Privacy Policy and Terms of Use

OnPatient.com Privacy Policy Effective Date: August 10, 2021 DrChrono Inc.(" DrChrono,"" ,"" Jalli," or" ill!.[") recognizes the importance of protecting the privacy of your personal information, and we have prepared this Privacy Policy (this" Privacy Policy") to provide you with important infonnation about the privacy practices applicable to the DrChrono services, the DrChrono telemedicine product and any website, product or service owned and operated by DrChrono, including, without limitation, DrChrono.com, OnPatient.com, and any other website, applications or online service that links to or refers to this Privacy Policy (collectively, the" DrChrono Services"). In addition, individually identifiable information that you provide to us for purposes of obtaining medical care from the providers that have contracted with us (the" Providers") (such information is also referred to as" Protected Health Information" or" PHI") will also be subject to each Provider's Health Insurance Portability and Accountability Act Notice of Privacy Practices (the" HIPAA Notice"), which each Provider may make available to you. The HIPAA Notice describes how the Providers can use and share your PHI and also describes your rights with respect to your PHI. I.Collection oflnformation We may collect the following kinds of information when you use the DrChrono Services: Information you provide directly to us. For certain activities, such as when you register, use our telemedicine services, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information: •Contact information, such as your full name, email address, mobile phone number, and address; •Username and password; •Payment information, such as your credit card number, expiration date, and credit card security code; •Personal health information, including information about your diagnosis, previous treatments, general health, health insurance and information which you have stored in Apple HealthKit (to the extent you choose to synch that data with our services); and •Any other information you provide to us. We may combine such information with information we already have about you. Information we collect automatically. We may collect certain information automatically when you use our DrChrono Services, such as your Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the DrChrono Services, the date and time of your visit, infonnation about the links you click and pages you view within the DrChrono Services, and other standard server log information. We may also collect certain location information when you use our DrChrono Services, such as your computer's IP address, your mobile device's GPS signal, or information about nearby Wifi access points and cell towers. We may use cookies, pixel tags, Local Shared Objects, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer's web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as "web beacons" or "clear GIFs," that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. Local Shared Objects (sometimes referred to as "Flash Cookies") are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. By using the DrChrono Services, you consent to our use of cookies and similar technologies. We may also collect technical data to address and fix technical problems and improve our DrChrono Services, including the memory state of your device when a system or app crash occurs while using our DrChrono Services. Your device or browser settings may permit you to control the collection of this technical data. This data may include parts of a document you were using when a problem occurred, or the contents of your communications. By using the DrChrono Services, you are consenting to the collection of this technical data. Information we obtain from your health care providers and other sources. In connection with your treatment, we may collect medical records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to your illness. This Privacy Policy does not reflect the privacy practices of the Providers and DrChrono is not responsible for the Providers' privacy policies or practices. DrChrono does not review, comment upon, or monitor the Providers' privacy policies or their compliance with their respective privacy policies, nor does DrChrono review the Providers' instructions to determine whether they are in compliance or conflict with the terms ofa Provider's published privacy policy or applicable law. Some of our users, including the Providers, are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the 21st Century Cures Act, the Health Insurance Portability and Accountability Act of 1996 (" HIPAA"), the Health Information Technology for Economic and Clinical Health of 2009 (" HITECH"), and the regulations adopted thereunder. When we store, process or transmit "individually identifiable health information" (as such term is defined by HTPAA) on behalf of the Provider who has entered a Healthcare Provider User Agreement, we do so as its "business associate" (as also defined by HTPAA). Under this agreement, DrChrono is prohibited from using individually identifiable health infonnation in a manner that the Provider itself may not. DrChrono is required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such Providers. DrChrono is subject to laws and regulations governing the use and information of certain personal and health information, including HIPAA, when it operates as a business associate ofa healthcare provider. We may also receive infonnation about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the DrChrono Services to login to the DrChrono Services or to share information about your experience on the DrChrono Services with others, we may collect information from these third-party services. II.Use of Information Targeting Cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Functional Cookies. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the perfonnance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its perfonnance. Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. We generally use the information we collect online to: •Provide and improve the DrChrono Services; •Contact you; •Fulfill your requests for products, services, and information; •Send you information about additional clinical services or general wellness from us or on behalf of our affiliates and trusted third-party partners; •Analyze the use of the DrChrono Services and user data to understand and improve the DrChrono Services; •Customize the content you see when you use the DrChrono Services; •Conduct research using your information, which may be subject to your separate written authorization; •Prevent potentially prohibited or illegal activities and otherwise in accordance with our Terms of Service (which can be found at https://www.onpatient.com/terms/); and •For any other purposes disclosed to you at the time we collect your information or pursuant to your consent. From time to time, we may desire to use the information we collect online for uses not previously listed in this Privacy Policy. If our practices change regarding previously collected personal information in a way that would be materially less restrictive than stated in the version of this Privacy Policy in effect at the time we collected the information, we will make reasonable efforts to provide notice and obtain consent to any such uses as may be required by law. Any request to obtain your consent does not narrow the scope of this Privacy Policy. By using the DrChrono Services, you accept and agree to DrChrono's information handling practices in the manner described in this Privacy Policy and in our Terms of Use. We may use the infonnation collected through the DrChrono Services to investigate potential or suspected threats to the DrChrono Services or to the confidentiality, integrity or availability of the infonnation DrChrono stores and maintains. By using the DrChrono Services you agree to receive texts, phone calls, and/or emails from us at the phone numbers and email addresses you provided to us for informational and customer service-related purposes. Additionally, we may send an email to the email address you provide us in order to verify your account and for infonnational and operational purposes, such as account management, customer service, or system maintenance. We may also send you marketing emails if you request more infonnation about our products and services. Emails are often transactional or relationship messages, such as appointment requests, reminders and cancellations and other notifications. DrChrono may not offer you the option of opting out of receiving some of these messages although DrChrono may allow you to modify how often you receive such messages. If you opt-in to receiving marketing announcements from DrChrono, we will allow you to opt-out of receiving those announcements. Electronic Notices. By using the DrChrono Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the DrChrono Services. If we learn ofa security system's breach, we may attempt to notify you electronically by posting a notice on the DrChrono Services or sending a text or email to you. You may have a legal right to receive this notice in writing. To receive free written notice ofa security breach (or to withdraw your consent from receiving electronic notice), please contact us (http://www.drchrono.com/help/). We may anonymize and aggregate any data collected through the DrChrono Services, and use it for business purposes. For example, we may use such data for evaluating and profiling the perfonnance of the DrChrono Services, including analyzing usage trends and patterns and measuring the effectiveness of content, features, or services. III.Sharing of Information We are committed to maintaining your trust, and we want you to understand when and with whom we may share the infonnation we collect. •Healthcare providers, insurance companies, and other healthcare-related entities. We may share your information with other health care providers, laboratories, government agencies, insurance companies, organ procurement organizations, medical examiners or funeral directors, and other entities relevant to providing you with treatment options and support. •Authorized third-party vendors and service providers. We may share your information with third-party vendors and service providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct-mail, mobile marketing, optimization and retargeting), performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your infonnation for purposes other than those related to the services they are providing to us. •HealthKit. If you ask us to, we will share your synched HealthKit information with your medical provider. We do not use or disclose HealthKit information for any marketing or advertising purposes or sell this information to any third-party. •Research partners. We may share your information with our research partners to conduct health-related research; such sharing may be subject to your separate written authorization. •Corporate affiliates. We may share your information with our corporate affiliates that are subject to this policy. •Business transfers. We may share your infonnation in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy. •Legal purposes. We may disclose information to respond to subpoenas, warrants, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of DrChrono, our affiliates, users, or the public. If we are legally compelled to disclose information about you to a third-party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us. •With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction. If you access third-party services, such as Facebook, Google, or Twitter, through the DrChrono Services to login to the DrChrono Services or to share infonnation about your experience on the DrChrono Services with others, these third-party services may be able to collect infonnation about you, including infonnation about your activity on the Site, and they may notify your connections on the third-party services about your use of the website, in accordance with their own privacy policies. rf you choose to engage in public activities on the website or third-party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing personal infonnation while participating in these areas. We are not responsible for the information you choose to submit in these public areas. IV.Security Please see our Security Policy here (https://www.drchrono.com/ehr-emr/security-policy/). We use reasonable measures to help protect infonnation from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we take steps to ensure security on our systems. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information. IfDrChrono learns ofa security system's breach, DrChrono maintains an incident response policy that includes notifications consistent with applicable law. By using the DrChrono Services or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this website. V.Your Choices You may opt out of receiving general health and wellness or treatment options that may be relevant to you by emailing us at privacy@drchrono.com (mailto:privacy@drchrono.com). You may also request that we delete your personal information by sending us an email at privacy@drchrono.com (mailto:privacy@drchrono.com). You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the "help" section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe's Setting Manager page (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html). If you choose to refuse, disable, or delete these technologies, some of the functionality of the DrChrono Services may no longer be available to you. California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal infonnation to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes. VI.Third-Party Advertising, Links and Content Some of the DrChrono Services may contain links to content maintained by third parties that we do not control. We allow third parties, including business partners, advertising networks, and other advertising service providers, to collect information about your online activities through cookies, pixels, local storage, and other technologies. These third parties may use this information to display advertisements on our DrChrono Services and elsewhere online tailored to your interests, preferences, and characteristics. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by this Privacy Policy. Some third parties collect information about users of our DrChrono Services to provide interest-based advertising on our DrChrono Services and elsewhere, including across browsers and devices. These third parties may use the infonnation they collect on our DrChrono Services to make predictions about your interests in order to provide you ads (from us and other companies) across the internet. Some of these third parties may participate in an industry organization that gives users the opportunity to opt out of receiving ads that are tailored based on your online activities. Due to differences between using apps and websites on mobile devices, you may need to take additional steps to disable targeted ad technologies in mobile apps. Many mobile devices allow you to opt out of targeted advertising for mobile apps using the settings within the mobile app or your mobile device. For more information, please check your mobile settings. You also may uninstall our apps using the standard uninstall process available on your mobile device or app marketplace. To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance (https://youradchoices.com/) or Network Advertising Initiative (https://www.networkadvertising.org/) opt-out programs, please visit their respective websites. You may also be able to opt out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our DrChrono Services may be degraded. Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit "do-not-track" signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals. Third-Party Browser Extensions. Extensions are small software programs, developed by third parties, that can modify and enhance the functionality of your browser. Extensions may have privileges, including the ability to read, record and/or modify your private data, including PHI. These extensions are installed by individual users into the browser on their computers and are utilized at users' own risk. Further, such extensions are not affiliated with DrChrono and DrChrono does not have visibility into which extensions any user may use. DrChrono assumes no risk of loss of data or breach of such data due to your use of browser extensions. Prior to using the DrChrono Services, if you have one (or more) of these extensions enabled in your browsers, DrChrono recommends completely removing all of these extensions immediately as disabling the extensions may not be sufficient to protect your PHI. We recommend that you only access the DrChrono Services from supported browsers that have all plugins and extensions removed. Further, installing any third-party software on your operating system may also subject you to the same risks as using browser extensions. DrChrono has no liability to you due to damages caused by any third-party software, including, without limitations, browser extensions. VII.Intended For Use in United States Only The DrChrono Services are intended to be used only from and within the United States. As such, DrChrono makes no representations and warranties that the DrChrono Services comply with applicable law outside the United States and DrChrono shall not be responsible for your use of the DrChrono Services outside of the United States. DrChrono maintains information in the United States and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction. By using the website and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy. In the event that you use the DrChrono Services outside of the United States, you acknowledge and understand that you are solely responsible for any and all legal consequences for violating applicable laws within your jurisdiction and that you shall have no right of recourse against DrChrono. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. VIII.Children We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our DrChrono Services. Without limiting the above, the OnPatient.com website does allow persons above the age of 18 years-such as Providers, parents and guardians-to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting infonnation on behalf of a child assumes full responsibility over the submission, use and transmission of such information. IX.Changes to the Privacy Policy We may update this Privacy Policy from time to time and the revised version will be effective as of the date it is posted. When we update the Privacy Policy, we will revise the " Effective Date" date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the DrChrono Services to stay infonned of our privacy practices. Your use of our websites, including the continued storage of your information on OnPatient.com or DrChrono.com systems, following any such change constitutes your agreement that all information collected from or about you through the OnPatient.com website will be subject to the terms of the revised Privacy Policy. X.Information Retention DrChrono's collection, use, and disclosure of information are generally governed by service agreements with Providers. Information maintained to provide these services to you is retained only for as long as we have a valid business purpose and in accordance with applicable law. DrChrono may retain archived information for a period of seven years (or longer if required by law) as necessary to comply with legal obligations, resolve disputes and enforce our agreements and other authorized uses under this Privacy Policy. DrChrono indefinitely stores non-personal infonnation, as well as any feedback you provide us. XI.Questions If you have any questions about this Privacy Policy or our practices, please email us at privacy@drchrono.com (mailto:privacy@drchrono.com). FHIR API Documentation (/api_fhir/api-docs/documentation/)Terms of Service (/terms/)Privacy Policy (/privacy/)Support (/help/)© 2022 DrChrono Inc.

OnPatient.com Terms of Service Effective Date: September 23, 2020 These OnPatient.com Terms of Service (these "Terms") govern your use of the products and services within the DrChrono Inc. ("DrChrono," "we," "us," or "our") websites and applications, including, without limitation, DrChrono.com, OnPatient.com, Network.DrChrono.com, and any other website or online service that DrChrono operates and that links to these Terms (collectively, the "DrChrono Services"). Please review these Terms carefully before using the website or the DrChrono Services. We may change these Terms or modify any features of the DrChrono Services at any time. The most current version of these Terms can be viewed by clicking on the ''Terms of Service" link posted at https://onpatient.com/terms/ (https://onpatient.com/terms). We may revise these Terms at any time by posting an updated version to this web page. You should visit this page periodically to review the most current Terms, because you are bound by them. Your continued use of the DrChrono Services after a change to these Terms constitutes your binding acceptance of these Terms. I.Acceptance of These Terms Electronic Agreement. Terms are an electronic contract that sets out the legally binding terms of your use of the DrChrono Services. These Terms may be modified by DrChrono from time to time. If a change to these Terms materially modifies your rights or obligations, we will notify you of the modified Terms by email to the address you provided in your user profile and/or in a notification in the DrChrono Services or on our website. Material modifications will be effective upon your acceptance of such modified Terms or upon your continued use of the DrChrono Services after we send or post our notification of the changes, whichever is earlier. Other modifications are effective upon publication. These Terms incorporate by reference DrChrono's Privacy Policy (/privacy/) and any notices regarding the DrChrono Services or policies posted on the DrChrono Services. Format of these Terms. By accessing the DrChrono Services, you consent to have these Terms provided to you in electronic form. You may request a non-electronic copy of these Terms at any time. To receive a non-electronic copy of these Terms, please send an e-mail to info@DrChrono.com (mailto:info@DrChrono.com) or a letter and self-addressed stamped envelope to: DrChrono Inc., 328 Gibraltar Drive, Sunnyvale, CA 94089. Withdrawing Your Consent. You have the right at any time to withdraw your consent to have these Terms provided to you in electronic form. To withdraw your consent, please send an email to info@DrChrono.com (mailto:info@DrChrono.com) or a letter and self-addressed stamped envelope to: DrChrono Inc., 328 Gibraltar Drive, Sunnyvale, CA 94089. Should you choose to withdraw your consent to have these Terms provided to you in electronic form, we will discontinue your then-current username and password, and you will not have the right to use the DrChrono Services unless, and until, we issue you a new username and password. Your withdrawal of consent will not affect the legal validity or enforceability of these Terms provided to, and electronically signed by, you prior to the effective date of your withdrawal. II.Privacy By using the DrChrono Services, you consent to our processing your information consistent with our Privacy Policy (/privacy/). You authorize DrChrono to use and publish any comments you choose to share about the DrChrono Services, including comments shared in patient satisfaction surveys, unless otherwise specified. DrChrono will only publish comments using your first name. If you choose to share your protected health information over email, telephone or video communications you acknowledge that such email, telephone or video communications may not be encrypted and/or may not be a secure method of communication, and you assume the risk of such unsecured communications. Ill. Important Information about Your Use of the Services DO NOT USE THE DRCHRONO SERVICES FOR EMERGENCY MEDICAL NEEDS. IF YOU EXPERIENCE A MEDICAL EMERGENCY, CALL 9-1-1 IMMEDIATELY. DrChrono does not provide any physicians' or other healthcare providers' (collectively, "Providers") services itself. DrChrono does not give medical advice. All of the Providers are independent of DrChrono and are merely using the DrChrono Services to communicate with you. Any information or advice received from a Provider comes from the Provider, and not from DrChrono. Your interactions with the Providers via the DrChrono Services are not intended to take the place of your relationship(s) with your regular health care practitioner(s). Your relationship with the Providers is directly between you and the Provider. You will never have a physician-patient relationship with DrChrono. DrChrono does not practice medicine or any other licensed profession and offers no medical or other professional services. Neither DrChrono nor any of its licensors or suppliers or any third parties who promote the DrChrono Services or provide you with a link to the DrChrono Services shall be liable for any professional advice you obtain from a Provider via the DrChrono Service nor for any information obtained from our other services. You acknowledge your reliance on any Providers or information provided by the DrChrono Services is solely at your own risk and you assume full responsibility for all risk associated therewith. DrChrono does not make any representations or warranties about the training or skill of any Providers using the DrChrono Services. You are ultimately responsible for choosing your particular Provider on the DrChrono Services. You hereby certify that you are physically located in the state you have entered as your current location on the DrChrono Services. You acknowledge that your ability to access and use the DrChrono Services is conditioned upon the truthfulness of this certification and that the Providers you access through the DrChrono Services are relying upon this certification in order to interact with you. In the event that your certification is inaccurate, you agree to indemnify DrChrono and the Providers you interact with from any resulting damages, costs, or claims. You hereby certify that you are not a Medicare or Medicaid beneficiary. If you provide false or deceptive information regarding your Medicare or Medicaid enrollment status, DrChrono reserves the right to terminate all current or future use of the DrChrono Services by you. The DrChrono Services are for your personal use only and may not be used in connection with any commercial endeavors. Organizations, companies, and/or businesses may not use the DrChrono Services and should not use the DrChrono Services for any purpose. All use of the DrChrono Services may be investigated including, without limitation, to identify illegal or unauthorized use, and appropriate legal action will be taken, including without limitation, civil, criminal, and injunctive action. Your use of the DrChrono Services is with the permission of DrChrono, which may be revoked at any time, for any reason, in DrChrono's sole discretion. IV.Account Enrollment; Communications To access Providers using the DrChrono Services, you must first establish an individual user account ("Account") by providing certain information. You agree that you will not create more than one Account, or create an Account for anyone other than yourself (with the exception of subaccounts established for minor children of whom you are a parent or legal guardian). You agree to provide true, accurate, current, and complete information on the Account enrollment form and to keep this information current and updated as needed. You represent and warrant that you are at least 18 years of age and possess the legal right and ability, on behalf of yourself or a minor child of whom you are a parent or legal guardian, to agree to these Terms. Electronic Notices. By using the DrChrono Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the DrChrono Services. If we learn of a security system's breach, we may attempt to notify you electronically by posting a notice on the DrChrono Services or sending an email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please write to us at info@drchrono.com (mailto:info@drchrono.com). Notification in Case of Breach. You agree to notify us immediately of any breach in secrecy of your log-in information. If you have any reason to believe that your account information has been compromised or that your account has been accessed by a third party, you agree to immediately notify DrChrono support (https://support.drchrono.com/hc/en-us/requests/new). You will be solely responsible for the losses incurred by DrChrono and others due to any unauthorized use of your account that takes place prior to notifying DrChrono that your account has been compromised. V.Prohibited Conduct You may not access or use, or attempt to access or use, the DrChrono Services to take any action that could harm us or any third party, interfere with the operation of the DrChrono Services, or use the DrChrono Services in a manner that violates any laws. For example, and without limitation, you may not: •transmit any message or information under a false name or otherwise misrepresent your affiliation or the origin of materials you transmit; •provide information on the enrollment form that is untrue, inaccurate, not current, or incomplete; •transmit any message or information that is unlawful, libelous, defamatory, obscene, fraudulent, predatory of minors, harassing, threatening, or hateful; •transmit any message or information that infringes or violates the intellectual property, privacy, or publicity rights of others; •reproduce, retransmit, distribute, disseminate, sell, publish, broadcast, or circulate content received through the DrChrono Services to anyone without prior express permission; •engage in unauthorized spidering, "scraping," or harvesting of content or personal information, or use any other unauthorized automated means to compile information; •take any action that imposes an unreasonable or disproportionately large load on our network or infrastructure; •use any device, software, or routine to interfere or attempt to interfere with the proper working of the DrChrono Services or any activity conducted on the DrChrono Services or attempt to probe, scan, test the vulnerability of, or breach the security of any system or network; •attempt to modify, translate, decipher, decompile, disassemble, reverse-engineer, or create derivative works of any of the software comprising or in any way making up a part of the DrChrono Services; or •engage in any other conduct that restricts or inhibits any person from using or enjoying the DrChrono SeNices, or that, in our sole judgment, exposes us or any of our users, affiliates, or any other third party to any liability, damages, or detriment of any type. Violations of system or network security may result in civil or criminal liability. We may investigate and work with law enforcement authorities to prosecute users who violate these Terms. We may suspend or terminate your access to the DrChrono SeNices for any or no reason at any time without notice. VI.Payment Authorization By providing a credit card or other payment method accepted by DrChrono ("Payment Method"), you are expressly agreeing that we are authorized to charge to the Payment Method any fees for your use of the DrChrono SeNices, together with any applicable taxes. Please note that DrChrono may not receive complete information from your health insurance plan, if applicable, regarding the applicable co-pay due from you for your consultation. As such, you may be billed more than once with respect to a consultation to account for additional co-pay amounts due, if any. You agree that authorizations to charge your Payment Method remain in effect until you cancel it in writing, and you agree to notify DrChrono of any changes to your Payment Method. You certify that you are an authorized user of the Payment Method and will not dispute charges for the DrChrono SeNices that correspond to consultation fees or the co-payment required by your health plan. You acknowledge that the origination of ACH transactions to your account must comply with applicable provisions of U.S. law. In the case of an ACH transaction rejected for insufficient funds, DrChrono may at its discretion attempt to process the charge again at any time within thirty (30) days. You acknowledge and agree that fees for consultations may increase at any time. VII.Intellectual Property Rights DrChrono Intellectual Property. DrChrono and/or its licensors are the owner of all right, title, and interest in and to the DrChrono SeNices, including all rights to the information, content, design, software code, scripts, database structures, trademarks, copyrights, and other intellectual property included in or utilized by the DrChrono SeNices, and any updates thereto (the "DrChrono IP"). DrChrono IP does not include any Content (defined below). DrChrono IP is protected by applicable intellectual property and other laws, including laws governing patents, copyrights, trade secrets, trademarks, and unfair competition. License to You. Subject to your ongoing compliance with these Terms, DrChrono grants you a limited, non-exclusive, non-transferable, non­ sublicensable, revocable license to access and use the SeNice solely for your personal, non-commercial use for lawful purposes. Reservation of Rights Not Expressly Granted. DrChrono reseNes all rights not expressly granted to you in these Terms. Except for the limited rights and licenses expressly granted under these Terms, nothing in these Terms grants, by implication, waiver, estoppel, or otherwise, to you or any third party any intellectual property rights or other right, title, or interest in or to the DrChrono intellectual property. Open Source. The DrChrono SeNices may include or incorporate third-party software components that are generally available free of charge under licenses granting recipients broad rights to copy, modify, and distribute such components ("Open Source Components"). Although the DrChrono SeNices are provided to you subject to these Terms, nothing in these Terms will be deemed to prevent, restrict, or otherwise prevent or restrict you from obtaining such Open Source Components under the applicable third-party licenses or to limit your use of such Open Source Components thereunder. Content. Certain features of the DrChrono Services may permit you or other users (including Providers) to upload content to the DrChrono Services, including messages, reviews, images, data, text, and other types of information ("Content") and to publish Content on the DrChrono Services. You retain any copyrights, moral rights, and any other proprietary rights that you may hold in the Content that you post to the DrChrono Services. Limited License Grant to DrChrono. By posting or publishing Content, you grant DrChrono a worldwide, non-exclusive, royalty-free, fully paid, unrestricted right and license (with the right to sublicense) to use, host, store, transfer, display, perform, reproduce, modify, and distribute your Content, in whole or in part, in accordance with our Privacy Policy, in any media formats and through any media channels now known or hereafter developed. Limited License Grant to Other Users. By posting or sharing Content with other users of the DrChrono Services (including Providers), you grant those users a non-exclusive license to access and use that Content as permitted by these Terms and the functionality of the DrChrono Services. Content Representations and Warranties. You are solely responsible for your Content and the consequences of posting or publishing Content. By posting or publishing Content, you affirm, represent, and warrant that: •you are the creator and owner of the Content, or have the necessary licenses, rights, consents, and permissions to authorize DrChrono and users of the DrChrono Services (including Providers) to use and distribute your Content as necessary to exercise the licenses granted by you in this section, in the manner contemplated by the DrChrono Services, DrChrono, and these Terms; and •your Content, and the use of the DrChrono Services as contemplated by these Terms, does not and will not: (x) infringe, violate, or misappropriate any third-party right, including any copyright, trademark, patent, trade secret, moral right, privacy right, right of publicity, or any other intellectual property or proprietary right; (y) slander, defame, libel, or invade the right of privacy, publicity or other property rights of any other person; or (z) cause DrChrono to violate any law or regulation, including laws related to the privacy of personal or health information. Content Disclaimer. DrChrono is under no obligation to monitor, edit, or control Content that you or other users (including Providers) post or publish, and will not be in any way responsible or liable for Content or any failure to review or act upon Content. DrChrono may, however, at any time and without prior notice, screen, remove, edit, or block any Content that in our sole judgment violates these Terms or is otherwise objectionable. To the fullest extent allowed under applicable law, you agree to waive, and do waive, any legal or equitable right or remedy you have or may have against DrChrono with respect to Content. We expressly disclaim any and all liability in connection with Content, to the fullest extent allowed under applicable law. If notified by a user or content owner that Content allegedly does not conform to these Terms, we may investigate the allegation and determine in our sole discretion whether to remove the Content, which we reserve the right to do at any time and without notice. You hereby consent to DrChrono's engagement of third parties (including DrChrono's affiliates and subsidiaries) to perform, provide, or support the performance or provision of, all or any portion of the DrChrono Services and they may receive access to your Content. You may not post, distribute, or reproduce in any way any copyrighted material, trademarks, or other proprietary information without obtaining the prior written consent of the owner of such proprietary rights. The trade names, trademarks, service marks, logos, and slogans contained in the DrChrono Services are the trade names, trademarks, service marks, logos and slogans of DrChrono (each a "Mark" and collectively the "Marks"). You are not authorized to use any Mark in any advertisement, publicity or in any other commercial manner without our prior written consent. The trade names, trademarks, service marks, logos and slogans contained in the DrChrono Services that are not our Marks are the trade names, trademarks, service marks, logos and slogans of their respective owners. Feedback. You may be asked to provide input, suggestions, and feedback on the DrChrono Services and your DrChrono experience ("Feedback"). This Feedback is always optional and your choice. If you choose to provide Feedback, then you hereby grant DrChrono an unrestricted, perpetual, irrevocable, non-exclusive, fully-paid, royalty-free right to exploit such Feedback in any manner and for any purpose, including to improve the DrChrono Services and create other products and services. The Feedback may be hosted and stored at a third party website. You agree to not provide any personally identifiable information when providing Feedback. Links. The DrChrono Services or third parties may provide links to web sites operated by third parties. These links are provided solely for convenience and reference purposes only. The inclusion of any such link does not imply that we endorse the content of any web site to which the DrChrono Services provides a link, nor are we liable for your reliance on or use of any information or materials contained in them. Patient-Collected Data. For the avoidance of doubt, each of DrChrono, Providers, as well as each patient/end-user of a Provider (a "Patient") and DrChrono Inc. (the entity) shall have rights to use the Patient-Collected Data. As used herein, the "Patient-Collected Data" shall mean the PHI that is collected in connection with your use and a Provider's of the DrChrono Services. In the event that Patient requests its Patient-Collected Data from DrChrono, DrChrono shall use its reasonable efforts to provide the Patient-Collected Data to a Patient. As used herein, "PHI" shall mean individually identifiable health information, as that term is defined in 45 C.F.R. § 160.103. Physician-Created Data. Further, nothing herein these Terms shall prohibit DrChrono from using the aggregated, non-personally identifiable data created, compiled, analyzed or otherwise collected by the Patient or Provider in its use of the DrChrono Services (the "Physician Data"). Additionally, DrChrono shall have the right to either provide or not provide the Physician Data to any third parties. Automatically Collected Data. We may collect certain information automatically when you use the DrChrono Services, such as your Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the DrChrono Services, the date and time of your visit, information about the links you click and pages you view within the DrChrono Services, and other standard server log information. We may also collect certain location information when you use our DrChrono Services, such as your computer's IP address, your mobile device's GPS signal, or information about nearby WiFi access points and cell towers. We may use cookies, pixel tags, Local Shared Objects, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer's web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as "web beacons", "tracking pixels" or "clear GIFs," that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. Local Shared Objects (sometimes referred to as "Flash Cookies") are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. By using the DrChrono Services, you consent to our use of cookies and similar technologies. We may also collect technical data to address and fix technical problems and improve our DrChrono Services, including the memory state of your device when a system or app crash occurs while using the DrChrono Services. Your device or browser settings may permit you to control the collection of this technical data. This data may include parts of a document you were using when a problem occurred, or the contents of your communications. By using the DrChrono Services, you are consenting to the collection of this technical data. Copyright Policy. Let us know if you think a user has violated your copyright using the DrChrono Service, or if you think someone incorrectly reported that you violated his or her copyright. The Digital Millennium Copyright Act of 1998 (the "DMCA") provides recourse for copyright owners who believe that material appearing on the Internet infringes their rights under U.S. copyright law. If you believe in good faith that materials posted on the DrChrono Services infringe your copyright, you (or your agent) may send DrChrono a "Notification of Claimed Infringement" requesting that the material be removed, or access to it blocked. The notice must include the following information: 1.A physical or electronic signature of a person authorized to act on behalf of the owner of the works that have been allegedly infringed; 2.Identification of the copyrighted work alleged to have been infringed (or if multiple copyrighted works located on the DrChrono Services are covered by a single notification, a representative list of such works); 3.Identification of the specific material alleged to be infringing or the subject of infringing activity, and information reasonably sufficient to allow DrChrono to locate the material on the DrChrono Services; 4.Your name, address, telephone number, and email address (if available); 5.A statement that you have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and 6.A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed. If you believe in good faith that a notice of copyright infringement has been wrongly filed against you, the DMCA permits you to send DrChrono a counter­ notice. Notices and counter-notices must meet the then-current statutory requirements imposed by the DMCA; see http://www.loc.gov/copyrighU (http://www.loc.gov/copyrighU) for details. Notices and counter-notices with respect to the DrChrono Services should be sent to info@drchrono.com (mailto:info@drchrono.com). Consult your legal advisor and see 17 U.S.C. Section 512 before filing a notice or counter-notice as there are penalties for false claims under the DMCA. VIII.DrChrono's Health-Related Information Practices; Confidential Information DrChrono voluntarily complies with the requirements of the "Privacy Rule" and "Security Rule" as defined by Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"). We also comply with the 21st Century Cures Act. We may use and disclose health-related information to provide our services. We may use de-identified health-related information as permitted by law. Use and Disclosure. We may use and process the health-related information posted to the DrChrono Services for the proper management, provision, and administration of the DrChrono Services and our business, and as required by law. We may also disclose health-related information if required by law or we obtain reasonable assurances from the recipient that such information will be held confidentially and used or further disclosed only as required by law or for the purpose for which we disclosed it. You agree that DrChrono may use and share de- identified health-related information to the fullest extent permitted by law. Data Transfers at Your Request. We do not transfer health-related information to third parties, other than our vendors, suppliers and as required to process patient billing. We may transfer health-related information to such third parties, including health plans, health-care clearinghouse, and others. You authorize us to make such transfers upon the request of you or the users who are acting under your account. You acknowledge that when you consent to transferring the information to third parties, we have no control over how those third parties will use and disclose the information. We will use appropriate administrative, physical, and technical safeguards to prevent use or disclosure of health-related information other than as provided for by these Terms. Appropriate Safeguards. We will use appropriate safeguards to prevent the use or disclosure of health-related information other than as provided for by these Terms, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the information. Security Incident. We will report to you any discovered use or disclosure of health- related information not provided for by these Terms, or when we determine that unauthorized access to health-related information has occurred. Our Agents. We will ensure that any of our agents, suppliers, and vendors to whom we provide health-related information for purposes of assisting us in providing the DrChrono Services, agrees to the same restrictions and conditions that apply to us with respect to such information, including the obligation to implement reasonable and appropriate safeguards. Access, Amendment, and Accountings. We will facilitate your requirements under the Privacy Rule to give patients access and the ability to amend health-related information you posted to the DrChrono Services. We may also facilitate an accounting of disclosures as required by the Privacy Rule. Department of Health and Human Services ("HHS") Audits. We will give HHS access to our internal practices, books, and records related to the use and disclosure of health- related information for the purposes of determining your compliance with the Privacy Rule. The DrChrono Services retains the information you post to it for compliance and regulatory purposes and will cooperate with you regarding requests to delete information. We will provide you copies of health-related information in electronic form upon your request, if you decide to terminate your use of the DrChrono Services. Security Rule. We will comply with the provisions of the HIPAA Security Rule that are made applicable to business associates. We will notify you of the discovery of any breach of health-related information that we store and we will cooperate reasonably with you to investigate and mitigate any such breach. We will provide you with the necessary information to make any legally required notification to individuals. "Confidential Information" means all confidential information disclosed by a party ("Disclosing Party") to the other party ("Receiving Party"), whether orally or in writing, that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Your Confidential Information shall include the data you post to the DrChrono Services, not including health-related information; DrChrono Confidential Information shall include the DrChrono Services, Feedback, and information relating to the performance, reliability, or stability of the DrChrono Services, operation of the DrChrono Services, know-how, techniques, processes, ideas, algorithms, and software design and architecture; and Confidential Information of each party shall include business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However, Confidential Information shall not include any information that (i) is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party, (ii) was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party, (iii) is received from a third party without breach of any obligation owed to the Disclosing Party, or (iv) was independently developed by the Receiving Party. Protection of Confidential Information. The Receiving Party shall (i) use the same degree of care that it uses to protect the confidentiality of its own confidential information of like kind (but in no event less than reasonable care), (ii) not use any Confidential Information of the Disclosing Party for any purpose outside the scope of these Terms, and (iii) except as otherwise authorized by the Disclosing Party in writing, limit access to Confidential Information of the Disclosing Party to those of its and its affiliates' employees, contractors and agents who need such access for purposes consistent with this Agreement and who have signed confidentiality agreements with the Receiving Party containing protections no less stringent than those herein. Compelled Disclosure. The Receiving Party may disclose Confidential Information of the Disclosing Party if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. If the Receiving Party is compelled by law to disclose the Disclosing Party's Confidential Information as part of a civil proceeding to which the Disclosing Party is a party, and the Disclosing Party is not contesting the disclosure, the Disclosing Party will reimburse the Receiving Party for its reasonable cost of compiling and providing secure access to such Confidential Information. IX.Account Security You are solely responsible for maintaining the confidentiality of the username and password that you designate during the registration process, and you are solely and fully responsible for all activities that occur under your username and password. You agree to (a) immediately notify DrChrono of any loss or unauthorized use of your username or password or any other breach of security related to your account, and (b) ensure that you exit from your account at the end of each session. DrChrono will not be liable for any loss or damage arising from your failure to comply with this provision. You should use particular caution when accessing your account from a public or shared computer so that others are not able to view or record your password or other personal information. If you share your computer with others, you may wish to consider disabling any auto-sign in feature if you have linked your DrChrono account to any electronic mail service or other account. X.Website and Third-Party Content Other than information received directly by you from Providers, the content on the DrChrono Services should not be considered medical advice. You should always talk to an appropriately qualified health care professional for diagnosis and treatment, including information regarding which medications or treatment may be appropriate for you. NONE OF THE CONTENT ON THE DRCHRONO SERVICES REPRESENTS OR WARRANTS THAT ANY PARTICULAR MEDICATION OR TREATMENT IS SAFE, APPROPRIATE, OR EFFECTIVE FOR YOU. DrChrono does not recommend or endorse any specific tests, providers, medications, products, or procedures. The DrChrono Services may provide links to third-party content. You acknowledge and agree that we are not responsible for the availability of such third­ party content, and we do not control, endorse, sponsor, recommend, or otherwise accept responsibility for such content. Use of any linked third-party content is at the user's own risk. Third-Party Browser Extensions. Extensions are small software programs, developed by third parties, that can modify and enhance the functionality of your browser. Extensions may have privileges, including the ability to read, record and/or modify your private data, including PHI. These extensions are installed by individual users into the browser on their computers and are utilized at users' own risk. Further, such extensions are not affiliated with DrChrono and DrChrono does not have visibility into which extensions any user may use. DrChrono assumes no risk of loss of data or breach of such data due to your use of browser extensions. Prior to using the DrChrono Services, if you have one (or more) of these extensions enabled in your browsers, DrChrono recommends completely removing all of these extensions immediately as disabling the extensions may not be sufficient to protect your PHI. We recommend that you only access the DrChrono Services from supported browsers that have all plugins and extensions removed. Further, installing any third-party software on your operating system may also subject you to the same risks as using browser extensions. DrChrono has no liability to you due to damages caused by any third-party software, including, without limitations, browser extensions. XI.Consent to Services The DrChrono Services respects and upholds patient confidentiality with respect to protected health information as outlined by the Health Insurance Portability and Accountability Act ("HIPAA"), and, subject to HIPAA regulations, will obtain express patient consent prior to sharing any patient-identifiable information to a third-party for purposes other than treatment, payment or health care operations, or improving the DrChrono Services. In addition, by checking the "I AGREE" button you are authorizing Providers to release your contact information to DrChrono solely in order for DrChrono to provide you with information about additional clinical services or general wellness. You may opt out of receiving such information by contacting us at privacy@drchrono.com (mailto:privacy@drchrono.com). Finally, when using the DrChrono Services you may be asked if you would like to share certain PHI collected by Apple's HealthKit with DrChrono or DrChrono's OnPatient product. By clicking on "SYNC" you are authorizing DrChrono to collect and Provider to utilize such PHI. XII.Consent for Treatment Performed We are providing this information on behalf of Providers: Telemedicine involves the use of communications to enable healthcare providers at sites remote from patients to provide consultative services. Providers may include primary care practitioners, specialists, and/or subspecialists. The information may be used for diagnosis, therapy, follow-up and/or education, and may include live two-way audio and video and other materials (e.g., medical records, data from medical devices). The communications systems used will incorporate reasonable security protocols to protect the confidentiality of patient information and will include reasonable measures to safeguard the data and to ensure its integrity against intentional or unintentional corruption. At the end of each encounter, the patient will be provided an encounter summary, which may be kept for the patient's records and may be shared with the patient's local primary care or other provider, as appropriate.. Anticipated Benefits of Telemedicine: •Improved access to medical care by enabling a patient to remain at his or her home or office while consulting a clinician. •More efficient medical evaluation and management. Possible Risks of Telemedicine: As with any medical procedure, there are potential risks associated with the use of telemedicine. Provider believes that the likelihood of these risks materializing is very low. These risks may include, without limitation, the following: •Delays in medical evaluation and consultation or treatment may occur due to deficiencies or failures of the equipment. •Security protocols could fail, causing a breach of privacy of personal medical information. •Lack of access to complete medical records may result in adverse drug interactions or allergic reactions or other negative outcomes. By accepting these Terms, you acknowledge that you understand and agree with the following: 1.I understand that the laws that protect privacy and the confidentiality of medical information also apply to telemedicine; I have received the HIPM notice from the Provider which explains these issues in greater detail. 2.I understand that telemedicine may involve electronic communication of my personal medical information to medical practitioners who may be located in other areas, including out of state. 3.I understand that I may expect the anticipated benefits from the use of telemedicine in my care, but that no results can be guaranteed or assured. 4.I understand that my healthcare information may be shared with others (including health care providers and health insurers) for treatment, payment, and healthcare operations purposes. Psychotherapy notes are maintained by clinicians but are not shared with others, while billing codes and encounter summaries are shared with others and with me. If I obtain psychotherapy from Provider, I understand that my therapist has the right to limit the information provided to me if in my therapist's professional judgment sharing the information with me would be harmful to me. 5.I further understand that my healthcare information may be shared in the following circumstances: a.When a valid court order is issued for medical records. b.Reporting suspected abuse, neglect, or domestic violence. c.Preventing or reducing a serious threat to anyone's health or safety. Patient Consent to the Use of Telemedicine I have read and understand the information provided above, and understand the risks and benefits of telemedicine, and by accepting these Terms, I hereby give my informed consent to participate in a telemedicine visit under the terms described herein. XIII.Consent to Communications and Monitoring/Recording of Voice Calls and Text Messages Made Through the Service By providing DrChrono with your contact information and using the DrChrono Services, you agree to receive communications, including via e-mail and phone calls (including text messages and calls made using an autodialer or prerecorded voice message), or by posting notice on the DrChrono Services, from or on behalf of DrChrono or the Provider at the email address or telephone number you provided even if that number is on a National or State Do Not Call List, or via the DrChrono Services. These calls and messages may be for informational and customer service-related purposes, such as to provide you with the information or consultation you requested. Standard text messaging and telephone minute charges applied by your cell phone carrier will apply. DrChrono and its service providers on its behalf may, without further notice or warning and in our discretion, monitor and/or record video and voice calls and text message-based communications for our business purposes, such as quality assurance and training purposes and to protect our rights and the rights of others, and you hereby consent to such monitoring and recording. You may opt-out of receiving text (SMS) messages from DrChrono at any time by texting the word STOP to from the mobile device receiving the messages. You understand and agree that you may continue to receive communications while DrChrono processes your opt-out request, and you may also receive a communication confirming the receipt of your opt-out request. You acknowledge that opting out of receiving text (SMS) messages may impact your use of the DrChrono Services. XIV.Disclaimer of Warranties; Limitation of Liability YOUR USE OF THE DRCHRONO SERVICES IS AT YOUR OWN RISK. THE DRCHRONO SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR OTHER VIOLATION OF RIGHTS. WE DO NOT WARRANT THE ADEQUACY, CURRENCY, ACCURACY, LIKELY RESULTS, OR COMPLETENESS OF THE DRCHRONO SERVICES OR ANY THIRD-PARTY SITES LINKED TO OR FROM THE DRCHRONO SERVICES, OR THAT THE FUNCTIONS PROVIDED WILL BE UNINTERRUPTED, VIRUS-FREE, OR ERROR-FREE. WE EXPRESSLY DISCLAIM ANY LIABILITY FOR ANY ERRORS OR OMISSIONS IN THE CONTENT INCLUDED IN THE DRCHRONO SERVICES OR ANY THIRD-PARTY SITES LINKED TO OR FROM THE DRCHRONO SERVICES. SOME JURISDICTIONS MAY NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SOME OF THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. IN NO EVENT WILL WE, OR OUR PARENTS, SUBSIDIARIES, AFFILIATES, LICENSORS, SUPPLIERS AND THEIR DIRECTORS, OFFICERS, AFFILIATES, SUBCONTRACTORS, EMPLOYEES, AGENTS, AND ASSIGNS (THE "RELEASED PARTIES") BE LIABLE FOR ANY DIRECT OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, LOST PROFITS, OR OTHER DAMAGES WHATSOEVER ARISING IN CONNECTION WITH THE USE OF THE DRCHRONO SERVICES, ANY INTERRUPTION IN AVAILABILITY OF THE DRCHRONO SERVICES, DELAY IN OPERATION OR TRANSMISSION, COMPUTER VIRUS, LOSS OF DATA, OR USE, MISUSE, RELIANCE, REVIEW, MANIPULATION, OR OTHER UTILIZATION IN ANY MANNER WHATSOEVER OF THE DRCHRONO SERVICES OR THE DATA COLLECTED THROUGH THE DRCHRONO SERVICES, EVEN IF ONE OR MORE OF THEM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSS. BECAUSE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, DRCHRONO'S LIABILITY IN SUCH JURISDICTIONS SHALL BE LIMITED TO THE MAXIMUM EXTENT PERMITTED BY LAW. EACH PROVISION OF THESE TERMS THAT PROVIDES FOR A LIMITATION OF LIABILITY, DISCLAIMER OF WARRANTIES, OR EXCLUSION OF DAMAGES IS INTENDED TO AND DOES ALLOCATE THE RISKS BETWEEN THE PARTIES UNDER THESE TERMS. THIS ALLOCATION IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES. EACH OF THESE PROVISIONS IS SEVERABLE AND INDEPENDENT OF ALL OTHER PROVISIONS OF THESE TERMS. THE LIMITATIONS IN THIS SECTION WILL APPLY EVEN IF ANY LIMITED REMEDY FAILS OF ITS ESSENTIAL PURPOSE. You agree that your sole remedy for any claim arising out of or connected with the DrChrono Services will be to cease using the DrChrono Services. You acknowledge and agree that DrChrono is not engaged in the practice of medicine and that DrChrono is not determining appropriate medical use of the services. DrChrono, its licensors, suppliers, and all third parties who promote the services or provide you with a link to the services expressly disclaim any and all liability resulting from the delivery of healthcare via the service, including but not limited to liability for medical malpractice. XV.Indemnification You agree to indemnify, defend and hold the Released Parties harmless from and against any and all loss, costs, expenses (including reasonable attorneys' fees and expenses), claims, damages and liabilities related to or associated with: (i) your use of or reliance on any third-party content; (ii) your use of or reliance on any DrChrono IP, the Content, or the use of the DrChrono Services; (iii) any activity on the DrChrono Services under your log-in credentials; (iv) your breach of these Terms; or (v) any alleged violation by you of these Terms. We reserve the right to assume the exclusive defense of any claim for which the Released Parties are entitled to indemnification under this section. In such event, you shall provide us with such cooperation as we reasonably request. XVI.Termination of Your Access to the Service You may terminate your use of the DrChrono Services at any time by not using the DrChrono Services anymore. If you wish to terminate your account, you can do so by contacting DrChrono via email at info@DrChrono.com (mailto:info@DrChrono.com). If you terminate your account, your account may remain active until the end of your then-current month. DrChrono may in its sole discretion terminate your account on the DrChrono Services or suspend or terminate your access to the DrChrono Services at any time for any reason or no reason by sending notice to you at the email address you provided or otherwise contacting you or posting a notice on the DrChrono Services (unless DrChrono terminates your access due to your breach of these Terms). If you violate any provision of these Terms, your permission from DrChrono to use the DrChrono Services will terminate automatically. If we terminate your use of the DrChrono Services because you have breached these Terms or any other agreement you have entered into with us, you will not be entitled to any refund of any fees you may have paid to us. We are not required to provide you with notice prior to terminating your use of the DrChrono Services or a reason for such termination. Upon the termination of your account, any aspect of the DrChrono Services, or this agreement for any reason, DrChrono may at its option delete any data and/or Content you submitted through the DrChrono Services. We reserve the right to refuse to provide the DrChrono Services to you in the future. XVII.Force Majeure To the fullest extent permitted under applicable law, DrChrono will be excused from performance under these Terms for any period that it is prevented from or delayed in performing any obligations pursuant to these Terms, in whole or in part, as a result of a Force Majeure Event. For purposes of this section, "Force Majeure Event" means an event or series of events caused by or resulting from any of the following: (a) weather conditions or other elements of nature or acts of God, including pandemics or epidemics; (b) acts of war, acts of terrorism, insurrection, riots, civil disorders or rebellion; (c) quarantines or embargoes, (d) labor strikes; (e) telecommunications, network, computer, server or Internet disruption or downtime; (f) unauthorized access to DrChrono's information technology systems by third parties; or (g) other causes beyond the reasonable control of DrChrono. XVIII.Choice of Law and Forum The DrChrono Services are intended for use by residents of the United States and its territories. We do not intentionally provide access to the DrChrono Services to individuals located outside the United States and its territories. You agree that your access to and use of the DrChrono Services will be governed by and will be construed in accordance with the laws of the State of California without regard to principles of conflicts of laws. You and DrChrono agree to submit to the personal and exclusive arbitration of any disputes relating to your use of the DrChrono Services under the rules of the American Arbitration Association. Any such arbitration, to the extent necessary, shall be conducted in Santa Clara county in the state of California. You covenant not to sue DrChrono in any other forum. You also acknowledge and understand that, with respect to any dispute with the Released Parties arising out of or relating to your use of the Service or this Agreement: •YOU ARE GIVING UP YOUR RIGHT TO HAVE A TRIAL BY JURY; •YOU ARE GIVING UP YOUR RIGHT TO SERVE AS A REPRESENTATIVE, AS A PRIVATE ATTORNEY GENERAL, OR IN ANY OTHER REPRESENTATIVE CAPACITY, OR TO PARTICIPATE AS A MEMBER OF A CLASS OF CLAIMANTS, IN ANY LAWSUIT INVOLVING ANY SUCH DISPUTE; AND •YOU MUST FILE ANY CLAIM WITHIN ONE (1) YEAR AFTER SUCH CLAIM AROSE OR IT IS FOREVER BARRED. XIX.Miscellaneous These Terms, together with the DrChrono Privacy Policy (/privacy/), constitute the entire agreement between you and us, superseding any prior or contemporaneous communications and proposals (whether oral, written or electronic) between you and us. You may not assign or transfer these Terms or your rights under these Terms, in whole or in part, by operation of law or otherwise, without our prior written consent. We may assign these Terms at any time without notice or consent. In the event any provision of these Terms is held unenforceable, it will not affect the validity or enforceability of the remaining provisions and will be replaced by an enforceable provision that comes closest to the intention underlying the unenforceable provision. You agree that no joint venture, partnership, employment, or agency relationship exists between you and us as a result of these Terms or your access to and use of the DrChrono Services. Our failure to enforce any provisions of these Terms or respond to a violation by any party does not waive our right to subsequently enforce any terms or conditions of these Terms or respond to any violations. Nothing contained in these Terms is in derogation of our right to comply with governmental, court, and law enforcement requests or requirements relating to your use of the DrChrono Services or information provided to or gathered by us with respect to such use. You agree that, except as otherwise expressly provided in these Terms, there shall be no third-party beneficiaries to these Terms. You certify that you have read, accept, and hereby consent to the terms of these Terms, and your acceptance of these terms constitutes your electronic signature to these Terms. You agree that you may be sent electronic notices to the email address provided during your registration for the DrChrono Services. Any notice sent to that email address will be effective once delivered, regardless of whether or not you actually received the notice or choose to read it. These Terms constitutes the sole agreement between you and DrChrono for your use of the DrChrono Services, and any further statements or inducements, oral or written, not contained in these Terms shall not bind either you or DrChrono. Any of the terms of these Terms which are invalid or unenforceable shall be ineffective to the extent of such invalidity or unenforceability, without rendering invalid or unenforceable any of the remaining terms of these Terms. You agree to comply with these Terms, on behalf of yourself and on behalf of any other person on whose behalf you may be seeking medical care. You understand and agree that if you fail to comply with these Terms, you may be prohibited from using the DrChrono Services, and you will hold DrChrono harmless from any liability arising from your failure to comply. LEGAL NOTICES CURRENT PROCEDURAL TERMINOLOGY ("CPT") CPT Copyright© 2020 American Medical Association. All rights reserved. Fee schedules, relative value units, conversion factors and/or related components are not assigned by the AMA, are not part of CPT, and the AMA is not recommending their use. The AMA does not directly or indirectly practice medicine or dispense medical services. The AMA assumes no liability for data contained or not contained herein. Applicable FARs/DFARs restrictions apply to government use. CPT is a registered trademark of the American Medical Association. If you see a provider while you are located in California, please be advised that medical doctors are licensed and regulated by the Medical Board of California (800-633-2322; www.mbc.ca.gov (http://www.mbc.ca.gov/)). FHIR API Documentation (/api_fhir/api-docs/documentation/)Terms of Service (/terms/)Privacy Policy (/privacy/)Support (/help/)© 2022 DrChrono Inc.

Jotform Privacy Policy This privacy policy explains how Jotform handles your personal information and data, and applies to all of the products, services and websites offered by Jotform Inc., Jotform Ltd, Jotform Pty Ltd and their affiliates (collectively, "Jotform"), except where otherwise noted. Jotform products, services and websites are collectively referred to as the "services" in this policy. Unless otherwise noted, all services are provided by Jotform Inc., which is based in the United States. In this policy, "you" refers to those who use and/or interact with any or all of our products, services, and websites, and "we", "us", and "our" refer to JotForm. "Customer"(s) refers specifically to those who use Jotform services. "Form Responders" refers to those who fill in and/or submit forms used by our Customers. INFORMATION WE COLLECT From Our Customers •Registration information. When you register for an account with us so you can create and/or use forms, we collect your username, password and email address. •Billing information. If you make a payment to Jotform Inc., we require that you provide your billing details, including name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder. Our integrations with third party payment gateways are for processing only. We don't store or log any sensitive cardholder data provided by you or your form users. We follow industry-standard best practices to protect the security of cardholder data during processing and transmission. Jotform Inc. is certified as a PCI DSS Level 1 Compliant Service Provider, and we perform annual audits to ensure that our handling of your credit card information aligns with industry guidelines. Read more here (https://www.jotform.com/blog/314-JotForm-is-N ow-PCI-DSS-Service-Provider-Level-I-Compliant). •Account settings. Our customers can set various preferences and personal details on pages, such as your account settings page (https://www.jotform.com/myaccount/). For example, your default language, timezone and communication preferences (e.g. opting in or out of receiving marketing emails from us). •Form data. We store our customers' form data (questions and responses), in some cases using third party server providers such as Amazon Web Services and Google Cloud. •Data you use to create forms is owned by you. Jotform Inc. treats your forms as private, unless you make them available to members of the public. We don't sell or make forms you've created available to anyone, nor do we use the form responses you collect, for purposes unrelated to you or our services, except in a limited set of circumstances (e.g. Jotform Inc. is compelled by a subpoena or court order, or if you've given us permission to do so). •Jotform safeguards responders' email addresses. To make it easier for you to invite people to complete your forms via email, you may upload lists of email addresses, in which case we act as a mere custodian of that data. We don't sell these email addresses or make them available to others except as directed by you and in accordance with this policy. The same is true for any email addresses collected through your forms. •Jotform Inc. holds your data securely. Read our Security Statement (https://www.jotform.com/security/) for more information. •Form data is stored on servers located in the United States. More information is available if you are located in Europe. Jotform Inc. will process your form data on your behalf and under your instructions and pursuant to this privacy policy. From Visitors to Our Websites •Usage data. We collect usage data when you interact with our services. This may include which web pages you visit, what you click on, when you performed those actions, and so on. Additionally, like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps. •Device data. We collect data from the device and application you use to access our services, such as your IP address, operating system version, device type, system and performance information, and browser type. We may also infer your geographic location based on your IP address. •Referral data. If you arrive at a Jotform website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us. •Information from third parties. We may collect your personal information or data from third parties, if you have given permission to those third parties to share your information. •Information from page tags. We use third party tracking services that employ cookies and page tags (also known as web beacons (https://en.wikipedia.org/wiki/Web bug)) to collect aggregated and anonymized data about visitors to our websites. This data includes usage and user statistics. Emails sent by Jotform or by users through our services may include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. We do this to allow the email sender to measure the performance of their email messaging and to learn how to improve email deliverability and open rates. •See our Cookie Policy (https://www.jotform.com/cookie-policy/) for more info From Form Responders When you fill in or complete a form used by one of our Customers, we collect information relating to you and your use of our services: •Form responses. We collect and store the form responses that you submit, in some cases using third party server providers like Amazon Web Services or Google Cloud, on behalf of our Customers. The form creator (Customer) is responsible for this data, and they manage it. A form may ask you to provide personal information or data. If you have any questions about a form which a Customer has sent to you or given you access to fill in, or about the data to be provided in the form, please contact the form creator directly, since Jotform is not responsible for the content of that form. The form creator may have their own privacy policy. •Are your form responses anonymous? You will need to ask the form creator as it depends on how the individual, company or organization has chosen to configure the form(s). We provide information to form creators on how they can collect responses anonymously. However, even if a form creator has followed those steps, specific questions in the form may still ask you for your personal information or data that could be used to identify you. HOW WE USE AND DISCLOSE YOUR INFORMATION Customers We treat unique form questions and responses as information that is private, unless a party other than Jotform has made that information public. We don't use form data other than as described in this privacy policy without our Customers' consent. We don't sell Customers' form data, nor do we make it available to third parties without the Customer's permission. We use information gathered from and provided by our Customers to do the following for our Customers: Provide services and technical support, assist them with form design and creation, provide technical troubleshooting, manage our relationship with them, and to gather information on how they use our services. Certain features of our services use the content of form questions and responses and Customer account information in additional ways. Feature descriptions will identify where this is the case. Customers can avoid the use of form data in this way by simply choosing not to use such features. For example, by using our form templates feature, to add questions to forms, you also permit us to aggregate the responses you receive to those questions with responses received by other form templates users who have used the same questions. We may then report statistics about the aggregated (and de-identified) data sent to you and other form creators. If you choose to link your Jotform account with a third party account, such as your Google or Facebook account, Jotform may use the information you allow us to collect from those third parties to provide you with additional features, services, and personalized content. In order to provide you with useful options to use the services together with social media and other applications, we may give you the option to export information to, and collect information from, third party applications and websites, including platforms such as Google and Twitter and social networking sites such as Facebook. When exporting and collecting such information, you may be disclosing your information to the individuals or organizations responsible for operating and maintaining such third party applications and sites, and your information may be accessible by others visiting or using those applications or sites. We do not own or operate third party applications or websites that you connect with - you should review the privacy policies and statements of such websites to ensure you are comfortable with the ways in which they use the information you share with them. To manage our services. We use your information, including certain form data, for the following limited purposes: •To monitor, maintain, and improve our services and features. We internally perform statistical and other analysis on information we collect, including usage data, device data, referral data, question and response data and information from page tags, to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our services, including to help us evaluate and design new features. We may use your information internally in order to keep our services secure and operational, such as for troubleshooting and testing purposes, and for service improvement, marketing, research and development purposes. •To enforce our Terms of Use. •To prevent potentially illegal activities. •To screen for and prevent undesirable or abusive activity. For example, we have automated systems that screen content for activities such as, phishing, spam, and fraud. To create new services, features or content. We may use your form data and form metadata (that is, data about the characteristics of a form) for our internal purposes to create and provide new services, features or content. Regarding form metadata, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a form, and publish interesting observations about these for informational or marketing purposes. When we do this, neither individual form creators nor form responders will be identified or identifiable unless we have obtained their permission. To facilitate account creation and the logon process. If you choose to link your Jotform account to a third party account, such as your Google or Facebook account, we use the information you allowed us to collect from those third parties to facilitate the account creation and login process. To contact you about your service or account. We will occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, a welcome email when you first register). You are prevented from opting out of this type of communication since it is required to provide our services to you. To contact you for marketing purposes. We will send you promotional emails only if you have consented to us contacting you for this purpose. You may opt out of these communications at any time by clicking on the "unsubscribe" link in them, or changing the relevant setting on your My Account (https://www.jotform.com/myaccount/) page. To respond to legal requests and prevent harm. If we receive a subpoena or other legal request for information, we may need to inspect the data held to determine the appropriate response. Form responders Personal information a form responder includes in a form belongs to the responder, unless the responder has given rights in that information to the Customer who provided them with the form. Check with the Customer if you have questions about that. Form submission data is managed by the form creator (the Customer). Jotform treats that information as private unless the responder and/or Customer has made it publicly available. Please contact the form creator directly to understand how they use your form responses. Some form creators may provide you with a privacy policy or notice at the time you complete its form, and we encourage you to review that to understand how the form creator will handle your responses. We do not sell personal information gathered from form responses. We won't make available form responses to third parties without permission, and we won't use any contact details collected in our customers' forms to contact form responders. See the section above for information on how we use data provided by our Customers or to which our Customers have given us access. Website visitors See the section above regarding information related to visitors to our websites. We use that information, including but not limited to cookies, customer data, usage data, device data, referral data and information from page tags, to manage and improve our services, to serve and support our Customers, for research purposes, and for the other various purposes described in this privacy policy. No Sale or Leasing of Your Information We will not sell or lease your personal information to any third party. We may disclose aggregate demographic and statistical information with our business partners, but this information is not specific to the identification of you as an individual. Generally We may disclose information with third parties, for limited purposes, as follows: •Your information to our service providers. We use service providers who help us to provide you with our services. We give some personnel of these providers access to your information, but only to the extent necessary for them to perform their services for us. Our contracts with our service providers require them to maintain technical protections to ensure the confidentiality of your personal information and data, to use it only for the provision of their services to us, and to handle it in accordance with this privacy policy. Examples of service providers include payment processors, hosting services, email service providers, and web traffic analytics tools. •Your account details to your billing contact. If your account holder details are different from the billing contact listed for your account, we may disclose your identity and account details to the billing contact upon their request. We typically will attempt to notify you of such requests. By using our services and agreeing to this privacy policy, you consent to this disclosure. •Your email address to your organization. If the email address under which you've registered your account belongs to or is controlled by an organization, we may disclose that email address to that organization in order to help it understand who associated with that organization uses our services, and to assist the organization with its enterprise accounts. •Aggregated or de-identified (anonymized) information to third parties to improve or promote our services. We do this so that no individuals can reasonably be identified or linked to any part of the information we share with third parties to improve or promote our services. •The presence of a cookie to advertise our services. We may ask advertising networks and exchanges to display ads promoting our services on other websites. We may ask such parties to deliver those ads based on the presence of a cookie that was placed when you visited one of our websites, but in doing so we will not share any other personal information with the advertiser. Our advertising network partners may also use cookies and page tags or web beacons to collect certain non-personal information about your activities on this and other websites to provide you with targeted advertising based upon your interests. •Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us. •Your information if there's a change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization, including a merger, acquisition or consolidation or any other action or transfer between Jotform entities, you expressly consent to Jotform Inc. transferring your information to the new owner or successor entity so that we can continue providing our services. •Information you expressly consent to be shared. For example, Jotform Inc. may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. If you give your permission, you may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly. •If you're a Customer, you are able to control who can take your form by changing your collector settings. For example, forms can be made completely public, and indexable by search engines. You can also choose to share your form responses instantly or at a public location. Please note that, if you're a form responder or Customer who has entrusted us with safeguarding the privacy of your personal information, we will not disclose or share it with third parties unless we have (a) given you notice, such as in this privacy policy, (b) obtained your express consent, such as through an opt-in checkbox, or (c) de-identified or aggregated the information so that individuals or other entities cannot reasonably be identified by it. Where required by law to disclose your information, we will notify you of this before disclosing it. By using our services or visiting our websites, you consent to the above-described disclosures. In some cases, the applications or user interfaces you encounter while on our sites are managed by third parties, who may require that you provide your personal information. We are not responsible for the privacy practices of these third party services or applications. We recommend carefully reviewing the user terms and privacy statement of each third party service, website, and/or application prior to use. HOW LONG WE RETAIN YOUR INFORMATION We generally retain your information for as long as you have an account with us, or as long as necessary to otherwise to provide services to you, to comply with our legal obligations, resolve disputes, or comply with and enforce our agreements. Data that is deleted from our servers may remain as residual copies on offsite backup media for up to approximately one month afterward. REQUESTS TO DELETE, AMEND OR WITHDRAW CONSENT - NON­ EEA, UK OR AUSTRALIAN RESIDENTS You may be entitled to request that we delete or amend your personal information. You may also be entitled to withdraw your consent, when consent is the basis for processing your personal information. We apply the same procedures, limitations and exceptions established for European Economic Area (EEA), UK and Australian residents in this privacy policy to all who make such requests to delete or amend personal information, or withdraw consent for processing personal information, regardless of geographic location. Please read the "Your Rights" paragraph under the "ADDITIONAL TERMS FOR EUROPEAN ECONOMIC AREA, UK AND AUSTRALIA RESIDENTS" below for details. If you are a resident of the EEA, UK or Australia, see below for more specific details on how that applies to you. ADDITIONAL TERMS FOR EUROPEAN ECONOMIC AREA, UK AND AUSTRALIA RESIDENTS Legal Basis for Use of Your Information Personal information that we collect is processed under the following legal basis: Our legitimate interests. This includes: •to enable us to provide our products and services and website use and access to you •for analytics, to gather metrics to better understand how users use the our websites, and to evaluate and improve our websites •to prevent fraud and other illegal activity •the legitimate interests of others (for example, to ensure the security of our website) •to comply with legal obligations, as part of our general business operations, and for other internal business administration purposes •if we collect demographic information from you (such as gender and ethnic origin) in order to carry out diversity monitoring and such information is not collected in an anonymous format, then we rely on our legitimate interest to do so. Contractual obligations. For the performance of contractual obligations between you and Jotform, including the Jotform Terms of Use and/or in our separate written contract with you. Consent. Where required by law, we may process your personal information in some cases for marketing purposes on the basis of your consent (which you may withdraw at any time after giving it, as described in this privacy policy). Your Rights Deletion of Personal Information You may be entitled to request that we delete your personal information in certain specific circumstances. If you wish to exercise this right, please submit your request using this form (https://www.jotform.com/privacyconcerns/). We will consider all such requests and provide our response within a reasonable period (but no longer than one calendar month from our receipt of your request unless we tell you that we are entitled to a longer period under applicable law). We may require you to verify your identity before we respond to your request. Certain personal information may be exempt from such requests in certain circumstances, including as provided for in this privacy policy. Access, Update, Data Portability and Other Rights You may also be entitled to access your information, update your personal information which is out of date or incorrect, restrict use of your personal information in certain specific circumstances, place a data portability request (applicable only when we use your personal information on the basis of your consent or performance of a contract, and where our use of your information is carried out by automated means), and ask us to consider any valid objections which you have to our use of your personal information where we process it on the basis of our or another person's legitimate interest. Requests should be directed via this form (https://www.jotform.com/privacyconcerns/). We will consider all such requests and provide our response within a reasonable period (but no longer than one calendar month from our receipt of your request unless we tell you we are entitled to a longer period under applicable law). We may require you to verify your identity before we respond to any of your requests. Certain personal information may be exempt from such requests in certain circumstances, including as provided for in this privacy policy. Children's Privacy Use of our websites is intended for adults at least eighteen (18) years of age. We do not knowingly collect personally-identifying information from children under the age of thirteen (13). Complaints You also have the right to lodge a complaint before a supervisory data protection authority regarding our data processing. If you are in Europe, an up to date list of data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members en (https://edpb.europa.eu/about­ edpb/board/members en). If you are in the UK, the data protection authority is the UK Information Commissioner's Office available at https://ico.org.uk/ (https://ico.org.uk/). PRIVACY SHIELD Despite the July 12, 2016 decision of the European Commission's Decision (EU) 2016/1250 regarding Privacy Shield, Jotform continues to comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Jotform has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/ (https://www.privacyshield.gov/) In compliance with the Privacy Shield Principles, Jotform commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Jotform via this form (https://www.jotform.com/privacyconcerns/). Jotform has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield (https://www.jamsadr.com/eu-us-privacy-shield) for more information or to file a complaint. The services of JAMS are provided at no cost to you. You may also submit a claim for binding arbitration against Jotform with JAMS (see the above website) in the event that your concerns are not satisfactorily resolved. Jotform commits to cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and to comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship. Jotform is subject to the investigatory and enforcement powers of the FTC (U.S. Federal Trade Commission). HOW TO CONTACT US REGARDING YOUR PERSONAL INFORMATION If you have any questions about this privacy policy, you may contact us using this form (https://www.jotform.com/privacyconcerns/). Representation for data subjects in the EU We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/11830216921 Last Update: January 21, 2022 JotformMarketplaceSupportCompanyMobileApps SignupTemplates v (https://www.jotform.com/signup/) Form Themes Contact UsAbout Us(https://link.jotform.com/Fi2 (https://www.jotform.c .M'M1t.#.jotform.comY e=_privacy_&utm Create a Form(https://www.jotform.cO)Je'rtMedia Kit(https://link.jotform.com/C5 (https://www.jotform.cetntei,ild)(https://www.jotform.c Y(Nv),vw.jotform.coml!i'r ©tHietaBIJprivacy_&utm My FormsForm WidgetsHelp vIn the News (https://www.jotform.c8mtfm1/'f mw.Jotform.com/widgets/)(https://www.jotform.com/resources/in- Webinarsthe-news/) PricingIntegrationsv(https://www.jotform.com/webinars/) (https://www.jotform.com/pricing/)Newsletters Report Abuse(https://www.jotform.com/newsletters/) Jotform Enterprise (https://www.jotform.com/ flftW!w.jotform.com/report- utm_medium=referral&utm_source=jotform.c ael1fLcontent=JotFoPaT1net&lnjpise&utm_campaign=enterprise_commo1 (https://www.jotform.com/partnership/) Examples v Features v Report Copyright Issue (https://www.jotform.cemg:opyright/) (https://www.jotform.com/blog/) 4 Embarcadero Center, Suite 780, San Francisco CA 94111 © 2022 Jotform Inc. Terms & Conditions (https://www.jotform.com/terms/)Privacy Policy (https://www.jotform.com/privacy/) Security (https://www.jotform.com/security/) (https://www.facebook.com/Jotform)(https://twitter.com/jotform)(https://www.linkedin.com/company/jotform)

Kodiak Medical | Notice of Privacy Practices Effective 04/14/2022 Your Information. Your Rights. Our Responsibilities. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. Your Rights When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you. You can get an electronic or paper copy of your medical record: You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this. We will provide a copy or a summary of your health information. We may charge a reasonable, cost- based fee. ASK US TO CORRECT YOUR MEDICAL RECORD You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this. We may say “no” to your request, but we’ll tell you why in writing within 60 days REQUEST CONFIDENTIAL COMMUNICATIONS You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will say “yes” to all reasonable requests. ASK US TO LIMIT WHAT WE USE OR SHARE You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care. If you pay for a service or health care item out-of- pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information. GET A LIST OF THOSE WITH WHOM WE’VE SHARED INFORMATION You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months. GET A COPY OF THIS PRIVACY NOTICE You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly. CHOOSE SOMEONE TO ACT FOR YOU If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action. FILE A COMPLAINT IF YOU FEEL YOUR RIGHTS ARE VIOLATED You can complain if you feel we have violated your rights by contacting us at 855-837-8808. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints We will not retaliate against you for filing a complaint. Your Choices For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions. In these cases, you have both the right and choice to tell us to: Share information with your family, close friends, or others involved in your care Share information in a disaster relief situation Include your information in a hospital directory If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. In these cases we never share your information unless you give us written permission: Marketing purposes Sale of your information Most sharing of psychotherapy notes In the case of fundraising: We may contact you for fundraising efforts, but you can tell us not to contact you again. Our Uses and Disclosures HOW DO WE TYPICALLY USE OR SHARE YOUR HEALTH INFORMATION? We typically use or share your health information in the following ways: TREAT YOU We can use your health information and share it with other professionals who are treating you. Example: A doctor treating you for an injury asks another doctor about your overall health condition. RUN OUR ORGANIZATION We can use and share your health information to run our practice, improve your care, and contact you when necessary. Example: We use health information about you to manage your treatment and services. BILL FOR YOUR SERVICES We can use and share your health information to bill and get payment from health plans or other entities. Example: We give information about you to your health insurance plan so it will pay for your services. HOW ELSE CAN WE USE OR SHARE YOUR HEALTH INFORMATION? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consum ers/index.html HELP WITH PUBLIC HEALTH AND SAFETY ISSUES We can share health information about you for certain situations such as: Preventing disease Helping with product recalls Reporting adverse reactions to medications Reporting suspected abuse, neglect, or domestic violence Preventing or reducing a serious threat to anyone’s health or safety DO RESEARCH We can use or share your information for health research. COMPLY WITH THE LAW We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law. RESPOND TO ORGAN AND TISSUE DONATION REQUESTS We can share health information about you with organ procurement organizations. WORK WITH A MEDICAL EXAMINER OR FUNERAL DIRECTOR We can share health information with a coroner, medical examiner, or funeral director when an individual dies. ADDRESS WORKERS’ COMPENSATION, LAW ENFORCEMENT, AND OTHER GOVERNMENT REQUESTS We can use or share health information about you: For workers’ compensation claims For law enforcement purposes or with a law enforcement official With health oversight agencies for activities authorized by law For special government functions such as military, national security, and presidential protective services RESPOND TO LAWSUITS AND LEGAL ACTIONS We can share health information about you in response to a court or administrative order, or in response to a subpoena. Our Responsibilities We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. FOR MORE INFORMATION SEE: www.hhs.gov/ocr/privacy/hipaa/understanding/consum ers/noticepp.html CHANGES TO THE TERMS OF THIS NOTICE We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our website.