Enterprise Agreement

This Enterprise Agreement (“Agreement” or “MSA”) is entered into by and between the entity identified on the applicable Order Form (“Customer”) and Rymeda, Inc., a Delaware corporation with its principal place of business in California (“Rymeda”), collectively the “Parties.” This Agreement establishes the master terms under which Customer may purchase and use Rymeda's enterprise healthcare SaaS platform and related professional services. Together with all executed Order Forms and referenced policies, it constitutes the entire agreement between the Parties and supersedes all prior negotiations and agreements. In the event of conflict between this Agreement and an Order Form, the Order Form controls for the specific services and terms set forth therein.

1. Definitions

2. Services & Platform

2.1 Platform Description

Rymeda provides a HIPAA-compliant healthcare infrastructure platform that includes the following capabilities, subject to the modules selected in Customer's Order Form:

• Electronic Health Records (EHR): Patient demographics, clinical charts, problems (ICD-10), medications, allergies, vital signs, lab results, treatment plans, and care team coordination
• Telehealth: HIPAA-compliant video consultations powered by 100ms with scheduling integration, waiting rooms, and session recording (with consent)
• Clinical AI (ORIS): AI-powered clinical decision support, task generation, daily runbooks, and clinical guidance with built-in safety guardrails (emergency detection, blocked content filtering, rate limiting)
• Voice Documentation: Voice recording of clinical encounters, automated transcription via OpenAI Whisper, AI-generated SOAP notes with suggested ICD-10 codes and confidence scores
• Secure Messaging: Encrypted provider-to-patient and provider-to-provider messaging with attachments, priority levels, and read receipts
• Billing & Claims: Invoice creation with CPT codes, insurance claims lifecycle management (draft, submitted, accepted, denied, paid), payment processing via Stripe, and payer-ready exports

2.2 Incorporated Policies

The following policies are incorporated by reference and form part of this Agreement: Terms of Service, Privacy Policy, Acceptable Use Policy, Service Level Agreement, Business Associate Agreement, and Data Processing Agreement. In the event of a conflict, this Agreement shall control for enterprise-specific matters, and the BAA shall control for PHI-related obligations.

2.3 Professional Services

Rymeda may provide implementation, data migration, configuration, training, and advisory services as specified in the Order Form, on a time-and-materials or fixed-fee basis. Enterprise accounts receive a dedicated Customer Success Manager.

3. Order Forms

3.1 Order Form Requirements

Each Order Form specifies: (a) Services and modules; (b) Authorized Users count; (c) Subscription Term; (d) fees and payment schedule; (e) implementation milestones; (f) custom terms or integrations; and (g) volume discounts.

3.2 Custom Pricing & Volume Licensing

Enterprise pricing is per-Order Form and may include volume discounts, multi-year commitment discounts, bundled module pricing, and custom professional services fees. Volume licensing tiers are available for twenty-five (25) or more Authorized Users.

3.3 Implementation

Rymeda shall deliver implementation per the Order Form timeline. Standard enterprise implementation includes: environment provisioning, data migration, SSO integration, role-based access configuration, staff training, go-live support, and a thirty (30)-day post-launch stabilization period. Customer shall provide reasonable cooperation, including timely access to systems, data, and personnel.

4. Service Level Agreement

4.1 Uptime Commitment

Rymeda commits to 99.9% Monthly Uptime Percentage for production Services, as defined in the SLA. Calculated as: (total minutes minus Downtime) / total minutes, expressed as a percentage.

4.2 Service Credits

If Rymeda fails to meet the 99.9% uptime commitment in any calendar month, Customer is entitled to service credits as follows:

Credits are applied against future invoices, are Customer's sole remedy for uptime failures, and must be requested within thirty (30) days of month end.

4.3 Exclusions

Uptime excludes: (a) scheduled maintenance (48 hours' notice); (b) emergency maintenance for security; (c) force majeure; (d) Customer equipment or network failures; (e) third-party outages (AWS, MongoDB Atlas, Stripe); and (f) beta or preview features.

5. Customer Obligations

5.1 Data Accuracy

Customer is responsible for the accuracy, quality, and legality of all data submitted to the Platform, including patient records, clinical documentation, billing codes, and provider credentials. Rymeda is not liable for errors resulting from inaccurate or incomplete data provided by Customer.

5.2 Authorized Use & User Management

Customer shall ensure only Authorized Users access the Platform with unique, non-shared accounts. Customer shall assign appropriate clinical roles based on least privilege and promptly deactivate accounts for terminated personnel.

5.3 HIPAA Compliance

Customer shall comply with HIPAA and the HITECH Act for PHI processed through the Platform, execute the BAA prior to PHI processing, and obtain all required patient consents (telehealth, voice recording per Cal. Penal Code §632, AI disclosure per California AB 3030).

5.4 Acceptable Use

Customer and Authorized Users shall comply with the Acceptable Use Policy. Customer is responsible for violations by its Authorized Users and shall take prompt corrective action upon notification.

6. Data Ownership & Processing

6.1 Customer Data Ownership

Customer retains all right, title, and interest in and to all data submitted to or generated through the Platform by Customer and its Authorized Users (“Customer Data”), including patient records, clinical documentation, billing data, and organizational records. Rymeda acquires no ownership interest in Customer Data.

6.2 Limited License to Process

Customer grants Rymeda a limited, non-exclusive license to process Customer Data solely to: (a) provide the Services; (b) maintain security; (c) comply with law; and (d) generate de-identified analytics (with prior written consent only).

6.3 AI Training Prohibition

6.4 Data Processing Agreement

Rymeda processes Customer Data per the Data Processing Agreement, which governs processing scope, sub-processors, international transfers, data subject rights, and breach notification.

7. Security & Compliance

7.1 Security Standards

Rymeda maintains safeguards per the HIPAA Security Rule (45 CFR Part 164, Subpart C). Details are in the Information Security Policy. Key measures include:

• Encryption: AES-256 at rest with per-tenant AWS KMS keys; TLS 1.3 for all data in transit
• Access Control: Role-based access control with nine clinical sub-roles; JWT authentication; unique user identification
• Tenant Isolation: Complete data separation between tenants with isolated compute, storage, and network boundaries
• Audit Logging: Immutable, append-only audit trails with six (6)-year retention
• Network Security: VPC isolation, WAF protection, DDoS mitigation, and API Gateway rate limiting

7.2 HIPAA Compliance

Rymeda operates as a Business Associate under HIPAA. Customer must execute the BAA as a condition of this Agreement. The BAA governs PHI obligations including permitted uses, safeguards, breach notification, and subcontractor management.

7.3 SOC 2 Type II

Rymeda is pursuing SOC 2 Type II certification and shall make audit reports available upon request. Rymeda shall notify Customer within thirty (30) days of achieving certification.

7.4 Penetration Testing

Rymeda conducts annual penetration testing by independent third parties, continuous vulnerability scanning, and maintains a responsible disclosure program per the Information Security Policy. Summary findings are available to enterprise customers upon request.

8. Intellectual Property

8.1 Rymeda IP

Rymeda retains all right, title, and interest in the Platform, including software, source code, algorithms, AI models (including ORIS), interfaces, designs, trademarks, and documentation. The Platform is protected by U.S. and international intellectual property laws, including the Copyright Act (17 U.S.C. §§101 et seq.) and the Lanham Act (15 U.S.C. §§1051 et seq.).

8.2 Customer IP

Customer retains all right, title, and interest in and to Customer Data, Customer's trademarks, and any pre-existing intellectual property. Nothing in this Agreement transfers ownership of Customer's intellectual property to Rymeda.

8.3 Restrictions

Customer shall not: (a) reverse engineer, decompile, or attempt to derive source code of the Platform or AI models; (b) create derivative works; (c) sublicense, resell, or redistribute access; (d) use the Platform to develop a competing product; or (e) remove proprietary notices or branding.

8.4 Feedback

If Customer provides suggestions or feedback regarding the Platform, Customer grants Rymeda a perpetual, irrevocable, non-exclusive, royalty-free license to use and commercialize such feedback. Feedback shall not include Customer Data or PHI.

9. Payment Terms

9.1 Fees

Customer shall pay the fees specified in the applicable Order Form. Enterprise subscriptions are available on annual or multi-year terms. All fees are quoted in United States Dollars (USD) and are non-refundable except as expressly provided in this Agreement or the Order Form.

9.2 Invoicing & Payment

Rymeda shall invoice per the Order Form schedule (annually or quarterly in advance). Payment is due within thirty (30) days of invoice date (Net-30). Payments are processed through Stripe, Inc.; wire transfer and ACH are also accepted. Late payments accrue interest at 1.5% per month or the maximum rate permitted by law, whichever is less.

9.3 Taxes

Fees are exclusive of taxes. Customer is responsible for all sales, use, VAT, and similar taxes, excluding taxes on Rymeda's net income. If withholding is required, Customer shall gross up payment so Rymeda receives the full invoiced amount.

9.4 Price Changes

Fees are fixed for the current Subscription Term. Rymeda may adjust renewal pricing upon sixty (60) days' notice. Renewal increases shall not exceed ten percent (10%) per year unless a scope change is mutually agreed.

10. Term & Termination

10.1 Initial Term

The initial Subscription Term shall be as specified in the Order Form, typically twelve (12) or twenty-four (24) months commencing on the Effective Date.

10.2 Auto-Renewal

Unless either Party provides non-renewal notice at least sixty (60) days before term end, the Agreement auto-renews for successive periods equal to the initial term (or one year, whichever is shorter) at then-current pricing.

10.3 Termination for Cause

Either Party may terminate upon thirty (30) days' written notice if the other Party materially breaches and fails to cure within the notice period. If Customer terminates for cause, Rymeda shall provide a pro-rata refund of prepaid fees for the unused Subscription Term.

10.4 Termination for Convenience

Either Party may terminate for convenience upon ninety (90) days' written notice. If Customer terminates for convenience, remaining Subscription Term fees are due. If Rymeda terminates for convenience, Rymeda shall provide a pro-rata refund of prepaid fees.

10.5 Data Export on Termination

Upon termination or expiration, Rymeda shall provide a thirty (30)-day data export window during which Customer may export all Customer Data in machine-readable format (JSON, CSV, or PDF). Rymeda shall assist with data export at no additional charge. After the export window, Rymeda shall delete Customer Data per the DPA, subject to legal retention requirements (including the six (6)-year HIPAA minimum under 45 CFR §164.530(j)).

10.6 Survival

Sections 6, 8, 11, 12, 14, and 15 survive termination, along with accrued payment obligations and BAA obligations that by nature should survive.

11. Limitation of Liability

11.1 Exclusion of Indirect Damages

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF DATA, REVENUE, PROFITS, BUSINESS OPPORTUNITIES, GOODWILL, OR ANTICIPATED SAVINGS, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE OR WHETHER THE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.2 Aggregate Liability Cap

EXCEPT AS SET FORTH IN SECTION 11.3, EACH PARTY'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS AGREEMENT SHALL NOT EXCEED THE TOTAL FEES PAID OR PAYABLE BY CUSTOMER TO RYMEDA IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

11.3 Carve-Outs (Super Cap)

12. Indemnification

12.1 Mutual Indemnification

Each Party (“Indemnifying Party”) shall indemnify, defend, and hold harmless the other Party and its officers, directors, employees, and agents (“Indemnified Party”) from and against any third-party claims, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from: (a) the Indemnifying Party's material breach of this Agreement; (b) the Indemnifying Party's negligence or willful misconduct; or (c) the Indemnifying Party's violation of applicable law.

12.2 IP Indemnification by Rymeda

Rymeda shall indemnify Customer from third-party IP infringement claims arising from authorized use of the Platform. This excludes claims from: (a) Customer-provided content; (b) Customer modifications; (c) combination with non-Rymeda products; or (d) continued use after Rymeda notified Customer of a required update to avoid infringement.

12.3 Data Breach Indemnification

Rymeda shall indemnify Customer for losses arising from a data breach caused by Rymeda's failure to implement safeguards required under this Agreement and the BAA. Customer shall indemnify Rymeda for losses arising from Customer's failure to comply with its obligations under Section 5.

12.4 Procedures

The Indemnified Party shall: (a) provide prompt written notice; (b) grant sole control of defense and settlement; and (c) provide reasonable cooperation. The Indemnifying Party shall not settle any claim that admits fault or imposes obligations on the Indemnified Party without prior written consent.

13. Insurance

Rymeda shall maintain, at its own expense, the following insurance coverage during the term of this Agreement:

Certificates of insurance are available upon written request. Rymeda shall notify Customer within thirty (30) days of any material change, cancellation, or non-renewal of required coverage.

14. Governing Law

This Agreement is governed by the laws of the State of California, without regard to conflict of laws principles. Federal HIPAA regulations govern PHI disputes to the extent they preempt state law. Litigation shall be brought exclusively in state or federal courts in California, and each Party consents to such jurisdiction.

15. Dispute Resolution

15.1 Good Faith Negotiation

Before formal proceedings, the Parties shall attempt good faith negotiation for thirty (30) days from written notice of the dispute. Negotiations shall involve senior executives with settlement authority.

15.2 Mediation

If not resolved through negotiation, the Parties shall submit the dispute to non-binding mediation. Mediation costs shall be shared equally. If the Parties cannot agree on a mediator within ten (10) business days, either Party may proceed to litigation.

15.3 Litigation

If mediation does not resolve the dispute, either Party may pursue litigation in the courts specified in Section 14. Either Party may seek injunctive or equitable relief at any time to prevent irreparable harm, including protection of intellectual property, confidential information, or PHI.

16. Contact Information

For questions regarding this Agreement, enterprise sales inquiries, or to request an Order Form:

Related Policies

This Agreement should be read with the following incorporated documents: