Terms of Service

1. What is CredentialTrack Pro?

CTP provides a cloud-based software platform for managing provider credentialing, licensure tracking, certification monitoring, continuing education records, payer enrollment workflows, hospital privilege tracking, and related compliance activities. Credentialing — the verification of practitioner qualifications against primary sources — is recognized by NCQA's Credentialing Accreditation program as an essential safety component of the U.S. health care system.

The Service is intended for workforce and professional compliance records. It is not intended for patient charting, medical record storage, claims processing, or other patient-data workflows, unless separately approved by CTP in writing.

2. Who can create a CredentialTrack Pro account?

You represent that:

• You are at least 18 years old
• You are authorized to use the Service on behalf of yourself or your organization
• Information submitted to the Service is accurate and current
• You will maintain the confidentiality of your login credentials

You are responsible for all activity occurring under your account and for promptly notifying CTP of any suspected unauthorized use. Account-credential hygiene also tracks the access-management controls described in NIST SP 800-63B (Digital Identity Guidelines — Authentication).

3. Who owns the data you upload to CredentialTrack Pro?

As between the parties, you retain ownership of customer data submitted to the Service. You grant CTP a limited right to host, store, process, transmit, and use customer data solely as necessary to provide, maintain, secure, support, and improve the Service, consistent with these Terms and the Privacy Policy.

You represent that you have all rights and permissions necessary to submit the data you upload. The customer-owns-its-data principle reflected here aligns with the data-ownership guidance in the FTC's "Protecting Personal Information: A Guide for Business".

4. What can't you upload or do with the Service?

You may not:

• Use the Service for unlawful purposes
• Upload false, misleading, infringing, or unauthorized content
• Attempt to interfere with the security or operation of the Service
• Use the Service to store or process patient medical records, patient treatment information, patient billing records, or other patient protected health information unless expressly approved by CTP in writing under separate contractual terms
• Use the Service in a way that violates applicable privacy, employment, healthcare, licensing, or data security laws

If prohibited data is uploaded, CTP may suspend access, remove affected content where appropriate, and require corrective action. See HHS guidance on covered entities and business associates for the categories of users for whom additional contractual terms are required before any patient PHI is processed.

5. How does CredentialTrack Pro secure your data?

CTP will maintain commercially reasonable safeguards designed to protect customer data against unauthorized access, disclosure, alteration, and destruction. Our control framework draws on NIST Special Publication 800-66 Revision 2 (Implementing the HIPAA Security Rule, Feb. 2024) and may include encryption, access controls, logging, vendor oversight, and business continuity measures.

CTP does not guarantee that the Service will be uninterrupted, error-free, or immune from all security threats.

"Failure to conduct a HIPAA Security Rule risk analysis leaves health care entities vulnerable to cyberattacks, such as ransomware. Knowing where your ePHI is held and the security measures in place to protect that information is essential for compliance with HIPAA."

6. Can you use the Service for patient PHI?

CTP is structured to support provider credentialing and workforce compliance records, not patient PHI workflows. In the ordinary course of the Service as currently offered, CTP does not intend to act as a HIPAA Business Associate for customer use of self-managed provider credentialing records. See HHS Business Associate Contracts guidance (45 CFR 164.504(e)) for the contracting requirements that would apply if a Business Associate relationship were ever established.

If a customer wishes to use the Service in a way that would involve patient PHI or would reasonably require HIPAA Business Associate treatment, the customer must contact CTP in advance. No customer is authorized to upload patient PHI to the Service unless CTP has expressly agreed in writing to support that use and the parties have executed any required supplemental agreement.

CTP may, at its discretion, offer a separate enterprise arrangement for approved healthcare organization use cases that require additional contractual data handling terms.

7. How are CredentialTrack Pro subscription fees billed?

Paid subscriptions are billed as described on the applicable order form, pricing page, invoice, or subscription workflow. Fees are due in U.S. dollars and are exclusive of taxes unless expressly stated otherwise.

You authorize CTP and its payment processor (Stripe, Inc. — see the Stripe Services Agreement) to charge the payment method on file for all applicable fees and taxes. Except where required by law or expressly stated otherwise, fees are non-refundable. Recurring-subscription disclosures track the FTC's Restore Online Shoppers' Confidence Act (ROSCA) framework.

8. When do these Terms start and end?

These Terms begin when you first use the Service and continue until terminated. Either party may terminate in accordance with the applicable subscription terms or by written notice if the other party materially breaches these Terms and fails to cure within a reasonable period.

Upon termination, your right to use the Service ends, but CTP may provide a limited post-termination export window for customer data, subject to payment of outstanding fees and compliance with law. The export window is designed to satisfy the data-portability expectations in the Texas Data Privacy and Security Act.

9. Who owns the CredentialTrack Pro platform itself?

CTP retains all right, title, and interest in the Service, including its software, interfaces, documentation, branding, and related intellectual property, except for customer data owned by you. Trademark rights are asserted under the Lanham Act, and software is protected under the U.S. Copyright Act, Title 17.

Feedback provided by you may be used by CTP without restriction or compensation.

10. How are confidential business details protected?

Each party receiving non-public information from the other agrees to protect it using reasonable care and to use it only as necessary to perform under these Terms, except where disclosure is required by law. The "reasonable care" standard applied here mirrors the trade-secret protection threshold codified in the federal Defend Trade Secrets Act of 2016 (18 U.S.C. §§ 1836 et seq.).

11. What is the Service not?

The Service is provided on an "as is" and "as available" basis except as expressly stated otherwise. CTP does not provide legal, medical, billing, licensing, or regulatory advice. Users remain responsible for verifying deadlines, requirements, filings, and compliance obligations with the appropriate authorities, including CMS NPPES, state medical and nursing boards, the DEA Diversion Control Division, and applicable accreditation bodies.

12. What is the limit on damages?

To the fullest extent permitted by law, neither party will be liable for indirect, incidental, special, consequential, or punitive damages arising from or related to the Service or these Terms. CTP's aggregate liability arising out of or related to the Service will not exceed the amounts paid by the customer to CTP during the twelve months preceding the event giving rise to the claim, except where such limitation is prohibited by law. Limitation-of-liability and warranty provisions in SaaS contracts are analyzed under Texas's enactment of the Uniform Commercial Code (Texas Business & Commerce Code Chapter 2).

13. Which state's law governs these Terms?

These Terms are governed by the laws of the State of Texas, without regard to conflict-of-law principles. Any dispute not resolved informally will be resolved in the state or federal courts located in Texas, unless the parties agree in writing to arbitration or another dispute resolution process. The Texas Data Privacy and Security Act (TDPSA), in effect since July 1, 2024 and exclusively enforced by the Texas Attorney General, also applies to personal data processed under these Terms.

14. How will you be notified of Terms changes?

CTP may update these Terms from time to time. Material changes will be posted on the website and may be communicated by email or in-app notice. Continued use after the effective date of updated Terms constitutes acceptance. Our notice-and-acceptance approach reflects the framework recognized in the FTC's ".com Disclosures" guidance for online consumer notices.

15. How can you contact CredentialTrack Pro?

Questions regarding these Terms may be sent to: