Terms of Service

DebriefAI operates an AI-powered clinical documentation and healthcare workflow platform. The Service enables licensed healthcare providers, medical practices, and authorized healthcare entities (“Providers”) to use artificial intelligence tools for generating clinical notes, documentation, coding assistance, and related healthcare administrative tasks. The Service aggregates various AI models specifically configured for healthcare contexts. We may add or remove AI Models or features from the Service at any time.

IMPORTANT: The Service is not a medical device, does not provide medical advice, diagnosis, or treatment recommendations, and is not a substitute for professional medical judgment.

You must be at least 18 years of age and a licensed healthcare professional or authorized representative of a covered entity (as defined under HIPAA) to use the Service. By agreeing to these Terms, you represent and warrant that:

1. You are at least 18 years of age and possess valid professional credentials and licenses required to practice in your jurisdiction;
2. You have not previously been suspended or removed from the Service;
3. Your registration and use of the Service is in compliance with all applicable healthcare laws, regulations, and professional standards, including HIPAA, HITECH, and state medical privacy laws;
4. You have the authority to enter into a Business Associate Agreement (BAA) on behalf of your organization if you will be using the Service to process Protected Health Information (PHI); and
5. You will not use the Service to process PHI until you have executed our Business Associate Agreement or confirmed that an existing BAA is in place.

3.1 BAA Requirement. If you will use the Service to create, receive, maintain, or transmit Protected Health Information (PHI) as defined by HIPAA, you must execute our Business Associate Agreement (available at debriefai.app/baa) prior to uploading or inputting any PHI.

3.2 No PHI Without BAA. Unless you have entered into a valid BAA with DebriefAI, you agree not to input, upload, or transmit any information that constitutes PHI, individually identifiable health information, or any data that could be used to identify a patient.

3.3 Permitted Uses. When operating under a BAA, you authorize DebriefAI to use, process, and store PHI solely as necessary to provide the Service, perform AI model inference, ensure technical safeguards, and as otherwise permitted by the BAA and applicable law.

3.4 Security Safeguards. DebriefAI implements administrative, physical, and technical safeguards consistent with the HIPAA Security Rule. However, you are responsible for implementing appropriate administrative safeguards at your organization.

To access most features of the Service, you must register for an account. When registering, you must provide accurate professional information. You agree to maintain accurate registration information, safeguard your credentials, ensure Authorized Users comply with these Terms, and not share accounts among multiple providers.

5.1 Clinical Content. You may provide clinical inputs and receive AI-generated outputs (collectively “Clinical Content”).

5.2 You grant DebriefAI a limited license to process Clinical Content as necessary to provide the Service.

5.3 Zero Data Retention (ZDR). For BAA-covered accounts (default), DebriefAI will not use Clinical Content to train AI models. Data is deleted after processing unless required by law.

5.4 De-Identification Standards. Any use of Clinical Content for analytics complies with HIPAA Safe Harbor de-identification standards (45 CFR § 164.514(b)(2)).

5.5 Prohibited Data Types. You agree not to input psychotherapy notes, substance use disorder records protected by 42 CFR Part 2, genetic information under GINA, or information regarding minors where prohibited.

By providing Clinical Content, you affirm that you have obtained all necessary patient authorizations, your use complies with professional licensing requirements, you will review all AI-generated outputs before incorporating them into medical records, and you have the necessary rights to use the Clinical Content with the Service.

BY USING THE SERVICE YOU AGREE NOT TO:

• Use the Service for any purpose other than legitimate healthcare documentation;
• Input PHI without a valid BAA in place;
• Generate documentation for encounters you did not participate in or witness;
• Attempt to bypass technical safeguards or re-identify de-identified data;
• Use AI-generated content for final diagnostic decisions without clinical validation;
• Use the Service for non-healthcare commercial purposes without written authorization.

8.1 General Indemnity. You will defend and indemnify DebriefAI and its affiliates from any claim arising out of your use of the Service, your violation of these Terms, any failure to obtain patient authorizations, any HIPAA complaint or breach arising from your acts, or your failure to supervise Authorized Users.

8.2 Limitation of HIPAA Liability. DebriefAI shall not be liable for HIPAA violations arising from your failure to execute a BAA, your failure to maintain adequate access controls, or unauthorized use by your employees or subcontractors.

8.3 If you are subject to a HIPAA audit arising from your use of the Service, you bear sole responsibility for all associated costs, except where the breach results solely from DebriefAI's willful neglect.

THE SERVICE IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. DEBRIEFAI DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED.

• Not Medical Advice: AI-generated content does not constitute medical advice, diagnosis, or treatment recommendations.
• Provider Responsibility: You are solely responsible for reviewing and approving all Clinical Outputs before they become part of the medical record.
• No Liability for Clinical Decisions: DebriefAI has no liability for patient harm resulting from reliance on AI-generated documentation.

IN NO EVENT WILL DEBRIEFAI BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF YOUR USE OF THE SERVICE.

DEBRIEFAI'S AGGREGATE LIABILITY IS LIMITED TO THE GREATER OF: (A) THE AMOUNT YOU HAVE PAID TO DEBRIEFAI IN THE 12 MONTHS PRIOR TO THE CLAIM; OR (B) $1,000.

We implement encryption in transit (TLS 1.2+) and at rest (AES-256), access logging, and annual security risk assessments. In the event of a Breach affecting your PHI, we will notify you without unreasonable delay and no later than 60 days after discovery.

You may terminate your account at any time. If you violate these Terms, particularly regarding HIPAA compliance, we may immediately suspend or terminate your account. Upon termination, we retain Clinical Content as required by BAA retention periods (typically 6 years), then securely destroy PHI in accordance with HIPAA standards.

These Terms are governed by the laws of the State of Delaware. All disputes shall be resolved by binding arbitration under the AAA Commercial Arbitration Rules in Wilmington, Delaware. Either party may seek injunctive relief to prevent irreparable harm pending arbitration.

The Service is offered by DebriefAI, Inc. You may contact us at legal@debriefai.app or support@debriefai.app.