Terms of Service

Version: 1.2

Effective Date: April 5, 2026

Last Updated: April 5, 2026

Summary

Ordo Compliance is legally positioned as a software tracking tool — not a compliance consultant, not legal advice, and not a guarantee of survey outcomes. The Terms of Service explicitly disclaim liability for failed surveys, regulatory deficiencies, CMS enforcement actions, and any reliance on compliance packs, AI features, or the survey readiness score, while capping financial exposure at 12 months of fees paid ($100 for trial users). Customers acknowledge sole responsibility for their own regulatory compliance, the accuracy of data they enter, and independent verification of all regulatory content against primary sources. Disputes are resolved through binding JAMS arbitration under Delaware law with a class action waiver, and customers indemnify Ordo against claims arising from their compliance outcomes. All PHI matters are governed by a separate BAA with 30-day breach notification, and the platform supports full data portability (CSV, PDF, JSON) with 30-day export windows after termination.

This summary is provided for convenience only and does not modify or replace any provision of the Terms below. In the event of a conflict between this summary and the Terms, the Terms control.

1. Introduction and Acceptance

1.1 Agreement to Terms

By accessing, registering for, or using the Ordo Compliance service, including any features, functionality, content, or related materials (collectively, the "Service"), you agree to be bound by these Terms of Service and all applicable laws and regulations. If you do not agree to these terms, do not use the Service.

1.2 Definitions

For purposes of this agreement:

"Service" means the Ordo Compliance web-based compliance tracking platform, including all features, functionality, documentation, and support services provided by Ordo Compliance, Inc. ("Ordo," "we," "us," or "our").
"Customer" means the organization, agency, or entity that has entered into an account with Ordo to use the Service. "You" and "your" refer to Customer and any individual representative authorized to act on Customer's behalf.
"Authorized Users" means employees, contractors, agents, and other representatives of Customer who are authorized to access and use the Service on Customer's behalf, up to the number specified in Customer's subscription plan.
"Customer Data" means all data, documents, information, records, compliance materials, staff credentials, incident reports, and other content uploaded, entered, generated, or stored by Customer or Authorized Users within the Service, excluding Ordo's proprietary analytics and aggregate insights.
"Protected Health Information" or "PHI" has the meaning given in the Health Insurance Portability and Accountability Act (HIPAA) and includes any health information relating to individuals that is identified or identifiable in the Service.
"BAA" means the Business Associate Agreement executed between Ordo and Customer governing the handling of PHI, which is incorporated by reference and governs all matters relating to PHI in addition to these Terms.
"Confidential Information" means any non-public information disclosed by one party to the other, including Customer Data (except as publicly available), proprietary technology, business strategies, and pricing information.

1.3 Agreement to Modifications

These Terms may be modified at any time as described in Section 16. Your continued use of the Service after notice of modifications constitutes acceptance of the modified Terms.

2. Service Description

2.1 Overview

Ordo Compliance is a Software-as-a-Service (SaaS) platform designed specifically for home health agencies, home services agencies, home nursing agencies, and other Medicare/Medicaid-participating organizations to track, manage, and document compliance activities and workflows.

2.2 Key Features

The Service includes the following features and functionality:

Compliance workflow management and task tracking
Medicare compliance requirement documentation
Audit packet generation and management
Staff credential management and verification
Incident reporting and tracking workflows
Document storage and organization
Compliance reporting and analytics
User role management and permissions control
Integration with selected third-party systems

2.3 Important Disclaimers

Customer acknowledges and agrees that:

The Service is a compliance tracking and management tool designed to assist with documentation and workflow management. The Service does NOT guarantee regulatory compliance, favorable Medicare/Medicaid survey outcomes, accreditation results, or absence of citations.
The Service does NOT provide legal advice, and Ordo is not a law firm. Customer must consult with qualified legal counsel regarding compliance obligations, survey responses, and regulatory matters.
The Service does NOT provide medical advice. Customer must consult with qualified medical professionals regarding patient care and clinical matters.
The Service is NOT a substitute for professional compliance consultation, legal counsel, or medical advice. Customer remains solely responsible for ensuring actual compliance with all applicable Medicare, Medicaid, federal, state, and local laws and regulations.
Regulatory requirements are subject to change. While Ordo endeavors to maintain current compliance guidance, Customer is responsible for monitoring applicable regulations and adjusting practices accordingly.
The Service provides tools to assist with compliance tracking but does not replace Customer's responsibility to understand, implement, and maintain compliance controls independently.

2.4 Nature of the Service — Compliance Tracking Tool

2.4.1 Software Tool, Not Professional Services

Ordo Compliance is a software tool that helps organizations track compliance-related tasks, deadlines, credentials, documents, and workflows. The Service is designed to assist Customer's compliance management efforts by organizing information and providing automated reminders.

The Service does NOT constitute, and shall not be construed as:

Legal advice or legal counsel
Compliance consulting or compliance auditing services
Medical or clinical advice
Professional certification or accreditation services
A guarantee, assurance, or certification that Customer is compliant with any federal, state, or local law, regulation, or standard
A substitute for professional legal counsel, compliance consulting, or regulatory expertise

Customer acknowledges that the Service is an organizational and tracking tool. Compliance with applicable laws and regulations remains the sole responsibility of Customer at all times.

2.4.2 No Compliance Guarantees

Ordo does not guarantee that use of the Service will result in Customer passing any regulatory survey, inspection, audit, or review conducted by CMS, state survey agencies, accreditation organizations, or any other regulatory body.

The presence of compliance items, checklists, or workflow templates in the Service does not constitute a representation that those items are complete, exhaustive, or sufficient to satisfy all applicable regulatory requirements for Customer's specific agency, license type, state, or patient population.

Customer is responsible for independently verifying that their compliance program meets all applicable regulatory requirements, including but not limited to the Medicare Conditions of Participation (42 CFR Part 484), the HIPAA Security Rule (45 CFR Part 164), and any applicable state licensing requirements.

2.4.3 Survey Readiness Score

The Service may display a "survey readiness score" or similar compliance metric. This score reflects only the completion status of items tracked within the Service as configured by Customer. The score:

Does NOT predict the outcome of any regulatory survey or inspection
Does NOT certify or guarantee compliance with any regulation
Is based solely on data entered and maintained by Customer within the Service
May not account for all regulatory requirements applicable to Customer's agency
Should not be relied upon as the sole indicator of Customer's regulatory compliance status

Customer acknowledges that regulatory surveys evaluate an agency's actual operations, clinical practices, documentation, and patient outcomes — factors that extend beyond what any software tool can measure or track.

2.4.4 Compliance Packs and Regulatory Content

The Service may include pre-configured compliance packs, checklists, regulatory references, and compliance item templates (collectively, "Regulatory Content"). This Regulatory Content:

Is provided for informational and organizational purposes only
Is derived from publicly available regulatory sources and may not reflect the most recent amendments, interpretations, or enforcement guidance
May not cover all requirements applicable to Customer's specific agency type, size, state, accreditation status, or patient population
Does not constitute legal interpretation of any regulation
Should be verified by Customer against the primary regulatory source (e.g., eCFR.gov for federal regulations, relevant state administrative code for state regulations)

Ordo makes reasonable efforts to maintain the accuracy of Regulatory Content and to update it when regulatory changes are identified. However, Ordo does not warrant that Regulatory Content is complete, current, or error-free at all times.

2.5 AI-Powered Features

2.5.1 AI Assistance Is Informational Only

The Service may include AI-powered features, including but not limited to: a compliance assistant, evidence auto-tagging, compliance item suggestions, policy summarization, regulatory change detection, and requirement explanations (collectively, "AI Features").

AI Features are powered by third-party large language models and are provided for informational and organizational purposes only. AI Features:

May produce inaccurate, incomplete, or outdated information
Do not constitute legal advice, compliance consulting, or professional guidance
Should not be relied upon as the sole basis for compliance decisions
May generate regulatory citations or interpretations that require independent verification

Customer is responsible for reviewing and verifying all AI-generated content before relying on it for compliance purposes. Ordo is not liable for any actions taken or not taken based on information provided by AI Features.

2.5.2 AI Feature Limitations

AI Features operate within the limitations of the underlying language models and available data. Ordo does not warrant that AI Features will:

Identify all applicable regulatory requirements
Detect all regulatory changes
Accurately interpret complex or ambiguous regulations
Produce consistent results for identical queries
Be available without interruption

Customer should consult qualified legal counsel or compliance professionals for authoritative interpretations of regulatory requirements.

3. Account Registration and Security

3.1 Account Creation

To use the Service, you must create an account and provide accurate, current, and complete information. You agree to:

Provide truthful information during registration
Maintain the accuracy of your account information
Update information promptly if changes occur
Designate at least one account administrator responsible for user management and account compliance

3.2 Clickwrap Acceptance

By creating an account on the Ordo Compliance platform, you affirmatively agree to these Terms of Service and our Privacy Policy. Your acceptance is recorded with a timestamp and your IP address at the time of registration. Continued use of the platform after any modification to these Terms (as described in Section 16) constitutes ongoing acceptance of the modified Terms.

3.3 Account Responsibility

One Account Per Person: Each Authorized User must have a unique individual account. Sharing login credentials is prohibited.
Credential Protection: You are responsible for maintaining the confidentiality of your username, password, and authentication credentials. Do not share credentials with other users or third parties.
Unauthorized Access: Notify Ordo immediately at legal@ordocompliance.com if you suspect unauthorized access, compromised credentials, or suspicious activity.
Password Requirements: Your password must meet Ordo's security requirements (minimum length and complexity standards). You are responsible for managing password changes.

3.4 Multi-Factor Authentication

Ordo requires multi-factor authentication (MFA) for all account administrator accounts. MFA is strongly recommended for all other Authorized Users. Administrators are responsible for configuring MFA using Ordo's supported methods (authenticator apps or similar). Ordo reserves the right to require MFA for all accounts in the future with advance notice.

3.5 Administrator Responsibilities

If you are designated as an account administrator, you are responsible for:

Managing Authorized Users and access permissions
Ensuring Authorized Users comply with these Terms and acceptable use policies
Monitoring account activity and data access
Implementing appropriate data security practices
Maintaining current contact information for security notifications
Responding to Ordo inquiries regarding account use or security concerns

4. Subscription Terms and Billing

4.1 Subscription Plans

Ordo offers subscription plans at various service levels. Your specific plan, number of Authorized Users, features, and pricing are specified in your subscription agreement or invoice.

4.2 Free Trial

Trial Period: Ordo provides a 14-day free trial of the Service for eligible new customers.
No Credit Card Required: Trial activation does not require a credit card or payment information. No charges apply during the trial period.
Trial Termination: At the end of the trial period, your account will be suspended unless you activate a paid subscription plan. Customer Data entered during the trial is retained for 30 days after trial expiration to allow time for subscription activation.
Trial Limitations: Trial accounts may have limitations on features, storage, or Authorized Users compared to paid plans.

4.3 Paid Subscriptions

Billing Cycle: Ordo offers monthly and annual subscription options. Your billing cycle begins on the date your paid subscription activates.
Billing via Stripe: All billing transactions are processed through Stripe Payments. By providing payment information, you authorize Ordo to charge your payment method for subscription fees.
Pricing: Current pricing is available at www.ordocompliance.com/pricing or specified in your subscription agreement. Pricing is exclusive of applicable taxes.
Auto-Renewal: Paid subscriptions automatically renew at the end of each billing period unless cancelled as described in Section 4.5. You authorize Ordo to charge your payment method for each renewal unless you cancel in advance.
Payment Method: You agree to keep your payment method current and valid. If a payment fails, Ordo will attempt to contact you and may suspend your account if payment is not received.

4.4 Price Changes

Notice: Ordo may change subscription pricing with at least 30 days' advance written notice via email and in-app notification.
Effective Date: Price changes apply to subscription renewals occurring on or after the effective date specified in the notice.
Customer Right to Terminate: If you do not accept a price increase, you may cancel your subscription before the price change becomes effective. Continued use of the Service after the effective date constitutes acceptance of the new price.

4.5 Cancellation

How to Cancel: You may cancel your subscription at any time by logging into your account, navigating to subscription settings, and following the cancellation process, or by contacting Ordo at legal@ordocompliance.com.
Effective Date: Cancellation is effective immediately. You will not be charged for any future billing periods.
Access During Billing Period: You retain access to the Service through the end of your paid billing period. Upon expiration, your account access is suspended.
Refund Policy:
- Monthly Subscriptions: No refunds are provided for unused portions of the current billing period. You retain access through the end of the paid period.
- Annual Subscriptions: If you cancel an annual subscription within the first 30 days, a prorated refund of unused months will be provided. After the first 30 days, no refunds are provided for annual subscriptions. Refund requests must be submitted to legal@ordocompliance.com within 30 days of cancellation.
Data Export: Upon cancellation, Customer has 30 days to export Customer Data as described in Section 6.3. After 30 days, Ordo deletes Customer Data per applicable data retention requirements and the BAA.

4.6 Taxes

You are responsible for all applicable sales, use, VAT, GST, and other taxes related to your subscription, except for taxes based on Ordo's net income. If you provide a valid tax exemption certificate, Ordo will exempt your subscription from applicable sales taxes.

4.7 Invoices and Payment

Invoices are available in your account dashboard
Payment is due upon invoice date unless different terms are specified
Late payments may result in account suspension. If payment is not received within 10 days of the invoice date, Ordo may suspend account access until payment is received. No late fees or interest charges apply. Ordo will notify Customer via email before suspending access.

5. Acceptable Use Policy

You agree not to use the Service in any manner that:

5.1 Credential and Security Violations

Share, transfer, or allow unauthorized use of your login credentials or account access
Attempt to gain unauthorized access to the Service, other accounts, or Ordo systems
Interfere with or disrupt the integrity or performance of the Service or Ordo infrastructure

5.2 Data Handling Violations

Store data outside the intended scope of the Service (e.g., personal data unrelated to compliance)
Process PHI in violation of HIPAA requirements or the BAA
Process PHI for individuals or purposes not authorized by Customer's compliance obligations
Upload, store, or transmit payment card information, Social Security numbers unrelated to required compliance documentation, or other sensitive data outside the scope of home health compliance tracking

5.3 Reverse Engineering and Misuse

Reverse engineer, decompile, disassemble, or attempt to derive the source code, algorithms, or proprietary methods of the Service
Extract, scrape, or automatically access data from the Service without authorization
Modify, translate, or create derivative works based on the Service
Rent, lease, sell, transfer, or sublicense the Service or access credentials to third parties

5.4 Interference with Service

Interfere with, disrupt, or overload the Service, servers, or networks connected to the Service
Introduce viruses, malware, worms, or other harmful code into the Service
Attempt denial-of-service attacks or other malicious activities
Excessively access the Service in a manner that degrades performance for other users

5.5 Compliance and Legal

Violate any applicable federal, state, local, or international laws or regulations
Violate HIPAA, the HITECH Act, Medicare/Medicaid regulations, or other healthcare compliance requirements in connection with your use of the Service
Use the Service to facilitate fraud, misrepresentation, forgery, or illegal activity
Violate third-party intellectual property rights, privacy rights, or other legal rights
Harass, threaten, defame, or abuse other users or Ordo employees

5.6 Consequences of Violation

Violation of this Acceptable Use Policy may result in:

Immediate suspension or termination of your account
Loss of access to Customer Data
Liability for damages caused by violations
Referral to law enforcement for illegal activities
Indemnification obligations under Section 12

5.7 Customer Compliance Responsibilities

5.7.1 Customer Retains Full Compliance Responsibility

Customer acknowledges and agrees that:

(a) Customer is solely responsible for its own compliance with all applicable federal, state, and local laws and regulations, including but not limited to the Medicare Conditions of Participation (42 CFR Part 484), the HIPAA Privacy and Security Rules (45 CFR Parts 160 and 164), and applicable state home health agency licensing requirements.

(b) The Service assists Customer in organizing and tracking compliance-related activities but does not perform compliance functions on Customer's behalf.

(c) Customer is responsible for the accuracy, completeness, and timeliness of all data entered into the Service, including compliance item status, credential information, evidence uploads, and policy attestations.

(d) Customer is responsible for configuring the Service to reflect its specific regulatory obligations, which may vary based on agency type, state of operation, accreditation status, Medicare/Medicaid certification, and patient population.

(e) Customer is responsible for ensuring that its staff receive all training required by applicable law and regulation, regardless of whether such training is tracked within the Service.

(f) Customer is responsible for independently verifying that Regulatory Content and AI-generated suggestions are applicable and accurate for its specific situation before incorporating them into its compliance program.

(g) Use of the Service does not relieve Customer of any obligation to maintain its own compliance records, documentation, or programs as required by law.

5.7.2 Customer Acknowledgment

By using the Service, Customer acknowledges that it has been advised to consult with qualified legal counsel and compliance professionals regarding its regulatory obligations, and that the Service is not a substitute for such professional advice.

6. Customer Data Ownership and Portability

6.1 Data Ownership

Customer retains all ownership rights to Customer Data. Ordo does not claim ownership of, nor does Customer transfer ownership of, Customer Data to Ordo.

6.2 Ordo's Limited License

By uploading and using Customer Data with the Service, Customer grants Ordo a limited, non-exclusive, revocable license to:

Host, store, and maintain Customer Data on secure servers
Process, analyze, and display Customer Data within the Service
Create and maintain backups for business continuity and disaster recovery purposes
Generate aggregate, anonymized analytics and insights that do not identify Customer or individuals

This license is solely for the purpose of providing the Service and expires upon termination of this agreement.

6.3 Data Export and Portability

Right to Export: Customer may export Customer Data at any time while your account is active by accessing the export functionality within the Service.
Export Formats: Customer Data is exportable in CSV, PDF, and JSON formats.
No Export Fees: Ordo does not charge fees for data export.
Export Window Upon Termination: Upon subscription cancellation or account termination, Customer has 30 days to download and export all Customer Data. After 30 days, Ordo may delete Customer Data per the data retention schedule in the BAA.

6.4 Data Retention and Deletion

Active Accounts: While your subscription is active, Ordo maintains all Customer Data in your account.
Backup Retention: Ordo maintains backup copies of Customer Data for business continuity purposes. Backup copies are deleted within 90 days of account termination.
HIPAA Compliance: Deletion of PHI is governed by the BAA and applicable HIPAA requirements, not solely by this agreement.
Regulatory Obligations: Ordo may retain Customer Data longer if required by law, regulation, or court order, and will notify Customer of such retention requirements.

7. Intellectual Property

7.1 Ordo's Intellectual Property

Ordo owns all right, title, and interest in:

The Service platform, including all software, code, algorithms, and functionality
Ordo's proprietary compliance frameworks, templates, and guidance materials
Ordo's trademarks, logos, and brand elements
Documentation, user guides, training materials, and other content provided by Ordo
Aggregate analytics, benchmarks, and insights derived from de-identified data across all customers
Improvements, modifications, or derivative works created by Ordo

7.2 Customer's Intellectual Property

Customer retains all right, title, and interest in Customer Data and any pre-existing intellectual property rights in materials provided to Ordo. Ordo's license to Customer Data (Section 6.2) does not include rights to Customer's trademarks, logos, or other brand elements.

7.3 No Cross-License

Neither party acquires any intellectual property rights in the other party's intellectual property through this agreement, except as explicitly stated. Customer does not acquire the right to use Ordo's intellectual property except as necessary to use the Service as provided.

7.4 Feedback

If you provide feedback, suggestions, feature requests, or other input regarding the Service ("Feedback"), Ordo may use such Feedback without obligation to you, including incorporating Feedback into future versions of the Service, without compensation or attribution. You grant Ordo a non-exclusive, worldwide, royalty-free license to use Feedback.

7.5 Regulatory Information Disclaimer

Any regulatory text, citations, or references displayed within the Service are derived from publicly available government sources. Ordo does not claim ownership of government-authored regulatory text. Display of regulatory text within the Service does not constitute an endorsement, interpretation, or official guidance from any government agency. Regulatory text may be edited, summarized, or paraphrased for clarity — Customer should consult the original source for authoritative text.

8. Confidentiality

8.1 Confidential Information

Each party agrees to protect the Confidential Information of the other party, including:

Customer's Confidential Information: Customer Data, compliance documentation, staff information, organizational structure, and business practices shared with Ordo
Ordo's Confidential Information: Proprietary algorithms, pricing, business strategies, roadmap, and technical architecture

8.2 Protection Obligations

Each party agrees to:

Maintain Confidential Information in strict confidence
Limit access to Confidential Information to employees and contractors who have a legitimate need to know and who are bound by confidentiality obligations
Use Confidential Information solely for the purposes of this agreement
Protect Confidential Information using reasonable security measures consistent with industry standards

8.3 Standard Exceptions

Confidential Information does not include information that:

Is or becomes publicly available without breach of this agreement
Is rightfully received by one party from a third party without confidentiality obligations
Is independently developed by a party without access to Confidential Information
Must be disclosed by law, court order, or regulatory requirement (with advance notice to allow the disclosing party to seek protective orders)

8.4 PHI and BAA

PHI is governed by the BAA, not this Confidentiality Section. In the event of any conflict between this Confidentiality Section and the BAA regarding the handling of PHI, the BAA controls.

9. Service Level Agreement

9.1 Uptime Target

Ordo targets 99.5% availability of the Service on a monthly basis, measured as the percentage of time the Service is accessible and functional, excluding Scheduled Maintenance (defined below). This target reflects our current operational capacity and may be upgraded as the platform and team grow.

9.2 Scheduled Maintenance

Definition: Scheduled Maintenance includes planned upgrades, patches, security updates, and system maintenance necessary to maintain the Service.
Notice: Ordo provides at least 48 hours' advance notice of Scheduled Maintenance via email and in-app notification, except for critical security updates, which may be deployed with less notice.
Timing: Ordo endeavors to schedule Maintenance during low-usage hours (typically 10:00 PM – 2:00 AM US Eastern Time) to minimize impact.
Exclusion: Scheduled Maintenance periods are excluded from the uptime calculation.

9.3 Downtime and Service Credits

Extended Downtime: If unplanned downtime exceeds 4 hours in a calendar month, Customer may request a Service Credit of 10% of the monthly subscription fee. If unplanned downtime exceeds 24 hours in a calendar month, Customer may request a Service Credit of 25% of the monthly subscription fee.
Credit Request: Service Credits are not automatic. Customer must request credits by emailing legal@ordocompliance.com within 30 days of the downtime incident, providing details of impact. Ordo will investigate and issue credits within 15 business days.
Credit Application: Service Credits are applied to Customer's next billing cycle and are Customer's sole and exclusive remedy for downtime.
Credit Limit: Total Service Credits in any 12-month period shall not exceed one month's subscription fees.

9.4 Monitoring and Status

Ordo monitors Service availability continuously and maintains a status page for real-time incident updates. The status page URL is available in your account dashboard.
Customers are encouraged to subscribe to status page notifications for real-time incident updates.

9.5 Exclusions

The 99.5% uptime target does not apply to downtime caused by:

Customer's network, systems, or devices
Third-party services, internet service providers, or external dependencies
Denial-of-service attacks, hacking, or other malicious activities
Customer's misuse of the Service in violation of this agreement
Events beyond Ordo's reasonable control (force majeure)

10. Disclaimers

10.1 Service Provided "As Is"

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ORDO PROVIDES THE SERVICE ON AN "AS-IS" AND "AS-AVAILABLE" BASIS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.

10.2 Disclaimer of Warranties

ORDO EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING:

MERCHANTABILITY: The Service is not guaranteed to meet Customer's business or compliance needs
FITNESS FOR A PARTICULAR PURPOSE: The Service is provided for compliance tracking and management; Ordo does not warrant it is suitable for any specific use case
TITLE OR NON-INFRINGEMENT: Ordo does not guarantee that Customer Data or Service output will not infringe third-party rights
ACCURACY OR COMPLETENESS: Ordo does not warrant that compliance guidance, templates, or reporting features are complete, accurate, or current with all regulatory changes
COMPLIANCE GUARANTEE: The Service does not guarantee that Customer's use will result in regulatory compliance, survey approval, or absence of citations

10.3 Regulatory Responsibility

Customer acknowledges that:

Regulatory Compliance is Customer's Responsibility: Customer remains solely responsible for understanding, implementing, and maintaining compliance with all applicable Medicare, Medicaid, federal, state, and local regulations.
Professional Consultation Required: Customer must engage qualified compliance officers, legal counsel, and medical professionals to ensure proper compliance. The Service is a management tool, not a substitute for professional judgment.
Regulatory Changes: Regulatory requirements change frequently. Customer is responsible for monitoring changes and adjusting practices. While Ordo endeavors to maintain current guidance, Ordo does not guarantee updates will be timely or comprehensive.
Survey and Citation Risk: Use of the Service does not protect Customer from citations, corrective actions, or adverse survey findings. Compliance success depends on Customer's implementation and execution, not on use of any software tool.

10.4 Data Loss Disclaimer

EXCEPT AS REQUIRED BY THE BAA AND APPLICABLE DATA PROTECTION LAWS, ORDO IS NOT LIABLE FOR ANY LOSS, CORRUPTION, OR UNAUTHORIZED ACCESS TO CUSTOMER DATA. While Ordo maintains reasonable security measures, no system is completely secure. Customer is responsible for maintaining independent backups of critical data.

10.5 Third-Party Services

Ordo integrates with third-party services (e.g., Stripe for billing, AWS for hosting). Ordo is not responsible for:

Availability, performance, or security of third-party services
Terms of service, privacy policies, or practices of third-party providers
Changes to third-party services that may affect the Service

11. Limitation of Liability

11.1 Liability Cap

EXCEPT FOR BREACHES OF CONFIDENTIALITY, INDEMNIFICATION OBLIGATIONS, OR VIOLATIONS OF INTELLECTUAL PROPERTY RIGHTS, NEITHER PARTY'S TOTAL LIABILITY UNDER THIS AGREEMENT SHALL EXCEED THE TOTAL FEES PAID BY CUSTOMER IN THE 12 MONTHS PRECEDING THE CLAIM.

If Customer has not paid fees (e.g., during the free trial period), the total liability cap is $100.

11.2 Excluded Damages

NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES, INCLUDING:

Lost profits, revenue, or business opportunity
Loss of data or information (except as required by the BAA)
Loss of goodwill or reputation
Business interruption or inability to use the Service
Increased costs or expenses resulting from the Service or its failure

THIS EXCLUSION APPLIES EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11.3 Essential Terms

The parties recognize that these limitations of liability are essential terms without which neither party would enter this agreement. The limitations in this Section reflect a reasonable allocation of risk between parties.

11.4 Jurisdictional Limitations

Some jurisdictions do not allow the exclusion of implied warranties or limitation of liability for certain damages, particularly in healthcare and regulated industries. To the extent such limitations are not enforceable, liability shall be limited to the maximum extent permitted by law.

11.5 Specific Exclusion of Regulatory Compliance Damages

To the maximum extent permitted by applicable law, Ordo shall not be liable for any damages, losses, penalties, fines, sanctions, or costs arising from or related to:

(a) Customer's failure to pass any regulatory survey, inspection, audit, or review

(b) Any regulatory deficiency, citation, corrective action plan, or enforcement action imposed on Customer by CMS, state survey agencies, accreditation organizations, or other regulatory bodies

(d) Any reliance by Customer on Regulatory Content, AI Features, survey readiness scores, compliance item templates, or any other information provided through the Service

(e) Any inaccuracy, incompleteness, or error in Regulatory Content or AI-generated content

(f) Customer's failure to independently verify compliance information against primary regulatory sources

This exclusion applies regardless of whether Ordo was advised of the possibility of such damages and regardless of the legal theory upon which the claim is based (including contract, tort, negligence, strict liability, or any other theory).

12. Indemnification

12.1 Customer Indemnification

Customer agrees to indemnify, defend, and hold harmless Ordo, its officers, employees, agents, and affiliates from and against any third-party claims, damages, costs, and attorneys' fees (collectively, "Claims") arising from or relating to:

Customer's Misuse: Customer's use of the Service in violation of this agreement or applicable law
Customer Data: Customer Data infringing or misappropriating third-party intellectual property rights, privacy rights, or other legal rights
Regulatory Violations: Customer's violation of Medicare, Medicaid, HIPAA, or other applicable laws through use of the Service
Customer Breach: Customer's breach of any provision of this agreement
Authorized User Actions: Acts or omissions of Authorized Users for which Customer is responsible under applicable law

12.2 Ordo Indemnification

Ordo agrees to indemnify, defend, and hold harmless Customer from and against any third-party Claims arising from:

IP Infringement: The Service, excluding Customer Data, infringing or misappropriating third-party intellectual property rights
Ordo Breach: Ordo's material breach of this agreement

Ordo's indemnification does not apply to Claims arising from Customer's modification of the Service, use of the Service in combination with non-Ordo products, or use of the Service in violation of this agreement.

12.3 Indemnification Procedures

The indemnified party shall:

Notice: Promptly notify the indemnifying party of the Claim, provided that failure to promptly notify does not relieve the indemnifying party of its obligations except to the extent it is materially prejudiced
Cooperation: Cooperate in the defense of the Claim, provide necessary information, and permit the indemnifying party to control the defense and settlement (provided settlements do not require indemnified party to admit liability without consent)
Control: The indemnifying party shall control the defense, provided that it keeps the indemnified party informed and cooperates in the defense

12.4 Customer Indemnification for Compliance Outcomes

Customer agrees to indemnify, defend, and hold harmless Ordo, its officers, directors, employees, agents, and affiliates from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to:

(a) Customer's regulatory compliance or non-compliance, including any survey deficiencies, enforcement actions, or penalties

(b) Customer's reliance on Regulatory Content, AI Features, or survey readiness scores without independent verification

(d) Customer's failure to maintain its own compliance program independent of the Service

13. HIPAA Compliance

13.1 Business Associate Agreement

Ordo is a Business Associate as defined by HIPAA. Ordo provides compliance management, Medicare compliance tracking, and credential verification services that involve the creation, receipt, maintenance, transmission, and use of Protected Health Information on behalf of Customer. Ordo and Customer have executed a separate Business Associate Agreement (BAA) that governs the handling of PHI. The BAA is incorporated into this agreement by reference.

13.2 BAA Controls

In the event of any conflict or inconsistency between the terms of this agreement (including the Confidentiality Section, Data Ownership Section, and Service Description) and the BAA regarding the handling, use, or disclosure of PHI, the BAA controls and supersedes these Terms. This includes, without limitation, provisions related to permitted uses and disclosures of PHI, security safeguards, breach notification, and subcontractor management.

13.3 Acknowledgment of BAA

Customer represents that it has reviewed and executed the BAA with Ordo via electronic acceptance prior to using the Service to process PHI
If no BAA is in place, Customer may not use the Service to process PHI. Customer will contact Ordo at legal@ordocompliance.com to execute a BAA before uploading any PHI
Customer is responsible for ensuring its Authorized Users understand HIPAA obligations and restrictions on PHI use

13.4 BAA Termination

In the event the BAA is terminated, the BAA's data handling and deletion provisions apply to any PHI stored in the Service, superseding the general data deletion provisions in Section 6.4. In accordance with the BAA, upon termination, Ordo shall, at Customer's election, return or destroy all PHI (including copies) within thirty (30) calendar days and provide written certification of return or destruction. If return or destruction is infeasible, Ordo shall extend all BAA safeguards and protections to any retained PHI indefinitely.

14. Termination

14.1 Termination by Customer

Customer may terminate this agreement and the subscription at any time:

Notice: By submitting a cancellation request through the Service or by written notice to legal@ordocompliance.com
Effective Date: Cancellation is effective at the end of the current paid billing period. Customer retains full access to the Service until the billing period expires.
No Penalties: Customer may terminate without penalty. Outstanding fees for the current billing period remain due.
Data Export: Upon cancellation, Customer has 30 days after the billing period ends to export Customer Data as described in Section 6.3.

14.2 Termination by Ordo for Breach

Material Breach with Cure Period:

Ordo may terminate this agreement if Customer materially breaches these Terms (including Acceptable Use Policy violations)
Ordo provides written notice of the breach and 30 days for Customer to cure the breach
If Customer does not cure within 30 days, Ordo may terminate immediately
Examples: Acceptable Use violations, HIPAA violations, non-payment of fees, unauthorized access, reverse engineering

Immediate Termination (No Cure Period):

Ordo may terminate immediately without cure period if Customer:
- Engages in illegal activity
- Materially violates HIPAA or healthcare regulations through the Service
- Interferes with the Service or other customers
- Refuses to correct a security vulnerability or breach
- Becomes insolvent or files bankruptcy

14.3 Termination for Non-Payment

Ordo may suspend or terminate the subscription if payment is not received
Process: Ordo provides notice of non-payment, allows a reasonable cure period, and then suspends account access or terminates
Data Access: Upon suspension for non-payment, Customer loses access to the Service. Upon termination, data deletion provisions apply (Section 14.4)

14.4 Effect of Termination

Data Export:

Upon termination, Customer has 30 days to export and download all Customer Data using the export function
Ordo does not charge fees for data export during this window
After 30 days, Ordo deletes or anonymizes Customer Data per the BAA and applicable data retention requirements

Survival:

The following sections survive termination: Intellectual Property (Section 7), Confidentiality (Section 8), Limitation of Liability (Section 11), Indemnification (Section 12), HIPAA Compliance (Section 13), Governing Law (Section 15), and General Provisions (Section 17)

Refunds:

Upon termination, refunds are calculated per Section 4.5 (Cancellation). No additional refunds are provided for termination by Ordo due to Customer breach.

15. Governing Law and Dispute Resolution

15.1 Governing Law

This agreement is governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles.

The United Nations Convention on Contracts for the International Sale of Goods does not apply.

15.2 Dispute Resolution — Binding Arbitration

Agreement to Arbitrate:

Any dispute, claim, or controversy arising from or relating to this agreement, the Service, or the relationship between the parties shall be settled by final and binding arbitration, not by court litigation or class action.
The parties waive their right to jury trial and right to participate in a class action or representative action.

Arbitration Procedures:

Arbitration shall be administered by JAMS according to its Streamlined Arbitration Rules.
A single arbitrator shall be selected according to JAMS rules.
Arbitration shall be conducted remotely via video conference unless both parties agree to an in-person proceeding.
Each party bears its own costs and attorneys' fees, except as required by law or as the arbitrator awards.

Opt-Out:

Customer may opt out of arbitration by sending written notice to legal@ordocompliance.com within 30 days of first accepting these Terms. Notice must include Customer's name, organization, account email, and a statement that Customer elects to opt out of arbitration. If Customer opts out, disputes shall be resolved in the state or federal courts located in the State of Delaware.

Exceptions to Arbitration:

Notwithstanding the arbitration clause, either party may seek injunctive relief in court if necessary to prevent irreparable harm from misappropriation of intellectual property, violation of confidentiality, or breach of the Acceptable Use Policy.

15.3 Dispute Resolution Process

Before initiating arbitration, the parties agree to attempt to resolve disputes through good-faith negotiation:

Informal Notice: The party asserting a claim provides written notice to the other party describing the dispute and desired resolution
Escalation: Representatives of each party with authority to settle will attempt to resolve the dispute within 30 days of notice
Mediation: If negotiation fails, either party may propose non-binding mediation before a neutral third-party mediator before pursuing arbitration. Mediation is optional and requires agreement of both parties.

16. Modification of Terms

16.1 Right to Modify

Ordo may modify these Terms at any time. Material modifications will be communicated to Customer as described below.

16.2 Notice of Changes

For material changes (changes that meaningfully alter Customer's obligations or Ordo's liability), Ordo provides:

Advance Notice: At least 30 days' written notice via email sent to the primary contact email address on Customer's account
In-App Notice: Notice within the Service dashboard or login page
Clear Summary: A clear summary of material changes is provided

Material changes include but are not limited to: price increases, new fees, changes to acceptable use restrictions, changes to liability limitations, changes to data handling practices, or changes to HIPAA provisions.

16.3 Acceptance and Right to Terminate

Deemed Acceptance: Continued use of the Service after the effective date of modified Terms constitutes acceptance of the modifications
Right to Reject: If Customer does not accept material changes, Customer may terminate the subscription without penalty before the effective date of the changes by following the cancellation process in Section 4.5. No refunds are provided for termination due to terms changes.

16.4 Updates to Acceptable Use, Privacy, and Security

Ordo may modify the Acceptable Use Policy, privacy practices, or security requirements with shorter notice if necessary to address security threats, legal requirements, or compliance obligations. Notice will be provided as soon as practicable.

17. General Provisions

17.1 Entire Agreement

These Terms (including any referenced policies, acceptable use, privacy statement, and BAA) constitute the entire agreement between the parties regarding the Service and supersede all prior or contemporaneous agreements, understandings, negotiations, and discussions, whether oral or written. No other documents, statements, or representations are binding.

17.2 Severability

If any provision of these Terms is held to be invalid, unenforceable, or illegal by a court of competent jurisdiction, the remaining provisions continue in full force and effect. If a provision is partially unenforceable, the enforceable portion remains in effect.

17.3 Waiver

The failure of either party to enforce any provision of these Terms does not constitute a waiver of that provision or the right to enforce it. A waiver of any provision must be in writing and signed by the party against whom the waiver is sought.

17.4 Assignment

Customer may not assign this agreement or any rights or obligations hereunder without Ordo's prior written consent. Any attempted assignment without consent is void.

Ordo may assign this agreement to an affiliate or successor in connection with a merger, acquisition, reorganization, bankruptcy, or sale of substantially all assets. Ordo will provide notice of such assignment.

17.5 Force Majeure

Neither party is liable for failure to perform obligations due to events beyond its reasonable control, including natural disasters, wars, terrorism, pandemics, government actions, or internet infrastructure failures. The affected party shall:

Notice: Promptly notify the other party of the force majeure event and expected duration
Mitigation: Use reasonable efforts to resume performance
Suspension: The affected party's obligations are suspended for the duration of the force majeure event, but payment obligations are not suspended unless the entire Service becomes unavailable

18. Contact Information

18.1 Legal and Support Contact

For legal notices, inquiries, complaints, or support, contact:

Ordo Compliance, Inc.
Legal Department
Email: legal@ordocompliance.com

Mailing Address: Ordo Compliance, Inc. [To be inserted before publication]

Phone: [To be inserted before publication]

18.2 Notice Requirements

Notices to Ordo must be sent to the address above. Notices to Customer are sent to the email address or contact information on file in Customer's account. Notices are effective upon receipt.

18.3 Communications Preferences

Customer may opt out of promotional communications by unsubscribing via the email link or adjusting notification preferences in the Service. Customer cannot opt out of legally required notices.

19. Special Provisions

19.1 Subcontractors

Ordo may use subcontractors and service providers (such as AWS for hosting) to provide the Service. Ordo remains responsible for subcontractors' compliance with HIPAA, confidentiality, and data handling obligations.

19.2 Compliance with Laws

Both parties agree to comply with all applicable federal, state, local, and international laws, including Medicare regulations, Medicaid regulations, HIPAA, fraud and abuse laws, and anti-corruption laws.

20. Acknowledgment

BY ACCESSING, REGISTERING FOR, OR USING THE SERVICE, CUSTOMER ACKNOWLEDGES THAT IT HAS READ, UNDERSTOOD, AND AGREES TO BE BOUND BY THESE TERMS OF SERVICE IN THEIR ENTIRETY.

If Customer does not agree to these Terms, do not use the Service.