Legal Documents and Policies

TERMS OF SERVICE AGREEMENT
Last Updated: December 6, 2024

This Terms of Service Agreement (the “Agreement”) is entered into by and between you and Whadata AI, Inc. (“Whadata,” “Company,” “we,” “us,” or “our”). This Agreement governs your access to and use of our platform (“Platform”), our application (“App”), and any related products and services (collectively, the “Services”).

By accessing or using the Services or by clicking to accept or agree to the Agreement when this option is made available, you:

i. Acknowledge that you have read and understood this Agreement;
ii. Represent and warrant that you meet our eligibility requirements; and
iii. Accept and agree to be bound by this Agreement, including any terms, policies, and appendices incorporated herein by reference, such as our Privacy Policy (available at Whadata/privacy) and, if applicable, the Business Associate Agreement (“BAA”) in Appendix I.

If you use the Services on behalf of an entity, you represent that you have the authority to bind that entity to this Agreement. If you do not accept this Agreement or do not meet the eligibility requirements, you may not access or use the Services.

The parties acknowledge that acceptance of the Agreement by electronic means has the same evidential value as a paper agreement.

1. Privacy Policy
   Your use of the Services is subject to our Privacy Policy located at Whadata/privacy. The Privacy Policy details how we collect, use, and protect your information and may include additional provisions required by state, federal, or international laws. By using our Services, you agree to the Privacy Policy.

2. Changes to this Agreement
   We reserve the right to update or revise this Agreement at any time. If we do so, we will change the “Last Updated” date above. All changes are effective immediately when posted and apply to all subsequent use of the Services. Your continued use of the Services after we post changes constitutes acceptance. If you do not accept any modifications, you must stop using the Services. Any change to Fees and Payment terms in Section 5 will take effect on the calendar month following the posted revision.

3. Use of the Services
   By accessing and using the Services, you warrant that:
   i. You are legally capable of entering into binding contracts;
   ii. All registration information you submit is truthful and accurate;
   iii. You will maintain the accuracy of such information; and
   iv. Your use of the Services does not violate any applicable law or regulation, including healthcare and privacy laws.

3.1 Intended Use and AI Limitations
The Services are designed for healthcare providers, telehealth companies, and related entities. The Services, including any AI-powered features, are tools to assist you in serving your patients or customers. They do not constitute medical advice or professional healthcare services from us. You must use your professional judgment and validate all information provided by the Services, including any AI-generated insights, before making clinical or professional decisions. The AI’s outputs are informational only and may contain inaccuracies or incomplete information. You are solely responsible for compliance with all relevant clinical standards, laws, and regulations.

3.2 Eligibility
You may only use or receive the Services if your jurisdiction’s laws and U.S. laws permit. You are solely responsible for ensuring your compliance with all applicable local, state, federal, and international laws, including healthcare, telehealth, and privacy regulations, as well as any professional licensing requirements.

3.3 License
We grant you a non-exclusive, non-transferable right to access and use the Services during the term of this Agreement, solely for use by your authorized staff. To the extent your use involves integration with our Platform or APIs, we grant you a non-exclusive, non-transferable license to use the Platform or APIs to develop and implement applications that allow you to access and use the Services, subject to this Agreement.

3.4 Restrictions on Use
You may only use the Services as explicitly authorized. You will not:

• Use the Services for unauthorized or unlawful purposes;

• Imply any endorsement by Whadata;

• Resell the Services without our written consent;

• Reverse engineer or attempt to extract source code;

• Interfere with the security, integrity, or proper functioning of the Services;

• Use the Services in a manner that violates healthcare, privacy, or other applicable laws.

3.5 Modifications of the Services
We may update, modify, restrict access to, or discontinue the Services at any time without notice. Such changes will be subject to this Agreement. If you do not agree to material changes, you may terminate this Agreement upon thirty (30) days’ notice. We will not be liable for any modification, suspension, or termination of the Services.

3.6 Availability of the Services
The Services may occasionally be unavailable for maintenance, updates, or other reasons. We are not liable if the Services are temporarily unavailable.

3.7 Compliance with Laws
You are solely responsible for compliance with all applicable laws, including HIPAA if applicable, and any other healthcare and privacy regulations. You must:

• Ensure all data you submit is accurate and lawful;

• Use commercially reasonable efforts to prevent unauthorized access to the Services;

• Comply with all local, state, federal, and foreign laws (including laws regarding privacy and data protection); and

• Maintain all necessary hardware and software to access the Services.

3.8 Term and Termination
The term begins on the Effective Date and lasts for an initial period of one (1) month, renewing monthly unless terminated by you with one (1) month’s notice. We may terminate or suspend your access for violation of this Agreement or harmful conduct, or without cause with one (1) month’s notice.

3.9 Effect of Termination
Upon termination:

• All rights granted to you end;

• You must cease using the Services;

• We are not liable for compensation or damages arising from termination;

• We will, at your option, return or delete your data, including PHI as specified in the BAA if applicable.

3.10 No Medical Advice
We do not provide medical, legal, or professional advice. All healthcare decisions remain your responsibility, and you should not rely on the Services as a substitute for professional judgment.

1. User Accounts
   4.1 Account Registration
   Authorized individuals must create an account. You agree to provide and maintain accurate and up-to-date information.

4.2 Account Verification
If you are a healthcare provider, you may be required to verify identity and credentials. Failure to complete verification may result in denied access.

4.3 Responsibility for Account
You are responsible for all activity under your account and for maintaining the confidentiality of your login credentials. Notify us immediately of any unauthorized use.

4.4 Suspension or Termination of Account
We may disable any account if we believe a violation of this Agreement has occurred. You may delete your account by contacting support@whadata.com.

1. Fees
   5.1 Fees
   Certain Services may incur Fees listed on our website or subscription portal. We may change Fees with reasonable notice. Continued use after changes indicates acceptance.

5.2 Invoicing and Payment
Fees are invoiced monthly in advance and payable upon receipt. We may use third-party payment processors.

5.3 Late Payments
Late payments may lead to suspension or termination and you may be liable for collection costs, including attorneys’ fees.

5.4 Taxes
You are responsible for all applicable taxes.

1. Customer Support
   We aim to provide reasonable technical support. Contact support@whadata.com for assistance. No specific uptime or service level guarantees are provided unless otherwise agreed.

2. Confidential Information
   Each party will keep Confidential Information secure and not disclose it without consent except as permitted by law or this Agreement. These obligations survive termination.

3. Data Protection
   You must comply with all applicable privacy and data protection laws, including HIPAA if applicable. The handling of Protected Health Information (“PHI”) is governed by the BAA. We may use fully anonymized and de-identified data for lawful purposes.

4. Intellectual Property
   We retain all rights, title, and interest in the Services. You receive no ownership rights. Unauthorized use of our intellectual property is prohibited.

5. Warranty Disclaimers; Limitation of Liability
   The Services are provided “as is” without warranties of any kind. We disclaim all warranties and limit our liability to the greater of fees paid in the last six months or US$500. We are not liable for indirect, incidental, or consequential damages.

6. Indemnification
   You will indemnify us for claims arising from your use of the Services or violation of this Agreement. We will indemnify you for certain third-party infringement claims as set forth herein. If there is a conflict related to PHI, the BAA’s terms control.

7. Governing Law
   New York law governs this Agreement. Any disputes must be brought in the federal or state courts located in New York.

8. Disputes
   Parties will attempt to resolve disputes in good faith for 90 days before taking legal action. Nothing prevents seeking equitable relief during that period.

9. Severability
   If any part of this Agreement is invalid, the remaining provisions remain in effect.

10. Entire Agreement
    This Agreement, the Privacy Policy, and the BAA if applicable constitute the entire understanding. In the event of a conflict related to PHI handling between this Agreement and the BAA, the BAA prevails.

11. Force Majeure
    We are not liable for failures caused by events beyond our reasonable control.

12. Assignment
    You may not assign this Agreement without our consent. We may assign freely.

13. Waiver
    No waiver is effective unless in writing. A waiver of one right does not waive any others.

14. Release
    You release us from claims arising from your use of the Services, except where prohibited by law. This does not apply to claims of fraud or unconscionable commercial practice.

15. Comments, Concerns, and Complaints
    Contact us at support@whadata.com.

WHADATA HEALTH DATA PRIVACY POLICY
Date of Policy: December 6th 2024

Whadata AI, Inc. (“Whadata,” “we,” “us,” or “our”) recognizes the sensitive and confidential nature of Protected Health Information (“PHI”) and is committed to safeguarding it in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and all applicable privacy and security regulations (collectively “HIPAA Rules”). This Health Data Privacy Policy (“Policy”) explains how we handle PHI when providing our healthcare-related platform and services (the “Services”) on behalf of Covered Entities and their Business Associates (collectively, “you” or “your”).

This Policy applies solely to PHI that Whadata receives, maintains, or transmits on your behalf in connection with the Services. For information on how we handle non-PHI personal information, please refer to our General Privacy and Cookies Policy.

1. Purpose and Scope
This Policy describes how Whadata protects and uses PHI in compliance with HIPAA Rules. When we act as a Business Associate to a Covered Entity, we agree to comply with the terms of the Business Associate Agreement (“BAA”) executed with that Covered Entity. The BAA, together with this Policy, governs our privacy and security obligations regarding PHI.

2. Definitions

• Protected Health Information (PHI): PHI includes any individually identifiable health information relating to an individual’s health condition, provision of healthcare, or payment for healthcare that Whadata creates, receives, maintains, or transmits on behalf of a Covered Entity.

• Covered Entity: A healthcare provider, health plan, or healthcare clearinghouse subject to HIPAA.

• Business Associate: A person or organization, other than a workforce member of a Covered Entity, that performs activities or services involving the use or disclosure of PHI on behalf of a Covered Entity.

3. Our Role Under HIPAA
Whadata typically serves as a Business Associate to Covered Entities using our Services. As such, we may create, receive, maintain, or transmit PHI on behalf of Covered Entities as permitted by the HIPAA Rules and the BAA. We will not use or disclose PHI except as allowed under the BAA, this Policy, HIPAA Rules, or as required by law.

4. How We Use and Disclose PHI

• Permitted Uses and Disclosures: We may use or disclose PHI as necessary to provide the Services, for example, to process patient data, facilitate treatment-related communications among authorized healthcare professionals, support payment activities (if contracted), or assist in healthcare operations as defined by HIPAA, such as quality improvement or analytics.

• Minimum Necessary: We will make reasonable efforts to ensure that access to and disclosure of PHI is limited to the minimum amount necessary to accomplish the intended purpose, in accordance with HIPAA’s “minimum necessary” standard.

• Authorizations: We will not use or disclose PHI for purposes outside the scope of treatment, payment, or healthcare operations without a valid, written patient authorization or as otherwise permitted or required by the HIPAA Rules.

5. Individual Rights
While Covered Entities are responsible for managing patient requests related to PHI, our Services are designed to support compliance with individual rights under HIPAA, including:

• Right of Access: Covered Entities may use our Services to retrieve and provide patients with their PHI.

• Right to Amend: We can support Covered Entities in amending PHI within our system as directed, maintaining audit trails of changes.

• Right to Accounting of Disclosures: Our Services maintain logs of certain disclosures to help Covered Entities comply with accounting requirements.

6. Administrative, Physical, and Technical Safeguards
We implement appropriate administrative, physical, and technical safeguards to protect PHI:

• Administrative Safeguards: We conduct regular risk analyses, implement policies and procedures for workforce training and sanctions, and maintain contingency plans for emergencies.

• Physical Safeguards: We secure servers and restrict physical access to facilities storing PHI, using measures like controlled access, locked server rooms, and proper device disposal protocols.

• Technical Safeguards: We use access controls, encryption (in transit and at rest), unique user identification, audit logs, and integrity checks to protect PHI from unauthorized access, alteration, or disclosure.

7. Business Associate Agreements (BAAs)
We enter into BAAs with all Covered Entities or upstream Business Associates. Each BAA outlines the permitted uses and disclosures of PHI, our obligations regarding security and breach notification, and our commitment to comply with HIPAA Rules. In the event of any conflict between this Policy and the BAA, the BAA will govern with respect to PHI.

8. Breach Notification
In the event of a breach of unsecured PHI, we will provide the required notifications to the Covered Entity in accordance with HIPAA’s Breach Notification Rule and our BAA. We will cooperate with the Covered Entity in investigating and mitigating the breach and, if requested, assist in providing the required notifications to affected individuals and regulators.

9. Data Retention and Destruction
We will retain PHI as required to fulfill the purposes outlined in our agreement with you or as required by law. When PHI is no longer needed, we will securely destroy or return it in accordance with the BAA and HIPAA standards, employing methods that render the PHI unusable, unreadable, or indecipherable.

10. International Transfers
To the extent we transfer PHI outside of the United States, we will implement appropriate safeguards to ensure that PHI is protected in accordance with U.S. legal standards and any applicable HIPAA requirements, unless otherwise directed by the Covered Entity.

11. Complaints and Concerns
If you have concerns about our handling of PHI, please contact us at:
Email: support@whadata.com

Patients may direct any requests or complaints to their Covered Entity. We will promptly assist the Covered Entity, as appropriate, in addressing such concerns.

12. Changes to This Policy
We may update this Policy as necessary to ensure continued compliance with HIPAA or to reflect changes in our Services. We will notify Covered Entities of significant updates. The latest version of this Policy will be made available to Covered Entities.

13. Governing Law
This Policy is governed by and shall be interpreted in accordance with applicable federal and state laws, including HIPAA and its implementing regulations.

WHADATA CUSTOMER PRIVACY POLICY
Date of Policy: December 6, 2024

This General Privacy and Cookies Policy (the “Policy”) describes how Whadata AI, Inc. (“Whadata,” “we,” “us,” or “our”) collects, uses, stores, and discloses certain personal data about you as a customer or user of our website, platform, and related online services (the “Services”). This Policy does not apply to any Protected Health Information (“PHI”) or patient data that Whadata may process on your behalf as part of separate, healthcare-related services. For PHI-related privacy practices, please refer to our HIPAA-specific notice or Business Associate Agreement.

PART A – WHADATA GENERAL PRIVACY POLICY

1. Purpose of this Privacy Policy
   Whadata respects your privacy and is committed to protecting your personal data in accordance with applicable data protection laws. This Policy explains how we collect, use, and share personal data that you provide to us or that we collect from you when you subscribe to or use our Services. This Policy (together with our Terms of Service) applies only to personal data we collect and process to manage your account and relationship with us. It does not apply to personal data or PHI we process on your behalf in the course of providing our Services to you.
   Please read this Policy carefully to understand our practices regarding your personal data.

2. Data Controller
   Whadata AI, Inc., incorporated under the laws of the State of New York, is the data controller responsible for your personal data. In this Policy, “Whadata,” “we,” “us,” or “our” refers to Whadata AI, Inc.

3. Contact Details
   If you have questions about this Policy or our privacy practices, please contact us at:
   Email: support@whadata.com

4. Changes to This Policy
   We keep this Policy under regular review and may update it from time to time. Changes will be posted on this page and, where appropriate, notified to you by email or when you next log into the Services. It is important that the personal data we hold about you is accurate and current. Please inform us of any changes to your personal data during our relationship.

5. Third-Party Links
   Our website may contain links to and from third-party websites, partner networks, and affiliates. These websites have their own privacy policies, and we do not accept any responsibility or liability for them. Please review these third-party policies before submitting any personal data to their websites or using their services.

6. Data We Collect About You
   We may collect, use, store, and transfer different kinds of personal data about you, including:

• Identity Data: First name, last name, username or similar identifier, position.

• Contact Data: Email address and other contact details needed to manage our contract with you.

• Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and related technology on the devices you use to access the Services.

• Usage Data: Details of how you use the Services, including traffic data, features accessed, and number of active users of our Services.

We may also collect, use, and share Aggregated Data (such as statistical or demographic data) for any purpose. Aggregated Data is not considered personal data under applicable law as it does not directly or indirectly reveal your identity. If we combine Aggregated Data with your personal data such that you can be identified, we treat the combined data as personal data in accordance with this Policy.

1. How Is Your Personal Data Collected?
   We collect personal data from you directly, for example when you enter into a contract for our Services or communicate with us. We also automatically collect Technical and Usage Data via cookies and other tracking technologies when you use the Services. For more details, see our Cookies Policy in Part B below.

2. Cookies
   We use cookies and similar technologies to distinguish you from other users and remember your preferences. This helps us provide a good user experience and improve our Services. For more information on cookies, see Part B (Cookies Policy) below.

3. How We Use Your Personal Data
   We will only use your personal data where the law allows. Commonly, we use your personal data in the following circumstances:

• With your consent.

• Where we need to perform a contract with you.

• Where it is necessary for our legitimate interests and does not override your rights and freedoms.

• Where we need to comply with a legal or regulatory obligation.

Examples of uses include:

• Managing our relationship with you, responding to queries, and notifying you of changes to our Terms of Service or this Policy.

• Administering and protecting our business and Services, including troubleshooting and data analysis.

• Ensuring compliance with applicable legal and regulatory requirements.

1. Disclosures of Your Personal Data
   We may share your personal data with:

• Service providers that support our business and IT infrastructure (e.g., hosting, analytics).

• Professional advisors (lawyers, bankers, auditors, insurers).

• Regulators, local authorities, or other public authorities as required by law.

We ensure that any service provider we engage is required to keep your personal data confidential and to use it only for the purposes for which we have instructed them.

1. Data Security
   We maintain appropriate security measures to protect your personal data from accidental loss, unauthorized use, or unauthorized access. You are responsible for keeping any password for accessing certain parts of our Services confidential. While we employ reasonable security measures, we cannot guarantee absolute security.

By contracting with us or using our Services, you consent to the transfer of your information to the United States or other countries that may not offer the same level of data protection as your own.

1. Data Retention
   We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including satisfying any legal, regulatory, accounting, or reporting requirements. We may retain personal data longer if needed in the event of a complaint or if we reasonably believe there is a prospect of litigation relating to our relationship with you. In some cases, we may anonymize your personal data for research or statistical purposes, in which case we may use this information indefinitely.

2. Your Legal Rights
   Depending on applicable data protection laws, you may have the right to:

• Request access to your personal data.

• Request correction or erasure of your personal data.

• Object to or request restriction of processing of your personal data.

• Request the transfer of your personal data to a third party.

• Withdraw consent where we rely on it.

To exercise any of these rights, please contact us at the address provided in Section 3. We will respond within a reasonable time and may request additional information to verify your identity.

1. How to Complain
   If you have concerns about our handling of your personal data, contact us at support@whadata.com. If you remain dissatisfied, you may have the right to lodge a complaint with an applicable data protection authority. We encourage you to contact us first so we can address your concerns.

2. Changes to This Privacy Policy
   We may update this Policy from time to time. Any changes will be posted here, and if significant, we will bring them to your attention as required by law.