ChartHero AI — Terms of Service

Effective Date: November 11, 2025

These Terms of Service (the “Terms”) govern access to and use of the websites, applications, and services provided by ChartHero AI LLC ("ChartHero," "we," "us," or "our"). By creating an account or using the Services, you agree to these Terms and our Privacy Policy (collectively, the “Agreement”). If you are entering into this Agreement on behalf of an organization or practice, you represent that you have authority to bind that entity.

HIPAA & BAA Notice. If you enable use of protected health information (PHI) with the Services, Schedule A (Business Associate Agreement) is incorporated into, and forms part of, these Terms. Schedule A governs our handling of PHI and controls in the event of any conflict with the rest of these Terms.

1. Eligibility & Accounts

You must be at least the age of majority where you live and legally able to enter contracts.
You agree to provide accurate registration information and maintain the security of your credentials.
You are responsible for activities that occur under your account.
You consent to receiving electronic communications related to the Services.

2. Key Definitions

For clarity throughout these Terms and Schedule A:

Customer or you means the individual healthcare professional or entity using the Services and, where applicable, their authorized users.
Services means ChartHero’s software, applications, websites, APIs, content, and related services.
Inputs means content you or your authorized users submit to the Services (for example, audio recordings, transcripts, prompts, account/profile data, uploads, or configuration settings).
Outputs means content the Services generate for you based on Inputs (for example, transcriptions, summaries, draft clinical notes, task lists, or analytics).
Customer Data means Inputs and Outputs collectively.
PHI has the meaning given in 45 C.F.R. § 160.103 and is a subset of Customer Data.
De-identified Data means data created by or for ChartHero in accordance with 45 C.F.R. § 164.514 such that it does not identify an individual and cannot reasonably be used to identify an individual.
Usage Data/Telemetry means technical logs and metadata about how the Services are accessed and perform (for example, device/browser, feature usage, timestamps, error rates, and performance metrics) but not the content of Inputs/Outputs except as expressly stated.

3. Plans, Subscriptions, Billing & Trials

3.1 Plans & Term

We may offer free, trial, or paid plans (monthly or annual). The plan, term, and pricing are shown at signup or in your admin dashboard and may include seat-based billing for organizations.

3.2 Payment Methods & Authorization

You authorize us (and our payment processors) to charge all applicable fees, taxes, and overages to your provided payment method on a recurring basis until you cancel. We may use third-party processors (e.g., card networks and gateways) and do not store full card numbers ourselves.
You must keep your payment method current; failed payments may lead to suspension until resolved.

3.3 Auto‑Renewal & Cancellation

Subscriptions auto‑renew for successive terms unless canceled before the end of the then‑current term.
You can cancel at any time via in‑app billing settings; cancellation is effective at the end of the current billing period (no mid‑cycle refunds except where required by law).

3.4 Price Changes

We may change prices for future terms. We’ll provide advance notice (e.g., email or in‑app). New prices take effect on renewal.

3.5 Seats & Organizations

Organization admins can add or remove seats. Additions are billed pro‑rata for the remainder of the term. Removals take effect on the next renewal unless otherwise stated.
You are responsible for all activity and charges associated with seats you provision.

3.6 Upgrades & Downgrades

Upgrades (e.g., plan tier or feature add‑ons) are charged pro‑rata for the remainder of the term and apply immediately.
Downgrades take effect on the next renewal and may cause feature reductions or data limits.

3.7 Trials & Promotions

If a trial is offered, its length and scope are shown at signup. Unless you cancel before the trial ends, the subscription converts to paid and your payment method is charged on the first day after the trial.
Promotions/credits are non‑transferable, have no cash value, and expire as stated.

3.8 Taxes; Withholding

Fees are exclusive of taxes. You are responsible for applicable sales, use, VAT/GST, or similar taxes (other than taxes on our net income).

3.9 Refunds; Disputes; Chargebacks

Except where required by law, fees are non‑refundable and non‑creditable.
Billing disputes must be raised within 30 days of the charge; otherwise, charges are deemed accepted.
If you initiate a chargeback, we may suspend your account and any ongoing Services pending resolution.

4. Relationship to Privacy Policy & BAA; Order of Precedence

The Privacy Policy describes how we collect, use, and disclose personal information.
Schedule A (BAA) is automatically incorporated when you enable PHI with the Services. Schedule A governs our creation, receipt, maintenance, or transmission of PHI. If there is a conflict between these Terms and Schedule A with respect to PHI, Schedule A controls.

5. Customer Responsibilities (Consents, Appropriate Use)

Consents & Notices. You are solely responsible for obtaining and maintaining all legally required notices and consents (including, if applicable, two‑party recording consent) before recording or uploading any Inputs. You acknowledge that ChartHero is not a party to provider–patient communications and does not obtain consents on your behalf.
42 C.F.R. Part 2 Exclusion. You will not use the Services to create, receive, maintain, or transmit records subject to 42 C.F.R. Part 2 (substance use disorder records) unless and until we expressly offer functionality addressing Part 2 requirements.
Accuracy & Clinical Judgment. You are responsible for reviewing Outputs and exercising independent clinical judgment. The Services are clinical decision support/documentation tools, not a replacement for professional judgment or the practice of medicine.
Prohibited Uses (illustrative). You will not: (i) reverse engineer or attempt to extract models or source code; (ii) circumvent technical controls or rate limits; (iii) engage in scraping, spam, or unlawful surveillance; (iv) impersonate others or misrepresent affiliation; (v) submit malware or attempt to probe/scan/penetrate networks without authorization; (vi) use the Services to infringe IP rights or violate law; or (vii) use the Services in life‑support, emergency, or mission‑critical contexts where failure could result in death or serious injury.

6. Data Categories & Use

We treat data according to the following categories:

6.1 PHI

PHI is handled as described in Schedule A. We will not use PHI to train or fine‑tune machine learning models unless (a) you are the Covered Entity (or acting on behalf of one), and (b) an admin‑level opt‑in setting is enabled by you. You may disable such opt‑in at any time prospectively.

6.2 Non‑PHI Customer Data

We process non‑PHI Inputs/Outputs to provide and support the Services for you (e.g., generate transcripts, notes, and analytics you request).
Unless otherwise agreed in writing, we do not claim ownership of your Inputs/Outputs. As between you and ChartHero, you own Customer Data. You grant ChartHero a non‑exclusive, worldwide, royalty‑free license to use, reproduce, modify, and display Customer Data solely to provide, secure, and support the Services and to comply with law.

6.3 Aggregate & Telemetry Data (non-PHI)

We may use Aggregate Data (data that is not personally identifiable and has been combined with other data) and Usage Data/Telemetry for purposes of operating, securing, analyzing, and improving the Services, developing new features, and benchmarking.

*Clarification on Service Improvement: Any use of Customer Data for analytics, benchmarking, or service improvement (including AI model training) that does not use Aggregate Data or Usage Data/Telemetry is governed by the PHI opt-in mechanism described in Section 6.1 and Schedule A, Section C.4.

7. Security

We maintain administrative, physical, and technical safeguards designed to protect Customer Data, including controls reasonably conforming to HIPAA Security Rule requirements when handling PHI under Schedule A. Additional details may be available in our security documentation and subprocessor list.

8. Subprocessors

We may engage third-party Subprocessors to assist with delivering the Services. We will: (a) maintain a public list of Subprocessors; (b) provide you with at least fourteen (14) days' advance notice (e.g., via email or in-app notification) before adding a new Sub-processor that processes Customer Data; (c) impose written obligations on Subprocessors that are at least as protective as our obligations under the Agreement (including Schedule A for PHI); and (d) remain responsible for their performance.

9. Retention, Portability, & Deletion

9.1 Operational Retention.

We retain Customer Data as necessary to provide the Services and for operational reliability (including quality assurance, auditability, incident investigation, and disaster recovery) and in accordance with your account configuration and our documented retention schedules.

9.2 Backups & Legal Holds.

Backup copies may persist for a period consistent with standard backup practices and may be retained as required to comply with legal obligations (including six-year HIPAA documentation requirements) or lawful requests.

9.3 Data Portability Upon Termination.

Upon termination of the Agreement, for a period of thirty (30) days (the "Data Portability Period"), Customer will have the right to access and export their Customer Data. ChartHero will make this data available in a standard, machine-readable format (such as JSON or CSV). This data will include Customer Inputs and Outputs but may not include cached data, Usage Data/Telemetry, or other system logs.

9.4 Deletion on Request.

Subject to our obligations in Section 9.2, we will delete or de-identify Customer Data upon your request where feasible and permitted by law and by our security, audit, and retention obligations. Additional terms for PHI are in Schedule A.

10. Intellectual Property; Feedback; Third‑Party Services

Ownership. As between the parties, ChartHero owns all right, title, and interest in and to the Services and our IP. Except for the rights expressly granted, we retain all rights.
Feedback. You grant ChartHero a perpetual, irrevocable, worldwide, royalty‑free license to use suggestions and feedback you provide, provided we do not identify you as the source without permission.
Third‑Party Services. If you enable integrations, your use of third‑party products is subject to their terms. We are not responsible for third‑party services unless expressly stated.

11. Single Sign-On (Google)

11.1 Overview

The Services support single sign-on (“SSO”) via Google. Use of Google SSO is optional; you may also authenticate with a ChartHero-managed email/password account.

11.2 Minimum-Necessary Scopes

When you choose Google SSO, ChartHero requests only the OAuth/OpenID scopes required to authenticate your identity and obtain your verified email address (for example, openid, email, profile). ChartHero does not request access to your contacts, calendars, files, social graphs, or posting capabilities.

11.3 No Social Features

Google SSO is provided solely for authentication. The Services do not post to, message through, or otherwise interact with any social network on your behalf.

11.4 PHI Handling

Authentication metadata received from Google (e.g., subject identifier, email) is not treated as PHI. After authentication, any PHI you upload or generate in the Services is governed by the Business Associate Agreement (Schedule A) and these Terms.

11.5 Token Security

Any OAuth tokens are encrypted at rest, access-controlled on a least-privilege basis, and used only to maintain your authenticated session. Offline access (refresh tokens) is not requested unless strictly necessary to provide the Services.

11.6 Subprocessor Disclosure

To the extent Google acts as an identity provider for your account, it is a subprocessor for authentication only. ChartHero’s current subprocessor list and notice mechanism are described in §8.

11.7 Revocation and Deletion

You may revoke ChartHero’s access in your Google account settings at any time and/or switch to a ChartHero-managed login. Upon account closure, authentication tokens are deleted during standard account teardown, subject to the retention terms in §9.

11.8 Availability

Identity provider availability may affect login. SSO may be temporarily unavailable due to Google outages. Email/password login remains available unless disabled by your organization.

12. Beta/Preview Features

We may offer features identified as alpha, beta, preview, or similar. Such features are provided as‑is and may be modified or discontinued at any time. Use is at your discretion and may be subject to additional terms.

13. Disclaimers

The Services are provided “AS IS” and “AS AVAILABLE.” To the fullest extent permitted by law, we disclaim all warranties (express, implied, or statutory), including merchantability, fitness for a particular purpose, title, and non‑infringement. We do not warrant that Outputs are accurate, complete, or suitable for any purpose or that the Services will be error‑free or uninterrupted.

14. Indemnification

By You. You will defend and indemnify ChartHero from claims arising out of: (a) your Inputs or your use of the Services in violation of law or this Agreement; (b) your failure to obtain necessary consents; and (c) disputes between you and any patient or third party.
By ChartHero. We will defend and indemnify you from third‑party claims alleging that the Services, when used as permitted, infringe a valid U.S. patent, copyright, or trademark, or misappropriate a trade secret. We may at our option: (i) modify or substitute the Services to avoid infringement; or (ii) terminate the affected feature and refund prepaid unused fees (if any) for that feature.

15. Limitation of Liability

Cap. Except for Exclusions below, each party’s total liability arising from or relating to the Agreement will not exceed the greater of: (i) the amounts you paid to ChartHero in the 12 months before the event giving rise to liability; or (ii) $1,000 if no amounts were paid.
Exclusions. The cap does not apply to: (a) a party’s willful misconduct; (b) breach of confidentiality; (c) a party’s HIPAA/BAA obligations with respect to PHI; or (d) infringement or misappropriation of the other party’s intellectual property rights.
No Indirect Damages. Neither party is liable for consequential, incidental, special, exemplary, or punitive damages, or lost profits, even if advised of the possibility.

16. Term; Suspension; Termination

These Terms remain in effect until terminated.
We may suspend or terminate access for material breach, abusive use, legal risk, or to protect the security or integrity of the Services.
Upon termination, your right to access the Services ceases. Provisions that by their nature should survive (including confidentiality, IP, limitations of liability, dispute resolution, and Schedule A) will survive.

17. Governing Law; Dispute Resolution; Class Action Waiver; Time Limit

Governing Law & Forum. This Agreement is governed by the laws of the State of Connecticut, excluding its conflicts of law rules, with venue for any non‑arbitrable claims in the state or federal courts located in Connecticut, and the parties consent to personal jurisdiction there.
Arbitration. Any dispute arising out of or relating to this Agreement will be resolved by binding arbitration administered by the AAA under its Commercial Arbitration Rules by a single arbitrator. Judgment on the award may be entered in any court of competent jurisdiction. Either party may seek injunctive relief in court to protect IP or confidential information. This Section does not prevent either party from pursuing an individual claim in small‑claims court where appropriate.
Class Action Waiver. Disputes must be brought on an individual basis; class, consolidated, or representative actions are not permitted.
Time Limit. Any claim must be filed within one (1) year after the cause of action accrues.

18. California Users and Residents

If you are a California resident, certain rights may apply to your personal information under applicable law. Please see our Privacy Policy for how to exercise those rights. Nothing in these Terms limits any non‑waivable rights.

19. Changes to the Services or Terms

We may modify the Services and these Terms from time to time. If we make material changes, we will provide at least fourteen (14) days' advance notice (e.g., via the Services or email) before the changes become effective. Changes are effective on the date stated in the notice. Your continued use after changes become effective constitutes acceptance.

20. Miscellaneous

Entire Agreement. These Terms, the Privacy Policy, and Schedule A (BAA) are the entire agreement between you and ChartHero regarding the Services.
Order of Precedence. If there is a conflict between these Terms and Schedule A regarding PHI, Schedule A controls.
Assignment. Neither party may assign without the other’s consent, except to an affiliate or in connection with a merger, acquisition, or sale of assets.
Severability; Waiver. If any provision is unenforceable, it will be limited or eliminated to the minimum extent necessary; the remainder remains in effect. Failure to enforce a provision is not a waiver.
Notices. Notices to ChartHero must be sent to legal@charthero.ai and to our principal business address as posted on our website.

Schedule A — Business Associate Agreement (BAA)

This Business Associate Agreement (this “BAA”), effective as of the Effective Date of the Terms, is by and between ChartHero AI LLC (the “Business Associate”) and the Customer enabling PHI in the Services (the “Covered Entity”). This BAA is incorporated into, and forms part of, the Terms. Capitalized terms used but not defined here have the meanings given in the Terms or HIPAA.

A. Purpose and Scope

This BAA governs Business Associate’s creation, receipt, maintenance, and transmission of PHI to provide the Services on behalf of Covered Entity in accordance with 45 C.F.R. Part 160 and Part 164.

B. Definitions

HIPAA Rules means the Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Parts 160 and 164.
PHI has the meaning at 45 C.F.R. § 160.103, limited to the PHI Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity.
Electronic PHI (ePHI) has the meaning at 45 C.F.R. § 160.103.

C. Permitted Uses and Disclosures by Business Associate

On Behalf of Covered Entity. Business Associate may use and disclose PHI as necessary to perform the Services for Covered Entity as described in the Terms, provided such use or disclosure would not violate the HIPAA Rules if done by Covered Entity, consistent with 45 C.F.R. § 164.502(a)(3).
Management and Administration. Business Associate may use and disclose PHI for its proper management and administration and to carry out its legal responsibilities, provided that any disclosure is: (a) required by law; or (b) made to a third party who provides reasonable assurances that it will keep the PHI confidential and use or disclose it only as required by law or for the purpose for which it was disclosed, and the third party agrees to notify Business Associate of any breaches.
De‑identification. Business Associate may de-identify PHI in accordance with 45 C.F.R. § 164.514 solely for the purpose of creating Aggregate Data (as defined in Section 6.3) or as required for its proper management and administration under Section C.2.
Permitted Analytics and Service Improvement. Business Associate may use PHI (including any pseudonymized or non-aggregated data) for its internal service improvement and analytics purposes.
No Model Training by Default. Notwithstanding Section C.4 above, Business Associate will not use PHI to train or fine-tune machine learning models unless Covered Entity enables an admin-level opt-in and such use is permitted by applicable law.

D. Obligations of Business Associate

Safeguards. Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of ePHI as required by the HIPAA Security Rule.
Minimum Necessary. Limit uses, disclosures, and requests of PHI to the minimum necessary to accomplish the intended purpose.
Subcontractors. Ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree in writing to substantially the same restrictions, conditions, and requirements that apply to Business Associate with respect to PHI.
Breach Notification. Report to Covered Entity any Breach of Unsecured PHI (as defined in 45 C.F.R. § 164.402), Security Incident involving ePHI, or other impermissible use or disclosure of PHI without unreasonable delay and no later than sixty (60) calendar days after discovery, including the information required by 45 C.F.R. § 164.410 to the extent available at the time of notice.
Access, Amendment, and Accounting. Provide Covered Entity with information necessary to respond to requests for access, amendment, or accounting of disclosures of PHI pursuant to 45 C.F.R. §§ 164.524, 164.526, and 164.528.
HHS Access. Make internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of HHS for purposes of determining Covered Entity’s or Business Associate’s compliance with HIPAA.
Mitigation. Mitigate, to the extent practicable, any harmful effect known to Business Associate of a use or disclosure of PHI in violation of this BAA.

E. Obligations of Covered Entity

Consents & Notices. Obtain any consents, authorizations, or notices necessary for the lawful use and disclosure of PHI via the Services, including applicable recording consents.
Restrictions & Revocations. Notify Business Associate of any restrictions on the use or disclosure of PHI agreed to by Covered Entity or requested by an individual under 45 C.F.R. § 164.522, and of any changes in, or revocation of, permission by an individual to use or disclose PHI, to the extent such changes affect Business Associate’s use or disclosure.
Minimum Necessary. Limit disclosures of PHI to Business Associate to the minimum necessary.
No Part 2 Records. Covered Entity will not submit data subject to 42 C.F.R. Part 2 unless otherwise expressly agreed in writing.

F. Term and Termination

Term. This BAA is effective as of the Effective Date and remains in effect until the earlier of termination of the Terms or as otherwise terminated under this Section.
Termination for Cause. Upon Covered Entity’s knowledge of a material breach of this BAA by Business Associate, Covered Entity may terminate this BAA if Business Associate does not cure the breach within a reasonable time specified by Covered Entity.
Effect of Termination. Upon termination of this BAA, Business Associate will first make PHI available to Covered Entity for export in accordance with Section 9.3 of the Terms. Following the Data Portability Period described therein, Business Associate will return or destroy all PHI that it maintains in any form, if feasible. If return or destruction is not feasible (for example, due to standard backup retention, legal holds, or audit requirements), Business Associate will extend the protections of this BAA to the PHI and limit further uses and disclosures to those purposes that make the return or destruction infeasible.

G. Documentation & Records Retention

Business Associate will maintain documentation and records required by the HIPAA Rules (including policies, procedures, and required logs) for six (6) years as required by 45 C.F.R. § 164.530(j), or such longer period as required by law.

H. Regulatory Changes; Amendments

If any law or regulation (including HIPAA, HITECH, or state analogues) is amended or enacted such that this BAA does not comply, the parties will amend this BAA to comply with the changes, and the amended terms will be deemed incorporated.

I. No Third‑Party Beneficiaries

This BAA is between Business Associate and Covered Entity. No other person or entity has rights as a third‑party beneficiary.

J. Interpretation; Precedence

Any ambiguity in this BAA shall be resolved to permit compliance with the HIPAA Rules. If there is a conflict between the Terms and this BAA regarding PHI, this BAA controls.

Schedule B: Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") forms part of the Agreement between ChartHero AI LLC ("ChartHero") and the Customer.

1. Definitions

Capitalized terms used but not defined in this DPA have the meanings given in the Terms or as set forth below:

"Data Protection Laws" means all applicable data protection and privacy laws, including (where applicable) the GDPR, the UK GDPR, and the Swiss FADP.
"GDPR" means the EU General Data Protection Regulation 2016/679.
"Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject") processed by ChartHero on behalf of the Customer in connection with the Services.
"Controller," "Processor," and "Processing" have the meanings given to them in the GDPR.
"SCCs" means the Standard Contractual Clauses approved by the European Commission, as may be amended or replaced from time to time.
"UK GDPR" means the GDPR as it forms part of the law of the United Kingdom.
"Customer Account Data" means personal data ChartHero collects during registration and for account administration, such as Customer's name, email address, and billing information.
"Customer Content Data" means the Personal Data contained within Inputs and Outputs (as defined in the Terms) that ChartHero processes on behalf of the Customer.

2. Roles and Scope of Processing

2.1 Roles: The parties acknowledge that with respect to Customer Content Data, the Customer is the Controller and ChartHero is the Processor. With respect to Customer Account Data, ChartHero is the Controller.
2.2 Scope: This DPA applies to the processing of Customer Content Data. ChartHero will process Customer Content Data only in accordance with the Customer's documented instructions, which include the Agreement, this DPA, and the Customer's use of the Services.
2.3 Details of Processing: The details of processing for Customer Content Data are described in Appendix 1 of this DPA.

3. Processor Obligations

ChartHero agrees to:

3.1 Confidentiality: Ensure that all persons authorized to process Customer Content Data are bound by a duty of confidentiality.
3.2 Security: Implement and maintain appropriate technical and organizational measures to protect Customer Content Data, as described in Section 7 of the Terms ("Security").
3.3 Data Subject Rights: Provide reasonable assistance to the Customer (at the Customer's expense) to enable the Customer to respond to requests from Data Subjects exercising their rights under Data Protection Laws.
3.4 Assistance: Provide reasonable assistance to the Customer (at the Customer's expense) in meeting its obligations under Data Protection Laws, including with respect to security of processing, data protection impact assessments (DPIAs), and breach notifications.

4. Sub-processors

4.1 General Authorization: The Customer provides a general authorization for ChartHero to engage third-party Sub-processors (as defined in the Terms) to process Customer Content Data.
4.2 Notice: ChartHero will maintain a public list of its Sub-processors as described in Section 8 of the Terms. ChartHero will provide Customer with at least fourteen (14) days' advance notice (e.g., via email or in-app notification) of any new Sub-processor, giving the Customer an opportunity to object.
4.3 Flow-Down Obligations: ChartHero will enter into a written agreement with each Sub-processor imposing data protection obligations that are at least as protective as those in this DPA.

5. International Data Transfers

5.1 Transfer Mechanism: For any transfer of Customer Content Data from the European Economic Area, UK, or Switzerland to ChartHero in the United States, the parties agree that such transfer is subject to the EU Standard Contractual Clauses (SCCs), which are incorporated by reference and deemed executed between the parties upon acceptance of the Agreement.
5.2 SCC Module: The parties agree to use Module Two (Controller to Processor) of the EU SCCs.
5.3 UK/Swiss Data: For transfers from the UK or Switzerland, the relevant UK or Swiss addenda to the SCCs will apply.

6. Breach Notification

ChartHero will notify the Customer without undue delay after becoming aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Content Data. This notification will be separate from and will not replace ChartHero's obligations under the BAA (Schedule A) with respect to PHI.

7. Termination

Upon termination of the Agreement, ChartHero will delete or return Customer Content Data in accordance with Section 9 of the Terms and Section F.3 of the BAA.

Appendix 1 to Schedule B: Details of Processing

Subject-Matter: Providing AI-powered transcription and clinical documentation services.
Duration: For the term of the Agreement, plus any post-termination period required for data deletion.
Nature and Purpose: To receive audio/text Inputs, process them to create clinical notes (Outputs), and store/manage that data as directed by the Customer to provide the Services.
Categories of Data: Customer Content Data (Inputs and Outputs), which may include Personal Data.
Categories of Data Subjects: The Data Subjects are determined by the Customer, but may include Customer's patients, clients, and authorized users.

Appendix 2 to Schedule B: Sub-processors

https://www.charthero.ai/subprocessors

Contact: ChartHero AI LLC Legal: legal@charthero.ai Security: security@charthero.ai Privacy Official: privacy@charthero.ai