Compliance & Data Security / FAQs

Last Updated: November 13, 2023

What is Nurse-1-1?

Nurse-1-1 is a service owned and operated by VideWell, Inc., a technology company providing a platform on which users can chat with (a) a Health Expert for informational purposes only and/or (b) Agents of Nurse-1-1 Customers, if applicable. The Nurse-1-1 platform can be accessed via the Nurse-1-1 Website, Widget, or Apps, as well as via Customer websites and apps where the Widget is installed.

Where is your data processed and stored?

Third Party Sub-Processor	Purpose	Applicable Service	Data Access
Amazon Web Services, Inc	Hosting & Infrastructure	Used as a on-demand cloud computing platforms and Data hosting provider	Customer & Encrypted End-User Data
Pusher Ltd.	Conversation & Chat Functionality	Used to support conversations/chat features in the Nurse-1-1 product	Encrypted Customer & End-User Data
MailChimp	Email Functionality	Used for email	Customer & End-User Data
Sendgrid	Email Functionality	Used for email	Customer & End-User Data
Google LLC	Corporate use of Google’s GSuite services that include collaborative productivity apps, corporate email, shared calendars, online document editing and storage.	Used for internal operations and limited client communications and collaboration	Customer Data
Hubspot	CRM	Used for all Customer CRM functionality	Customer Data
Mixpanel, Inc.	User Analytics	Used to provide analytics data regarding users’ interactions with our Site and Services. User data processed by Mixpanel, Inc. is retained for the duration set forth in the user’s (or its organization’s) agreement with Nurse-1-1.	Customer & End-User Data

How long do you keep a consumer/patient’s data?

We store personal information for as long as the information is required to fulfill our legitimate business needs or the purposes for which the information was collected. Additionally, we store personal information for as long as is required to resolve disputes or as long as required by applicable law.

Users may also access settings within the Apps to stop sharing certain information with us. In addition, they may opt out at any time by emailing us at privacy@nurse-1-1.com though we are not able to change settings within their personal devices.

Users can review and change their personal information by logging into the Service and visiting their account profile page. Users may also send us an email at privacy@nurse-1-1.com to request access to, correct or delete any personal information that they have provided to us.

When personal information is deleted, the user’s account is also deleted. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

What is your privacy policy?

Nurse-1-1’s privacy policy can be found at https://legal.nurse-1-1.com/legal/privacy-policy.

Users are also prompted to accept this privacy policy as the first step to initiating a live chat within the Nurse-1-1 live chat.

What are your terms of service?

Nurse-1-1’s terms of service can be found at https://legal.nurse-1-1.com/legal/terms-of-service.

Users are also prompted to accept the terms of service as the first step to initiating a live chat within the Nurse-1-1 live chat.

Nurse-1-1 is committed to protecting the privacy and personal data of its users, and as such, it fully complies with the General Data Protection Regulation (GDPR). The GDPR sets strict standards for the collection, storage, and processing of personal information, ensuring transparency, security, and control for individuals.

Nurse-1-1 adheres to the key principles of the GDPR, including the lawful and fair processing of data, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. We only collect and process personal data that is necessary to provide our services effectively and to address users’ healthcare inquiries.

Our data protection practices prioritize user consent and control. We obtain explicit consent from users before collecting any personal information, and users have the right to access, rectify, and delete their data at any time. We implement robust security measures to safeguard personal data, preventing unauthorized access, loss, or disclosure.

Nurse-1-1 does not share personal data with third parties without explicit consent, except where required by law or to fulfill our contractual obligations. When utilizing data processors or service providers, we ensure they meet the necessary GDPR requirements and maintain the same high standards of data protection.

We are committed to keeping our users informed about how their data is handled through clear and concise privacy policies and transparent communication channels. Our privacy practices are regularly reviewed and updated to maintain compliance with evolving data protection regulations.

By upholding the GDPR’s principles, Nurse-1-1 strives to create a trusted and secure environment for users seeking healthcare information and support, ensuring the confidentiality and privacy of their personal data at all times.

Are you compliant with CCPA?

Yes. According to CalOPPA we agree to the following:

Users can visit our site anonymously.
Our Privacy Policy link includes the word ‘Privacy’ and can be easily be found at https://legal.nurse-1-1.com/legal/privacy-policy.
The privacy policy states exactly the information being collected and those individuals with whom it is being shared.
Users can access and check whether there are any privacy policy changes on our Privacy Policy Page.
If users email us at and request the latest privacy policy, a copy will be emailed.

COPPA (Children Online Privacy Protection Act)?

We do not knowingly collect or maintain personal information from persons under 18 years of age, and no part of the Service is directed at persons under 18. If you are under 18 years of age, then please do not use the Service. If we learn that personal information of persons less than 18 years of age has been collected without verifiable parental consent, then we will take the appropriate steps to delete this information. To make such a request, please contact us at privacy@nurse-1-1.com.

Are you HIPAA compliant?

Although we are not a business entity covered by the Health Insurance and Portability and Accountability Act of 1996 (“HIPAA”), we ensure all our processes meet HIPAA standards and best practices.

How do you log and monitor access to user chats and encrypted ePHI?

All ePHI data is encrypted in transit, end to end, and at rest using AES 256 CBC encryption.
Access to chats result in logs to the Nurse-1-1 PHI Access logs. Prior to access, the viewer will need to enter their login information (username and password) and provide a reason for accessing the given chat.
PHI access logs are accessible to Customers in their Nurse-1-1 dashboard. Accessing the PHI access logs also results in logs to the Nurse-1-1 PHI Access logs.
At this time, PHI access logs of usernames are not encrypted, however, the logs do not include any ePHI.
Access to recordings of interactions with Users is limited only to Customer’s agents, Nurse-1-1 auditors, the Health Experts who have been given proper authorization and undergone training, and the Nurse-1-1 Security Team.
Once the viewer of ePHI data has logged in and logged their reasoning to the Nurse-1-1 PHI Access logs, encrypted PHI will be decrypted during the viewer’s audit session.

How do you audit or monitor chats?

Customers of Nurse-1-1 can create and audit chats based on their own audit policies. Capabilities for customers to audit any of their users’ chats is provided to customers via the Nurse-1-1 dashboard.
Nurse-1-1 offers Nurse-1-1 audit capabilities and services. Led by our Chief Nurse Practitioner, these services allow Nurse-1-1 to monitor and audit patient chats.
Nurse-1-1 will routinely access chats to review for:
- Ensuring the agent is making a personal connection with users, listening, engaging, and understanding the user.
- Information provided by the agent to users for accuracy and appropriate information provided, within the required guardrails.
- Use of the consistent, pre-approved recommendations (Navigational Recommendations) for any information provided to the user about medications, side effects, benefits, etc.
Once a review is conducted, Nurse-1-1 provides feedback to the agents for each review to help correct any infractions or to highlight excellent work done by the agent.
If a Nurse-1-1 Health Expert does not follow their training or does not use the pre-approved recommendations when recommending next steps, or providing suggestions or advice, Nurse-1-1 will remove the health expert from the platform. This is done on a case by case basis.

Is there a disclaimer given to the consumer/patient about not providing medical advice to the consumer/patient?

The following disclaimer is delivered to consumers/patients within the accepted Terms of Service and may also be presented to the consumer/patient at the beginning of a live chat:

Nurse-1-1 does not provide medical advice or treatment and is not a healthcare provider. The content is not intended to be a substitute for professional medical advice, diagnosis or treatment. By using the services, end users expressly agree that no patient-provider relationship of any kind is established between you and nurse-1-1 based on your interactions with health experts or any other use of the services. Health experts contacted using the nurse-1-1 services do not take the place of your physician or other qualified healthcare provider and you should continue to schedule regular and ongoing visits with your primary care physician (“pcp”). For questions or concerns about your medical care or treatment, you should contact your pcp or another qualified healthcare professional instead of using the services. If you are in need of immediate medical attention, please contact a healthcare professional or emergency services (such as 911). Never disregard professional medical advice or delay in seeking it because of your use of the services.

How is Important Safety Information delivered to the patient/consumer?

Important Safety Information is customized and delivered to the patient immediately upon opening the chat widget. ISI is placed at the top of the chat widget, below the medication name and above important informational links, such as Prescribing Information and Medication Guides.

What information is given through consistent, pre-approved Navigational Recommendation messaging?

Nurse-1-1 Navigational Recommendations play a crucial role in ensuring consistent and compliant information is provided to consumers/patients regarding the Prescribing Information. These recommendations encompass a wide range of critical details, including indications, dosage, contraindications, drug interactions, common side effects, and important safety information. By incorporating these guidelines, the Nurse-1-1 Live Nurse Chat platform not only enables adherence to FDA guardrails but also facilitates the swift delivery of accurate, compliant, and consistent messaging to users, promoting patient safety and informed decision-making.

Navigational Recommendations offer a powerful tool to create custom recommendations that can enhance influence, prompt patient action, and lead to positive outcomes. By leveraging these recommendations, teams can develop and review prebuilt call-to-action messages, saving time on repetitive tasks and ensuring compliance while driving patient engagement. The ability to personalize patient and provider support through tailored messaging enables a more effective influence on patients’ decision-making processes, guiding them towards desired outcomes.

How is other important information or documents delivered to the patient/consumer?

In addition to ensuring compliance, Nurse-1-1 Navigational Recommendations serve as a valuable resource for providing pre-approved content to consumers/patients in a fast and efficient manner. The live nurse within the chat can quickly deliver marketing and educational materials that have been created and approved by the Medical, Legal, and Regulatory (MLR/PRB) departments. This includes a wide range of important information and materials such as doctor discussion guides, patient brochures, copay card savings program details, patient advocacy group information, symptom checklists, and more. By leveraging these pre-approved resources, Nurse-1-1 enhances the patient experience by delivering accurate and relevant information, empowering patients with the knowledge they need to make informed decisions about their healthcare.

Follow-Up Email Campaigns

Nurse-1-1 Follow-Up Campaigns play a vital role in engaging consumers/patients after the live chat has ended. These campaigns nurture patients by triggering automated follow-ups that are relevant to their conversations, ensuring a continued connection throughout their healthcare journey. By staying close to the patient journey beyond the chat session, Nurse-1-1 can continue to influence positive outcomes and encourage next best actions based on the provided Navigational Recommendations. Additionally, these campaigns collect valuable data that can be used for gap analysis and opportunity discovery, allowing for continuous improvement in patient engagement, activation and support.

Data Reporting

Nurse-1-1 provides clients with aggregate reporting and market insights to make smarter campaign decisions. Get actionable insights about your patients. Data-driven analytics provide metrics on patient interactions so you can understand how best to engage the market and further improve medication adherence, patient support and overall revenue. Aggregate, de-identified data is delivered to our clients on a consistent basis. Aggregate data can no longer be associated or relinked with any particular individual.

Nurse-1-1 Customer Terms of Service

Last Updated: November 13, 2023

Our Customer Terms of Service (this “Agreement”) is a binding contract between Videwell Inc. d/b/a Nurse-1-1, a Delaware corporation with an address of 101 Middlesex Tpke, Ste 6 PMB 369, Burlington, MA 01803-4914 (“we,” “us,” “our,” or “Nurse-1-1”) and you (“Customer,” “you,” or “your”). Nurse-1-1 and Customer may be referred to herein collectively as the “Parties” or individually as a “Party.” This Agreement governs your use of the Services and the Free Services, as applicable, and consists of the terms set forth below and the following, all of which are incorporated into and made a part of this Agreement by this reference:

● Nurse-1-1 Terms: These govern use of the Services by Customer, Authorized Users and End-Users. They are available at: https://legal.nurse-1-1.com/legal/terms-of-service.

● Data Processing Agreement (DPA): This explains how we process your personal data and is available at: https://legal.nurse-1-1.com/legal/data-processing-agreement.

● Privacy Policy: This explains the type of information we may collect from you, or that you may provide to us, and how we may use it. It is available at: https://legal.nurse-1-1.com/legal/privacy-policy.

THIS AGREEMENT TAKES EFFECT WHEN YOU CLICK THE “I ACCEPT” BUTTON BELOW OR BY ACCESSING OR USING THE SERVICES (the “Effective Date”). BY CLICKING ON THE “I ACCEPT” BUTTON BELOW OR BY ACCESSING OR USING THE SERVICES YOU (A) ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT; (B) REPRESENT AND WARRANT THAT YOU HAVE THE RIGHT, POWER, AND AUTHORITY TO ENTER INTO THIS AGREEMENT AND, IF ENTERING INTO THIS AGREEMENT FOR AN ORGANIZATION, THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ORGANIZATION; AND (C) ACCEPT THIS AGREEMENT AND AGREE THAT YOU ARE LEGALLY BOUND BY ITS TERMS.

IF YOU DO NOT AGREE TO THESE TERMS, PLEASE SELECT THE “I DECLINE” BUTTON BELOW AND CEASE ALL USE OF THE SERVICES. IF YOU DO NOT ACCEPT THESE TERMS, YOU MAY NOT ACCESS OR USE THE SERVICES.

Definitions.

1.1. “Aggregated Statistics” means data and information related to Customer’s, Authorized Users’, and End-Users’ use of the Services that is used by Nurse-1-1 in an aggregate and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services.

1.2. “Authorized Users” means solely those named user(s) in the Nurse-1-1 Platform who are permitted by the Customer to use and operate the Services for or on behalf of the Customer.

1.3. “Billing Period” means the period for which Customer agrees to prepay fees under an Order Form. This may be the same length as the Subscription Term specified in the Order Form, or it may be shorter. For example, if Customer subscribes to a Service for a one (1) year Subscription Term, with a twelve (12) month upfront payment, the Billing Period will be twelve (12) months.

1.4. “Customer Data” means information, data, and other content, in any form or medium, that is provided by or on behalf of Customer to Nurse-1-1 in connection with or through the Services but does not include Aggregated Statistics or End-User Data.

1.5. “Customer Address” means the Customer location defined in the Order Form

1.6. “Customer Name” means the Customer name defined in the Order Form

1.7. “Customer Website” means the Customer website defined in the Order Form

1.8. “Documentation” means Nurse-1-1’s user manuals, handbooks, and guides relating to the Services provided by Nurse-1-1 to Customer either electronically or in hard copy form/end user documentation relating to the Services.

1.9. “End-User Data” means data, information (including but not limited to Personal Data) and any material, content, phrases, entries uploaded to or created in the Services or transmitted through or stored in the Services (collectively “Input”) by any End-User, or otherwise made available, by or for Customer to End-Users through the Services.

1.10. “End-Users” mean customers or patients of the Customer.

1.11. “Fees” means the fees for the Service(s) payable to Nurse-1-1 under this Agreement and any Order Form.

1.12. “Free Services” means the Services or other products or features made available by Nurse-1-1 to Customer on an unpaid trial or free basis such as our basic package.

1.13. “Health Experts” means nurse practitioners, registered nurses, physician assistants, and other healthcare professionals made available by Nurse-1-1 via the Nurse-1-1 Platform.

1.14. “Nurse-1-1 IP” means the Services, the Documentation, and any and all intellectual property provided to Customer in connection with the foregoing. For the avoidance of doubt, Nurse-1-1 IP includes Aggregated Statistics, all data input to the Nurse-1-1 Platform by Customer End Users, and any information, data, or other content derived from Nurse-1-1’s monitoring of Customer’s access to or use of the Services, but does not include Customer Data.

1.15. “Nurse-1-1 Platform” means Nurse-1-1’s proprietary software platform.

1.16. “Order Form” means any applicable ordering document submitted by or on behalf of Customer and accepted by Nurse-1-1 that specifies mutually agreed upon rates for certain Services and other commercial terms. Each Order Form executed by the parties is governed by this Agreement and incorporated into this Agreement by this reference.

1.17. “Personal Data” means any information relating to an identified or identifiable natural person under the Customer’s account, who can be identified, directly or indirectly.

1.18. “Services” means the software-as-a-service offering described in an Order Form.

1.19. “Subscription Fee” means the amount Customer pays for the Services.

1.20. “Subscription Term” means the initial term of Customer’s subscription to the applicable Services, as specified on Customer’s Order Form(s), and each subsequent renewal term (if any). For Free Services, the Subscription Term will be the period during which you have an account to access the Free Services.

1.21. “Third-Party Products” means any third-party products that are provided by third parties which interoperate with or are used in connection with the Services, provided with or incorporated into the Services.

2. Access and Use.

2.1. Provision of Access. Nurse-1-1 hereby grants Customer a non-exclusive, non-sublicensable, non-transferable (except in compliance with Section 12.7) license to access and use the Services during the Subscription Term, solely for use in accordance with, and subject to, the terms and conditions of this Agreement. Customer’s license to the Services provided hereunder expressly includes the right to embed the Nurse-1-1 Platform on its own Customer Website , mobile application, and other Customer-owned web properties (collectively, the “Customer Properties”), for the purpose of making the Nurse-1-1 Platform available for End-Users of such Customer Properties. The Customer Properties shall include co-branded pages with Nurse-1-1, which shall be approved in writing by Nurse-1-1 before deployment.

2.2. Documentation License. Subject to the terms and conditions contained in this Agreement, Nurse-1-1 hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable (except in compliance with Section 12.7) license to use the Documentation during the Subscription Term solely for Customer’s internal business purposes in connection with its use of the Services.

2.3. Use Restrictions. Customer shall not use the Services or the Documentation for any purposes beyond the scope of the access granted in this Agreement. Customer shall not at any time, directly or indirectly, and shall not permit any of its employees, consultants or agents to: (a) copy, modify, or create derivative works of the Services or Documentation, in whole or in part; (b) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the Services or Documentation; (c) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Services, in whole or in part; (d) remove any proprietary notices from the Services or Documentation; or (e) use the Services or Documentation in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right or other right of any person, or that violates any applicable law.

2.4. Nurse-1-1 Health Experts. Health Experts engaged by Nurse-1-1 shall be made available by Nurse-1-1 to chat with End-Users on the Nurse-1-1 Platform in accordance with the Nurse-1-1 Terms and the service level agreement set forth in the Order Form.

2.5. Reservation of Rights. Nurse-1-1 reserves all rights not expressly granted to Customer in this Agreement. Except for the limited rights and licenses expressly granted under this Agreement, nothing in this Agreement grants, by implication, waiver, estoppel, or otherwise, to Customer or any third party any intellectual property rights or other right, title, or interest in or to the Nurse-1-1 IP.

2.6. Authorization and consent. The Customer is solely responsible to obtain the authorizations, licenses and consents, if and as required by any applicable law, to make the Services available to End-Users. When the Customer provides any Customer Data or End-User Data to Nurse-1-1, the Customer (regardless of whether such Customer Data or End-User Data comes from the Customer or an administrator operating on behalf of the Customer or the End-User) represents and warrants that the Customer has full authority to provide Nurse-1-1 with such Customer Data or End-User Data.

2.7. Access. The Customer understands and has become familiar with the technical requirements necessary to access and use the Nurse-1-1 Platform and has no objections in respect thereof. The Customer is aware of risks and threats connected with electronic data transmission.

2.8. Suspension. Notwithstanding anything to the contrary in this Agreement, Nurse-1-1 may temporarily suspend Customer’s and any Authorized User’s or End-User’s access to any portion or all of the Services if: (i) Nurse-1-1 reasonably determines that (a) there is a threat or attack on any of the Nurse-1-1 IP; (b) Customer’s or any Authorized User’s or End-User’s use of the Nurse-1-1 IP disrupts or poses a security risk to the Nurse-1-1 IP or to any other customer or vendor of Nurse-1-1; (c) Customer, or any Authorized User or End-User, is using the Nurse-1-1 IP for fraudulent or illegal activities; (d) subject to applicable law, Customer has ceased to continue its business in the ordinary course, made an assignment for the benefit of creditors or similar disposition of its assets, or become the subject of any bankruptcy, reorganization, liquidation, dissolution, or similar proceeding; or (e) Nurse-1-1’s provision of the Services to Customer or any Authorized User or End-User is prohibited by applicable law; or (ii) in accordance with Section 5.1 (any such suspension described in subclause (i) or (ii), a “Service Suspension”). If practical under the circumstances, which Nurse-1-1 may determine in its sole discretion, Nurse-1-1 shall provide at least ten (10) days’ prior written notice of any Service Suspension to Customer and shall provide updates regarding resumption of access to the Services following any Service Suspension. Nurse-1-1 shall resume providing access to the Services as soon as reasonably possible after the event giving rise to the Service Suspension is cured to Nurse-1-1’s satisfaction, which it may determine in its sole discretion. Nurse-1-1 will have no liability to Customer for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized User End-User may incur as a result of a Service Suspension.

2.9. Aggregated Statistics. Notwithstanding anything to the contrary in this Agreement, Nurse-1-1 may monitor Customer’s use of the Services and collect and compile Aggregated Statistics. All right, title, and interest in Aggregated Statistics, and all intellectual property rights therein, belong to and are retained by Nurse-1-1. Nurse-1-1 agrees to provide access to the Aggregated Statistics to Customer as requested but in no event more frequently than weekly. Customer acknowledges that Nurse-1-1 may compile Aggregated Statistics based on Customer Data input into the Services. Customer agrees that Nurse-1-1 may (i) make Aggregated Statistics publicly available in compliance with applicable law, and (ii) use Aggregated Statistics to the extent and in the manner permitted under applicable law.

3. Customer Responsibilities.

3.1. General. Customer is responsible for all acts and omissions of its employees, consultants and agents, and any act or omission by any such person that would constitute a breach of this Agreement if taken by Customer will be deemed a breach of this Agreement by Customer. Customer shall use reasonable efforts to make all employees, consultants and agents aware of this Agreement’s provisions as applicable to such employees, consultants and agents duties in connection with this Agreement, and shall cause such employees, consultants and agents to comply with such provisions.

3.2. Third-Party Products. Nurse-1-1 may from time to time make Third-Party Products available to Customer. For purposes of this Agreement, such Third-Party Products are subject to their own terms and conditions and the applicable flow through provisions referred to in the Order Form, as amended from time to time. If Customer does not agree to abide by the applicable terms for any such Third-Party Products, then Customer should not install or use such Third-Party Products.

4. Service Levels; Support and Training.

4.1. Service Levels. Subject to the terms and conditions of this Agreement, Nurse-1-1 shall use commercially reasonable efforts to make the Services available at the service levels set forth in the applicable Order Form. Nurse-1-1 warrants that the Services shall operate substantially in conformance with the Documentation in all material respects.

4.2. Support. Nurse-1-1 agrees to use its commercially reasonable efforts to cooperate with Customer in resolving any failure of the Services to operate correctly and in accordance with the Documentation. Support access and turn around times are defined in the Order Form(s) for specific Services provided by Nurse-1-1.

5. Fees and Payment.

5.1. Fees. Customer shall pay Nurse-1-1 the Fees as set forth in an Order Form. Customer shall make all payments hereunder in US dollars on or before the due date set forth in the Order Form. If Customer fails to make any payment when due, without limiting Nurse-1-1’s other rights and remedies: (a) Nurse-1-1 may charge interest on the past due amount at the rate of 1% per month calculated daily and compounded monthly or, if lower, the highest rate permitted under applicable law; and (b) Nurse-1-1 may suspend Customer’s and its Authorized Users’ and End-Users’ access to any portion or all of the Services until such amounts are paid in full.

5.2. Fee Adjustments. The Fee will remain fixed during the initial term of Customer’s subscription unless: (a) the Customer exceeds monthly chat amounts as defined in the Order Form(s); (b) the Customer upgrades products or base packages; (c) Customer subscribes to additional features or products, including additional monthly chats; or (d) otherwise agreed to in the Customer’s Order Form. Nurse-1-1 may also choose to decrease the Fees upon written notice to the Customer.

5.3. Fee Adjustments at Renewal. Upon renewal of the Subscription Term, Nurse-1-1 may increase the Fees up to then-current list price. If this increase applies to the Customer, Nurse-1-1 will notify the Customer in writing at least thirty (30) days in advance of the Customer’s renewal and the increased Fees will apply at the start of the next renewal Subscription Term. If the Customer does not agree to this increase, either party can choose to terminate the Customer’s subscription at the end of the Customer’s then-current Subscription Term by giving the notice required in the ‘Notice of Non-Renewal’ section below.

5.4. Payment of Fees. If the Customer is paying by credit card, the Customer authorizes Nurse-1-1 to charge the Customer’s authorized payment method for all fees payable during the Subscription Term. The Customer further authorizes Nurse-1-1 to use a third party to process payments, and consent to the disclosure of the Customer’s payment information to such third party.

5.5. Payment against invoice. If the Customer is paying by invoice, Nurse-1-1 will invoice the Customer no more than forty-five (45) days before the beginning of the Subscription Term and each subsequent Billing Period, and other times during the Subscription Term when fees are payable. All amounts invoiced are due and payable within thirty (30) days from the date of the invoice, unless otherwise specified in the Order Form.

5.6. Payment Information. The Customer will keep the Customer’s authorized payment method, contact information, billing information up to date for the payment of incurred and recurring fees, as applicable. Changes may be made by contacting sales@nurse-1-1.com. The Customer authorizes Nurse-1-1 to continue to charge the Customer’s authorized payment method for applicable Fees during the Customer’s Subscription Term and until any and all outstanding Fees have been paid in full. All payment obligations are non-cancelable and all amounts paid are non-refundable, except as specifically provided for in this Agreement. All fees are due and payable in advance throughout the Subscription Term.

5.7. Suspension and Termination of Free Services. Nurse-1-1 may suspend, limit, or terminate the Free Services for any reason at any time without notice. Without limiting the generality of the foregoing sentence, Nurse-1-1 may terminate Customer’s subscription to the Free Services due to Customer’s inactivity.

5.8. Taxes. All Fees and other amounts payable by Customer under this Agreement are exclusive of taxes and similar assessments. Customer is responsible for all sales, use, and excise taxes, and any other similar taxes, duties, and charges of any kind imposed by any federal, state, or local governmental or regulatory authority on any amounts payable by Customer hereunder, other than any taxes imposed on Nurse-1-1’s net income, capital gains, or employee withholdings. In the event Customer is exempt under applicable law from the payment of any applicable taxes, Customer must deliver to Nurse-1-1 a copy of Customer’s current and valid tax-exemption certificate or other evidence satisfactory to Nurse-1-1 of Customer’s exemption.

6. Confidential Information. From time to time during the Term, either Party may disclose or make available to the other Party information about its business affairs, products, confidential intellectual property, trade secrets, third-party confidential information, and other sensitive or proprietary information, whether orally or in written, electronic, or other form or media/in written or electronic form or media, and whether or not marked, designated or otherwise identified as “confidential” (collectively, “Confidential Information”). Confidential Information does not include information that, at the time of disclosure is: (a) in the public domain; (b) known to the receiving Party at the time of disclosure; (c) rightfully obtained by the receiving Party on a non-confidential basis from a third party; or (d) independently developed by the receiving Party. The receiving Party shall not disclose the disclosing Party’s Confidential Information to any person or entity, except to the receiving Party’s employees who have a need to know the Confidential Information for the receiving Party to exercise its rights or perform its obligations hereunder. Notwithstanding the foregoing, each Party may disclose Confidential Information to the limited extent required (i) in order to comply with the order of a court or other governmental body, or as otherwise necessary to comply with applicable law, provided that the Party making the disclosure pursuant to the order shall first have given written notice to the other Party and made a reasonable effort to obtain a protective order; or (ii) to establish a Party’s rights under this Agreement, including to make required court filings. On the expiration or termination of the Agreement, the receiving Party shall promptly return to the disclosing Party all copies, whether in written, electronic, or other form or media, of the disclosing Party’s Confidential Information, or destroy all such copies and certify in writing to the disclosing Party that such Confidential Information has been destroyed. Each Party’s obligations of non-disclosure with regard to Confidential Information are effective as of the Effective Date and will expire five (5) years from the date first disclosed to the receiving Party; provided, however, with respect to any Confidential Information that constitutes a trade secret (as determined under applicable law), such obligations of non-disclosure will survive the termination or expiration of this Agreement for as long as such Confidential Information remains subject to trade secret protection under applicable law.

7. Intellectual Property Ownership; Feedback.

7.1. Nurse-1-1 IP. Customer acknowledges that, as between Customer and Nurse-1-1, Nurse-1-1 owns all right, title, and interest, including all intellectual property rights, in and to the Nurse-1-1 IP and, with respect to Third-Party Products, the applicable third-party owns all right, title, and interest, including all intellectual property rights, in and to the Third-Party Products.

7.2. Customer Data. Nurse-1-1 acknowledges that, as between Nurse-1-1 and Customer, Customer owns all right, title, and interest, including all intellectual property rights, in and to the Customer Data. Customer hereby grants to Nurse-1-1 a non-exclusive, royalty-free, worldwide license to reproduce, distribute, and otherwise use and display the Customer Data and perform all acts with respect to the Customer Data as may be necessary for Nurse-1-1 to provide the Services to Customer, and a non-exclusive, perpetual, irrevocable, royalty-free, worldwide license to reproduce, distribute, modify, and otherwise use and display Customer Data incorporated within the Aggregated Statistics, provided that such uses do not identify Customer.

7.3. Feedback. If either Party or any of its employees or contractors or patients sends or transmits any communications or materials to the other Party by mail, email, telephone, or otherwise, suggesting or recommending changes to the Nurse-1-1 IP or the Customer Properties (respectively), including without limitation, new features or functionality relating thereto, or any comments, questions, suggestions, or the like (“Feedback”), the receiving Party is free to use such Feedback irrespective of any other obligation or limitation between the Parties governing such Feedback. Each Party hereby assigns to the other Party, and on behalf of its employees, contractors and/or agents, all right, title, and interest in, and the receiving Party is free to use, without any attribution or compensation to any party, any ideas, know-how, concepts, techniques, or other intellectual property rights contained in the Feedback, for any purpose whatsoever, although such Party is not required to use any Feedback.

7.4. Trademark License.

7.4.1. Nurse-1-1 Marks. Nurse-1-1 hereby grants to Customer a limited, non-exclusive, non-sublicensable, non-transferable, revocable, royalty-free, worldwide right and license to use Nurse-1-1’s brands, trademarks, service marks, logos and trade names provided to Customer by Nurse-1-1 (collectively, the “Nurse-1-1 Marks”) solely in connection with fulfilling Customer’s obligations under this Agreement. All use of the Nurse-1-1 Marks by Customer will inure to the benefit of Nurse-1-1 and strictly comply with such reasonable usage guidelines as Nurse-1-1 may specify in writing from time to time. Nurse-1-1 will have the right from time to time to specify amended or additional usage guidelines in writing with respect to the Nurse-1-1 Marks, and all uses by Customer of Nurse-1-1 Marks will be subject to any such guidelines upon receipt thereof.

7.4.2. Customer Marks. Customer hereby grants to Nurse-1-1 a perpetual, non-exclusive, non-transferable, revocable, royalty-free, worldwide right and license to use Customer’s brands, trademarks, service marks, logos and trade names provided to Nurse-1-1 by Customer (collectively, the “Customer Marks”) in connection with fulfilling Nurse-1-1’s obligations under this Agreement; provided that such use is in strict compliance with Customer’s reasonable usage guidelines as Customer may specify in writing from time to time. Customer hereby permits Nurse-1-1 to display Customer’s logo on Nurse-1-1’s website and in confidential investor presentations or slides used for Nurse-1-1’s fundraising purposes.

8. Warranty; Disclaimer.

8.1. Nurse-1-1 represents, warrants, and covenants that, during the Subscription Term, the Services, including the Nurse-1-1 Platform, shall comply with all federal and state laws and regulations. Customer represents, warrants, and covenants that, during the Term, the Customer Properties shall comply with all federal and state laws and regulations.

8.2. THE SERVICES, CUSTOMER PROPERTIES, NURSE-1-1 IP AND NURSE-1-1 PLATFORM ARE PROVIDED “AS IS” AND, EXCEPT AS EXPRESSLY PROVIDED HEREUNDER, EACH PARTY HEREBY DISCLAIMS ALL WARRANTIES, WHETHER IMPLIED, STATUTORY, OR OTHERWISE. EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. NURSE-1-1 MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES, NURSE-1-1 IP, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY AUTHORIZED USER’S OR END-USER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR FREE.

8.3. Without limiting the foregoing, Nurse-1-1 makes no representations or warranties about the accuracy, reliability, completeness or timeliness of the content, software, text, graphics, links, or communications provided on or through the use of the Services or the Nurse-1-1 Platform.

9. Indemnification.

9.1. Nurse-1-1 Indemnification.

9.1.1. Nurse-1-1 shall indemnify, defend, and hold harmless Customer from and against any and all losses, damages, liabilities, costs (including reasonable attorneys’ fees) (collectively, “Losses”) incurred by Customer resulting from any third-party claim, suit, action, or proceeding (collectively, “Third-Party Claims”): (a) that the Services, or any use of the Services in accordance with this Agreement, infringes or misappropriates such third party’s US intellectual property rights, provided that Customer promptly notifies Nurse-1-1 in writing of the claim, cooperates with Nurse-1-1, and allows Nurse-1-1 sole authority to control the defense and settlement of such claim; or (b) brought by Customer End-Users as a result of information provided to such Customer End-Users by the Health Experts.

9.1.2. If such a claim under Section 9.1.1.(a) is made or appears possible, Customer agrees to permit Nurse-1-1, at Nurse-1-1’s sole discretion, to: (a) modify or replace the Services, or component or part thereof, to make it non-infringing; or (b) obtain the right for Customer to continue use. If Nurse-1-1 determines that neither alternative is reasonably available, Nurse-1-1 may terminate this Agreement, in its entirety or with respect to the affected component or part, effective immediately on written notice to Customer.

9.1.3. Section 9.1.1.(a) will not apply to the extent that the alleged infringement arises from: (a) use of the Services in combination with data, software, hardware, equipment, or technology not provided by Nurse-1-1 or authorized by Nurse-1-1 in writing; (b) modifications to the Services not made by Nurse-1-1; (c) Customer Data; or (d) Third-Party Products.

9.2.Customer Indemnification. Customer shall indemnify, hold harmless, and, at Nurse-1-1’s option, defend Nurse-1-1 from and against any Losses resulting from any Third-Party Claim (a) that the Customer Properties, or any use of the Customer Properties in accordance with this Agreement, infringes or misappropriates such third party’s US intellectual property rights and any Third-Party Claims, or (b) resulting from information or recommendations provided by Customer on Customer Properties (which, for clarity, excludes information provided by Health Experts on the Nurse-1-1 Platform) or based on the negligence or willful misconduct of Customer or any of its employees, consultants or agents.

9.3. Sole Remedy. THIS SECTION 9 SETS FORTH EACH PARTY’S SOLE REMEDIES AND Nurse-1-1’S SOLE LIABILITY AND OBLIGATION FOR ANY ACTUAL, THREATENED, OR ALLEGED CLAIMS THAT THE SERVICES INFRINGE, MISAPPROPRIATE, OR OTHERWISE VIOLATE ANY INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY.

10. Limitations of Liability.

10.1. IN NO EVENT WILL CUSTOMER BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY DAMAGES ARISING AS A RESULT OF INFORMATION PROVIDED BY NURSE-1-1’S HEALTH EXPERTS TO PATIENTS ON THE NURSE-1-1 PLATFORM.

10.2. IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, FOR ANY: (a) CONSEQUENTIAL, INCIDENTAL, INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES; (b) INCREASED COSTS, DIMINUTION IN VALUE OR LOST BUSINESS, PRODUCTION, REVENUES, OR PROFITS; (c) LOSS OF GOODWILL OR REPUTATION; (d) USE, INABILITY TO USE, LOSS, INTERRUPTION, DELAY OR RECOVERY OF ANY DATA, OR BREACH OF DATA OR SYSTEM SECURITY; OR (e) COST OF REPLACEMENT GOODS OR SERVICES, IN EACH CASE REGARDLESS OF WHETHER NURSE-1-1 WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE. IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE EXCEED ONE TIMES THE TOTAL AMOUNTS PAID TO Nurse-1-1 UNDER THIS AGREEMENT IN THE TWELVE-MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

10.3. Notwithstanding the foregoing, this Section 10 (Limitation of Liability) shall not apply to, limit, or affect either Party’s obligations under Section 6 (Confidential Information) or Section 9 (Indemnification), above.

11. Term and Termination.

11.1. Term. The initial Subscription Term of this Agreement begins on the Effective Date and, unless terminated earlier pursuant to this Agreement’s express provisions, will continue in effect until one (1) year from such date . This Agreement will automatically renew for additional successive one-year Subscription Terms unless earlier terminated pursuant to this Agreement’s express provisions or either Party gives the other Party written notice of non-renewal at least thirty (30) days prior to the expiration of the then-current Subscription Term.

11.2. Termination. In addition to any other express termination right set forth in this Agreement:

11.2.1. Either party may terminate this Agreement upon sixty (60) days written notice without cause;

11.2.2. Nurse-1-1 may terminate this Agreement, effective on written notice to Customer, if Customer: (a) fails to pay any amount when due hereunder, and such; failure continues more than thirty (30) days after Nurse-1-1’s delivery of written notice thereof; or (b) breaches any of its obligations under Section 2.3 or Section 6;

11.2.3. either Party may terminate this Agreement, effective on written notice to the other Party, if the other Party materially breaches this Agreement, and such breach: (a) is incapable of cure; or (b) being capable of cure, remains uncured thirty (30) days after the non-breaching Party provides the breaching Party with written notice of such breach; or

11.2.4. either Party may terminate this Agreement, effective immediately upon written notice to the other Party, if the other Party: (a) becomes insolvent or is generally unable to pay, or fails to pay, its debts as they become due; (b) files or has filed against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject, voluntarily or involuntarily, to any proceeding under any domestic or foreign bankruptcy or insolvency law; (c) makes or seeks to make a general assignment for the benefit of its creditors; or (d) applies for or has appointed a receiver, trustee, custodian, or similar agent appointed by order of any court of competent jurisdiction to take charge of or sell any material portion of its property or business.

11.3. Effect of Expiration or Termination. Upon expiration or earlier termination of this Agreement, Customer shall immediately discontinue use of the Nurse-1-1 IP and, without limiting such Party’s obligations under Section 6, each Party shall delete, destroy, or return all copies of the other Party’s Confidential Information and, upon request, certify in writing to the other Party that such Confidential Information has been deleted or destroyed. No expiration or termination will affect Customer’s obligation to pay all Fees that may have become due before such expiration or termination, or entitle Customer to any refund, except in the case of an uncured or incurable breach of this Agreement by Nurse-1-1. Notwithstanding the foregoing, it is understood and agreed that Nurse-1-1 shall not have any obligation to return or delete Customer End-User names and email addresses provided by Customer to Nurse-1-1 in connection with the Services.

11.4. Survival. This Section 11 and Sections 1, 5, 6, 7, 8, 9, 10, 11 and 12, and any other provisions which, by their nature, are intended to survive termination or expiration of this Agreement will survive any termination or expiration of this Agreement.

12. Miscellaneous.

12.1. Entire Agreement. This Agreement, together with the Order Forms and any other documents incorporated herein by reference and all related Exhibits, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this Agreement and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. In the event of any inconsistency between the statements made in these terms, an Order Form, the Nurse-1-1 Terms, the DPA, and the Privacy Policy, and any other documents incorporated by reference, the following order of precedence governs: (a) first, these terms; (b) second, the Nurse-1-1 Terms, (c) third, the Privacy Policy, (e) fourth the DPA, (f) fifth, the Order Form, and (g) sixth, any other documents incorporated by reference.

12.2. Notices. All notices, requests, consents, claims, demands, waivers, and other communications hereunder (each, a “Notice”) (i) if sent to Nurse-1-1 by Customer, must be in writing addressed to us at that address we designate from time to time in accordance with this Section, and (ii) if sent to Customer by Nurse-1-1, may be sent electronically by posting a notice on the Nurse-1-1 Platform or sending a message to the email address then associated with your account or in writing addressed to you at the address then associated with your account. All Notices to Nurse-1-1 must be delivered by personal delivery, nationally recognized overnight courier (with all fees prepaid), facsimile or email (with confirmation of transmission) or certified or registered mail (in each case, return receipt requested, postage prepaid). Except as otherwise provided in this Agreement, a Notice is effective only: (a) upon receipt by the receiving Party; and (b) if the Party giving the Notice has complied with the requirements of this Section. It is your responsibility to keep your email address current. You will be deemed to have received any email sent to the email address then associated with your account when we send the email, whether or not you actually receive the email.

12.3. Force Majeure. In no event shall either Party be liable to the other Party, or be deemed to have breached this Agreement, for any failure or delay in performing its obligations under this Agreement, if and to the extent such failure or delay is caused by any circumstances beyond such Party’s reasonable control, including but not limited to acts of God, flood, fire, earthquake, explosion, war, terrorism, invasion, riot or other civil unrest, strikes, labor stoppages or slowdowns or other industrial disturbances, or passage of law or any action taken by a governmental or public authority, including imposing an embargo. In the event that any such failure or delay continues for more than thirty (30) days, the other Party may immediately terminate this Agreement without penalty.

12.4. Amendment and Modification; Waiver. Nurse-1-1 may, at its discretion, amend, modify, or supplement the terms and conditions of this Agreement from time to time and will provide Customer with written notice of such amendments, modifications, or supplements. Your continued use of the Services after the effective date of the applicable amendment, modification or supplement will be deemed acceptance thereof. No waiver by any Party of any of the provisions hereof will be effective unless explicitly set forth in writing and signed by the Party so waiving. Except as otherwise set forth in this Agreement, (a) no failure to exercise, or delay in exercising, any rights, remedy, power, or privilege arising from this Agreement will operate or be construed as a waiver thereof and (b) no single or partial exercise of any right, remedy, power, or privilege hereunder will preclude any other or further exercise thereof or the exercise of any other right, remedy, power, or privilege.

12.5. Severability. If any provision of this Agreement is invalid, illegal, or unenforceable in any jurisdiction, such invalidity, illegality, or unenforceability will not affect any other term or provision of this Agreement or invalidate or render unenforceable such term or provision in any other jurisdiction. Upon such determination that any term or other provision is invalid, illegal, or unenforceable, the Parties shall negotiate in good faith to modify this Agreement so as to effect their original intent as closely as possible in a mutually acceptable manner in order that the transactions contemplated hereby be consummated as originally contemplated to the greatest extent possible.

12.6. Governing Law; Submission to Jurisdiction. This Agreement is governed by and construed in accordance with the internal laws of the Commonwealth of Massachusetts without giving effect to any choice or conflict of law provision or rule that would require or permit the application of the laws of any jurisdiction other than those of the Commonwealth of Massachusetts. Any legal suit, action, or proceeding arising out of or related to this Agreement or the licenses granted hereunder will be instituted exclusively in the federal courts of the United States or the courts of the Commonwealth of Massachusetts located in the City of Boston, and each Party irrevocably submits to the exclusive jurisdiction of such courts in any such suit, action, or proceeding.

12.7. Assignment. Customer may not assign any of its rights or delegate any of its obligations hereunder, in each case whether voluntarily, involuntarily, by operation of law or otherwise, without the prior written consent of Nurse-1-1; provided, however that this Agreement may be assigned by Customer in connection with the sale of substantially all of the assets, equity or business of Customer. Any purported assignment or delegation by Customer in violation of this Section will be null and void. No assignment or delegation will relieve Customer of any of its obligations hereunder. Subject to the foregoing limitations on assignment, this Agreement is binding upon and inures to the benefit of the Parties and their respective permitted successors and assigns.

12.8. Export Regulation. The Services utilize software and technology that may be subject to US export control laws, including the US Export Administration Act and its associated regulations. Customer shall not, directly or indirectly, export, re-export, or release the Services or the underlying software or technology to, or make the Services or the underlying software or technology accessible from, any jurisdiction or country to which export, re-export, or release is prohibited by law, rule, or regulation. Customer shall comply with all applicable federal laws, regulations, and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing, or otherwise making the Services or the underlying software or technology available outside the US.

12.9. US Government Rights. Each of the Documentation and the software components that constitute the Services is a “commercial item” as that term is defined at 48 C.F.R. § 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. § 12.212. Accordingly, if Customer is an agency of the US Government or any contractor therefor, Customer only receives those rights with respect to the Services and Documentation as are granted to all other end users, in accordance with (a) 48 C.F.R. § 227.7201 through 48 C.F.R. § 227.7204, with respect to the Department of Defense and their contractors, or (b) 48 C.F.R. § 12.212, with respect to all other US Government users and their contractors.

12.10. Equitable Relief. Each Party acknowledges and agrees that a breach or threatened breach by such Party of any of its obligations under Section 6 or, in the case of Customer, Section 2.3 and Section 12.12, would cause the other Party irreparable harm for which monetary damages would not be an adequate remedy and agrees that, in the event of such breach or threatened breach, the other Party will be entitled to equitable relief, including a restraining order, an injunction, specific performance and any other relief that may be available from any court, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.

12.11. Non-Disparagement. Customer agrees not to disparage or otherwise denigrate Nurse-1-1, including its services and products.

12.12. Non-Solicitation and Restrictions on Hiring. During the term of this Agreement and for a period of one (1) year thereafter, Customer shall not (a) recruit or solicit any person who served as a Health Expert via the Nurse-1-1 Platform during the term of this Agreement for the purpose of hiring that Health Expert, either directly or on an independent contractor/consulting basis (except for any individual who, at such time, has not served as a Health Expert via the Nurse-1-1 Platform for a period of one year or longer), nor (b) hire, either directly or on an independent contractor/consulting basis, any employee of Nurse-1-1 (including any person who was an employee of Nurse-1-1 during the during the preceding one-year period).

12.13. HIPAA. The Parties acknowledge and agree that for the purposes of this Agreement, neither party is functioning as a business associate of the other. Notwithstanding the foregoing, the Parties agree to discharge their responsibilities under this Agreement in accordance with the Health Insurance Portability and Accountability Act of 1996 and all regulations promulgated thereunder.

12.14. Nurse-1-1 Policies. In the event that either of such Nurse-1-1 Terms or Nurse-1-1 Privacy Policy conflicts with any Customer policy in relation to access and use of the Services, the Nurse-1-1 policies shall control.

Nurse-1-1 Data Processing Agreement

Last Updated: November 13, 2023

This Data Processing Agreement (“DPA”) governs the Processing of Personal Data by VideWell, Inc. doing business as Nurse-1-1 on behalf of our client (“Customer”) in relation to the Nurse-1-1 Services as outlined in the Nurse-1-1 Customer Terms of Service found at https://legal.nurse-1-1.com/legal/customer-terms-of-service. This DPA serves as a supplementary and integral part of the Agreement between you and us, also referred to as the “Agreement.” Upon its inclusion into the Nurse-1-1 Customer Terms of Service, whether specified in the Agreement itself, an Order Form, or an executed amendment to the Agreement, this DPA becomes effective. In the event of any conflict or inconsistency with the terms of the Agreement, this DPA will prevail to the extent of such conflict or inconsistency.

From time to time, Additional Terms may conflict with these Terms. In the event of such a conflict, the Additional Terms will control. Any reference to the “Terms” in this agreement includes all Additional Terms.

1. Definitions

“Controller” refers to the natural or legal person, public authority, agency, or any other entity that, either alone or in conjunction with others, determines the purposes and methods of Processing Personal Data.

“Data Protection Laws” encompass all relevant legislation worldwide pertaining to data protection and privacy, which is applicable to the respective party responsible for Processing the specific Personal Data under the Agreement. This includes, but is not limited to, European Data Protection Laws, and other applicable U.S. federal and state privacy laws. It also encompasses the data protection and privacy laws of Australia, Singapore, and Japan, as they may be amended, repealed, consolidated, or replaced from time to time. However, for Nurse-1-1, Data Protection Laws do not include regulations governing Sensitive Information, as defined in the Agreement.

“Data Subject” denotes an identified or identifiable natural person to whom the Personal Data relates.

“Europe” encompasses the European Union, the European Economic Area, and their respective member states, as well as Switzerland and the United Kingdom.

“European Data” refers to Personal Data that is protected under European Data Protection Laws.

“European Data Protection Laws” encompass the data protection laws applicable in Europe, which include: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, commonly known as the General Data Protection Regulation (“GDPR”); (ii) Directive 2002/58/EC concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector; and (iii) the relevant national implementations of (i) and (ii). Alternatively, it may refer to the UK GDPR, which incorporates the GDPR into the domestic law of the United Kingdom by virtue of Section 3 of the European Union (Withdrawal) Act 2018. Furthermore, it includes the Swiss Federal Data Protection Act of 19 June 1992 and its associated Ordinance (“Swiss DPA”). These laws may be amended, superseded, or replaced over time.

“Instructions” refer to written and documented directives issued by a Controller to a Processor, specifying a particular or general action to be taken concerning Personal Data. These actions may include, but are not limited to, depersonalization, blocking, deletion, or making the data available.

“Permitted Affiliates” pertain to any of your Affiliates that meet the following criteria: (i) they are authorized to use the Services as per the Agreement, but have not entered into a separate agreement with us and do not qualify as a “Customer” as defined in the Agreement; (ii) they fulfill the role of a Controller regarding the Personal Data Processed by us; and (iii) they are subject to European Data Protection Laws.

“Personal Data” encompasses any information related to an identified or identifiable individual. This information is considered Personal Data when (i) it is included within Customer Data and (ii) it receives similar protection as Personal Data, personal information, or personally identifiable information under the applicable Data Protection Laws.

“Personal Data Breach” refers to a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data transmitted, stored, or otherwise Processed by us and/or our Sub-Processors during the provision of the Services. However, it does not include unsuccessful attempts or activities that do not compromise the security of Personal Data, such as failed login attempts, pings, port scans, denial of service attacks, and other network attacks targeting firewalls or networked systems.

“Processing” encompasses any operation or series of operations performed on Personal Data, including but not limited to collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission by disclosure, dissemination, or making available, alignment or combination, restriction, or erasure of Personal Data. The terms “Process,” “Processes,” and “Processed” are interpreted accordingly.

“Processor” refers to a natural or legal person, public authority, agency, or any other entity that Processes Personal Data on behalf of the Controller.

“Standard Contractual Clauses” denote the standard contractual clauses that are annexed to the European Commission’s Decision (EU) 2021/914 of 4 June 2021. These clauses can currently be found at https://eur-lex.europa.eu/eli/dec_impl/2021/914. They may be subject to amendments, replacements, or updates in the future.

“Sub-Processor” represents any Processor engaged by us to assist in fulfilling our obligations concerning the provision of Services under the Agreement. Sub-Processors may include third parties, excluding Nurse-1-1 employees or consultants.

“Targeted Advertising” means advertising to a Data Subject based on the Data Subject’s Personal Data obtained from the Data Subject’s activity across businesses, distinctly branded websites, applications, or services, other than the business’s distinctly branded website, application, or service with which the Data Subject intentionally interacts.

“UK Addendum” signifies the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018. The current version of the UK Addendum can be found at https://ico.org.uk/media/for-organisations/documents/4019539/international-data-transfer-addendum.pdf. It may be subject to amendments, replacements, or updates.

2. Roles of the Parties

The Parties acknowledge and agree that where Customer’s use of the Services includes Processing which is subject to Data Protection Law requirements with regard to the Processing of Personal Data, Customer is the Controller, Nurse 1-1 is the Processor, and that Nurse 1-1 may engage Sub-Processors pursuant to the requirements set forth below.

3. Customer Responsibilities

a. Compliance with Laws. Under the Agreement and in your utilization of the services, it is your responsibility to adhere to all requirements imposed on you by this DPA and applicable Data Protection Laws regarding the Processing of Personal Data and your Instructions issued to us.

Specifically, without limiting the general applicability of the above, you acknowledge and agree that you bear sole responsibility for: (i) the accuracy, quality, and legality of Customer Data, as well as the methods employed to obtain Personal Data; (ii) compliance with transparency and lawfulness requirements stipulated by applicable Data Protection Laws for the collection and use of Personal Data, including the acquisition of necessary consents and authorizations (especially for Customer’s marketing purposes); (iii) ensuring your entitlement to transfer or provide us access to Personal Data for Processing in accordance with the terms outlined in the Agreement (including this DPA); (iv) ensuring that your Instructions concerning the Processing of Personal Data comply with relevant laws, including Data Protection Laws; and (v) adhering to all laws (including Data Protection Laws) applicable to any emails or other content generated, sent, or managed through the Services, including requirements related to obtaining consents (where necessary) for email communications, the content of such emails, and email deployment practices. If you find it impossible to fulfill your responsibilities under this ‘Compliance with Laws’ section, this DPA, or any applicable Data Protection Laws, you shall promptly notify us.

b. Controller Instructions. The parties acknowledge that the Agreement (including this DPA) and your utilization of the Service in accordance with the Agreement constitute your comprehensive Instructions to us regarding the Processing of Personal Data. However, you retain the option to provide additional instructions during your usage of the Service, as long as these instructions align with the Agreement and the nature and lawful utilization of the Service.

c. Security. It is your responsibility to independently assess whether the data security measures provided by the Service adequately meet your obligations under applicable Data Protection Laws. You are also accountable for securely using the Service, which includes safeguarding the security of Personal Data during its transit to and from the Service (including securely backing up or encrypting such Personal Data).

4. Nurse-1-1 Obligations and Restrictions

a. Compliance with Instructions. We will only handle Personal Data as described in this DPA or as otherwise agreed within the scope of your authorized instructions, except where required by applicable law. We are not responsible for ensuring compliance with any Data Protection Laws that are specific to your industry and do not generally apply to us. When requested in writing by Customer or where required under Data Protection Laws, Nurse 1-1 shall not: (i) sell, or share for Targeted Advertising purposes, Personal Data it receives from or on behalf of Customer, as required by Data Protection Law; (ii) retain, use, or disclose the Personal Data it receives under the Agreement and this DPA outside of the direct business relationship between Nurse 1-1 and Customer unless expressly permitted under Data Protection Laws; and (iii) combine the Personal Data it receives from or on behalf of the Customer with Personal Data it receives from or on behalf of another person or persons, or collects from its own interactions with the Data Subject, provided that Nurse 1-1 may combine Personal Data to perform any business purpose permitted under Data Protection Laws. Customer has the right, upon notice, to take reasonable and appropriate steps to stop and remediate unauthorized use of Personal Data, as required under Data Protection Laws.

b. Conflict of Laws. If we become aware that we cannot Process Personal Data in accordance with your instructions due to a legal requirement under any applicable law, we will (i) promptly notify you of that legal requirement to the extent permitted by law, and (ii) if necessary, temporarily suspend all Processing activities (except for storage and maintaining the security of the affected Personal Data) until you provide new instructions that we can comply with. If this provision is invoked, we will not be held liable under the Agreement for any failure to perform the relevant services until you provide new lawful instructions regarding the Processing.

c. Security. We will establish and maintain appropriate technical and organizational measures for protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality, and integrity of Customer Data as required by Data Protection Law, as outlined in Annex 2 of this Data Processing Agreement (“Security Measures”). While we reserve the right to modify or update the Security Measures at our discretion, any such changes will not significantly reduce the level of protection provided by the Security Measures.

d. Confidentiality. We will ensure that any authorized personnel involved in the Processing of Personal Data on our behalf are bound by appropriate confidentiality obligations, whether through contractual agreements or statutory requirements, to uphold the confidentiality of such data.

e. Personal Data Breaches. Upon becoming aware of any Personal Data Breach, we will promptly notify you and provide timely information as it becomes available or upon your reasonable request. If required by Data Protection Laws, we will offer reasonable, necessary assistance to enable you to notify competent authorities and/or affected Data Subjects about relevant Personal Data Breaches, as per your request. Nurse 1-1 agrees that it will not communicate with any third party, including, but not limited to the media, vendors, consumers and affected Data Subjects regarding Customer in connection to any Personal Data Breach without the express written consent and direction of Customer, unless required under Data Protection Law. Customer acknowledges and agrees that this Section 5 does not restrict or limit in any way Nurse 1-1’s right to communicate with its other affected customers and, without disclosing Customer’s identity, issue public statements or communicate with law enforcement regarding such security breach. The obligations herein shall not apply to incidents that are caused by Customer or Customer’s end users.

f. Deletion or Return of Personal Data. Upon termination of your Service, we will either delete or return all Customer Data, including Personal Data and any copies Processed under this Data Processing Agreement (DPA). This provision applies unless applicable law requires us to retain certain Customer Data or if we have stored Customer Data on backup systems. In such cases, we will securely isolate and protect the data from further Processing, and delete it in accordance with our deletion practices. If you wish to delete your Nurse-1-1 account after terminating your use of the Service, please submit a request through our privacy request form at privacy@nurse-1-1.com. We strongly recommend retrieving your Customer Data before ending your usage of the Service. If you require assistance in retrieving your Customer Data while using the Service, we will offer reasonable support at your expense, subject to the provisions of the ‘Confidentiality’ section of the Agreement.

5. Data Subject Requests

The Service offers various controls to enable you to retrieve, correct, delete, or restrict Personal Data. These controls are designed to assist you in fulfilling your obligations under Data Protection Laws, including your responsibilities concerning Data Subject requests to exercise their rights under applicable Data Protection Laws.

If you encounter a Data Subject request that cannot be resolved independently through the Service, you may request our reasonable assistance in responding to such requests or inquiries from data protection authorities regarding the Processing of Personal Data under the Agreement. You will be responsible for reimbursing us for commercially reasonable costs incurred in providing this assistance.

In the event that we receive a Data Subject Request or any other communication directly related to the Processing of Personal Data under the Agreement, we will promptly notify you and advise the Data Subject to redirect their request to you. It will be your sole responsibility to provide substantive responses to such Data Subject Requests or communications involving Personal Data.

6. Sub-Processors

You acknowledge and agree that we may enlist the services of Sub-Processors to carry out the Processing of Personal Data on your behalf. These Sub-Processors may be engaged to assist us with hosting and infrastructure, as well as to support product features and integrations.

At present, we have designated certain third parties as Sub-Processors, and you can find their details listed on our Sub-Processor Page at https://legal.nurse-1-1.com/legal/sub-processors.

Both parties agree that, by adhering to the provisions outlined in this subsection, Nurse-1-1 fulfills its obligations as stipulated in Section 9 of the Standard Contractual Clauses.

When we engage Sub-Processors, we will impose data protection terms on them that ensure, to the extent applicable to the nature of the services they provide, a level of protection for Personal Data equivalent to that outlined in this Data Processing Agreement (DPA). These terms may include the implementation of the Standard Contractual Clauses where appropriate. We will maintain responsibility for ensuring that each Sub-Processor complies with the obligations set forth in this DPA, and we will be liable for any acts or omissions by such Sub-Processors that result in our breach of obligations under this DPA.

7. Data Transfers

You understand and consent that we have the right to access and handle Personal Data worldwide as required to deliver the Service as stated in the Agreement. Specifically, Personal Data may be transferred to and Processed by Nurse-1-1 in the United States and in other locations where our subcontractors operate. Whenever Personal Data is transferred outside its country of origin, both parties will ensure that such transfers comply with the regulations set forth by Data Protection Laws.

8. Additional Provisions for European Data

a. Scope: The provisions in this section titled “Additional Provisions for European Data” shall solely apply to European Data.

b. Roles of the Parties: When Processing European Data in accordance with your Instructions, both parties acknowledge and agree that you act as the Controller of European Data, and we act as the Processor.

c. Instructions: If we believe that your Instructions violate European Data Protection Laws (where applicable), we will promptly notify you.

d. Sub-Processor Agreements: In accordance with Clause 9(c) of the Standard Contractual Clauses, we acknowledge that we may have restrictions on disclosing Sub-Processor agreements. However, we will make reasonable efforts to require any Sub-Processor we engage to allow us to disclose the Sub-Processor agreement to you. Additionally, we will provide you with all information we reasonably can on a confidential basis.

e. Data Protection Impact Assessments and Consultation with Supervisory Authorities. We will offer reasonable assistance to you, as per European Data Protection Laws, in conducting data protection impact assessments and engaging in prior consultations with supervisory authorities or other competent data privacy authorities, to the extent that the necessary information is reasonably accessible to us and you do not have access to such information through other means.

f. Transfer Mechanisms for Data Transfers.

(A) Nurse-1-1 will not transfer European Data to any country or recipient that does not provide an adequate level of protection for Personal Data, as defined by applicable European Data Protection Laws, unless it has taken all necessary measures to ensure compliance with such laws. These measures may include (but are not limited to) transferring the data to a recipient covered by a suitable international data transfer framework or other legally recognized transfer mechanism that provides adequate protection for Personal Data, transferring to a recipient with binding corporate rules authorization in accordance with European Data Protection Laws, or transferring to a recipient that has executed appropriate standard contractual clauses, as adopted or approved in accordance with applicable European Data Protection Laws.

(B) You acknowledge that Nurse-1-1 in the United States receives European Data in connection with the provision of Services. Subject to subsections (C) and (D), both parties agree to incorporate the Standard Contractual Clauses by reference, which will become a part of the Agreement in the following manner:

(a) EEA Transfers:Regarding European Data that falls under the scope of the GDPR, the following provisions apply:

(i) The Customer is designated as the “data exporter,” and Nurse-1-1 is designated as the “data importer.”

(ii) Module Two terms apply when the Customer acts as a Controller of European Data, and Module Three terms apply when the Customer acts as a Processor of European Data.

(iii) The optional docking clause in Clause 7 applies.

(iv) Option 2 in Clause 9 applies, and any changes to Sub-Processors will be notified in accordance with the ‘Sub-Processors’ section of this DPA.

(v) The optional language in Clause 11 is removed.

(vi) For Clauses 17 and 18, the governing law and forum for disputes under the Standard Contractual Clauses will be determined as specified in the ‘Contracting Entity; Applicable Law; Notice’ section of the Jurisdiction Specific Terms. If no EU Member State is specified in that section, the governing law and forum for disputes will be the Republic of Ireland (without considering conflicts of law principles).

(vii) The Annexes of the Standard Contractual Clauses will be deemed completed with the information provided in the Annexes of this DPA.

(viii) If there is a conflict between any provision of this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses will prevail to the extent of such conflict.

(b) UK Transfers:
Regarding European Data subject to the UK GDPR, the Standard Contractual Clauses will apply as described in subsection (a) with the following modifications:

(i) The Standard Contractual Clauses will be adjusted and interpreted according to the UK Addendum, which will be incorporated by reference and become an integral part of the Agreement.

(ii) Tables 1, 2, and 3 of the UK Addendum will be considered complete with the information provided in the Annexes of this DPA. Table 4 will be completed by selecting “neither party.”

(iii) In the event of any conflict between the terms of the Standard Contractual Clauses and the UK Addendum, the resolution will be determined in accordance with Section 10 and Section 11 of the UK Addendum.

(c) Swiss Transfers:Regarding European Data subject to the Swiss DPA, the Standard Contractual Clauses will apply as outlined in subsection (a) with the following modifications:

(i) References to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss DPA.

(ii) References to “EU,” “Union,” and “Member State law” will be understood as references to Swiss law.

(iii) References to the “competent supervisory authority” and “competent courts” will be replaced with “the Swiss Federal Data Protection and Information Commissioner” and the “relevant courts in Switzerland.”

(C) In cases where the contracting entity under the Agreement is not Nurse-1-1, that specific contracting entity (and not Nurse-1-1) will assume full and sole responsibility and liability towards you regarding the execution of the Standard Contractual Clauses by Nurse-1-1. You should direct any instructions, claims, or inquiries concerning the Standard Contractual Clauses to that contracting entity.

If Nurse-1-1 is unable to fulfill its obligations under the Standard Contractual Clauses or breaches any warranties stated in the Standard Contractual Clauses or UK Addendum (where applicable), and you intend to suspend the transfer of European Data to Nurse-1-1 or terminate the Standard Contractual Clauses or UK Addendum, you agree to provide us with reasonable notice to allow us to rectify such non-compliance. We will cooperate reasonably with you to identify any additional safeguards that could be implemented to address the non-compliance. If we are unable to rectify the non-compliance, you may suspend or terminate the relevant part of the Service in accordance with the Agreement, without any liability to either party (subject to any fees you have incurred prior to such suspension or termination).

9. General Provisions

a. Amendments: Notwithstanding any contrary provisions in the Agreement and without prejudice to the ‘Compliance with Instructions’ or ‘Security’ sections of this DPA, we retain the right to make updates and modifications to this DPA. The terms stated in the ‘Amendment; No Waiver’ section of the Agreement will govern such changes.

b. Severability: If any individual provisions of this DPA are deemed invalid or unenforceable, it will not affect the validity and enforceability of the remaining provisions of this DPA.

c. Limitation of Liability: The liability of each party and its Affiliates, collectively, arising from or related to this DPA (including any other DPAs between the parties) and the Standard Contractual Clauses (where applicable), whether in contract, tort, or under any other theory of liability, will be subject to the limitations and exclusions of liability outlined in the ‘Limitation of Liability’ section of the Agreement. Any references in that section to a party’s liability include the aggregate liability of that party and all its Affiliates under the Agreement (including this DPA). If Nurse-1-1 is not a party to the Agreement, the ‘Limitation of Liability’ section of the Agreement will apply between you and Nurse-1-1, and any references to ‘Nurse-1-1,’ ‘we,’ ‘us,’ or ‘our’ will encompass both Nurse-1-1 and the Nurse-1-1 entity that is a party to the Agreement. Notwithstanding the above, neither party’s liability will be limited concerning an individual’s data protection rights under this DPA (including the Standard Contractual Clauses) or otherwise.

d. Governing Law: The provisions of this DPA will be governed by and interpreted in accordance with the ‘Contracting Entity,’ ‘Applicable Law,’ and ‘Notice’ sections of the Jurisdiction Specific Terms, unless Data Protection Laws require a different approach.

e. Audit: No more than once annually, Nurse-1-1 will comply with all reasonable requests or directions by Customer, or its designee, to enable Customer to verify that Nurse-1-1 is in full compliance with its obligations under this DPA by responding to a questionnaire provided by the Customer. Should Customer require a third-party auditor, Customer shall bear all related costs, including costs associated with personnel time and related expenses and all audits shall be conducted during regular business hours.

10. Parties to this DPA

a. Approved Associates. By signing the Agreement, you are entering into this Data Processing Agreement (including, where applicable, the Standard Contractual Clauses) on your behalf and on behalf of your approved associates. For the purposes of this Data Processing Agreement only, unless stated otherwise, the terms “Customer,” “you,” and “your” will encompass both you and your approved associates.

b. Authorization. The legal entity accepting this Data Processing Agreement as the Customer represents that it has the authority to accept and enter into this agreement on behalf of itself and, when applicable, each of its approved associates.

c. Remedies. The parties agree that (i) only the Customer entity that is a party to the Agreement will exercise any rights or seek any remedies that any approved associate may have under this Data Processing Agreement, (ii) the Customer entity that is a party to the Agreement will exercise such rights collectively for itself and all its approved associates, rather than separately for each approved associate, and (iii) the Customer entity that is a contracting party is responsible for coordinating all instructions, authorizations, and communications with us under this Data Processing Agreement, and has the authority to communicate on behalf of its approved associates in relation to this agreement.

d. Additional Rights. The parties mutually agree that, during the review of our compliance with this Data Processing Agreement, you shall make reasonable efforts to minimize any potential impact on us. This will be achieved by consolidating multiple audit requests conducted on behalf of the Customer entity bound by the Agreement and its authorized affiliates into a single comprehensive audit.

Annex 1 – Details of Processing

A. List of Parties

Data exporter:

Name: Customer, as defined in the Nurse-1-1 Customer Terms of Service (on behalf of itself and Permitted Affiliates)

Address: The Customer’s address, as set out in the Order Form

Contact person’s name, position and contact details: The Customer’s contact details, as set out in the Order Form and/or as set out in the Customer’s Nurse-1-1 Account

Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer’s use of the Nurse-1-1 Services under the Nurse-1-1 Customer Terms of Service

Role (Controller/Processor): Controller

Data importer:

Name: VideWell, Inc. doing business as Nurse-1-1

Address:

Nurse-1-1 c/o VideWell Inc.
101 Middlesex Tpke, Ste 6 PMB 369
Burlington, MA 01803-4914

Role (Controller/Processor): Processor

B. Description of Transfer

Categories of Data Subjects whose Personal Data is Transferred

You have the option to provide Personal Data while using the Service, and the amount of data you share is solely determined and managed by you. This may encompass, but is not restricted to, Personal Data pertaining to various categories of individuals, such as:

Your contacts and other end users, including your employees, contractors, collaborators, customers, prospects, suppliers, and subcontractors.
Data Subjects who may include individuals trying to communicate with or transfer Personal Data to your end users.

Categories of Personal Data Transferred

You have the authority to provide Personal Data to the Services, and the scope of such data is determined and managed solely by you. The Personal Data transferred concern the following categories of data in an electronic or physical form:

1. Contact Information, as defined in the Agreement.

2. Any other Personal Data that you or your end users submit, send, or receive through the Service.

3. Personal identifiers, including any information that identiﬁes the Data Subject and their personal characteristics, including: name, address, contact details, age, date of birth, gender, and physical description.

4. Internet or electronic network activity information, such as IP address, device identifiers, browsing history, search history, and diagnostic information (log files and crash reports).

5. Audio, electronic, thermal, olfactory, or similar information, such as call recordings, photographs, or videos.

6. Inferences based on Personal Data, such as user profiles reflecting preferences, characteristics, psychological trends, behavior, habits, or abilities.

7. Content of communications, such as content of phone calls, emails, or text messages.

8. Demographic information, such as family, lifestyle and social circumstances, including any information relating to the family of the Data Subject and the Data Subject’s lifestyle and social circumstances, including current marriage and partnerships, marital history, details of family and other household members, housing, travel details, leisure activities, and membership of charitable or voluntary organizations.

9. Education and training details, including information which relates to the education and any professional training of the Data Subject, including academic records, qualiﬁcations, skills, training records, professional expertise, student and pupil records.

10. Employment details, including information relating to the employment of the Data Subject, including employment and career history, recruitment and termination details, attendance records, health and safety records, performance appraisals, training records, and security records.

11. Financial details, including information relating to the ﬁnancial affairs of the Data Subject, including income, salary, assets and investments, payments, creditworthiness, loans, beneﬁts, grants, insurance details, and pension information.

12. Commercial data, such as goods or services provided and related information, including details of the goods or services supplied, licenses issued, and contracts.

13. Personal Data relating to criminal convictions and offenses.

Sensitive Data transferred and applied restrictions or safeguards

The Parties will not intentionally collect or Process any Sensitive Personal Data, as defined under applicable Data Privacy Legislation. Vendor will immediately report any unintentional receipt of Sensitive Personal Data.

Nature of the Processing

The Personal Data transferred or Processed will be subject to the following Processing activities:

Receiving Personal Data, including collection, accessing, retrieval, recording, and data entry.
Holding Personal Data, including storage, organization, and structuring.
Using Personal Data, including analyzing, consultation, testing, automated decision making, and profiling.
Updating Personal Data, including correcting, adaptation, alteration, alignment, and combination.
Protecting Personal Data, including restricting, encrypting, and security testing.
Sharing Personal Data, including disclosure, dissemination, allowing access or otherwise making available.
Returning Personal Data to Customer or Data Subject.
Erasing data, including destruction and deletion.

Purpose of the transfer and further Processing

We will undertake the necessary Processing of Personal Data to fulfill our obligations in providing the Services as outlined in the Agreement. The specific details regarding the Processing activities will be further specified in the Order Form and guided by your instructions in the use of the Services.

Frequency of the transfer

The Personal Data is transferred on a continuous basis.

Period for which Personal Data will be retained

Except as stated in the “Deletion or Return of Personal Data” section of this Data Processing Agreement, we will Process Personal Data throughout the duration of the Agreement, unless otherwise explicitly agreed upon in writing. We store Personal Data for as long as the information is required to fulfill our legitimate business needs or the purposes for which the information was collected. Additionally, we store your personal information for as long as is required to resolve disputes or as long as required by applicable law.

B. Competent Supervisory Authority

In accordance with the General Data Protection Regulation (GDPR), the supervisory authority designated as the competent authority for the purposes of the Standard Contractual Clauses will be determined.

Annex 2 – Security Measures

We are currently adhering to the Security Measures outlined in Annex 2. Any capitalized terms not explicitly defined in this document will carry the meanings as defined in the Agreement.

a) Access Control

i) Preventing Unauthorized Product Access

Outsourced Processing: Our Service is hosted on cloud infrastructure providers external to our organization. Additionally, we have established contractual relationships with vendors to ensure the provision of the Service in alignment with our Data Processing Agreement (DPA). We rely on contractual agreements, privacy policies, and vendor compliance programs to safeguard the data Processed or stored by these vendors.

Physical and Environmental Security: Our product infrastructure is hosted by outsourced infrastructure providers, which operate multi-tenant environments. We do not possess or maintain the hardware located within the data centers of these outsourced infrastructure providers. Our production servers and client-facing applications are subject to both logical and physical security measures to separate them from our internal corporate information systems.

Authentication: To ensure the security of our customer products, we implement a uniform password policy. Customers interacting with our products through the user interface must authenticate themselves before accessing non-public customer data.

Authorization: Customer data is stored within multi-tenant storage systems, accessible to customers solely through application user interfaces and application programming interfaces (APIs). Direct access to the underlying application infrastructure is not granted to customers. Each of our products incorporates an authorization model designed to restrict access to relevant features, views, and customization options based on the assigned user’s permissions. Authorization to specific data sets is granted by validating the user’s permissions against the attributes associated with each data set.

ii) Preventing Unauthorized Product Use

We employ industry-standard access control measures and detection capabilities within our internal networks that support our products.

Access Controls: Network access controls are designed to prevent unauthorized network traffic from accessing our product infrastructure. The specific technical measures employed may vary depending on the infrastructure providers, including the implementation of Virtual Private Cloud (VPC), assignment of security groups, and utilization of traditional firewall rules.

Intrusion Detection and Prevention: To safeguard hosted customer websites and other internet-accessible applications, we utilize a Web Application Firewall (WAF) solution. The WAF is specifically designed to identify and prevent attacks against publicly available network services.

Static Code Analysis: The code stored in our source code repositories undergoes regular automated checks using tools that evaluate best practices and identify any detectable software flaws.

iii) Limitations of Privilege & Authorization Requirements

Product Access: Only a designated group of employees are granted access to our products and customer data through controlled interfaces. This access is intended to facilitate efficient customer support, sales, our medical/audit team, and product development. It also serves the purpose of troubleshooting potential issues, promptly detecting and responding to security incidents, and implementing data security measures. Access is granted through “just in time” (JITA) requests, which are meticulously logged. Employee access is assigned based on their roles, and regular reviews are conducted to evaluate high-risk privilege grants, with daily initiations. Administrative or high-risk access permissions undergo review at least once every six months.

Background Checks: In accordance with applicable laws, Nurse-1-1 Health Experts may undergo third-party background or reference checks. In the United States, the results of a third-party background check are required before employment offers can be finalized. All Nurse-1-1 employees are expected to adhere to company guidelines, maintain confidentiality, and uphold ethical standards.

b) Transmission Control

In-transit: To ensure secure communication, we enforce HTTPS encryption (also known as SSL or TLS) for all login interfaces and provide it for free on every customer site hosted on Nurse-1-1 products. Our HTTPS implementation utilizes industry-standard algorithms and certificates.

At-rest: We follow industry-standard security practices when storing user passwords. We have implemented technologies that encrypt stored data to maintain its security while at rest.

c) Input Control

Detection: Our infrastructure is designed to generate comprehensive logs that capture system behavior, incoming traffic, system authentication, and other application requests. These logs are aggregated within our internal systems, allowing us to identify and promptly alert the relevant personnel about any malicious, unintended, or abnormal activities. Our dedicated security, operations, and support teams are responsive to known incidents, ensuring a swift response.

Response and Tracking: We maintain a detailed record of known security incidents, including descriptions, relevant activity dates and times, and incident resolutions. Security, operations, or support personnel investigate suspected and confirmed security incidents, identifying appropriate steps for resolution and documenting them accordingly. In the case of confirmed incidents, we take necessary measures to minimize any potential harm, such as product damage or unauthorized disclosure, both for our products and our customers. Notification regarding such incidents will be made in accordance with the terms specified in the Agreement.

d) Availability Control

Infrastructure Availability: Our infrastructure providers make commercially reasonable efforts to maintain a minimum uptime of 99.95%. They ensure redundancy by maintaining back-up power equipment, the HVAC system, and fire suppression equipment as all part of their Infrastructure Layer.

Fault Tolerance: We have implemented backup and replication strategies to ensure redundancy and fail-over protection in the event of a significant Processing failure. Customer data is backed up in multiple durable data stores and replicated across multiple availability zones.

Online Replicas and Backups: Whenever feasible, production databases are designed to replicate data between at least one primary and one secondary database. All databases undergo regular backups and are managed using industry-standard methods.

Disaster Recovery Plans: We maintain and regularly test disaster recovery plans to ensure the availability of information in the event of an interruption or failure of critical business processes.

Redundancy and Failover: Our products are designed with redundancy and seamless failover capabilities. The server instances supporting our products are architected to prevent single points of failure. This design facilitates smooth operations, allowing us to maintain and update product applications and backend systems while minimizing downtime.

Annex 3 – Sub-Processors

In order to support the delivery of the Service by Nurse-1-1, we may collaborate with Sub-Processors who assist us in our data processing operations. You can find a comprehensive list of our Sub-Processors, along with the purposes for which we engage them, on our Nurse-1-1 Sub-Processors Page accessible at https://legal.nurse-1-1.com/legal/sub-processors. This Sub-Processors Page is an integral part of this DPA and is incorporated herein.

Additional Terms Applicable to Health Experts

Last Updated: November 13, 2023

Terms that Apply to Nurse-1-1 Health Experts

These additional terms (“Health Expert Terms”) apply to Nurse-1-1 Health Experts when using the services through the Website, Widget or the Apps (the “Services”) as a Nurse-1-1 Health Expert. If you are a Nurse-1-1 Health Expert, you agree and are subject to Nurse-1-1’s Terms of Use (located here https://legal.nurse-1-1.com/legal/terms-of-service), Health Expert Terms, and Privacy Policy. Where a Health Expert Term contradicts a user term of use, the Health Expert Term shall govern. The Health Expert Terms apply to your use of Nurse-1-1 as a Nurse-1-1 Health Expert. If you use Nurse-1-1 as a user, you agree, in your capacity as a user, to all Terms applicable to users as set forth in the Terms of Use and Privacy Policy.

Health Experts: Information

As a Nurse-1-1 Health Expert, you are required to register with and use your real name and professional contact information. You consent to Nurse-1-1’s use, in connection with the Services, of your name, likeness, photograph, biographical information and other personal information provided by you to Nurse-1-1 or any other publicly available information about you.

Health Experts: Nurse Practitioners, Physician Assistants, and Registered Nurses in Good Standing

US-based certified Nurse Practitioners (NPs), Physician Assistants (PAs), and Registered Nurses (RNs) may apply to be, and participate as, Health Experts on Nurse-1-1. NPs, PAs, and RNs whose certifications are or become suspended, expired, or revoked, for any reason, are not permitted and agree not to participate in any way, including but not limited to participating by submitting Expert Content (as defined below) to Nurse-1-1, as a Health Expert. Nurse-1-1 may, at its own discretion, expand the network to include other types of certified health professionals to serve as Health Experts.

Health Experts: Permission to Post and Use Expert Content

When you, as a Health Expert, provide content on any Nurse-1-1 feature or function made for publication on the Website, Widget or Apps (such as a chat with a user) (“Expert Content”), you grant Nurse-1-1 an unrestricted right without limitation to use, reproduce, extract data from or add data to, publish and post any such Expert Content, including in connection with or on the Website, Widget or Apps. This means that when you make such a submission to us, you are giving us rights to this content, including the right to post it and make it publicly available on the Website, Widget and the Apps and use it in connection with the Services. You also give us the right to give or transfer all rights granted herein to others. While Expert Content generally is posted on the Website, Widget and Apps, we do not have an obligation to post any particular Expert Content and reserve the right, at our sole discretion and for any reason whatsoever (including but not limited to Expert Content being reported to us as inappropriate), to not post and/or to remove any Expert Content from the Website, Widget or App at any time.

Health Experts: Nurse-1-1 Compensation

You will receive compensation for providing services as a Nurse-1-1 Health Expert according to the Health Expert Terms. By signing up as a Health Expert and using the platform, you agree to abide by all of the Terms of Use and these Health Expert Terms (including any representations and warranties and terms governing indemnification and obligations).

Health Experts: Disclosure of Relationships with Industry

You agree to comply with this Conflicts Disclosure Policy (“CDP”) when using the Website, Widget or the Apps or creating Expert Content for us. This CDP governs the disclosure of financial interests by Nurse-1-1 Health Experts. Conflicts of interest can be financial and/or personal. As used in this policy, “Industry” means any company, entity, or third party that produces, manufactures, or distributes a pharmaceutical, medical device, implant, or other medical care-related product or service or any health care provider or supplier of health care related services including, but not limited to, pharmacies, hospitals, physician practices, laboratories, and imaging centers.

All Health Experts with a material financial relationship with Industry must disclose such a relationship in any answer or other similar Expert Content submitted to Nurse-1-1 when such Expert Content mentions any product or service in which such an interest exists, with the following or similar language: “The author or poster of this content has a financial interest in a product or service mentioned herein.”

Health Experts: No Posting Expert Content for Compensation By a Third Party

Health Experts may not post Expert Content on the Website, Widget or Apps in exchange for compensation of any kind from a third party (i.e., from any party other than Nurse-1-1), including but not limited to, as a paid consultant to any entity (including any company or organization) or individual. Health Experts should ensure that any conflict or potential conflict of interest does not affect, or appear to affect, his or her contributions of Expert Content to the Nurse-1-1. Health Experts may receive compensation from Nurse-1-1 for services rendered through the Website, Widget or Apps as part of the Services.

Health Experts: No Posting of Content Written by Interested Parties

Health Experts may not publish Expert Content under their own names that is written in whole or material part by “Interested Parties” who are (a) parties with a financial interest in any product or service mentioned in such Expert Content, or (b) employees of Industry. Accepting compensation for posting Expert Content to public areas and/or posting ghostwriting by such Interested Parties on the Website, Widget or Apps is prohibited.

Further, Health Experts may not publish Expert Content under their own names that was written by any other party if such content is not otherwise available in the public domain. Health Expert is prohibited from publishing Expert Content written by any other party if publishing such content would result in the violation of any copyright laws.

Health Experts: Posting of Expert Content for Informational Purposes Only

Health Experts are permitted only to provide Expert Content for the purposes of conducting informational chats with the Nurse-1-1 users. Health Experts will not, under any circumstances, provide Nurse-1-1 users with diagnostic or treatment-related information or recommendations.

Health Experts: No Referrals to Specific Health Care Professionals

Health Experts may not post referrals to a specific health care professional. When suggesting to a user to seek medical help or when providing guidance on where to seek help, Health Experts may provide the type of physician to contact but may not name specific health care professionals.

Health Experts: Your Relationship with Nurse-1-1

You acknowledge and agree that Nurse-1-1’s provision to you of the Website, Widget and the Apps for the purpose of engaging you to assist with the provision of the Services creates a direct business relationship between Nurse-1-1 and you. Nurse-1-1 does not, and shall not, be deemed to direct or control you generally or in your performance under this Agreement specifically, including in connection with your provision of services, your acts or omissions, or your Expert Content provided to users. You retain the sole right to determine when, where, and for how long you will utilize the Website, Widget and Apps. You retain the option to attempt to accept or to decline or ignore a user’s request for a chat via the Services, or to cancel an accepted request for chat via the Services, subject to Nurse-1-1’s then-current cancellation policies. You acknowledge and agree that you have complete discretion to provide services or otherwise engage in other business or employment activities; provided such other business or employment activities do not involve receiving payment from a third-party in exchange for posting Expert Content. For the sake of clarity, you understand that you retain the complete right to; (i) use other software application services in addition to the Services; and (ii) engage in any other occupation or business, provided such other business or employment does not involve receiving payment from a third-party in exchange for posting Expert Content. Nurse-1-1 retains the right to deactivate or otherwise restrict you from accessing or using the Services in the event of a violation or alleged violation of the Terms of Use or Health Expert Terms, your disparagement of Nurse-1-1 or any of its affiliates, or your act or omission that causes harm to Nurse-1-1’s or its affiliates’ brand, reputation or business as determined by Nurse-1-1 in its sole discretion.

Health Experts: Ratings

You acknowledge and agree that: (a) after utilizing the Services, a user will be prompted by the Website, Widget or the App to provide a rating of you and the Services and, optionally, to provide comments or feedback about you and the Services; and (b) after utilizing the Services as a Health Expert, you will be prompted by the Website, Widget or the App to provide a rating of the user you connected with and, optionally, to provide comments or feedback about such user. You shall provide your ratings and feedback in good faith.

You acknowledge that Nurse-1-1 desires that users have access to high-quality services via the Website, Widget and the Apps. In order to continue to receive access to the Services as a Health Expert, you must maintain an average rating by users that exceeds the minimum average acceptable rating established by Nurse-1-1, as may be updated from time to time by Nurse-1-1 in its sole discretion (“Minimum Average Rating”). Your average rating is intended to reflect users’ satisfaction with your services rather than your compliance with any of Nurse-1-1’s policies or recommendations. In the event your average rating falls below the Minimum Average Rating (as defined by Nurse-1-1), Nurse-1-1 will notify you and may provide you, in Nurse-1-1’s discretion, a limited period of time to raise your average rating above the Minimum Average Rating. If you do not increase your average rating above the Minimum Average Rating within the time period allowed (if any), Nurse-1-1 reserves the right to deactivate your access to the Services as a Health Expert. Additionally, you acknowledge that your repeated failure to accept user requests for services while you are logged in to the Services as a Health Expert creates a negative experience for users of the Services. If you do not wish to accept user requests for services on the Website, Widget or Apps for a period of time, you agree that you will log off the Website, Widget and Apps as a Health Expert.

Health Experts: Service Charge Calculation and Your Payment

You are entitled to a service charge for each instance of completed services provided by you to a user that are obtained via the Services (“Service Charge”). The Service Charge will be calculated using a formula developed by Nurse-1-1, in its sole discretion (“Service Charge Calculation”). You acknowledge and agree that the Service Charge paid pursuant to the Service Charge Calculation is the only payment you will receive in connection with your provision of services on the Website, Widget or Apps, and that neither the Service Charge nor the Service Charge Calculation includes any gratuity. You: (i) appoint Nurse-1-1 as your limited payment collection agent solely for the purpose of accepting the Service Charge, and, at Nurse-1-1’s discretion, applicable taxes and fees from the user on your behalf via the payment processing functionality facilitated by the Service; and (ii) agree that payment made by User to Nurse-1-1 (or to an affiliate or agent of Nurse-1-1) shall be considered the same as payment made directly by the user to you.

Health Experts: Braintree, a division of PayPal, Inc.

Nurse-1-1 uses Braintree, a division of PayPal, Inc. (Braintree) for payment processing. In order for you to use Braintree’s payment processing services, you must enter into the Commercial Entity User Agreement (CEA) with Braintree and its sponsoring bank. The CEA is available at www.braintreepayments.com/agreements/merchant. By accepting this Agreement, you agree: (a) that you have downloaded or printed the CEA, and (b) that you have reviewed and agree to the CEA. Please note that Nurse-1-1 is not a party to the CEA and that you, Braintree and Braintree’s sponsoring bank are the three parties to the CEA and that Nurse-1-1 has no obligations or liability to you under the CEA. If you have questions regarding the CEA, please contact Braintree at (877)434-2894.

Health Experts: Receipts

As part of the Service, Nurse-1-1 provides you a platform for providing users with health information. Upon your completion of services for a user on the Website, Widget or Apps, Nurse-1-1 collects the applicable Service Charge from the user, prepares a receipt and issues such receipt to the user via email on your behalf. Such receipts are also provided to you via email or the online portal available to you through the Services. Receipts include the breakdown of amounts charged to the user for the Services and may include specific information about you, including your first name and photo, avatar, or other customized representation used in your profile on the Services. Any corrections you request to a user’s receipt must be submitted to Nurse-1-1 in writing in email to support@nurse-1-1.com within three (3) business days after the completion of the applicable use of the Services. Absent such a notice from you, Nurse-1-1 shall not be liable for any mistakes in or corrections to the receipt or for recalculation or disbursement of the Service Charge.

Health Experts: Taxes

You acknowledge and agree that you are required to: (a) complete all tax registration obligations and calculate and remit all tax liabilities related to your provision of service on the Website, Widget or Apps as required by applicable law; and (b) provide Nurse-1-1 with all relevant tax information. You further acknowledge and agree that you are responsible for taxes on your own income arising from the performance of services on the Website, Widget or Apps. Notwithstanding anything to the contrary in this Agreement, Nurse-1-1 may in its reasonable discretion based on applicable tax and regulatory considerations, collect and remit taxes resulting from your provision of services on the Website, Widget or Apps and/or provide any of the relevant tax information you have provided directly to the applicable governmental tax authorities on your behalf or otherwise.

Health Experts: Relationship of the Parties

Except as otherwise expressly provided herein with respect to Nurse-1-1 acting as the limited payment collection agent solely for the purpose of collecting payment from users on your behalf, the relationship between the parties under this Agreement is solely that of independent contracting parties. The parties expressly agree that: (a) the Terms of Use and Health Expert Terms do not constitute an employment agreement, nor do they create an employment relationship, between Nurse-1-1 and you; and (b) no joint venture, partnership, or agency relationship exists between Nurse-1-1 and you. You have no authority to bind Nurse-1-1 or its affiliates and you undertake not to hold yourself out as an employee, agent or authorized representative of Nurse-1-1 or its affiliates. Where, by implication of mandatory law or otherwise, you may be deemed an agent or representative of Nurse-1-1, you undertake and agree to indemnify, defend (at Nurse-1-1’s option) and hold Nurse-1-1 and its affiliates harmless from and against any claims by any person or entity based on such implied agency or representative relationship.

Health Experts: Termination

Either Nurse-1-1 or you may terminate the relationship: (a) without cause at any time upon seven (7) days prior written notice (email is acceptable) to the other; (b) immediately, without notice, for the other party’s material breach of the Terms of Use or Health Expert Terms; or (c) immediately, without notice, in the event of the insolvency or bankruptcy of the other party, or upon the other party’s filing or submission of request for suspension of payment (or similar action or event) against the terminating party. In addition, Nurse-1-1 may terminate the independent contractor relationship or deactivate your Health Expert account immediately, without notice, with respect to you in the event you no longer qualify, under applicable law or the standards and policies of Nurse-1-1 and its affiliates, to provide services or to use the Services, or as otherwise set forth in these Health Expert Terms or the Terms of Use.

Terms of Service

Last Updated: November 13, 2023

Please read these Terms of Service (“Terms”) carefully before using the Nurse-1-1.com website (the “Website”), the Widget (defined below), or any Nurse-1-1 mobile applications (the “Apps”) operated by VideWell, Inc. (“Nurse-1-1,” “us,” “we,” or “our” or), including any content, functionality, and services offered on or through the Website, Widget, or Apps (all the foregoing being, collectively, the “Services”).

At Nurse-1-1, we are committed to providing the highest quality services. We hold ourselves to the highest standards. Please read these Terms carefully so that you understand them, as they affect your legal rights. We value hearing from you, so if you have any questions or ideas, please do not hesitate to get in touch by e-mailing us at support@nurse-1-1.com.

IMPORTANT NOTICE: PLEASE NOTE THE ARBITRATION REQUIREMENT AND CLASS ACTION WAIVER SET FORTH BELOW, WHICH, SUBJECT TO SOME LIMITED EXCEPTIONS, REQUIRES YOU TO ARBITRATE CLAIMS YOU MAY HAVE AGAINST NURSE-1-1 ON AN INDIVIDUAL BASIS. ARBITRATION ON AN INDIVIDUAL BASIS MEANS THAT YOU WILL NOT HAVE, AND YOU WAIVE, THE RIGHT FOR A JUDGE OR JURY TO DECIDE YOUR CLAIMS, AND THAT YOU MAY NOT PROCEED IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE CAPACITY.

These Terms apply to all persons who use the Nurse-1-1 Services in any capacity, including individuals who use the Services to chat with a nurse or their medical provider; nurses and other medical professionals who provide health information to such individuals through these chat Services; and medical providers and other business customers of Nurse 1-1 who install the Widget on their websites or mobile application. The different types of users are treated in more detail below in the “Definitions” section. All provisions of these Terms apply to each user of the Services, unless specific provisions are identified as applying to a specific sub-set of users.

Additional Terms: Certain users, areas, features, or functionality of the Services may be subject to different or additional terms, rules, guidelines or policies (“Additional Terms”), and we may provide such Additional Terms via postings, pop-up notices, links, or other means. For instance, If you are a Nurse-1-1 Health Expert (defined below), you agree and are subject to ADDITIONAL TERMS APPLICABLE TO HEALTH EXPERTS https://legal.nurse-1-1.com/legal/health-experts-terms-of-service. From time to time, Additional Terms may conflict with these Terms. In the event of such a conflict, the Additional Terms will control. Any reference to the “Terms” in this agreement includes all Additional Terms.

In addition, your submission of personal information through the Services is governed by our Privacy Policy https://legal.nurse-1-1.com/legal/privacy-policy, which is hereby incorporated into these Terms.

By accessing or using the Services in any capacity, you agree to be bound by these Terms and (A) acknowledge that you have read and understand these Terms; (B) represent that you are 18 years of age or older or of legal age to enter into a binding agreement (whichever is greater); and (C) accept these Terms and agree that you are legally bound hereby. If you disagree with any part of these Terms, then you do not have permission to access or use the Services.

Definitions

“Health Experts” means US-based, certified nurse practitioners, physician assistants, and registered nurses who are acting as health experts on the Nurse-1-1 platform. Nurse-1-1 reserves the right to expand the network to include other certified health professionals.

“Customer” means a paying or non-paying customer of Nurse-1-1, such as medical providers, pharmaceutical manufacturers, digital health service, or businesses who install the Nurse-1-1 chat widget on their websites for use by End Users. “Customer” does not refer to Health Experts or End-Users.

“Nurse-1-1 Platform” means Nurse-1-1’s proprietary software platform.

“End-User” refers to the individual end users who access the Services to receive health information. These may include individuals who access the Services directly through the Website or users or patients of Nurse-1-1 Customers who have installed the Widget on their own websites or mobile applications.

“Agents” means named user(s) in the Nurse-1-1 Platform who are permitted by the Customer to use and operate the Services for or on behalf of the Customer. For example, this might include an employee of a Customer who interacts with End Users for the purpose of booking appointments.

“Widget” means the software or interface that is embedded on a Customer website or customer mobile application or a Nurse-1-1 Website.

What is Nurse-1-1?

Important Guidelines for End Users

It is important to the interests of Nurse-1-1 that End Users understand the limits of the Services. Accordingly, what follows will outline important limits that End Users must understand and abide by, for the best interests of Nurse-1-1, End Users, and all other parties who use the Services.

Disclaimer of Medical Advice

NURSE-1-1 DOES NOT PROVIDE MEDICAL ADVICE OR TREATMENT AND IS NOT A HEALTHCARE PROVIDER. THE CONTENT IS NOT INTENDED TO BE A SUBSTITUTE FOR PROFESSIONAL MEDICAL ADVICE, DIAGNOSIS OR TREATMENT. AGAIN, WE ARE A TECHNOLOGY COMPANY, AND NOT A HEALTH CARE PROVIDER. BY USING THE SERVICES, END USERS EXPRESSLY AGREE THAT NO PATIENT-PROVIDER RELATIONSHIP OF ANY KIND IS ESTABLISHED BETWEEN YOU AND NURSE-1-1 BASED ON YOUR INTERACTIONS WITH HEALTH EXPERTS OR ANY OTHER USE OF THE SERVICES. HEALTH EXPERTS CONTACTED USING THE NURSE-1-1 SERVICES DO NOT TAKE THE PLACE OF YOUR PHYSICIAN OR OTHER QUALIFIED HEALTHCARE PROVIDER AND YOU SHOULD CONTINUE TO SCHEDULE REGULAR AND ONGOING VISITS WITH YOUR PRIMARY CARE PHYSICIAN (“PCP”). FOR QUESTIONS OR CONCERNS ABOUT YOUR MEDICAL CARE OR TREATMENT, YOU SHOULD CONTACT YOUR PCP OR ANOTHER QUALIFIED HEALTHCARE PROFESSIONAL INSTEAD OF USING THE SERVICES. IF YOU ARE IN NEED OF IMMEDIATE MEDICAL ATTENTION, PLEASE CONTACT A HEALTHCARE PROFESSIONAL OR EMERGENCY SERVICES (SUCH AS 911). NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY IN SEEKING IT BECAUSE OF YOUR USE OF THE SERVICES.

Other than information received directly from your personal medical provider, no information received via the Services should be considered medical advice. You should always consult with an appropriately qualified health care professional for triage, diagnosis, and treatment, including information regarding which medications or treatment may be appropriate for you. Nurse-1-1 cannot and does not represent or warrant that any particular medication or treatment is safe, appropriate, or effective for you. Without limitation, Nurse-1-1 does not recommend or endorse any specific tests, providers, medications, products or procedures.

When using the Services to chat with your personal provider (i.e. your doctor’s office), you are entering into a patient-provider relationship with your provider and in this instance Nurse-1-1 is intended only to facilitate those communications via our technology. Nurse-1-1 does not replace your existing primary care physician relationship. If your provider is not a Customer and is, therefore, not available via the Services, it is solely your responsibility to find another mode of communication to contact your provider.

What can End Users ask Health Experts using the Services?

As an End User, you can ask Health Experts basic health questions and address concerns such as:

Your symptoms
Medications and side effects
Reliable self-care home treatments
Self-help and support groups
When to go to your doctor
When to go to the emergency room
Local physician and hospital resources
Wellness information
Your questions and concerns regarding non-urgent and non-emergency conditions.

Even if you ask a Nurse-1-1 Health Expert or Agent about your concerns, you also should speak with or see your doctor, or go to urgent care for pressing issues, such as if you:

Run out of medicine
Have questions about your medicine
Have an earache, cough or cold
Have a small cut, burn or bruise
Need shots
Have a cough but no wheezing
Need a note for work
Are feeling worse
Your symptoms are worsening or not improving

Even if you ask a Health Expert about your concerns, you should go to the emergency room if you think you have an urgent or emergent health issue, such as:

Having a hard time breathing
chest pain
Choking
Serious bleeding
Suddenly being unable to move or speak
Passing out (fainting)
Hit your head and pass out
Have a severe headache
Having vision changes
Are poisoned
Have deep cuts or serious burns
Are attacked (by a person or an animal)
Have broken bones, or sudden serious pain and swelling in a joint
Are thinking of hurting yourself or someone else
Have a cough and wheezing
Have an asthma attack
Or any other medical condition that concerns you and/or is affecting you seriously

These limitations are important to understand because Nurse-1-1 cannot know the specific physical, emotional or mental health of End Users. Moreover, we are working independently of these Health Experts — which means we do not directly provide medical treatment or care.

Additional Policies & Disclaimers

Neither Nurse-1-1 nor the Health Experts are required to report if someone is suicidal or a threat to others. However, Health Experts will be prepared to respond appropriately in the event such a circumstance arises.

Health Experts are not positioned to treat high levels of emotional distress, such as:

Threatening to harm self or others
Self-mutilation (“cutting”)
Acting out
Aggressive behavior
Emotional outburst
Loss of rationality
Venting, screaming, swearing, etc.
High energy output

ANY END USER WHO IS EXPERIENCING SUCH HIGH LEVELS OF EMOTIONAL DISTRESS SHOULD SEEK IMMEDIATELY APPROPRIATE ALTERNATIVE RESOURCES, SUCH AS THE CONTACT INFORMATION FOR THE NATIONAL SUICIDE PREVENTION HOTLINE, 988 OR (800) 273-8255, HTTP://SUICIDEPREVENTIONLIFELINE.ORG/ OR OTHER EQUIVALENT RESOURCES.

Nurse-1-1 is not an insurance provider nor are we a prescription fulfillment warehouse.

End Users agree that all information provided to or through the Services, including your medical history provided in a chat with a Health Expert, will be accurate and complete. You accept the risk associated with providing false or inaccurate information and will not hold Nurse-1-1 or any other party associated with the Services accountable for any outcomes arising from or in any way related to your provision of inaccurate information.

The Services may contain health- or medical-related materials that are sexually explicit. If you find these materials offensive, you may not want to use the Services.

Fees

You will be asked to supply certain information relevant to any payments required for the Services, including information about your method of payment (such as your payment card number and expiration date) and your billing address. YOU REPRESENT AND WARRANT THAT YOU HAVE THE LEGAL RIGHT TO USE ANY PAYMENT CARD OR OTHER PAYMENT METHOD UTILIZED IN CONNECTION WITH ANY PAYMENT.

You further agree to provide current, complete, and accurate information in connection with all payments for the Services. You agree to promptly update your account and other information, as applicable, so that we can process your payment and contact you as needed. By submitting any information in connection with an order, you grant to Nurse-1-1 the right to provide such information to third parties for purposes of facilitating the completion of transactions initiated by you or on your behalf. Verification of information may be required prior to the acknowledgment or completion of an order.

You agree to pay all fees or charges to your account in accordance with the fees, charges, and billing terms in effect at the time a fee or charge is due and payable. You authorize Nurse-1-1 to immediately charge your credit card or other payment account provided for all fees and charges due and payable and agree that no additional notice or consent is required. If any services or payments for use of the Services are subject to sales tax in any jurisdiction, you will be responsible for payment of such sales tax and any related penalties or interest, and will indemnify Nurse-1-1 for any liability or expense incurred in connection with such sales taxes (including any use tax and any other tax measured by sales proceeds that Nurse-1-1 is permitted to pass to you) and Nurse-1-1 may automatically charge and withhold such taxes for services to be delivered within any jurisdictions that it deems is required. Unless otherwise agreed to by Nurse-1-1 in writing, all fees paid are non-refundable. If you ever have questions about your fees or charges, please contact us at support@nurse-1-1.com.

Fee Structure and Changes

Our Services are free to End Users if the End User’s healthcare provider, insurance plan, Nurse-1-1 customer, or a local clinic in the End User’s area is partnered with us. For all other cases, we will charge you a flat fee each time you use the Services. The applicable fee will be presented for your acceptance and payment prior to each use of the Services. Nurse-1-1 reserves the right to modify any aspect of our fee structure for End Users at any time.

Refunds

Except when otherwise required by law, paid fees are non-refundable.

Accounts

When you create an account with us, you guarantee that you are of the age of 18 years or above or of the legal age to create a binding contract (whichever is greater), located within the United States, and that the information you provide us is accurate, complete, and current at all times. Inaccurate, incomplete, or obsolete information may result in the immediate termination of your account on the Services.

You are responsible for maintaining the confidentiality of your account and password, including the restriction of access to your computer, phone, and/or account. You agree to accept responsibility for any and all activities or actions that occur under your account and/or password, whether your password is with our Services or a third-party service. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of your account.

Network Access and Devices

You are responsible for obtaining the data network access necessary to use the Services. Your mobile network’s data and messaging rates and fees may apply if you access or use the Services from your mobile device. You are responsible for acquiring and updating compatible hardware or devices necessary to access and use the Services and any updates thereto. Nurse-1-1 does not guarantee that the Services, or any portion thereof, will function on any particular hardware or devices. In addition, the Services may be subject to malfunctions and delays inherent in the use of the internet and electronic communications.

Certain industries receive a higher number of abuse complaints compared to others, and such complaints can directly affect our capacity to offer the Services to other clients. In order to safeguard the interests of our Customers, we retain the right to terminate your usage of the Services if you do not belong to the healthcare, digital health, pharmaceutical, and/or life sciences industry.

Intellectual Property Rights

The Services and all of their content, features and functionality, including information, text, graphics, logos, button icons, images, audio clips, video clips, data compilations and the design, selection and arrangement thereof (collectively, the Content”) is owned by Nurse-1-1, its licensors or other providers of such material and are protected by United States and international copyright, trademark, patent, trade secret and other intellectual property or proprietary rights laws.

We are providing you with access to the Services pursuant to a limited, non-exclusive, non-sub-licensable, non-transferable, revocable license, subject to these Terms. This license is available to you as long as you are not barred from the Services by applicable law and your access is not terminated by us. If these Terms are not enforceable where you are located, you may not use the Services. Nurse1-1 reserves all right, title, and interest not expressly granted under this license to the fullest extent possible under applicable laws.

You must not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store or transmit or otherwise exploit any of the Content, except as follows:

Your computer may temporarily store copies of such materials in RAM incidental to your accessing and viewing those materials.
You may store files that are automatically cached by your web browser for display enhancement purposes.
You may print or download one copy of a reasonable number of pages of the Website for your own personal, non-commercial use and not for further reproduction, publication or distribution.
If we provide desktop, mobile or other applications for download, you may download a single copy to your computer or mobile device solely for your own personal, non-commercial use, provided you agree to be bound by our end user license agreement for such applications.
If we provide social media features with certain content, you make take such actions as are enabled by such features.

You must not:

Modify copies of any the Content.
Use any illustrations, photographs, video or audio sequences or any graphics separately from the accompanying text.
Delete or alter any copyright, trademark or other proprietary rights notices from copies of materials from the Content.
Access or use for any commercial purposes any part of the Services or any services or materials available through the Services.

If you wish to make any use of the Content other than that set out in this section of the Terms, please address your request to: support@nurse-1-1.com.

If you print, copy, modify, download or otherwise use or provide any other person with access to any part of the Content in breach of the Terms, your right to use the Services will cease immediately and you must, at our option, return or destroy any copies of the Content you have made. No right, title or interest in or to any aspect of the Services, including the Content, is transferred to you, and all rights not expressly granted are reserved by the Nurse-1-1. Any use of the Services or Content not expressly permitted by these Terms is a breach of these Terms and may violate copyright, trademark and other laws.

Trademarks

The names “Nurse-1-1” and “Videwell,” the Nurse-1-1 Logo, and all related names, logos, product and service names, designs and slogans are trademarks of Nurse-1-1 or its affiliates or licensors. Accordingly, you are prohibited from using such marks without our prior written permission. All other names, logos, product and service names, designs and slogans displayed on or included in Services are the trademarks of their respective owners.

Prohibited Uses

You may use the Services only for lawful purposes and in accordance with these Terms. You agree not to use the Services:

In any way that violates any applicable federal, state, local or international law or regulation (including any laws regarding the export of data or software to and from the US or other countries).
For the purpose of exploiting, harming or attempting to exploit or harm minors in any way by exposing them to inappropriate content, asking for personally identifiable information or otherwise.
To transmit, or procure the sending of, any advertising or promotional material, including any “junk mail”, “chain letter” or “spam” or any other similar solicitation.
To impersonate or attempt to impersonate Nurse-1-1, a Nurse-1-1 employee, another user or any other person or entity (including by using e-mail addresses or screen names associated with any of the foregoing).
To engage in any other conduct that restricts or inhibits anyone’s use or enjoyment of the Services, or which, as determined by us, may harm Nurse-1-1 or users of the Services or expose them to liability.

Additionally, you agree not to:

Use the Services in any manner that could disable, overburden, damage, or impair any aspect of the Services or interfere with any other party’s use of the Services, including their ability to engage in real time activities through the Services.
Use any robot, spider or other automatic device, process or means to access the Services for any purpose, including monitoring or copying any of the material displayed on or included in the Services.
Use any manual process to monitor or copy any of the material displayed on or included in the Services or for any other unauthorized purpose without our prior written consent.
Use any device, software or routine that interferes with the proper working of the Services.
Introduce any viruses, trojan horses, worms, logic bombs or other material which is malicious or technologically harmful, or download or distribute any file without the legal authority to do so.
● Use the Services to harvest or collect information about others, including email addresses, without their express consent.
● Use the Services to send, transmit, handle, distribute, or deliver any communication utilizing: invalid, misleading, or forged headers or subject lines; invalid or non-existent domain names; methods to misrepresent, conceal, or obscure information regarding the origin or transmission path of the communication; a third party’s internet domain name without their express consent; or the use of a third party’s equipment without their permission.
● Assist users from embargoed countries, individuals listed in the U.S. Commerce Department’s Denied Persons List or Entry List, the U.S. Treasury Department’s List of Specially Designated Nationals, or similar sanctions lists in accessing the Services.
Attempt to gain unauthorized access to, interfere with, damage or disrupt any parts of the Services, the server on which any aspect of the Services is stored, or any server, computer or database connected to the Services.
Use the Services to use, monitor, or reference another person’s property, unless you have obtained express prior consent.
Use the Services in a manner that results or could result in the blacklisting of any Nurse-1-1 IP addresses, domains, or customer domains.
Access or attempt to access the Services using another user’s login credentials;
Attack any aspect of the Services via a denial-of-service attack or a distributed denial-of-service attack.
Otherwise attempt to interfere with the proper working of the Services.
Use the Services in a manner that infringes any copyright, trademark, trade secret, patent or other right of any party, or defames or invades the publicity rights or the privacy of any person, living or deceased (or impersonates any such person);
Engage in any conduct in connection with your use of the Services that is false, misleading, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable, as determined by Nurse 1-1 in our sole discretion.
Violate or encourages anyone to violate these Terms.

Without limiting the scope of the foregoing requirements—which apply to all users of the Services—Customers are responsible for moderating content and activity of End Users on their Widget. Any content or activity that violates these Terms may result in the termination of your usage of the Services.

We shall have the right—but, to be clear, not the obligation—to monitor, evaluate, and analyze any use of and access to the Services for any reason, including to determine compliance with these Terms. We also kindly urge users of the Services to notify us of any suspected breaches of these Terms. To report such instances, please forward information or evidence related to the breach to support@Nurse-1-1.com. We maintain a policy of thoroughly investigating all reports and responding accordingly as we deem appropriate.

Links to Other Web Sites

The Services may contain links to third party websites or services that are not owned or controlled by Nurse-1-1.

Nurse-1-1 has no control over, and assumes no responsibility for the content, privacy policies, or practices of any such third party websites or services. We do not warrant the offerings of any of these entities/individuals or their websites.

You acknowledge and agree that Nurse-1-1 shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any content, goods or services available on or through any such third party websites or services.

We strongly advise you to read the terms and conditions and privacy policies of any third party websites or services that you visit.

Liability of Nurse-1-1

The use of the Services is entirely at your own risk. When using the Services, information will be transmitted over a medium that is beyond the control of Nurse-1-1. Accordingly, Nurse-1-1 assumes no liability for or relating to the delay, failure, interruption, or corruption of any data or other information transmitted in connection with use of the Services.

The Services are provided on an “as is” basis and your use of the Services is at your own risk. NURSE-1-1, TO THE FULLEST EXTENT PERMITTED BY LAW, DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT OF THIRD PARTIES’ RIGHTS, AND FITNESS FOR PARTICULAR PURPOSE. Without limiting the foregoing, Nurse-1-1 makes no representations or warranties about the accuracy, reliability, completeness or timeliness of the Services or the information available or received through the Services, including information provided by Health Experts or Agents.

In no event shall Nurse-1-1, its affiliates, licensors and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors and assigns be liable for any damages (including, without limitation, direct, incidental and consequential damages, personal injury/wrongful death, lost profits, or damages resulting from lost data or business interruption) resulting from the use of or inability to use the Services, whether based on warranty, contract, tort, or any other legal theory, and whether or not Nurse-1-1 is advised of the possibility of such damages. You expressly agree that under no circumstances will Nurse-1-1 be liable for any personal injury, including death, caused by your use or misuse of the Services.

Nurse-1-1, Health Experts, and other applicable, approved users of the Nurse-1-1 are not responsible for unauthorized access of protected health information once delivered to the patient.

The mention of a health care provider or Health Expert on the Servcies does not constitute or imply a recommendation or endorsement by Nurse-1-1, the health care provider, or Health Expert.

Nurse-1-1 is not liable to you or anyone else for any decision made or action taken based on use of the Services.

The Nurse-1-1 Everywhere Extension for Google Chrome and Safari may leave remnants of application settings and log files on your device even after the Nurse-1-1 Everywhere Extension has been uninstalled.

Notice and Takedown Procedures; Copyright Agent

If you believe any materials accessible on or from the Services infringe your copyright, you may request removal of those materials (or access thereto) by contacting Nurse-1-1’s copyright agent (identified below) and providing the following information:

Identification of the copyrighted work that you believe to be infringed. Please describe the work, and where possible include a copy or the location (e.g., URL) of an authorized version of the work.
Identification of the material that you believe to be infringing and its location. Please describe the material, and provide us with its URL or any other pertinent information that will allow us to locate the material.
Your name, address, telephone number and (if available) e-mail address.
A statement that you have a good faith belief that the complaint of use of the materials is not authorized by the copyright owner, its agent, or the law.
A statement that the information that you have supplied is accurate, and indicating that “under penalty of perjury,” you are the copyright owner or are authorized to act on the copyright owner’s behalf.
A signature or the electronic equivalent from the copyright holder or authorized representative.

When we receive a report of copyright infringement, we may give notice to the relevant user by means of a general notice on the Services, email to the user’s address in our records, or written communication sent by first-class mail to the user’s physical address in our records. If you receive such a notice, you may provide counter-notification in writing to our copyright agent that includes the information below. To be effective, the counter-notification must be a written communication that includes the following:

Your physical or electronic signature;
Identification of the material that has been removed or to which access has been disabled, and the location at which the material appeared before it was removed or access to it was disabled;
A statement from you, under penalty of perjury, that you have a good-faith belief that the material was removed or disabled as a result of a mistake or misidentification of the material to be removed or disabled; and
Your name, physical address, telephone number, and a statement that you consent to the jurisdiction of a federal district court for the judicial district in which your physical address is located, or if your physical address is outside of the United States, for any judicial district in which we may be found, and that you will accept service of process from the person who provided notification of allegedly infringing material or an agent of such person.

Nurse-1-1’s agent for copyright issues relating to this web site is as follows:

VideWell Inc.
101 Middlesex Tpke, Ste 6 PMB 369
Burlington, MA 01803-4914

In an effort to protect the rights of copyright owners, Nurse-1-1 maintains a policy for the termination, in appropriate circumstances, of subscribers and account holders of the Website who are repeat infringers.

Termination

We may terminate or suspend your account and bar access to the Services immediately, without prior notice or liability, at our sole discretion, for any reason whatsoever including if we believe you have breached these Terms.

All provisions of these Terms which by their nature should survive termination shall survive termination, which you agree shall include all provisions relating to our ownership of the Services, all warranty disclaimers, indemnification requirements, limitations of liability, and the Dispute Resolution & Agreement to Arbitrate and Governing Law & Forum sections.

Dispute Resolution & Agreement to Arbitrate

By using the Services, you and Nurse-1-1 agree that, if there is any controversy, claim, action, or dispute arising out of or related to your use of the Services or the breach, enforcement, interpretation, or validity of these Terms or any part of them (“Dispute”), both parties shall first try in good faith to settle such Dispute by providing written notice to the other party describing the facts and circumstances of the Dispute and allowing the receiving party thirty (30) days in which to respond to or settle the Dispute. Notice shall be sent to:

Notice Nurse-1-1: You must send notice (1) by electronic mail to Support@nurse-1-1.com and (2) by first-class or certified mail to: VideWell Inc. 101 Middlesex Tpke, Ste 6 PMB 369 Burlington, MA 01803-4914

Notice to You: We will send notice by (1) first class or certified mail to the physical address we have on file for you (if any) and (2) by electronic mail to the email address we have on file for you (if any). If we do not have a physical or email address on file for you, or if we are, for any reason, unable to provide notice via the contact information on file, we reserve the right to provide notice by such means as we deem reasonable.

Both you and Nurse-1-1 agree that this dispute resolution procedure is a condition precedent that must be satisfied before initiating any litigation or filing any claim against the other party.

IF ANY DISPUTE CANNOT BE RESOLVED BY THE ABOVE DISPUTE RESOLUTION PROCEDURE, YOU AGREE THAT SUCH DISPUTE WILL BE DECIDED BY BINDING ARBITRATION ON AN INDIVIDUAL BASIS. ARBITRATION ON AN INDIVIDUAL BASIS MEANS THAT YOU WILL NOT HAVE, AND YOU WAIVE, THE RIGHT TO HAVE A JUDGE OR JURY TO DECIDE YOUR CLAIMS, AND THAT YOU MAY NOT PROCEED IN A CLASS, CONSOLIDATED, COLLECTIVE OR REPRESENTATIVE CAPACITY. Other rights that you and we would otherwise have in court will not be available or will be more limited in arbitration, including discovery and appeal rights.

All such Disputes shall be exclusively submitted to Judicial Arbitration and Mediation Services (JAMS) (www.jamsadr.com) for binding arbitration under its rules then in effect (as modified by this agreement to arbitrate), before one arbitrator to be mutually agreed upon by both parties. The arbitration shall be conducted in accordance with the JAMS Consumer Arbitration Minimum Standards (https://www.jamsadr.com/consumer-minimum-standards/) if it is determined by JAMS or the arbitrator that these standards are applicable to the Dispute. The location of any hearings will be determined by the applicable JAMS rules, provided that if the claim is for $10,000 or less, you may choose to have the arbitration conducted (1) solely on the basis of the documents submitted to the arbitrator or (2) through a non-appearance based hearing by teleconference or videoconference.

The arbitrator, and not any federal, state, or local court or agency, shall have exclusive authority to resolve any Dispute arising under or relating to the interpretation, applicability, enforceability, or formation of these Terms, including any claim that all or any part of these Terms are void or voidable. For the avoidance of doubt, you and Nurse-1-1 agree that the arbitrator shall have the exclusive power to rule on his or her own jurisdiction, including any objections with respect to the existence, scope, or validity of this agreement to arbitrate or the arbitrability of any claim or counterclaim. The arbitrator may award (on an individual basis) any relief that would be available in a court. The award rendered by the arbitrator may be confirmed and enforced in any court having jurisdiction thereof.

Notwithstanding the foregoing, in lieu of arbitration either you or Nurse-1-1 may (1) bring an individual claim in small claims court in the United States consistent with any applicable jurisdictional and monetary limits that may apply and (2) file an individual claim in court to enjoin the infringement or other misuse of its intellectual property rights, provided that any such claim is brought and maintained on an individual basis.

Governing Law & Forum

These Terms shall be governed and construed in accordance with the laws of The United States (including federal arbitration law) and the Commonwealth of Massachusetts, , without regard to any conflict of law provisions.

Except for disputes or claims properly lodged in a small claims court in the United States, any disputes or claims not subject to the arbitration provision discussed above shall be resolved by a court located in the Commonwealth of Massachusetts and you further agree and expressly consent to the exercise of personal jurisdiction in such courts. You further agree that any such claims will be brought and maintained solely on an individual basis and not as part of any class, consolidated, collective or representative capacity, and that you waive your right to a jury trial with respect to any such action.

You and Nurse-1-1 acknowledge that these Terms evidence a transaction involving interstate commerce. Any arbitration conducted pursuant to these Terms shall be governed by the Federal Arbitration Act (9 U.S.C. §§ 1-16).

We May Update this Agreement

We may modify or amend these Terms from time to time. Our Terms of Use link includes the word ‘Terms’ and can be easily be found at https://nurse-1-1.com/health/privacy-policy/ When we update these Terms, we will update the “Last Updated” date at the top of the page. You are expected to check this page frequently so that you are aware of any changes, as they are binding on you. If we modify or amend these Terms, your continued use of the Services will mean that you accept those modifications or amendments. If users email us at and request the latest Terms, a copy will be emailed.

Miscellaneous

Interpretation. In these Terms, the words “include,” “includes,” and “including” are used in an illustrative sense and shall not limit the generality of the language preceding such term. Titles and headings to sections herein are inserted for the convenience of reference only and are not intended to be a part of or to affect the meaning or interpretation of these Terms. Any limited or specific disclaimers or limitations of liability found in these Terms shall not limit the effect, forth, or breadth of any other disclaimers or limitations of liability in these Terms.
No waiver. Our failure to act with respect to a breach by you or others does not waive our right to act with respect to a subsequent or similar breach or breaches. If Nurse-1-1 does not exercise or enforce any legal right or remedy which is contained in these Terms (or which Nurse-1-1 has the benefit of under any applicable law or regulation), such action or inaction shall not be taken to be a formal waiver of Nurse-1-1’s rights, and all such rights or remedies shall still be available to Nurse-1-1.
Severability. If any provision of these Terms is held to be invalid by a court having competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms, which shall remain in full force and effect.
Entire Agreement. These Terms set forth the entire understanding and agreement between us with respect to your use of the Sites.
Assignment. You may not assign, transfer, or sublicense any or all of your rights or obligations under these Terms without our express prior written consent. We may assign, transfer, or sublicense any or all of our rights or obligations under these Terms without restriction.
No Relationship. These Terms do not, and shall not be construed to, create any partnership, joint venture, employer-employee, agency, or franchisor-franchisee relationship between you and Nurse-1-1.
Notice to California Residents. You may reach at the contact information provided below in the “CONTACT US” section. California residents may also reach the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs by mail at 1625 North Market Blvd., Sacramento, CA 95834, or by telephone at (916) 445-1254 or (800) 952-5210.

Contact us

If you have any questions about these Terms, please contact us at support@nurse-1-1.com.

Cookies and Ads Policy

Privacy Policy

Last Updated: November 13, 2023

For a printable version of the Privacy Policy, please click here.

Introduction

VideWell Inc., doing business as Nurse-1-1 (“We,” “VideWell” or “Nurse-1-1”) respects your privacy and is committed to protecting it through our compliance with this privacy policy (the “Privacy Policy”). This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the Nurse-1-1 website (the “Website”) or use a Nurse-1-1 product embedded into a third party’s website or mobile app (“Widget”) or use our mobile applications (the “Mobile Apps”) and web applications (“Web Apps,” and together with the Mobile Apps, the “Apps”) (collectively, the “Service”), and our practices for collecting, using, maintaining, protecting and disclosing that information. We hope that reading our Privacy Policy helps you understand how we manage information about you that you provide to us or that we obtain through your use of the Service and the measures we take to protect such information. If you have any questions, please contact us at privacy@nurse-1-1.com.

Except where noted, statements in this Privacy Policy with respect to the Website, Widget apply to the Apps, any tools or applications contained within the Website or Widget, and any other websites where this Privacy Policy is posted. By downloading, accessing or using the Service , or providing information to us in connection with it, you agree to the terms and conditions of this Privacy Policy, so please read on carefully.

We, health experts, or agents may include or offer third-party products or services on our Service. We are not responsible for the privacy practices or the content of those websites. This Privacy Policy applies solely to information collected by Nurse-1-1 through the use of our Service. Users should be aware of this when they leave our Website or Widget and are encouraged to review the privacy statements of each third party website. To better protect your privacy, we recommend that you review the privacy policy of any third party website you visit.

Although we are not a business entity covered by the Health Insurance and Portability and Accountability Act of 1996 (“HIPAA”), we ensure all our processes meet HIPAA standards.

Please read this Privacy Policy carefully to understand our policies and practices regarding your personal data and how we will treat it. If you do not agree with our policies and practices, please do not download, register with or use the Service. . If you have a question about how your personal information is being used, you can contact us through the methods provided in the “Contacting Us” section at the end of this Privacy Policy.

What information do we collect from users who register on and use our Service ?

We collect information from and about users of our Service (i) directly from you when you provide it to us and (ii) automatically when you use the Service

Information You Provide to Us

When you register on the Website, Widget or download, register with or use the Apps, we may ask you to provide information: (i) that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, device, or household, such as name, postal address, e-mail address, telephone number or any other identifier by which you may be contacted online or offline (“personal information”) or (ii) that is about you but individually does not identify you, such as medical concerns, health conditions or other information that you provide to us while using our Website, Widget or our Apps (i.e., information provided during a chat with a “health expert”).

This information includes:

information that you provide by filling in forms on the Service, including information provided at the time of registration and while subscribing to our Service, posting material, and requesting additional services.
records and copies of your correspondence (including e-mail addresses and phone numbers), if you contact us.
your responses to surveys that we might ask you to complete for research purposes.
details of transactions you carry out through the Website, Widget or the Apps and of the fulfillment of your orders. You may be required to provide financial information before placing an order through the Website, Widget or the Apps.
your search queries on the Website, Widget or in the Apps.
Sensitive personal data, such as your health information or diagnosis when you are chatting with a health expert, or that you may otherwise provide when using our Website or App.

Job Applicant Information

When you apply for a job with us, we may collect information from you via our Website forms and otherwise, including:

· Information you provide in connection with your application.

· Information about you that is publicly available.

· Health information, such as COVID-19 status and/or disability information

· Information that you authorize us to collect via third parties, including former employers or references.

· Any other information provided in connection with your application.

We only use your personal data to assess your skills in relation to the applicable job requirements. We may also use your personal data to contact you during the hiring process.

In certain circumstances, you may submit your application for employment through a third-party service that displays our job posting. We do not control the privacy practices of these third-party services. Please review their privacy policies carefully prior to submitting your application materials.

Automatic Information Collection

When you access and use the Service, we and third parties, may use technology to automatically collect:

Usage Details. When you access and use the Service, we may automatically collect certain details of your access to and use of the Service, including traffic data, location data, logs and other communication data and the resources that you access and use on or through the Service.
Device Information. We may collect information about your mobile device and internet connection, including the device’s unique device identifier, IP address, operating system, browser type, mobile network information and the device’s telephone number.
Stored Information and Files. The Website, Widget and the Apps also may access metadata and other information associated with other files stored on your device. This may include, for example, photographs, audio and video clips, personal contacts and address book information.
Location Information. The Apps collect real-time information about the location of your device.

If you do not want us to collect this information, please do not download the Apps, delete them from your device, or do not permit them to collect the noted information. You may also access settings within the Apps to stop sharing certain information with us. In addition, you may opt out at any time by emailing us at privacy@nurse-1-1.com though we are not able to change settings within your personal devices. Please note, however, that opting out of the App’s collection of location information will cause its location-based features to be disabled. You have choices about the information we collect directly from you. When you are asked to provide personal information, you may decline. However, if you choose not to provide information that is necessary, you may not be able to use some of our services.

Cookies and other Online Tracking Technologies.

We, and third parties, may use the following cookies and other online tracking technologies to automatically collect your personal data:

Cookies (Mobile Cookies). A cookie is a small file that a Website, Widget or its service provider transfers to your smartphone or your computer’s hard drive through your Web browser (if you allow it) that enables the Website’s and Widget’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies for a number of reasons, including (a) helping us understand your preferences based on previous or current Website or Widget activity, which enables us to provide you with improved services, (b) helping us understand and save users’ preferences for future visits, (c) helping us compile aggregate data about Website or Widget traffic and Website and Widget interaction so that we can offer better Website and widget experiences and tools in the future, and (d) keeping track of advertisements.

It may be possible to refuse to accept mobile cookies by activating the appropriate setting on your smartphone. Also, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer or Firefox) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.

If you turn off or disable cookies, some features of our Apps will be disabled. It will affect you by making your site experience less efficient and some of our services will not function properly.

Web Beacons. Pages of the Apps and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related app statistics (for example, recording the popularity of certain app content and verifying system and server integrity).

We also may use these technologies to collect information about your activities over time and across third-party Websites, Widgets, apps or other online services (also known as “behavioral tracking” or “targeted advertising”). When you use the Service or its respective content, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include: (i) advertisers, ad networks and ad servers; (ii) analytics companies; (iii) your mobile device manufacturer; and (iv) your mobile service provider.

These third parties may use tracking technologies to collect information about you when you use the Website, Widget or the Apps. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites, apps and other online services websites. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ information practices, so if you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. You may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here, or of companies participating in the Digital Advertising Alliance program by opting out here.

Some of the third parties that assist us include:

Google: Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en We use Google AdSense Advertising on our website. Google, as a third-party vendor, uses cookies to serve ads on our Website. Google’s use of the DART cookie enables it to serve ads to our users based on previous visits to our Website and other websites on the Internet. Users may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy here.

Opting out: Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative opt out page (see here) or permanently using the Google Analytics Opt Out Browser add on. We have also provided a list of service providers and third parties we use to provide our Website and App, available here.

How do we use your information?

We may use the personal information that we collect about you or that you provide to us, including any personal information, when you register, make a purchase, participate in a health expert chat, sign up for our newsletters, respond to a survey or marketing communication, surf the Website, use the Widget, or use other Website features in the following ways:

To provide you with the Apps and their content, and any other information, products or services that you request from us
To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested
To improve our Website, emails, and Widgets in order to better serve you
To improve the quality of the health information you receive through chats with health experts and agents
To allow us to better serve you in responding to your customer service requests
To administer a contest, promotion, survey or other Website feature
To send periodic emails regarding your order or other products and services
To follow up with you after correspondence (live chat, email or phone inquiries)
To improve our service offerings through trainings and education for our health experts
To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection
To notify you when updates to the Website and/or Apps are available and of changes to any products or services we offer or provide through them

The usage information that we collect helps us to improve our Apps and to deliver a better and more personalized experience by enabling us to:

Estimate our audience size and usage patterns
Store information about your preferences, allowing us to customize our Service according to your individual interests
Speed up your searches
Recognize you when you use the Service

Health expert chat and use of session replay technology

We may use technology to monitor how you interact with our Service, particularly through our health expert chat. This may include without limitation which links you click on, information that you type into our online forms, and about your device or browser. Further, we utilize session replay technology to monitor and record mouse clicks and movements, keystrokes, and pages and content viewed by you. Please discontinue use of the Service if you do not consent to our collection of such information.

Nurse-1-1 Everywhere Extension

Nurse-1-1 Everywhere Extension provides a fast and secure method for engaging in chat conversations with live nurses and healthcare support staff while you are online. It ensures that the Nurse-1-1 Widget is readily available as you navigate the web, whether you are viewing prescriptions, assessing symptoms on WebMD or Healthline, or exploring other websites. With Nurse-1-1 Everywhere, you can initiate a conversation on one website and seamlessly transition to another without interruption. The chat Widget remains visible on your screen as you search for healthcare information across the internet, accompanying you wherever your healthcare search takes you. The Nurse-1-1 Everywhere Extension does not gather any data from the current page except if the page has the Nurse-1-1 widget embedded on it.If the Widget is present, we may collect browser details, device information, location information and any other information you input into any forms on that website.

Sometimes, our customers want to know if you are visiting certain websites while using the Nurse-1-1 Everywhere Extension. Those customers provide us with a list of websites, and we confirm only whether you have visited any of the websites on that list. Please note that Nurse-1-1 only retains a record of the websites you visit long enough to match those websites to the ones our customers have listed and does not monitor your online activities beyond what is needed to provide the Nurse-1-1 Everywhere Extension.

Disclosure of your Information

We may disclose aggregated information about our users, and information that does not identify any individual or device, without restriction, as allowed under applicable law.

In addition, we may disclose personal information that we collect or you provide:

To our subsidiaries and affiliates
To Customers and their Agents from the website or app that you engaged with our widget on or were linked to our website from.
To contractors, service providers and other third parties we use to support our business
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Nurse-1-1’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by Nurse-1-1 about our App users is among the assets transferred
To fulfill the purpose for which you provide it
For any other purpose disclosed by us when you provide the information
With your consent
To comply with any court order, law or legal process, including to respond to any government or regulatory request.
To enforce our rights arising from any contracts entered into between you and us
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Nurse-1-1, our Customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
To third parties as part of any corporate reorganization process including, but not limited to mergers, acquisitions, and sales of all or substantially all of our assets. If transferred in such a case, your information would remain subject to this Privacy Policy or a privacy policy that, at a minimum, protects your privacy to an equal degree as this Privacy Policy.

Unless required by law, we do not share any of your personal health information unless previously authorized by you (such as sharing the information with your doctor’s office or insurance provider without your approval unless they are a customer of Nurse-1-1 and only the information you have provided through their use of Nurse-1-1 services will be shared with them).

Sale of personal data: We note, however, that our use of cookies and other tracking technologies may be considered a “sale” or disclosure of your personal data, including your personal health information, to those third parties who provide those cookies and other tracking technologies. Additionally, those third parties may use your personal data for their own marketing purposes. Please contact us to opt-out of the sale of your personal data.

Public Posting Areas and Social Media

Please note that any information you include in a message you post to any public posting area, such as any comments section of our social media pages, is available to anyone with Internet access. For example, if you don’t want people to know your email address, don’t include it in any message you post publicly. PLEASE BE EXTREMELY CAREFUL WHEN DISCLOSING ANY INFORMATION IN PUBLIC POSTING AREAS. WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF THE INFORMATION THAT YOU DISCLOSE IN PUBLIC POSTING AREAS.

Disclaimer Regarding Video Content

The Website may contain pixels which provide us and third parties with analytics regarding how website visitors interact with video content, audiovisual content, or content of a like nature (collectively, “Video Content”). Video Content is provided for the purpose of enhancing the user experience with the Service and by continuing to use the Service and interacting with Video Content, you understand that your personal data, including your video viewing history, may be processed according to the Privacy Policy. Please contact us at the email address provided in the “Contacting Us” section below to opt out of this processing.

How long do we store your personal data?

We store your personal information for as long as the information is required to fulfill our legitimate business needs or the purposes for which the information was collected. Additionally, we store your personal information for as long as is required to resolve disputes or as long as required by applicable law.

How does our Website and Widget handle “do not track” signals?

We honor do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

COPPA (Children Online Privacy Protection Act)

Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, App, or Service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We take commercially reasonable measures to ensure that any personal information is stored securely and separate from the non-personal information such that no direct connections can be made between an individual’s identity and any associated de-identified non-personal information. Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through our App. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide. Furthermore, we are not responsible for other breaches to your personal information outside our control, such as resulting from loss, theft or unauthorized use of your mobile device. By using the Service or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy and administrative issues relating to your use of the Service. We may post a notice on the Service if a security breach occurs. We may also send an email to you at the email address you have provided to us in these circumstances. Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

Amendments

We may modify or amend this Privacy Policy from time to time. If we make any material changes, as determined by Nurse-1-1, in the way in which personal information or non-personal information is collected, used or transferred, we will notify you of these changes by modification of this Privacy Policy, which will be available for review by you on the Service. Your continued use of the Service after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates. Notwithstanding any modifications we may make, any personal information and non-personal Information collected by Nurse-1-1 from you will be treated in accordance with the Privacy Policy in effect at the time information was collected, unless we obtain your consent otherwise.

Service Visitors from outside the United States

We and our servers are located in the United States and are subject to the applicable state and federal laws of the United States. If you choose to access the Service, you consent to the use and disclosure of information that we collect from you or that you provide to us, including any personal information, in accordance with the terms and conditions of this Privacy Policy. In addition, by sending personal information to us, you acknowledge and consent that your data will be transferred across national borders, including to countries outside of the EU/EEA. For example, where personal information is transferred from the European Economic Area to areas which have not been determined to have an adequate level of protection, we take measures designed to transfer the information in accordance with lawful requirements, such as standard contractual clauses. Please contact us for more information and to receive a copy of the standard contractual clauses we may utilize.

State Privacy Rights and Disclosures

You may have certain rights with respect to your personal data depending on your location or residency. You may, at any time, request information about the personal data that we have collected about you. Please contact us via our contact information below if you wish to obtain insight into your personal data or if you have any other concerns related to your personal data.

California “Shine the Light” Law

Under California’s “Shine the Light Law,” if a company shares personal data with third parties for their direct marketing purposes (e.g., to send offers and information that may be of interest to you), California law requires either providing a mechanism by which consumers can obtain more information about such sharing over the prior calendar year, or providing a mechanism by which consumers can opt out of such sharing. We do not share your personal data with third parties for their direct marketing purposes, so we do not provide this opt out.

Nevada Disclosure

Residents of Nevada have the right to opt out of the sale of certain personal data to third parties. We currently do not sell your personal data as defined by Nevada law.

Texas Data Privacy and Security Act Notice

As of July 1, 2024, consumers who are residents of Texas will have certain rights with respect to their personal data, subject to some exceptions:

The right to confirm whether we process your personal data and the right to access that personal data.
The right to correct inaccuracies in your personal data.
The right to delete your personal data.
If the personal data is available in a digital format, you have the right to obtain a copy of your personal data previously provided to us, in a portable and, to the extent technically feasible, readily usable format.
The right to opt out of our processing of personal data for the purposes of targeted advertising, sale, or profiling.

How to Exercise Your Rights

You can review and change your personal information by logging into our Service and visiting your account profile page.

You may also send us an e-mail at privacy@nurse-1-1.com to make a request access to exercise any of your right stated above. If you have an account, we cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

You also have the right to appeal our response to your request. You may send us an email at privacy@nurse-1-1.com to exercise this right.

Contacting Us

If you have any questions regarding this Privacy Policy, you may contact us using the information below.

E-mail: privacy@nurse-1-1.com

Mail:

Nurse-1-1 c/o VideWell Inc.
101 Middlesex Tpke, Ste 6 PMB 369
Burlington, MA 01803-4914
USA

Nurse-1-1 Sub-Processors

Last Updated: November 13, 2023

This Nurse-1-1 Sub-Processors Page is incorporated into the Nurse-1-1 Data Processing Agreement (“DPA”) and Customer Terms of Service (“Agreement”). This page explains how Nurse-1-1 engages with Sub-Processors.

1. Infrastructure Sub-Processors

To help Nurse-1-1 deliver Services, we engage Sub-Processors to support our infrastructure. By agreeing to the DPA, you agree all of these Sub-Processors may have access to Customer and End-User Data.

Third Party Sub-Processor	Purpose	Applicable Service	Data Access	US Data Center Sub-Processor Location: United States
Amazon Web Services, Inc	Hosting & Infrastructure	Used as an on-demand cloud computing platform and Data hosting provider	Customer & End-User Data	United States
Pusher Ltd.	Conversation & Chat Functionality	Used to support conversations/chat features in the Nurse-1-1 product	Encrypted Customer & End-User Data	United States
MailChimp	Email Functionality	Used for email	Customer & End-User Data	United States
Sendgrid	Email Functionality	Used for email	Customer & End-User Data	United States
Google LLC	Corporate use of Google’s GSuite services that include collaborative productivity apps, corporate email, shared calendars, online document editing and storage.	Used for internal operations and limited client communications and collaboration	Customer Data	United States
Hubspot	CRM	User for all Customer CRM functionality	Customer Data	United States
Mixpanel, Inc.	User Analytics	Used to provide analytics data regarding users’ interactions with our Site and Services. User data processed by Mixpanel, Inc. is retained for the duration set forth in the user’s (or its organization’s) agreement with Nurse-1-1.	Customer & End-User Data	United States

2. Feature Specific Sub-Processors

Some of our features and integrations require the use of additional Sub-Processors. Some Sub-Processors will apply to you as a default, and some Sub-Processors will apply to you only if and when you opt-in. We will notify you before you turn on a feature or install an integration that requires support from an opt-in Sub-Processor where indicated in the table below.

Third Party Sub-Processor	Purpose	Applicable Service	Data Access	US Data Center Sub-Processor Location:
DocuSign Inc.,	Legal SaaS Provider	Used for the sending and signing of agreements	Customer Data	United States
OpenAI, LLC*	AI Products	Used for Nurse-1-1 AI Products	Customer & End-User Data	United States
Twilio, Inc.*	Calling Functionality	Used as a service which allows Nurse-1-1 calling	Customer & End-User Data	United States
Braintree (PayPal)	Payment services	Braintree provides a payment processing gateway. Information collected related to payments is sent from the user directly to Braintree, and is never stored or processed by Nurse-1-1.	Customer & End-User Payment card, email address, billing address	United States
Stripe	Payment services	Stripe provides a payment processing gateway. Information collected related to payments is sent from the user directly to Stripe, and is never stored or processed by Nurse-1-1.	Customer & End-User Payment card, email address, billing address	United States

*You may choose not to use the functionality provided by our Sub-Processors marked with an asterisk above.

4. Updates to this Page

We may modify or amend this Nurse-1-1 Sub-Processors Page from time to time. If we make any material changes, as determined by Nurse-1-1, in the way in which personal data or non-personal data is collected, used or transferred, we will notify you of these changes by modification of this Nurse-1-1 Sub-Processors Page, which will be available for review by you on the Service. Your continued use of the Service after we make changes is deemed to be acceptance of those changes, so please check the Nurse-1-1 Sub-Processors Page periodically for updates.

For more information on Nurse-1-1’s Nurse-1-1 Sub-Processors, please email us at privacy@nurse-1-1.com

Nurse-1-1 HIPAA Compliance Technical Summary

Last Updated: November 13, 2023

NOTICE
The information in this document is the property of Videwell, Inc. Unauthorized use is prohibited.

Introduction

Videwell, Inc. (herein referred to as “Nurse-1-1”) is committed to ensuring the confidentiality, integrity, and availability of all electronic protected health information (“ePHI”) it receives, maintains, processes, and/or transmits. As a provider of secure health chats between nurses and advanced practitioners (“Health Experts”), agents of Nurse-1-1’s customers (“Agents”), and individual users (“Users”), we understand and take seriously our obligation to provide a secure and confidential software communication platform for our Customers, Agents, Health Experts, and Users. This document addresses core policies and procedures implemented by Nurse-1-1 to maintain compliance with the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) and assure that proper protections of infrastructure are in place when receiving, storing, processing, and/or transmit ePHI using Nurse-1-1 technology.

Nurse-1-1 strives to comply with applicable standards and implementation specifications of the HIPAA Security Rule set forth in 45 C.F.R. § 164, Subpart C by implementing administrative, physical and technical safeguards that reasonably and appropriately protect the ePHI it receives, maintains, processes, and/or transmits, and to build a solid security infrastructure that passes HITRUST CSF Self-Assessment and Certification. Nurse-1-1 signs business associate agreements (“BAAs”) with its covered entity customers (“Customers”), and any Nurse-1-1 subcontractors that receive, maintain, process and/or transmit Customer ePHI on behalf of Nurse-1-1. These BAAs outline the respective obligations of the parties concerning the use and disclosure of ePHI, as well as liability in the case of a breach.

Nurse-1-1 periodically reviews its policies and procedures, updating them as needed, in response to environmental or operational changes affecting the security of ePHI. All Nurse-1-1 workforce members receive initial and ongoing HIPAA and security training and are expected to fully comply with Nurse-1-1’s policies and policies set forth herein.

As a lead-in, below is a high-level summary of our major architecture, our guiding principles, and how it maximizes our security posture.

Need	Nurse-1-1 Approach
Encryption	All ePHI data is encrypted in transit, end to end, and at rest using AES 256 CBC encryption. At this time, audit logs of usernames are not encrypted, however, the logs do not include any ePHI.
Minimum Necessary Access	Access to recordings of interactions with Users is limited only to Agents, Nurse-1-1 auditors, the Health Experts who have been given proper authorization and undergone training, and the Nurse-1-1 Security Team. Once the viewer of ePHI data has logged in and logged their reasoning to the Nurse-1-1 PHI Access logs, encrypted PHI will be decrypted during the viewers audit session
System Access Tracking	All access authorizations and changes of access, as well as access to un-encryption keys, are tracked and retained. Access to chats result in logs to the Nurse-1-1 PHI Access logs. Prior to access, the viewer will need to enter their login information (username and password) and provide a reason for accessing the given chat. PHI access logs are accessible to Customers in their Nurse-1-1 dashboard. Accessing the PHI access logs also results in logs to the Nurse-1-1 PHI Access logs. At this time, PHI access logs of usernames are not encrypted, however, the logs do not include any ePHI.
Monitoring	All successful logins are tracked and retained. A plan is currently under construction for regular review for any suspicious activity.
Auditing	ePHI is encrypted and stored to maintain integrity, enabling secure access to full historical health interactions. Audit log data is not encrypted, but does not include any ePHI.
Minimum Risk to Architecture	Access to encrypted ePHI by anyone other than the User, Customer, Agent, and Health Expert involved in the exchange of that ePHI is limited to the Nurse-1-1 Security Team. Access to a personalized un-encryption key that is securely stored may only be requested by the Nurse-1-1 Security Team or other senior personnel that has been authorized by the Nurse-1-1 HIPAA Security Officer. All access is logged, retained, and frequently reviewed to prevent any breach.
Vulnerability Scanning	A protocol is currently under construction that will employ a vulnerability scanning tool that periodically scans the Nurse-1-1 environment to ensure security measures are in place.
Intrusion Detection	A protocol is currently under construction that will employ an intrusion detection tool that alerts the Nurse-1-1 Security Team of any suspicious activity.
Backup	Nurse-1-1 employs Amazon Web Services (“AWS”) for server management and data storage that is HIPAA-compliant through a BAA. Nurse-1-1 relies on AWS’ established protocols for data backup.
Disaster Recovery	In the case of a disastrous event, our Amazon Elastic Compute Cloud (“Amazon EC2”) instances would be restarted and databases would be restored from the most recent Snapshot (defined below). While the Nurse-1-1 service is disabled an error page will be displayed which informs Users of the proper steps to take in order to receive an immediate response to their health need.
Documentation	All policies and procedures that make up our security and compliance program are stored and in Nurse-1-1’s shared, secure Google drive (Nurse-1-1 has signed a BAA with G Suite).
Risk Management	We proactively perform risk assessments to assure changes to our infrastructure do not expose new risks to ePHI. Risk mitigation is done before changes are pushed to production.
Workforce Training	Although limited workforce members have access to the ePHI of our Users, all Nurse-1-1 workforce members receive initial and ongoing HIPAA and security training.

Technical Safeguards

This section of HIPAA outlines the technology and the policy and procedures for its use that protect electronic protected health information and control access to it. It is important to note that these requirements are not prescriptive, and there is flexibility in implementation. The key is that measures that are reasonable and appropriate are implemented to safeguard ePHI.

Transmission Security

Standard	Description
Integrity Controls (A)	Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of.
Encryption (A)	Implement a mechanism to encrypt ePHI whenever deemed appropriate.

All data used by Nurse-1-1 is transferred using TLS1.2 encryption security protocol.

Access Controls

Standard	Description
Unique User Identification (Req)	Assign a unique name and/or number for identifying and tracking user identity.
Emergency Access Procedure (Req)	Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.
Automatic Logoff (A)	Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
Encryption and Decryption (A)	Implement a method to encrypt and decrypt electronic protected health information.

User Identification

All users within the Nurse-1-1 environment, including workforce members, Users, Agents, and Health Experts, create a unique user-name and password upon first log-in.

Emergency Access

Nurse-1-1 has procedures and a process for obtaining access to ePHI should an emergency or disaster occur.

Automatic Logoff

Nurse-1-1 is currently building session timeout features to terminate both User and Health Expert sessions after a period of 24 hours of inactivity.

Encryption

Nurse-1-1 encrypts data in its environment using AES 256 CBC encryption. Additionally, all data in transit is encrypted end to end.

Integrity

Standard	Description
Mechanism to Authenticate Electronic Protected Health Information (A)	Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

Accessing ePHI for Authentication

Internally at Nurse-1-1, only Nurse-1-1 workforce members with proper authorization have access to an electronic key that can decrypt chats on the database that may contain ePHI. Those with authorization will regularly review chats containing ePHI to ensure quality as well as corroborate that ePHI has not been altered or destroyed in an unauthorized manner. The electronic keys are the only way to access encrypted PHI and decrypt for review.

Customer agents have access to ePHI while using the Nurse-1-1 dashboard. The Nurse-1-1 dashboard offers Agents to access chats containing ePHI after they re-enter their username and password as well as state their reason for accessing a given chat. A log is then created that records the Agent account, a timestamp, and the reason given for the access. At that time, the contents of the chat and any contained ePHI will be decrypted for the Agent to audit. The decrypted contents of the chat will only remain decrypted during that given session.

Decryption Access Log

Access to the keys is logged, tracked, and reviewed. Access can only be granted to new workforce members after Nurse-1-1’s HIPAA Security Officer and Chief Executive Officer grant authorization. The log is also used to track when, where, and why a key is used.

Security Incident Procedures

Standard	Description
Response and Reporting (req)	Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to Nurse-1-1; and document security incidents and their outcomes.

Nurse-1-1 has implemented a formal incident response plan (“IRP”), which discusses the procedures for identifying, responding to, and escalating suspected and confirmed security incidents. Nurse-1-1’s Incident Response Team is responsible for implementing and following the IRP. Please see Appendix A for details of the IRP.

Reporting Security Incidents

All suspected or known security incidents will be reported to the HIPAA Security Officer and the Security Team as soon as possible. The HIPAA Security Officer will discuss these incidents with the Security Team and Nurse-1-1 management, and determine whether the IRT/IRP should be activated. The following types of incidents are benchmark examples (by no means an exhaustive list) of when the IRT/IRP should be activated:

Unauthorized access to Nurse-1-1’s environment or workstations
Malicious code
Improper or inappropriate usage of Nurse-1-1’s software
Suspected breach of ePHI or other personal information
Suspected loss of sensitive information (not ePHI or personal information)

Notification in the Case of Breach

Nurse-1-1 has a formal Incident Response Plan that addresses the requirements and procedures for notifying appropriate parties in the event of a breach of unsecured PHI. This policy outlines the relevant and responsible parties in case of a breach of and complies with the applicable requirements set forth in 45 C.F.R. 164, Subpart D.

What is Nurse-1-1?

Where is your data processed and stored?

How long do you keep a consumer/patient’s data?

What is your privacy policy?

What are your terms of service?

Are you compliant with GDPR?

Are you compliant with CCPA?

COPPA (Children Online Privacy Protection Act)?

Are you HIPAA compliant?

How do you log and monitor access to user chats and encrypted ePHI?

How do you audit or monitor chats?

Is there a disclaimer given to the consumer/patient about not providing medical advice to the consumer/patient?

How is Important Safety Information delivered to the patient/consumer?

What information is given through consistent, pre-approved Navigational Recommendation messaging?

How is other important information or documents delivered to the patient/consumer?

Follow-Up Email Campaigns

Data Reporting

Definitions.

1. Definitions

2. Roles of the Parties

3. Customer Responsibilities

4. Nurse-1-1 Obligations and Restrictions

5. Data Subject Requests

6. Sub-Processors

7. Data Transfers

8. Additional Provisions for European Data

9. General Provisions

10. Parties to this DPA

Refunds

Intellectual Property Rights

Trademarks

Introduction

Technical Safeguards

Access Controls

Emergency Access

Automatic Logoff

Encryption

Integrity

Accessing ePHI for Authentication

Decryption Access Log

Security Incident Procedures

Reporting Security Incidents