Terms of Service

The Service is a HIPAA-aligned digital analytics platform for healthcare organizations. It allows Customer to:

• Collect behavioral data from Customer Properties and other Sources.
• Process and analyze that data within a secure analytics environment.
• View insights, reports, AI-generated summaries, and dashboards inside the LightTrail interface.
• Optionally send selected Customer Data to Destinations that Customer configures, such as Customer's own data warehouse or approved marketing and advertising platforms, subject to the restrictions in this Agreement, the Documentation, and any BAA.

Customer has full control over:

• Which Sources and Destinations are configured.
• Which events and attributes are collected.
• How Customer Data is used and shared within the Service and with Destinations.

For Customer Properties, Customer will implement LightTrail client code, including the LightTrail JavaScript snippet, SDKs, or other code provided by LightTrail (“LightTrail Code”) to enable data collection and event tracking. LightTrail Code is licensed as part of the Service and may be implemented only on Customer Properties for Customer's internal use, in accordance with this Agreement and the Documentation.

Subject to this Agreement and the applicable Order Form, LightTrail grants Customer a limited, non-exclusive, non-transferable (except as permitted in Section 14.1), non-sublicensable right during the Subscription Term to:

• Access and use the Service solely for Customer's internal business purposes.
• Implement and use LightTrail Code on Customer Properties.
• Use LightTrail's APIs solely as described in the Documentation and Order Form.

All use is subject to applicable scope of use restrictions, including any limits on Monthly Tracked Sessions, data volume, enabled modules, or environments specified in the Order Form.

Customer's Affiliates may enter into Order Forms for the Service that incorporate this Agreement. In such cases, each Affiliate will be treated as “Customer” for that Order Form, and Customer will remain responsible for the compliance of its Affiliates.

Customer and its Authorized Users must register accounts to access and use the Service. Customer will:

• Provide accurate and current registration information.
• Maintain the confidentiality of account credentials.
• Ensure that only Authorized Users access the Service on its behalf.
• Remain responsible for all activities occurring under its accounts and those of its Authorized Users.

Customer will promptly disable accounts or update permissions when Authorized Users leave Customer's organization or no longer require access, and will promptly notify LightTrail of any actual or suspected unauthorized access or use of the Service.

Customer will not, and will not permit any Authorized User or third party to:

• Sell, resell, rent, lease, license, sublicense, or distribute the Service or any portion of it.
• Provide the Service as a service bureau, managed service, or outsourcing offering to third parties.
• Use the Service or any output from the Service to build or improve a competing product or service, or to perform competitive analysis or benchmarking against LightTrail, except to the limited extent such restriction is prohibited by applicable law.
• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code or underlying ideas of the Service or LightTrail Code, except to the extent allowed by applicable law and only after providing advance written notice to LightTrail.
• Copy, adapt, modify, translate, or create derivative works of the Service or LightTrail Code, except as expressly permitted in the Documentation.
• Remove, alter, or obscure any proprietary notices or branding contained in the Service or Documentation.
• Use the Service to transmit or store malicious code such as viruses, worms, or Trojan horses.
• Use the Service to transmit or store content that is deceptive, infringing, defamatory, unlawful, or that violates third party privacy, publicity, or other rights, or Customer's obligations of confidentiality.
• Circumvent or exceed any technical or contractual limits on usage set forth in the Order Form or Documentation.
• Allow any third party to access the Service except Authorized Users using it solely for Customer's benefit.

LightTrail may store and process Customer Data as necessary to provide the Service and related support, including:

• Retaining events and session data to power analytics, reporting, and AI insights.
• Providing replay or journey views where enabled.
• Supporting backfills and resends to Destinations at Customer's direction.
• Operating, maintaining, improving, and securing the Service.

Unless otherwise stated in an Order Form, Customer Data is stored and processed in data centers located in the United States. LightTrail may use globally distributed edge infrastructure to receive events, but storage of Customer Data will remain within the region specified in the Documentation or Order Form.

Customer acknowledges that the Service is a cloud-based, subscription service that will evolve over time. LightTrail may improve, update, or modify the Service, including by:

• Adding, enhancing, or removing features.
• Modifying interfaces or user experience.
• Updating integrations with Sources or Destinations.

LightTrail will not materially degrade the overall security of the Service under this Agreement and will update the Documentation to reflect material changes.

All fees for the Service and any Professional Services are set forth in the applicable Order Form.

Unless the Order Form specifies different terms:

• LightTrail will invoice Customer for subscription fees for each Subscription Term in advance.
• Customer will pay all invoices within thirty (30) days of the invoice date.
• All fees are non-cancelable and, except as expressly provided in this Agreement, non-refundable.

Fees are exclusive of any taxes, duties, or similar governmental charges, including sales, use, value added, goods and services, or withholding taxes (collectively, “Taxes”). Customer is responsible for paying all Taxes associated with its purchases under this Agreement, excluding taxes based on LightTrail's net income, property, or employees. If LightTrail is required to collect Taxes, such Taxes will be added to the invoice and paid by Customer, unless Customer provides a valid tax exemption certificate.

Late payments that are not disputed in good faith may accrue interest at the lesser of one and one-half percent (1.5 percent) per month or the maximum rate allowed by law.

LightTrail may adjust pricing, including list pricing and Overage rates, upon renewal of a Subscription Term, as specified in the Order Form or by providing reasonable prior notice.

If Customer exceeds its allotted Monthly Tracked Sessions or other usage limits for two (2) consecutive months during a Subscription Term (an “Overage”), LightTrail may charge additional fees for the excess usage at the Overage rates specified in the Order Form.

Unless otherwise stated in the Order Form, LightTrail may:

• Calculate Overages monthly based on actual usage, and
• Either invoice Customer monthly for the excess usage or adjust the committed tier for the remainder of the Subscription Term.

Customer is responsible for:

• Configuring which events, properties, and attributes are collected from Sources.
• Configuring which Destinations receive Customer Data.
• Ensuring that event names and parameters do not include prohibited elements (for example, PHI in event names where prohibited by Documentation, or Prohibited Personal Information).

Certain third party Destinations may require Customer to deploy their SDKs or tags directly on Customer Properties. In such cases, some data may flow directly from Customer Properties to those third party Destinations without passing through the Service. LightTrail is not responsible for the data practices of those third parties.

Customer is solely responsible for the accuracy, quality, and legality of Customer Data, and for the means by which Customer acquires and uses it.

Customer represents and warrants that:

• Customer's use of the Service, its configuration of data collection, and its use of Sources and Destinations will comply with all applicable Laws, including privacy and data protection laws, consumer protection laws, and, where applicable, laws like the CCPA and GDPR.
• Customer has provided all notices and obtained all consents, authorizations, and permissions required to collect Customer Data through the Service, process Customer Data with LightTrail as described in this Agreement and the Documentation, and share Customer Data with Destinations and any other third parties Customer selects.
• Customer's use of the Service, including the collection and sharing of Customer Data, will not infringe or violate any third party rights, terms of use, privacy policies, or other obligations that apply to Customer or its data.

By enabling integrations with a Source or Destination, Customer authorizes LightTrail to access and use Customer's accounts with such services solely as needed to provide the Service. LightTrail may disclose to such third party providers that Customer is a LightTrail customer and may share limited technical information as necessary to maintain or troubleshoot the integration.

Except as expressly permitted in an Order Form and any applicable BAA, Customer will not use the Service to collect, store, process, or transmit Prohibited Personal Information.

Customer acknowledges that LightTrail is not a payment card processor and that the Service is not certified for PCI DSS compliance. LightTrail will have no responsibility or liability for any Prohibited Personal Information that Customer introduces into the Service in violation of this Agreement.

Customer agrees not to send PHI to the Service unless and until the Parties have executed a BAA.

Once a BAA is in place:

• LightTrail will act as Customer's Business Associate with respect to PHI as described in the BAA.
• To the extent of any conflict between this Agreement and the BAA regarding PHI, the BAA will control.
• Customer is responsible for ensuring that its implementation and ongoing use of the Service complies with the BAA and all applicable Privacy and Security Rules.

To the extent Customer uses the Service in connection with PHI, Customer will:

• Notify LightTrail promptly of any restriction on the use or disclosure of PHI that Customer has agreed to that may affect LightTrail's permitted uses and disclosures under the BAA.
• Notify LightTrail promptly of any changes in or revocation of permission by Individuals that affect LightTrail's permitted uses or disclosures.
• Notify LightTrail promptly of any limitation in Customer's Notice of Privacy Practices that may affect LightTrail's permitted uses or disclosures.
• Obtain and maintain, from Individuals, all consents, authorizations, and other permissions required by Law for Customer and LightTrail to perform their obligations under this Agreement and any BAA.

Customer is responsible for the security of its own systems, networks, and environments, including:

• Configuration of the Service, including role-based access, user permissions, API keys, and integrations.
• Security of its Customer Properties, databases, and Destinations.
• Implementing appropriate technical, administrative, and physical safeguards for PHI and other sensitive data within Customer's control.

Without limiting the foregoing, Customer will:

• Assign access to PHI and other sensitive data within the Service only to individuals who are authorized to access such data.
• Regularly review and update access rights for Authorized Users, API keys, Destinations, and Sources (for example, at least quarterly).
• Ensure data transmitted to LightTrail uses secure channels as described in the Documentation.
• Disable Destinations or Sources that are no longer needed or that present unacceptable risk.

LightTrail is not responsible for any breach or security incident arising from:

• Customer's systems, networks, or databases.
• Customer's configuration of the Service.
• Customer's direct transmissions of PHI or other data outside the Service or through channels not expressly authorized by LightTrail.

Where Customer authorizes the Service to connect to Customer's databases or cloud resources:

• Customer will grant only the minimum access necessary to perform the intended functions.
• Customer will enforce encryption in transit for all such connections.
• Customer will manage firewall or allowlist settings and any jump hosts or bastion services used to secure access.

LightTrail is not responsible for breaches or misuse of Customer Data resulting from Customer granting overly broad or insecure access to its systems.

As between the Parties, Customer retains all right, title, and interest in and to Customer Data, including all intellectual property rights in Customer Data.

Customer grants LightTrail a non-exclusive, worldwide, royalty-free license to use, copy, store, transmit, display, and process Customer Data during the Subscription Term:

• To provide, support, maintain, and improve the Service.
• To prevent or address service, security, and technical issues.
• To comply with Law and enforce LightTrail's rights under this Agreement.

Any handling of PHI will be subject to the BAA.

This Agreement grants Customer a subscription to use the Service; it does not transfer ownership.

LightTrail and its licensors retain all right, title, and interest in and to:

• The Service, LightTrail Code, APIs, and Documentation.
• All underlying software, technology, designs, user interfaces, and know-how.
• Any modifications, enhancements, or derivative works, including those incorporating Feedback.

Except for the limited rights expressly granted in this Agreement, no other rights are granted, whether by implication, estoppel, or otherwise.

Customer and its Authorized Users may provide suggestions, comments, or other feedback to LightTrail regarding the Service (“Feedback”). LightTrail may use Feedback for any purpose without obligation or restriction, provided that LightTrail will not identify Customer or its Authorized Users publicly as the source of Feedback without Customer's consent.

LightTrail may collect and use Usage Data and other information derived from the operation of the Service in order to:

• Maintain, operate, support, and improve the Service.
• Develop new products and services.
• Generate statistics and insights regarding use of the Service.

LightTrail may aggregate and anonymize such data so that it does not identify Customer or any Individual, and may use and disclose such “Aggregated Anonymous Data” for lawful purposes, including analytics, benchmarking, and marketing. Aggregated Anonymous Data will not contain Customer Data in a form that identifies Customer or any Individual.

This Agreement begins on the Effective Date and continues until the end of the last Subscription Term under any active Order Form, unless terminated earlier in accordance with this Section 8.

Unless the Order Form states otherwise, each Subscription Term will automatically renew for successive renewal terms of equal duration to the initial Subscription Term at LightTrail's then-current pricing, unless either Party provides written notice of non-renewal at least thirty (30) days before the end of the then-current Subscription Term.

Either Party may terminate this Agreement and all related Order Forms upon written notice if the other Party:

• Materially breaches this Agreement or an Order Form and fails to cure the breach within thirty (30) days after receiving written notice that describes the breach; or
• Ceases to operate in the ordinary course of business, becomes insolvent, or is subject to bankruptcy, receivership, or similar proceedings that are not dismissed within sixty (60) days.

If Customer terminates due to LightTrail's uncured material breach, LightTrail will refund any prepaid fees for the unused portion of the Subscription Term after the effective date of termination.

Upon expiration or termination of this Agreement for any reason:

• All rights granted to Customer under this Agreement and any Order Form will end.
• Customer will immediately stop using the Service and LightTrail Code and will remove LightTrail Code from all Customer Properties.
• Customer will delete any credentials, Documentation, or Confidential Information of LightTrail in its possession, or return them at LightTrail's written request.
• Upon Customer's written request made within five (5) business days after termination, LightTrail will provide a final export of Customer Data in a commercially reasonable format within thirty (30) business days. After this period, LightTrail may delete Customer Data from its systems, subject to any retention obligations under Law or the BAA.

LightTrail may suspend Customer's or any Authorized User's access to the Service, in whole or in part, with immediate effect if:

• Customer's account is more than ninety (90) days past due and not disputed in good faith.
• Customer exceeds contractual usage or violates scope of use restrictions.
• LightTrail reasonably believes that Customer or an Authorized User has violated Sections 2.5 or 5 in a manner that poses risk to the Service, LightTrail, or others.
• Suspension is needed to prevent or mitigate an imminent security risk.

LightTrail will use commercially reasonable efforts to limit suspension to the affected portion of the Service and to restore access promptly after the issue is resolved.

The following will survive expiration or termination of this Agreement: Sections 2.5, 3, 4, 5.2, 5.3, 5.4, 5.6, 6, 7, 8.4, 8.6, 9, 10, 11, 12, and 14, and any other provisions that by their nature should survive.

LightTrail represents and warrants that:

• LightTrail has the right and authority to enter into this Agreement and to provide the Service as described.
• The Service will be provided in a professional and workmanlike manner, consistent with generally accepted industry practices for similar services.
• LightTrail will comply with applicable Laws relating to its operation of the Service.

Except as expressly stated in this Agreement or an applicable BAA:

• The Service and all related services are provided "as is" and "as available."
• LightTrail does not warrant that the Service will be uninterrupted, error free, or free from harmful components.
• LightTrail does not guarantee that analytics, AI insights, or reports will meet Customer's specific requirements, nor does LightTrail warrant the accuracy or completeness of conclusions that Customer derives from Customer Data.
• LightTrail is not responsible for Customer's configuration of the Service, for data exports or uses by Destinations, or for third party products or services integrated with the Service.

To the maximum extent permitted by Law, LightTrail disclaims all implied warranties, including implied warranties of merchantability, fitness for a particular purpose, non-infringement, and any warranties arising from course of dealing or usage of trade.

Customer acknowledges that:

• Customer is responsible for reviewing output from the Service and making decisions based on its own expertise and judgment.
• LightTrail is not engaged in providing legal, regulatory, or compliance advice.

LightTrail will defend Customer against any third party claim alleging that the Service, as provided by LightTrail and used by Customer in accordance with this Agreement, infringes any United States patent, copyright, or trademark, or misappropriates a third party's trade secret, and will pay any damages and reasonable attorneys' fees finally awarded against Customer in connection with such claim, or amounts agreed to in settlement by LightTrail.

LightTrail will have no obligation to the extent a claim arises from:

• Combination of the Service with products, services, data, or processes not provided by LightTrail.
• Customer Data or Customer's configurations.
• Use of the Service in violation of this Agreement or the Documentation.
• Use of other than the current, unaltered version of the Service where use of such version would have avoided the claim.

If the Service is, or in LightTrail's reasonable opinion is likely to become, the subject of an infringement claim, LightTrail may:

• Modify the Service to be non-infringing while maintaining materially equivalent functionality.
• Replace the Service with a non-infringing alternative that provides materially equivalent functionality.
• If neither option is commercially reasonable, terminate the affected Order Form and refund prepaid unused fees.

This Section 10.1 sets out Customer's exclusive remedies and LightTrail's sole obligations with respect to claims of intellectual property infringement.

Customer will defend LightTrail against any third party claim arising from or related to:

• Customer Data, including any allegation that Customer Data or Customer's use of the Service with Customer Data violates Law or infringes or misappropriates third party rights.
• Customer's violation of this Agreement, the BAA, or applicable Laws.
• Customer's configuration or operation of Destinations or third party tools integrated with the Service.

Customer will pay any damages and reasonable attorneys' fees finally awarded against LightTrail in connection with such claim, or amounts agreed to in settlement by Customer.

The Party seeking indemnification will:

• Provide prompt written notice of the claim to the indemnifying Party (provided that any delay will not relieve the indemnifying Party of its obligations except to the extent it is materially prejudiced).
• Give the indemnifying Party sole control over the defense and settlement of the claim.
• Provide reasonable assistance at the indemnifying Party's expense.

The indemnifying Party will not settle any claim in a manner that imposes any admission of liability or payment obligation on the indemnified Party without its prior written consent.

To the maximum extent permitted by Law, neither Party nor its suppliers will be liable for:

• Loss of profits or revenue.
• Loss of data or corruption of data.
• Loss of business or anticipated savings.
• Business interruption.
• Any indirect, incidental, special, exemplary, or consequential damages.

This exclusion applies regardless of the theory of liability and even if a Party has been advised of the possibility of such damages.

Except for a Party's indemnification obligations under Section 10, a Party's breach of its confidentiality obligations under Section 12, or Customer's payment obligations:

Each Party's total aggregate liability arising out of or related to this Agreement will not exceed the total fees paid or payable by Customer to LightTrail under the Order Form giving rise to the claim during the twelve (12) month period immediately preceding the event giving rise to the claim.

The limitations in this Section 11 apply to all causes of action, whether in contract, tort (including negligence), strict liability, or otherwise, and will apply even if any limited remedy provided in this Agreement is found to have failed its essential purpose.

Some jurisdictions do not allow certain exclusions or limitations of liability; in such cases, the Parties intend that the limitations apply to the fullest extent permitted by Law.

Neither Party may assign or transfer this Agreement, in whole or in part, without the other Party's prior written consent, except that either Party may assign this Agreement without consent in connection with a merger, acquisition, corporate reorganization, or sale of substantially all of its assets.

Any attempted assignment in violation of this Section 14.1 will be void. Subject to the foregoing, this Agreement will bind and benefit the Parties and their permitted successors and assigns.

If any provision of this Agreement is held invalid or unenforceable, it will be limited to the minimum extent necessary and the remaining provisions will remain in full force and effect.

This Agreement is governed by the Laws of the State of California and the United States, without regard to conflicts of law rules. The Parties agree to the exclusive jurisdiction and venue of the state and federal courts located in San Diego County, California for any dispute arising out of or related to this Agreement, and each Party consents to personal jurisdiction in such courts.

The prevailing Party in any action to enforce this Agreement is entitled to recover its reasonable attorneys' fees and costs.

Legal notices under this Agreement must be in writing and delivered to:

Notices are deemed given:

• Upon personal delivery.
• One business day after deposit with a recognized overnight courier.
• Two business days after mailing via registered or certified mail, postage prepaid.
• On the first business day after sending by email, if no delivery failure notice is received.

LightTrail may send routine service-related notices through the Service interface or to the email addresses associated with Customer's account.

This Agreement, together with any Order Forms and any BAA, comprises the entire agreement between the Parties regarding the Service and supersedes all prior and contemporaneous agreements, proposals, or representations, whether written or oral, on the same subject matter.

In the event of any conflict or inconsistency between this Agreement and the terms of a fully executed Master Subscription and Services Agreement (MSSA) or Statement of Work (SOW) between LightTrail and Customer, the MSSA will control, and any applicable SOW will control over both the MSSA and this Agreement with respect to the subject matter of that SOW.

In the event of a conflict:

• The BAA will govern with respect to PHI.
• The Order Form will govern over this Agreement with respect to fee structure, specific service commitments, or inconsistent terms specific to that Order Form.
• This Agreement will govern over Documentation or other ancillary materials.

No failure or delay by either Party to exercise any right under this Agreement will constitute a waiver of that right. Any waiver must be in writing and signed by an authorized representative of the waiving Party.

Neither Party will be liable for failure or delay in performing its obligations (other than payment obligations) to the extent caused by events beyond its reasonable control, including natural disasters, acts of government, war, terrorism, labor disputes, failures of the internet or third party hosting providers, or utility failures.

LightTrail may engage subcontractors to provide portions of the Service, including hosting, infrastructure, AI model providers, and support services. LightTrail remains responsible for the performance of its subcontractors and their compliance with this Agreement and any applicable BAA.

LightTrail may update this Agreement from time to time. The updated Agreement will apply:

• To new Order Forms entered into after the effective date of the updated Agreement.
• To renewal Subscription Terms, unless either Party elects not to renew.

For changes required to comply with Law or to reflect updates to the Service or new features, LightTrail may specify that certain changes apply to the then-current Subscription Term. If such changes materially and adversely affect Customer's rights and Customer does not agree to them, Customer may provide written notice to LightTrail within thirty (30) days after the change takes effect, and the Parties will work in good faith to address Customer's concerns. If they are unable to do so, Customer may terminate the affected Order Form, and LightTrail will refund prepaid fees for the unused portion of the Subscription Term for that Order Form.

The Parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture, employment, franchise, or agency relationship between the Parties. Neither Party has authority to bind the other Party or incur obligations on its behalf.

In using or providing the Service, each Party will comply with applicable export, import, and sanctions Laws. Customer represents and warrants that it is not listed on any governmental list of prohibited parties, is not located in an embargoed country, and will not permit Authorized Users to access or use the Service in violation of such Laws.

Any standard support and uptime commitments for the Service are described in LightTrail's service level agreement (SLA), if any, referenced in the Order Form or made available on LightTrail's website. Such SLA is incorporated into this Agreement by reference where specified in the Order Form.