1. Agreement and definitions
1.1 The parties
These Master Terms of Service (the “Terms”) are a binding agreement between CumuloNimbus LLC, a California limited liability company (“Company,” “we,” “us,” or “our”), and the business or other legal entity named in an Order Form (“Customer”). “You” means Customer and, where the context requires, an Authorized User acting for Customer.
These Terms govern Customer’s access to and use of Company software, hosted services, applications, tools, documentation, support, and related professional services identified in an Order Form (collectively, the “Services”).
1.2 Business use and United States availability
The Services are offered only to businesses located in the United States for lawful business use in the United States. They are not offered to consumers for personal, family, or household purposes. Customer represents that it is a duly organized business or other legal entity, that each person accepting or administering the Agreement is at least 18 years old, and that it will not make the Services available outside the United States without our prior written approval.
1.3 How the Agreement is formed
To obtain access, Customer must both (a) execute an Order Form and (b) have an authorized administrator affirmatively accept these Terms through Company’s clickwrap process. By accepting, the administrator represents that the administrator has authority to bind Customer and that Customer has reviewed and agrees to the entire Agreement. A person without that authority must not accept these Terms or access the Services. Company may retain an electronic record of acceptance, including the accepted version, date and time, account and organization identifiers, IP address, and user agent.
1.4 Agreement components and order of precedence
The “Agreement” consists of: (a) any amendment signed by both parties; (b) each Order Form; (c) any product-specific supplement identified in an Order Form; (d) any data-processing addendum signed by both parties, solely for its subject matter; and (e) these Terms. If provisions conflict, they control in that order, but an Order Form overrides these Terms only if it identifies the provision being overridden and expressly states the parties’ intent to override it. The Privacy Policy describes our handling of personal information but does not create contractual rights beyond those in the Agreement.
Any Customer purchase order, procurement portal term, vendor form, or other Customer document is for administrative convenience only. Its preprinted or linked terms are rejected and do not modify the Agreement, even if Company acknowledges or processes the document.
1.5 Key definitions
“Authorized User” means an employee or individual contractor whom Customer authorizes to use the Services solely for Customer’s benefit. “Customer Content” means data, text, records, files, prompts, instructions, configurations, or other material submitted to or processed by the Services for Customer, including Service Inputs and resulting Outputs, but excluding Feedback, Account Data, and Usage Data. “Documentation” means Company’s then-current user instructions and technical documentation for a Service. “Order Form” means a mutually executed ordering document identifying the Services, subscription period, usage limits, and fees. “Output” means content or a recommended action generated by a Service from Customer’s input. “Usage Data” means technical telemetry and aggregate operational measurements about use and performance of the Services that do not include Customer Content or identify any patient, shopper, or other individual.
2. Services, licenses, and accounts
2.1 Subscription right
Subject to the Agreement and payment of all fees, Company grants Customer during the applicable subscription period a limited, non-exclusive, non-sublicensable, non-transferable right for its Authorized Users to access and use the Services identified in the Order Form for Customer’s internal business operations. For software installed on Customer-controlled systems, this right is a license to install and execute the number of copies and instances stated in the Order Form. No software or intellectual property is sold.
2.2 Authorized Users and administration
Customer is responsible for selecting its administrators, approving Authorized Users, assigning appropriate permissions, promptly removing access when no longer needed, and all activity under its accounts. Customer must keep credentials confidential, use available security controls, and promptly notify Company at legal@cumulonimbusllc.com of suspected unauthorized access. Accounts are individual and may not be shared. Customer remains responsible for acts and omissions of its Authorized Users and contractors as though they were Customer’s own.
2.3 Use restrictions
Customer must not, and must not permit anyone to:
- copy, modify, translate, create derivative works from, reverse engineer, decompile, disassemble, or attempt to discover source code, model weights, or non-public algorithms of a Service, except only to the limited extent a restriction is prohibited by law;
- sell, resell, sublicense, distribute, lease, provide as a service bureau, or otherwise make a Service available to a third party;
- bypass usage limits or security controls; probe or test a vulnerability without written permission; interfere with Service operation; or introduce malware, destructive code, or harmful data;
- use automated means to scrape or extract non-public Service data, build a competitive product, or train or improve a competing model;
- remove proprietary notices, misrepresent Output as independently verified by Company, or imply Company endorses Customer or its decisions;
- use the Services in violation of law, professional duties, third- party rights, the Agreement, Documentation, or an applicable marketplace or platform rule; or
- use the Services for high-risk activities not expressly authorized in an Order Form, including emergency response, autonomous clinical decisions, control of life-support systems, or custody or transfer of money.
2.4 Customer systems and connectivity
Customer is responsible for equipment, internet connectivity, compatible systems, backups, licenses, and security needed to use the Services. Company is not responsible for Customer systems, Customer’s configuration, or a failure caused by them. Customer must maintain a reliable independent system of record and reasonable business- continuity procedures unless an Order Form expressly makes a Service the system of record.
2.5 Third-party services
A Service may interoperate with marketplaces, payroll systems, accounting systems, cloud infrastructure, communications providers, or other third-party services selected or authorized by Customer. Customer’s use of those services is governed by its agreements with their providers. Company does not control and is not responsible for third-party services, their data, availability, security, terms, API behavior, or changes. Customer authorizes Company to exchange data with a third-party service as needed to provide an integration that Customer enables.
2.6 Service changes and availability
Company may improve or change the Services from time to time. Company will not materially reduce the core functionality of a paid Service during its subscription period without reasonable notice, unless a change is necessary to address law, security, safety, third-party platform changes, or an urgent operational risk. Any service-level, support, maintenance, or uptime commitment applies only if expressly stated in an Order Form. Scheduled maintenance and events outside Company’s reasonable control may affect availability.
2.7 Evaluation and preview features
Free, trial, beta, preview, early-access, and evaluation features are provided for evaluation, may be incomplete or changed or discontinued at any time, and must not be used for production, patient care, financial reporting, or other material decisions unless an Order Form expressly permits that use. They are provided “AS IS” without service levels, support commitments, or warranties. To the extent permitted by law, Company’s aggregate liability arising from all such use is limited as stated in Section 14.3.
3. Customer Content, data use, and AI
3.1 Customer responsibility
Customer controls which Customer Content it submits and is solely responsible for its legality, accuracy, quality, and suitability. Customer represents and warrants that it has provided all required notices and obtained all rights, consents, permissions, and legal bases needed for Company and its infrastructure providers to process Customer Content as described in the Agreement. Customer must minimize submitted data and must not submit data prohibited by the Agreement or Documentation.
3.2 Limited processing permission
As between the parties, Customer retains its rights in Customer Content. Customer grants Company and its approved subprocessors a non-exclusive, worldwide, limited license during the Agreement to host, copy, transmit, transform, display, and otherwise process Customer Content solely to provide, secure, support, and maintain the Services, prevent fraud or abuse, comply with Customer’s documented instructions, and comply with law. This permission does not transfer ownership of Customer Content to Company.
3.3 No Customer Content training
Company does not use Customer Content, including patient-derived de-identified radiology content, Customer commerce data, or aggregate payroll-accounting data, to train, fine-tune, or improve a shared or general-purpose machine-learning or generative AI model. Company may develop models using data Company owns or is separately licensed to use for that purpose, and may use content-free Usage Data to operate, secure, and improve the Services.
3.4 Company-operated models
If a Service uses a large language model or other AI model, Company runs the model on Company-controlled local infrastructure or on cloud GPU infrastructure provisioned for Company. Company does not submit Customer Content to third-party general-purpose hosted model APIs such as OpenAI or Anthropic. Cloud infrastructure, networking, and security providers may process data as technical service providers under contract as necessary to operate Company’s environment; they do not receive permission from Company to train their models on Customer Content.
Payroll-accounting information is submitted to a Company-operated model only if an authorized Customer user affirmatively enables the applicable AI analysis feature. Only the company-level and aggregate accounting-summary information permitted by Section 5.1 may be analyzed. Employee-level information prohibited by Section 5.2 must not be submitted to or processed by a model; when the feature is disabled, Company does not submit payroll-accounting data to a model.
3.5 Output limitations and human review
AI-assisted and rules-based Outputs are probabilistic or dependent on Customer inputs and configurations. Outputs may be inaccurate, incomplete, outdated, inconsistent, or unsuitable for a particular purpose. Similar inputs may produce different Outputs, and other customers may receive similar material. Customer must independently review, validate, and, where appropriate, edit every Output before relying on it or using it in a clinical, commercial, payroll, accounting, legal, regulatory, or other consequential workflow. Customer, not Company, makes and is responsible for all decisions and actions based on an Output. For payroll-accounting Outputs, this duty includes verifying source totals, classifications, mappings, reconciliations, and journal entries against independent systems of record before posting, filing, paying, or otherwise relying on them.
3.6 Privacy
Company handles personal information as described in its Privacy Policy. Customer is independently responsible for its own privacy notices, rights-response procedures, data governance, and compliance obligations. If applicable law requires a data-processing agreement for a permitted use, Customer must contact Company and execute that agreement before submitting the affected personal data.
4. Radiology Services
4.1 Clinician drafting aid only
Radiology-related Services are documentation and report-drafting aids for use by appropriately licensed and qualified healthcare professionals. They do not practice medicine, independently interpret medical images, diagnose a patient, recommend or select treatment, monitor a patient, provide emergency alerts, or replace professional judgment. A qualified clinician must review the relevant source information, independently evaluate each Output, make all required corrections, and approve and sign the final report before clinical use. Customer is responsible for credentialing, supervision, professional standards, recordkeeping, and patient care.
4.2 De-identified data required
The Services are designed so that Company does not need or intend to receive protected health information (“PHI”). Before any radiology-related information leaves a Customer-controlled environment for Company-operated infrastructure, Customer must de-identify it in accordance with 45 C.F.R. § 164.514(b) using either the HIPAA Safe Harbor method or a properly documented Expert Determination. Removing only a name, medical-record number, or date of birth is not necessarily sufficient. A HIPAA limited data set remains PHI and is not permitted.
4.3 PHI is prohibited; no BAA
Customer must not upload, transmit, expose, or provide Company access to PHI, including through prompts, free-text fields, attachments, logs, screenshots, support requests, or troubleshooting sessions. At launch, Company does not offer the Services for processing PHI, does not enter into a business associate agreement (“BAA”) for the Services, and does not accept delegation of Customer’s HIPAA duties. Customer must not use a Service in a manner that would require Company to act as Customer’s business associate unless the parties first execute a separate BAA and a written Order Form expressly authorizing that use. No other communication or conduct creates a BAA.
4.4 Accidental PHI
If Customer knows or suspects that PHI was inadvertently provided to Company, Customer must immediately stop the affected transmission, preserve relevant information within Customer’s own systems, and notify Company at legal@cumulonimbusllc.com without including additional PHI in the notice. Customer must provide a knowledgeable contact and cooperate with containment.
Upon discovering suspected PHI, Company may restrict access to, isolate, suspend processing of, and securely delete the affected data without returning or preserving a copy. Company will use reasonable efforts to notify Customer’s designated contact and will take any other action required by applicable law. Customer remains responsible for assessing and performing its own legal, regulatory, patient, and contractual notification duties. Nothing in the Agreement limits an obligation that applicable law does not permit the parties to limit.
4.5 Radiology content retention
Company configures cloud radiology processing so that submitted radiology content is processed transiently and is not retained by Company after the processing request is completed, except for short-lived technical handling strictly necessary to transmit and secure the request. Operational and security logs are designed to exclude report content. For locally operated Services, Customer controls data storage and deletion on its own systems. Customer must maintain its own legally sufficient medical records; Company is not a medical-record custodian or archive.
4.6 No unsupported regulatory representation
Customer must use each Radiology Service only for the intended use and workflow described in its Order Form and Documentation. Customer must not represent that a Service is cleared, approved, certified, or regulated by the U.S. Food and Drug Administration or another agency unless Company has provided current written documentation supporting that representation. Customer is responsible for determining whether its configuration, integration, claims, or use triggers regulatory or professional requirements.
5. Commerce and Accounting Services
5.1 Permitted commerce and accounting data
Subject to the applicable Order Form and Documentation, Commerce Services may process product catalogs, SKUs, prices, costs, inventory, channel and listing configurations, marketplace or platform API and OAuth tokens, de-identified sales information, fees, taxes, payouts, invoices, and accounting records. Customer must limit access scopes and submitted data to what is reasonably necessary for the enabled feature.
When Customer enables a payroll-accounting connection, the Services are designed to use read-only access and import only company-level and aggregate accounting information, including pay-period and payroll totals, employer-tax totals, aggregate benefit and deduction totals, organizational or accounting dimensions, and information used to derive journal entries and reconciliations. The connection must not initiate, modify, approve, or transmit payroll or move funds.
Customer authorizes Company to use Customer-authorized OAuth tokens and other integration credentials solely to operate and secure the enabled connection. Company may retain them while the connection remains authorized or as needed to complete Customer-requested processing. When Customer disconnects the integration or authorization ends, Company will revoke the credentials where the provider supports revocation and delete or render them unusable in active systems, subject to the backup and legal-retention provisions in Section 6.7.
5.2 Prohibited financial, shopper, and employee data
Customer must not provide Company with shopper or end-customer personal information, raw payment-card data, card security codes, online-banking credentials, private cryptographic keys, or credentials that directly authorize movement of funds. The Services do not act as a payment processor, bank, money transmitter, broker, fiduciary, or custodian and must not be used to hold, receive, or transfer funds. Customer must redact or de-identify order and accounting records before submission whenever they contain shopper or other individual personal information.
For payroll-accounting connections, Customer must not authorize scopes that permit Company to retrieve, or otherwise submit or expose, employee names, Social Security numbers, personal bank-account information, home addresses, birth dates, individual tax forms, individual compensation records, or other employee-level payroll or human-resources details.
5.3 Customer approval and controls
Commerce Services may recommend or, when Customer enables automation, take actions affecting prices, listings, inventory quantities, synchronization, purchase decisions, payroll-accounting classifications and mappings, journal entries, reconciliation, or channel availability. Customer is responsible for configuring limits, approvals, credentials, and access scopes; testing workflows; monitoring exceptions and synchronization status; maintaining backups and an independent system of record; and promptly correcting errors. Customer must independently review material pricing, inventory, payroll-accounting, journal-entry, accounting, tax, and marketplace actions. Company does not guarantee that data or actions will be accurate, complete, timely, accepted by a channel, or synchronized without conflict or delay.
5.4 Independent pricing and competition compliance
Customer must set its commercial strategy independently and comply with antitrust, competition, consumer-protection, advertising, discrimination, and pricing laws. Customer must not use a Service to coordinate prices or output with a competitor; exchange a competitor’s non-public competitively sensitive information; facilitate price fixing, bid rigging, market allocation, resale-price maintenance, or another unlawful restraint of trade; implement unlawfully discriminatory pricing; or obscure a legally required price or fee. Company may suspend a configuration or use that it reasonably believes creates legal or platform risk.
5.5 Platforms and professional advice
Customer is responsible for its marketplace, channel, payment, payroll, accounting, and other third-party accounts and for complying with their terms, rate limits, product rules, and policies. Company does not guarantee continued API access, listing placement, sales volume, profitability, tax treatment, or marketplace acceptance. Company is not a payroll processor, employer of record, accounting firm, auditor, tax preparer, investment adviser, law firm, or other professional adviser. The Services provide operational and accounting aids, not payroll, accounting, audit, tax, investment, legal, or other professional advice. Customer must consult its qualified professionals and remains responsible for source payroll records, books, records, returns, filings, payments, and business decisions.
6. Fees, payment, term, and termination
6.1 Fees and payment
Customer will pay the fees and authorized usage charges stated in each Order Form. Unless an Order Form states otherwise, invoices are due in U.S. dollars within 30 days after the invoice date, fees are non-cancelable and non-refundable except as expressly stated in the Agreement, and Customer may not withhold, offset, or reduce payment. Overdue undisputed amounts may accrue interest at 1.5% per month or the highest lawful rate, whichever is lower, plus reasonable collection costs. Customer must dispute an invoice in good faith and with reasonable detail within 30 days after its date.
6.2 Taxes
Fees exclude sales, use, excise, value-added, withholding, and similar taxes and government assessments. Customer is responsible for all such amounts arising from its purchases, other than taxes based on Company’s net income, property, or employees. If Customer must withhold tax, it will increase its payment so Company receives the amount it would have received without the withholding, to the extent permitted by law. Company will honor a valid exemption certificate provided before invoicing.
6.3 Subscription term and renewal
The Agreement begins when both requirements in Section 1.3 are completed and continues while an Order Form remains in effect. Each subscription begins and ends on the dates in its Order Form. A subscription renews only as stated in its Order Form. Company may change fees for a renewal period by giving at least 30 days’ notice before the renewal date unless the Order Form provides a longer period.
6.4 Suspension
Company may suspend affected access on reasonable notice if Customer has an undisputed payment more than 10 days overdue. Company may suspend immediately to prevent or address a security incident, unlawful or prohibited use, risk of material harm, third-party platform directive, or threat to the Services or others. Where practicable, Company will limit a suspension to the affected Service or account and work with Customer to restore access after the cause is resolved. Suspension does not excuse payment obligations.
6.5 Termination
Either party may terminate an affected Order Form if the other party materially breaches the Agreement and does not cure the breach within 30 days after written notice, except that the cure period for nonpayment is 10 days. A party may terminate immediately if a breach cannot reasonably be cured. Company may terminate an affected Order Form if continued provision becomes unlawful or a required third- party platform permanently withdraws access, and will refund prepaid fees allocable to the terminated period unless Customer caused the event. Customer may terminate as expressly permitted by Section 23 for a materially adverse Terms update.
6.6 Effect of expiration or termination
When an Order Form expires or terminates, Customer’s rights to the affected Services end, and Customer must stop use and delete or return Company Confidential Information and licensed software as requested. Amounts accrued through termination remain due. If Customer terminates for Company’s uncured material breach, Company will refund prepaid fees allocable to the terminated period. If Company terminates for Customer’s breach, fees for the committed term remain due to the extent permitted by law. Company will disable affected integrations and delete or render unusable stored OAuth tokens and other active integration credentials, subject to Section 6.7.
6.7 Data after termination
Customer must export data it needs before termination. Subject to a Service’s technical capabilities and the Privacy Policy, Company may retain Commerce and payroll-accounting Service records for up to 30 days after termination to permit an orderly export, after which Company may delete them. Residual copies in disaster-recovery backups may remain until those backups expire in the ordinary course, generally within 90 days, and will remain protected and unavailable for ordinary use. Company may retain contracts, invoices, audit records, and information required for legal compliance, dispute resolution, security, or fraud prevention. Section 4.5 governs radiology content.
7. Confidentiality
7.1 Confidential Information
“Confidential Information” means non-public information disclosed by or for a party (“Discloser”) to the other (“Recipient”) that is marked confidential or that a reasonable person would understand to be confidential given its nature and the circumstances. Customer Confidential Information includes Customer Content. Company Confidential Information includes non-public software, models, security information, pricing, product plans, and Documentation. Confidential Information does not include information Recipient can document: (a) is publicly available without Recipient’s breach; (b) was lawfully known without restriction before disclosure; (c) is received lawfully from another source without a duty of confidentiality; or (d) is independently developed without use of Discloser’s Confidential Information.
7.2 Protection and permitted use
Recipient will use Confidential Information only to exercise rights or perform obligations under the Agreement. Recipient will protect it using at least reasonable care and no less care than Recipient uses for similar information of its own. Recipient may disclose it only to personnel, professional advisers, and contractors who need to know it for the Agreement and are bound by confidentiality obligations at least as protective as this Section. Recipient is responsible for their compliance.
7.3 Required disclosure
Recipient may disclose Confidential Information to the extent legally required by subpoena, court order, or government demand. Unless law prohibits it, Recipient will give Discloser prompt notice and reasonable cooperation, at Discloser’s expense, to seek protection. Recipient will disclose only the portion its counsel determines is legally required and will use reasonable efforts to obtain confidential treatment.
7.4 Equitable protection
Unauthorized use or disclosure of Confidential Information may cause harm for which money damages are inadequate. Subject to Section 18.3, Discloser may seek appropriate provisional or equitable relief without waiving any other remedy and, to the extent permitted by law, without posting bond.
8. Security and compliance cooperation
Company will maintain reasonable administrative, technical, and physical safeguards appropriate to the nature of Customer Content Company is permitted to process. No system is completely secure, and Company does not guarantee that unauthorized access or interruption will never occur. Customer is responsible for securely configuring the Services and integrations, limiting permissions and tokens, maintaining endpoint and network security, and protecting data before and after it enters a Service.
Each party will comply with laws applicable to its own performance under the Agreement. Customer is responsible for laws and professional rules applicable to its industry, Customer Content, users, products, pricing, records, and decisions. Company may reasonably cooperate with Customer’s compliance inquiry, but any audit, questionnaire, or special assessment beyond Company’s standard materials requires prior written agreement on scope, safeguards, timing, and reimbursement of reasonable costs.
9. Ownership and intellectual property
9.1 Company technology
Company and its licensors retain all right, title, and interest in the Services, software, models, algorithms, Documentation, designs, interfaces, know-how, improvements, and Usage Data, including all intellectual-property rights. Except for the limited rights expressly granted in the Agreement, no rights are granted by implication, estoppel, or otherwise.
9.2 Customer Content and Output
As between the parties, Customer retains its rights in Customer Content. To the extent Company acquires any transferable right in an Output generated specifically for Customer, Company assigns that right to Customer upon full payment of applicable fees, excluding Company technology, models, templates, general know-how, and third- party material. Output may not qualify for intellectual-property protection and may be similar or identical to output generated for others. Company does not represent that Customer can exclusively own, register, or enforce rights in any Output.
9.3 Feedback
If Customer or an Authorized User voluntarily provides suggestions, ideas, or product feedback (“Feedback”), Customer grants Company a perpetual, irrevocable, worldwide, royalty-free, transferable, sublicensable right to use and incorporate the Feedback without restriction or obligation. Feedback must not contain PHI, Customer Content, or another party’s confidential information.
9.4 Third-party material
A Service may include open-source software or third-party content governed by separate terms. Those terms control solely for that material. Company does not grant rights to third-party content beyond what its provider permits, and Customer is responsible for obtaining any rights required for material Customer introduces or elects to use.
10. Limited warranties
10.1 Mutual authority
Each party represents that it has validly entered into the Agreement and has the authority to perform its obligations.
10.2 Limited Service warranty
During a paid subscription, Company warrants that the applicable Service will perform in all material respects in accordance with its then-current Documentation when used as authorized. Customer must report a claimed breach with enough detail to reproduce it. Company’s entire obligation and Customer’s exclusive remedy for breach of this warranty is for Company to use commercially reasonable efforts to correct or reperform the affected Service; if Company cannot do so within a reasonable period, either party may terminate the affected Order Form and Company will refund prepaid fees allocable to the terminated period.
This warranty does not apply to a problem caused by Customer Content, Customer systems, unauthorized use or modification, failure to follow Documentation, a third-party service, or a free, trial, beta, preview, or evaluation feature.
11. Disclaimers
EXCEPT FOR THE EXPRESS LIMITED WARRANTIES IN SECTION 10 AND TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICES, OUTPUTS, SUPPORT, DOCUMENTATION, AND ALL FREE OR EVALUATION FEATURES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” COMPANY AND ITS LICENSORS DISCLAIM ALL EXPRESS, IMPLIED, STATUTORY, AND OTHER WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, QUIET ENJOYMENT, AND WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.
COMPANY DOES NOT WARRANT THAT A SERVICE OR OUTPUT WILL BE UNINTERRUPTED, SECURE, ERROR-FREE, COMPLETE, UNIQUE, CURRENT, REGULATORILY COMPLIANT FOR CUSTOMER’S USE, OR COMPATIBLE WITH EVERY SYSTEM; THAT DEFECTS OR DATA CONFLICTS WILL BE CORRECTED; OR THAT A SERVICE WILL ACHIEVE A PARTICULAR CLINICAL, COMMERCIAL, FINANCIAL, PAYROLL, ACCOUNTING, TAX, MARKETPLACE, OR OTHER RESULT. OUTPUT IS NOT MEDICAL, DIAGNOSTIC, PAYROLL, ACCOUNTING, TAX, INVESTMENT, OR LEGAL ADVICE.
These disclaimers apply only to the extent permitted by applicable law. Nothing in the Agreement disclaims a warranty or right that cannot lawfully be disclaimed.
12. Customer representations
Customer represents, warrants, and covenants that:
- Customer and its Authorized Users will use the Services only as authorized by the Agreement, Documentation, and applicable law;
- Customer has all rights and permissions required for Customer Content, integrations, instructions, and processing it requests;
- Customer Content will not infringe, misappropriate, or violate intellectual-property, privacy, confidentiality, publicity, or other rights;
- Customer will not submit PHI, prohibited commerce data, or prohibited employee-level payroll data and will satisfy the de-identification requirements in Section 4 before any radiology-related transmission to Company;
- Customer will maintain all licenses, professional qualifications, policies, approvals, and controls required for its business and use; and
- neither Customer nor any person controlling it is prohibited from receiving the Services under applicable sanctions or export laws.
13. Customer indemnification
Customer will defend Company, its affiliates, and their respective members, managers, officers, employees, contractors, licensors, and agents (the “Company Indemnified Parties”) from any third-party claim, demand, investigation, action, or proceeding, and will indemnify and hold them harmless from resulting damages, judgments, settlements, penalties, fines, liabilities, costs, and reasonable attorneys’ fees, to the extent arising from or relating to:
- Customer Content or an allegation that it violates a third-party right;
- Customer’s submission or exposure of PHI, shopper personal information, employee-level payroll data, payment-card data, bank credentials, or other prohibited data;
- Customer’s or an Authorized User’s unlawful, unauthorized, or prohibited use of a Service;
- a clinical, pricing, inventory, marketplace, payroll-accounting, accounting, tax, or other decision or action made by or for Customer, including reliance on an Output without required professional review;
- Customer’s products, services, patient care, professional duties, privacy notices, regulatory obligations, or third-party accounts; or
- Customer’s material breach of the Agreement.
Company will give Customer prompt notice of a covered claim, except that delay relieves Customer only to the extent materially prejudiced. Customer may control the defense with counsel reasonably acceptable to Company, and Company will reasonably cooperate at Customer’s expense. Company may participate with its own counsel at its own expense. Customer may not settle a claim without Company’s prior written consent if the settlement admits fault by, imposes obligations on, or does not unconditionally release every Company Indemnified Party. Company may assume control if Customer does not promptly defend or if a material conflict of interest exists, without relieving Customer of its obligations.
14. Limitation of liability
14.1 Excluded damages
TO THE MAXIMUM EXTENT PERMITTED BY LAW, COMPANY AND ITS AFFILIATES, LICENSORS, AND SERVICE PROVIDERS WILL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, ENHANCED, CONSEQUENTIAL, OR PUNITIVE DAMAGES; LOSS OF PROFITS, REVENUE, SALES, GOODWILL, BUSINESS, OPPORTUNITY, ANTICIPATED SAVINGS, OR USE; LOSS, CORRUPTION, OR RECONSTRUCTION OF DATA; BUSINESS INTERRUPTION; COST OF SUBSTITUTE SERVICES; OR LIABILITY TO A THIRD PARTY, EVEN IF ADVISED THAT SUCH DAMAGES WERE POSSIBLE AND REGARDLESS OF THE THEORY OF LIABILITY.
14.2 Particular excluded risks
Without limiting Section 14.1, Company is not liable for consequences of Customer’s clinical judgment, failure to review an Output, submission of prohibited data, pricing or inventory decision, marketplace action, payroll-accounting import, classification, mapping, reconciliation, or journal entry, tax or accounting treatment, credential scope, third-party service, or use outside the Agreement or Documentation.
14.3 Aggregate cap
TO THE MAXIMUM EXTENT PERMITTED BY LAW, COMPANY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THE AGREEMENT OR SERVICES WILL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY FOR THE AFFECTED SERVICE DURING THE 12 MONTHS IMMEDIATELY BEFORE THE FIRST EVENT GIVING RISE TO LIABILITY. FOR FREE, TRIAL, BETA, PREVIEW, OR EVALUATION USE, COMPANY’S TOTAL AGGREGATE LIABILITY WILL NOT EXCEED ONE HUNDRED U.S. DOLLARS ($100).
Multiple claims do not enlarge the cap. The exclusions and cap apply regardless of the legal theory and even if a remedy fails of its essential purpose. They do not limit liability that cannot lawfully be limited. The parties agree that the fees reflect this allocation of risk and that Company would not enter into the Agreement without these limitations.
15. One-year claim period
TO THE EXTENT PERMITTED BY LAW, ANY CLAIM OR CAUSE OF ACTION ARISING OUT OF OR RELATING TO THE AGREEMENT OR SERVICES MUST BE FILED WITHIN ONE YEAR AFTER IT ACCRUES; OTHERWISE, IT IS PERMANENTLY BARRED. This period does not apply where applicable law does not allow the parties to shorten the limitations period. Timely delivery of a dispute notice under Section 16 tolls this contractual period during the 30-day negotiation period.
16. Required informal dispute process
Before filing arbitration or litigation, the complaining party must give the other a written dispute notice describing the party and contact information, relevant account and Order Form, facts and legal basis, amount at issue, and requested relief. Notices to Company must be emailed to legal@cumulonimbusllc.com. Notices to Customer will be sent to its legal-notice contact in the Order Form. The parties’ executives with settlement authority will attempt in good faith to resolve the dispute for 30 days after receipt.
Neither party may commence arbitration or litigation until that period ends, except to seek provisional relief under Section 18.3 or to preserve a claim that would otherwise expire. Failure to complete this process is a defense to premature filing, and a tribunal may stay or dismiss the filing until the process is completed.
17. Binding individual arbitration
17.1 Agreement to arbitrate
EXCEPT FOR THE LIMITED MATTERS IN SECTION 18, CUSTOMER AND COMPANY AGREE THAT EVERY DISPUTE, CLAIM, OR CONTROVERSY ARISING OUT OF OR RELATING TO THE AGREEMENT, A SERVICE, THE PARTIES’ RELATIONSHIP, OR ANY COMMUNICATION BETWEEN THEM WILL BE RESOLVED BY FINAL AND BINDING ARBITRATION, NOT IN COURT. This agreement includes contract, tort, statutory, fraud, misrepresentation, privacy, security, intellectual-property, regulatory, and equitable claims, whether arising before, during, or after termination. The Federal Arbitration Act governs the interpretation and enforcement of this Section.
17.2 Rules, administrator, and arbitrator
Arbitration will be administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules and Mediation Procedures in effect when the demand is filed, except as modified by the Agreement. There will be one neutral arbitrator experienced in complex business and software disputes. If AAA is unavailable or unwilling to administer consistently with the Agreement, the parties will select another nationally recognized administrator, or a court of competent jurisdiction will appoint an arbitrator under the Federal Arbitration Act.
17.3 Authority and arbitrability
The arbitrator, and not a court, has exclusive authority to decide issues concerning the interpretation, applicability, scope, formation, and enforceability of the arbitration agreement, including a claim that all or part of it is void or voidable, except that a court will decide the enforceability of the class and representative action waiver in Section 17.5. The arbitrator may award only relief available under applicable law and consistent with the Agreement.
17.4 Seat, hearing, discovery, and award
The legal seat of arbitration is Orange County, California. The hearing may occur by secure video conference if the parties agree or the arbitrator directs after considering efficiency and fairness. Discovery will be proportionate to the needs of the dispute and may include reasonable exchange of relevant non-privileged documents. The arbitrator will issue a reasoned written award. Judgment on the award may be entered in any court with jurisdiction. Fees and costs will be allocated under the AAA rules and applicable law; the arbitrator may award attorneys’ fees only when authorized by law or an express provision of the Agreement.
17.5 Bilateral proceedings and class waiver
ARBITRATION WILL PROCEED ONLY BETWEEN CUSTOMER AND COMPANY ON AN INDIVIDUAL, BILATERAL BASIS. NEITHER PARTY MAY BRING OR PARTICIPATE IN A CLASS, COLLECTIVE, CONSOLIDATED, MASS, COORDINATED, REPRESENTATIVE, OR PRIVATE-ATTORNEY-GENERAL PROCEEDING. THE ARBITRATOR MAY NOT CONSOLIDATE CLAIMS OF DIFFERENT CUSTOMERS OR PERSONS OR AWARD RELIEF FOR OR AGAINST ANYONE OTHER THAN THE INDIVIDUAL PARTIES TO THE ARBITRATION, UNLESS ALL AFFECTED PARTIES AGREE IN WRITING AFTER THE DISPUTE ARISES.
17.6 Confidentiality
The parties will keep the arbitration, submissions, evidence, hearing, and award confidential, except as reasonably necessary to conduct the proceeding, enforce or challenge an award, comply with law, report to insurers or professional advisers bound by confidentiality, or protect a legal right.
18. Arbitration exceptions
18.1 Small claims
Either party may bring an eligible individual claim in small claims court in Orange County, California, or in the county of Customer’s principal U.S. business address. If the claim is transferred, removed, or appealed to a court of general jurisdiction, either party may require arbitration.
18.2 Intellectual-property claims
Either party may bring a court action to stop actual or threatened infringement, misappropriation, or unauthorized use of its patents, copyrights, trademarks, trade secrets, or other intellectual property. This exception does not include a dispute concerning ownership or use of Customer Content or Output unless it independently concerns such an intellectual-property right.
18.3 Provisional relief
Either party may ask a court of competent jurisdiction for temporary, preliminary, or emergency equitable relief needed to preserve the status quo, protect Confidential Information, prevent unauthorized system access, or avoid imminent irreparable harm while arbitration is pending. Seeking that relief does not waive arbitration of the merits.
18.4 Non-arbitrable matters
A claim that applicable law expressly prohibits from being arbitrated may proceed in court only to that extent. All arbitrable claims remain subject to Section 17 and, where practicable, will proceed first.
19. Jury and class-action waivers
TO THE MAXIMUM EXTENT PERMITTED BY LAW, FOR ANY DISPUTE THAT PROCEEDS IN COURT, CUSTOMER AND COMPANY KNOWINGLY AND VOLUNTARILY WAIVE ANY RIGHT TO A TRIAL BY JURY. EACH PARTY ALSO WAIVES ANY RIGHT TO BRING, JOIN, OR PARTICIPATE IN A CLASS, COLLECTIVE, CONSOLIDATED, MASS, COORDINATED, REPRESENTATIVE, OR PRIVATE-ATTORNEY-GENERAL ACTION.
If a final decision holds a particular part of the class or representative waiver unenforceable for a particular claim or remedy, that claim or remedy will be severed and may proceed in court after all arbitrable matters are completed. The remainder of the waiver and arbitration agreement will remain effective to the fullest extent permitted by law.
20. Governing law and courts
The Federal Arbitration Act governs Sections 16 through 19. Otherwise, California law governs the Agreement and all disputes, without regard to conflict-of-law principles. The United Nations Convention on Contracts for the International Sale of Goods and any law adopting the Uniform Computer Information Transactions Act do not apply.
For any court proceeding permitted by the Agreement, each party irrevocably submits to the exclusive jurisdiction and venue of the state courts located in Orange County, California, and the United States District Court with jurisdiction over Orange County, except that a judgment or arbitration award may be enforced in any court with jurisdiction. Each party waives objections based on venue or inconvenient forum to the extent permitted by law.
21. Notices
Legal notices to Company must be sent to legal@cumulonimbusllc.com. Legal notices to Customer will be sent to the legal-notice email in the Order Form and may also be sent to Customer’s primary administrator. A notice is effective on confirmed receipt; an automated delivery confirmation does not by itself establish receipt. A party must promptly update its notice contact. Operational messages, support tickets, invoices, and product notices may be delivered through the Service or ordinary account contacts and are not legal notices unless the Agreement expressly says otherwise. This Section does not alter legal requirements for service of process.
22. General terms
22.1 Assignment
Customer may not assign or transfer the Agreement, an Order Form, or any right under them, by operation of law or otherwise, without Company’s prior written consent. Any prohibited assignment is void. Company may assign the Agreement in connection with a merger, reorganization, financing, sale of substantially all relevant assets, or transfer to an affiliate, provided the assignee assumes Company’s material obligations. Subject to the foregoing, the Agreement binds and benefits the parties and their permitted successors and assigns.
22.2 Force majeure
Neither party is liable for delay or failure caused by events beyond its reasonable control, including natural disaster, fire, epidemic, war, terrorism, civil disorder, labor disruption, government action, utility or telecommunications failure, cyberattack not caused by its failure to use reasonable safeguards, or third-party platform or cloud failure. This Section does not excuse payment obligations. The affected party will use reasonable efforts to mitigate and resume performance.
22.3 Export controls and sanctions
Customer will comply with U.S. export-control, import, and economic- sanctions laws. Customer will not export, re-export, transfer, or permit access to a Service in a prohibited country or region, by a prohibited person, or for a prohibited end use. Customer is responsible for obtaining required government authorizations.
22.4 Anti-corruption
Each party will comply with applicable anti-bribery and anti-corruption laws and will not offer, promise, authorize, or accept an improper payment or thing of value in connection with the Agreement.
22.5 U.S. Government users
The Services are commercial products developed exclusively at private expense. If Customer is a U.S. Government entity, its rights are limited to those expressly granted in the Agreement, consistent with applicable procurement law. No government-specific right is granted unless stated in an Order Form signed by Company.
22.6 Independent contractors; no fiduciary relationship
The parties are independent contractors. The Agreement does not create a partnership, joint venture, agency, employment, fiduciary, franchise, or exclusive relationship. Neither party may bind the other. Customer retains sole control over and responsibility for its professional, clinical, commercial, and financial decisions.
22.7 No third-party beneficiaries
The Agreement benefits only the parties and their permitted successors and assigns. It does not create rights for any Authorized User, patient, shopper, marketplace, integration provider, or other third party.
22.8 Waiver and remedies
A waiver must be in writing and signed by the waiving party. Failure or delay to exercise a right is not a waiver. Except where the Agreement states an exclusive remedy, rights and remedies are cumulative.
22.9 Severability and reformation
Except as provided in Section 19, if a provision is held illegal, invalid, or unenforceable, it will be enforced to the maximum lawful extent and modified only as much as necessary to make it enforceable. If modification is not permitted, it will be severed. The remaining provisions remain in effect.
22.10 Entire agreement
The Agreement is the complete agreement about its subject matter and supersedes prior or contemporaneous proposals, statements, understandings, and agreements about that subject matter. Customer acknowledges that it has not relied on a statement not expressly included in the Agreement. An Order Form may be executed in counterparts and by electronic signature, each of which is deemed an original.
22.11 Interpretation
Headings are for convenience. “Including” means “including without limitation.” “Or” is inclusive. A reference to law includes its amendments and successor provisions. The parties have participated in negotiating the Agreement, so no presumption will apply against a drafter. If a translation is provided, the English version controls to the extent permitted by law.
23. Changes to these Terms
Company may update these Terms prospectively to reflect changes in law, security needs, or the Services. Each version will state its effective date and version identifier. A change does not apply retroactively to conduct or a dispute arising before its effective date.
For a material change affecting an active paid subscription, Company will give Customer’s administrator at least 30 days’ notice and will require affirmative acceptance or make the change effective at the next renewal, as specified in the notice. If a change during a current term materially and adversely reduces Customer’s contractual rights, Customer may reject it by notifying Company before its effective date and terminate the affected Service; Company will refund prepaid fees allocable to the terminated period. This termination right does not apply to a change reasonably required by law, security, safety, or a third-party platform on which the Service depends. Continued use alone will not make a material change retroactive.
24. Survival
Provisions that by their nature should survive expiration or termination will survive, including payment obligations; use restrictions; confidentiality; ownership; disclaimers; indemnification; limitations of liability; claim periods; dispute resolution; notices; and general terms.
25. Contact
Questions about these Terms, legal notices, and notices of suspected accidental PHI should be sent to legal@cumulonimbusllc.com. Do not include PHI, shopper personal information, employee-level payroll information, credentials, or other sensitive Customer Content in an email notice.