Togthr Customer Agreement

1.1 "Administrator" — means the individual(s) you designate to manage your Togthr account and Users.

1.2 "Agreement" — means this customer agreement including any Order Form, DPA, BAA, Acceptable Use Policy, and Documentation incorporated by reference.

1.3 "App Integrations" or "Integrations" — means connections to third-party platforms and channels (e.g., Gmail, Microsoft 365 Outlook, Meta/Instagram/Facebook Messenger, WhatsApp, EHRs, CRMs), and Togthr's APIs and webhooks.

1.4 "Attestation" — means any compliance or certification document Togthr may provide, if available, under NDA (e.g., SOC 2 Type II, ISO 27001). Togthr does not warrant the existence of any specific report unless expressly provided.

1.5 "BAA" — means Togthr's Business Associate Agreement for HIPAA, incorporated by reference where PHI is processed.

1.6 "Confidential Information" — means non-public information disclosed by a party that is designated as confidential or should reasonably be understood as confidential.

1.7 "Customer" — means the entity entering into this Agreement.

1.8 "Customer Data" — means data you or your Users submit to the Services, including Personal Data and, if applicable, PHI.

1.9 "DPA" — means the Togthr Data Processing Addendum, incorporated by reference.

1.10 "Documentation" — means user guides, API docs, and other materials Togthr makes available about the Services.

1.11 "Free Trial" — means access to the Services without Fees for a limited time or limited features.

1.12 "HIPAA" — means the U.S. Health Insurance Portability and Accountability Act of 1996 and implementing regulations.

1.13 "Order Form" — means any ordering document (online or offline) specifying your Plan, term, pricing, and quantities (e.g., Seats) executed by you and Togthr.

1.14 "PHI" — means Protected Health Information as defined under HIPAA.

1.15 "PHI-Safe Services" — means Togthr features and configurations that Togthr designates as permitted for PHI when covered by a BAA.

1.16 "Non-PHI Services" — means features or channels that Togthr designates as not permitted for PHI (e.g., social channels like WhatsApp/Instagram/Facebook Messenger, unless explicitly designated otherwise).

1.17 "Plan" — means the subscription tier and related entitlements as stated in your Order Form or account settings.

1.18 "Services" — means Togthr's healthcare SaaS platform and tools, including EHR, CRM, form builder, website builder, communications hub, AI-assisted workflows, and Integrations, as updated by Togthr from time to time.

1.19 "Seats" — means the number of Users authorized for your account.

1.20 "Subprocessor" — means a third party engaged by Togthr to process Customer Data.

1.21 "Third-Party Platform" — means any non-Togthr service or platform.

1.22 "User" — means an individual authorized by you to access the Services.

2.1 Provider: Togthr (“Togthr”, “we”, “us”, “our”), with principal place of business at IITM Research Park, Kanagam Rd, Kanagam, Tharamani, Chennai, Tamil Nadu 600113. Email: care@togthr.health

2.2 Customer: The entity identified in your Order Form or account.

3.1 Provision: Subject to this Agreement and timely payment of Fees (or during a Free Trial), Togthr will provide the Services in accordance with your Plan.

3.2 Changes: Togthr may modify the Services, features, or Documentation, including adding or removing features. Material changes to this Agreement will be notified via the Services, email, or website. Continued use constitutes acceptance. If you do not agree, you must stop using the Services and request termination in accordance with Section 20.

4.1 Term: The Agreement is effective from your Effective Date and continues through the Initial Term and each Renewal Term as stated in your Plan or Order Form.

4.2 Auto‑Renewal: Unless either party gives notice of non‑renewal at least 14 days before the end of the then‑current term, your subscription renews for successive Renewal Terms of equal length.

4.3 Free Trials: Free Trials may be limited and can be ended at any time at Togthr’s discretion.

5.1 License: Togthr grants you a limited, non‑exclusive, non‑transferable, non‑sublicensable, revocable license to access and use the Services during the Term solely for your internal business purposes, subject to your Plan, Documentation, this Agreement, and reasonable use limits.

5.2 Restrictions: You will not, and will not allow others to: (a) reverse engineer, decompile, or attempt to discover source code; (b) resell, lease, or provide the Services to third parties; (c) circumvent usage limits; (d) remove proprietary notices; (e) use the Services to develop competing products; (f) probe, scan, or test vulnerabilities; (g) introduce malware; (h) use the Services for emergency communications, life‑support, or real‑time critical care; (i) use PHI in any Non‑PHI Service or channel; (j) violate the Acceptable Use Policy.

5.3 Acceptable Use: You must comply with Togthr’s Acceptable Use Policy (linked in your account or at Togthr’s legal page).

6.1 BAA Requirement: When you use the Services to create, receive, maintain, or transmit PHI, you and Togthr must execute a BAA. The BAA is incorporated by reference and prevails over conflicting terms for PHI processing.

6.2 PHI‑Safe vs. Non‑PHI Services: Togthr will designate which features and channels are PHI‑Safe. Examples typically NOT HIPAA‑eligible: WhatsApp, Instagram, Facebook Messenger, and similar social channels. Gmail/Microsoft 365 Outlook may be HIPAA‑eligible only when (a) used with enterprise accounts covered by your own BAA with Google or Microsoft; (b) configured per Togthr guidance; and (c) used within Togthr’s PHI‑Safe configurations. You are responsible for disabling PHI in Non‑PHI Services.

6.3 Customer Responsibilities: If you are a Covered Entity or a Business Associate, you represent that you have all necessary consents/authorizations and that you will limit PHI to the minimum necessary. You must (a) configure the Services to avoid PHI in Non‑PHI channels, (b) train Users, and (c) implement policies for appropriate use.

6.4 No Medical Advice; No Emergency Use: The Services are not a medical device, do not provide medical advice, and are not for emergency communications. Direct patients to call emergency services for urgent matters.

6.5 Audit and Logs: Togthr provides audit trails for PHI‑Safe Services as described in the Documentation. You are responsible for reviewing logs and maintaining your own records as required by law.

7.1 Authorization: You authorize Togthr to exchange data with Integrations you enable. Togthr is not responsible for Third‑Party Platforms, their security, or compliance. Your use of a Third‑Party Platform is governed by its own terms and privacy notices.

7.2 HIPAA and Integrations: You will not route PHI through Non‑PHI channels or Third‑Party Platforms that are not covered by a valid HIPAA business associate arrangement applicable to you. You bear all risk for misconfiguration or misuse.

7.3 Availability: Integrations may change or be removed by Togthr or the Third‑Party Platform without notice.

7.4 API Use: Use of Togthr APIs must comply with the Documentation and rate limits. Togthr may monitor API usage and suspend access for abuse or security reasons.

8.1 Administrator: You will designate at least one Administrator with authority to manage your account, Plan, and Users.

8.2 User Accounts: You are responsible for Users’ actions and for safeguarding credentials, API keys, and secrets.

8.3 Seats: You will not exceed the number of Seats purchased. If you do, Togthr may charge for overages.

9.1 Fees: Fees are due in advance (monthly or annually) as per your Plan or Order Form and are non‑refundable except as expressly stated.

9.2 Changes: Upgrades take effect immediately; downgrades take effect at renewal. Togthr may change Fees effective upon the next renewal with at least 30 days’ notice.

9.3 Taxes: Fees are exclusive of taxes. You are responsible for applicable taxes.

9.4 Late Payment: Togthr may suspend the Services for non‑payment and charge interest at the lesser of 1.5% per month or the maximum permitted by law.

10.1 Standard Support: Togthr provides standard support as described in the Documentation. No specific uptime or response SLAs apply unless stated in an Order Form or an SLA Addendum.

10.2 Maintenance: Togthr may perform scheduled maintenance and will use reasonable efforts to minimize disruption.

11.1 Measures: Togthr implements reasonable technical and organizational measures appropriate to the risk, as described in the Documentation and/or Security Overview.

11.2 Subprocessors: Togthr may use Subprocessors to provide the Services. Togthr will maintain a list of Subprocessors and will provide notice of material changes as described in the DPA.

11.3 Customer Security: You are responsible for securing your endpoints, networks, identity systems, and configuration of the Services, including access controls and data retention settings.

12.1 Ownership: Togthr and its licensors own all rights in the Services and Documentation. No rights are granted except as expressly stated.

12.2 Customer Data: You own Customer Data. You grant Togthr a non‑exclusive, worldwide, royalty‑free license to host, process, transmit, display, and create derivative works of Customer Data as necessary to provide and improve the Services, and as otherwise permitted by the DPA/BAA.

12.3 Feedback: You assign to Togthr all right, title, and interest in Feedback you provide.

13.1 Mutual: Each party warrants it has authority to enter into this Agreement.

13.2 Services: EXCEPT AS EXPRESSLY PROVIDED IN AN ORDER FORM, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTIES OF ANY KIND, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON‑INFRINGEMENT, OR ACCURACY.

13.3 Third‑Party Platforms: TOGTHR DISCLAIMS ALL LIABILITY ARISING FROM THIRD‑PARTY PLATFORMS AND INTEGRATIONS.

14.1 By Customer: You will defend and indemnify Togthr against claims, losses, and expenses arising from (a) your or your Users’ use of the Services in violation of this Agreement, the Acceptable Use Policy, HIPAA, or other laws; (b) Customer Data (including PHI) and its processing per your instructions; (c) your Integrations or configurations; or (d) alleged infringement arising from your materials or requirements.

14.2 By Togthr: Togthr will defend and indemnify you against third‑party claims alleging that the Services (as provided by Togthr) infringe intellectual property rights, and will pay damages finally awarded or agreed in settlement, provided you promptly notify Togthr and provide reasonable cooperation. Togthr may (i) modify the Services; (ii) procure a license; or (iii) terminate the affected Services with a pro‑rated refund. Togthr has no obligation for claims based on (1) combinations not provided by Togthr, (2) modifications by you, (3) Third‑Party Platforms, or (4) use contrary to Documentation.

15.1 Exclusions: NEITHER PARTY WILL BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS INTERRUPTION.

15.2 Cap: EXCEPT FOR YOUR PAYMENT OBLIGATIONS AND YOUR INDEMNITY OBLIGATIONS, EACH PARTY’S TOTAL AGGREGATE LIABILITY UNDER THIS AGREEMENT IS LIMITED TO THE FEES PAID OR PAYABLE BY YOU IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

15.3 Uncapped: Nothing limits liability for death or personal injury caused by negligence, fraud, or matters that cannot be limited by law.

16.1 Obligations: Each party will protect the other’s Confidential Information with reasonable care and use it only to perform under this Agreement.

16.2 Exceptions: Confidential Information does not include information that is public, already known without duty of confidentiality, independently developed, or rightfully received from a third party.

16.3 Compelled Disclosure: A party may disclose Confidential Information as required by law with prompt notice (where lawful).

17.1 DPA: The DPA is incorporated and governs processing of Personal Data. In case of conflict on data protection matters, the DPA controls; for PHI, the BAA controls.

17.2 International Transfers: Togthr uses appropriate transfer mechanisms (e.g., EU SCCs, UK IDTA/Addendum, other recognized safeguards) where applicable.

17.3 Regional Laws: Togthr and Customer will comply with applicable data protection laws including, as applicable, HIPAA, GDPR/UK GDPR, Canada’s PIPEDA and provincial laws, India’s Digital Personal Data Protection Act 2023, UAE Federal Decree‑Law No. 45 of 2021 and free zone equivalents (e.g., DIFC/ADGM), Australia Privacy Act 1988, and New Zealand Privacy Act 2020.

20.1 Termination for Cause: Either party may terminate for material breach not cured within 14 days of notice; or if the other becomes insolvent or ceases business.

20.2 Convenience: If stated in your Order Form, you may terminate for convenience per its terms; otherwise, subscriptions are non‑cancelable during the Term.

20.3 Effect: Upon termination, Fees due remain payable. Togthr will make Customer Data available for export for 30 days, after which Togthr may delete it unless otherwise required by law or by the BAA/DPA.

20.4 Suspension: Togthr may suspend the Services for non‑payment, security risks, suspected violations of law or this Agreement, or to comply with law.

22.1 United States Customers: (a) Governing Law. State of Delaware law governs, excluding conflict of law rules; the Federal Arbitration Act governs arbitration. (b) Arbitration. Except for IP claims or claims seeking injunctive relief, any dispute will be finally resolved by binding arbitration under the AAA Commercial Arbitration Rules before a single arbitrator seated in Delaware, conducted in English. The parties share arbitration costs; reasonable attorneys’ fees may be awarded to the prevailing party. CLASS ACTION WAIVER: claims must be brought individually and not as a class or representative action. (c) Opt‑Out. You may opt out of arbitration by written notice to care@togthr.health within 30 days of first becoming subject to this clause. (d) Courts. If arbitration is found not to apply, exclusive jurisdiction lies in state or federal courts in Delaware; the parties waive jury trial to the extent permitted by law.

22.2 United Kingdom, EEA, Switzerland, and Rest of World: Governing law: England and Wales. Venue and jurisdiction: exclusive in the courts of England and Wales.

22.3 India Customers: Governing law: laws of India. Venue and jurisdiction: courts in Chennai, Tamil Nadu.

22.4 United Arab Emirates Customers: Governing law: laws of the United Arab Emirates. Venue and jurisdiction: courts of Dubai, UAE (non‑exclusive). If agreed in writing, DIFC or ADGM jurisdiction may apply.

22.5 Canada Customers: Governing law: laws of the Province of Ontario and federal laws of Canada. Venue and jurisdiction: courts located in Ontario.

22.6 Australia Customers: Governing law: laws of New South Wales, Australia. Venue and jurisdiction: courts of New South Wales.

22.7 New Zealand Customers: Governing law: laws of New Zealand. Venue and jurisdiction: courts of Auckland, New Zealand.

25.1 Assignment: You may not assign this Agreement without Togthr’s written consent. Togthr may assign to an affiliate or in connection with a corporate transaction.

25.2 Entire Agreement: This Agreement is the entire agreement and supersedes prior agreements regarding its subject matter.

25.3 Severability; Waiver: If any provision is unenforceable, the remainder remains in effect. Failure to enforce is not a waiver.

25.4 Independent Contractors: The parties are independent contractors.

25.5 Survival: Provisions that by their nature should survive will survive, including Fees, confidentiality, IP, indemnities, limitations of liability, and dispute resolution.