Terms of Use - NOKI

These Platform Terms of Use (“Terms of Use”) form a legal agreement between you and Noki Inc. (“Noki,” “we,” “us,” or “our”). They outline the conditions for accessing and using our proprietary software as a service (SaaS) platform, available as a web and/or mobile application (the “Platform”).

Please read these terms of use carefully. By accessing or using the platform, you confirm that you have read, understood, and agree to be legally bound by these terms of use and our Privacy policy, which is incorporated by reference into these terms of use (collectively, the “Agreement”). If you do not agree to these terms, please do not use the platform.

We reserve the right to modify, discontinue, or terminate the Platform or amend the Agreement at our sole discretion and without prior notice. Any changes to the Agreement will be posted on the Platform. By continuing to use the Platform after changes are posted, you agree to be bound by the updated Agreement. If you do not accept the modified Agreement, your only option is to stop using the Platform.

If you accept these terms on behalf of a company or other legal entity, you confirm that you have the authority to bind that entity to the Agreement, and “you” and “your” will refer to that entity.

1. PLATFORM USAGE

By accessing or using the Platform, you agree to the following guidelines:

You will not use automated means, such as spiders, robots, crawlers, or data mining tools, to download or scrape data from the Platform
You will not impersonate any person or entity or misrepresent your affiliation with any person or entity.
You will not take any action that imposes an unreasonable or disproportionately large load on our technical infrastructure.
You will not upload, post, email, transmit, or make available any content that:some text
- Promotes or advertises any third-party website, product, or service.
- Infringes on any copyright, trademark, publicity, or other proprietary rights.
- Discloses sensitive information about another person, such as email address, postal address, phone number, credit card information, etc.
- Is defamatory, libelous, indecent, obscene, pornographic, sexually explicit, invades privacy, promotes violence, or contains hate speech.
You will not interfere with or disrupt the proper operation of the Platform using any virus, device, software, or routine or attempt to access any data, files, or passwords related to the Platform through hacking or any other means.
You will not cover, obscure, block, or interfere with any advertisements or safety features on the Platform.
You will not bypass, remove, alter, deactivate, degrade, or thwart any protections on the Platform.
You will not use the Platform for any unlawful purposes.
You will not decompile, reverse engineer, or disassemble any software or products accessible through the Platform.
You will not use the Platform to collect market research for competing businesses.

We reserve the right to deny you (or any device) access to the Platform or any part of it at our sole discretion and without notice.

Your use of the Platform may involve transmitting certain personal information to us. Our collection and use of this personal information are governed by our Privacy policy, which is incorporated by reference into these Terms of Use.

The Platform is intended for individuals aged 18 and older. If you are under 18, please do not use the Platform. By using the Platform, you confirm that you are 18 years or older.

The Platform contains materials such as software, text, graphics, images, sound recordings, audiovisual works, and other content provided by Noki or third parties (“Content”). U.S. and international laws protect this Content, and unauthorized use may breach copyright, trademark, and other laws.

Platform elements are protected by trade dress, trademark, unfair competition, and other state and federal laws and may not be copied or imitated, including through framing or mirroring. Retransmission of any Content requires our express written consent for each instance.

Noki’s trademarks, service marks, and logos (“Noki Trademarks”) used on the Platform are either registered or unregistered trademarks of Noki. Other names on the Platform may be owned by third parties (“Third-Party Trademarks”). No rights to use these Trademarks are granted without prior written permission. Using the Trademarks as part of a link to or from any website requires prior approval. All goodwill from using Noki Trademarks benefits us.

You have no ownership rights to the Content and can only use it as permitted by this Agreement. Any other use requires our prior written consent. You must keep all copyright and proprietary notices intact on any copies of the Content you make. You are not allowed to sell, transfer, assign, license, sublicense, modify, reproduce, display, publicly perform, create derivative works from, distribute, or use the Content for public or commercial purposes. Posting Content on other websites or networked environments is strictly prohibited.

If you violate this Agreement, your access to the Platform and Content will be immediately terminated, and you must destroy any copies you have made.

Your employees and contractors who access the Platform are “Authorized Users.” Each must create an account with a unique email and password (“Login Credentials”), which must not be shared and must remain confidential.

Notify us immediately of any unauthorized use of Login Credentials. You are responsible for all activities under these credentials and ensuring compliance with these Terms of Use. Inform us promptly of any need to deactivate or change Login Credentials.

4. DISCLAIMER

We reserve the right to disable any account at our discretion if we believe there has been a failure to comply with these Terms of Use.

User Responsibility

The Platform, Content, and Output are not intended for diagnosing, treating, curing, or preventing any disease or health condition. You and your authorized users are solely responsible for any medical decisions based on the Output. The Platform and Output do not replace professional medical advice.

Third-party Links

The Platform may contain links to third-party websites (“External Sites”) for your convenience. These links do not imply endorsement. We are not responsible for the content or accuracy of materials on External Sites. Accessing these sites is at your own risk, and you should take precautions against viruses.

Limitation of Liability and No Warranties

We do not warrant the performance, accuracy, reliability, or completeness of the Platform or Output. Any actions based on the Platform or Output are at your own risk. We are not liable for any harm or damages, including incidental or consequential damages, lost profits, or damages from lost data or business interruptions resulting from the use of the Platform or Output. For any claims related to warranty, contract, or common law tort, our liability is limited to the greater of $250 or the total fees you paid in the three months prior to the claim.

The Platform, Content, and Services are provided “as is” and “as available.” We and our suppliers disclaim all warranties, express, implied, or statutory, including those of non-infringement, merchantability, fitness for a particular purpose, availability, and uninterrupted operation. Any implied warranties are restricted to the minimum scope and duration allowed by law.

User Warranties

You represent and warrant that you have all necessary rights and permissions to provide us with Your Data and have obtained all required consents and authorizations in compliance with applicable laws. This includes consent from patients, their parents, or legal guardians and consent for recording sessions and using, exchanging, and disclosing any applicable PHI.

Feedback

We welcome and encourage you to provide feedback, comments, and suggestions for improving the Platform and our services (“Feedback”). While we encourage you to email us, please do not include any confidential information in your communications. Any feedback you provide may be used and disclosed by us freely, without any obligation to compensate you or attribute it to you. This includes using your ideas, concepts, know-how, techniques, or other materials for any purpose, including developing, producing, and marketing products and services.

Jurisdiction

This Agreement is governed by the laws of the State of Delaware, without regard to conflict of laws provisions. Any legal action related to this Agreement will be subject to the exclusive jurisdiction of the state and federal courts in Delaware. You waive any objections to these courts based on venue or convenience, and you irrevocably submit to their jurisdiction for any related suits, actions, or proceedings.

The Platform is based in the United States, and we make no claims about its suitability for use outside the U.S. If you access the Platform from outside the United States, you do so at your own risk and are responsible for complying with your local laws.

In case of a breach or threatened breach of our intellectual property rights and confidential information by you, we will be entitled to injunctive relief. We may seek interim, equitable, provisional, or injunctive relief from any court with jurisdiction to protect our rights and property pending arbitration. You consent to the jurisdiction of federal and state courts in Delaware for these actions.

Dispute Resolution and Relief

Any dispute related to this Agreement or the Platform will be resolved by binding arbitration under the Federal Arbitration Act (FAA). Neither party can take the dispute to court or have a jury trial, except in local small claims court if allowed. Arbitration is different from court, with limited discovery and appeal rights.

A neutral arbitrator, chosen by both parties, will resolve the dispute, and their decision will be final, except for a limited right of appeal. Arbitration will be conducted by an established arbitration provider under its rules. Each party will pay its own arbitration-related fees. The arbitrator’s award can be enforced in any court with jurisdiction. This clause does not prevent either party from seeking temporary remedies from a court to support the arbitration process. Arbitration can be held in person, by documents, by phone, or online.

You agree that any arbitration or legal proceeding will be limited to disputes between you and us individually. Disputes cannot be combined with others, and there is no right to arbitrate or resolve disputes as a class action or in a representative capacity. Claims can only be brought in your individual capacity, not as a plaintiff or class member in any class or representative action.

If you breach or threaten to breach our intellectual property rights or confidential information, we may suffer irreparable harm and can seek injunctive relief. We may pursue temporary, equitable, or injunctive relief from any court with jurisdiction to protect our rights and property while arbitration is pending.

5. INDEMNIFICATION

You agree to indemnify, defend, and hold harmless Noki, its affiliates, and their respective shareholders, members, officers, directors, employees, agents, and representatives (collectively, “Noki Indemnitees”) from any and all damages, liabilities, losses, costs, and expenses, including reasonable attorney’s fees (“Losses”), resulting from any third-party claim, action, or proceeding (“Claim”) arising from:

Your or your Authorized User’s violation of this Agreement, including any false representations or warranties.
Improper use of the Platform, Output, and/or Content.
Acts of negligence, gross negligence, willful misconduct, fraud, misrepresentation, or violation of law.
Infringement of any third-party rights, including copyright, trademark, property, or privacy rights.

These indemnification obligations are subject to our: (i) prompt notification to you of any Claim; (ii) providing reasonable cooperation at your expense in the defense of the Claim; and (iii) granting you sole control over the defense and settlement negotiations.

6. PLATFORM TERM, TERMINATION, AND FEES

Your access to the Platform starts when you accept these Terms of Use and lasts for the subscription period you selected (“Term”). The Term will automatically renew for the same duration unless either party provides a 30-day notice before the current term ends.

We may change, suspend, discontinue, or terminate your access to the Platform at any time without prior notice or liability.

By using the Platform, you agree to pay the subscription fees within fourteen (14) days of receiving the invoice. We reserve the right to suspend your platform usage if there are any payment dues.

We may update our pricing with reasonable notice, effective the next service year. We reserve the right to introduce new fees or additional fees at any time upon notice to you. Payments are processed through a third-party processor of our choice, which we may change at any time.

7. DATA RIGHTS, OWNERSHIP, USAGE, AND RETENTION

Definitions:

Protected Health Information (PHI): As defined under HIPAA.
Usage Data: Anonymous analytical data collected by Noki regarding the use and performance of the Platform, including access times, visited sections, frequency, and other usage metrics.
Your Data: Any information you or your Authorized Users submit to the Platform, including Patient Recordings and personal information of Authorized Users.
Patient Recordings: (i) Audio and/or video recordings of sessions between you (or your Authorized Users) and patients (including their parents, family members, or friends participating in such sessions) that you upload to the Platform; and (ii) Information and data collected during these sessions and uploaded to the Platform.
Output: Medical documentation generated from Your Data by the Platform.

Rights and Ownership:

You grant Noki a non-exclusive, worldwide, fully paid-up, royalty-free license, with sublicensing rights, to use, store, modify, display, and distribute Your Data (i) during the term of this Agreement, to fulfill Noki’s obligations and (ii) for Noki’s internal purposes, such as analyzing and improving the Platform and its analytics capabilities.
PHI will be processed according to the Business Associate Agreement (BAA) outlined below. If there is a conflict between this Agreement and the BAA regarding PHI processing, the BAA terms will control. By providing Your Data, you agree to the BAA terms.
You retain all rights, title, and interest in Your Data and Output, including any modifications, improvements, or enhancements.

Data Use, Retention, and Disclosure:

According to BAA, we may use De-identified Data and disclose it to third parties. We will link your De-identified Data with your customer ID to customize and train the Platform based on your specific styles and requirements identified from Your Data.
Your Data, Usage Data, Patient Recordings, and Output will be stored on the Platform for the duration of this Agreement’s Term. After the Term concludes, all your data will be retained in our backup system for an additional fourteen (14) days before being permanently deleted.
We and our third-party service providers may use Your Data and Usage Data in an anonymous and aggregated form (Aggregate Data) for operating, maintaining, managing, and improving our products and services, including the Platform. Aggregate Data does not identify you. You agree that we may collect, use, publish, sell, and otherwise utilize such Aggregate Data.

8. USE OF CONTENT

If you violate this Agreement, your access to the Platform and Content will be immediately terminated, and you must destroy any copies you have made.

9. RIGHT TO ACCESS AND USE THE PLATFORM

Subject to this Agreement, Noki grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable right to authorize you and your Authorized Users to access and use the Platform solely for your internal business purposes during the Term of this Agreement.

You agree not to:

Reverse engineer, decompile, disassemble, or attempt to discern the source code or interface protocols of the Platform.
Modify, adapt, translate, copy, resell, distribute, sublicense, or use the Platform for service bureau, timeshare, or similar activities for third-party benefit.
Remove or alter any proprietary markings or restrictive legends on the Platform.
Introduce, post, or upload any harmful code (e.g., virus, worm, Trojan Horse) to the Platform or circumvent any safeguards we have implemented.
Save, store, or archive any part of the services outside the Platform, except for outputs generated through the Platform’s intended functionality, without Noki’s prior written permission.
Use the Platform in violation of any law, to build a competitive product or service, or for any unauthorized purpose.

If you violate this section, Noki may immediately revoke your access to the Platform without notice. Noki also reserves the right to change the availability of any feature, function, or content of the Platform at any time without notice or liability.

10. MISCELLANEOUS

Unless expressly agreed otherwise in writing, this Agreement constitutes the entire agreement between you and us regarding the subject matter and supersedes all prior agreements, written or oral.

Section headings are for convenience only and have no legal effect. This Agreement benefits our successors, assigns, licensees, and sublicensees.

You may not assign your rights, duties, or obligations under these Terms of Use to any person or entity without Noki’s written consent.

Any waiver must be in writing to be effective and shall not be deemed a waiver in any other or subsequent instance. Our failure to enforce any provision of this Agreement does not constitute a waiver of that or any other provision.‍

Business Associate Agreement‍

This Business Associate Agreement (“BAA”) is established between Noki Inc., a Delaware company (“Business Associate”), and its customer (“Covered Entity”) who has accepted the Terms of Use and Privacy Policy of Noki Inc. (collectively, the “Agreement”). The terms “Business Associate” and “Covered Entity” are defined according to 45 CFR §164.501. This BAA sets forth the terms governing the handling and processing of Protected Health Information (PHI) by the Business Associate on behalf of the Covered Entity. Within this BAA, the Covered Entity and Business Associate are referred to individually as a “Party” and collectively as the “Parties.”

Context and Purpose

The Covered Entity is classified as either a “covered entity” or a “business associate” of a covered entity under the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and related regulations issued by the Department of Health and Human Services (HHS) (collectively referred to as “HIPAA”). Consequently, the Covered Entity is obligated to comply with HIPAA’s provisions regarding the confidentiality and privacy of PHI.

The Parties have entered into one or more agreements under which the Business Associate provides specified services to the Covered Entity, collectively referred to as the “Agreement.” During the provision of these services, the Business Associate will have access to PHI and, by providing such services, will be classified as a “business associate” of the Covered Entity as defined by HIPAA.

Both Parties are committed to adhering to all applicable federal and state laws, including but not limited to the Standards for Privacy of Individually Identifiable Health Information outlined in 45 CFR Part 160 and Part 164, Subparts A and E (the “Privacy Rule”). The Parties are equally committed to ensuring the privacy and security of any PHI disclosed to the Business Associate under this Agreement, HIPAA, and other relevant laws.‍

Definitions and Terminology

For the purposes of this BAA, the terms listed below are defined as follows. Any capitalized terms used in this BAA but not defined shall be interpreted in accordance with the Privacy Rule or other applicable law:

Affiliate: A subsidiary or affiliate of the Covered Entity that qualifies as a covered entity under HIPAA.
Breach: The unauthorized acquisition, access, use, or disclosure of PHI that compromises the security or privacy of the PHI, as defined in 45 CFR §164.402.
Breach Notification Rule: The segment of HIPAA codified in Subpart D of 45 CFR Part 164.
Data Aggregation: The combination of PHI created or received by the Business Associate in its role as a business associate of the Covered Entity with PHI received in a similar capacity from other covered entities to facilitate data analyses related to the Health Care Operations of the respective covered entities.
Designated Record Set: As defined in 45 CFR §164.501.
De-Identify: The process of altering PHI to meet the de-identification standards described in 45 CFR §§164.514(a) and (b).
Electronic PHI: PHI maintained or transmitted in electronic media, as defined in 45 CFR §160.103.
Health Care Operations: As defined in 45 CFR §164.501.
HHS: The U.S. Department of Health and Human Services.
HITECH Act: The Health Information Technology for Economic and Clinical Health Act, part of the American Recovery and Reinvestment Act of 2009, Public Law 111-005.
Individual: As defined in 45 CFR §§164.501 and 160.130, including individuals who qualify as personal representatives under 45 CFR §164.502(g).
Privacy Rule: The segment of HIPAA outlined in 45 CFR Part 160 and Part 164, Subparts A and E.
Protected Health Information (PHI): Information as defined in 45 CFR §§164.501 and 160.103, limited to that created or received by the Business Associate from or on behalf of the Covered Entity.
Security Incident: Any attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
Security Rule: The Security Standards for the Protection of Electronic Health Information provided in 45 CFR Part 160 & Part 164, Subparts A and C.
Unsecured PHI: PHI that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of technologies or methodologies specified by the HHS Secretary, pursuant to the HITECH Act and codified at 42 USC §17932(h).

Usage and Protection of PHI

Authorized Uses and Disclosures

The Business Associate is authorized to use or disclose PHI as necessary to provide the services outlined in the Agreement and to undertake other activities as permitted or required by this BAA or by law. The Business Associate may also use PHI for internal business management and administration, provided these activities comply with the limitations of this BAA and applicable laws. The use or disclosure of PHI must be restricted to the minimum necessary to achieve the intended purpose, in accordance with Section 13405(b) of the HITECH Act and related HHS regulations.

Safeguards and Security

The Business Associate agrees to implement appropriate safeguards to prevent unauthorized use or disclosure of PHI and to protect the confidentiality, integrity, and availability of Electronic PHI. This includes training employees and ensuring that actions or omissions by employees or agents do not result in a breach of this BAA. The Business Associate may de-identify any PHI received under this BAA, after which the information will no longer be considered PHI and will not be subject to this BAA.

Reporting and Response Obligations

Reporting of Disclosures and Security Incidents

The Business Associate shall notify the Covered Entity in writing of any unauthorized use or disclosure of PHI and any security incidents involving Electronic PHI within fourteen (14) business days of becoming aware of the event.

Breach Notification

The Business Associate shall promptly notify the Covered Entity in writing of any breach of Unsecured PHI, in accordance with 45 CFR §164.410, but no later than fourteen (14) calendar days after discovering the breach.

Mitigation Efforts

The Business Associate shall take reasonable measures to mitigate any harmful effects resulting from the unauthorized use or disclosure of PHI by itself, its agents, or subcontractors in violation of this BAA.‍

Responsibilities and Compliance

Agreements with Agents and Subcontractors

The Business Associate shall ensure that any agents or subcontractors with access to PHI agree in writing to adhere to the restrictions and conditions in this BAA and to implement reasonable safeguards to protect Electronic PHI.

Audit and Accountability

Upon request, the Business Associate shall provide the Covered Entity or an upstream Business Associate with a copy of its most recent independent SOC 2 certification report or another mutually agreed-upon third-party audit report. The Covered Entity agrees not to re-disclose the audit report.

Individual Rights and Requests

Access to PHI

Upon request, the Business Associate shall provide the Covered Entity with copies of PHI maintained in a Designated Record Set to enable the Covered Entity to respond to an Individual’s request for access under 45 CFR §164.524. If an Individual or personal representative requests access directly from the Business Associate, the Business Associate shall forward the request to the Covered Entity within fourteen (14) business days.

Amendment of PHI

The Business Associate shall amend PHI in a Designated Record Set as directed by the Covered Entity in accordance with 45 CFR §164.526, within fourteen (14) business days of the request. If an Individual requests an amendment directly from the Business Associate, the Business Associate shall forward the request to the Covered Entity within the same timeframe.

Accounting of Disclosures

The Business Associate shall document any disclosures of PHI and provide the Covered Entity with information necessary to respond to a request for an accounting of disclosures under 45 CFR §164.528(a). If an Individual submits a request directly to the Business Associate, the Business Associate shall forward it to the Covered Entity within fourteen (14) business days.‍

General Provisions

Compliance and Records

The Business Associate shall make its internal practices, books, agreements, records, and policies related to the use and disclosure of PHI available to the Secretary of HHS upon request to determine the Parties’ compliance with HIPAA and this BAA.

Covered Entity Responsibilities

The Covered Entity shall notify the Business Associate of any limitations in its notice of privacy practices, changes in an Individual’s permission to use or disclose PHI, or any restrictions on the use or disclosure of PHI that may affect the Business Associate’s activities.

Data Ownership and Stewardship

The Business Associate’s role as a data steward does not confer ownership rights over the data shared under the Agreement, including all forms of such data.

Duration and Termination

Terms and Conditions for Termination

This BAA shall take effect upon the signing of the Agreement and remain in effect until all obligations under the Agreement and this BAA have been fulfilled. Either Party may terminate the BAA if the other Party breaches a material term and fails to cure the breach within thirty (30) days of written notice.

Upon termination, the Business Associate shall return or destroy all PHI maintained on behalf of the Covered Entity, or, if not feasible, notify the Covered Entity and extend the protections of this BAA to the retained information.

Legal Provisions

Governing Law and Conflicts

This BAA is part of the Agreement and shall be governed by the same laws. In the event of any conflict between this BAA and the Agreement, the BAA shall prevail unless it conflicts with applicable laws.‍

Amendments and Waiver

No modifications, waivers, or amendments to this BAA shall be valid unless made in writing and signed by authorized representatives of both Parties.

Notices

All notices under this BAA shall be made via electronic mail to the addresses provided:

Covered Entity: Email address provided upon signing the Agreement.
Business Associate: support@noki.ai

‍