AllegianceMD Software, Inc.

Terms of Service (EHR SaaS)

1 Parties; Acceptance; Order of Precedence

1.1 Parties

These Terms of Service ("TOS") are between AllegianceMD Software, Inc., a Nevada corporation, with principal address at 6914 S. Yorktown ave Ste 200 Tulsa, OK 74136, and the Customer identified on an Order Form. "Customer" includes Customer's Affiliates using the Service under Customer's Order.

1.2 Acceptance

These TOS are accepted when Customer (a) clicks to accept; (b) signs an Order Form referencing these TOS; or (c) accesses or uses the Service. Customer is responsible for its employees, contractors, agents, and other authorized users (each a "User").

1.3 Order of Precedence

If there is a conflict, the following control in this order: (i) the BAA (if executed) solely for PHI-related terms, (ii) the main Order Form/Statement of Work ("Order Form" or "SOW"), (iii) these TOS, (iv) the Data Processing Addendum ("DPA," if separate and applicable to non-PHI personal data), and (v) referenced policies, Documentation, and service descriptions ("Policies"). Terms on Customer purchase orders, vendor portals, or similar forms are rejected and have no effect.

2 Definitions

3 Access; License; Restrictions; Third-Party Services

3.1 Access Grant

Subject to these TOS and the Order Form, AllegianceMD grants Customer a non-exclusive, revocable, non-transferable right to access and use the Service during the Term solely for Customer's internal healthcare operations.

3.2 Restrictions

Customer shall not, and shall ensure Users do not:

• (a) sublicense, rent, or lease the Service;
• (b) reverse engineer, decompile, disassemble, or attempt to derive source code;
• (c) circumvent access limits, rate limits, or security;
• (d) scrape, harvest, or bulk-export data except via available export tools or documented APIs;
• (e) publish or disclose benchmarks or performance tests without our prior written consent;
• (f) use the Service for high-risk activities outside intended healthcare workflows (e.g., real-time critical infrastructure control);
• (g) introduce Malicious Code; or
• (h) remove proprietary notices.

3.3 Credentials

Customer controls User provisioning and is responsible for maintaining the confidentiality of credentials and all activities under its accounts. Customer must promptly notify AllegianceMD of suspected unauthorized access.

3.4 Third-Party Services

The Service may enable integrations with third-party services (e.g., labs, e-prescribing networks, clearinghouses, payment processors, telehealth platforms, HIEs, registries) ("Third-Party Services"). Third-Party Services are not AllegianceMD products. Customer is solely responsible for selecting, enabling, and using Third-Party Services, for associated fees, and for any data exchange with them. AllegianceMD disclaims all responsibility for Third-Party Services and their acts, omissions, or availability.

4 Clinical & Regulatory Disclaimers

4.2 Compliance

AllegianceMD does not guarantee Customer's compliance with HIPAA, HITECH, CMS, OIG, Joint Commission, state laws, 42 C.F.R. Part 2, EPCS requirements, Information Blocking rules, or other regulations. Customer is responsible for configuring and using the Service in a compliant manner and for all consents, authorizations, and notices.

4.3 Content Accuracy

Clinical Content, decision-support, drug databases, formularies, knowledge bases, and any third-party content may be incomplete or outdated. Customer must verify all clinical information from independent sources and current standards of care. Clinical decision support is informational only and not a substitute for professional judgment; Customer agrees to verify all recommendations before use.

4.4 Information Blocking

AllegianceMD will not engage in Information Blocking. Customer is responsible for its own compliance, including configuration and governance. AllegianceMD may rely on applicable exceptions and safe harbors (e.g., preventing harm, privacy, security, infeasibility, content and manner). AllegianceMD may decline or throttle requests that are infeasible, insecure, exceed reasonable rate limits, or would violate law or third-party rights.

4.5 Clinical Interfaces and Results Transmission

Customer acknowledges that clinical interfaces (including HL7/FHIR/LIS/HIE/eRx/clearinghouse feeds and registries) involve third-party systems and networks outside AllegianceMD's control. AllegianceMD is not responsible for delays, failures, duplicates, corruption, or omissions in inbound or outbound messages, orders, prescriptions, claims, or results.

4.6 Verification Duty

Customer will maintain clinical verification workflows (e.g., critical result callbacks, reconciliation queues, downtime procedures) and will not rely solely on the Service or any alert/notification to discover, triage, or act on clinical results.

4.7 Configuration and Mapping

Customer is responsible for test catalogs, code mappings (including LOINC/NCPDP/EDI), routing, and other configuration with its labs, facilities, and payors. AllegianceMD is not responsible for misconfiguration or mapping errors.

5 Business Associate Relationship

5.1 BAA Execution

If Customer is a HIPAA Covered Entity or Business Associate, AllegianceMD will execute its standard BAA upon request. The BAA governs PHI handling and prevails solely for PHI-related conflicts with these TOS.

5.2 No BAA, No PHI

If no BAA is executed, Customer shall not upload PHI to the Service. Customer is liable for violations of this Section.

5.3 De-identified/Aggregated Use

AllegianceMD may create, use, and disclose De-identified Data and Aggregated Data for any lawful purpose, including analytics, R&D, benchmarking, Service improvement, and industry reporting, consistent with HIPAA and applicable law.

6 Data; IP; Feedback

6.1 Ownership

As between the parties, Customer retains all rights in Customer Data. AllegianceMD retains all rights in the Service, software, Content, Usage Data, De-identified Data, Aggregated Data, and all improvements.

6.2 License to AllegianceMD

Customer grants AllegianceMD a worldwide, royalty-free license to host, process, transmit, display, and use Customer Data solely to deliver, maintain, secure, support, and improve the Service; to comply with law; and as permitted in the BAA and these TOS.

6.3 Usage Data

AllegianceMD may collect and use Usage Data to operate, analyze, secure, and improve the Service and for capacity planning. AllegianceMD will not use Usage Data to identify Customer except as required for support, security, billing, or legal compliance.

6.4 Feedback

Feedback is assigned to AllegianceMD, together with all associated IP rights. If assignment is ineffective, Customer grants AllegianceMD a perpetual, irrevocable, worldwide, royalty-free license to use Feedback for any purpose without restriction, attribution, or compensation.

6.5 Reservation

Nothing restricts AllegianceMD from developing, providing, or commercializing products or services that are similar to or compete with those of Customer.

7 Security; Availability; Support

7.1 Safeguards

AllegianceMD implements reasonable and appropriate administrative, technical, and physical safeguards designed to protect Customer Data. AllegianceMD does not guarantee absolute security.

7.2 Availability; Maintenance

The Service may be unavailable during planned maintenance windows and for emergency maintenance. Internet, telecom, and hosting dependencies are outside AllegianceMD's control.

7.3 Service Levels

Unless an Order Form or SLA expressly states Service Levels and credits, no uptime warranty applies. Service credits (if any) are Customer's sole and exclusive remedy for Service Level failures.

7.4 Incidents

AllegianceMD will promptly notify Customer of a security incident impacting Customer Data and will provide updates as reasonably available. For PHI, notifications will be made in accordance with HIPAA/HITECH and the BAA (without unreasonable delay and no later than the applicable statutory deadlines). For non-PHI personal information, AllegianceMD will notify without unreasonable delay and in any event within 30 Business Days after determining that a notifiable breach has occurred under applicable law.

7.5 Maintenance of Alternative Workflows

Customer will maintain reasonable downtime and contingency procedures for prescribing, results review, and other clinical workflows during scheduled or emergency maintenance or third-party outages.

7.6 Interfaces Status Visibility

Any dashboards/queues we provide regarding message status are informational only. Customer remains solely responsible for monitoring and acting on items requiring clinical follow-up.

8 Beta Features & Free Trials

Beta Features and free trials are provided AS-IS, without warranties, support, or indemnities, may be rate-limited, and may be modified or discontinued at any time. Customer must not rely on Beta Features for clinical decisions. Beta Features and trials are excluded from SLAs and credits.

9 Fees; Taxes; Non-Payment

9.1 Fees

Fees are set forth on the Order Form. All fees are non-cancellable and non-refundable except as expressly stated herein.

9.2 Taxes

Fees exclude taxes. Customer is responsible for all sales, use, VAT, GST, and similar taxes (excluding taxes based on AllegianceMD's net income).

9.3 Invoices; Late Fees

Unless otherwise stated, invoices are due net thirty (30) days. Overdue amounts may accrue the lesser of 1.5% per month or the maximum lawful rate. Customer agrees to pay reasonable collection and attorneys' fees.

9.4 Suspension

9.4 Suspension (Non-Payment). We may suspend the Service for unpaid amounts after notice and a ten (10) day cure period. Notwithstanding the foregoing, AllegianceMD will not implement a suspension in a manner that constitutes information blocking or violates applicable law. During any suspension for non-payment, Customer will retain limited, read-only access sufficient to (a) enable an individual’s electronic access to their EHI and (b) perform the certified EHI export capability (45 C.F.R. § 170.315(b)(10)) for switching or patient access. We may throttle or disable non-essential features and charge permitted fees consistent with 45 C.F.R. § 171.302, but we will not charge (i) any fee based on an individual’s electronic access to their EHI or (ii) any fee to perform the certified export for switching or to provide patients their EHI. Service restoration may require payment of past-due amounts and a reasonable reactivation fee.

10 Term; Termination; Suspension

10.1 Term

The initial subscription term is stated in the Order Form and auto-renews for successive terms of equal length unless a party gives at least sixty (60) days' prior written notice of non-renewal (or a longer period if required by applicable law).

10.2 Termination for Cause

Either party may terminate for material breach not cured within thirty (30) days after written notice. AllegianceMD may terminate immediately if continued Service would create material legal or security risk or if Customer becomes insolvent, enters bankruptcy, or ceases operations.

10.3 Suspension

AllegianceMD may suspend access immediately for: (a) security risk; (b) suspected violation of law, these TOS, or the BAA; (c) non-payment; or (d) use that degrades or adversely impacts the platform or other customers.

10.4 Effect; Data Export; Deletion

Upon termination or expiration, Customer's access ends. For thirty (30) days after termination (the "Export Window"), upon request, AllegianceMD will make available Customer Data in a reasonable, standard format via available export tools. Extended or custom exports may incur fees. Following the Export Window, AllegianceMD will delete Customer Data per its retention schedule, subject to legal holds and obligations. For PHI, return/destruction will be performed per the BAA and Customer's documented instructions, and for such periods as required by applicable medical-record retention laws or legal holds.

11 Warranties & Disclaimers

11.1 Limited Warranty (Material Conformity; Module Scope; Workarounds)

During the subscription term, the Service will materially conform to the Documentation under Supported Configurations. Conformity is assessed at the Module level identified on the Order Form, not any individual screen, field, or sub-feature. AllegianceMD may satisfy its re-performance obligation by providing a commercially reasonable workaround that restores Material Conformity. This warranty does not apply to issues caused by:

• (a) Third-Party Services or data sources;
• (b) Customer's configurations, integrations, or use contrary to the Documentation;
• (c) unsupported environments or Customer networks;
• (d) Beta Features or free trials;
• (e) clinical content accuracy or clinical outcomes; or
• (f) internet/telecom/hosting dependencies.

Claims must be submitted within thirty (30) days of discovery with reasonable cooperation and steps to reproduce. Customer's exclusive remedies for breach of this Section are (i) re-performance (including a workaround) or (ii) if AllegianceMD cannot cure within a reasonable time, a pro-rated credit of prepaid fees for the affected Module for the period of nonconformity. Credits under this Section may not be combined with SLA credits for the same event; the greater credit applies.

Credit Ceiling: Total credits issued under this Section in any calendar quarter will not exceed 20% of the fees paid or payable for the affected Module for that quarter.

12 Indemnification

12.1 Customer Indemnity

Customer will defend, indemnify, and hold harmless AllegianceMD and its officers, directors, employees, and agents from and against all third-party claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or related to:

• (i) Customer Data (including PHI) or alleged misuse,
• (ii) Customer's or Users' use of the Service in violation of law, the BAA, or these TOS,
• (iii) disputes with patients, payors, or Third-Party Services,
• (iv) Customer's configurations, integrations, or customizations,
• (v) Customer's failure to obtain required consents, authorizations, or notices, and
• (vi) any alleged Information Blocking or penalties arising from Customer's configurations, access decisions, or failure to provide required notices/authorizations.

12.2 AllegianceMD IP Indemnity

AllegianceMD will defend Customer against third-party claims alleging that the Service, as provided by AllegianceMD and used in accordance with these TOS and the Documentation, directly infringes a U.S. patent, copyright, or trademark, and will pay final judgments or settlements approved by AllegianceMD. If a claim arises, AllegianceMD may, at its option:

• (a) procure the right for Customer to continue using the Service;
• (b) replace or modify the Service to be non-infringing; or
• (c) terminate the affected Service and issue a pro-rated credit for prepaid, unused fees.

This Section is Customer's sole and exclusive remedy for IP infringement. AllegianceMD has no obligation for claims based on:

1. Third-Party Services or third-party components,
2. Customer Data,
3. Customer's use not in accordance with the Documentation,
4. combinations with items not provided by AllegianceMD,
5. requested changes or configurations, or
6. open-source components used under their licenses.

12.3 Procedure

The indemnified party must promptly notify the indemnifying party of the claim, allow control of the defense, and provide reasonable cooperation.

13 Limitation of Liability

14 Confidentiality

14.1 Obligations

Each party will protect the other's non-public information with reasonable care and use it only for this relationship. PHI is governed by the BAA. Confidentiality obligations do not apply to information that is public without breach, independently developed without use of the other's information, or rightfully obtained from a third party.

14.2 Compelled Disclosure

A party may disclose the other's confidential information as required by law or court order, with reasonable advance notice (if legally permitted) to allow the other party to seek protection.

15 Compliance; Export; Anti-Corruption

Customer represents and warrants that it and its Users will comply with applicable healthcare, privacy, and security laws; U.S. and international export control and sanctions laws (including the EAR and OFAC programs); and anti-corruption laws. Customer will not permit access to or use of the Service (a) in any country or region subject to comprehensive U.S. embargo (currently including, without limitation, Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine), (b) by any individual or entity on U.S. or applicable jurisdiction denied or restricted party lists, or (c) for any prohibited end use under the EAR. Customer will not offer, promise, or give anything of value in violation of anti-corruption laws in connection with this Agreement.

16 U.S. Government Rights

If accessed by or on behalf of the U.S. Government, the Service is "commercial computer software" with rights restricted by FAR 12.212 and DFARS 227.7202.

17 Publicity; Marks

We may use Customer's name and logo in customer lists and brief case studies unless Customer opts out by written notice. Use must be reasonable and non-disparaging.

18 Modifications to TOS or Service

We may update the TOS and the Service from time to time. Material changes for paid customers take effect on renewal or thirty (30) days after notice (via email or in-product), whichever is earlier, except changes required by law or for security may take effect immediately. Continued use after effectiveness constitutes acceptance.

19 Dispute Resolution; Governing Law; Venue; Class Waiver

19.1 Governing Law

Nevada law governs, without regard to conflicts rules.

19.2 Arbitration

Any dispute arising out of or relating to these TOS or the Service will be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The seat and venue will be Clark County, Nevada. One arbitrator, appointed under the Rules. Judgment on the award may be entered in any court of competent jurisdiction.

19.3 Injunctive Relief

Either party may seek temporary or injunctive relief in the state or federal courts located in Clark County, Nevada to protect IP, confidential information, or address security threats.

19.4 Class/Jury Waiver

Disputes must be brought only in an individual capacity and not as a class, representative, or private attorney general action. JURY TRIAL IS WAIVED.

19.5 Severability (Dispute Provision)

If the class or representative action waiver is found unenforceable with respect to a particular claim or party, then only that claim or party will proceed in court and the remainder of the arbitration agreement will remain in force. If a court determines that the entire arbitration agreement is unenforceable for a particular claim or party, then that claim or party will proceed exclusively in the state or federal courts located in Clark County, Nevada, and the parties waive jury trial.

20 Notices; Assignment; Entire Agreement; Severability; Survival

20.1 Notices

Legal notices to AllegianceMD: https://allegiancemd.com/contact-us. We may provide notices to Customer via email to the admin contact and through the Service portal.

20.2 Assignment

Customer may not assign these TOS or any rights without AllegianceMD's prior written consent, except to a successor in interest to all Customer's relevant business and obligations, with prompt notice. AllegianceMD may assign these TOS (including in a merger, sale, or corporate reorganization) upon notice.

20.3 Entire Agreement; Waiver

These TOS, the Order Form, the BAA, the DPA (if any), and Policies are the entire agreement. Waivers must be in writing and are not continuing. Customer acknowledges it has not relied on any representations or statements not expressly set out in this Agreement or the Order Form.

20.4 Severability

If any provision is unenforceable, it will be modified to the minimum extent necessary; the remainder remains in effect.

20.5 Survival

Sections 2, 3.2–3.4, 4, 5.3, 6, 7.3–7.4, 8, 9, 10.4, 11, 12–16, 18–20 survive termination.

21 API Terms

21.1 API Access

Use of APIs is subject to these TOS, Documentation, and fair-use/rate limits we may set.

21.2 Security

API keys are credentials; keep them confidential. Do not embed keys in client-side code or share with third parties.

21.3 Prohibited Uses

No scraping, replication of substantial parts of the Service, or building competing datasets. We may suspend APIs for abuse, security risk, or legal reasons. Excessive or abusive API calls constitute cause for suspension under §10.3(d).