NetLiance Corporation operates the SpamTrap service for all clients according to the following strict Confidentiality Agreement (NDA) which also states that the service follows the requirements of the United States "Health Insurance Portability and Accountability Act" (HIPAA).

Clients that would prefer a signed copy of this Confidentiality Agreement are welcome to request one by contacting our sales department.

CONFIDENTIALITY (NON-DISCLOSURE) AGREEMENT

This is a Confidentiality (Non-Disclosure) Agreement between SpamTrap, an anti-spam service owned and operated by NetLiance Corporation (NLC) with offices at 5631 Palmer Way, Suite C, Carlsbad, CA 92010, USA and all clients (Client) that use the SpamTrap service.

This agreement assumes that the Client is using the SpamTrap anti-spam service (Service) in which all Client email passes through the spam filter servers for the purpose of anti-spam filtering.

NLC hereby agrees to treat all Client email and other information supplied by or on behalf of the Client as Confidential Information. As detailed in this agreement:

* NLC will not log or archive the contents (body) of email messages.

* NLC will not disclose Confidential Information, including email information or email contents, to any third party, unless required to do so by court order.

* If Client is a "covered entity" under the United States "Health Insurance Portability and Accountability Act" (HIPAA), the "HIPAA Addendum" is incorporated by reference as part of this agreement.

* Outside of special situations (testing, debugging, spam review) detailed below, NLC staff do not view Client email. Additionally, NLC staff have been trained to treat Client email with utmost confidentiality and understand that disclosing or using information in Client email may be a felony, and each staff member has agreed in writing to the terms hereof.

Confidentiality - NLC agrees to treat all Client email as Confidential Information, unless the email is beyond a reasonable doubt an Unsolicited Commercial Email (UCE), i.e. "Spam". NLC also agrees to treat any information the Client shares with NLC with regard to business plans, employee numbers, IT security, IT configuration, and similar "sensitive" business information as Confidential Information.

The term Confidential Information does not include information which (i) is already in NLC's possession, provided that such information is not known by NLC to be subject to another confidentiality agreement with the Client, or (ii) becomes generally available to the public other than as a result of a disclosure by NLC or its directors, officers or employees, or (iii) becomes available to NLC on a non-confidential basis from a source other than the Client or its advisors, provided that such source is not known by NLC to be bound by a confidentiality agreement with or other obligation of secrecy to the Client or another party.

NLC will always treat all legitimate (non-UCE) Client email as Confidential Information.

Non-Disclosure - Only NLC's directors, officers and employees have (limited) access to Client email and information. NLC will not disclose Confidential Information, email information or email contents to any third party, unless required to do so by court order. In particular, NLC does not allow subcontractors, affiliates, partners, resellers or any other third party to access Client email.

The directors, officers and employees of NLC have been trained to take all reasonable steps to ensure that Client email remains confidential, and is not deliberately or accidentally divulged to any other party.

Access to Confidential Information - NLC limits access to Client email to the absolute minimum necessary to operate a reliable Service. Outside of occasional testing and debugging of the Service, no Client email (body) content is seen by any staff, unless the Client explicitly permits NLC to review only those email messages filtered by the Service. (This is detailed below.) Only officers and senior employees of NLC's upstream providers perform testing and debugg and have access to the computers that contain or process (filter) Client email.

The upstream provider agrees to use reasonable, industry-standard security measures to prevent unauthorized access to its computer systems. All computers that contain Confidential Information or process (filter) Client email are protected by hardware and/or software firewalls to restrict access to only authorized personal and from authorized locations.

Logging/Archiving - NLC certifies that this Service does not log or archive the content (body) of email messages, unless the Client explicitly permits NLC to do so for spam review purposes. In the event a Client's legitimate (non-UCE) email is captured during the course of testing, debugging, or spam review, any copy/capture of the email will be immediately deleted.

While the Service logs each email message, the log consists of only sender's email address, IP address and the Subject line of the email. This limited log is also treated as Confidential information and will be deleted after 31 days.

Spam Review - Many Clients give NLC explicit permission to monitor and review the spam which is filtered for their domain(s). When permitted, only those emails which are filtered by the Service are logged and reviewed by NLC staff. Since unfiltered emails are not logged or reviewed, NLC staff will only view UCE (spam) emails and an occasional (typically less than 1 in 10,000) legitimate email which was incorrectly filtered by the Service. In the event a legitimate email is reviewed, all copies of it are immediately deleted. NLC and its staff will maintain the confidentiality of these and all legitimate emails.

HIPAA - The United States "Health Insurance Portability and Accountability Act (HIPAA) requires that medical and patient information be treated with a high level of confidentiality, and imposes severe penalties for the disclosure of such information. NLC and its upstream providers agree to comply with the confidentiality requirements of HIPAA, pursuant to the terms hereof and the HIPAA Addendum.

It is NLC's and its upstream providers' opinion that this Confidentiality Agreement exceeds the requirements of HIPAA, especially since no Client email information is stored or used by NLC, no designated client record sets are maintained, and email not shared with any third party.

Binding Effect - This agreement is binding upon, and inures to the benefit of, the successors and assigns of the parties.

Remedies - NLC and its upstream providers acknowledge that failure to comply with the terms of this Agreement may cause irreparable damage to the Client. Therefore, NLC and its upstream providers agree that in addition to any other remedies at law or in equity available to the Client for NLC's breach or threatened breach of this Agreement, the Client is entitled to specific performance or injunctive relief against NLC and its upstream providers to prevent such damage or breach, and the existence of any claim or cause of action NLC may have against the Client will not constitute a defense thereto. Client understands that each party will be responsible for its own legal fees and the NLC will not pay attorney fees incurred by the Client in any proceeding relating to the enforcement part of the agreement or to any alleged breach thereof in which the Client will prevail in whole or in part.

Confirmed and Agreed to:

For: NetLiance Corporation

By: Alice Wang, Sc.D.

Title: President

Date: June 14, 2004