TERMS OF SERVICE FOR SYMPHONY

Effective Date: 30th April 2025

These Terms constitute a legally binding agreement between Proton Health Ltd. ("Proton Health", "Company", "we", "us", "our") and you, the healthcare professional or organisation ("Provider", "you", "your"). By accessing or using any part of the Symphony service you agree to be bound by these Terms.

> IMPORTANT – PLEASE READ CAREFULLY Symphony is an administrative AI‑powered documentation tool. It is not a medical device, a clinical‑decision‑support system, or a substitute for professional judgment. All outputs must be verified by a licensed clinician before use in patient care. Nothing in these Terms limits any non‑waivable statutory right. >

0. DEFINITIONS

Account – A unique login credential that allows a user to access Symphony.

AI Outputs – Any text, data or other content generated by Symphony's artificial-intelligence components.

BAA – A Business Associate Agreement required by HIPAA when PHI is processed.

Confidential Information – Non-public information disclosed by one party to the other that is marked confidential or would reasonably be understood to be confidential.

Healthcare Laws – All statutes, regulations, and professional rules that apply to the practice of medicine and the processing of health information where Symphony is used, including UK MDR, EU AI Act, UK AI regulations, HIPAA, GDPR / UK GDPR, CCPA / CPRA and any state equivalents.

Patient Data – Information relating to an identified or identifiable patient that is submitted to, or generated by, Symphony.

PHI – Protected Health Information as defined in HIPAA.

Subcontractor / Subprocessor – Any third party engaged by Proton Health to process data or provide part of Symphony on Proton Health's behalf.

1. INTRODUCTION & ACCOUNTS

1.1 Binding Agreement

Registration for, or use of, Symphony constitutes acceptance of these Terms in full.

1.2 Eligibility & Age Requirements

  • You must (a) be at least 18 years old and legally authorised to practise medicine or an allied profession in your jurisdiction; (b) have authority to bind the organisation you represent; and (c) pass our credential‑verification process (e.g. GMC/NPI lookup). Symphony must not be used by, or on behalf of, any person who has not reached the age of majority in their jurisdiction, including healthcare trainees.

1.3 Account Security

You are responsible for all activity under your Account. Use strong, unique passwords and multi‑factor authentication. Notify us immediately of any unauthorised use.

1.4 Term

These Terms commence upon your first access to Symphony and continue until terminated under § 11.

1.5 Registration

During registration you must provide accurate contact and credential information; we process that information as described in our Privacy Policy to operate and secure Symphony.

2. SERVICE DESCRIPTION & PURPOSE

2.1 Symphony Overview

Symphony provides: (a) pre‑visit patient intake; (b) consultation recording and transcription; (c) draft clinical‑note generation. Detailed functionality may vary by subscription tier.

2.2 AI Compliance & Regulatory Classification

  1. Non‑Device Intent – Symphony is designed and technically configured so that it does not by itself interpret clinical data or provide patient‑specific diagnostic or treatment recommendations. Outputs require human review and approval prior to clinical use.
  2. Regulatory Reclassification – If any competent authority determines that Symphony (or a component) is, or may become, regulated Software as a Medical Device (SaMD) or a high‑risk AI system, we may (i) suspend the affected functionality, (ii) require you to install updates, and/or (iii) impose additional obligations and fees to maintain compliance.
  3. AI Act & UK AI Rules – Proton Health operates a documented risk‑management system, data‑governance plan and post‑market monitoring process as required by the EU AI Act 2024 and the UK medical‑AI framework. Providers agree to (a) use Symphony in accordance with the provided instructions for use, (b) maintain human oversight, and (c) cooperate with incident investigations.

2.3 Updates and New Functions

We may enhance or replace functions. Material changes that reduce core functionality entitle you to terminate with a pro‑rata refund of prepaid fees.

2.4 Intended Use & Provider Validation

Symphony is an administrative documentation assistant only. You must independently verify all AI Outputs before relying on them in patient care. Symphony functions analogously to an advanced intake form and documentation assistant; it does not itself establish the standard of care.

2.5 Patient Consent & Biometric Data.

Provider will obtain any consent required by biometric-privacy laws; Proton Health will not store raw audio beyond the 7-day audio-retention window.

2.6 Company Regulatory Compliance

Proton Health shall, at its own cost, implement and maintain processes, controls and documentation reasonably necessary to comply with applicable Healthcare Laws that govern administrative health‑software, including any future regulations that impose registration, post‑market surveillance or audit obligations. Proton Health will promptly address any regulatory inquiries or enforcement actions and will notify Providers of changes that materially affect Symphony's compliance status.

2.7 Incident Reporting

Providers must promptly notify Proton Health of any event associated with Symphony that has caused, or could reasonably cause, harm to a patient or regulatory non-compliance.

3. FEES & PAYMENT

See the price list on our website or your Order Form. Subscription fees are billed in advance and renew automatically unless cancelled prior to the renewal date. We may adjust fees on 30 days' notice. Except where these Terms explicitly state otherwise, all fees are non-refundable.

4. PROVIDER OBLIGATIONS

4.1 Legal & Ethical Compliance

Providers must:

  • (a) comply with all Healthcare Laws and professional standards that govern their practice and use of Symphony;
  • (b) obtain and document informed patient consent for (i) audio or video recording, (ii) AI-based processing of Patient Data, and (iii) any data transfer required for Symphony's operation, in each case in accordance with applicable law; and
  • (c) maintain contemporaneous records evidencing that compliance and cooperate promptly with any reasonable audit or regulatory inquiry relating to Symphony or its use.

4.2 Clinical Responsibility

Providers retain sole clinical responsibility and must:

  • (a) exercise independent professional judgment in all diagnostic, treatment and documentation decisions;
  • (b) verify the accuracy, completeness and clinical relevance of all AI Outputs before relying on them; and
  • (c) review, edit and approve every Symphony-generated draft before incorporating it into official patient records or communicating it to any third party.

4.3 Security

Providers shall maintain reasonable administrative, technical and physical safeguards—including device encryption, secure networks, unique passwords and multi-factor authentication—sufficient to protect Accounts and Patient Data and to prevent unauthorised access to Symphony.

4.4 Insurance

Maintain at least £/€/$ 1 million per claim professional‑liability cover and £/€/$ 1 million cyber‑liability cover. Provide certificates on request.

4.5 Prohibited Uses

You must not (i) reverse-engineer, decompile, disassemble, or derive the source code of Symphony; (ii) scrape or access Symphony through automated bots or scripts; (iii) submit non-patient, false, or malicious data; (iv) transmit viruses or harmful code; or (v) use Symphony to practise beyond your licensure or violate any law.

5. DATA PROTECTION & PRIVACY

5.1 HIPAA (US) & GDPR / UK GDPR (UK/EU)

  • HIPAA – We will sign a BAA incorporating the April 2024 HIPAA Privacy Rule to Support Reproductive Health amendments. Do not upload PHI until the BAA is executed.
  • GDPR / UK GDPR – Our Data Processing Addendum ("DPA") incorporates the EU Standard Contractual Clauses and the UK International Data Transfer Addendum for cross‑border transfers. Providers acting as Controllers must issue lawful instructions and obtain all required consents.
  • We will not disclose PHI related to lawful reproductive health care except as permitted by the April 2024 HIPAA Final Rule (45 C.F.R. § 164.502(a)(5)(ii)).

5.2 Security Incident & Breach Notification

We will notify you without undue delay and, for Providers subject to HIPAA, no later than the timelines set out in the Business Associate Agreement.

5.3 Data Retention & Portability

Retention and deletion of Patient Data (including identifiers) will be handled in accordance with the applicable BAA. Upon account termination you may export Patient Data in a standard structured format for 30 days; after that, we will delete or archive the data as required by the BAA or applicable law.

5.4 De‑identified Data

Proton Health may create and use de‑identified and aggregated data to improve Symphony and for analytics, provided such data cannot reasonably be re‑identified. Providers retain ownership of all Patient Data. Proton Health owns de-identified or aggregated derivatives and may use them to operate, secure and improve Symphony and related analytics.

5.5 State Consumer Privacy

  • To the extent Symphony processes personal data subject to any U.S. state consumer-privacy law (e.g., CCPA/CPRA, VCDPA, NJDPL, etc.) that is not exempt under the law's HIPAA or clinical-data carve-out, Proton Health will honour applicable consumer rights (access, deletion, opt-out, correction) and maintain a data-protection assessment for high-risk processing. Provider will promptly forward any consumer privacy requests it receives relating to Symphony.
  • Symphony is not directed to persons under 13. You must not permit unsupervised minors to create accounts or interact directly with Symphony. If Provider uploads personal information of children under 13, Provider represents it has obtained verifiable parental consent as required by COPPA.

5.6 Confidentiality

Each party shall keep the other's Confidential Information in strict confidence, employ safeguards equal to those used for its own confidential data, and, on termination, promptly return or securely destroy it except where retention is required by law.

6. THIRD‑PARTY FUNCTIONALITY & LINKS

Symphony may depend on third‑party APIs (e.g., speech‑to‑text). Use of such functionality is subject to the third party's terms, which are hereby incorporated by reference.

7. INTELLECTUAL PROPERTY

All rights in Symphony and related materials remain with Proton Health or its licensors. You receive a non‑transferable, non‑exclusive, revocable licence to use Symphony during the subscription term.

If you provide feedback, you grant Proton Health a perpetual, royalty‑free licence to use it for any purpose.

8. WARRANTIES & DISCLAIMERS

8.1 Paid‑Tier Limited Warranty

Proton Health warrants that, during a paid subscription, Symphony will materially conform to its documentation. Your exclusive remedy for breach is repair, replacement or pro‑rata refund.

8.2 Beta & Free‑Tier Disclaimer

All free or beta features are provided "as is" without warranties of any kind.

8.3 AI Output Disclaimer

AI Outputs may be inaccurate or incomplete. Symphony employs probabilistic machine-learning models; consequently, outputs may be incomplete, inaccurate or inappropriate, and Providers must validate all content before relying on it. You must verify accuracy before use and bear all risk of reliance.

9. LIABILITY

9.1 Mutual Cap

Except for Excluded Claims (defined below), each party's aggregate liability arising out of or related to these Terms will not exceed the fees paid or payable by you in the 12 months preceding the event giving rise to the claim.

9.2 Excluded Claims

  • (a) death or personal injury caused by a party's negligence;
  • (b) a party's fraud or wilful misconduct;
  • (c) data‑protection administrative fines to the extent caused by a party's breach;
  • (d) each party's indemnity obligations;
  • (e) infringement of the other party's intellectual‑property rights.

9.3 Exclusion of Consequential Damages

Neither party is liable for indirect, incidental, special or punitive damages, or for lost profits, revenue or data, even if advised of the possibility and even if a limited remedy fails of its essential purpose.

9.4 No Personal Liability of Company Personnel

To the maximum extent permitted by law, no officer, director, founder, employee or shareholder of Proton Health shall have any personal liability for any obligation arising under or in connection with these Terms or Symphony except where such waiver is prohibited by applicable law.

10. INDEMNITIES

Each party will indemnify, defend and hold the other harmless from third‑party claims arising out of (a) the indemnifying party's breach of law, (b) its gross negligence or wilful misconduct, or (c) allegation that its technology infringes a third party's IP.

11. SUSPENSION & TERMINATION

11.1 Suspension

The Company may suspend or restrict access to Symphony immediately if required to protect the security or integrity of the Service, comply with law, or investigate suspected misconduct. Where practicable, we will give prior notice and will reinstate access as soon as the underlying issue is resolved.

11.2 Termination for Breach

Either party may terminate these Terms with immediate effect by written notice if the other party commits a material breach and fails to cure that breach within thirty (30) days after receiving written notice describing the breach in reasonable detail.

11.3 Termination for Convenience or Regulatory Change

(a) A Provider may terminate its subscription (i) under § 2.3 if a material reduction of core functionality occurs, or (ii) under § 13.2 if the Provider objects to a materially adverse change to these Terms.

(b) The Company may terminate these Terms on thirty (30) days' notice if it withdraws Symphony from the market, or immediately if continued provision of Symphony would violate law or a binding order of a competent authority. In the event of withdrawal under this clause, the Provider will receive a pro-rata refund of any prepaid fees covering the unused portion of the subscription period.

11.4 Effect of Termination

Upon termination or expiry of these Terms for any reason:

  • (a) all licences and access rights granted to the Provider immediately cease;
  • (b) all fees and other amounts accrued and owing to the Company become immediately due and payable;
  • (c) each party shall promptly return to the disclosing party, or at the disclosing party's written option securely destroy, all Confidential Information in its possession or control, except to the extent retention is required by applicable law or professional-record-keeping obligations; and
  • (d) Providers may, for thirty (30) days after the effective date of termination, export Patient Data in a standard structured format. After that window the Company will delete or archive the data in accordance with the applicable BAA or DPA.

12. DISPUTE RESOLUTION

12.1 UK & Rest‑of‑World Providers

Governing law: England & Wales. Exclusive jurisdiction: English courts.

12.2 US Providers

All disputes will be resolved by binding arbitration administered by JAMS in New York, NY under the JAMS Comprehensive Arbitration Rules. Judgment on the award may be entered in any court of competent jurisdiction. Either party may seek interim injunctive relief in any court of competent jurisdiction to protect its rights pending arbitration.

12.3 Class‑Action Waiver (US only)

US Providers agree that claims shall be brought on an individual basis only and not as a plaintiff or class member in any purported class or representative action. If this waiver is held unenforceable for a particular claim, that claim may proceed in court and not in arbitration.

12.4 Good‑Faith Negotiation

Before commencing arbitration or litigation, the parties will attempt in good faith to resolve the dispute for at least 30 days.

13. GENERAL PROVISIONS

13.1 Entire Agreement

These Terms, the BAA, DPA (but only as to their subject matter) and any Order Form constitute the entire agreement between the parties. In the event of conflict the following order of precedence applies: (1) Order Form; (2) BAA/DPA; (3) these Terms.

13.2 Modifications

We may update these Terms on 30 days' notice. Materially adverse changes give you the right to terminate with a pro‑rata refund of prepaid fees. Changes to pricing are governed exclusively by § 3, not this clause.

13.3 Severability & Waiver

If any provision is held unenforceable, the remainder remains in effect. Failure to enforce any right is not a waiver.

13.4 Assignment

You may not assign these Terms without our written consent. We may assign in connection with a merger, acquisition or sale of assets.

13.5 Force Majeure

Neither party is liable for failure to perform due to events beyond reasonable control.

13.6 Notices

Legal notices must be sent by email to legal@proton‑health.com and are deemed received the next UK business day.

13.7 Relationship of Parties

The parties are independent contractors; nothing creates an agency, partnership or joint venture.

13.8 Third‑Party Beneficiaries

There are no third‑party beneficiaries to these Terms.

Proton Health Ltd.
7 Bell Yard, London, WC2A 2JR, United Kingdom

Last updated: 30 April 2025