Terms of Service

I. General Service and License

2. License Grant

Acceptance: By accessing or using the Services, creating an account, or executing an Order Form, Customer agrees to be bound by these Terms. If Customer does not agree to these Terms, Customer must not use the Services.

Subject to your compliance with these Terms, Biocore grants you a limited, non-exclusive, non-transferable, revocable license for Customer and Authorized Users to access and use the Services solely for internal business purposes, subject to the terms herein.

Restrictions: You may not:

• Reverse engineer, decompile, or disassemble the Services or Software
• Modify, adapt, alter, translate, or create derivative works of the Services
• Sell, resell, rent, lease, sublicense, or otherwise transfer the Services or access thereto
• Use the Services to compete with Biocore or develop competing products
• Use the Service in violation of any applicable GxP or FDA regulation, including 21 CFR Part 11
• Remove, alter, or obscure any proprietary notices, labels, or marks on the Services
• Use the Services in any manner that violates applicable laws or regulations

This license shall automatically terminate if you violate any of these restrictions. Upon termination, you must immediately cease all use of the Services and destroy any downloaded materials.

II. Term, Payment, and Termination

4. Term and Termination

Initial Term & Renewal: The initial subscription term is as specified in your Order Form. Subscriptions automatically renew for successive periods of equal duration unless either party provides written notice of non-renewal at least 30 days prior to the expiration of the then-current term.

Termination for Cause: Either party may terminate these Terms if the other party commits a material breach (e.g., non-payment, breach of confidentiality, violation of compliance requirements) that remains uncured after 30 days' written notice. Biocore may immediately suspend or terminate access if Customer violates these Terms or engages in illegal activity.

Post-Termination Data Handling: Upon termination, Biocore will securely retain Customer Data for a period of 90 days, during which Customer may retrieve its data. After this period, Biocore will securely delete all Customer Data in accordance with applicable data protection laws and any executed BAA. Customer is solely responsible for exporting its data prior to termination.

Data Export: Customer may export its data at any time during the subscription term in standard formats (JSON, CSV, PDF) through the Services interface or by request. Biocore will provide data export within 30 days of request at no additional charge for standard exports. Custom export formats may incur additional fees as specified in the Order Form.

III. Data Ownership, Security, and Compliance

This section is critical for pharmaceutical and healthcare customers. Please review carefully.

6. HIPAA and Business Associate Agreement (BAA)

PHI Handling: If Customer Data includes Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), the parties MUST execute a separate, legally binding Business Associate Agreement (BAA) before any such data is uploaded to the Services.

BAA Precedence: The BAA terms will govern the use and safeguarding of PHI, overriding any conflicting provision in these Terms. No PHI may be processed through the Services without a valid BAA in place.

Security Measures: Biocore warrants that it employs reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of electronic PHI (ePHI), in alignment with the HIPAA Security Rule. These safeguards include:

• Encryption of ePHI in transit and at rest
• Access controls and authentication mechanisms
• Audit logging and monitoring
• Regular security assessments and vulnerability testing
• Employee training on HIPAA compliance
• Business Associate agreements with subcontractors
• Breach Notification: Biocore will notify Customer of any security breach involving PHI within the timeframes required by HIPAA (typically within 60 days of discovery) and will cooperate with Customer's breach notification obligations

Subcontractors: Biocore may engage subcontractors to provide the Services, provided that such subcontractors are bound by Business Associate Agreements or equivalent data protection obligations. Biocore will provide a list of material subcontractors upon request.

7. GxP and Data Integrity (FDA Focus)

System Capability: Biocore warrants that the Services are designed to support Customer's GxP compliance (including 21 CFR Part 11 requirements) by providing features such as:

• Audit Trails: Comprehensive logging of all system activities and data changes
• Access Controls: User authentication, authorization, and role-based access management
• Data Provenance Tracking: Complete lineage and history of data modifications
• Electronic Signatures: Support for electronic signature requirements where applicable
• Data Integrity Controls: Mechanisms to prevent unauthorized data modification

Important: Biocore provides the tools and infrastructure to support compliance, but Customer must validate and operate the system in accordance with applicable regulations. Biocore does not provide regulatory consulting or validation services.

8. Data Responsibility by Deployment Type

9. Data Residency and Location

Default Data Storage: By default, Customer Data in managed hosting deployments is stored in Biocore's cloud infrastructure. The primary data center location is specified in the Order Form or SLA.

Data Residency Options: Biocore offers data residency options for customers with specific geographic requirements:

• US Data Residency: US data center options are available for customers requiring data to remain within US jurisdiction. This option is specified in the Order Form and may incur additional fees.
• EU Data Residency: EU data center options are available for customers requiring GDPR-compliant data residency within the European Economic Area.
• Self-Hosted: For customers with strict data residency requirements, self-hosted deployment provides complete control over data location and ensures data never leaves customer infrastructure.

Data Replication and Backups: Data backups and disaster recovery systems may replicate data across geographic regions for redundancy. Backup locations are specified in the SLA or Order Form. Customers with strict data residency requirements should specify backup location restrictions in the Order Form.

Important: Data residency options must be specified in the Order Form at the time of subscription. Changes to data residency after deployment may require data migration and additional fees.

10. Government Data Access and Transparency

Legal Obligations: Biocore may be legally required to disclose Customer Data to government authorities in jurisdictions where we operate, including the UAE, if required by applicable law, court order, or regulatory request.

Customer Notification: Biocore will notify Customer of any government request for Customer Data, unless legally prohibited from doing so. Notification will be provided:

• Prior to disclosure, when legally permitted
• Within 48 hours of disclosure, if prior notification is prohibited
• Immediately upon learning that a prohibition on notification has been lifted

Data Access Resistance: Biocore will:

• Challenge government requests that appear overbroad or lack proper legal basis
• Require valid legal process (subpoena, court order, warrant) before disclosure
• Limit disclosure to the minimum data necessary to comply with the request
• Require government authorities to provide written assurance of legal authority

Transparency Reporting: Biocore will provide annual transparency reports (upon request) summarizing government data requests, including the number of requests received and the number of requests where data was disclosed.

Self-Hosted Deployments: For self-hosted deployments, Biocore has no access to Customer Data and therefore cannot be compelled to disclose it. Government requests would be directed to Customer, who maintains full control and responsibility.

11. Cross-Border Data Transfers and Export Control

Data Transfer Safeguards: When Customer Data is transferred across borders, Biocore implements appropriate safeguards to ensure data protection:

• Standard Contractual Clauses (SCCs): For EU customers, Biocore uses EU-approved Standard Contractual Clauses for data transfers outside the EEA, as required by GDPR.
• Adequacy Decisions: Biocore leverages adequacy decisions where available (e.g., UK adequacy for EU-UK transfers).
• Data Processing Agreements: All data transfers are governed by data processing agreements that specify transfer mechanisms and safeguards.
• Encryption: All data transfers are encrypted in transit using TLS 1.3 or higher.

Export Control Compliance: Biocore complies with applicable export control regulations, including:

• US Export Administration Regulations (EAR): Compliance with US Department of Commerce export control requirements
• International Traffic in Arms Regulations (ITAR): If Customer Data includes ITAR-controlled information, Customer must notify Biocore and additional restrictions may apply
• Sanctions Screening: Biocore screens all customers against applicable sanctions lists (OFAC, UN, EU) and will not provide Services to sanctioned entities
• Trade Restrictions: Biocore complies with applicable trade restrictions and embargoes

Customer Responsibility: Customer is responsible for ensuring that its use of the Services complies with all applicable export control laws and regulations. Customer must notify Biocore if Customer Data includes export-controlled information.

12. Regulatory Compliance and Oversight

US Regulatory Compliance: Biocore is committed to compliance with applicable US federal and state regulations for US-based customers, including:

• FDA Regulations: Support for FDA regulatory requirements, including 21 CFR Part 11, GxP standards, and data integrity requirements
• HIPAA: HIPAA Security Rule compliance for healthcare customers (with BAA)
• State Regulations: Compliance with applicable state data protection and privacy laws
• Export Controls: Compliance with US export control regulations (EAR, ITAR)

FDA Inspection Support: Biocore will provide reasonable cooperation and support during FDA inspections of Customer facilities, including:

• Providing system documentation and validation materials
• Responding to FDA inquiries about system capabilities and compliance features
• Providing technical support during inspections (with advance notice)
• Maintaining audit logs and system documentation for inspection purposes

Regulatory Change Management: Biocore monitors regulatory changes and will:

• Notify customers of regulatory changes that may impact the Services
• Provide impact assessments for regulatory changes
• Update the Services to maintain compliance with applicable regulations
• Provide advance notice (minimum 30 days) of system changes related to regulatory compliance

Regulatory Oversight: While Biocore is not directly regulated by the FDA, we maintain compliance with applicable regulations and provide support for customers' regulatory compliance requirements. Customer remains responsible for ensuring its use of the Services complies with all applicable regulations.

III. Data Sources and Attribution

IV. Warranties, Liability, and Jurisdiction

14. Limitation of Liability

Cap on Liability: The total aggregate liability of Biocore to Customer arising out of or related to these Terms shall not exceed the total fees paid by Customer to Biocore in the twelve (12) months immediately preceding the event giving rise to the claim.

Exclusions: In no event shall Biocore be liable for any indirect, incidental, special, punitive, or consequential damages, including but not limited to loss of profits, data, business opportunities, or goodwill, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, regardless of the theory of liability (contract, tort, negligence, strict liability, or otherwise).

Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation may not apply to you. In such cases, Biocore's liability will be limited to the maximum extent permitted by applicable law.

15. Indemnification

By Vendor (IP): Biocore will defend Customer against any third-party claim that the Services infringe upon any intellectual property rights, and will indemnify Customer for any damages finally awarded against Customer (or amounts paid in settlement) resulting from such claim, provided Customer promptly notifies Biocore and cooperates in the defense.

By Customer (CRITICAL): Customer will defend Biocore against any claim arising from:

• Customer's misuse of the Services
• Customer's violation of the BAA (if applicable)
• Customer's non-compliance with any law, including FDA, GxP, or HIPAA regulations
• Customer's violation of these Terms
• Customer Data or Customer's use of Customer Data

Customer will indemnify Biocore for any damages finally awarded against Biocore (or amounts paid in settlement) resulting from such claims, provided Biocore promptly notifies Customer and cooperates in the defense.

16. Governing Law and Dispute Resolution

Governing Law: These Terms are governed by and construed in accordance with the laws of the United Arab Emirates and the Emirate of Dubai, without regard to its conflict of law provisions, unless otherwise specified in the Order Form.

US Customer Option: For customers located in the United States, the parties may agree in the Order Form to govern these Terms by the laws of a US state (typically Delaware or New York). If US law is selected:

• US federal and state laws will apply, including data protection, consumer protection, and pharmaceutical regulations
• Disputes will be subject to US jurisdiction as specified in the Order Form
• Biocore commits to compliance with applicable US laws and regulations
• Data residency options will be available as specified in the Order Form

Jurisdiction: Any disputes arising from or relating to these Terms or the Services shall be subject to the exclusive jurisdiction of the competent courts of Dubai, United Arab Emirates, unless otherwise specified in the Order Form or BAA. For US customers who select US jurisdiction in the Order Form, disputes will be subject to the exclusive jurisdiction of the courts specified in the Order Form (typically federal courts or state courts in Delaware or New York).

Arbitration: For enterprise customers, the parties may agree in the Order Form to resolve disputes through binding arbitration under the rules of:

• International Chamber of Commerce (ICC): For international disputes
• American Arbitration Association (AAA): For US-based disputes
• Dubai International Arbitration Centre (DIAC): For UAE-based disputes

Arbitration will be conducted in the location specified in the Order Form, in the language specified in the Order Form (typically English). The arbitrator's decision will be final and binding, except as required by applicable law.

Dispute Resolution Process: Before initiating formal legal proceedings or arbitration, the parties agree to attempt to resolve disputes through:

1. Good Faith Negotiation: Direct discussions between authorized representatives (30 days)
2. Executive Escalation: Escalation to senior executives if negotiation fails (15 days)
3. Mediation: Non-binding mediation if escalation fails (optional, 30 days)
4. Arbitration or Litigation: As specified in the Order Form or these Terms

We comply with applicable data protection and consumer protection laws in all jurisdictions where we operate. The dispute resolution mechanism selected will not affect either party's rights under applicable data protection laws.

V. Additional Terms

18. Intellectual Property

All content, features, and functionality of the Service, including but not limited to text, graphics, logos, icons, images, data compilations, and software, are the exclusive property of Biocore or its content suppliers and are protected by international copyright, trademark, patent, trade secret, and other intellectual property laws.

You may not reproduce, distribute, modify, create derivative works of, publicly display, publicly perform, republish, download, store, or transmit any of the material on our Service without prior written consent from Biocore, except as expressly permitted by these Terms.

19. Modifications to Terms

Biocore may revise these Terms at any time without notice. By continuing to use the Service, you are agreeing to be bound by the then-current version of these Terms.

We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material, we will try to provide at least 30 days' notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion. Your continued use of the Service after any changes constitutes your acceptance of the updated Terms.

20. Force Majeure

Neither party shall be liable for any failure or delay in performance under these Terms due to circumstances beyond its reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, pandemics, government actions, cyberattacks, or failures of third-party service providers (including cloud infrastructure providers), provided that the affected party:

• Gives prompt written notice to the other party describing the force majeure event
• Uses reasonable efforts to mitigate the impact of the force majeure event
• Resumes performance as soon as reasonably practicable

If a force majeure event continues for more than 90 days, either party may terminate these Terms upon written notice to the other party.

21. Assignment

Neither party may assign these Terms or any rights or obligations hereunder without the prior written consent of the other party, except that either party may assign these Terms without consent in connection with a merger, acquisition, or sale of all or substantially all of its assets. Any attempted assignment in violation of this section shall be void.

22. Severability and Waiver

Severability: If any provision of these Terms is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remaining provisions will remain in full force and effect, and the invalid provision will be modified to the minimum extent necessary to make it valid and enforceable.

Waiver: No waiver of any provision of these Terms shall be effective unless in writing and signed by the party against whom the waiver is sought. No failure or delay by either party in exercising any right hereunder shall constitute a waiver of such right.

23. Entire Agreement

These Terms, together with any Order Forms, BAAs, SLAs, and other agreements referenced herein, constitute the entire agreement between Customer and Biocore regarding the Services and supersede all prior or contemporaneous agreements, understandings, or communications, whether written or oral, relating to the subject matter hereof.

24. Contact Information

If you have any questions about these Terms of Service, please contact us:

Last Updated: February 3, 2026

By using Biocore's Services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service. If you do not agree to these Terms, you must not use the Services.