SMS Terms of Service

1. Overview

These SMS Terms of Service ("SMS Terms") govern your enrollment in and use of SMS-based messaging services provided by Cordata Healthcare Innovations, Inc. ("Cordata," "we," "us," or "our"), including but not limited to Two-Factor Authentication (2FA) verification messages and account security notifications.

By providing your mobile phone number and enrolling in any Cordata SMS messaging program, you agree to these SMS Terms. If you do not agree, do not enroll in SMS messaging services.

These SMS Terms are incorporated into and form part of Cordata's general Terms of Service / End User License Agreement, available at https://policy.cordata.io.

2. Program Description

Cordata operates the following SMS messaging program(s):

All messages sent under these programs are transactional in nature and are directly related to the security and operation of your Cordata account. We do not send marketing or promotional SMS messages.

3. Consent & Enrollment

3.1 Express Written Consent

By enrolling your mobile phone number in Cordata's SMS messaging program, you expressly consent to receive automated text messages from Cordata at the phone number you provide, solely for the purposes described in Section 2. This consent is provided in accordance with the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, and applicable regulations.

3.2 Who May Enroll

You may enroll in Cordata's SMS program only if you:

• Are the account holder or authorized user of the mobile phone number provided
• Are 18 years of age or older, or the age of majority in your jurisdiction
• Are a current authorized user of Cordata's platform
• Have the legal authority to provide consent for the phone number enrolled

3.3 Accuracy of Information

You represent that the mobile phone number you provide is accurate, current, and assigned to you. You agree to promptly update your phone number in your account settings if it changes. You are responsible for any messages sent to an incorrect number you have provided.

3.4 No Third-Party Numbers

You agree not to enroll a phone number belonging to another individual without their express consent. Enrolling a third party's phone number without authorization may constitute a violation of the TCPA and other applicable laws.

4. Message Frequency & Content

4.1 Frequency

Message frequency varies based on your account activity. You will only receive messages when:

• You initiate a login or account verification event
• A security event is detected on your account that requires your attention

There are no recurring scheduled messages. Messages are triggered solely by account activity.

4.2 Content

All messages will:

• Identify Cordata as the sender
• Contain only information relevant to the security or verification event that triggered them
• Never contain marketing, advertising, or promotional content
• Never request your password or full account credentials

Example message:

"Your Cordata verification code is 847291. This code expires in 10 minutes. If you did not request this, please contact support@cordatahealth.com."

5. Charges & Carrier Responsibility

• Message and data rates may apply. Standard messaging and data rates charged by your mobile carrier may apply to messages you receive from Cordata.
• Cordata is not responsible for any charges imposed by your mobile carrier in connection with SMS messages.
• Check with your mobile carrier if you are unsure whether standard rates apply to your plan.
• Cordata does not charge separately for SMS 2FA as part of your account subscription.

6. How to Opt Out (STOP)

6.1 Reply STOP

You may opt out of Cordata SMS messages at any time by replying STOP to any message you receive from us. Upon receiving your STOP request, we will send a single confirmation message and no further messages will be sent to that number.

Confirmation message upon STOP:

"You have been unsubscribed from Cordata SMS messages. No further messages will be sent to this number. To re-enable SMS 2FA, log in to your account settings at cordatahealth.com, or reply START to restart messages."

6.2 Account Settings

You may also disable SMS-based 2FA at any time through your account settings.

6.3 Effect of Opting Out

Please be aware that opting out of SMS messages may affect your ability to access your account if SMS is your only configured two-factor authentication method. We recommend configuring an alternative 2FA method before opting out of SMS.

6.4 Re-enrollment

If you have previously opted out and wish to re-enroll, you may do so through your account settings. Re-enrollment constitutes renewed consent under these SMS Terms.

7. Help & Support

7.1 Reply HELP

Reply HELP to any Cordata SMS message to receive support contact information. You will receive the following response:

"Cordata SMS Support: For help with SMS 2FA, contact support@cordatahealth.com or visit cordatahealth.com/support. Reply STOP to unsubscribe."

7.2 Contact Support

For questions about Cordata's SMS program, contact us at:

• Email: support@cordatahealth.com
• Website: https://www.cordatahealth.com
• Mail: Cordata Healthcare Innovations, Inc., Attn: Privacy & Security, 8150 Corporate Park Drive, Suite 210, Cincinnati, OH 45242

8. Supported Carriers

Cordata's SMS program is available on most major US wireless carriers, including but not limited to:

AT&T, Verizon, T-Mobile, Sprint, US Cellular, Boost Mobile, Cricket Wireless, MetroPCS, and others.

Carrier support is not guaranteed for all carriers or all devices. Cordata is not liable for delayed or undelivered messages due to carrier issues.

9. Third-Party Messaging Providers

Cordata uses Amazon Web Services (AWS) End User Messaging and/or Twilio to transmit SMS messages on our behalf. These providers act as data processors under our direction and are:

• Prohibited from using your phone number for any purpose other than delivering messages on Cordata's behalf
• Subject to executed data processing agreements with Cordata
• Required to maintain appropriate technical and organizational security measures

Relevant policies:

10. Privacy & Data Use

Your mobile phone number and SMS-related data are handled in accordance with our SMS Two-Factor Authentication Privacy Policy, available at https://policy.cordata.io.

Key points:

• Your phone number is used solely for identity verification and account security purposes
• We do not sell, rent, or share your phone number with third parties for marketing purposes
• Phone numbers are encrypted at rest and in transit
• To the extent SMS authentication data is associated with a patient account and constitutes Protected Health Information (PHI) under HIPAA, it is also governed by our HIPAA Notice of Privacy Practices, available at https://policy.cordata.io

11. HIPAA Acknowledgment

Cordata is a healthcare technology company subject to the Health Insurance Portability and Accountability Act (HIPAA). Where SMS 2FA is used to secure access to systems containing Protected Health Information:

• SMS verification metadata (such as timestamps and phone numbers associated with patient accounts) may constitute PHI and will be handled accordingly
• Our third-party SMS providers operate under executed Business Associate Agreements (BAAs) where required by HIPAA
• Use of SMS 2FA does not itself transmit PHI — verification codes are randomly generated and contain no clinical or patient data

12. Prohibited Uses

You agree not to use Cordata's SMS service to:

• Enroll a phone number you do not own or are not authorized to use
• Attempt to intercept, spoof, or tamper with SMS verification codes
• Use automated tools to generate or replay verification codes
• Circumvent or disable 2FA security controls
• Violate any applicable federal, state, or local law or regulation

Violations may result in immediate account suspension and may be reported to appropriate authorities.

13. Limitation of Liability

13.1 Delivery

Cordata does not guarantee that SMS messages will be delivered in a timely manner or at all. Delivery depends on factors outside our control, including carrier network availability, device status, and message routing.

13.2 Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, CORDATA SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATED TO YOUR USE OF OR INABILITY TO USE THE SMS SERVICE, INCLUDING BUT NOT LIMITED TO FAILED MESSAGE DELIVERY, CARRIER CHARGES, OR UNAUTHORIZED ACCOUNT ACCESS RESULTING FROM SMS INTERCEPTION.

13.3 Security Limitations

While SMS 2FA significantly enhances account security, Cordata does not warrant that SMS-based authentication is immune to all forms of attack, including SIM swapping or SS7 vulnerabilities. Users with heightened security requirements should consider using an authenticator app-based 2FA method where available.

14. Changes to These SMS Terms

We may update these SMS Terms from time to time to reflect changes in law, carrier requirements, or our services. When we do, we will:

• Update the "Last Updated" date at the top of this document
• Provide notice through your account or via email where required by law

Continued use of Cordata's SMS service following notice of changes constitutes your acceptance of the updated terms. If you do not agree to updated terms, you may opt out of SMS messaging as described in Section 6.

15. Governing Law

These SMS Terms are governed by the laws of the State of Ohio, without regard to its conflict of law provisions. Any disputes arising under these SMS Terms shall be resolved in accordance with the dispute resolution provisions of Cordata's general Terms of Service.

16. Contact Information

Cordata Healthcare Innovations, Inc.
Attn: Privacy & Security
8150 Corporate Park Drive, Suite 210
Cincinnati, OH 45242
📧 support@cordatahealth.com
🌐 https://www.cordatahealth.com

Message and data rates may apply. Message frequency varies. Reply STOP to opt out. Reply HELP for support.