Terms of Service — Clinics

PLEASE READ THESE TERMS CAREFULLY. BY REGISTERING FOR A CLINIC ACCOUNT OR USING THE PLATFORM AS A CLINIC-USER, YOU AGREE TO BE BOUND BY:

  • THESE CLINIC TERMS OF USE ("Terms");
  • THE SERVICE LEVEL COMMITMENTS IN PART B BELOW ("SLA");
  • THE PRIVACY AND DATA PROTECTION POLICY("Privacy Policy"); AND
  • THE DATA RETENTION AND DELETION POLICY ("Data Retention Policy").

These documents together form part of the contractual framework governing the use of the Platform and apply together with any Clinic Agreement, order form, or subscription terms entered into between Refora and the Clinic:

Refora Pte. Ltd. (UEN: 202555125N) of 103 Hillview Rise, Singapore 667982 ("Refora", "we", "us", or "our"), and

the subscribing clinic or authorised healthcare entity that accesses or uses the Platform (as defined below) ("Clinic", "you", or "your").

This Agreement applies only to Clinic-Users. Separate patient terms will govern Patient-Users.

PART A – CLINIC TERMS OF USE

1. Definitions

1.1 Platform means the online referral and coordination system operated by Refora, including any websites, portals, dashboards, APIs and related services.

1.2 Clinic-Users means clinics, dentists, medical or dental specialists, and their authorised staff who access or use the Platform for referral activity or related operational purposes.

1.3 Patient-Users means individual patients who access or view referral information relating to them on the Platform under separate patient-facing terms.

1.4 Health Information means medical or health-related data, including clinical notes, diagnostic images, documents and attachments.

1.5 Authorised Users means the Clinic's doctors, clinicians and staff whom the Clinic permits to use the Platform under its account.

1.6 Authorised Representative means a person validly authorised to act for a Clinic-User (for example, a practice manager/ lead doctor or other administrative personnel).

1.7 Clinic Agreement means any separate written agreement between Refora and the Clinic setting out the commercial terms of Refora's subscription offering for the Platform, including the scope of any onboarding or implementation support included in that offering (where Refora offers such support, it is provided as part of the same subscription package unless the parties agree otherwise in writing).

1.8 SLA means the service-level commitments in Part B of this document, as updated from time to time.

1.9 PDPA refers to the Personal Data Protection Act 2012.

1.10 PDPC refers to the Data Protection Commission Singapore.

1.11 Enquiry means a patient or prospective patient communication received via WhatsApp or web form that is tracked on the Platform as a lead for the Clinic.

1.12 Nurture Agent means the AI-powered conversation system that conducts automated WhatsApp conversations with patients on the Clinic's behalf, as further described in Section 4.8.

1.13 WhatsApp Integration means the connection of a Clinic's WhatsApp Business account to the Platform via Meta's Embedded Signup flow, enabling the receipt and sending of WhatsApp messages through the Platform.

Where capitalised terms are not defined here, they take the meaning given in the Privacy Policy or the Data Retention Policy.

2. Nature of Services (No Medical Practice)

2.1 The Platform facilitates referral management, patient enquiry handling, secure exchange of referral materials, and related coordination for Clinic-Users. The Platform supports the following intake channels:

(a) Inbound email intake: Clinic-Users may configure a Refora-issued forwarding address so that referral emails sent by third-party practitioners are automatically routed into the Platform, parsed, and imported as referral records.

(b) QuickRefer form: Clinic-Users may embed a Refora referral submission form on their own website. Patients or referring practitioners who complete and submit that form transmit data to Refora on behalf of the embedding Clinic.

(c) Manual import: Clinic-Users may manually import referral records that arrived outside the Platform (e.g., by phone or fax) into the Platform dashboard.

(d) WhatsApp enquiries: Where the Clinic connects a WhatsApp Business account to the Platform, messages sent by patients and prospective patients to the Clinic's WhatsApp number are received by the Platform, classified, and processed as enquiries. The Platform may send AI-generated replies and pre-approved template messages to such individuals on the Clinic's behalf, as further described in Section 4.8.

(e) Web form enquiries: Patients and prospective patients may submit enquiry forms on the Clinic's website. Where the Clinic has WhatsApp configured, Refora may initiate WhatsApp-based follow-up with the submitter.

2.2 Refora does not provide medical or dental advice, diagnosis or treatment, and does not practice medicine or dentistry. All clinical decisions remain solely with the relevant Clinic-Users.

2.3 The Platform must not be used for emergencies. Patients must be directed to appropriate emergency services or clinical channels.

2.4 No Legal or Compliance Advice. Any compliance-related features provided on the Platform — including consent checkboxes, opt-out handling, template approval workflows, and AI-powered messaging — are offered for the Clinic's convenience. They do not constitute legal, regulatory, or compliance advice, and their use does not guarantee compliance with any law, regulation, or professional standard. The Clinic remains solely responsible for its own legal and regulatory compliance.

3. Account Creation, Eligibility, and Responsibility

3.1 The Clinic must create an account to use the Platform. The Clinic must ensure that all information provided to Refora is accurate, current and complete, and is kept updated.

3.2 Authorised User accounts will be created by Refora on the instructions of the Clinic or its Authorised Representative. The Clinic is responsible for ensuring that all information provided for account creation is accurate and up to date. Credentials issued by Refora are intended for use only by the specific Authorised User for whom the account is created and must not be shared. Refora is not responsible for verifying professional credentials or employment status of Authorised users.

3.3 The Clinic is responsible for safeguarding all login credentials and for all activities undertaken on the Platform under its account, including those performed by Authorised Users.

3.4 The Clinic must promptly notify Refora of any suspected compromise, unauthorised access, or misuse of its account.

4. Roles and Data Responsibilities

4.1 For patient data uploaded or generated via the Platform, the Clinic acts as data controller under the PDPA and any applicable healthcare regulations.

4.2 Refora acts as a data intermediary / processor in respect of Health Information processed on the Platform on the Clinic's instructions.

4.3 Patient-Users acknowledge that their clinic controls clinical and referral content. Requests relating to clinical content (including corrections to medical records) must be directed to the relevant clinic.

4.4 Refora will implement safeguards appropriate to the risks, including unique-user authentication, access controls, audit logging, session timeouts, and encryption of Health Information and key identifiers, as further described in the Privacy and Data Protection Policy.

4.5 Data Subject Rights. The Clinic is solely responsible for managing and responding to all data subject rights requests from patients and other individuals whose personal data is processed through the Platform on the Clinic's instructions, including requests for access, correction, deletion, or withdrawal of consent. If Refora receives such a request directly, Refora will redirect it to the relevant Clinic and provide reasonable assistance to facilitate the Clinic's response, where required.

4.6 Data Breach Responsibilities. The Clinic must notify Refora promptly of any suspected data breach involving personal data or Health Information processed through the Platform, including breaches originating from the Clinic's own systems, shared credentials, or third-party integrations. As data controller, the Clinic is solely responsible for complying with all applicable data breach notification obligations under the PDPA and any other applicable law, including notifications to the PDPC and affected individuals. Where a breach originates from Refora's systems, Refora will notify the Clinic in accordance with the Privacy and Data Protection Policy and provide reasonable cooperation.

4.7 AI-Assisted Processing. Where the Clinic uses the inbound email intake feature, email content (including subject, body, and extracted attachment text) may be submitted to a third-party AI inference service for automated extraction of structured referral data. Refora uses this solely to populate referral records and does not use Health Information to train or improve AI models. The AI service provider is contractually bound to equivalent confidentiality and data-protection obligations. Further detail is set out in the Privacy and Data Protection Policy (Section 6.IX).

4.8 AI-Powered Patient Conversations (Nurture Agent). Where the Clinic has connected a WhatsApp Business account, the Platform operates an AI-powered nurture agent that conducts automated conversations with patients via WhatsApp on the Clinic's behalf. The nurture agent:

(a) classifies inbound messages to determine whether they originate from patients;

(b) generates contextual replies using clinic information configured by the Clinic (services, location, operating hours);

(c) detects booking intent and escalates to the Clinic with a notification;

(d) hands off to the Clinic when a patient requests human contact; and

(e) sends pre-approved re-engagement template messages to patients who have not responded.

The nurture agent does not provide medical or dental advice. The Clinic remains solely responsible for all clinical decisions, for responding to escalated conversations in a timely manner, and for the accuracy of clinic information configured on the Platform. The Clinic is responsible for determining whether and how to disclose the use of automated replies to patients in accordance with applicable professional and regulatory standards.

The Clinic may disable the nurture agent for any individual conversation at any time. When Clinic staff reply to a patient via the WhatsApp Business App, the nurture agent is automatically paused for that conversation.

Further detail on safeguards is set out in the Privacy and Data Protection Policy (Section 6.XI).

5. Consent and Uploads

5.1 The Clinic represents and warrants that it has obtained, and will maintain, all necessary consents or other lawful bases required under applicable law to collect, use, disclose and upload personal data and Health Information to the Platform for the purposes of referrals and related care coordination. This obligation extends to:

(a) Inbound email intake: The Clinic confirms that it has a sufficient lawful basis to route through the Platform any emails (and personal data contained therein) received from third-party practitioners. Where the original sender or the patient has not directly consented to processing by Refora, the Clinic is responsible for ensuring that its own authority or a statutory exception is in place before configuring the intake forwarding address.

(b) QuickRefer form: The Clinic is responsible for obtaining the informed consent of individuals who submit data through any QuickRefer form embedded on its website before their data is transmitted to the Platform. The Clinic must ensure its website displays adequate privacy notices that disclose Refora's role as a data intermediary and link to this Policy and the Privacy and Data Protection Policy.

(c) WhatsApp integration: The Clinic confirms that its use of the WhatsApp Integration complies with Meta's WhatsApp Business Terms and applicable law. The Clinic acknowledges that by connecting a WhatsApp Business account, it authorises Refora to receive messages sent to the Clinic's WhatsApp number, to send AI-generated replies and template messages on the Clinic's behalf, and to import historical message data for context purposes. The Clinic is responsible for determining whether disclosure of AI-assisted messaging to patients is required under applicable professional or regulatory standards.

(d) Web form enquiries: Where the Clinic configures web form enquiries with WhatsApp follow-up, the Clinic is responsible for ensuring that adequate notice is given to submitters that their phone number may be used to initiate WhatsApp-based communication.

5.2 Refora is entitled to rely on the Clinic's representations under this clause and has no obligation to independently verify the existence or validity of such consents. Where Refora reasonably believes that required consents or lawful bases are absent or defective, Refora may suspend processing or restrict access pending clarification.

5.3 Refora may suspend processing, remove content, or restrict access where it reasonably believes that valid consent was not obtained, or that the upload breaches these Terms, applicable law, or Refora's acceptable-use standards.

5.4 By continuing to use the Platform, the Clinic confirms that all uploads and instructions given to Refora in relation to Health Information are lawful and compliant with applicable retention, consent and confidentiality obligations.

6. Acceptable Use

6.1 The Clinic and its Authorised Users must not:

(a) upload unlawful, defamatory, or non-essential personal data;

(b) attempt to bypass security controls, probe or test the Platform, or introduce malware;

(c) use content obtained from the Platform for any purpose unrelated to referrals or permitted clinical/operational use;

(d) reverse engineer, decompile or create derivative works from the Platform;

(e) share logins between different individuals;

(f) use the Platform in any way that breaches applicable law or professional standards;

(g) configure the inbound email intake feature to route emails containing personal data for which the Clinic does not hold a sufficient lawful basis to process;

(h) embed the QuickRefer form in a manner that collects personal data without adequate privacy notice and consent mechanisms visible to the person submitting data;

(i) use the WhatsApp Integration to send unsolicited commercial messages, spam, or messages unrelated to patient care and enquiry management; or

(j) configure the AI nurture agent with inaccurate clinic information (such as incorrect services, pricing, or operating hours) that could mislead patients.

6.2 Refora may suspend or restrict access where it reasonably believes there has been a breach of this clause or a security risk.

7. Integrations, Third-Party Systems, and Data Intake Channels

7.1 Where the Platform enables export of data or interoperability with third-party systems, the Clinic is solely responsible for:

  • the third-party environment,
  • access controls within that environment, and
  • any data exposure or incident arising after data leaves the Platform.

7.2 Refora is not responsible for data once exported or processed outside the Platform. Any integration disclaimers in the Privacy and Data Protection Policy apply.

7.3 Inbound email intake. Where the Clinic configures the inbound email intake feature:

(a) Refora will process received emails as a data intermediary acting solely on the Clinic's instructions.

(b) The Clinic is solely responsible for ensuring that routing third-party emails through the Platform complies with applicable law, including any obligations owed to the original sender.

(c) Refora does not verify the identity or authority of the original email sender. Any liability arising from processing emails that were forwarded without proper authority rests with the Clinic.

7.4 QuickRefer form. Where the Clinic embeds the Refora QuickRefer form:

(a) Data submitted through the QuickRefer form is received by Refora as a data intermediary on the Clinic's behalf from the time of submission.

(b) The Clinic is responsible for the privacy notices and consent mechanisms displayed on its website prior to QuickRefer form submission.

(c) Refora applies rate-limiting and token-based authentication to the QuickRefer form but is not responsible for misuse of the QuickRefer form arising from inadequate controls on the Clinic's website.

7.5 WhatsApp Integration. Where the Clinic connects a WhatsApp Business account to the Platform:

(a) Refora receives and processes inbound WhatsApp messages as a data intermediary acting on the Clinic's instructions. The Clinic remains the data controller for all patient data received via WhatsApp.

(b) The Platform may send messages to individuals on the Clinic's behalf, including AI-generated nurture replies (within the Meta 24-hour conversation window) and pre-approved WhatsApp template messages (for re-engagement and notifications outside the window).

(c) Upon connection, Refora may request and import historical WhatsApp message data from Meta's SMB App Data API. Imported messages are stored for conversational context only and do not trigger automated replies or create new enquiry records.

(d) Where Clinic staff reply to patients via the WhatsApp Business App (rather than through the Platform), those replies are received by Refora through Meta's business message echo functionality and stored in the conversation thread. This echo receipt is an inherent feature of the WhatsApp Business API coexistence model and occurs automatically while the WhatsApp account is connected.

(e) The Clinic is solely responsible for ensuring that its use of WhatsApp Business in connection with the Platform complies with Meta's WhatsApp Business Terms, applicable data protection law, and professional messaging standards.

(f) The Clinic may disconnect its WhatsApp Business account from the Platform at any time via its account settings. Disconnection stops further message processing but does not delete data already received, which remains subject to applicable retention obligations.

8. Free Trial, Fees, Plans and Payment (Clinics)

8.1 Refora may offer a 30-day free trial of the Platform to new clinics. During the free-trial period:

(a) subscription fees are not charged;

(b) Refora will provide access to the Platform and core features;

(c) Refora's obligations are limited to those in this Agreement and the SLA, and do not extend to any minimum usage, outcomes, or specific business results.

8.2 Refora may, at its discretion, enable certain higher-tier features during the free trial. This does not create a right for the Clinic to continue receiving such features after the trial unless the Clinic selects and pays for the relevant subscription tier under a Clinic Agreement.

8.3 The billing start date for any paid subscription will typically be set to commence after the free trial ends, and may be stated in the Clinic Agreement or order confirmation. The Clinic acknowledges that:

  • the initial subscription tier, billing interval (monthly/annual), and billing cycle start date will be documented in the Clinic Agreement or equivalent order form; and
  • changes to subscription tier or user counts may be made via the Platform, in accordance with the Clinic Agreement.

8.4 Unless otherwise agreed in writing, subscription fees and any other platform-based fees are due in advance and are non-refundable once the relevant billing period has commenced, except where expressly stated in a Clinic Agreement.

8.5 Late payments may result in suspension of access. All taxes are additional to stated fees.

Note: Detailed commercial terms (including the subscription package, pricing, discounts, referral rebates, and the scope of any support or services included in that package) will be set out in the Clinic Agreement and/or order form, not in this document.

9. Service Levels and Support (High-Level)

9.1 Refora aims to provide uptime, support and response targets as set out in Part B (SLA).

9.2 Support channels and response times are as described in the SLA. Scheduled maintenance and emergency maintenance may occur as described in the SLA.

10. Intellectual Property

10.1 Refora and its licensors own all rights, title and interest in and to the Platform, its software, documentation, and related materials. No rights are granted to the Clinic except as expressly set out in this Agreement.

10.2 The Clinic retains ownership of its own content, Health Information, and referral materials. The Clinic grants Refora a limited, non-exclusive licence to host, process, transmit and display such content for the purposes of operating the Platform and providing the services, and for security, backup, and quality-improvement purposes as described in the Privacy and Data Protection Policy.

11. Confidentiality

11.1 Each party must protect the other party's confidential information using safeguards no less stringent than those it uses for its own confidential information.

11.2 This clause does not restrict disclosures required by law, court order, or a regulator, provided reasonable notice is given to the other party where lawful and practicable.

12. Privacy; Data Transfers; Retention

12.1 Refora's Privacy and Data Protection Policy forms part of this Agreement. It explains data categories, purposes, safeguards, cross-border transfers and breach notification under the PDPA.

12.2 Data may be hosted with reputable cloud providers in Singapore or in other jurisdictions with comparable data protection. Refora will implement legally enforceable transfer mechanisms where required.

12.3 Retention, archival and deletion are governed by the Data Retention and Deletion Policy. Clinics remain responsible for meeting healthcare record-retention obligations as data controllers.

13. Warranties

13.1 Refora warrants that it will provide the services with reasonable care and skill in accordance with industry standards for similar SaaS healthcare platforms.

13.2 Except as expressly stated, Refora disclaims all other warranties, including implied warranties of merchantability, fitness for a particular purpose, and any warranty that the Platform will be uninterrupted or error-free.

14. Indemnities

14.1 The Clinic shall indemnify and hold harmless Refora and its affiliates from direct losses, damages, costs and reasonable legal fees arising directly from:

(a) the Clinic's negligence or wilful misconduct in using the Platform;

(b) material breach of this Agreement by the Clinic;

(c) infringement of third-party intellectual property rights caused by Clinic-provided materials or use contrary to Refora's documentation;

(d) non-compliance with applicable law by the Clinic; or

(e) any data exposure or incident occurring in, or caused by, the Clinic's third-party systems or integrations outside the Platform.

14.2 Refora will notify the Clinic promptly of any claim and give reasonable cooperation at the Clinic's expense. The Clinic will have control of the defence, subject to Refora's right to participate.

15. Limitation of Liability

15.1 Subject to clause 15.2, the total aggregate liability of Refora and its affiliates arising out of or in connection with this Agreement, whether in contract, tort or otherwise, shall be limited to two times (2x) the total fees paid by the relevant Clinic to Refora in the twelve (12) months immediately preceding the event giving rise to liability.

15.2 The caps above do not apply to liability that cannot be excluded or limited under law, or to liability arising from a party's gross negligence, fraud or wilful misconduct.

15.3 Neither party is liable for indirect, incidental, consequential, special, exemplary or punitive damages, loss of profits, loss of business, loss of goodwill, or loss of data, even if advised of the possibility.

16. Suspension and Termination

16.1 Refora may suspend or terminate access where:

(a) the Clinic materially breaches this Agreement;

(b) fees remain unpaid in accordance with the applicable billing terms, as set out in the Clinic Agreement and as specified in the relevant invoice issued by Refora; or

(c) Refora reasonably believes there is unauthorised access, security risk, or unlawful activity.

16.2 The Clinic may terminate its account through any account-deletion flow on the Platform or by written notice to Refora.

16.3 Upon termination, Refora will provide the Clinic with a period of thirty (30) days during which the Clinic may request an export of its referral, patient, and enquiry data in a reasonable format (such as CSV, JSON, or PDF). After this period, active service obligations cease and the Clinic's access to the Platform will be revoked. Data will thereafter be retained, archived, or deleted in accordance with the Privacy and Data Protection Policy and the Data Retention and Deletion Policy.

17. Audit and Compliance (Clinic Side)

17.1 Clinics must maintain appropriate internal policies, access controls and audit trails for their Authorised Users.

17.2 Where reasonably required to verify compliance with security or data-protection obligations relating to Platform use, Refora may request attestations or documentary evidence of controls from the Clinic. Any on-site audit at the Clinic must be mutually agreed and shall not unreasonably disrupt operations.

18. Changes to the Platform and to this Agreement

18.1 Refora may update features or issue patches and improvements.

18.2 Refora may amend this Agreement (including the SLA) by posting an updated version on the Platform and, where changes are material, notifying Clinics by email or in-app notice. Continued use after the effective date constitutes acceptance.

19. Force Majeure

Neither party is liable for failure or delay due to events beyond reasonable control, including outages of the public Internet, third-party hosting environments, or regulatory actions.

20. Notices, Assignment, Entire Agreement, Third-Party Rights

20.1 Refora may notify the Clinic via the Platform, email, or other contact details provided. The Clinic may notify Refora at the address or email specified on the Platform.

20.2 The Clinic may not assign this Agreement without Refora's prior written consent. Refora may assign or subcontract performance to affiliates or qualified providers.

20.3 This Agreement, together with the Privacy and Data Protection Policy, the Data Retention and Deletion Policy, any Clinic Agreement, and the SLA, forms the entire agreement between the parties and supersedes all prior discussions.

20.4 If any provision is held invalid, the remainder remains in effect. No failure to enforce is a waiver.

20.5 Except as expressly stated, no person who is not a party has rights under the Contracts (Rights of Third Parties) Act 2001 to enforce any term.

21. Governing Law and Jurisdiction

This Agreement is governed by the laws of Singapore. The courts of Singapore have exclusive jurisdiction. Parties will first attempt good-faith discussions for thirty (30) days before commencing proceedings.

PART B – SERVICE LEVEL AGREEMENT (SLA) – CLINIC USERS

This Part B forms the SLA between Refora and the Clinic and sets out operational performance metrics and support commitments. In case of inconsistency, Part A governs legal interpretation.

1. Purpose and Scope

1.1 This SLA defines measurable performance targets and operational responsibilities for the Platform.

1.2 It governs:

  • system availability and reliability;
  • data integrity, security and backup measures;
  • user-support response and resolution timelines; and
  • quality-improvement obligations.

2. Service Description

2.1 The Platform is a secure, cloud-hosted SaaS system enabling clinics to:

  • receive, import, and manage patient referrals;
  • exchange Health Information securely;
  • maintain searchable referral records and audit logs;
  • receive and import referral emails via the inbound email intake feature;
  • embed a QuickRefer form on their website;
  • receive and manage patient enquiries via WhatsApp and web forms; and
  • utilise AI-powered nurture conversations to engage with patients via WhatsApp.

2.2 Unregistered recipients may receive referral details by secure email for continuity of care.

2.3 Core features include encrypted data transmission, unique-user authentication, session time-outs, audit trails, and controlled data export.

3. Service Availability

3.1 Refora shall target at least 99.0% uptime per calendar month, excluding:

(a) scheduled maintenance with at least 24 hours' notice;

(b) emergency maintenance required for security or stability; and

(c) force majeure events or failures of external networks, Internet providers, or clinic-side systems.

3.2 Uptime is measured via internal and/or independent monitoring and may be reported on request.

3.3 If monthly uptime falls below 99.0%, the Clinic is entitled to a service credit equal to 10% of that month's subscription fee, capped at one month of fees per calendar year. Service credits are the Clinic's sole and exclusive remedy for failure to meet uptime targets.

4. Maintenance Windows

4.1 Routine maintenance will typically occur outside business hours (10 p.m.–6 a.m. SGT), where required and practicable.

4.2 Scheduled downtime should not, on average, exceed four (4) hours per month.

4.3 Emergency maintenance may be performed without notice where delay would risk data integrity or security.

5. Data Integrity and Backups

5.1 Backups are performed on a regular schedule (for example, daily incremental and weekly full backups).

5.2 Backup data are encrypted in transit and at rest.

5.3 Upon termination or written request, Refora will assist the Clinic in exporting data in a reasonable format (such as CSV, JSON, or PDF). Data will be retained and/or deleted in line with the Data Retention and Deletion Policy.

6. Security and Compliance

6.1 Refora maintains administrative, physical and technical controls consistent with PDPA obligations and applicable MOH cybersecurity guidance to a scale appropriate to its operations.

6.2 All clinical and patient identifiers are encrypted at rest and in transit. Access within Refora is restricted to authorised personnel on a need-to-know basis.

6.3 Confirmed data breaches will be notified in accordance with the Privacy and Data Protection Policy and PDPC requirements.

6.4 Clinics remain responsible for obtaining valid patient consent before uploading data. Refora acts as a data intermediary.

7. Support and Incident Response

7.1 Standard Support Hours: 9 a.m.–6 p.m. (SGT), Monday–Friday, excluding Singapore public holidays.

7.2 Channels: Email (support@refora.app) and any in-app support tools that may be made available.

7.3 Response and Resolution Targets

SeverityDescriptionInitial Response TargetResolution
P1 – CriticalComplete outage or data loss≤ 2 hours≤ 8 hours
P2 – MajorMaterial functionality impaired≤ 4 hours≤ 24 hours
P3 – MinorNon-critical issue≤ 1 business dayNext reasonable release
P4 – InquiryUsage question / information≤ 2 business daysAs agreed

7.4 Root-cause analysis for any P1 incident will be completed within a reasonable period (e.g. five (5) business days) and a brief corrective-action summary may be provided to the Clinic.

8. Quality Assurance and Continuous Improvement

8.1 Refora will periodically review:

  • uptime and support metrics;
  • incident trends;
  • security enhancements; and
  • user feedback, where available.

8.2 If material deficiencies are identified, Refora will take reasonable corrective actions within a commercially reasonable timeframe.

9. SLA Reporting and Audit-Related Information

9.1 Refora may, at its sole discretion, provide high-level summaries of service performance and security controls (for example, uptime statistics or descriptions of security practices).

9.2 No right is granted under this SLA for the Clinic or any third party to conduct technical audits of Refora's systems, request SOC reports, or access underlying infrastructure. Any such arrangements, if ever offered, will be agreed separately in writing.

10. Changes to SLA

10.1 Refora may amend this SLA from time to time to reflect operational changes or improvements. Material changes will be communicated via the Platform or email. Continued use of the Platform constitutes acceptance of the updated SLA.


Last updated: 20 June 2026

Effective date: 20 June 2026