Terms & Policies

Terms of Service

EFFECTIVE DAY 1 JUNE 2023

This Plait Subscription Terms of Service ("Agreement") is entered into by and between the Plait entity set forth below ("Plait") and the entity or person placing an order for or accessing any Services ("Customer" or "you"). If you are accessing or using the Services on behalf of your company, you represent that you are authorized to accept this Agreement on behalf of your company, and all references to "you" or "Customer" reference your company.

This Agreement permits Customer to purchase subscriptions to online software-as-a-service products and other services from Plait pursuant to any Plait ordering documents, online registration, order descriptions or order confirmations referencing this Agreement ("Order Form(s)") and sets forth the basic terms and conditions under which those products and services will be delivered. This Agreement includes the Additional Product Terms, incorporated by reference herein, and will govern Customer's initial purchase on the Effective Date as well as any future purchases made by Customer that reference this Agreement.

The "Effective Date" of this Agreement is the date which is the earlier of (a) Customer's initial access to any Service (as defined below) through any online provisioning, registration or order process or (b) the effective date of the first Order Form referencing this Agreement.

As used in this Agreement, "Plait" means Well Revolution Limited, a New Zealand company (7396836) with offices at 42 Airedale Street, Auckland Central, Auckland, New Zealand.

Modifications to this Agreement: From time to time, Plait may modify this Agreement. Unless otherwise specified by Plait, changes become effective for Customer upon renewal of Customer's current Subscription Term (as defined below) or entry into a new Order Form. Plait will use reasonable efforts to notify Customer of the changes through communications via Customer's account, email or other means. Customer may be required to click to accept or otherwise agree to the modified Agreement before renewing a Subscription Term or entering into a new Order Form, and in any event, continued use of the Services after the updated version of this Agreement goes into effect will constitute Customer's acceptance of such updated version. If Plait specifies that changes to the Agreement will take effect prior to Customer's next renewal or order (such as for legal compliance or product change reasons) and Customer objects to such changes, Customer may terminate the applicable Subscription Term and receive as its sole remedy a refund of any fees Customer has pre-paid for use of the applicable Services for the terminated portion of the Subscription Term.

By indicating your acceptance of this agreement or accessing or using any Services, you are agreeing to be bound by all terms, conditions, and notices contained or referenced in this Agreement. If you do not agree to this Agreement, please do not use any Services. For clarity, each party expressly agrees that this Agreement is legally binding upon it. This Agreement contains mandatory mediation and arbitration provisions that require the use of mediation and arbitration to resolve disputes, rather than court action.

1. Definitions

"Affiliate" means any entity under the control of Customer where "control" means ownership of or the right to control greater than 50% of the voting securities of such entity.

"AUP" means Plait's Acceptable Use Policy, available here or a successor URL.

BAA” means Plait’s HIPAA Business Associate Agreement. If Customer is a Covered Entity or a Business Associate and includes PHI in Customer Data, the BAA is incorporated into the terms of this Agreement.

"Beta Offerings" means pre-release services, features, or functions identified as alpha, beta, preview, early access, or words or phrases with similar meanings.

"Contractor" means an independent contractor or consultant who is not a competitor of Plait.

"Customer Data" means any data of any type that is submitted to the Services by or on behalf of Customer, including without limitation: (a) data submitted, uploaded or imported to the Services by Customer (including from Third Party Platforms) and (b) data provided by or about People (including chat and message logs) that are collected from the Customer Properties using the Services.

"Customer Properties" means Customer's websites, apps, or other offerings owned and operated by (or for the benefit of) Customer through which Customer uses the Services to communicate with People.

"Documentation" means the technical user documentation provided with the Services.

"Feedback" means comments, questions, suggestions or other feedback relating to any Plait product or service.

“HIPAA” ‍means the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act and their implementing regulations as amended from time to time.

"Intellectual Property Rights" include all valid patents, trademarks, copyrights, trade secrets, moral rights, and other intellectual property rights, as may exist now or hereafter come into existence, and all renewals and extensions thereof, and all improvements to any of the foregoing, regardless of whether any of such rights arise under the laws of any state, country or other jurisdiction.

"Laws" means all applicable local, state, federal and international laws, regulations and conventions, including, without limitation, those related to data privacy and data transfer, international communications, and the exportation of technical or personal data.

"Order Form" means a written or electronic form to order the Services or an online order completed through Plait’s website. Upon execution by the parties (or, in the case of electronic orders, confirmation and placement of the order), each Order Form will be subject to the terms and conditions of this Agreement.

"People" (in the singular, "Person") means Customer's end user customers, potential end user customers, and other users of and visitors to the Customer Properties.

"Permitted User" means an employee or Contractor of Customer or its Affiliate who is authorized to access the Service.

‍”PHI” means protected health information as defined by HIPAA’s Privacy Rule found at 45 C.F.R. 160.103.

"Plait App" means any downloadable or non-downloadable mobile application or desktop client software included in the applicable Service that is made available by Plait.

"Plait Code" means certain JavaScript code, software development kits (SDKs) or other code provided by Plait for deployment on Customer Properties.

"Sensitive Personal Information" means any of the following: (i) patient, medical or other protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA) not authorized or covered by a BAA; (ii) credit, debit or other payment card data subject to the Payment Card Industry Data Security Standards ("PCI DSS").

"Services" means Plait's proprietary software-as-a-service solution(s), including the Workspace, Plait application programming interfaces (APIs), Plait Code and Plait Apps, as described in the applicable Order Form.

"Taxes" means any sales, use, GST, value-added, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on the income of Plait.

Third Party Messaging App(s)” means a separate, stand-alone service accessible apart from the generally available Plait Service to which Customer subscribes. A Third Party Messaging App allows Customer to integrate the Plait App provided with Customer's Plait App account(s) (as defined in the “Agreement”) with Customer's Third Party Messaging App services account(s).

"Third-Party Platform(s)" means any software, software-as-a-service, data sources or other products or services not provided by Plait that are integrated with or otherwise accessible through the Services.

"Workspace" means Plait's user interface for accessing and administering the Services that Customer may access via the web or the Plait Apps.

2. Plait Services

2.1. Services Overview. Plait's Services are a suite of messaging software-as-a-service solutions offered through a single platform. The Services are designed to enable Customer to manage communications with People through the entire lifecycle of their relationship with Customer and to provide a Workspace for accessing and managing Customer Data regarding those People. Customer may import and export Customer Data between the Services and certain Third-Party Platforms through supported integrations. The Services also include Plait Code deployed on Customer Properties to enable live messaging functionality.

2.2. Provision of Services. Each Service is provided on a subscription basis for a set term designated on the Order Form (each a "Subscription Term"). Customer will purchase and Plait will provide the specific Services as specified in the applicable Order Form.

2.3. Access to Services. Customer may access and use the Services solely for its own benefit (and for the benefit of People) and in accordance with the terms and conditions of this Agreement, the Documentation and any scope of use restrictions designated in the applicable Order Form (including without limitation the number of People active or activated). Use of and access to the Services is permitted only by Permitted Users. If Customer is given API keys or passwords to access the Services on Plait's systems, Customer will require that all Permitted Users keep API keys, user ID and password information strictly confidential and not share such information with any unauthorized person. User IDs are granted to individual, named persons and may not be shared. If Customer is accessing the Services using credentials provided by a third party (e.g., Microsoft or Google), then Customer will comply with all applicable terms and conditions of such third party regarding provisioning and use of such credentials. Customer will be responsible for any and all actions taken using Customer's accounts and passwords. If any Permitted User who has access to a user ID is no longer an employee (or Contractor, as set forth below) of Customer, then Customer will promptly delete such user ID and otherwise terminate such Permitted User's access to the Service. The right to use the Services includes the right to deploy Plait Code on Customer Properties in order to enable messaging, chat and other functionality and to collect Customer Data for use with the Services as further described below.

2.4. Plait Apps. To the extent Plait provides Plait Apps for use with the Services, subject to all of the terms and conditions of this Agreement, Plait grants to Customer a limited, non-transferable, non-sublicensable, non-exclusive license during any applicable Subscription Term to use the object code form of the Plait Apps internally, but only in connection with Customer's use of the Service and otherwise in accordance with the Documentation and this Agreement.

2.5. Deployment of Plait Code. Subject to all of the terms and conditions of this Agreement, Plait grants to Customer a limited, non-transferable, non-sublicensable, non-exclusive license during any applicable Subscription Term to copy the Plait Code in the form provided by Plait on Customer Properties solely to support Customer's use of the Service and otherwise in accordance with the Documentation and this Agreement. Customer must implement Plait Code on the Customer Properties in order to enable features of the Services. Customer will implement all Plait Code in strict accordance with the Documentation and other instructions provided by Plait. Customer acknowledges that any changes made to the Customer Properties after initial implementation of Plait Code may cause the Services to cease working or function improperly and that Plait will have no responsibility for the impact of any such Customer changes.

2.6. Contractors and Affiliates. Customer may permit its Contractors and its Affiliates' employees and Contractors to serve as Permitted Users, provided Customer remains responsible for compliance by such individuals with all of the terms and conditions of this Agreement, and any use of the Services by such individuals is for the sole benefit of Customer.

2.7. General Restrictions. Customer will not (and will not permit any third party to): (a) rent, lease, provide access to or sublicense the Services to a third party; (b) use the Services to provide, or incorporate the Services into, any product or service provided to a third party; (c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APIs to the Services, except to the extent expressly permitted by applicable law (and then only upon advance notice to Plait); (d) copy or modify the Services or any Documentation, or create any derivative work from any of the foregoing; (e) remove or obscure any proprietary or other notices contained in the Services (including without limitation (i) the "Powered by Plait" designation that may appear as part of the deployment of the Services on Customer Properties and (ii) notices on any reports or data printed from the Services); or (f) publicly disseminate information regarding the performance of the Services.

2.8. Plait APIs. If Plait makes access to any APIs available as part of the Services, Plait reserves the right to place limits on access to such APIs (e.g., limits on numbers of calls or requests). Further, Plait may monitor Customer's usage of such APIs and limit the number of calls or requests Customer may make if Plait believes that Customer's usage is in breach of this Agreement or may negatively affect the Services (or otherwise impose liability on Plait).

2.9. Trial Subscriptions. If Customer receives free access or a trial or evaluation subscription to the Service (a "Trial Subscription"), then Customer may use the Services in accordance with the terms and conditions of this Agreement for a period of fourteen (14) days or such other period granted by Plait (the "Trial Period"). Trial Subscriptions are permitted solely for Customer's use to determine whether to purchase a paid subscription to the Services. Trial Subscriptions may not include all functionality and features accessible as part of a paid Subscription Term. If Customer does not enter into a paid Subscription Term, this Agreement and Customer's right to access and use the Services will terminate at the end of the Trial Period. Plait has the right to terminate a Trial Subscription at any time for any reason. Notwithstanding anything to the contrary in this agreement, Plait will have no warranty, indemnity, support, or other obligations with respect to Trial Subscriptions.

2.10. Beta Offerings. Customer may choose to use Beta Offerings in its sole discretion. Beta Offerings may not be supported and may be changed at any time without notice. Beta Offerings may not be as reliable or available as the Service. Beta Offerings may not be subject to the same security measures as in the Security Policy. Plait will have no liability arising out of or in connection with Beta Offerings. Customer uses Beta Offerings at its own risk.

3. Customer Data and Customer Obligations

3.1. Rights in Customer Data. As between the parties, Customer will retain all right, title and interest (including any and all Intellectual Property Rights) in and to the Customer Data as provided to Plait. Subject to the terms of this Agreement, Customer hereby grants to Plait a non-exclusive, worldwide, royalty-free right to use, copy, store, transmit, modify, create derivative works of and display the Customer Data solely to the extent necessary to provide the Services to Customer.

3.2. Storage of Customer Data. Plait does not provide an archiving service. Plait agrees only that it will not intentionally delete any Customer Data from any Service prior to termination of Customer's applicable Subscription Term. Plait expressly disclaims all other obligations with respect to storage.

3.3. Customer Obligations.

a) In General. Customer is solely responsible for the accuracy, content and legality of all Customer Data. Customer represents and warrants to Plait that Customer has all necessary rights, consents and permissions to collect, share and use all Customer Data as contemplated in this Agreement (including granting Plait the rights in Section 3.1 (Rights in Customer Data)) and that no Customer Data will violate or infringe (i) any third party Intellectual Property Rights, publicity, privacy or other rights, (ii) any Laws, or (iii) any terms of service, privacy policies or other agreements governing the Customer Properties or Customer's accounts with any Third-Party Platforms. Customer further represents and warrants that all Customer Data complies with the AUP. Customer will be fully responsible for any Customer Data submitted to the Services by any Person as if it was submitted by Customer.

b) Sensitive Personal Information. Except as otherwise expressly agreed in the BAA, Customer specifically agrees not to use the Services to collect, store, process or transmit any Sensitive Personal Information. Customer acknowledges that Plait is not (i) a provider of medical or healthcare services, (ii) a payment card processor and that the Services are not PCI DSS compliant. Customer shall be responsible for any Sensitive Personal Information it submits to the Service, and Plait will treat such submissions as Customer Data as defined in this Agreement such that Plait is not subject to any additional obligations that apply to Sensitive Personal Information.

c) Compliance with Laws. Customer agrees to comply with all applicable Laws in its use of the Services. Without limiting the generality of the foregoing, Customer will not engage in any unsolicited advertising, marketing, or other activities using the Services, including without limitation any activities that violate the Telephone Consumer Protection Act of 1991, CAN-SPAM Act of 2003 or any other anti-spam laws and regulations.

d) Disclosures on Customer Properties. Customer acknowledges that the Plait Code causes a unique cookie ID to be associated with each Person who accesses the Customer Properties, which cookie ID enables Plait to provide the Services. Customer will include on each Customer Property a link to its privacy policy that discloses Customer's use of third party tracking technology to collect data about People as described in this Agreement. Customer's privacy policy must disclose how, and for what purposes, the data collected through Plait Code will be used or shared with Plait as part of the Services. Customer must also provide People with clear and comprehensive information about the storing and accessing of cookies or other information on the Peoples' devices where such activity occurs in connection with the Services and as required by applicable Laws. For clarity, as between Customer and Plait, Customer will be solely responsible for obtaining the necessary clearances, consents and approvals from People under all applicable Laws.

3.4. Indemnification by Customer. Customer will indemnify, defend and hold harmless Plait from and against any and all claims, costs, damages, losses, liabilities and expenses (including reasonable attorneys' fees and costs) arising out of or in connection with any claim arising from or relating to any Customer Data, Customer’s use of a Third Party Messaging App, or breach or alleged breach by Customer of Section 3.3 (Customer Obligations). This indemnification obligation is subject to Customer receiving (i) prompt written notice of such claim (but in any event notice in sufficient time for Customer to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense, or settlement of such claim; and (iii) all necessary cooperation of Plait at Customer's expense. Notwithstanding the foregoing sentence, (a) Plait may participate in the defense of any claim by counsel of its own choosing, at its cost and expense and (b) Customer will not settle any claim without Plait's prior written consent, unless the settlement fully and unconditionally releases Plait and does not require Plait to pay any amount, take any action, or admit any liability.

3.5. Aggregated Anonymous Data . Notwithstanding anything to the contrary herein, Customer agrees that Plait may obtain and aggregate technical and other data about Customer's use of the Services that is non-personally identifiable with respect to Customer ("Aggregated Anonymous Data"), and Plait may use the Aggregated Anonymous Data to analyze, improve, support and operate the Services and otherwise for any business purpose during and after the term of this Agreement, including without limitation to generate industry benchmark or best practice guidance, recommendations or similar reports for distribution to and consumption by Customer and other Plait customers. For clarity, this Section 3.5 does not give Plait the right to identify Customer as the source of any Aggregated Anonymous Data.

4. Security

Plait agrees to use commercially reasonable technical and organizational measures designed to prevent unauthorized access, use, alteration or disclosure of any Service or Customer Data, as further described in Plait’s Security Policy. However, Plait will have no responsibility for errors in transmission, unauthorized third-party access or other causes beyond Plait's control.

5. Third-Party Platforms and Third Party Messaging Apps

5.1 Third Party Platforms. The Services may support integrations with certain Third-Party Platforms. In order for the Services to communicate with such Third-Party Platforms, Customer may be required to input credentials in order for the Services to access and receive relevant information from such Third-Party Platforms. By enabling use of the Services with any Third-Party Platform, Customer authorizes Plait to access Customer's accounts with such Third-Party Platform for the purposes described in this Agreement. Customer is solely responsible for complying with any relevant terms and conditions of the Third-Party Platforms and maintaining appropriate accounts in good standing with the providers of the Third-Party Platforms. Customer acknowledges and agrees that Plait has no responsibility or liability for any Third-Party Platform or any Customer Data exported to a Third-Party Platform. Plait does not guarantee that the Services will maintain integrations with any Third-Party Platform and Plait may disable integrations of the Services with any Third-Party Platform at any time with or without notice to Customer. For clarity, this Agreement governs Customer's use of and access to the Services, even if accessed through an integration with a Third-Party Platform.

5.2 Third Party Messaging Apps. Customer represents and warrants that Customer has agreed to the terms of service associated with any Third Party Messaging App(s) and has created, or has authorized Plait to create on Customer's behalf, a Third Party Messaging App account in accordance with such terms and conditions, which govern Customer's use of such Third Party Messaging App account. Plait will have no liability for and the Third Party Messaging App provider is solely responsible for the Third Party Messaging App’s network, functionality, clients, and APIs.

5.3. Third Party Beta Releases. To the extent a Customer uses features in the Service that integrate with a Third-Party Platform and a Customer requests that Plait integrate with such Third-Party Platform’s beta or pre-release features (“Third Party Beta Releases”), Plait will have no liability arising out of or in connection with Plait’s participation in such Third Party Beta Releases or Customer’s use of such integrated features.

6. Ownership

6.1. Plait Technology. This is a subscription agreement for access to and use of the Services. Customer acknowledges that it is obtaining only a limited right to the Services and that irrespective of any use of the words "purchase", "sale" or like terms in this Agreement, no ownership rights are being conveyed to Customer under this Agreement. Customer agrees that Plait or its suppliers retain all right, title and interest (including all Intellectual Property Rights) in and to the Services and all Documentation, integrations with the Services, and any and all related and underlying technology and documentation and any derivative works, modifications or improvements of any of the foregoing, including as may incorporate Feedback (collectively, "Plait Technology"). Except as expressly set forth in this Agreement, no rights in any Plait Technology are granted to Customer. Further, Customer acknowledges that the Services are offered as an on-line, hosted solution, and that Customer has no right to obtain a copy of any of the Services, except for Plait Code and the Plait Apps in the format provided by Plait.

6.2. Feedback. Customer, from time to time, may submit Feedback to Plait. Plait may freely use or exploit Feedback in connection with the Service. To the extent Customer submits Feedback related to Third Party Messaging Apps, Customer hereby grants to Plait, if for any reason it is further needed, a perpetual, non-revocable, royalty-free worldwide license to use and/or incorporate such feedback into any Plait product or service at any time at the sole discretion of Plait.

7. Subscription Term, Fees & Payment

7.1. Subscription Term and Renewals. Unless otherwise specified on the applicable Order Form, each Subscription Term will automatically renew for additional twelve month periods unless either party gives the other written notice of termination at least thirty (30) days prior to expiration of the then-current Subscription Term.

7.2. Fees and Payment. All fees are as set forth in the applicable Order Form and will be paid by Customer within thirty (30) days of invoice, unless (a) Customer is paying via Credit Card (as defined below) or (b) otherwise specified in the applicable Order Form. Except as expressly set forth in Section 9 (Limited Warranty) and Section 13 (Indemnification), all fees are non-refundable. The rates in the Order Form are valid for the initial twelve (12) month period of each Subscription Term and thereafter may be subject to an automatic adjustment increase of up to ten percent (10%) per year. Customer is responsible for paying all Taxes, and all Taxes are excluded from any fees set forth in the applicable Order Form. If Customer is required by Law to withhold any Taxes from Customer's payment, the fees payable by Customer will be increased as necessary so that after making any required withholdings, Plait receives and retains (free from any liability for payment of Taxes) an amount equal to the amount it would have received had no such withholdings been made. Any late payments will be subject to a service charge equal to 1.5% per month of the amount due or the maximum amount allowed by law, whichever is less.

7.3. Payment via Credit Card. If you are purchasing the Services via credit card, debit card or other payment card ("Credit Card"), the following terms apply:

  1. Recurring Billing Authorisation. By providing Credit Card information and agreeing to purchase any Services, Customer hereby authorizes Plait (or its designee) to automatically charge Customer's Credit Card on the same date of each calendar month (or the closest prior date, if there are fewer days in a particular month) during the Subscription Term for all fees accrued as of that date (if any) in accordance with the applicable Order Form. Customer acknowledges and agrees that the amount billed and charged each month may vary depending on Customer's use of the Services and may include subscription fees for the remainder of Customer's applicable billing period and overage fees for the prior month.
  2. Foreign Transaction Fees. Customer acknowledges that for certain Credit Cards, the issuer of Customer's Credit Card may charge a foreign transaction fee or other charges.
  3. Invalid Payment. If a payment is not successfully settled due to expiration of a Credit Card, insufficient funds, or otherwise, Customer remains responsible for any amounts not remitted to Plait and Plait may, in its sole discretion, either (i) invoice Customer directly for the deficient amount, (ii) continue billing the Credit Card once it has been updated by Customer (if applicable) or (iii) terminate this Agreement.
  4. Changing Credit Card Information. At any time, Customer may change its Credit Card information by providing updated Credit Card information via the Workspace or by messaging Plait’s customer support.
  5. Termination of Recurring Billing. In addition to any termination rights set forth in this Agreement, Customer may terminate the Subscription Term by sending Plait notice of non-renewal to in accordance with Section 7.1 (Subscription Term and Renewals) or, if Customer's Subscription Term is on a monthly basis (or if otherwise permitted by Plait), by terminating via the Workspace or by messaging Plait’s customer support, with termination effective at the end of the current Subscription Term. As set forth in Section 2.9 (Trial Subscriptions), if Customer does not enter into a paid Subscription Term following a Trial Period, this Agreement and Customer's right to access and use the Services will terminate at the end of the Trial Period and Customer's Credit Card will not be charged.
  6. Payment of Outstanding Fees. Upon any termination or expiration of the Subscription Term, Plait will charge Customer's Credit Card (or invoice Customer directly) for any outstanding fees for Customer's use of the Services during the Subscription Term, after which Plait will not charge Customer's Credit Card for any additional fees.

7.4. Suspension of Service. If Customer's account is thirty (30) days or more overdue, in addition to any of its other rights or remedies (including but not limited to any termination rights set forth herein), Plait reserves the right to suspend Customer's access to the applicable Service (and any related services) without liability to Customer until such amounts are paid in full. Plait also reserves the right to suspend Customer's access to the Services without liability to Customer if Customer's use of the Services is in violation of the AUP.

8. Term and Termination

8.1. Term. This Agreement is effective as of the Effective Date and expires on the date of expiration or termination of all Subscription Terms.

8.2. Termination for Cause. Either party may terminate this Agreement (including all related Order Forms) if the other party (a) fails to cure any material breach of this Agreement (including a failure to pay fees) within thirty (30) days after written notice; (b) ceases operation without a successor; or (c) seeks protection under any bankruptcy, receivership, trust deed, creditors' arrangement, composition, or comparable proceeding, or if any such proceeding is instituted against that party (and not dismissed within sixty (60) days thereafter).

8.3. Effect of Termination. Upon any expiration or termination of this Agreement, Customer will immediately cease any and all use of and access to all Services (including any and all related Plait Technology) and delete (or, at Plait's request, return) any and all copies of the Documentation, any Plait passwords or access codes and any other Plait Confidential Information in its possession. Provided this Agreement was not terminated for Customer's breach, Customer may retain and use internally copies of all reports exported from any Service prior to termination. Customer acknowledges that following termination it will have no further access to any Customer Data input into any Service, and that Plait may delete any such data as may have been stored by Plait at any time. Except where an exclusive remedy is specified, the exercise of either party of any remedy under this Agreement, including termination, will be without prejudice to any other remedies it may have under this Agreement, by law or otherwise.

8.4. Survival. The following Sections will survive any expiration or termination of this Agreement: 2.7 (General Restrictions), 2.9 (Trial Subscriptions), 3.2 (Storage of Customer Data), 3.4 (Indemnification by Customer), 3.5 (Aggregated Anonymous Data), 6 (Ownership), 7.2 (Fees and Payment), 7.3 (Payment via Credit Card), 8 (Term and Termination), 9.2 (Warranty Disclaimer), 12 (Limitation of Remedies and Damages), 13 (Indemnification), 14 (Confidential Information) and 16 (General Terms).

9. Limited Warranty

9.1. Limited Warranty . Plait warrants, for Customer's benefit only, that each Service will operate in substantial conformity with the applicable Documentation. Plait's sole liability (and Customer's sole and exclusive remedy) for any breach of this warranty will be, at no charge to Customer, for Plait to use commercially reasonable efforts to correct the reported non-conformity, or if Plait determines such remedy to be impracticable, either party may terminate the applicable Subscription Term and Customer will receive as its sole remedy a refund of any fees Customer has pre-paid for use of such Service for the terminated portion of the applicable Subscription Term. The limited warranty set forth in this Section 9.1 will not apply: (i) unless Customer makes a claim within thirty (30) days of the date on which Customer first noticed the non-conformity, (ii) if the error was caused by misuse, unauthorized modifications or third-party hardware, software or services, or (iii) to use provided on a no-charge, trial or evaluation basis.

9.2. Warranty Disclaimer . Except for the limited warranty in section 9.1, all Services are provided "as is". Neither Plait nor its suppliers makes any other warranties, express or implied, statutory or otherwise, including but not limited to warranties of merchantability, title, fitness for a particular purpose or non-infringement. Plait does not warrant that Customer’s use of the Services will be uninterrupted or error-free, nor does Plait warrant that it will review the Customer Data for accuracy or that it will preserve or maintain the Customer Data without loss or corruption. Plait shall not be liable for the results of any communications sent or any communications that were failed to be sent using the Services. Plait shall not be liable for delays, interruptions, service failures or other problems inherent in use of the Internet and electronic communications, Third-Party Platforms, Third Party Messaging Apps, or other systems outside the reasonable control of Plait. Customer may have other statutory rights, but the duration of statutorily required warranties, if any, shall be limited to the shortest period permitted by law.

10. Availability and Service Credits

The Services are available subject to Plait’s Service Level Agreement ("SLA").

11. Support

During the Subscription Term of each Service, Plait will provide end user support in accordance with Plait's Support Policy ("Support Policy").

12. Limitation of Remedies and Damages

12.1. Consequential Damages Waiver. Except for Excluded Claims (defined below), neither party (nor its suppliers) shall have any liability arising out of or related to this Agreement for any loss of use, lost data, lost profits, failure of security mechanisms, interruption of business, or any indirect, special, incidental, reliance, or consequential damages of any kind, even if informed of the possibility of such damages in advance.

12.2. Liability Cap. Except for Excluded Claims (defined below), each party’s entire liability to the other arising out of or related to this Agreement shall not exceed the amount actually paid or payable by Customer to Plait during the prior twelve (12) months under this Agreement.

12.3. Excluded Claims. "Excluded Claims" means any claim arising (a) from Customer's breach of Section 2.7 (General Restrictions); (b) under Section 3.3 (Customer Obligations) or 3.4 (Indemnification by Customer); or (c) from a party's breach of its obligations in Section 14 (Confidential Information) (but excluding claims arising from operation or non-operation of any Service or relating to Customer Data).

12.4. Nature of Claims and Failure of Essential Purpose. The parties agree that the waivers and limitations specified in this Section 12 apply regardless of the form of action, whether in contact, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy specified in this Agreement is found to have failed of its essential purpose.

13. Indemnification

Plait will defend Customer from and against any claim by a third party alleging that a Service when used as authorized under this Agreement infringes any Intellectual Property Rights and will indemnify and hold harmless Customer from and against any damages and costs finally awarded against Customer or agreed in settlement by Plait (including reasonable attorneys' fees) resulting from such claim, provided that Plait will have received from Customer: (i) prompt written notice of such claim (but in any event notice in sufficient time for Plait to respond without prejudice); (ii) the exclusive right to control and direct the investigation, defense and settlement (if applicable) of such claim; and (iii) all reasonable necessary cooperation of Customer. If Customer's use of a Service is (or in Plait's opinion is likely to be) enjoined, if required by settlement or if Plait determines such actions are reasonably necessary to avoid material liability, Plait may, in its sole discretion: (a) substitute substantially functionally similar products or services; (b) procure for Customer the right to continue using such Service; or if (a) and (b) are not commercially reasonable, (c) terminate this Agreement and refund to Customer the fees paid by Customer for the portion of the Subscription Term that was paid by Customer but not rendered by Plait. The foregoing indemnification obligation of Plait will not apply: (1) if such Service is modified by any party other than Plait, but solely to the extent the alleged infringement is caused by such modification; (2) if such Service is combined with products or processes not provided by Plait, but solely to the extent the alleged infringement is caused by such combination; (3) to any unauthorized use of such Service; (4) to any action arising as a result of Customer Data or any third-party deliverables or components contained within such Service; (5) to the extent the alleged infringement is not caused by the particular technology or implementation of the Service but instead by features common to any similar product or service; (6) to any action arising from Customer’s use of Third Party Messaging Apps; or (7) if Customer settles or makes any admissions with respect to a claim without Plait's prior written consent. This section 13 sets forth Plait's and its suppliers' sole liability and Customer's sole and exclusive remedy with respect to any claim of intellectual property infringement.

14. Confidential Information

Each party (as "Receiving Party") agrees that all code, inventions, know-how, business, technical and financial information it obtains from the disclosing party ("Disclosing Party") constitute the confidential property of the Disclosing Party ("Confidential Information"), provided that it is identified as confidential at the time of disclosure or should be reasonably known by the Receiving Party to be confidential or proprietary due to the nature of the information disclosed and the circumstances surrounding the disclosure. Any Plait Technology, performance information relating to any Service, and the terms and conditions of this Agreement will be deemed Confidential Information of Plait without any marking or further designation. Except as expressly authorized herein, the Receiving Party will (1) hold in confidence and not disclose any Confidential Information to third parties and (2) not use Confidential Information for any purpose other than fulfilling its obligations and exercising its rights under this Agreement. The Receiving Party may disclose Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know (including, for Plait, the subcontractors referenced in Section 16.8 (Subcontractors)), provided that such representatives are bound to confidentiality obligations no less protective of the Disclosing Party than this Section 14 and that the Receiving Party remains responsible for compliance by any such representative with the terms of this Section 14. The Receiving Party's confidentiality obligations will not apply to information that the Receiving Party can document: (i) was rightfully in its possession or known to it prior to receipt of the Confidential Information; (ii) is or has become public knowledge through no fault of the Receiving Party; (iii) is rightfully obtained by the Receiving Party from a third party without breach of any confidentiality obligation; or (iv) is independently developed by employees of the Receiving Party who had no access to such information. The Receiving Party may make disclosures to the extent required by law or court order, provided the Receiving Party notifies the Disclosing Party in advance and cooperates in any effort to obtain confidential treatment. The Receiving Party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the Receiving Party the Disclosing Party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law.

15. Publicity

Plait may, upon Customer’s prior written consent, use Customer’s name to identify Customer as a Plait customer of the Service, including on Plait’s public website. Plait agrees that any such use shall be subject to Plait complying with any written guidelines that Customer may deliver to Plait regarding the use of its name and shall not be deemed Customer’s endorsement of the Service.

16. General Terms

16.1. Assignment. This Agreement will bind and inure to the benefit of each party's permitted successors and assigns. Neither party may assign this Agreement without the advance written consent of the other party, except that either party may assign this Agreement in connection with a merger, reorganization, acquisition or other transfer of all or substantially all of such party's assets or voting securities. Any attempt to transfer or assign this Agreement except as expressly authorized under this Section 16.1 will be null and void.

16.2. Severability. If any provision of this Agreement will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited to the minimum extent necessary so that this Agreement will otherwise remain in effect.

16.3. Governing Law; Dispute Resolution.

a) Direct Dispute Resolution. In the event of any dispute, claim, question, or disagreement arising from or relating to this Agreement, whether arising in contract, tort or otherwise, ("Dispute"), the parties shall first use their best efforts to resolve the Dispute. If a Dispute arises, the complaining party shall provide written notice to the other party in a document specifically entitled "Initial Notice of Dispute," specifically setting forth the precise nature of the dispute ("Initial Notice of Dispute"). If an Initial Notice of Dispute is being sent to Plait it must be emailed to legal@plaithealth.com and sent via mail to:

Plait, PO Box 911411, Victoria St West, Auckland 1142 NZ

Following receipt of the Initial Notice of Dispute, the parties shall consult and negotiate with each other in good faith and, recognising their mutual interest, attempt to reach a just and equitable solution of the Dispute that is satisfactory to both parties ("Direct Dispute Resolution"). If the parties are unable to reach a resolution of the Dispute through Direct Dispute Resolution within thirty (30) days of the receipt of the Initial Notice of Dispute, then the Dispute shall subsequently be resolved as set forth below.

b) Mediation. If the parties are unable to resolve the dispute by Direct Dispute Resolution then either party may by written notice to the other party refer the dispute to an independent mediator to resolve the dispute. If the parties are unable to agree on the mediator within five (5) days from the referral to mediation either party may request the President of the Auckland branch of the New Zealand Law Society or his or her nominee to appoint one. The mediation will be conducted in Auckland.

c) Arbitration. If the parties are unable to resolve the dispute by mediation then either party may refer the dispute to arbitration in accordance with the Arbitration Act 1996. If the parties cannot agree on the appointment of an arbitrator within five (5) days of referral, either party may request the President of the Auckland branch of the New Zealand Law Society or his or her nominee to appoint one.  

d) Appeal. A party to arbitration under this Agreement may appeal to the High Court on any question of law arising out of an award, and any matter relating to the construction of this Agreement will be considered a question of law.

f) Governing law. This Agreement will be governed by, and construed in accordance with the laws of New Zealand. The parties irrevocably submit to the exclusive jurisdiction of the Courts of New Zealand with respect to any legal action, suit or proceeding or any other matter arising out of or in connection with this Agreement.

g) Urgent relief. Notwithstanding the above provisions, either party may apply to the Court for urgent equitable relief at any time.

16.4. Notice. Any notice or communication required or permitted under this Agreement will be in writing to the parties at the addresses set forth on the Order Form or at such other address as may be given in writing by either party to the other in accordance with this Section and will be deemed to have been received by the addressee (i) if given by hand, immediately upon receipt; (ii) if given by overnight courier service, the first business day following dispatch or (iii) if given by registered or certified mail, postage prepaid and return receipt requested, the second business day after such notice is deposited in the mail.

16.5. Amendments; Waivers. Except as otherwise provided herein, no supplement, modification, or amendment of this Agreement will be binding, unless executed in writing by a duly authorized representative of each party to this Agreement. No waiver will be implied from conduct or failure to enforce or exercise rights under this Agreement, nor will any waiver be effective unless in a writing signed by a duly authorized representative on behalf of the party claimed to have waived. No provision of any purchase order or other business form employed by Customer will supersede the terms and conditions of this Agreement, and any such document relating to this Agreement will be for administrative purposes only and will have no legal effect.

16.6. Entire Agreement. This Agreement is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements and communications relating to the subject matter of this Agreement. Customer acknowledges that the Services are online, subscription-based products, and that in order to provide improved customer experience Plait may make changes to the Services, and Plait will update the applicable Documentation accordingly. The support and service level availability terms described in the Support Policy and the SLA may be updated from time to time upon reasonable notice to Customer to reflect process improvements or changing practices (but the modifications will not materially decrease Plait's obligations as compared to those reflected in such terms as of the Effective Date).

16.7. Force Majeure. Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) if the delay or failure is due to unforeseen events that occur after the signing of this Agreement and that are beyond the reasonable control of such party, such as a strike, blockade, war, act of terrorism, riot, natural disaster, failure or diminishment of power or telecommunications or data networks or services, or refusal of a license by a government agency.

16.8. Subcontractors. Plait may use the services of subcontractors and permit them to exercise the rights granted to Plait in order to provide the Services under this Agreement, provided that Plait remains responsible for (i) compliance of any such subcontractor with the terms of this Agreement and (ii) for the overall performance of the Services as required under this Agreement, and (iii) compliance with the terms of the BAA.

16.9. Disclosure. Nothing in this Agreement prevents Plait from disclosing Customer Data to the extent required by law or court orders, but Plait will use commercially reasonable efforts to notify Customer where permitted to do so.

16.10. Independent Contractors. The parties to this Agreement are independent contractors. There is no relationship of partnership, joint venture, employment, franchise or agency created hereby between the parties. Neither party will have the power to bind the other or incur obligations on the other party's behalf without the other party's prior written consent.

16.11. Export Control and Economic Sanctions. In its use of the Services, Customer agrees to comply with all export control and economic sanctions and any relevant import laws and regulations of the United States and other applicable jurisdictions. Without limiting the foregoing, (i) Customer represents and warrants that it is not listed on any U.S. government list of prohibited or restricted parties or located in (or a national of) a country that is subject to a U.S. government export control embargo or economic sanctions, (ii) Customer will not (and will not permit any of its users to) access or use the Services in violation of any U.S. export control or economic sanction, prohibition or restriction, and (iii) Customer will not submit to the Services any information that is controlled under the U.S. International Traffic in Arms Regulations or that is controlled under any Export Control Classification Number (other than EAR99) on the Commerce Control List of the Export Administration Regulations.

16.12. Government End-Users. Elements of the Services are commercial computer software. If the user or licensee of the Services is an agency, department, or other entity of the United States Government, the use, duplication, reproduction, release, modification, disclosure, or transfer of the Services, or any related documentation of any kind, including technical data and manuals, is restricted by a license agreement or by the terms of this Agreement in accordance with Federal Acquisition Regulation 12.212 for civilian purposes and Defense Federal Acquisition Regulation Supplement 227.7202 for military purposes. All Services were developed fully at private expense. All other use is prohibited

16.13. Counterparts. This Agreement may be executed in counterparts, each of which will be deemed an original and all of which together will be considered one and the same agreement.

Service Level Agreement

EFFECTIVE DAY 1 JUNE 2023

This Plait Service Level Agreement ("SLA") accompanies the Plait Subscription Terms of Service (the "Agreement") entered into between you ("Customer") and Plait. Capitalized terms used in this SLA that are not defined herein have the meanings given to them in the Agreement.

  1. Target Availability. Plait will use commercially reasonable efforts to make each Service available with an uptime of 99.8% of each calendar month ("Target Availability").
  2. Exclusions. The calculation of uptime will not include unavailability to the extent due to: (a) use of the Service by Customer in a manner not authorized in this Agreement or the applicable Documentation; (b) general Internet problems, force majeure events or other factors outside of Plait's reasonable control; (c) Customer's equipment, software, network connections or other infrastructure; (d) third party systems, acts or omissions; or (e) Scheduled Maintenance or reasonable emergency maintenance.
  3. Scheduled Maintenance. "Scheduled Maintenance" means Plait's scheduled routine maintenance of the Services for which Plait notifies Customer at least twenty-four (24) hours in advance. Scheduled Maintenance will not exceed eight (8) hours per month. Plait typically performs Scheduled Maintenance once per month.
  4. Remedy for Failure to Meet Target Availability. If there is a verified failure of a Service to meet Target Availability in two (2) consecutive months, then Customer may terminate the applicable Subscription Term by sending written notice of termination within thirty (30) days after the end of the second such month, in which case Plait will refund to Customer any fees Customer has pre-paid for use of such Service for the terminated portion of the applicable Subscription Term. This termination and refund right is Customer's sole and exclusive remedy, and Plait's sole and exclusive liability, for Plait's failure to meet the Target Availability.

Policies

Privacy Policy

EFFECTIVE DAY 1 JUNE 2023

1. Purpose And Scope

1.1 At Plait, we respect your privacy and data protection rights and recognise the importance of protecting the personal data we collect and process. This Privacy Policy is designed to help you to understand what personal data we collect about you and how we use and share it.

1.2 When we refer to Plait, we mean Well Revolution Limited, a New Zealand company (7396836) with offices at 42 Airedale Street, Auckland Central, Auckland, New Zealand; and Plait's group companies ("Plait", "we", "us", "our").

1.3 This Privacy Policy applies to you if you:

  • interact with any of Plait’s websites (including www.plaithealth.com) or our social media pages (collectively, the "Sites") ("website users");
  • attend a Plait event or an event that Plait sponsors ("event attendees");
  • use Plait's communication and messaging products, customer workspaces, mobile applications, and our other applications and services (collectively, the "Plait Services") ("customers");
  • interact with any of Plait's end user messenger domains ("end-users");
  • are a marketing prospect, who is anyone whose data Plait processes for the purposes of assessing customer eligibility ("marketing prospect"); or
  • receive marketing communications from Plait.

1.4 For certain information provided to us through some of our Services, we have entered into agreements with our Customers (health care providers or their firms, “Providers”) that govern our use of such information (the “Agreements”). This Privacy Policy supplements the Agreements. To be clear, if you are a patient of a Provider, a visitor to one of our Sites, or otherwise accessing or interacting with any of the Services but are not doing so as a customer of ours under an Agreement, you are a user but not a customer of the Services (i.e. not a Provider), and some of the terms of this Privacy Policy won’t apply to you. Additionally, if you are a patient of a Provider, this Privacy Policy does not govern our use of Protected Health Information (as defined in 2.3) provided to us through the Services. Our use of such information is governed by the Agreements with your Provider and applicable law, including without limitation HIPAA (as defined in 2.3). Your Provider’s collection, use, disclosure, and transfer of such information is governed, in turn, by your Provider’s terms and conditions and privacy practices between you and your Provider. Please submit all requests and questions related to your Protected Health Information directly to your Provider.

2. Personal Data Collected By Plait

2.1 Personal Data We Collect And Receive

The personal data that we collect about you broadly falls into the categories set out in the following table. Some of this information you provide voluntarily when you interact with the Plait Services and Sites, or when you attend an event. Other types of information may be collected automatically from your device, such as device data and service data. From time to time, we may also receive personal data about you from third-party sources.

We may collect the following personal data about:
  • our website users;
  • recipients of marketing communications; and
  • marketing prospects.
Registration, contact, and company information:
  • first and last names;
  • email addresses;
  • phone numbers;
  • avatars;
  • company name;
  • your role in your company.
Payment information:
  • credit card information;
  • billing and mailing addresses;
  • other payment-related information.
Device data:
  • operating system type and version number, manufacturer and model;
  • browser type;
  • screen resolution;
  • IP address;
  • unique device identifiers.
Service data:
  • the website you visited before browsing to the Plait Services;
  • how long you spent on a page or screen;
  • how you interact with our emails;
  • navigation paths between pages or screens;
  • date and time;
  • pages viewed;
  • links clicked.
Third party source data:
  • profile information gathered from social networking sites;
  • information that you have viewed or interacted with our content;
  • company information;
  • job titles;
  • avatars;
  • email addresses;
  • phone numbers;
  • addresses;
  • geolocation data.
The sources of this third-party personal data may include:
  • Contact enrichment and lead generation providers; and
  • Targeted online advertising providers.
We may collect the following personal data about event attendees:
Registration, contact and personal information:
  • first and last names;
  • email addresses;
  • phone numbers;
  • mailing addresses;
  • company name;
  • your role in your company.
Visitation Data
  • time and date of arrival;
  • photograph ID;
  • signature.
Third-party source data:
  • first and last names;
  • email addresses;
  • phone numbers;
  • mailing addresses;
  • company name;
  • your role in your company.
The sources of this third-party personal data may include:
  • The event organizer.
We may collect the following personal data about our customers and end-users (to the extent applicable):
Registration and contact information:
  • first and last names;
  • email addresses;
  • phone numbers;
  • mailing addresses;
  • company name;
  • your role in your company.
Payment information:
  • credit card information;
  • billing and mailing addresses;
  • other payment-related information.
Device data:
  • operating system type and version number, manufacturer and model;
  • browser type and language;
  • screen resolution;
  • IP address;
  • unique device identifiers.
Service data:
  • the website you visited before browsing to the services;
  • how long you spent on a page or screen;
  • navigation paths between pages or screens;
  • session date and time; 
  • activity status (including first seen, last seen, last heard from, and last contacted);
  • pages viewed;
  • links clicked;
  • language preferences
  • tags applied within customer accounts
  • Plait assigned user identifier.
Third party source data
  • profile information gathered from social networking sites;
  • information that you have viewed or interacted with our content;
  • company information;
  • job titles;
  • avatars;
  • email addresses;
  • phone number;
  • approximate geolocation data.
2.2 Cookies And Other Tracking Technologies

Some device data, service data and third party source data is collected through the use of first or third party cookies and similar technologies. The Plait Care Messenger service does not collect, retain, or share data regarding a particular user's activity across multiple websites or applications that are not owned by Plait. Plait does assign each user a unique user ID within the scope of an individual website, but does not collect or retain IP or any information that would allow Plait to identify the same particular user on more than one website. 

Do Not Track. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. To find out more about "Do Not Track," please visit http://www.allaboutdnt.com.

2.3 Protected Health Information 

Protected Health Information is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). This notice does not apply to Protected Health Information and related information that is transmitted between patients and healthcare providers through our Services. The communication between patients and healthcare providers is subject to the healthcare provider’s Notice of Privacy Practices.

3. How And Why We Use Your Personal Data

3.1 We collect and process your personal data for the following purposes:

  • Providing and facilitating delivery of the Plait Services and Sites: We process your personal data to perform our contract with you for use of our Services and Sites and to fulfill our obligations under applicable terms of service. Where we have not entered into a contract with you, we process your personal data in reliance on our legitimate interests to operate and administer the Plait Services and Sites. For example, to create, administer and manage your account.
  • Communicating with you about the Plait Services and providing customer support: We may send you service, technical and other administrative messages in reliance on our legitimate interests in administering the Plait Services. For example, we may send you messages about the availability or security of the Plait Services. We also process your personal data to respond to your comments and questions and to provide customer care and support.
  • Improving the Plait Services and Sites: We process your personal data to improve and optimize the Plait Services and Sites and to understand how you use the Plait Services and Sites, including to monitor usage or traffic patterns and to analyze trends and develop new products, services, features and functionality in reliance on our legitimate interests.
  • Sending marketing communications: We process your personal data to send you marketing communications via email, post or SMS about our products, services and upcoming events that might interest you in reliance on our legitimate interests or where we seek your consent. Please see the "Your Privacy Rights and Choices" section below to learn how you can control your marketing preferences.
  • Managing event registrations and attendance: We process your personal data to plan and host events for which you have registered or that you attend, including sending related communications to you.
  • Maintaining security of the Plait Services and Sites: We process your personal data to control unauthorized use or abuse of the Plait Services and Sites, or otherwise detect, investigate or prevent activities that may violate Plait policies or applicable laws, in reliance on our legitimate interests to maintain and promote the safety and security of the Plait Sites and Services.
  • Displaying personalized advertisements: We process your personal data to advertise to you and to provide personalized information, including by serving and managing advertisements on our Sites and on third party sites, in reliance on our legitimate interests to support our marketing activities and advertise our products and services or, where necessary, to the extent you have provided your consent.
  • Carrying out other legitimate business purposes: including invoicing, audits, fraud monitoring and prevention.
  • Complying with legal obligations: We process your personal data when cooperating or complying with public and government authorities, courts or regulators in accordance with our obligations under applicable laws and to protect against imminent harm to our rights, property or safety, or that of our users or the public, as required or permitted by law.

3.2 In certain circumstances, we may collect your personal data on a different legal basis. If we do, or if we use your personal data for purposes that are not compatible with, or are materially different than, the purposes described in this notice or the point of collection, we will explain how and why we use your personal data in a supplementary notice at or before the point of collection. Where we refer to legal bases in this section, we mean the legal grounds on which organizations can rely when processing personal data.

3.3 If you have any questions about how we process your personal data, please contact us privacy@plaithealth.com

4. Sharing Your Personal Data

4.1 We may disclose some or all of the personal data we collect to the following third parties:

To Plait Group Companies:
  • Well Revolution Limited
  • Well Revolution Systems Limited
  • Any such other group companies as may be added to this list from time to time.
Service Providers:
  • Consultants and vendors engaged by us to support our provision of the Plait Services and Sites and the operation of our business;
  • Any such other Service Providers as may be added to a Subprocessor list, from time to time.
Advertising Partners:

Third party advertising companies may use cookies and similar technologies to collect information about your activity on the Plait Services and other online services over time to serve you online targeted advertisements.

Professional Advisors:

Professional advisors, such as lawyers, auditors and insurers, in the course of the professional services that they render to us.

Compliance with Law Enforcement:
  • Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  • Protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • Enforce the terms and conditions that govern the Services; and
  • Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Business Transfers:
  • Parties to transactions or potential transactions (and their professional advisors) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of Plait Group Companies (including, as part of a bankruptcy or similar proceeding).

4.2 Aggregated or anonymised information. We may also share aggregated or anonymised information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the websites you generally use, the configuration of your computer, and performance metrics related to the use of websites which we collect through our technology, products and services. If we are required under applicable law to treat such information as personal data, then we will only disclose it as described above. Otherwise, we may disclose such information for any reason.

4.3 Third party websites. The Sites may also contain links to third party websites. This Privacy Policy applies solely to information processed by us. You should contact the relevant third party websites for more information about how your personal data is processed by them.

5. Retention Of Your Personal Data

5.1 We retain your personal data only for as long as necessary to fulfill the purposes set out in this Privacy Policy.

5.2 Note that content you post may remain on the Sites even if you cease using the Sites or we terminate access to the Sites.

6. Transfers Of Your Personal Data

6.1 The Plait Services and Sites, and our messenger domains are provided and hosted in the United States. If you are located outside the United States, we may transfer, and process, your personal data outside of the country in which you are resident to other Plait Group Companies and our service providers to other such countries as we deem appropriate from time to time. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). We will protect your personal data in accordance with this Privacy Policy wherever it is processed.

6.2 Certain recipients (our service providers and other companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data.

7. How We Store And Safeguard Personal Data

We care about protecting personal data. That is why we put in place appropriate measures that are designed to secure your personal data. You can find out more about our technical and organizational safeguards in our Security Policy

8. Your Privacy Rights And Choices

8.1 Depending on your location and subject to applicable laws, you may have certain data protection rights.

  • If you wish to access, correct or update your personal data, you can do so at any time.
  • You have the right to opt out of marketing communications we send you at any time. If you no longer wish to receive our newsletter and promotional communications, you may opt out of receiving them by clicking on the "unsubscribe" or "opt-out" link in the communications we send you. Please note, however, that it may not be possible to opt out of certain service-related communications. You can let us know at any time if you do not wish to receive marketing messages by contacting us using the contact details below.
  • Similarly, if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal data. 

8.2 You can exercise any of these rights by submitting a request to privacy@plaithealth.com

8.3 You can also exercise control over the following uses of your information:

  • Opt-Outs. We will provide you with an opportunity to opt-out of having personal data used for certain purposes when we ask for this information. If you decide to opt-out, we may not be able to provide certain features of our offerings. You can revoke your consent at any point by contacting us using the Contact Us link in the footer of this page or by submitting a request to privacy@plaithealth.com

9. Children's Privacy

Our Services and Sites are not intended for use by anyone under the age of 16. Plait does not knowingly collect personal data from anyone under the age of 16. If you are under 16, you may not attempt to register for our Services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal data from someone under the age of 16 without verification of parental consent, we will delete that information promptly.

10. Changes To This Notice And Questions

10.1 We may amend this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. If we make material updates to this Privacy Policy we will update the effective date at the top of the Privacy Policy.

10.2 If you have any questions, comments or concerns about this Privacy Policy or the way your personal data is being used or processed by Plait, please submit any questions, comments or concerns by email to privacy@plaithealth.com

11. Collection And Use Of Personal Data 

11.1 Personal Data That We Collect, Use And Disclose
  • Identifiers (excluding online identifiers), such as first and last names, email addresses, phone numbers, avatars, company name, your role in your company, social media profile information; photo ID that you provide if we ask you to verify your identity; and document signatures.
  • Commercial information, such as records of your transactions with us and services considered.
  • Financial information, such as your credit card information, billing and mailing address and other payment-related information.
  • Online identifiers, such as operating system type and version number, manufacturer and model; browser type; screen resolution; IP address; unique device identifiers; and Plait-assigned user identifiers.
  • Internet or network information, such as the website you visited before browsing to the Plait services; how long you spent on a page or screen; navigation paths between pages or screens; session date and time; activity status (including first seen, last seen, last heard from and last contacted); pages viewed; links clicked; language preferences; tags applied within customer accounts; and other information about your interaction with our sites and services.
  • Geolocation data, the approximate location associated with your IP address.
  • Professional or employment information, such as your job title and organizational affiliation.
  • Sensory information, such as photos you choose to submit in our services.
  • Inferences drawn from any of the above information to create a profile reflecting your preferences, characteristics, and behavior.

The sources from which we collect these categories of Personal Data are described in Section 2 entitled Personal Data Collected by Plait. The business/commercial purposes for which we use these categories of Personal Data are described in Section 3 entitled How and Why We Use Your Personal Data. The categories of third parties with which we share these categories of Personal Data, including for business purposes, are described in Section 4 entitled Sharing Your Personal Data.

The above summary of how we collect, use and share Personal Data describes our practices currently and for the 12 months preceding the effective date of this Notice.

Security Policy

EFFECTIVE DAY 1 JUNE 2023

Overview

At Plait we take the protection of customer data extremely seriously. This Plait Security Policy describes the organizational and technical measures Plait implements platform-wide designed to prevent unauthorized access, use, alteration or disclosure of customer data. The Plait services operate on Microsoft Azure (“Azure”); this policy describes the activities of Plait within its instance on Azure unless otherwise specified.

Security Team

Our engineering team includes people who’ve played lead roles in designing, building, and operating highly secure Internet-facing systems at companies ranging from startups to large public companies and government agencies.

Best Practices

Incident Response Plan

  • We have implemented a formal procedure for security events and have educated all our staff on our policies.
  • When security events are detected, they are escalated to our team who are notified and assembled to rapidly address the event.
  • After a security event is fixed, we write up a post-mortem analysis.
  • The analysis is reviewed in person and/or in private video conferences, distributed across the company and includes action items that will make the detection and prevention of a similar event easier in the future.
  • Plait will promptly notify you in writing upon verification of a security breach of the Plait services that affect your data. Notification will describe the breach and the status of Plait’s investigation.

Build Process Automation

  • We have functioning, frequently used automation in place so that we can safely and reliably roll out changes to both our application and operating platform within minutes.
  • We typically deploy code daily, so we have high confidence that we can get a security fix out quickly when required.

Infrastructure

  • All of our services run in the cloud. Plait does not run our own routers, load balancers, DNS servers, or physical servers.
  • All of our services and data are hosted in Azure facilities and protected by Azure security, as described at https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility. Plait services have been built with disaster recovery in mind.
  • All of our infrastructure is spread across two (2) Azure data centers (Azure availability zones) and will continue to work should any one of those data centers fail unexpectedly. Azure does not disclose the locations of its data centers. As such, Plait builds on the physical security and environmental controls provided by Azure. See https://learn.microsoft.com/en-us/azure/security/fundamentals/physical-security for details of Azure security infrastructure.
  • All of our servers are within our own virtual private cloud (VPC) with network access control lists that prevent unauthorized requests getting to our internal network.
  • Plait uses a backup solution for datastores that contain customer data.

Data

  • Plait services and data are hosted in Azure facilities in the USA (eastus and centralus)
  • Customer data is stored in multi-tenant datastores; we do not have individual datastores for each customer. However strict privacy controls exist in our application code that are designed to ensure data privacy and to prevent one customer from accessing another customer’s data (i.e., logical separation). We have many unit and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our codebase is updated and even one single test failing will prevent new code from being shipped to production.
  • Each Plait system used to process customer data is adequately configured and pathed using commercially-reasonable methods according to industry-recognised system-hardening standards.

Data Transfer

  • All data sent to or from Plait is encrypted in transit using 256-bit encryption.
  • Our API and application endpoints are TLS/SSL only and score an "A" rating on SSL Labs' tests. This means we only use strong cipher suites and have features such as Perfect Forward Secrecy enabled.
  • We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Authentication

  • Plait is served 100% over https. Plait runs a zero-trust corporate network.
  • There are no corporate resources or additional privileges from being on Plait’s network.
  • We have two-factor authentication (2FA) and strong password policies on GitHub, Google, Azure, and Plait to ensure access to cloud services are protected.

Permissions and Admin Controls

  • Plait enables permission levels to be set for any employees with access to Plait.
  • Permissions and access can be set to include app settings, user data, and the ability to send/edit messages.

Application Monitoring

  • On an application level, we produce audit logs for all activity, ship logs to our service providers for analysis, and use Azure Archive Blob Storage for archival purposes.
  • All access to Plait applications is logged and audited.
  • Bastion hosts are used to login to devices.
  • All actions taken on production consoles or in the Plait application are logged.

Security Audits

  • We use technologies to provide an audit trail over our infrastructure and the Plait application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.
  • Information about Azure security covering HITRUST, HIPAA and HITECH, CSF, PCI DSS, ISO and MARS-E can be found at https://learn.microsoft.com/en-us/azure/compliance/offerings/offering-hitrust
  • All payment instrument processing for purchase of Plait services is performed by Stripe. For more information on Stripe’s security practices, please see https://stripe.com/docs/security/stripe.

Customer Responsibilities

  • Managing your own user accounts and roles from within the Plait services.
  • Protecting your own account and user credentials for all of your employees accessing the Plait services.
  • Compliance with the terms of your services agreement with Plait, including with respect to compliance with laws.
  • Promptly notifying Plait if a user credential has been compromised or if you suspect possible suspicious activities that could negatively impact security of the Plait services or your account.
  • You may not perform any security penetration tests or security assessment activities without the express advance written consent of Plait.

Acceptable Use Policy

EFFECTIVE DAY 1 JUNE 2023

This Acceptable Use Policy applies to Plait’s (a) websites (including without limitation www.plaithealth.com, app.plaithealth.com and any successor URLs, mobile or localized versions and related domains and subdomains and mobile applications) and (b) communications and messaging products and services ((a) and (b) collectively, “Services”). To keep the Services running safely and smoothly, we need our users to agree not to misuse them. Specifically, you agree not to:

  1. probe, scan, or test the vulnerability of any system or network used with the Services;
  2. tamper with, reverse engineer or hack the Services, circumvent any security or authentication measures of the Services or attempt to gain unauthorized access to the Services (or any portion thereof) or related systems, networks or data;
  3. modify or disable the Services or use the Services in any manner that interferes with or disrupts the integrity or performance of the Services or related systems, network or data;
  4. access or search the Services by any means other than our publicly supported interfaces, or copy, distribute, or disclose any part of the Service in any medium, including without limitation by any automated or non-automated “scraping”;
  5. overwhelm or attempt to overwhelm our infrastructure by imposing an unreasonably large load on the Services that consume extraordinary resources, such as by: (i) using “robots,” “spiders,” “offline readers” or other automated systems to send more request messages to our servers than a human could reasonably send in the same period of time using a normal browser; or (ii) going far beyond the use parameters for any given Service as described in its corresponding documentation;
  6. solicit any users of our Services for commercial purposes;
  7. use the Services to generate or send unsolicited communications, advertising or spam, or otherwise cause Plait to become impaired in its ability to send communications on its own or on its customers’ behalf (e.g., by causing Plait to become registered on any Email DNS blocked list or otherwise be denied services by any other third party communications service provider);
  8. misrepresent yourself or disguise the origin of any data, content or other information you submit (including by “spoofing”, “phishing”, manipulating headers or other identifiers, impersonating anyone else, or falsely implying any sponsorship or association with Plait or any third party) or access the Services via another user’s account without their permission;
  9. use the Services for any illegal purpose or in violation of any laws (including without limitation data, privacy and export control laws);
  10. use the Services to violate the privacy of others, or to collect or gather other users’ personal information (including account information) from our Services;
  11. use the Services to stalk, harass, bully or post threats of violence against others;
  12. submit (or post, upload, share or otherwise provide) data, content or other information that (i) infringes Plait’s or a third party’s intellectual property, privacy or other rights or that you don’t have the right to submit (including confidential or personal information you are not authorized to disclose); (ii) that is deceptive, fraudulent, illegal, obscene, defamatory, libelous, threatening, harmful to minors, pornographic, indecent, harassing, hateful, religiously, racially or ethnically offensive, that encourages illegal or tortious conduct or that is otherwise inappropriate in Plait’s discretion; (iii) contains viruses, bots, worms, scripting exploits or other similar materials; or (iv) that could otherwise cause damage to Plait or any third party;
  13. promote or advertise products or services other than your own without appropriate authorisation;
  14. use meta tags or any other “hidden text” including Plait’s or our suppliers’ product names or trademarks; or
  15. permit or encourage anyone else to commit any of the actions above.

Without affecting any other remedies available to us, Plait may permanently or temporarily terminate or suspend a user’s account or access to the Services without notice or liability if Plait (in its sole discretion) determines that a user has violated this Acceptable Use Policy.

Support Policy

EFFECTIVE DAY 1 JUNE 2023

This Plait Support Policy ("Support Policy") accompanies the Plait Subscription Terms of Service (the "Agreement") entered into between you ("Customer") and Plait. Capitalized terms used in this Support Policy that are not defined herein have the meanings given to them in the Agreement.

Plait offers support services for the Service ("Support ") in accordance with the following terms:

A. Support Hours. Support is provided 7 days per week from 7 am - 10 pm.

B. Incident Submission and Customer Cooperation. Customer may report errors or abnormal behavior of the Service ("Incidents") by contacting Plait in the Service via the Plait App or via email at support@plaithealth.com Customer will provide information and cooperation to Plait as reasonably required for Plait to provide Support. This includes, without limitation, providing the following information to Plait regarding the Incident:

  • Aspects of the Service that are unavailable or not functioning correctly
  • Incident's impact on users
  • Start time of Incident
  • List of steps to reproduce Incident
  • Relevant log files or data
  • Wording of any error message

C. Incident Response. Plait's Support personnel will assign a priority level ("Priority Level") to each Incident and seek to provide responses in accordance with the table below.

 

Priority Level

Description

Target Response Times

Priority 1

Operation of the Service is critically affected (not responding to requests or serving content) for a large number of users; no workaround available.

2 Hours

Priority 2

Service is responding and functional but performance is degraded, and/or Incident has potentially severe impact on operation of the Service for multiple users.

1 Day

Priority 3

Non-critical issue; no significant impact on performance of the Service but user experience may be affected.

3 Days

 

D. Exclusions. Plait will have no obligation to provide Support to the extent an Incident arises from: (a) use of the Service by Customer in a manner not authorized in the Agreement or the applicable Documentation; (b) general Internet problems, force majeure events or other factors outside of Plait's reasonable control; (c) Customer's equipment, software, network connections or other infrastructure; or (d) third party systems, acts or omissions.

Additional Product Terms

EFFECTIVE DAY 1 JUNE 2023

THESE PLAIT ADDITIONAL PRODUCT TERMS (“ADDITIONAL PRODUCT TERMS”) DESCRIBE THE SPECIFIC TERMS FOR CERTAIN PLAIT SERVICES OR FEATURES THEREOF OFFERED BY PLAIT (“ADDITIONAL PRODUCTS”). BY USING THE ADDITIONAL PRODUCTS, YOU AGREE THAT THE PLAIT TERMS OF SERVICE (“TOS”) OR PLAIT MASTER SERVICE SUBSCRIPTION AGREEMENT (“MSSA”) RESPECTIVELY, THE “AGREEMENT”, AS APPLICABLE, BETWEEN PLAIT AND THE ENTITY THAT ENTERED INTO THE AGREEMENT WITH PLAIT (“CUSTOMER” OR “YOU”) IS HEREBY INCORPORATED AND THE APPLICABLE ADDITIONAL PRODUCT TERMS DESCRIBED BELOW FORM A PART OF THE AGREEMENT.

In the event of a conflict with the Agreement and the Additional Product Terms, the Applicable Product Terms will control to the extent of the conflict. A violation of these Additional Product Terms is a violation of the Agreement. Capitalized terms not defined herein have the meaning given to them in the Agreement.

The services covered by these Additional Product Terms are:

SMS Channel

SMS is a separate, stand-alone service accessible apart from the generally available service you subscribe to. SMS is a service provided for the purpose of sending and receiving SMS messages through the Plait Service. Plait reserves the right to suspend your access to SMS if, in its sole discretion, Plait determines you have exceeded the usage you’ve purchased and/or your usage violates the Plait Acceptable Use Policies and/or negatively impacts the operability, integrity, or security of the Service. You are responsible for ensuring that your use of SMS is in compliance with any applicable telecommunications regulatory requirements and laws controlling the use of Sensitive Personal Information. You further acknowledge and agree that SMS messages sent may be charged regardless of whether they have been filtered by your carrier and that you are responsible for payment of such charges if and when incurred.

HIPAA Business Associate Agreement

EFFECTIVE DAY 1 JUNE 2023

If Customer is a Covered Entity or a Business Associate and includes Protected Health Information in Customer Data, this HIPAA Business Associate Agreement (“BAA”) is incorporated upon execution of an agreement (“Agreement”) that incorporates the Plait Subscription Terms of Service. If there is any conflict between a provision in this BAA and a provision in the Agreement, this BAA will control.

1. Definitions

Except as otherwise defined in this BAA, capitalized terms shall have the definitions set forth in HIPAA, and if not defined by HIPAA, such terms shall have the definitions set forth in the Agreement.

“Breach” means the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI, as defined in 45 CFR §164.402.

“Breach Notification Rule” means the Breach Notification for Unsecured Protected Health Information Final Rule.

“Business Associate” shall have the same meaning as the term “business associate” in 45 CFR § 160.103 of HIPAA.

“Covered Entity” shall have the same meaning as the term “covered entity” in 45 CFR § 160.103 of HIPAA.

“Data Aggregation” means, with respect to PHI created or received by Business Associate in its capacity as the “business associate” under HIPAA of Covered Entity, the combining of such PHI by Business Associate with the PHI received by Business Associate in its capacity as a business associate of one or more other “covered entity” under HIPAA, to permit data analyses that relate to the Health Care Operations of the respective covered entities. The meaning of “data aggregation” in this BAA shall be consistent with the meaning given to that term in the Privacy Rule. 

“Designated Record Set” has the meaning given to such term under the Privacy Rule, including 45 CFR §164.501

“De-Identify” means to alter the PHI such that the resulting information meets the requirements described in 45 CFR §§164.514(a) and (b).

“Electronic PHI” means any PHI maintained in or transmitted by electronic media as defined in 45 CFR §160.103.

“Health Care Operations” has the meaning given to that term in 45 CFR §164.501.

“HHSmeans the U.S. Department of Health and Human Services.

“HIPAA” collectively means the administrative simplification provision of the Health Insurance Portability and Accountability Act enacted by the United States Congress, and its implementing regulations, including the Privacy Rule, the Breach Notification Rule, and the Security Rule, as amended from time to time, including by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act and by the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule.

“Individual” has the same meaning given to that term i in 45 CFR §§164.501 and 160.130 and includes a person who qualifies as a personal representative in accordance with 45 CFR §164.502(g).

“Party” means the Covered Entity or Business Associate and collectively, the “Parties”.

“Privacy Rule” means the Standards for Privacy of Individually Identifiable Health Information.

“Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 CFR § 160.103 of HIPAA, provided that it is limited to such protected health information that is received by Business Associate from, or created, received, maintained, or transmitted by Business Associate on behalf of, Covered Entity.

“Security Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

“Security Rule” means the Security Standards for the Protection of Electronic Protected Health Information.

“Unsecured Protected Health Information” or “Unsecured PHI” means any “protected health information” as defined in 45 CFR §§164.501 and 160.103 that is not rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the HHS Secretary in the guidance issued pursuant to the HITECH Act and codified at 42 USC §17932(h).

2. Use and Disclosure of PHI

a. Except as otherwise provided in this BAA, Business Associate may use or disclose PHI as reasonably necessary to provide the services described in the Agreement to Covered Entity, and to undertake other activities of Business Associate permitted or required of Business Associate by this BAA or as required by law.

b. Except as otherwise limited by this BAA or federal or state law or other applicable law, Covered Entity authorizes Business Associate to use the PHI in its possession for the proper management and administration of Business Associate’s business and to carry out its legal responsibilities. Business Associate may disclose PHI for its proper management and administration, provided that (i) the disclosures are required by law; or (ii) Business Associate obtains, in writing, prior to making any disclosure to a third party (a) reasonable assurances from this third party that the PHI will be held confidential as provided under this BAA and used or further disclosed only as required by law or for the purpose for which it was disclosed to this third party and (b) an agreement from this third party to notify Business Associate immediately of any breaches of the confidentiality of the PHI, to the extent it has knowledge of the breach.  

c. Business Associate will not use or disclose PHI in a manner other than as provided in this BAA, as permitted under the Privacy Rule, or as required by law. Business Associate will use or disclose PHI, to the extent practicable, as a limited data set or limited to the minimum necessary amount of PHI to carry out the intended purpose of the use or disclosure, in accordance with Section 13405(b) of the HITECH Act (codified at 42 USC §17935(b)) and any of the act’s implementing regulations adopted by HHS, for each use or disclosure of PHI.

However, due to substantial financial, material and human investments made by Business Associate within the framework of the Agreement for the development and updating of the Services as defined in the Agreement, Covered Entity authorizes Business Associate to reuse the PHI as long as the latter undertakes to comply with Privacy Rule and other applicable law, for all these PHI, for the uses listed below:

  1. research and development of the Services,
  2. improving performance, models and algorithms developed and trained by Business Associate in the context of the Services or any other solution published by Business Associate.

without Covered Entity being able to claim any intellectual property right relating to these elements.

Covered Entity declares that he/she has assessed and validated the compatibility of the said uses within the meaning of the Privacy Rule with the initial purposes of the data processing carried out within the scope of the Agreement.

d. Upon request, Business Associate will make available to Covered Entity any of Covered Entity’s PHI that Business Associate or any of its agents or subcontractors have in their possession.

e. Business Associate may use PHI to report violations of law to appropriate Federal and State authorities, consistent with 45 CFR §164.502(j)(1).


3. Safeguards Against Misuse of PHI

Business Associate will use appropriate safeguards to prevent the use or disclosure of PHI other than as provided by the Agreement or this BAA and Business Associate agrees to implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the Electronic PHI that it creates, receives, maintains or transmits on behalf of Covered Entity. Business Associate agrees to take reasonable steps, including providing adequate training to its employees to ensure compliance with this BAA and to ensure that the actions or omissions of its employees or agents do not cause Business Associate to breach the terms of this BAA.


4. Reporting Disclosures of PHI and Security Incidents

Business Associate will report to Covered Entity in writing any use or disclosure of PHI not provided for by this BAA of which it becomes aware and Business Associate agrees to report to Covered Entity any Security Incident affecting Electronic PHI of Covered Entity of which it becomes aware. Business Associate agrees to report any such event within five business days of becoming aware of the event.


5. Reporting Breaches of Unsecured PHI

Business Associate will notify Covered Entity in writing promptly upon the discovery of any Breach of Unsecured PHI in accordance with the requirements set forth in 45 CFR §164.410, but in no case later than 30 calendar days after discovery of a Breach.


6. Mitigation of Disclosures of PHI

Business Associate will take reasonable measures to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of any use or disclosure of PHI by Business Associate or its agents or subcontractors in violation of the requirements of this BAA.

7. Agreements with Agents or Subcontractors

Business Associate will ensure that any of its agents or subcontractors that have access to, or to which Business Associate provides PHI, agree in writing to the restrictions and conditions concerning uses and disclosures of PHI contained in this BAA and agree to implement reasonable and appropriate safeguards to protect any Electronic PHI that it creates, receives, maintains or transmits on behalf of Business Associate or, through the Business Associate, Covered Entity. Business Associate shall notify Covered Entity, or upstream Business Associate, of all subcontracts and agreements relating to the Agreement, where the subcontractor or agent receives PHI as described in section 1 of this BAA. Such notification shall occur within 30 (thirty) calendar days of the execution of the subcontract by placement of such notice on the Business Associate’s primary website at https://www.plaithealth.com/terms#SPL. Business Associate shall ensure that all subcontracts and agreements provide the same level of privacy and security as this BAA. 

8. Audit Report

Upon request, Business Associate will provide Covered Entity, or upstream Business Associate, with a copy of its most recent HIPAA attestation report or other mutually agreed upon independent standards-based third-party audit report. Covered entity agrees not to re-disclose Business Associate’s audit report.

9. Access to PHI by Individuals

a. Upon request, Business Associate agrees to furnish Covered Entity with copies of the PHI maintained by Business Associate in a Designated Record Set in the time and manner designated by Covered Entity to enable Covered Entity to respond to an Individual’s request for access to PHI under 45 CFR §164.524.

b. In the event any Individual or personal representative requests access to the Individual’s PHI directly from Business Associate, Business Associate within ten business days, will forward that request to Covered Entity. Any disclosure of, or decision not to disclose, the PHI requested by an Individual or a personal representative and compliance with the requirements applicable to an Individual’s right to obtain access to PHI shall be the sole responsibility of Covered Entity.

10. Amendment of PHI

a. Upon request and instruction from Covered Entity, Business Associate will amend PHI or a record about an Individual in a Designated Record Set that is maintained by, or otherwise within the possession of, Business Associate as directed by Covered Entity in accordance with procedures established by 45 CFR §164.526. Any request by Covered Entity to amend such information will be completed by Business Associate within 15 business days of Covered Entity’s request.

b. In the event that any Individual requests that Business Associate amend such Individual’s PHI or record in a Designated Record Set, Business Associate within ten business days will forward this request to Covered Entity. Any amendment of, or decision not to amend, the PHI or record as requested by an Individual and compliance with the requirements applicable to an Individual’s right to request an amendment of PHI will be the sole responsibility of Covered Entity.

11. Accounting of Disclosures

a. Business Associate will document any disclosures of PHI made by it to account for such disclosures as required by 45 CFR §164.528(a). Business Associate also will make available information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosures in accordance with 45 CFR §164.528. At a minimum, Business Associate will furnish Covered Entity the following with respect to any covered disclosures by Business Associate: (i) the date of disclosure of PHI; (ii) the name of the entity or person who received PHI, and, if known, the address of such entity or person; (iii) a brief description of the PHI disclosed; and (iv) a brief statement of the purpose of the disclosure which includes the basis for such disclosure.

b. Business Associate will furnish to Covered Entity information collected in accordance with this Section 11, within ten business days after written request by Covered Entity, to permit Covered Entity to make an accounting of disclosures as required by 45 CFR §164.528, or in the event that Covered Entity elects to provide an Individual with a list of its business associates, Business Associate will provide an accounting of its disclosures of PHI upon request of the Individual, if and to the extent that such accounting is required under the HITECH Act or under HHS regulations adopted in connection with the HITECH Act.

c. In the event an Individual delivers the initial request for an accounting directly to Business Associate, Business Associate will within ten business days forward such request to Covered Entity.

12. Availability of Books and Records

Business Associate will make available its internal practices, books, agreements, records, and policies and procedures relating to the use and disclosure of PHI, upon request, to the Secretary of HHS for purposes of determining Covered Entity’s and Business Associate’s compliance with HIPAA, and this BAA.

13. Responsibilities of Covered Entity

With regard to the use and/or disclosure of Protected Health Information by Business Associate, Covered Entity agrees to:

a. Notify Business Associate of any limitation(s) in its notice of privacy practices in accordance with 45 CFR §164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.

b. Notify Business Associate of any changes in, or revocation of, permission by an Individual to use or disclose Protected Health Information, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.

c. Notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR §164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.

d. Except for data aggregation or management and administrative activities of Business Associate, Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under HIPAA if done by Covered Entity.


14. Data Ownership

Business Associate’s data stewardship does not confer data ownership rights on Business Associate with respect to any data shared with it under the Agreement, including any and all forms thereof.


15. Term and Termination

a. This BAA will become effective from the Effective Date of the Agreement, and will continue in effect until all obligations of the Parties have been met under the Agreement and under this BAA.

b. Covered Entity may immediately terminate this BAA, the Agreement, and any other related agreements if Covered Entity makes a determination that Business Associate has breached a material term of this BAA and Business Associate has failed to cure that material breach, to Covered Entity’s reasonable satisfaction, within 30 days after written notice from Covered Entity. Covered Entity may report the problem to the Secretary of HHS if termination is not feasible.

c. If Business Associate determines that Covered Entity has breached a material term of this BAA, then Business Associate will provide Covered Entity with written notice of the existence of the breach and shall provide Covered Entity with 30 days to cure the breach. Covered Entity’s failure to cure the breach within the 30-day period will be grounds for immediate termination of the Agreement and this BAA by Business Associate. Business Associate may report the breach to HHS.

d. Upon termination of the Agreement or this BAA for any reason, all PHI maintained by Business Associate will be returned to Covered Entity or destroyed by Business Associate. Business Associate will not retain any copies of such information. This provision will apply to PHI in the possession of Business Associate’s agents and subcontractors but will not include the PHI produced by Business Associate within the framework of article 2.c.. If return or destruction of the PHI is not feasible, in Business Associate’s reasonable judgment, Business Associate will furnish Covered Entity with notification, in writing, of the conditions that make return or destruction infeasible. Upon mutual agreement of the Parties that return or destruction of the PHI is infeasible, Business Associate will extend the protections of this BAA to such information for as long as Business Associate retains such information and will limit further uses and disclosures to those purposes that make the return or destruction of the information not feasible. The Parties understand that this Section 14.d will survive any termination of this BAA.


16. Effect of BAA

a. This BAA is a part of and subject to the terms of the Agreement and as such is governed by New Zealand law. In case of contradiction between the terms of this BAA and any term of the Agreement, the terms of this BAA will prevail if it will not conflict with applicable laws.

b. Nothing express or implied in this BAA is intended to confer, nor shall anything in this BAA confer, upon any person other than the Parties, and the respective successors or assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.

17. Regulatory References

A reference in this BAA to a section in HIPAA means the section as in effect or as amended at the time.


18. Severability

In the event that any provision of this BAA is found to be invalid or unenforceable, the remainder of this BAA shall not be affected thereby, but rather the remainder of this BAA shall be enforced to the greatest extent permitted by law.


19. No Agency Relationship

It is not intended that an agency relationship (as defined under the Federal common law of agency) be established hereby expressly or by implication between the Parties under HIPAA or the Privacy Rule, Security Rule, or Breach Notification Rule. No terms or conditions contained in this BAA shall be construed to make or render a Party an agent of the other Party.

20. Notices

All notices, requests and demands or other communications to be given under this BAA

to a Party will be made via electronic mail to the Party’s address given below:

a. If to Covered Entity, to the e-mail address given in the Agreement

b. If to Business Associate, to: legal@plaithealth.com


21. Amendments and Waiver

This BAA may not be modified, nor will any provision be waived or amended, except in writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.


22. Interpretation

The Parties intend that this BAA be interpreted consistently with their intent to comply with HIPAA and other applicable federal and state law.  Except where this BAA conflicts with the Agreement, all other terms and conditions of the Agreement remain unchanged. Any captions or headings in this BAA are for the convenience of the Parties and shall not affect the interpretation of this BAA.


23. HITECH Act Compliance

The Parties acknowledge that the HITECH Act includes significant changes to the Privacy Rule and the Security Rule. The privacy subtitle of the HITECH Act sets forth provisions that significantly change the requirements for business associates and the agreements between business associates and covered entities under HIPAA and these changes may be further clarified in forthcoming regulations and guidance. Each Party agrees to comply with the applicable provisions of the HITECH Act and any HHS regulations issued with respect to the HITECH Act. The Parties also agree to negotiate in good faith to modify this BAA as reasonably necessary to comply with the HITECH Act and its regulations as they become effective but, in the event that the Parties are unable to reach agreement on such a modification, either Party will have the right to terminate this BAA upon 30- days’ prior written notice to the other Party.

Subprocessors List

EFFECTIVE DAY 1 JUNE 2023
Security, Privacy and Compliance Information for Plait

Plait is a data processor and engages certain onward subprocessors that may process personal data submitted to Plait’s services by the controller. These subprocessors are listed below, with a description of the service and the location where data is hosted. The below is for Plait’s default offering, where hosting occurs in the United States. This list may be updated by Plait from time to time.

  • Microsoft Corporation - Azure hosting, data processing and storage services (USA)
  • Amazon Web Services, Inc. - Message deliverability (USA)
  • Twilio, Inc. - SMS functionality and message deliverability (USA)

Payments Policy

EFFECTIVE DAY 1 JUNE 2023

This Plait Payments Policy ("Payments Policy") accompanies the Plait Subscription Terms of Service (the "Agreement") entered into between you ("Customer") and Plait. Capitalized terms used in this Payments Policy that are not defined herein have the meanings given to them in the Agreement.

Billing

People (your patients) pay for your services using their payment card in the Plait App. They are charged a fee to their payment card whenever there is a Billing Event. Billing Events are based on a set of Billing rules.

Billing Rules

Billing Event

A Billing Event is created when an instruction is given by a Permitted User (your providers) to complete a service for a patient in the Plait App (for example, a consultation or a prescription).

A Billing Event creates a charge to the patient based on the fees you set for your services.

Completing a service request

A patient’s service request is completed by a provider when it is satisfied (for example, closing a consultation or completing a prescription request).

Service Fee

You are responsible for setting the fees you charge for the services you make available to your patients via the Plait App.

Fee Type

Fees are provided in tiers based on the rates you make available in the Plait App from time to time. You can also set a separate rate based on the Billing Hours.

Billing Hours

Plait recognises rates for services provided within normal hours of business for a Customer (“Business Hours”) and services provided outside of normal hours of business (“After Hours”) such as evenings and weekends. You can set your rates for Business Hours and After Hours where available.

Billing Time

The rate billed and charged to a patient is based on a combination of the following event times.

  1. Request Time is recorded as the date and time a patient first sends a message in the Plait App requesting a service from you.
  2. Response Time is recorded as the date and time a provider first sends a message in response to a patient’s request for service in the Plait App.
  3. Close Time is recorded as the date and time a provider completes the service.
Special Events

Special billing events may be made available from time to time based on the needs of providers. For example, closing a consultation with an instruction to bill at a special category rate; or zero-rating the bill in cases where a request could not be satisfied. Any such special billing events will be notified to you as they become available.

Payments and Service Fees

Plait operates a merchant account into which all patient payments are deposited (“Merchant Account”).

Payments to Customers

Payments made by patients in the Plait App are collected on your behalf into the Merchant Account. We transfer all payments to you less a Transaction Fee. 

Payments from patients for your services are deposited to your nominated bank account weekly on Mondays. Weekly payment cycles run from Monday 6 AM – Monday 5:59 AM.

The Transaction Fee due to us under the terms of the Agreement, together with any other amounts due by you to us, will be deducted from the weekly payments due by us to you. We also reserve the right to invoice you for payment of any amounts due if we consider that there may not be sufficient funds available from the Merchant Account to meet the payments due.

We may recover from you any fees or other amounts charged back by a credit card company to us concerning any transactions which have not been deducted from the funds received by us and remitted to you by deducting them from any amount subsequently payable to you or require you to otherwise reimburse us for such fees or other amounts.

Where a credit card company reverses payment due to fraudulent credit card use and we cannot obtain such payment, we shall each be responsible for the losses associated with our respective transaction components.

Transaction Fees

The following Transaction Fee applies on a per-transaction basis calculated as a percentage of the total transaction value. The Transaction Fee is charged by Plait to your account. 

(1) Plait Transaction Fee: 3.5%‍