Caredove API Usage Agreement

Date of Last Revision:  May 8, 2025

1. Definitions

“Caredove Inc.” refers to the company Caredove Inc.

“Integration Partner” means the creator or vendor of a system or application programmed to connect to the Caredove API for the purpose of system integration.

“Integration User” means an individual or entity that accesses the Caredove platform through the Integration Partner’s system or application via the Caredove API.

“API” means any application programming interface made available by Caredove Inc. for integration purposes.

2. Purpose and Incorporation of Terms

This API Usage Agreement (“Agreement”) governs the Integration Partner’s access to and use of the Caredove API to connect with the Integration Partner’s system. This Agreement is part of Caredove Inc.’s legal agreement framework at https://about.caredove.com/legal, and specifically references the following documents (together, the “Referenced Documents”):

• Caredove Terms and Conditions (“Terms”)
• Caredove Premium Service Agreement (“Premium Addendum”), if executed between Caredove and the Integration Partner
• Caredove Referral Network Roles & Responsibilities
• Caredove Privacy Incident and Breach Management Policy
• Caredove Data Security Policy

If there is any conflict, the following order of precedence applies:

1. Premium Addendum (where applicable, as to Premium Service matters)
2. This API Usage Agreement (for API matters)
3. Terms
4. Privacy Incident and Breach Management Policy and Data Security Policy
5. Roles & Responsibilities

3. API Access and Use

3.1 Grant of Access

Caredove Inc. grants the Integration Partner a limited, non-exclusive, non-transferable, revocable right to access and use the API solely for the purposes defined in Section 3.2, subject to this Agreement and the Referenced Documents.

3.2 Permitted and Prohibited Use

Permitted Use:

These activities constitute the ‘intended purpose’ under the Terms.

The Integration Partner may use the API only to:

• Facilitate the processing of referrals to and from the Caredove platform; and
• Facilitate reporting necessary for referral operations, provided such reporting complies with all privacy requirements and does not involve the disclosure or use of personal information for unauthorized purposes.

Prohibited Use:

The Integration Partner may not use the API:

• For marketing, data scraping, advertising, or commercial solicitation unrelated to referrals; for research or analytics not expressly authorized in writing by Caredove Inc. and not compliant with privacy requirements; or to build user profiles, contact lists, or datasets for unrelated or third-party purposes.
• In any manner inconsistent with applicable privacy, data protection, or security laws or Caredove Inc. policies.
• To reverse engineer, decompile, disassemble, or attempt to derive the source code, structure, or underlying ideas of the API or any part thereof.

3.3 Subprocessors

The Integration Partner shall not permit any third party or subprocessor to access data obtained via the API unless such party is contractually bound to comply with obligations equivalent to those set out in this Agreement and the Referenced Documents. The Integration Partner remains fully responsible for the acts and omissions of any such subprocessors.

4. Responsibilities of Integration Partner

4.1 Responsible Use

The Integration Partner must use the API responsibly and must not:

• Engage in any conduct, including automated processes, excessive requests, or attempts to circumvent security or authentication mechanisms, that could overload, disrupt, degrade, or interfere with the performance, integrity, or availability of the API or Caredove Inc. systems.
• Repeatedly attempt access with invalid, expired, or unauthorized credentials.
• Otherwise misuse the API or engage in any activity prohibited under this Agreement.

Caredove Inc. may monitor API usage, enforce rate limits, and take necessary action to protect system integrity, security, and service availability, including restricting or suspending access for misuse or violation of this section.

4.2 User Authorization & Access Controls

When submitting data to the API (such as when sending referrals or communications), the Integration Partner may identify the Integration User, who may or may not have a corresponding user account in Caredove. In such cases, Caredove Inc. relies on the Integration Partner to use robust authentication and identification processes to accurately and appropriately identify and authenticate such users.

The Integration Partner is solely responsible for all processes related to authenticating and authorizing all Integration Users accessing Caredove through its system, in accordance with the Roles & Responsibilities, Data Security Policy, and all applicable privacy laws. Caredove Inc. shall not be liable for unauthorized access resulting from any failure by the Integration Partner (or their licensee or subprocessors) to properly implement and enforce such controls.

4.3 Error Handling

The Integration Partner must return appropriate HTTP response codes as follows:

• 2xx series: Successful requests (e.g., 200, 201, 202, etc.)
• 4xx series: Client errors (e.g., 400, 401, 403, etc.); Caredove Inc. will investigate and resolve, or escalate as needed
• 5xx series: Server errors (e.g., 500, 502, etc.); the Integration Partner will investigate, resolve, or escalate as needed

If the Integration Partner provides error codes that do not align with their intended meaning (e.g., returning a 500 for an authorization or bad content error), the Integration Partner must correct the error code promptly.

Where the Integration Partner is a Premium customer, escalation will follow the procedures set out in the Premium Addendum.

5. Security, Privacy & Data Protection

The Integration Partner must maintain industry-standard security safeguards to protect data, in accordance with applicable privacy laws (including but not limited to PHIPA, PIPEDA, and HIPAA). Safeguards include, but are not limited to, robust technical safeguards, a privacy policy, and a breach management policy.

Breach Notification and Audit Rights:

Each party will notify the other promptly of any actual or suspected unauthorized access, use, or disclosure of data exchanged via the API, in accordance with each party’s Breach Management Policy and applicable laws.

In the event of a breach, or at any other time, Caredove Inc. may request reasonable evidence of the Integration Partner’s compliance with security and privacy obligations, and the Integration Partner will cooperate in good faith with security or compliance reviews related to API usage.

Caredove Inc.’s security program is posted at www.caredove.com/legal.

6. Support and Incident Management

The Integration Partner must designate a primary technical contact for API-related matters and must have documented escalation procedures in place to evaluate, escalate, and promptly handle urgent and important issues affecting the operation or integrity of the integration.

Caredove Inc. provides initial (Tier 1) technical support through its standard online user support, responsible for initial triage and escalation. Incidents affecting the operation, security, or integrity of the integration must be communicated promptly via mutually agreed channels.

If the Integration Partner has a Premium Addendum, the service‑level commitments in that Addendum apply in addition to the support described here.

7. Change Management

Notice:

Caredove Inc. will provide at least 30 days’ notice prior to implementing any backward-incompatible changes to the Caredove API, unless a shorter notice period is required for urgent security or legal reasons. The Integration Partner must update its integration as necessary to maintain compatibility with any functionality related to such changes.

API Availability:

Caredove Inc. may modify, suspend, or discontinue the API at any time, with or without notice, including for maintenance, improvements, or compliance purposes. Caredove Inc. will make reasonable efforts to notify the Integration Partner in advance of material or backward-incompatible changes.

8. Termination and Post-Termination Obligations

Either party may terminate this Agreement on at least 30 days’ written notice.  

If the Integration Partner is also bound by a Premium Addendum, any termination must respect the term and notice requirements in that Addendum unless the parties agree otherwise in writing.

Upon termination of this Agreement, the Integration Partner must:

• Immediately cease all use of the API;
• Remove all technical connectivity, integration code, API credentials, and any related access between its system and the Caredove platform;
• Remove any Service Directory data and any other data obtained via the API that has not already been used in accordance with the permitted uses.

Evidence of removal of connectivity must be provided to Caredove Inc. upon request.

Nothing in this section prevents either party from retaining data it must keep by law or under another written agreement with Caredove, provided such data continues to be protected under applicable privacy requirements.

9. Miscellaneous

9.1 Limitation of Liability

Caredove Inc.’s liability is limited as described in the Terms. For API usage, total liability shall not exceed fees paid by the Integration Partner in the preceding 12 months, if any.

9.2 No Warranty

The API is provided “as is.” Caredove Inc. disclaims all express and implied warranties, as set forth in the Terms.

9.3 Data Ownership and Use

Each party retains ownership of its respective data. Access to and use of data via the API is limited to what is necessary to provide the integration functionality, consistent with the Roles & Responsibilities and privacy laws.

9.4 Indemnity

The Integration Partner shall indemnify and hold harmless Caredove Inc., its affiliates, and their officers, directors, and employees from and against any losses, damages, liabilities, claims, or expenses (including reasonable legal fees) arising out of or relating to the Integration Partner’s breach of this Agreement, misuse of the API, or violation of applicable law.

For certainty, Caredove’s indemnification obligations to the Integration Partner under Section 14 of the Terms (third‑party intellectual‑property claims) apply equally to API usage.

9.5 Confidentiality

Each party will treat as confidential any non-public business, technical, or personal information obtained in connection with this Agreement, including API documentation, technical details and security protocols, and will not disclose such information except as required by law or with the other party’s prior written consent.

Confidential information does not include: (a) information that is or becomes public without breach; (b) information already lawfully known to the Recipient; (c) information independently developed without use of the Discloser’s data; or (d) “User Submissions” or feedback governed by Section 13 of the Terms, which Caredove may use freely.

Each party will protect disclosed confidential information with at least the same care it uses for its own confidential data and, on termination, will return or securely destroy it, except to the extent retention is required by law or to exercise surviving rights.

9.6 No Assignment or Transfer.

Caredove Inc. may assign or transfer this Agreement, in whole or in part, to an affiliate or successor without the Integration Partner’s consent, provided notice is given.  

The Integration Partner may not assign or transfer any rights or obligations under this Agreement without Caredove Inc.’s prior written consent. Any attempted assignment in violation of this section is void.

9.7 Severability

If any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions will remain in full force and effect.

9.8 Entire Agreement and Amendments

This Agreement, together with the Referenced Documents, constitutes the entire agreement regarding API use. Amendments must be in writing and agreed by both parties.

9.9 Governing Law

This Agreement is governed by the law specified in the Caredove Inc. Terms & Conditions.

9.10 Survival

Sections relating to confidentiality, limitation of liability, indemnity, data ownership and use, no assignment or transfer, severability, and any other provisions which by their nature should survive, shall survive termination or expiry of this Agreement.

‍

‍