or
enforce any provision of the Agreement shall not be construed as a waiver of that provision or
any other provision in this Agreement. No waiver shall be effective against us unless made in
writing, and no such waiver shall be construed as a waiver in any other or subsequent instance.
Except as expressly agreed by us and you in writing, the Agreement constitutes the entire
agreement between you and us with respect to the subject matter, and supersedes all previous
or contemporaneous agreements, whether written or oral, between the parties with respect to
the subject matter. The section headings are provided merely for convenience and shall not be
given any legal import. This Agreement will inure to the benefit of our successors, assigns,
licensees, and sublicensees.

SCHEDULE A


BUSINESS ASSOCIATE AGREEMENT


This Business Associate Agreement (“BAA”) is by and between Corti, Inc. (“Business
Associate”), and Customer (“Covered Entity” or “Business Associate”), and is effective as of the
Effective Date.

WHEREAS, pursuant to these Terms of Use, Business Associate will provide certain services to,
for, or on behalf of Covered Entity involving the use or disclosure of Protected Health
Information (“PHI”), and pursuant to such Terms of Use, Business Associate may be considered
a “business associate” of Covered Entity; and

WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide
for the security of PHI disclosed to Business Associate pursuant to the Provider Agreement in
compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law
104-191 (“HIPAA”) and the Standards for Privacy of Individually Identifiable Health Information
promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR §
160 and § 164 (the “HIPAA Rules”), and the Health Information Technology for Economic and
Clinical Health Act of 2009 (the “HITECH Act”), in each case as amended from time to time; and

WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of the
HIPAA Rules and the HITECH Act, as the same may be amended from time to time.

NOW, THEREFORE, in consideration of the mutual promises below and the exchange of
information pursuant to this BAA, the parties agree as follows:

1. Definitions.

Terms used but not otherwise defined in this BAA shall have the same meaning as set forth in
45 CFR Parts 160, 162, and 164, or the HITECH Act.

2. Obligations of Business Associate.

a. Permitted Uses and Disclosures.
Business Associate agrees to only Use or Disclose PHI as necessary in order to perform the
services set forth in the Provider Agreement, as permitted under this BAA, or as Required by
Law. Business Associate shall have the right to de-identify any and all PHI, provided that
Business Associate implements a de-identification process that conforms to the requirements of
45 C.F.R. 164.514(a)-(c) (“De-identified Data”). Business Associate may Use or Disclose such
De-identified Data to third parties at its discretion, as such De-identified Data does not constitute
PHI and is not subject to the terms of this BAA. Business Associate shall own all right, title, and
interest in and to such De-identified Data.

b. Nondisclosure.
Business Associate shall not Use or further Disclose PHI other than as permitted or required by
this BAA.

c. Safeguards.
Business Associate shall use appropriate safeguards to prevent Use or Disclosure of PHI other
than as provided for by this BAA. Business Associate shall maintain a comprehensive written
information privacy and security program that includes administrative, technical, and physical
safeguards appropriate to the size and complexity of the Business Associate’s operations and
the nature and scope of its activities.

d. Reporting of Disclosures; Mitigation.
Business Associate shall report to Covered Entity any use or disclosure of PHI not provided for
by this BAA of which Business Associate becomes aware. Business Associate agrees to
mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a
use or disclosure of PHI by Business Associate in violation of the requirements of this BAA.

e. Business Associate’s Agents.
Business Associate shall ensure that any subcontractors, to whom it provides PHI received from
(or created or received by Business Associate on behalf of) Covered Entity agree to the same
restrictions and conditions that apply to Business Associate with respect to such PHI.

f. Availability of Information to Covered Entity.
Business Associate shall make available to Covered Entity such information as Covered Entity
may request, and in the time and manner designated by Covered Entity, to fulfill Covered
Entity’s obligations (if any) to provide access to, provide a copy of, and account for disclosures
with respect to PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45
CFR §§ 164.524 and 164.528. Requests for information must be submitted at least 14 days in
advance of the due date.

g. Amendment of PHI.
Business Associate shall make any amendments to PHI in a Designated Record Set that the
Covered Entity directs or agrees to at the request of Covered Entity or an Individual, and in the
time and manner designated by Covered Entity, to fulfill Covered Entity’s obligations (if any) to
amend PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR §
164.526, and Business Associate shall, as directed by Covered Entity, incorporate any
amendments to PHI into copies of such PHI maintained by Business Associate.

h. Internal Practices.
Business Associate shall make its internal practices, books, and records relating to the use and
disclosure of PHI received from Covered Entity (or created or received by Business Associate
on behalf of Covered Entity) available to the Secretary, in a time and manner designated by
Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity’s
compliance with HIPAA and the HIPAA Rules.

i. Documentation of Disclosures for Accounting.
Business Associate may document such disclosures of PHI and information related to such
disclosures as would be required for Covered Entity to respond to a request by an Individual for
an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.

j. Access to Documentation for Accounting.
Business Associate agrees to provide to Covered Entity or an Individual, in a time and manner
designated by Covered Entity, information documented in accordance with Section 2(i) of this
BAA in a time and manner as to permit Covered Entity to respond to a request by an Individual
for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.

k. Notification of Breach.
During the Term of this BAA, Business Associate shall notify Covered Entity within ten (10) days
of Discovery of any Breach of Unsecured PHI. Business Associate further agrees, consistent
with Section 13402 of the HITECH Act, to provide Covered Entity with information necessary for
Covered Entity to meet the requirements of said section, and in a manner and format to be
specified by Covered Entity.

l. Minimum Necessary.
When using, disclosing, or requesting PHI from the Covered Entity, or in accordance with any
provision of this BAA, Business Associate shall limit PHI to the minimum necessary to
accomplish the intended purpose of the use, disclosure, or request.


3. Obligations of Covered Entity.


a. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure
the confidentiality, privacy, and security of PHI transmitted to Business Associate pursuant to the
BAA and this BAA, in accordance with the standards and requirements of HIPAA and the HIPAA
Rules, until such PHI is received by Business Associate.

b. Upon request, Covered Entity shall provide Business Associate with the notice of privacy
practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any
changes to such notice.

c. Covered Entity shall provide Business Associate with any changes in, or revocation of,
permission by an Individual to use or disclose PHI, if such changes affect Business Associate’s
permitted or required uses or disclosures.

d. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of
PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, if such restriction
affects Business Associate’s permitted or required uses or disclosures.


4. Term and Termination.

a. Term. The Term of this BAA shall become effective as of the Effective Date and shall
terminate when all of the PHI provided by Covered Entity to Business Associate, or created or
received by Business Associate on behalf of Covered Entity, is destroyed, or, if it is infeasible to
destroy PHI, protections are extended to such information, in accordance with the termination
provisions of this Section. The provisions of this BAA shall survive termination of the BAA to the
extent necessary for compliance with HIPAA and the HIPAA Rules.

b. Material Breach. A material breach by either party of any provision of this BAA shall constitute
a material breach of the BAA, if such breach is not cured by the breaching party within thirty (30)
days of receipt of notice describing the material breach.

c. Reasonable Steps to Cure Breach. If either party learns of an activity or practice of the other
party that constitutes a material breach or violation of the other party’s obligations under the
provisions of this BAA, then the non-breaching party shall notify the breaching party of the
breach and the breaching party shall take reasonable steps to cure such breach or violation, as
applicable, within a period of time which shall in no event exceed thirty (30) days. If the
breaching party’s efforts to cure such breach or violation are unsuccessful, the non-breaching
party shall either terminate the BAA, if feasible, or if termination of the BAA is not feasible and
the breaching party has violated the HIPAA Rules, the non-breaching party may report the
breaching party’s breach or violation to the Secretary.

d. Judicial or Administrative Proceedings. Either party may terminate the BAA, effective
immediately, if the other party is named as a defendant in a criminal proceeding for an alleged
violation of HIPAA, or a finding or stipulation that the other party has violated any standard or
requirement of HIPAA or other security or privacy laws is made in any administrative or civil
proceeding in which the party has been joined.


e. Effect of Termination.


1. Except as provided in paragraph (e)(2) of this Section or if required by law or regulation to be
maintained by Business Associate, upon termination of the BAA for any reason, Business
Associate shall, within 30 days, destroy all PHI received from Covered Entity (or created or
received by Business Associate on behalf of Covered Entity) that Business Associate still
maintains in any form, and shall retain no copies of such PHI. This provision shall apply to PHI
that is in the possession of subcontractors or agents of Business Associate.

2. In the event that Business Associate determines that destroying the PHI is infeasible,
Business Associate shall provide to Covered Entity notification of the conditions that make
return or destruction infeasible. Upon mutual agreement of the parties that return or destruction
of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI
and limit further uses and disclosures of such PHI to those purposes that make the destruction
infeasible, for so long as Business Associate maintains such PHI. The obligations of Business
Associate under this Section shall survive the termination of the BAA.

5. Amendment to Comply with Law. The parties acknowledge that state and federal laws
relating to electronic data security and privacy are rapidly evolving and that amendment of the
BAA may be required to provide for procedures to ensure compliance with such developments.
The parties specifically agree to take such action as is necessary to implement the standards
and requirements of HIPAA, the HIPAA Rules, the HITECH Act, and other applicable laws
relating to the security or confidentiality of PHI. Upon the request of either party, the parties shall
promptly enter into negotiations concerning the terms of an amendment to the BAA embodying
written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules,
the HITECH Act, or other applicable laws relating to security and privacy of PHI. Either party
may terminate the BAA upon thirty (30) days’ written notice in the event the other party does not
promptly enter into negotiations to amend the BAA when requested pursuant to this Section, or
does not enter into an amendment to the BAA providing assurances regarding the safeguarding
of PHI that satisfy the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act,
or any other applicable laws relating to security and privacy of PHI.

6. No Third Party Beneficiaries. Nothing in this BAA is intended to confer, nor shall anything
herein confer, upon any person other than Covered Entity, Business Associate and their
respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever
and no other person or entity shall be a third party beneficiary of this BAA.

7. Effect on BAA. Except as specifically required to implement the purposes of this BAA, or to
the extent inconsistent with this BAA, all other terms of the BAA shall remain in full force and
effect.

8. Interpretation. This BAA shall be interpreted as broadly as necessary to implement and
comply with HIPAA, the HIPAA Rules and any other applicable law relating to security and
privacy of PHI. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits
Covered Entity to comply with the HIPAA Rules.

9. Regulatory References. A reference in this BAA to a section in the HIPAA Rules or the
HITECH Act means the section as in effect or as amended, and for which compliance is