Terms of Service – Penciled

SaaS Services Agreement – Penciled (SomnApp, Inc.) Electronic Agreement; Clickwrap Acceptance By checking “I agree to the Terms” and proceeding, the individual acting on behalf of the organization identified during signup (“Customer”) represents they are authorized to bind Customer and agrees these Terms are executed electronically and legally binding. The “Effective Date” is the timestamp recorded by Penciled upon acceptance. Penciled may store Customer’s name, acceptance timestamp, Terms version, and this page’s URL as the execution record. 1. SaaS Services and Support Subject to these Terms, Penciled will use commercially reasonable efforts to provide the services described in the applicable order (the “Services”). As part of registration, Customer will identify an administrative username and password for its account. Penciled may refuse or cancel credentials it deems inappropriate. Penciled will provide reasonable technical support consistent with its standard practice. 2. Restrictions and Responsibilities Customer will not (and will not permit others to): (i) reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related thereto (“Software”); (ii) modify, translate, or create derivative works (except as expressly permitted by Penciled or authorized within the Services); (iii) use the Services/Software for timesharing/service bureau or otherwise for a third party’s benefit; (iv) remove proprietary notices or labels; (v) use the Services/Software to build a product or service competitive with Penciled; (vi) interfere with or attempt to interfere with proper operation; or (vii) bypass measures used to prevent or restrict access. Customer is responsible for all activity in connection with the Services, including uploading Customer Data. Export/US Government. Customer will not remove or export the Services/Software in violation of U.S. export controls or sanctions. As defined in FAR 2.101 and DFAR 252.227-7014, the Software and documentation are “commercial computer software,” and use by the U.S. Government is governed solely by these Terms. Compliance & Consents. Customer will use the Services/Software only in compliance with Penciled policies and all applicable laws (including data privacy, international communications, export, telephone/text communications, AI/automated decision-making, and marketing) and shall not violate third-party rights. Customer has all rights/permissions to provide data. Customer will ensure end users consent to phone/text communications sent by or on behalf of Customer, consent to recording where applicable, and that all required disclosures/consents are made/obtained. Penciled may monitor use and may prohibit any use it believes violates these Terms. Equipment & Security. Customer shall obtain and maintain equipment and ancillary services needed to access the Services and is responsible for security of its equipment, accounts, passwords and files and for all uses thereof. Penciled is not responsible for unauthorized access or use unless due to Penciled’s gross negligence or willful misconduct. Third-Party Services/APIs. The Services/Software may operate with third-party services or APIs. Penciled is not responsible for such services; Customer is solely responsible for rights to access them and for compliance with their terms. 3. Confidentiality; Proprietary Rights Each party may receive the other’s Proprietary Information (non-public business, technical, or financial information). The receiving party will take reasonable precautions and not use/disclose it except to perform these Terms or as permitted. The foregoing does not apply to information that becomes public without breach, was known without restriction, is rightfully disclosed by a third party, is independently developed, or must be disclosed by law (with notice if legally permitted). For Proprietary Information (other than PHI under the BAA), confidentiality obligations last five (5) years from disclosure. Ownership. Customer owns all right, title and interest in Customer Data. Penciled owns the Services/Software (and improvements), technology developed for implementation/support, and all related IP. Usage Data; De-identification. Penciled may collect and analyze data relating to provision, use and performance of the Services/Software (including information concerning Customer Data and derivatives) to operate, maintain, secure and improve the Services and related offerings, and may disclose such data only in aggregate or de-identified form that cannot reasonably be used to identify Customer or its patients. 4. Payment of Fees Customer will pay the fees described in the order. If usage exceeds capacity, Customer will pay additional fees as applicable. Penciled may change fees or institute new fees effective at the end of the then-current term on thirty (30) days’ prior notice (email permitted). If Customer believes Penciled has billed incorrectly, Customer must contact Penciled no later than sixty (60) days after the first statement showing the issue to receive an adjustment or credit. If invoiced, amounts are due thirty (30) days from invoice date. Unpaid amounts accrue a finance charge of 1.5% per month (or the maximum permitted), plus collection costs, and may result in immediate termination. Customer is responsible for taxes other than Penciled’s U.S. income taxes. 5. Term and Termination Initial term is as stated in the order and renews automatically for successive terms of equal length unless either party gives thirty (30) days’ prior written notice of non-renewal. Either party may terminate on thirty (30) days’ notice for material breach (or immediately for non-payment). Upon termination, Penciled will make Customer Data available for electronic retrieval for thirty (30) days. Thereafter Penciled may delete stored data; provided, however, that Protected Health Information (“PHI”) will be returned to Customer or securely destroyed as required by HIPAA, except where retention is legally required or infeasible (e.g., backups or an ongoing incident investigation). Any retained PHI will remain subject to the BAA. Sections intended to survive (including payment, confidentiality, warranty disclaimers and limitations of liability) shall survive. 6. Warranty and Disclaimer Penciled shall use reasonable efforts consistent with prevailing industry standards to maintain the Services and perform implementation services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance or unscheduled emergency maintenance, by Penciled or third parties, or for causes beyond Penciled’s reasonable control; Penciled will use reasonable efforts to provide advance notice of scheduled disruptions. HOWEVER, PENCILED DOES NOT WARRANT THE SERVICES OR SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, NOR THAT RESULTS WILL MEET CUSTOMER’S REQUIREMENTS. EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICES, SOFTWARE AND IMPLEMENTATION SERVICES ARE PROVIDED “AS IS” AND PENCILED DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. WITHOUT LIMITING THE FOREGOING, PENCILED DISCLAIMS ALL REPRESENTATIONS, WARRANTIES OR COVENANTS REGARDING THE ACCURACY, QUALITY OR TRUTHFULNESS OF ANY TEXT, AUDIO, DATA, CONTENT OR INFORMATION GENERATED, TRANSMITTED OR MADE AVAILABLE BY THE SERVICES OR SOFTWARE (“OUTPUT DATA”) OR INFORMATION INCLUDED THEREIN, OR THAT ANY OUTPUT DATA, THE SERVICES OR SOFTWARE, OR ANY DATA/INFORMATION/MATERIALS CONTAINED THEREIN, OR THE RESULTS GENERATED BY THE USE THEREOF, WILL MEET CUSTOMER’S REQUIREMENTS OR ACHIEVE ANY RESULTS. CUSTOMER ACKNOWLEDGES AND AGREES THAT (I) DUE TO THE NATURE OF THE SERVICES AND ARTIFICIAL INTELLIGENCE GENERALLY, OUTPUT DATA MAY NOT BE ACCURATE, RELIABLE OR SUITABLE; AND (II) CUSTOMER’S USE OF OUTPUT DATA IS AT CUSTOMER’S SOLE RISK AND CUSTOMER IS SOLELY RESPONSIBLE FOR EVALUATING ITS ACCURACY AND SUITABILITY BEFORE USE. 7. Indemnity Penciled will defend and indemnify Customer from third-party claims that the Services infringe U.S. IP rights, provided Penciled is promptly notified, receives reasonable assistance, and retains sole control of defense and settlement. Exclusions apply where the claim arises from (i) items not supplied by Penciled; (ii) compliance with Customer specifications; (iii) modifications not made by Penciled; (iv) combinations with other products, processes or materials; (v) continued use after notice of infringement or availability of a non-infringing alternative; or (vi) use not strictly in accordance with these Terms (the “Excluded Claims”). Remedies: Penciled may (a) replace/modify to be non-infringing with substantially similar functionality; (b) obtain a license; or (c) terminate and refund prepaid, unused fees. Customer will defend and indemnify Penciled and its affiliates against losses arising from (i) Customer’s breach of representations/warranties/covenants; (ii) Excluded Claims; or (iii) Customer’s gross negligence, willful misconduct, or legal violations. Indemnification is conditioned on prompt notice (delay relieves obligations only if materially prejudicial), the indemnifying party’s sole control of defense/settlement, and reasonable cooperation. 8. Limitation of Liability NOTWITHSTANDING ANYTHING TO THE CONTRARY, EXCEPT FOR BODILY INJURY OR A PARTY’S INDEMNIFICATION OBLIGATIONS, PENCILED AND ITS SUPPLIERS, OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL NOT BE LIABLE UNDER ANY THEORY FOR: (A) ERROR/INTERRUPTION OF USE; LOSS, INACCURACY OR CORRUPTION OF DATA; COST OF SUBSTITUTE GOODS/SERVICES/TECHNOLOGY; OR LOSS OF BUSINESS; (B) ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES; (C) MATTERS BEYOND PENCILED’S REASONABLE CONTROL; OR (D) AMOUNTS THAT, TOGETHER WITH ALL OTHER CLAIMS, EXCEED THE FEES ACTUALLY PAID BY CUSTOMER FOR THE SERVICES IN THE 12 MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY, WHETHER OR NOT ADVISED OF THE POSSIBILITY. 9. Publicity Each party grants the other a limited, non-exclusive license to use its name and standard logo within marketing materials with prior written approval; provided that Penciled may identify Customer by name and logo on Penciled’s website and standard customer lists without further approval. No PHI or Customer Confidential Information will be used in any marketing materials. 10. Miscellaneous If any provision is unenforceable, it will be limited to the minimum extent necessary. Customer may not assign these Terms without Penciled’s consent; Penciled may assign freely. These Terms (together with the applicable order and incorporated policies) are the complete and exclusive statement of the parties’ understanding, superseding prior agreements; waivers/modifications must be in a writing signed by both parties unless otherwise provided herein. No agency, partnership, joint venture, or employment is created. The prevailing party in any action to enforce these Terms may recover costs and attorneys’ fees. Notices must be in writing and are deemed given as specified in the contract (including electronic confirmation for email). New York law governs, without regard to conflicts rules; venue is in the state or federal courts located in New York County, New York, as applicable. The parties will work in good faith toward a mutually agreed press release within 90 days of the Effective Date, and Customer will reasonably cooperate as a reference account. 11. Recordings; Transcripts; Product Improvement; Marketing Use Meeting Recordings & Transcripts. Customer authorizes Penciled to record audio and/or video and to generate transcripts, summaries, and notes of meetings between Penciled and Customer (including virtual demos, onboarding, training, success, and support). Customer is responsible for informing participants and obtaining all notices/consents required by applicable law (including two-party/all-party consent statutes). Recordings and transcripts are Confidential Information and, to the extent they contain PHI, are subject to the BAA. Product Improvement. Penciled may use recordings, transcripts, summaries, derived metadata, and feedback to operate, maintain, secure, and improve the Services and related features (including quality assurance, analytics, model training/tuning, and evaluation). Penciled will not use or disclose PHI for marketing and will handle any PHI solely in accordance with the BAA and applicable law. Recordings and transcripts that contain PHI will be used only for internal quality assurance, analytics, security, or product improvement and will not be disclosed externally. Penciled may create and use de-identified information consistent with HIPAA de-identification standards and may disclose de-identified or aggregated insights. Marketing / Case Studies / Testimonials. Penciled may use Customer’s name and standard logo and may publicly display statements by Customer personnel and high-level performance results (e.g., “filled X cancellations,” “saved Y hours/month”) in websites, press releases, marketing materials, sales collateral, and case studies. Penciled will not include PHI or Customer Confidential Information in such materials and will not identify individual patients. Upon written notice from Customer, Penciled will promptly correct any attribution errors.