License

CUSTOMER LICENSE AGREEMENT

HIPAA Starter Kit
August 1, 2025

This Customer License Agreement (the “Agreement”) is a binding agreement between FirstLine Security, LLC (“Licensor”) and any individual or entity that downloads, accesses, or uses the HIPAA Starter Kit (the “Customer”). Licensor and Customer are each a “Party” and collectively the “Parties.”

Agreement to Terms; Electronic Acceptance

By clicking “I Agree” (or a similar button), checking a box, executing an Order that references this Agreement, paying an invoice for the HIPAA Starter Kit, or by downloading, accessing, or using any portion of the Licensed Materials, Customer acknowledges that it has read and agrees to be bound by this Agreement as of the earliest of such actions (“Acceptance”). If an individual is accepting on behalf of an organization, that individual represents and warrants that they have authority to bind that organization to this Agreement. If Customer does not agree, Customer must not download, access, or use the Licensed Materials. The Effective Date of this Agreement is the date of Acceptance.

1. Definitions

1.1 “Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with a Party, where “control” means ownership of more than 50% of the voting interests.

1.2 “Authorized Users” means employees and individual contractors of Customer (and, if stated on the Order, Customer’s named Affiliates) who are authorized by Customer to access and use the Licensed Materials for Customer’s internal business purposes.

1.3 “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, including the Privacy Rule and Security Rule at 45 C.F.R. Parts 160 and 164, as amended by HITECH and subsequent guidance.

1.4 “Licensed Materials” means Licensor’s HIPAA Starter Kit deliverables identified in the applicable Order, which may include policy templates, procedures, checklists, matrices, slide decks, training content, videos, forms, scripts, spreadsheets, and implementation guidance, together with any Updates provided under this Agreement.

1.5 “Order” means an order form, statement of work, invoice, or online checkout describing the Licensed Materials, license scope, term, fees, and any special terms, issued by Licensor and completed by Customer (including online purchase or invoice payment).

1.6 “Update” means modifications, revisions, or additions to the Licensed Materials made generally available by Licensor to similarly situated customers without additional charge during the license term.

1.7 “Work Product” means Customer’s customized versions of templates and documents created by Customer using the Licensed Materials for its internal operations.

2. Grant of License; Scope

2.1 License. Subject to Customer’s timely payment of fees and compliance with this Agreement, Licensor grants Customer a non-exclusive, non-transferable, non-sublicensable license for Authorized Users to access and use the Licensed Materials solely for Customer’s internal business purposes to plan, implement, and maintain Customer’s HIPAA privacy and security program.

2.2 Seats/Entities. Unless the Order states otherwise, the license is limited to the single legal entity or individual that purchases or registers for the Licensed Materials as Customer. Use by Affiliates is not permitted unless expressly listed on the Order.

2.3 Internal Customization. Customer may adapt and modify the templates to create Work Product for its internal use. Customer owns the Work Product (excluding the underlying Licensed Materials). Licensor retains all rights, title, and interest in and to the Licensed Materials and any Updates.

2.4 Delivery & Access. Licensed Materials are delivered electronically (e.g., download link, portal access). Delivery is deemed complete when Licensor provides access credentials or a download link. Customer’s download, access, or use of any Licensed Materials constitutes Acceptance as defined above.

2.5 Evaluation Copies. If the Order specifies an evaluation or trial, the license is limited to non-production, internal evaluation during the stated period and provided AS IS without support or warranties.

3. Restrictions

Customer shall not, and shall not permit any third party to: (a) distribute, resell, sublicense, lend, or otherwise make the Licensed Materials available to third parties (including consultants) except to Authorized Users; (b) publish the Licensed Materials or any substantial portion thereof publicly (e.g., websites, social media, shared drives accessible to outsiders); (c) use the Licensed Materials to provide consulting or compliance services to third parties, or to build a competing product; (d) remove or alter proprietary notices; (e) use the Licensed Materials to train, fine-tune, or improve large language models or other AI systems, or allow any third party to do so; (f) reverse engineer videos, training content, or protected files to circumvent technical controls; or (g) use the Licensed Materials in violation of law or this Agreement.

4. HIPAA & Compliance Disclaimers

4.1 No Legal Advice. The Licensed Materials are educational templates and guidance, not legal advice. Customer is responsible for seeking legal counsel and making final policy decisions.

4.2 No Guarantee of Compliance. Use of the Licensed Materials alone does not ensure compliance with HIPAA or any other law. Customer remains solely responsible for its compliance program, risk analysis, risk management, workforce training, and vendor oversight.

4.3 No PHI Handling by Licensor. The Licensed Materials are not designed to process or store Protected Health Information (PHI). Licensor does not require PHI to provide the Licensed Materials or support. If Customer chooses to include PHI in its Work Product, Customer is solely responsible. No business associate relationship is created by this Agreement. If separate services involve PHI, the Parties will execute a separate Business Associate Agreement.

5. Support & Updates

5.1 Support. If included on the Order, Licensor will provide commercially reasonable email support during business hours [9 a.m.–5 p.m. local Arizona time, Monday–Friday, excluding U.S. holidays]. Support excludes custom drafting, legal review, or implementation services unless purchased separately.

5.2 Updates. During the license term stated on the Order, Licensor will provide Updates when and if available. Licensor may modify the content, format, or delivery method of the Licensed Materials, provided the overall utility is not materially reduced.

6. Fees & Taxes

6.1 Fees. Customer shall pay the fees specified in the Order. Except as expressly stated in Section 12.3 (Indemnity – IP Infringement) or for Licensor’s uncured material breach, all fees are non-cancellable and non-refundable. 

6.2 Taxes. Fees are exclusive of taxes. Customer is responsible for all sales, use, VAT, GST, and similar taxes (excluding taxes on Licensor’s net income).

7. Ownership; Feedback

7.1 Ownership. Licensor and its licensors retain all rights, title, and interest in and to the Licensed Materials, including all intellectual property rights, and any copies or derivative works thereof, except for Customer’s Work Product as specified in Section 2.3.

7.2 Feedback. If Customer provides feedback or suggestions, Licensor may use them without restriction or obligation.

8. Confidentiality

8.1 Definition. “Confidential Information” means non-public information disclosed by one Party to the other that is marked or reasonably understood to be confidential, including the Licensed Materials (as to Licensor) and Customer business plans and security measures (as to Customer). Confidential Information excludes information that is public without breach, known without duty of confidentiality, independently developed, or obtained from a third party without breach.

8.2 Obligations. The receiving Party will protect the disclosing Party’s Confidential Information using at least the same degree of care it uses to protect its own similar information (but no less than reasonable care), and will use it only to fulfill this Agreement. Disclosure is permitted to employees, contractors, and advisors with a need to know who are bound by confidentiality obligations at least as protective.

8.3 Compelled Disclosure. The receiving Party may disclose Confidential Information to the extent required by law, after giving reasonable prior notice (if legally permitted) and cooperating to seek protective treatment.

9. Data Privacy

9.1 Minimal Personal Data. Licensor may process limited business contact information (e.g., names, emails) to manage the relationship and deliver access. Licensor does not require PHI or other sensitive personal data to provide the Licensed Materials.

9.2 Security. Licensor will implement reasonable administrative, technical, and physical safeguards designed to protect its systems delivering the Licensed Materials. Customer is responsible for securing its environment and Work Product.

10. Warranties and Disclaimers

10.1 Limited Warranty. Licensor warrants that, on the Effective Date and for 30 days thereafter, the Licensed Materials will substantially conform to the written description in the Order. Customer’s exclusive remedy for breach of this warranty is for Licensor, at its option, to repair, replace, or refund the fees paid for the nonconforming item.

10.2 General Disclaimers. EXCEPT AS EXPRESSLY STATED IN SECTION 10.1, THE LICENSED MATERIALS AND ANY SUPPORT ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, OR NON-INFRINGEMENT. LICENSOR DOES NOT WARRANT THAT THE LICENSED MATERIALS OR UPDATES WILL MEET CUSTOMER’S REQUIREMENTS OR ENSURE COMPLIANCE WITH HIPAA OR ANY LAW.

11. Limitation of Liability

11.1 Exclusion. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY.

11.2 Cap. EXCEPT FOR (a) CUSTOMER’S PAYMENT OBLIGATIONS; (b) CUSTOMER’S BREACH OF SECTION 3 (RESTRICTIONS); or (c) A PARTY’S WILLFUL MISCONDUCT, IN NO EVENT SHALL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER TO LICENSOR UNDER THE ORDER DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

12. Indemnification

12.1 By Customer. Customer will defend, indemnify, and hold Licensor harmless from third-party claims arising from (a) Customer’s use of the Licensed Materials in violation of law or this Agreement; (b) Customer’s public distribution of the Licensed Materials (or substantial portions thereof); or (c) Customer’s inclusion of PHI in support requests or other materials sent to Licensor.

12.2 By Licensor. Licensor will defend Customer against any third-party claim alleging that the Licensed Materials, as provided by Licensor and used in accordance with this Agreement, infringe a U.S. copyright or trademark. Licensor will pay damages finally awarded (or settlement amounts approved by Licensor). If a claim arises, Licensor may (i) procure the right for Customer to continue using the Licensed Materials; (ii) replace or modify them to become non-infringing with materially equivalent functionality; or (iii) terminate the license as to the affected item and refund prepaid, unused fees.

12.3 Exclusions. Licensor has no obligation for claims to the extent arising from (a) combinations with non-Licensor materials; (b) Customer modifications; (c) use after Licensor provides a replacement; or (d) Customer’s breach of this Agreement.

12.4 Procedures. The indemnified Party must promptly notify the indemnifying Party of the claim, provide reasonable cooperation, and grant control of the defense and settlement (except that settlement must not impose non-monetary obligations or admissions without consent, not unreasonably withheld).

13. Term; Termination

13.1 Term. The term is as stated on the Order (e.g., annual subscription or perpetual license). If the Order states “subscription,” the license renews for successive terms unless either Party gives notice of non-renewal at least [30] days before the end of the then-current term.

13.2 Termination for Cause. Either Party may terminate this Agreement (or the applicable Order) upon written notice if the other Party materially breaches and fails to cure within 30 days after receipt of notice.

13.3 Effect of Termination. Upon termination or expiration, Customer must cease use of, and permanently delete, the Licensed Materials (excluding Customer’s Work Product). Upon request, Customer will certify deletion in writing. Sections 1, 3, 4, 6 (as to amounts owed), 7, 8, 9, 10, 11, 12, 13.3, and 14–16 survive termination.

14. Publicity

Licensor may list Customer’s name and logo in a customary client list. Any public case study or press release requires Customer’s prior written consent.

15. Compliance; Export; Government

15.1 Compliance with Laws. Each Party will comply with applicable laws in performing under this Agreement.

15.2 Export Controls. Customer will not export, re-export, or transfer the Licensed Materials in violation of U.S. export control or sanctions laws.

15.3 U.S. Government Rights. The Licensed Materials are “commercial” items. If acquired by or on behalf of the U.S. Government, use is subject to the terms of this commercial license.

16. Miscellaneous

16.1 Assignment. Neither Party may assign this Agreement without the other’s prior written consent, except either Party may assign to a successor in connection with a merger, reorganization, or sale of substantially all assets, provided the assignee is not a direct competitor of the non-assigning Party and assumes all obligations.

16.2 Notices. Notices must be in writing and may be delivered by email. Notices to Licensor: legal@firstlinesecurity.com (copy to support@firstlinesecurity.com). Notices to Customer: the primary email associated with Customer’s purchase or account. Either Party may update its notice details by emailing the other Party at the foregoing addresses. Physical mail may be sent to Licensor’s postal address as listed on its website.

16.3 Force Majeure. Neither Party is liable for delays or failures due to causes beyond its reasonable control.

16.4 Independent Contractors. The Parties are independent contractors; no agency, partnership, or joint venture is created.

16.5 Entire Agreement; Order of Precedence. This Agreement together with the Order constitutes the entire agreement for the Licensed Materials and supersedes prior proposals and communications. If there is a conflict, the Order controls, then this Agreement, then any incorporated policies.

16.6 Amendments; Waivers. Amendments must be in writing and signed or electronically agreed by both Parties (including via click‑through). Waivers must be in writing and are not continuing waivers unless stated.

16.7 Severability. If any provision is held unenforceable, it will be modified to the minimum extent necessary to be enforceable, and the remainder will remain in effect. 

16.8 Governing Law; Venue. This Agreement is governed by the laws of State of Arizona, excluding its conflict-of-laws rules. The Parties consent to exclusive jurisdiction and venue in state and federal courts located in Maricopa County, Arizona.

16.9 Electronic Acceptance. No signatures are required. This Agreement is formed through electronic Acceptance as described herein; any download, access, or use of the Licensed Materials by Customer constitutes assent on behalf of Customer to the version of this Agreement presented or linked at the time of Acceptance.

EXHIBIT A – ORDER DETAILS

  1. Product: HIPAA Starter Kit
  2. Delivery: Secure portal download + video access
  3. License: Perpetual
  4. Affiliates Covered: None
  5. Fee: $499.00
  6. Support: Email support

EXHIBIT B – ACCEPTABLE USE

  • Do not upload, transmit, or share the Licensed Materials outside Customer’s organization.
  • Do not embed Licensed Materials in public-facing knowledge bases or learning platforms accessible to non-employees.
  • Do not use any part of the Licensed Materials to train or refine AI/ML models.
  • Do not remove proprietary legends or watermarks.
  • Maintain access controls so only Authorized Users can view or edit the materials.
  • Report suspected unauthorized use to Licensor promptly at support@firstlinesecurity.com.

EXHIBIT C – SUPPORT & UPDATES

  • Support Hours: 9 a.m.–5 p.m. Arizona Time, Monday–Friday (excluding U.S. holidays).
  • Channels: Email support@firstlinesecurity.com.
  • Response Targets: Acknowledgement within 1 business day; resolution commercially reasonable.
  • Scope: Access issues, download problems, clarification of template intent.
  • Out of Scope: Legal advice, custom drafting, implementation consulting (available under separate SOW).
  • Updates: Provided when available; Licensor may consolidate or reorganize content, fix errors, and add clarifications related to HIPAA regulatory changes.