CommonHealth SDK Terms and Conditions Agreement

 

Effective: November 2, 2022

  1. Introduction

    1. The CommonHealth Software Development Kit (referred to in these Terms and Conditions as the "SDK" and specifically including the files, packaged APIs, and applications, including the CommonHealth Developer Edition (“SDK Developer Edition”) and the CommonHealth Production Edition (“CommonHealth SDK”) is licensed to you subject to the terms of this CommonHealth SDK Terms and Conditions Agreement (“Agreement”). The Agreement forms a legally binding contract between you and The Commons Project Foundation (“TCP”) in relation to your use of the SDK.

  2. Accepting the Terms and Conditions of this Agreement

    1. In order to use the SDK, you must first agree to this Agreement. You may not use the SDK if you do not accept the Agreement.

    2. By clicking to accept and/or by using the SDK, you hereby agree to the terms of this Agreement.

    3. You may not use the SDK and may not accept the Agreement if you are a person barred from receiving the SDK under the laws of the United States or other countries, including the country in which you are resident or from which you use the SDK.

    4. If you are agreeing to be bound by the Agreement on behalf of your employer or other entity, you represent and warrant that you have full legal authority to bind your employer or such entity to the Agreement. If you do not have the requisite authority, you may not accept the Agreement or use the SDK on behalf of your employer or other entity.

  3. SDK License from TCP

    1. Subject to the terms of the Agreement, TCP grants you a limited, revocable, worldwide, royalty-free, non-assignable, non-exclusive, and non-sublicensable license to use the SDK subject to the terms of this Agreement.

    2. This Agreement applies to the SDK Developer Edition and the CommonHealth SDK. However, this Agreement does not confer access to or use of user instances and production data associated with the CommonHealth SDK, which are governed by the CommonHealth SDK Addendum (attached hereto and hereby incorporated by reference) and subject to TCP approval.

    3. You agree that TCP or third parties own all legal right, title, and interest in and to the SDK, including any Intellectual Property Rights that subsist in the SDK. "Intellectual Property Rights" means any and all rights under patent law, copyright law, trade secret law, trademark law, and any and all other proprietary rights. TCP reserves all rights not expressly granted to you.

    4. You may only use the SDK for its intended purposes, including, but not limited to, commercial and non-commercial applications, testing, and academic research. Except to the extent required by applicable third party licenses, you may not copy (except for backup purposes), modify, adapt, redistribute, decompile, reverse engineer, disassemble, or create derivative works of the SDK or any part of the SDK.

    5. Use, reproduction and distribution of components of the SDK licensed under an open source software license are governed solely by the terms of that open source software license and not the Agreement.

    6. TCP reserves the right to change or stop the SDK in its discretion.

    7. Nothing in the Agreement gives you a right to use any of TCP's trade names, trademarks, service marks, logos, domain names, or other distinctive brand features.

    8. You agree that you will not remove, obscure, or alter any proprietary rights notices (including copyright and trademark notices) that may be affixed to or contained within the SDK.

  4. Use of the SDK by You

    1. TCP agrees that it obtains no right, title or interest from you (or your licensors) under the Agreement in or to any software applications that you develop using the SDK, including any intellectual property rights that subsist in those applications.

    2. You agree to use the SDK and write applications only for purposes that are permitted by (a) the Agreement and (b) any applicable law, regulation or generally accepted practices or guidelines in the relevant jurisdictions (including any laws regarding the export of data or software to and from the United States or other relevant countries).

    3. You agree that if you use the SDK to develop applications for general public users, you will protect the privacy and legal rights of those users. If the users provide you with user names, passwords, or other login information or personal information, you must make the users aware that the information will be available to your application, and you must provide legally adequate privacy notice and protection for those users. If your application stores personal or sensitive information provided by users, it must do so securely.

    4. You agree that you will not engage in any activity with the SDK, including the development or distribution of an application, that interferes with, disrupts, damages, or accesses in an unauthorized manner the servers, networks, or other properties or services of any third party including, but not limited to, TCP or any mobile communications carrier.

    5. You agree that you are solely responsible for (and that TCP has no responsibility to you or to any third party for) any data, content, or resources that you create, transmit or display through Android and/or applications for Android, and for the consequences of your actions (including any loss or damage which TCP may suffer) by doing so.

    6. You agree that you are solely responsible for (and that TCP has no responsibility to you or to any third party for) any breach of your obligations under the Agreement, any applicable third party contract or Terms of Service, or any applicable law or regulation, and for the consequences (including any loss or damage which TCP or any third party may suffer) of any such breach.

  5. Your Developer Credentials

    1. You agree that you are responsible for maintaining the confidentiality of any developer credentials that may be issued to you by TCP or which you may choose yourself and that you will be solely responsible for all applications that are developed under your developer credentials.

  6. Privacy and Information

    1. In order to continually innovate and improve the SDK, TCP may collect certain usage statistics from the software. Usage data does not include any personal information or personal data.

  7. Third Party Applications

    1. If you use the SDK in connection with any applications or data, content or resources provided by a third party, you agree that TCP is not responsible or liable for such third party applications, data, content, or resources.

  8. Terminating this Agreement

    1. The Agreement will continue to apply until terminated by either you or TCP as set out below.

    2. If you want to terminate the Agreement, you may do so by ceasing your use of the SDK.

    3. TCP may at any time, terminate the Agreement with you if: (A) you have breached any provision of the Agreement; or (B) TCP is required to do so by law; or (C) the partner with whom TCP offered certain parts of SDK (such as APIs) to you has terminated its relationship with TCP or ceased to offer certain parts of the SDK to you; or (D) TCP decides to no longer provide the SDK or certain parts of the SDK to users in the country in which you are resident or from which you use the service, or the provision of the SDK or certain SDK services to you by TCP is, in TCP's sole discretion, no longer commercially viable.

    4. When the Agreement comes to an end, all of the legal rights, obligations and liabilities that you and TCP have benefited from, been subject to (or which have accrued over time whilst the Agreement has been in force) or which are expressed to continue indefinitely, will be unaffected by this cessation, and the provisions of section 13.7 will continue to apply to such rights, obligations and liabilities indefinitely.

  9. DISCLAIMER OF WARRANTIES

    1. YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE SDK IS AT YOUR SOLE RISK AND THAT THE SDK IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND FROM TCP.

    2. YOUR USE OF THE SDK AND ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SDK IS AT YOUR OWN DISCRETION AND RISK AND YOU ARE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR OTHER DEVICE OR LOSS OF DATA THAT RESULTS FROM SUCH USE.

    3. TCP FURTHER EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

  10. LIMITATION OF LIABILITY

    1. YOU EXPRESSLY UNDERSTAND AND AGREE THAT TCP, ITS SUBSIDIARIES AND AFFILIATES, AND ITS LICENSORS WILL NOT BE LIABLE TO YOU UNDER ANY THEORY OF LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES THAT MAY BE INCURRED BY YOU, INCLUDING ANY LOSS OF DATA, WHETHER OR NOT TCP OR ITS REPRESENTATIVES HAVE BEEN ADVISED OF OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF ANY SUCH LOSSES ARISING.

  11. Indemnification

    1. To the maximum extent permitted by law, you agree to defend, indemnify and hold harmless TCP, its affiliates and their respective directors, officers, employees and agents from and against any and all claims, actions, suits or proceedings, as well as any and all losses, liabilities, damages, costs and expenses (including reasonable attorney’s fees) arising out of or accruing from (a) your use of the SDK, (b) any application you develop on the SDK that infringes any copyright, trademark, trade secret, trade dress, patent or other intellectual property right of any person or defames any person or violates their rights of publicity or privacy, and (c) any non-compliance by you with the Agreement.

  12. Changes to the Agreement

    1. TCP may make changes to the Agreement as it distributes new versions of the SDK. When these changes are made, TCP will make a new version of the Agreement available on the website where the SDK is made available.

  13. General Legal Terms

    1. The Agreement constitutes the whole legal agreement between you and TCP and governs your use of the SDK (excluding any services which TCP may provide to you under a separate written agreement), and completely replaces any prior agreements between you and TCP in relation to the SDK.

    2. You agree that if TCP does not exercise or enforce any legal right or remedy which is contained in the Agreement (or which TCP has the benefit of under any applicable law), this will not be taken to be a formal waiver of TCP's rights and that those rights or remedies will still be available to TCP.

    3. If any court of law, having the jurisdiction to decide on this matter, rules that any provision of the Agreement is invalid, then that provision will be removed from the Agreement without affecting the rest of the Agreement. The remaining provisions of the Agreement will continue to be valid and enforceable.

    4. Export Restrictions. The SDK is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the SDK. These laws include restrictions on destinations, end users and end use.

    5. The rights granted in the Agreement may not be assigned or transferred by either you or TCP without the prior written approval of the other party. Neither you nor TCP will be permitted to delegate their responsibilities or obligations under the Agreement without the prior written approval of the other party.

    6. The Agreement, and your relationship with TCP under the Agreement, will be governed by the laws of the State of New York without regard to its conflict of laws provisions. You and TCP agree to submit to the exclusive jurisdiction of the courts located within the county of New York, New York to resolve any legal matter arising from the Agreement. Notwithstanding this, you agree that TCP will still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.

CommonHealth SDK Addendum

Together with the Agreement, your access to and use of the CommonHealth Production Edition (“CommonHealth SDK”) for the purposes of connecting with CommonHealth user instances and production data is subject to the following additional terms and conditions:

  1. Approval

    1. Your access to and use of the CommonHealth SDK is subject to The Common Project Foundation’s (“TCP”) express written approval, which approval may be denied or revoked in TCP’s sole discretion.

    2. TCP reserves the right to modify this Addendum and its approval criteria in its sole discretion.

    3. You agree to provide TCP with all information requested by TCP to evaluate your request for approval.

    4. You represent and warrant that the information provided to TCP is accurate and reliable and will immediately notify TCP upon learning that any such information is no longer accurate or reliable.

    5. You agree to immediately notify TCP if you can no longer satisfy the terms and conditions of this Addendum or the Agreement.

    6. You agree to comply with TCP audits and inspections of your access to and use of the CommonHealth SDK and associated user instances and production data and will cooperate in responding to any reasonable requests for related information.

  2. Code of Conduct

    1. You agree to adhere to The CARIN Trust Framework and Code of Conduct, as it may be updated from time-to-time, concerning your access to and use of the CommonHealth SDK.

    2. You agree to provide TCP your signed Attestation adhering to The CARIN Trust Framework and Code of Conduct upon seeking TCP’s approval of your access to and use of the CommonHealth SDK.

  3. Development Requirements

    1. You agree to adhere to the following additional app development requirements concerning health data and user privacy, including, without limitation:

      1. Your app may not access the CommonHealth SDK unless the use is clearly for health or fitness purposes and this usage is conspicuous and unambiguous in your marketing text, user interface, and privacy notice.

      2. Your app may not use information obtained through the CommonHealth SDK for advertising or similar services. This includes using data from CommonHealth to serve ads and targeted or behavioral advertising.

      3. Your app may not disclose any information obtained through the CommonHealth SDK to a third party (excluding service providers) without express (e.g., opt-in) consent from the user.

      4. You may not sell information gained through the CommonHealth SDK to advertising platforms, data brokers, or information resellers, or as “sell” may be defined by applicable privacy and data protection law.

      5. If a user expressly consents (e.g., opts-in), you may share their CommonHealth data with a third party for medical research.

      6. You must clearly disclose to the user how you and your app will use their CommonHealth data, including through an appropriate privacy notice.

    2. You agree to cooperate with CommonHealth to request only the data that is needed for your app’s functionality and nothing more. The CommonHealth SDK supports limited query options, including date ranges, record source, and record type by code or name. You agree to use such queries when possible. Refer to https://www.commonhealth.org/developers for further guidance.

    3. You agree to implement appropriate security measures to protect the CommonHealth SDK and CommonHealth user instances and production data and will immediately notify TCP of any unauthorized access to or compromise of the CommonHealth SDK or associated user instances or data.

  4. Compliance with Laws and Regulations

    1. You agree to comply with all laws and regulations applicable to your access to and use of the CommonHealth SDK and associated user instances and production data, including, without limitation, laws and regulations applicable to the privacy and protection, as well as personal and health data/information.

    2. You represent and warrant (including on behalf of your organization) that neither you, nor your organization, and any director, officer, employee, agent, representative or affiliate of your organization is an individual or entity (“person”) that is, or is owned or controlled by persons that are: (i) the subject of any sanctions administered or enforced by the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), the U.S. Department of State, the United Nations Security Council, the European Union, Her Majesty’s Treasury, or other relevant sanctions authority each as may be updated from time to time (collectively, “Sanctions”), or (ii) located, organized or resident in a country or territory that is, or whose government is, the subject of Sanctions (including currently, Crimea, DNR and LNR regions of Ukraine, Cuba, Iran, North Korea and Syria).

    3. You represent and warrant (including on behalf of your organization) that you and your organization, its respective directors, officers and employees, and representatives, agents, contractors, and subcontractors, are in compliance with all applicable Sanctions, export control and other trade laws and with the Foreign Corrupt Practices Act of 1977, as amended, and the rules and regulations thereunder to the extent applicable (the “FCPA”) and any other applicable anti-corruption law, in all material respects.

    4. You have instituted and will maintain in effect policies and procedures designed to promote and achieve continued compliance with applicable Sanctions, export control and other trade laws, the FCPA, and any other applicable anti-corruption laws.

  5. Rights and Obligations

    1. Without limiting any other rights or obligations of this Addendum or the Agreement:

      1. TCP reserves the right to revoke access to and use of the CommonHealth SDK (and otherwise enforce this Addendum in any manner) in its sole discretion. Upon notice of such revocation, you shall immediately cease further access to and processing of CommonHealth SDK user instances and production data and delete any copies of such information and certify in writing to TCP that the information has been deleted.

      2. TCP reserves the right to terminate the Agreement immediately without prior notice for a breach of any of the representations, warranties, or covenants set forth in this Addendum.

      3. You agree to indemnify, defend, and hold harmless TCP for your access to and use of the CommonHealth SDK and associated user instances and production data, which indemnity shall survive any termination.

Date of last update: 2022-11-08