← Back to documentation

Data Use Agreement

Template DUA covering permitted uses, restrictions, security requirements, and termination.

Legal (Buyer)

SynthABA Data Use Agreement

Effective Date: _______________

1. Parties

This Data Use Agreement ("Agreement") is entered into by and between:

Provider: SynthABA, a product of FPI Enterprises, Inc. [Address] ("Provider")

Recipient:

[Address] ("Recipient")

Provider and Recipient are each referred to individually as a "Party" and collectively as the "Parties."

2. Definitions

2.1 "Synthetic Data" means data that is artificially generated using computational models, algorithms, clinical templates, and randomized parameters, and that does not contain, derive from, or reference any real patient records or individually identifiable health information.

2.2 "Dataset" means the specific collection of Synthetic Data provided by Provider to Recipient under this Agreement, as identified by version number, batch ID, and record count in the applicable Order Form or Dataset Specification.

2.3 "Protected Health Information" or "PHI" has the meaning set forth in 45 CFR Section 160.103, as amended from time to time, and includes any individually identifiable health information relating to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

2.4 "Permitted Use" means any use of the Dataset expressly authorized under Section 4 of this Agreement.

2.5 "Authorized Users" means Recipient's employees, contractors, and agents who (a) have a legitimate business need to access the Dataset in connection with a Permitted Use, (b) have been informed of and agree to comply with the terms of this Agreement, and (c) are subject to written confidentiality obligations no less restrictive than those contained herein.

2.6 "Derivative Work" means any dataset, model, algorithm, software, analysis, report, or other work product created by Recipient using or incorporating the Dataset, in whole or in part.

2.7 "Order Form" means any mutually executed document referencing this Agreement that specifies the Dataset, license fees, term, and any additional terms applicable to a particular Dataset delivery.

3. Grant of License

3.1 License Grant. Subject to the terms and conditions of this Agreement and payment of applicable fees, Provider hereby grants to Recipient a non-exclusive, non-transferable, non-sublicensable, revocable license to use the Dataset solely for Permitted Uses during the Term.

3.2 Scope. The license granted herein extends only to the specific Dataset identified in the applicable Order Form. Each additional Dataset delivery shall require a separate Order Form or amendment to this Agreement.

3.3 No Other Rights. Except for the limited license expressly granted in this Section, no other rights or licenses are granted by Provider to Recipient, whether by implication, estoppel, or otherwise.

4. Permitted Uses

Recipient may use the Dataset solely for the following purposes:

(a) Training Machine Learning and Artificial Intelligence Models. Recipient may use the Dataset to train, fine-tune, validate, and evaluate machine learning models, artificial intelligence systems, natural language processing systems, and related computational models.

(b) Benchmarking. Recipient may use the Dataset to benchmark the performance of algorithms, models, or software systems against standardized metrics.

(c) Product Testing and Quality Assurance. Recipient may use the Dataset for internal product development, software testing, quality assurance, and staging environment population.

(d) Academic Research. Recipient may use the Dataset for academic and scholarly research purposes, including the publication of research findings, provided that any publication includes appropriate attribution to SynthABA as the data source.

(e) Internal Analytics. Recipient may use the Dataset for internal business analytics, reporting, and decision-support purposes that do not involve direct clinical care or treatment decisions.

5. Restrictions

Recipient shall NOT:

(a) Re-identification. Attempt to re-identify, de-anonymize, or link any records in the Dataset to any real individual, patient, or healthcare provider, whether through data matching, inference, or any other method. The Parties acknowledge that because the Dataset is 100% synthetically generated, re-identification is not possible; however, this restriction is included as a safeguard against misuse.

(b) Redistribution. Redistribute, sublicense, resell, publish, share, or otherwise make the Dataset available to any third party without prior written consent from Provider. This restriction does not apply to Derivative Works that do not contain verbatim copies of Dataset records (e.g., trained model weights are not considered redistribution).

(c) Clinical Care. Use the Dataset, or any Derivative Work created from the Dataset, for direct clinical care, treatment decisions, or patient management involving real patients. The Dataset is intended for development, testing, and training purposes only.

(d) Insurance Adjudication. Use the Dataset for insurance claim adjudication, coverage determinations, utilization review, or any other insurance-related decision-making involving real patients or claims.

(e) Competing Products. Use the Dataset to create, develop, or improve a competing synthetic data product or service. For the avoidance of doubt, this restriction does not prohibit Recipient from training models that generate predictions, classifications, or other outputs unrelated to synthetic data generation.

6. Security Requirements

6.1 Encryption. Recipient shall encrypt the Dataset at rest using AES-256 or equivalent encryption and in transit using TLS 1.2 or higher.

6.2 Access Controls. Recipient shall implement role-based access controls to limit Dataset access to Authorized Users only. Recipient shall maintain a current list of Authorized Users and promptly revoke access for any individual who no longer meets the definition of an Authorized User.

6.3 Audit Logging. Recipient shall maintain audit logs of all access to the Dataset, including the identity of the accessor, timestamp, and nature of access. Audit logs shall be retained for a minimum of one (1) year.

6.4 Incident Response. Recipient shall notify Provider within seventy-two (72) hours of discovering any unauthorized access, use, or disclosure of the Dataset. Recipient shall cooperate with Provider in investigating and remediating any such incident.

6.5 Security Assessment. Upon reasonable request and no more than once per calendar year, Provider may audit or request written certification of Recipient's compliance with the security requirements of this Section.

7. Representations and Warranties

7.1 Provider Representations. Provider represents and warrants that:

(a) The Dataset is 100% synthetically generated and contains zero Protected Health Information as defined by HIPAA.

(b) No real patient records, electronic health records, claims data, or other individually identifiable health information was used as input to the generation process.

(c) The Dataset was generated from parameterized clinical templates using randomized patient contexts (e.g., age bands, diagnosis codes, service settings) and has passed Provider's VLayer compliance pipeline, including automated PHI scanning with 163+ detection patterns.

(d) Provider has the right and authority to grant the license set forth in this Agreement.

7.2 Recipient Representations. Recipient represents and warrants that:

(a) Recipient will use the Dataset solely for Permitted Uses as defined in Section 4.

(b) Recipient will comply with all applicable laws and regulations in connection with its use of the Dataset.

(c) Recipient has implemented and will maintain security measures consistent with Section 6.

(d) Recipient will not attempt to re-identify or link any records in the Dataset to real individuals.

7.3 Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE DATASET IS PROVIDED "AS IS" AND PROVIDER MAKES NO OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR CLINICAL VALIDITY.

8. Data Retention and Destruction

8.1 Retention. Recipient may retain the Dataset for the duration of the Term. Recipient may retain Derivative Works (e.g., trained model weights) beyond the Term, provided such Derivative Works do not contain verbatim copies of Dataset records.

8.2 Destruction. Upon expiration or termination of this Agreement, Recipient shall destroy all copies of the Dataset (including backups, cached copies, and copies in development or staging environments) within thirty (30) calendar days.

8.3 Certification. Within ten (10) business days following destruction, Recipient shall provide Provider with a written certification, signed by an authorized officer of Recipient, confirming that all copies of the Dataset have been destroyed in accordance with this Section.

8.4 Survival. Recipient's obligations under Sections 5 (Restrictions), 6 (Security Requirements), and 10 (Limitation of Liability) shall survive expiration or termination of this Agreement.

9. Intellectual Property

9.1 Provider IP. Provider retains all right, title, and interest in and to the Dataset, including all intellectual property rights therein. Nothing in this Agreement transfers or assigns any ownership rights in the Dataset to Recipient.

9.2 Recipient IP. Recipient shall own all right, title, and interest in and to Derivative Works created by Recipient, including trained model weights, algorithms, and analyses, subject to the restrictions set forth in Section 5.

9.3 Feedback. If Recipient provides Provider with any feedback, suggestions, or recommendations regarding the Dataset, Provider shall have a perpetual, irrevocable, royalty-free license to use such feedback for any purpose.

10. Limitation of Liability

10.1 Cap. IN NO EVENT SHALL EITHER PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL FEES PAID OR PAYABLE BY RECIPIENT TO PROVIDER UNDER THE APPLICABLE ORDER FORM DURING THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

10.2 Exclusion of Consequential Damages. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITY, REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

10.3 Exceptions. The limitations in this Section 10 shall not apply to: (a) Recipient's breach of Section 5 (Restrictions); (b) either Party's indemnification obligations; or (c) either Party's gross negligence or willful misconduct.

11. Term and Termination

11.1 Term. This Agreement shall commence on the Effective Date and continue for a period of one (1) year (the "Initial Term"). Thereafter, this Agreement shall automatically renew for successive one (1) year periods (each a "Renewal Term," and together with the Initial Term, the "Term") unless either Party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term.

11.2 Termination for Breach. Either Party may terminate this Agreement upon written notice if the other Party materially breaches any provision of this Agreement and fails to cure such breach within thirty (30) calendar days after receiving written notice specifying the breach.

11.3 Termination for Convenience. Either Party may terminate this Agreement for any reason upon sixty (60) days' prior written notice to the other Party.

11.4 Effect of Termination. Upon termination or expiration: (a) all licenses granted hereunder shall immediately terminate; (b) Recipient shall comply with the destruction and certification requirements of Section 8; and (c) all accrued payment obligations shall survive.

12. General Provisions

12.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Florida, without regard to its conflict of laws principles. Any dispute arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the state and federal courts located in the State of Florida.

12.2 Notices. All notices under this Agreement shall be in writing and delivered by email with confirmed receipt, certified mail, or nationally recognized overnight carrier to the addresses set forth above or such other address as a Party may designate in writing.

12.3 Entire Agreement. This Agreement, together with all Order Forms, constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior and contemporaneous agreements, understandings, negotiations, and discussions, whether oral or written.

12.4 Amendments. This Agreement may not be amended or modified except by a written instrument signed by both Parties.

12.5 Severability. If any provision of this Agreement is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.

12.6 Waiver. The failure of either Party to enforce any provision of this Agreement shall not constitute a waiver of such provision or the right to enforce it at a later time.

12.7 Assignment. Recipient may not assign or transfer this Agreement or any rights hereunder without the prior written consent of Provider. Any attempted assignment in violation of this Section shall be void.

12.8 Force Majeure. Neither Party shall be liable for any delay or failure to perform due to causes beyond its reasonable control, including acts of God, natural disasters, pandemics, government actions, or infrastructure failures.

12.9 Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original, and all of which together shall constitute one and the same instrument. Electronic signatures shall be deemed valid and binding.

13. Signatures

PROVIDER: SynthABA / FPI Enterprises, Inc.

| Field | | |---|---| | Name | _________________________________ | | Title | _________________________________ | | Signature | _________________________________ | | Date | _________________________________ |

RECIPIENT: _____________________________

| Field | | |---|---| | Name | _________________________________ | | Title | _________________________________ | | Signature | _________________________________ | | Date | _________________________________ |

This Data Use Agreement template is provided for informational purposes. Parties should consult with their own legal counsel before execution.