> ## Documentation Index
> Fetch the complete documentation index at: https://leadping.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Business Associate Agreement

> Leadping business associate agreement terms for customers handling protected health information, including safeguards, uses, and responsibilities.

*Revision Date: June 4, 2026*

This Business Associate Agreement ("**BAA**") is incorporated by reference into the Leadping Terms of Service ("**Terms**").  It forms a legally‑binding contract between **Leadping LLC**, a Minnesota limited‑liability company ("**Business Associate**" or "**Leadping**"), and **you**, the individual or legal entity that establishes a Leadping account and indicates acceptance of this BAA by electronic means ("**Covered Entity**" or "**you**").  "You" also includes any organization you represent.

By clicking “I Agree,” checking an acceptance box, or otherwise electronically indicating assent, you acknowledge that:

* you have read and understand this BAA;
* you are duly authorized to accept and bind the Covered Entity; and
* you accept this BAA effective on the date of your electronic assent (the "**Effective Date**").

***

##  Definitions

Capitalized terms not defined here have the meanings given in the Health Insurance Portability and Accountability Act of 1996 ("**HIPAA**"), the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules at 45 C.F.R. Parts 160 and 164 (collectively, the "**HIPAA Rules**"), and the Health Information Technology for Economic and Clinical Health Act ("**HITECH Act**"). "**Protected Health Information**" ("**PHI**") includes Electronic PHI ("**ePHI**").  "**Services**" means the Leadping platform and any related products or services that Leadping provides under the Terms.

***

## Scope; Precedence

If any provision of this BAA conflicts with the Terms, this BAA controls with respect to PHI.  All other provisions of the Terms continue in full force and effect.

This BAA applies only to the extent Leadping creates, receives, maintains, or transmits PHI on behalf of Covered Entity in connection with the Services.  Covered Entity is responsible for determining whether it is a Covered Entity or Business Associate under HIPAA, whether the Services are appropriate for the intended PHI use case, and whether any message, call, workflow, automation, integration, lead source, or communication channel may lawfully include PHI.  Unless Leadping has agreed to support the applicable PHI use case, Covered Entity must not submit PHI to the Services.

This BAA does not make Leadping responsible for Covered Entity's HIPAA compliance program, patient relationship, treatment decisions, marketing authorizations, telemarketing obligations, SMS consent, call-recording consent, recipient identity verification, emergency communications, or the legality of Covered Entity's message content, call scripts, workflows, automations, lead sources, forms, APIs, or integrations.

***

##  Permitted Uses and Disclosures by Business Associate

1. **Provision of Services.**  Leadping may Use and Disclose PHI solely to provide the Services, manage its internal operations, or fulfill its obligations under the Terms, or as otherwise permitted by this BAA or Required by Law.
2. **Minimum Necessary.**  Leadping will request, Use, and Disclose only the minimum PHI necessary to accomplish an intended purpose under HIPAA.
3. **De‑identified Data.**  Leadping may de‑identify PHI in accordance with 45 C.F.R. § 164.514(b) and Use or Disclose such de‑identified data for any purpose, provided no code or other means of re‑identification is disclosed.

***

## Leadping’s Safeguards and Responsibilities

1. **Safeguards.**  Leadping will implement and maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of ePHI as required by 45 C.F.R. §§164.308, 164.310, and 164.312.
2. **Subcontractors.**  Leadping shall ensure that any subcontractor that creates, receives, maintains, or transmits PHI on Leadping’s behalf agrees in writing to restrictions no less protective than those in this BAA.
3. **Reporting Incidents.**  Leadping shall report to Covered Entity without unreasonable delay, and in any event no later than ten (10) business days after discovery, any Security Incident or Breach of Unsecured PHI as defined in 45 C.F.R. § 164.402.  For clarity, unsuccessful security events such as routine pings, scans, blocked attacks, failed login attempts, or other unsuccessful attempts that do not result in unauthorized access, Use, Disclosure, modification, or destruction of PHI are deemed reported by this paragraph and do not require separate notice unless required by law.
4. **Mitigation.**  Leadping shall mitigate, to the extent practicable, any harmful effect known to Leadping of a Breach or other impermissible Use or Disclosure of PHI.
5. **Access, Amendment, Accounting.**  Where Leadping stores PHI in a Designated Record Set, Leadping will: (a) provide access to PHI within fifteen (15) days of Covered Entity’s written request to satisfy 45 C.F.R. § 164.524; (b) make amendments as Covered Entity directs pursuant to § 164.526; and (c) furnish information necessary for Covered Entity to respond to an accounting request under § 164.528.
6. **Availability to HHS.**  Leadping shall make its internal practices, books, and records relating to PHI available to the Secretary of HHS for the purpose of determining Covered Entity’s compliance with HIPAA.

***

## Obligations of Covered Entity

1. **Permissible Requests.**  Covered Entity will not request or cause Leadping to Use or Disclose PHI in a manner that would violate HIPAA if performed by Covered Entity.
2. **Minimum Necessary.**  Covered Entity shall provide or request only the minimum necessary PHI to Leadping.
3. **Authorizations and Restrictions.**  Covered Entity represents that it has obtained and will maintain any authorizations, consents, or notices required under Applicable Law and will promptly notify Leadping of any privacy restrictions that would affect Leadping’s permitted Uses or Disclosures.
4. **Communications and Consent.**  Covered Entity is solely responsible for determining whether any SMS, MMS, voice call, voicemail, recording, workflow, automation, form, API payload, or integration involving PHI is permitted under HIPAA, TCPA, TSR, DNC, state privacy and telemarketing laws, professional rules, carrier requirements, and patient consents or authorizations.
5. **No Sensitive or Emergency Use Without Approval.**  Covered Entity must not use the Services for emergency care, urgent clinical instructions, crisis response, public-safety dispatch, or other time-critical communications where delay, filtering, non-delivery, or failure could cause harm.  Covered Entity must not submit highly sensitive PHI, psychotherapy notes, substance-use-disorder records, genetic information, payment card data, Social Security numbers, credentials, or government IDs unless the intended use is legally permitted and Leadping has agreed in writing to support it.
6. **Customer Systems and Users.**  Covered Entity is responsible for access controls, user permissions, endpoint security, local exports, connected systems, source credentials, API keys, lead sources, integrations, and any downstream systems or vendors that receive PHI from the Services at Covered Entity’s direction.
7. **Notices of Restrictions.**  Covered Entity must promptly notify Leadping of any patient restriction, revocation, opt-out, do-not-contact request, authorization limitation, data-subject request, legal hold, or other requirement that affects Leadping’s permitted Use or Disclosure of PHI.
8. **No Legal or Clinical Advice.**  Leadping does not provide legal, medical, clinical, billing, coding, or compliance advice.  Covered Entity must obtain its own professional advice for regulated communications and PHI handling.

***

##  Term and Termination

1. **Term.**  This BAA commences on the Effective Date and continues until the earlier of (a) termination of the Terms, or (b) termination under this Section 6.
2. **Termination for Cause.**  Either Party may immediately terminate this BAA upon written notice if the other Party materially breaches this BAA and fails to cure the breach within thirty (30) days of notice.
3. **Effect of Termination.**  Upon termination, Leadping will, at Covered Entity’s written direction, return or destroy all PHI.  If return or destruction is infeasible, Leadping shall continue to protect such PHI in accordance with this BAA and limit further Uses and Disclosures to those purposes that make return or destruction infeasible.

***

## Limitation of Liability; No Indirect Damages

1. **Aggregate Cap.**  Except to the extent liability cannot legally be limited, each Party’s cumulative liability under this BAA shall in no event exceed **the total fees actually paid to Leadping under the Terms during the twelve (12) months immediately preceding the event giving rise to the claim**.
2. **No Indirect Damages.**  In no event shall either Party be liable to the other for any indirect, incidental, consequential, special, exemplary, or punitive damages (including loss of profits, revenue, data, or use), even if advised of the possibility of such damages.
3. **Exclusive Remedies.**  The limitations in this Section 7 are the Parties’ exclusive remedies for any claim arising out of or related to this BAA, except as expressly required by Applicable Law.

***

## Disclaimer of Warranties

Except as expressly required by HIPAA or other non‑waivable Applicable Law, **Leadping provides the Services "AS IS" and disclaims all warranties and representations, express or implied, including any warranties of merchantability, fitness for a particular purpose, title, and non‑infringement.**

***

##  Miscellaneous

1. **Governing Law.**  This BAA is governed by the laws of the State of Minnesota without regard to its conflict‑of‑laws rules.
2. **Amendment.**  This BAA may be amended by mutual written agreement or by Leadping as reasonably necessary to comply with changes in Applicable Law, provided Leadping posts the amended BAA and gives Covered Entity advance notice where required by law.
3. **Severability.**  If any provision of this BAA is found unenforceable by a court of competent jurisdiction, the remaining provisions will remain in full force and effect.
4. **No Third‑Party Beneficiaries.**  Nothing in this BAA confers any rights on any person or entity other than the Parties.
5. **Entire Agreement.**  This BAA and the Terms constitute the entire agreement between the Parties with respect to the subject matter and supersede all prior or contemporaneous understandings.

***

## Electronic Acceptance

Covered Entity’s electronic acceptance of this BAA (e.g., via checkbox, click‑through, or API call) constitutes execution as of the Effective Date.  No physical signature is required.

***

## Contact

**Email:** [legal@leadping.ai](mailto:legal@leadping.ai)

**Mail:** Leadping LLC, 202 N Cedar Ave #1, Owatonna, MN 55060, USA

**Website:** [https://leadping.ai/contact](https://leadping.ai/contact)
