Terms of Service Agreement

Non-Disclosure Agreement

The Recipient hereto desires to participate in discussions regarding InBody API (Application Programming Interface) through LookinBody Web, (the “Transaction”). During these discussions, Disclosing Party may share certain proprietary information with the Recipient. Therefore, in consideration of the mutual promises and covenants contained in this Agreement, and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties hereto agree as follows:

1. Definition of Confidential Information.

(a) For purposes of this Agreement, “Confidential Information” means any data or information that is proprietary to the Disclosing Party and not generally known to the public, whether in tangible or intangible form, whenever and however disclosed, including, but not limited to: (i) any marketing strategies, plans, financial information, or projections, operations, sales related documents, business plans and performance results relating to the past, present or future business activities of such party, its affiliates, subsidiaries and affiliated companies; (ii) plans for products or services, and customer or supplier lists; (iii) any scientific or technical information, invention, design, process, procedure, formula, improvement, technology or method; (iv) any concepts, reports, data, know-how, works-in-progress, designs, development tools, specifications, computer software, source code, object code, flow charts, databases, inventions, information and trade secrets; and (v) any other information that should reasonably be recognized as confidential information of the Disclosing Party. Confidential Information need not be novel, unique, patentable, copyrightable or constitute a trade secret in order to be designated Confidential Information. The Receiving Party acknowledges that the Confidential Information is proprietary to the Disclosing Party, has been developed and obtained through great efforts by the Disclosing Party and that Disclosing Party regards all of its Confidential Information as trade secrets

(b) Notwithstanding anything in the foregoing to the contrary, Confidential Information shall not include information which: (i) was known by the Receiving Party prior to receiving the Confidential Information from the Disclosing Party; (b) becomes rightfully known to the Receiving Party from a third-party source not known (after diligent inquiry) by the Receiving Party to be under an obligation to Disclosing Party to maintain confidentiality; (c) is or becomes publicly available through no fault of or failure to act by the Receiving Party in breach of this Agreement; (d) is required to be disclosed in a judicial or administrative proceeding, or is otherwise requested or required to be disclosed by law or regulation, although the requirements of paragraph 4 hereof shall apply prior to any disclosure being made; and (e) is or has been independently developed by employees, consultants or agents of the Receiving Party without violation of the terms of this Agreement or reference or access to any Confidential Information.

2. Disclosure of Confidential Information.

From time to time, the Disclosing Party may disclose Confidential Information to the Receiving Party. The Receiving Party will: (a) limit disclosure of any Confidential Information to its directors, officers, employees, agents or representatives (collectively “Representatives”) who have a need to know such Confidential Information in connection with the current or contemplated business relationship between the parties to which this Agreement relates, and only for that purpose; (b) advise its Representatives of the proprietary nature of the Confidential Information and of the obligations set forth in this Agreement and require such Representatives to keep the Confidential Information confidential; (c) shall keep all NON-DISCLOSURE AGREEMENT Page 2

Confidential Information strictly confidential by using a reasonable degree of care, but not less than the degree of care used by it in safeguarding its own confidential information; and (d) not disclose any Confidential Information received by it to any third parties (except as otherwise provided for herein).

Each party shall be responsible for any breach of this Agreement by any of their respective Representatives.

3. Use of Confidential Information.

The Receiving Party agrees to use the Confidential Information solely in connection with the current or contemplated business relationship between the parties and not for any purpose other than as authorized by this Agreement without the prior written consent of an authorized representative of the Disclosing Party. No other right or license, whether expressed or implied, in the Confidential Information is granted to the Receiving Party hereunder. Title to the Confidential Information will remain solely in the Disclosing Party. All use of Confidential Information by the Receiving Party shall be for the benefit of the Disclosing Party and any modifications and improvements thereof by the Receiving Party shall be the sole property of the Disclosing Party. Nothing contained herein is intended to modify the parties’ existing agreement that their discussions in furtherance of a potential business relationship are governed by Federal Rule of Evidence 408.

4. Term.

This Agreement shall remain in effect for a one-year term (subject to a one year extension if the parties are still discussing and considering the Transaction at the end of the second year). Notwithstanding the foregoing, the parties’ duty to hold in confidence Confidential Information that was disclosed during term shall remain in effect indefinitely.

5. Remedies.

Both parties acknowledge that the Confidential Information to be disclosed hereunder is of a unique and valuable character, and that the unauthorized dissemination of the Confidential Information would destroy or diminish the value of such information. The damages to Disclosing Party that would result from the unauthorized dissemination of the Confidential Information would be impossible to calculate. Therefore, both parties hereby agree that the Disclosing Party shall be entitled to injunctive relief preventing the dissemination of any Confidential Information in violation of the terms hereof. Such injunctive relief shall be in addition to any other remedies available hereunder, whether at law or in equity. Disclosing Party shall be entitled to recover its costs and fees, including reasonable attorneys’ fees, incurred in obtaining any such relief. Further, in the event of litigation relating to this Agreement, the prevailing party shall be entitled to recover its reasonable attorney’s fees and expenses.

6. Return of Confidential Information.

Receiving Party shall immediately return and redeliver to the other all tangible material embodying the Confidential Information provided hereunder and all notes, summaries, memoranda, drawings, manuals, records, excerpts or derivative information deriving there from and all other documents or materials (“Notes”) (and all copies of any of the foregoing, including “copies” that have been converted to computerized media in the form of image, data or word processing files either manually or by image capture) based on or including any Confidential Information, in whatever form of storage or retrieval, upon the earlier of (i) the completion or termination of the dealings between the parties contemplated hereunder; (ii) the termination of this Agreement; or (iii) at such time as the Disclosing Party may so request; provided however that the Receiving Party may retain such of its documents as is necessary to enable it to comply with its document retention policies. Alternatively, the Receiving Party, with the written consent of the Disclosing Party may (or in the case of Notes, at the Receiving Party’s option) immediately destroy any of the foregoing embodying Confidential Information (or the reasonably non-recoverable data erasure of computerized data) and, upon request, certify in writing such destruction by an authorized officer of the Receiving Party supervising the destruction). NON-DISCLOSURE AGREEMENT Page 3

7. Notice of Breach.

Receiving Party shall notify the Disclosing Party immediately upon discovery of any unauthorized use or disclosure of Confidential Information by Receiving Party or its Representatives, or any other breach of this Agreement by Receiving Party or its Representatives, and will cooperate with efforts by the Disclosing Party to help the Disclosing Party regain possession of Confidential Information and prevent its further unauthorized use.

8. No Binding Agreement for Transaction.

The parties agree that neither party will be under any legal obligation of any kind whatsoever with respect to a Transaction by virtue of this Agreement, except for the matters specifically agreed to herein. The parties further acknowledge and agree that they each reserve the right, in their sole and absolute discretion, to reject any and all proposals and to terminate discussions and negotiations with respect to a Transaction at any time. This Agreement does not create a joint venture or partnership between the parties. If a Transaction goes forward, the non-disclosure provisions of any applicable transaction documents entered into between the parties (or their respective affiliates) for the Transaction shall supersede this Agreement. In the event such provision is not provided for in said transaction documents, this Agreement shall control.

9. Warranty.

Each party warrants that it has the right to make the disclosures under this Agreement. NO WARRANTIES ARE MADE BY EITHER PARTY UNDER THIS AGREEMENT WHATSOEVER. The parties acknowledge that although they shall each endeavor to include in the Confidential Information all information that they each believe relevant for the purpose of the evaluation of a Transaction, the parties understand that no representation or warranty as to the accuracy or completeness of the Confidential Information is being made by either party as the Disclosing Party. Further, neither party is under any obligation under this Agreement to disclose any Confidential Information it chooses not to disclose. Neither Party hereto shall have any liability to the other party or to the other party’s Representatives resulting from any use of the Confidential Information except with respect to disclosure of such Confidential Information in violation of this Agreement.

10. Miscellaneous.

(a) This Agreement constitutes the entire understanding between the parties and supersedes any and all prior or contemporaneous understandings and agreements, whether oral or written, between the parties, with respect to the subject matter hereof. This Agreement can only be modified by a written amendment signed by the party against whom enforcement of such modification is sought.

(b) The validity, construction and performance of this Agreement shall be governed and construed in accordance with the laws of California applicable to contracts made and to be wholly performed within such state, without giving effect to any conflict of laws provisions thereof. The Federal and state courts located in California shall have sole and exclusive jurisdiction over any disputes arising under the terms of this Agreement.

(c) Any failure by either party to enforce the other party’s strict performance of any provision of this Agreement will not constitute a waiver of its right to subsequently enforce such provision or any other provision of this Agreement.

(d) Although the restrictions contained in this Agreement are considered by the parties to be reasonable for the purpose of protecting the Confidential Information, if any such restriction is found by a court of competent jurisdiction to be unenforceable, such provision will be modified, rewritten or interpreted to include as much of its nature and scope as will render it enforceable. If it cannot be so modified, rewritten or interpreted to be enforceable in any respect, it will not be given effect, and the remainder of the Agreement will be enforced as if such provision was not included.

(e) Any notices or communications required or permitted to be given hereunder may be delivered by hand, deposited with a nationally recognized overnight carrier, electronic-mail, or mailed by certified mail, NON-DISCLOSURE AGREEMENT Page 4

return receipt requested, postage prepaid, in each case, to the address of the other party first indicated above (or such other addressee as may be furnished by a party in accordance with this paragraph). All such notices or communications shall be deemed to have been given and received (a) in the case of personal delivery or electronic-mail, on the date of such delivery, (b) in the case of delivery by a nationally recognized overnight carrier, on the third business day following dispatch and (c) in the case of mailing, on the seventh business day following such mailing.

(f) This Agreement is personal in nature, and neither party may directly or indirectly assign or transfer it by operation of law or otherwise without the prior written consent of the other party, which consent will not be unreasonably withheld. All obligations contained in this Agreement shall extend to and be binding upon the parties to this Agreement and their respective successors, assigns and designees.

(g) The receipt of Confidential Information pursuant to this Agreement will not prevent or in any way limit either party from: (i) developing, making or marketing products or services that are or may be competitive with the products or services of the other; or (ii) providing products or services to others who compete with the other.

(h) Paragraph headings used in this Agreement are for reference only and shall not be used or relied upon in the interpretation of this Agreement.

Business Partner Agreement

Terms and Conditions of the Business Partnership Agreement (“Agreement”)


This Agreement serves as a counterpart to, and is deemed executed concurrently with, the LookinBody Web API Terms of Use and the LookinBody Web API Privacy Policy agreed to by you (“Customer” or “you” or “your”) and Biospace, Inc., DBA InBody (“InBody” or “we” or “our”) (collectively, the “Parties”). This Agreement is as a formalization of Customer and InBody’s business partnership regarding an application program interface (“API”) provided to you by InBody in relation to your use of certain InBody Services, as defined below.

You agree to the following:


1. Site – InBody data management website and/or extension of such website(s), including, but not limited to, https://usa.lookinbody.com.

2. Service(s) – InBody’s body composition analysis devices, including, but not limited to the professional devices at the Analysis Facility, and its accessories, including home use and wearable body composition analysis devices (the “Products”); (ii) InBody-provided applications that give access to a Facility User, and Facility User authorized individuals, to view, add, update, or delete data (collectively, the “App”); (iii) the Site; (iv) the data, analyses and other content contained in, or collected, processed, analyzed, generated or delivered by a Product, the App, or the Site, including without limitation, any body composition information, text, graphs, calculations, copy, audio, video, photographs, illustrations, images, graphics and other visuals (the “InBody Content”); and (v) other related InBody products and/or services.

3. Analysis Facility – a business, an association, an enterprise, or an organization which provides use of Service(s); or a facility where the Service(s) is located

4. End User – refers to an individual, patient or a member who receives use of the Service(s) from you and/or Analysis Facility.

5. Facility User – an employee, a representative or a staff member of the Analysis Facility.

6. “Personal Information” means any information that is about an identifiable individual, this will include, but not be limited to, information such as the following – Name, Birth Date/Age, Physical Description, Medical History, Gender, and Visual Images such as photographs, and videotape where individuals may be identified.

7. “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed by either Party or its respective subsidiaries, affiliates, and/or partners.


Customer is to operate our Services to access Customer’s clients information, which includes Analysis Facilities. InBody owns and operates certain

Services, features of which Customer wishes to incorporate into Customer’s business model. As such, the Parties have agreed to enter into this Agreement and be bound to its terms as well as the LookinBody Web API Privacy Policy, LookinBody Web API Terms of Use, and any other agreements that InBody may require, all of which shall be deemed incorporated and made part of, by reference or otherwise, this Agreement.


An active subscription to the LookinBody Web service is required to utilize the API feature. Per the Terms of Use of the LookinBody Web service and according to the latest fee structure, you agree to pay InBody the following, as it may apply to you; please note that some of these costs and fees may not apply to you:

1. a one-time $199.00 set-up and installation fee;

2. a Pay-Per-Month recurring fee of $25.00/month per InBody device for the use of InBody’s Services;

3. a Pay-Per-Month recurring fee of: $99.00/month for use of an Executive Account; and

4. a $35.00 interlinking fee for multiple LookinBody Web accounts and/or InBody devices.

You further agree to maintain all payment information current and that failure to do so will be subject to the Late Payment provisions below. Payments are for a default of two Staff Member logins and one Administrator login; any additional logins will be charged an additional monthly cost. Any additional costs added to your bill will be discussed with you. If you have any questions about your billing cycle and/or your logins, please contact our support representative.

  1. A. Waived Fee: Customer may have fees permanently or temporarily waived by InBody, but may be assessed fees at a later date, at InBody’s sole discretion; Customer may terminate this Agreement if Customer disagrees with the assessed fees.
  1. B. No Refunds: You agree and understand that no refunds will be issued for any cancellation of the Services.
  1. C. Late Payment: If payment is late, or is dishonored for any reason, Customer will be assessed a late fee of USD $99.00. If the account is forwarded to a collection agency, Customer will be assessed an additional twenty-five percent (25%), which will be added to the total amount due. If payment by company/personal check is returned, Customer will be liable for a charge of USD 25.00 returned check fee. Customer is liable for any returns on credit card payment at a rate of three percent (3%) of the total amount due. In the event of any payment default, Customer agrees to pay any and all reasonable attorney fees and costs of collection to the extent permitted by law. This Section shall be enforced in accordance with the laws of the State of California, Los Angeles County.
  1. D. Back Pay: Customer understands that Services, including access to End User information and InBody Content, may be suspended upon Customer’s failure to provide timely payment under this Agreement. However, InBody reserves the right to permit Customer to provide retroactive back pay and access to such suspended Services, End User information, and InBody Content generated during that time, if any, following Customer’s entry into a payment plan and timely payments to InBody under that payment plan.

InBody Warranty Terms, Conditions and Exclusions:

1. You agree and understand that you are responsible for any or all risks arising from the use of the API. InBody disclaims any other warranties, including but not limited to the warranties of merchantability, fitness for specific purposes, and implied warranty regarding ownership or non-infringement, whether express or implied, to the maximum extent permitted by applicable law.

2. You agree and understand that you will take all available best efforts to ensure that Analysis Facilities using the Site and/or any Services are in good standing and remain in good standing with all applicable entities, including InBody.

3. Support for any issues related to the API will be provided by InBody to you until this Agreement is terminated.

4. The Parties agree and understand that Personal Information collected from an End User will remain in your custody and control, unless otherwise agreed to between you and InBody or you and another third-party; However, and notwithstanding anything to the contrary, InBody will retain access to the Personal Information only for such purposes described in the LookinBody Web API Privacy Policy and LookinBody Web API Terms of Use and End Users will retain access and ownership rights to all Personal Information accessible via the Site.

5. Issues arising from the accuracy or access of the Personal Information by the End User will be addressed by End User to you and, if issues continue to arise or be present, you will process such issues to us for support.

6. Issues arising from the use or functions of the API by you shall be directed to us for support. InBody provides no guarantee to a solution for any issue.

7. Warranty for the API applies to the support provided to you through phone, email, remote access, or any other virtual help. Cases that may require in-person support do not apply.

8. InBody reserves the right to contract third parties for support related purposes.

    1. 9. InBody shall not provide support to any Service or the API when damage or malfunction results from: a. Customer abuse, misuse, negligence, or an issue caused by the End User.
    2. b. Customer fails to follow the installation, operation, or maintenance instructions described in the setup/user’s manual.
    3. c. Acts of God (storm, flood, earthquake, etc.), power failures or surges, actions of third parties, and any other event to the server or the physical location of the stored data, outside InBody’s reasonable control or not arising under normal conditions.
    4. 10. You may terminate this Agreement at any time by contacting our support representative, at which point you and all your clients will lose all API capabilities. a. Certain Personal Information, such as a Facility User’s name, username, and/or phone numbers may be required to confirm your identity and terminate this Agreement.
      1. b. Although our cancellation process is automated for your convenience, you will be provided, upon your request, with certain steps by our support representative during termination to ensure the security of the Personal Information at your Analysis Facilities. The i. technical or mechanical error from your Analysis Facilities or its device(s), regardless of ownership status of those devices;
      2. ii. misunderstanding between our support representative and you;
      3. iii. your failure to contact our support representative; and/or
      4. iv. failure to following instructions.
      5. c. If you are a pay-per-month subscriber, you must terminate at least three (3) calendar days before the renewal date of your account to avoid next month’s charges; failure to do so may result in the subsequent month’s fee being charged to you.
      6. d. Please do not assume that your account has been canceled until you receive a confirmation of cancellation by our representative. e. You may reinitiate the Service anytime you want after cancellation.

Parties agree that InBody shall not be held liable for any transmission of the End User’s Personal Information from your Analysis Facilities, even after the termination, caused by:

Marketing: By entering into this Agreement, you agree to be identified as a user of InBody, and you agree that InBody may refer to you by name, trade name and trademark, if applicable, and may describe your business in InBody’s marketing materials and website. You hereby grant InBody a fully-paid, irrevocable, perpetual, world-wide license to use your name and any of your trade names, trademarks, logos solely in connection with the rights granted to InBody pursuant to this marketing section.

LookinBody Web API Privacy Policy

You, the non-InBody signatory to this Privacy Policy, an Analysis Facility, as defined below, are entering into this Privacy Policy (“Policy”) with Biospace, Inc., DBA InBody (“InBody”) regarding the Services, as defined below. This Policy states how we collect, use, disclose, and protect the Personal Information that an End User and/or a Facility User provides us using the Service(s). This Policy is made counterpart to, and is deemed executed concurrently with, the Terms of Service for API and a Business Partnership Agreement entered between End User and InBody.

If you are a California resident, please also review our California Privacy Act Addition, which is how our privacy policy pertains specifically to California residents and businesses.

If you are a New York state resident, please also review our New York Privacy Act Addition, which is how our privacy policy pertains specifically to New York state residents and businesses.

End User agree to the following:

I. Definitions

A. End User – An individual, patient or a customer who receives or uses the Service(s)

B. Analysis Facility – A business, an association, an enterprise, or an organization that provides the use of the Service(s) and a facility where the Product or the Site is located

C. Facility User – An employee, a representative or a member of the Analysis Facility

D. Facility Administrator (Admin) – The employee or an associate of the Facility who is in charge of the Site’s account and has a higher level of authority than the Staff member

E. Staff Member – An employee or an associate of the Facility who uses the Site but has limited access

F. Protected Health Information – According to the Health Insurance Portability and Affordability Act of 1996, Public Law 104-191, as amended, and inclusive of the Privacy Rule, Security Rule, Breach Notification Rule and Enforcement Rule (45 CFR Parts 160 and 164) promulgated by the United States Department of Health and Human Services (“HIPAA”), Protected Health Information is information that is a subset of health information including demographic information collected from an individual that: (1) is created or received by a health care provider, health plan, employer, or health care clearinghouse; (2) relates to an individual’s past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to an individual; (3) identifies the individual or for which there is reasonable basis to believe the information can be used to identify the individual; and (4) is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium.

G. Personal Information – End User’s non-public information which InBody receives through End User’s use of the Service that can be used, alone or in combination with other information in InBody’s possession, to identify a particular individual. It may include information such as name, email address, telephone number and other personal information the End User provides InBody and it may include Protected Health Information that an individual provides to the Covered Entity

H. Covered Entity – The definition of the Covered Entity remains the same as in 45 CFR § 160.103 of HIPAA

I. Aggregated or De-Identified Information – Information that does not identify End User as a specific individual

J. Custody – When Personal Information or Protected Health Information or other information regarding an End User or Facility User is transmitted to and maintain within our server

K. Control – When Personal Information or Protected Health Information or other information regarding an End User or Facility User can be viewed, added, edited, deleted, and or transferred by InBody for the purposes described in this Policy

L. In this Policy, the words “InBody”, “we”, “us” and “our” refers to Biospace Inc. DBA InBody

M. In this Policy, the words “End User” and “End User’s” refers to the non-InBody signatory to this Policy, an End User

II. Services We Provide

This Policy applies to the following:

A. InBody’s body composition analysis devices and its accessories (the “Products”);

B. InBody-provided applications that gives End User access to view, add, update, or delete data (collectively, the “App”);

C. InBody data management website(s) and/or an extension of the website(s), including, but not limited to, the API and the LookinBody App (collectively the “Site”); and

D. The data, analyses and other content collected, processed, analyzed, generated or delivered by a Product, the App, or the Site, including without limitation, text, graphs, calculations, copy, audio, video, photographs, illustrations, images, graphics and other visuals (the “InBody Content”) (all collectively, the “Service” or “Services”).

III. Information We Collect

A. Information We Collect from an End User:

1) App: When an End User registers for the App, we require the following information: End User’s name, email address, telephone number, age, height, weight, and gender.

2) Product: Our Body Composition Analysis Device collects multiple data points from End User’s body and outputs information such as BMI, PBF, Lean Body Mass, Skeletal Muscle Mass, level of Body Water etc. Accessories connected to the InBody Body Composition Analyzer may collect and output many different data points. Results from the device and the accessory are pooled together and associated with End User’s registered ID and/or telephone number. If End User wishes to be left anonymous and unidentifiable, End User may use the Product as a Guest. Height, weight, age, and gender are still required from a Guest user to process the data. The storage of End User’s data on the server allows them to track changes over multiple tests and multiple Service(s). A guest user may not be able to track their results. Also, depending on the model of the Product, additional body composition measurement information may be stored, such as visceral fat level, leg lean mass etc.

3) Wearable devices: Wearable devices track End User’s sleep, calories, activity, steps, etc. End User has the option to use different functions such as End User’s activity time, distance traveled, and calories burned. End User may also selectively choose to hide any of the functionalities (except battery, time, and body composition analysis) from the screen of the Wearable device. The Ranking system function, derived from the Wearable device, in the App is available for End User to compare End User’s steps and/or scores activity with End User’s friends and family who have this system available and turned on. This optional feature requires End User to provide access to the contacts and opt-in to share End User’s results with End User’s contacts through settings. To know more about ranking system and the different functions of the Wearable device, please refer to the “Terms of Service for End User”.

4) As it pertains to the Personal Information that End User share with InBody using InBody’s Service directly, without an Analysis Facility, End User agree that no Protected Health Information is included, and that HIPAA does not apply to such Personal Information.

B. Information We collect from an Analysis Facility:

An Analysis Facility may be asked to provide InBody with Personal Information of Facility Users who may access the Site. Such information can include their full name, telephone number, email address, and date of birth. The Staff member is a sub-tier account to the Admin account with limited access to the Site. Each Analysis Facility may have a different staff structure, and the level of access to the End User’s information, will be determined by InBody at our sole discretion by reference to the Facility User’s responsibility and role at the Analysis Facility. A Facility User’s personal information is used to create account logins for the Site during the creation of an Administrator account and/or Staff member account. The Facility User is responsible for the accuracy of the information, any changes or updates on the account, and the confidentiality of the login credentials for the Site. A Facility User may be asked to provide identifiable information to InBody if they call in for support.

C. Analysis Facility – Covered Entity

In the event that a Covered Entity purchases the LookinBody Web Subscription, InBody becomes its Business Associate and both parties must comply with Privacy and Security Rules of HIPAA. An Analysis Facility that is a Covered Entity hereby represents and warrants to InBody that such Analysis Facility has obtained the necessary Authorization Form, to ensure that such Analysis Facility has consent to disclose each End User’s Personal Information and Personal Health Information which shall comply with HIPAA and other applicable state and federal privacy laws. The Covered Entity that discloses the Personal Health Information to InBody must enter into and comply with terms of a mutually agreeable Business Associate Agreement.

D. Information Collected Automatically

We may automatically collect the following information from End User’s use of the Service(s) through cookies, web beacons, and other technologies: End User’s domain name, browser type, operating system, web pages End User view, links End User click, End User’s IP address, the length of time End User visit our Site and/or use our App, mobile device, mobile number, and the referring URL, the webpage that led End User to our Site etc. We may also have access to other data such as location, calls, mobile camera, photo gallery, and contacts, if End User allow. Note that this information that is automatically collected does not include Protected Health Information.

E. Cookies and Other Collection Tools

We may use our cookies and other collection tools to track information about End User’s use of our Site and other Services, or to track aggregate and statistical information about User activity. A cookie is a small file containing a string of characters that is sent to End User’s computer when End User visit a website; in this case the Site. When End User visit the Site again, the cookie allows that site to recognize End User’s browser. Cookies may store user preferences and other information such as a login credential and/or password. End User can reset End User’s browser to refuse all cookies or to indicate when a cookie is being sent. Other technologies are used for similar purposes as a cookie on other platforms where cookies are not available or applicable. Some cookies allow us to make it easier for End User to navigate our Site and other Services, while others are used to enable a faster login process or to allow us to track End User’s activities on our Site. All cookies are allowed, by default, but End User can adjust this setting and clear cookie for all sites or for certain pages. End User can disable or remove first-party and third-party cookie information and data. If End User remove cookies, things like saved preferences on websites might get deleted and some website features or services may not function as well. But if End User prefer, End User can edit End User’s browser options to block them in the future. The help portion of the toolbar on most browsers will tell End User how to prevent End User’s browser from accepting new cookies, how to have the browser notify End User when End User receive a new cookie, and/or how to disable cookies altogether.

F. Misc.

The application of this Privacy Policy is subject to the required equipment(s) and application(s) to upload and/or download the data to and from our server and is subject to the requirements or provisions of any applicable federal and state legislation, federal

and state regulations, agreements or the ruling of any court or other lawful authority. All Analysis Facility Users, and InBody employees and contractors, with access to End User’s Personal Information are required to comply with this Privacy Policy.

IV. Use of Information

A. Use of End User’s Information: by Analysis Facility

1) To track user’s performance at that Analysis Facility such as total amount of body fat lost, total amount of lean body mass gained, etc.

2) To track total users and the Facility’s performance such as such as total tests, existing users, new users, etc. This allows Facility Administrator to track how well their Analysis Facility is doing

3) To serve End User:

a. To provide End User with End User’s Personal Information such as End User’s BMI, PBF (Percent Body Fat), Lean Body Mass, Body Water, BMR, Systolic and Diastolic Blood Pressure measurements etc.

b. To help achieve End User’s goal, End User’s Analysis Facility may assign a Facility User(s) to chat with End User. This additional feature is provided to help End User stay connected with End User’s advisor. Any changes or updates to the assigned advisor should be discussed with the Analysis Facility

4) We collect information such as phone number, ID, name, or medical history to categorize the data for the Analysis Facility and to allow End User to track End User’s progress easily when End User participate in different challenges.

B. Collection of End User’s Information: for the End User

1) End User’s Personal Information is stored on the server for End User’s convenience, so End User can access End User’s data from App

2) We may have access to some of End User’s data generated by End User’s mobile phone, with End User’s consent, to allow End User to take full advantage of the App and the Product. This may include accessing and using:

a. Location – To allow End User’s wearable device and phone to pair and report fitness level(s)

b. Camera – To allow End User to take pictures and share with the Facility User

c. Call – To make calls to a Facility User and to allow call notifications to be sent to End User’s wearable Product

d. Gallery – To allow End User to share End User’s images with the Facility User

e. Contacts – To allow End User to track and rank End User’s family and friends who use the App and the Product

3) End User’s email address is used to send End User a temporary password if and when End User forget End User’s credentials for the App; it may also be used for other services related to End User’s password to confirm End User’s identity. End User have to manually confirm the usage of End User’s email for any of these services

4) We may send End User an electronic message through email or SMS where we take End User’s consent in accordance with the applicable law

C. Use of End User’s Information: by InBody

1) To serve End User:

a. To provide support to inquiries made by End User or the Analysis Facility regarding the Service(s); In the case of an inquiry, name and/or ID will be used by us for identification purposes

2) To give access to third parties to process that Personal Information:

a. Third parties that are affiliated with us may have access to End User’s Personal Information to process information and/or to provide End User services

b. When the information is entered on the Product (when it is connected to the Internet), App or the Site, it automatically gets uploaded on the Server. Access to the Server is open to InBody and its contracted affiliates for the same purposes as InBody

a. When we share End User’s Personal Information with any such third party we make sure they have appropriate safeguards in place for the protection of End User’s Personal Information and Personal Health Information so that the subcontractors and/or business associate are in compliance with HIPAA and other applicable state and federal privacy laws.

D. Other Uses of Personal Information

Other uses and disclosures of Personal Information not covered by this Policy and permitted by the applicable laws that apply to us may be made with End User’s consent, End User’s written authorization or that of End User’s legal representative, or where permitted or required by applicable law. If we are authorized to use or disclose Personal Information about End User, End User or End User’s legal representative may revoke that authorization in writing at any time with the Analysis Facility, except to the extent that we have taken action relying on the authorization or if the authorization was obtained as a condition of obtaining End User’s account, or if we are legally required to make a particular use or disclosure of End User’s information. End User should understand that we will not be able to take back any disclosures we have already made with End User’s authorization.

V. Disclosure of Information

We may share End User’s Personal Information, with the following entities for the purpose described below provided that our sharing of End User’s Personal Information and their use of End User’s Personal Information complies with HIPAA and other applicable state and federal privacy laws.

A. Business transfers:

We may disclose Personal Information in connection with the sale, merger, sale of assets or reorganization of InBody or its affiliates. In such an event, End User’s information will transfer to the acquiring company. Notice of such a transfer will be provided by posting to the Site or via another form of communication.

B. Third Parties:

We have a relationship with third-party service providers including, but not limited to, LookinBody Company and InBody Co., Ltd. They help us –

a. provide services to End User,

b. administer our business, and

c. design, maintain, improve our Service(s), systems, procedures, protocols, and security.

When we allow our contracted third-party service provider to have access to End User’s Personal Information, they are permitted to use it only for purposes that are consistent with this Policy. We ensure, through agreements in place, that these third parties have equivalent level of protection established in their organizations for sturdy protection of End User’s information. If a substantial change in our or our associates’ business model occurs, that impacts the use of End User’s information, an updated privacy policy will be provided. Below is the list of some of the third parties that may use End User’s Personal Information:

1) Use of Personal Information: By LookinBody Company

LookinBody Company reserves the right to use Personal Information:

a. To administer and maintain the Server;

b. To provide the highest level of support, if needed, to understand and solve any issue that may arise from End User or the Analysis Facility;

c. Improve InBody’s content

i. The collection of Personal Information also helps create, develop, operate, deliver, and improve Services.

ii. To track and respond to safety concerns and to further develop and improve Services

d. LookinBody Company may use the aggregated data, so they can administer and improve the Site, analyze trends and gather broad demographic information

i. The LookinBody Company may also use the aggregated data for various business purposes including Service development and improvement activities

2) Use of Personal Information: By InBody Co., Ltd.

a. InBody Co., Ltd. may share or sell aggregated, de-identified, data that does not identify End User, with partners and the public in various of ways, such as by providing research or reports about health and fitness or in connection with contests, challenges or another event. When they provide this information, they perform appropriate procedures so that the data does not identify End User.

C. With Service Providers and Business Partners:

We may collaborate with other companies and individuals to perform services on our behalf. Any such subcontractor will be treated with and under the compliance of 45 CFR § 164.502(b). Examples of providers include data analysis firms, credit card processing companies, customer service and support providers, email and SMS vendors, web hosting and development companies and fulfillment companies. Companies may also include our co-promote partners for Services that we jointly develop and/or market with. These third parties may be provided with access to the Personal Information needed to perform functions for us, but the use will be subject to contracts and agreements in place that protect the confidentiality of the information. Third party integration with our Services, such as Site, may require access to the Personal Information in a non-traditional manner which will be subject to different set of Terms.

D. Law enforcement:

We may disclose and report to law enforcement agencies information related to activities that we reasonably believe to be unlawful, or that we reasonably believe may aid a law enforcement investigation into unlawful activity. In addition, we reserve the right to release End User’s information to law enforcement agencies if we determine, in our sole judgment, that the release of End User’s information may help protect the safety or property of any person or entity.

E. Required or Permitted by law:

We may disclose End User’s information to others as required or permitted by law. This may include disclosing End User’s information to governmental entities, or pursuant to court orders, subpoenas, warrant, summons or similar process.

F. Protection for Us and Others:

We may disclose the information we collect from End Users where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any individuals, violations of our Terms or this Policy, or as evidence in litigation in which we are involved.

G. Data That End User May Direct us to Share

End User can direct us to share End User’s data with other parties or users. For example, End User may authorize us to share End User’s data with other End Users through the mobile App, with End User’s employer as part of a wellness program or with other

End Users or Analysis Facilities in connection with End User’s participation in contests, challenges or other events. End User may also direct us to share End User’s Personal Information with any other third-party app or website which will be subject to different set of terms and conditions.

VI. Consent

A. Unless we determine that we require an additional consent for specific Service(s) or any other new purpose, End User agree and consent that we may collect, use, share, or otherwise process End User’s Personal Information in accordance with this Policy.

B. End User’s consent denotes that End User has read the Policy in its entirety and understand the collection, use and disclosure of End User’s Personal Information in our organization.

C. In most cases, End Users have the ability to withdraw End User’s consent. However, because of regulatory requirements imposed upon us, or contractual obligations End User have with us, there are certain limited circumstances where End User may not withdraw End User’s consent to the collection, use or sharing of End User’s Personal Information. If End User choose not to provide us with certain Personal Information, or where End User have withdrawn End User’s consent, we may not be able to offer End User the Services or information that End User requested or that could be offered to End User. For example, if End User withdraw End User’s consent to use Personal Information such as weight, height, or gender, it will be impossible for the InBody Body Composition Analysis Device to test End User’s composition. Personal Information will not be disclosed without the consent of the individual, except to the extent permitted by applicable law in following cases:

1) Contact relating to Service inquiries or repairs

2) Requests for disclosure for legitimate legal reasons

3) When necessary to protect life, health, property or other vital interests of the End User

4) When a transfer of Personal Information is judged necessary to continue service in the event of changes to the service provider for example: a company merger

5) Other disclosures required or permitted by applicable law.

VII. Data Retention and Deletion

We and our affiliates actively retain Personal Information for ten years for our relationship for the purposes described above or as permitted or required by federal law. Aggregation of data will take place after ten years of End User’s inactivity. End User’s Personal Information is aggregated when End User are inactive on the App AND have not used the Product for ten years. When End User’s information is aggregated, End User’s Protected Health Information, name, ID, phone number, and email address, is deleted permanently. Only the de-identifiable information is kept for development, improvement, and/or marketing purposes. Inactivity is defined by two requirements:

1) When End Users are inactive (have not logged in) on the App

2) When End Users have not used the Product at the Facility

Inactivity or cancellation of the subscription by the Analysis Facility from the Product or the Service does not impact End User’s access to previous test results or the test results produced by InBody wearable products. If an End User is continuously using the Product, End User’s information will be retained until End User become inactive for ten years or deletes the information by making a request to the Facility.

Data can be deleted (i) if an Administrator of the Site deletes the data or account on the Site; or (ii) if End User manually delete the test results on the App (which does not mean that data has been deleted on the Facility’s Site).

To delete End User’s Personal Information permanently, End User must talk to End User’s Administrator or Staff Member to delete End User’s information. Analysis Facility has Custody and Control over data that was acquired at their Facility. However, if End User does not have a Facility and End User uses personal or home use device(s) independently, End User may delete End User’s test results or withdraw End User’s account to permanently delete End User’s account and information therein.

Deleting records and Personal Information is permanent; however, please note that in some cases we may be required to retain certain information where permitted or required by law, including without limitation if such information is the subject of a legal dispute. LookinBody Company may wait for a certain time before permanently deleting End User’s records or Personal Information in order to help avoid accidental or malicious removal of End User’s information.

A. Backups

A Backup is defined as data stored that matches the data on the Analysis Facility’s Services. The Backup will be maintained for the duration of the End User account or LookinBody Web active account until data is permanently deleted from the account. Data may be stored in the Backup even after someone deletes an End User account or information to avoid accidental or malicious deletion of End User’s information. After a reasonable time period has passed, the data will be deleted permanently or restored if requested. After the data is deleted permanently, the Backup will be deleted, subject to any legal requirements.

VIII. Data Accuracy

InBody works hard to ensure that the information within its Custody and Control is accurate. Nevertheless, the End User should be vigilant of the accuracy of their own Personal Information. The method for updating Personal Information depends on the information source. Personal Information comes from one of the following:

1) Entered by End User on the App or the Product

2) Entered by the Analysis Facility on the Site or the Product

Information End Users delete, update, or add on the App is stored only on an End User’s phone, viewable to End User, and will impact End User’s manually inputted test results, Personal Use device, and Wearable device results. It is in our Custody but Controlled by End User. If End User wishes to update End User’s Personal Information on any other device, End User should consult End User’s Analysis Facility or personally update it on the device. Any change to End User’s Personal Information will not impact End User’s previous tests.

Any factors of the Personal Information that are dynamic (changes frequently) for example Weight, Age or Phone Number, should be updated by End User or the Analysis Facility accordingly. As the Analysis Facility and End User have full authority to change or update any part of the Personal Information, InBody and its affiliates do not take responsibility for test results and/or decisions made, based on the inaccurate Personal Information.

IX. Accessing and Correcting Personal Information

End User and the Analysis Facility have full authority to add, update, or delete any part of End User’s Personal Information. Yet End User may request access or correction of End User’s Personal Information to us. To access or request correction of End User’s Personal Information, please contact us at Info@InBody.com. We may require End User to verify End User’s identity before allowing End User to access End User’s Personal Information. We may decline End User’s access because of security or legal reasons but End User can submit a written request to us and we will try to address the issues as soon as possible.

X. Children’s Privacy

We are mindful that the Services will be attractive and of benefit to potential users under the age of 18 or local age of majority and it is our policy, regardless of the country in which the Analysis Facility is located, to ensure that parents or legal guardians can monitor data collected in respect of such users. Our Service(s) is available to End Users who are below the age of 18 or local age of majority. The parent or legal guardian of any End User aged below 18 years of age is required to consent to the collection and use of his/her child’s Personal Information and Personal Health Information at the time of registering and use of our Services. When End User consent to this Policy, if applicable, End User consent to the collection, use, and disclosure of Personal Information and Personal Health Information of End User’s child. A parent or legal guardian of any child who has not attained 18 years of age or local age of majority can review his/her child’s Personal Information and Personal Health Information, ask to have it deleted, and refuse to allow any further collection or use of the child’s information from the Analysis Facility.

XI. Safeguards

We work very hard to protect the data End User provide. We take reasonable and appropriate measures to protect the data End User submit, including physical, organizational, and technological security measures. Furthermore, we promise to never sell your Personal Information. Please be aware, however, that the Internet is a global communications vehicle open to threats, viruses, and intrusions from others. By accepting this Policy, the End User and Analysis Facility each acknowledge that unintentional data loss may occur despite the efforts made in good faith by InBody, its third-party affiliates, or an Analysis Facility.

The purpose of access and process by the third-party affiliates in different countries will remain consistent with this Policy. Processing and access may be possible from other countries whose data protection laws may differ from the jurisdiction in which End User live. As a result, this information may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to laws in those jurisdictions. If End User are an Analysis Facility or a Facility User, End User represent and warrant to InBody that End User attained all necessary consent and provided all necessary notices as required by applicable laws for the purposes of this Policy.

A. Technical Safeguards

We use a variety of security measures, including encryption and authentication tools to help protect End User’s information. Third parties, including, but not limited to, LookinBody Company utilize extended levels of security to protect the electronic data.

B. Physical Safeguards

We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to our office. Third Parties such as LookinBody Company restrict their offices to authorized personnel only, also other forms of restriction are applied to enter the department with access to the server.

C. Administrative Safeguards

We restrict access to Personal Information and Personal Health Information to InBody employees, contractors, and agents who need to know Personal Information or Personal Health Information in order to process something for us. They are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. Third parties are also required to limit the access to our server(s), to authorized personnel only, who use the information for the purposes indicated in this Policy.

XII. Incident Management

InBody and its third-party affiliates have developed a comprehensive incident readiness and response plan designed to identify the cause, extent and nature of an incident involving Personal Information and Personal Health Information and to allow timely reporting in accordance with our contractual terms or legal obligations.

XIII. Anti-Discrimination

We promise not to retaliate or discriminate against anyone exercising consumer rights under the California Consumer Protection Act or any other applicable consumer protection regulation, and we reserve the right to adjust our pricing based on services offered.

XIV. Terms and Conditions

End User’s continued use of our Services, and any disputes arising from them, is subject to this Policy as well as our Terms. Please visit our Terms, which explain other terms governing the use of our Services.

XV. Links

The Site may provide links to other sites that provide information related to our Services. Once End User link to another site, End User are subject to the privacy policy of the new site. End User can also find a list of Services at our website www.inbodyusa.com.

XVI. Update

We reserve the right to change and amend any part of the Policy at any time and without prior notice. Details of these updates will be made available on the Site. We advise End User check the Site from time to time to make sure that End User agree with any changes and amendments. End User’s continued use of our Services constitutes End User’s acceptance to this Policy and any updates. This Policy is incorporated into the Terms of Service for End User (if End User are an End User) and the Terms of Service for Analysis Facility (if End User are a Facility User).

XVII. Contact Information

If End User have any questions or comments regarding this Policy, our information handling practices, or any other aspects of End User’s privacy and the security of information, please send an email to Info@InBody.com or contact us at

InBody USA

Attn: Legal and Business Affairs

13850 Cerritos Corporate Dr., Suite C

Cerritos, CA 90703

LookinBody Web API Terms of Use

1. Introduction

1.1 About Us and These API Terms of Use

You agree that by using the InBody platform, you are agreeing to enter into a legally binding contract with Biospace Inc. DBA InBody (“we,” “us,” “our,” and “InBody”).

By submitting an API key for a software application, website, InBody product, or service you offer (an “Application”) at the InBody developer site https://apiusa.lookinbody.com (the “Developer Site”), you acknowledge that you, your clients and users are in good standing and understand and agree to be bound by these InBody API Terms of Use (the “Terms”).

If you are developing in conjunction with our platform, or using our platform, on behalf of a company or other entity, you represent and warrant that you have full legal authority to register an Application on behalf of that entity and bind it to these Terms. If you are not authorized, you may not accept the Terms or register an Application for someone else.

As used in these Terms, “API” means programmatic web API, software and other functionality and their associated tools and documentation that InBody makes available on the Developer Site.

When you develop in conjunction with the InBody platform (“Developer”), you acknowledge that you have also agreed to our Business Partner Agreement and Privacy Policy and that these Terms are in addition and relating specifically to your use of our API.

If you are using the InBody platform as a client facility (“Analysis Facility”), you acknowledge that you have also agreed to our Privacy Policy and that these Terms are in addition and relating specifically to your use of our API.

1.2 Scope and Intent

InBody makes API available to Developers and Analysis Facilities as follows:

(1) “Self-Serve API Program” where you can develop Applications using our API that is available to you immediately upon registration for an API key on our Developer Site; or

(2) “Vetted API Program(s)” where you can develop Applications using our API that are available only to developers that meet the applicable Vetted API Program eligibility criteria and have agreed to these Terms and Business Partner Agreement, as defined below, which is incorporated by reference into the Terms. Only a Developer can apply for a Vetted API Program.

With respect to a Vetted API Program, these Terms shall apply except where there is conflict with the applicable Business Partner Agreement, in which case such Business Partner Agreement shall control.

1.3 Developer Documentation

Your use of our API and display of Content in your Application must comply with the technical documentation, usage guidelines, call volume limits, and other documentation maintained at the Developer Site or otherwise made available to you (together, the “Developer Documentation”, which are expressly incorporated into these Terms by

reference). “Content” means any data or content from our Services or accessed via the API. “Services” means usa.lookinbody.com and other InBody-related sites and related apps, communications and services and technology.

In the event of any conflict between the Developer Documentation and these Terms, these Terms shall control.

1.4 Self-Serve API Program Eligibility Criteria

In addition to your compliance with the other requirements and obligations set forth in these Terms, you may participate in the Self-Serve API Program and display Content retrieved via the applicable API in your Application if:

1.you are developing an Application designed to help InBody registered end users (“Member”) utilize, access, and understand their information more quickly, effectively, and efficiently; or2.your Application DOES NOT make more than 500 daily calls to each individual API endpoint.

2.Access to the APIs

2.1 Application Registration

To begin using the API, please first contact your InBody Representative for further information. You will be asked to agree to these Terms along with any other agreements that InBody may require. Following that, you must sign-in to https://apiusa.lookinbody.com using your LookinBody Web account’s username and password, and then submit an API key.

You agree that we can use, store, and share information submitted by you to InBody in connection with your Application to contact you, for attribution purposes, handling inquiries from Members or potential Members about your Application, for other purposes under these Terms (for example, we may email you with updates regarding the developer program), and as otherwise permitted in our Privacy Policy. You acknowledge that if you share the contact information of your employees or independent contractors with us, we may contact them in accordance with these Terms.

2.2 Access Credentials

Once you have successfully registered an account, the account holder will receive a confirmation email to be given access to your API credentials for your Application. “Access Credentials” means the necessary security keys, secrets, tokens, and other credentials to access the applicable API. The Access Credentials enable us to associate your API activity with your Application and the Web account using it. All activities that occur using those access credentials are your responsibility. You agree that InBody shall not be deemed liable for any activities occurring under those Access Credentials. Keep your Access Credentials secret. Do not sell, share, transfer, or sublicense them to any other party other than your employees or independent contractors in accordance with Section 3.1 below. Do not try to circumvent them and do not require your users to obtain their own Access Credentials to use your Application (for example, in an attempt to circumvent call limits).

2.3 Test Profiles

You may create up to one hundred test profiles for purposes of testing your Application only. You must create the profiles manually and not via automated means, such as scripts.

Test profiles must be standard member profiles.

You shall delete all test profiles upon completion of testing.

2.4 API License

Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-sublicensable (except to independent contractors so they may host, develop, test, operate, modify or support your Application in accordance with Section 3.1), non-transferable, non-assignable license under InBody’s intellectual property rights during the Duration (as defined in Section 11.1, below) (a) to use the API to develop, test, operate and support your Application; (b) to distribute or allow access to your integration of the API within your Application to end users of your Application; and (c) to display the Content accessed through the API within your Application.

3. Use of API and InBody Content

3.1 General Restrictions

In addition to the other terms and conditions in these Terms, except as expressly set forth herein, you agree not to do the following:

a. Implement features or business practices, or use the API or Content in a way, that may harm Members;

b. Disclose or provide the API or Access Credentials to any person or entity other than to your employees or independent contractors, provided (1) such employees or independent contractors enter into an agreement with you at least as protective of InBody’s rights as this Agreement, and (2) you hereby agree to be responsible for, and liable to InBody for, any breaches of such agreements by such employees or independent contractors;

c. Impersonate a Member or facility in order to gain access to information and data available through InBody’s network, Services, or Content;

d. Use the API or Content for any illegal purposes, or in any manner which would violate these Terms, or breach any laws or regulations regarding privacy or data protection, or violate the rights of third parties or expose InBody or its users to legal liability;

e. Remove any legal, copyright, trademark or other proprietary rights notices contained in or on materials you receive or access pursuant to these Terms, including, but not limited to, the API, the Developer Documentation, and the Content;

f. Sell, lease, share (with the exception of making the Content available to users through the Application), transfer, sublicense or otherwise make available any Content, directly or indirectly, to any third party (e.g. you may not sell InBody measurement data or access to same), including, but not limited to, any data broker, ad network, ad exchange, or other advertising monetization-related party;

g. Use the Content for any other purpose other than to allow your users to use the Content in your Application;

h. Use any Content in any advertisements or for purposes of targeting advertisements specifically to any individual user (whether such advertisements appear in the Application or elsewhere), or to generate mass messages, promotions or offers;

i. Make any statements or use any API or Content in a manner that expresses or implies that you, your Application or your use of the Content is sponsored or endorsed by InBody (e.g., you must not state or in any way imply that InBody has “verified” or “confirmed” the veracity of any Content);

j. Use any API in any manner that, as determined by InBody in its reasonable discretion, constitutes abusive usage;

k. Interfere with or disrupt the Services or servers or networks connected to the Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Services, or transmit any viruses, worms, defects, Trojan horses, or any items of a destructive nature through your use of any API;

l. Provide functionality that proxies, requests or collects InBody usernames or passwords;

m. Copy, adapt, reformat, reverse-engineer, disassemble, decompile, decipher, translate or otherwise modify any API, Access Credential, Content, Services, InBody Brand Features or other information or service from InBody, through automated or other means;

n. Use Content in any manner that facilitates bias or discriminatory practices, including data “redlining,” whether intentional or inadvertent, based on any sensitive or legally protected categories or characteristics;

o. Try to exceed or circumvent limitations on API calls and use. This includes creating multiple Applications for identical, or largely similar, usage;

p. Distribute or allow third parties access to any stand-alone API;

q. Attempt to re-identify any de-identified or anonymized data;

r. Access, store, display, or facilitate the transfer of any InBody content obtained through the following methods: scraping, crawling, spidering or using any other technology or software to access InBody content outside the API (such content, collectively, “Non-Official Content”). This restriction applies (1) whether the Non-Official Content was obtained indirectly through a third party, such as a customer or third-party developer, and (2) whether or not the Non-Official Content is stored or displayed in the Application or some other resource, product or service.

3.2 Excluded Uses of the API

In addition to the other terms and conditions in these Terms, you must never do any of the following under these Terms:

a. Use the API in any Application that includes adult content, promotes gambling, involves the sale of tobacco or alcohol to persons under 21 years of age, or otherwise violates any applicable law or regulation; or

b. Use the API to retrieve Content that is then aggregated with third party data in such a way that an end user cannot attribute the Content to InBody (i.e., aggregated search results).

4. Storage of Content

4.1 No Storing Any Content

You must not capture, copy or store any Content or any information expressed by the Content (such as hashed or transformed data), except to the extent permitted by these Terms.

You may only store Content in a manner which enables you to identify, segregate and selectively delete such Content. The Content must not be stored in a data repository that would enable any third party access (other than the customer or Member to which it relates).

4.2 You May Store Tokens

You may store the Application-specific ID that we provide to you for identifying users of your Application (“User ID”) or the mobile number tokens that we provide to you when a Member registers to our Services with their InBody account (“User Token”).

4.4 Member Profile Data

You must obtain legally valid consent, as required under your jurisdiction, from a Member before you may store that Member’s Profile Data and Content.

In addition to the requirements set forth below in Section 5, the process for obtaining Member consent to store their data must, at a minimum, meet the specifications set forth from the Developer Documentation. “Profile Data” means any or all of a Member’s profile data available through an applicable API, subject to a Member’s profile visibility and other privacy settings.

If you want to refresh the Member’s Profile Data, you may only do so when the Member is actually using your Application and not on an automated schedule.

You must promptly delete and/or de-identify all Content collected through the API about a particular Member, including the User ID and the User Token, upon request by that Member, when the Member uninstalls your Application or when the Member closes their account with you.

The restrictions of this Section do not apply to data that Members provide to you or that is separately entered or uploaded to you outside of the Application by the user of your Application.

4.5 Delete for Breach

You must immediately delete all Content if we terminate your use of the API, except when doing so would cause you to violate any law or obligation imposed by a governmental authority.

4.6 Data Protection

The term “Covered Data” has the meaning given to the term “personal data” under the European Union General Data Protection Regulation, Regulation (EU) 2016/679 (“GDPR”).

You agree to the following:

a. Covered Data that is acquired at your facility is in your custody and control. You may review, analyze, edit, and modify information related to Content (except personal use device’s Content)

b. You are responsible for securing the Covered Data, exchanged content, and media in your custody and control according to the applicable law of your jurisdiction

c. You are responsible for all data that is inputted into the Site by you pursuant to your use of the Services. You represent and warrant that all data provided by you through the Site for processing or analysis is correct and true.

d. To learn more about data handling processes, please refer to our Privacy Policy.

4.7 Breach Notification and Incident Reporting

a. Breach Source. In order to determine the source of a Member’s Covered Data Breach, you shall conduct a thorough investigation to determine the identity of the breaching party for post-incident action plan. You warrant that you have safeguards, policies and procedures in place to detect and counter a Covered Data Breach from your custody and control

b. Data Breach Detection and Responding Policies. We have technological and organizational measures in place to detect Covered Data breach in our system. You warrant that you have technological measures in place to detect Covered Data breach in your systems.

We have policies and procedures in place:

i. to access the level of risk to Covered Data subjects as soon as feasible

ii. to ensure that the Covered Data breach is contained as soon as possible

iii. to inform all interested persons within the company of the Covered Data breach and the affiliated companies that may be inflicted with the incident

iv. to notify supervisory authorities (applicable to your jurisdiction) and Covered Data subjects and others of the breach in accordance with this policy

c. Notification to Supervisory Authorities – We may notify (depending on the assessment of the Division 10.1 “determine if the breach poses a “real risk of significant harm” from PIPEDA) the supervisory authority, in case of a Covered Data Breach outside of our custody and control, once we become aware of it.

If assessed that the breach poses a real risk of significant harm to a Member, we will notify the supervisory authority in the prescribed form and manner and within a reasonable amount of time after a Covered Data Breach determination has been made by us.

You warrant that you have necessary procedures and protocols in place to notify the supervisory authority and any other related party that may be at risk of harm stemming from the Covered Data Breach within a reasonable time following that Member’s Covered Data Breach

e. Notification to Covered Data Subjects – We have policies and procedures notify the affected Members of the Covered Data Breach; if we determine that said Member(s) is or are at a real risk of significant hare, we shall notify the Member in the prescribed manner and form. You warrant that you will notify the affected Members if it is determined that the Covered Data Breach occurred from your facility and/or custody and control.

5. Don’t Harm or Trick Members

5.1 Your User Agreement and Privacy Policy

Your Application must include, and you agree to bind Members to, your own user agreement and privacy policy. Your user agreement and privacy policy must be prominently identified or located where Members download or access your Application. Your privacy practices must meet applicable legal standards of your jurisdiction and accurately disclose the collection, use, storage and sharing of data.

If your Application is a franchise application, you must enter into customer agreements with your franchise customers that describe how you will be accessing InBody accounts and Content on the customer’s behalf.

You must promptly notify us of any breaches of your user agreement or privacy policy that impact or may impact Members. Your privacy policy must be at least as stringent and user-friendly as InBody’s Privacy Policy.

5.2 InBody Member Consent

Before obtaining information from Members, you must obtain their legally valid consent pursuant to your jurisdiction which, at a minimum, shall include: (a) how their data will be used, (b) when it will be collected (e.g., will the Application pull a Member’s Profile Data more than once); and (c) how a Member can withdraw their consent. The consent must be freely given (in accordance with applicable law in your jurisdiction) and given by a statement or a clear affirmative action.

6. Brand Use

6.1 Brand Features License and Publicity Rights

Subject to these Terms (including our Branding Guidelines), we grant you a limited, non-exclusive, non-assignable, non-sublicenseable, and non-transferable license during the Duration to display Our Brand Features within the Application and to accurately promote or advertise your integration of the API in your Application. “Our Brand Features” means any trade names, trademarks, service marks, logos and domain names that InBody makes available to you.

You agree not to display Our Brand Features (a) in any way that violates applicable law, including laws regarding libel, slander, obscenity and infringement; (b) in any way that is misleading, implies that your Application is approved, created or endorsed by InBody (or otherwise embellishing your relationship with InBody); or (c) in a way that is otherwise objectionable to InBody in its sole discretion, unless otherwise permitted in our Business Partner Agreement. If you are planning any formal, proactive press outreach, you will submit the content (press release, blog post, etc.) to us for prior written approval (email acceptable), unless expressly allowed in our Branding Guidelines. Any good will in Our Brand Features resulting from your use will inure solely to InBody.

You grant us a limited, non-exclusive, non-assignable, non-sublicensable, and non-transferable license during the Duration to display your trade names, trademarks, service marks, logos and domain names (collectively, “Your Brand Features”) to promote or advertise your use of the APIs in your Application. Any good will in Your Brand Features resulting from our use will inure solely to you.

We may, without your consent, publicly refer to you, orally or in writing, as a licensee of the APIs and/or user of the Content. We may also publish your name and logo (with or without a link to your Application) on our Services, in press releases, and in promotional materials without additional consent or notice to you.

7. Safety and Abuse

7.1 Security Measures

In addition to Section 4.6 and 4.7, you agree to the following:

a. Requirement for Security Measures. Your network, operating system and the software of your web servers, databases, and computer systems (collectively, “Systems”) must be properly configured to securely operate your Application and process Content.

b. Security Questionnaire. If requested, you must complete InBody’s security questionnaire (which InBody will provide to you).

c. Security Breach. You must promptly report any security deficiencies in, or intrusions to, your Systems that you discover (or are reported publicly or to you) to InBody in writing via email to LBWeb@InBody.com or subsequent contact information posted on the Developer Site if such intrusions could reasonably be expected to affect the Content, InBody or its Members in any way. You will work with InBody to immediately correct any security deficiency, will disconnect any intrusions or intruders, and will inform, guide, and give notice that the deficient application will be unavailable to the public until the security breach/issue is resolved. In the event of any security deficiency or intrusion involving the Application, APIs or Content, you will make no public statements (e.g., press, blogs, social media, bulletin boards, etc.) without prior written and express permission from InBody in each instance.

7.2 Monitoring

You will provide us with up to two full-feature client account-level instances to access your Application (and/or other materials relating to your use of the API and/or the Content) as reasonably requested by us to verify your compliance with these Terms (including, in particular, your security and privacy obligations under these Terms).

You also agree to assist InBody in verifying your compliance with these Terms by providing us with information about your Application and storage of Content, which may include access to your Application and other materials or Systems related to your use of the APIs. If you do not demonstrate full compliance with these Terms, as determined in our sole discretion, we may restrict or terminate your access to the API.

You acknowledge that InBody may monitor any API activity from its own systems for the purpose of ensuring quality, improving InBody products and Services, and ensuring compliance with these Terms. You must not interfere or attempt to interfere with such monitoring or otherwise obscure from InBody your API activity. InBody may use any technical means to overcome such interference.

8. Rights InBody Reserves

8.1 Support and Updates

We may provide you with support for the APIs in our sole discretion and we may stop providing support to you at any time without notice or liability to you. We are not obligated to provide any training, support or technical assistance for the Application, the Content, or the APIs directly to your Application users and you agree to communicate to your Application users that you (and not InBody) are responsible for any such support.

We may modify or release subsequent versions of the API, and/or subsequent versions of these Terms, the Privacy Policy, and the Business Partnership Agreement, and require that you use those subsequent versions. Unless we release a new version of the API for security or legal reasons, you will have a reasonable amount of notice (as determined by us), to migrate to subsequent versions of the API. You acknowledge that once InBody releases a subsequent version of an API, the prior version of such API may stop working at any time or may no longer work in the same manner. Your continued use of the API following a subsequent release will be deemed your acceptance of all modifications.

8.2 Costs and Fees

Should InBody change the costs and fees associated with the use of the APIs or any developer tools and features, you do not have any obligation to continue to use the APIs.

Each party will bear its own costs and expenses in performing its obligations under these Terms.

8.3 Independent Development

Each party acknowledges that the other party may independently create applications, content and other products or services that may be similar to or competitive with those of the other party and nothing in these Terms will be construed as restricting or preventing each party from creating and fully exploiting such applications, content and other products or services, without any obligations to the other party.

9. Ownership

9.1 All Rights Reserved

As between the parties, we own all rights, title, and interest in and to the (a) APIs, and all elements, components, and executables of the APIs, (b) Content; (c) Services; and (d) Our Brand Features (clauses (a)-(d) collectively, the “InBody Materials”), and, subject to the foregoing, you own all rights, title, and interest in and to the Application and Your Brand Features. Except to the limited extent expressly provided in these Terms, neither party grants, nor shall the other party acquire, any right, title or interest (including any implied license) in or to any property of the first party under these Terms. All rights not expressly granted in these Terms are reserved.

9.2 License to Your Application

For the Duration you grant us a royalty-free, non-exclusive, worldwide, irrevocable right and license, under all of your intellectual property rights, to: (a) use, perform, and display your Application and its content for purposes of marketing, demonstrating, and answering inquiries; (b) link to and direct Members to your Application; and (c) sublicense the foregoing rights to InBody Affiliates (as defined in Section 12.3 below).

9.3 Feedback

Either party may from time to time elect, in its sole discretion, to provide suggestions, comments, improvements, ideas or other feedback to the other party related to the other party’s products and services (”Feedback”). Feedback is provided on an “as is” basis with no warranties of any kind and the receiving party will have a royalty-free, worldwide, sublicenseable, transferable, non-exclusive, perpetual and irrevocable right and license to use Feedback. Each party agrees not to provide Feedback that it knows is subject to any intellectual property claim by a third party or any license terms which would require products or services derived from that Feedback to be licensed to or from, or shared with, any third party.

10. Follow the Law and These Terms

10.1 Legal Compliance

You represent and warrant to InBody that: (a) you have the right to use, reproduce, transmit, publicly display, publicly perform, and distribute your Application (excluding InBody Materials); (b) use of your Application by InBody and its Members in accordance with the Application’s terms of use will not violate the rights of any third party (e.g., copyright, patent, trademark, privacy, publicity or other proprietary rights of any person or entity), or any applicable regulation or law, including the Digital Millennium Copyright Act, the laws of any country in which your Application is made available and any applicable export laws; and (c) you will comply with all applicable local, state, federal, and foreign laws, including, without limitation, any laws or regulations relating to privacy and data protection, which includes the acquisition of all necessary consent and authorization forms that your jurisdiction may require, in connection with its performance under these Terms

10.2 Compliance and Amendments to These Terms

You must comply with these Terms in order to use the APIs and we reserve the right to terminate your access to the APIs should you fail to comply or be discovered to have failed to comply. The most current version of these Terms can be reviewed on the Developer Site.

We reserve the right to modify, supplement, or replace any provisions of these Terms, effective prospectively upon posting on the Developer Site or otherwise notifying you. For example, we may present a banner on the Developer Site when we have amended these Terms so that you may access and review the changes prior to your continued use of the APIs and Developer Site. If you do not want to agree to changes to these Terms, you can terminate these Terms at any time in accordance with Section 11.

10.3 Other Obligations

In addition to any other documents incorporated by reference into these Terms above, you and your Application must also comply with the following, if applicable to you, which are hereby incorporated by reference:

a. The InBody Business Partnership Agreement; and

b. The InBody Privacy Policy.

In the event of any conflict between the content in this document and the above documents these Terms control your use of the API. If you disagree with any of the provisions in these Terms, do not access or use the API.

InBody reserves the right to require you to agree to additional agreements/documents as part of your obligations.

11. Term and Termination

11.1 Duration of Terms

The duration of these Terms (the “Duration”) will be from the date upon which you agree to these Terms and will continue until terminated as set forth below or unless otherwise made inapplicable.

11.2 Your Termination Rights

You may terminate these Terms by discontinuing use of our API or cancelling your subscription.

11.3 Suspension; Termination

We may suspend or terminate your use of all or any of the API or Content at any time if we believe you have violated these Terms, or, in our sole discretion, we believe the availability of the API in your Application is not in our or the Members’ best interests.

We may discontinue the availability of some or all of the API or any Content at any time for any reason. We shall provide you with 30 calendar days’ notice unless we discontinue such availability to protect the security or integrity of the API and related offerings, to address user security or user privacy issues, for legal compliance reasons, or to the extent necessary to mitigate damages in relation to third party litigation.

We may also impose limits on certain features and services or restrict your access to some or all of the API, Content or our Services. Although we will endeavor to provide prior notice of our exercise of our rights pursuant to this Section, it may not be practical or commercially reasonable in all circumstances. Accordingly, all of our rights in these Terms may be exercised without prior notice or liability to you.

11.4 Termination for Cause

Either party may terminate these Terms: (a) if the other party files a voluntary petition for bankruptcy or a petition or answer seeking a reorganization; (b) if the other party has filed against it an involuntary petition for bankruptcy that has not been dismissed within 60 calendar days thereof; (c) if the other party becomes insolvent, admits in writing its inability to pay its debts as they mature, or makes an assignment for the benefit of its creditors; (d) if the other party applies for or consents to the appointment of a receiver, trustee or liquidator for substantially all of its assets or such receiver, trustee or liquidator is appointed for the other party; or (e) upon the occurrence of a material breach of these Terms by the other party, if such breach is not cured within ten (10) business days after written notice identifying the matter constituting the material breach is provided by the non-breaching party.

11.5 Effect of Termination

Upon termination of these Terms:

a. all licenses granted under these Terms will terminate immediately;

b. upon request, each party will promptly return to the other party or delete all tangible embodiments of confidential information of such party in its possession, custody or control;

c. you will comply with the requirements to delete stored Content; and

d. InBody will make commercially reasonable efforts to remove all references and links to your Application from the Services (InBody has no other obligation to delete copies of, references to, or links to your Application).

Notwithstanding the above, each party may retain a copy of these Terms and such other confidential information of the other party as reasonably required for legal and auditing purposes. InBody may request that you certify in writing your compliance with this Section.

11.6 Survival

The following sections of this Agreement shall survive any termination, Sections 3 (“Use of the API and InBody Content”), 4.6 (“Delete at Member Request”), 4.7 (“Delete for Breach”), 4.8 (“Data Protection”), 5 (“Don’t Harm or Trick Members”), 6 (“Brand Use”), 7 (“Safety and Abuse”), 8.3 (“Independent Development”), 9 (“Ownership”), 10 (“Follow the Law and These Terms”), 11.5 (“Effect of Termination”), 11.6 (“Survival”), 12 (“Disclaimer of Warranties; Limitation of Liability; Indemnity”), 13 (“Dispute Resolution”) and 14 (“General Terms”).

12. Disclaimer of Warranties; Limitation of Liability; Indemnity

12.1 Applicability of Disclaimer and Limitation

Some countries and jurisdictions do not allow the disclaimer of certain implied terms or exclusions of liability and as a result the contents of this Section 12 may not, in their entirety, apply to you.

12.2 Disclaimer of Warranties


12.3 Limitation of Liability




12.4 Your Indemnification Obligations

You will defend, hold harmless, and indemnify InBody and the InBody Affiliates (and our and their respective employees, shareholders, and directors) from any claim or action brought by a third party, including all damages, liabilities, costs and expenses, including reasonable attorneys’ fees, to the extent resulting from, alleged to have resulted from, or in connection with: (a) your breach of your obligations herein; or (b) the violation of any copyright, trademark, service mark, trade secret or patent by the Application, Feedback or Your Brand Features.

13. Dispute Resolution

13.1 Law and Forum for Legal Disputes

These Terms and any claim, cause of action or dispute (“Claim”) arising out of or related to these Terms shall be governed under the state laws of California, except that the U.S. Federal Arbitration Act governs everything related to arbitration. All Claims (except those brought in arbitration and small claims court) can be litigated only in the federal or state courts in Los Angeles County, California, USA, and we each agree to personal jurisdiction in those courts.

Notwithstanding the above, you agree that InBody shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.

In the event of litigation between the parties arising out of or related to these Terms, the prevailing party will be entitled to recover its attorneys’ fees and costs incurred.

13.2 Arbitration Option

For any Claim (excluding claims for injunctive or other equitable relief) arising out of or related to these Terms, where the total amount of the award sought is less than $10,000, the party requesting relief may elect to resolve the Claim in a cost effective manner through binding non-appearance-based arbitration. In the event a party elects arbitration, they shall initiate such arbitration through an established alternative dispute resolution (“ADR”) provider mutually agreed upon by the parties.

The ADR provider and the parties must comply with the following rules:

a. the arbitration shall be conducted by telephone, online, and/or be solely based on written submissions, the specific manner shall be chosen by the party initiating the arbitration;

b. the arbitration shall not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and

c. any judgment on the award rendered by the arbitrator shall be final and may be entered in any court of competent jurisdiction.

14. General Terms

14.1 Severability

If any provision of these Terms is found to be illegal, void, or unenforceable, the unenforceable provision will be modified so as to render it enforceable to the maximum extent possible in order to effect the intention of the provision; if a term cannot be so modified, it will be severed and the remaining provisions of these Terms will not be affected in any way.

14.2 Language

Where InBody has provided you with a translation of the English language version of these Terms or any document referenced in these Terms, you agree that the translation is provided for your convenience only and that the English language versions of any such document, will control.

14.3 Notices and Service of Process

We may notify you via postings on the Developer Site or via the email address associated with your Application or Member account. InBody accepts service of process at this address: InBody USA ATTN: Legal and Business Affairs, 13850 Cerritos Corporate Drive, Unit C., Cerritos, CA 90703. Any notices that you provide without compliance with this Section shall have no legal effect.

14.4 Entire Agreement

These Terms, including any documents incorporated into these Terms by reference, constitute the entire agreement between you and InBody regarding the subject matter of these Terms and supersedes all prior agreements and understandings, whether written or oral, or whether established by custom, practice, policy or precedent, with respect to the subject matter of these Terms.

14.5 No Injunctive Relief

In no event shall you seek or be entitled to rescission, injunctive or other equitable relief, or to enjoin or restrain the operation of the developer platform or any APIs, Content or other material used or displayed through the InBody developer platform.

14.6 Assignment and Delegation

You may not, without InBody’s prior written consent, assign or delegate any rights or obligations under these Terms, including in connection with a change of control. Any purported assignment and delegation shall be ineffective. We may freely assign or delegate all rights and obligations under these Terms, fully or partially without notice to you.

14.7 Potential Other Rights and Obligations

You may have rights or obligations under local law other than those enumerated here if you are located outside the United States.

14.8 No Partnership

Nothing in these Terms will be construed as creating a partnership or joint venture of any kind between the parties and neither party will have the authority or power to bind the other party or to contract in the name of or create a liability against the other party in any way or for any purpose.

14.9 How to Contact Us

If you have questions or comments about these Terms, please contact us online (LBWeb@inbody.com) or by physical mail at:

InBody USA

Attn: Legal and Business Affairs

13850 Cerritos Corporate Drive, Unit C

Cerritos, CA 90703

Print Friendly, PDF & Email