Terms of Service

1. Definitions

• "Services"The AureonCare SaaS platform, website (aureoncare.tech), APIs, documentation, and any related products or features.
• "Account"A registered account granting access to the Services.
• "Customer"A healthcare provider, clinic, or organisation that enters into a subscription agreement with AureonCare.
• "User"Any individual authorised by a Customer to access the Services.
• "Content"All data, text, files, and information uploaded to or created in the Services.
• "PHI"Protected Health Information as defined under HIPAA (45 CFR §160.103).
• "BAA"Business Associate Agreement executed between AureonCare and a covered entity.
• "Subscription"The paid licence to access and use the Services for a defined period.

2. Acceptance of Terms

By creating an Account, accessing, or using the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms, our Privacy Policy, and any additional agreements or policies incorporated by reference.

If you do not agree to these Terms, you must not access or use the Services. We reserve the right to modify these Terms at any time (see Section 20).

3. Eligibility

To use the Services, you must:

• Be at least 18 years of age.
• Be a licensed healthcare professional, authorised clinic administrator, or duly authorised representative of a healthcare organisation.
• Have the legal capacity to enter into binding contracts in your jurisdiction.
• Not be prohibited from using the Services under any applicable law.

4. Account Registration and Security

To access most features of the Services, you must create an Account. You agree to:

• Provide accurate, complete, and current registration information.
• Maintain and promptly update your account information.
• Keep your password and access credentials confidential.
• Enable multi-factor authentication (MFA) where offered and required by your organisation's security policy.
• Immediately notify AureonCare of any unauthorised use of your Account at security@aureoncare.tech.
• Accept responsibility for all activities that occur under your Account.

AureonCare reserves the right to suspend or terminate any Account that it reasonably believes has been compromised or used in violation of these Terms.

5. Subscriptions, Fees, and Payment

5.1 Subscription Plans

AureonCare offers various subscription plans as described on our pricing page. Plan features, limits, and fees are subject to change with 30 days' prior notice to existing Customers.

5.2 Fees and Payment

• All fees are quoted in Euros (EUR) unless otherwise agreed in writing.
• Fees are billed in advance on a monthly or annual basis, as selected at checkout.
• Payment is due within 14 days of invoice date.
• Late payments accrue interest at 9 percentage points above the European Central Bank base rate (§ 288(2) BGB).
• All fees are exclusive of applicable taxes (e.g., VAT). German VAT (Umsatzsteuer) will be added where applicable.

5.3 Refunds

All subscription fees are non-refundable except as required by applicable law or as expressly stated in a separate order form. For annual subscriptions cancelled within 14 days of initial purchase, a full refund will be issued where required by EU consumer law (where applicable).

5.4 Free Trials

AureonCare may offer free trial periods at its discretion. At the end of the trial, your subscription will automatically convert to a paid plan unless cancelled before the trial end date. Credit card details may be required to start a trial.

6. HIPAA Obligations and Protected Health Information

6.1 Business Associate Agreement

If you are a HIPAA Covered Entity (as defined in 45 CFR §160.103) or a Business Associate that will use the Services to create, receive, maintain, or transmit PHI, you must execute a Business Associate Agreement (BAA) with AureonCare prior to transmitting any PHI. Use of the Services to process PHI without a signed BAA is strictly prohibited and constitutes a material breach of these Terms.

To request a BAA, contact: compliance@aureoncare.tech

6.2 Customer Responsibilities

As a Covered Entity using our Services, you agree to:

• Comply with all applicable HIPAA Privacy and Security Rules.
• Obtain all necessary patient authorisations and consents for data processing.
• Ensure Users are trained on HIPAA obligations before accessing PHI.
• Promptly notify AureonCare of any suspected security incidents involving PHI.
• Implement access controls to limit PHI access to authorised personnel only.

6.3 Minimum Necessary Standard

Users must access and use PHI only to the minimum extent necessary to accomplish the intended purpose, in accordance with 45 CFR §164.502(b) and §164.514(d).

7. GDPR and Data Protection Obligations

7.1 Data Processing Agreement

Where AureonCare processes personal data on behalf of a Customer as a data processor within the meaning of Art. 4(8) GDPR, the parties shall enter into a Data Processing Agreement (DPA) compliant with Art. 28 GDPR. The DPA forms an integral part of these Terms and is available at privacy@aureoncare.tech.

7.2 Customer as Data Controller

The Customer is the data controller for all personal data of their patients and staff processed through the Services. The Customer is solely responsible for:

• Establishing a lawful basis for all processing activities (Art. 6 GDPR).
• Providing data subjects with required privacy notices (Art. 13/14 GDPR).
• Responding to data subject rights requests (Art. 15–22 GDPR).
• Conducting and maintaining Data Protection Impact Assessments (DPIAs) where required (Art. 35 GDPR).
• Complying with applicable national data protection laws (e.g., BDSG in Germany).

8. Acceptable Use Policy

You agree not to use the Services to:

• Violate any applicable law, regulation, or third-party rights.
• Upload, transmit, or store any unlawful, harmful, defamatory, or fraudulent content.
• Attempt to gain unauthorised access to any system, network, or account.
• Conduct penetration testing, vulnerability scanning, or security audits without prior written consent from AureonCare.
• Introduce viruses, malware, or any other malicious code.
• Reverse-engineer, decompile, or disassemble any part of the Services.
• Scrape, crawl, or use automated means to extract data from the Services.
• Sublicense, resell, or provide third-party access to the Services without authorisation.
• Use the Services in a way that could damage, disable, overburden, or impair infrastructure.
• Process PHI for any purpose not permitted under the BAA or HIPAA.

Violation of this Acceptable Use Policy may result in immediate suspension or termination of access without refund.

9. Intellectual Property Rights

9.1 AureonCare IP

The Services, including all software, algorithms, interfaces, content, documentation, trademarks, and trade secrets, are owned by AureonCare or its licensors and are protected by applicable intellectual property laws. Nothing in these Terms grants you any rights in or to AureonCare's IP except as expressly provided.

9.2 Licence to Use Services

Subject to these Terms and payment of applicable fees, AureonCare grants you a limited, non-exclusive, non-transferable, revocable licence to access and use the Services for your internal healthcare operations during your Subscription term.

9.3 Customer Content

You retain all intellectual property rights in Content you upload to the Services. You grant AureonCare a limited licence to host, store, process, and display your Content solely to provide the Services to you. AureonCare will not use your Content (including PHI) for any other purpose without your consent.

9.4 Feedback

If you provide AureonCare with feedback, suggestions, or ideas regarding the Services, you grant AureonCare a perpetual, worldwide, royalty-free licence to use such feedback without restriction and without any obligation to compensate you.

10. Confidentiality

Each party may have access to the other party's confidential information ("Confidential Information") in connection with these Terms. Each party agrees to:

• Hold Confidential Information in strict confidence using at least the same degree of care as it uses for its own confidential information (but no less than reasonable care).
• Not disclose Confidential Information to any third party without prior written consent, except to employees or contractors who need to know and are bound by equivalent confidentiality obligations.
• Use Confidential Information solely to exercise rights or perform obligations under these Terms.

PHI is governed by the BAA and applicable HIPAA requirements, which take precedence over this general confidentiality clause where they conflict.

11. Service Availability and Uptime

AureonCare targets a monthly uptime of 99.9% for the core platform, excluding scheduled maintenance windows. Scheduled maintenance will be communicated at least 48 hours in advance via email and/or in-app notification and will be performed during low-usage periods where practicable.

In the event of unplanned downtime exceeding the committed uptime level in any calendar month, Customers on paid plans may be eligible for a pro-rated service credit as set out in the applicable Service Level Agreement (SLA). Service credits are the sole and exclusive remedy for service unavailability.

12. Warranties and Disclaimers

12.1 AureonCare Warranties

AureonCare warrants that:

• The Services will perform materially as described in the documentation.
• It will implement and maintain appropriate security measures as described in the Privacy Policy and BAA.
• It has all necessary rights to grant the licences in these Terms.

12.2 Disclaimers

13. Limitation of Liability

Nothing in these Terms limits or excludes liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, or any other liability that cannot be limited or excluded under applicable law (including §309 Nr. 7 BGB and consumer protection laws).

14. Indemnification

You agree to defend, indemnify, and hold harmless AureonCare and its officers, directors, employees, contractors, and agents from and against any claims, damages, liabilities, costs, and expenses (including reasonable legal fees) arising out of or in connection with:

• Your use of the Services in violation of these Terms.
• Your Content or data uploaded to the Services.
• Your violation of any applicable law, regulation, or third-party right.
• Any PHI breach attributable to your acts or omissions.
• Claims by your patients or staff arising from your use of the Services.

15. Term and Termination

15.1 Term

These Terms commence on the date you first access the Services and remain in effect until your Subscription expires or is terminated.

15.2 Termination by You

You may terminate your Subscription at any time by providing written notice to info@aureoncare.tech or through your account dashboard. Termination takes effect at the end of the current billing period. No refunds are provided for unused portions of a prepaid Subscription unless required by law.

15.3 Termination by AureonCare

AureonCare may suspend or terminate your access immediately upon written notice if:

• You materially breach these Terms and fail to cure within 30 days of notice.
• You use the Services in a manner that poses a risk to AureonCare, other customers, or third parties.
• You become insolvent, enter bankruptcy, or cease operations.
• Required by law or regulatory authority.

15.4 Effect of Termination

Upon termination:

• All licences granted under these Terms cease immediately.
• You must cease all use of the Services.
• AureonCare will provide a data export window of 30 days for you to retrieve your Content, after which data will be deleted per Section 16.
• Sections that by their nature survive termination shall survive (including confidentiality, IP rights, limitation of liability, and governing law).

16. Data Return and Deletion

Upon written request received within 30 days of termination, AureonCare will provide an export of your Content in a standard machine-readable format (CSV, JSON, or HL7 FHIR where applicable).

After the 30-day export window, AureonCare will securely delete or anonymise your Content in accordance with NIST SP 800-88 and DIN 66399, unless retention is required by law (e.g., HIPAA 6-year retention, German tax law). Written confirmation of deletion can be provided upon request.

17. Third-Party Services and Integrations

The Services may integrate with or allow access to third-party services and applications. AureonCare does not control and is not responsible for third-party services. Your use of any third-party service is subject to that provider's own terms and privacy policy. AureonCare shall not be liable for any harm caused by third-party services.

18. Force Majeure

Neither party shall be liable for any delay or failure to perform its obligations (other than payment obligations) to the extent such delay or failure is caused by events beyond that party's reasonable control, including acts of God, natural disasters, war, terrorism, civil unrest, government actions, internet outages, cyberattacks by third parties, or widespread power failures, provided that the affected party notifies the other promptly and uses reasonable efforts to resume performance.

19. Governing Law and Dispute Resolution

19.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the Federal Republic of Germany, excluding conflict of law principles and the UN Convention on Contracts for the International Sale of Goods (CISG). Where mandatory consumer protection laws of your country of residence apply, those laws shall take precedence to the extent required.

19.2 Jurisdiction

Any disputes arising out of or in connection with these Terms shall be subject to the exclusive jurisdiction of the competent courts in Würzburg, Bavaria, Germany, unless mandatory law requires otherwise.

19.3 EU Online Dispute Resolution

Pursuant to Regulation (EU) No. 524/2013, the European Commission provides an Online Dispute Resolution (ODR) platform. AureonCare is not obliged to participate in ODR proceedings but will consider requests submitted via the ODR platform in good faith. Our email for ODR purposes is: info@aureoncare.tech.

19.4 U.S. Users — Arbitration

For Customers located in the United States, any dispute, claim, or controversy arising out of or relating to these Terms that is not resolved informally within 30 days shall be finally settled by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules. Class action waiver: disputes must be brought individually, not as part of a class action. Notwithstanding the foregoing, either party may seek injunctive relief in any court of competent jurisdiction.

20. Changes to These Terms

AureonCare may update these Terms from time to time. We will notify you of material changes at least 30 days before the effective date by:

• Posting a notice on our website and/or the platform dashboard.
• Sending an email notification to the registered account email address.

Your continued use of the Services after the effective date of the updated Terms constitutes your acceptance. If you do not agree to the updated Terms, you must stop using the Services and cancel your Subscription before the effective date.

21. General Provisions

• Entire Agreement: These Terms, together with the Privacy Policy, DPA, and any signed BAA or order form, constitute the entire agreement between the parties regarding the Services and supersede all prior agreements.
• Severability: If any provision of these Terms is held invalid or unenforceable, that provision will be modified to the minimum extent necessary, and the remaining provisions will continue in full force.
• Waiver: Failure to enforce any provision of these Terms does not constitute a waiver of the right to enforce it in the future.
• Assignment: You may not assign or transfer your rights under these Terms without AureonCare's prior written consent. AureonCare may assign these Terms in connection with a merger, acquisition, or sale of assets, with 30 days' notice.
• Notices: Notices to AureonCare must be sent by email to info@aureoncare.tech with confirmation by registered letter to 97816 Lohr am Main, Bavaria, Germany.
• Language: These Terms are written in English. In case of conflict between an English version and any translation, the English version prevails.

22. Contact Information

For questions about these Terms or to report violations, please contact:

Also see our Privacy Policy for information about how we handle your personal data.