Terms of Service

These Terms of Service (the “Terms” or “Agreement”) are a legally binding contract between you (“Customer,” “Practitioner,” “you,” or “your”) and Medviz, Inc. (“Medviz,” “we,” “us,” or “our”). These Terms govern your access to and use of our websites (including medviz.ai and samaat.ai), software applications, and related services (collectively, the “Platform” or “Services”).

By creating an account, signing an Order Form (if applicable), or accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree, you may not access or use the Services.

Definitions

“Authorized User” means you and any individual you authorize to access the Services under your account (for example, workforce members of a clinic that is the Customer).

“Customer Data” means information submitted to the Services by or on behalf of Customer, including patient-related information entered, uploaded, recorded, or generated through use of the Services.

“PHI” (Protected Health Information) has the meaning set forth under HIPAA.

“Business Associate Agreement” or “BAA” means a written business associate agreement between Customer and Medviz governing Medviz’s Processing of PHI on Customer’s behalf.

“Order Form” means an online checkout, subscription page, or other ordering document that specifies pricing, subscription term, and permitted use (if applicable).

Eligibility and account registration

You represent and warrant that: (a) you have the legal power and authority to enter into these Terms; (b) you are a licensed healthcare professional or an organization authorized to provide healthcare services; and (c) you will use the Services only in accordance with applicable laws, regulations, and professional obligations.

Registration information must be current, complete, and accurate. You are responsible for maintaining the confidentiality of account credentials and for all activity that occurs under your account, and you will promptly notify Medviz of any unauthorized access or security incident.

The Services

The Services provide tools that may include recording clinical conversations, transcribing audio, generating draft clinical notes (e.g., SOAP notes, summaries), and providing documentation and coding assistance (e.g., suggested ICD codes), depending on the features you enable.

Medviz may modify, update, or discontinue any part of the Services. If we make a material reduction in core functionality during an active paid subscription term, we will provide reasonable notice where practicable.

Professional responsibility; no medical advice

The Services are clinical documentation tools and do not provide medical advice. You remain solely responsible for all clinical decisions and for verifying the accuracy, completeness, and appropriateness of any output before it is used for clinical documentation, coding, billing, compliance, or patient care.

You acknowledge that certain features may use artificial intelligence and machine learning and may produce inaccurate or incomplete outputs; human review is required prior to reliance.

Recording consent; lawful use of recording features

If you use any recording functionality, you are responsible for ensuring that recording and use of recordings complies with all applicable laws and professional obligations, including providing notices and obtaining any required consent from patients and other participants.

Recording consent laws vary by jurisdiction and may require consent of all parties in some locations. You are responsible for determining and complying with the rules that apply to your use case(s).

Medviz may provide product features intended to support notice/consent workflows, but Medviz does not provide legal advice and does not control your clinical environment.

HIPAA and PHI

If Customer is a HIPAA Covered Entity (or a contractor to a Covered Entity) and Customer Data includes PHI, then:

1. BAA requirement. Customer and Medviz must enter into a BAA before Customer uploads or otherwise provides PHI to the Services (unless Medviz expressly agrees otherwise in writing).

2. BAA controls. To the extent Customer Data is PHI and there is a conflict between these Terms and the BAA, the BAA will control with respect to PHI.

3. Permitted processing. Medviz will use and disclose PHI only as permitted by the BAA and as required by law, consistent with Medviz’s role as a Business Associate.

4. Patient rights requests. Patients should generally direct requests to exercise HIPAA rights (access, amendment, accounting, restrictions) to the relevant healthcare provider. Medviz will support Customer as required by the BAA and applicable law.

Subprocessors

Customer acknowledges that Medviz uses service providers (subprocessors) to help provide and secure the Services (for example, hosting, monitoring, customer support, and payment processors).

Where Medviz processes PHI as a Business Associate, Medviz will require relevant subprocessors to agree by written contract to restrictions and safeguards consistent with Medviz’s obligations for PHI (including, where applicable, HIPAA subcontractor requirements).

AI and model training; de-identified and aggregated data

No PHI generalized model training. Medviz does not use PHI to train or improve generalized AI or foundation models. PHI is used only to provide the Services to the relevant Customer and as permitted by the BAA or required by law.

De-identified and aggregated data. Where legally permitted, Medviz may create and use de-identified or aggregated information for service improvement, analytics, and research. If Medviz claims HIPAA de-identification for data derived from PHI, Medviz will use HIPAA-compliant de-identification methods (Safe Harbor or Expert Determination).

De-identified information is not intended to identify any individual. However, you acknowledge that de-identification reduces, rather than eliminates, risk and that no de-identification process can guarantee zero re-identification risk.

Biometrics and voice data

The Services may process voice recordings to transcribe conversations and generate clinical documentation. Medviz does not use voice recordings to uniquely identify patients or practitioners as part of the core documentation workflow and does not intentionally create or maintain voiceprints for identity authentication as part of the core scribe functionality.

If Medviz introduces optional features that use voice data for unique identification (e.g., voice-based login), Medviz will provide any required notices, obtain any legally required consents, and publish any required retention/destruction policies.

Privacy Policy

Medviz’s handling of personal information is described in the Medviz Privacy Policy, which is incorporated by reference. In the event of a conflict between these Terms and the Privacy Policy about personal information processing, the Privacy Policy governs.

Fees, payments, renewal, cancellation, refunds

Access to paid features requires payment of the applicable subscription fees described at checkout or in an Order Form.

Subscriptions automatically renew unless you cancel before renewal through your account settings or as otherwise described in your Order Form. Fee changes will take effect at the start of your next subscription period after reasonable advance notice.

Unless required by law or expressly stated in an Order Form, fees are non-refundable and we do not provide refunds or credits for partial subscription periods.

Payments may be processed through third-party payment providers; Medviz may receive limited transactional details (e.g., subscription status, invoice IDs).

Acceptable use; prohibited conduct

You will not (and will not permit any third party to):

• reverse engineer, decompile, or attempt to discover source code (except to the limited extent prohibited by applicable law);

• access the Services in order to build a competing product;

• use the Services to transmit unlawful, infringing, or harmful content;

• interfere with or disrupt the integrity or performance of the Services; or

• use the Services in a manner that violates applicable law or professional obligations.

Intellectual property

Medviz and its licensors own all right, title, and interest in and to the Services and related intellectual property.

Subject to your compliance with these Terms, Medviz grants you a limited, non-exclusive, non-transferable, revocable license during the subscription term to access and use the Services solely for your internal clinical documentation and related healthcare operations.

Feedback

If you provide feedback, suggestions, or recommendations, you grant Medviz a perpetual, irrevocable, royalty-free right to use them to improve the Services without compensation to you.

Confidentiality

Each party may receive non-public information from the other party (“Confidential Information”). The receiving party will: (a) use Confidential Information only to perform under this Agreement; (b) not disclose it to third parties except to personnel and contractors with a need to know who are bound by confidentiality obligations; and (c) protect it using reasonable measures.

Security; incident response and breach notification

Medviz maintains an information security program designed to protect information, including PHI, using administrative, physical, and technical safeguards appropriate to the risk.

If Medviz discovers a breach of unsecured PHI while acting as a Business Associate, Medviz will notify Customer in accordance with the BAA and applicable law.

Data retention; deletion; termination

Medviz retains information in accordance with the Privacy Policy, Customer configuration, Customer instructions, contractual obligations (including the BAA where applicable), and applicable law. Deleted information may persist in backups for a limited period, but will be isolated and protected and deleted according to backup retention practices.

You may terminate by closing your account. Medviz may suspend or terminate your access if it reasonably believes you violated these Terms or if required by law.

Upon termination, your license to use the Services ends. Data return or destruction for PHI will be handled as required by the BAA.

Disclaimers

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, MEDVIZ DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MEDVIZ’S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS OR THE SERVICES WILL NOT EXCEED THE AMOUNT PAID BY CUSTOMER TO MEDVIZ FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

Indemnification

Customer will indemnify, defend, and hold harmless Medviz and its affiliates, officers, directors, employees, and agents from and against claims and expenses arising out of or related to: (a) Customer’s unlawful use of the Services; (b) Customer’s violation of applicable law or professional obligations; (c) Customer’s infringement of third-party rights; or (d) Customer’s clinical acts or omissions.

Governing law; venue

These Terms are governed by the laws specified in the applicable Order Form or, if none, the laws of the State of Florida, excluding conflict of law principles. The parties consent to exclusive jurisdiction and venue in the state or federal courts located in Florida, unless otherwise required by applicable law.

Changes to these Terms

Medviz may update these Terms from time to time. We will provide at least thirty (30) days’ notice of material changes via the Services or email. Continued use after changes take effect constitutes acceptance.

Contact

Medviz, Inc.

Email: privacy@medviz.ai