OURA API AND MCP AGREEMENT

This Oura API and MCP Agreement (the “Agreement”) is made and entered by and between OURARING, INC., a Delaware corporation (“Oura” or the “Company”) and the person, entity, or other party using or accessing the Oura API or MCP Server (“you,” “your,” or “yours,” as applicable, whether individually or on behalf of a third party whom you represent or for whom you are acting as an agent). This Agreement may refer to Oura and you collectively as the “Parties” or to either of them individually as a “Party.”

The Company is a health and wellness technology company that designs, develops, and commercializes wearable ring devices that track and analyze various health metrics, sleep patterns, activity levels, and other physiological data of consumers who wear such devices, including the Oura Ring and all associated hardware, software, applications, backend systems, and related technologies (collectively, the “Oura Platform”).

The Company is making its Oura API and MCP Server available for use pursuant to and in accordance with the terms of this Agreement.

You are and must be responsible for your use of the Oura API and/or MCP Server in connection with your applications, technology, and programs, and you may not create, inform, design, develop, or improve any product, service, or technology that competes with or merely replicates those of Oura.

You (including on behalf of any third party you represent or for whom you are acting as an agent) must read this Agreement in its entirety, as it governs your use of, access to, and processing of information with respect to the Oura API or MCP Server.

1. Definitions

“Affiliate” means, with respect to either Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, where “control” means the ownership of at least fifty percent (50%) of the equity interests or the right to vote for or appoint a majority of the board of directors.

“Aggregator” means any person or entity (including any User) that accesses, receives, or obtains User Data or Oura Data through or in connection with the Oura API, the MCP Server, or any other means, and which transmits, discloses, makes available, or otherwise provides such User Data or Oura Data (or any data or information derived therefrom) to any third party such that it may be used for enabling, facilitating, supporting, or enhancing a third party’s products, services, platforms, or applications.

“AI Model(s)” means any artificial intelligence system, machine learning model, neural network, large language model, or other computational intelligence system.

“AI Platform” means any platform, tool, system, application, or service that is owned, licensed, used, or operated by you or which is otherwise under your control, in each case whether self-hosted or provided as a service by any third party, through which users may interact with, access, or utilize AI Models or other artificial intelligence or machine learning capabilities in connection with any activity, service, or function contemplated by this Agreement.

“API” or “Application Programming Interface” means the standardized open protocol for connecting software applications to access, exchange, and act on contextual data and functions.

“Collaborator Application” means an application developed, operated, or maintained by you that is used in connection with the Oura API or MCP Server as authorized pursuant to this Agreement.

“Confidential Information” means all non-public information disclosed by one Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) that relates to the Disclosing Party’s technology, products, services, business, intellectual property, or any other proprietary information, whether disclosed orally, in writing, or by any other means. Confidential Information includes all User Data, all Oura Data, and the terms of this Agreement.

“Data Incident” means any actual or suspected breach of security or privacy leading to the accidental, unauthorized, or unlawful destruction, loss, alteration, disclosure of, or access to User Data, Oura Data, or Confidential Information.

“Data Protection Laws” means all applicable laws, rules, and regulations relating to data privacy, data protection, or data security, including without limitation the General Data Protection Regulation, the California Consumer Privacy Act, and other applicable federal, state, and international privacy laws.

“End Customer” means a person or entity who receives, accesses, or obtains User Data or any Oura Data from or through an Aggregator or any other third-party intermediary rather than from the Company.

“Intellectual Property” means any and all intellectual property rights worldwide, including patents, copyrights, trademarks, trade secrets, and know-how.

“MCP” or “Model Context Protocol” means the standardized open protocol for connecting AI systems to external data sources, which provides a method for AI applications to access and act on contextual data through a client-server architecture.

“MCP Client” means the software component developed, operated, and maintained by you that connects to the MCP Server to request and receive User Data in accordance with the terms of this Agreement.

“MCP Server” means the technical infrastructure operated by the Company that implements the Model Context Protocol to facilitate controlled access to User Data by you.

“Oura API” means an Application Programming Interface created, owned, operated, or maintained by Oura, together with any software, materials, or data made available by Oura in its sole discretion in connection with such Oura API, as well as any software development kit, documentation, and any software materials or data that Oura makes available to you, for use or purposes authorized by this Agreement.

“Oura Data” means all data, information, metrics, scores, insights, and content owned or controlled by the Company, including all User Data, derivative data, and all data generated by or through the Oura Platform.

“Oura Intellectual Property” means all Intellectual Property owned by or licensed to the Company and the Oura Platform, all Oura Data, the MCP Server, the Oura API, and all proprietary algorithms, scoring methodologies, analytical models, trademarks, and brand elements.

“Personal Data” means any information relating to an identified or identifiable natural person.

“User” means any individual who uses the Company’s products or services, including any individual who wears an Oura Ring or uses the Oura App.

“User Consent” means the clear, informed, freely given consent provided by a User authorizing the use or sharing of such User’s User Data with you for the Authorized Purpose, obtained in accordance with this Agreement and all applicable Data Protection Laws.

“User Data” means all Personal Data, health data, and all other data relating to Users that is made available to you through or in connection with the MCP Server, the Oura API, or this Agreement, together with all data derived from or based upon such data.

2. Scope of Agreement

• (a) Subject to the terms of this Agreement, you may (the following being “Authorized Purposes”):
  • (i) use an MCP Client to connect with the MCP Server, or use the Collaborator Application to connect with the Oura API, for purposes of accessing and processing User Data, whether directly or through the use of another technology (including any AI Platform) to which you input or provide such User Data, in each case strictly in accordance with this Agreement and in the manner for which you have obtained User Consent (when applicable); and
  • (ii) use a Collaborator Application to connect with the Oura API or MCP Server for purposes of developing products, sites, applications, or services that are designed to interact with Oura services and platforms.
• (b) Your access to, processing of, and use of Oura Data and User Data for the Authorized Purposes shall strictly comply with the terms and conditions of this Agreement. If you use or process any Oura Data or User Data using, in connection with, or with the benefit of any AI Model or AI Platform that is owned, licensed, or controlled by any third party (provided such use or processing is expressly authorized by this Agreement), then you shall ensure that each such third party is bound by written terms and conditions that are no less protective of the Company, its Users, User Data, Oura Data, and Oura Intellectual Property than the terms set forth in this Agreement. You shall be responsible and liable for, and you shall indemnify Oura from any claims arising from, any breach of or non-compliance with this Agreement by a third party or any other person or entity with respect to Oura Data or User Data that you have accessed, collected, obtained, or received, or which you have otherwise shared, processed, inputted, submitted, or used.
• (c) If you are or at any time become an Aggregator, you may access or receive Oura Data and User Data strictly in order to pass such data through to the End Customer, and only then subject to your compliance with Section 3(e) and Section 3(f). No Aggregator may use or process Oura Data or User Data for any other purpose, whether or not otherwise authorized herein, and whether or not such Oura Data or User Data was obtained from any other party. For the avoidance of doubt and without limiting the generality of the foregoing, no Aggregator shall relay, transmit, transfer, make available, disclose, distribute, redistribute, or otherwise provide or permit any Oura Data or User Data (or any data or information derived therefrom) to any AI Model, AI Platform, large language model, or other artificial intelligence or machine learning system, whether operated by such Aggregator, any End Customer, or any third party.
• (d) An Aggregator shall not be authorized with respect to Oura Data and User Data beyond the purposes set forth in Section 2(c) above, except pursuant to a separate written agreement between such Aggregator and the Company.
• (e) The MCP Server and Oura API are made available subject solely to the terms of this Agreement, the Oura Terms of Use, Oura Privacy Policy, and Oura’s Branding Guidelines. By accessing or using the MCP Server or Oura API, you acknowledge that you have read and agree to abide by this Agreement, the Oura Terms of Use, Oura Privacy Policy, and Oura’s Branding Guidelines. If you are unable or unwilling to comply with this Agreement, you must immediately cease all use of the MCP Server and the Oura API.

3. Integration and Technical Requirements

• (a) The Model Context Protocol integration contemplated by this Agreement shall consist of:
  • (i) an MCP Server operated by the Company that, subject to limitations or restrictions imposed at any time by Oura in its absolute discretion, exposes User Data through defined endpoints, subject to authentication, authorization, and consent verification; and
  • (ii) an MCP Client operated by you that connects to the MCP Server to request and receive User Data in accordance with this Agreement.
• (b) The Application Programming Interface contemplated by this Agreement shall consist of
  • (i) an Oura API operated by the Company that, subject to limitations or restrictions imposed at any time by Oura in its absolute discretion, enables connection with certain Oura services and platforms; and
  • (ii) a Collaborator Application operated by you that connects and interfaces with the Oura API or to develop products, sites, applications, or services that are registered with Oura and designed to interact with and enhance such Oura services and platforms.
• (c) The Company reserves the right to modify, update, or discontinue any aspect of the Oura API or the MCP Server at any time, with or without notice.
• (d) With respect to both the MCP and the Oura API, you shall be responsible for the design, operation, and security of the MCP Client and the Collaborator Application and shall ensure that the MCP Client and the Collaborator Application implement secure authentication, respect all rate limits and access controls (which may be modified by Oura at any time with or without notice), receive adequate technical support and maintenance for all purposes, and comply with all security requirements. In addition, you shall ensure that the MCP Client requests only the User Data necessary for each User request and properly gives, obtains, and handles all necessary User notice, consent, deletion, and opt-out signals. If the Company believes that you have attempted to exceed or circumvent these limitations, your ability to use the Oura API and MCP Server may be temporarily or permanently blocked.
• (e) If you are or at any time become an Aggregator, you shall create and maintain a separate API registration or credentials for each End Customer and shall obtain the Company’s prior written approval (using standard and designated approval processes employed by Oura) with respect to each such End Customer before enabling, providing, or permitting any End Customer to access User Data or Oura Data through your services. You shall not provide User Data or Oura Data to any End Customer (or otherwise permit such End Customers to access such User Data or Oura Data) until such approval has been obtained with respect to such End Customer. If the Company revokes its approval of any End Customer, you shall immediately cease providing such End Customer with access to User Data and Oura Data.
• (f) If you are or at any time become an Aggregator, you shall maintain (and provide to Oura promptly upon request) a complete and current list of all End Customers that access, receive, or consume User Data or Oura Data through your services or your Collaborator Application, including each such End Customer’s legal name, the date on which such End Customer first received access to User Data or Oura Data, the total numbers of such End Customers, and their usage of User Data or Oura Data.
• (g) You shall not attempt to circumvent any security or access control mechanism of the Oura API or the MCP Server or use the Oura API or the MCP Client for any purpose other than the Authorized Purposes.
• (h) Oura reserves the right to charge you fees for use of the MCP Server, the Oura API, or for access to the Oura Platform in the future at its discretion, including, without limitation, rated pricing and/or differentiated pricing for business users. Oura will provide you with notice in the event Oura decides to start charging for such use or access.
• (i) You may receive from Oura a client identification and client secret, in which case you shall be solely responsible for the confidentiality of such credentials and may not share or disclose such credentials with any third party or use such credential for more than one application or service.
• (j) You, and not the Company, are responsible for providing all customer and technical support and maintenance for, as applicable, the AI Platform, the MCP Client, and the Collaborator Application. The Company has no obligation to provide any type of technical or other support for any of the foregoing or any services or content related thereto, whether provided by the Company, by you, or by third parties.
• (k) You shall keep your registration, application (including the Collaborator Application), and service information accurate, complete, and current for so long as you use any Oura Intellectual Property pursuant to this Agreement. You are responsible for all use or access that occurs under any Oura account, including any activities by your employees, contractors, or agents. If you believe an unauthorized person has gained access to your account, the MCP Server, or the Oura API, you must notify the Company as soon as possible.
• (l) The Company may monitor your use, access, or activities performed pursuant to this Agreement using any lawful means and technologies available to it for the purposes of providing, improving, developing, and securing the Company’s services and to ensure your compliance with this Agreement and applicable law. The Company may collect certain data and information related to your use of any Oura Intellectual Property, and the Company may use and disclose the same for any business purpose, internal or external, including, without limitation, providing enhancements to any Oura Intellectual Property. The Company may contact you from time to time about use of the Oura API and MCP Server, and you agree to be responsive to inquiries from the Company.
• (m) Unless and until you are authorized to do so by the Company in a separate written agreement or consent, you shall not store or cache any data accessed or obtained through the MCP Server. In addition, Aggregators shall not store or cache any User Data or Oura Data. Subject to the foregoing, User Data or Oura Data and User Data accessed or obtained through the Oura API may not be stored or retained beyond the duration strictly necessary.
• (n) You acknowledge that the Company has no obligation to ensure that an upgrade of the Oura API, MCP Server, or the Oura Platform will be compatible with existing or planned Collaborator Applications.
• (o) You acknowledge that the Company and its third-party providers may make improvements and/or changes in the data and functionality provided by the Oura API or MCP Server or Oura Platform at any time with no notice.
• (p) The Company may perform scheduled or unscheduled maintenance, updates, or modifications to the Oura API, MCP Server, or the Oura Platform at any time. Such maintenance may result in temporary interruptions, delays, or errors in service. You acknowledge that the Oura API, MCP Server, Oura Platform, and Oura Data may experience interruptions, delays, errors, or other performance issues from time to time, including without limitation as a result of maintenance, system updates, third-party service failures, internet disruptions, or other causes beyond the Company’s control. The Company does not guarantee any minimum availability, uptime, performance levels, response times, or error rates, and no service level agreement (SLA) applies unless expressly set forth in a separate written agreement signed by the Company.

4. Restrictions on Use

• (a) You shall access, use, and interface with the MCP Server, the Oura API, and the Oura Platform, and shall use and process User Data, solely for the Authorized Purposes and in accordance with all applicable Data Protection Laws. You shall not use, access, process, or exploit Oura Intellectual Property or any User Data for any of the following purposes (each, a “Prohibited Use”), unless Oura provides prior written consent:
  • (i) any purpose other than the Authorized Purpose;
  • (ii) using, accessing, processing, or disclosing Oura Intellectual Property for purposes of monitoring the availability, performance, or functionality of Oura’s products and services or for any purpose competitive with Oura in any way, including without limitation benchmarking;
  • (iii) training, fine-tuning, developing, or improving any AI Model or AI Platform or allowing the training, fine-tuning, developing, or improving of any AI Model or AI Platform, regardless of the training technique used, or incorporating User Data, Oura Data, Oura Intellectual Property or Oura Confidential Information into any training dataset, evaluation dataset, or benchmark dataset;
  • (iv) creating or modifying any AI Model weights, parameters, embeddings, or persistent representations;
  • (v) combining, enriching, linking, or correlating User Data with data from other sources or with Personal Data from any other person for the purpose of or with the effect of (A) re-identifying, de-anonymizing, or otherwise determining the identity of any User; or (B) creating, contributing to, or maintaining any database, dataset, application, or software that includes information about any User without first obtaining User Consent therefor;
  • (vi) aggregating, selling, transferring, renting, leasing, licensing, sharing, redistributing, or disclosing User Data, Oura Data, or other Oura Confidential Information to any third party, except as specifically provided for under this Agreement;
  • (vii) advertising, marketing, or commercial targeting purposes;
  • (viii) advertising, marketing, or otherwise promoting any Oura Data or User Data;
  • (ix) developing, offering, informing, designing, or improving any product or service that competes with or replicates the Oura Platform;
  • (x) retaining or storing User Data or Oura Data beyond the periods specified in this Agreement;
  • (xi) reverse engineering, extracting any component of, or otherwise deriving the architecture, scoring methodologies, signal processing techniques, data schemas, or analytical models of the Oura Platform or any Oura Intellectual Property;
  • (xii) any illegal, fraudulent, or harmful purpose;
  • (xiii) charging Users in any manner for access to or use of the MCP Server or any services or functionality included in or related to the MCP Server, Oura API, or Oura Platform;
  • (xiv) using the MCP Server or Oura API for any purpose which might overburden, impair, or disrupt the Oura Platform or related servers or networks;
  • (xv) distributing unsolicited advertising or promotions, or sending messages, making comments, or initiating any other unsolicited direct communication or contact with Users;
  • (xvi) using web-scraping, web-harvesting, web-data extraction, or similar methods to obtain or access Oura Data;
  • (xvii) using Oura Data, the Oura API, or the MCP Server in connection with any application, website, or other product or services that includes content that is defamatory, libelous, disparaging to Oura or otherwise harmful to the business or reputation of Oura, hateful, violent, obscene, pornographic, unlawful, or otherwise offensive, as determined in Oura’s sole discretion;
  • (xviii) distributing or introducing any virus, spyware, adware, malware, or other harmful or malicious content;
  • (xix) removing or altering any proprietary notice or marks on the Oura API, the MCP Server, or any other Oura Intellectual Property; or
  • (xx) aggregating, caching, or storing geographic location information or other User Data accessible via the Oura API or MCP Server.
• (b) In addition, and without limiting the foregoing or anything else contained in this Agreement, no Aggregator shall use, access, process, or exploit Oura Intellectual Property or any User Data for any of the following purposes (each of which shall be included in the definition of Prohibited Use):
  • (i) accessing, using, processing, storing, retaining, analyzing, modifying, or deriving any benefit from User Data and Oura Data other than for the sole purpose of transmitting or facilitating such data to End Customers in accordance with this Agreement;
  • (ii) using (or permitting anyone to use) any User Data, Oura Data, or Oura Intellectual Property regardless of the manner in which such data was obtained (whether through the Oura API, the MCP Server, or any other means), to train, fine-tune, develop, improve, or enhance any algorithm, AI Model, machine learning model, large language model, neural network, or other computational model or output, or to incorporate any such data into any training dataset.
• (c) With respect to User Data, the foregoing Prohibited Uses shall apply regardless of whether a User has purportedly consented to any such use, and you shall implement data minimization principles by requesting only the User Data necessary for each User request and promptly deleting User Data that is no longer needed.
• (d) To the extent you seek to use any Oura Data or User Data in connection with a large language model, you may (unless you are an Aggregator) access and process such Oura Data or User Data solely through the MCP Server subject to the provisions of this Agreement. You shall not use, and shall not permit any third party to use, the Oura API to develop, train, fine-tune, evaluate, prompt, or otherwise provide input or data to any AI Model or AI Platform.
• (e) The Company reserves the sole right to determine whether or not access to and use of the Oura API and MCP Server are acceptable, and to revoke or suspend access for you or any Collaborator Application that Oura determines is not providing added benefit to Users and/or is not in the best interests of Oura or Users and/or is violating this Agreement. The Company shall have no liability for any such revocation or suspension. The Company may use aggregated and de-identified data from or of any Collaborator for analytics, benchmarking, and product development and improvement.
• (f) You may not display any advertisements or make any statements or postings that suggest approval or endorsement by Oura, except with Oura’s prior written consent. You may not issue any press releases or other announcements making any reference to Oura without Oura’s prior written consent.
• (g) If you use the MCP Server, you may be required to provide the Company with certain data. You agree that, with the exception of your registration or account data, any data or reports provided to the Company by you or on your behalf shall not include Personal Data. Reports provided to the Company by you or on your behalf shall only include aggregated or anonymized data and shall satisfy all requirements and limitations set forth by the Company.

5. User Data and Consent

• (a) User Consent is the foundation for access to and processing of User Data under this Agreement. No User Data shall be shared with or made accessible to you unless the applicable User has provided valid User Consent that is freely given, specific, informed, and unambiguous. In requesting User Consent, you must describe or indicate how the User may later revoke or modify its consent or authorization. Users may have the ability to share all available User Data or share only certain specific categories of data. You shall respect and enforce the scope of each User Consent. You may not broaden or otherwise change the scope of usage for previously collected User Data without obtaining prior User Consent for such expanded or otherwise changed data use.
• (b) You must not disable, override, or otherwise interfere with any Company-implemented consent panels, system alerts, warnings, or authorization requests.
• (c) You must provide clear and complete information to Users regarding your collection, use, processing, and disclosure of User Data through a conspicuous privacy policy. Such privacy policy must accurately explain how you collect, store, use, disclose, share, retain, and delete User Data. You and any Collaborator Application must comply with your privacy policy and all applicable laws.
• (d) You must take commercially reasonable and appropriate steps to protect User Data from unauthorized use, disclosure, or access by third parties. You are fully responsible for the security of User Data used or processed in connection with a Collaborator Application or that is otherwise in your possession, custody, or control. You are responsible for ensuring that any third-party components integrated with your AI Platform, and any AI Model accessed or used by you, do not access, use, input, or process User Data in violation of this Agreement.
• (e) You shall ensure that your AI Platform (including for the avoidance of doubt, any AI Platform that directly or indirectly receives or is otherwise provided User Data or Oura Data that has been accessed or obtained by you), complies with this Agreement and all applicable Data Protection Laws. The Company shall have no responsibility or liability for any outputs, recommendations, insights, or other content generated by your AI Model, AI Platform, or Collaborator Application (“Outputs”). You are solely responsible for all Outputs and for any reliance thereon by Users or third parties. Without limiting the foregoing, you shall implement reasonable measures to review, filter, and validate Outputs; ensure that Outputs are presented in a manner that is not inaccurate, misleading, or deceptive; and assume all risk and liability arising from the generation, display, and use of Outputs.
• (f) Users shall have the right to access their User Data, opt out of data sharing with you, and delete their User Data at any time, for any reason, without penalty or loss of access to the Company’s products and services. Upon a User opting out, you shall immediately cease all processing of such User’s User Data. Upon a request for deletion, you shall delete all User Data relating to such User within seventy-two (72) hours. Users shall also have the right to revoke their User Consent at any time, and such revocation shall be effective immediately. If a User ceases to consent or affirmatively revokes consent for your collection, use, processing, or disclosure of such User’s User Data, you must promptly cease all such collection, use, processing, and disclosure. YOU SHALL NOT RETAIN ANY USER DATA AFTER THE USER HAS REQUESTED DELETION OF USER DATA. You must also delete User Data upon such User’s termination or cancellation of applicable Collaborator Application subscriptions.
• (g) You shall use User Data obtained through the Oura API and MCP Server only to provide a service or function that is directly relevant to the Authorized Purpose and this Agreement. You may not use User Data to derive data for the purpose of uniquely identifying any User or device beyond what is necessary for the Authorized Purpose.
• (h) You must permit Users to express contact preferences, via notice and opt-out, at your point of collection and in each subsequent marketing piece. If you are acquired by, consolidated with, or merged with or into a third party, you must give Oura notice of such transaction.
• (i) You must not impose any terms on users of a Collaborator Application that are inconsistent with this Agreement. Any Collaborator Application terms of service shall disclaim all warranties on behalf of third party service providers, including a disclaimer of implied warranties of merchantability, fitness for a particular purpose and non-infringement and exclude third party service providers from all liability for consequential, special, punitive, indirect damages.
• (j) You shall not use the Oura API or MCP Server in any way that would grant someone other than you or the applicable user the right to see any data related to that user without obtaining the prior express consent of that user.
• (k) You and any Collaborator Application must respect the privacy settings configured by the Users.

6. Intellectual Property

• (a) Each Party shall retain all right, title, and interest in and to its own Intellectual Property that such Party owned or controlled prior to your use of or access to the Oura API or MCP Client or that such Party develops or acquires independently without reliance on the other Party’s property or Confidential Information.
• (b) You acknowledge and agree that as between you and the Company, the Company is and shall remain the sole owner of all Oura Intellectual Property, including the Oura Platform, all User Data, all Oura Data, all proprietary algorithms, scoring methodologies, and analytical models, the MCP Server, and the Oura API. No right, title, or interest in any Oura Intellectual Property is transferred to you by this Agreement.
• (c) You understand and agree that the Company may currently or in the future develop products and services that may be similar to or compete with a Collaborator Application. Nothing in this Agreement shall in any way restrict Oura from pursuing any business activities or from entering into any agreement with any other person or company.
• (d) If you provide the Company with feedback, suggestions or comments regarding the Oura API, MCP Server, the Oura Platform, or Oura Intellectual Property, or your use thereof, then you agree that the Company will be free to use, copy, modify, create derivative works, distribute, publicly display, publicly perform, grant sublicenses to, and otherwise exploit in any manner such feedback, suggestions or comments, for any and all purposes, with no obligation of any kind to you.
• (e) Subject to your continued compliance with this Agreement, you may use the Oura name, trademarks, service marks, and logos solely for certain limited purposes related to a Collaborator Application, the MCP Client, or the AI Platform, in each case, however, only as described in Oura’s Branding Guidelines (available at https://static.ouraring.com/pdfs/Oura_BrandGuidelines_v1.pdf). These rights apply on a non-exclusive, non-transferable, worldwide, royalty-free basis, without any right to sub-license, and may be revoked by Oura at any time. If Oura updates its Branding Guidelines or any trademarks, service marks, or logos that you are using, you agree to update such trademarks, service marks, or logos to reflect the most current versions. You must not use the Oura name or any Oura trademark, service mark, or logo, or any confusingly similar mark, as the name or part of the name or icon of any Collaborator Application, MCP Client, or AI Platform, or as part of any logo or branding for any of the foregoing.
• (f) You hereby grant to Oura a paid-up, royalty-free, non-exclusive, worldwide, transferable, sublicensable right and license, under all applicable intellectual property rights, for Oura’s marketing and promotional purposes to
  • (i) use, perform, make available, display to the public, and reproduce any Collaborator Application, the MCP Client, the AI Platform, and your integration of Oura Intellectual Property; and
  • (ii) use your name, likeness, or brand (including all trademarks, service marks, logos, brand names, or trade names) to the extent incorporated into any of the foregoing, except that following termination of this Agreement and upon your written request, Oura shall make commercially reasonable efforts, as determined in its sole discretion, to remove references to the Collaborator Application, the MCP Client, the AI Platform, and any of your marks from Oura’s website.
• (g) YOU SHALL NOT USE OR ALLOW THE USE OF USER DATA TO TRAIN, FINE-TUNE, DEVELOP, IMPROVE, OR ENHANCE ANY AI MODEL OR OTHER ARTIFICIAL INTELLIGENCE OR MACHINE LEARNING SYSTEM, WHETHER DEVELOPED OR OPERATED BY YOU OR ANY THIRD PARTY. This prohibition applies regardless of the training technique, methodology, or approach used, and you shall ensure that User Data is not incorporated into any training dataset. Any violation of this prohibition shall constitute a material breach of this Agreement.
• (h) You may not include or use the Oura API or MCP Server in, or in connection with, any application, website or other product or service that includes content that is disparaging of Oura, libelous or may otherwise be perceived as detrimental or harmful to Oura and its business and reputation, in Oura’s sole discretion.

7. Confidentiality

• (a) You may be given access to certain information, data, materials, know-how, methodologies, documentation, and software relating to the Oura API, MCP Server, Oura Data, the Oura Platform, or Oura Intellectual Property that is not generally known by the public (“Oura Confidential Information”), which is confidential and proprietary to Oura. You agree to use the Oura Confidential Information only for the purpose of using the Oura API or MCP Server in accordance with this Agreement, and agree to not disclose any of the Oura Confidential Information to any third party without Oura’s prior written consent. You agree to protect the Oura Confidential Information in the same manner that you would protect your own confidential and proprietary information but in no event using less than a reasonable degree of care.
• (b) Upon termination or expiration of this Agreement, or upon request, you shall promptly return or destroy all Oura Confidential Information.
• (c) You shall not make any public statement regarding this Agreement without the prior written approval of Oura, except as required by applicable law.
• (d) Each Party acknowledges that breach of this Section would cause irreparable harm, and Oura shall be entitled to seek injunctive relief without the necessity of proving actual damages.

8. Regulatory Compliance and Legal Requirements

• (a) You must comply with all applicable criminal, civil, and statutory laws and regulations, including without limitation those in any jurisdictions in which the AI Platform or any Collaborator Application may be offered or made available. You may not use the Oura API or MCP Server to conduct or facilitate, in any way, activity that is in violation of applicable worldwide laws or regulations or the Oura Terms of Use. Further, you acknowledge that you will comply with U.S. Export Administration Regulations and will not export or re-export any Oura Platform component, directly or indirectly, to: (i) any countries that are subject to U.S. export restrictions; (ii) any end user who has been prohibited from participating in U.S. export transactions by any federal agency of the U.S. government; or (iii) any end user who you know or have reason to know will utilize them in the design, development or production of nuclear, chemical or biological weapons.
• (b) You, the AI Platform, and any Collaborator Application must comply with all applicable privacy and data collection laws and regulations with respect to any collection, use, or disclosure of User Data, Oura Data, or other applicable data or information. Neither the AI Platform nor a Collaborator Application may be designed or marketed for the purpose of harassing, abusing, spamming, stalking, threatening, or otherwise violating the legal rights (such as the rights of privacy and publicity) of others.
• (c) None of you, the AI Platform, nor a Collaborator Application may perform any functions or link to any content, services, information, or data or use any robot, spider, site search, or other retrieval application or device to scrape, mine, retrieve, cache, analyze, or index software, data, or services provided by the Company or its licensors, or obtain (or try to obtain) any such data, except such data or information that the Company expressly provides or makes available to you pursuant to this Agreement.
• (d) You agree that you will not collect, disseminate, or use any User Data, Oura Data, or Oura Intellectual Property for any unauthorized purpose (including any Prohibited Use).

9. Data Security

• (a) You shall implement and maintain comprehensive technical, administrative, and physical security measures appropriate to the sensitivity of User Data, Oura Data, Oura Intellectual Property, and Confidential Information, designed to protect against accidental, unlawful, and unauthorized access, disclosure, alteration, destruction, or loss (the “Security Measures”). Such Security Measures shall at a minimum include:
  • (i) role-based access controls and multi-factor authentication for systems that process any of the foregoing not owned by you;
  • (ii) encryption of all data and information in transit and at rest using industry-standard encryption;
  • (iii) network security controls including firewalls and intrusion detection systems;
  • (iv) secure software development practices;
  • (v) documented incident response procedures;
  • (vi) personnel training on data protection and security;
  • (vii) due diligence and security requirements for third parties with access to User Data or Oura Data not owned by the using or accessing Party; and
  • (viii) business continuity and disaster recovery procedures.
• (b) You shall notify the Company of any Data Incident immediately upon discovery, and in no event more than twenty-four (24) hours after first learning of such Data Incident. You shall immediately take all necessary steps to contain any Data Incident and prevent further unauthorized access, preserve all relevant evidence, and conduct a thorough investigation.
• (c) The Company shall have sole authority to determine whether notifications to affected Users, regulators, or other parties are required following any Data Incident, as well as the content and timing of any such notifications.
• (d) You shall fully cooperate with and assist the Company in investigating any Data Incident and complying with applicable legal requirements.
• (e) To the extent a Data Incident resulted from or was caused by your acts, omissions, or breach of this Agreement (or such acts or omissions of any person or party acting on your behalf), you shall bear all costs associated with responding to and remediating the Data Incident. The foregoing obligations are in addition to any indemnification obligations under this Agreement.
• (f) The Company cannot guarantee that unauthorized third parties will never be able to defeat its security measures or use Personal Data for improper purposes.
• (g) The Company may provide, suggest or mandate additional security procedures and controls intended to reduce the risk to you of fraud or security breaches (“Security Controls”). These Security Controls may include processes or applications that are developed by the Company or by third parties, including but not limited to providing two-factor authentication for users logging into their Oura account. You agree to review all Security Controls for those that are appropriate for your business and the Collaborator Application to protect against unauthorized transactions and, if necessary, use other procedures and controls not provided by the Company.
• (h) The Company shall have the right, at any time and from time to time, upon reasonable prior written notice (which shall not be less than five (5) business days), to conduct an audit of your systems, processes, AI Platform, Collaborator Application, MCP Client, and any other technology or infrastructure that accesses, processes, stores, or otherwise interacts with User Data, Oura Data, Oura Intellectual Property, Oura API, or MCP Server for the purpose of verifying your compliance with this Agreement, including without limitation the prohibitions on AI Model training (each such audit, a “Technology Audit”). You shall cooperate fully with any such Technology Audit, including by providing the Company or its designated auditor with reasonable access to relevant systems, logs, records, configurations, and personnel. The Company shall use commercially reasonable efforts to minimize disruption to your operations during any Technology Audit. All information obtained by the Company or its designated auditor during a Technology Audit shall be treated as your Confidential Information; provided, however, that the Company may disclose the results of any Technology Audit to the extent necessary to enforce its rights under this Agreement or as required by applicable law. If a Technology Audit reveals any non-compliance with this Agreement, you shall promptly remediate such non-compliance at your sole cost and expense, and the Company shall have the right to conduct follow-up audits to verify such remediation. You shall bear the costs of any Technology Audit that reveals a material breach of this Agreement; otherwise, the Company shall bear the costs of the Technology Audit.

10. Disclaimer of Warranties and Limitation of Liability

• (a) THE MCP SERVER, THE OURA API, USER DATA, OURA DATA, OURA INTELLECTUAL PROPERTY, AND ALL OTHER PRODUCTS, INFORMATION, AND SERVICES PROVIDED BY OURA ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, OURA DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ANY WARRANTIES OR CONDITIONS ARISING OUT OF COURSE OF DEALING OR USAGE OF TRADE. OURA MAKES NO WARRANTY THAT ITS SERVICES WILL MEET YOUR REQUIREMENTS, THAT ACCESS WILL BE UNINTERRUPTED, TIMELY, OR ERROR-FREE, OR THAT ANY ERRORS WILL BE CORRECTED.
• (b) IN NO EVENT WILL OURA OR ITS AFFILIATES BE LIABLE TO YOU FOR ANY SPECIAL, INCIDENTAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF USE, DATA, BUSINESS, OR PROFITS) ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE USE OF THE OURA API, MCP SERVER, OURA DATA, OURA PLATFORM, OR OURA INTELLECTUAL PROPERTY, WHETHER SUCH LIABILITY ARISES FROM ANY CLAIM BASED UPON CONTRACT, WARRANTY, TORT, STRICT LIABILITY, OR OTHERWISE, AND WHETHER OR NOT YOU HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. THE FOREGOING LIMITATIONS WILL SURVIVE AND APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED ITS ESSENTIAL PURPOSE. OURA’S AGGREGATE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE GREATER OF (A) THE FEES PAID UNDER THIS AGREEMENT IN THE TWELVE (12) MONTHS PRIOR TO THE CLAIM, OR (B) ONE HUNDRED DOLLARS ($100).
• (c) You acknowledge that your breach of this Agreement may cause irreparable harm. Accordingly, you agree that, in addition to any other remedies, Oura shall have the right to seek immediate injunctive relief in the event of a breach by you or any of your officers, employees, or agents.
• (d) ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE OURA API OR MCP SERVER IS DONE, OBTAINED, OR ACCESSED AT YOUR OWN DISCRETION AND RISK, AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR OR OTHERS’ COMPUTER SYSTEM/NETWORK, DEVICES, OR ANY LOSS OF DATA THAT MAY RESULT FROM THE DOWNLOAD OF ANY SUCH MATERIAL OR THE USE OF THE OURA API OR MCP SERVER.
• (e) Where pursuant to Article 82(4) of the GDPR, either Party is found to be liable for the entire damage arising from a breach or breaches of the GDPR relating to activities under the Terms of Use or this Agreement, in order to ensure effective compensation of one or more individuals, then the other Party shall indemnify that Party for that portion of the compensation attributable to any breaches of GDPR giving rise to the compensation for which it is responsible.

11. Indemnification

• (a) You will indemnify, defend, and hold harmless Oura, its affiliates, and their respective officers, directors, employees, agents, licensors, users and partners from any and all claims, damages, losses, liabilities, actions, judgments, costs, and expenses (including, without limitation, reasonable attorneys’ fees) brought by a third party arising out of or in connection with: (i) your use of the Oura API, MCP Server, Oura Data, Oura Platform, or the Oura Intellectual Property other than as expressly allowed by this Agreement; (ii) your breach or alleged breach of any of the terms, conditions and representations under this Agreement or applicable law; (iii) any Collaborator Application or your business; or (iv) your negligence or willful misconduct. You will control the defense and settlement of any claim that you are required to indemnify hereunder, provided that Oura may at any time elect to take over control of the defense and settlement of any claim. You may not settle or compromise any such claim without Oura’s prior written consent.

12. Representations and Warranties

• (a) You represent and warrant to Oura that:
  • (i) if you are an entity (such as a corporation or limited liability company), you are duly organized, validly existing, and in good standing under the laws of your jurisdiction;
  • (ii) you have full power and authority to enter into this Agreement and to perform its obligations hereunder (and, if you are an individual, you have the full power and authority to enter into this Agreement on behalf of the party or entity you represent or for which you are acting as agent);
  • (iii) this Agreement constitutes a valid and binding obligation, enforceable in accordance with its terms;
  • (iv) you will comply with all applicable laws in performing your obligations under this Agreement, including all applicable Data Protection Laws;
  • (v) you will not engage in any unfair, deceptive, or abusive acts or practices in connection with your rights, interests, duties or obligations under this Agreement;
  • (vi) you have all rights, including all copyright, trademark, and other Intellectual Property rights, in your technology necessary to perform as contemplated or permitted by this Agreement;
  • (vii) you have implemented and will maintain appropriate technical and organizational security measures in accordance with this Agreement and applicable law;
  • (viii) if you are a natural person, you are at least 18 years of age or, if under 18 years of age, have obtained and can evidence consent from your parent or legal guardian to the execution of this Agreement and your use of the Oura API, MCP Server, Oura Data, and/or Oura Platform in the manner prescribed by Oura;
  • (ix) any information you submit to Oura, whether as part of your registration or otherwise, is current, accurate, and complete; and
  • (x) You will fulfill all of your obligations to each customer to which you provide a Collaborator Application and will resolve any customer dispute or complaint directly with such customer.

13. Dispute Resolution; Venue

• (a) Any dispute arising out of this Agreement shall be governed by California law and controlling U.S. federal law, without regard to conflict of law provisions thereof.
• (b) Each Party hereby consents and submits to the exclusive jurisdiction and venue in the state and federal courts of San Francisco County, California, for any legal proceedings related to this Agreement.
• (c) Except to the extent prohibited by applicable law, any claim or cause of action arising out of or related to this Agreement must be filed within one year after such claim arose or be forever barred.
• (d) In any suit, lawsuit, action, demand, or proceeding between or involving the Parties that arises out of or relates to this Agreement, the Oura API, the MCP Server, the Oura Data, or Oura Platform, the prevailing Party shall be entitled to recover from the other Party its court costs, disbursements, expenses, and reasonable attorney’s fees incurred in connection therewith.

14. Term and Termination

• (a) This Agreement shall take and be in effect upon your acceptance of this Agreement, including, without limitation, by your use of, access to, or processing in connection with the Oura API, MCP Client, or other Oura Intellectual Property governed by this Agreement.
• (b) Either Party may terminate or cancel this Agreement at any time, for any reason or no reason; except that you must terminate or cancel this Agreement by either:
  • (i) notifying Oura of your intent to terminate or cancel this Agreement by delivering written email notice thereof to api-support@ouraring.com; or
  • (ii) ceasing your use of the Oura API, MCP Client, and Oura Platform and deleting all copies of all Oura Data (including User Data) in your possession or control.
• (c) Without limiting the foregoing, the Company may immediately terminate or suspend your access to the MCP Server, the Oura API, any Oura Intellectual Property, Oura Data, or User Data, without prior notice and without liability for any reason in the Company’s sole discretion, including without limitation if the Company reasonably believes that continuing access poses a security risk, you are in breach of this Agreement, continued access may violate any applicable law (including any Data Protection Law), or a Data Incident has occurred or is reasonably suspected.
• (d) Upon the termination, cancellation, expiration, or suspension of this Agreement for any reason:
  • (i) all rights granted hereunder shall immediately terminate;
  • (ii) each Party shall immediately cease all access to the other Party’s systems and cease all processing of the other Party’s Confidential Information; and
  • (iii) you shall immediately cease all processing of User Data and Oura Data and promptly delete all such User Data and Oura Data in your possession or control (and, if requested at any time by Oura, certifying such deletion in writing to Oura).
• (e) Neither Party shall be liable to the other Party for any costs, losses, or damages resulting from termination, cancellation, or suspension of this Agreement, except to the extent resulting from such other Party’s breach of this Agreement as provided herein.
• (f) The following provisions shall survive termination, cancellation, expiration, or suspension of this Agreement: Section 1 (Definitions); Section 4 (Restrictions on Use), with respect to any Confidential Information of a Party remaining in the other Party’s possession or control, whether or not permitted hereunder; Section 5 (User Data and Consent), with respect to any Confidential Information of a Party remaining in the other Party’s possession or control, whether or not permitted hereunder; Section 6 (Intellectual Property); Section 7 (Confidentiality); Section 8 (Regulatory Compliance and Legal Requirements), with respect to any Confidential Information of a Party remaining in the other Party’s possession or control, whether or not permitted hereunder; Section 9 (Data Security), with respect to any Confidential Information of a Party remaining in the other Party’s possession or control, whether or not permitted hereunder; Section 10 (Disclaimer of Warranties and Limitation of Liability); Section 11 (Indemnification); Section 12 (Representations and Warranties); Section 13 (Dispute Resolution; Venue); this Section 14; and Section 15 (Miscellaneous).

15. Miscellaneous

• (a) Entire Agreement; Amendments. This Agreement constitutes the entire agreement between the Parties with respect to the subject matter hereof and supersedes all prior agreements, understandings, and negotiations relating thereto. The Company may update this Agreement from time to time in its absolute and sole discretion, and, provided such revised or updated Agreement has been published in a manner accessible to you, your continued participation following such updates or revisions shall constitute acceptance.
• (b) Severability. If any provision of this Agreement is held to be invalid or unenforceable, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, and the remaining provisions shall remain in full force and effect.
• (c) Assignment. You may not assign or delegate this Agreement, or any term or provision herein, to a third party without the prior written consent of the Company. Oura may transfer, assign, or delegate all or any part of its rights, duties, or obligations under this Agreement to any third party, with or without notice to you. Any attempted assignment in violation of this Section shall be void.
• (d) Waivers. No waiver of any right under this Agreement will be effective unless set forth in a writing authorized by the Party entitled to waive such right.
• (e) Independent Contractors. The relationship between the Parties is that of independent contractors. Nothing in this Agreement shall create any partnership, joint venture, agency, or employment relationship between the Parties. Neither Party has the authority to bind the other Party or incur any obligation on behalf of the other Party. For the purposes of Article 26 of the GDPR, the Parties acknowledge that each Party is a separate and independent controller of the Personal Data which it discloses or receives under this Agreement. The Parties do not and will not process Personal Data which it discloses or receives under the Agreement as joint controllers. Each Party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under applicable data protection and privacy laws. It is agreed that where either Party receives a request from a data subject in respect of Personal Data controlled by the other Party, where relevant, the Party receiving such request will direct the data subject to the other Party, as applicable, in order to enable the other Party to respond directly to the data subject’s request.
• (f) Certain Defined Terms. If you enter into this Agreement, take any action or activity permitted by this Agreement, or otherwise engage with or transact with Oura in connection with this Agreement, in any such case on behalf of, as a representative or employee of, or as an agent for any third party (including, without limitation, any corporation, limited liability company, or other entity), then any use or application of the term “you,” “your,” or “yours” in this Agreement shall refer to and mean such third party in addition to, as applicable, such individual.
• (g) Notices; Legal Requests. Oura may respond to and comply with any writ of attachment, lien, levy, subpoena, warrant, or other legal request or order (“Legal Process”) that Oura believes to be valid and appropriate. Oura may provide, subject to the terms of the Oura Privacy Policy, any information under such Legal Process. Oura is not responsible for any losses, whether direct or indirect, that you may incur as a result of our complying with Legal Process.
• (h) Government Use. If you are part of an agency, department or other entity of the U.S. Government, the use, duplication, reproduction, release, modification, disclosure or transfer of the Oura API and MCP Server are restricted in accordance with the Federal Acquisition Regulations as applied to civilian agencies and the Defense Federal Acquisition Regulation Supplement as applied to military agencies. The Oura API and MCP Server constitutes a “commercial item,” “commercial computer software,” and “commercial computer software documentation.” In accordance with such provisions, any use of the Oura API and MCP Server by the U.S. Government shall be governed solely by this Agreement and the Terms of Use.