GleamConnect Master SaaS Agreement / Clinic Terms

Provider: Gleam Connect Ltd
Company number: [insert after incorporation]
Registered office: [insert registered office]
Country of incorporation: Ireland
Primary contacts: legal@gleamconnect.com | privacy@gleamconnect.com | support@gleamconnect.com
Last updated: 18 April 2026
Status: Draft legal pack for implementation and external solicitor review before production launch

1. Introduction and binding effect

These terms govern the use of the GleamConnect software platform and related services by business customers, including clinics, practices, salons, treatment centres, specialists, managers, and authorised staff accounts.

By accepting these terms, signing an order form, clicking an acceptance box, or using the services, the clinic enters into a legally binding agreement with Gleam Connect Ltd.

If an individual accepts these terms on behalf of a clinic or other organisation, that individual confirms that they have authority to bind that organisation.

2. Definitions

Account means a login, credential set, organisation profile, API credential, or access token used to access the services.
Affiliate means an entity controlling, controlled by, or under common control with a party.
Archive means restricted, non-operational storage maintained for legal, security, integrity, and dispute-resolution purposes.
Clinic means the contracting business customer and each authorised user acting on its behalf.
Clinic Data means all data submitted to, stored in, generated through, or exported from the services by or for the clinic, including patient records, client records, intake forms, consents, booking records, treatment notes, attachments, communications, and operational data.
Documentation means GleamConnect product documentation, help materials, implementation instructions, and onboarding materials made available by GleamConnect.
End User means a patient, client, customer, website visitor, or other individual interacting with the clinic through the services.
Fees means subscription fees and any other charges payable by the clinic under the agreement.
Order Form means any signup flow, pricing page, proposal, quote, statement of work, or purchase document referencing these terms.
Services means the GleamConnect websites, web applications, mobile applications, tablet applications, APIs, messaging functionality, analytics, intake workflows, document generation, archive controls, and related support services supplied by GleamConnect.
Subscription Term means the initial and renewal term set out in the order form or pricing flow.

3. Scope of services and platform role

GleamConnect provides software infrastructure for clinic operations, including appointment scheduling, staff management, booking flows, intake capture, customer relationship management, internal communications, analytics, document generation, customer-facing interfaces, and integrations with selected third-party services.

The services are supplied as a software platform only. GleamConnect does not deliver medical, clinical, cosmetic, aesthetic, dental, nursing, counselling, pharmacy, or other regulated healthcare services. GleamConnect does not examine patients, diagnose conditions, provide treatment plans, approve treatment suitability, or supervise clinical judgement.

The clinic remains solely responsible for:

• all professional and treatment decisions;
• patient assessment, eligibility, contraindications, patch testing, consent, aftercare, and clinical records;
• professional licensing, registration, insurance, supervision, and staff conduct;
• compliance with all laws, codes, standards, guidance, and insurer requirements applicable to its business;
• patient safety, complaints, incidents, and outcomes;
• determining what clinic data is entered into the services and how it is used.

4. Eligibility and account security

The clinic must:

• provide accurate and complete registration, billing, and business information;
• maintain current administrator details;
• keep credentials confidential;
• promptly notify GleamConnect of any suspected unauthorised use, credential compromise, or security incident;
• ensure that each staff user is properly authorised, trained, and instructed.

The clinic is responsible for all acts and omissions occurring through its accounts, unless directly caused by GleamConnect’s own breach of the agreement.

5. Licence grant and restrictions

Subject to payment of fees and continued compliance with this agreement, GleamConnect grants the clinic a limited, non-exclusive, non-transferable, non-sublicensable right during the subscription term to access and use the services for the clinic’s own internal business operations.

The clinic shall not, and shall not permit any third party to:

• resell, rent, lease, or exploit the services as a service bureau except where expressly permitted in writing;
• reverse engineer, decompile, disassemble, or attempt to derive source code except to the limited extent such restriction is prohibited by law;
• bypass or defeat access controls, usage limits, tenancy boundaries, archive restrictions, or security mechanisms;
• access the services to build a competing service or benchmark publication without prior written consent;
• upload malicious code, unlawful content, or data that the clinic has no lawful right to process;
• use the services in a way that interferes with system integrity, security, or availability.

6. Clinic data, ownership, and data roles

As between the parties, the clinic retains all right, title, and interest in clinic data. GleamConnect retains all right, title, and interest in the services, underlying software, APIs, templates, analytics models, security tooling, documentation, aggregated de-identified service metrics, and all related intellectual property rights.

6.1 Data protection roles

For patient treatment data and clinic operational data processed on behalf of the clinic, the clinic acts as controller and GleamConnect acts as processor, except where GleamConnect acts as an independent controller for its own:

• account administration;
• subscription billing;
• fraud prevention;
• security logging;
• platform abuse detection;
• archive access governance;
• legal claims handling;
• compliance records.

The parties agree that the Data Processing Agreement forms part of this agreement.

6.2 No training of unrelated general models on identifiable patient data

GleamConnect shall not use identifiable patient data from the clinic to train public or unrelated general-purpose AI models for unrelated purposes. AI-assisted processing, where offered, shall remain bounded to providing features for the services and subject to the clinic’s lawful instructions and applicable law.

7. Availability, support, maintenance, and changes

GleamConnect may improve, update, maintain, patch, or modify the services from time to time, including changes required for security, legal compliance, or third-party dependency updates.

GleamConnect does not guarantee uninterrupted or error-free operation. Planned maintenance may occur outside normal business hours where reasonably practicable. Emergency maintenance may occur at any time.

Support levels, response times, and onboarding assistance may vary by plan.

8. Third-party services and integrations

The services may integrate with third-party providers including infrastructure providers, notification providers, document services, analytics tools, and payment providers such as Stripe.

GleamConnect is not responsible for a third-party service’s independent acts, omissions, availability, changes, outages, or regulatory compliance. Use of third-party services may be subject to separate terms between the clinic and that provider.

9. Payment model and merchant position

9.1 Current state

At the date of this version, GleamConnect processes clinic subscription billing through Stripe or another designated billing provider for GleamConnect’s own SaaS fees.

Unless GleamConnect expressly agrees otherwise in a separate written payment services agreement, the clinic is the merchant of record for all patient-facing treatment, booking, retail, card-present, and card-not-present transactions conducted by or on behalf of the clinic.

9.2 Future payments and POS

GleamConnect may later introduce proprietary payment orchestration, acquiring support, terminal integration, point-of-sale functionality, stored payment methods, payment facilitation, or other financial services features. Any such services shall be subject to separate contractual terms, onboarding, and where applicable regulatory and compliance conditions.

Nothing in this agreement obliges GleamConnect to provide regulated payment services before such separate terms are in effect.

9.3 Refunds, chargebacks, and patient payment disputes

Except to the extent a separate payment services agreement states otherwise, the clinic is solely responsible for patient refunds, chargebacks, cardholder disputes, treatment pricing disputes, and consumer-facing payment complaints arising from the clinic’s business.

10. Fees, invoicing, taxes, and suspension

The clinic shall pay the fees stated in the applicable order form or pricing flow. Fees are exclusive of VAT and other applicable taxes unless stated otherwise.

Late or failed payment may result in:

• retry attempts;
• reminder notices;
• suspension of access;
• limitation of certain features;
• termination for material breach if the failure persists.

GleamConnect may suspend access immediately where reasonably necessary for non-payment, suspected fraud, illegal activity, security risk, or material breach.

11. Acceptable use and prohibited activities

The clinic must comply with the Acceptable Use Policy and must not use the services to:

• process unlawful, defamatory, infringing, deceptive, abusive, or discriminatory content;
• store malware, credential theft tools, or other harmful code;
• impersonate other parties or misrepresent service offerings;
• process patient data without a lawful basis;
• offer illegal, unsafe, or unlicensed treatments;
• transmit spam, phishing, or deceptive communications.

GleamConnect may remove content, restrict access, or suspend use where it reasonably believes continued availability would create legal, security, or operational risk.

12. Security and compliance cooperation

GleamConnect will implement technical and organisational measures appropriate to the risk, including measures relating to access controls, encryption, service monitoring, logging, and environment segregation.

The clinic acknowledges that no internet-based system can be guaranteed absolutely secure or uninterrupted. The clinic shall implement reasonable local security controls, including role-based access, device security, and workforce confidentiality measures.

Where a security incident requires joint coordination, each party shall cooperate in good faith.

13. Data retention, deletion, archive, and legal hold

Operational deletion in the services does not necessarily mean immediate irreversible destruction of all related records.

GleamConnect may retain restricted archive copies of selected records, including booking snapshots, consent logs, audit logs, intake documents, incident-linked records, and evidence bundles, where retention is reasonably necessary for:

• legal compliance;
• fraud prevention;
• service integrity;
• dispute resolution;
• establishing, exercising, or defending legal claims;
• fulfilment of a legal hold, court order, insurer request, or regulatory obligation.

Archived data:

• is not available through standard clinic workflows;
• is not used for ordinary operational processing;
• is access-controlled and logged;
• may be retained for a default baseline period of 6 years from archival trigger, unless a longer period is required by law, legal hold, insurer requirement, regulator direction, or documented clinic instruction consistent with law.

The clinic may request archived records only through the controlled legal/compliance process described in the Archive Access Policy.

14. Intellectual property and feedback

All intellectual property rights in and to the services remain with GleamConnect and its licensors. If the clinic provides suggestions, feedback, enhancement requests, or implementation ideas, GleamConnect may use them without restriction or obligation, provided it does not disclose the clinic’s confidential information in doing so.

15. Confidentiality

Each party shall protect the other’s confidential information using reasonable care and at least the same degree of care it uses for its own confidential information of a similar nature.

Confidential information does not include information that:

• is or becomes public through no breach;
• was lawfully known before disclosure;
• is lawfully received from a third party without duty of confidentiality;
• is independently developed without reference to the other party’s confidential information.

A receiving party may disclose confidential information to the extent required by law, court order, or regulator request, provided it gives prior notice where legally permitted.

16. Warranties and disclaimers

GleamConnect warrants that it will provide the services with reasonable skill and care consistent with a SaaS provider operating services of this type.

Except as expressly stated, the services are provided “as is” and “as available” to the maximum extent permitted by law. GleamConnect disclaims all implied warranties, conditions, and representations including fitness for a particular purpose, non-infringement, merchantability, uninterrupted operation, or error-free performance.

The clinic acknowledges that AI-assisted, automated, or workflow-assistive outputs may be incomplete, inaccurate, or unsuitable and must be independently reviewed by qualified humans.

17. Medical, professional, and treatment disclaimer

The clinic acknowledges that GleamConnect is not responsible for:

• diagnosis, treatment advice, patient suitability, or contraindication assessment;
• treatment outcomes, complications, injuries, dissatisfaction, or aftercare issues;
• regulatory or professional misconduct by the clinic or its staff;
• licensing, insurance, consent validity, or adequacy of the clinic’s own records outside the services.

18. Indemnities

The clinic shall indemnify, defend, and hold harmless GleamConnect, its officers, directors, employees, and affiliates from and against third-party claims, losses, liabilities, damages, costs, and reasonable legal fees arising from or relating to:

• the clinic’s services, treatments, products, professional advice, or clinical decisions;
• the clinic’s breach of this agreement, applicable law, or the DPA;
• unlawful or unauthorised processing of personal data by the clinic;
• claims by end users relating to treatment outcomes, clinic conduct, or patient-facing payment disputes;
• the clinic’s content, branding, communications, or misuse of the services.

GleamConnect shall promptly notify the clinic of any indemnified claim and allow the clinic reasonable control of the defence, provided any settlement imposing non-monetary obligations on GleamConnect requires GleamConnect’s prior written consent.

19. Limitation of liability

Nothing in this agreement excludes or limits liability that cannot lawfully be excluded or limited under applicable law, including liability for death or personal injury caused by negligence, fraud, or fraudulent misrepresentation.

Subject to the preceding paragraph:

• GleamConnect shall not be liable for indirect, incidental, special, exemplary, punitive, or consequential loss;
• GleamConnect shall not be liable for loss of profit, revenue, goodwill, anticipated savings, business opportunity, or data reconstruction costs except to the extent caused by GleamConnect’s wilful misconduct;
• GleamConnect shall not be liable for treatment outcomes, professional negligence, or patient claims arising from the clinic’s business.

GleamConnect’s aggregate liability arising out of or in connection with this agreement shall not exceed the total fees paid or payable by the clinic to GleamConnect under this agreement during the 12 months immediately preceding the event giving rise to the claim.

20. Term, renewal, suspension, and termination

This agreement begins on the earlier of acceptance, order form execution, or first use and continues for the applicable subscription term, renewing automatically for successive renewal terms unless terminated earlier or cancelled before renewal in accordance with the billing policy.

Either party may terminate for material breach if the breach is not cured within 30 days after written notice, except that GleamConnect may terminate immediately for:

• illegal use;
• security threat;
• repeated payment failure;
• repeated serious breach of acceptable use or data protection obligations.

On termination:

• the clinic’s access rights cease;
• outstanding fees remain payable;
• GleamConnect may provide limited export options for active data where practicable and contractually available;
• archive retention may continue in accordance with the retention and archive policy.

21. Export, transition, and deletion

During an active subscription and for a reasonable period after termination where commercially and technically practicable, GleamConnect may permit the clinic to export selected active data in supported formats. GleamConnect is not required to maintain custom export tooling, retain terminated environments indefinitely, or provide raw infrastructure access.

Deletion and archive handling remain subject to the retention and archive policy and any legal hold.

22. Publicity

GleamConnect shall not publicly identify the clinic as a customer without permission, except where the order form expressly authorises reference use or where disclosure is required by law.

23. Governing law and jurisdiction

This agreement and any non-contractual obligations arising from it are governed by the laws of Ireland.

The courts of Ireland shall have exclusive jurisdiction, except that GleamConnect may seek urgent injunctive or equitable relief in any competent jurisdiction where necessary to protect its rights, security, or confidential information.

24. General

• The clinic may not assign this agreement without GleamConnect’s prior written consent, except as part of a merger or sale of substantially all assets with notice.
• GleamConnect may assign this agreement to an affiliate or in connection with a corporate reorganisation, financing, or sale of business.
• If any provision is held unenforceable, the remainder remains in effect.
• Failure to enforce any provision is not a waiver.
• This agreement, together with the DPA, order form, and incorporated policies, constitutes the entire agreement and supersedes prior discussions on the same subject matter.
• Amendments by the clinic are effective only if agreed in writing by GleamConnect.