Posted/Revised: March 17, 2021

TERMS OF SERVICE

PLEASE READ THESE TERMS OF SERVICE CAREFULLY. BY CLICKING “I HAVE READ AND AGREE TO BITE-SIZE HIPAA’S PRIVACY POLICY AND TERMS OF SERVICE”, CUSTOMER AGREES TO THESE TERMS AND CONDITIONS.

These Terms of Service constitute an agreement (this “Agreement”) by and between Small Horse DBA Bite-Size HIPAA, a Delaware corporation (“Bite-Size HIPAA”) and the individual or business entity executing this Agreement (“Customer”). This Agreement is effective as of the date Customer clicks “I have read and agree to Bite-Size HIPAA’s Privacy Policy and Terms of Service” (the “Effective Date”). Customer’s use of and Bite-Size HIPAA’s provision of the System (as defined below in Section 1.6) are governed by this Agreement.

EACH PARTY ACKNOWLEDGES THAT IT HAS READ THIS AGREEMENT, UNDERSTANDS IT, AND AGREES TO BE BOUND BY ITS TERMS, AND THAT THE PERSON ACCEPTING ON ITS BEHALF HAS BEEN AUTHORIZED TO DO SO. THE PERSON ACCEPTING THIS AGREEMENT ON CUSTOMER’S BEHALF REPRESENTS THAT HE OR SHE HAS THE AUTHORITY TO BIND CUSTOMER TO THESE TERMS AND CONDITIONS.

1.  DEFINITIONS. The following capitalized terms shall have the following meanings whenever used in this Agreement.

1.1. “Customer Data” means data in electronic form input or collected through the System by or from Customer, including without limitation by Customer’s Users.

1.2. “Order” means an order for access to the System created by either 1) checking out on the Bite-Size HIPAA website, or 2) executing a separate order document directly with Small Horse.

1.3. “Privacy Policy” means Bite-Size HIPAA’s privacy policy, currently posted at https://bitesizehipaa.com/page/privacy-policy.

1.4. “System” means Bite-Size HIPAA’s online HIPAA training and compliance management tool located at https://bitesizehipaa.com.

1.5. “Term” is defined in Section 11.1 below.

1.6. “User” means any individual who uses the System on Customer’s behalf or through Customer’s account or passwords, whether authorized or not.

1.7. “Website” means the Bite-Size HIPAA website located at https://bitesizehipaa.com.

2.  THE SYSTEM. 

2.1. Use of the System. During the Term, Customer may access and use the System pursuant to: (a) the terms of any outstanding Order, including such features and functions as the Order requires; and (b) Bite-Size HIPAA’s policies posted on its Website, as such policies may be updated from time to time.

2.2. System Revisions. Bite-Size HIPAA may revise System features and functions at any time, including without limitation by removing such features and functions or reducing service levels. If any such revision to the System materially reduces features or functionality provided pursuant to an Order, Customer may within 30 days of notice of the revision terminate such Order, without cause, or terminate this Agreement without cause if such Order is the only one outstanding. 

3.  SYSTEM FEES. Customer shall pay Bite-Size HIPAA the fee set forth in each Order (the “Subscription Fee”) for each Term. Bite-Size HIPAA will not be required to refund the Subscription Fee under any circumstances.

4.  CUSTOMER DATA & PRIVACY. 

4.1. Use of Customer Data. Unless it receives Customer’s prior written consent, Bite-Size HIPAA: (a) shall not access, process, or otherwise use Customer Data other than as necessary to facilitate the System; and (b) shall not intentionally grant any third party access to Customer Data, including without limitation Bite-Size HIPAA’s other customers, except subcontractors that are subject to a reasonable nondisclosure agreement. Notwithstanding the foregoing, Bite-Size HIPAA may disclose Customer Data as required by applicable law or by proper legal or governmental authority. Bite-Size HIPAA shall give Customer prompt notice of any such legal or governmental demand and reasonably cooperate with Customer in any effort to seek a protective order or otherwise to contest such required disclosure, at Customer’s expense.

4.2. Privacy Policy. The Privacy Policy applies only to the System and does not apply to any third party website or service linked to the System or recommended or referred to through the System or by Bite-Size HIPAA’s staff.

4.3. Risk of Exposure. Customer recognizes and agrees that hosting data online involves risks of unauthorized disclosure or exposure and that, in accessing and using the System, Customer assumes such risks. Bite-Size HIPAA offers no representation, warranty, or guarantee that Customer Data will not be exposed or disclosed through errors or the actions of third parties.

4.4. Data Accuracy. Bite-Size HIPAA shall have no responsibility or liability for the accuracy of data uploaded to the System by Customer, including without limitation Customer Data and any other data uploaded by Users.

4.5. Data Deletion. Bite-Size HIPAA may permanently erase Customer Data if Customer’s account is delinquent, suspended, or terminated for 30 days or more.

4.6. Protected Health Information. Customer represents and warrants that Customer Data does not and will not include, and Customer has not and shall not upload or transmit to Bite-Size HIPAA's computers or other media, any data defined as Protected Health Information (“PHI”) under the Health Insurance Portability and Accountability Act (“HIPAA"). CUSTOMER RECOGNIZES AND AGREES THAT: (a) BITE-SIZE HIPAA HAS NO LIABILITY FOR ANY FAILURE TO PROTECT PHI, AND (b) BITE-SIZE HIPAA’S SYSTEMS ARE NOT INTENDED FOR MANAGEMENT OR PROTECTION OF PHI AND MAY NOT PROVIDE ADEQUATE OR LEGALLY REQUIRED SECURITY FOR PHI. 

4.7. Aggregate & Anonymized Data. Notwithstanding the provisions above of this Article 4, Bite-Size HIPAA may use, reproduce, sell, publicize, or otherwise exploit Aggregate Data in any way, in its sole discretion. (“Aggregate Data” refers to Customer Data with the following removed: personally identifiable information and the names and addresses of Customer and any of its Users or customers.)

5.  CUSTOMER’S RESPONSIBILITIES & RESTRICTIONS.

5.1. Acceptable Use. Customer shall not: (a) use the System for service bureau or time-sharing purposes or in any other way allow third parties to exploit the System; (b) provide System passwords or other log-in information to any third party; (c) share non-public System features or content with any third party; or (d) access the System in order to build a competitive product or service, to build a product using similar ideas, features, functions or graphics of the System, or to copy any ideas, features, functions or graphics of the System. In the event that it suspects any breach of the requirements of this Section 5.1, including without limitation by Users, Bite-Size HIPAA may suspend Customer’s access to the System without advanced notice, in addition to such other remedies as Bite-Size HIPAA may have. Nothing in this Agreement requires that Bite-Size HIPAA take any action against Customer or any User or other third party for violating this Section 5.1, but Bite-Size HIPAA is free to take any such action it sees fit.

5.2. Unauthorized Access. Customer shall take reasonable steps to prevent unauthorized access to the System, including without limitation by protecting its passwords and other log-in information. Customer shall notify Bite-Size HIPAA immediately of any known or suspected unauthorized use of the System or breach of its security and shall use best efforts to stop said breach.

5.3. Compliance with Laws. In its use of the System, Customer shall comply with all applicable laws, including without limitation laws governing the protection of personally identifiable information and other laws applicable to the protection of Customer Data.

5.4. Users & System Access. Customer is responsible and liable for: (a) Users’ use of the System, including without limitation unauthorized User conduct and any User conduct that would violate the requirements of this Agreement applicable to Customer; and (b) any use of the System through Customer’s account, whether authorized or unauthorized.

6.  IP & FEEDBACK. 

6.1. IP Rights to the System. Bite-Size HIPAA retains all right, title, and interest in and to the System, including without limitation all software used to provide the System and all graphics, user interfaces, logos, and trademarks reproduced through the System. This Agreement does not grant Customer any intellectual property license or rights in or to the System or any of its components. Customer recognizes that the System and its components are protected by copyright and other laws.

6.2. Feedback. Bite-Size HIPAA has not agreed to and does not agree to treat as confidential any Feedback (as defined below) Customer or Users provide to Bite-Size HIPAA, and nothing in this Agreement or in the parties’ dealings arising out of or related to this Agreement will restrict Bite-Size HIPAA’s right to use, profit from, disclose, publish, keep secret, or otherwise exploit Feedback, without compensating or crediting Customer or the User in question. (“Feedback” refers to any suggestion or idea for improving or otherwise modifying any of Bite-Size HIPAA’s products or services.)

7.  CONFIDENTIAL INFORMATION. “Confidential Information” refers to the following items Bite-Size HIPAA discloses to Customer: (a) any document Bite-Size HIPAA marks “Confidential”; (b) any information Bite-Size HIPAA orally designates as “Confidential” at the time of disclosure, and (c) any other nonpublic, sensitive information disclosed by Bite-Size HIPAA, whether or not marked or designated “Confidential.” Notwithstanding the foregoing, Confidential Information does not include information that: (i) is in Customer’s possession at the time of disclosure; (ii) is independently developed by Customer without use of or reference to Confidential Information; (iii) becomes known publicly, before or after disclosure, other than as a result of Customer’s improper action or inaction; or (iv) is approved for release in writing by Customer. Customer is on notice that the Confidential Information may include Bite-Size HIPAA’s valuable trade secrets.

7.1. Nondisclosure. Customer shall not use Confidential Information for any purpose other than using the System for Customer’s internal business purposes (the “Purpose”). Customer: (a) shall not disclose Confidential Information to any employee or contractor of Customer unless such person needs access in order to facilitate the Purpose and executes a nondisclosure agreement with Customer with terms no less restrictive than those of this Article 7; and (b) shall not disclose Confidential Information to any other third party without Bite-Size HIPAA’s prior written consent. Without limiting the generality of the foregoing, Customer shall protect Confidential Information with the same degree of care it uses to protect its own confidential information of similar nature and importance, but with no less than reasonable care. Customer shall promptly notify Bite-Size HIPAA of any misuse or misappropriation of Confidential Information that comes to Customer’s attention. Notwithstanding the foregoing, Customer may disclose Confidential Information as required by applicable law or by proper legal or governmental authority. Customer shall give Bite-Size HIPAA prompt notice of any such legal or governmental demand and reasonably cooperate with Bite-Size HIPAA in any effort to seek a protective order or otherwise to contest such required disclosure, at Bite-Size HIPAA’s expense.

7.2. Injunction. Customer agrees that breach of this Article 7 would cause Bite-Size HIPAA irreparable injury, for which monetary damages would not provide adequate compensation, and that in addition to any other remedy, Bite-Size HIPAA will be entitled to injunctive relief against such breach or threatened breach, without proving actual damage or posting a bond or other security.

7.3. Termination & Return. With respect to each item of Confidential Information, the obligations of Section 7.1 above (Nondisclosure) will terminate five years after the date of disclosure; provided that such obligations related to Confidential Information constituting Bite-Size HIPAA’s trade secrets shall continue so long as such information remains subject to trade secret protection pursuant to applicable law. Upon termination of this Agreement, Customer shall return all copies of Confidential Information to Bite-Size HIPAA or certify, in writing, the destruction thereof.

7.4. Retention of Rights. This Agreement does not transfer ownership of Confidential Information or grant a license thereto. Bite-Size HIPAA will retain all right, title, and interest in and to all Confidential Information.

8.  REPRESENTATIONS & WARRANTIES. 

8.1. From Bite-Size HIPAA. Bite-Size HIPAA represents and warrants that it is the owner of the System and of each and every component thereof, or the recipient of a valid license thereto, and that it has and will maintain the full power and authority to grant the rights granted in this Agreement without the further consent of any third party. Bite-Size HIPAA’s representations and warranties in the preceding sentence do not apply to use of the System in combination with hardware or software not provided by Bite-Size HIPAA. In the event of a breach of the warranty in this Section 8.1, Bite-Size HIPAA, at its own expense, will promptly take the following actions: (a) secure for Customer the right to continue using the System; (b) replace or modify the System to make it noninfringing; or (c) terminate the infringing features of the Service and refund to Customer any prepaid fees for such features, in proportion to the portion of the Term left after such termination. In conjunction with Customer’s right to terminate for breach where applicable, the preceding sentence states Bite-Size HIPAA’s sole obligation and liability, and Customer’s sole remedy, for breach of the warranty in this Section 8.1 and for potential or actual intellectual property infringement by the System.

8.2. From Customer. Customer represents and warrants that: (a) it has the full right and authority to enter into, execute, and perform its obligations under this Agreement and that no pending or threatened claim or litigation known to it would have a material adverse impact on its ability to perform as required by this Agreement; (b) it has accurately identified itself and it has not provided any inaccurate information about itself to or through the System; and (c) it is a corporation, the sole proprietorship of an individual 18 years or older, or another entity authorized to do business pursuant to applicable law.

8.3. Warranty Disclaimers. Except to the extent set forth in Section 8.1 above, CUSTOMER ACCEPTS THE SYSTEM “AS IS” AND AS AVAILABLE, WITH NO REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY IMPLIED WARRANTY ARISING FROM STATUTE, COURSE OF DEALING, COURSE OF PERFORMANCE, OR USAGE OF TRADE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING: (a) BITE-SIZE HIPAA HAS NO OBLIGATION TO INDEMNIFY OR DEFEND CUSTOMER OR USERS AGAINST CLAIMS RELATED TO INFRINGEMENT OF INTELLECTUAL PROPERTY; (b) BITE-SIZE HIPAA DOES NOT REPRESENT OR WARRANT THAT THE SYSTEM WILL PERFORM WITHOUT INTERRUPTION OR ERROR; AND (c) BITE-SIZE HIPAA DOES NOT REPRESENT OR WARRANT THAT THE SYSTEM IS SECURE FROM HACKING OR OTHER UNAUTHORIZED INTRUSION OR THAT CUSTOMER DATA WILL REMAIN PRIVATE OR SECURE. 

9.  INDEMNIFICATION. Customer shall defend, indemnify, and hold harmless Bite-Size HIPAA and the Bite-Size HIPAA Associates (as defined below) against any “Indemnified Claim,” meaning any third party claim, suit, or proceeding arising out of or related to Customer's alleged or actual use of, misuse of, or failure to use the System, including without limitation: (a) claims by Users or by Customer's employees, as well as by Customer’s own customers; (b) claims related to unauthorized disclosure or exposure of personally identifiable information or other private information, including Customer Data; (c) claims related to infringement or violation of a copyright, trademark, trade secret, or privacy or confidentiality right by written material, images, logos or other content uploaded to the System through Customer’s account, including without limitation by Customer Data; and (d) claims that use of the System through Customer’s account harasses, defames, or defrauds a third party or violates the CAN-Spam Act of 2003 or any other law or restriction on electronic advertising. Indemnified Claims include, without limitation, claims arising out of or related to Bite-Size HIPAA’s negligence. Customer’s obligations set forth in this Article 9 include retention and payment of attorneys and payment of court costs, as well as settlement at Customer’s expense and payment of judgments. Bite-Size HIPAA will have the right, not to be exercised unreasonably, to reject any settlement or compromise that requires that it admit wrongdoing or liability or subjects it to any ongoing affirmative obligations. (The “Bite-Size HIPAA Associates” are Bite-Size HIPAA’s officers, directors, shareholders, parents, subsidiaries, agents, successors, and assigns.)

10.  LIMITATION OF LIABILITY.

10.1. Dollar Cap. BITE-SIZE HIPAA’S LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT WILL NOT EXCEED THE AMOUNT PAID BY CUSTOMER TO BITE-SIZE HIPAA DURING THE PREVIOUS TWELVE MONTH PERIOD PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.

10.2. Exclusion of Consequential Damages. IN NO EVENT WILL BITE-SIZE HIPAA BE LIABLE TO CUSTOMER FOR ANY CONSEQUENTIAL, INDIRECT, SPECIAL, INCIDENTAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT.

10.3. Clarifications & Disclaimers. THE LIABILITIES LIMITED BY THIS ARTICLE 10 APPLY: (a) TO LIABILITY FOR NEGLIGENCE; (b) REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, STRICT PRODUCT LIABILITY, OR OTHERWISE; (c) EVEN IF BITE-SIZE HIPAA IS ADVISED IN ADVANCE OF THE POSSIBILITY OF THE DAMAGES IN QUESTION AND EVEN IF SUCH DAMAGES WERE FORESEEABLE; AND (d) EVEN IF CUSTOMER’S REMEDIES FAIL OF THEIR ESSENTIAL PURPOSE. If applicable law limits the application of the provisions of this Article 10, Bite-Size HIPAA’s liability will be limited to the maximum extent permissible. For the avoidance of doubt, Bite-Size HIPAA’s liability limits and other rights set forth in this Article 10 apply likewise to Bite-Size HIPAA’s affiliates, licensors, suppliers, advertisers, agents, sponsors, directors, officers, employees, consultants, and other representatives.

11.  Term & Termination.

11.1. Term. The term of this Agreement (the “Term”) shall commence on the Effective Date and continue for the period set forth in the Order or, if none, for twelve months. Thereafter, the Term will renew for successive one-month periods, unless either party refuses such renewal by written notice 30 or more days before the renewal date.

11.2. Termination. Either party may terminate this Agreement for any reason or no reason by providing 30 days written notice to the other party.

11.3. Effects of Termination. Upon termination of this Agreement, Customer shall cease all use of the System and delete, destroy, or return all copies of any documentation in its possession or control. The following provisions will survive termination or expiration of this Agreement: (a) any obligation of Customer to pay fees incurred before termination; (b) Articles and Sections 6 (IP & Feedback), 7 (Confidential Information), 8.3 (Warranty Disclaimers), 9 (Indemnification), and 10 (Limitation of Liability); and (c) any other provision of this Agreement that must survive to fulfill its essential purpose.

12.MISCELLANEOUS.

12.1. Independent Contractors. The parties are independent contractors and will so represent themselves in all regards. Neither party is the agent of the other, and neither may make commitments on the other’s behalf. The parties agree that no Bite-Size HIPAA employee or contractor will be an employee of Customer.

12.2. Notices. Bite-Size HIPAA may send notices pursuant to this Agreement to Customer’s email contact points provided by Customer, and such notices will be deemed received 24 hours after they are sent. Customer may send notices pursuant to this Agreement to support(at)bitesizehipaa(dot)com and such notices will be deemed received 24 hours after they are sent.

12.3. Force Majeure. No delay, failure, or default, other than a failure to pay fees when due, will constitute a breach of this Agreement to the extent caused by acts of war, terrorism, hurricanes, earthquakes, other acts of God or of nature, strikes or other labor disputes, riots or other acts of civil disorder, embargoes, or other causes beyond the performing party’s reasonable control.

12.4. Assignment & Successors. Customer may not assign this Agreement or any of its rights or obligations hereunder without Bite-Size HIPAA’s express written consent. Except to the extent forbidden in this Section 12.4, this Agreement will be binding upon and inure to the benefit of the parties’ respective successors and assigns.

12.5. Severability. To the extent permitted by applicable law, the parties hereby waive any provision of law that would render any clause of this Agreement invalid or otherwise unenforceable in any respect. In the event that a provision of this Agreement is held to be invalid or otherwise unenforceable, such provision will be interpreted to fulfill its intended purpose to the maximum extent permitted by applicable law, and the remaining provisions of this Agreement will continue in full force and effect.

12.6. No Waiver. Neither party will be deemed to have waived any of its rights under this Agreement by lapse of time or by any statement or representation other than by an authorized representative in an explicit written waiver. No waiver of a breach of this Agreement will constitute a waiver of any other breach of this Agreement.

12.7. Choice of Law & Jurisdiction: This Agreement will be governed solely by the internal laws of the State of Idaho, without reference to: (a) any conflicts of law principle that would apply the substantive laws of another jurisdiction to the parties’ rights or duties; (b) the 1980 United Nations Convention on Contracts for the International Sale of Goods; or (c) other international laws. The parties consent to the personal and exclusive jurisdiction of the federal and state courts of Ada County, Idaho.

12.8. Conflicts. In the event of any conflict between this Agreement and any Bite-Size HIPAA policy posted online, including the Privacy Policy, the terms of this Agreement will govern.

12.9. Construction. The parties agree that the terms of this Agreement result from negotiations between them. This Agreement will not be construed in favor of or against either party by reason of authorship.

12.10. Technology Export. Customer shall not: (a) permit any third party to access or use the System in violation of any U.S. law or regulation; or (b) export any software provided by Bite-Size HIPAA or otherwise remove it from the United States except in compliance with all applicable U.S. laws and regulations. Without limiting the generality of the foregoing, Customer shall not permit any third party to access or use the System in, or export such software to, a country subject to a United States embargo (as of the Effective Date, Cuba, Iran, North Korea, Sudan, and Syria).

12.11. Entire Agreement. This Agreement sets forth the entire agreement of the parties and supersedes all prior or contemporaneous writings, negotiations, and discussions with respect to its subject matter. Neither party has relied upon any such prior or contemporaneous communications.

12.12. Amendment. Bite-Size HIPAA may amend this Agreement from time to time by posting an amended version at its Website and sending Customer written notice thereof. Such amendment will be deemed accepted and become effective 30 days after such notice (the “Proposed Amendment Date”) unless Customer first gives Bite-Size HIPAA written notice of rejection of the amendment. In the event of such rejection, this Agreement will continue under its original provisions, and the amendment will become effective at the start of Customer’s next Term following the Proposed Amendment Date (unless Customer first terminates this Agreement pursuant to Article 11, Term & Termination). Customer’s continued use of the Service following the effective date of an amendment will confirm Customer’s consent thereto. This Agreement may not be amended in any other way except through a written agreement by authorized representatives of each party. Notwithstanding the foregoing provisions of this Section 12.12, Bite-Size HIPAA may revise the Privacy Policy and any other policies at any time by posting a new version to the Website, and such new version will become effective on the date it is posted.