This Acceptable Use Policy ("AUP") is intended to provide Clients a clear understanding of conduct which is acceptable (and permissible) and conduct which is unacceptable (and impermissible) in relation to the use of the software-as-a-service, web applications, and other applications, processes, or services ("Services") hosted or otherwise made accessible by Highland Solutions (defined below), whether provided by Highland Solutions to Client in connection with a Master Services Agreement, Service Order(s) and/or Statement(s) of Work (any of the foregoing, a “Direct Agreement”), or otherwise. Any access or use of any Services constitutes acceptance and agreement to this AUP.

To the extent Client uses, distributes, passes through, or allows any person to use or access the Services, Client is responsible for its conduct in such use and the conduct of such other users, and Client shall insure that such users comply with this AUP. References in this AUP to the Client's use of Services includes (whether stated or not below) the use thereof by any person who uses or accesses Services through or on behalf of Client, with Client’s permission, or otherwise as a result of Client activity. Client shall be responsible and accountable for any activity by third parties using Client's account(s), login credentials, or otherwise accessing such Services through Client. Accordingly, except as expressly provided or clearly contemplated by a Direct Agreement, sharing any passwords or account access credentials with third parties, or any users not expressly authorized, is prohibited. Client hereby indemnifies, holds harmless, and shall defend Highland Solutions and its agents, officers, employees, and providers from any third party claims, damage, or loss (including attorneys fees and expenses) arising out of Client’s use of the Services.

As used herein: "Client" means the Client identified on the applicable Direct Agreement(s) for Services, or if no such Direct Agreement exists, the user of Services which holds a Highland Solutions client account or is otherwise primarily responsible for payment for such Services; and "Highland Solutions" means Highland Group, Inc. ("HGI"), its affiliate HS Data Service, LLC ("HSD"), or another affiliate of HGI or HSD, as indicated as providing the applicable Service(s) on a Direct Agreement or pursuant to such other arrangement.

Any violation of this AUP will be grounds for termination of the Services or applicable Direct Agreement, at Highland Solutions' sole discretion, and if such violation also constitutes a violation of law or the rights of any party, Client may be reported to appropriate law-enforcement agencies. Highland Solutions' failure to enforce this AUP, for whatever reason, shall not be construed as a waiver of its right to do so at any time.

Client shall, in use of the Services or in its activities relating to the Services: (i) abide by all applicable laws, rules, and regulations (including laws relating to patent, copyright, trademark, or trade secrets) relating to the use, posting, transmission, distribution, capture, download, and/or recording of voice, text, visual content, software, or other materials or content; and (ii) conform all usage of Services to applicable rules, laws, and regulations (which each Client takes sole responsibility for compliance with), pertaining to or regulating the use of telephone networks, mobile devices, text, SMS, and other messaging, and electronic mail (including anti-spamming laws and laws relating to transmission of unsolicited or bulk email communications).

Client shall not, and shall not allow any person to: (i) use the Services in any manner which violates the rights of any person or is illegal, fraudulent (including fraudulent offers to sell or buy products, items, or services, or to advance any type of financial scam such as "pyramid schemes," "ponzi schemes," and "chain letters"), deceptive, harassing, threatening (including which encourages bodily harm or destruction of property), harmful, libelous, defamatory, abusive, slanderous, hateful, sexually, racially or ethnically objectionable, vulgar, pornographic, obscene, invasive of privacy, or otherwise objectionable or unlawful, or create a false identity for the purpose of misleading others; (ii) access or attempt to access any information, documents or material that Client is not authorized to access through any means not intentionally made available through the Services, or attempt to gain unauthorized access to any account, the Highland Solutions network, or any related components; (iii) disrupt or interfere with the security of, or otherwise cause harm to, the Services, or any software, material, documents, systems resources, accounts, user identifications and credentials, passwords, servers or networks connected to or accessible through the Services, or submit any software, programs or files that are harmful or disruptive of another’s equipment, software or other property, including any time bombs, Trojan Horses, viruses or worms; (iv) access or use any Highland Solutions server in any manner that could damage, disable, overburden or impair any Highland Solutions server or servers used by Highland Solutions, or interfere with or inhibit another's use and enjoyment of any Services (including "denial of service" attacks against another network host or individual user); or (v) use any robot, spider, or other such programmatic or automatic device, including but not limited to automated devices, to obtain information from any Highland Solutions server or otherwise monitor or copy any portion of the Services.

Except to the extent Highland Solutions has expressly agreed to provide HIPAA (as defined below) compliant Services pursuant to a Direct Agreement with Client, if Client is a "covered entity" or a "business associate" thereof, as each term is used under the Health Insurance Portability and Accountability Act of 1996 (as may be amended or replaced, "HIPAA") or are otherwise subject to any HIPAA, related, or similar legal requirement, Client is solely responsible to insure full compliance therewith, including without limitation those requirements codified at 42 U.S.C. and 1320 through d-8, and any regulations promulgated thereunder, including, without limitation, the federal privacy regulations contained in 45 C.F.R. Part 164, and the federal data security standards contained in 45 C.F.R. Part 142, and Client hereby indemnifies, holds harmless, and shall defend Highland Solutions from any claim, loss, damage, cost or expense (including without limitation legal fees and expenses, and any judgments or other damages) arising out of any claim under HIPAA or any related or similar legal requirements of any applicable jurisdiction.

Without limitation to the foregoing, the Services are not generally intended for use with “Protected Health Information” as defined under HIPAA (“PHI”) and no PHI should be input or stored in the Services, and only that portion of Services expressly implemented for the acquisition, transmission, processing, and/or storage of payment card information (as applicable), as expressly stated on a Direct Agreement, are compliant with Payment Card Industry (“PCI”) standards, and accordingly, no payment card information or other personal financial information should be input or stored in the Services.

Client accounts may operate on shared resources. Excessive use or abuse of these shared network resources by one Client may have a negative impact on all other clients. Highland Solutions may establish reasonable bandwidth usage limits, which Highland Solutions may modify from time to time, and Client shall abide by such reasonable limits. Absent such stated limits, Client shall not exceed reasonable bandwidth and resource usage amounts in relation to the intent of the applicable Direct Agreement and the fees paid thereunder. Misuse of network resources in a manner which impairs network performance is prohibited by this AUP and may result in burst or excess usage charges or fees, or in extreme cases, termination of Services.

Highland Solutions reserves the right to revise, amend, or modify this AUP at any time and in any manner, which modifications shall be effective as against Client upon publication thereof at this URL.