API Access & Data Use Disclaimer
(Health & Disability Sector – New Zealand & Australia)
By accessing and using our Application Programming Interface (“API”), you (“Client”) agree to the following terms and conditions.
1. Scope of Access
The API is provided solely to enable the Client to access data relating to its own organisation, clients, participants, staff, or services (“Client Data”).
The Client agrees that:
- Access is limited strictly to its own authorised data.
- The API must not be used to attempt to access data belonging to any other party.
- All use must comply with applicable contractual agreements between the parties.
We reserve the right to suspend or terminate API access if unauthorised access is suspected.
2. Health & Sensitive Information
Client Data may include personal information and health information, including sensitive information as defined under:
- The Privacy Act 2020 (NZ)
- The Health Information Privacy Code 2020
- The Privacy Act 1988
- The Australian Privacy Principles
The Client is solely responsible for ensuring that its collection, access, use, disclosure, storage, and transmission of Client Data via the API complies with all applicable privacy, health records, disability, and data protection laws in New Zealand and Australia.
3. Client Security Responsibilities
The Client is responsible for:
- Safeguarding API credentials, keys, and authentication tokens.
- Implementing appropriate technical and organisational safeguards.
- Restricting API access to authorised personnel only.
- Maintaining secure storage and transmission practices (including encryption where appropriate).
- Promptly notifying us of any actual or suspected unauthorised access or data breach.
We are not liable for loss or damage arising from compromised credentials or failures in the Client’s internal systems, security, or controls.
4. Permitted Use
The API may only be used for:
- Internal business operations.
- Service delivery within the health and disability sector.
- Lawful reporting, integration, or analytics related to the Client’s own operations.
The Client must not:
- Attempt to access data belonging to another customer or entity.
- Resell, sublicense, or provide API access to third parties without written consent. Approved integrations remain the Client’s responsibility.
- Use the API in a way that interferes with system integrity or performance.
- Attempt to reverse engineer, disrupt, exploit vulnerabilities, or circumvent security mechanisms.
5. Availability & Modifications
While we aim to provide reliable access, the API is provided on an “as available” basis. We do not guarantee:
- Continuous, uninterrupted, or error-free operation.
- Real-time data synchronisation.
- Compatibility with all third-party systems.
We may modify, suspend, rate-limit, or discontinue the API at our discretion, including for security, maintenance, or regulatory compliance reasons.
6. Rate Limiting & Fair Use
API usage is subject to reasonable technical limits to ensure system stability and equitable access. Excessive or abnormal usage may result in throttling, temporary suspension, or termination.
7. Data Breach & Incident Cooperation
In the event of a security incident involving Client Data:
- The Client must promptly notify us of incidents originating within its environment.
- Both parties agree to cooperate in good faith in investigating and responding to any notifiable privacy breach obligations under applicable laws in New Zealand or Australia.
Each party remains responsible for its own statutory reporting obligations.
8. Limitation of Liability
To the maximum extent permitted by law, we exclude liability for:
- Indirect, incidental, or consequential loss.
- Loss arising from Client misuse of the API.
- Loss resulting from third-party systems or integrations.
Nothing in this disclaimer excludes liability that cannot be excluded under applicable law.
9. Amendments
We may update these API terms from time to time. Continued use of the API constitutes acceptance of any revised terms.