Enterprise Addendum

Effective Date: March 30, 2026 Version: 1.3

This Enterprise Addendum ("Addendum") supplements the Caretrics Terms of Service and Privacy Policy for enterprise customers. In the event of a conflict between this Addendum and the general Terms, this Addendum controls for enterprise engagements.

Note: Enterprise customers with a negotiated Master Services Agreement (MSA) and Order Form should refer to those documents as their governing agreements. This Addendum applies to enterprise engagements governed by the standard Terms of Service where a separate MSA has not been executed.

1. Definitions

Term	Meaning
Enterprise Customer	An organization with a negotiated contract covering multiple clinic locations or annual contract value exceeding CAD $10,000.
Order Form	The executed agreement specifying scope, pricing, and term for your enterprise engagement.
Pilot Period	An initial evaluation period with defined success criteria, typically 90-180 days.
Production Period	The subscription term following a successful pilot or direct enterprise contract.
Covered Locations	Clinic locations specified in your Order Form that are authorized to use the Services.

2. Enterprise Pilot Terms

2.1 Pilot Structure

Enterprise pilots are structured separately from standard trials and include:

Defined scope: Number of clinic locations covered during pilot
Success criteria: Mutually agreed metrics for pilot evaluation
Dedicated support: Access to technical and clinical advisory resources
Clear timeline: Specified pilot duration with review checkpoints

2.2 Pilot Pricing

Pilot pricing is negotiated in your Order Form and may include:

Reduced per-location fees during evaluation
Implementation and onboarding fees
Success-based pricing adjustments for production rollout

2.3 Pilot-to-Production Transition

Following a successful pilot:

Customer may elect to expand to additional locations
Production pricing applies as specified in the Order Form
Pilot data and configurations carry forward to production

2.4 Pilot Termination

Either party may terminate a pilot with written notice as specified in the Order Form. Upon pilot termination:

Customer may request a full data export
Data is permanently deleted per the schedule defined in the Order Form
No further fees are owed beyond the pilot period

3. Data Processing Terms

3.1 Data Controller and Processor

Customer is the data controller for clinic operational data
Caretrics is the data processor acting on Customer's instructions

3.2 Processing Scope

Caretrics processes operational data solely for the purpose of providing the Services, including:

Revenue leak identification and recovery recommendations
Billing reconciliation and scheduling analysis
Performance reporting and benchmarking (anonymized across network)

3.3 Data Processing Agreement (DPA)

Enterprise customers may request a formal Data Processing Agreement covering detailed processing activities, security measures, subprocessor terms, and data subject rights.

Contact enterprise@caretrics.com to request a DPA.

3.4 Subprocessor Management

Current subprocessors are listed in our Privacy Policy
Enterprise customers receive advance notice of new subprocessors as specified in the Order Form or DPA
Customer may object to new subprocessors; parties will work in good faith to resolve

4. Security and Compliance

4.1 Security Controls

Caretrics maintains the following security controls:

Encryption in transit: TLS 1.2 minimum (TLS 1.3 preferred) for all data transmission
Encryption at rest: Provider-managed encryption via infrastructure providers (Supabase, Vercel, Railway — all SOC 2 Type II certified). Caretrics does not manage encryption keys directly; key management is handled by the infrastructure provider.
Access Control: Role-based access with database-enforced Row-Level Security, least-privilege principles, MFA for administrative access
Monitoring: Structured application logging, automated dependency vulnerability scanning
Vulnerability Management: Automated dependency scanning (Dependabot), security-focused code review
Privacy: PIPEDA-aligned privacy practices

4.2 Security Reviews

Enterprise customers may request security documentation and submit security questionnaires. Specific audit and review rights are defined in your Order Form.

5. Liability and Insurance

5.1 Liability Cap

Caretrics' total aggregate liability under this Addendum is limited to the fees paid by Customer in the 12 months preceding the claim, unless otherwise specified in your Order Form.

5.2 Exclusions

Neither party is liable for:

Indirect, incidental, consequential, or punitive damages
Lost profits or data (except as required by data protection law)
Damages arising from third-party services (e.g., Jane.app outages)

5.3 Insurance

Caretrics maintains commercial insurance coverage appropriate to the Services provided. Certificates of insurance are available upon request.

6. Term and Termination

6.1 Term

Specific contract terms, including duration, renewal, and pricing, are defined in your Order Form.

6.2 Termination for Cause

Either party may terminate for material breach if:

Written notice of breach is provided
Breach is not cured within 30 days of notice

6.3 Post-Termination

Upon termination:

Customer may request a full data export (provided in CSV/JSON format)
Customer data is permanently deleted per the schedule defined in the Order Form
Caretrics may retain anonymized, aggregated data for benchmarking purposes

7. Confidentiality

7.1 Confidential Information

Each party agrees to protect the other's confidential information with the same degree of care used for its own confidential information, but no less than reasonable care.

7.2 Exceptions

Confidentiality obligations do not apply to information that:

Is or becomes publicly available through no fault of the receiving party
Was rightfully known before disclosure
Is independently developed without use of confidential information
Is required to be disclosed by law (with advance notice where permitted)

7.3 Duration

Confidentiality obligations survive termination for 3 years.

8. Governing Law and Disputes

8.1 Governing Law

This Addendum is governed by the laws of the Province of Ontario, Canada.

8.2 Dispute Resolution

Before initiating formal proceedings:

Parties will attempt good-faith negotiation for 30 days
If unresolved, parties may agree to mediation
Litigation in the courts of Ontario as a last resort

8.3 Alternative Arrangements

Enterprise customers may negotiate alternative governing law or dispute resolution mechanisms in their Order Form, subject to Caretrics' approval.

9. General Provisions

9.1 Entire Agreement

This Addendum, together with the Order Form, Terms of Service, and Privacy Policy, constitutes the entire agreement. In case of conflict: Order Form > Addendum > Terms of Service > Privacy Policy.

9.2 Amendments

This Addendum may only be amended in writing signed by both parties.

9.3 Assignment

Neither party may assign this Addendum without the other's written consent, except in connection with a merger or acquisition of substantially all assets.

9.4 Notices

Notices must be in writing and sent to the addresses specified in the Order Form. Email is acceptable for operational notices; formal legal notices require registered mail or courier.

Contact

Enterprise Sales & Contracts Email: enterprise@caretrics.com

Legal & Compliance Email: legal@caretrics.com

This Enterprise Addendum is a template. Specific terms for your organization will be documented in your Order Form.