PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SERVICES OFFERED BY THIS IS ALICE, INC. (“ALICE”). BY MUTUALLY EXECUTING ONE OR MORE ORDER FORMS WITH ALICE WHICH REFERENCE THESE TERMS AND CONDITIONS OR BY SUBMITTING AN ONLINE ORDER FORM ON ALICE’S WEBSITE (EACH, AN “ORDER FORM”), CUSTOMER AGREES TO BE BOUND BY THESE TERMS AND CONDITIONS (TOGETHER WITH ALL ORDER FORMS AND THE “SERVICES AGREEMENT”) TO THE EXCLUSION OF ALL OTHER TERMS. IF THE TERMS AND CONDITIONS, THE SERVICES AGREEMENT AND/OR ORDER FORMS ARE CONSIDERED AN OFFER, ACCEPTANCE IS EXPRESSLY LIMITED TO SUCH TERMS OF SUCH DOCUMENTS.

AS USED IN THESE TERMS AND CONDITIONS, ALL APPLICABLE ORDER FORMS AND THE PRE-TAX SERVICES AGREEMENT, INCLUDING ATTACHMENTS AND EXHIBITS THERETO, SHALL COLLECTIVELY BE REFERRED TO AS THE “SERVICES AGREEMENT.”

ALICE TERMS AND CONDITIONS

Last Updated: January 21, 2020.

1.Order Forms; Access to the Service

Upon mutual execution, each Order Form shall be incorporated into and form a part of these Terms and Conditions. Subject to Customer’s compliance with its obligations under these Terms and Conditions (including any limitations and restrictions set forth on the applicable Order Form) Alice grants Customer the right and license to access and use the services specified in each Order Form (collectively, the “Service,” or “Services”) during the applicable Order Form term (as defined below) for the internal business purposes of Customer, only as provided herein and only in accordance with Alice’s applicable official user documentation. 

2. Support; Service Levels; Additional Services. 

Alice will undertake commercially reasonable efforts to make the Services available twenty-four (24) hours a day, seven (7) days a week. Notwithstanding the foregoing, Alice reserves the right to suspend Customer’s access to the Services for scheduled or emergency maintenance. Subject to the terms hereof, Alice will provide reasonable support to Customer for the Services from Monday through Friday during Alice’s normal business hours. Upon payment of any applicable fees set forth in each Order Form, Alice agrees to use reasonable commercial efforts to provide standard implementation assistance for the Service only if and to the extent such assistance is set forth on such Order Form (“Implementation Assistance”). If Alice provides Implementation Assistance in excess of any agreed-upon hours estimate, or if Alice otherwise provides additional services beyond those agreed in an Order Form, Customer will pay Alice at its then-current hourly rates for such Implementation Assistance. 

3. Customer Responsibilities; Employee Enrollment. 

IMPORTANT:  Alice does not serve as and is not “Plan Administrator,” trustee or custodian, as those terms are defined by applicable law including without limitation the Employee Retirement Income Security Act (“ERISA”), for Customer’s employee welfare or benefit plan, pre-tax benefits or any of the services or pretax benefits referenced in or contemplated by the services agreement. Customer acknowledges that Alice’s performance of the Services depends on Customer’s performance of the following responsibilities: 
(a) Customer hereby authorizes Alice to access and use the payroll processing system used by Customer to organize, determine, and implement pre-tax deductions from employee compensation, initiate payments to employees for and for direct payments to qualified expense vendors for qualified expenses (the “Payroll System”); 
(b) Customer will provide Alice with such access to its Payroll System as is necessary to enable Alice to provide the Services to Customer and its employees and to perform its obligations pursuant to the terms of the Service Agreement.
(c) Customer shall provide Alice with a current roster, including mobile phone numbers and email addresses of Customer’s Employees (the “Roster”) and shall regularly update such Roster (“Employees” shall mean only the employees of Customer who are recognized as a W-2 employee and are not contractors, as each term is defined under the Internal Revenue Code);
(d) Customer agrees to either: authorize Alice, acting on behalf of and at the direction of Customer, to communicate to its Employees via email or text message the necessary information for them to enroll in the Services, including, without limitation, the standard enrollment and informational materials provided by Alice for distribution to its Employees for the initial enrollment; or, the Customer will communicate such necessary information directly to its Employees;
 (e)   Customer shall take all necessary corporate action to adopt, consistent with its by-laws and applicable federal and state laws and regulations, the Customer’s Cafeteria Plan (the “Plan”) for eligible Employees of the Company and shall maintain the Plan in full force and effect during the term of the Services Agreement.    
(f) Customer shall designate in writing to Alice at least one of its Employees to assume the responsibility of administrator for Customer (the “Administrator”). The Administrator shall have the authority and responsibility to take all required actions on behalf of Customer to obtain benefits for its employees. The Administrator shall review Employee information to ensure accuracy and eligibility. Alice may rely on any decisions made by the Administrator with respect to the Services, employee information and employee eligibility for the Services. 
(g)  Customer hereby authorizes and approves for the receipt of the benefits, all Employees on the Roster present within Customer’s Payroll System. Alice shall not be obligated to process any benefits for Employees if: (i) Customer fails to make payments due to Alice at the time required;  (ii) there are insufficient funds in the Customer’s payroll processing system account or other designated transaction account (each such account individually referred to herein as “Payroll Account”); and/or there are insufficient funds in the Processing Account to make payments to Employees. In order to enroll for the Services and use or access benefits available through the Services, each Employee must register for an account with Alice and agree to Alice’s standard employee terms of service located at https://thisisalice.com. Customer acknowledges that as part of the registration process, their employees may enroll in Alice’s auto change feature with respect to the determination of employee contribution amounts. Each Employee (and not Alice) is solely responsible for the information submitted to Alice by such Employee and/or any third party on such Employee’s behalf, including, without limitation, such Employee’s financial institutions and credit and debit card providers.
(h)   SynapseFI is our backend software provider, and partner of Evolve Bank & Trust (Evolve), member FDIC.  SynapseFI’s API, and their relationship with Evolve, enables us to provide you with access to their banking services and products. By agreeing to the Services Agreement and our Privacy Policy, you also agree to SynapseFI’s terms and policies located at synapsefi.com/tos.

4. Processing Account and HSA Trust Account

4.1  Processing Account.  Alice, through Synapse Financial Technologies Inc. (“Synapse”), uses  Evolve Bank and Trust (“Bank”) to establish a transaction account (the “Processing Account”) for Customers to facilitate the processing of their employees’ pre-tax transactions with respect to their Health Care Flexible Spending Arrangement (“Health Care FSA”), Limited Purpose Health Care FSA, Dependent Care FSA and pre-tax commuter expense contributions. Customer agrees to promptly provide Synapse and the Bank with such reasonable information as they may request with respect to the Processing Account, including without limitation such reasonable information as Evolve may require to comply with federal banking, Bank Secrecy Act, anti-money laundering and “know your customer” laws and regulations. Customer also agrees to permit Alice to initiate and process on Customer’s behalf: (a) employee pre-tax contribution deposits to the Processing Account from the Customer’s Payroll Account; and, (b) employee qualified medical expense reimbursement transactions from the Processing Account to (i) the Customer’s Payroll Account; (ii) to Customer’s employees via an ACH transaction directly to employee bank accounts; and, (iii) to third parties as payment for employee qualified medical expenses incurred by employees.
If Customer’s Processing Account and Payroll Account balance are insufficient to pay for the employee reimbursement transactions described above, Alice shall notify Customer of the shortfall and Alice shall have the right to initiate a transfer in the amount of the shortfall from the Customer’s designated bank account to the Processing Account.

IMPORTANT: Pre-tax contribution deposits to the Processing Account from Customer’s employees (“Employee Contributions”) and any other amounts deposited to the Processing Account by Customer on behalf of or for the benefit of its employees (“Customer Contributions”) belong to Customer for the benefit of its participating employees and are not the assets of Alice.
4.2  HSA Trust Account. During the employee HSA enrollment process Customer’s employees will establish HSA trust accounts with Bank (“Trust Account or Trust Accounts” as the context may require). Trust Accounts will be used to receive pre-tax HSA contributions from employees, and such other amounts as Customer may deposit to the Trust Accounts for employees’ benefit, and from which to pay for pretax reimbursements for such employees’ qualified medical expenses.
Alice is under no obligation to, and shall not, process employee requests for the reimbursement of qualified medical expenses from such employee’s Trust Account in excess of the balance in the Trust Account at the time of the reimbursement request. 
IMPORTANT: Employee pre-tax contribution deposits to their Trust Account and any other amounts deposited to an employee’s Trust Account by Customer on behalf of or for the benefit of such employee belong to and are under the control of the employee in who’s name the account is established and are not owned by or under the control of Alice or the Customer.

 
5. Service Updates

Alice reserves the right to modify the Services, including, without limitation, by adding or removing benefits available to Employees, at any time consistent with applicable laws and regulations. From time to time, Alice may provide upgrades, patches, enhancements, or fixes for the Services to its customers generally without additional charge (“Updates”), and such Updates will become part of the Services and subject to the Terms and Conditions; provided that Alice shall have no obligation under the Terms and Conditions or otherwise to provide any such Updates. Customer understands that Alice may cease supporting old versions or releases of the Services at any time in its sole discretion; provided that Alice shall use commercially reasonable efforts to give Customer sixty (60) days prior notice of any major changes.

6. Ownership; Feedback

As between the parties, Alice retains all right, title, and interest in and to the Services, and all software, products, works, and other intellectual property and moral rights related thereto or created, used, or provided by Alice for the purposes of providing the services contemplated by the Services Agreement, including any copies and derivative works of the foregoing. No rights or licenses are granted except as expressly and unambiguously set forth in the Services Agreement.  Customer may from time to time provide suggestions, comments or other feedback to Alice with respect to the Service (“Feedback”). Feedback, even if designated as confidential by Customer, shall not create any confidentiality obligation for Alice. Customer shall, and hereby does, grant to Alice a non-exclusive, worldwide, perpetual, irrevocable, transferable, sub licensable, royalty-free, fully paid up license to use and exploit the Feedback for any purpose. Provided that the products, software or technologies described below were independently developed without use of any of Customer’s software, technologies or Proprietary Information, nothing in the Services Agreement will impair Alice’s right to develop, acquire, license, market, promote or distribute products, software or technologies that perform the same or similar functions as, or otherwise compete with any products, software or technologies that Customer may develop, produce, market, or distribute.

7. Fees; Payment

Customer shall pay Alice fees for the Service as set forth in each Order Form (“Fees”). Unless otherwise specified in an Order Form, all Fees shall be invoiced in advance and all invoices are payable in U.S. dollars within thirty (30) days from date of receipt of an undisputed invoice. Customer shall be responsible for all taxes associated with the Services (excluding taxes based on Alice’s net income). All Fees paid are non-refundable and are not subject to set-off.

8. Restrictions

 Customer (i) shall use the Service in compliance with all applicable local, state, national and foreign laws, treaties and regulations applicable to Customer or its use of the Service (including those related to data privacy, international communications, export laws and the transmission of technical or personal data laws), and (ii) shall not use the Service in a manner that violates any third party intellectual property, contractual or other proprietary rights. 

9. Confidentiality; Publicity

9.1  Each party understands that the other party has disclosed or may disclose confidential and proprietary information (“Confidential Information”) of (the “Disclosing Party”) to the other party (the “Receiving Party”). Confidential Information shall include Customer Confidential Information and Alice Confidential Information (as those terms are defined below), whether tangible or intangible and in whatever written, verbal or digital form such Confidential Information may be disclosed by the disclosing Party to the Receiving Party.   As used in the Services Agreement, Customer Confidential Information shall include but is not limited to Customer Confidential Information as that term is defined in Paragraph 9.2 below; and, Alice Confidential Information shall include but is not limited to Alice Confidential Information as that term is defined in Paragraph 9.3.  The Receiving Party agrees: (i) to hold the Disclosing Party’s confidential information in confidence and not to divulge to any third person any such Confidential Information, (ii) to give access to such Confidential information solely to those employees with a need to have access thereto for purposes of the Services Agreement; and,  (iii) to take the same security precautions to protect against disclosure or unauthorized use of such Confidential Information that the Receiving Party takes with its own Confidential Information, but in no event will the Receiving Party apply less than reasonable precautions to protect such Confidential Information.  Customer further agrees to the following: (i) not to reverse engineer, decompile, disassemble, or otherwise attempt to discover the source code, object code, or underlying structure, ideas, or algorithms of the Service (except to the extent applicable laws specifically prohibit such restriction); and, (ii)) not to use the Service to build an application or product that is competitive with any Alice product or service.The Disclosing Party agrees that the foregoing will not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public without any action by, or involvement of, the Receiving Party,  (b) was in its possession or known by it prior to receipt from the Disclosing Party, (c) was rightfully disclosed to it without restriction by a third party; or (d) was independently developed without use of any Confidential Information of the Disclosing Party. Nothing in the Services Agreement will prevent the Receiving Party from disclosing the Confidential Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure so as to permit it to contest such order.9.2  Customer Confidential Information shall mean: any data, information or other material provided, uploaded, or submitted by Customer to the Service in the course of using the Service. Customer shall retain all right, title and interest in and to the Customer Data, including all intellectual property rights therein. Customer, not Alice, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Confidential Information. Alice shall use commercially reasonable efforts to maintain the security and integrity of the Service and the Customer Confidential Information. Alice is not responsible to Customer for unauthorized access to Customer Confidential Information or the unauthorized use of the Service unless such access is due to Alice’s negligent acts, omissions or willful misconduct. Customer is responsible for the use of the Service by any person to whom Customer has given access to the Service, even if Customer did not authorize such use. Customer agrees and acknowledges that Customer Confidential Information maintained by Alice may be irretrievably deleted if Customer’s account is ninety (90) days or more delinquent. Notwithstanding anything to the contrary, Customer acknowledges and agrees that Alice may internally use and modify (but not disclose) Customer Confidential Information for the purposes of (A) providing the Services and any support or consultation services to Customer, (B) generating Aggregated Anonymous Data (as defined below); and, (C) freely use and make available Aggregated Anonymous Data for Alice’s business purposes (including without limitation, for purposes of improving, testing, operating, promoting and marketing Alice’s products and services). “Aggregated Anonymous Data” means data submitted to, collected by, or generated by Alice in connection with Customer’s use of the Service, but only in aggregate, anonymized form which can in no way be linked specifically to Customer.  9.3  Alice Confidential Information shall mean the terms and existence of the Services Agreement; and, Alice’s: financial plans and records, present and future marketing plans, business strategies and relationship with third parties, client lists, present and proposed products, trade secrets, business process methodologies and techniques, forms and other documents that are used in connection with the Service, intellectual property, computer software programs and descriptions of functions and features of software, information regarding customers and suppliers, founders, employees and affiliates. Alice shall retain all right, title and interest in and to the Alice Confidential Information, including all intellectual property rights therein.9.4  Use of Customer’s Name and Logo.  Unless Alice is notified by the Customer to the contrary, Customer hereby permits Alice to use Customer’s name and logo and to identify Customer as a customer of Alice in marketing, advertising and business materials and presentations, press releases, interviews and presentations. 

10. Text and SMS Messages

IMPORTANT:  FROM TIME TO TIME ALICE WILL SEND CUSTOMER TEXT AND/OR SMS MESSAGES REGARDING CUSTOMER’S USE OF AND THE OPERATION OF THE ALICE PRE-TAX BENEFIT PROGRAM, INCLUDING WITHOUT LIMITATION CHANGES AND ENHANCEMENTS TO OUR PROGRAM, CUSTOMER’S EMPLOYEES’ PRE-TAX TRANSACTIONS AND REIMBURSEMENTS.  SUCH MESSAGES MAY BE CREATED AND/OR SENT TO YOU BY SOFTWARE OWNED OR OPERATED BY ALICE, BY THIRD PARTIES ACTING ON ALICE’S BEHALF OR BY ALICE’S OR SUCH THIRD  PARTIES’  EMPLOYEES (AS USED IN THIS PARAGRAPH 10 ALICE, SUCH THIRD PARTIES AND ALICE’S AND SUCH THIRD PARTIES’ EMPLOYEES SHALL COLLECTIVELY BE REFERRED TO AS “ALICE PARTIES”).  CUSTOMER’S USE OF ANY OF THE SERVICES, AS CONTEMPLATED BY THE SERVICES AGREEMENT AND/OR ANY ORDER  FORM, THAT ALICE PROVIDES TO CUSTOMER OR  ITS EMPLOYEES CONSTITUTES CUSTOMER’S EXPRESS CONSENT TO RECEIVE SUCH MESSAGES FROM ALICE PARTIES REGARDLESS OF HOW SUCH MESSAGES ARE GENERATED OR SENT TO CUSTOMER.

11. Term; Termination

The Services Agreement shall commence upon the effective date set forth in the first Order Form, and, unless earlier terminated in accordance herewith, shall last until the expiration of all Order Form Terms. For each Order Form, the “Order Form Term” shall begin as of the effective date set forth on such Order Form, and unless earlier terminated as set forth herein, (x) shall continue for the initial term specified on that Order Form (the “Initial Order Form Term”), and (y) following the Initial Order Form Term, shall automatically renew for additional successive periods of one year each (each, a “Renewal Order Form Term”) unless either party notifies the other party of such party’s intention not to renew no later than thirty (30) days prior to the expiration of the Initial Order Form Term or then-current Renewal Order Form Term, as applicable. During the period starting 60 days following the effective date of the Initial Order Form Term and upon 30 days prior written notice to the non-terminating party either party may terminate the Services Agreement for any reason or no reason during the Initial Order Form Term. For the avoidance of doubt such right to terminate for any reason or no reason is limited to terminations prior to the end of the Initial Order Form Term. In the event of a material breach of the Services Agreement by either party, the non-breaching party may terminate the Services Agreement by providing written notice to the breaching party, provided that the breaching party does not materially cure such breach within thirty (30) days of receipt of such notice. Without limiting the foregoing, Alice may suspend or limit Customer’s access to or use of the Service if: (i) Customer’s account is more than sixty (60) days past due, or (ii) Customer’s use of the Service results in (or is reasonably likely to result in) damage to or material degradation of the Service which interferes with Alice’s ability to provide access to the Service to other customers; provided that, in the case of subsection (ii) above: (a) Alice shall use reasonable good faith efforts to work with Customer to resolve or mitigate the damage or degradation in order to resolve the issue without resorting to suspension or limitation; (b) prior to any such suspension or limitation, Alice shall use commercially reasonable efforts to provide notice to Customer describing the nature of the damage or degradation; and, (c) Alice shall reinstate Customer’s use of or access to the Service, as applicable, if Customer remediates the issue within thirty (30) days of receipt of such notice. All provisions of the Services Agreement which by its nature should survive termination shall survive termination, including, without limitation, accrued payment obligations, ownership provisions, warranty disclaimers, indemnity and limitations of liability. In the event that Customer terminates the Services Agreement as provided for in this Paragraph 11, upon termination Alice shall not be responsible for paying any benefit claims, receiving any employee contributions or providing any other Service contemplated by the Services Agreement on or after the effective date of the termination. Customer shall provide Alice with instructions with respect the transfer of any balances for the benefit of employees, excluding HSA balances, attributable to the Services.

 

12. Indemnification

Alice shall defend, indemnify, and hold harmless the Customer, its affiliates and each of its and its affiliates’ employees, contractors, directors, suppliers and representatives (collectively, the “Customer Parties”) from all liabilities, claims, and expenses paid or payable to an unaffiliated third party (including reasonable attorneys’ fees) (“Losses”), that arise from or relate to (i) the performance of the Services by Alice or any of its employees, agents, representatives, and contractors (collectively, the “Alice Parties”), (ii) Alice’s breach of the Services Agreement or the obligations hereunder, (iii) any unauthorized access by any person or third party to Client Data; provided, that such unauthorized access was not caused by Customer’s or Customer Parties’ negligence or willful misconduct, (iii) Alice’s failure to comply with applicable law, or (iv) any claim that the Service infringes, violates, or mis-appropriates any third party intellectual property or proprietary right The foregoing obligations of Alice do not apply with respect to the Service or any information, technology, materials or data (or any portions or components of the foregoing) to the extent (i) not created or provided by Alice (including without limitation any Customer Data), (ii) made in whole or in part in accordance to Customer specifications, (iii) modified after delivery by Alice, (iv) combined with other products, processes or materials not provided by Alice (where the alleged Losses arise from or relate to such combination), (v) where Customer continues allegedly infringing activity after being notified thereof or after being informed of modifications that would have avoided the alleged infringement, or (vi) Customer’s use of the Service is not strictly in accordance herewith.12.2  Customer shall defend, indemnify, and hold harmless the Alice, its affiliates and each of its and its affiliates’ employees, contractors, directors, suppliers and representatives from all liabilities, claims, and expenses paid or payable to an unaffiliated third party (including reasonable attorneys’ fees) (“Losses”), that arise from or relate to (i) Customer’s breach of the Services Agreement or the obligations hereunder, or (ii) Customer’s failure to comply with applicable law.12.3  The indemnified party  shall provide the indemnifying party with: (i) prompt written notice of any claim (provided that a failure to provide such notice shall only relieve the Indemnifying party  of its indemnity obligations if the indemnifying party is materially prejudiced by such failure); (ii) the option to assume sole control over the defense and settlement of any claim (provided that the indemnified party may participate in such defense and settlement at its own expense); and (iii) reasonable information and assistance in connection with such defense and settlement (at the indemnifying party’s expense).

  1. Disclaimer

EXCEPT AS EXPRESSLY SET FORTH HEREIN, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” AND IS WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES IMPLIED BY ANY COURSE OF PERFORMANCE, USAGE OF TRADE, OR COURSE OF DEALING, ALL OF WHICH ARE EXPRESSLY DISCLAIMED.ALICE IS NOT PROVIDING AND DOES NOT PROVIDE LEGAL OR TAX ADVICE TO CUSTOMER OR ITS EMPLOYEES WITH RESPECT TO THE SERVICES. THE DETERMINATION OF THE SUITABILITY OF THE SERVICES IS THE SOLE RESPONSIBILITY OF CUSTOMER AND/OR ITS EMPLOYEES, AND CUSTOMER SHOULD CONSULT WITH ITS TAX OR LEGAL ADVISORS TO PRIOR TO USING THE SERVICE.

  1. Limitation of Liability

EXCEPT FOR THE PARTIES’ INDEMNIFICATION OBLIGATIONS, IN NO EVENT SHALL EITHER PARTY, NOR ITS DIRECTORS, EMPLOYEES, AGENTS, PARTNERS, SUPPLIERS OR CONTENT PROVIDERS, BE LIABLE UNDER CONTRACT, TORT, STRICT LIABILITY, NEGLIGENCE OR ANY OTHER LEGAL OR EQUITABLE THEORY WITH RESPECT TO THE SUBJECT MATTER OF THE SERVICES AGREEMENT FOR:  (I) ANY LOST PROFITS, DATA LOSS, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, (II) FOR ANY BUGS, VIRUSES, TROJAN HORSES, OR THE LIKE (REGARDLESS OF THE SOURCE OF ORIGINATION), OR (III) FOR ANY DIRECT DAMAGES IN EXCESS OF (IN THE AGGREGATE) THE FEES PAID (OR PAYABLE) BY CUSTOMER TO ALICE HEREUNDER IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO A CLAIM HEREUNDER.

  1. HIPAA Business Associate Agreement

Attached as Exhibit A hereto is a copy of the Business Associate Agreement (“BAA”) between Alice and Customer that among other things provides descriptions of how Alice will safeguard Protected Health Information or Electronic Protected Health Information created or received by or on behalf of the Client.  As of the Effective Date of this Agreement, both Alice and Customer agree to comply with the provisions of the BAA as such BAA may from time to time be amended.

  1. Service Level and Performance Standards

Except as otherwise provided in this Agreement, Alice agrees to adhere to the following Service Level and Performance Standards (“Standards”) below:16.1 Regular Business Hours “Regular Business Hours” are 9am to 5pm EST, Mon-Fri.
16.2 Customer Success Response Times
Request received by Customer Success via:

  1. Text messages:24-hour response time during Regular Business Hours.

  1. Email24-hour response time during Regular Business Hours.

  1. Live chat: 12-hour response time during Regular Business Hours.



16.3 Technology Website uptimeThe Alice website has an uptime of greater than 99%.16.4 Escalation Response Times

  1. Issue escalated to VP, Customer Success: 12-hour response time during Regular Business Hours.
  2. Issue escalated to CEO:24-hour response time during Regular Business Hours.

  1. Miscellaneous

17.1  The Services Agreement represents the entire agreement between Customer and Alice with respect to the subject matter hereof and supersedes all prior or contemporaneous communications and proposals (whether oral, written or electronic) between Customer and Alice with respect thereto. The Services Agreement shall be governed by and construed in accordance with the laws of the State of New York, excluding its conflicts of law rules, and the parties consent to exclusive jurisdiction and venue in the state and federal courts located in Kings County, State of New York.17.2  NOTICES.  All notices shall be in writing and shall be deemed to have been duly given when received, if personally delivered or sent by certified or registered mail, return receipt requested; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; or the day after it is sent, if sent for next day delivery by recognized overnight delivery service. Notices must be sent to the contacts for each party set forth on the Order Form. Either party may update its address set forth above by giving notice in accordance with this section. 17.3  Except as otherwise provided herein, the Services Agreement may be amended only by a writing executed by both parties. 17.4  FORCE MAJEURE.  Except for payment obligations, neither party shall be liable for any failure to perform its obligations hereunder where such failure results from any cause beyond such party’s reasonable control, including, without limitation, the elements; fire; flood; severe weather; earthquake; vandalism; accidents; sabotage; power failure; denial of service attacks or similar attacks; Internet failure; acts of God and the public enemy; acts of war; acts of terrorism; riots; civil or public disturbances; strikes, lock-outs or labor disruptions; any laws, orders, rules, regulations, acts or restraints of any government or governmental body or authority, civil or military, including the orders and judgments of courts. 17.5  ASSIGNMENT.  Neither party may assign any of its rights or obligations hereunder without the other party’s consent; provided that (i) either party may assign all of its rights and obligations hereunder without such consent to a successor-in-interest in connection with a sale of substantially all of such party’s business relating to the Services Agreement, and (ii) Alice may utilize subcontractors in the performance of its obligations hereunder. 17.6  No agency, partnership, joint venture, or employment relationship is created as a result of the Services Agreement and neither party has any authority of any kind to bind the other in any respect. 17.7  If any provision of the Services Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable. 17.8  The failure of either party to act with respect to a breach of this Services Agreement by the other party shall not constitute a waiver and shall not limit such party’s rights with respect to such breach or any subsequent breaches.

EXHIBIT A Business Associate Agreement

This Business Associate Agreement (the “Agreement”) by and between Customer, and This Is Alice, Inc. (“Alice”) is made and entered into effective the effective date of the Alice Services Agreement between Alice and Customer.
 
Recitals

WHEREAS, Customer is a “covered entity” as those terms are defined in 45 C.F.R. § 160.103; andWHEREAS, Alice provides administrative, processing and related services to Customer with respect to certain pre-tax medical FSA and HSA benefits that Customer provides to its employees; andWHEREAS, as a result of such functions, Customer has identified Alice as a “business associate,” as defined in 45 C.F.R. § 160.103, of Customer for purposes of the privacy and security requirements under the Health Insurance Portability and Accountability Act of 1996, (HIPAA) as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH) and the regulations issued thereunder; andWHEREAS, Alice acknowledges that it is a business associate, as defined in 45 C.F.R. § 160.103, of Customer that may create, use, or disclose Protected Health Information or Electronic Protected Health Information on behalf of Customer; andWHEREAS, Customer desires to obtain written assurances that Alice will safeguard Protected Health Information or Electronic Protected Health Information created or received by or on behalf of Customer.NOW, THEREFORE, the parties agree as follows:

Definitions

    1. “Breach” shall have the meaning set forth in 45 C.F.R. §164.402.
    2. “Data Aggregation” shall have the meaning as the term “data aggregation” in 45 C.F. R. § 164.501.
    3. “Designated Record Set” shall mean a group of health-related records about an Individual as provided in 45 C.F.R. § 164.501.  
    4. “Electronic Health Record” shall mean an electronic record of health-related information with respect to an Individual that is created, gathered, managed and consulted by authorized healthcare clinicians and staff.
    5. “Electronic Protected Health Information” or “Electronic PHI” means information that Alice or its agent, including a subcontractor, creates, receives, maintains or transmits from or on behalf of Customer that comes within paragraphs 1(i) or 1(ii) of the definition of “protected health information” at 45 C.F.R. § 160.103.
    6. “Genetic Information” shall have the meaning assigned to such term in 45 C.F.R. § 160.103.
    7. “HIPAA” shall mean the health information privacy provisions under the Health Insurance Portability and Accountability Act of 1996, and regulations issued thereunder at 45 C.F.R. Parts 160 and 164, as amended by HITECH. 
    8. “HITECH” shall mean the Health Information Technology for Economic and Clinical Health Act and the regulations issued thereunder.
    9. “Individual” shall mean a person who is the subject to the Protected Health Information of the Customer, and shall include a person who qualifies as the Individual’s personal representative in accordance with 45 C.F.R. § 164.502(g). 
    10.  “Limited Data Set” shall have the meaning assigned to such term in 45 C.F.R. §164.514(e)(2).
    11. “Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, limited to the information created or received by Alice from or on behalf of Customer.  Genetic Information shall be considered PHI.
    12. “Required by Law” shall mean a mandate contained in an applicable state, federal, or local law that compels Customer (or business associates acting on behalf of Customer) to make a use or disclosure of PHI that is enforceable in a court of law.
    13. “Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system, as defined at 45 C.F.R. § 164.304.    However, certain low risk attempts to breach network security, such as the incidents listed below, shall not constitute a Security Incident under this Agreement, provided they do not penetrate the perimeter, do not result in an actual breach of security and remain within the normal incident level: pings on the firewall; port scans; attempts to log on to a system or enter a database with an invalid password or username; denial-of-service attacks that do not result in a server being taken off-line; and malware such as worms or viruses.
    14. “Subcontractor” shall have the meaning as the term in 45 C.F.R. § 160.103.
    15. “Unsecured Protected Health Information” or “Unsecured PHI” shall have the meaning assigned to such term in 45 C.F.R. § 164.402 and guidance issued thereunder.

Obligations of the Parties

      1. Alice shall safeguard all PHI and Electronic PHI created or received by Alice on behalf of Customer in accordance with HIPAA.  Alice shall implement administrative, physical and technical safeguards that prevent use or disclosure of the Electronic Protected Health Information other than as permitted by the Security Rules.  Specifically, Alice agrees to implement policies and procedures in accordance with 45 C.F.R. §  164.316 that:
        1. Prevent, detect, contain and correct security violations in accordance with the administrative safeguards set forth in 45 C.F.R. §  164.308;
        2. Limit physical access to electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed in accordance with the physical safeguards set forth in 45 C.F.R. §  164.310; and
        3. Allow access to electronic information systems that maintain Electronic PHI to only those persons or software programs that have been granted access rights in accordance with the technical safeguards set forth in 45 C.F.R. §  164.312.
      2. Alice shall not use or disclose PHI or Electronic PHI except as permitted or required by Article 3 of this Agreement or as Required by Law.  Alice shall notify Customer of all requests for the disclosure of PHI and Electronic PHI from a law enforcement or government official, or pursuant to a subpoena, court or administrative order, or other legal request as soon as possible prior to making the requested disclosure. Alice shall provide to Customer all PHI and Electronic PHI necessary to respond to these requests as soon as possible, but no later than ten (10) business days following its receipt of a written request from Customer.
      3. Customer shall provide to Alice, and Alice shall request from Customer, disclose to its affiliates, subsidiaries, agents and subcontractors or other third parties, only a Limited Data Set or, if necessary or otherwise permitted by HHS regulations, the minimum PHI or Electronic PHI necessary to perform or fulfill a specific function required or permitted under the Agreement.  “Minimum necessary” shall be interpreted in accordance with HITECH, and in any event shall not include any direct identifiers of individuals such as names, street addresses, phone numbers or social security numbers, except for a unique identifier assigned by Customer as necessary for the strategic analysis.
      4. Alice shall comply with all granted restrictions on the use and/or disclosure of PHI, pursuant to 45 C.F.R. § 164.522(a), upon written notice from Customer; provided, however, that Customer shall not grant any restriction that affects Alice’s use or disclosure of PHI without first consulting with Alice.   
      5. Alice shall comply with all granted requests for confidential communication of PHI, pursuant to 45 C.F.R. § 164.522(b), upon written notice from Customer.
      6. Alice shall report to Customer any use or disclosure of PHI not permitted by this Agreement of which Alice becomes aware within fifteen (15) business days of its becoming aware, and will take such corrective action necessary, or as reasonably directed by Customer, in order to prevent and minimize damage to any Individual and to prevent any further such occurrences.

Following the discovery of a Breach of Unsecured PHI, Alice shall notify the Customer without unreasonable delay and in no case no later than fifteen (15) days after discovery of the Breach.   The notification shall include the identification of each Individual whose Unsecured PHI has been or is reasonably believed by Alice to have been accessed, acquired, used or disclosed during the Breach.  Alice shall provide the Customer with any other available information that the Customer requires to notify affected individuals under the Privacy Rule. 

      1. Alice shall make reasonable efforts to mitigate, to the extent practicable or as reasonably directed by Customer, any harmful effect that is known to Alice resulting from a breach of this Agreement or HIPAA that is directly caused by Alice.
      2. Alice shall report to Customer any Security Incident within five (5) business days of when it becomes aware of such Security Incident.  Alice shall mitigate to the extent practicable or as reasonably directed by Customer any harmful effect that is known to Alice of a Security Incident by Alice.
      3. Alice shall take reasonable steps to ensure that any Subcontractor performing services for Customer agrees in writing to the same restrictions and conditions that apply to Alice with regard to its creation, use, and disclosure of PHI and Electronic PHI in accordance with 45 C.F.R. §§ 164.308(b)(2), 164.502(e)(1)(ii) and 164.504(e)(5).  Alice shall, upon written request from Customer, provide a list of any Subcontractors with whom Alice has contracted to perform services for Customer. Alice shall advise Customer if any Subcontractor breaches its agreement with Alice with respect to the disclosure or use of PHI or Electronic PHI.   If Alice knows of a pattern of activity or practice of its Subcontractor that constitutes a material breach or violation of the Subcontractor’s duties and obligations under its agreement with the Subcontractor (“Subcontractor Material Breach”), Alice shall cure the breach or provide a reasonable period for Subcontractor to cure the Subcontractor Material Breach; provided, however, that if Alice cannot, or Subcontractor does not, cure the Subcontractor Material Breach within such period, Alice shall terminate the agreement with Subcontractor, if feasible, at the end of such period.

Alice shall, upon written request from Customer, provide to Customer a copy of any PHI or Electronic PHI in a Designated Record Set, as defined in 45 C.F.R. § 164.501, created or maintained by Alice, and not also maintained by Customer, within thirty (30) days of receipt of the request.  

      1. Alice shall, upon written request from Customer, make any amendment to PHI in a Designated Record Set maintained by Alice within thirty (30) days of receipt of the request unless Alice can establish to Customer’s satisfaction that the PHI at issue is accurate and complete.  
      2. If an Individual’s PHI is held in an Electronic Health Record, Alice shall provide requested copies in electronic format to the individual or to an entity or person designated by the Individual, provided such designation is clearly and conspicuously made by the Individual or Customer. 
      3. Alice shall make its internal practices, written policies and procedures, books, records, and other documents relating to the use and disclosure of PHI and/or Electronic PHI created or maintained by Alice on behalf of Customer available to the Secretary of the Department of Health and Human Services, or his or her designee, for purposes of the Secretary determining Customer’s compliance with HIPAA. 
      4. Alice shall make available the information required to provide an accounting of disclosures made on and after the Effective Date, as necessary for Customer to comply with 45 C.F.R. § 164.528, within twenty (20) business days of receipt of the request.  Alice shall provide one such accounting within a twelve month period without charge, but may make a reasonable charge for any additional such accountings within the same twelve month period.  
      5. Alice shall maintain all records, other than those records that are also maintained by Customer, for six (6) years from the date created or last in effect, whichever is later, as necessary for Customer to comply with 45 C.F.R. § 164.530(j)(2).
  • Permitted Uses of PHI
      1. Alice may use and disclose PHI and Electronic PHI as necessary to provide services to Customer, subject to Section 2.3 of this Agreement and consistent with the requirements of HIPAA.  
      2. Alice may use and disclose PHI and Electronic PHI as necessary for the proper management and administration of Alice or to carry out Alice’s legal responsibilities, subject to Section 2.4 of this Agreement and consistent with the requirements of HIPAA; provided, however, that Alice may disclose the PHI and Electronic PHI for such purposes only if:
        1. the disclosure is Required by Law, or
        2. Alice obtains reasonable assurances that the party to whom the PHI or Electronic PHI is disclosed (a) will protect the confidentiality of the PHI and Electronic PHI, (b) will not further disclose the PHI or Electronic PHI except as Required by Law or for the purposes for which it was disclosed to the other party, and (c) will report any improper use or disclosure of the PHI and/or Electronic PHI to Alice.
      3. Except as otherwise limited in this Agreement, and to the extent provided for under this Agreement, Alice may use PHI and Electronic PHI to provide Data Aggregation services to Customer, as permitted by 42 C.F.R. § 164.504(e)(2)(i)(B). 

Termination of Agreement

      1. Except as described in Section 4.3, this Agreement shall continue in effect so long as Alice provides service to Customer involving maintaining, using or disclosing PHI or Electronic PHI, or otherwise retains a copy of PHI or Electronic PHI provided to Alice by Customer.
      2. Customer may terminate this Agreement at any time if Customer discovers that Alice has materially breached any provision of this Agreement.
      3. If Alice becomes aware of a pattern of activity or practice of the Customer that constitutes a material breach or violation of the Customer’s duties and obligations under the  Agreement, Alice shall take reasonable steps and provide a period of thirty (30) calendar days for the Customer to cure the material breach or violation.  If the Customer does not cure the material breach or violation within such 30-day period, Alice shall terminate the Agreement, if feasible, at the end of such 30-day period. 
      4. Upon the expiration of Customer’s relationship with Alice, and contingent upon the payment of all outstanding fees, Alice shall return PHI and Electronic PHI to Customer or Customer’s designated agent upon Customer’s request.  If return of all PHI and Electronic PHI is not feasible, the provisions of this Agreement shall continue to apply to Alice until such time as all PHI and Electronic PHI is either returned to Customer or destroyed pursuant to Alice’s document retention policy, provided that Alice shall limit further use of PHI and Electronic PHI only to those purposes that make the destruction or return of the PHI and Electronic PHI infeasible.  Following the expiration of the relationship, Alice agrees not to disclose PHI and Electronic PHI except to Customer or as Required by Law.  

Notices

Whenever, under this Agreement, Alice is required to give notice to Customer, such notice shall be sent via First Class Mail to: Customer’s address on the Order Form, unless Customer has designated in writing a different address for such notices.Whenever, under this Agreement, Customer is required to give notice to Alice, such notice shall be sent via First Class Mail to:Privacy Officer
This is Alice, Inc.
195 Montague St.14 Floor
Brooklyn, NY 11201

Indemnification

Alice agrees to indemnify Customer, and any employees, directors, officers of Customer (collectively “Customer Indemnitees”), against all actual and direct losses resulting from or in connection with any breach of this Agreement by Alice, or its partners, employees or other members of its workforce.  Actual and direct losses shall include, but shall not be limited to, judgments, liabilities, fines, penalties, costs, and expenses (including reasonable attorneys’ fees) which are imposed upon or incurred by Customer Indemnitees by reason of any suit, claim, action, investigation, or demand by any Individual, government entity, or third party.  This obligation to indemnify shall survive the termination of this Agreement.Customer agrees to indemnify Alice and any employees, directors, officers of Alice (collectively “Alice Indemnitees”) against all actual and direct losses resulting from or in connection with any breach of this Agreement by Customer, or any violation of HIPAA resulting from any improper use or disclosure of PHI and Electronic PHI pursuant to Customer’s direction.  Actual and direct losses shall include, but shall not be limited to, judgments, liabilities, fines, penalties, costs, and expenses (including reasonable attorneys’ fees) which are imposed upon or incurred by Alice Indemnitees by reason of any suit, claim, action, investigation, or demand by any Individual, government entity, or third party.  This obligation to indemnify shall survive the termination of this Agreement.

Amendment

The parties agree to negotiate in good faith any amendments necessary to conform this Agreement to changes in applicable law.  Alice further agrees to promptly attempt to amend its agreements with its subcontractors and agents to conform to the terms of this Agreement.  In the event Alice is unable to amend this Agreement or its agreements with its subcontractors in a way that is sufficient to satisfy the requirements under HIPAA, Customer may terminate this Agreement in accordance with Section 4 upon thirty (30) days written notice. 

Terms of Agreement Govern

Any ambiguity in this Agreement shall be resolved in a way that permits compliance with HIPAA.  In the event of a conflict between the terms of this Agreement and any other contract or agreement between Customer and Alice, this Agreement shall govern.

Regulatory References

A reference in this Agreement to a section in the Privacy Rules or Security Rules means the section as in effect or as amended, and for which compliance is required.