Updated: April 29, 2025
MSA
Medlog Master Services Agreement
Effective Date: The last date of signature on the applicable Order Form (the "Effective Date")
This Master Services Agreement (this "Agreement”) is entered into by and between Medlog, LLC, a Utah limited liability company (“Medlog”), and the customer identified on the Order Form (“Customer”, and together with Medlog, the "Parties").
By executing an Order Form that references this Agreement, or by using the Services, Customer accepts this Agreement and represents that it has authority to bind itself and its Affiliates.
1. The Services
1.1 Hosted Services. Medlog will make its proprietary software platform (the "Platform") available to Customer in accordance with this Agreement and each Order Form.
1.2 Implementation & Support. Medlog will provide (a) configuration and onboarding services ("Implementation Services") and (b) technical support in accordance with Medlog's then-current support policy ("Support Services", and together with the Hosted Services, the "Services"). The Support Services shall include commercially reasonable efforts to resolve errors or bugs in the Hosted Services for supported mobile operating systems and web browsers.
1.3 Order Forms & SOWs. The specific scope, usage limits, and pricing for the Services will be set out in one or more Order Forms or statements of work ("SOWs"). Each Order Form is governed by, and incorporated into, this Agreement.
2. Implementing the Services
Medlog shall perform the Implementation Services reasonably necessary to allow Customer access to the Services. Implementation Services may include configuration, data migration, testing and training, as set forth in the applicable Order Form. Customer will provide timely access to personnel, systems, and information reasonably required for Medlog to deliver the Services. Medlog is not liable for delays caused by Customer's failure to provide such cooperation.
3. Term and Termination
3.1 Term. This Agreement commences on the Effective Date and continues for the initial term set forth in the Order Form ("Initial Term"). Thereafter, the Agreement renews for successive terms of equal length ("Renewal Terms") unless either Party gives at least thirty (30) days' written notice of non-renewal before the end of the then-current term.
3.2 Termination for Cause. Either Party may terminate this Agreement or an individual Order Form (i) for the other Party's material breach that remains uncured thirty (30) days after written notice, or (ii) immediately for the other Party's insolvency or cessation of business. Medlog may suspend the Services for Customer's failure to pay undisputed fees that remain overdue fourteen (14) days after notice.
3.3 Effect of Termination. Upon termination of this Agreement: (a) Customer's right to access the Services ceases; (b) Customer will pay all fees accrued up to the effective termination date; and (c) each Party will return or destroy the other Party's Confidential Information, except as stated in Section 3.4.
3.4 Retention of Customer Data. Medlog will retain Customer Data (defined in Section 8) for the longer of (a) six (6) years after termination, or (b) the minimum period required by applicable state or federal law. If Customer requests its data in writing within sixty (60) days after termination, Medlog will deliver one (1) copy of the then-current backup in a mutually agreed format, provided Customer has paid all outstanding fees. After the retention period, Medlog may securely delete or anonymize Customer Data unless prohibited by law.
4. Fees and Payments
4.1 Fees. Customer will pay the fees specified in each Order Form ("Fees"). Unless otherwise stated, Fees are (i) exclusive of any applicable sales, use, or similar taxes and (ii) invoiced monthly.
4.2 Payment Terms. Fees are due net thirty (30) days from invoice date. Overdue amounts accrue interest at 1.5% per month (or the maximum lawful rate, if lower) and may result in suspension of Services.
4.3 Annual Adjustment. Medlog may increae Fees once per calendar year by up to three percent (3%) upon thirty (30) days' notice.
4.4 Disputed Amounts. Customer must notify Medlog of good-faith fee disputes within thirty (30) days of the invoice date; undisputed amounts remain payable when due.
5. Customer Responsibilities and Acceptable Use
5.1 Acceptable Use. Customer will not, and will not permit anyone to: (a) reverse engineer, decompile, or disassemble the Platform; (b) modify or create derivative works of the Services; (c) remove proprietary notices; (d) use the Services to build a competing product; (e) share access with unauthorized third parties; or (f) transmit malware, unlawful, or defamatory content through the Services.
5.2 Security of Access Credentials. Customer is responsible for maintaining the confidentiality of user credentials and all activity under its accounts. Customer will promptly notify Medlog of any unauthorized use.
5.3 Equipment. Customer will procure and maintain any hardware, network connectivity, and software necessary to access the Services.
6. Medlog Responsibilities
6.1 Performance Warranty. Medlog will perform the Services in a professional and workmanlike manner consistent with industry standards. If the Services are not provided in accordance with the Services or are not provided with reasonable skill and care, Medlog will, at its expense, use all reasonable commercial endeavors to correct any such non-conformance promptly. This constitutes the Customer's sole and exclusive remedy for any proven breach of this warranty.
6.2 Service Availability. Medlog targets 99.5% monthly uptime for the Hosted Services, excluding (a) scheduled maintenance (with at least 48 hours' notice) and (b) force-majeure events.
6.3 Disclaimers. Except as expressly stated, the Services are provided "as is" and Medlog disclaims all implied warranties, including fitness for a particular purpose, and non-infringement. Medlog does not warrant that the Services will be uninterrupted or error-free or that they will meet Customer's specific requirements. Medlog is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services may be subject to limitations, delays, and other problems inherent in the use of such communications facilities. Medlog does not control the content posted to or created via the Servies and, in particular, does not control the Customer Data and, as such, Medlog does not make or give any representation or warranty as to the accuracy, completeness, currency, correctness, reliability, integrity, usefulness, quality, fitness for purpose or originality of any of the foregoing content or data. Medlog reserves the right to update or maintain the Hosted Services at any time.
7. Intellecutal Property
7.1 Medlog IP. Medlog and its licensors own all right, title, and interest in and to the Services, the Platform, and all related documentation and derivatives ("Medlog IP"). Except for the limited rights expressly granted herin, no license or other rights are conveyed.
7.2 Customer IP & Marks. Customer retains all right, title, and interest in data or materials it supplies to Medlog. Customer grants Medlog a non-exclusive, worldwide, royalty-free license to use Customer's trademarks and logos solely to identify Customer as a Medlog customer, subject to Customer's brand guidelines.
8. Customer Data
8.1 Definition. "Customer Data" means all data uploaded to, processed by, or generated within the Services on Customer's behalf.
8.2 Ownership. Customer owns all Customer Data. Medlog will not access or use Customer Data except to provide and improve the Services, comply with law, or as otherwise instructed by Customer.
8.3 Backup & Restoration. Medlog will maintain commercially reasonable backup procedures and, upon Customer's written request, will use diligent efforts to restore lost or corrupted Customer Data from the most recent backup.
8.4 Customer Warranty & Indemnity. Customer represents that it has obtained all rights and consents necessary for Medlog to process Customer Data under this Agreement and will defend and indemnify Medlog from third-party claims arising from Customer Data or Customer's use of the Services in violation of law.
9. Data Protection and Security
9.1 HIPAA Compliance & BAA. To the extent Customer Data includes Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Medlog acts as a Business Associate and will execute Medlog's Business Associate Agreement ("BAA") with Customer.
9.2 SOC 2 Type I Controls. Medlog maintains controls that have been assessed in its latest SOC 2 Type I report and will provide a copy to Customer under NDA upon request. Medlog will use commercially reasonable efforts to maintain substantially equivalent controls during the Term.
9.3 Security Safeguards. Medlog will implement and maintain administrative, physical, and technical safeguards designed to protect Customer Data, including (a) encryption in transit (TLS 1.2 or higher) and at rest (AES-256 or higher), (b) annual penetration testing, (c) role-based access controls with quarterly review, and (d) employee security awareness training.
9.4 Security Incident Notification. Medlog will notify Customer of any confirmed unauthorized access to Customer Data (a "Security Incident") without undue delay and in any event within ten (10) business days after confirmation. The notice will describe the nature of the incident, affected data, remediation steps, and contact point for further information.
10. Third-Party Services
The Services may enable access to third-party products or content (e.g., electronic health record systems, claims data, clearinghouses). Customer's use of third-party services is governed by those providers' terms, and Medlog is not responsible for their performance or availability.
11. Confidentiality
11.1 Definition. "Confidential Information" means non-public information disclosed by one Party ("Disclosing Party") to the other ("Receiving Party") that is marked or should reasonably be understood as confidential.
11.2 Obligations. Receiving Party will (a) use Confidential Information solely to perform under this Agreement, (b) protect it using the same standard of care it uses for its own similar information (but no less than reasonable care), and (c) not disclose it to anyone except its employees and contractors bound by equivalent obligations.
11.3 Exclusions. Confidential Information does not include information that (i) is or becomes public through no fault of the Receiving Party, (ii) was lawfully known by the Receiving Party before disclosure, (iii) is independently developed, or (iv) is rightfully received from a third party without duty of confidentiality.
11.4 Compelled Disclosure. The Receiving Party may disclose Confidential Information to the extent required by law or court order, provided it gives prompt notice (where legally permitted) and cooperates with reasonable efforts to limit disclosures.
12. Indemnification
12.1 By Customer. Customer will defend and indemnify Medlog and its officers, directors, and employees against third-party claims arising from (a) Customer Data or (b) Customer's breach of Sections 5 or 14.
12.2 By Medlog. Medlog will defend and indemnify Customer against third-party claims alleging that the Services, as provided by Medlog, infringe a U.S. patent, copyright, or trademark. If the Services become subject to such a claim, Medlog may (i) procure the right for Customer to continue using the Services, (ii) replace or modify the Services to be non-infringing, or (iii) terminate the affected Services and refund prepaid Fees for the unused portion of the Term. Medlg's obligations do not apply to claims based on Customer Data, third-party components, or Customer's modification or misuse of the Services.
12.3 Procedure. The indemnifying Party's obligations in this Section are conditioned on (a) prompt written notice, (b) sole control fo the defense and settlement, and (c) reasonable cooperation from the indemnified Party.
13. Limitation of Liability
13.1 Indirect Damages. Neither Party will be liable for indirect, incidental, special, consequential, or punitive damages, or for lost profits, revenues, or data, even if advised of the possibility.
13.2 Liability Cap. Except for Excluded Claims (defined below), each Party's total aggregate liability arising out of or related to this Agreement will not exceed the Fees paid or payable by Customer to Medlog in the twelve (12) months preceding the event giving rise to liability.
13.3 Excluded Claims. "Excluded Claims" means (i) a Party's breach of its confidentiality obligations, (ii) either Party's gross negligence or willful misconduct, (iii) Customer's payment obligations, (iv) each Party's indemnification obligations under Section 12, and (v) Medlog's breach of Section 9.
13.4 Essential Purpose. The limitations in this Section apply notwithstanding any failure of essential purpose of any limited or exclusive remedy.
14. Compliance with Laws
Each Party will comply with all applicable laws and regulations, including healthcare privacy laws (e.g., HIPAA), data-protection laws, U.S. export-control and sanctions regulations, and anti-corruption laws. Customer is responsible for determining whether the Services meet Customer's regulatory requirements.
15. Miscellaneous
15.1 Entire Agreement. This Agreement (including all Order Forms, SOWs, and the BAA) constitute the entire agreement between the Parties regarding its subject matter and supersedes all prior or contemporaneous agreements.
15.2 Amendments. Any amendment must be in writing and signed by both Parties.
15.3 Assignment. Neither Party may assign this Agreement without the other Party's prior written consent, except to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets, provided that assignee assumes all obligations.
15.4 Governing Law & Dispute Resolution. This Agreement is governed by the laws of the State of Utah, without regard to conflict-of-laws principles. Any dispute arising out of or relating to this Agreement will be resolved by binding arbitration in the state of Utah or another location mutually agreeable to the Parties. Judgement on the Award Party may assign this Agreement without the other Party's prior written consent, except to an Affiliate or in connection with a merger, acquisition, or sale of substantially all assets, provided that assignee assumes all obligations.
15.5 Force Majeure. Neither Party is liable for delay or failure to perform due to causes beyond its reasonable control.
15.6 Notices. Notices must be in writing and sent to the addresses on the Order Form (or updated address provided in writing) by personal delivery, certified mail (return receipt requested), or nationally recognized courier.
15.7 Severability; Waiver. If any provision is held unenforceable, the remainder of the Agreement will remain in effect. A waiver of any breach is not a waiver of any other breach.
15.8 Independent Contractors. The Parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, fiduciary, or employment relationship.
16. Interpretation
Headings are for convenience only and do not affect interpretation. "Including" means "including without limitation." The Parties may execute Order Forms in counterparts (including electronic signature), each of which constitutes an original and together forms on instrument.
End of Agreement