1. Scope of Use and Other Agreements

1.1 Permitted Use

Organization's access and use of the Service, its Output, and Documentation shall be limited to Organization's own internal operations for the purpose of managing facilities, programs, staff, customers, volunteers, donors, events, and related organizational activities. Organizations may not resell, sublicense, or provide access to the Service to third parties except as expressly permitted herein for authorized staff members, linked Patron accounts, and other authorized users as described in these Terms.

1.2 Subscription Requirements and Limitations

Access and use of the Service is subject to and restricted by the terms of your Order Form or other subscription agreement ("Other Agreement"), including:

• Subscription fees and payment terms;
• Subscription duration and renewal terms;
• Subscription limits on the number of facilities, staff members, customers, volunteers, events, custom assessments, signature documents, and document storage capacity;
• Scope of use restrictions;
• Geographic or operational limitations if applicable; and
• Any other limitations, restrictions, or obligations specified in your Order Form.

Organizations acknowledge that exceeding subscription limits may result in the inability to create additional entities (such as new facilities, staff members, or customers) until the subscription is upgraded. SecureCare may prevent access to certain features or functionality if subscription requirements are not met.

1.3 Active Subscription Requirement

Access to paid features of the Service requires an active, paid subscription in good standing. Organizations must maintain current payment information and ensure timely payment of subscription fees. Failure to maintain an active subscription may result in:

• Suspension of access to Organization features;
• Inability for linked Patrons to access customer portals, invoices, or appointments;
• Loss of access to reports and financial data;
• Suspension of volunteer opportunities and donor acceptance;
• Termination of the Service in accordance with Section 2; and
• Potential loss of data if subscription is not reinstated within the specified timeframe.

1.4 Authorized Users

Organizations may authorize the following types of users to access the Service within the scope of their subscription:

• Staff Members: Employees, contractors, or other personnel with accounts created by the Organization and granted appropriate roles and permissions;
• Linked Patrons (Customers): Individuals who have been invited by the Organization to link their Patron accounts to customer records for the purpose of viewing invoices, making payments, and managing appointments;
• Volunteers: Individuals who have been approved by the Organization to volunteer and have been granted access to enter volunteer time and view their volunteer schedules;
• Donors: Members of the public who interact with the Organization through the donation features (Donor Profile access only); and
• Event Attendees: Individuals who purchase event tickets through the Service.

Organizations are responsible for all activities conducted by authorized users and must ensure users comply with these Terms. Organizations must promptly revoke access for users who are no longer authorized.

1.5 Rights Granted

Subject to compliance with these Terms and any Other Agreement, SecureCare grants Organization a limited, non-exclusive, non-transferable, revocable right to access and use the Service during the applicable subscription term solely for Organization's internal operations as described in these Terms. This grant of rights does not transfer any ownership of the Service or any intellectual property rights to Organization.

1.6 No Rights Without Active Subscription

Notwithstanding anything else herein, this Agreement does not provide any rights to Organization to access or use paid features of the Service without an active, paid subscription in good standing, but does impose obligations on Organization regardless of subscription status. Free features (such as Patron accounts) may be used without a paid subscription subject to the terms applicable to those features.

1.7 Compliance with Laws and Regulations

Organization's use of the Service must comply with all applicable federal, state, and local laws and regulations, including but not limited to:

• Healthcare regulations (HIPAA, state health privacy laws) if applicable;
• Social service licensing and certification requirements;
• Employment laws (wage and hour, discrimination, etc.);
• Charitable solicitation and nonprofit regulations;
• Data privacy laws (GDPR, CCPA, etc.);
• Financial and tax reporting requirements;
• Volunteer management and labor laws;
• Consumer protection laws; and
• Any other laws applicable to Organization's specific operations.

SecureCare provides tools to assist with operations but does not ensure compliance with applicable laws. Organizations are solely responsible for their own legal and regulatory compliance.

1.8 Relationship to Other Agreements

These Terms work in conjunction with any Order Form, subscription agreement, Business Associate Agreement (BAA), or other written agreement between Organization and SecureCare (collectively "Other Agreements"). In the event of any conflict between these Terms and an Other Agreement, the Other Agreement shall control with respect to the specific subject matter addressed therein, but these Terms shall govern all other matters.

2. Suspension and Termination

(A) To the extent Organization materially breaches this Agreement or any Other Agreement, or SecureCare® believes in good faith that Organization has done so or that Organization's continued access and use of the Service poses a threat to SecureCare® or any third party, SecureCare® may, with or without notice to Organization, suspend or terminate Organization's access and use of the Service or this Agreement. Following any termination of this Agreement, Organization agrees that it shall continue to be bound by this Agreement. For clarity, Organization's access and use of the Service may require an active subscription as set forth in an Order Form, including payment of relevant fees by or on behalf of the Organization, and in the absence of such an active subscription in good standing, SecureCare® may in its discretion suspend or terminate any or all access or use of the Service.

(B) For paid subscriptions, the Initial Term will commence upon the Effective Date and continue as set forth within the Order Form. Such Initial Term will automatically renew for additional one (1) year, six (6) month, three (3) month, or one (1) month Renewal Terms unless either party has given the other party written notice of non-renewal at least thirty (30) days prior to the end of an Initial Term or Renewal Term, or as otherwise terminated in accordance with this Section 2.

(C) Upon any termination or expiration of this Agreement, all rights granted to Organization hereunder shall terminate and Organization shall cease all use of the Service and Documentation.

(D) To the extent that Organization is using any free Service, Organization agrees that SecureCare, in its sole discretion and for any or no reason, may terminate this free Service at any time. Organization agrees that any such termination of access to the free Service may be without prior notice, and that SecureCare® will not be liable to Organization or any third party for such termination. Organization may terminate Organization's use of the free Service at any time by discontinuing use of the free Service.

2(E) Data Backup and Export Upon Termination

Organizations acknowledge and agree that they are solely responsible for maintaining backup copies of all Organization Data at all times. The Service provides self-service data export functionality that allows Organizations to export customer data, assessments, services, documents, and other information at any time during an active subscription.

Organizations should export their data regularly and must export all critical data before subscription termination or expiration. SecureCare strongly recommends establishing a regular backup schedule and exporting all data well in advance of any planned termination.

2(E)(1) Self-Service Export Capability

During any active subscription period, Organizations have full access to export their data through the Service's built-in export functionality. Available export formats and capabilities include:

• Customer records and demographic information;
• Service history and program data;
• Financial records, invoices, and transaction history;
• Assessment results and case notes;
• Staff member information and time entries;
• Volunteer records and time tracking;
• Donor information and donation history;
• Event data and ticket sales;
• Reports in various formats (PDF, CSV, Excel); and
• Uploaded documents and files.

2(E)(2) Data Availability After Termination

Upon termination or expiration of a subscription, SecureCare will retain Organization Data for a period of thirty (30) days (the "Grace Period"). During the Grace Period:

• Organizations may reinstate their subscription and regain full access to their data;
• Organizations may contact SecureCare at hello@secure-care.com to request a final data export; and
• SecureCare will make commercially reasonable efforts to provide access for data export, but makes no guarantee regarding availability, format, or completeness.

After the thirty (30) day Grace Period expires, SecureCare has no obligation to retain, provide access to, or export Organization Data, and such data may be permanently deleted in accordance with SecureCare's data retention policies.

2(E)(3) No Guarantee of Post-Termination Data Export

SecureCare makes no guarantee that data will be available, exportable, or provided in any specific format after subscription termination. Organizations acknowledge and agree that:

• Self-service export tools are only available during active subscription periods;
• SecureCare is under no obligation to provide data export services after termination;
• Any post-termination data export assistance provided by SecureCare during the Grace Period is provided as a courtesy only;
• SecureCare may require payment for any staff time spent assisting with post-termination data exports at SecureCare's then-current hourly consulting rates;
• Data export formats, completeness, and usability are provided "as-is" with no warranties;
• SecureCare is not responsible for any data loss, business interruption, or other damages resulting from Organization's failure to export data during the active subscription period; and
• Organizations waive any claims against SecureCare for unavailability of data after the Grace Period.

2(E)(4) Organization Responsibilities

Organizations are solely responsible for:

• Regularly exporting and backing up all critical data throughout the subscription term;
• Maintaining independent backup systems and not relying solely on the Service for data storage;
• Planning for data export well in advance of any planned termination;
• Testing exported data to ensure completeness and usability;
• Compliance with data retention requirements under applicable laws and regulations;
• Securing and protecting exported data in accordance with privacy laws;
• Ensuring they have the technical capability to import or use exported data in other systems; and
• Initiating any post-termination data export requests promptly within the Grace Period.

2(E)(5) Emergency and Unplanned Terminations

In cases of emergency termination (such as for breach of Terms, non-payment, or violations of the Acceptable Use Policy), SecureCare may suspend or terminate access immediately. Organizations acknowledge that:

• Immediate termination may not provide advance notice for data export;
• Organizations should maintain regular backups to prepare for any termination scenario;
• SecureCare may, at its sole discretion, provide temporary read-only access for data export purposes following immediate termination, but has no obligation to do so;
• The thirty (30) day Grace Period applies even in cases of termination for cause; and
• SecureCare reserves the right to deny data export access in cases involving suspected fraud, legal violations, or ongoing investigations, subject to applicable law.

2(E)(6) Hourly Consulting for Data Migration Assistance

Organizations requiring assistance beyond self-service export capabilities may request paid consulting services from SecureCare. Such services may include:

• Custom data export formats or structures;
• Data mapping for migration to other systems;
• Bulk document packaging and delivery;
• Technical support for data import into third-party systems; or
• Post-termination data recovery or export assistance.

Such consulting services are billed at SecureCare's then-current hourly rates, require a separate consulting agreement, and are subject to availability. SecureCare is under no obligation to provide such consulting services and may decline requests at its sole discretion.

2(E)(7) Recommendation: Proactive Data Management

SecureCare strongly recommends that Organizations:

• Export data at least monthly and store backups in a secure, independent location;
• Create a comprehensive data export at least 60 days prior to any planned termination;
• Test the usability and completeness of exported data regularly;
• Document their data export procedures and assign responsibility to specific staff members;
• Maintain copies of critical documents independently of the Service;
• Plan for data migration to alternative systems well in advance of termination; and
• Never rely on a single system (including SecureCare) as the sole repository for critical organizational data.

Organizations that maintain regular backups and plan appropriately will experience smooth transitions in the event of termination or migration to other systems.

3. Restrictions and Proprietary Rights

3(A) Use Restrictions

To protect the Service, our users, and comply with applicable laws, Organizations agree to the following restrictions on use of the Service:

3(A)(1) Prohibited Technical Activities

Organizations shall not:

• Decompile, disassemble, reverse engineer, or attempt to discover source code or underlying technology;
• Use robots, scrapers, or automated means to access the Service;
• Attempt to circumvent security measures, access controls, or usage limits;
• Attempt to gain unauthorized access to the Service or related systems;
• Interfere with or disrupt the Service or servers (including denial-of-service attacks);
• Benchmark, test, or publish performance results without written permission; or
• Probe, scan, or test vulnerabilities without authorization.

3(A)(2) Prohibited Business Activities

Organizations shall not:

• Resell, sublicense, rent, lease, or provide service bureau access to the Service;
• Use the Service to develop competing products or services;
• Copy, modify, or create derivative works of the Service;
• Transfer, distribute, or share access with unauthorized third parties;
• Remove or alter any proprietary notices or labels;
• Use product data to train machine learning or AI models; or
• Make Output publicly available (Output is for internal use only).

3(A)(3) Prohibited Data Uses

Organizations shall not use the Service or Output to:

• Evaluate creditworthiness or make credit decisions subject to credit reporting laws;
• Engage in marketing, advertising, or customer targeting in violation of privacy laws;
• Discriminate based on protected characteristics; or
• Violate data privacy, consumer protection, or other applicable laws.

3(A)(4) Harmful or Unlawful Uses

Organizations shall not use the Service:

• For any unlawful purpose or in violation of applicable laws;
• In ways that harm, threaten, or harass others;
• To distribute malware, viruses, or harmful code;
• To violate intellectual property rights;
• To misuse financial, personal, or other sensitive information;
• In violation of export controls, sanctions, or anti-corruption laws; or
• In violation of SecureCare's Acceptable Use Policy (Section 12).

These restrictions protect everyone using the platform. Violations may result in immediate suspension or termination of access.

(B) An API license, if available as set forth in an Order Form between Organization and SecureCare® (or its affiliates), authorizes Organization to programmatically access certain SecureCare® Output and functionality available as part of the Service hereunder, limited to the specific API type and API credit quota subscribed. Except for API access, Organization's access and use of the Service shall be via a password-protected URL designated by SecureCare. Organization is responsible for how it accesses such URL. Each Organization user login/password for the Service is limited to use by a single named individual, cannot be shared with others, and can be used only on a single device or other login point at any time (i.e., no multiple simultaneous logins). All acts and omissions of Organization's Personnel, and other related parties will be deemed to be those of Organization, and Organization shall be responsible therefore. Further, Organization shall be responsible for any activity conducted through the use of any user credential assigned to it.

(C) The Service is the proprietary intellectual property of SecureCare® that contains trade secrets and is protected by copyright law. SecureCare® retains sole and exclusive ownership of all right, title, and interest in and to the Service and any other technology used to provide it. Any and all enhancements, modifications, corrections and derivative works that are made to the Service will be owned by SecureCare. SecureCare® shall own all rights, title and interest in any deliverables created by SecureCare® and provided to Organization, and all such deliverables shall be subject to all Organization restrictions and obligations set forth herein (as if such deliverables were part of the Service hereunder).

(D) Notwithstanding the foregoing, Organization retains all rights, title and interest in and to Organization Data. The Organization hereby grants to SecureCare® a non-exclusive, royalty-free, sublicensable, perpetual, irrevocable, assignable right and license to use the Organization Data anywhere in the world to provide the Service, develop and improve its offerings, and otherwise in its business as it determines in its discretion. Organization is responsible for Organization Data, including the means by which it is provided, and Organization shall be responsible for ensuring that Organization Data does not violate intellectual property rights, or is not otherwise prohibited.

4. Logo and Communications

4(A) Organization agrees to allow the use of its name and logo in a general list of SecureCare customers.

4(B) Organization consents to receiving communications regarding product updates, customer support, and marketing initiatives from SecureCare. Notwithstanding the foregoing, Organization has the right to withdraw its consent to receive such commercial electronic messages at any point in time by sending an email to SecureCare at hello@secure-care.com or by clicking the unsubscribe link at the bottom of any electronic message sent by SecureCare to Organization.

4.1 Consent to Receive SMS Communications

By providing a mobile phone number during account registration, profile setup, or phone verification, you expressly consent to receive SMS (text message) communications from SecureCare for operational and transactional purposes essential to the Service. This consent applies to all user types including Organization staff members, customers, volunteers, donors, and Patrons.

4.2 Types of SMS Communications

SMS communications sent by SecureCare are transactional and operational in nature and may include:

4.2(A) Account Security and Authentication

• Two-factor authentication codes;
• One-time login credentials and temporary passwords;
• Password reset verification codes;
• Phone number verification codes;
• Security alerts and account notifications; and
• Recovery and account access codes.

4.2(B) Account and Service Notifications

• Invoice and billing notifications;
• Payment confirmations and receipts;
• Appointment reminders and confirmations;
• Service delivery updates;
• Critical system updates affecting your account; and
• Other transactional messages necessary for the provision of the Service.

4.3 Consent Methods

4.3(A) Direct User Consent

Users (including Organization staff members and Patrons) provide consent by:

• Verifying their phone number during account registration;
• Agreeing to these Terms which include SMS consent provisions;
• Providing a mobile phone number in their profile settings; and
• Acknowledging during phone verification that they consent to receive SMS communications.

4.3(B) Organization-Managed Consent

For customers, volunteers, and other individuals whose profiles are managed by Organizations, consent is obtained and managed through:

• Profile-based consent elections maintained by authorized Organization staff members;
• Separate opt-in preferences for different SMS notification types (billing, appointments, etc.);
• Individual consent records documented in the user's profile with the ability to enable or disable specific SMS notification categories; and
• Organization staff updating preferences on behalf of users based on user requests or requirements.

Organizations are responsible for obtaining proper consent from their customers and end-users before enabling SMS notifications and for honoring opt-out requests promptly.

4.4 SMS Carrier Charges and Responsibility

You acknowledge and agree that:

• Standard message and data rates from your mobile carrier may apply to all SMS communications;
• You are solely responsible for all carrier charges, fees, and costs associated with receiving SMS messages;
• Message frequency varies based on account activity, service usage, and notification preferences;
• SecureCare is not responsible for any charges imposed by your mobile carrier;
• You are responsible for maintaining accurate mobile phone number information in your profile; and
• Failure to receive SMS communications due to inaccurate information, carrier issues, or device problems may impact your ability to access or use the Service.

4.5 Managing SMS Preferences and Opt-Out

4.5(A) Account Security SMS (Limited Opt-Out)

SMS messages related to account security and authentication (two-factor authentication codes, login credentials, password resets, phone verification) are essential to the security and operation of your account. While you may reply STOP to opt out, doing so may:

• Prevent you from logging into your account;
• Disable two-factor authentication features;
• Prevent password reset functionality;
• Impact your ability to verify or recover your account; and
• Otherwise limit or prevent your ability to access the Service.

SecureCare reserves the right to send critical security notifications via SMS regardless of opt-out status when necessary to protect your account or comply with legal obligations.

4.5(B) Account and Service Notification SMS

You may opt out of non-security SMS notifications (billing, appointments, service updates) by:

• Replying STOP to any SMS message;
• Updating communication preferences in your account profile settings;
• Contacting your Organization's staff to update your preferences (for Organization-managed accounts); or
• Contacting SecureCare support at hello@secure-care.com.

After opting out, you may still receive critical account-related communications as described in Section 3.5(A).

4.5(C) Help and Support

You may reply HELP to any SMS message to receive support information, or contact SecureCare at hello@secure-care.com for assistance with SMS communications.

4.6 SMS Delivery and Reliability

SMS communications are delivered through third-party carriers and service providers. You acknowledge and agree that:

• SMS delivery is dependent on mobile carriers, network providers, and other third parties outside SecureCare's control;
• Delivery times may vary and are not guaranteed;
• Messages may be delayed, blocked, filtered, or not delivered due to carrier issues, network congestion, spam filters, device settings, or other technical factors;
• SecureCare uses commercially reasonable efforts to deliver SMS messages but makes no guarantee of delivery, timing, or accuracy;
• SecureCare is not responsible or liable for failed, delayed, misdirected, or undelivered SMS messages;
• You should not rely solely on SMS communications for time-critical notifications or account access; and
• SecureCare may use alternative communication methods (email, in-app notifications) as backup delivery channels.

4.7 Organization Responsibilities for Customer SMS

Organizations that use the Service to send SMS communications to their customers, volunteers, or other end-users acknowledge and agree that:

• Organizations are solely responsible for obtaining and documenting proper consent from end-users before enabling SMS notifications;
• Organizations must maintain accurate consent records in user profiles;
• Organizations must honor end-user opt-out requests promptly by updating profile preferences;
• Organizations must comply with all applicable laws governing SMS communications, including the Telephone Consumer Protection Act (TCPA), CAN-SPAM Act, and state telemarketing and consumer protection laws;
• Organizations are responsible for training staff on proper SMS consent management;
• Organizations must ensure SMS notifications are used only for legitimate, transactional purposes related to services provided;
• Organizations indemnify and hold harmless SecureCare from any claims, damages, or liabilities arising from the Organization's violation of SMS-related laws, regulations, or improper consent practices; and
• SecureCare may suspend or terminate SMS functionality or Service access if an Organization violates applicable laws, regulations, or these Terms.

4.8 SMS Prohibited Uses

Users and Organizations shall not use SMS features of the Service to:

• Send unsolicited marketing, promotional, or commercial messages;
• Send spam, phishing attempts, fraudulent messages, or scams;
• Harass, threaten, abuse, or harm recipients;
• Send messages without proper consent or after opt-out requests;
• Violate any applicable laws, regulations, or mobile carrier policies;
• Send messages containing malicious links, malware, or viruses;
• Impersonate SecureCare, the Organization, or any other party;
• Send high-volume automated messages that constitute spam;
• Circumvent or disable opt-out mechanisms;
• Share or sell phone numbers or contact information; or
• Use SMS features in any manner that damages SecureCare's reputation, violates carrier agreements, or harms the SMS ecosystem.

Violations may result in immediate suspension of SMS features, account suspension, or termination of Service access, and may expose violators to legal liability.

4.9 SMS Service Modifications and Availability

SecureCare reserves the right, in its sole discretion, to:

• Modify, suspend, limit, or discontinue SMS communication features at any time with or without notice;
• Change SMS service providers, carriers, or delivery methods;
• Implement rate limits, volume restrictions, or usage caps on SMS messages;
• Block, filter, or reject SMS messages that violate carrier policies, these Terms, or applicable laws;
• Require additional verification, authentication, or consent procedures for SMS communications;
• Implement fees or charges for SMS services in the future with reasonable advance notice; and
• Modify SMS message content, format, or functionality to comply with carrier requirements or improve service.

4.10 SMS Data and Privacy

Phone numbers and SMS communications are subject to SecureCare's Privacy Policy. You acknowledge that:

• Phone numbers are stored securely and used only for authorized SMS communications as described in these Terms;
• SMS messages are transmitted through third-p arty carriers and may be stored or processed by those carriers;
• SMS is not a secure communication method and messages may be intercepted, viewed, or accessed by unauthorized parties;
• You should not include sensitive, confidential, or highly personal information in SMS communications;
• SecureCare implements reasonable security measures but cannot guarantee the security of SMS communications transmitted over third-party networks; and
• You assume all risks associated with SMS communication security and privacy.

4.11 SMS Disclaimer of Warranties

SMS COMMUNICATIONS AND FEATURES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED. SECURECARE DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, ACCURACY, RELIABILITY, AND TIMELINESS WITH RESPECT TO SMS SERVICES. SECURECARE DOES NOT WARRANT THAT SMS MESSAGES WILL BE DELIVERED, DELIVERED TIMELY, DELIVERED ACCURATELY, OR REMAIN SECURE. YOU ASSUME ALL RISKS ASSOCIATED WITH USE OF AND RELIANCE ON SMS COMMUNICATIONS.

4.12 SMS Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SECURECARE SHALL NOT BE LIABLE FOR ANY DAMAGES, LOSSES, COSTS, OR EXPENSES ARISING FROM OR RELATED TO SMS COMMUNICATIONS OR SMS FEATURES, INCLUDING BUT NOT LIMITED TO:

• Failed, delayed, blocked, filtered, misdirected, or undelivered messages;
• Inaccurate, incomplete, or corrupted message content;
• Mobile carrier charges, fees, or billing disputes;
• Unauthorized access to, interception of, or disclosure of SMS messages;
• Privacy breaches or security incidents involving SMS communications;
• Missed appointments, deadlines, payments, or opportunities due to SMS delivery failures;
• Account access issues resulting from SMS delivery problems;
• Compliance violations or regulatory penalties arising from SMS usage;
• Carrier policy violations or SMS service suspensions; or
• Any direct, indirect, incidental, consequential, special, punitive, or exemplary damages related to SMS services.

You acknowledge and agree that notwithstanding your withdrawal of such consent, SecureCare shall still be permitted to send you commercial electronic messages specific to our relationship and the Services provided under this Agreement.

THIS LIMITATION APPLIES REGARDLESS OF THE LEGAL THEORY OF LIABILITY, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE, AND EVEN IF SECURECARE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

5. Confidentiality

Organization shall maintain as confidential and shall not disclose (except to its Representatives), copy or use for purposes other than its internal security purposes and administration of its SecureCare's subscription, SecureCare's Confidential Information. Organization agrees to protect all received Confidential Information with the same degree of care that it would use with its own confidential information, but in any event at least industry standard levels of care, and to prevent unauthorized, negligent or inadvertent use, disclosure or publication thereof.

Breach of this Section 5 may cause irreparable harm and damage to SecureCare. Thus, in addition to all other remedies available at law or in equity, SecureCare® shall have the right to seek injunctive or other equitable relief, without any requirement to post bond, and to recover the amount of damages (including reasonable attorneys' fees and expenses) incurred in connection with such breach. Organization shall be liable to SecureCare® for any use or disclosure in violation of this Section 5 by Organization, its Representatives, Personnel, or any other party that has received SecureCare® Confidential Information from Organization.

Notwithstanding the above, this Section 5 shall not prohibit Organization from disclosing Confidential Information to the extent required by applicable law, rule or regulation or the rules and regulations of the U.S. Securities and Exchange Commission or any national securities exchange; provided that Organization gives SecureCare® prior written notice, as soon as is reasonably practicable, and reasonably cooperates with related requests of SecureCare.

Further, notwithstanding anything to the contrary herein, if Organization provides SecureCare® (or its affiliates or resellers) Feedback, SecureCare® shall be free to use, disclose and otherwise exploit in any manner such Feedback for any purpose, without any obligation of confidentiality with respect thereto. Further, Organization acknowledges and agrees that by providing such Feedback to SecureCare, Organization hereby grants to SecureCare® an irrevocable, non-exclusive, royalty-free, sublicensable, perpetual, assignable right and license to use such Feedback in whatever way, manner, form or media, now known or hereafter discovered, and for whatever purpose SecureCare® determines in its sole discretion, anywhere in the world.

6. Disclaimer of Warranty

SecureCare works hard to provide reliable, high-quality software and services. However, like all technology platforms, the Service is provided on an "as available" and "as-is" basis. Organizations acknowledge and agree to the following:

6.1 Service Availability and Performance

While SecureCare strives to maintain high availability and performance, we cannot guarantee that the Service will be uninterrupted, timely, secure, or completely error-free at all times. Organizations should:

• Maintain independent backup systems for critical data and operations;
• Plan for occasional maintenance windows and technical issues;
• Not rely solely on the Service for time-sensitive or life-critical functions without backup procedures;
• Report any technical issues promptly so we can address them; and
• Understand that internet-based services inherently have some risk of interruption.

6.2 No Warranties Beyond What's Stated

To the extent permitted by applicable law, SecureCare makes no warranties beyond those explicitly stated in these Terms or your Order Form. Specifically, we disclaim implied warranties of merchantability, fitness for a particular purpose, and non-infringement. This means:

• We provide powerful tools, but you determine how to use them for your specific needs;
• Every organization is different, and you're responsible for configuring the Service appropriately;
• We don't guarantee the Service will meet every specific requirement of your unique operations;
• Output and reports are based on data you enter—accuracy depends on your data quality; and
• You should evaluate whether the Service meets your needs during any trial period.

6.3 Shared Responsibility Model

Successful use of the Service requires partnership between SecureCare and Organizations:

SecureCare is responsible for:

• Maintaining the Service infrastructure and security;
• Providing tools and features that work as designed;
• Fixing bugs and technical issues;
• Regular updates and improvements;
• Reasonable customer support; and
• Data security measures as described in Section 9.18.

Organizations are responsible for:

• Proper configuration and use of the Service;
• Training staff on how to use the Service correctly;
• Data accuracy and quality;
• Compliance with applicable laws and regulations;
• Account security and access management;
• Regular data backups; and
• Business processes and operational decisions.

6.4 Limitation on Liability for Software Issues

If you experience technical issues with the Service, please contact our support team promptly. We'll work with you to resolve problems. However, Organizations acknowledge that:

• Technology is complex and issues can occur despite our best efforts;
• Some issues may require time to diagnose and resolve;
• We may not be able to fix every issue to your complete satisfaction;
• You assume responsibility for any costs associated with addressing issues that result from your use, misuse, or configuration of the Service; and
• Our liability for any software defects is limited as described in Section 14.

We want you to succeed. If you encounter problems, work with us—we're here to help. But we can't warranty perfection or accept unlimited liability for a software service with thousands of features and millions of possible configurations.

7. Account Types

7.1 Organization Accounts (Paid Subscriptions)

Organization accounts are paid subscription accounts that provide access to the full range of SecureCare features and functionality. Organizations subscribe to the Service on either a monthly or annual billing basis and are subject to subscription limits based on their selected plan.

7.1.1 Organization Account Features

Organization accounts include access to features such as but not limited to: facility management, program configuration, staff member management, customer management, case management, appointments, assessments, volunteer coordination, donor management, event management, accounting and invoicing, document storage, reporting, time entry tracking, and other features as described throughout these Terms.

7.1.2 Subscription Plans and Limits

Each Organization subscription includes specific limits based on the selected plan, including but not limited to:

• Number of facilities
• Number of staff members
• Number of customers
• Number of volunteers
• Number of custom assessments
• Number of signature documents
• Number of events
• Document storage capacity

Organizations acknowledge and agree that:

• Organizations are responsible for monitoring their usage against subscription limits;
• SecureCare may prevent creation of new entities (facilities, staff members, customers, etc.) when limits are reached;
• Organizations must upgrade their subscription to increase limits;
• SecureCare is not liable for any business interruption, lost opportunities, or other damages resulting from reaching subscription limits;
• Subscription limits may be modified by SecureCare with notice; and
• Organizations can view current usage and limits in the Organization Admin area of the Service.

7.1.3 Billing and Payment

Organization subscriptions are billed upon sign-up and then on a monthly or annual recurring basis depending on the selected billing frequency. Organizations may modify their subscription at any time, including adjusting feature limits and changing billing frequency. Detailed billing and payment terms are set forth in Section 13 of these Terms.

7.1.4 Organization Responsibilities

Organizations are solely responsible for:

• All content, data, and information entered into the Service;
• All actions taken by their staff members, volunteers, and authorized users;
• Compliance with all applicable laws and regulations related to their operations;
• Ensuring staff members have appropriate permissions and access levels;
• Monitoring and auditing usage of the Service;
• Maintaining the security of their account credentials;
• All fees, charges, and taxes associated with their subscription; and
• Backing up their data and maintaining independent records.

7.2 Patron Accounts (Free Accounts)

Patron accounts are free accounts available to members of the general public. Patron accounts provide limited access to the Service and allow users to interact with Organizations through donations, volunteering, and linked customer access. Patron accounts do not require any subscription fees or payment.

7.2.1 Patron Account Features

Patron accounts include the ability to:

• Donate: Make donations to Organizations through a Donor Profile;
• Volunteer: Search for and apply to volunteering opportunities posted by Organizations through a Volunteer Profile;
• Linked Customer Access: When linked to a customer record by an Organization, view and pay invoices, and schedule, view, cancel, and confirm appointments; and
• Multi-Organization Support: Interact with multiple Organizations through a single Patron account (donate to multiple Organizations, volunteer at multiple Organizations, and be linked as a customer to multiple Organizations).

7.2.2 Patron Account Limitations

Patron accounts have limited functionality compared to Organization accounts. Patrons acknowledge and agree that:

• Patron accounts do not have access to Organization management features;
• Patron accounts cannot create facilities, programs, staff members, or customers;
• Patron accounts cannot access reporting, case management, or administrative features;
• Patron account features are dependent on Organizations enabling donation, volunteering, or customer portal access;
• Organizations may disable or restrict Patron access to their facilities, programs, or customer records at any time;
• SecureCare may modify Patron account features at any time without notice; and
• SecureCare reserves the right to convert free Patron features to paid features in the future with notice.

7.2.3 Patron Responsibilities

Patrons are solely responsible for:

• Providing accurate and current information in their Patron profile;
• Maintaining the security of their account credentials;
• All donations made through their account;
• All volunteer applications and commitments;
• All payments made through linked customer access;
• Compliance with Organization policies and requirements;
• Their conduct when interacting with Organizations; and
• Consulting with tax professionals regarding tax-deductible donations.

7.2.4 No Usage Limits on Patron Activities

Patron accounts have no limits on the number of donations that can be made or the number of volunteer applications that can be submitted. However, Organizations retain sole discretion over accepting or rejecting donations and volunteer applications. SecureCare is not responsible for Organizations' decisions regarding donations or volunteer applications.

7.2.5 Account Suspension and Termination

SecureCare reserves the right to suspend or terminate Patron accounts at any time for violation of these Terms, abuse of the Service, fraudulent activity, or any other reason at SecureCare's sole discretion. Patron accounts may also be affected by Organization account suspensions - if an Organization's account is suspended or terminated, Patrons may lose access to donations, volunteer opportunities, and linked customer access associated with that Organization. SecureCare is not liable for any loss of access, data, or functionality resulting from account suspension or termination of either Patron or Organization accounts.

7.2.6 Patron Account Disclaimer

Patron accounts are provided free of charge as a convenience to facilitate interactions between the public and Organizations. SecureCare makes no warranties regarding the availability, reliability, or suitability of Patron account features. Organizations are solely responsible for their interactions with Patrons, including acceptance or rejection of donations and volunteers, and management of linked customer access. SecureCare is not a party to any agreements, transactions, or relationships between Patrons and Organizations.

8. Payments and Refunds

8.1 Online Payments

8.1.1 Organization and Customer Payments

SecureCare facilitates online payments for customers and donors to Organizations. These payments are separate from subscription payments and may include donations or payments for services rendered.

8.1.2 Accepted Payment Methods

We accept the following payment methods:

• Bank Account (ACH)
• Credit or Debit Card
• Cash (only if explicitly accepted by the Organization)

8.2 Refund Policy

Refund requests must be submitted within 60 days of the initial payment. The Organization is responsible for establishing and enforcing its own refund policy. Refunds include any associated processing fees. Understand that refunds will be issued via the original payment method whenever possible. SecureCare is not liable for cash refunds. SecureCare is not liable for payment disputes or refund issues.

8.2.1 Customer Refunds

Refunds can be issued for the following situations:

• Account Deposits: Payments resulting in prepaid funds held in the Customer account.
• Applied Funds: Account funds which have been applied to one or more invoices.
• Invoice Payments: Payments made directly towards the balance due of a single invoice.

8.2.2 Event Refunds

If any portion of the ticket benefits (such as early access, VIP perks, or included services) have been used, that portion of the ticket is non-refundable. Refunds will only be issued under specific circumstances as outlined below:

• Change of mind: If the refund request is prior to the start date of the event, the Organization may issue in accordance with its own refund policy.
• Event Cancellation: If the event is canceled, ticket holders will receive a full refund.
• Event Rescheduling: If the event is rescheduled, ticket holders may request a refund if they are unable to attend the new date.

8.2.3 Donor Refunds

Refunds can be issued for the following situations:

• Processing Fee Only: Only the processing fee is refunded upon request.
• Unused Donations: If the donated funds have not been allocated or used for services, a refund may be issued upon request.
• Partially Used Donations: If any portion of the donation has been used for services, that portion is non-refundable. Only the remaining unused portion may be eligible for a refund.
• Fully Used Donations: If the entire donation has been utilized for services, no refund will be issued.

8.3 Recurring Payments

The Service supports recurring billing for customers and donors. Donors may manage their own recurring payments, including cancellation, payment method updates, and schedule changes. Organization staff members may manage recurring payments on behalf of customers. SecureCare will send automated payment reminders and receipts to valid email addresses on file. Organizations are responsible for obtaining proper authorization before establishing recurring payment arrangements and for complying with all applicable recurring billing laws and regulations.

Recurring payments are processed through third-party payment processors and SecureCare does not guarantee successful processing. Users and Organizations are responsible for maintaining valid payment methods and adequate funds. SecureCare is not liable for failed payments, processing delays, notification delivery failures, or any disputes or damages arising from recurring payment arrangements.

8.4 Cash Payments

8.4.1 Cash Payment Processing

The Service allows Organizations to record cash payments received directly from customers, donors, or other individuals. Cash payments are processed entirely by and are the sole responsibility of the Organization. SecureCare does not handle, receive, process, or have any involvement with physical cash transactions.

8.4.2 Organization Responsibility for Cash

Organizations that accept cash payments acknowledge and agree that they are solely and exclusively responsible for:

• Receiving, handling, and securing physical cash;
• Maintaining accurate records of all cash transactions;
• Depositing cash into appropriate bank accounts;
• Reconciling cash receipts with recorded transactions in the Service;
• Providing receipts to customers and donors for cash payments;
• Compliance with all applicable laws regarding cash transactions, including tax reporting, anti-money laundering regulations, and financial record-keeping requirements;
• Internal controls and cash handling procedures;
• Any errors, discrepancies, or losses involving cash payments;
• Theft, loss, or misappropriation of cash funds;
• Staff training on proper cash handling procedures; and
• Any disputes, chargebacks, or claims related to cash payments.

8.4.3 Cash Payment Recording in the Service

The Service provides functionality for Organizations to record cash payments received. When recording a cash payment in the Service:

• The Organization represents and warrants that the cash payment was actually received;
• The Organization is responsible for entering accurate payment information including amount, date, and recipient;
• The recorded payment is for documentation and accounting purposes only;
• SecureCare does not verify that cash was actually received or that the recorded information is accurate;
• The Organization acknowledges that the Service merely provides a record-keeping tool and does not validate, guarantee, or audit cash transactions; and
• Organizations must maintain independent documentation and verification of all cash payments outside the Service.

8.4.4 Cash Refunds

Cash refunds are the sole responsibility of the Organization. Organizations that issue cash refunds acknowledge and agree that:

• SecureCare does not process, facilitate, or handle cash refunds in any manner;
• Organizations are responsible for physically providing cash refunds to customers;
• Organizations must record cash refunds accurately in the Service for accounting purposes;
• SecureCare has no liability for cash refunds, including any disputes, errors, or failures to issue refunds;
• Organizations must maintain documentation of all cash refunds; and
• Organizations are responsible for compliance with all applicable laws regarding cash refunds and consumer protection.

8.4.5 SecureCare Disclaimers for Cash Transactions

SecureCare expressly disclaims any and all responsibility, liability, or involvement with cash payments and cash transactions. Specifically:

• SecureCare does not receive, hold, process, or transmit any cash funds;
• SecureCare does not verify the accuracy of cash payment records entered by Organizations;
• SecureCare does not audit or validate that recorded cash payments were actually received;
• SecureCare is not responsible for any cash handling errors, losses, theft, or misappropriation;
• SecureCare is not a party to any cash transaction between Organizations and their customers;
• SecureCare has no fiduciary duty or financial responsibility related to cash payments;
• SecureCare does not provide accounting, tax, or legal advice regarding cash transactions; and
• Organizations assume all risks associated with accepting, handling, and recording cash payments.

8.4.6 Cash Transaction Compliance

Organizations that accept cash payments must comply with all applicable federal, state, and local laws and regulations, including but not limited to:

• Internal Revenue Service (IRS) reporting requirements for cash transactions;
• Bank Secrecy Act and anti-money laundering (AML) regulations;
• State and local tax reporting and remittance requirements;
• Charitable solicitation and nonprofit financial reporting requirements;
• Cash transaction thresholds and Currency Transaction Report (CTR) requirements;
• Record retention requirements for financial transactions;
• Consumer protection laws; and
• Any other applicable financial, tax, or regulatory requirements.

Organizations are solely responsible for understanding and complying with these requirements. SecureCare does not provide compliance assistance for cash transactions and is not responsible for any violations or penalties resulting from improper cash handling or reporting.

8.4.7 Cash Payment Disputes and Issues

In the event of any dispute, discrepancy, claim, or issue involving cash payments:

• The dispute is solely between the Organization and the customer, donor, or other party involved;
• SecureCare is not a party to the dispute and has no obligation to mediate, arbitrate, or resolve cash payment disputes;
• Organizations are responsible for maintaining evidence and documentation to support or defend against cash payment claims;
• SecureCare cannot provide evidence of actual cash receipt as it does not handle physical cash;
• Organizations must resolve all cash-related disputes directly with the involved parties; and
• Organizations indemnify and hold harmless SecureCare from any claims, liabilities, or damages arising from cash payment disputes.

8.4.8 Limitation of Liability for Cash Payments

TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECURECARE SHALL HAVE NO LIABILITY WHATSOEVER FOR ANY CLAIMS, DAMAGES, LOSSES, OR ISSUES ARISING FROM OR RELATED TO CASH PAYMENTS, INCLUDING BUT NOT LIMITED TO:

• Lost, stolen, or misappropriated cash;
• Inaccurate cash payment records;
• Cash handling errors or discrepancies;
• Failure to receive or issue cash payments or refunds;
• Tax reporting or compliance failures;
• Regulatory violations or penalties;
• Disputes between Organizations and customers or donors;
• Fraudulent cash transactions; or
• Any other direct, indirect, incidental, consequential, or punitive damages related to cash payments.

ORGANIZATIONS ACKNOWLEDGE THAT CASH PAYMENTS ARE ACCEPTED AND PROCESSED ENTIRELY AT THEIR OWN RISK AND THAT SECURECARE PROVIDES ONLY A RECORD-KEEPING TOOL WITH NO INVOLVEMENT IN ACTUAL CASH TRANSACTIONS.

9. Organization Features

9.1 Facilities Management

Organizations may set up and manage multiple facilities within the Service. Each facility functions as a distinct location or operational unit with its own configuration, staff assignments, financial accounts, and public-facing information. SecureCare provides tools to facilitate facility management but is not responsible for facility operations, regulatory compliance, safety, or any actions taken by facility staff or volunteers.

9.1.1 Facility Configuration and Properties

Organizations may configure facilities with various properties including but not limited to: facility name, description, physical address, contact information, donation settings, and volunteer opportunity settings. Organizations are solely responsible for ensuring all facility information is accurate, current, and compliant with applicable laws and regulations. SecureCare is not responsible for verifying the accuracy of facility information or for any consequences resulting from incorrect or outdated facility data.

9.1.2 Staff Member Assignments and Permissions

Organizations may assign staff members to facilities with various permission levels and roles, including but not limited to administrative access, service creation and approval rights, cost override capabilities, and account management permissions. Organizations are solely responsible for:

• Determining appropriate permission levels for staff members;
• Monitoring staff member activities and access to facility resources;
• Ensuring staff members comply with organizational policies and applicable laws;
• Any actions taken by staff members within their assigned permissions;
• Promptly removing or modifying access for staff members when appropriate; and
• All employment-related matters, including hiring, training, supervision, and termination of staff members.

SecureCare is not responsible for any unauthorized actions, errors, or misconduct by staff members, even if such actions occur through the Service.

9.1.3 Volunteer Management

Organizations may enable volunteer functionality for facilities and create volunteering opportunities associated with specific facilities or programs. When volunteering is enabled, facilities may appear in volunteer searches conducted by prospective volunteers. Organizations are solely responsible for:

• Creating, managing, and supervising all volunteering opportunities;
• Screening, vetting, and approving volunteers;
• Training and supervising volunteer activities;
• Ensuring volunteer compliance with organizational policies and applicable laws;
• Volunteer conduct, safety, and performance;
• Any injuries, damages, or losses involving volunteers; and
• Compliance with all applicable volunteer-related laws and regulations.

SecureCare provides tools to facilitate volunteer coordination but assumes no responsibility for volunteer screening, conduct, or any volunteer-related incidents or liabilities.

9.1.4 Donation Settings and Public Visibility

Organizations may enable or disable donation functionality for individual facilities. When donations are enabled, facilities may appear in donor searches and be eligible to receive donations through the Service. Organizations acknowledge that:

• Enabling donations makes facility information publicly visible to potential donors;
• Organizations are responsible for compliance with all applicable charitable solicitation laws;
• Organizations must maintain proper tax-exempt status if applicable;
• Organizations are responsible for proper allocation and use of donated funds;
• SecureCare does not verify tax-exempt status or compliance with charitable regulations; and
• SecureCare is not responsible for how donations are solicited, received, or utilized.

9.1.5 Facility Financial Accounts and Transactions

Each facility maintains its own financial account within the Service, which may include available balances, donor-restricted funds, and transaction histories. Organizations may view account balances, track when funds are applied to services, and monitor financial activity at the facility level. Organizations acknowledge and agree that:

• Organizations are solely responsible for accurate financial record-keeping and reconciliation;
• SecureCare provides tools to track financial information but does not provide accounting, bookkeeping, or financial advisory services;
• Organizations must maintain their own independent financial records and should not rely solely on SecureCare for financial reporting;
• SecureCare is not responsible for financial errors, discrepancies, or losses;
• Organizations are responsible for compliance with all applicable financial reporting requirements, tax laws, and regulations;
• Donor fund restrictions must be honored by the Organization in accordance with applicable law; and
• SecureCare is not liable for misallocation of funds, improper fund usage, or violations of donor restrictions.

9.1.6 Service Creation, Approval, and Cost Management

Organizations may authorize staff members to create services, approve services, and override service costs at the facility level. Organizations are solely responsible for establishing appropriate approval workflows, cost controls, and oversight mechanisms. SecureCare is not responsible for unauthorized service creation, inappropriate cost adjustments, or any financial losses resulting from staff member actions within their assigned permissions.

9.1.7 Facility Operations and Compliance Disclaimer

SecureCare provides software tools to assist with facility management but is not responsible for:

• Physical facility operations, safety, or security;
• Compliance with federal, state, or local regulations applicable to facility operations;
• Licensing, certification, or accreditation requirements;
• Health and safety standards;
• Employment laws and labor regulations;
• Privacy laws such as HIPAA, FERPA, or other applicable data protection regulations;
• Quality of services provided at facilities;
• Customer satisfaction or service outcomes; or
• Any disputes, claims, or liabilities arising from facility operations.

Organizations acknowledge that they are the operators of their facilities and bear all responsibility and liability for facility operations, compliance, and outcomes.

9.2 Programs

Organizations may configure custom programs within the Service. Programs represent services that can be scheduled through appointments, tracked through service records, and invoiced to customers. Each program can be configured with specific settings, pricing structures, capacity limits, approval requirements, and associated documentation. SecureCare provides tools to facilitate program management and service delivery tracking, but disclaims all responsibility for the outcomes, structure, quality, legality, or compliance of programs created by Organizations.

9.2.1 Program Configuration and Settings

Organizations may configure programs with various settings including but not limited to: program name and description, lead staff member assignments, capacity limits, bed assignment requirements, approval workflows, appointment availability (none, internal only, or internal and public), insurance acceptance, promo code eligibility, service duration, start times, and other operational parameters. Organizations are solely responsible for:

• Ensuring program configurations comply with applicable laws and regulations;
• Setting appropriate capacity limits and managing program availability;
• Establishing and enforcing approval requirements;
• Determining which programs are eligible for insurance billing;
• Verifying insurance coverage and handling insurance claims;
• All aspects of program design, implementation, and delivery; and
• The accuracy and appropriateness of all program settings.

9.2.2 Bed Assignments and Capacity Management

Organizations may enable bed assignment requirements for programs and set capacity limits to control the number of concurrent services that can be provided. When bed assignments are required, services cannot be created without assigning an available bed to the customer. When capacity limits are set, the Service will prevent service creation once the limit is reached for the specified date. Organizations acknowledge and agree that:

• Organizations are solely responsible for managing bed availability and assignments;
• SecureCare is not responsible for overbooking, capacity management errors, or customer disputes related to availability;
• Organizations must ensure adequate resources are available to fulfill scheduled services;
• SecureCare does not guarantee the accuracy of capacity tracking or bed assignment functionality; and
• Organizations are responsible for compliance with any applicable regulations regarding capacity, occupancy, or bed management.

9.2.3 Service Approval Requirements

Organizations may configure programs to require approval before services can be completed. When approval is required, services cannot be marked as complete until approved by an authorized staff member, and certain service attributes (such as cost, assigned staff, and target dates) cannot be modified after approval. The Service enforces that services cannot be self-approved unless the creating staff member is an organization administrator. Organizations are solely responsible for:

• Establishing appropriate approval workflows and authorization hierarchies;
• Ensuring staff members comply with approval requirements;
• Monitoring and auditing approval activities;
• Any services provided without proper approval;
• Any financial or operational consequences of approval process failures; and
• Compliance with any regulatory requirements regarding service authorization or approval.

9.2.4 Cost Structure and Pricing

Organizations may configure program costs using various pricing models including fixed costs, per-hour costs, per-day costs, and itemized line items. Program costs may be calculated automatically based on service duration or set as fixed amounts. Organizations are solely responsible for:

• Setting accurate and appropriate pricing for all programs;
• Ensuring pricing complies with applicable laws and regulations;
• Properly configuring cost calculation methods;
• Verifying the accuracy of calculated costs;
• Any pricing errors or discrepancies;
• Honoring quoted or published prices; and
• All refunds, adjustments, or disputes related to pricing.

SecureCare provides cost calculation tools but does not verify pricing accuracy, appropriateness, or compliance with applicable regulations.

9.2.5 Cost Overrides and Authorization

Organizations may enable cost override functionality, which allows authorized staff members (organization administrators and users with override permissions) to modify program costs for individual services. When overrides are performed, a justification note must be entered. Organizations are solely responsible for:

• Determining which staff members receive override permissions;
• Monitoring and auditing cost override activities;
• Ensuring override justifications are adequate and appropriate;
• Any financial impacts of cost overrides;
• Compliance with internal controls and financial policies; and
• Any disputes arising from modified costs.

SecureCare is not responsible for inappropriate cost overrides, even when performed by authorized users.

9.2.6 Insurance Billing and Claims

Organizations may enable insurance acceptance for programs, allowing charges associated with those programs to be billed to insurance providers. Organizations acknowledge and agree that:

• SecureCare does not process insurance claims, verify coverage, or interact with insurance providers;
• Organizations are solely responsible for all aspects of insurance billing, including verification of coverage, submission of claims, and compliance with insurance requirements;
• Organizations must maintain appropriate licenses, credentials, and contracts with insurance providers;
• SecureCare is not responsible for claim denials, payment delays, or insurance disputes;
• Organizations are responsible for compliance with all applicable insurance regulations and requirements; and
• SecureCare provides only tools to track and document services, not insurance billing services.

9.2.7 Promo Codes and Discounts

Organizations may enable promo code functionality for programs, allowing discounts to be applied to service balances when valid promo codes are entered. Organizations are solely responsible for creating, managing, distributing, and honoring promo codes. SecureCare is not responsible for promo code misuse, unauthorized sharing, expired codes, discount calculation errors, or any financial losses related to promotional discounts.

9.2.8 Payment Terms and Due Dates

Organizations may configure when invoices become due, including options such as: start date of service, end date of service, or 30/60/90 days from start or end date. This due date setting is used throughout the Service for aging reports, automated invoicing, and payment tracking. Organizations are solely responsible for:

• Establishing appropriate payment terms;
• Communicating payment terms to customers;
• Enforcing payment terms and collecting overdue balances;
• Compliance with applicable consumer protection laws regarding billing and collections; and
• Any disputes regarding payment terms or due dates.

9.2.9 Payment Plans

Organizations may configure payment plan options by specifying the number of months over which balances can be divided. For example, a balance of $1,200 with a 12-month payment plan would result in monthly payments of $100. Organizations acknowledge and agree that:

• Payment plans are offered at the Organization's discretion and risk;
• Organizations are responsible for monitoring payment plan compliance;
• SecureCare does not guarantee payment collection or enforce payment plans;
• Organizations must comply with applicable laws regarding installment payments and credit;
• SecureCare is not responsible for missed payments, defaults, or collection activities; and
• Organizations are responsible for any legal or regulatory requirements related to offering payment plans.

9.2.10 Facility and Organization Fund Application

Organizations may enable automatic application of facility or organization funds to cover service costs when customers have insufficient funds in their accounts. When enabled, the Service will automatically apply available facility funds, and if facility funds are insufficient, will apply organization funds. Organizations are solely responsible for:

• Managing and monitoring facility and organization fund balances;
• Ensuring funds are used appropriately and in compliance with donor restrictions;
• Establishing policies for when automatic fund application is appropriate;
• Any misallocation or inappropriate use of funds;
• Compliance with charitable fund usage requirements and regulations; and
• Proper accounting and reporting of fund usage.

9.2.11 Itemization and Line Items

Organizations may create itemized line items for programs, with each line item contributing to the total program cost. Processing fees may be built into line items so that customers pay applicable fees during checkout. Organizations are solely responsible for:

• Accurate itemization of costs and services;
• Proper allocation of processing fees;
• Compliance with applicable consumer protection laws regarding fee disclosure;
• The accuracy of line item descriptions and amounts; and
• Any disputes regarding itemized charges.

9.2.12 Signature Documents and Forms

Organizations may associate signature documents with programs, which can then be mapped to appointments for ease of selection and distribution. Organizations are solely responsible for:

• The content, accuracy, and legal sufficiency of all signature documents;
• Ensuring signature documents comply with applicable laws and regulations;
• Obtaining and maintaining required consents and authorizations;
• The legal validity and enforceability of electronic signatures;
• Compliance with electronic signature laws and regulations;
• Proper storage and retention of signed documents; and
• Any disputes regarding the validity or interpretation of signed documents.

SecureCare provides tools to facilitate document distribution and signature collection but does not provide legal advice regarding document content, validity, or compliance.

9.2.13 Staff Member and Facility Assignments

Programs may be assigned to specific facilities and staff members, similar to facility-level assignments. Organizations are solely responsible for appropriate staff and facility assignments, staff supervision, and ensuring assigned personnel are qualified and authorized to provide the associated services. SecureCare is not responsible for staff member actions, qualifications, or performance related to program delivery.

9.2.14 Duration and Scheduling

Organizations may configure default start times and service durations (measured in months, weeks, days, hours, and/or minutes) for programs. These settings are used to automatically calculate service end dates and times when creating services. Organizations are solely responsible for:

• Setting appropriate and accurate service durations;
• Ensuring scheduled services can be delivered as configured;
• Managing schedule conflicts and resource availability;
• Any customer disputes related to service timing or duration; and
• Compliance with any applicable regulations regarding service delivery timing.

9.2.15 Free Services

Organizations may configure a number of free services per specified duration (per day, week, month, year, or lifetime) for programs. Organizations are solely responsible for establishing, tracking, and enforcing free service policies and ensuring compliance with any applicable regulations regarding free or discounted services.

9.2.16 Programs Disclaimer

SecureCare provides software tools to configure and manage programs but disclaims all responsibility for:

• The design, structure, or appropriateness of programs created by Organizations;
• The quality, safety, or outcomes of services provided through programs;
• Compliance with applicable professional standards, licensing requirements, or regulations;
• Customer satisfaction or service effectiveness;
• Financial accuracy or billing correctness;
• Any injuries, damages, or losses arising from program delivery; or
• Any disputes, claims, or liabilities related to programs or services.

Organizations acknowledge that they are the service providers and bear all responsibility and liability for program design, implementation, delivery, and outcomes.

9.3 Staff Members

Organizations may create and manage staff member accounts within the Service. Staff members are employees, contractors, or other authorized personnel who require access to the Service to perform their duties. Each staff member account includes profile information, security settings, role and permission assignments, facility and program assignments, work schedules, and reporting relationships. SecureCare provides tools to facilitate staff member management but disclaims all responsibility for employment decisions, staff conduct, credential verification, and compliance with employment laws.

9.3.1 Staff Member Account Creation and Management

Organizations with appropriate permissions may create staff member accounts and manage staff member information including personal details, contact information, emergency contacts, position/title, hire and termination dates, and profile images. Organizations are solely responsible for:

• Verifying the identity and eligibility of individuals before creating staff member accounts;
• Ensuring accurate and current information is maintained for all staff members;
• Compliance with all employment laws and regulations;
• Proper onboarding and offboarding procedures;
• Background checks, credential verification, and employment screening;
• Maintaining appropriate employment records independently of the Service;
• All employment-related decisions including hiring, promotion, discipline, and termination; and
• Ensuring staff members are properly trained on Service usage and organizational policies.

SecureCare is not responsible for verifying staff member credentials, conducting background checks, or ensuring compliance with employment laws.

9.3.2 Account Security and Authentication

Staff member accounts include security features such as password management, multi-factor authentication (MFA), phone verification, recovery codes, recovery email addresses, and authenticator app support. Organizations may configure security requirements including password complexity rules (minimum length, uppercase/lowercase letters, numbers, special characters) and may require MFA for all staff members.

9.3.2.1 Password Security

Staff members are responsible for maintaining the confidentiality of their passwords and must not share passwords with others. Organizations may configure password requirements including minimum length (default 8 characters), required character types, and password expiration policies. Organizations acknowledge and agree that:

• Staff members are solely responsible for their account security;
• Organizations are responsible for enforcing appropriate password policies;
• SecureCare is not liable for unauthorized access resulting from weak passwords, shared credentials, or compromised accounts;
• Staff members must change passwords immediately if compromise is suspected; and
• Organizations must promptly disable accounts for terminated or suspended staff members.

9.3.2.2 Multi-Factor Authentication

Organizations may enable or require multi-factor authentication using authenticator apps. When MFA is required, staff members must configure an authenticator app before accessing the Service. Organizations acknowledge that:

• MFA significantly enhances account security but does not guarantee prevention of all unauthorized access;
• Staff members are responsible for securing their MFA devices;
• Loss of MFA devices may temporarily prevent account access until recovery procedures are completed;
• SecureCare is not liable for account lockouts or access delays resulting from MFA issues; and
• Organizations should maintain recovery procedures for staff members who lose MFA access.

9.3.2.3 Account Recovery

Staff members may configure phone verification, recovery email addresses, and recovery codes for account recovery purposes. Recovery codes are single-use tokens that allow account access if password or MFA access is lost. Organizations and staff members acknowledge and agree that:

• Recovery codes should be stored securely and not shared;
• Lost recovery codes cannot be retrieved and must be regenerated;
• Recovery email addresses must be kept current and accessible;
• Phone verification requires an active phone number and cellular service;
• SecureCare is not responsible for failed account recovery due to incorrect recovery information, lost recovery codes, or inaccessible recovery methods; and
• Staff members may be locked out of accounts if all recovery methods fail, requiring administrator intervention.

9.3.2.4 Authentication Providers

Organizations may choose to use SecureCare's built-in authentication or integrate with Microsoft Entra (formerly Azure Active Directory) for single sign-on (SSO). Organizations using third-party authentication providers acknowledge that:

• SecureCare is not responsible for the security, availability, or functionality of third-party authentication providers;
• Organizations are responsible for proper configuration and maintenance of third-party authentication;
• Access issues with third-party providers must be resolved with the provider, not SecureCare;
• Organizations must ensure third-party authentication meets their security requirements; and
• SecureCare may discontinue support for specific authentication providers with notice.

9.3.3 Active and Inactive Status

Staff member accounts may be set to active or inactive status. Inactive staff members cannot log in to the Service and cannot be selected for assignments, appointments, case assignments, or any other features. Organizations are solely responsible for:

• Maintaining appropriate active/inactive status for all staff members;
• Promptly deactivating accounts for terminated, suspended, or on-leave staff members;
• Ensuring inactive staff members do not retain access to organizational data;
• Compliance with employment laws regarding access to systems during leave or suspension;
• Any unauthorized access or data breaches resulting from failure to deactivate accounts; and
• Reactivating accounts only when appropriate and authorized.

SecureCare automatically prevents inactive staff members from accessing the Service but is not responsible for monitoring or enforcing appropriate status changes.

9.3.4 Roles and Permissions System

SecureCare provides a comprehensive role and permission system that allows Organizations to control staff member access to features and data. Roles provide broad categories of access, while permissions provide granular control over specific functions. Organizations are solely responsible for assigning appropriate roles and permissions to staff members based on their job duties and access requirements.

9.3.4.1 Organization Administrator Role

Organization Administrators have complete access to all areas of the Organization including organization settings, bank accounts, tax information, subscription management, all facilities, all programs, all staff members, all customers, all volunteers, all donors, all reports, and can perform all overrides, assignments, and approvals. Organizations acknowledge and agree that:

• Organization Administrator role should be limited to trusted senior personnel;
• Organization Administrators can access sensitive financial and personal data;
• Organizations are responsible for all actions taken by Organization Administrators;
• Organization Administrators can modify other administrators' permissions;
• At least one Organization Administrator must be maintained at all times; and
• SecureCare is not liable for misuse of Organization Administrator privileges.

9.3.4.2 Facility Administrator Role

Facility Administrators must be assigned per facility through the Assignments feature. Facility Administrators have full access to their assigned facility including all programs, customers, staff, and features at that facility. Facility Administrator assignments override any program-level assignments for that facility. Organizations are responsible for appropriate Facility Administrator assignments and all actions taken by Facility Administrators within their assigned facilities.

9.3.4.3 Administrative Roles

Additional administrative roles include:

• Staff Member Admin: Can create staff members, reset passwords, update emergency contacts, organization information, roles, permissions, reports-to relationships, time approvals, and assignments to facilities and programs.
• Account Admin: Can view all transactions for the Organization and assigned facilities, and transfer funds from organization account to assigned facility accounts.
• Donor Admin: Can view Organization donors, donations, and upload end-of-year giving statements.
• Volunteer Admin: Can search for volunteers, send messages, approve and manage volunteers, and manage volunteer time.

Organizations are solely responsible for determining which staff members receive administrative roles and for monitoring administrative activities.

9.3.4.4 Permissions

Granular permissions allow Organizations to control specific functions. Available permissions include but are not limited to:

• Create Customers: Create new customer records
• Customer Account Management: View transactions, load funds, manage payment methods and recurring deposits
• Link Patron Account: Link existing Patron accounts to customer records
• Manage Accountability Logs: Create and manage single-use tokens for customer clock in/out
• Create & Close Cases: Create, edit, open and close cases
• Create & Close Assessments: Create and close assessments
• View Sensitive Data: Access sensitive health information, mental wellness assessments, and case/program notes marked as sensitive
• Create Custom Assessments: Build custom assessment forms
• Event Manager: Create and manage events, tickets, refunds, and assignments
• Promo Code Management: Create and delete promo codes
• Manage Appointments: Create, edit, and cancel appointments
• Manage Signature Documents: Create and manage documents requiring electronic signatures
• Manage Schedule: Create, edit, and delete own work schedule
• Perform Refunds: Process refunds for customers and donors (requires additional role permissions)

Organizations must assign permissions based on job duties and access requirements. SecureCare is not responsible for inappropriate permission assignments or misuse of granted permissions.

9.3.5 Sensitive Data and HIPAA Compliance

The "View Sensitive Data" permission controls access to protected health information (PHI), mental wellness assessments, physical wellness assessments, and case or program notes marked as sensitive. Organizations operating in healthcare settings must ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable privacy regulations.

9.3.5.1 HIPAA Compliance Responsibility

Organizations acknowledge and agree that:

• Organizations are solely responsible for HIPAA compliance if applicable to their operations;
• Organizations must execute a Business Associate Agreement (BAA) with SecureCare if storing PHI;
• Organizations must implement appropriate safeguards for PHI as required by HIPAA;
• Organizations must limit "View Sensitive Data" permission to staff with legitimate need to access PHI;
• Organizations must train staff on HIPAA requirements and organizational privacy policies;
• Organizations must monitor and audit access to sensitive data;
• Organizations are responsible for breach notification requirements under HIPAA;
• SecureCare provides tools to manage sensitive data but does not ensure HIPAA compliance;
• Organizations must not store PHI in the Service without proper authorization and BAA; and
• SecureCare is not liable for HIPAA violations resulting from Organization's misuse of the Service.

9.3.5.2 Sensitive Data Marking

Organizations may mark custom assessments, case notes, and program notes as "sensitive" to restrict access to staff members with the "View Sensitive Data" permission. Organizations are responsible for:

• Properly identifying and marking sensitive content;
• Training staff on when to mark content as sensitive;
• Ensuring sensitive markings are applied consistently;
• Not relying solely on sensitive markings for HIPAA compliance; and
• Implementing comprehensive data protection policies beyond the Service's features.

9.3.6 Report Access Control

Organizations may grant staff members access to specific reports on a per-report basis. Available reports include but are not limited to: Appointments, Demographics, Events, Invoices, Services, Staff Time Entry, Staff Schedule, Volunteer Time Entry, and Volunteer Schedule. Organizations are solely responsible for:

• Determining which staff members should have access to which reports;
• Ensuring report access aligns with job duties and privacy requirements;
• Monitoring report usage and access;
• Restricting access to reports containing sensitive or confidential information;
• Compliance with privacy laws regarding report data; and
• Any misuse of report data by staff members with granted access.

SecureCare provides report access controls but does not monitor or restrict report usage beyond the permissions granted by Organizations.

9.3.7 Facility and Program Assignments

Staff members must be assigned to facilities and/or programs to work with those facilities and programs. Assignments create a link between staff members and facilities or programs and determine which staff members can be selected for services, appointments, case assignments, and other features.

9.3.7.1 Assignment Hierarchy

The assignment system operates with the following hierarchy:

• Organization Administrator: Automatic access to all facilities and programs
• Facility Administrator: Highest permission level for assigned facility; overrides any program-level assignments for that facility
• Facility-Level Assignment: Permissions apply to all programs at that facility unless program-level assignment exists
• Program-Level Assignment: Overrides facility-level assignment for specific program; provides granular control

9.3.7.2 Assignment Permissions

Each facility or program assignment may include the following permissions:

• Create Services: Create new services for customers
• Approve Services: Approve services created by others (prevents self-approval unless Organization Admin)
• Override Service Cost: Modify program costs for individual services with justification
• Account Actions: Perform account-related actions including invoice payments and refunds

Organizations are solely responsible for:

• Creating appropriate assignments for all staff members;
• Ensuring assignment permissions align with job duties;
• Implementing proper segregation of duties and approval workflows;
• Monitoring staff member activities within their assignments;
• Preventing conflicts of interest in approval processes;
• Promptly removing assignments for terminated or reassigned staff; and
• All actions taken by staff members within their assigned permissions.

SecureCare enforces assignment permissions but is not responsible for inappropriate assignments, permission abuse, or inadequate segregation of duties.

9.3.8 Work Schedules

Staff members may create and manage work schedules that define their availability for appointments and other scheduled activities. Work schedules can include recurring weekly schedules and specific date ranges. Staff members with the "Manage Schedule" permission can create, edit, and delete their own schedules. Staff Member Admins can manage schedules for all staff members.

Organizations acknowledge and agree that:

• Work schedules in the Service are for appointment scheduling purposes only;
• Work schedules do not constitute employment contracts or guaranteed hours;
• Organizations are responsible for maintaining official employment schedules independently;
• Staff members are responsible for keeping schedules current and accurate;
• Inaccurate schedules may result in appointment conflicts or scheduling errors;
• SecureCare is not liable for appointment scheduling issues resulting from incorrect schedules;
• Organizations must ensure staff members only schedule themselves for hours they are authorized to work; and
• Work schedule data should not be relied upon for payroll or compliance purposes.

9.3.9 Appointment Availability

Staff members may be enabled for appointments through the "Enable Appointments" setting in their organization information. When enabled, staff members appear as available options when creating appointments. Only staff members with the "Manage Appointments" permission can create, edit, or cancel appointments. Organizations acknowledge that:

• Enabling appointments does not automatically schedule appointments for staff members;
• Staff members may be available for appointments but not actually provide appointments themselves (e.g., receptionists who schedule appointments for others);
• Organizations must properly configure both appointment availability and work schedules;
• SecureCare is not responsible for appointment scheduling conflicts or errors; and
• Organizations are solely responsible for appointment policies, no-show handling, and scheduling practices.

9.3.10 Reporting Relationships (Reports To)

Organizations may establish reporting hierarchies by designating which staff member each staff member reports to. The "Reports To" feature creates organizational charts and reporting relationships but does not grant any automatic permissions or access. Organizations are solely responsible for:

• Accurately reflecting organizational structure in reporting relationships;
• Updating reporting relationships when organizational structure changes;
• Ensuring reporting relationships align with actual employment relationships;
• Using reporting relationships only for organizational clarity, not access control; and
• Any confusion or issues resulting from incorrect reporting relationships.

SecureCare provides reporting relationship tracking as an organizational tool only and is not responsible for accuracy or employment law compliance.

9.3.11 Time Entry Approval Chains

Organizations may designate which staff members can approve time entries for other staff members. Time entry approvers can approve time for staff members or volunteers or both. Organizations may also designate which staff members can approve a specific staff member's time entries. Organizations are solely responsible for:

• Establishing appropriate time approval workflows;
• Ensuring approvers have adequate knowledge and authority;
• Preventing conflicts of interest such as reciprocal approval arrangements;
• Monitoring time approval activities for fraud or abuse;
• Ensuring time approvals occur in a timely manner;
• Implementing proper segregation of duties in time approval;
• All wage and hour compliance related to approved time; and
• Any financial consequences of fraudulent or incorrect time approvals.

Detailed time entry terms are provided in Section 9.9 (Time Entry and Tracking). SecureCare is not liable for time approval issues, wage and hour violations, or payroll errors.

9.3.12 Staff Member Documents

Organizations may upload documents associated with staff members including credentials, certifications, licenses, background checks, employment agreements, and other employment-related documents. Organizations are solely responsible for:

• Obtaining and maintaining appropriate documentation for all staff members;
• Verifying the authenticity and validity of uploaded documents;
• Ensuring documents meet licensing, certification, and regulatory requirements;
• Monitoring document expiration dates and renewal requirements;
• Compliance with recordkeeping requirements under employment and professional licensing laws;
• Maintaining independent backup copies of all documents;
• Proper handling of sensitive documents in compliance with privacy laws; and
• Not relying solely on the Service for credential verification or compliance documentation.

SecureCare provides document storage as a convenience but does not verify document authenticity, monitor expiration dates, or ensure compliance with licensing or employment requirements.

9.3.13 Position and Employment Information

Staff member records include position/title, hire date, and termination date. Organizations may create custom position types or select from standard positions. Organizations acknowledge and agree that:

• Position information is for organizational purposes only;
• Position titles do not create employment contracts or obligations;
• Hire and termination dates are for organizational tracking only;
• Organizations must maintain official employment records independently;
• SecureCare is not responsible for employment law compliance related to position or date information; and
• Position information should not be used for legal or regulatory compliance purposes without independent verification.

9.3.14 Emergency Contact Information

Staff members may provide emergency contact information including name, relationship, phone, email, and address. Organizations and staff members acknowledge that:

• Staff members are responsible for providing accurate and current emergency contact information;
• Organizations should verify emergency contact information periodically;
• SecureCare does not verify or validate emergency contact information;
• Organizations are responsible for using emergency contacts appropriately and only in genuine emergencies;
• SecureCare is not liable for inability to contact emergency contacts due to incorrect information; and
• Organizations should maintain independent emergency contact records.

9.3.15 Staff Member Cloning

Organizations may clone existing staff member configurations to quickly create new staff members with similar roles, permissions, and assignments. Organizations acknowledge that:

• Cloning copies roles, permissions, and assignments but not personal information;
• Organizations must review and verify all cloned settings before activating new staff member accounts;
• Cloning is a convenience feature and does not guarantee appropriate permission assignment;
• Organizations are responsible for all permissions granted through cloning; and
• SecureCare is not liable for inappropriate permissions resulting from staff member cloning.

9.3.16 Staff Member Management Disclaimer

SecureCare provides comprehensive staff management tools to help you efficiently manage your workforce. However, employment decisions and personnel management remain fundamentally your responsibility as the employer.

What SecureCare Provides

Our staff management features help you:

• Organize staff information and credentials in one place;
• Control access through robust role and permission systems;
• Track assignments, schedules, and reporting relationships;
• Manage security settings including MFA and authentication;
• Monitor staff activity through audit logs; and
• Streamline workforce administration.

What Remains Your Responsibility

As the employer, you retain full responsibility for:

• All employment decisions (hiring, promotion, discipline, termination);
• Compliance with employment laws (wage & hour, discrimination, harassment, leave, etc.);
• Background checks and credential verification;
• Staff training and supervision;
• Appropriate permission assignments and access controls;
• Monitoring for and preventing staff misconduct; and
• All employment-related claims and disputes.

Division of Responsibility

Think of it this way: SecureCare provides the filing cabinet, security system, and organizational tools. You decide what goes in the cabinet, who gets keys, and how to run your organization. We can't manage your employees for you, verify their credentials, or ensure you comply with employment laws—those are management functions that must remain under your control.

To the maximum extent permitted by law, SecureCare is not liable for employment-related issues, staff misconduct, credential verification failures, inappropriate permission assignments, or employment law violations. Our tools help you manage these responsibilities, but they don't replace good management practices, legal compliance programs, or sound judgment.

9.4 Customer Management

Organizations may create and manage customer records within the Service. Customers represent individuals or entities receiving services, programs, or support from the Organization. Customer records include personal information, financial accounts, service history, assessments, appointments, case notes, documents, and other relevant data. SecureCare provides tools to facilitate customer management but disclaims all responsibility for customer service delivery, data accuracy, privacy compliance, and outcomes.

9.4.1 Customer Record Creation and Management

Organizations with appropriate permissions may create customer records and manage customer information including personal details, contact information, demographics, emergency contacts, guarantors, authorized persons, family groups, and profile information. Organizations are solely responsible for:

• Obtaining appropriate consent before creating customer records;
• Verifying the identity and eligibility of customers;
• Ensuring accurate and current information is maintained for all customers;
• Compliance with all applicable privacy laws and regulations (HIPAA, FERPA, state privacy laws, etc.);
• Proper intake and onboarding procedures;
• Maintaining appropriate customer records independently of the Service;
• All customer service decisions including acceptance, discharge, and service provision; and
• Ensuring staff members are properly trained on customer data handling and privacy requirements.

SecureCare is not responsible for verifying customer eligibility, conducting background checks, or ensuring compliance with program admission requirements.

9.4.2 Customer Personal Information

Customer records include personal information such as name, date of birth, address, phone number, email, social security number, demographics, and other identifying information. Organizations are solely responsible for:

• Collecting only necessary personal information;
• Obtaining required consents for personal information collection and use;
• Securing personal information in compliance with applicable laws;
• Limiting access to personal information to authorized staff only;
• Proper handling of sensitive identifiers (SSN, tax IDs, etc.);
• Compliance with data minimization principles;
• Providing required privacy notices to customers;
• Honoring customer rights regarding their personal information; and
• Any violations of privacy laws or unauthorized disclosure of personal information.

9.4.3 Customer Financial Accounts

Each customer maintains a financial account within the Service, which may include account balances, payment history, invoices, transaction records, payment methods, and recurring payment arrangements. Organizations are solely responsible for:

• Accurate financial record-keeping for all customers;
• Proper billing and invoicing practices;
• Transparent pricing and fee disclosure;
• Compliance with consumer protection laws;
• Payment processing and reconciliation;
• Collections activities and compliance with debt collection laws;
• Financial assistance programs and eligibility determination;
• Refund processing in accordance with organizational policies;
• Payment plan management and enforcement; and
• Any billing disputes, errors, or customer complaints regarding charges.

9.4.4 Accountability Logs

Organizations may create accountability logs for customers using single-use tokens that allow customers to clock in and out of facilities or programs. Accountability logs track customer presence and activity. Organizations are solely responsible for:

• Establishing accountability log policies and procedures;
• Ensuring appropriate use of accountability tracking;
• Training customers on proper clock in/out procedures;
• Monitoring accountability log compliance;
• Addressing accountability log violations or discrepancies;
• Compliance with any applicable regulations regarding customer tracking; and
• Privacy considerations related to location and presence tracking.

SecureCare provides accountability log tools but is not responsible for customer compliance, tracking accuracy, or enforcement of accountability requirements.

9.4.5 Customer Portal and Linked Patron Access

Organizations may invite customers to link their existing Patron accounts to customer records, providing customers with access to a customer portal where they can view invoices, make payments, schedule appointments, and manage their relationship with the Organization.

9.4.5.1 Linking Process

Organizations initiate the linking process by sending invitation emails to customers. Customers must have or create a Patron account and accept the invitation to establish the link. Organizations are solely responsible for:

• Verifying customer identity before sending invitations;
• Ensuring invitations are sent to correct email addresses;
• Obtaining customer consent for portal access;
• Training customers on portal usage;
• Providing support for linking issues;
• Managing which customers have portal access; and
• Privacy and security considerations of providing online access.

9.4.5.2 Multi-Organization Linking

A single Patron account may be linked to customer records at multiple Organizations simultaneously. This allows individuals to manage relationships with multiple service providers through one account. Organizations acknowledge that:

• Patrons may have relationships with multiple Organizations;
• Each Organization's data remains separate and isolated;
• Organizations cannot see or access data from other Organizations;
• SecureCare is not responsible for coordinating care or services across Organizations; and
• Customers are responsible for managing their own multi-organization relationships.

9.4.5.3 Removing Links

Organizations may remove the link between a Patron account and customer record at any time. When a link is removed, the Patron loses access to that Organization's customer portal immediately. Organizations are solely responsible for:

• Determining when to remove customer portal access;
• Notifying customers before removing access when appropriate;
• Compliance with any contractual obligations regarding portal access;
• Providing alternative invoice access methods if needed; and
• Any customer disputes arising from removed portal access.

9.4.5.4 Customer Portal Features

Through the customer portal, linked Patrons can view invoices, make payments, view and manage payment arrangements, schedule appointments (if enabled), view appointment history, and access other features as configured by the Organization. Organizations are solely responsible for:

• Determining which portal features to enable;
• Configuring appointment scheduling access appropriately;
• Ensuring portal information is accurate and current;
• Responding to customer inquiries about portal information;
• Compliance with regulations regarding online account access; and
• Any issues arising from customer use of portal features.

9.4.6 Alternative Invoice Access

For customers who are not linked to Patron accounts, Organizations may provide alternative invoice access through public URLs. These URLs allow customers to view and pay specific invoices without creating accounts.

9.4.6.1 Public Invoice Access Security

Public invoice URLs contain unique tokens for security but should still be treated as sensitive. Organizations acknowledge and agree that:

• Anyone with the URL can view the invoice;
• Organizations are responsible for securely distributing invoice URLs;
• URLs should be sent through secure channels (email, secure messaging);
• SecureCare is not responsible for unauthorized invoice access through shared URLs;
• Organizations should use linked Patron access for more secure long-term access; and
• Public invoice access is provided as a convenience for one-time or occasional use.

9.4.7 Customer Archiving

Organizations may archive customer records to remove them from active lists while retaining historical data. Archived customers cannot receive new services but their historical records remain accessible. Organizations are solely responsible for:

• Establishing customer archiving policies;
• Determining when to archive customer records;
• Ensuring archived records are retained as required by applicable regulations;
• Compliance with data retention requirements;
• Maintaining access to archived records for audits or legal requests;
• Properly disposing of customer data when legally permissible; and
• Any consequences of improper archiving or data destruction.

9.4.8 Emergency Contact, Guarantor, and Authorized People

Customer records may include emergency contacts, guarantors (individuals financially responsible for the customer), and authorized persons (individuals authorized to receive information or make decisions on behalf of the customer). Organizations are solely responsible for:

• Obtaining and documenting appropriate authorizations;
• Verifying the identity and authority of emergency contacts, guarantors, and authorized persons;
• Maintaining accurate and current contact information;
• Honoring authorization limitations and privacy preferences;
• Compliance with privacy laws regarding information disclosure;
• Ensuring staff understand authorization boundaries; and
• Any unauthorized disclosures or violations of authorization agreements.

9.4.9 Family Groups

Organizations may group related customers into family units for coordinated billing, shared accounts, or family-based services. Organizations are solely responsible for:

• Establishing family group policies and procedures;
• Obtaining consent for family grouping;
• Accurately identifying family relationships;
• Managing shared financial responsibility;
• Privacy considerations when grouping customers;
• Compliance with regulations regarding family-based billing or services; and
• Any disputes arising from family grouping or shared accounts.

9.4.10 Customer Documents

Organizations may upload and store documents associated with customers including intake forms, consent forms, assessments, medical records, identification documents, insurance information, and other customer-related files. Organizations are solely responsible for:

• Obtaining and maintaining appropriate documentation;
• Ensuring documents are properly secured and accessible only to authorized personnel;
• Compliance with document retention requirements;
• Proper handling of protected health information (PHI) and sensitive documents;
• Maintaining independent backup copies of critical documents;
• Compliance with regulations regarding document types and retention periods;
• Providing customers with access to their documents as required by law; and
• Secure destruction of documents when appropriate.

9.4.11 Customer Service Delivery

Customer records track services provided, programs enrolled in, assessments completed, appointments attended, and other service delivery information. Organizations are solely responsible for:

• The quality, safety, and outcomes of services provided;
• Proper documentation of services;
• Compliance with professional standards and licensing requirements;
• Staff qualifications and competency to provide services;
• Customer safety and risk management;
• Outcomes measurement and quality improvement;
• Customer satisfaction and complaint resolution; and
• Any harm, injuries, or adverse events involving customers.

9.4.12 Customer Privacy and HIPAA

Organizations handling protected health information (PHI) must comply with HIPAA and other applicable privacy regulations. Organizations acknowledge and agree that:

• Organizations are solely responsible for HIPAA compliance;
• A Business Associate Agreement (BAA) is required before storing PHI in the Service;
• Organizations must implement HIPAA-required safeguards;
• Organizations must train staff on HIPAA requirements;
• Organizations must monitor and audit access to PHI;
• Organizations are responsible for breach notification under HIPAA;
• SecureCare provides tools but does not ensure HIPAA compliance; and
• Organizations must not store PHI without proper authorization and BAA.

9.4.13 Customer Waitlists

Organizations may maintain waitlists for programs or services with limited capacity. Organizations are solely responsible for:

• Establishing fair and non-discriminatory waitlist policies;
• Managing waitlist priority and placement;
• Communicating with waitlisted customers;
• Compliance with regulations regarding waitlist management;
• Moving customers from waitlist to active services appropriately; and
• Any disputes regarding waitlist placement or priority.

9.4.14 Customer Communication

Organizations may communicate with customers through various channels including email, SMS, phone, and in-person. Organizations are solely responsible for:

• Obtaining consent for electronic communications;
• Compliance with laws regarding electronic communications (TCPA, CAN-SPAM, etc.);
• Honoring opt-out requests;
• Securing communications containing sensitive information;
• Professional and appropriate communication practices;
• Translation and accessibility of communications when required; and
• Any consequences of improper or unauthorized communications.

9.4.15 Customer Management Disclaimer

SecureCare provides customer management tools but disclaims all responsibility for:

• Customer service quality, safety, or outcomes;
• Customer data accuracy or completeness;
• Privacy law compliance (HIPAA, FERPA, state laws, etc.);
• Customer admission, service delivery, or discharge decisions;
• Billing accuracy or financial management;
• Customer satisfaction or complaint resolution;
• Any harm, injuries, or adverse events involving customers; or
• Any disputes, claims, or liabilities related to customer management.

Organizations acknowledge that they are the service providers and bear all responsibility and liability for customer care, data management, and regulatory compliance.

9.5 Case Management

Organizations may create and manage cases to coordinate multi-disciplinary services for customers. Cases provide a framework for comprehensive service planning, team coordination, documentation, and outcome tracking. Each case may include case notes, assessments, assigned staff, goals, interventions, and closure documentation. SecureCare provides case management tools but disclaims all responsibility for case management practices, clinical decisions, service coordination, and outcomes.

9.5.1 Case Creation and Management

Staff members with appropriate permissions may create cases for customers and manage case information including case type, assigned staff, case status (open/closed), admission date, discharge date, and other case details. Organizations are solely responsible for:

• Establishing case management policies and procedures;
• Determining which customers require case management services;
• Assigning qualified staff to manage cases;
• Ensuring appropriate case supervision and oversight;
• Timely case opening and closure;
• Compliance with case management standards and regulations;
• Case documentation completeness and accuracy; and
• Case management quality and effectiveness.

9.5.2 Case Notes and Documentation

Staff members may create case notes documenting customer interactions, services provided, progress toward goals, barriers encountered, and other relevant information. Case notes may be marked as sensitive to restrict access to authorized personnel only. Organizations are solely responsible for:

• Training staff on proper case note documentation;
• Ensuring case notes are timely, accurate, and complete;
• Compliance with documentation standards and requirements;
• Proper use of sensitive data markings;
• Limiting access to case notes to authorized staff;
• Meeting any regulatory requirements for case documentation;
• Case note retention and archival; and
• Providing case notes in response to legal requests when required.

9.5.3 Multi-Disciplinary Team Coordination

Cases may involve multiple staff members from different disciplines working together to provide comprehensive services. Organizations are solely responsible for:

• Establishing effective team coordination processes;
• Ensuring clear roles and responsibilities;
• Facilitating communication among team members;
• Resolving conflicts or disagreements among team members;
• Ensuring all team members have appropriate qualifications;
• Coordinating with external service providers when necessary; and
• Overall team effectiveness and service coordination quality.

9.5.4 Case Assessment and Planning

Cases may include assessments to evaluate customer needs, strengths, and barriers, and service plans to guide interventions and track progress. Organizations are solely responsible for:

• Using valid and appropriate assessment tools;
• Ensuring assessments are conducted by qualified personnel;
• Developing individualized service plans based on assessments;
• Involving customers in service planning when appropriate;
• Regularly reviewing and updating service plans;
• Ensuring service plans comply with applicable regulations;
• Documenting progress toward goals; and
• Modifying plans when interventions are not effective.

9.5.5 Case Confidentiality and Privacy

Case information often includes highly sensitive data requiring special protection. Organizations are solely responsible for:

• Implementing appropriate confidentiality safeguards;
• Limiting case access to staff with legitimate need to know;
• Training staff on confidentiality requirements;
• Obtaining required consents for information sharing;
• Compliance with privacy regulations (HIPAA, 42 CFR Part 2, etc.);
• Protecting case information from unauthorized access;
• Responding to customer requests for access to case information; and
• Any confidentiality breaches or unauthorized disclosures.

9.5.6 Case Closure and Outcomes

When cases are closed, Organizations should document closure reasons, outcomes achieved, and any follow-up recommendations. Organizations are solely responsible for:

• Establishing appropriate case closure criteria;
• Ensuring timely case closure when appropriate;
• Documenting case closure appropriately;
• Measuring and tracking outcomes;
• Following up with customers after case closure when appropriate;
• Compliance with regulations regarding case closure and documentation; and
• Using outcome data for quality improvement.

9.5.7 Case Management Disclaimer

SecureCare provides case management tools but disclaims all responsibility for:

• Case management practices, decisions, or quality;
• Service coordination or multi-disciplinary team functioning;
• Assessment validity or service plan appropriateness;
• Customer outcomes or goal achievement;
• Compliance with case management standards or regulations;
• Staff qualifications or case management competency;
• Any harm arising from case management services; or
• Any disputes, claims, or liabilities related to case management.

Organizations acknowledge that they are the case management service providers and bear all responsibility and liability for case management practices and outcomes.

9.6 Appointments

Organizations may schedule and manage appointments for customers with staff members. Appointments can be one-time or recurring, with various types and categories. The Service supports appointment reminders, confirmations, cancellations, no-show tracking, and telehealth/video appointments. SecureCare provides appointment scheduling tools but disclaims all responsibility for appointment management, attendance, clinical services provided during appointments, and any consequences of scheduling issues.

9.6.1 Appointment Scheduling and Availability

Appointments may be scheduled for customers with staff members who have been enabled for appointments and have configured work schedules. Organizations may configure appointments to be available for internal scheduling only or for both internal and public (customer-initiated) scheduling. Organizations are solely responsible for:

• Establishing appointment scheduling policies and procedures;
• Ensuring staff maintain accurate availability schedules;
• Managing appointment capacity and preventing overbooking;
• Configuring appropriate appointment durations;
• Determining which appointments can be publicly scheduled;
• Training staff on appointment scheduling procedures;
• Ensuring appointments are scheduled with qualified personnel;
• Managing scheduling conflicts and double-bookings; and
• Any issues arising from scheduling errors or conflicts.

9.6.2 Appointment Types and Categories

Organizations may create custom appointment types and categories to organize and track different kinds of appointments (e.g., initial consultation, follow-up, group session, assessment). Organizations are solely responsible for:

• Defining appropriate appointment types for their services;
• Training staff on proper appointment type selection;
• Ensuring appointment types align with billing and documentation requirements;
• Using appointment types consistently; and
• Any confusion or errors resulting from improper appointment type usage.

9.6.3 Recurring Appointments

Organizations may schedule recurring appointments that repeat on a regular schedule (weekly, bi-weekly, monthly, etc.). Organizations are solely responsible for:

• Establishing appropriate recurring appointment schedules;
• Managing changes to recurring appointment series;
• Canceling or modifying recurring appointments when needed;
• Ensuring customers are aware of recurring appointment commitments;
• Handling exceptions or modifications to recurring schedules; and
• Any issues arising from recurring appointment management.

9.6.4 Appointment Reminders and Notifications

The Service can send automated appointment reminders to customers via email or SMS prior to scheduled appointments. Organizations are solely responsible for:

• Configuring appropriate reminder timing and frequency;
• Ensuring customer contact information is current;
• Obtaining consent for electronic communications;
• Compliance with laws regarding electronic communications;
• Monitoring reminder delivery and addressing failures;
• Not relying solely on automated reminders; and
• Any missed appointments due to reminder failures or incorrect contact information.

SecureCare makes reasonable efforts to deliver reminders but does not guarantee delivery or receipt.

9.6.5 Appointment Cancellations and No-Shows

Appointments may be canceled by staff or customers. The Service tracks no-shows when customers miss appointments without canceling. Organizations are solely responsible for:

• Establishing cancellation policies including notice requirements;
• Communicating cancellation policies to customers;
• Enforcing cancellation policies consistently;
• Managing no-show policies including fees or consequences;
• Following up with customers after no-shows;
• Compliance with regulations regarding appointment attendance;
• Rescheduling canceled or missed appointments; and
• Any disputes regarding cancellations or no-show fees.

9.6.6 Appointment Confirmation

Customers may confirm appointments to indicate they plan to attend. Organizations are solely responsible for:

• Determining whether appointment confirmation is required;
• Following up on unconfirmed appointments;
• Managing appointment slots for unconfirmed appointments;
• Communicating confirmation requirements to customers; and
• Any consequences of unconfirmed appointments.

9.6.7 Video/Telehealth Appointments

Organizations may designate appointments as video or telehealth appointments. Organizations are solely responsible for:

• Compliance with telehealth regulations and licensing requirements;
• Ensuring staff are qualified and licensed to provide telehealth services;
• Providing secure and HIPAA-compliant video platforms;
• Obtaining required consents for telehealth services;
• Verifying customer identity during telehealth appointments;
• Ensuring quality and appropriateness of telehealth services;
• Technical support for customers accessing telehealth appointments;
• Documentation of telehealth services; and
• Compliance with cross-state telehealth practice requirements.

SecureCare does not provide video conferencing services and is not responsible for telehealth service delivery or compliance.

9.6.8 Appointment Documentation

Staff members should document services provided during appointments in case notes, service records, or other appropriate documentation. Organizations are solely responsible for:

• Establishing documentation requirements for appointments;
• Training staff on proper appointment documentation;
• Ensuring timely and complete documentation;
• Compliance with documentation standards and regulations;
• Monitoring documentation quality and completeness; and
• Any consequences of inadequate or missing documentation.

9.6.9 Appointments Disclaimer

SecureCare provides appointment scheduling tools but disclaims all responsibility for:

• Appointment scheduling decisions, accuracy, or conflicts;
• Missed appointments or scheduling errors;
• Reminder delivery failures or technical issues;
• Services provided during appointments;
• Staff qualifications or competency;
• Telehealth compliance or service delivery;
• Appointment cancellations or no-shows;
• Any harm arising from appointments or appointment scheduling; or
• Any disputes, claims, or liabilities related to appointments.

Organizations acknowledge that they are responsible for appointment management and all services provided during appointments.

9.7 Assessments

Organizations may administer assessments to customers to evaluate needs, measure outcomes, track progress, and support clinical decision-making. The Service includes standard assessments and allows Organizations to create custom assessments tailored to their specific needs. Assessments may include various question types, scoring mechanisms, and interpretation guidelines. SecureCare provides assessment administration tools but disclaims all responsibility for assessment validity, reliability, interpretation, clinical decisions based on assessments, and outcomes.

9.7.1 Standard Assessments

SecureCare may provide standard, widely-used assessments within the Service. Organizations acknowledge and agree that:

• Standard assessments are provided as-is without warranty;
• Organizations are responsible for ensuring assessments are appropriate for their use;
• Organizations must verify they have proper licenses or permissions to use assessments;
• SecureCare does not guarantee assessment accuracy, validity, or reliability;
• Organizations are responsible for proper assessment administration and interpretation;
• Organizations must ensure staff administering assessments are qualified to do so; and
• SecureCare is not liable for clinical decisions or outcomes based on assessment results.

9.7.2 Custom Assessments

Organizations may create custom assessments with various question types including multiple choice, checkboxes, text entry, number entry, date selection, and rating scales. Custom assessments may include scoring mechanisms and automated calculations. Organizations are solely responsible for:

• The validity and reliability of custom assessments;
• Ensuring assessment questions are appropriate and non-discriminatory;
• Proper assessment design and question construction;
• Scoring mechanism accuracy and appropriateness;
• Interpretation guidelines and cutoff scores;
• Testing and validating custom assessments before use;
• Compliance with professional standards for assessment development;
• Any errors, biases, or issues with custom assessments; and
• All clinical decisions based on custom assessment results.

9.7.3 Assessment Administration

Staff members with appropriate permissions may administer assessments to customers. Assessments may be completed by staff on behalf of customers or by customers directly (self-administered). Organizations are solely responsible for:

• Training staff on proper assessment administration procedures;
• Ensuring staff administering assessments are qualified to do so;
• Maintaining standardized administration procedures;
• Providing appropriate testing conditions;
• Obtaining informed consent for assessment administration;
• Ensuring customer understanding of assessment purpose and process;
• Accommodations for customers with disabilities or language barriers;
• Data entry accuracy for staff-administered assessments; and
• Monitoring for assessment completion errors or inconsistencies.

9.7.4 Assessment Scoring and Interpretation

Assessments may include automatic scoring and calculated results based on customer responses. Organizations are solely responsible for:

• Verifying scoring mechanism accuracy;
• Proper interpretation of assessment results;
• Understanding limitations of assessment scores;
• Communicating results to customers appropriately;
• Not over-relying on single assessment results;
• Combining assessment data with other clinical information;
• Clinical decisions based on assessment interpretation;
• Re-assessment when appropriate; and
• Any consequences of misinterpretation or misuse of assessment results.

SecureCare does not validate scoring mechanisms and is not responsible for scoring errors or misinterpretation of results.

9.7.5 Assessment Data Use and Privacy

Assessment data often includes sensitive information requiring special protection. Organizations are solely responsible for:

• Implementing appropriate privacy safeguards for assessment data;
• Limiting access to assessment results to authorized personnel;
• Obtaining required consents for assessment data use and sharing;
• Compliance with privacy regulations (HIPAA, FERPA, etc.) regarding assessment data;
• Proper use of sensitive data markings;
• Responding to customer requests for assessment records;
• Ensuring assessment data is used only for appropriate purposes; and
• Any unauthorized access or disclosure of assessment data.

9.7.6 Assessment Documentation and Records

Assessment results become part of customer records and may be used for treatment planning, outcome measurement, and reporting. Organizations are solely responsible for:

• Maintaining complete and accurate assessment records;
• Retention of assessment data as required by regulations;
• Providing assessment records in response to legal requests;
• Using assessment data for quality improvement and outcome measurement;
• Compliance with documentation requirements for assessments; and
• Ensuring assessment records are available for audits or reviews.

9.7.7 Assessments Disclaimer

SecureCare provides assessment administration tools but disclaims all responsibility for:

• Assessment validity, reliability, or appropriateness;
• Assessment design, question construction, or scoring mechanisms;
• Assessment administration procedures or conditions;
• Staff qualifications or competency in assessment administration;
• Interpretation of assessment results;
• Clinical decisions based on assessment data;
• Customer outcomes or treatment effectiveness;
• Any harm arising from assessment use or misuse; or
• Any disputes, claims, or liabilities related to assessments.

Organizations acknowledge that they are responsible for assessment selection, administration, interpretation, and all clinical decisions based on assessment results. Assessments are tools that support, but do not replace, clinical judgment and professional expertise.

9.8 Volunteer Coordination

Note: This section provides an overview of volunteer features. Detailed Organization volunteer management terms are in Section 9.11 (Volunteer Management and Opportunities). Detailed Patron volunteer terms are in Section 10.3 (Volunteer Profile and Applications).

The Service facilitates volunteer coordination between Organizations and individuals who wish to donate their time and services. Organizations can post volunteering opportunities, and Patrons with volunteer profiles can search for and apply to opportunities. Organizations manage volunteer applications, assignments, schedules, and time tracking. SecureCare provides volunteer coordination tools but is not responsible for volunteer screening, conduct, performance, safety, or any volunteer-related incidents or liabilities.

For comprehensive terms regarding Organization volunteer management responsibilities, see Section 9.11. For Patron volunteer rights and responsibilities, see Section 10.3.

9.9 Time Entry and Tracking

The Service provides time entry and tracking functionality for both staff members and volunteers. Staff members may enter time against cases, services for programs, customers, or custom time entry categories created by the Organization. Volunteers may enter time against volunteering opportunities to which they have been assigned. Organizations may designate specific staff members as time period approvers with authority to approve time entries for staff members, volunteers, or both. SecureCare provides tools to facilitate time tracking but does not validate the accuracy of time entries, does not integrate with third-party payroll providers, and disclaims all liability related to time tracking, time approval, compensation, and compliance matters.

9.9.1 Staff Member Time Entry

Staff members may enter time worked against various categories including but not limited to: specific cases, services provided under programs, individual customers, or custom time entry options created by the Organization. Organizations are solely responsible for:

• Creating and managing appropriate time entry categories;
• Establishing policies and procedures for time entry;
• Training staff members on proper time entry practices;
• The accuracy and completeness of all time entries;
• Monitoring and auditing time entries for accuracy and compliance;
• Ensuring staff members enter time promptly and accurately;
• Verifying that time entries reflect actual hours worked;
• Detecting and correcting time entry errors, fraud, or abuse; and
• Compliance with all applicable wage and hour laws, including Fair Labor Standards Act (FLSA), state labor laws, and overtime requirements.

9.9.2 Volunteer Time Entry

Volunteers may enter time worked against volunteering opportunities to which they have been assigned. Organizations are solely responsible for:

• Verifying volunteer time entries for accuracy;
• Establishing policies for volunteer time tracking;
• Training volunteers on proper time entry procedures;
• Monitoring volunteer hours and ensuring compliance with any applicable regulations;
• Ensuring volunteers are properly classified as volunteers and not employees;
• Compliance with volunteer labor laws and regulations;
• Proper documentation of volunteer hours for grant reporting or other purposes; and
• Any disputes regarding volunteer time or recognition.

9.9.3 Time Period Approvers and Approval Workflow

Organizations may designate specific staff members as time period approvers with authority to approve time entries for staff members, volunteers, or both. Organizations are solely responsible for:

• Selecting appropriate individuals as time approvers;
• Ensuring time approvers have adequate knowledge and authority to approve time;
• Establishing approval workflows and timelines;
• Training time approvers on their responsibilities and approval criteria;
• Monitoring and auditing time approval activities;
• Ensuring time approvals occur in a timely manner;
• Any consequences of delayed, incorrect, or fraudulent time approvals;
• Conflicts of interest in the approval process (such as self-approval or reciprocal approval arrangements);
• Ensuring approved time accurately reflects hours worked; and
• Compliance with internal controls and segregation of duties requirements.

9.9.4 Time Entry Accuracy and Validation

SecureCare does not validate, verify, or audit the accuracy of time entries. Organizations acknowledge and agree that:

• SecureCare does not monitor whether time entries reflect actual hours worked;
• SecureCare is not responsible for detecting time theft, buddy punching, inflated hours, or other time entry fraud;
• SecureCare does not verify that time entries comply with work schedules, break requirements, or maximum hour limitations;
• Organizations are solely responsible for implementing controls to prevent and detect time entry fraud or errors;
• SecureCare is not liable for any wage and hour violations, overtime miscalculations, or underpayment/overpayment of wages resulting from inaccurate time entries; and
• Organizations must maintain independent verification systems and should not rely solely on the Service for time tracking compliance.

9.9.5 Payroll Integration and Compensation

SecureCare does not integrate with third-party payroll providers and does not process payroll or compensation. Organizations acknowledge and agree that:

• Organizations are solely responsible for calculating wages, salaries, and other compensation based on time entries;
• Organizations must export or manually transfer time data to their payroll systems;
• SecureCare is not responsible for errors in data export, import, or transfer to payroll systems;
• SecureCare is not liable for any payroll processing errors, payment delays, or compensation disputes;
• Organizations are responsible for compliance with all wage payment laws and requirements;
• Organizations must ensure proper tax withholding, reporting, and remittance; and
• SecureCare provides only time tracking tools, not payroll processing or tax compliance services.

9.9.6 Overtime and Wage and Hour Compliance

Organizations are solely responsible for compliance with all applicable wage and hour laws, including but not limited to:

• Calculating and paying overtime in accordance with federal and state requirements;
• Ensuring compliance with minimum wage laws;
• Tracking and providing required meal and rest breaks;
• Maintaining accurate records as required by law;
• Classifying employees correctly (exempt vs. non-exempt);
• Complying with recordkeeping requirements under FLSA and state laws;
• Preventing off-the-clock work and unauthorized overtime;
• Compliance with any applicable union agreements or collective bargaining requirements; and
• Any wage and hour audits, investigations, or claims.

SecureCare does not provide wage and hour compliance advice and is not responsible for any violations of wage and hour laws arising from the Organization's use of time tracking data.

9.9.7 Time Entry Modifications and Corrections

Organizations may allow or restrict the ability to modify or correct time entries based on their internal policies. Organizations are solely responsible for:

• Establishing policies regarding time entry corrections and modifications;
• Ensuring proper authorization for time entry changes;
• Maintaining audit trails of time entry modifications;
• Compliance with recordkeeping requirements when time entries are modified;
• Preventing unauthorized or fraudulent time entry modifications; and
• Any disputes or claims arising from time entry corrections.

9.9.8 Time Entry Disputes and Claims

SecureCare is not liable for any disputes, claims, or legal actions related to time tracking, including but not limited to:

• Wage and hour class action lawsuits or collective actions;
• Individual employee claims for unpaid wages, overtime, or other compensation;
• Department of Labor (DOL) investigations or audits;
• State labor department investigations or enforcement actions;
• Claims of time theft, wage theft, or improper compensation;
• Disputes regarding time entry accuracy or approval;
• Claims related to off-the-clock work or unauthorized deductions;
• Retaliation claims related to time reporting; or
• Any other employment-related claims involving time tracking.

9.9.9 Recordkeeping and Retention

While the Service may retain time entry data, Organizations are solely responsible for:

• Maintaining independent backup records of all time entries;
• Ensuring time records are retained for the periods required by applicable law (typically 3-7 years depending on jurisdiction);
• Producing time records in response to audits, investigations, or legal requests;
• Compliance with all recordkeeping requirements under FLSA, state laws, and other applicable regulations; and
• Exporting and archiving time data before termination of the Service.

SecureCare makes no guarantee regarding the long-term retention or availability of time entry data and may delete data in accordance with its data retention policies.

9.9.10 Custom Time Entry Categories

Organizations may create custom time entry categories to track time for purposes other than cases, services, or customers. Organizations are solely responsible for:

• Creating appropriate and clearly defined time entry categories;
• Training staff on proper use of custom categories;
• Ensuring custom categories comply with organizational policies and legal requirements;
• Proper allocation and reporting of time across categories; and
• Any financial, operational, or compliance issues arising from custom time categories.

9.9.11 Biometric and Location Data

If Organizations use any biometric data (such as fingerprints or facial recognition) or location tracking in conjunction with time entry, Organizations are solely responsible for:

• Compliance with all applicable biometric privacy laws (such as Illinois BIPA, Texas CUBI, etc.);
• Obtaining required consents and providing required notices;
• Secure storage and handling of biometric data;
• Compliance with location tracking and employee privacy laws; and
• Any claims or violations related to biometric or location data collection.

SecureCare does not collect, process, or store biometric data and is not responsible for Organizations' compliance with biometric privacy laws.

9.9.12 Time Entry Disclaimer

SecureCare provides time tracking tools to help you manage staff and volunteer hours efficiently. Time tracking is a critical function with significant legal and financial implications, so it's important to understand how responsibility is divided.

What SecureCare Provides

Our time entry system helps you:

• Track hours worked by staff and volunteers;
• Implement approval workflows;
• Generate time reports for payroll processing;
• Monitor time against projects, cases, and activities;
• Maintain time entry records; and
• Export data for your payroll system.

What Remains Your Responsibility

As the employer, you are responsible for:

• Ensuring time entries accurately reflect hours actually worked;
• Establishing clear time entry policies and training staff;
• Implementing controls to prevent and detect time fraud;
• Proper approval workflows and segregation of duties;
• Compliance with wage and hour laws (FLSA, state laws, overtime requirements);
• Payroll processing and tax compliance;
• Maintaining required employment records; and
• All wage and hour claims and disputes.

Important Limitations

Please understand that:

• SecureCare does not validate whether time entries reflect actual hours worked;
• We don't integrate with payroll providers or process payroll;
• We don't monitor for time theft, buddy punching, or fraudulent entries;
• We don't ensure compliance with break requirements or maximum hour limits;
• You must export time data and process it through your own payroll system; and
• You must maintain independent verification systems for time accuracy.

Why This Matters

Time tracking is a tool, not a compliance solution. Think of it like a calculator—it performs the calculations you ask it to perform, but it can't verify the numbers you enter are correct or ensure you're following wage and hour laws. That requires proper policies, management oversight, and legal compliance programs.

Organizations use time tracking at their own risk. To the maximum extent permitted by law, SecureCare is not liable for wage and hour violations, employment claims, payroll errors, tax compliance issues, or any matters arising from time entry and tracking. We strongly recommend consulting with employment law attorneys and payroll professionals to ensure your time tracking practices comply with applicable laws.

9.10 Donor Management

Organizations may manage donor relationships, accept donations, track contributions, apply donated funds to customer services, generate tax forms, and steward donor relationships through the Service. SecureCare provides donor management tools but disclaims all responsibility for charitable fundraising compliance, tax-exempt status, proper use of donated funds, donor stewardship, and compliance with charitable solicitation laws.

9.10.1 Donor Records and Information

Organizations may maintain donor records including contact information, giving history, communication preferences, and relationship notes. Organizations are solely responsible for:

• Obtaining appropriate consents for donor data collection;
• Maintaining accurate and current donor information;
• Protecting donor privacy and confidentiality;
• Compliance with data privacy laws regarding donor information;
• Honoring donor communication preferences;
• Proper segmentation and management of donor relationships; and
• Any unauthorized use or disclosure of donor information.

9.10.2 Donation Processing and Tracking

Patrons may make donations to Organizations through the Service. Organizations can track donations, view donation history, and manage donor accounts. Organizations are solely responsible for:

• Ensuring they are authorized to accept charitable donations;
• Maintaining valid tax-exempt status if applicable;
• Proper acknowledgment of donations;
• Accurate recording of donation amounts and dates;
• Honoring donor designations and restrictions;
• Compliance with charitable solicitation registration requirements;
• IRS reporting requirements for charitable contributions; and
• Any issues arising from donation processing or tracking.

9.10.3 Fund Application and Transparency

Organizations may apply donated funds to customer accounts to cover service costs. Organizations can track when donated funds are used and for what purposes, providing transparency to donors. Organizations are solely responsible for:

• Proper application of donated funds in accordance with donor restrictions;
• Ensuring funds are used for intended charitable purposes;
• Transparency in fund usage and reporting;
• Compliance with UPMIFA and other fund management laws;
• Proper accounting for restricted and unrestricted funds;
• Stewardship reporting to donors regarding fund usage;
• Compliance with donor agreements and gift instruments; and
• Any misuse or misallocation of donated funds.

9.10.4 Tax Receipts and Forms

SecureCare automatically generates tax forms for donors showing year-to-date donations to Organizations with tax-exempt status enabled and Tax ID on file. Organizations may also generate and send individual donation receipts.

9.10.4.1 Tax Form Generation

Tax forms are generated based on Organization-provided information including Tax ID and tax-exempt status settings. Organizations are solely responsible for:

• Maintaining accurate Tax ID information;
• Ensuring tax-exempt status settings are current and correct;
• Notifying donors of any changes to tax-exempt status;
• Verifying the accuracy of generated tax forms;
• Providing corrected tax forms if errors are discovered;
• Compliance with IRS substantiation requirements; and
• Any consequences of incorrect tax information.

9.10.4.2 Tax Compliance and IRS Requirements

Organizations acknowledge and agree that:

• SecureCare does not verify tax-exempt status or Tax ID accuracy;
• Organizations are responsible for maintaining valid 501(c)(3) or equivalent status;
• Organizations must comply with IRS requirements for donation acknowledgment;
• Organizations must provide required disclosures for quid pro quo contributions;
• Organizations are responsible for IRS Form 990 reporting;
• SecureCare is not responsible for IRS compliance or tax advice;
• Tax forms are provided as a convenience, not official IRS documentation; and
• SecureCare is not liable for tax penalties, denied deductions, or IRS issues.

9.10.4.3 Donor Tax Responsibility

Organizations should inform donors that:

• Donors are responsible for determining their own tax deduction eligibility;
• Donors should consult tax professionals regarding tax matters;
• Tax deductibility depends on individual tax situations;
• Donors should verify Organization tax-exempt status independently;
• Donors should retain their own donation records; and
• Organizations do not provide tax advice to donors.

9.10.5 End-of-Year Giving Statements

Organizations may generate and distribute end-of-year giving statements to donors summarizing annual contributions. Organizations are solely responsible for:

• Timely generation and distribution of year-end statements;
• Accuracy of year-end statement information;
• Compliance with IRS requirements for written acknowledgments;
• Including required disclosures and language;
• Proper handling of year-end contributions (timing, date received vs. postmarked);
• Responding to donor questions about year-end statements; and
• Correcting any errors in year-end statements.

9.10.6 Donor Restrictions and Designations

Donors may designate donations for specific purposes, facilities, or programs. Organizations are solely responsible for:

• Honoring donor designations and restrictions;
• Accounting separately for restricted funds;
• Using restricted funds only for designated purposes;
• Obtaining donor approval before redirecting restricted funds;
• Compliance with donor intent and gift instruments;
• Communicating with donors when designated purposes cannot be fulfilled;
• Returning donations when restrictions cannot be honored; and
• Legal compliance regarding restricted charitable funds.

9.10.7 Donor Refunds

Donor refund policies are described in Section 8.2.3 (Donor Refunds). Organizations are solely responsible for:

• Establishing fair and legal refund policies;
• Determining refund eligibility based on fund usage;
• Processing refund requests in a timely manner;
• Communicating refund policies to donors;
• Compliance with charitable fundraising laws regarding refunds;
• Handling refund disputes appropriately; and
• Any financial or legal consequences of refund decisions.

9.10.8 Donor Communication and Stewardship

Organizations may communicate with donors through various channels to acknowledge gifts, provide impact updates, and maintain donor relationships. Organizations are solely responsible for:

• Timely and appropriate acknowledgment of donations;
• Meaningful donor stewardship and engagement;
• Honoring donor communication preferences;
• Compliance with laws regarding charitable solicitation communications;
• Transparent communication about fund usage and impact;
• Professional and respectful donor communications; and
• Building and maintaining positive donor relationships.

9.10.9 Donor Privacy and Data Protection

Organizations must protect donor privacy and comply with data protection laws. Organizations are solely responsible for:

• Implementing appropriate privacy safeguards for donor data;
• Compliance with data privacy laws (CCPA, GDPR, etc.);
• Providing required privacy notices to donors;
• Honoring opt-out requests;
• Not selling or trading donor information;
• Securing donor payment information;
• Responding to data subject rights requests; and
• Any data breaches or privacy violations involving donor data.

9.10.10 Charitable Solicitation Compliance

Organizations accepting donations must comply with federal and state charitable solicitation laws. Organizations are solely responsible for:

• Registration in states where required before soliciting donations;
• Annual reporting and renewal of charitable solicitation registrations;
• Compliance with state-specific solicitation requirements;
• Required disclosures during solicitation;
• Truthful and non-misleading fundraising communications;
• Proper use of donated funds as solicited;
• Financial reporting to state charity regulators; and
• Any penalties or enforcement actions for non-compliance.

9.10.11 Donor Management Disclaimer

SecureCare provides donor management and fundraising tools to help nonprofits and charitable organizations build sustainable funding. However, charitable fundraising is highly regulated, and compliance remains your responsibility as the charitable organization.

What SecureCare Provides

Our donor management features help you:

• Accept and track donations securely;
• Maintain donor records and communication history;
• Generate tax forms and receipts automatically;
• Track fund application and demonstrate impact;
• Manage donor restrictions and designated funds;
• Process donor refunds when appropriate; and
• Streamline donor stewardship activities.

What Remains Your Responsibility

As the charitable organization, you are responsible for:

• Maintaining valid tax-exempt status (501(c)(3) or equivalent);
• Compliance with IRS requirements (Form 990, substantiation, etc.);
• State charitable solicitation registration and reporting;
• Honoring donor restrictions and designated gifts;
• Proper stewardship and use of donated funds;
• Donor privacy and data protection;
• Accurate tax ID information and tax form data;
• Financial accounting for donations; and
• All aspects of charitable fundraising compliance.

Tax Forms Are Tools, Not Tax Advice

The tax forms we generate are based on data you provide—your tax ID, your tax-exempt status settings, and donation records. We generate forms automatically, but we don't:

• Verify your tax-exempt status;
• Ensure your Tax ID is current;
• Validate IRS substantiation requirements;
• Provide tax advice to you or your donors; or
• Guarantee forms meet all IRS requirements.

Tax forms are convenience tools. You and your donors should consult tax professionals regarding tax deductibility and compliance.

Fund Stewardship

We provide tools to track how donated funds are applied to services, but we don't monitor whether you're honoring donor restrictions, using funds appropriately, or complying with UPMIFA and other charitable fund laws. Proper stewardship of charitable assets is a fundamental nonprofit responsibility that software cannot fulfill.

To the maximum extent permitted by law, SecureCare is not liable for charitable solicitation compliance issues, tax compliance violations, misuse of donated funds, donor disputes, IRS penalties, or regulatory enforcement actions. We provide tools to support your fundraising mission, but you remain responsible for all aspects of charitable fundraising compliance and donor stewardship.

9.11.12 Volunteer Records and Documentation

Organizations should maintain appropriate records for all volunteers. Organizations are solely responsible for:

• Maintaining complete volunteer records;
• Documenting volunteer applications, screening, and selection;
• Retaining volunteer time records and activities;
• Compliance with recordkeeping requirements;
• Protecting volunteer information privacy;
• Providing volunteer records in response to legal requests; and
• Proper disposal of volunteer records when appropriate.

9.11.13 Organization Account Suspension Impact

If an Organization's account is suspended or terminated, volunteering opportunities associated with that Organization will be affected. Organizations acknowledge and agree that:

• Suspended Organizations may not post new opportunities;
• Existing opportunities may be hidden from public search;
• Volunteers may lose access to volunteer time entry;
• Organizations must communicate with volunteers regarding account status;
• SecureCare is not responsible for notifying volunteers of Organization suspension;
• SecureCare is not liable for lost volunteer hours or opportunities; and
• Organizations should maintain alternative volunteer management methods.

9.11.14 Volunteer Legal Classification

Organizations are solely responsible for ensuring volunteers are properly classified and not misclassified employees. Organizations acknowledge and agree that:

• Volunteers must meet legal criteria for volunteer status;
• Volunteers should not receive compensation beyond reimbursement;
• Organizations must comply with Fair Labor Standards Act (FLSA) volunteer provisions;
• Organizations must comply with state wage and hour laws;
• Misclassified volunteers may create employment law liability;
• Organizations should consult legal counsel regarding volunteer classification;
• SecureCare is not responsible for volunteer misclassification; and
• Organizations bear all risk and liability for volunteer classification issues.

9.11.15 Volunteer Management Disclaimer

SecureCare provides volunteer coordination tools to help you recruit, manage, and recognize volunteers effectively. However, volunteer management involves significant legal and operational responsibilities that remain with your organization.

What SecureCare Provides

Our volunteer management features help you:

• Post opportunities and receive applications;
• Track volunteer information and assignments;
• Schedule volunteers and track hours;
• Communicate with volunteers efficiently;
• Maintain volunteer records and documentation;
• Generate volunteer reports; and
• Recognize volunteer contributions.

What Remains Your Responsibility

As the organization utilizing volunteers, you are responsible for:

• Screening and background checks;
• Non-discriminatory selection practices;
• Volunteer training and supervision;
• Volunteer safety and risk management;
• Proper classification (volunteer vs. employee under FLSA);
• Insurance coverage for volunteer activities;
• Compliance with volunteer-related laws and regulations;
• Volunteer conduct and discipline; and
• All volunteer-related liabilities and claims.

Critical Compliance Issues

Volunteer management has important legal considerations:

• Screening: We provide document storage, but you must conduct appropriate background checks;
• Classification: Ensure volunteers meet FLSA requirements and aren't actually employees;
• Safety: Implement appropriate risk management and insurance coverage;
• Non-Discrimination: Apply fair, consistent selection criteria to all applicants; and
• Supervision: Provide adequate training and oversight for volunteer activities.

Our Role Is Limited

We provide coordination tools, not volunteer management services. We don't screen volunteers, verify credentials, conduct background checks, ensure safety protocols, or monitor compliance. Those are organizational management functions that require human judgment and cannot be delegated to software.

To the maximum extent permitted by law, SecureCare is not liable for volunteer screening failures, volunteer misconduct, volunteer injuries, discrimination claims, misclassification issues, volunteer disputes, or any volunteer-related incidents or liabilities. We provide tools to help you manage volunteers effectively, but you remain fully responsible for volunteer program design, implementation, supervision, and all associated legal and operational responsibilities.

9.12 Events and Ticketing

Organizations can create events, sell tickets, and manage event registration through the Service. SecureCare provides integrated ticketing functionality, including a proprietary ticket scanning feature within the application for event check-in and validation.

9.12.1 Event Organization Disclaimer

Attendees and Organizations acknowledge and agree that SecureCare is not the event organizer, promoter, or host. SecureCare provides only the software platform and tools to facilitate event management and ticketing. SecureCare disclaims all liability regarding event organization, ticket sales, event access, attendee management, event cancellations, postponements, refunds, or any disputes arising from events created or managed through the Service.

9.12.2 Ticket Scanner Requirements

The SecureCare ticket scanning feature requires an active internet connection to function. There is no offline mode available for ticket scanning or validation. Organizations using the ticket scanner feature acknowledge and agree that:

• An active and stable internet connection is mandatory for all ticket scanning operations;
• SecureCare is not responsible for ticket scanning failures due to lack of internet connectivity, poor network conditions, or network outages;
• Organizations are solely responsible for ensuring adequate internet access at event venues;
• SecureCare is not liable for any issues arising from inability to scan tickets due to connectivity problems, including but not limited to attendee disputes, entry delays, or event access issues;
• Organizations should have backup verification procedures in place in the event of internet connectivity failure; and
• SecureCare makes no guarantee regarding the availability or performance of the ticket scanning feature.

9.12.3 Ticketing and Access Control

Organizations are solely responsible for ticket pricing, sales policies, access control, attendee verification, and all aspects of event entry management. SecureCare provides tools to facilitate these processes but assumes no responsibility for:

• Fraudulent tickets or unauthorized access to events;
• Duplicate ticket scanning or validation errors;
• Attendee disputes regarding ticket validity or event access;
• Lost, stolen, or transferred tickets;
• Technical issues with ticket generation, distribution, or scanning; or
• Any financial losses resulting from ticketing issues.

9.12.4 Event Cancellations and Refunds

Organizations are solely responsible for establishing and enforcing their own event cancellation and refund policies. In the event of an event cancellation, SecureCare provides tools to facilitate the processing of refunds to attendees. However, Organizations remain solely responsible for determining refund eligibility, refund amounts, and communicating refund policies to attendees. SecureCare is not liable for any disputes regarding refund eligibility, refund timing, partial refunds, or any other refund-related matters. Organizations must ensure they have adequate funds available to process refunds and acknowledge that refund processing times may vary based on payment method and financial institution processing times.

9.12.5 Platform Comparison and Limitation of Liability

Similar to platforms such as Eventbrite and Ticketmaster, SecureCare provides event management and ticketing software as a service. SecureCare is not liable for event-related issues, safety concerns, attendee conduct, venue conditions, event quality, or any other matters related to the actual events created or managed through the Service. Organizations acknowledge that they are the event organizers and bear all responsibility and liability for their events.

9.13 Accounting and Financial Management

The Service provides invoicing, payment tracking, account management, and financial reporting tools to help Organizations manage their financial operations. Organizations can create invoices, track payments, manage customer accounts, view transactions, and generate financial reports. SecureCare provides accounting tools but does not offer financial advice, accounting services, or bookkeeping services, and is not responsible for financial accuracy, regulatory compliance, or reporting errors.

9.13.1 Invoicing

Organizations can generate invoices for services provided to customers. Invoices include line items, charges, payments, adjustments, and balances. Organizations are solely responsible for:

• Accurate and timely invoice creation;
• Proper itemization of services and charges;
• Compliance with billing regulations and consumer protection laws;
• Transparency in pricing and fee disclosure;
• Proper application of payments and credits;
• Invoice delivery to customers;
• Handling billing disputes and errors;
• Collection of unpaid balances;
• Compliance with collections laws and regulations; and
• Tax reporting related to invoiced services.

9.13.2 Payment Processing and Tracking

Organizations can accept and track payments through various methods including credit cards, debit cards, ACH, cash, Apple Pay, and Google Pay. Organizations are solely responsible for:

• Accurate recording of all payments received;
• Proper allocation of payments to invoices or accounts;
• Reconciliation of payments with bank deposits;
• Compliance with payment card industry (PCI) requirements;
• Handling payment disputes and chargebacks;
• Refund processing in accordance with refund policies;
• Cash handling procedures and controls;
• Payment method security; and
• Financial controls to prevent fraud or misappropriation.

9.13.3 Account Management

Organizations can manage financial accounts at the organization, facility, and customer levels. Organizations are solely responsible for:

• Accurate financial record-keeping at all account levels;
• Proper fund transfers between accounts;
• Tracking restricted and unrestricted funds separately;
• Compliance with fund accounting requirements;
• Independent reconciliation of all accounts;
• Maintaining adequate financial controls;
• Segregation of duties in financial management; and
• Financial audits and reporting.

9.13.4 Financial Reporting

The Service provides various financial reports including transaction reports, aging reports, revenue reports, and custom financial reports. Organizations are solely responsible for:

• Interpreting and applying report data appropriately;
• Verifying report accuracy against independent records;
• Using reports for internal management purposes only unless independently verified;
• Not relying solely on Service reports for regulatory compliance;
• Preparing financial statements in accordance with applicable accounting standards;
• Tax reporting and compliance;
• Regulatory financial reporting;
• Audit preparation and documentation; and
• Financial decision-making based on accurate and complete data.

9.13.5 Accounting and Financial Management Disclaimer

SecureCare provides accounting and financial management tools but disclaims all responsibility for:

• Financial accuracy or completeness;
• Compliance with accounting standards (GAAP, FASB, etc.);
• Tax compliance or reporting;
• Regulatory financial reporting;
• Financial audits or audit readiness;
• Financial decision-making or advice;
• Fraud prevention or detection;
• Financial losses or errors; or
• Any financial, tax, or accounting issues.

SECURECARE DOES NOT PROVIDE FINANCIAL, ACCOUNTING, OR TAX ADVICE. ORGANIZATIONS SHOULD CONSULT QUALIFIED ACCOUNTANTS, FINANCIAL ADVISORS, AND TAX PROFESSIONALS FOR ALL FINANCIAL MATTERS. ORGANIZATIONS USE ACCOUNTING TOOLS AT THEIR OWN RISK AND BEAR ALL RESPONSIBILITY FOR FINANCIAL ACCURACY, COMPLIANCE, AND REPORTING.

9.14 Document Storage

SecureCare provides encrypted cloud-based document storage. By using this feature, you acknowledge that SecureCare is not responsible for lost or deleted files and that usage must comply with local data privacy laws.

9.14.1 Allowed File Types

Organizations may upload documents with the following file extensions (subject to change at SecureCare's discretion):

• Images: .jpg, .jpeg, .png, .tiff, .svg, .ico, .gif, .webp, .bmp
• Documents: .pdf, .csv, .xls, .xlsx, .doc, .docx, .txt, .rtf
• Web/Markup: .xml, .html, .htm, .md, .markdown, .json
• Audio: .wav, .mp3, .m4a, .flac, .ogg, .aac

9.14.2 Prohibited File Types

The following file types are strictly prohibited and will be automatically rejected:

Executable files (.exe, .dll, .bat, .cmd, .com, .scr, .app, .deb, .rpm, .dmg, .pkg, .msi), script files (.vbs, .js, .jar, .sh, .bash, .ps1, .psm1, .psd1, .ps1xml, .psc1), and system files (.hta, .cpl, .msc, .gadget, .application). SecureCare reserves the right to modify the list of prohibited file types at any time without prior notice.

9.14.3 File Size Limits

Uploaded files are subject to the following size restrictions (subject to change):

• Image files: Maximum 10 MB per file
• Document files: Maximum 50 MB per file

Files exceeding these limits will be rejected and must be reduced in size before uploading.

9.14.4 Storage Capacity

Total storage capacity is determined by Organization's subscription plan and associated limits. Organizations may not upload files that exceed their allocated storage quota. SecureCare reserves the right to reject uploads that would cause Organization to exceed its storage limits. Additional storage capacity may be available through subscription upgrades.

9.14.5 Security Scanning and Rejection

All uploaded files are subject to automated security scanning, including but not limited to virus detection, malware screening, and content validation. SecureCare employs multiple security measures to protect the integrity of the Service and its users. Files determined to contain malicious content, corrupted data, or that otherwise fail security validation will be automatically rejected and will not be stored. SecureCare is under no obligation to notify Organization of the specific reasons for file rejection beyond general categories (e.g., "security risk detected," "invalid file format").

9.14.6 Content Moderation and Profanity Filtering

SecureCare reserves the right to moderate uploaded content, including file names, document metadata, and embedded text content. Content containing profanity or inappropriate language may be subject to automatic sanitization, including but not limited to replacement of portions of words with asterisks or other characters. Organization acknowledges that such sanitization may alter the appearance or readability of file names or content, and SecureCare is not liable for any confusion or data loss resulting from content moderation.

9.14.7 Document Storage Disclaimer

Organization is solely responsible for maintaining backup copies of all uploaded documents. SecureCare makes no guarantee regarding the availability, integrity, or recoverability of stored documents. SecureCare is not liable for any loss, corruption, or deletion of documents, whether caused by technical failure, security measures, user error, or any other reason. Organizations should not rely solely on SecureCare for document retention and must maintain independent backup copies of all critical documents.

9.4.15 Customer Management Disclaimer

SecureCare provides powerful customer management tools designed to help you deliver excellent service and maintain strong customer relationships. However, the actual delivery of services, quality of care, and customer outcomes remain your core responsibility as the service provider.

What SecureCare Provides

Our customer management platform helps you:

• Maintain comprehensive customer records in one secure location;
• Track service history, appointments, and case management;
• Manage financial accounts, billing, and payments;
• Enable customer portal access for self-service;
• Generate reports and analyze customer data;
• Coordinate care across staff and facilities; and
• Streamline administrative tasks.

What Remains Your Responsibility

As the service provider, you retain full responsibility for:

• The quality, safety, and appropriateness of services you provide;
• Customer satisfaction and complaint resolution;
• Compliance with healthcare, social service, and industry regulations;
• HIPAA compliance if you handle protected health information;
• Clinical decisions and care planning;
• Customer privacy and data protection;
• Accurate billing and financial management; and
• All aspects of customer care and service delivery.

Our Role vs. Your Role

SecureCare is a software platform that helps you manage information and operations—we're not a healthcare provider, social service agency, or care delivery organization. We provide tools; you provide care. We help you track services; you deliver services. We facilitate customer relationships; you build customer relationships.

While we work hard to provide reliable, secure, and feature-rich software, we cannot ensure the quality of your services, guarantee customer satisfaction, or prevent adverse outcomes. Those are inherent to service delivery, not software.

To the maximum extent permitted by law, SecureCare is not liable for customer care issues, service delivery failures, customer injuries or damages, privacy violations, billing disputes, or customer-related legal claims. We provide excellent tools to support your mission, but you remain the service provider with all associated responsibilities and liabilities.

9.15 Reports

The Service provides comprehensive reporting functionality allowing Organizations to generate various reports for operational management, compliance, financial analysis, and decision-making. Reports may include appointments, demographics, events, invoices, services, staff time entry, staff schedules, volunteer time entry, volunteer schedules, and other data. Organizations may export reports in various formats and schedule automated report generation. SecureCare provides reporting tools but disclaims all responsibility for report accuracy, interpretation, decisions based on reports, and compliance with reporting requirements.

9.15.1 Report Types and Data Sources

Available reports include but are not limited to:

• Appointments Report: Appointment history, attendance, cancellations, no-shows
• Demographics Report: Customer demographic information and trends
• Events Report: Event attendance, ticket sales, revenue
• Invoices Report: Billing, payments, aging, outstanding balances
• Services Report: Service delivery, program utilization, outcomes
• Staff Time Entry Report: Staff hours worked, time allocation
• Staff Schedule Report: Staff availability and scheduling
• Volunteer Time Entry Report: Volunteer hours contributed
• Volunteer Schedule Report: Volunteer shift coverage
• Financial Reports: Revenue, expenses, account balances, transactions
• Custom Reports: Organization-specific data analysis

Organizations are solely responsible for:

• Selecting appropriate reports for their needs;
• Understanding report data sources and limitations;
• Interpreting report data correctly;
• Verifying report accuracy against source data;
• Using reports appropriately for decision-making;
• Not relying solely on reports for critical decisions without verification; and
• Any consequences of decisions based on report data.

9.15.2 Report Export and Sharing

Reports may be exported in various formats including PDF, CSV, Excel, and others. Organizations are solely responsible for:

• Securing exported report files containing sensitive data;
• Limiting report sharing to authorized personnel;
• Compliance with privacy laws when sharing reports;
• Redacting sensitive information before external sharing;
• Not sharing reports containing PHI without proper authorization;
• Proper disposal of exported reports; and
• Any unauthorized access or disclosure of report data.

9.15.3 Scheduled and Automated Reports

Organizations may schedule reports to run automatically on a recurring basis. Organizations are solely responsible for:

• Configuring appropriate report schedules;
• Ensuring report recipients are authorized;
• Updating report schedules when personnel changes occur;
• Monitoring scheduled report delivery;
• Addressing failed or missing scheduled reports;
• Compliance with data sharing policies for automated reports; and
• Any issues arising from automated report distribution.

9.15.4 Compliance and Regulatory Reporting

Organizations may use reports for regulatory compliance, licensing, accreditation, or grant reporting. Organizations are solely responsible for:

• Understanding regulatory reporting requirements;
• Ensuring reports contain required data elements;
• Verifying report accuracy before regulatory submission;
• Meeting reporting deadlines;
• Compliance with data definitions and reporting standards;
• Maintaining documentation supporting reported data;
• Responding to regulatory inquiries about reported data; and
• Any penalties or consequences of inaccurate regulatory reporting.

SecureCare does not guarantee reports meet specific regulatory requirements and Organizations should verify compliance independently.

9.15.5 Custom Reports and Data Analysis

Organizations may create custom reports or request data analysis. Organizations are solely responsible for:

• Defining custom report requirements clearly;
• Verifying custom report logic and calculations;
• Testing custom reports before operational use;
• Understanding limitations of custom report data;
• Proper interpretation of data analysis results;
• Not over-interpreting statistical significance; and
• Any decisions based on custom reports or analysis.

9.15.6 Reports Disclaimer

SecureCare provides reporting tools but disclaims all responsibility for:

• Report data accuracy or completeness;
• Report interpretation or analysis;
• Decisions based on report data;
• Compliance with regulatory reporting requirements;
• Meeting specific reporting standards or formats;
• Automated report delivery failures;
• Unauthorized access to exported reports;
• Any financial, operational, or compliance consequences of report use; or
• Any disputes, claims, or liabilities related to reports.

ORGANIZATIONS SHOULD NOT RELY SOLELY ON SERVICE REPORTS FOR CRITICAL DECISIONS, REGULATORY COMPLIANCE, OR FINANCIAL MANAGEMENT. ORGANIZATIONS MUST MAINTAIN INDEPENDENT VERIFICATION SYSTEMS AND SHOULD CONSULT QUALIFIED PROFESSIONALS FOR INTERPRETATION OF COMPLEX DATA.

9.16 Reminders and Notifications

The Service provides automated reminder and notification functionality to help Organizations communicate with customers, staff, volunteers, and donors. Reminders may be sent via email, SMS/text message, or in-app notifications. SecureCare provides reminder tools but disclaims all responsibility for reminder delivery, accuracy, timeliness, and any consequences of failed or missed reminders.

9.16.1 Reminder Types and Configuration

Organizations may configure reminders for various purposes including but not limited to:

• Appointment Reminders: Notifications before scheduled appointments
• Payment Due Reminders: Notifications of upcoming or overdue payments
• Document Reminders: Notifications for required document submission
• Task Reminders: Notifications for staff or customer tasks
• Event Reminders: Notifications before scheduled events
• Volunteer Shift Reminders: Notifications before volunteer shifts
• Custom Reminders: Organization-specific notifications

Organizations are solely responsible for:

• Configuring appropriate reminder timing and frequency;
• Setting clear reminder messages;
• Determining which reminders to enable;
• Testing reminders before operational use;
• Monitoring reminder effectiveness; and
• Adjusting reminder settings based on feedback.

9.16.2 Email Reminders

Email reminders are sent to customer, staff, volunteer, or donor email addresses on file. Organizations are solely responsible for:

• Maintaining accurate and current email addresses;
• Obtaining consent for email communications;
• Compliance with email communication laws (CAN-SPAM, etc.);
• Honoring unsubscribe requests;
• Email content appropriateness and accuracy;
• Not relying solely on email reminders for critical communications; and
• Any consequences of email delivery failures.

SecureCare makes reasonable efforts to deliver email reminders but does not guarantee delivery due to spam filters, email server issues, and other factors beyond SecureCare's control.

9.16.3 SMS/Text Message Reminders

SMS reminders are sent to mobile phone numbers on file. Organizations are solely responsible for:

• Obtaining explicit consent for SMS communications;
• Compliance with Telephone Consumer Protection Act (TCPA);
• Maintaining opt-in records;
• Honoring opt-out requests immediately;
• Ensuring phone numbers are current and accurate;
• SMS message content and character limits;
• SMS messaging costs (if applicable); and
• Any TCPA violations or SMS-related claims.

SecureCare is not responsible for SMS delivery failures, carrier issues, or phone number changes.

9.16.4 In-App Notifications

In-app notifications appear within the Service when users are logged in. Organizations are solely responsible for:

• Determining which notifications to enable;
• Notification content and clarity;
• Not over-using notifications to avoid user fatigue;
• Understanding that users may not see in-app notifications if not logged in; and
• Using multiple notification channels for critical communications.

9.16.5 Reminder Content and Privacy

Reminder content may include appointment details, payment amounts, or other potentially sensitive information. Organizations are solely responsible for:

• Ensuring reminder content is appropriate for the communication channel;
• Limiting sensitive information in reminders;
• Compliance with privacy laws (HIPAA, etc.) regarding reminder content;
• Not including protected health information in unsecured communications;
• Obtaining consent for specific types of reminder content;
• Balancing reminder effectiveness with privacy protection; and
• Any privacy violations or unauthorized disclosures through reminders.

9.16.6 Reminder Failures and Technical Issues

Reminders may fail to deliver due to various technical issues including incorrect contact information, email spam filters, SMS carrier issues, internet outages, or Service technical problems. Organizations acknowledge and agree that:

• SecureCare does not guarantee reminder delivery;
• Organizations should not rely solely on automated reminders;
• Organizations should have backup reminder procedures;
• Organizations are responsible for verifying critical appointments or payments;
• SecureCare is not liable for missed appointments, late payments, or other consequences of reminder failures;
• Organizations should monitor reminder delivery rates; and
• Organizations should address contact information issues promptly.

9.16.7 Reminders Disclaimer

SecureCare provides automated reminder tools to help reduce no-shows and missed deadlines. Reminders are a helpful convenience feature, but they have limitations.

How Reminders Work

Our reminder system:

• Sends automated email, SMS, or in-app notifications;
• Uses contact information on file in the system;
• Allows you to configure timing and delivery methods;
• Tracks delivery attempts; and
• Provides confirmation of sent reminders.

Why Reminders May Not Arrive

Reminders depend on many factors outside our control:

• Email spam filters may block messages;
• SMS delivery requires cellular service and valid phone numbers;
• Recipients may have changed contact information;
• Third-party email and SMS services may experience outages;
• In-app notifications only appear when users are logged in; and
• Technical issues can occasionally affect delivery.

Your Responsibilities

To make reminders effective:

• Maintain current contact information for all users;
• Test reminders to ensure they're configured correctly;
• Use multiple reminder methods for critical appointments;
• Don't rely solely on automated reminders;
• Follow up manually when appropriate;
• Comply with TCPA requirements for SMS reminders; and
• Have backup procedures for important deadlines.

Reminders Are Helpful, Not Guaranteed

Think of reminders as a helpful assistant, not a failsafe system. They significantly reduce missed appointments when working properly, but shouldn't be your only strategy.

To the maximum extent permitted by law, SecureCare is not liable for missed appointments, tasks, or deadlines resulting from failed or delayed reminders. Users and Organizations remain ultimately responsible for tracking their own obligations and maintaining backup reminder systems for critical matters.

9.17 Promo Codes

Organizations may create and manage promotional discount codes (promo codes) that provide discounts on services, programs, or events. Promo codes may offer percentage discounts or fixed amount discounts and may be configured with validity periods, usage limits, and program restrictions. SecureCare provides promo code management tools but disclaims all responsibility for promo code strategy, financial impact, misuse, and any disputes arising from promotional discounts.

9.17.1 Promo Code Configuration

Organizations may configure promo codes with the following attributes:

• Code: Unique alphanumeric identifier
• Discount Type: Percentage or fixed amount
• Discount Value: Percentage (e.g., 20%) or amount (e.g., $50)
• Valid From/To Dates: Date range for code validity
• Usage Limit: Maximum number of times code can be used
• Program Restrictions: Specific programs eligible for discount
• Description: Internal notes about promo code purpose

Organizations are solely responsible for:

• Establishing appropriate promo code strategies;
• Setting reasonable discount amounts;
• Configuring validity periods appropriately;
• Determining usage limits;
• Testing promo codes before distribution;
• Understanding financial impact of discounts; and
• Any financial losses from promo code misuse or errors.

9.17.2 Promo Code Applicability

Promo codes can only be applied to programs that have been configured to accept promo codes. Organizations are solely responsible for:

• Designating which programs accept promo codes;
• Communicating promo code restrictions clearly;
• Ensuring consistent application of promo code policies;
• Managing customer expectations regarding promo code applicability; and
• Any disputes regarding promo code applicability.

9.17.3 Discount Types and Calculations

Promo codes may provide percentage discounts (e.g., 20% off) or fixed amount discounts (e.g., $50 off). Organizations are solely responsible for:

• Selecting appropriate discount types;
• Verifying discount calculations are correct;
• Understanding how discounts apply to multi-item services;
• Ensuring discounts do not create negative balances;
• Honoring advertised discount amounts; and
• Any calculation errors or disputes regarding discount amounts.

9.17.4 Promo Code Validity Period

Promo codes may be configured with start and end dates defining their validity period. Organizations are solely responsible for:

• Setting appropriate validity periods;
• Communicating expiration dates clearly;
• Monitoring promo code expiration;
• Extending validity periods if needed;
• Honoring valid promo codes before expiration;
• Not honoring expired promo codes; and
• Any disputes regarding promo code validity timing.

9.17.5 Promo Code Distribution and Security

Organizations control how promo codes are distributed to customers. Organizations are solely responsible for:

• Secure distribution of promo codes;
• Limiting distribution to intended recipients when appropriate;
• Monitoring for promo code sharing or misuse;
• Creating unique codes for tracking purposes;
• Preventing promo code fraud or abuse;
• Deactivating compromised or widely shared codes; and
• Any financial losses from unauthorized promo code use.

SecureCare is not responsible for promo code distribution or unauthorized use.

9.17.6 Promo Code Modifications and Cancellations

Organizations may modify or delete promo codes at any time. Organizations are solely responsible for:

• Honoring promo codes already distributed before modification;
• Communicating promo code changes to affected customers;
• Not retroactively removing discounts already applied;
• Handling customer complaints about modified or canceled promo codes;
• Compliance with advertising and consumer protection laws regarding promotional offers; and
• Any disputes arising from promo code changes or cancellations.

9.17.7 Program Configuration Requirements

For promo codes to function, programs must be configured to accept them. Organizations acknowledge that:

• Promo codes only work on properly configured programs;
• Organizations must enable promo code acceptance in program settings;
• Customers cannot apply promo codes to ineligible programs;
• Organizations should test promo code functionality before distribution; and
• SecureCare is not responsible for promo codes not working due to program misconfiguration.

9.17.8 Promo Code Disclaimer

SecureCare provides promo code management tools but disclaims all responsibility for:

• Promo code strategy or financial impact;
• Discount calculation errors or disputes;
• Promo code distribution or security;
• Unauthorized promo code use or fraud;
• Financial losses from promo codes;
• Customer disputes regarding promo codes;
• Compliance with advertising or consumer protection laws;
• Any harm arising from promo code use or misuse; or
• Any disputes, claims, or liabilities related to promo codes.

Organizations acknowledge that they control promo code creation, distribution, and policies and bear all responsibility for promotional discount strategies and consequences.

9.18 Security and Data Protection

SecureCare implements industry-standard security measures to protect data and systems, including encryption, access controls, secure transmission protocols, and regular security assessments. However, no system is completely secure, and SecureCare cannot guarantee absolute security. Organizations and users acknowledge and accept the inherent risks of electronic data storage and transmission by using the Service.

9.18.1 SecureCare Security Measures

SecureCare implements various security measures including but not limited to:

• Encryption: Data is encrypted in transit using TLS/SSL protocols and at rest using industry-standard encryption algorithms;
• Access Controls: Role-based access control (RBAC) limits data access to authorized users;
• Authentication: Password requirements, multi-factor authentication options, and session management;
• Network Security: Firewalls, intrusion detection/prevention systems, and network monitoring;
• Application Security: Input validation, output encoding, SQL injection prevention, XSS protection, and secure coding practices;
• Infrastructure Security: Secure hosting environments, regular security patches, and system hardening;
• Monitoring: Security event logging, monitoring, and alerting; and
• Incident Response: Security incident response procedures and breach notification protocols.

These measures are subject to change as security threats evolve and best practices develop. SecureCare continuously works to improve security but makes no guarantee that security measures will prevent all unauthorized access, data breaches, or security incidents.

9.18.2 No Guarantee of Absolute Security

Organizations and users acknowledge and agree that:

• No system connected to the internet is completely secure;
• Determined attackers may find vulnerabilities despite security measures;
• Zero-day exploits and unknown vulnerabilities may exist;
• Third-party services and infrastructure may have security weaknesses;
• User error, social engineering, and insider threats pose security risks;
• Security is a shared responsibility between SecureCare and users;
• By using the Service, you accept the inherent risks of electronic data storage and transmission;
• SecureCare cannot and does not guarantee that data will never be accessed, disclosed, altered, or destroyed by unauthorized parties; and
• You use the Service at your own risk regarding security.

9.18.3 Organization Security Responsibilities

Organizations are solely responsible for:

• Account Security: Maintaining confidentiality of login credentials, not sharing passwords, implementing strong password policies, and promptly disabling terminated user accounts;
• User Management: Granting appropriate access levels, monitoring user activity, detecting unauthorized access, and enforcing security policies;
• Data Classification: Identifying and properly protecting sensitive data, marking sensitive content appropriately, and limiting access to sensitive data;
• Training: Training staff on security best practices, phishing awareness, password security, and organizational security policies;
• Monitoring: Monitoring for suspicious activity, investigating security incidents, and reporting incidents to SecureCare;
• Compliance: Implementing security measures required by applicable laws and regulations (HIPAA, state data breach laws, etc.);
• Third-Party Access: Securing any third-party integrations or API access;
• Device Security: Ensuring devices accessing the Service have adequate security (antivirus, firewalls, updates); and
• Incident Response: Having procedures to respond to security incidents affecting their data.

9.18.4 User Security Responsibilities

All users (Organization staff, Patrons) are responsible for:

• Creating strong, unique passwords and not reusing passwords across services;
• Enabling multi-factor authentication when available;
• Keeping login credentials confidential and not sharing accounts;
• Logging out when finished using the Service, especially on shared devices;
• Reporting suspicious activity or potential security incidents immediately;
• Not attempting to circumvent security measures or access unauthorized data;
• Keeping their devices secure with updated software and security tools;
• Being vigilant against phishing attempts and social engineering; and
• Complying with organizational security policies.

9.18.5 Data Breach Notification

In the event of a data breach affecting personal information, SecureCare will provide notification as required by applicable law. Organizations acknowledge and agree that:

• SecureCare will notify affected Organizations of breaches in accordance with applicable breach notification laws;
• Organizations are responsible for notifying affected individuals as required by applicable law;
• Organizations bear responsibility for breach notification costs and consequences;
• If Organizations are subject to HIPAA, breach notification must comply with HIPAA breach notification rules;
• Organizations must have procedures to respond to breach notifications from SecureCare;
• SecureCare's notification does not constitute an admission of fault or liability;
• Organizations should maintain cyber liability insurance to cover breach-related costs; and
• SecureCare is not liable for breach notification costs, credit monitoring, regulatory fines, or other breach-related expenses incurred by Organizations.

9.18.6 Third-Party Security

The Service integrates with various third-party services including payment processors, email providers, SMS gateways, authentication providers, and others. Organizations acknowledge and agree that:

• Third-party services have their own security measures and practices;
• SecureCare is not responsible for third-party security;
• Third-party services may have different security standards than SecureCare;
• Data transmitted to third-party services is subject to their security practices;
• Organizations should review third-party security practices before using integrations;
• SecureCare is not liable for third-party security breaches or failures; and
• Organizations bear all risk of using third-party integrations.

9.18.7 Penetration Testing and Security Assessments

Organizations may not conduct penetration testing, vulnerability scanning, or security assessments of SecureCare's infrastructure without prior written authorization. Organizations acknowledge and agree that:

• Unauthorized security testing may be construed as an attack and result in legal action;
• Organizations must request permission before conducting any security testing;
• SecureCare conducts regular internal security assessments;
• SecureCare may provide security assessment information upon request subject to confidentiality agreements;
• Organizations requiring specific security certifications or assessments should contact SecureCare; and
• Unauthorized testing may result in immediate account termination.

9.18.8 Security Incident Reporting

Users who discover security vulnerabilities, suspicious activity, or potential security incidents should immediately report them to SecureCare at hello@secure-care.com. Organizations and users acknowledge and agree that:

• Prompt reporting helps SecureCare address security issues quickly;
• Users should not exploit discovered vulnerabilities;
• Users should not publicly disclose vulnerabilities before SecureCare has had opportunity to address them;
• SecureCare appreciates responsible disclosure and will work with security researchers;
• Users should provide detailed information about security issues to facilitate resolution; and
• SecureCare will investigate reported security issues and take appropriate action.

9.18.9 Security Updates and Patches

SecureCare regularly updates the Service to address security vulnerabilities and improve security. Organizations acknowledge and agree that:

• Security updates may be applied without prior notice;
• Some security updates may cause brief service interruptions;
• Organizations should monitor for security-related announcements;
• Organizations should promptly address any security recommendations from SecureCare;
• Delaying security updates or ignoring security recommendations increases risk; and
• Organizations bear responsibility for security issues resulting from failure to follow SecureCare security guidance.

9.18.10 Data Protection and Privacy

Organizations must implement appropriate data protection measures in compliance with applicable privacy laws. Organizations are solely responsible for:

• Compliance with GDPR, CCPA, HIPAA, and other applicable privacy regulations;
• Obtaining appropriate consents for data collection and use;
• Providing required privacy notices to customers and users;
• Responding to data subject rights requests (access, deletion, correction, etc.);
• Maintaining data processing agreements with SecureCare if required;
• Data minimization and retention practices;
• International data transfer compliance if applicable; and
• Any privacy violations or regulatory penalties.

9.18.11 Business Associate Agreement (BAA) for HIPAA

Organizations subject to HIPAA that store protected health information (PHI) in the Service must execute a Business Associate Agreement (BAA) with SecureCare. Organizations acknowledge and agree that:

• A BAA is required before storing PHI in the Service;
• Organizations must request a BAA from SecureCare;
• Using the Service for PHI without a BAA violates HIPAA;
• Organizations are covered entities or business associates under HIPAA;
• Organizations must implement HIPAA-required safeguards beyond what SecureCare provides;
• Organizations are responsible for HIPAA compliance training;
• SecureCare is not liable for Organizations' HIPAA violations; and
• Organizations should not store PHI without proper authorization and BAA.

9.18.12 Limitations on Liability for Security Issues

TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECURECARE'S TOTAL LIABILITY FOR ANY SECURITY BREACH, DATA LOSS, UNAUTHORIZED ACCESS, OR OTHER SECURITY INCIDENT SHALL NOT EXCEED THE AMOUNT PAID BY ORGANIZATION TO SECURECARE IN THE TWELVE (12) MONTHS PRECEDING THE INCIDENT.

SecureCare is not liable for:

• Security breaches caused by user error, weak passwords, or shared credentials;
• Breaches resulting from Organizations' failure to implement adequate security measures;
• Third-party security failures or breaches;
• Social engineering, phishing, or other attacks targeting users;
• Breaches resulting from malware on user devices;
• Unauthorized access by insiders with legitimate credentials;
• Data loss due to user deletion or error;
• Regulatory fines, penalties, or enforcement actions;
• Breach notification costs, credit monitoring, or identity theft protection;
• Reputational damage or business interruption; or
• Any indirect, consequential, special, or punitive damages.

9.19 Organization Administration

Organization administrators can access organization-level settings and configuration through the Organization Admin area. This includes managing organization information, subscription limits, bank accounts, authentication settings, time entry configuration, custom categories, and service requests. SecureCare provides administrative tools but is not responsible for Organizations' configuration decisions, security settings, or administrative actions.

9.19.1 Organization Information

Organizations can manage their organization name, address, contact information, tax information, and other organizational details. Organizations are solely responsible for:

• Maintaining accurate organization information;
• Updating information when it changes;
• Ensuring tax information is correct for donation processing;
• Compliance with registration and licensing requirements;
• Accuracy of publicly-visible organization information; and
• Any consequences of incorrect organization information.

9.19.2 Subscription Management and Limits

Organizations can view their current subscription plan, usage against limits, and upgrade options. Subscription limits apply to various entities as described in Section 7.1.2. Organizations are solely responsible for:

• Monitoring usage against subscription limits;
• Upgrading subscriptions when limits are reached;
• Planning for growth and future capacity needs;
• Managing subscription costs and billing;
• Understanding that reaching limits prevents creation of additional entities; and
• Any business disruption resulting from reaching subscription limits.

Current usage is displayed for: Facilities, Staff Members, Customers, Volunteers, Custom Assessments, Signature Documents, Events, and Document Storage.

9.19.3 Bank Accounts and Payment Methods

Organizations can manage bank accounts (for ACH) and credit/debit cards for subscription payments and receiving payments. Organizations are solely responsible for:

• Maintaining accurate and current payment method information;
• Ensuring sufficient funds for subscription payments;
• Security of bank account and card information;
• Promptly updating expired or invalid payment methods;
• Compliance with banking regulations;
• PCI compliance for card handling;
• Preventing unauthorized access to payment information; and
• Any financial losses from payment method issues.

9.19.4 Authentication Provider and Security Settings

Organizations can choose between SecureCare's built-in authentication or Microsoft Entra (Azure AD) for single sign-on. Organizations can also configure password requirements and multi-factor authentication (MFA) settings. Organizations are solely responsible for:

• Selecting appropriate authentication methods for their security needs;
• Properly configuring third-party authentication if used;
• Setting appropriate password complexity requirements;
• Determining whether to require MFA for all staff;
• Balancing security with user convenience;
• Training staff on authentication procedures;
• Maintaining access during authentication system changes;
• Compliance with security requirements and best practices; and
• Any security breaches resulting from weak authentication settings.

9.19.5 Time Entry Configuration

Organizations can configure time entry periods (weekly, bi-weekly, semi-monthly, monthly) and create custom time entry categories (such as vacation, sick time, personal time). Organizations are solely responsible for:

• Selecting appropriate time entry periods for their operations;
• Creating clear and appropriate custom time categories;
• Training staff on proper use of time categories;
• Ensuring time entry configuration aligns with payroll systems;
• Compliance with wage and hour requirements regarding time tracking; and
• Any payroll issues resulting from time entry configuration.

9.19.6 Service Requests and Support

Organizations can submit service requests to the SecureCare support team for technical assistance, feature requests, or issue reporting. Organizations acknowledge and agree that:

• Service requests are handled during normal business hours unless critical;
• Response times vary based on issue severity and support plan;
• SecureCare makes reasonable efforts to resolve issues but does not guarantee resolution;
• Some feature requests may not be implemented;
• Organizations should provide clear information when submitting requests;
• SecureCare may require additional information to troubleshoot issues;
• Organizations are responsible for testing any fixes or changes; and
• SecureCare is not liable for delays in support response or issue resolution.

9.19.7 Organization Administration Disclaimer

SecureCare provides organization administration tools but disclaims all responsibility for:

• Organizations' configuration decisions;
• Security settings or authentication method selection;
• Reaching subscription limits;
• Payment method failures;
• Incorrect organization information;
• Time entry configuration issues;
• Support request resolution timing; or
• Any consequences of administrative actions or settings.

10. Patron Features

Patron accounts provide free access to donation, volunteering, and customer portal features. By creating and using a Patron account, you agree to the following terms specific to Patron features. These terms supplement the general terms applicable to all users of the Service.

10.1 Patron Account Overview

Patron accounts allow you to donate to Organizations, apply for volunteering opportunities, and access customer portals when linked to customer records by Organizations. A single Patron account can interact with multiple Organizations simultaneously. You may donate to multiple Organizations, volunteer at multiple Organizations, and be linked as a customer to multiple Organizations through one Patron account.

10.1.1 Patron Account Creation and Profile

You are responsible for:

• Providing accurate and current information in your Patron profile;
• Maintaining the security and confidentiality of your account credentials;
• All activities that occur under your account;
• Notifying SecureCare immediately of any unauthorized use of your account;
• Keeping your contact information current for receiving notifications and communications;
• Understanding and complying with these Terms; and
• Your conduct when interacting with Organizations through the Service.

10.1.2 Organization Independence

You acknowledge and agree that:

• SecureCare is not a party to your relationships with Organizations;
• Organizations are independent entities responsible for their own operations;
• SecureCare does not control, endorse, or verify Organizations using the Service;
• Your donations, volunteer work, and customer relationships are with Organizations, not SecureCare;
• Disputes must be resolved directly with Organizations;
• SecureCare is not liable for Organization conduct, misuse of funds, or breach of obligations; and
• You should verify Organization legitimacy and tax-exempt status independently.

10.2 Donor Profile and Donations

Patron accounts include a Donor Profile that allows you to make financial contributions to Organizations and track your donation history. Organizations control whether they accept donations and which facilities are eligible to receive donations.

10.2.1 Making Donations

When making donations through the Service, you acknowledge and agree that:

• All donations are voluntary and made at your sole discretion;
• You are responsible for verifying Organization legitimacy before donating;
• You should independently verify Organization tax-exempt status for tax deduction purposes;
• Donations are processed through third-party payment processors;
• You authorize payment of the donation amount plus any convenience fees you choose to pay;
• Donations are final once processed, subject to Organization refund policies;
• You are responsible for all donations made through your account;
• You must not use stolen payment methods or make fraudulent donations; and
• SecureCare is not responsible for how Organizations use donated funds.

10.2.2 Convenience Fees

Payment processing fees (convenience fees) apply to donations. When making a donation, you may choose to pay the convenience fee yourself or leave it for the Organization to pay. You acknowledge and agree that:

• Convenience fees are clearly disclosed before completing your donation;
• If you choose to pay the convenience fee, it will be added to your payment amount;
• If you leave the fee for the Organization, the Organization will pay the fee from the donation;
• Convenience fees are non-refundable even if the donation is refunded;
• Fee amounts are determined by payment processors and may vary; and
• SecureCare does not profit from convenience fees.

10.2.3 Donation Designations and Restrictions

You may designate donations for specific facilities or purposes. You acknowledge and agree that:

• Organizations are responsible for honoring donation designations and restrictions;
• SecureCare does not monitor or enforce how Organizations use designated funds;
• You should communicate directly with Organizations about donation restrictions;
• If an Organization cannot fulfill your designation, you must work with the Organization for resolution;
• SecureCare is not liable for Organizations' failure to honor donation restrictions; and
• You should verify Organization policies regarding restricted donations before donating.

10.2.4 Donation History and Tracking

Your Donor Profile includes a Donation History that shows all donations you have made through the Service, including donations to both tax-exempt and non-tax-exempt Organizations. You acknowledge and agree that:

• You are responsible for maintaining your own donation records;
• Donation History is provided as a convenience but should not be your sole record;
• You should retain independent confirmation emails and receipts;
• SecureCare is not responsible for lost or incomplete donation records;
• You should download and save donation records regularly; and
• Donation History may not be available if your account is terminated.

10.2.5 Fund Application Transparency

For Organizations that track fund application, you may be able to see how your donated funds were applied to customer services, including the program name, amount applied, and date applied. You acknowledge and agree that:

• Organizations control what information is visible regarding fund application;
• Not all Organizations track or display fund application details;
• Information shown is provided by Organizations and may not be complete;
• SecureCare does not verify the accuracy of fund application information;
• SecureCare is not responsible for how Organizations track or report fund usage;
• Questions about fund usage should be directed to Organizations; and
• You should not rely solely on this feature for donation accountability.

10.2.6 Tax Forms and Receipts

SecureCare automatically generates tax forms showing year-to-date (YTD) donations made to Organizations that had Tax Exempt status enabled and a Tax ID on file at the time of your donation. You can download these forms as PDF documents at any time for the current year.

10.2.6.1 Tax Form Limitations

You acknowledge and agree that:

• Tax forms show only donations made to Organizations with active Tax Exempt status at donation time;
• If an Organization changes its Tax ID, your donations may appear on multiple forms with different Tax IDs;
• Donations to non-tax-exempt Organizations appear in Donation History but not on tax forms;
• Tax forms are auto-generated based on donation data and Organization-provided Tax IDs;
• SecureCare does not verify Organization tax-exempt status or Tax ID accuracy;
• Tax forms are provided as a convenience, not as official IRS documentation;
• You should verify Organization tax-exempt status independently before claiming deductions;
• You are responsible for determining your own tax deduction eligibility; and
• You should retain your own donation records in addition to tax forms.

10.2.6.2 Tax Advice Disclaimer

You acknowledge and agree that:

• SecureCare does not provide tax advice;
• You should consult your own tax professional regarding tax deductibility;
• Tax deductibility depends on your individual tax situation;
• Not all donations are tax-deductible;
• You are solely responsible for proper tax reporting of donations;
• SecureCare is not liable for your tax filing errors or denied deductions; and
• Tax forms are informational only and do not constitute tax advice.

10.2.7 Donation Refunds

Donation refunds are subject to Organization policies as described in Section 8.2.3 (Donor Refunds). You acknowledge and agree that:

• Organizations control donation refund policies;
• Refund eligibility depends on whether funds have been used for services;
• Processing fees may or may not be refundable depending on Organization policy;
• Refund requests must be made within the Organization's specified timeframe;
• SecureCare facilitates refund processing but does not determine refund eligibility;
• Refund disputes must be resolved with Organizations;
• Refunds may take several days to process depending on your financial institution; and
• SecureCare is not liable for refund delays, denials, or disputes.

10.2.8 Donor Profile Disclaimer

You acknowledge and agree that:

• SecureCare is not responsible for how Organizations use donated funds;
• SecureCare does not monitor, verify, or enforce proper use of donations;
• SecureCare is not liable for Organization misuse of funds, fraud, or mismanagement;
• You should research Organizations before donating;
• You bear all risk of donating to Organizations through the Service;
• SecureCare is not responsible for Organization tax-exempt status accuracy;
• SecureCare is not liable for denied tax deductions; and
• All donation-related disputes are between you and Organizations.

10.3 Volunteer Profile and Applications

Patron accounts include a Volunteer Profile that allows you to search for volunteering opportunities posted by Organizations, apply for opportunities, track volunteer time, and manage your volunteer commitments.

10.3.1 Searching and Applying for Opportunities

You can search for volunteering opportunities by location, facility, or keywords. Organizations control which opportunities are publicly visible. You acknowledge and agree that:

• Not all Organizations post public volunteering opportunities;
• Opportunity availability and accuracy are controlled by Organizations;
• Opportunities may be filled, closed, or changed without notice;
• You are responsible for providing accurate information in applications;
• You must meet all qualifications and requirements listed in opportunities;
• Application submission does not guarantee acceptance;
• Organizations have sole discretion over volunteer selection;
• SecureCare is not responsible for opportunity accuracy or availability; and
• SecureCare does not guarantee you will be accepted as a volunteer.

10.3.2 Volunteer Selection and Rejection

Organizations review volunteer applications and make selection decisions. You acknowledge and agree that:

• Organizations have complete discretion over volunteer selection;
• Organizations may accept or reject applications for any lawful reason;
• You are not entitled to any specific volunteer position;
• SecureCare is not responsible for Organizations' selection decisions;
• SecureCare is not liable for discrimination claims arising from volunteer selection;
• Discrimination complaints must be filed with appropriate authorities, not SecureCare;
• SecureCare does not investigate or resolve volunteer selection disputes; and
• You should contact Organizations directly regarding application status.

10.3.3 Volunteer Commitments and Responsibilities

If accepted as a volunteer, you are responsible for:

• Fulfilling your volunteer commitments as agreed with the Organization;
• Arriving on time and prepared for scheduled volunteer shifts;
• Following all Organization policies, procedures, and rules;
• Completing required training and orientation;
• Providing required background checks, documents, or certifications;
• Notifying Organizations promptly if you cannot fulfill commitments;
• Conducting yourself professionally and appropriately;
• Respecting confidentiality and privacy requirements;
• Following safety protocols and procedures; and
• Your own conduct and actions while volunteering.

10.3.9 Volunteer Profile Disclaimer

You acknowledge and agree that:

• SecureCare does not screen, verify, or evaluate Organizations;
• SecureCare is not responsible for Organization conduct or treatment of volunteers;
• SecureCare is not liable for volunteer injuries, harassment, or mistreatment;
• SecureCare does not guarantee opportunity accuracy or availability;
• SecureCare is not responsible for discrimination in volunteer selection;
• SecureCare is not liable for Organization account suspension impacts;
• You bear all risk of volunteering with Organizations through the Service; and
• All volunteer-related disputes are between you and Organizations.

10.4 Linked Customer Access

When an Organization invites you to link your Patron account to a customer record, you gain access to a customer portal where you can view and pay invoices, schedule appointments, and manage your customer relationship with that Organization.

10.4.8 Linked Customer Access Disclaimer

You acknowledge and agree that:

• SecureCare provides customer portal tools but is not party to your customer relationship;
• Organizations control all aspects of your customer account and services;
• SecureCare is not responsible for billing errors, service quality, or customer disputes;
• SecureCare is not liable for appointment scheduling issues or cancellations;
• SecureCare is not responsible for link removal or loss of portal access;
• SecureCare is not liable for payment processing errors or delays;
• All customer service and billing issues must be resolved with Organizations; and
• You bear all responsibility for timely payment and compliance with Organization policies.

10.5 Patron Account General Disclaimer

TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECURECARE DISCLAIMS ALL LIABILITY FOR ANY ISSUES ARISING FROM PATRON ACCOUNT USE INCLUDING BUT NOT LIMITED TO: ORGANIZATION MISUSE OF DONATED FUNDS, VOLUNTEER INJURIES OR MISTREATMENT, DISCRIMINATION IN VOLUNTEER SELECTION, BILLING DISPUTES, APPOINTMENT ISSUES, LINK REMOVAL, ORGANIZATION ACCOUNT SUSPENSION IMPACTS, LOST DATA OR RECORDS, OR ANY OTHER MATTERS RELATED TO YOUR INTERACTIONS WITH ORGANIZATIONS THROUGH THE SERVICE. YOU ACKNOWLEDGE THAT YOUR RELATIONSHIPS ARE WITH ORGANIZATIONS, NOT SECURECARE, AND THAT ALL DISPUTES MUST BE RESOLVED DIRECTLY WITH ORGANIZATIONS. SECURECARE IS NOT RESPONSIBLE FOR VERIFYING ORGANIZATIONS, MONITORING ORGANIZATION CONDUCT, OR ENSURING ORGANIZATION COMPLIANCE WITH LAWS OR OBLIGATIONS.

11. Content Moderation

11.1 Scope of Content Moderation

SecureCare reserves the right to moderate any user-generated content submitted to or created within the Service, including but not limited to: file names, document metadata, embedded text content, customer names, event titles and descriptions, program names, case notes, facility information, staff profiles, volunteer descriptions, assessment content, appointment notes, donor information, invoice descriptions, and any other text-based content entered by Organizations or their users.

11.2 Profanity and Inappropriate Language Filtering

Content containing profanity, obscenities, or inappropriate language may be subject to automatic sanitization. SecureCare employs automated filtering systems that may replace portions of words or entire words with asterisks or other replacement characters when violations of SecureCare's content policy are detected. This sanitization may occur in real-time during content entry or retroactively on previously submitted content.

11.3 Malicious Content and Script Filtering

SecureCare employs automated systems to detect and block potentially harmful content, including but not limited to: malicious scripts, cross-site scripting (XSS) attempts, SQL injection attempts, executable code, embedded malware, phishing links, and other forms of malicious or exploitative content. Any content determined to contain or attempt to inject harmful code or scripts will be automatically rejected, sanitized, or removed without notice. SecureCare reserves the right to suspend or terminate accounts that repeatedly attempt to submit malicious content.

11.4 Content Alteration and Display

Organization acknowledges and agrees that content moderation and profanity filtering may alter the appearance, readability, or meaning of submitted content. SecureCare is not liable for any confusion, miscommunication, data loss, or unintended consequences resulting from automated or manual content moderation. Organizations are responsible for reviewing sanitized content and making any necessary corrections or clarifications.

11.5 Manual Review and Removal

In addition to automated filtering, SecureCare reserves the right to manually review, edit, or remove any content that violates these Terms, SecureCare's Acceptable Use Policy (Section 12), or applicable laws. SecureCare may take such actions without prior notice to Organization. SecureCare is under no obligation to monitor or review all content but reserves the right to do so at its sole discretion.

11.6 No Guarantee of Complete Filtering

While SecureCare implements content moderation measures, Organization acknowledges that no automated system is perfect. SecureCare does not guarantee that all inappropriate content will be detected or filtered, nor does it guarantee that legitimate content will not be inadvertently flagged or sanitized. Organizations remain solely responsible for all content they submit to the Service.

11.7 Organization Responsibilities

Organizations are responsible for ensuring that all content submitted to the Service complies with these Terms, applicable laws, and professional standards. Organizations must not intentionally submit content that violates SecureCare's policies or attempts to circumvent content moderation systems. Organizations must promptly address any content moderation issues brought to their attention by SecureCare.

12. Acceptable Use Policy

While SecureCare® seeks to serve as broad a range of Organizations as possible, while abiding by all applicable export-control and other regulations, there are certain limits that are imposed on the use of our offerings by our acceptable use policy. Specifically, SecureCare® prohibits:

• Illegal Activities: The use of any of its services for any unlawful purpose or in furtherance of any illegal activities.
• Discrimination: The use of any of its services to perform targeted collection on the basis of protected characteristics such as race, sex or gender, sexual-orientation, religion, age, national or ethnic origin, disability status, marital status, or genetic information.
• Physical or Financial Harm: The use of any of its services for causing any physical or financial harm to any other individual or entity. This includes, but is not limited to, facilitating unauthorized access to protected systems, or damaging infrastructure.
• Misuse of Financial or PII Data: The use of any of its services for fraud, theft, misappropriation of data, or otherwise misuse of financial, personal, or other sensitive information.
• Harassment or Stalking: The use of any of its services to harass or stalk any individual as defined by applicable law.
• Obscenity, Pornography, or Sexually Explicit Material: The use of any of its services to improperly access or view obscene, pornographic, or otherwise sexually explicit material.
• Extortion: The use of any of its services to engage in blackmail, extortion, or for otherwise inappropriate purposes.
• Copyright Infringement: The use of any of its services to violate copyright, or any other applicable intellectual property law.

13. Fees

For those Organizations purchasing a paid Service directly from SecureCare, fees are specified on the Order Form.

SecureCare® reserves the right to impose fees, or other limitations (including upload and/or rate limits), on any offerings that are currently offered free of charge, with prior notification of the User.

14. Limitation of Liability

IN NO EVENT SHALL SECURECARE, ITS OFFICERS, DIRECTORS, EMPLOYEES, OR AGENTS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICES.

TO THE MAXIMUM EXTENT PERMITTED BY LAW, SECURECARE'S TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM OR RELATED TO THE SERVICE SHALL NOT EXCEED THE AMOUNT PAID BY YOU TO SECURECARE IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM.

15. Indemnification

You agree to indemnify and hold harmless SecureCare and its affiliates from and against any claims, liabilities, damages, losses, and expenses, including reasonable attorneys' fees, arising out of or in any way connected with your use of the Services, violation of these Terms, or infringement of any third-party rights.

16. Intellectual Property

All content, features, and functionality of the Services, including but not limited to text, graphics, logos, icons, and software, are the exclusive property of SecureCare and protected under applicable intellectual property laws. The name "SecureCare" and related trademarks are registered and may not be used without written permission.

17. Third-Party Services

SecureCare may integrate with third-party services (e.g., payment processors, analytics tools). We are not responsible for the practices or availability of such services and you use them at your own risk.

18. Governing Law and Dispute Resolution

These Terms shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of law provisions. Any disputes arising from these Terms shall be resolved exclusively in the state or federal courts located in Florida, and you consent to the personal jurisdiction and venue of such courts. If SecureCare reincorporates in another jurisdiction, these Terms shall be governed by the laws of such new jurisdiction, and SecureCare will provide notice of such change.

19. Changes to Terms

We may update these Terms from time to time. When we do, we will revise the "Last Updated" date at the top. Continued use of the platform after changes constitutes acceptance of the updated Terms.

20. General Provisions

20.1 Entire Agreement

These Terms constitute the entire agreement between you and SecureCare regarding the use of the Service and supersede all prior agreements and understandings.

20.2 Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

20.3 Waiver

No waiver of any term or condition of these Terms shall be deemed a further or continuing waiver of such term or any other term.

20.4 Assignment

You may not assign or transfer these Terms or your rights hereunder without SecureCare's prior written consent. SecureCare may assign these Terms without restriction.

20.5 Force Majeure

SecureCare shall not be liable for any failure or delay in performance due to circumstances beyond its reasonable control, including acts of God, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, accidents, strikes, or shortages of transportation facilities, fuel, energy, labor, or materials.

21. Contact Information

For questions or legal inquiries:

SecureCare Legal Department
Website: https://secure-care.com
Email: hello@secure-care.com