These Terms govern your use of the ClarityCommand^™ Care application provided by Nitty Gritty Powerwashing & Mobile Services, LLC d/b/a JoMar Business Solutions. By creating an account or using the Application, you agree to these Terms. If you do not agree, do not use the Application.

1. Eligibility

• At least 18 years of age
• Owner, operator, administrator, or authorized employee of a licensed assisted living facility, residential care home, or comparable senior care business
• Legally authorized to enter into binding contracts on behalf of your facility
• Not barred under U.S. law or any sanctions list

2. The Application — What It Is and Is Not

What ClarityCommand Care IS:

• An operations management tool for assisted living facilities
• A platform for residents (non-medical), billing, meals, concierge, staff, leads, expenses, outreach
• A general-purpose business AI assistant for non-clinical questions

What ClarityCommand Care IS NOT:

• NOT a medical records system or EHR
• NOT HIPAA-compliant (see Document III)
• NOT a substitute for licensed legal, medical, accounting, or compliance advice
• NOT a replacement for state-mandated paper care plans, MARs, or incident reports

3. License Grant

JoMar grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to use the Application solely for the internal business operations of your licensed facility.

4. Account Registration & Security

• Provide accurate, current, complete information
• Maintain credential confidentiality
• You are responsible for all activity under your account
• Notify leslie@jomarbusinesssolutions.com of suspected unauthorized access
• Do not share login outside authorized facility staff
• Multi-facility operators require an Enterprise license

5. Acceptable Use

You agree NOT to:

• Enter PHI — see Document III
• Use the Application unlawfully
• Reverse-engineer, decompile, copy, or recreate any part
• Resell, sublicense, or rent access
• Attempt unauthorized access to other accounts or infrastructure
• Upload viruses or malicious code
• Harass, defame, or harm any individual
• Scrape or data-mine beyond your own records
• Use the Care AI for medical, legal, or clinical decisions

6. Fees & Payment

• Pay all fees in U.S. dollars when due
• Authorize JoMar to charge your payment method on the recurring cycle
• Update payment information promptly
• All sales are final except where required by law

Late payments may suspend access. JoMar may modify pricing on 30 days' notice.

7. Intellectual Property

ClarityCommand™, ClarityCommand Care™, and all associated logos, designs, code, AI prompts, training materials, templates, and content are the exclusive intellectual property of Nitty Gritty Powerwashing & Mobile Services, LLC. Your data remains your property; JoMar holds it as a service provider.

8. AI-Generated Content Disclaimer

8.1 What the Care AI Is

The "Care AI" is powered by Anthropic's Claude. It is designed to assist with general operational questions, drafting communications, understanding regulatory frameworks, and managing day-to-day business tasks. It is an informational and productivity tool — not a licensed professional.

8.2 Explicitly Prohibited Uses

8.3 Your Responsibility

• Independently verify all Care AI responses before acting on them
• Consult licensed professionals for all matters requiring professional judgment
• Bear sole responsibility for all decisions influenced by Care AI output
• Train all staff who use the Care AI on these limitations before granting access

9. User Content & Data Ownership

You retain ownership of all data you enter. You grant JoMar a limited, royalty-free license to host, store, and process it solely to provide the Application.

10. Disclaimers

THE APPLICATION IS PROVIDED "AS-IS" AND "AS-AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING:

• Implied warranties of merchantability, fitness for a purpose, or non-infringement
• Warranties that the Application will be uninterrupted, error-free, or secure
• Warranties regarding accuracy of any content, including AI output
• Warranties that the Application will meet your specific needs or regulatory requirements

11. Limitation of Liability

• JoMar's total aggregate liability shall not exceed the total fees paid in the 12 months preceding the claim, or $500, whichever is greater
• JoMar shall not be liable for indirect, incidental, consequential, special, exemplary, or punitive damages — including lost profits, lost data, business interruption, regulatory fines, HIPAA violations, or reputational harm
• Applies regardless of legal theory

12. Indemnification

You agree to defend, indemnify, and hold harmless JoMar from claims arising out of:

• Your use or misuse of the Application
• Your violation of these Terms or any law
• Your entry of PHI or other restricted data
• Your facility's HIPAA, state, or regulatory violations
• Any third-party claim arising from data you entered

13. Termination

• You may cancel anytime via the Application or email
• JoMar may suspend or terminate for violation, non-payment, or 30 days' notice

Data is retained per the Privacy Policy schedule. Data export available within 30 days of termination.

14. Governing Law & Dispute Resolution

14.1 Governing Law

These Terms are governed by the laws of the State of Texas, without regard to conflict-of-law principles. The UN Convention on Contracts for the International Sale of Goods does not apply.

14.2 Informal Resolution — Required First Step

Before any formal dispute process, the party with a dispute must provide written notice to the other party describing the nature of the dispute, the relief sought, and the factual basis. The parties agree to negotiate in good faith for at least 30 days before proceeding.

• JoMar dispute notice: leslie@jomarbusinesssolutions.com — Subject: "Dispute Notice — [Your Facility Name]"
• Your notice address: your account email address on file with JoMar

14.3 Mediation

If informal resolution fails after 30 days, either party may request non-binding mediation in Tarrant County, Texas, through a mutually agreed mediator. Costs split equally unless otherwise agreed. Mediation is optional — either party may proceed directly to arbitration after the informal resolution period.

14.4 Binding Arbitration

EXCEPT AS PROVIDED IN SECTIONS 14.5 AND 14.6, ANY DISPUTE ARISING OUT OF OR RELATING TO THESE TERMS OR THE APPLICATION SHALL BE RESOLVED BY FINAL AND BINDING ARBITRATION, NOT IN COURT.

Arbitration Fees: For claims not exceeding $10,000, JoMar will pay all AAA filing and administrative fees and the arbitrator's fees, unless the arbitrator determines the claim was frivolous. For claims exceeding $10,000, standard AAA fee-splitting rules apply, except JoMar will pay any AAA fees that would make arbitration prohibitively expensive compared to court, as determined by the arbitrator on written request.

14.5 Exceptions to Arbitration

• Claims for injunctive or equitable relief to prevent unauthorized use of intellectual property
• Claims that may be brought in small claims court in Tarrant County, Texas, on an individual basis
• Any claim a court determines cannot be compelled to arbitration as a matter of law

14.6 Arbitration Opt-Out — 30-Day Window

To opt out, you must: (1) send from your account email address; (2) include your full legal name, facility name, and account email; (3) send within 30 days of first accepting these Terms. Late opt-out requests will not be honored.

14.7 Class Action & Jury Trial Waiver

15. Modifications

Material changes communicated by email and in-app notice at least 14 days before they take effect.

16. Miscellaneous

• Entire agreement: Terms + Privacy Policy + HIPAA Disclaimer + DPA
• Severability: unenforceable provisions don't void remaining ones
• No waiver: failure to enforce ≠ waiver
• Assignment: you cannot assign; JoMar may assign to a successor
• Force majeure: neither party liable for causes beyond reasonable control
• Notices: to leslie@jomarbusinesssolutions.com

1. Why This Application Is Designed Without HIPAA Compliance

HIPAA-compliant software requires expensive infrastructure that is out of reach for most small ALF operators: Business Associate Agreements (BAAs) with every vendor, PHI-specific encrypted storage, comprehensive audit trails, breach notification procedures, annual risk assessments, documented employee training, and ongoing compliance monitoring. HIPAA-compliant platforms typically cost $300–$2,000/month.

ClarityCommand Care is intentionally designed as a non-PHI operations tool so small facility owners can afford to digitize 80% of daily operations while keeping medical records in paper files or a separate licensed EHR. This is a deliberate design choice, not an oversight.

2. Business Associate Analysis — Why JoMar Is NOT Your Business Associate

Under HIPAA (45 CFR § 160.103), a Business Associate creates, receives, maintains, or transmits PHI on behalf of a covered entity. JoMar's position is that it does not qualify as a Business Associate for the following documented reasons:

3. Your Status as a Covered Entity

As an operator of a licensed assisted living facility, you may be a HIPAA Covered Entity if you transmit health information in electronic form in connection with transactions for which HHS has adopted standards (such as submitting Medicaid claims electronically). You are responsible for independently determining your own covered entity status.

If you are a Covered Entity, the following obligations are entirely your responsibility:

• Conducting and documenting an annual HIPAA Security Risk Assessment
• Maintaining a separate HIPAA-compliant system (EHR/EMR or paper) for all PHI
• Executing BAAs with all vendors who receive PHI on your behalf
• Training all workforce members on HIPAA Privacy and Security Rules
• Implementing and maintaining HIPAA-required policies and procedures
• Providing HIPAA Notice of Privacy Practices to residents
• Responding to resident rights requests (access, amendment, accounting of disclosures)
• Reporting breaches to HHS and affected individuals per the HIPAA Breach Notification Rule

4. What Counts as PHI — The 18 HIPAA Identifiers

Under HIPAA, PHI is any individually identifiable health information. The 18 HIPAA identifiers, when combined with health information, create PHI:

5. Restricted Data — DO NOT Enter

• Medical diagnoses or conditions ("diabetic," "dementia," "CHF," "COPD")
• Medications, dosages, or Medication Administration Records (MAR)
• Vital signs (BP, weight, blood sugar, pulse, temperature, O2 sat)
• Nurse clinical notes, caregiver health observations, skilled assessments
• Doctor's orders, treatment plans, therapy notes, care plans
• Lab results, imaging reports, diagnostic test outcomes
• Hospital discharge summaries, admission records, H&P documents
• Mental health diagnoses, psychiatric notes, behavioral health treatment
• Substance abuse treatment records (42 CFR Part 2 protected)
• HIV status, STI status, genetic information
• Incident reports tied to a health event (falls with injury, choking, med errors)
• Medicare/Medicaid claim numbers, beneficiary IDs, medical billing details
• Photos depicting medical conditions, injuries, wounds, or pressure ulcers
• Uploaded medical documents, prescriptions, or provider correspondence
• Medically-documented dietary orders or clinically-prescribed food restrictions (pureed diet, diabetic diet, renal diet, therapeutic restrictions, or documented food allergies tied to a diagnosed condition)

6. Permitted Data — What You CAN Store

• Resident name, room number, move-in/out dates, optional photo (smiling/activity — not depicting medical care)
• Emergency contact names, phones, emails, relationships
• Monthly rate, payment method (Medicaid yes/no only — no claim or beneficiary numbers)
• Insurance expiration dates as calendar reminders only
• Food preferences and dislikes based on personal taste, culture, or religion — NOT medically-documented dietary orders
• Comfort and lifestyle notes ("prefers morning shower," "enjoys gardening") — not clinical observations
• Concierge requests: transportation, errands, grocery, activities
• Bed availability, lead pipeline, referral source, lead status
• Staff names, roles, schedules, clock-in/out, payroll calculations
• Business expenses, vendor payments, mileage logs
• Outreach communications — general only, no resident PHI

7. Dietary & Food Data — PHI Boundary

8. Care AI — HIPAA Acceptable Use

9. Your Affirmative Obligations

• You have read this Disclaimer in full and understand its requirements
• You will not enter PHI under any circumstances
• You will train every staff member before granting them Application access, and document that training
• You will maintain a separate HIPAA-compliant system for all PHI
• You will conduct your own HIPAA Security Risk Assessment
• You bear sole and complete responsibility for any HIPAA violations arising from your or your staff's misuse
• You will immediately notify JoMar at leslie@jomarbusinesssolutions.com if PHI has been entered
• You will indemnify, defend, and hold harmless JoMar from any claims, penalties, fines, or legal fees arising from PHI entered by you or anyone using your account
• JoMar's refusal to sign a BAA is a material term of these agreements and you accept the Application on that basis

10. PHI Enforcement

12. Resources

This DPA forms part of the Terms between Nitty Gritty Powerwashing & Mobile Services, LLC d/b/a JoMar Business Solutions ("Processor") and you ("Controller"). It governs the third-party personal data you enter — about residents, family members, staff, vendors, and referral partners.

1. Definitions

2. Roles & Responsibilities

You (Controller) determine what Personal Data is entered, for what purpose, and for how long. JoMar (Processor) processes Personal Data solely on your documented instructions — these Terms, the Privacy Policy, your in-app actions, and any written instructions to leslie@jomarbusinesssolutions.com.

3. Categories of Data Subjects & Personal Data

4. Controller Warranties

You represent, warrant, and agree that:

• You have a lawful basis to collect and process all Personal Data you enter
• You have provided required privacy notices to Data Subjects
• You have obtained all required consents, including photo releases where applicable
• You will respond directly to all Data Subject rights requests
• You will NOT enter PHI as defined in Document III
• You will limit access to authorized staff with a legitimate business need
• You will notify JoMar promptly if you become aware of any unauthorized access to Personal Data in the Application

5. Processor Obligations

JoMar agrees to:

• Process Personal Data only on your documented instructions and solely for the purpose of providing the Application
• Implement and maintain the technical and organizational security measures described in Section 8
• Ensure all personnel with access to Personal Data are subject to written confidentiality obligations
• Engage Sub-Processors only as permitted under Section 6, and require each Sub-Processor to maintain data protection obligations no less protective than this DPA
• Notify you of any confirmed Security Incident without undue delay, and in any event as required by applicable law
• Provide reasonable cooperation with Data Subject requests to the extent technically feasible
• Upon termination, return or delete your Personal Data as set forth in Section 11
• Not transfer Personal Data outside the United States without your prior written consent, except as necessary to use the U.S.-based Sub-Processors listed in Section 6

6. Approved Sub-Processors & Change Notification

7. Data Subject Requests

If a Data Subject contacts JoMar directly:

• JoMar will notify you within 5 business days
• JoMar will refer the Data Subject to you as the responsible Controller
• JoMar will provide reasonable technical assistance (such as a data export) within 30 days of your written request
• You remain solely responsible for responding to and fulfilling Data Subject requests

8. Security Measures

9. Audit Rights

• Audits are limited to once per calendar year, unless required by a regulatory authority or following a confirmed Security Incident
• You must provide at least 30 days' prior written notice specifying the scope
• Audits must be conducted during normal business hours and minimize disruption to JoMar's operations
• You bear the full cost of any audit unless it reveals a material breach by JoMar
• In lieu of an on-site audit, JoMar may satisfy audit requests by providing a current third-party audit report or completed security questionnaire
• All audit findings and reports are confidential

10. International Data Transfers

The Application is operated from the United States. All Sub-Processors listed in Section 6 store and process data in the United States. By accepting these Terms, you consent to the transfer of Personal Data to the United States. The Application is intended for U.S. customers only; JoMar does not currently offer the Application to residents of the European Union or United Kingdom.

11. Term, Termination & Deletion Certification

Effective on Terms acceptance. On termination, at your election within 30 days:

• Data export in CSV or JSON format, OR
• Permanent deletion per Privacy Policy schedule

Within 60 days of your deletion request, upon written request, JoMar will provide a written certification confirming deletion has been completed from active systems. Billing and acceptance records subject to 7-year retention requirements are exempt.

12. Liability

Subject to the limitations in Section 11 of the Terms of Service. JoMar's liability under this DPA is limited to losses directly caused by JoMar's breach of this DPA, and does not extend to losses caused by your breach of your Controller warranties in Section 4.

13. Conflict

If conflict between this DPA and Terms/Privacy Policy regarding third-party Personal Data, this DPA controls. For all else, Terms control.

14. Contact for DPA Matters

Data Protection Officer

Leslie Green-Wallace · JoMar Business Solutions

Mailing Address

3000 S Hulen Street, Suite 124-964, Fort Worth, TX 76109, United States

Email

leslie@jomarbusinesssolutions.com

Subject Line

Use "DPA Request — [Your Facility Name]"

Response Time

Within 10 business days of receipt