VoxDocs Terms of Service

Effective Date: 1 January 2025
Last Updated: 7 August 2025

IMPORTANT:These Terms form a binding agreement between Codestax Pty Ltd (“Codestax”, “we”, “us”, “our”) and the customer identified in the account (“you”, “your”). VoxDocs is a software product provided by Codestax. By creating an account, inviting users, or using the Services, you agree to these Terms. ...

1. Definitions

• 1.1 Bureau means a third‑party service engaged by you to perform manual transcription, billing and/or administrative processing.
• 1.2 Customer Content means data you submit to the Services, including audio, transcripts, notes, images and files.
• 1.3 Designated Recipients means your internal back‑office personnel and/or an authorised Bureau you connect to the Services.
• 1.4 Output means machine‑generated transcripts, summaries, or drafts created by the Services from Customer Content.
• 1.5 Services means the VoxDocs software and related services provided by Codestax.
• 1.6 Users means individuals you authorise to access your VoxDocs tenant (e.g., practitioners, staff, Bureau users).

2. Eligibility and Accounts

• 2.1 You must be a human, automated accounts (“bots”) are prohibited.
• 2.2 You are responsible for your Users, their compliance with these Terms, and for securing credentials. You will promptly notify us of any unauthorised access.
• 2.3 You are responsible for ensuring lawful collection and sharing of personal and health information, including obtaining any required consents for recording and disclosure to a Bureau.

3. Service Model (Conduit)

• 3.1 VoxDocs acts as a conduit for clinical information on your instructions. We capture, process (including automatic speech recognition and optional summarisation), and deliver Customer Content and Outputs to your Designated Recipients.
• 3.2 For clinical data, Codestax acts as a processor/operator to you. For practitioner/admin and operational data (e.g., billing and security logs), Codestax is the controller/responsible party. See our Privacy Policy and the DPA in Appendix B.

4. Recording Modes and Retention

• 4.1 Dictation Audio (post‑consult): Default retention: 30 days (configurable 7–180 days) to support quality checks and Bureau manual dictation. Auto‑delete thereafter.
• 4.2 Consultation Audio (in‑consult): Disabled by default. If enabled, you must obtain legally valid patient consent to record and, if applicable, to share with your Bureau. Default retention: 7 days (configurable 0–30 days; 0 = delete after transcription).
• 4.3 Notes/Outputs: Default retention: 7 days (configurable up to 6 months) to allow export to your clinical system, then auto‑delete.
• 4.4 Handover & Purge: When delivery to a Designated Recipient is marked Complete, a short purge window (3–7 days) begins, after which retained audio and interim notes are deleted unless law requires otherwise.
• 4.5 Dormant Accounts: If your account is deleted or inactive for 24 months, we schedule deletion of associated personal information unless retention is required by law, security or dispute resolution.

5. Your Responsibilities

• 5.1 You will use the Services only for lawful workflows, keep registration information current, and maintain appropriate access controls.
• 5.2 You will secure necessary patient notices and consents (including for recording and disclosure to a Bureau) and comply with professional and health‑privacy obligations.
• 5.3 You are responsible for any third‑party services you connect (including Bureaus) and their compliance with applicable laws.
• 5.4 Acceptable Use: You will not: (a) attempt to breach or circumvent security; (b) reverse engineer the Services; (c) use the Services to store or transmit infringing, harmful or unlawful content; (d) overload or interfere with the Services; or (e) misrepresent identities or authorisations.

6. Payment and Changes

• 6.1 Fees and Taxes: You agree to pay fees for the selected plan and applicable taxes. Unless stated otherwise, fees are billed in advance and non‑refundable except as required by law.
• 6.2 Changes to Fees: We may change prices on 30 days’ notice (email or SMS). Changes do not apply retroactively.
• 6.3 Modifications: We may modify features, discontinue or add new features. For material changes that significantly reduce core functionality, you may terminate and request a pro‑rata refund of prepaid fees for the remaining term.

7. Uptime, Support and Security

• 7.1 The Services are provided “as is” and “as available”. We take uptime seriously but do not offer a formal SLA.
• 7.2 We implement administrative, technical and physical safeguards, including encryption in transit and at rest, tenant and role‑based access controls, audit logging and backups. Details are in our Privacy Policy and security documentation.
• 7.3 Our staff may access limited data to (a) provide support at your request; (b) investigate and remediate incidents; and (c) protect the Services from abuse. Access is logged and minimized.

8. Data Protection and Privacy

• 8.1 Privacy Policy: Our collection, use and disclosure of personal information is described in the Privacy Policy, which is incorporated by reference.
• 8.2 Data Processing Addendum: Where required (e.g., GDPR/UK GDPR/POPIA), the DPA applies and prevails over conflicting Terms for processing of Customer Content and Outputs.
• 8.3 International Transfers: We may process data in Australia and other locations of vetted subprocessors. For South African data, we implement POPIA s72 safeguards. For EU/UK data (if applicable), we use SCCs/IDTA and supplementary measures where needed.
• 8.4 Subprocessors: We use subprocessors to operate the Services under written terms imposing confidentiality, security and deletion at end of service. A current list is available on request.

9. Intellectual Property and Content

• 9.1 Ownership: As between the parties, you own Customer Content and Outputs. You grant Codestax a non‑exclusive licence to host, process, transmit and display Customer Content and Outputs solely to provide and improve the Services and to comply with law.
• 9.2 Software and Documentation: The Services, software and documentation are owned by Codestax and its licensors. No rights are granted except as expressly stated.
• 9.3 Feedback: You grant Codestax a perpetual, irrevocable, royalty‑free licence to use feedback to improve the Services.

10. Third‑Party Services and Bureau

• 10.1 You control whether to connect a Bureau and what artefacts to share. Once shared, the Bureau acts as your service provider under your agreement with them. Codestax is not responsible for a Bureau’s acts or omissions.
• 10.2 Integrations you enable (e.g., EHR, billing) are third‑party services and are governed by their own terms.

11. Suspension and Termination

• 11.1 We may suspend or terminate access immediately for material breach, unlawful use, or risks to the Services. Where feasible, we will provide prior notice.
• 11.2 You may terminate at any time via the account settings. Upon termination, access ceases immediately.
• 11.3 Post‑Termination: For 14 days after termination (or longer if required by law), you may request export of remaining Customer Content/Outputs not already purged by retention settings. Thereafter we will delete remaining data consistent with Section 4 and the DPA.

12. Warranties; Disclaimers

• 12.1 You represent that you have the rights and consents necessary to provide Customer Content and to direct Codestax to process and disclose to Designated Recipients.
• 12.2 EXCEPT FOR NON‑EXCLUDABLE RIGHTS, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED.

13. Limitation of Liability

• 13.1 Nothing in these Terms excludes liability for Non‑Excludable Rights.
• 13.2 To the maximum extent permitted by law, Codestax will not be liable for any indirect, incidental, special, consequential or punitive damages, or loss of profits, revenue, data, or goodwill.
• 13.3 To the maximum extent permitted by law, Codestax’s aggregate liability arising out of or related to the Services will not exceed the fees paid by you to Codestax for the Services in the 12 months preceding the event giving rise to liability.

14. Indemnity

You will indemnify and hold harmless Codestax from third‑party claims arising out of (a) your breach of these Terms; (b) your violation of law; (c) your Customer Content; or (d) your instructions to share with a Bureau or other third parties.

15. Force Majeure

We are not liable for delays or failures due to events beyond our reasonable control (including natural disasters, outages, acts of government, labour disputes, or internet failures).

16. Governing Law; Disputes

These Terms are governed by the laws of Western Australia. Courts located in Western Australia have exclusive jurisdiction.

17. Changes to Terms

We may update these Terms from time to time. Material changes will be notified via email or SMS with advance notice where required. Continued use after the effective date constitutes acceptance.

18. Notices; Contact

Codestax Pty Ltd – provider of the VoxDocs software product
Email: support@voxdocs.com.au
Postal: PO Box 274, Karrinyup, 6921, WA

Appendix A – Data Processing Addendum (Summary)

• A.1 Roles: For Customer Content and Outputs, you are the controller/responsible party and Codestax is the processor/operator.
• A.2 Instructions: Codestax will process personal information only on your documented instructions and for the purposes of providing the Services and complying with law.
• A.3 Security: Codestax will implement appropriate technical and organisational measures (encryption, access controls, logging, backups).
• A.4 Subprocessors: You authorise Codestax to use subprocessors under written terms ensuring confidentiality, security and deletion; Codestax remains responsible for subprocessors.
• A.5 Assistance: Codestax will assist with data‑subject requests, breach notifications, and DPIAs as required by law.
• A.6 Breach: Codestax will notify you without undue delay after becoming aware of a personal‑data breach affecting your Customer Content.
• A.7 International Transfers: For South African data, POPIA s72 safeguards apply. For EU/UK data (if applicable), SCCs/IDTA and supplementary measures apply.
• A.8 Return/Deletion: Upon termination or at your choice, Codestax will return or delete personal information, subject to legal retention requirements.
• A.9 Audit: On reasonable notice, Codestax will make available information necessary to demonstrate compliance (e.g., security documentation, external audit reports).
• A.10 Precedence: This DPA prevails over conflicting Terms with respect to processing of Customer Content and Outputs.

Appendix B – Data Processing Addendum (DPA)

This DPA forms part of the Terms of Service between the customer (“Controller/Responsible Party”) and Codestax Pty Ltd (“Processor/Operator”) for the VoxDocs Services.

• B.1 Subject Matter and Duration: Processing of personal information submitted to the Services by Controller for the term of the Agreement.
• B.2 Nature and Purpose: Capture, transcribe/summarise (if enabled), store (per retention settings), transmit and deliver clinical information to Controller’s Designated Recipients; provide support and security; comply with law.
• B.3 Types of Personal Information and Data Subjects: Practitioner/admin data (account, billing); patient/clinical data (audio, transcripts, notes, identifiers, images/files). Data subjects include patients, practitioners and staff as determined by Controller.
• B.4 Roles: Controller determines the purposes and means of processing Customer Content and Outputs. Processor acts only on documented instructions from Controller.
• B.5 Processor Obligations:
  • Process only on instructions
  • Ensure confidentiality
  • Implement security measures (encryption in transit/at rest, role‑based access, logging, backups)
  • Assist with data‑subject requests and DPIAs
  • Notify without undue delay of personal‑data breaches
  • Delete/return data at end of services
  • Maintain records of processing as required by law
• B.6 Subprocessors: Controller authorises engagement of subprocessors. Processor will impose obligations no less protective than this DPA and remains responsible for subprocessors.
• B.7 International Transfers: Where personal information is transferred across borders, Processor will implement: (i) POPIA s72 safeguards for South African data; (ii) SCCs/IDTA (and supplementary measures) for EU/UK data where applicable.
• B.8 Audits and Information: On reasonable notice, Processor will make available information necessary to demonstrate compliance (e.g., third‑party security reports). Formal audits may be conducted no more than annually, subject to reasonable safeguards, confidentiality and reimbursement of Processor’s reasonable costs, unless required by a regulator.
• B.9 Retention and Deletion: Processor will retain personal information only as directed by Controller via retention settings or as required by law. Upon termination or upon written request, Processor will return or delete personal information within a reasonable period, subject to lawful retention.
• B.10 Liability and Precedence: Liability allocations follow the Agreement. In the event of conflict, this DPA prevails over the Agreement with respect to processing of Customer Content and Outputs.