Terms of Use

EPICompliance Terms of Service and License Agreement

Effective Date: March 2, 2026

OUR TERMS OF SERVICE AND LICENSE AGREEMENT HAVE BEEN UPDATED.

PLEASE READ AND SCROLL DOWN TO AGREE WITH THESE TERMS OF SERVICE AND LICENSE AGREEMENT.

EPICOMPLIANCE RESERVES THE RIGHT TO UPDATE THESE TERMS OF SERVICE AT ANY POINT IN TIME. USERS WILL BE REQUIRED TO ACCEPT UPDATED TERMS FOR CONTINUED SERVICE USAGE. Continued usage of the Services after EPICompliance has provided notice of updated terms will constitute acceptance of the revised terms.

FOR BUSINESS ASSOCIATE LIMITED ACCESS ACCOUNTS, SPECIFIC INFORMATION SEE SECTION 2.1.3.

FOR TRAINING ACCOUNTS, SPECIFIC INFORMATION SEE SECTION 2.1.4.

FOR FULL ACCESS ACCOUNT BILLING, SPECIFIC INFORMATION SEE SECTION 2.5.

FOR TERM OF AGREEMENT, SEE SECTION 6.

FOR RESELLER AND PARTNER ACCOUNTS, SEE SECTION 2.1.5.

FOR CUSTOM MODULES AND THIRD-PARTY SME CONTENT, SEE SECTION 2.8.

FOR ACCOUNT SUSPENSION, SEE SECTION 7.5.

TERMS OF SERVICE AND LICENSE AGREEMENT between EPICompliance, LLC, ("we" or "EPICompliance") and the individual or legal entity that orders, uses, or pays for EPICompliance.com services ("you" or "Licensee" or "Customer").

THE AGREEMENT. Your use of EPICompliance Services ("Services") is governed by these Terms of Service and License Agreement, the Acceptable Use Policy outlined in Section 1.2, and the terms of your Order. Your Order may have additional terms that apply to the particular services in your Order. When we use the term "Agreement," we are referring collectively to these Terms of Service and License Agreement, the Acceptable Use Policy, and the terms of your Order (collectively, the "Agreement Documents"). All Agreement Documents are incorporated herein by reference. Your use of the Services includes the ability to enter into agreements and make purchases electronically. You acknowledge that your electronic assent constitutes your acceptance to the Agreement for each electronic purchase or transaction you enter. If you enter into this Agreement on behalf of a legal entity as identified in the online registration process, such as the company you work for, the legal entity identified shall be considered the Customer for purposes of this Agreement, and you represent to us that you have the legal authority to bind that entity to this Agreement. For the purposes of this Agreement, an "Affiliate" of an entity is any entity that controls, is controlled by, or is under common control with such entity.

1. Services and Use.

1.1. Compliance Software. During the term of this Agreement, EPICompliance agrees to provide Licensee and authorized Users with EPICompliance's electronic compliance software and documentation for use as a resource in their compliance programs. These Services are more fully described at the EPICompliance.com website (EPICompliance reserves the right to change such documentation as needed). The Services will be provided on a computer server or servers owned, operated or accessible by EPICompliance (the "Server" or "Servers") and will allow Licensee to electronically access tasking and other utilities, and templates of policies and forms which Licensee can use as part of their compliance programs. EPICompliance shall maintain and update these products/templates on an ongoing basis.

1.2. Acceptable Use Policy and Prohibited Conduct. All uses of EPICompliance Software and related Services must comply with the Acceptable Use Policy (“Use Policy”) set forth in Sections 1.2.1 and 1.2.2 of this Agreement. The Use Policy is fully embedded in this Agreement and governs all use of the Services. EPICompliance reserves the right to amend the Use Policy from time to time upon notice to Licensee, and continued use of the Services following notice of any amendment constitutes acceptance of the revised terms. Licensee is responsible for any violation of the Use Policy by itself or its authorized Users. The Use Policy outlines prohibited uses, content standards, and compliance obligations, which include but are not limited to the following:

1.2.1. Prohibited Uses. Using the EPICompliance Software and related Services in any way that:

Breaches local, national, or international laws;
Engages in fraudulent, harmful, or unlawful activities;
Disseminates unauthorized advertising or unsolicited material (spam);
Uploads or transmits viruses, malware, or harmful code that could interfere with system operations;
Accesses without authority, interferes with, or disrupts any part of the EPICompliance Software and related Services, systems, or third-party networks;
Reproduces, copies, or resells any part of the EPICompliance Software and related Services in contravention of this Agreement and the website Terms of Use located online at https://epicompliance.com/terms-of-use.

1.2.2. Content Standards. Contributions, including user-completed forms or uploaded content, must:

Be accurate (where stating facts) and genuinely held (where stating opinions);
Comply with applicable U.S. laws and regulations;
Not contain defamatory, obscene, offensive, or discriminatory material;
Not infringe on any intellectual property rights;
Not promote illegal activity, violence, or harm to minors;
Not impersonate others or misrepresent identities. Licensee retains all rights, title, and interest in and to any content, data, or materials uploaded by Licensee or its Users to the Services. EPICompliance may only use such content as necessary to provide the Services and fulfill its obligations under this Agreement.

1.3. Licensee Representation. Licensee warrants and represents to EPICompliance that: (a) Licensee has the power and authority to enter into and perform Licensee's obligations under this Agreement; (b) Licensee and Licensee's authorized Users of the Services shall comply with all provisions of this Agreement, including those contained in Sections 1.2 and 1.4 above; (c) Licensee has notified (or will so notify on a timely basis) each authorized User of such User's duties and obligations under this Agreement with respect to the Services; and (d) Licensee acknowledges and agrees that nothing in this Agreement shall be interpreted as granting Licensee any exclusive rights to Services.

1.4. Regulatory Compliance and Ethical Conduct. Licensee and its authorized Users are solely responsible for all acts and omissions under any account or password issued to Licensee (including authorized Users). Licensee shall not engage in or permit any of the following prohibited uses outlined in this section.

1.4.1. Unauthorized Content. Dissemination, sharing, or linking to content or material through the EPICompliance Software or EPICompliance Services that is:

Abusive, obscene, pornographic, defamatory, harassing, or otherwise malicious;
Protected by copyright, trademark, patent, or other intellectual property laws without appropriate permissions;
Misleading, fraudulent, or deceptive in nature.

1.4.2. Security Violations. Actions intended to:

Access, monitor, or interfere with other users' accounts, networks, or systems without authorization;
Deploy malware, viruses, or other malicious code;
Circumvent, disable, or tamper with security measures, data protection protocols, or access restrictions implemented by EPICompliance.

1.4.3. Regulatory Violations. Use of the Services in a manner that violates applicable laws and regulations, including but not limited to: (i) the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including the Privacy, Security, and Breach Notification Rules, and regulations governing the use of Protected Health Information (PHI); (ii) the Occupational Safety and Health Act (OSHA) and applicable standards, including regulations governing workplace violence prevention in healthcare settings; (iii) the Affordable Care Act (ACA) and Office of Inspector General (OIG) guidelines, including laws governing Medicare and Medicaid Fraud, Waste, and Abuse; or (iv) any other applicable state, federal, or (if applicable in the future) international laws or regulations governing healthcare compliance.

1.4.4. Service Exploitation. Unauthorized resale, distribution, sublicensing, or commercial exploitation of the Services, including use in competitive software products.

1.4.5. Misrepresentation. Falsification of data, misrepresentation of identity, or impersonation of individuals using the Services.

1.4.6. Disruption in Services. Engaging in activities that overload, interfere, or disrupt the proper functioning of the Services, including denial-of-service (DoS) attacks, automated scripts, or unauthorized data scraping.

1.5. Ethical Conduct. In all dealings related to this Agreement, Licensee shall be governed by the highest standards of honesty, integrity, fair dealing and ethical conduct. Conduct amounting to a breach hereof includes, but is not limited to: (i) business practices, publications or postings (online or otherwise), promotions and advertising which may be injurious to the business reputation of EPICompliance, (ii) falsification of any business or personnel records, and (iii) misrepresentations to EPICompliance.

1.6. Confidentiality and Non-Disclosure. As a result of this Agreement, Licensee, authorized Users and certain of Licensee's managerial employees, officers, directors ("Key Personnel") employees and contractors ("Employees") will be exposed to certain valuable, confidential and proprietary information belonging to EPICompliance. In order to ensure that the confidential nature of such information is protected, and that authorized Users, Licensee's Key Personnel and Employees do not use this information upon termination of this Agreement, Licensee shall agree to the following:

1.6.1. EPICompliance, LLC, Information. Licensee acknowledges and agrees that all EPICompliance property is considered trade secrets of EPICompliance and shall be entitled to all protections given by law to trade secrets. "EPICompliance Information" shall apply to every form in which such information shall exist or is stored, whether written, electronic, digital, film, tape, computer disk or other form of media.

1.6.2. Non-Disclosure of EPICompliance Information. Licensee covenants and agrees that, both during the term of this Agreement and at all times thereafter, Licensee shall not use or disclose to any person, firm, corporation or other business enterprise any EPICompliance Information, shall not in any other way publicly or privately disseminate any EPICompliance Information, and shall not help or aid anyone else to do any of these things. Upon termination of this Agreement, all EPICompliance Information (originals and all copies, whether stored electronically, magnetically or in hard copy) in the possession or control of Licensee, its personnel, contractors or any assigns or successor to Licensee, shall be promptly returned to EPICompliance or destroyed. Licensee further agrees not to remove or alter any copyright, trademark, or other proprietary notices from EPICompliance's Services or documentation.

1.6.3. Non-Disclosure of Other Confidential Information. Additionally, Licensee shall keep confidential and not disclose any confidential information related to this Agreement or its specific terms to any third-party without prior written consent from EPICompliance (such consent shall be in the absolute discretion of EPICompliance).

1.7. EPICompliance Conduct. EPICompliance will conduct its business related to this Agreement in accordance with the highest standards of honesty, integrity, fair dealing and ethical conduct. Conduct amounting to a breach hereof includes, but is not limited to: (i) business practices which cause actual injury to the business reputation of EPICompliance, (ii) falsification of EPICompliance business records related to Licensee and (iii) material misrepresentations to Licensee.

1.8. Licensee's Responsibilities for Personnel and Contractors. Licensee shall be responsible for ensuring full compliance with the terms of this Agreement by its personnel (including any contractors) and shall be fully liable for and enforce any breach of the terms of this Agreement by its personnel and contractors, whether or not such personnel are then currently employed by Licensee. This responsibility extends to ensuring individual user IDs and passwords for the Services are kept confidential and not shared, and Licensee is responsible for all actions and misuse occurring under its assigned User IDs.

1.9. Privacy and Data Protection. Licensee acknowledges that the Services may involve the collection, processing, and storage of personal data, including Protected Health Information (“PHI”). Licensee agrees to comply with all applicable data protection and privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, and agrees to implement appropriate security measures to protect any data uploaded to EPICompliance’s systems. EPICompliance, in its role as a Business Associate, also commits to complying with applicable data protection and privacy laws as further detailed in Section 1.10. EPICompliance’s collection and use of personal data in connection with the Services is further described in EPICompliance’s Privacy Policy (effective March 2, 2026), available at https://epicompliance.com/company/privacy-policy, which is incorporated herein by reference. EPICompliance will update the Privacy Policy from time to time and will provide notice of material changes in accordance with the terms of the Privacy Policy. In the event of any conflict between this Agreement and the Privacy Policy with respect to personal data handling, this Agreement shall control to the extent of the conflict. Licensee is solely responsible for complying with all applicable state, federal, and local privacy laws governing the personal data of Licensee’s own end users and employees, including without limitation the California Consumer Privacy Act (CCPA) and equivalent state privacy statutes, to the extent applicable to Licensee’s operations. EPICompliance will reasonably cooperate with Licensee’s compliance obligations under such laws in its capacity as a service provider, consistent with its obligations under this Agreement. Licensee acknowledges that the Services provide self-service data export functionality, and Licensee is responsible for utilizing such functionality to export its data as needed during the term of this Agreement.

1.10. Business Associate Status and Obligations. For the purposes of this section, "Protected Health Information" (PHI) shall have the same meaning as defined in the HIPAA Privacy Rule. EPICompliance is considered a Business Associate under HIPAA regulations. As such, in addition to the confidentiality obligations outlined in Section 1.6, EPICompliance agrees to:

1.10.1. Use or Disclose PHI: EPICompliance will use or disclose PHI only as permitted by the contract with the Covered Entity or as required by law. EPICompliance will use or disclose PHI only to the extent necessary to perform the Services and to fulfill its legal obligations, adhering to the "minimum necessary" principle under HIPAA. This ensures that EPICompliance only acts within the scope defined by the Covered Entity or applicable laws, avoiding unauthorized use or sharing of PHI.

1.10.2. Safeguards for PHI: EPICompliance will implement appropriate safeguards to prevent unauthorized use or disclosure of PHI, including compliance with the HIPAA Security Rule for electronic PHI. These safeguards include physical, technical, and administrative measures to protect PHI from unauthorized access or disclosure.

1.10.3. Report Unauthorized Disclosures: EPICompliance will report to the Covered Entity any use or disclosure of PHI not provided for by the contract, including breaches of unsecured PHI, without unreasonable delay and in no event later than 5 business days of discovery. This requirement ensures transparency and timely communication regarding potential data breaches involving PHI.

1.10.4. Access to PHI: EPICompliance will make PHI available as required for individuals' access requests, requests for amendment, requests for an accounting of disclosures, requests for restrictions on disclosures, and requests for confidential communications, in accordance with HIPAA regulations. This ensures that individuals can exercise their rights under HIPAA to view, amend, or track the disclosure of their PHI, and that EPICompliance assists the Covered Entity in fulfilling these obligations.

1.10.5. Compliance with Privacy Obligations: EPICompliance will comply with the Privacy Rule obligations of the Covered Entity, to the extent EPICompliance is to carry out such obligations. This ensures that EPICompliance assists in fulfilling the Covered Entity's responsibilities under HIPAA's Privacy Rule.

1.10.6. Access for HHS Compliance Review: EPICompliance will make its internal practices, books, and records relating to PHI use and disclosure available to the Department of Health and Human Services (HHS) for compliance determination purposes upon request. This provides assurance that EPICompliance is accountable for its use and handling of PHI.

1.10.7. Return or Destruction of PHI Upon Termination: Upon termination of the contract, EPICompliance will return or destroy all PHI received from or created on behalf of the Covered Entity, if feasible, within 30 days of termination. This protects the confidentiality and integrity of PHI after the business relationship ends.

1.10.8. Subcontractor Obligations: EPICompliance will ensure that any subcontractors agree to the same restrictions and conditions regarding PHI through written agreements that are no less stringent than those in this Agreement.

1.10.9. Acknowledgement. EPICompliance acknowledges its direct liability under HIPAA Rules and potential civil and criminal penalties for unauthorized uses and disclosures of PHI or failure to safeguard electronic PHI as per the HIPAA Security Rule.

1.10.10. Violation of Business Associate Obligations. The Covered Entity may terminate this contract if EPICompliance violates a material term related to these Business Associate obligations. The process for such termination shall follow the procedures outlined in Section 7 of this Agreement.

2. Compliance Software License.

2.1. License Grant. Subject to the terms and conditions of this Agreement, EPICompliance hereby grants to Licensee, and Licensee hereby accepts, a nontransferable, nonexclusive, revocable license to use Compliance Software and the Services Documentation in conjunction with the Services provided under this Agreement generally made available as the EPICompliance.com EPICompliance Pro. Licensee shall use Compliance Software and the Services Documentation solely for Licensee's own business operations. Licensee may not sublicense or otherwise transfer (or attempt to do so) use rights to EPICompliance's software.

2.1.1. Effective Date. The day on which Licensee originally purchased the first License under Licensees payment account on EPICompliance.com is the "Effective Date" of this Agreement and grant of License.

2.1.2. Additional Licenses. Licenses purchased after the Effective Date shall commence on the date of such purchase and will not change the Term or Effective Date of this Agreement. Licenses added after the Effective Date will be considered active on the date of purchase. Any Licenses added after the Effective Date shall be subject to this Agreement and any revisions thereto as of the date of purchase of the additional License.

2.1.3. Business Associate Limited Access Accounts. Business Associate Limited Access refers to individuals or entities who have received Business Associate Agreements through EPICompliance's Business Associate Feature. Such users will only have access to this specific feature and the document received. EPICompliance has sole discretion in these matters and in the level or amount of access to be granted. Notwithstanding any provision of this Agreement, EPICompliance may at any time terminate access and delete any Business Associate Limited Access Accounts at any time without notice. Scope of access and conditions for Business Associate Limited Access Accounts and any future iteration thereof are subject to change and discontinuation at the sole discretion of EPICompliance.

2.1.4. Training Program Accounts. Training Program purchases are non-Subscription one-time Purchases. EPICompliance will keep the Training accounts active for one year from the product purchase date. EPICompliance reserves the right to close Training accounts beyond one year from the product purchase date. The Training Program accounts are not intended or recommended for healthcare compliance purposes and are only limited to providing Training Courses.

2.1.5. Partners (Affiliates and Resellers) Linked Accounts and Purchases. All users of the EPICompliance Platform whose accounts are linked to or provisioned through an authorized Partner (“Reseller” or “Affiliate”) are subject to these Terms of Service in their entirety, as well as any specific terms agreed upon with the Partner that are visible in the Customer Console or presented during the account signup process, including terms related to duration, scale, and cost of use. EPICompliance is not bound by any representations, warranties, commitments, or agreements made by a Reseller or Affiliate that exceed or conflict with the terms of this Agreement. Licensees who enter into agreements through a Reseller acknowledge that the Reseller acts independently of EPICompliance, and EPICompliance bears no responsibility for the Reseller’s conduct, representations, or failure to perform. In the event that a Reseller’s authorized partnership with EPICompliance is terminated or expires, EPICompliance will use commercially reasonable efforts to notify affected Licensees. Upon such termination, Licensees previously served through the Reseller may, at EPICompliance’s discretion, be offered the ability to continue Services under a direct agreement with EPICompliance. EPICompliance shall have no obligation to honor pricing, terms, or commitments made exclusively by the Reseller beyond any then-current billing period. Each Reseller is independently responsible for its own conduct and for any claims arising from its representations to Licensees, and shall indemnify and hold harmless EPICompliance from any claims, losses, or liabilities arising from such representations.

2.1.6. User Account Transfer Prohibition ('Cycling'). Each User ID is personal to the individual to whom it is assigned and is not transferable. Licensee shall not permit 'cycling,' which includes the practice of transferring or reassigning a User ID from one individual to another, or allowing multiple individuals to access the Services using the same User ID. Such actions violate the integrity of training, compliance tracking, and security protocols. EPICompliance reserves the right to audit Licensee's usage for compliance with this provision. In the event of a violation, EPICompliance may, at its sole discretion, (i) terminate the offending User ID(s), (ii) assess additional fees for unauthorized usage, and/or (iii) terminate this Agreement.

2.2. Copies. Any copies of the Software or related information made by Licensee shall remain the property of EPICompliance.

2.3. Reservation of Ownership. EPICompliance transfers no right, title or interest in or to Software except the limited use rights expressly stated in this Agreement. Licensee acknowledges that EPICompliance considers Compliance Software and the Services Documentation to be its exclusive property and that Compliance Software contains unique and valuable proprietary trade secrets and rights of EPICompliance. EPICompliance shall have all rights to any trade Assets, service Assets or other intellectual property rights related to Compliance Software and the Services Documentation. Licensee is granted only the specific use rights expressly set forth in this Agreement and no others. EPICompliance owns all intellectual property rights in any suggestions, feedback, or ideas provided by Licensee or its users. Licensee acknowledges that EPICompliance's usage data, in aggregated and anonymized form, is the property of EPICompliance, and that EPICompliance will use such anonymized and aggregated data solely for the benefit of improving its products and services.

2.4. Modifications. Neither Licensee nor any User shall alter, modify, translate, reverse engineer, decompile, disassemble or adapt, in whole or in part, Compliance Software or the Services Documentation.

2.5. Licensee Services Responsibilities. Except as expressly set forth in this Agreement, Licensee shall be solely responsible for: (a) the conversion of all documents to electronic form that are to be stored in connection with the Services; (b) providing, maintaining and ensuring compatibility with EPICompliance and the Services of all hardware, software, electrical and other physical requirements, including, without limitation, telecommunications and digital transmission connections and links, routers, local area network servers, virus software, firewalls, Server and Internet connectivity and Internet browser (the "Services Browser") and any other equipment and services required to access Compliance Software and use the Services, except as may be provided by EPICompliance; and (c) any security measures which are Licensee's obligation under this Agreement. Licensee is solely responsible for determining that the chosen EPICompliance Services meet its specific business, compliance, and technical requirements. EPICompliance disclaims all responsibility, warranties, and liability related to any third-party services, applications, or integrations used in conjunction with, or linked to from, EPICompliance’s services.

2.5.1. Fees and Expenses. For the Services, Licensee shall pay the fees, expenses and charges (“Fees”) indicated in this Agreement. Unless additional Licenses or Users are added by Licensee, the monthly/annual Fees shall be the amount that was charged on the Effective Date. For Business Associate Limited Access Licenses, there will be no Fees charged unless converted to a full access License which will be charged as of the date of conversion at the then current Fees. Licensee is solely responsible for any applicable taxes (e.g., sales, use, VAT) related to the services, excluding EPICompliance's income taxes. Licensee must raise any dispute regarding Fees within ninety (90) days after the invoice date. Failure to dispute an invoice within this period shall constitute Licensee’s acceptance of the invoice and a waiver of any right to dispute such Fees.

2.5.2. Invoicing and Automatic Monthly/Annual Payments. EPICompliance, LLC, shall furnish via e-mail Licensee a monthly/annual invoice, stating the amounts due to EPICompliance. Fees are prepaid for the next billing period and are not refundable once paid. Payment of each invoice shall be due as of the date stated on each invoice. Initial payment by Licensee may be made by Credit Card, Debit Card or eCheck/ACH. Monthly License payments will be generated monthly on the nearest business day on or after the Effective Date. Annual Payments will be generated yearly on the business day near the effective Date.

2.5.3. Additional Licenses Payment and pro-rata payment. Fees for Licenses or products added after the Effective Date will be the then-current Fees for Services. These Fees will be charged either on the next monthly payment or immediately at purchase and will include any pro-rata payment for that additional License or product for the remainder of that month in which the License or product was added. Additional Payments for annual accounts will be charged immediately at purchase.

2.5.4. Audit Rights. EPICompliance reserves the right to periodically audit Licensee's use of the Services to verify compliance with the terms of this Agreement, including but not limited to the number of authorized users and appropriate usage levels. Licensee agrees to cooperate with any such audit.

2.6. Access. EPICompliance shall use commercially reasonable efforts to make the Services available for use 24 hours a day, seven days per week (with the exception for scheduled maintenance downtime). The foregoing times of operation may be modified to provide for (a) regularly scheduled maintenance, (b) maintenance required as a result of matters beyond EPICompliance's reasonable control or (c) events beyond EPICompliance's control. Additionally, EPICompliance shall not be responsible for any unavailability of the Services resulting from (i) any Licensee-ordered telephone circuits; (ii) Licensee’s applications, equipment or facilities or (iii) acts or omissions of Licensee.

2.7. Software Modifications and Maintenance. EPICompliance reserves the right to modify, enhance, or update the Compliance Software at its sole discretion. Licensee acknowledges that such modifications, enhancements, or updates may result in temporary unavailability of the Services. EPICompliance will use commercially reasonable efforts to minimize disruptions during such updates and will notify Licensee of any significant changes in advance when feasible, typically via email or in-app notification at least a reasonable period, typically at least 30 days prior to implementation.

2.7.1. Automated Systems and Artificial Intelligence. As of the Effective Date of this Agreement, EPICompliance does not use artificial intelligence (“AI”) or automated decision-making systems to generate, recommend, or personalize compliance content delivered through the Services. All content, templates, policies, training materials, and compliance resources provided through the Services are created and maintained by EPICompliance or its authorized Content Partners. In the event EPICompliance introduces AI-assisted or automated processing features into the Services in the future, EPICompliance will provide advance notice to Licensees in accordance with Section 2.7, and any such features will be clearly identified. Regardless of any automated or AI-assisted functionality that may be introduced, all content and outputs provided through the Services shall remain subject to the no-professional-advice disclaimer in Section 3.7, and Licensee shall remain solely responsible for independently verifying the applicability of any such content to its specific circumstances.

2.8. Custom Modules and Third-Party Subject Matter Expert (SME) Content. EPICompliance may make available through the Platform certain “Custom Modules,” which are content modules developed and provided by third-party subject matter experts, industry organizations, or other authorized partner entities (each a “Content Partner”). Custom Modules are hosted by EPICompliance solely as a platform service and do not constitute content authored, endorsed, verified, or warranted by EPICompliance.

2.8.1. Nature of Custom Module Content. All content provided through Custom Modules represents the recommendations, opinions, and best practices of the respective Content Partner and is provided for informational and educational purposes only. Custom Module content does not constitute legal, medical, regulatory, or other professional advice, and neither EPICompliance nor the Content Partner guarantees that such content reflects the current state of applicable law, regulation, or industry standards. Licensee is solely responsible for independently verifying the applicability of any Custom Module content to its specific circumstances, and for consulting qualified professionals where appropriate. Each Content Partner is solely responsible for ensuring that its Partner Content is accurate and complies with all applicable laws and regulations at the time of publication to the Platform. EPICompliance does not independently verify the regulatory accuracy, completeness, or currency of any Partner Content, and Licensee acknowledges that EPICompliance’s hosting of Partner Content on a healthcare compliance platform does not constitute an endorsement of, or warranty regarding, the regulatory accuracy of that content.

2.8.2. Intellectual Property and Copyright Protection for Custom Module Content. All content contained within Custom Modules, including but not limited to text, materials, frameworks, assessments, tools, graphics, and any other works (“Partner Content”), is and shall remain the exclusive intellectual property of the respective Content Partner. Partner Content is protected by applicable copyright, trademark, and other intellectual property laws. EPICompliance does not claim ownership of Partner Content and hosts such content solely under license from the Content Partner.

Licensee is granted a limited, non-exclusive, non-transferable right to access and use Partner Content solely within the EPICompliance Platform and solely for Licensee’s own internal compliance purposes. Licensee shall not reproduce, copy, redistribute, publish, transmit, display, modify, create derivative works from, sell, sublicense, or otherwise exploit any Partner Content, in whole or in part, without the prior written consent of the applicable Content Partner. Any unauthorized use of Partner Content constitutes a material breach of this Agreement and may also constitute copyright infringement subject to applicable law.

2.8.3. Disclaimer of Liability for Custom Module Content. EPICOMPLIANCE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE ACCURACY, COMPLETENESS, TIMELINESS, RELIABILITY, OR SUITABILITY OF ANY CUSTOM MODULE CONTENT. EPICOMPLIANCE’S ROLE IS LIMITED TO HOSTING AND DELIVERING PARTNER CONTENT THROUGH THE PLATFORM AND EPICOMPLIANCE IS NOT RESPONSIBLE FOR ANY OUTCOMES, LOSSES, OR LIABILITIES ARISING FROM LICENSEE’S USE OF OR RELIANCE ON CUSTOM MODULE CONTENT. CONTENT PARTNERS ARE SOLELY RESPONSIBLE FOR THE ACCURACY AND LEGALITY OF THEIR RESPECTIVE PARTNER CONTENT. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER EPICOMPLIANCE NOR ANY CONTENT PARTNER SHALL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, OR SPECIAL DAMAGES ARISING FROM LICENSEE’S USE OF OR RELIANCE ON CUSTOM MODULE CONTENT.

2.8.4. Modification and Removal of Custom Modules. EPICompliance reserves the right, in its sole discretion, to add, modify, suspend, or remove any Custom Module from the Platform at any time, including in the event that a Content Partner relationship is terminated, Partner Content is determined to be inaccurate, outdated, or non-compliant with applicable law, or for any other operational or legal reason. EPICompliance will use commercially reasonable efforts to provide Licensee with advance notice of the removal or significant modification of any Custom Module. No removal or modification of a Custom Module shall entitle Licensee to a refund of fees paid, except as otherwise provided under Section 7.1.2 of this Agreement.

2.9. Override. These terms override any e-mail content or website content which may differ in part or whole from these Terms of Service.

3. Service Level Guarantee, Remedy and Limitation of Damages.

3.1. Service Level. Subject in all cases to the provisions of this Agreement, EPICompliance guarantees and represents to the Licensee that the System will be available at least 99.9% of the time on a monthly aggregate basis while this Agreement remains in effect. EPICompliance may supplement its service level agreement from time-to-time as posted online on EPICompliance.com; provided that, no supplement shall be considered to reduce the obligations of EPICompliance under this Agreement to such effect shall have been mutually agreed by the parties.

3.2. Remedy. The sole and exclusive remedy of Licensee for a breach of EPICompliance's obligations shall be limited to a rebate credit to Licensee's account with EPICompliance for a pro rata share (as determined below) of the Fees paid by Licensee for the calendar month in which such breach(es) shall have occurred (such charges collectively herein the “Licensee Charges"). For each cumulative hour or fraction thereof within each discrete 24-hour consecutive period during which the System is unavailable as required above ("System Unavailability Period"), Licensee's account, upon request by Licensee, shall be credited with an amount equal to a daily prorated share of the Licensee Charges for such month. The total credit for any given month shall not exceed the Licensee Fees for that month. Upon the request of Licensee, EPICompliance will calculate the System Unavailability Period for any calendar month during the term of this Agreement and process Licensee's claim for the rebate credit related thereto as provided pursuant to the claims procedure set forth on the compliance Software website; provided that, (a) Licensee shall have opened a trouble ticket with EPICompliance's Licensee support department within five days following the date each such System Unavailability Period is asserted by Licensee to have occurred and (b) such request is made to EPICompliance within 45 days following the calendar month to which such System Availability Period claim relates.

3.3. Disclaimer. EPICOMPLIANCE, LLC, DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN COMPLIANCE SOFTWARE OR THAT ACCESS TO THE SERVICES WILL BE UNINTERRUPTED AT ALL TIMES OR ERROR FREE, THAT ALL DEFICIENCIES, ERRORS, DEFECTS OR NONCONFORMITIES WILL BE CORRECTED OR THAT COMPLIANCE SOFTWARE OR THE SERVICES WILL MEET ANY SPECIFIC REQUIREMENTS. EPICOMPLIANCE MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF THE SERVICES FOR ANY PURPOSE, EXCEPT AS EXPRESSLY PROVIDED OTHERWISE IN THIS SECTION. THE SERVICES ARE PROVIDED “AS IS” AND EPICOMPLIANCE MAKES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICES FURNISHED TO LICENSEE OR OTHER TRANSACTIONS CONTEMPLATED BY THIS AGREEMENT. EPICompliance's services are not intended as a primary data backup or disaster recovery solution, and Licensee retains sole responsibility for backing up its data.

3.3.1. Jurisdictional Limitations. Some jurisdictions do not allow the exclusion of implied warranties or limitations on how long an implied warranty may last, so the above limitations may not apply to Licensee. To the extent permissible by applicable law, any implied warranties that are not permitted to be excluded are limited to ninety (90) days from the Effective Date or such longer period as applicable law requires. EPICompliance, LLC, DOES NOT WARRANT THAT THE SERVICES WILL OPERATE ERROR-FREE OR THAT THE SERVICES ARE FREE OF COMPUTER VIRUSES, WORMS, TROJAN HORSES OR OTHER HARMFUL SOFTWARE. IF LICENSEE'S USE OF THE SERVICES OR THEIR CONTENTS RESULTS IN THE NEED FOR SERVICING OR REPLACING LICENSEE'S EQUIPMENT OR DATA, EPICOMPLIANCE IS NOT RESPONSIBLE FOR THOSE COSTS.

3.4. Consequential Damages. EPICOMPLIANCE SHALL NOT BE LIABLE TO LICENSEE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, PUNITIVE OR COVER DAMAGES (EVEN IF EPICOMPLIANCE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES) ARISING FROM THE PERFORMANCE, ATTEMPTED PERFORMANCE OR NONPERFORMANCE OF COMPLIANCE SOFTWARE OR THE SERVICES FURNISHED HEREUNDER, INCLUDING, BUT NOT LIMITED TO, DAMAGES RESULTING FROM THE USE OF, OR INABILITY TO USE, COMPLIANCE SOFTWARE, DELAY OF DELIVERY OR COMPLETION OF SERVICES, INACCURACY OR MISREPRESENTATION OF DATA, OR LOSS OF PROFITS, DATA, BUSINESS OR GOODWILL.

3.5. Limitation of Liability. EPICOMPLIANCE’S TOTAL LIABILITY FOR ANY AND ALL CLAIMS, WHETHER IN AN ACTION IN CONTRACT OR IN TORT, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE OR STRICT LIABILITY, FOR ANY LOSS OR INJURY ARISING OUT OF, CONNECTED WITH OR RESULTING FROM EPICOMPLIANCE'S PERFORMANCE OR BREACH OF THIS AGREEMENT OR THE USE, PERFORMANCE OR NONPERFORMANCE OF EPICOMPLIANCE'S SOFTWARE OR THE SERVICES PROVIDED HEREUNDER, OR ANY PART THEREOF, SHALL NOT EXCEED THE TOTAL AMOUNT OF THE FEES PAID BY LICENSEE TO EPICOMPLIANCE DURING THE PRIOR 3 MONTH PERIOD (OR PORTION THEREOF, IF THIS AGREEMENT HAS BEEN IN EFFECT LESS THAN 3 MONTHS) FOR THE SERVICES THAT CAUSE THE LOSS OR INJURY OR ARE THE SUBJECT MATTER OF THE CLAIM OR CAUSE OF ACTION.

3.6. Allocation of Risk. Licensee and EPICompliance expressly acknowledge and agree that the limitations and exclusions contained in this Section have been the subject of active and complete negotiation between the parties and represent the parties' agreement as to the allocation of risk between the parties based upon the level of risk to EPICompliance and Licensee with their respective obligations under this Agreement. The payments payable to EPICompliance in connection herewith reflect this allocation of risk and the exclusion of Consequential damages in this Agreement. The parties acknowledge that, but for the limitations in this Section, the parties would not have entered into this Agreement.

3.7. No Guarantee of Compliance. EPICompliance makes no guarantee that the use of its Services will result in full compliance with all applicable regulations, including but not limited to: the Health Insurance Portability and Accountability Act (HIPAA); the Occupational Safety and Health Act (OSHA), including workplace violence prevention standards applicable to healthcare settings; the Affordable Care Act (ACA) and Office of Inspector General (OIG) guidelines governing Medicare and Medicaid Fraud, Waste, and Abuse; or any other federal, state, or local healthcare compliance requirements. Licensee is solely responsible for ensuring that their use of the Services complies with all applicable laws, regulations, and industry standards. EPICompliance’s Services and any information provided by EPICompliance do not constitute legal, medical, regulatory, or other professional advice, and Licensee should consult with its own qualified legal, compliance, and healthcare professionals. Specifically, any templates, tools, training, content, or other resources provided through the Services are for informational and educational purposes only and do not constitute legal, medical, or other professional advice. Licensee is responsible for verifying the applicability and regulatory accuracy of any information with federal, state, and local laws, as well as its own organization’s policies and procedures.

3.8. Indemnification.

3.8.1. Licensee Indemnification. Licensee shall defend, indemnify, protect and hold EPICompliance and its Affiliates, shareholders, directors, officers, employees and agents, harmless from and against any liabilities, actions, losses, costs, expenses (including attorneys' fees and costs) or claims incurred by any of them as a result of (a) any use or misuse of Assets or the Services provided to Licensee hereunder (whether by Licensee or any other person, including any Licensee's Customer), including any resulting from any third-party claim or allegation arising out of or relating the Licensee's or others' use or provision of the Services (including any actual or alleged violation of the Use Policy), (b) any claims arising out of Licensee's or others' use of any third-party's equipment or software with Assets or the Services based on the alleged infringement or misappropriation of any intellectual or other property rights of any such third party, or (c) Licensee's conduct of its business and operations, including use of the Services by Licensee, except in the case solely due to the gross negligence or willful misconduct of EPICompliance.

3.8.2. EPICompliance Indemnification. EPICompliance shall defend, indemnify, protect, and hold harmless Licensee from and against any liabilities, actions, losses, costs, expenses (including reasonable attorneys' fees and costs) or claims incurred by Licensee to the extent arising from a third-party claim that the Services, as delivered by EPICompliance and used by Licensee in accordance with this Agreement, directly infringe upon any valid U.S. patent, copyright, or trademark of such third party. EPICompliance shall have no obligation to indemnify Licensee for any infringement claim to the extent that it arises from (a) the combination of the Services with any hardware, software, or technology not provided by EPICompliance; (b) modifications to the Services not made by EPICompliance; (c) Licensee's use of the Services other than as authorized by this Agreement; or (d) any intellectual property supplied by Licensee.

3.8.3. Indemnification Procedures. Promptly after receipt of notice by any entity entitled to indemnification (the “Indemnified Party”) of the commencement of any claim for which indemnification may be sought, the Indemnified Party shall notify the Party obligated to indemnify (the “Indemnifying Party”) of such claim in writing. Failure to provide such notice shall not relieve the Indemnifying Party of its obligations hereunder, except to the extent that it is prejudiced thereby. The Indemnifying Party shall have the sole right to defend and settle any indemnified claim, using counsel of its choice, provided that any settlement fully releases the Indemnified Party from liability. The Indemnified Party shall provide reasonable cooperation and assistance (at the Indemnifying Party's expense) in the defense or settlement of such claim.

3.9. Security Measures. EPICompliance and Licensee shall implement and maintain reasonable security procedures relating to Licensee's access to EPICompliance's Software. EPICompliance is responsible for the overall security architecture and administration of the Service's authentication system. Licensee shall be responsible for administering the assignment, management, and safeguarding of all identification codes and passwords issued to or created by its authorized Users, and for taking appropriate security measures relating to such. Licensee acknowledges that user IDs are unique, passwords must be kept confidential, and the sharing of user IDs or passwords is strictly prohibited. Any violation may result in immediate termination of access rights and, for multiple offenses, termination of this Agreement, at EPICompliance’s reasonable discretion, without refund of any prepaid fees.

3.9.1. Non-PHI Security Incident Notification. In the event EPICompliance discovers or is notified of a material security incident affecting the Services that involves unauthorized access to, or disclosure of, Licensee’s non-PHI data (including account credentials, user records, or business data not constituting Protected Health Information under HIPAA), EPICompliance will notify affected Licensees within seventy-two (72) hours of EPICompliance’s confirmation of the incident, to the extent such notification is practicable. Such notification shall be made to the primary account contact email address on file and shall include, to the extent then known: (a) a description of the nature of the incident; (b) the categories of data involved; (c) the approximate number of users or records affected; and (d) the steps EPICompliance is taking to address and mitigate the incident. This Section applies to platform-level security incidents and supplements, but does not replace or limit, EPICompliance’s obligations under Section 1.10.3 with respect to unauthorized disclosures of PHI. EPICompliance’s notification obligations under this Section shall not apply to incidents that are solely attributable to Licensee’s own acts or omissions, or to those of Licensee’s authorized Users.

3.10. Disaster Recovery. Subject to the provisions on this Agreement, EPICompliance agrees to maintain, and will continue to maintain throughout the effective term of this Agreement, disaster recovery capabilities that permit EPICompliance to recover from a disaster and continue providing Services to its subscribers within a commercially reasonable period. Licensee acknowledges that EPICompliance has recommended to Licensee that Licensee maintain backups, in accordance with industry standards, for any data, information and documents Stored by or through Licensee on its server. EPICompliance shall have no responsibility for Licensee's offsite backup for such data, information and documents.

4. Privacy Regulation.

4.1. Data Security Responsibilities. EPICompliance will implement industry-standard technical, physical, and administrative security measures to protect the confidentiality, integrity, and availability of Licensee data stored in or processed by the Services. However, EPICompliance cannot guarantee that the data will be completely secure from unauthorized access or breaches. Licensee is also responsible for taking appropriate security measures, including maintaining secure passwords, securing access to their account, and regularly monitoring its own access and usage of the data stored in the system.

4.2. Confidentiality of Communications. Licensee acknowledges that communications within the Services, unless explicitly designated as Confidential Information or containing Protected Health Information, may not be confidential and could be read or intercepted by others. Licensee assumes all risks associated with such communications.

5. Confidentiality.

5.1. Confidential Information. During the term of this Agreement, a party may provide the other party with certain confidential and proprietary information ("Confidential Information”). Confidential Information may include a party's trade secrets, information relating to a party's business operations, services, products, Licensees, finances, marketing plans and strategies, pricing strategies and shall include any source code, design specifications, drawings and data flow analyses. Notwithstanding the foregoing, the term “Confidential Information” shall not include information that (a) is publicly known at the time of its disclosure, (b) is lawfully received by the receiving party from a third-party not under an obligation of confidentiality to the disclosing party, (c) is published or otherwise made known to the public by the disclosing party, or (d) was generated independently by the receiving party before disclosure by the disclosing party. Each party shall exercise at least the same degree of care to protect the confidentiality of the other party's Confidential Information which such party exercises to protect the confidentiality of such party's own similar Confidential Information, which shall not be less than the industry standard. As long as a party meets this standard of care, such party shall have no additional obligations or liability regarding confidentiality, except for Licensee's obligations under the previous section.

5.2. Confidentiality Obligations. In the course of performing under this Agreement, each Party may receive, be exposed to or acquire the confidential information including but not limited to, all information, data, reports, records, summaries, tables and studies, whether written or oral, fixed in hard copy or contained in any computer data base or computer readable form, as well as any information identified as Confidential Information of the other Party. For purposes of this Agreement, Confidential Information shall exclude Protected Health Information, which is subject to the specific provisions regarding HIPAA in Section 1.10 of this Agreement. The Parties including their employees, agents or representatives (i) shall not disclose to any third party the Confidential Information of the other Party except as otherwise permitted by this Agreement, (ii) only permit use of such Confidential Information by employees, agents and representatives having a need to know in connection with performance under this Agreement, and (iii) advise each of their employees, agents, and representatives of their obligations to keep such Confidential Information confidential. This provision shall not apply to confidential Information: (a) after it becomes publicly available through no fault of either Party; (b) which is later publicly released by either Party in writing; (c) which is lawfully obtained from third parties without restriction; or (d) which can be shown to be previously known or developed by either Party independently of the other Party.

5.3. Licensee's Responsibilities for Personnel and Contractors. Licensee's obligations concerning its personnel and contractors as described in Section 1.8 apply equally to this Section 5.

5.4. Non-Disclosure. No party, unless required by law or judicial process, shall disclose any of the other party's Confidential Information to any person, or permit any person to use, examine or reproduce such Confidential Information, unless such Confidential Information has become public knowledge through means other than breach of this Agreement. If Licensee does not maintain the confidentiality of EPICompliance's Confidential Information, EPICompliance may suspend or terminate the Services. A party shall be entitled to obtain injunctive relief for any continuing violation of this Section in addition to any other remedy or relief to which such party may be entitled.

6. Term.

6.1. Renewal. This Agreement shall commence as of the Effective Date and shall continue on a prepaid Month to Month or Annual (for annual subscriptions) basis automatically, subject to either party's ability to terminate this Agreement as provided in this Agreement. Unless otherwise specified in the Order, this Agreement shall automatically renew for successive one (1) month terms or (1) year Terms (each a “Renewal Term").

6.2. Rate Adjustments. Licensee acknowledges that EPICompliance reserves the right to adjust the fees for Services upon renewal of the Agreement. EPICompliance will provide written notice of any fee adjustments at least 90 days prior to the start of the next Renewal Term.

6.3. Subscription Terms by Account Size. The default subscription term applicable to a Licensee is determined by the number of authorized user licenses (“Users”) active under Licensee’s account, as set forth below. For purposes of this Section, User count is determined as of the Effective Date and reassessed at each Renewal Term. If a Licensee’s User count crosses a threshold described below during the term, the applicable tier will take effect at the next Renewal Term. (a) Fifty (50) Users or Fewer — Standard Month-to-Month. Licensees with fifty (50) or fewer active Users are enrolled on a month-to-month subscription basis by default. Such Licensees may cancel with thirty (30) days’ written notice in accordance with Section 7.1. (b) More Than Fifty (50) Users — Contract Required. Licensees with more than fifty (50) active Users must enter into a written contract directly with EPICompliance governing the terms, pricing, and duration of their subscription. Such Licensees are not eligible for month-to-month default terms and the terms of their executed agreement with EPICompliance shall govern in all respects.

6.4. Executed Contracts Supersede Default Terms. Notwithstanding Section 6.3, where Licensee has executed a written contract directly with EPICompliance, or where Licensee has entered into an agreement through an authorized Reseller or Partner that references specific subscription terms, the terms of such executed agreement shall supersede the default subscription terms in Section 6.3 in all respects. In the event of any conflict between an executed contract and these Terms of Service, the executed contract shall control, except with respect to provisions of these Terms of Service that cannot be waived or modified by agreement (such as applicable law and HIPAA obligations).

7. Termination.

7.1. General and During Term. Notwithstanding other sections of this Agreement, either party may terminate this Agreement upon the occurrence of a material breach by the other party if the breach has not been cured within thirty (30) days following receipt of written notice thereof. EPICompliance shall have the right to suspend or terminate the Services if any amount due EPICompliance from Licensee remains unpaid more than thirty (30) days after its due date. Licensee may terminate this Agreement upon at least 30 days' written notice to EPICompliance.

7.1.1. Frustration of Purpose. If during the Term of this Agreement a Licensee's need for the Services ceases due to a material change in circumstances such as closure of business, retirement of principal business owner, death or disability of principal business owner, or other similar circumstances, the Licensee may terminate this Agreement upon thirty (30) days written notice to EPICompliance. EPICompliance, at its sole discretion, may also offer early termination under such circumstances.

7.1.2. Termination for Convenience by EPICompliance. EPICompliance may terminate this Agreement for convenience upon at least 30 days written notice to Licensee. In the event of such termination, EPICompliance will provide a pro-rata refund of any prepaid but unused fees for the Services.

7.1.3. Termination for Insolvency. Either Party may terminate this Agreement immediately if the other Party (i) ceases to do business in the ordinary course, (ii) becomes insolvent or generally unable to pay its debts as they become due, (iii) has a receiver, trustee, or similar officer appointed over all or a material part of its assets, or (iv) files a petition for bankruptcy or has a petition for bankruptcy filed against it.

7.2. During Renewal Terms. Notwithstanding other sections of this Agreement, during any Renewal Term Licensee may terminate this Agreement at any time by furnishing at least 30 days written notice to EPICompliance.

7.3. Archive License data after Termination. EPICompliance provides no warranty of any kind and is under no obligation to archive or make available any data or License function after Licensee Termination, except for the 30-day post-termination access period as outlined in Section 8.5, and any legal obligations for data retention related to PHI or other data types.

7.4. Termination for Non-Compliance. EPICompliance may immediately terminate this Agreement and suspend Licensee's access to the Services if Licensee violates the terms of this Agreement, including failing to adhere to the Acceptable Use Policy, breaching confidentiality provisions, or failing to comply with applicable laws such as HIPAA. In such cases, Licensee will not be entitled to any refund of fees paid.

7.5. Account Suspension. EPICompliance reserves the right to suspend Licensee’s access to the Services, in whole or in part, as an intermediate measure prior to or in lieu of termination, in the following circumstances: (a) Violation of the Acceptable Use Policy set forth in Sections 1.2, 1.2.1, 1.2.2, or 1.4 of this Agreement; (b) Non-payment of Fees, where Licensee’s account is past due by more than ten (10) days; (c) Reasonable suspicion of account compromise, unauthorized access, or security breach; (d) Pending investigation of alleged material breach of this Agreement; or (e) Any other conduct that EPICompliance reasonably determines poses a risk to the Services, other users, or EPICompliance’s systems or reputation.

7.5.1. Notice and Duration of Suspension. EPICompliance will provide written notice of suspension to Licensee promptly following the suspension, except where providing advance notice would exacerbate a security risk or where immediate suspension is required by law or regulation. A suspension shall remain in effect until EPICompliance determines, in its reasonable discretion, that the circumstances giving rise to the suspension have been resolved or remediated to EPICompliance’s satisfaction. EPICompliance will provide Licensee with a reasonable description of the steps required to lift the suspension.

7.5.2. Fees During Suspension. Unless a suspension is solely due to EPICompliance’s own error, Licensee’s fee obligations under this Agreement shall continue uninterrupted during any period of suspension. EPICompliance shall not be obligated to provide credits or refunds for any period of suspension resulting from Licensee’s violation of this Agreement or failure to pay fees.

7.5.3. Escalation to Termination. If the circumstances giving rise to a suspension are not resolved within thirty (30) days of the date of suspension notice, or if the same or similar violation recurs following reinstatement, EPICompliance may, at its sole discretion, terminate this Agreement pursuant to Section 7.4. Nothing in this Section shall be construed to limit EPICompliance’s right to terminate immediately in cases of egregious or willful violations of this Agreement.

8. Obligations Upon Termination. Upon Termination of this Agreement:

8.1. Data. Licensee shall notify EPICompliance in writing for any request to remove or deactivate all data stored for purposes of the compliance Software as provided in this Agreement.

8.2. Unpaid Amounts. Licensee shall pay EPICompliance unpaid Fees (including pro rata charges for any Termination for any Termination not occurring on a payment day) up to and including the date of Termination. Unless expressly permitted by this Agreement, if Licensee terminates this Agreement prior to the end of a Term, Licensee shall remain liable for the full amount of all Fees due and payable for the remainder of the then-current Term. No refunds will be provided for any prepaid amounts, and any unpaid amounts for the remainder of the Term will become immediately due and payable upon termination. EPICompliance is under no obligation to refund any payments (pro rata or otherwise) for mid-billing period Termination, except as explicitly provided for termination for convenience in Section 7.1.2.

8.3. Access. Access, other than in order to comply with the provisions of this Agreement, Access granted pursuant to this Agreement shall terminate automatically, and Licensee shall immediately cease accessing or attempting to access Software and EPICompliance will deactivate access.

8.4. Survival. A party's obligations under this Agreement shall cease except for those remaining or required to be performed following such Termination.

8.5. Data Access and Export. Upon termination, Licensee may utilize the Services’ self-service data export functionality, or request access to their data, for up to 30 days following the effective date of termination to export any necessary data. Licensee is solely responsible for exporting any necessary data prior to the expiration of this 30-day period. After this 30-day period, EPICompliance will cease Licensee’s access and will not be liable for any data loss or failure to access data. For any Protected Health Information (PHI) remaining on EPICompliance’s systems after this period, EPICompliance will destroy such PHI in accordance with its obligations under Section 1.10.7 and applicable HIPAA regulations. EPICompliance retains Licensee data for a period exceeding the minimum retention periods required by applicable law, including but not limited to HIPAA, OSHA, and ACA/OIG recordkeeping requirements, following termination of this Agreement. EPICompliance’s data retention schedule, including applicable retention periods by data type and the process for requesting data deletion following the expiration of required retention periods, is available upon written request to EPICompliance’s Contract Administrator at the address set forth in Section 9.1.

9. Written Notices.

9.1. General. Other than as part of an online process established by EPICompliance, all notices to be sent by Licensee regarding the terms of this Agreement or relating to disputes, non-renewal or termination shall be in writing and sent either by registered or certified mail, return receipt requested, or delivered personally, as applicable, to the attention of the Contract Administrator of EPICompliance. Such notices may be sent by EPICompliance to the President or appointed representative of Licensee at the respective address or e-mail address as listed on the Account associated with License(s) subject to notice. Formal legal notices to EPICompliance should be sent to: 6817 Southpoint Pkwy STE 1704, Jacksonville, FL 32216 Attn: Contract Administrator, with a copy to [email protected]. Licensee will reimburse EPICompliance for all approved reasonable and necessary costs associated with responding to legal demands (e.g., subpoenas, court orders) for Licensee’s data or information related to its use of the Services.

9.2. Operational Notices. Notwithstanding any other section of this Agreement, any notices from EPICompliance with regard to operational matters concerning Software or the Services provided pursuant to this Agreement (such as notices regarding maintenance downtime) may be sent by e-mail. Such notices shall be deemed effective at the time that they are sent; however, due to the nature of e-mail, EPICompliance cannot assure the timely delivery of such notices. Licensee shall be responsible for keeping EPICompliance informed on any change in Licensee's e-mail address to which notices may be sent by e-mail as permitted by this Agreement, and notice sent to the Licensee's last-known e-mail address contained in EPICompliance's records shall be considered to comply with the requirements of any e-mail notice provision contained in this Agreement.

10. Force Majeure.

10.1. Force Majeure Event. In no event shall EPICompliance be liable for delaying the performance of the Services or for any damages suffered by Licensee when such delay or nonperformance is due to causes beyond EPICompliance's reasonable control, including, but not limited to, Acts of God, fire, strikes, floods, power outages, communication failures, epidemics, quarantine restrictions, terrorism, war, insurrection or riot, civil or military authority, compliance with priority order or preference rating issued by any federal, state or other governmental authority, freight embargoes, car shortages, wrecks, delays in transportation, unusually severe weather (including lightning strikes), interruptions in service or inability to obtain necessary labor or materials.

10.2. Notice of Force Majeure Event. In the event of a Force Majeure event, EPICompliance shall promptly notify Licensee of the situation and provide an estimated timeframe for resolution. EPICompliance will make reasonable efforts to mitigate the impact of such events. Licensee agrees to cooperate with EPICompliance during such events to minimize disruption to the Services.

11. Attorneys' Fees.

In the event that an action is brought by a party to enforce any provision of this Agreement, the prevailing party shall be entitled to reimbursement of such party's reasonable attorneys' fees and expenses of any kind or nature incurred in connection with such action in addition to any other remedy or relief to which such party may be entitled.

12. Governing Law and Venue.

This Agreement and performance hereunder shall be governed by and construed in accordance with the laws of Florida without reference to its conflict to laws rules. In the event Licensee initiates action, Licensee consents to jurisdiction and venue in a court of competent jurisdiction in Duval County, Florida, and waives all objections thereto. Licensee agrees that any claim against EPICompliance must be filed within one (1) year of its accrual or such claim shall be considered forever waived. LICENSEE AND EPICOMPLIANCE BOTH AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING. THE PARTIES AGREE TO WAIVE ANY RIGHT TO A TRIAL BY JURY. All disputes arising under or in connection with the use of the Services shall be resolved in accordance with Section 15 (Arbitration).

13. Severability and Interpretation.

If any provision in whole or in part, of this Agreement or the Use Policy is held invalid or unenforceable for any reason, such determination shall not affect the validity of the remaining provisions of this Agreement or the Use Policy, and the parties shall substitute for the invalid or unenforceable provision a valid and enforceable provision which closely approximates the intent and economic effect of such invalid or unenforceable provision. Neither this Agreement nor any schedule, addendum, exhibit or the Use Policy shall be interpreted in favor of or against a party, because such party or its counsel drafted this Agreement or such schedule, addendum, exhibit or Use Policy. No course of dealing, usage, custom of trade or communication between the parties shall modify or alter any of the rights, responsibilities or obligations of the parties under this Agreement unless reduced to writing. The headings and captions in this Agreement are included for convenience and ease of reference only and shall be disregarded in interpreting or construing any provision of this Agreement. The use of any gender shall include any gender and the use of the singular form shall include the plural form and vice-versa.

14. Independent Contractors.

The parties, and their respective personnel, are and shall be independent contractors, and no party by virtue of this Agreement shall have any right, power or authority to act or create any obligation, express or implied, on behalf of the other party.

15. Arbitration.

Licensee and EPICompliance agree that any disputes, controversies, or claims arising out of or relating to this Agreement, including threshold questions of arbitrability, will be determined through binding individual arbitration on the following terms:

15.1. Scope of Arbitration. Any controversy or claim arising out of or relating to this Agreement or relating to the Services, and/or disputes regarding the interpretation, enforceability, or validity of this Agreement, including threshold questions of arbitrability, must be resolved by final and binding individual arbitration administered by JAMS in Duval County, Florida. The arbitration will be conducted in accordance with the JAMS Streamlined Arbitration Rules and Procedures (the "JAMS Rules") then in effect, provided that the arbitration provisions of this Section 15 will govern over any conflicting rules which may now or in the future be contained in the JAMS Rules. The demand for arbitration shall be made by any party hereto within a reasonable time after the claim, dispute or other matter in question has arisen, and in any event shall not be made after the date when institution of legal proceeding, based on such claim, dispute or other matter in question, would be barred by the applicable statute of limitations under the Governing Law provision in Section 12. The law applicable to the validity of the arbitration clause, the enforcement of any award and any other question of arbitration law or procedure shall be the Federal Arbitration Act, 9 U.S.C.A. The final decision of the arbitrator will constitute a conclusive determination of the issue in question and will be binding on each of the parties.

15.2. Arbitrator Selection and Fees. Any such arbitration will be conducted before a single arbitrator who will be compensated for his or her services at a rate to be determined by the mutual agreement of EPICompliance and Licensee. EPICompliance and Licensee shall each pay half the fees and costs of the arbitrator, but the prevailing party may request that the arbitrator award reimbursement of all or a portion of such fees and costs from the non-prevailing party in accordance with the provisions set forth below. EPICompliance and Licensee will select the arbitrator by mutual agreement promptly following initiation of arbitration.

15.3. Arbitrator Authority. The arbitrator chosen in accordance with these provisions will not have the power to alter, amend, or otherwise affect the terms of these arbitration provisions or the provisions of this Agreement or the authority to change, extend, modify, or suspend any of the terms of this Agreement, or to grant an award or remedy any greater than that which would be available from a court under the statutory or common law theory asserted. In addition, either party may seek, from a court of competent jurisdiction in Duval County, Florida, any provisional remedies or injunctive relief in support of their respective rights and remedies hereunder without waiving any right to arbitration. Judgment upon the award rendered by the arbitrator may be entered in any court having jurisdiction thereof.

15.4. Class Action Waiver. Licensee hereby waives, on behalf of itself and its End Users, any right to pursue legal relief on a classwide or representative basis, including in any class arbitration. To the fullest extent permitted by applicable law, Licensee and EPICompliance agree that any claims or disputes arising out of or relating to this Agreement or the Services shall be brought on an individual basis only and not as a plaintiff or class member in any purported class, collective, consolidated, or representative proceeding. Licensee further agrees that neither Licensee nor any End User shall be entitled to join or consolidate claims by or against other users, arbitrate or litigate any claim as a class, representative, or private attorney general action, or seek any relief on a class or representative basis. The arbitrator may not consolidate more than one party's claims and may not preside over any form of a class or representative proceeding. If this class action waiver is found to be unenforceable or invalid as to a particular claim or request for relief (such as public injunctive relief), then that claim or request for relief shall be severed and adjudicated in a court of competent jurisdiction, and the remaining claims shall be resolved through binding arbitration.

16. Assignment.

Licensee may not assign its rights or delegate its obligations under this Agreement without EPICompliance's prior written consent (which consent shall not be withheld unreasonably or unduly delayed). EPICompliance may assign this Agreement and all rights thereunder to an entity that purchases all or substantially all of its assets or equity, or in connection with a merger or reorganization, without Licensee's prior written consent.

17. Waiver.

No waiver or modification of any right, term condition or obligation under this Agreement or the Use Policy or any breach thereof, shall be effective unless granted in writing by the waiving party. No failure to exercise or delay in exercising any right under this Agreement by a party shall operate as a waiver of such right, except as expressly provided in this Agreement.

18. Complete and Entire Agreement.

This Agreement, including any schedules, exhibits, product-specific guides explicitly incorporated by reference, and the Acceptable Use Policy, constitutes the entire agreement between the parties and supersedes any prior agreement or understanding. Except as expressly provided in this Agreement, this Agreement shall not be modified or amended unless in writing and signed by each party, and no course of dealing, custom of trade or oral statement(s) shall be considered to amend or modify this Agreement until set forth in such a writing.

19. Independent Investigation.

LICENSEE ACKNOWLEDGES THAT LICENSEE HAS READ THIS AGREEMENT AND UNDERSTANDS AND ACCEPTS THE TERMS, CONDITIONS AND COVENANTS CONTAINED HEREIN AS BEING REASONABLY NECESSARY TO MAINTAIN EPICOMPLIANCE'S HIGH STANDARDS FOR SERVICES AND THE REPUTATION OF SOFTWARE AND SERVICES. LICENSEE HAS INDEPENDENTLY INVESTIGATED EPICOMPLIANCE'S SOFTWARE AND SERVICES AND RISKS THEREOF AS TO LICENSEE AND IS NOT RELYING ON ANY REPRESENTATION, WARRANTY, GUARANTY OR STATEMENT OF EPICOMPLIANCE OTHER THAN AS EXPRESSLY SET FORTH IN THIS AGREEMENT.

20. Marketing.

EPICompliance may use Licensee's name and logo for marketing, promotional, or public relations purposes (e.g., website, articles, press releases) during the term of this Agreement.