Business Associate Agreement (BAA)

Template — TrustAI / Bonis Systems LLC. Customizable per engagement. Compliant with 45 CFR § 164.504(e) of the HIPAA Privacy Rule.

1. Parties

This Business Associate Agreement ("Agreement") is entered into between Bonis Systems LLC dba TrustAI ("Business Associate") and the engaging organization ("Covered Entity").

2. Definitions

Capitalized terms used herein have the meanings ascribed under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), 45 CFR Parts 160 and 164.

3. Permitted Uses and Disclosures

Business Associate may use or disclose Protected Health Information ("PHI") only as necessary to perform the analytical, forensic, and case-management services TrustAI provides to Covered Entity, or as required by law.

4. Safeguards

Business Associate shall implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI it creates, receives, maintains, or transmits on behalf of Covered Entity. Specifically:

• AES-256-GCM encryption at rest
• TLS 1.3 in transit
• Role-based access control with bcrypt-hashed credentials
• Immutable Knox Blockchain audit trail of all PHI access
• Automatic PII/PHI scrubbing of all logs and AI prompts
• Continuous threat monitoring and intrusion detection

5. Subcontractors

Business Associate shall ensure that any subcontractor that creates, receives, maintains, or transmits PHI on behalf of Business Associate agrees to substantially the same restrictions and conditions.

6. Breach Notification

Business Associate shall report to Covered Entity any Breach of Unsecured PHI without unreasonable delay, and in no event later than 30 calendar days after discovery, in accordance with 45 CFR § 164.410.

7. Access, Amendment, and Accounting

Business Associate shall make available PHI as necessary to satisfy Covered Entity's obligations under 45 CFR §§ 164.524, 164.526, and 164.528.

8. Term and Termination

This Agreement is effective on the date of execution and shall remain in effect until terminated. Upon termination, Business Associate shall return or destroy all PHI received from Covered Entity, except to the extent retention is required by law.

9. Indemnification

Each party shall indemnify and hold harmless the other from any losses arising out of breach of this Agreement.

10. Governing Law

This Agreement shall be governed by the laws of the State of Texas. Any disputes shall be resolved in Bexar County, Texas.

11. Signatures

This template is provided for review. A signed copy will be executed upon engagement.

______________________________
Bonis Systems LLC dba TrustAI
By: Jonis Fields, Founder & CEO
Date: _____________

______________________________
Covered Entity
By: ____________________
Title: __________________
Date: _____________

For execution: jonisfields@gmail.com | Bonis Systems LLC | UEI R2BPJDC5CBA3