Terms & Conditions
Please read these terms carefully before using CuraeAI.
CuraeAI — Terms and Conditions of Use Effective Date: 12 August 2025 | Last Updated: 12 August 2025
1. Acceptance
By clicking “I Agree” or using any CuraeAI website, mobile application or API (collectively, the “Service”), you acknowledge that you have read, understood and agree to these Terms and Conditions of Use (“Terms”). If you do not accept the Terms, do not use the Service.
2. Who We Are
CuraeAI Inc. is a Delaware-incorporated, fully virtual company that aggregates your health data and enables social sharing with other CuraeAI users and health-care professionals. Primary contact e-mail (all jurisdictions): privacy@curaeai.com
3. Definitions
“PHI” – Protected Health Information under 45 C.F.R. §160.103. “User Content” – Any data, text, images, audio, or video a user uploads, imports (e.g., from Epic® or Cerner® via FHIR APIs) or posts, including PHI. “Controller/Processor” – Meanings given by Art 4 GDPR. CuraeAI acts as (i) a processor when handling PHI on behalf of your health-care providers and (ii) a controller for data you publish voluntarily (e.g., community posts).
4. Purpose & Scope
The Service lets you:
- Retrieve health data from third-party sources you authorise;
- Store, visualise and manage that data;
- Share selected data with (a) clinicians you choose or (b) the public CuraeAI community feed.
The Service does not provide medical diagnosis or treatment. Always consult a licensed clinician; call 911 in an emergency.
5. Legal Bases for Processing (GDPR/UK GDPR)
| Activity | Legal Basis | Reference |
|---|---|---|
| Importing data from EHRs/wearables you connect | Consent (Art 6 (1)(a)) | |
| Providing the Service, security & fraud prevention | Legitimate interests (Art 6 (1)(f)) | |
| Storing special-category data (health) | Explicit consent (Art 9 (2)(a)) | |
| Complying with HIPAA, subpoenas, or FDA recalls | Legal obligation (Art 6 (1)(c)) |
You may withdraw consent at any time in Settings; withdrawal does not affect prior lawful processing.
6. Eligibility & Accounts
You must be 18 years or older (or the age of majority where you live). Parents/guardians may request proxy access for minors under Section 12.
7. Authentication & Security
- Multi-factor authentication (MFA) required for all log-ins.
- PHI is encrypted in transit (TLS 1.3) and at rest (AES-256).
- Annual risk analyses and penetration tests align with the 2024-25 HIPAA Security Rule NPRM proposals mandating MFA and technical inventories. ([HHS.gov][2], [Reuters][3])
- Using a jail-broken/rooted device voids security warranties and is a material breach.
8. User-Directed Sharing
| Mode | Visibility | How to Revoke |
|---|---|---|
| Private (default) | Only you | Delete data or account |
| Provider Share | Named clinicians | Toggle off in Settings (copies already added to the clinician’s EHR may persist) |
| Community Feed | All CuraeAI users | Delete post; screenshots or re-shares may persist |
You are solely responsible for content you make public.
9. Prohibited Conduct
You agree not to: modify or reverse-engineer the Service; post another person’s PHI without legal authority; use the Service for emergencies; or violate any applicable law.
10. No Emergency or Crisis Use
The Service is not monitored 24 / 7. For urgent conditions call 911 or go to the nearest emergency department.
11. Privacy Notices & Your Rights
- HIPAA Notice of Privacy Practices (NPP). Incorporated by reference.
- GDPR/UK GDPR Rights. You have the rights of access, rectification, erasure, restriction, portability, and objection. Exercise them by e-mailing privacy@curaeai.com or contacting DataRep (EU/UK). We will respond within 30 days (one month) as required.
- International Transfers. We rely on:
- EU-approved Standard Contractual Clauses 2021 for transfers to the United States ([European Commission][4])
- UK International Data Transfer Agreement (IDTA) or SCC Addendum for UK-origin data ([ICO][5])
- The EU-US Data Privacy Framework where recipients are certified (noting ongoing legal challenges) ([Kennedys Law][6]). Transfer Impact Assessments are reviewed annually.
12. Proxy & Minor Access
- Children < 13. Parent/guardian may create a child account; certain sensitive data (e.g., sexual/mental-health) is concealed once the child turns 13, subject to applicable state teen-privacy laws.
- Ages 13-17. Limited features; parent proxy continues but cannot view restricted categories without the minor’s consent.
- ≥ 18. Proxy access terminates unless the adult user re-authorises.
13. Intellectual Property
Except for User Content, all software, graphics and trademarks are CuraeAI’s property. You receive a non-exclusive, non-transferable license to use the Service for lawful purposes.
14. Third-Party Links & APIs
Links to third-party EHRs (e.g., Epic®, Cerner®) and services (e.g., Apple Health®) are provided for convenience. CuraeAI is not responsible for their content, security or privacy practices.
15. Disclaimer of Warranties
THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE,” WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR THAT THE SERVICE IS ERROR-FREE OR UNINTERRUPTED. Some jurisdictions do not allow disclaimer of implied warranties; those disclaimers apply to the maximum extent permitted by law.
16. Limitation of Liability
TO THE FULLEST EXTENT PERMITTED BY LAW, CURAEAI’S TOTAL LIABILITY FOR ANY CLAIM ARISING OUT OF OR RELATING TO THE SERVICE SHALL NOT EXCEED US $100. CURAEAI SHALL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS OR DATA, EVEN IF ADVISED OF THE POSSIBILITY.
17. Indemnification
You will indemnify and hold harmless CuraeAI and its officers, employees and agents from any claim or demand (including reasonable attorneys’ fees) arising out of your misuse of the Service or violation of these Terms.
18. Modifications
We may revise these Terms at any time. Material changes will be announced in-app and via e-mail at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
19. Termination
We may suspend or terminate your account for security risk, legal requirement or misuse. You may delete your account at any time in Settings. Sections 13–21 survive termination.
20. Governing Law & Dispute Resolution
These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict-of-law rules. Any dispute shall be resolved by binding arbitration under the American Arbitration Association’s Health-Care Payor Provider Rules; hearings may be conducted virtually. Claims under US $10,000 may be filed in Delaware small-claims court. Nothing prevents CuraeAI from seeking injunctive relief to protect intellectual-property rights.
21. Contact
- General privacy & HIPAA inquiries: privacy@curaeai.com
© 2025 CuraeAI Inc. All rights reserved.