Skip to main content

This document is a working draft. Final version pending HIPAA compliance review (PR #48).

Terms of Service.

Working draft — review status above.

1. Acceptance

By creating an account or running the free LARA Readiness Audit you agree to these Terms of Service and to our Privacy Policy. These terms are draft pending HIPAA compliance review and are subject to revision before general availability.

2. Plan & cancellation

All plans are month-to-month. You may cancel any time. Upon cancellation we retain your tenant data for 30 days for re-activation, then purge in accordance with our 6-year HIPAA audit retention rule for relevant audit records.

3. PHI handling

No PHI may be written to a tenant before a Business Associate Agreement is signed by both parties. PHI is encrypted at rest with AES-256-GCM and access is gated by row-level security plus app-layer role checks.

4. Acceptable use

You agree not to upload data not lawfully under your control, not to attempt to bypass tenant isolation, and not to use the system to impersonate another regulated entity or licensee.

5. Audit log

All access to PHI is recorded in an append-only audit log. You may request a copy of your facility's audit log at any time; we deliver it as a signed export within 5 business days.

6. Subprocessors

We use Supabase, GCP, Vercel, Postmark, Twilio, DocuSeal, Anthropic, Sentry, and Stripe as subprocessors as described in the Privacy Policy. Each subprocessor is governed by a BAA where PHI is involved.

7. Liability

These terms cap liability to the lesser of fees paid in the prior 12 months or actual direct damages. We do not limit liability for gross negligence, willful misconduct, or breach of HIPAA obligations.

8. Changes

These terms will be revised before general availability. We will email customers and post a notice on this page when terms materially change.