1Life Enterprise Terms
UPDATED JULY 1, 2026.
These “ENTERPRISE TERMS” are incorporated by reference into the Order Schedule executed by 1LIFE HEALTHCARE, INC., a Delaware corporation (“1Life”) and the customer/client whose name appears on the Order Schedule (“Customer”). Together, these Enterprise Terms and the Order Schedule form a binding agreement of the parties (the “Agreement”) as of the Effective Date set forth in the Order Schedule. Capitalized terms not defined in these Enterprise Terms will have the same meanings ascribed to them in the Order Schedule.
The parties, intending to be legally bound, hereby agree as follows:
- Updated Terms. This July 1, 2026 version of the Enterprise Terms will only apply to Customers at the next renewal date of the Customer’s existing Agreement that occurs after July 1, 2026. Until a Customer’s next renewal date, their Agreement remains subject to the Enterprise Terms dated October 7, 2024.
- Services. Customer acknowledges that it is purchasing access to One Medical mobile and web applications, as well as on-demand virtual care at no additional cost (collectively “One Medical Member Application Services”) solely for the benefit of its employees, contractors, clients, or other individuals as specifically stated on the Order Schedule. Customer agrees that it may not resell, offer or arrange for sale, sublicense or otherwise transfer, charge fees or receive remuneration for the One Medical Member Application Services. Customer understands that the Expanded Offerings may require the cooperation of Customer and availability, timing, and delivery of these services will be dependent in part upon Customer’s timely cooperation and communication with 1Life regarding these services.
- Code Redemption. If 1Life issues an activation code (the “Code”) to Customer, Customer will distribute the Code to all Eligible Employees, Eligible Individuals, or Eligible Customer Participants, as applicable. Each Eligible Employee/Eligible Individual/Eligible Customer Participant who presents the Code via the 1Life website and agrees to the One Medical Member Application Services Terms of Service prior to the termination of the Agreement will receive One Medical Member Application Services or have their One Medical Member Application Services renewed. Only Eligible Employees/Eligible Individuals/Eligible Customer Participants may redeem the Code or otherwise activate One Medical Member Application Services. All One Medical Member Application Services terminate when the Agreement expires or otherwise terminates.
- Survival. Sections 3 through 10 of these Enterprise Terms will survive expiration or termination of the Agreement.
- Disclaimer and Limitation of Liability. 1LIFE DOES NOT RENDER MEDICAL OR HEALTH CARE RELATED SERVICES OR TREATMENTS TO ELIGIBLE EMPLOYEES/ELIGIBLE INDIVIDUALS/ELIGIBLE CUSTOMER PARTICIPANTS. ACCORDINGLY, 1LIFE IS NOT RESPONSIBLE FOR THE HEALTH CARE OR OTHER SERVICES THAT ARE DELIVERED BY ONE MEDICAL. ONE MEDICAL AND ITS SERVICE PROVIDERS ARE SOLELY RESPONSIBLE FOR THE HEALTH CARE OR OTHER SERVICES THEY DELIVER. THE CODES, ONE MEDICAL MEMBER APPLICATION SERVICES AND ANY RELATED SERVICES PURSUANT TO THE AGREEMENT, ARE PROVIDED “AS IS” AND “WHERE-IS.” 1LIFE EXPRESSLY DISCLAIMS ALL OTHER EXPRESS WARRANTIES OR CONDITIONS, AND ALL OTHER WARRANTIES, CONDITIONS, AND OBLIGATIONS IMPLIED IN LAW, INCLUDING WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT WILL (A) EITHER PARTY BE LIABLE FOR ANY LOSS OF DATA, LOSS OF PROFITS, COST OF COVER OR OTHER SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT, PUNITIVE, EXEMPLARY OR RELIANCE DAMAGES ARISING FROM OR IN RELATION TO THIS AGREEMENT, HOWEVER CAUSED AND REGARDLESS OF THEORY OF LIABILITY AND (B) EITHER PARTY’S AGGREGATE LIABILITY FOR DIRECT DAMAGES UNDER THIS AGREEMENT EXCEED THE AMOUNT OF FEES PAID BY CUSTOMER TO 1LIFE UNDER THIS AGREEMENT FOR THE TWELVE-MONTH PERIOD PRECEDING THE CLAIM; EXCEPT THAT NOTHING IN THIS SECTION 5 WILL LIMIT CUSTOMER’S OBLIGATION TO PAY 1LIFE FOR CUSTOMER’S USE OF THE SERVICES PURSUANT TO THE ORDER SCHEDULE, OR ANY OTHER PAYMENT OBLIGATION UNDER THE AGREEMENT.
- Notices. All notices required or permitted under this Agreement will be in writing, will refer to this Agreement, and will be deemed effectively given: (a) upon personal delivery to the party to be notified, (b) when sent by confirmed electronic mail if sent during normal business hours of the recipient; if not, then on the next business day, (c) 3 days after having been sent by registered or certified mail, return receipt requested, postage prepaid, or (d) on the next business day following deposit with a nationally recognized overnight courier, specifying next day delivery, with written verification of receipt. All communications will be sent to the party to be notified, in the case of 1Life at the address set forth below, and in the case of the Customer, pursuant to the Customer Contact Information set forth on the Order Schedule, or at another address or electronic mail address as a party may designate by 10 days’ advance written notice to the other parties to this Agreement:
Amazon.com, Inc.
Attn: General Counsel
P.O. Box 81226 Seattle, WA 98108-1226 Fax: (206) 266-7010
E-mail: contracts-legal@amazon.com
cc: notices@onemedical.com - Confidentiality. This Agreement will be subject to, and governed by, the nondisclosure or confidentiality agreement (“NDA”) entered into between Customer and 1Life (or between Customer and 1Life’s parent, Amazon.com, Inc.). In the event an NDA exists between Customer and 1Life and between Customer and Amazon.com, Inc., the NDA between Customer and Amazon.com, Inc. will control. If no NDA exists between Customer and 1Life or between Customer and Amazon.com, Inc., then the following terms and conditions shall apply for the protection of confidential information:
- Confidentiality Terms in Event No NDA Exists. The recipient will not disclose Confidential Information (as defined below), except to affiliates, employees, agents or professional advisors who need to know it and who have agreed in writing (or in the case of professional advisors are otherwise bound) to keep it confidential. The recipient will ensure that those people and entities use the Confidential Information only to exercise rights and fulfill obligations under this Agreement, while using reasonable care to keep it confidential. The recipient may also disclose Confidential Information when required by law after giving reasonable notice to the disclosure, if permitted by law. “Confidential Information” means information that one party discloses to the other party under this Agreement, and that is marked as confidential or would normally be considered confidential information under the circumstances. It does not include information that the recipient already knew, that becomes public through no fault of the recipient, that was independently developed by the recipient, or that was lawfully given to the recipient by a third party. The mere existence and nature of a commercial relationship between the parties is not Confidential Information, but the economic terms of this Agreement shall be Confidential Information.
- Data Security. 1Life will implement reasonable and appropriate measures to secure Customer's data (“Customer Data”), including but not limited to, personally identifiable information and, if applicable, personal health information or “PHI” as that term is defined under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and Customer’s Members’ data (“Member Data”), against accidental or unlawful loss, access, or disclosure in accordance with 1Life’s security standards as identified in Subsections a – c below (“Security Standards”) and, as applicable to Customer Data or Member Data that is PHI, in accordance with HIPAA, the Health Information Technology for Economic and Clinical Health Act, also as known as Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009, as amended, the HIPAA Omnibus Final Rule, and any other state or federal privacy, cybersecurity, data breach notification, or data protection laws, in each case, as these laws, rules, and regulations have been and may be amended from time to time, that may apply to Customer Data or Member Data (the “Privacy Laws”). 1Life may modify the Security Standards from time to time but will not materially degrade the level of security from what is described in the Security Standards on the Effective Date and in the Privacy Laws. To the extent 1Life utilizes any third parties for services that include maintaining or transmitting Customer Data or Member Data, 1Life will require these third parties to implement reasonable and appropriate measures designed to secure Customer Data and Member Data against accidental or unlawful loss, access, or disclosure.
- Information Security Program. 1Life will maintain an information security program (including the adoption and enforcement of internal policies and procedures) designed to (a) secure Customer Data and Member Data against accidental or unlawful loss, access or disclosure, (b) identify reasonably foreseeable and internal risks to security and unauthorized access to 1Life systems, and (c) minimize security risks, including through risk assessment and regular testing. The information security program will require reasonable and appropriate assessments of third-party systems and technologies that may maintain or transmit Customer Data and Member Data. 1Life will designate one or more employees to coordinate and be accountable for the information security program.
- Network Security. 1Life systems will be electronically accessible to employees, contractors and any other person as necessary to provide its services to Customer. 1Life will maintain access controls and policies to manage what access is allowed to 1Life systems from each network connection and user, including the use of firewalls or functionally equivalent technology and authentication controls. 1Life will maintain corrective action and incident response plans to respond to potential security threats.
- SOC 2 Audit Report. 1Life will engage an independent CPA firm, which complies with the most current updates established by the American Institute of CPAs, to perform a service organization control (SOC 2) Type 2 security audit and report applicable to 1Life services and systems (“SOC 2 Audit Report”) on an annual basis. The person(s) conducting the SOC 2 Audit Report must have the technical expertise, training, and certifications to conduct the audit. The SOC 2 Audit Report will provide details of 1Life’s security controls examined by the auditor for suitability and operating effectiveness, as they relate to 1Life services provided under the Agreement for security, confidentiality, privacy, and availability. Upon written request by Customer, 1Life will make the SOC 2 Audit Report available to Customer on an annual basis during the Term. The SOC 2 Audit Report is considered the Confidential Information of 1Life and Customer will maintain its confidentiality pursuant to Section 7 (Confidentiality) of these Enterprise Terms.
- Governing Law; Dispute Resolution. This Agreement is governed by the laws of the State of Washington, without reference to its conflict of law rules. Each party agrees to exclusive personal jurisdiction and venue in the federal and state courts in King County, Washington for any dispute arising out of this Agreement.
- Miscellaneous. The parties agree that this Agreement is the entire agreement between them regarding the subject matter hereof. Except as provided in this Agreement, no change, modification, extension, termination, or waiver of this Agreement, or of any provision in this Agreement, will be valid unless made in writing and signed by each party. 1Life may amend any of the terms in these Enterprise Terms at its sole discretion by posting the revised terms on the website. Customer’s continued use of the services after the effective date of the revised Enterprise Terms constitutes its acceptance of the terms. Neither party may assign any of its rights or obligations under this Agreement without the prior written consent of the other party, except to an Affiliate or in connection with any merger, consolidation, reorganization, sale of all or substantially all of its related assets or similar transaction or as otherwise permitted in this Agreement. Subject to this limitation, this Agreement will be binding upon, inure to the benefit of and be enforceable by the parties and their respective successors and assigns. For the purpose of this section, "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party to the Agreement. In the event that any provision of this Agreement is determined to be invalid, illegal, or unenforceable by a court of competent jurisdiction, the remainder of the Agreement will remain in full force and effect without the invalid, illegal, or unenforceable provision.
CCPA DATA PROCESSING ADDENDUM
This CCPA Data Processing Addendum (“Addendum”) reflects the agreement between Customer and 1Life in relation to the Processing of Enterprise Personal Information and is incorporated into the Agreement. 1Life understands the terms in this Addendum and agrees to comply with them. This Addendum will terminate automatically when the Agreement expires or terminates. Any undefined capitalized terms within this Addendum shall have the definition applicable to them under the CCPA.
- Definitions
1.1. “CCPA” means the California Consumer Privacy Act of 2018, as amended or replaced from time to time, along with any implementing regulation.
1.2. “Consumer” means natural persons who reside in California as defined by Section 17014 of Title 18 of the California Code of Regulations.
1.3. “Consumer Request” means any request submitted by a Consumer to exercise a right provided by the CCPA in relation to that Consumer’s Enterprise Personal Information.
1.4. “Enterprise Personal Information” is personal information, as defined under the CCPA, of any Consumer, which is Processed by 1Life under the Agreement for purposes of providing Services to Customer, but does not include any data governed by HIPAA.
1.5. “Process” means any operation or set of operations that are performed on Enterprise Personal Information by 1Life under the Agreement.
1.6. “Sell” is as defined in the CCPA.
1.7. “Services” means the services to be provided by 1Life to Customer as specified in the Agreement. - Consumer Requests. Customer will be responsible for all communications in relation to all requests made by Consumers in relation to Enterprise Personal Information, including Consumer Requests.
- 1Life’s Obligations
3.1. Restrictions on Personal Information. 1Life will Process Enterprise Personal Information as necessary to perform the Services, and will not Sell, Process, use, share, transfer Enterprise Personal Information for any purpose not related to providing the Services, outside of the direct business relationship between 1Life and Customer, or as otherwise permitted by the CCPA. For clarity, 1Life may share or transfer Enterprise Personal Information with its own service providers to the extent necessary to perform the Services, as permitted by the CCPA. 1Life may use Aggregated and De-identified information (as defined in the CCPA) for statistical analysis and its business operations purposes.
3.2. Customer Requests. If 1Life, directly or indirectly, receives a Consumer Request relating to Enterprise’s Personal Information, 1Life will provide a copy of the Consumer Request to Customer and direct the Consumer to make the Consumer Request directly with Customer. - General
4.1. The terms of the Agreement will remain in full force and effect. In the event of any conflict between the terms of this Addendum and the terms of the Agreement, the terms of this Addendum will prevail with respect to the subject matter in the Addendum.
4.2. Any provision of this Addendum that is prohibited or unenforceable will be ineffective to the extent of the prohibition or unenforceability without invalidating the remaining provisions in this Addendum. The Parties will attempt to agree upon a valid and enforceable provision that is a reasonable substitute and will incorporate the substitute provision into this Addendum.