This Business Associate Agreement (the "Agreement") is entered into by and between Flourish Healthcare LLC and the undersigned customer ("Covered Entity"

a. LuxSci. "LuxSci" shall mean Lux Scientiae, Incorporated ("Lux Scientiae" or "LuxSci" b. Business Associate. "Business Associate" shall generally have the same meaning as the term "business associate" at 45 CFR 160.103, and in reference to the party to this agreement, shall mean Flourish Healthcare LLC ("Flourish Health" or "Flourish" c. Covered Entity. "Covered Entity" shall generally have the same meaning as the term "covered entity" at 45 CFR 160.103 d. CFR. "CFR" shall mean the Code of Federal Regulations. e. Disclosure. "Disclosure" of PHI means "the release, transfer, provision of, access to, or divulging in any other manner, of PHI outside the entity holding the information," as per 45 CFR 160.103. f.Privacy Rule. "Privacy Rule" shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E. g. Protected Health Information. "Protected Health Information" (PHI) shall have the same meaning as the term "protected health information" in 45 CFR 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity. h. Required by Law. "Required by Law" shall have the same meaning as the term "required by law" in 45 CFR 164.103. i.Use. "Use" of PHI shall mean "the sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information," as per 45 CFR 160.103.

2. SOFTWARE OWNERSHIP AND RESPONSIBILITIES

a. Software Ownership. The Covered Entity acknowledges that LuxSci is the proprietary owner of the software being provided. b. Reseller Role. Business Associate acts as a reseller for said software. The responsibility for the software's functionality and HIPAA compliance rests with LuxSci. c. User Onboarding and Technical Support Business Associate is responsible for managing the user onboarding process for the software. This includes implementation, user management, limited technical support, and training., providing limited technical support resetting passwords, and adding new user accounts. However, Business Associate does not have any control over the software's core functionality or its HIPAA compliance measures, which rests with LuxSci. d. Limitation on Access to PHI. While Business Associate assists with managing payments, providing limited technical support, and user management, it does

not have access to, nor control over, the Protected Health Information processed by the software, except as required to perform its obligations under this Agreement.

3. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE

a. Business Associate agrees to not Use or Disclose PHI other than as permitted or required by this Agreement or as permitted or required by law. b. Business Associate agrees to use appropriate safeguards to prevent Use or Disclosure of the PHI other than as provided for by this Agreement. c. Business Associate will manage the purchase, onboarding, and technical support of LuxSci licenses on behalf of the Covered Entity. This includes the transmission of material over email, web sites, and other means. Business Associate provides the means to ensure that PHI is encrypted so that it will not be disclosed in ways that would violate the Privacy Rule.

4. PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE

Except as otherwise limited in this Agreement or other portion of the Agreement, Business Associate may Use or Disclose PHI to perform functions, activities, or services for, or on behalf of, Covered Entity as specified in the Agreement, provided that such Use or Disclosure would not violate the Privacy Rule if done by you.

Business Associate's services include the transmission of material over email, web sites, and other means. Business Associate provides the means to ensure that PHI is encrypted so that it will not be Disclosed in ways that would violate the Privacy Rule. As per obligation in Section 5.g, it is up to Covered Entity to use the appropriate optional services to ensure the appropriate level of security for the PHI that travels through or is stored in Business Associate's services.

5. SPECIFIC USE AND DISCLOSURE PROVISIONS

Except as otherwise limited in this Agreement or other portion of the Agreement, Business Associate may: a. Use or disclose PHI to perform functions, activities, or services for, or on behalf of, the Covered Entity as specified in this Agreement, provided that

such use or disclosure would not violate the Privacy Rule if done by the Covered Entity. b. Use PHI for the proper management and administration of the Business Associate or to carry out its legal responsibilities.

5. OBLIGATIONS OF COVERED ENTITY

a. Covered Entity agrees to notify Business Associate of any changes in or revocation of permission to use or disclose PHI, and any restrictions to the use or disclosure of PHI. b. Covered Entity should not request Business Associate to use or disclose PHI in any manner that would not be permissible under the Privacy Rule if done by the Covered Entity.

a. Term. The Term of this Agreement shall be effective as of the date when Covered Entity signs this Agreement and it is accepted by both parties. The Agreement terminates upon the end of the underlying service agreement between the Parties.

b. Termination for Cause. If either Party believes that the other Party has breached any material term of this Agreement, the non-breaching Party shall provide written notice of said breach. The breaching Party shall have 30 days to cure the breach. If the breach is not cured within the specified period, the non-breaching Party may immediately terminate this Agreement. i.In the case of legitimate Termination for Cause, Covered Entity may also terminate its accounts with Business Associate without regard to any time remaining on Covered Entity's account contracts, though any amounts due to Business Associate at that time will become immediately due. Additionally, Businesses Associate may immediately terminate this Business Associate Agreement and the Customer's account upon notice to Covered Entity if the Covered Entity fails to meet its HIPAA obligations. c. Obligations upon Termination. Upon termination, the Business Associate shall, at the choice of the Covered Entity, either return or destroy all Protected Health Information received, maintained, or created on behalf of the Covered Entity. If return or destruction is not feasible, the Business Associate shall extend all protections, limitations, and restrictions contained in this Agreement to the Business Associate's use and/or disclosure of any retained Protected Health Information for as long as it is maintained. d. Survival. The obligations under Section C of this Article shall survive the termination of this Agreement.

a. The Covered Entity and Business Associate agree to take such action to amend this Agreement from time to time as is necessary for the Covered Entity to comply with the requirements of the Privacy Rule and the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191.

YES, I have read and agree with the Business Associate Agreement.