Terms of Service

1. ELIGIBILITY AND AUTHORITY

The Services are intended for use by dental practices, dental professionals, dental service organizations, healthcare businesses, and their authorized workforce members, contractors, and representatives.

The Services and any associated SMS messaging programs are intended only for individuals who are at least 18 years old. By using the Services, providing a phone number, or opting in to receive SMS communications from Dental Boost, you represent and warrant that you are 18 years of age or older.

By using the Services, Customer represents and warrants that:

• it and its Authorized Users are legally able to enter into binding contracts;
• each individual accepting these Terms or accessing the Services on Customer's behalf has authority to do so;
• all information submitted in connection with the Services is truthful, accurate, and complete;
• Customer will use the Services only in compliance with these Terms and applicable law;
• Customer is solely responsible for ensuring that only appropriately authorized workforce members and representatives access any regulated or sensitive information through the Services.

2. DEFINITIONS

For purposes of these Terms:

• "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party, where "control" means ownership or control of more than fifty percent (50%) of the voting interests of the subject entity.
• "Authorized User" means an employee, contractor, agent, or representative authorized by Customer to access or use the Services on Customer's behalf.
• "Business Associate Agreement" or "BAA" means a written business associate agreement executed between Customer and Company where required for Company to create, receive, maintain, or transmit PHI on Customer's behalf.
• "Confidential Information" has the meaning set forth in Section 7.1.
• "Customer Data" means all data, content, materials, communications, records, text, files, audio, call recordings, call logs, messages, appointment data, and other information submitted to, stored in, transmitted through, or processed by the Services by or on behalf of Customer or its Authorized Users, excluding Usage Data.
• "Documentation" means Company's generally available user guides, policies, setup materials, technical documentation, or usage instructions for the Services, as updated from time to time.
• "HIPAA" means the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations, including the Privacy Rule, Security Rule, and Breach Notification Rule.
• "MSA" means a separate signed Master Services Agreement or other signed master agreement governing the Services between Customer and Company.
• "Order Form" has the meaning set forth in the introduction to these Terms.
• "Personal Information" means personal information, personal data, or any similar term defined under applicable privacy or data protection law.
• "Protected Health Information" or "PHI" has the meaning set forth under HIPAA.
• "Security Incident" means any actual unauthorized access to, acquisition of, use of, disclosure of, alteration of, destruction of, or interference with Customer Data in Company's systems, or any reasonably confirmed material compromise of the security, confidentiality, or integrity of Customer Data in Company's systems. Security Incident does not include unsuccessful events or routine probes that do not result in unauthorized access to, use of, disclosure of, alteration of, destruction of, or interference with Customer Data, such as pings, port scans, denial-of-service attempts blocked by security controls, malware blocked by security controls, or unsuccessful login attempts, although Company may investigate and document such events as appropriate.
• "Services" has the meaning set forth in the introduction to these Terms.
• "Third-Party Services" means third-party software, infrastructure, carriers, models, platforms, integrations, APIs, payment processors, hosting providers, communication providers, analytics providers, or other external services used with or in connection with the Services.
• "Usage Data" means de-identified, aggregated, statistical, diagnostic, telemetry, performance, and operational data relating to the use, support, security, or performance of the Services, provided that such Usage Data does not identify Customer, any patient, or any individual except as permitted by applicable law.

3. CHANGES TO THESE TERMS

Except to the extent an applicable MSA or Order Form provides otherwise, we may update these Terms from time to time. If we make a material change, we will use commercially reasonable efforts to provide notice, such as by posting an updated version on the website, through the Services, or by email.

Changes become effective on the date stated in the updated Terms. For paid Services subject to an active subscription term and not governed by an applicable MSA that provides otherwise, any material change that materially adversely affects Customer's rights or obligations will, (unless required sooner for legal, regulatory, security, carrier, registry, or third-party platform reasons), become effective only on the earlier of: (a) Customer's next renewal; or (b) Customer's affirmative acceptance of the updated Terms. Continued use of the Services constitutes acceptance only after the updated Terms have become effective under the preceding sentence.

If Customer is subject to an active MSA, an update to these Terms alone will not amend the MSA unless expressly agreed in writing as provided in the MSA.

4. ACCESS TO THE SERVICES

4.1 Right to Access

Subject to these Terms, any applicable Order Form, Documentation, and payment of all applicable fees, Company grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the applicable subscription term to access and use the Services solely for Customer's internal business operations.

4.2 Authorized Users

Customer may permit its Authorized Users to use the Services solely on Customer's behalf. Customer is responsible for all acts and omissions of its Authorized Users and for ensuring that all Authorized Users comply with these Terms.

4.3 Accounts and Credentials

Customer and its Authorized Users must maintain the confidentiality of all login credentials and are responsible for all activity occurring under their accounts. Customer will promptly notify Company of any known or suspected unauthorized access, credential compromise, or security incident affecting the Services.

4.4 Suspension

Company may suspend or restrict access to the Services immediately if Company reasonably determines that:

• Customer or any Authorized User has materially violated these Terms;
• continued use creates a security, privacy, legal, compliance, or carrier risk;
• Customer's use may violate applicable law, carrier rules, registry requirements, or third-party provider requirements;
• Customer has failed to pay undisputed amounts when due; or
• suspension is necessary to prevent harm to Company, the Services, other customers, or third parties.

Where reasonably practicable and legally permitted, Company will provide notice and an opportunity to cure before suspension for breaches capable of cure. Any suspension will be narrowly tailored to the circumstances and will not deny Customer access to PHI or ePHI to the extent prohibited by applicable law or an applicable BAA.

4.5 Modifications to the Services

Company may modify, update, enhance, or discontinue portions of the Services from time to time. Company will use commercially reasonable efforts not to materially reduce the core functionality of paid Services during an active subscription term without appropriate notice, except where changes are necessary for security, legal, compliance, carrier, registry, or third-party platform reasons.

4.6 Support and Maintenance

Any onboarding, implementation, support, maintenance, or professional services will be provided as described in the applicable Order Form or Documentation. Unless expressly stated otherwise in writing, Company does not provide a guaranteed service level, uptime commitment, response time commitment, or emergency-response commitment.

5. CUSTOMER RESPONSIBILITIES

Customer is responsible for:

• all Customer Data;
• communications that Customer or its Authorized Users initiate, configure, approve, or cause to be sent through the Services;
• configuring and supervising its workflows, routing rules, escalation paths, hours, staffing coverage, suppression lists, compliance settings, and patient communication settings;
• reviewing the suitability, accuracy, and legality of communications, automations, templates, prompts, routing logic, and workflows used through the Services;
• ensuring that Customer's use of the Services complies with all applicable laws, regulations, professional obligations, and contractual commitments;
• maintaining appropriate administrative, technical, and physical safeguards on Customer-controlled devices, systems, and networks; and
• ensuring that Customer does not use the Services as an emergency response, emergency dispatch, emergency triage, life-safety, or 911/E911 system.

Customer will not, and will not permit any third party to:

• access or use the Services for unlawful, fraudulent, deceptive, abusive, or harmful purposes;
• reverse engineer, decompile, disassemble, copy, scrape, or attempt to discover the source code, models, prompts, system architecture, or non-public aspects of the Services except to the extent such restriction is prohibited by law;
• use the Services to develop, benchmark, train, improve, or support a competing product or service;
• interfere with or disrupt the integrity, security, or performance of the Services;
• transmit malware, viruses, or harmful code through the Services;
• access the Services in an unauthorized manner or circumvent technical restrictions;
• send messages, place calls, or record communications in violation of law, carrier rules, registry requirements, or applicable consent requirements; or
• upload or transmit content that is unlawful, defamatory, infringing, deceptive, harassing, or invasive of privacy.

Company remains responsible for communications, automated actions, or processing events to the extent caused by Company's breach of these Terms, Company-configured workflows or content, platform malfunction, or Company's violation of applicable law.

6. CUSTOMER DATA; OWNERSHIP; LICENSE

6.1 Ownership

As between the parties, Customer retains all right, title, and interest in and to Customer Data.

6.2 Limited License to Company

Customer grants Company a limited, non-exclusive, worldwide right to host, copy, transmit, process, display, modify, and otherwise use Customer Data solely as necessary to provide, secure, maintain, support, troubleshoot, administer, configure, and operate the Services, comply with law, and enforce these Terms.

Company may improve the Services only through Usage Data, and through Customer Data that has been aggregated or de-identified in accordance with applicable law, or as otherwise expressly authorized by Customer in a signed writing and, where applicable, permitted by an executed BAA or applicable data processing terms.

Company will not use identifiable Customer Data or PHI to train publicly available or shared general-purpose AI models. Company will not use identifiable Customer Data or PHI for generalized product development, model training, model fine-tuning, benchmarking, or service improvement except as expressly authorized in writing by Customer and, where applicable, permitted by an executed BAA or other applicable data processing terms.

6.3 AI and Subprocessor Data Restrictions

Company will not, and will not permit any AI provider, model provider, transcription provider, voice provider, analytics provider, or other subprocessor to, retain, use, disclose, train on, fine-tune, benchmark, or otherwise exploit identifiable Customer Data, message content, call recordings, transcripts, prompts, outputs, or PHI for any shared, public, cross-customer, or general-purpose model or service-improvement purpose, except where Customer expressly authorizes such use in a signed writing and such use is permitted by applicable law, any applicable BAA, and any applicable data processing terms.

Company will maintain written agreements with such providers imposing confidentiality, use, disclosure, security, retention, and deletion obligations no less protective than those set forth in these Terms, to the extent applicable to the provider's role.

6.4 Usage Data

Company may collect and use Usage Data for lawful business purposes, including analytics, service quality, capacity planning, fraud prevention, security monitoring, and support, provided that such Usage Data does not identify Customer or any individual except as permitted by applicable law.

6.5 No Sale or Impermissible Sharing of Customer Data

Company does not sell Customer Data. Company will not sell or share mobile opt-in data, SMS consent records, or similar communications-consent records with third parties for their own marketing purposes. Company will not disclose PHI to advertising, analytics, or tracking-technology vendors except as expressly permitted by applicable law, any applicable BAA, and these Terms.

6.6 Data Export, Retention, and Retrieval

Subject to applicable law, technical feasibility, the applicable MSA, the applicable Order Form, and any applicable BAA, and, for non-PHI data, payment of undisputed amounts due, Customer may request an export of Customer Data during the subscription term and for at least thirty (30) days after termination or expiration, unless a different period is stated in an applicable MSA, Order Form, or BAA. Nothing in these Terms permits Company to block, withhold, or condition Customer's access to or return of PHI or ePHI in a manner prohibited by HIPAA or an applicable BAA.

Unless otherwise stated in an applicable MSA, Order Form, BAA, or Documentation, Company will delete Customer Data from active production systems within thirty (30) days after the end of the applicable export or retrieval period, unless retention is required by law, reasonably necessary for fraud prevention or security, technically infeasible, or otherwise expressly permitted under an applicable BAA or data processing addendum.

Company may retain limited archival or backup copies for disaster recovery, legal compliance, fraud prevention, security purposes, or ordinary backup rotation for a commercially reasonable period, after which such copies will be deleted, overwritten, or rendered inaccessible in the ordinary course. Upon written request, and subject to applicable law and technical feasibility, Company will provide written confirmation that deletion from active production systems has been completed.

7. CONFIDENTIALITY

7.1 Definition

"Confidential Information" means any non-public information disclosed by one party ("Disclosing Party") to the other party ("Receiving Party") that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure, including Customer Data, business plans, security information, technical information, pricing, product roadmaps, and non-public documentation.

Confidential Information does not include information that the Receiving Party can demonstrate:

• is or becomes publicly available through no breach of these Terms;
• was already lawfully known to the Receiving Party without restriction;
• is lawfully received from a third party without breach of any duty; or
• is independently developed without use of or reference to the Disclosing Party's Confidential Information.

7.2 Obligations

The Receiving Party will:

• use the Disclosing Party's Confidential Information only as necessary to exercise rights or perform obligations under these Terms;
• protect the Confidential Information using at least reasonable care and no less than the care it uses to protect its own similar confidential information; and
• disclose Confidential Information only to employees, contractors, advisors, Affiliates, and subprocessors who have a need to know and are bound by confidentiality obligations no less protective than those in these Terms.

7.3 Required Disclosure

A Receiving Party may disclose Confidential Information to the extent required by law, subpoena, court order, or regulatory request, provided that, unless prohibited by law, it gives the Disclosing Party prompt notice and reasonable cooperation to seek confidential treatment or protective relief.

8. HIPAA; PHI; BUSINESS ASSOCIATE TERMS

8.1 No PHI Without a BAA

Customer agrees not to upload, submit, transmit, store, or otherwise make available PHI through the Services unless and until the parties have executed a BAA where required by applicable law.

Company may suspend, disable, quarantine, reject, or restrict PHI-related features, workflows, integrations, or data flows until the required BAA is fully executed. If Customer submits PHI to the Services before a required BAA is in place, Customer will promptly notify Company, and Company may take reasonable steps, to the extent legally permitted and technically feasible, to isolate, restrict, delete, return, or otherwise remediate such PHI. Nothing in these Terms authorizes Company to process PHI without a required BAA.

8.2 BAA Controls for PHI

If the parties have executed a BAA, then Company's creation, receipt, maintenance, use, and disclosure of PHI will be governed by the BAA and applicable law. In the event of a conflict between these Terms and the BAA with respect to PHI, the BAA will control.

8.3 Responsibility for HIPAA Assessment and Compliance

Each party is responsible for assessing its obligations under HIPAA and other applicable healthcare privacy laws. If Company will create, receive, maintain, or transmit PHI on Customer's behalf in a manner that requires a BAA, the parties will execute a BAA before such PHI is processed through the Services. Company's HIPAA obligations, where applicable, are not negated by Customer's failure to request a BAA.

Customer remains solely responsible for:

• its own status as a covered entity, business associate, or other regulated party;
• using the Services in a HIPAA-compliant manner within Customer's environment and workflows;
• limiting PHI disclosures to the minimum necessary as required by law;
• managing workforce access, device security, account permissions, and operational practices within Customer's control; and
• responding to patient requests, notices, authorizations, and legal obligations applicable to Customer as a healthcare provider or regulated entity, except to the extent expressly assumed by Company in an applicable BAA.

8.4 Company Safeguards

Company will maintain reasonable and appropriate administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of information processed through the Services, as appropriate to the nature of the Services and Company's role under applicable law. To the extent Company acts as a business associate, Company will implement safeguards required by HIPAA and the applicable BAA.

8.5 Security Incidents and Breach Cooperation

Company will investigate suspected Security Incidents and, without unreasonable delay after discovery of, or after Company reasonably determines that there has been: (a) any breach of unsecured PHI; (b) any use or disclosure of PHI not permitted by an applicable BAA; or (c) any material Security Incident affecting Customer Data in Company's systems, will notify Customer and provide information reasonably necessary for Customer to meet applicable legal obligations, subject to applicable law, security needs, preservation of privileged or forensic materials, and the availability of relevant information at the time of notice.

For material non-PHI Security Incidents affecting Customer Data in Company's systems, Company will use commercially reasonable efforts to provide initial notice within five (5) business days after discovery of, or after Company reasonably determines that, such incident has occurred, unless a shorter or longer period is required by applicable law, law-enforcement needs, containment efforts, or the preservation of forensic integrity. Notices may be provided in phases or on a rolling basis as additional facts become available and, to the extent known at the time, may include the nature of the incident, the categories of data affected, the known or reasonably estimated date range of the incident, mitigation steps taken, and recommended Customer actions.

Company will mitigate, to the extent practicable, harmful effects of Security Incidents known to Company and document Security Incidents and their outcomes as appropriate. If an applicable BAA sets a different or additional standard for PHI-related incidents, breaches, or reporting, the BAA will control with respect to PHI.

8.6 Customer-Controlled Risks

Company is not responsible for any incident, breach, or unauthorized disclosure to the extent resulting from:

• Customer's misconfiguration of the Services;
• compromise of Customer-controlled credentials, devices, email accounts, or networks;
• Customer's workforce misconduct or negligence;
• Third-Party Services selected or enabled by Customer and not under Company's reasonable control; or
• Customer's use of the Services in violation of law or these Terms.

Nothing in these Terms limits any obligation expressly set forth in an applicable BAA.

8.7 Subcontractors and Service Providers

Company may use subcontractors and subprocessors to provide portions of the Services. To the extent Company engages any subcontractor that creates, receives, maintains, or transmits PHI on Company's behalf, Company will require that subcontractor to be bound by written obligations that are no less protective than those applicable to Company under the BAA and applicable law.

8.8 Return or Destruction of PHI

Upon termination or expiration, Company will handle PHI in accordance with the applicable BAA, including return or destruction where required and feasible. To the extent return or destruction is infeasible, Company will continue to protect such PHI and limit further uses and disclosures as required by the BAA and applicable law.

9. PRIVACY; DATA PROCESSING TERMS; CONSISTENCY OF DISCLOSURES

Company's collection and use of personal information in connection with the Services is described in the Privacy Policy posted on the Dental Boost website, which is incorporated into these Terms by reference. The Privacy Policy also describes, where applicable, Company's handling of phone numbers, messaging content, SMS consent records, and related communications data in connection with Company-operated messaging programs and the Services.

Customer acknowledges that Customer may itself be subject to privacy, healthcare, consumer-protection, or communications laws in connection with its use of the Services and remains solely responsible for its own compliance obligations as a controller, business, covered entity, sender, caller, or regulated party, as applicable.

To the extent Company processes Personal Information on Customer's behalf as a service provider, contractor, processor, or similar regulated service recipient under applicable law, Company will process such Personal Information only for the limited and specified business purposes and services described in these Terms, the applicable Order Form, the Documentation, and Customer's documented instructions, including to host, store, transmit, route, secure, maintain, support, troubleshoot, configure, integrate, administer, monitor, back up, and otherwise provide the Services and related security, fraud prevention, operational, legal compliance, and support functions.

Without limiting the foregoing, Company will:

• comply with applicable obligations imposed on service providers, contractors, processors, or similar service recipients under applicable privacy law with respect to the Personal Information it processes on Customer's behalf;
• provide the same level of privacy protection for such Personal Information as required by applicable law;
• not sell or share such Personal Information;
• not retain, use, or disclose such Personal Information for any purpose other than the limited and specified business purposes stated in these Terms, as otherwise permitted by applicable law, or as expressly instructed by Customer in a manner permitted by law;
• not retain, use, or disclose such Personal Information outside the direct business relationship between Company and Customer except as permitted by law;
• not combine such Personal Information with personal information received from or on behalf of another person or collected from Company's own interaction with an individual except as permitted by applicable law;
• not use such Personal Information to build or modify consumer, household, or patient profiles except as necessary to provide the Services or as otherwise permitted by law;
• notify Customer without unreasonable delay if Company determines it can no longer meet its obligations under applicable privacy law with respect to such Personal Information;
• require subcontractors handling such Personal Information to be bound by written obligations no less protective than those set forth in this Section; and
• reasonably assist Customer, to the extent required by applicable law and to the extent the request relates to Company's processing of Personal Information on Customer's behalf, with verified consumer-rights requests, compliance inquiries, and information reasonably necessary for Customer's legally required assessments, audits, or response obligations.

Customer may take reasonable and appropriate steps, upon reasonable notice and in a manner that does not unreasonably interfere with Company's operations or compromise the security or confidentiality of other customers, to help ensure that Company's use of Personal Information is consistent with Customer's obligations under applicable privacy law, including by requesting information reasonably necessary to verify compliance. Upon notice from Customer of unauthorized use of Personal Information, Customer may require Company to stop and remediate such unauthorized use to the extent required by law and reasonably feasible under the circumstances.

Any materially burdensome assistance beyond Company's standard obligations may be subject to reasonable reimbursement where permitted by law and specified in an applicable Order Form.

In the event of any inconsistency between Company's public-facing privacy disclosures, customer-facing consent language, and these Terms regarding Company's handling of Customer Data, PHI, SMS consent records, AI training restrictions, or tracking and disclosure practices, Company will interpret and apply the more protective statement unless otherwise required by law or expressly agreed in a signed BAA, Order Form, or data processing addendum.

Where the parties enter into a separate data processing addendum or similar data protection terms, that agreement will control to the extent of any conflict with this Section with respect to the subject matter addressed therein.

10. SECURITY; MONITORING; ONLINE TRACKING TECHNOLOGIES

Company may implement and use logging, monitoring, fraud detection, abuse prevention, threat detection, malware scanning, and similar security measures to protect the Services.

To the extent Company deploys cookies, pixels, analytics tools, session technologies, or similar tracking technologies on Company-controlled websites, hosted forms, product surfaces, or other Company-controlled environments, Company will do so as described in the Privacy Policy and subject to applicable law, these Terms, and any applicable BAA or data processing terms.

Customer is responsible for tracking technologies, ad tags, analytics tools, pixels, scripts, cookie banners, and consent implementations that Customer independently deploys or configures on Customer-controlled websites, landing pages, portals, forms, or other properties, including determining whether such implementations comply with applicable law.

If the Services permit Customer to enable or configure tracking-technology integrations, Customer is responsible for the lawfulness of Customer's selected configurations and any third-party disclosures resulting from those configurations, while Company remains responsible for Company-controlled default deployments on Company-controlled surfaces.

Company will not deploy, permit, or disclose PHI or other regulated patient information to any advertising technology, cross-context behavioral advertising tool, pixel, SDK, or tracking-technology vendor in any authenticated patient-facing environment or in any workflow that collects PHI, unless: (a) Customer expressly instructs Company in writing to do so; (b) such disclosure is permitted by applicable law; (c) any required BAA or data processing terms are in place; and (d) the recipient is contractually prohibited from using the data for its own advertising, profiling, analytics product development, or model-improvement purposes.

Company may disable or restrict integrations, scripts, or configurations that Company reasonably believes create legal, security, privacy, carrier, or reputational risk.

11. AI-ENABLED FEATURES

11.1 Nature of AI Features

The Services may include AI-enabled and automated features, including AI voice receptionists, conversational assistants, call-handling tools, transcription, routing suggestions, draft messages, summarization, workflow automation, and other intelligent features ("AI Features").

11.2 No Medical, Dental, or Professional Advice

The Services, including AI Features, are administrative and operational tools only. Company does not provide dentistry, medicine, legal advice, financial advice, diagnosis, treatment recommendations, or clinical judgment. Nothing in the Services creates a dentist-patient, provider-patient, attorney-client, fiduciary, or similar professional relationship between Company and any patient or end user.

11.3 Automated and AI Communications

Customer acknowledges that certain interactions may be generated, assisted, initiated, or handled by an automated system, artificial voice, prerecorded voice, or AI-enabled feature rather than a human. Customer is responsible for ensuring that all AI-enabled, automated, artificial-voice, prerecorded-voice, autodialed, or similar communications initiated through the Services are used only where Customer has obtained all disclosures and consents required by applicable law, including where applicable prior express consent or prior express written consent, except to the extent a compliance failure is caused by Company's breach of these Terms, Company-configured workflows or content, or platform malfunction.

Company may require Customer to use specified disclosures, scripts, consent language, suppression rules, or workflow configurations as a condition of enabling certain AI or communications features.

11.4 AI Limitations

Customer acknowledges that AI Features may produce incomplete, inaccurate, delayed, unexpected, or inappropriate outputs. Customer is solely responsible for reviewing, supervising, approving, and determining the suitability of outputs and automated actions before relying on them in operations, scheduling, communications, or patient-related workflows.

11.5 AI Data Use Restrictions

Company may process Customer Data used with AI Features solely to provide, secure, maintain, support, troubleshoot, administer, configure, and operate the Services, subject to these Terms, the Privacy Policy, and any applicable BAA or data processing terms.

Company does not use PHI or Customer Confidential Information to train publicly available or shared general-purpose AI models. To the extent Company uses data to improve internal systems or model performance, such use will be limited to Usage Data or data that has been aggregated or de-identified in accordance with applicable law, or otherwise expressly authorized by Customer in writing.

11.6 Escalation and Human Oversight

Customer is solely responsible for configuring escalation pathways, urgency rules, business hours, human review thresholds, and handoff procedures for patient-facing communications. The Services are not intended to be used as emergency response systems, emergency triage systems, or a substitute for clinical judgment.

11.7 Emergency Communications Disclaimer

The Services are not intended for emergency communications. If an individual is experiencing a medical or dental emergency, that individual should contact 911 or seek immediate professional medical assistance. Company is not responsible for delays or failures in emergency response arising from use or misuse of the Services.

11.8 Ownership of Outputs

As between the parties, Customer retains all right, title, and interest in Customer Data. Subject to Customer's compliance with these Terms, Company assigns to Customer any right, title, and interest Company may have in outputs generated specifically for Customer through the Services, excluding Company's preexisting technology, software, models, prompts, templates, workflows, Documentation, know-how, Usage Data, and other intellectual property.

12. TELEPHONY, SMS, EMAIL, AND COMMUNICATION SERVICES

12.1 Dental Boost SMS Messaging Terms

Dental Boost is a brand operated by Revenue Rocket LLC. When you opt in to a Dental Boost text messaging program, you are opting in to receive messages from Revenue Rocket LLC d/b/a Dental Boost for the specific messaging program you selected.

If you separately opt in to receive text messages from Dental Boost, a messaging program operated by Revenue Rocket LLC under the Dental Boost brand, Dental Boost may send you SMS messages related to your relationship with Dental Boost and the Services. These messages may include onboarding and implementation updates, appointment or meeting reminders, account notices, billing notices, service updates, and customer support communications.

If you separately opt in to receive promotional text messages from Dental Boost, Dental Boost may also send you marketing messages about Dental Boost products, services, offers, events, and announcements. Consent to receive informational or relationship messages does not, by itself, authorize promotional text messages. Promotional text messages are sent only where you have provided separate consent for the applicable Dental Boost promotional messaging program.

Some Dental Boost text messages are one-time messages, and some may recur based on your relationship with Dental Boost, your account activity, your support requests, your scheduled interactions, or your separate messaging preferences and consents. Message frequency may vary. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages.

Your consent to receive SMS messages from Dental Boost is not a condition of purchase. Agreeing to these Terms alone does not enroll you in SMS messaging. SMS consent must be obtained through a separate, legally sufficient opt-in specific to the applicable Dental Boost messaging program. Consent to receive SMS messages from Dental Boost applies only to Dental Boost and the specific messaging program for which you opted in, and does not constitute consent to receive messages from unrelated brands, unaffiliated businesses, affiliates acting under a different brand, or other messaging programs for which you did not separately opt in.

You may opt out of Dental Boost SMS messages at any time by replying STOP to any Dental Boost message from the applicable program. After you send STOP, we may send you a single confirmation message confirming that you have been unsubscribed. After that, you will no longer receive SMS messages from that Dental Boost messaging program, unless you opt in again through the original sign-up method, or another legally sufficient opt-in method made available by Dental Boost.

For help, reply HELP to any Dental Boost text message, email [email protected], or use the contact information provided in Section 26 below. We do not sell or share your mobile number, SMS opt-in data, or SMS consent status with third parties for their own marketing purposes. For information about how we collect, use, protect, and disclose personal information, including phone numbers, message content, and consent records, please review our Privacy Policy available on our website at https://dentalboost.ai/privacy-policy.

12.2 Third-Party Communications Infrastructure

Certain features of the Services rely on telecommunications carriers, messaging providers, voice providers, AI providers, email providers, registries, and other Third-Party Services. Company does not control those networks or providers and is not responsible for carrier filtering, campaign rejection, throughput limitations, message blocking, delivery delays, service interruptions, call quality issues, spam filtering, or other failures caused by Third-Party Services or telecommunications infrastructure outside Company's reasonable control.

12.3 Customer Program Control; Sender and Caller Responsibility

Customer is solely responsible for determining the recipients, content, timing, purpose, frequency, legal basis, and business classification of communications initiated through the Services, including whether a communication is informational, operational, transactional, marketing, telemarketing, promotional, or otherwise regulated. As between the parties, Customer is the party that determines who is contacted, what is communicated, when the communication is sent or placed, and under what consent basis or legal authority such communication is made.

As between the parties, Customer is responsible for the lawfulness of communications initiated through the Services based on Customer's decisions regarding recipients, content, timing, use case, and consent basis. Nothing in these Terms determines how any regulator, court, or governmental authority will characterize a party as a "sender," "caller," "maker," or "initiating party" under applicable law. Company provides software, routing, automation, and related technical tools, but does not determine whether a given communication is legally permitted for Customer's specific use case. Nothing in these Terms relieves Company of responsibility for its own acts or omissions to the extent Company is deemed a sender, caller, maker, initiating party, service provider, or business associate under applicable law, or to the extent a communication, disclosure, or compliance failure is caused by Company's breach of these Terms, Company-configured workflows or content, or platform malfunction.

12.4 Customer Compliance Obligations

Customer is solely responsible for ensuring that all calls, prerecorded calls, AI-generated or artificial-voice calls, SMS, MMS, emails, voicemails, ringless voicemail, recordings, and other communications sent through the Services comply with all applicable laws, regulations, industry requirements, registry requirements, and carrier rules, including without limitation:

• obtaining and documenting all required consent;
• distinguishing between informational and marketing communications;
• honoring opt-outs, revocations of consent, company-specific do-not-call requests, and internal suppression requests;
• complying with quiet hours, timing limits, caller-identification requirements, sender-identification requirements, and content restrictions;
• complying with all call-recording laws and notice requirements;
• maintaining records sufficient to demonstrate consent and compliance;
• completing and maintaining any required A2P 10DLC, registry, brand, campaign, vetting, or comparable carrier or intermediary registrations, approvals, and disclosures;
• complying with national and state do-not-call laws and registries where applicable; and
• complying with email marketing requirements, including unsubscribe, advertisement-identification, and sender-identification requirements.

12.5 Consent Requirements

Customer must obtain all legally required prior express consent or prior express written consent, as applicable, before sending messages or placing calls using the Services. Customer must maintain records of the date, time, source, method, scope, and language of consent obtained and must provide those records to Company upon reasonable request where necessary for compliance review, dispute resolution, carrier or registry investigations, or government inquiries.

For any telemarketing or promotional communications that require prior express written consent, Customer must ensure that the consent language clearly and conspicuously authorizes the applicable communications and clearly states that consent is not a condition of purchasing any property, goods, or services.

12.6 Call-to-Action and Disclosure Requirements

Customer will ensure that each applicable call-to-action and consent collection flow clearly identifies the sender or brand, the message purpose, whether the program is promotional or informational where required, message frequency where required, applicable message-and-data-rate disclosures, customer care contact information, opt-out instructions, links or references to required privacy disclosures and terms where required, and any disclosures required for autodialed, prerecorded, artificial-voice, AI-enabled, or marketing communications.

Customer will also ensure that campaign registration materials, sample or initial messages, and live messaging programs accurately identify the applicable brand or sender, describe the applicable message program or use case, and provide legally required or carrier-required HELP, STOP, unsubscribe, or similar functionality and disclosures, as applicable. Consent for promotional communications must not be prechecked, bundled in a misleading way, obscured within unrelated terms, or presented as a condition of purchasing goods or services where prohibited by law.

Customer shall maintain carrier-ready and regulator-ready documentation sufficient to demonstrate compliance for messaging and calling programs, including, as applicable, screenshots or copies of the call-to-action or opt-in flow, consent language, sample messages, sender-identification materials, opt-out handling, and references or links to the applicable Privacy Policy and Terms.

12.7 Opt-Outs, Revocation, and Suppression

Customer must honor all opt-out and revocation requests submitted through any reasonable method permitted by law and may not require the use of an exclusive revocation method where prohibited by law. Customer must process such requests as soon as reasonably practicable and, for text messaging, automated calls, prerecorded or artificial-voice calls, and other communications subject to carrier, registry, or similar suppression requirements, must cease the affected communications promptly after receipt of the opt-out or revocation, except for a single legally permitted non-marketing confirmation communication where allowed by law. In all cases, Customer must comply with the shortest applicable deadline imposed by law, carrier rules, registry requirements, or provider requirements.

Where permitted by law, Customer may send a single non-marketing confirmation communication solely to confirm the opt-out or revocation. Customer may not send additional communications after consent has been revoked unless and until new legally sufficient consent is obtained. Company may provide standard STOP, HELP, unsubscribe, or related compliance functionality, but Customer remains responsible for the lawfulness of its campaigns and workflows.

12.8 CAN-SPAM and Email Marketing

Customer is solely responsible for ensuring that all commercial email sent through the Services complies with applicable law, including requirements relating to accurate sender identification, non-deceptive subject lines, clear and conspicuous identification of the message as an advertisement where required by law, a valid physical postal address, functioning unsubscribe mechanisms, and timely processing of opt-out requests.

12.9 Prohibited Communications

Customer will not use the Services to:

• send unlawful spam or unsolicited messages;
• contact individuals without legally sufficient consent where required;
• send deceptive, fraudulent, abusive, or unlawful content;
• send messages or emails after opt-out;
• use purchased, rented, scraped, appended, or otherwise unlawfully obtained contact lists;
• engage in lead-generation, affiliate, or messaging practices prohibited by law, registry requirements, or carrier rules; or
• use the Services in a manner likely to trigger carrier complaints, blocking, blacklisting, registry enforcement, or other enforcement actions.

12.10 Call Recording

Certain features may permit recording of calls or communications. Customer is solely responsible for determining whether recording is lawful in each jurisdiction and for providing all required notice and obtaining all required consent before any recording begins. Nothing in this Section relieves Company of responsibility to the extent a recording-related compliance issue is caused by Company-configured default recording settings, Company-provided notice functionality that fails to operate as described, or Company's breach of these Terms.

12.11 Compliance Suspension

Company may suspend messaging, telephony, email, or related features immediately if Company reasonably suspects unlawful messaging, invalid consent, abnormal complaint volume, carrier or registry violations, fraud, abuse, phishing, spoofing, or other conduct creating legal, compliance, deliverability, or reputational risk.

12.12 No Emergency Calling or 911 Services

Unless expressly stated in a signed writing by Company, the Services do not provide 911, E911, emergency dispatch, emergency routing, or guaranteed access to emergency services. Customer will not market, represent, or rely on the Services as providing emergency communications capabilities.

12.13 Numbers, Sender IDs, and Porting

Any telephone numbers, toll-free numbers, short codes, alphanumeric sender IDs, or similar identifiers provisioned through the Services are subject to availability, carrier rules, registry requirements, and third-party provider requirements. Unless otherwise expressly stated in a signed writing, Customer receives only a limited right to use such identifiers during the applicable subscription term and while Customer remains in compliance with these Terms and applicable provider requirements. Company and its providers do not guarantee continued availability, uninterrupted assignment, successful provisioning, or successful porting of any identifier.

Customer will provide accurate information and reasonable cooperation for provisioning, verification, registration, campaign approval, port-in, and port-out requests. Company may suspend, reassign, release, or reclaim identifiers where required by carriers, registries, law, fraud-prevention requirements, inactivity policies, nonpayment, or Customer's violation of these Terms. Subject to applicable law, carrier requirements, and payment of undisputed amounts due, Company will use commercially reasonable efforts to support a valid port-out request for numbers assigned for Customer's exclusive use, but Company does not guarantee porting success, timing, or continued availability of any number or identifier controlled by a third party.

13. THIRD-PARTY SERVICES; INTEGRATIONS; SUBPROCESSORS

The Services may interoperate with Third-Party Services, including practice management systems, CRMs, payment processors, phone carriers, SMS providers, AI providers, calendar tools, email tools, analytics tools, registries, and other external platforms.

Customer acknowledges and agrees that:

• use of Third-Party Services may be subject to separate terms, privacy policies, and technical limitations;
• Company does not control and is not responsible for the availability, accuracy, security, or performance of Third-Party Services;
• Company may access, exchange, store, or process Customer Data with Third-Party Services as necessary to provide requested integrations and functionality and consistent with applicable law, these Terms, and any applicable BAA or data processing terms; and
• Company is not liable for outages, changes, restrictions, failures, or acts of Third-Party Services outside Company's reasonable control.

If Customer enables a Third-Party Service, Customer authorizes Company to permit the applicable Third-Party Service provider to access Customer Data as necessary for the enabled integration. Customer is responsible for reviewing and approving its use of each Third-Party Service.

13.1 Data Location and Cross-Border Processing

Company may process Customer Data using Company personnel and subprocessors located in the United States and, unless otherwise expressly stated in writing, other jurisdictions identified on Company's then-current subprocessor information. Such processing will remain subject to applicable law, these Terms, and any applicable BAA or data processing terms. Customer is responsible for determining whether Customer's own legal, contractual, regulatory, or professional obligations require restrictions on data location or cross-border processing and for notifying Company in writing of any such requirements agreed by the parties.

13.2 Subprocessor Information

Company will maintain and make available, whether through a public-facing subprocessor page or upon reasonable written request, information regarding material categories of subprocessors used to provide the Services and the countries in which Customer Data may be processed. Company may update its subprocessors from time to time and, where Company maintains a subprocessor notice mechanism, will use commercially reasonable efforts to provide advance notice of material new subprocessors or new countries of processing for Customer Data.

To the extent PHI is processed by a subprocessor, Company will ensure that appropriate downstream written obligations are in place as required by applicable law and any applicable BAA.

14. FEES, BILLING, SUBSCRIPTIONS, AND RENEWALS

14.1 Fees

Customer will pay all fees set forth in the applicable Order Form or checkout flow. All fees are stated in U.S. dollars unless otherwise specified and are non-refundable except as required by law or expressly stated in writing.

14.2 Taxes

Fees do not include taxes, duties, levies, or similar governmental charges, all of which are Customer's responsibility except taxes based on Company's net income.

14.3 Payment

Customer authorizes Company and its payment processors to charge the payment method on file for all amounts due. If payment is overdue, Company may suspend access to the Services after reasonable notice unless immediate suspension is justified by fraud risk or repeated nonpayment.

14.4 Subscription Terms

The initial subscription term and any renewal term will be stated in the applicable Order Form or subscription flow. Unless otherwise stated, subscriptions automatically renew for successive terms equal to the initial term.

14.5 Renewal Notice and Cancellation

Where required by law, Company will provide renewal reminders or disclosures. Customer may cancel automatic renewal before the next renewal date through the method described in the Order Form, subscription flow, account settings, or by written notice to Company, as applicable. Cancellation will take effect at the end of the then-current subscription term unless otherwise stated in writing.

For subscriptions entered into online, Customer may cancel online through the same account environment or through a cancellation mechanism that is at least as easy to use as the method used to enroll. Company will not require Customer to speak with or interact with a live or virtual representative to cancel unless Customer enrolled through that same method.

14.6 Recurring Billing Disclosures

To the extent recurring billing or automatic renewal applies, Company will present material recurring billing terms before purchase, including recurring charges, renewal timing, and cancellation method, in accordance with applicable law. Company will maintain cancellation mechanisms required by applicable law for covered offerings.

14.7 Billing Disputes and Chargebacks

Customer must notify Company promptly of any good-faith billing dispute. Customer agrees to make reasonable efforts to resolve any billing dispute directly with Company before initiating a chargeback. If a chargeback is initiated and Company reasonably determines that the chargeback was improper, Company may suspend the Services and pursue recovery of amounts owed and reasonable collection costs as permitted by law.

15. TERM AND TERMINATION

15.1 Term

These Terms begin on the earlier of the date Customer first accesses or uses the Services or the effective date of the first Order Form, and continue until terminated in accordance with these Terms.

15.2 Termination for Cause

Either party may terminate these Terms or an affected Order Form if the other party materially breaches these Terms and fails to cure that breach within thirty (30) days after written notice. For nonpayment of undisputed amounts, Company may suspend the Services in accordance with Section 14.3 and may terminate if Customer fails to cure the nonpayment within ten (10) days after written notice, or immediately in the event of fraud, repeated nonpayment, unlawful use, security risk, or breach not reasonably capable of cure.

15.3 Non-Renewal

Unless otherwise stated in an Order Form, either party may elect not to renew at the end of the then-current subscription term by providing notice before the renewal date. No party may terminate a fixed subscription term for convenience before the end of that term unless expressly permitted in the applicable Order Form.

15.4 Effect of Termination

Upon termination or expiration:

• except for any limited post-termination data export or retrieval rights expressly provided in Section 6.6, Customer's right to access and use the Services will end;
• Customer must stop using the Services;
• each party will return or destroy the other party's Confidential Information, subject to legal retention obligations; and
• Company may delete, anonymize, or retain Customer Data in accordance with its retention practices, applicable law, the applicable Order Form, any applicable BAA, and any applicable data processing terms, provided that nothing in these Terms permits Company to withhold, block, or condition access to or return of PHI or ePHI in a manner prohibited by applicable law or an applicable BAA.

15.5 Survival

Any provisions that by their nature should survive termination will survive, including provisions relating to fees owed, confidentiality, privacy, intellectual property, disclaimers, limitations of liability, indemnification, dispute resolution, and any BAA obligations that survive by their terms.

16. INTELLECTUAL PROPERTY

16.1 Company IP

Company and its licensors retain all right, title, and interest in and to the Services, including all software, models, prompts, templates, documentation, branding, workflows, know-how, algorithms, interfaces, designs, and all related intellectual property rights.

16.2 Feedback

If Customer provides suggestions, ideas, recommendations, or feedback regarding the Services, Company may use that feedback without restriction or obligation solely to the extent the feedback does not include Customer Data, Personal Information, PHI, or Confidential Information of Customer. Any Customer Data, Personal Information, PHI, or Confidential Information of Customer contained in feedback remains subject to Sections 6, 7, 8, 9, 10, and 11.5 and may be used only as otherwise permitted under these Terms, any applicable BAA, and applicable law. Company will not publicly identify Customer as the source without permission.

16.3 Reservation of Rights

Except for the limited rights expressly granted in these Terms, no rights are granted by either party, whether by implication, estoppel, or otherwise.

17. WARRANTIES; DISCLAIMERS

17.1 Mutual Authority

Each party represents and warrants that it has full power and authority to enter into these Terms.

17.2 Service Disclaimer

EXCEPT AS EXPRESSLY SET FORTH IN THESE TERMS, ANY APPLICABLE ORDER FORM, ANY APPLICABLE BAA, OR ANY APPLICABLE DATA PROCESSING TERMS, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE."

TO THE MAXIMUM EXTENT PERMITTED BY LAW, COMPANY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, QUIET ENJOYMENT, OR THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, SECURE, OR MEET CUSTOMER'S REQUIREMENTS.

COMPANY DOES NOT WARRANT THAT AI FEATURES OR AUTOMATED COMMUNICATIONS WILL BE ACCURATE, COMPLETE, CLINICALLY APPROPRIATE, LEGALLY COMPLIANT FOR CUSTOMER'S SPECIFIC USE CASE, OR FREE FROM ERRORS, HALLUCINATIONS, OR BIAS.

Company does not guarantee any particular business result, patient conversion rate, scheduling outcome, response rate, revenue increase, deliverability rate, throughput allocation, campaign approval, carrier acceptance, or marketing performance.

For clarity, the disclaimers in this Section do not limit Company's express obligations set forth in these Terms, any applicable Order Form, any applicable BAA, or any applicable data processing terms with respect to confidentiality, privacy, security, or data-use restrictions.

18. LIMITATION OF LIABILITY

18.1 Exclusion of Certain Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXCEPTFOR EXCLUDED CLAIMS, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR FOR ANY LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF GOODWILL, LOSS OF BUSINESS, BUSINESS INTERRUPTION, OR LOSS OF DATA, ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES; PROVIDED, HOWEVER, THAT THE FOREGOING WILL NOT EXCLUDE DIRECT DAMAGES CONSISTING OF REASONABLE COSTS TO RESTORE OR RECONSTRUCT CUSTOMER DATA TO THE EXTENT SUCH LOSS RESULTS FROM COMPANY'S MATERIAL BREACH OF ITS EXPRESS OBLIGATIONS UNDER THESE TERMS, AN APPLICABLE ORDER FORM, OR AN APPLICABLE BAA.

18.2 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, EXCEPT FOR EXCLUDED CLAIMS, EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS, THE SERVICES, AND ALL ORDER FORMS WILL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO COMPANY UNDER THE APPLICABLE ORDER FORM(S) DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM; PROVIDED, HOWEVER, THAT COMPANY'S TOTAL AGGREGATE LIABILITY FOR CLAIMS ARISING UNDER SECTION 19.3 OR FROM A MATERIAL SECURITY INCIDENT IN COMPANY'S SYSTEMS CAUSED BY COMPANY'S BREACH OF ITS EXPRESS OBLIGATIONS UNDER THESE TERMS WILL NOT EXCEED TWO (2) TIMES THAT AMOUNT.

18.3 Excluded Claims

For purposes of these Terms, "Excluded Claims" means:

• Customer's payment obligations;
• either party's breach of Section 7 (Confidentiality);
• Customer's unlawful use of the Services, including unlawful messaging, recording, privacy, or HIPAA violations caused by Customer;
• either party's gross negligence, fraud, or willful misconduct;
• either party's indemnification obligations under Section 19.1 or Section 19.2;
• obligations expressly governed by an applicable BAA, to the extent those obligations cannot lawfully be disclaimed or limited by these Terms; and
• Company's fraud, willful misconduct, or knowing unauthorized use or disclosure of Customer Data or PHI, or Company's knowing use of identifiable Customer Data or PHI for model training in material breach of Section 6.2, Section 6.3, Section 8, Section 9, Section 10, or Section 11.5.

18.4 Essential Basis

The parties agree that the disclaimers and limitations in these Terms are a fundamental part of the bargain between the parties and will apply even if any limited remedy fails of its essential purpose.

19. INDEMNIFICATION

19.1 Customer Indemnification

Customer will defend, indemnify, and hold harmless Company and its Affiliates, officers, directors, employees, contractors, agents, licensors, and subprocessors from and against any third-party claims, actions, investigations, demands, fines, penalties, damages, losses, liabilities, judgments, settlements, costs, and expenses, including reasonable attorneys' fees, to the extent arising out of or relating to:

• Customer Data;
• Customer's or its Authorized Users' use of the Services in violation of these Terms or applicable law;
• Customer's failure to obtain required consent for calls, messages, recordings, or AI-enabled communications;
• Customer's violation of HIPAA, privacy law, telemarketing law, TCPA-related requirements, CAN-SPAM requirements, registry requirements, carrier rules, or other communications laws;
• Customer's negligence, fraud, willful misconduct, or professional services provided by Customer; or
• a dispute between Customer and any patient, lead, contact, employee, contractor, or third party arising from Customer's use of the Services,

except, in each case, to the extent the claim arises from Company's breach of these Terms, any applicable Order Form, any applicable BAA, applicable law, Company's negligence or willful misconduct, Company's Security Incident, unauthorized disclosure, impermissible data use, or platform malfunction.

19.2 Company IP Indemnification

Company will defend Customer against any third-party claim alleging that the Services, as provided by Company and used by Customer in accordance with these Terms, directly infringe or misappropriate that third party's U.S. intellectual property rights, and Company will pay amounts finally awarded against Customer or included in a settlement approved by Company, provided that Customer promptly notifies Company of the claim, grants Company sole control of the defense and settlement, and provides reasonable cooperation at Company's expense.

Company will have no obligation under this Section to the extent a claim arises from:

• Customer Data;
• Customer's modification of the Services or use of the Services in combination with products, services, or data not provided by Company, if the claim would not have arisen but for such modification, combination, or use;
• use of the Services in violation of these Terms, Documentation, or applicable law; or
• continued use of allegedly infringing material after Company has provided a non-infringing replacement, modification, or termination right.

If the Services are, or in Company's opinion are likely to be, subject to such a claim, Company may, at its option: (a) procure the right for Customer to continue using the affected Services; (b) modify or replace the affected Services so they become non-infringing without materially reducing core functionality; or (c) terminate the affected Services and refund any prepaid, unused fees for the terminated portion of the subscription term.

19.3 Company Compliance Indemnification

Company will defend Customer against any third-party claim or written regulatory enforcement action brought against Customer, and will pay amounts finally awarded against Customer by a court of competent jurisdiction or included in a settlement approved by Company, to the extent arising out of or relating to:

• Company's material breach of Section 6, Section 8, Section 9, Section 10, or Section 11.5;
• Company's unauthorized use or disclosure of Customer Data in material breach of these Terms;
• a material Security Incident in Company's systems caused by Company's failure to comply with its express obligations under these Terms; or
• Company's violation of law applicable to Company in providing the Services,

in each case excluding amounts to the extent caused by Customer or its Authorized Users, Customer configurations, Customer Data, Third-Party Services selected or enabled by Customer, or Customer's violation of law or these Terms. Company will not be required to indemnify fines, penalties, or multiplied damages to the extent such indemnification is prohibited by law.

19.4 Procedure

The indemnifying party will have prompt notice of any indemnified claim, reasonable control of the defense and settlement, and the other party's reasonable cooperation at the indemnifying party's expense. The indemnified party may participate through its own counsel at its own expense. The indemnifying party may not settle any claim in a manner that admits liability on the indemnified party's behalf or imposes obligations on the indemnified party without the indemnified party's prior written consent, not to be unreasonably withheld.

20. GOVERNING LAW; VENUE

20.1 Governing Law

These Terms and any dispute, claim, or controversy arising out of or relating to these Terms or the Services will be governed by and construed in accordance with the laws of the State of Washington, without regard to its conflict-of-law principles.

20.2 Exclusive Venue

Subject to Section 20.3, the parties agree that any action, suit, or proceeding arising out of or relating to these Terms or the Services shall be brought exclusively in the state courts located in Snohomish County, Washington, or, if federal subject matter jurisdiction exists, in the United States District Court for the Western District of Washington, Seattle Division, and each party irrevocably submits to the personal jurisdiction of such courts and waives any objection based on improper venue or inconvenient forum to the maximum extent permitted by applicable law.

20.3 Injunctive Relief

Nothing in these Terms prevents either party from seeking temporary restraining orders, temporary injunctive relief, preliminary injunctive relief, or other interim equitable relief in any court of competent jurisdiction as necessary to prevent actual or threatened misuse or disclosure of its Confidential Information or infringement, misappropriation, or unauthorized use of its intellectual property or other proprietary rights; provided, however, that the merits of any underlying action, and any request for permanent relief except to the extent necessary to preserve the status quo pending transfer, shall be brought exclusively in the courts specified in Section 20.2.

21. PUBLICITY

Company will not publicly identify Customer by name or logo in Company's marketing materials, case studies, or customer lists without Customer's prior written consent, unless otherwise stated in an applicable Order Form.

22. FORCE MAJEURE

Company will not be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including acts of God, natural disasters, power outages, internet failures, carrier outages, registry outages, labor disputes, cyberattacks, denial-of-service attacks, government actions, epidemics, war, civil unrest, or failures of Third-Party Services outside Company's reasonable control.

23. EXPORT; SANCTIONS

Customer may not access, use, export, or re-export the Services except as authorized by U.S. law and other applicable laws. Customer represents that it is not located in, organized under the laws of, or ordinarily resident in any jurisdiction subject to comprehensive U.S. embargoes, and is not on any U.S. government restricted-party list.

24. ELECTRONIC COMMUNICATIONS

Customer consents to receive communications from Company electronically, including by email, through the Services, or by other electronic means. Customer agrees that all agreements, notices, disclosures, invoices, and other communications that Company provides electronically satisfy any legal requirement that such communications be in writing.

25. GENERAL

25.1 Entire Agreement

For users or Customers not subject to an applicable MSA, these Terms, together with the Privacy Policy, any applicable Order Form, any applicable BAA, and any applicable data processing terms, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous discussions, proposals, and agreements relating to that subject matter.

If Customer has executed an applicable MSA, then the MSA, together with any applicable Order Form, any applicable BAA, and any applicable data processing terms, constitutes the entire agreement between the parties with respect to the Services and supersedes these Terms to the extent of any conflict.

25.2 Order of Precedence

If Customer is subject to an applicable MSA and there is a conflict, the order of precedence is: (1) the applicable BAA, solely with respect to PHI matters; (2) the applicable data processing addendum or other data processing terms, solely with respect to privacy, security, Personal Information, and related compliance subject matter addressed therein; (3) the applicable Order Form, solely with respect to the specific Services, fees, and commercial terms expressly set forth in that Order Form; (4) the applicable MSA; (5) these Terms; and (6) the Privacy Policy; provided, however, that for Company's public-facing privacy disclosures, customer-facing consent language, and statements regarding Company's handling of Customer Data, PHI, SMS consent records, AI training restrictions, tracking technologies, and disclosure practices, the more protective statement will control as provided in Section 9, unless otherwise required by law or expressly agreed in a signed BAA, Order Form, or data processing addendum.

If Customer is not subject to an applicable MSA and there is a conflict, the order of precedence is: (1) the applicable BAA, solely with respect to PHI matters; (2) the applicable data processing addendum or other data processing terms, solely with respect to privacy, security, Personal Information, and related compliance subject matter addressed therein; (3) the applicable Order Form, solely with respect to the specific Services, fees, and commercial terms expressly set forth in that Order Form; (4) these Terms; and (5) the Privacy Policy; provided, however, that for Company's public-facing privacy disclosures, customer-facing consent language, and statements regarding Company's handling of Customer Data, PHI, SMS consent records, AI training restrictions, tracking technologies, and disclosure practices, the more protective statement will control as provided in Section 9, unless otherwise required by law or expressly agreed in a signed BAA, Order Form, or data processing addendum.

25.3 Assignment

Customer may not assign or transfer these Terms or any rights or obligations hereunder without Company's prior written consent, except in connection with a merger, acquisition, or sale of substantially all of Customer's assets, provided the assignee agrees in writing to be bound by these Terms. Company may assign these Terms in connection with a merger, acquisition, corporate reorganization, or sale of substantially all of its assets.

25.4 Independent Contractors

The parties are independent contractors. These Terms do not create a partnership, joint venture, fiduciary, employment, franchise, or agency relationship.

25.5 No Third-Party Beneficiaries

Except as expressly stated in these Terms, there are no third-party beneficiaries to these Terms.

25.6 Severability

If any provision of these Terms is held unenforceable, the remaining provisions will remain in full force and effect, and the unenforceable provision will be enforced to the maximum extent permitted by law.

25.7 Waiver

A party's failure to enforce any provision of these Terms will not constitute a waiver of future enforcement of that or any other provision.

25.8 Notices

Legal notices under these Terms must be in writing. Notices to Company must be sent to [email protected], Attn: Legal, and to the physical notice address listed in Section 26, unless Company designates an updated notice address in an applicable Order Form, on Company's website, or through the Services. Notices to Customer may be sent by email, recognized courier, or certified mail to the contact information designated in the applicable Order Form or account records.

25.9 Children's Data

The Services are business-to-business tools and are not directed to children under 13 as a consumer audience. To the extent Customer uses the Services to collect or process information relating to minors or pediatric patients in connection with Customer's healthcare operations, Company processes such information solely on Customer's behalf and subject to applicable law, these Terms, and any applicable BAA or data processing terms. Company does not knowingly market the Services to children or collect children's personal information for Company's own independent consumer purposes.

26. CONTACT INFORMATION

Dental Boost

A service operated by Revenue Rocket LLC

Email: [email protected]

Website: https://dentalboost.ai/

Address: 522 W Riverside Ave Suite N, Spokane, WA 99201, United States