Customer Terms of Service

Existing Customers: These updated Customer Terms of Service (these “Terms of Service” or the “Agreement”) will apply upon your renewal of the Services. For a copy of our previous Customer Terms of Service, email contact@tryroot.com.

By using any of the services provided by Root Technologies, Inc. (“Root”, “we”, “us”, or “our”) you are agreeing to the following terms and conditions (“Terms of Service” or “Agreement”).  We may refer to us and you as a “Party” or collectively, the “Parties” in these Terms of Service.  If you are a User, these Terms of Service apply to you to the extent the Terms of Service apply to Users.

“You, “your,” or “Customer” means the person or legal entity accessing or using the Root Services, defined as (a) services to healthcare providers to manage insurance processes, including patient eligibility assessment and claims submission, (b) maintenance of a directory of healthcare providers, which directory shall be made available to your patients; and (c) related services.  IF YOU DO NOT WISH TO BE BOUND BY THESE TERMS OF SERVICE, PLEASE EXIT NOW AND DO NOT USE ANY OF THE SERVICES.  Your agreement with us regarding compliance with these Terms of Service becomes effective immediately upon commencement of your use of the Services. Violating any of the terms below may result in suspending or terminating your access to the Services without a right to any refund for any payments made.

1. DEFINITIONS

“Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control with, a Party to this Agreement, where “control” means the control, through ownership or contract, of 50% or more of all the voting power of the shares entitled to vote for the election of the entity's directors or members of the entity's governing body; provided that such entity shall be considered an Affiliate only for the time during which such control exists.

“Insurance Services” means the services described in Section 3 below.

“Customer Account” means the Customer’s enterprise account and access to the Customer's selected Services.  Customer will authorize Users to access the Services via the Customer Account.

“Business Associate Agreement” is the agreement attached hereto as Exhibit A and incorporated by this reference herein that outlines the responsibilities and obligations of each party regarding the use, disclosure, and protection of Protected Health Information (defined below) in compliance with the Health Insurance Portability and Accountability Act regulations.

“Customer Data” means any content, data, text, messages, images, and the like that are owned or licensed by Customer and uploaded by or on behalf of Customer or its Users to the Services or otherwise provided to Root in connection with the Services. 

“Order Form” means Root’s ordering document evidencing Customer's Services selection(s) and any additional or different terms and conditions that are hereby incorporated herein.

Protected Health Information (“PHI“) has the meaning set forth in 45 C.F.R. §160.103.

“Root Directory” means a directory of healthcare providers who have opted to be included, compiled, and maintained by Root and made available at Root’s sole discretion to patients of Root’s customers and publicly via the Root website. 

“Root Content” means content Root creates, owns, or licenses (including photos). Use of Root Content requires that you elect to include Root Content as part of your Subscription Services, and such use is limited to the Subscription Term in your Order Form.  Your use of Root Content is limited to the Term of this Agreement.

“Software” means Root's source code, object code, or underlying structure, ideas, or algorithms of the Services.

“Updates” means modifications, updates and changes made by Root to the Services which Root makes generally available to its customers at no additional fee. Updates exclude new features, functions and capabilities which are offered for an additional fee and must be specified in a signed agreement between the Parties.

“User” means an individual who is authorized by Customer including: employees, Affiliates, or consultants of a Customer with the right to access and use the Services.  

“User Account” means the individual account registration for each User that allows a User's password-restricted access to the customer-authorized instance of the Customer Account.

2. USE OF THE SERVICES

1. License.  Subject to these Terms of Service and any additional terms included in an Order Form, Root provides you and your Users a limited, non-exclusive, non-transferable, and non-sublicensable right to access and use the Services during the Subscription Term set forth in an applicable Order Form.

2. Use Guidelines. You acknowledge and agree that you shall use the Services solely for the purposes contemplated by these Terms of Service and shall not (and shall not allow any third party to) except as expressly provided herein (i) license, copy, sell, resell, lease, transfer, distribute, or otherwise commercially exploit or make the Services available to any third party; (ii) send via, upload to, or store within the Services any malicious code or virus; (iii) interfere with or disrupt the integrity or performance of the Services or the data contained therein;  (iv) attempt to gain unauthorized access to the Services or its related systems; or (v) use the Services in any manner not permitted by the Business Associate Agreement attached hereto. You acknowledge and agree that in the event you elect to add any additional products, supplemental services, and/or add-on features to your existing Services, you (and your Users) may be required to accept additional User guidelines and/or terms of service, including third-party terms.

3. Updates and Modifications.  Root reserves the right to modify, enhance, adapt, discontinue, or change the Services, including any features or functionalities thereof, at our discretion to improve performance, ensure compliance with applicable law, or to align with business requirements. Such changes will be subject to the following terms:
   
   

4. Notification: We shall endeavor to provide advance notice of changes that, in our sole judgment, may materially adversely affect your use of the Services. For changes affecting a limited number of customers or for emergency updates necessary to maintain the integrity of the Services, notice may be provided through in-System updates or email notifications.

5. New Features and Functionality: Any new features or functionality that are added to the Services and made generally available may be subject to additional terms, acceptance of which will be required for use of such features or functionality. If applicable, additional fees for new features or functionality shall be agreed upon via a signed agreement and/or amendment or addendum to these Terms of Service.

6. Continuity of Services: While we strive to maintain the availability of all Services, we do not guarantee the provision of any specific Service, product, pricing, or feature beyond the Term stated in your current Order Form.
   
   

7. Data Maintenance and Backup Procedures. The Services are not intended to be a failsafe data warehouse or data backup solution. In the event of any loss or corruption of Customer Data, we will use commercially reasonable efforts to restore the lost or corrupted Customer Data from the latest backup of such Customer Data maintained by us. You acknowledge that full restoration of Customer Data may not be possible under all circumstances.  As the custodian of your Customer Account, you should independently back up your personal data, to the extent permitted herein and by applicable laws and regulations.  

3. INSURANCE SERVICES

   1. Services.  Subject to your compliance with this Agreement, Root will provide the following Insurance Services: (a) verification of patients’ eligibility for benefits; and (b) completing and filing insurance claims with the appropriate insurance payers.  Claims will be submitted to insurance payers in Customer’s name and reimbursement shall be directed to the address indicated by Customer.  We will not directly receive any payments from any insurance payer.  We will submit only claims that qualify as “clean claims” as that term is understood in the healthcare industry.

2. Customer Obligations – Claims Submission.  To enable Root to provide the Insurance Services, and subject to applicable laws, Customer agrees to:

   1. Upon providing treatment to a patient, or at least monthly (whichever is more frequent), submit to us all necessary information regarding the services to be billed.

   2. Ensure the accuracy of any information you provide to us in connection with the Insurance Services.

   3. Provide us with all patient explanation of benefits documents (“EOBs”) as reasonably requested by us.

   4. Provide us access to your records pertaining to patient services for such period as we deem necessary to perform the Services and protect our legal rights.

   5. Maintain appropriate fraud and abuse prevention policies and procedures and ensure that no false or misleading claim information is provided to us. 

   6. Comply with all applicable laws and regulations regarding billing and claims, and obtain any legal advice necessary to ensure such compliance. 

   7. Promptly inform us of your receipt of payment for services we have billed on your behalf.

   8. Cooperate fully with us to enable us to determine which claims have been paid and the applicable fees for the Services.

3. Collection by Customer of Patient Responsibility Payments.  In addition to the foregoing and in accordance with applicable law, Customer will make a good faith effort to collect from all insured patients (a) co-payments, co-insurance, deductibles, and any other form of patient responsibility payment due; (b) payments for non-covered services; and (c) the difference between Customer's charges and any out-of-network payments billed and collected. Customer acknowledges that waiver of any such fees may violate applicable law.  

4. Patient Responsibility Communications. After an insurance claim has been filed by Root and a balance established for patient responsibility, if any, the patient billing and rebilling process will commence. Customer will send the  patient an initial statement within thirty (30) business days after the balance has been established. After thirty (30) days, Customer will send a second statement, and, if no payment has been received within the next thirty (30) days, will send a third statement. 

5. Denials.  Root shall not be liable in any case for the denial of claims timely filed where such denial is due to Customer’s negligence, recklessness, or intentional misconduct or Customer’s failure to fulfill the obligations set forth at Section 3.2.

6. Records; Audit.  For the term of this Agreement and for seven (7) years thereafter, Root shall have reasonable access, during normal business hours, to the books and records of Customer relating to the health care services rendered by or on behalf of Customer to enable the Root to comply with its obligations under this Agreement, including, without limitation, for audits pertaining to its compliance program and to respond to investigations or allegations regarding the Services.

4. ROOT DIRECTORY

   1. If you opt to be included in the Root Directory, you hereby agree to provide to Root the following information (“Provider Information”) and grant us the right to include such information in the Root Directory, which will be made available to your patients and patients of Roots’ other customers, for the Term of this Agreement: your name, type of licensure, description of services, contact information, and any other information reasonably necessary to inform prospective patients of your services. You are solely responsible for the accuracy of the Provider Information you provide to Root and for timely providing us with any updates or corrections to such information.

2. Root shall have sole discretion as to whether and how Provider Information is displayed in the Root Directory.

5. FEES

   1. Fees.  Customer will pay Root the service fees (“Fees”) set forth in the applicable Order Form. Except as set forth below in Section 5.1.1 below, Fees will be assessed as a percentage of the amount of each claim managed by Root and (a) collected by the Customer or (b) paid to an individual patient by an insurance payer, regardless of whether the Customer receives payment for such services. Customer agrees to pay the Root for said services within the thirty (30) days following the payment of such claims.

      1. If Customer cannot provide sufficient documentation to verify all patient services provided and/or payments made for services, Root may make a reasonable estimate of the amounts that were likely billed by Customer and the amounts likely paid by any insurance payer either directly to Customer or to an individual for services provided by Customer.  Root will make these estimates using sources such as claims status information provided by an insurance payer. Root shall submit an invoice for Fees related to such payments, and Customer shall pay such invoice within thirty (30) days of receipt.

2. Payment Method.  If you have elected to make payments for Fees via credit card, charge card, debit card, or financial institution account (herein “Payment Method”), then you hereby authorize Root to charge your Payment Method for the Fees.  When you provide a Payment Method to us, you confirm that you are permitted to use that Payment Method and you also authorize us, or our third-party payment processor if applicable, to receive, collect, and store your Payment Method information, along with other related transaction information.  You agree to submit any disputes regarding any invoices related to your account in writing to Root within thirty (30) days of the receipt of the invoice, otherwise, such dispute will be waived, and such invoice will be final and not subject to challenge.

3. Payment Failure and Suspension.  If your Payment Method fails or your account is past due, and you have not cured such failure to pay within thirty (30) days of written notice of any past due amounts, (i) you agree to pay all amounts due on your account upon demand and reimburse us for all reversals, charge-backs, claims, fees, fines, penalties, and other liability incurred by us (including costs and related expenses) that were caused by or arising out of payments that you authorized or accepted, (ii) we may collect fees owed using other collection mechanisms (this includes charging other payment methods on file with us) and (iii) we reserve the right to either suspend access to, deactivate, or terminate and delete your Customer Account and User Accounts.  We are not responsible for any loss or damage to you or any third party that may be incurred as a result.

4. Unpaid Fees and Finance Charges.  Unpaid undisputed fees are subject to a finance charge of 1.5% per month, or the maximum permitted by law, whichever is lower, plus all expenses of collection, including reasonable attorneys' fees.

6. TERM AND TERMINATION

   1. Term. These Terms of Service take effect on the earlier of the execution of an Order Form or your first access to the Services and shall continue so long as any Order Form remains in effect and for six (6) months thereafter unless earlier terminated in accordance with these Terms of Service (the “Term”).

2. Subscription Term.   The term for the Services and your obligation to pay all Fees owing shall be as set forth in the Order Form (the “Subscription Term”) and will renew in accordance with the terms set forth in the Order Form.

3. Termination for Cause.  Either Party may terminate these Terms of Service and all Services and Order Forms upon fifteen (15) days’ prior written notice in the event of a material breach unless such breach is cured during the notice period. If termination is due to your uncured material breach, you shall remain obligated to pay all Fees owed (whether paid or payable) for the remainder of the Subscription Term showing on your then-current Order Form.  Notice of any material breach must be provided within thirty (30) days from learning of the material breach for this Section 6.3 to be applicable. Either Party may immediately terminate these Terms of Service upon written notice to the other Party (i) upon the institution by or against the other Party of insolvency, receivership, or bankruptcy proceedings, (ii) upon the other Party's making an assignment for the benefit of creditors, or (iii) upon the other Party's dissolution or ceasing to do business.

4. Termination Without Cause.  Either Party may terminate these Terms of Service and all Services and Order Forms without cause upon thirty (30) days’ written notice.  

5. Effects of Termination.  Upon termination of these Terms of Service, all rights to access and use the Services will immediately terminate. Unless you have requested download access prior to termination, all Customer Data and other data or content you have uploaded to the Services will be deleted within ninety (90) days and may not be recoverable.  Root shall not be liable for loss of any such data due to termination or non-renewal of the Services or these Terms of Service.  In no event will the expiration or termination of these Terms of Service relieve you of any obligation to pay Fees applicable to the Subscription Term for any applicable Order Form prior to the date of termination.  Rights to accrued payments, remedies for breach, and Sections 5 (“Fees”), 7 (“Confidentiality”), 8 (“Ownership & Data Analytics”), 9 (“Warranties & Disclaimer”), 10 (“Indemnification”),  11 (“Limitations of Liability”) and 13(“Miscellaneous”) and this Section shall survive any termination or expiration of these Terms of Service.

7. CONFIDENTIALITY

   1. Confidentiality.  Root and you may exchange certain confidential information (“Confidential Information”).   Confidential Information may include (i) non-public information about Root' pricing, personnel, or partnerships, our product roadmap, our security and data protection documentation, or other non-public information we identify as confidential; (ii) non-public information about your marketing plans, social media strategies, products, expansion opportunities, or such other non-public information you identify as confidential; and (iii) non-public information disclosed by either Party to the other Party, either directly or indirectly, in writing, orally, or to which the other Party may have access, which (a) a reasonable person would consider confidential, or (b) is marked “confidential” or “proprietary” or some similar designation by the disclosing Party.  Information will not be considered Confidential Information if (i) it was lawfully in the receiving Party's possession before receiving it from the disclosing Party; (ii) it is provided in good faith to the recipient by a third party without breaching any rights of the disclosing Party or any other party; (iii) it is or becomes generally available to, or accessible by, the public through no fault of the receiving Party; or (iv) it was or is independently developed by the receiving Party without reference to the disclosing Party's Confidential Information.

2. Confidentiality Obligations. During the Term and for a period of three (3) years after expiration or termination of these Terms of Service, neither Party shall make the other's Confidential Information available to any third party or use the other's Confidential Information for any purposes other than exercising its rights and performing its obligations under this Agreement.  Neither Party shall disclose Confidential Information except to such Party's advisors, accountants, attorneys, investors (and prospective investors), and prospective acquirers that have a reasonable need to know such information, provided that any such third parties shall, before they may access such information, either (i) execute a binding agreement to keep such information confidential or (ii) be subject to a professional obligation to maintain the confidentiality of such information. Each Party shall take all reasonable steps to ensure that the other's Confidential Information is not disclosed or distributed by its employees or agents in violation of the terms of this Agreement, but in no event will either Party use less effort to protect the Confidential Information of the other Party than it uses to protect its own Confidential Information of like importance. Each Party will ensure that any agents or subcontractors permitted to access any of the other's Confidential Information are legally bound to comply with confidentiality obligations. Notwithstanding the foregoing, Confidential Information may be disclosed as required by any governmental agency, provided that before disclosing such information, the disclosing Party must provide (to the extent permitted by applicable law) the non-disclosing Party with sufficient advance notice of the agency's request for the information to enable the non-disclosing Party to exercise any rights it may have to challenge or limit the agency's authority to receive such Confidential Information.

8. OWNERSHIP AND DATA ANALYTICS

   1. Root’s Ownership.  As between you and Root, Root retains all right, title, and interest in and to the Services along with all patents, inventions, copyrights, trademarks, domain names, trade secrets, know-how, Root Content, and any other intellectual property and/or proprietary rights (“Intellectual Property”) related to the Services. Your use of the Services under these Terms of Service does not give you additional rights in the Services or ownership of any Intellectual Property associated with the Services. Nothing herein shall be construed to restrict, impair, encumber, alter, deprive, or adversely affect the Services or Intellectual Property or any of Root's rights or interests therein or any other Root intellectual property, brands, information, content, processes, methodologies, products, goods, services, materials, or rights, tangible or intangible.  All rights, title, and interest in and to the Services not expressly granted in these Terms of Service are reserved by Root.  The Software and look and feel of the Services are protected by United States and other copyright laws and are a part of Root’s Intellectual Property and may not be duplicated, copied, or reused in any manner (including, without limitation, the HTML/CSS or visual design elements of the Software) without Root’s express written permission.

2. Customer Ownership.  Except as otherwise provided in these Terms of Service,  you retain all rights, title, and interest in all Customer Data you create or is created on your behalf and upload to the Services. During the Term of the Agreement, you grant us a non-exclusive, irrevocable, worldwide, fully paid up, sub-licensable, transferable, limited license to access, transmit, reformat, list information regarding, or translate such Customer Data to the extent needed to provide you with the Services.

3. Data and Data Analytics.  Subject to applicable laws, Root may develop, make available, use, or collect certain data, data analytics, or anonymized and aggregated personal data (“Anonymized Data”).  Root retains the right to Anonymized Data. Anonymized Data is de-identified such that it cannot be used to identify you, your Users, or any other person. 

4. Feedback.  If you or a User provides any feedback to Root concerning the functionality, characteristics, or performance of the Services (including identifying potential errors and improvements) (“Feedback”), you grant Root a non-exclusive, worldwide, perpetual, and irrevocable license to use, reproduce, incorporate, and exploit this Feedback for any purpose, without any obligation to compensate you. While we may use the Feedback freely, we will not disclose your identity as the source of the Feedback without your consent, unless required by law. Providing Feedback is voluntary.

9. WARRANTIES & DISCLAIMER

   1. Mutual Representations and Warranties.  Each Party represents and warrants that: (i) it has the legal power and authority to enter into this Agreement; and (ii) it has all rights necessary to enter into this Agreement and to perform its obligations hereunder and does not and will not violate any other agreement to which such Party is a party.

2. Disclaimer. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, THE SOLE AND EXCLUSIVE WARRANTIES AND WARRANTY REMEDIES ARE OUTLINED IN THIS SECTION AND, EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT, THE SOFTWARE AND SERVICES, INCLUDING ALL FUNCTIONS THEREOF, ARE PROVIDED ON AN “AS IS” BASIS, WITHOUT REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER, WHETHER EXPRESS, IMPLIED, ORAL OR WRITTEN, INCLUDING WITHOUT LIMITATION, ACCURACY OF CONTENT, NON-INFRINGEMENT, NON-INTERFERENCE, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY OR ERROR-FREE.

ROOT IS NOT RESPONSIBLE FOR AND WILL NOT BE LIABLE FOR ANY THIRD-PARTY SERVICE THAT YOU MAY USE, CONNECT, OR INTEGRATE WITH YOUR USE OF THE SERVICES. FOR AVOIDANCE OF DOUBT, WE ARE NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGES RESULTING FROM SUCH PROBLEMS THAT ARE NOT DIRECTLY CONTROLLED OR MANAGED BY US. WE ARE NOT RESPONSIBLE FOR ANY CUSTOMER DATA OR ANY CONTENT OR SERVICES PROVIDED BY THIRD PARTIES. 

10. INDEMNIFICATION

    1. Root Indemnity.  Except as otherwise provided in these Terms of Service, we shall indemnify, defend, and hold harmless you from and against any losses, liabilities, costs, expenses (including reasonable attorneys' fees), penalties, judgments, settlement amounts, and damages (“Losses”) incurred by you arising from a claim, suit, action, or proceeding brought by a third party (a “Claim”) (a) alleging that the Software or the Services, when used by you as permitted by these Terms of Service, infringes upon such third party's intellectual property right; or (b) arising from or relating to a breach of these Terms of Service, the Privacy Policy, or the Business Associate Agreement.

       1. Exceptions: We shall have no obligation under this Section 10 for any infringement to the extent that it arises out of or is based upon any of the following (“Excluded Claims”): (i) any use of the Services not in accordance with this Agreement or as specified in any documentation that may be provided by Root; (ii) any use of the Services in combination with other products, equipment, software, or data not supplied by Root; (iii) any modification of the Services by any person other than Root or its authorized agents; or (iv) with respect to your or any User's use of the Services after Root has notified you to discontinue such use. 

          1. Infringement Response Actions: If the Root’s software system, or any part of it, faces an infringement claim or is likely to, Root may, at its discretion and cost: (i) secure rights for you to continue using the Software, (ii) replace it with a similar non-infringing software, or (iii) modify the Software to avoid infringement without reducing its functionality significantly. If Root cannot effectively implement these solutions, either party may terminate the affected services. In such cases, Root will issue a prorated refund or credit for any unused, prepaid fees associated with the terminated services. These actions constitute your exclusive remedies for any infringement-related claims.

2. Customer Indemnity.  You shall indemnify, defend, and hold harmless us from and against any Losses incurred by us from a Claim arising from or relating to a breach of these Terms of Service, the Privacy Policy, or the Business Associate Agreement.  Without limiting the foregoing, your indemnification obligations shall include the obligation to defend, indemnify and hold Root harmless for any and all claims, losses (including without limitation, loss of revenue for services provided), and expenses with respect to billing errors that result from any erroneous, inaccurate, untimely or incomplete information provided by you to us. We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, in which event you will cooperate with us in asserting any available defenses.

3. Indemnification Procedure.  The indemnified Party shall provide the indemnifying Party with (i) prompt written notice upon learning of any such potential claim or claims (provided, however, that failure to give prompt notice will not relieve the indemnifying Party of any liability hereunder, except to the extent the indemnifying Party has suffered actual material prejudice by such failure); (ii) sole control of the defense, investigation, and settlement of any such claim, provided that an indemnifying Party will not settle any such action without the written consent of the indemnified Party; and (iii) reasonable cooperation (at the indemnifying Party's sole expense) in the defense, investigation and settlement of any such claim.  Notwithstanding anything herein to the contrary, the indemnifying Party will not settle any claims for which it has an obligation to indemnify under this Section 10.3 admitting liability or fault on behalf of the indemnified party, nor create any obligation on behalf of the indemnified party without the indemnified Party's prior written consent.

11. LIMITATION OF LIABILITY

    1. Excluded Damages. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THESE TERMS OF SERVICE OR ANY ORDER FORM, INCLUDING WITHOUT LIMITATION LOSS OF REVENUE OR ANTICIPATED PROFITS, LOST BUSINESS, OR LOST SALES, OR ANY OTHER MATTER RELATING TO THE SERVICES, GOODWILL, OR ANY OTHER INTANGIBLE LOSSES, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

2. Liability Cap. EXCEPT FOR A PARTY'S (I) GROSS NEGLIGENCE, WILLFUL MISCONDUCT, (II) INDEMNIFICATION OBLIGATIONS, OR (III) YOUR BREACH OF SECTION 2.2, THE TOTAL AGGREGATE LIABILITY OF Root FOR ANY AND ALL DAMAGES, LOSSES, AND CAUSES OF ACTION (WHETHER IN CONTRACT OR TORT, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE OR OTHERWISE), ARISING FROM THIS AGREEMENT OR YOUR USE OF THE SERVICES, SHALL NOT EXCEED THE TOTAL FEES RECEIVED BY OR PAYABLE TO US FROM YOU UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE LIABILITY.

3. Effect on Fees.  YOU ACKNOWLEDGE AND AGREE THAT WE HAVE BASED OUR FEES ON AND ENTERED INTO THIS AGREEMENT IN RELIANCE UPON THE LIMITATIONS OF LIABILITY AND DISCLAIMERS OF WARRANTIES AND DAMAGES IN THIS AGREEMENT AND THAT SUCH TERMS FORM AN ESSENTIAL BASIS OF THE BARGAIN BETWEEN THE PARTIES.  YOU ACKNOWLEDGE THAT IN THE ABSENCE OF SUCH LIMITATIONS, THE FEES AND OTHER TERMS WOULD BE SUBSTANTIALLY DIFFERENT.  THE PARTIES AGREE THAT THE LIMITATIONS AND EXCLUSIONS OF LIABILITY AND DISCLAIMERS SPECIFIED IN THESE TERMS OF SERVICE WILL SURVIVE AND APPLY EVEN IF FOUND TO HAVE FAILED OF THEIR ESSENTIAL PURPOSE. IN NO EVENT SHALL THE LIMITATIONS IN THIS SECTION APPLY TO FEES DUE FOR THE SERVICES UNDER THESE TERMS OF SERVICE.

12. PRIVACY AND SECURITY

    1. Privacy. Root shall handle any personally-identifiable information that is not subject to HIPAA in accordance with applicable laws and regulations.

2. Information Security.  Root shall maintain commercially reasonable information security practices and security controls.

3. HIPAA.  Where your use of the Service includes the provision of PHI, such information will be handled in accordance with the Business Associate Agreement between the Parties set forth below and incorporated into these Terms of Service. 

13. MISCELLANEOUS

    1. Governing Law. The laws of the state of New York will govern these Terms of Service, excluding its conflicts of laws principles.  Any legal action or proceeding arising under these Terms of Service will be brought exclusively in the federal or state courts located in Manhattan, New York and the Parties irrevocably consent to the personal jurisdiction and venue therein.

2. Efforts to Resolve Disputes. Before pursuing formal proceedings, both Parties agree to attempt to resolve disputes amicably by notifying each other and negotiating in good faith for thirty (30) days.

3. Relationship of the Parties. You agree that no joint venture, partnership, employment, or agency relationship exists between you and Root as a result of these Terms of Service or accessing or using the Services. Root’s performance under these Terms of Service is subject to existing laws and legal process, and nothing contained in these Terms of Service is in derogation of Root’s right to comply with governmental, court, and law enforcement requests or requirements relating to your access or use of the Services or information provided to or gathered by Root with respect to such use.

4. Publicity. Provided we obtain your advance written agreement, you grant us the limited right and license to list and display your name, trademark, and logo in connection with our customer lists and marketing materials in print or on the web to announce that you are using our Services.  You may terminate this right and license upon written notice to us or once your access to the Services has been terminated.  You will have the right to disclose your use of our Services but not the terms or specifics (including pricing terms) of your relationship with us unless we approve such disclosure in writing prior to such disclosure.

5. Subcontracting. Root retains the right to utilize third-party subcontractors for the execution of certain tasks related to our Services, and will be responsible for the performance of any such subcontractors.

6. Assignment. Neither Party may assign this Agreement (by operation of law or otherwise) without the prior written consent of the other Party, and any prohibited assignment or sublicense will be null and void. Notwithstanding the foregoing, either Party may assign this Agreement to an Affiliate or successor in the event of a merger, sale, or acquisition of all or substantially all of the assigning Party's assets or stock.  This Agreement will be binding upon and inure to the benefit of the Parties' permitted successors and/or assignees.

7. Force Majeure. Except with respect to delays or failures caused by the negligent act or omission of either Party, any delay in or failure of performance by either Party under this Agreement will not be considered a breach of this Agreement and will be excused to the extent caused by any occurrence beyond the reasonable control of such Party which may include, acts of God, power outages, or failures of the Internet or hosted service provider, provided that the Party affected by such event will immediately begin or resume performance as soon as practicable after the event has abated.  Excusable delays do not include lockout, shortage of labor, lack of or inability to obtain raw materials, fuel, or supplies, any other industrial disturbance, or outage or delay of one or more of the Networks. If the act or condition beyond a Party's reasonable control that prevents that Party from performing any of its obligations under this Agreement continues for thirty (30) business days or more, then the other Party may terminate this Agreement immediately upon written notice to the non-performing Party.

8. No Waiver. The failure of Root to exercise or enforce any right or provision of the Terms of Service shall not constitute a waiver of such right or provision. The Terms of Service, coupled with any legally executed pricing terms and modifications, constitutes the entire agreement between you and Root and govern your use of the Service, which supersedes any prior agreements between you and Root.

9. If any part of these Terms of Service is determined to be invalid or unenforceable pursuant to applicable law including, but not limited to, the warranty disclaimers and liability limitations contained herein, then the invalid or unenforceable provision will be deemed superseded by a valid, enforceable provision that most closely matches the intent of the original provision and the remainder of the Terms of Service shall continue in effect.

10. Modification. We expressly reserve the right to amend these Terms of Service from time to time upon reasonable notice to you (including without limitation via electronic notification or notification on our website at tryroot.com).You agree that it is your responsibility to review these Terms of Service from time to time and to familiarize yourself with any modifications.  If you do not raise any objections to the changes within fifteen (15) days of receipt of notice, your continued use of the Services will constitute acknowledgement of the modifications and agreement to abide and be bound by the revised Terms of Service.  You can review the most current version of the Terms of Service at any time at tryroot.com/terms. For questions about the Terms of Service please email contact@tryroot.com.

11. To the extent permitted by applicable law, neither Party shall initiate any action against the other party pursuant to these Terms of Service more than two (2) years from the date the claim arose.

12. Order of Precedence.  In the event of a conflict between the terms of an Order Form and this Agreement, the Order Form shall take precedence. In such event, the Order Form shall expressly reference this Agreement and the Section where the Order Form is intended to supersede. In the event of a conflict between the DPA and this Agreement, the DPA shall take precedence.

13. A printed version of these Terms of Service and of any notice given in electronic form shall be admissible in judicial or administrative proceedings based upon or relating to the Terms of Service to the same extent and subject to the same conditions as other business documents and records originally generated and maintained in printed form.

14. By using the Services, you agree that Root may communicate with you electronically regarding administrative, security, and other issues relating to your use of the Services. You agree that any notices, agreements, disclosures, or other communications that Root sends to you electronically will satisfy any legal communication requirements, including that such communications be in writing. The foregoing does not affect your statutory rights.

15. DMCA Notice.  For claims for copyright infringement, please contact Root Legal at legal@tryroot.com. We reserve the right to terminate these Terms of Service as to you or any User for repeat copyright infringement violations. 

16. Notice. Except as otherwise specified in these Terms of Service, all notices, permissions, and approvals hereunder shall be in writing and if sent to Customer, sent to the email address on your Order Form and/or such other email address we have for you, and if to Root, sent via email to the following address: contact@tryroot.com.  Such addresses may be updated from time to time upon written notice to the other Party.  

EXHIBIT A- BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement, dated as of the latest date in the signature blocks below (“BAA”), is between the entity agreeing to these Terms of Service (“Covered Entity”) and Root, Inc. (“Business Associate”).

WHEREAS, Business Associate and Covered Entity have entered into a Services Agreement. In connection with Business Associate’s services, Business Associate and Covered Entity anticipate that Business Associate will create or receive Protected Health Information from and/or on behalf of Covered Entity, which information is subject to protection under the Federal Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, as amended by the Health Information Technology for Economic and Clinical Health Act, Title XIII of the American Recovery and Reinvestment Act of 2009 (the “HITECH Act”), and related regulations promulgated by the Secretary (together “HIPAA”).

WHEREAS, in light of the foregoing and the requirements of HIPAA, Business Associate and Covered Entity agree to be bound by the following terms and conditions.

NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties agree as follows:

1. Definitions.

   1. Capitalized terms used, but not otherwise defined, in this BAA shall have the same meaning given to those terms by HIPAA as in effect or as amended from time to time.

   2. “Services Agreement” shall mean that certain agreement between Covered Entity and Business Associate under which Business Associate provides services to Covered Entity which involve the use or disclosure of Protected Health Information. 

2. Obligations and Activities of Business Associate.

1. Use and Disclosure. If Protected Health Information is created by or disclosed to Business Associate, Business Associate agrees not to use or disclose Protected Health Information other than as permitted or required by the Services Agreement, this BAA or as Required by Law. Business Associate shall comply with the provisions of this BAA relating to privacy and security of Protected Health Information and all present and future provisions of HIPAA that relate to the privacy and security of Protected Health Information and that are applicable to “business associates,” as that term is defined in HIPAA.

2. Appropriate Safeguards. Business Associate agrees to use appropriate safeguards to prevent the use or disclosure of the Protected Health Information other than as provided for by this BAA. Without limiting the generality of the foregoing sentence, Business Associate will:

   1. Implement administrative, organizational, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Electronic Protected Health Information that it creates, receives, maintains or transmits on behalf of the Covered Entity as required by the Security Rule;

   2. Report to Covered Entity any Security Incident involving Electronic Protected Health Information of which Business Associate becomes aware. Any actual, successful Security Incident will be reported to Covered Entity in writing without unreasonable delay. Any attempted, unsuccessful Security Incident of which Business Associate becomes aware will be reported to Covered Entity orally or in writing on a reasonable basis, as requested by Covered Entity. If HIPAA is amended to remove the requirement to report unsuccessful attempts at unauthorized access, the requirement hereunder to report such unsuccessful attempts will no longer apply as of the effective date of the amendment.

   3. Notify Covered Entity following the discovery of a Breach of Unsecured Protected Health Information in accordance with 45 C.F.R. § 164.410 without unreasonable delay and in no case later than 60 days (or within any shorter deadline imposed by applicable State law) after discovery of the Breach. A Breach is considered “discovered” as of the first day on which the Breach is known, or reasonably should have been known, to Business Associate or any employee, officer or agent of Business Associate, other than the individual committing the Breach. Any notice of a Security Incident or Breach of Unsecured Protected Health Information shall include the identification of each Individual whose Protected Health Information has been, or is reasonably believed by Business Associate to have been, accessed, acquired, or disclosed during such Security Incident or Breach as well as any other relevant information regarding the Security Incident or Breach.

3. Reporting. Business Associate agrees to report, without unreasonable delay, to Covered Entity any use or disclosure of Protected Health Information by Business Associate or a third party to which Business Associate disclosed Protected Health Information not permitted by this BAA of which Business Associate becomes aware.

4. Minimum Necessary Standard. To the extent required by the “minimum necessary” requirements of HIPAA, Business Associate shall only request, use and disclose the minimum amount of Protected Health Information necessary to accomplish the purpose of the request, use or disclosure. 

5. Mitigation. Business Associate agrees to take reasonable steps to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of Protected Health Information by Business Associate in violation of the requirements of this BAA (including, without limitation, any Security Incident or Breach of Unsecured Protected Health Information). Business Associate agrees to reasonably cooperate and coordinate with Covered Entity in the investigation of any violation of the requirements of this BAA and/or any Security Incident or Breach. Business Associate shall also reasonably cooperate and coordinate with Covered Entity in the preparation of any reports or notices required to be made under HIPAA or any other Federal or State laws, rules or regulations, to any Individual (entitled to notice in connection with a Breach), regulatory body, or any third party, provided that any such reports or notices shall be subject to the prior written approval of Covered Entity.

6. Subcontractors. Business Associate shall enter into a written agreement meeting the requirements of 45 C.F.R. §§ 164.504(e) and 164.314(a)(2) with each Subcontractor (including, without limitation, a Subcontractor that is an agent under applicable law) that creates, receives, maintains or transmits Protected Health Information on behalf of Business Associate. Business Associate shall ensure that the written agreement with each Subcontractor obligates the Subcontractor to comply with restrictions and conditions that are at least as restrictive as the restrictions and conditions that apply to Business Associate through this BAA. 

7. Access to Designated Record Sets. To the extent that Business Associate maintains Protected Health Information in a Designated Record Set, Business Associate agrees to provide access, at the request of Covered Entity, and in the time and manner designated by the Covered Entity, to Protected Health Information in a Designated Record Set created or received by Business Associate solely on behalf of Covered Entity only, to Covered Entity or, as directed by Covered Entity, to an Individual in order to meet the requirements under HIPAA Regulations. If an Individual makes a request for access to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within ten (10) business days of such request. Covered Entity shall have the sole responsibility to make decisions regarding whether to approve a request for access to Protected Health Information.

8. Amendments to Designated Record Sets. To the extent that Business Associate maintains Protected Health Information in a Designated Record Set, within thirty (30) days of a receipt of a request from Covered Entity for the amendment of an Individual’s Protected Health Information contained in such Designated Record Set, Business Associate agrees to provide such Protected Health Information to Covered Entity for amendment and to incorporate any such amendment(s) to Protected Health Information in the Designated Record Set maintained by the Business Associate pursuant to HIPAA Regulations and in the time and manner designated by the Covered Entity. If an Individual makes a request for an amendment to Protected Health Information directly to Business Associate, Business Associate shall notify Covered Entity of the request within ten (10) business days of such request. Covered Entity will have the sole responsibility to make decisions regarding whether to approve a request for amendment to Protected Health Information.

9. Access to Books and Records. Business Associate agrees to make its internal practices, books, and records relating to the use and disclosure of Protected Health Information received from, or created or received by Business Associate on behalf of, Covered Entity available to the Secretary for purposes of the Secretary determining Covered Entity’s and Business Associate’s compliance with the Privacy Rule.

10. Accountings. Business Associate agrees to, within thirty (30) days of request for an accounting of disclosures of Protected Health Information from Covered Entity, make available to Covered Entity such information as is in Business Associate’s possession and as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of Protected Health Information in accordance with HIPAA. If Business Associate receives a request for an accounting directly from an Individual, Business Associate shall forward such request to Covered Entity within ten (10) business days. Covered Entity shall have the sole responsibility to provide an accounting of disclosures.

3. Permitted Uses and Disclosures by Business Associate.

1. Services Agreement. Except as otherwise limited in this BAA, Business Associate may use or disclose Protected Health Information to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Services Agreement, provided that such use or disclosure would not violate HIPAA if done by Covered Entity or the minimum necessary policies and procedures of the Covered Entity.

2. Use for Administration of Business Associate. Except as otherwise limited in this BAA, Business Associate may use Protected Health Information for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate. Covered Entity acknowledges and agrees that proper management and administration of Business Associate includes, without limitation, modifications or upgrades to its software or services, and development of new features or functionality thereof, or new related product or services.

3. Disclosure for Administration of Business Associate. Except as otherwise limited in this BAA, Business Associate may disclose Protected Health Information for the proper management and administration of the Business Associate, provided that (i) disclosures are Required by Law, or (ii) Business Associate obtains reasonable assurances from the third party to whom the information is disclosed that the third party will (a) protect the confidentiality of the Protected Health Information, and (b) use or further disclose the Protected Health Information only as Required by Law or for the purpose for which it was disclosed to the third party.

4. Data Aggregation. Business Associate may use Protected Health Information to provide Data Aggregation services relating to the Health Care Operations of Covered Entity if required or permitted under this Agreement or the Service Agreement.

5. De-Identified Information. Business Associate may use Protected Health Information to create de-identified health information in accordance with the HIPAA de-identification requirements. Business Associate may disclose de-identified health information for any purpose permitted by law.

4. Obligations of the Covered Entity.

1. Permissible Requests by Covered Entity. Except as set forth in Section 3 of this BAA, Covered Entity shall not request Business Associate to use or disclose Protected Health Information in any manner that would not be permissible under the Privacy Rule if done by Covered Entity.

2. Minimum Necessary PHI. When Covered Entity discloses Protected Health Information to Business Associate, Covered Entity shall provide the minimum amount of Protected Health Information necessary for the accomplishment of Business Associate’s purpose. 

3. Permissions; Restrictions. Covered Entity warrants that it has obtained and will obtain any consents, authorizations and/or other legal permissions required under HIPAA and other applicable law for the disclosure of Protected Health Information to Business Associate. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an Individual to use or disclose his or her Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of Protected Health Information. Covered Entity shall not agree to any restriction on the use or disclosure of Protected Health Information under 45 C.F.R. § 164.522 that restricts Business Associate’s use or disclosure of Protected Health Information under this BAA unless Business Associate grants its written consent. 

4. Notice of Privacy Practices. Except as required under HIPAA or other applicable law, with Business Associate’s consent or as set forth in the Services Agreement, Covered Entity shall not include any limitation in the Covered Entity’s notice of privacy practices that limits Business Associate’s use or disclosure of Protected Health Information under this BAA.

5. Term and Termination.

1. Term. This BAA shall be effective as of the date of this BAA and shall terminate when all of the Protected Health Information provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this Section.

2. Termination Upon Breach. Any other provision of this BAA notwithstanding, either party (the “Non-Breaching Party”), upon knowledge of a material breach by the other party (the “Breaching Party”), shall provide an opportunity for the Breaching Party to cure the breach or end the violation. If Breaching Party does not cure the breach or end the violation within thirty (30) calendar days, the Non-Breaching Party may terminate: (A) this BAA; and (B) all of the provisions of the Services Agreement that involve the use or disclosure of Protected Health Information In the event that termination of this BAA is not feasible, in the Non-Breaching Party’s sole discretion, the Non-Breaching Party has the right to report the breach to the Secretary.

3. Effect of Termination.

1. Except as provided in Section 5(c)(ii), upon termination of this BAA, for any reason, Business Associate shall return or destroy all Protected Health Information received from Covered Entity, or created or received by Business Associate on behalf of Covered Entity. This provision shall apply to Protected Health Information that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the Protected Health Information.

2. In the event that Business Associate reasonably determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall extend the protections of this BAA to such Protected Health Information and limit further uses and disclosures of such Protected Health Information to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such Protected Health Information. Covered Entity acknowledges and agrees that (i) it is infeasible for Business Associate to delete Practice Protected Health Information from its backup tapes or other backup systems and (ii) it is infeasible for Business Associate to delete all Practice Protected Health Information during an ongoing investigation in connection with a Security Incident or Breach of Unsecured Protected Health Information, and that temporarily retaining certain Practice Protected Health Information may be necessary for such investigation.

6. Compliance with HIPAA Transaction Standards. When providing its services and/or products, Business Associate shall comply with all applicable HIPAA standards and requirements (including, without limitation, those specified in 45 CFR Part 162) with respect to the transmission of health information in electronic form in connection with any transaction for which the Secretary has adopted a standard under HIPAA (“Covered Transactions”). Business Associate will make its services and/or products compliant with HIPAA’s standards and requirements no less than thirty (30) days prior to the applicable compliance dates under HIPAA. Business Associate represents and warrants that it is aware of all current HIPAA standards and requirements regarding Covered Transactions, and Business Associate shall comply with any modifications to HIPAA standards and requirements which become effective from time to time. Business Associate shall require all of its agents and subcontractors (if any) who assist Business Associate in providing its services and/or products to comply with the terms of this Section 6.

7. Miscellaneous.

1. Regulatory References. A reference in this BAA to a section in HIPAA, means the section as in effect or as amended or modified from time to time, including any corresponding provisions of subsequent superseding laws or regulations.

2. Amendment. The Parties agree to take such action as is necessary to amend the Services Agreement from time to time as is necessary for the parties to comply with the requirements of HIPAA.

3. Survival. The respective rights and obligations of Business Associate under Section 5(c) of this BAA shall survive the termination of the Services Agreement or this BAA.

4. Interpretation. Any ambiguity in this Agreement shall be resolved to permit the parties to comply with HIPAA. 

5. Miscellaneous. The terms of this BAA are hereby incorporated into the Services Agreement. The terms of the Services Agreement which are not modified by this BAA shall remain in full force and effect in accordance with the terms thereof.  In the event of a conflict between the terms of this BAA and the terms of the Services Agreement, the terms of this BAA shall prevail. This BAA shall be governed by, and construed in accordance with, the laws of the State of New York, exclusive of conflict of law rules. Each party to this BAA hereby agrees and consents that any legal action or proceeding with respect to this BAA shall only be brought in the courts of the state where the Covered Entity is located in the county where the Covered Entity is located. The Services Agreement together with this BAA constitutes the entire agreement between the parties with respect to the subject matter contained herein, and this BAA supersedes and replaces any former business associate agreement or addendum entered into by the parties. This BAA may be executed in counterparts, each of which when taken together shall constitute one original. Any PDF or facsimile signatures to this BAA shall be deemed original signatures to this BAA. No amendments or modifications to the BAA shall be effected unless executed by both parties in writing. This BAA may be assigned in accordance with the assignment provisions of the Services Agreement.