Healthplex — Modular AI-Native EHR Platform

Plain-English note: This document governs the commercial relationship between Healthplex and its business customers (“you”). It is written as clearly as we can manage while still being legally operative. Each section begins with a one-sentence plain-English summary.

1. Definitions

Summary: Here is what the key terms mean throughout this agreement.

“Healthplex” means Healthplex, Inc., a Delaware corporation.
“Customer” means the legal entity that executes an Order with Healthplex or accesses the Services.
“Tenant” means the Customer’s logical instance within the Healthplex multi-tenant platform, identified by a unique org_id.
“Services” means the Healthplex EHR platform, including all modules, APIs, and support services, as described in the applicable Order.
“Order” means a sales order form, master service agreement, statement of work, or other written instrument that references these Terms.
“Authorized User” means an individual whom Customer has provisioned to access the Services on its behalf.
“PHI” means Protected Health Information as defined under HIPAA (45 C.F.R. §160.103) and equivalent definitions under applicable law (e.g., personal health data under GDPR / DPDP / Privacy Act 1988).
“Customer Data” means all data, including PHI, submitted to the Services by or on behalf of Customer.
“BAA” means a Business Associate Agreement as required under HIPAA.
“DPA” means a Data Processing Agreement as required under GDPR Article 28.
“Documentation” means Healthplex’s then-current technical documentation published at the Healthplex documentation site.
“Effective Date” means the date of execution of the applicable Order.

2. Service grant

Summary: We give you a limited, non-exclusive right to use the platform for your internal healthcare operations.

Subject to payment of fees and compliance with these Terms, Healthplex grants Customer a non-exclusive, non-transferable, revocable, worldwide (subject to regional deployment restrictions) right to access and use the Services solely for Customer’s internal healthcare operations during the Term, as specified in the Order.

This grant does not include the right to: (a) sublicense the Services to third parties; (b) use the Services to build a competing product; (c) access the Services beyond the user counts or site limits in the Order; or (d) remove or obscure any proprietary notices.

3. Customer responsibilities

Summary: You are the data controller. You own your data. You are responsible for ensuring you have lawful authority to upload it and that your users comply with these Terms.

3.1 Data controller / data fiduciary. Customer is the Data Controller under GDPR, the covered entity or business associate (as applicable) under HIPAA, and the Data Fiduciary under DPDP. Healthplex is a Business Associate or Data Processor only, acting solely on Customer’s instructions.

3.2 Lawful basis. Customer warrants that it has (and will maintain) a lawful basis for uploading and processing all Customer Data, including PHI, and that it has obtained all necessary consents, authorizations, and permissions required by applicable law.

3.3 Authorized Users. Customer is responsible for all acts and omissions of its Authorized Users and for maintaining the confidentiality of user credentials.

3.4 Acceptable use. Customer shall comply with the Acceptable Use Policy in Section 14.

3.5 BAA / DPA. For tenants processing PHI subject to HIPAA or personal data subject to GDPR, execution of the applicable BAA or DPA is a condition of access to the Services. Customer shall not upload PHI to the platform without first executing the applicable BAA.

4. Fees and payment

Summary: Invoices are due net 30. We can suspend access after 30 days of non-payment with written notice.

4.1 Fees. Customer shall pay fees as specified in the applicable Order.

4.2 Invoicing. Healthplex will invoice Customer monthly or annually as specified in the Order. Invoices are due net 30 days from date of invoice.

4.3 Late fees. Overdue amounts accrue interest at the lesser of 1.5% per month or the maximum rate permitted by law, from the due date until paid.

4.4 Taxes. All fees are exclusive of applicable taxes. Customer is responsible for all sales, use, GST, VAT, or similar taxes arising from the Services, excluding taxes on Healthplex’s net income.

4.5 Suspension for non-payment. If any undisputed invoice is more than 30 days past due, Healthplex may, upon 30 days written notice to Customer, suspend access to the Services until all overdue amounts are paid. Healthplex will restore access within 2 business days of receipt of payment.

5. Term and termination

Summary: The contract auto-renews annually. Either party can terminate for breach after a 30-day cure period. Post-termination, you have 30 days to export your data before it may be deleted.

5.1 Initial term. The initial term begins on the Effective Date and continues for the period specified in the Order (typically 12 months).

5.2 Auto-renewal. Unless either party provides written notice of non-renewal at least 60 days before the end of the then-current term, the Agreement will automatically renew for successive one-year terms at Healthplex’s then-current pricing.

5.3 Termination for cause. Either party may terminate this Agreement upon 30 days written notice if the other party materially breaches these Terms and fails to cure such breach within the 30-day notice period. Healthplex may terminate immediately upon notice if Customer violates Section 14 (Acceptable Use) or fails to execute a required BAA.

5.4 Termination for convenience. Customer may terminate this Agreement for convenience upon 60 days written notice. No refunds are owed for unused prepaid periods unless otherwise specified in the Order.

5.5 Post-termination data. Upon termination or expiration: (a) Healthplex will provide Customer with read-only access to export Customer Data for 30 days following the termination date; (b) after that 30-day period, Healthplex may delete Customer Data (including PHI) at its sole discretion, consistent with its retention policies and applicable law; (c) Customer is solely responsible for exporting its data during the 30-day window. Healthplex has no obligation to retain Customer Data beyond the 30-day export window.

5.6 Effect of termination. On termination, all rights granted to Customer immediately cease. Sections 1, 4 (amounts owed), 5.5, 6, 7, 8, 9, 10, 11, and 12 survive termination.

6. Intellectual property

Summary: Healthplex owns the platform. You own your data. We may use anonymised, de-identified usage data to improve the product — but we never sell your data.

6.1 Healthplex IP. Healthplex retains all right, title, and interest in and to the Services, including all software, algorithms, interfaces, documentation, and derivative works thereof. No rights are granted except as expressly set out in Section 2.

6.2 Customer Data. Customer retains all right, title, and interest in Customer Data. Healthplex processes Customer Data solely to provide the Services and as expressly permitted by these Terms or the applicable BAA / DPA.

6.3 Feedback. If Customer provides feedback or suggestions regarding the Services, Healthplex may use such feedback without restriction and without obligation to Customer.

6.4 Aggregated usage data. Healthplex may collect and use aggregated, de-identified data derived from Customer’s use of the Services (e.g., feature usage patterns, performance metrics) to improve, develop, and market the Services. Such data will not identify Customer or any individual. Healthplex will not sell such data to third parties.

7. Warranties

Summary: We warrant that the platform materially does what the documentation says. Everything else is disclaimed. Your remedy for a breach is a service credit, not a lawsuit for consequential damages.

7.1 Platform warranty. Healthplex warrants that the Services will, in all material respects, conform to the Documentation during the Term.

7.2 Disclaimer. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT AS EXPRESSLY SET OUT IN SECTION 7.1, THE SERVICES ARE PROVIDED “AS IS”. HEALTHPLEX DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND ERROR-FREE OPERATION. HEALTHPLEX DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, TIMELY, SECURE, OR FREE OF ERRORS.

7.3 Clinical advisory. Customer acknowledges that clinical decision support outputs produced by the AI gateway are advisory only and are not a substitute for the independent professional judgment of a licensed clinician. Customer is solely responsible for all clinical decisions made using outputs from the platform.

7.4 Remedy. Customer’s sole remedy for a breach of the warranty in Section 7.1 is a service credit as specified in the applicable SLA addendum, applied to a future invoice. If no SLA addendum applies, the credit is proportional to the duration of confirmed non-conformance in the affected billing period.

8. Limitation of liability

Summary: Our total liability to you is capped at 12 months of fees paid. We are not liable for lost profits, lost data, or consequential damages. The cap does not apply to gross negligence, confidentiality breaches, or IP indemnities — where we do remain fully liable.

8.1 Cap. EXCEPT AS SET OUT IN SECTION 8.3, HEALTHPLEX’S TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT — WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE — SHALL NOT EXCEED THE TOTAL FEES PAID BY CUSTOMER TO HEALTHPLEX DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE CLAIM.

8.2 Exclusion of consequential damages. EXCEPT AS SET OUT IN SECTION 8.3, IN NO EVENT SHALL HEALTHPLEX BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF GOODWILL, LOSS OF DATA, COST OF DATA RESTORATION, OR COST OF SUBSTITUTE SERVICES, EVEN IF HEALTHPLEX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

8.3 Exceptions to the cap. The liability cap in Section 8.1 and the exclusion in Section 8.2 do NOT apply to: (a) damages arising from Healthplex’s gross negligence or wilful misconduct; (b) damages arising from Healthplex’s material breach of its confidentiality obligations under Section 10; (c) Healthplex’s obligations under its IP indemnity in Section 9.2; or (d) liability that cannot be limited under applicable law (including liability under applicable data protection law for Healthplex’s breach of its obligations as a data processor or business associate).

9. Indemnification

Summary: You indemnify us for claims arising from your data or your misuse of the platform. We indemnify you if a third party sues you claiming our unmodified platform infringes their IP.

9.1 Customer indemnity. Customer shall defend, indemnify, and hold harmless Healthplex from and against any third-party claim, loss, liability, damage, or expense (including reasonable legal fees) arising out of or relating to: (a) Customer Data, including any claim that Customer Data violates applicable law or third-party rights; (b) Customer’s use of the Services in breach of these Terms; or (c) Customer’s failure to comply with applicable law (including data protection and healthcare regulation).

9.2 Healthplex IP indemnity. Healthplex shall defend, indemnify, and hold harmless Customer from and against any third-party claim alleging that the unmodified Services infringe a third party’s intellectual property rights. This indemnity does not apply to claims arising from: (a) Customer’s modification of the Services; (b) Customer’s combination of the Services with third-party products not provided or approved by Healthplex; or (c) Customer Data.

9.3 Indemnification procedure. The indemnified party shall: (a) promptly notify the indemnifying party in writing; (b) give the indemnifying party sole control of the defence and settlement; and (c) reasonably cooperate at the indemnifying party’s expense.

10. Confidentiality

Summary: We keep each other’s confidential information private. This obligation survives termination for 5 years.

10.1 Obligations. Each party (“Receiving Party”) agrees to hold in confidence all Confidential Information of the other party (“Disclosing Party”) using at least the same degree of care it uses for its own confidential information (but no less than reasonable care), and not to disclose Confidential Information to any third party except as permitted under these Terms.

10.2 Confidential Information means information marked as confidential or which a reasonable person would understand to be confidential, including pricing, technical architecture, Customer Data, and business plans. Confidential Information does not include information that: (a) is or becomes publicly available through no breach of this Agreement; (b) was known to the Receiving Party before disclosure; (c) was independently developed by the Receiving Party without reference to the Disclosing Party’s information; or (d) is required to be disclosed by law, provided the Receiving Party gives prompt written notice.

10.3 Duration. Confidentiality obligations survive termination of this Agreement for a period of 5 years. Obligations with respect to Customer Data (including PHI) survive indefinitely or until Customer Data is deleted in accordance with applicable law.

11. Governing law and disputes

Summary: Delaware law applies. Disputes go to AAA arbitration in Delaware. Class actions are waived.

11.1 Governing law. This Agreement is governed by the laws of the State of Delaware, excluding its conflict-of-laws rules.

11.2 Arbitration. Any dispute, claim, or controversy arising out of or relating to this Agreement (except claims for injunctive relief to protect intellectual property or confidential information) shall be resolved by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be seated in Wilmington, Delaware. The arbitrator’s decision shall be final and binding.

11.3 Class action waiver. Each party waives any right to bring claims as a class action or in any class, consolidated, or representative proceeding.

11.4 Injunctive relief. Either party may seek emergency injunctive or other equitable relief from a court of competent jurisdiction in Delaware to prevent irreparable harm, without prejudice to the arbitration obligation above.

12. General provisions

Summary: Standard boilerplate — force majeure, assignment, notices, severability, and entire agreement.

12.1 Force majeure. Neither party is liable for delays or failures caused by events beyond its reasonable control (including natural disasters, pandemics, government actions, or third-party infrastructure failures), provided the affected party gives prompt notice and uses commercially reasonable efforts to resume performance.

12.2 Assignment. Customer may not assign or transfer this Agreement without Healthplex’s prior written consent. Healthplex may assign this Agreement in connection with a merger, acquisition, or sale of all or substantially all of its assets, upon written notice to Customer.

12.3 Notices. Notices must be in writing and sent to the addresses in the Order or by email to the addresses below. Notices to Healthplex: legal@healthplex.app.

12.4 Severability. If any provision is held unenforceable, the remaining provisions continue in full force.

12.5 Entire agreement. This Agreement, together with all Orders and addenda (including the BAA and/or DPA), constitutes the entire agreement between the parties with respect to its subject matter, superseding all prior agreements, representations, and understandings.

12.6 Waiver. No waiver of any provision of this Agreement is effective unless in writing.

12.7 Counterparts. This Agreement may be executed in counterparts, each of which is an original and all of which constitute one instrument. Electronic signatures are valid.

13. Subprocessors

Summary: We publish the list of subprocessors that handle PHI or personal data. We will give you 30 days notice before adding a new one.

Healthplex maintains a current list of subprocessors at /legal/subprocessors. Healthplex will notify Customer by email at least 30 days before engaging a new subprocessor that will process Customer Data (including PHI or personal data subject to GDPR / DPDP). Customer may, within 15 days of such notice, object in writing to the new subprocessor on the grounds that it would materially impair Customer’s ability to comply with applicable data protection law. If the parties cannot resolve the objection within 15 days, Customer may terminate the Agreement for cause without penalty.

14. Acceptable use

Summary: Don’t use the platform for illegal purposes, to upload malware, or to scrape or reverse-engineer it.

Customer shall not, and shall ensure Authorized Users do not:

Upload malware, viruses, or other malicious code to the Services.
Process PHI or personal data without a valid BAA or DPA in place (as applicable).
Attempt to reverse-engineer, decompile, or disassemble any component of the Services.
Scrape, crawl, or systematically access the Services in ways that are disproportionate to reasonable use.
Use the Services to store or transmit unlawful content.
Circumvent or attempt to circumvent rate limits, authentication, or access controls.
Use the Services in a manner that violates applicable law, including HIPAA, GDPR, DPDP, or any healthcare regulation in the Customer’s jurisdiction.

Healthplex, Inc. — legal@healthplex.app