Terms of Service

Effective Date: March 17, 2026 | Last Updated: March 17, 2026

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "you," or "your") and Provider Plexus, Inc. ("Provider Plexus," "Company," "we," "us," or "our") governing your access to and use of all Provider Plexus products, services, applications, and platforms (collectively, the "Services"). The Services include the Provider Plexus web application, browser extension, mobile application, telehealth patient portal, audio streaming and transcription services, and all associated APIs.

By creating an account, accessing, or using any of the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you are accepting these Terms on behalf of a company, healthcare organization, or other legal entity, you represent and warrant that you have the authority to bind that entity to these Terms.

1. Definitions

"Authorized User" means any individual who is authorized by you or your organization to access and use the Services under your account.
"Clinical Content" means any medical documentation, clinical notes, audio recordings, transcriptions, diagnostic codes, imaging files, medical records, and other healthcare-related data submitted to or generated through the Services.
"Protected Health Information" or "PHI" has the meaning given under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations.
"AI-Generated Output" means any content, codes, analysis, or documentation produced by the artificial intelligence and machine learning components of the Services, including but not limited to CPT code suggestions, ICD-10 code extractions, E/M level analyses, and ambient clinical notes.
"Business Associate Agreement" or "BAA" means the agreement between Provider Plexus and a Covered Entity or Business Associate as required under HIPAA.

2. Eligibility and Account Registration

2.1 Eligibility

The Services are intended for use by licensed healthcare professionals, authorized medical coders, healthcare organizations, and their patients. You must be at least 18 years of age to create an account. If you are a patient accessing the telehealth portal, you must be at least 18 years of age or have a parent or legal guardian consent on your behalf.

2.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials, including passwords and any two-factor authentication (2FA) devices.
You must immediately notify Provider Plexus at security@providerplexus.com of any unauthorized use of your account or any other breach of security.
You are responsible for all activities that occur under your account, whether or not authorized by you.
Provider Plexus may implement security measures including account lockout after repeated failed login attempts, session inactivity timeouts, and password complexity requirements.

2.3 Organizational Accounts

If you register on behalf of a healthcare organization or health system, you are responsible for managing Authorized Users, ensuring compliance with these Terms, and maintaining appropriate access controls. Administrators must ensure that user subscriptions (Ambient, Billing, Extract) are assigned only to authorized personnel.

3. Description of Services

Provider Plexus provides the following Services, subject to your subscription plan and account configuration:

Medical Coding Assistance: AI-powered extraction and suggestion of CPT, ICD-10, and HCPCS codes from clinical documentation.
E/M Level Analysis: Automated evaluation and documentation (MDM) analysis for Evaluation and Management service levels.
Ambient Clinical Documentation: Real-time audio recording, transcription, and AI-generated clinical note creation from patient encounters via the browser extension and web application.
Telehealth Patient Intake: A multi-step patient intake wizard including demographics collection, insurance verification, consent management, medical history, and payment processing.
Medical Records Integration: Electronic Health Record (EHR) interoperability via FHIR, SMART on FHIR, and third-party integrations for medical records retrieval.
Document Processing: Upload and AI-driven analysis of clinical documents (PDF, Word) for coding and prior authorization support.
DICOM Imaging: Upload and management of medical imaging files.
Prior Authorization Support: AI-assisted prior authorization data extraction and processing.

4. HIPAA Compliance and Protected Health Information

4.1 Business Associate Relationship

To the extent that Provider Plexus creates, receives, maintains, or transmits PHI on behalf of a Covered Entity or Business Associate, Provider Plexus acts as a Business Associate under HIPAA. A separate Business Associate Agreement (BAA) must be executed between Provider Plexus and the Covered Entity prior to the transmission of any PHI through the Services. Use of the Services to process PHI without a BAA in place constitutes a violation of these Terms.

4.2 Your HIPAA Obligations

If you are a Covered Entity or Business Associate, you are responsible for obtaining all necessary patient authorizations and consents before submitting PHI to the Services.
You must ensure that your use of the Services complies with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
You must not submit PHI through the Services in a manner inconsistent with the terms of the applicable BAA.

4.3 Security Safeguards

Provider Plexus implements administrative, technical, and physical safeguards to protect PHI in accordance with the HIPAA Security Rule, including but not limited to:

Encryption of PHI in transit (TLS 1.2+) and at rest (AES-256 via Google Cloud KMS envelope encryption).
Role-based access controls and multi-tenant data isolation.
Automated session timeouts compliant with HIPAA requirements.
Audit logging and PHI access monitoring.
PHI redaction in application logs.

5. AI-Generated Output and Clinical Responsibility

5.1 Advisory Nature of AI Output

AI-Generated Output is provided for informational and decision-support purposes only and does not constitute medical advice, a clinical diagnosis, or a final coding determination. All AI-Generated Output must be reviewed, validated, and approved by a qualified healthcare professional or certified medical coder before use in any clinical, billing, or regulatory context.

5.2 No Substitute for Professional Judgment

Provider Plexus does not practice medicine and the Services are not intended to replace the clinical judgment of licensed healthcare professionals.
You acknowledge that AI models may produce inaccurate, incomplete, or inappropriate suggestions, and you assume full responsibility for any clinical or coding decisions made using AI-Generated Output.
Provider Plexus is not responsible for any claim, loss, or liability arising from reliance on AI-Generated Output without independent professional review.

5.3 Ambient Documentation

Audio recordings captured through the ambient documentation features are processed by third-party AI services. You are solely responsible for obtaining appropriate patient consent before recording any clinical encounter. All ambient-generated notes must be reviewed and finalized by the attending provider before becoming part of the medical record.

6. User Obligations and Acceptable Use

6.1 Compliance

You agree to use the Services only in compliance with all applicable federal, state, and local laws, including but not limited to HIPAA, the False Claims Act, Anti-Kickback Statute, state medical practice acts, and state telehealth laws.

6.2 Prohibited Conduct

You agree not to:

Use the Services for fraudulent billing, upcoding, unbundling, or any other improper coding practice.
Submit false, misleading, or fabricated clinical documentation.
Attempt to access the Services through any means other than the authorized interfaces (web application, browser extension, mobile application, or documented APIs).
Reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code of any component of the Services.
Interfere with, disrupt, or place an unreasonable burden on the Services or their underlying infrastructure.
Use automated tools (bots, scrapers, crawlers) to access the Services without express written consent.
Share, transfer, or sublicense your account credentials or access to the Services with any unauthorized party.
Use the Services to store, transmit, or process any content that is unlawful, harmful, or violates the rights of any third party.
Circumvent or attempt to circumvent any security controls, authentication mechanisms, or access restrictions.

7. Telehealth and Patient Services

7.1 Patient Consent

Patients accessing the telehealth intake portal must provide informed consent, including HIPAA authorization and telehealth-specific consent, as part of the intake process. Digital signatures on consent forms are legally binding.

7.2 Patient Data

Patient data collected through the telehealth portal (including demographics, insurance information, medical history, and imaging) is subject to the Data & Privacy Policy and applicable BAA. Patients may request access to, correction of, or deletion of their personal information as described in our Data & Privacy Policy.

7.3 Insurance and Payment

Insurance eligibility verification provided through the Services is informational and does not guarantee coverage or payment. Payment information is collected and processed by Stripe, Inc., a PCI DSS Level 1 certified payment processor. Provider Plexus does not store credit card numbers or sensitive payment credentials on its servers.

8. Intellectual Property

8.1 Provider Plexus IP

The Services, including all software, algorithms, AI models, interfaces, documentation, trademarks, trade dress, and proprietary content, are owned by Provider Plexus or its licensors and are protected by applicable intellectual property laws. Nothing in these Terms grants you any right, title, or interest in the Services beyond the limited right to use them as described herein.

8.2 Your Content

You retain all right, title, and interest in Clinical Content and other data you submit to the Services. By using the Services, you grant Provider Plexus a limited, non-exclusive license to process your content solely for the purpose of providing, maintaining, and improving the Services and as described in the applicable BAA.

8.3 De-identified Data

Provider Plexus may use de-identified and aggregated data (from which all PHI identifiers have been removed in accordance with the HIPAA Safe Harbor or Expert Determination methods) for analytics, research, product improvement, and benchmarking purposes. Such de-identified data is not subject to the restrictions in the BAA.

8.4 Feedback

If you provide suggestions, ideas, or feedback about the Services, you grant Provider Plexus a perpetual, irrevocable, worldwide, royalty-free license to use and incorporate such feedback without restriction or obligation.

9. Third-Party Services and Integrations

The Services integrate with and rely on third-party services, including but not limited to:

AI and Machine Learning: OpenAI, Azure OpenAI, and Google Cloud AI Platform for clinical text analysis and code generation.
Payment Processing: Stripe, Inc. for payment collection and processing.
EHR Interoperability: Third-party services for medical records retrieval and FHIR-based data exchange.
Analytics: Mixpanel for usage analytics and product improvement.
Cloud Infrastructure: Google Cloud Platform for hosting, storage, encryption (Cloud KMS), and computing.

Your use of the Services may be subject to the terms and privacy policies of these third-party providers. Provider Plexus ensures that all third-party services processing PHI are bound by appropriate BAAs or equivalent contractual protections.

10. Subscription, Fees, and Payment

10.1 Subscription Plans

Access to certain features of the Services requires a paid subscription. Available subscription modules include Ambient Documentation, Billing/Coding, and Data Extraction. Feature availability is determined by your subscription plan and may be managed by your organization's administrator.

10.2 Fees and Billing

Fees are as set forth in your order form or subscription agreement with Provider Plexus.
All fees are non-refundable except as expressly stated in your subscription agreement or as required by applicable law.
Provider Plexus reserves the right to modify pricing upon reasonable notice. Changes will take effect at the start of the next billing period.

11. Service Availability and Support

11.1 Uptime

Provider Plexus strives for high availability but does not guarantee uninterrupted or error-free operation. Scheduled maintenance windows may result in temporary service interruptions. Where applicable, specific uptime commitments are set forth in your Service Level Agreement (SLA).

11.2 Support

Technical support is available through the channels described in your subscription agreement. Emergency security issues should be reported to security@providerplexus.com.

12. Data Portability and Export

Upon request and subject to applicable law and the terms of the BAA, Provider Plexus will provide you with a copy of your Clinical Content in a standard, machine-readable format. Data export requests may be submitted to support@providerplexus.com.

13. Termination

13.1 Termination by You

You may terminate your account at any time by contacting support@providerplexus.com. Termination does not entitle you to a refund of prepaid fees except as provided in your subscription agreement.

13.2 Termination by Provider Plexus

Provider Plexus may suspend or terminate your access to the Services immediately if:

You breach any material provision of these Terms.
Your use of the Services poses a security risk or may adversely affect other users.
Continued provision of the Services becomes unlawful or commercially impracticable.
You fail to pay any fees when due.

13.3 Effect of Termination

Upon termination, your right to access the Services ceases immediately. Provider Plexus will retain your data for a period consistent with our data retention policies and applicable legal requirements. PHI will be returned or destroyed in accordance with the terms of the applicable BAA and HIPAA requirements.

14. Disclaimers

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

Without limiting the foregoing, Provider Plexus does not warrant that:

The Services will meet your specific requirements or expectations.
AI-Generated Output will be accurate, complete, current, or free from errors.
The Services will be uninterrupted, timely, secure, or error-free.
Any coding suggestions or clinical documentation will comply with any particular payer's requirements or guidelines.

15. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL CODONTIX, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, BUSINESS OPPORTUNITIES, GOODWILL, OR OTHER INTANGIBLE LOSSES, ARISING OUT OF OR IN CONNECTION WITH:

Your use of or inability to use the Services.
Any AI-Generated Output or decisions made based thereon.
Unauthorized access to or alteration of your data or transmissions.
Claim denials, billing errors, or reimbursement losses.
Any third-party conduct or content in connection with the Services.

CODONTIX'S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE GREATER OF (A) THE AMOUNTS PAID BY YOU TO CODONTIX IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM OR (B) ONE HUNDRED DOLLARS ($100).

The limitations in this section apply regardless of the theory of liability (contract, tort, strict liability, or otherwise) and even if Provider Plexus has been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of certain damages, so some of the above limitations may not apply to you.

16. Indemnification

You agree to indemnify, defend, and hold harmless Provider Plexus and its officers, directors, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to:

Your use of the Services in violation of these Terms or applicable law.
Your Clinical Content or other data submitted to the Services.
Your failure to obtain required patient consents or authorizations.
Any claim that your use of AI-Generated Output for billing or clinical purposes caused harm to a patient or third party.
Your breach of any representation or warranty in these Terms.

17. Governing Law and Dispute Resolution

17.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of laws provisions.

17.2 Dispute Resolution

Any dispute arising out of or relating to these Terms or the Services shall first be submitted to good-faith negotiation between the parties. If the dispute is not resolved within thirty (30) days, either party may submit the dispute to binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. The arbitration shall be conducted in English and the arbitral award shall be final and binding. Nothing in this section prevents either party from seeking injunctive or other equitable relief in a court of competent jurisdiction to prevent irreparable harm.

17.3 Class Action Waiver

You agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action. You waive any right to participate in a class action lawsuit or class-wide arbitration against Provider Plexus.

18. General Provisions

Entire Agreement: These Terms, together with the Data & Privacy Policy, any applicable BAA, SLA, and subscription agreement, constitute the entire agreement between you and Provider Plexus with respect to the Services.
Severability: If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
Waiver: Failure to enforce any provision of these Terms shall not constitute a waiver of that provision or any other provision.
Assignment: You may not assign or transfer these Terms or your rights hereunder without the prior written consent of Provider Plexus. Provider Plexus may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets.
Force Majeure: Provider Plexus shall not be liable for any delay or failure to perform resulting from causes beyond its reasonable control, including but not limited to natural disasters, pandemics, government actions, or infrastructure failures.
Notices: Provider Plexus may provide notices to you via the email address associated with your account or through the Services. You may direct notices to Provider Plexus at legal@providerplexus.com.

19. Changes to These Terms

Provider Plexus reserves the right to modify these Terms at any time. We will notify you of material changes by posting the updated Terms on the Services with a new effective date and, where required, by email. Your continued use of the Services after the effective date of any modification constitutes your acceptance of the modified Terms. If you do not agree with the modified Terms, you must stop using the Services and contact us to terminate your account.

20. Contact Information

For questions, concerns, or notices regarding these Terms:

General Legal: legal@providerplexus.com
Security Issues: security@providerplexus.com
Support: support@providerplexus.com