Terms of Service

By creating an account, completing onboarding, or using any part of the SyncAll platform ("Service"), you ("Client" or "you") agree to be bound by these Terms of Service ("Terms"). If you are agreeing on behalf of a practice, clinic, or law firm, you represent that you have authority to bind that entity. If you do not agree to these Terms, do not use the Service.

These Terms apply to all SyncAll subscription plans, including Media Basic, Media Pro, Assistant Basic, Assistant Pro, and any bundled plans.

The Service is designed exclusively for licensed medical, dental, and legal professionals operating in the United States. You represent and warrant that:

(a) You are a licensed practitioner or an authorized representative of a licensed practice or law firm; (b) You will use the Service only for lawful professional business purposes; (c) You will not use the Service to transmit, store, or process information in violation of applicable law, including the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and applicable state privacy laws; (d) You are at least 18 years of age and legally capable of entering into binding contracts.

SyncAll offers two independently subscribable service modules:

• Social Media Plan (none / basic / pro): Controls AI-generated content creation, social media distribution to Google Business Profile, Facebook/Instagram, and TikTok, and WhatsApp media intake.

• AI Reception Plan (none / basic / pro): Controls Vapi-powered AI voice reception, Twilio SMS handling, and appointment availability features.

Plans are billed on a recurring basis as specified at checkout. You authorize SyncAll to charge your designated payment method for all applicable fees. Fees are non-refundable except as required by law or as expressly stated in writing. SyncAll reserves the right to modify pricing with thirty (30) days' advance notice.

SyncAll provides appointment scheduling tools that operate on busy/free time signals only. You acknowledge and agree to the following:

(a) No PHI in Calendar Connections. Any Google Calendar, iCal subscription URL, or other calendar feed you connect to SyncAll must not contain patient names, treatment descriptions, diagnosis codes, medication names, case identifiers, or any other Protected Health Information as defined under HIPAA. Your acceptance of this requirement is recorded at the time of onboarding.

(b) iCal Subscriptions (Tier B). When you provide an iCal URL, SyncAll's system extracts only three fields per event: start time (DTSTART), end time (DTEND), and a deduplication identifier (UID). All other fields — including SUMMARY, DESCRIPTION, LOCATION, ATTENDEE, and ORGANIZER — are discarded at parse time and never stored.

(c) Google Calendar OAuth (Tier C). When you authorize Google Calendar access, SyncAll reads only start and end times for scheduling purposes. Event titles, descriptions, and attendee information are not stored in SyncAll's databases.

(d) Responsibility. You are solely responsible for ensuring that any calendar system, iCal feed, or OAuth-connected account you provide does not contain PHI. SyncAll's technical controls supplement but do not replace your compliance obligations.

SyncAll generates social media content, scheduling responses, and AI voice scripts using artificial intelligence tools. You acknowledge that:

(a) All AI-generated content is provided for review purposes. You are responsible for reviewing, editing, approving, or rejecting any content before it is published or communicated to patients, clients, or third parties; (b) AI-generated content does not constitute medical, dental, legal, financial, or professional advice of any kind; (c) SyncAll does not guarantee that AI-generated content will be accurate, complete, compliant with professional advertising rules, or appropriate for your jurisdiction or patient/client population; (d) You retain full professional and legal responsibility for all content published through the Service.

Clients subscribing to the Social Media Pro plan may submit images and videos via WhatsApp for AI-assisted editing and distribution. You agree that:

(a) The WhatsApp number registered during onboarding ("Management Number") is reserved exclusively for media submission by authorized practice staff; (b) You will not submit images or videos containing identifiable patient or client information through the WhatsApp media channel; (c) Media submitted via WhatsApp is encrypted at rest using AES-256-GCM and stored in a private, access-controlled storage bucket. URLs and object keys are not exposed in plain text logs; (d) Patients and clients must not be directed to the Management Number. Patient- and client-facing communications use only the separately designated AI Reception Number.

SyncAll implements the following security measures:

(a) All Protected Health Information fields stored in SyncAll's database are encrypted at the application layer using AES-256-GCM prior to storage. Encryption keys are stored in GCP Secret Manager and rotated quarterly.

(b) All PHI operations are processed within Google Cloud Platform and Supabase infrastructure. No PHI is routed through Vercel or other shared-infrastructure environments.

(c) SyncAll maintains immutable audit logs of all read and write operations involving PHI, as required by HIPAA's audit controls standard (45 C.F.R. § 164.312(b)).

(d) SyncAll has signed a Business Associate Agreement ("BAA") with Supabase. If your use of the Service requires SyncAll to enter into a BAA with you, please contact legal@getsyncall.com.

(e) Notwithstanding the above, SyncAll does not guarantee that its security measures will prevent all unauthorized access, and you remain responsible for implementing appropriate safeguards within your own systems.

The Service integrates with third-party providers including Google (OAuth and Calendar API), Twilio (SMS and WhatsApp), Vapi (AI voice), and Postiz (social media distribution). These providers operate under their own terms of service and privacy policies. SyncAll is not responsible for the availability, accuracy, or data practices of third-party services. Your use of connected platforms is subject to those platforms' terms.

Social media distribution is handled by a self-hosted Postiz instance. Only marketing content (video files, captions, and scheduled publish times) is transmitted to Postiz. No PHI passes through Postiz infrastructure.

SyncAll and its licensors retain all intellectual property rights in the Service, including software, models, interfaces, and documentation. You retain ownership of content you create and submit. You grant SyncAll a limited, non-exclusive license to process, store, and transmit your content solely to provide the Service. SyncAll does not claim ownership of your practice's brand, logos, or proprietary information.

To the maximum extent permitted by applicable law:

(a) SyncAll's total cumulative liability to you for any claim arising out of or related to these Terms or the Service shall not exceed the fees paid by you to SyncAll in the twelve (12) months preceding the claim.

(b) SyncAll shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including lost profits, lost data, or business interruption, even if advised of the possibility of such damages.

(c) SyncAll is not liable for damages arising from your failure to review AI-generated content before publication, your provision of PHI-containing calendar data in breach of Section 4, or your non-compliance with professional or regulatory obligations.

The Service is provided "as is" and "as available" without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, non-infringement, or uninterrupted availability. SyncAll does not warrant that the Service will meet all regulatory requirements applicable to your specific practice or jurisdiction.

Either party may terminate the Service subscription at any time. Upon termination, your access to the Service will cease at the end of the current billing period. SyncAll may suspend or terminate your account immediately for material breach of these Terms, including violation of Section 4 (PHI obligations) or Section 6 (WhatsApp media restrictions). Following termination, SyncAll will retain your data in accordance with its data retention policy and applicable law, then delete it.

These Terms are governed by the laws of the State of Delaware, without regard to conflict-of-law principles. Any dispute arising from these Terms or the Service shall be resolved by binding arbitration administered under the rules of the American Arbitration Association, conducted in English. Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm.

SyncAll may update these Terms from time to time. Material changes will be communicated by email or in-app notice at least thirty (30) days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the revised Terms.

For questions about these Terms, please contact:

SyncAll Legal Email: legal@getsyncall.com