Konquered performance systems background

Systems Performance

Tech That Thinks — And Protects

Engineered integrity, adaptive intelligence, and uncompromising security — activated for measurable outcomes.

Konquered Live Konquered OnDemand Konquered Vaults

Trusted By

Business Associate Agreement (BAA)

Konquered Ventures, LLC • Effective: October 25, 2025

Applies to: All Covered Entities and Clients utilizing Konquered Technologies platforms (Konquered Live, OnDemand, Vaults, PM Console, and APIs).

1. Purpose

This Business Associate Agreement (“Agreement”) establishes the obligations of Konquered Ventures, LLC (“Business Associate,” “Konquered”) in its role supporting the Client (“Covered Entity”) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and applicable regulations at 45 C.F.R. Parts 160 and 164.

2. Definitions

  • Protected Health Information (PHI): Individually identifiable health information transmitted or maintained by electronic or other means, as defined under 45 C.F.R. §160.103.
  • Konquered Technologies: The technical division of Konquered Ventures responsible for infrastructure, hosting, and software operations under this Agreement.
  • Covered Entity: The healthcare or health-related organization entering this Agreement with Konquered.

3. Obligations of the Business Associate

  • Implement and maintain administrative, technical, and physical safeguards in accordance with 45 C.F.R. §§164.308–316 to protect PHI from unauthorized use or disclosure.
  • Use or disclose PHI only as permitted by this Agreement or as required by law.
  • Report any unauthorized use or disclosure of PHI to the Covered Entity without unreasonable delay and not later than required by applicable law.
  • Ensure that any subcontractors receiving PHI agree to the same restrictions and safeguards.
  • Maintain and provide access, amendment, and accounting of disclosures of PHI as required by 45 C.F.R. §§164.524–528.

4. Permitted Uses and Disclosures

Konquered may use or disclose PHI solely to perform functions, activities, or services for the Covered Entity as specified in the applicable Master Services Agreement (MSA) or Statement of Work, provided such use would not violate HIPAA if performed by the Covered Entity directly. PHI may also be de-identified in accordance with 45 C.F.R. §164.514, after which it ceases to be PHI.

5. Responsibilities of the Covered Entity

  • Provide PHI to Konquered only through secure, authorized channels designated in writing.
  • Notify Konquered of any limitation, restriction, or revocation of consent that affects PHI use.
  • Be responsible for user access management and compliance with its own HIPAA obligations.

6. Security & Safeguards

  • PHI in transit is encrypted using TLS 1.2+; PHI at rest is encrypted using AES-256 under GCP KMS.
  • Konquered applies role-based access control (RBAC), multi-factor authentication (MFA), and continuous logging.
  • Zero-retention options ensure no persistent PHI storage when transient processing suffices.
  • Security incidents are logged and escalated through a documented incident response plan with client notice.

7. Reporting & Breach Notification

In the event of a breach of unsecured PHI, Konquered will notify the Covered Entity without unreasonable delay (and no later than the legally mandated timeframe), providing the nature of the breach, the PHI involved, and steps for mitigation.

8. Subprocessors & Third Parties

Konquered may utilize subprocessors (e.g., Google Cloud Platform, Stripe, email delivery providers) under Data Processing Addenda ensuring HIPAA-aligned controls. A current list of subprocessors is maintained and made available under NDA.

9. Term & Termination

  • This Agreement remains effective while Konquered maintains or processes PHI for the Covered Entity.
  • Upon termination, Konquered shall return or destroy all PHI where feasible; if infeasible, protections shall remain in effect.
  • Termination shall not relieve either party of obligations for prior acts or existing liabilities.

10. Limitation of Liability

Konquered’s aggregate liability for any claim arising under this Agreement shall not exceed the total fees paid by the Covered Entity to Konquered during the twelve (12) months preceding the incident. Konquered is not liable for indirect, incidental, or consequential damages. Technical operations under Konquered Technologies are governed by separate hosting and infrastructure agreements that limit exposure of Konquered Ventures and affiliates.

11. Indemnification

Each party shall indemnify and hold harmless the other for claims, damages, or expenses resulting from its material breach of this Agreement or violation of applicable law relating to PHI.

12. Regulatory Access

Konquered will make its internal HIPAA-related documentation available to the U.S. Department of Health and Human Services upon lawful request to determine compliance.

13. Miscellaneous

  • This Agreement is governed by the laws of the Commonwealth of Pennsylvania, excluding conflict-of-law provisions.
  • Amendments must be in writing and signed by both parties.
  • If any provision is held invalid, the remainder shall continue in full force and effect.

14. Contact

Konquered Ventures, LLC
[Address]
legal@ikonquer.com | security@ikonquer.com

Start the conversation

Connect with Konquered

One note unlocks strategy, products, and performance expertise—routed to the right team in minutes. We respond within one business day.

Open Contact Hub Book Discovery HIPAA/FERPA-aware workflows available.