nCare Logo Back to nCare
B2B SaaS Platform

nCare Terms of Service

Municipal Care Management System - B2B Terms

Last Updated: December 2025

1. Introduction

nCare is a specialized SaaS platform designed to assist municipalities and care organizations in managing elderly care, coordinating teams, tracking assessments, and improving operational efficiency.

This section covers B2B-specific terms for nCare customers (municipalities, care facilities, healthcare organizations).

Note: These terms supplement the General Terms of Service and Privacy Policy.

2. Service Description and Scope

2.1 What nCare Does

nCare provides:

  • Care Recipient Management: Profiles, assessments (DFRI, MNA, ROAG), care plans, medical histories
  • Team Collaboration: Role-based access for staff, supervisors, admins
  • Task Management: Work orders, care schedules, shift management
  • Reporting & Analytics: Care quality metrics, audit logs, compliance reports
  • Integration: APIs to municipal EMR/EHR systems, healthcare registries
  • Compliance: GDPR-compliant processing, audit trails, data security

2.2 What nCare Does NOT Do

nCare is not:

  • A medical device (not CE/FDA certified; informational only)
  • A clinical decision support system
  • A replacement for professional judgment or clinical expertise
  • A system for emergency response or critical care triage

3. User Access and Administration

3.1 User Roles and Permissions

nCare supports role-based access control (RBAC):

Role Access Level Typical Users
Administrator Full access, user management, settings, billing IT manager, supervisor
Supervisor/Manager Create/edit care plans, manage team, view analytics Care manager, supervisor
Care Staff View assigned tasks, log activities, update progress Nurses, caregivers, staff
Read-Only View-only access, no editing Auditors, quality assurance

3.2 Account Management Responsibilities

Municipality/Customer is responsible for:

  • Creating and managing user accounts
  • Assigning roles and permissions
  • Revoking access when staff leave
  • Maintaining confidentiality of admin credentials
  • Ensuring only authorized personnel access care recipient data
  • Monitoring activity logs for suspicious access

NSD is responsible for:

  • Providing RBAC controls
  • Logging all access and modifications
  • Providing audit trails
  • Implementing authentication security

4. Care Recipient Data and Handling

4.1 Data Classification

Care recipient data in nCare is special category data under GDPR Article 9 (health data) and handled strictly.

4.2 Legal Basis for Processing

Processing is authorized under:

  • GDPR Article 9(2)(h): Healthcare provision by professionals
  • Swedish Patient Data Act (2008:355)
  • Act on Shared Health and Care Documentation (2022:913)
  • Municipal Social Services Act (2001:453)

4.3 Data Controller and Processor

  • Data Controller: Municipality or care organization
  • Data Processor: Next Step Dynamics AB (following controller instructions)
  • Legal Agreement: Separate DPA governs processor obligations

4.4 Data Retention in nCare

  • Active Care: Data retained during care recipient enrollment
  • Inactive Accounts: Retained for 7 years post-discharge (per Swedish law)
  • Deletion: Municipality may request deletion; NSD deletes within 30 days
  • Backups: Data retained for 90 days post-deletion for disaster recovery

5. Security and Compliance

5.1 NSD Security Obligations

NSD commits to:

  • Encryption: AES-256 at rest, TLS 1.2+ in transit
  • Access Controls: MFA, role-based permissions, least privilege
  • Audit Logging: All access logged (user, timestamp, action)
  • Vulnerability Testing: Quarterly penetration testing
  • Incident Response: Breach notification within 72 hours to controller

5.2 Shared Security Responsibility

Component NSD Municipality
Infrastructure Security NSD manages
Encryption & Access NSD implements
User Authentication NSD provides MFA Enforces MFA use
User Training NSD provides resources Trains staff
Incident Response NSD detects & notifies Investigates and responds internally

5.3 Disaster Recovery and Backups

  • Backup Frequency: Daily automated backups
  • Retention: 90 days of backup history
  • RTO (Recovery Time Objective): 4 hours max
  • RPO (Recovery Point Objective): 24 hours max
  • Testing: Quarterly recovery tests

6. Service Level Agreement (SLA)

6.1 Availability Target

NSD commits to 99.0% uptime (monthly), excluding:

  • Scheduled maintenance (max 4 hrs/month, 48h notice)
  • Emergency security patches
  • Force majeure events
  • Customer network/misconfiguration issues

6.2 Performance Standards

Metric Standard
Page Load Time < 2 seconds (p95)
API Response Time < 500 ms (p95)
Database Query Time < 1 second (p95)

6.3 SLA Credits

If uptime < 99.0%:

Availability Service Credit
98.5% – 99.0% 10% monthly fee
97.0% – 98.5% 25% monthly fee
95.0% – 97.0% 50% monthly fee
< 95.0% 100% monthly fee or right to terminate

Claiming Credits: Municipality must report outages to support@nextstepdynamics.com within 5 business days.

7. Support and Maintenance

7.1 Support Tiers

Tier Response Time Availability
Standard 24 hours Business hours (9–17 CET, Mon–Fri)
Premium 4 hours 24/7
Enterprise 1 hour critical 24/7 with dedicated contact

7.2 Support Channels

  • Email: support@nextstepdynamics.com
  • Portal: Help desk system within nCare

8. Data Portability and Migration

8.1 Data Export

Municipality may request export of all nCare data:

  • Format: CSV, JSON, or standard healthcare formats (HL7, FHIR)
  • Timeline: 30 days (standard), 60 days (complex)
  • Cost: Included unless extraordinary effort required

8.2 Migration Support

Upon termination, NSD will:

  • Provide data export in agreed format
  • Assist with migration to an alternative system (up to 40 hours professional services)
  • Retain data for 90 days to support transition
  • Securely destroy data after transition

9. Compliance and Audits

9.1 GDPR Compliance

NSD and municipality agree to:

  • Data minimization
  • Purpose limitation
  • Access controls
  • Breach notification within 72 hours

9.2 Audit Rights

Municipality has the right to:

  • Annual compliance audits
  • On-demand audits (max 2/year) of NSD security/compliance practices
  • Use third-party auditors

10. Contact Information

Customer Support:
Email: support@nextstepdynamics.com

Legal and Privacy Inquiries:
Email: legal@nextstepdynamics.com or dataprotection@nextstepdynamics.com

Related Documents

Privacy Policy General Terms of Service LevFria Terms