Effective Date: April 8, 2026
These Terms of Service (“Terms”) constitute a legally binding agreement between you (“Customer,” “you,” or “your”) and Medera, Inc. (“Medera,” “we,” “us,” or “our”) governing your access to and use of Medera’s AI-powered behavioral health platform and all related services (collectively, the “Services”).
By accessing or using the Services, executing an Order Form that references these Terms, or clicking “I Agree,” you acknowledge that you have read, understood, and agree to be bound by these Terms, our Privacy Policy, and any applicable Business Associate Agreement, Data Processing Addendum, or Service Level Agreement incorporated herein by reference.
If you are entering into these Terms on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.
"Services" Medera's AI-powered behavioral health platform, including all software, APIs, mobile applications, documentation, and related professional services.
"Healthcare Provider" Any licensed medical professional, behavioral health clinician, or authorized representative of a healthcare organization that accesses the Services.
"Protected Health Information" ("PHI") Has the meaning ascribed under HIPAA (45 CFR § 160.103), including individually identifiable health information created, received, maintained, or transmitted through the Services.
"Covered Entity" A health plan, healthcare clearinghouse, or healthcare provider that transmits health information electronically, as defined in 45 CFR § 160.103.
"Business Associate Agreement" ("BAA") The agreement between Medera and the Covered Entity governing the use and disclosure of PHI, as required by HIPAA.
"Order Form" The document executed by Customer specifying the Services purchased, subscription tier, pricing, and term, which incorporates these Terms by reference.
"Confidential Information" All non-public information disclosed by either party to the other, whether orally or in writing, including trade secrets, business plans, technical data, and PHI.
"Customer Data" All data, including PHI, that Customer or its authorized users upload, transmit, or create through the Services.
"De-identified Data" Data that has been processed to meet the HIPAA Safe Harbor standard (45 CFR § 164.514(b)) or the Expert Determination standard (45 CFR § 164.514(a)), such that it cannot reasonably identify any individual.
"SLA" The Service Level Agreement setting forth uptime commitments, performance benchmarks, support response times, and service credit remedies.
Access to clinical features of the Services is restricted to licensed healthcare providers, behavioral health clinicians, and authorized staff of healthcare organizations. You represent and warrant that you hold all licenses, certifications, and credentials required to practice in your jurisdiction and to use the Services in the manner contemplated.
You are responsible for maintaining the confidentiality and security of your account credentials. You agree to:
Enterprise accounts must designate at least one administrator who is authorized to manage user access, configure platform settings, and serve as the primary point of contact for security and compliance matters.
You agree to use the Services only for lawful purposes and in accordance with all applicable federal, state, and local laws, regulations, and professional standards, including HIPAA and applicable medical practice acts. Specifically, you agree to:
You shall not, and shall not permit any third party to:
IMPORTANT: Medera’s Services are clinical decision-support tools designed to assist, not replace, licensed healthcare providers in their professional clinical judgment. All AI-generated insights, recommendations, and assessments are informational aids only.
Where Customer is a Covered Entity or Business Associate under HIPAA, the parties shall execute a Business Associate Agreement (“BAA”) prior to Customer transmitting any PHI to Medera. The BAA is incorporated into these Terms by reference and governs Medera’s obligations with respect to PHI.
Medera maintains an enterprise-grade security program validated by independent third-party audits. Our security commitments include:
AES-256-GCM encryption at rest with HSM-backed key management. TLS 1.3 enforced for all data in transit with forward secrecy. 90-day automated key rotation.
Role-based access control (RBAC) with principle of least privilege. MFA required for all users. JIT access provisioning for administrative operations.
Zero-trust network architecture. Web application firewall (WAF), DDoS mitigation, IDS/IPS. Micro-segmentation and tenant isolation at all layers.
24/7/365 SOC monitoring. Automated vulnerability scanning. Annual penetration testing by independent third parties. Bug bounty / responsible disclosure program.
For detailed information on our data protection practices, see our Privacy Policy and Compliance & Safety pages.
Where required by applicable data protection law (including the EU GDPR, UK GDPR, or state comprehensive privacy laws), Medera will enter into a Data Processing Addendum (“DPA”) with Customer. The DPA addresses:
Enterprise customers may request Medera’s standard DPA by contacting hi@medera.info.
Medera commits to the following service levels for enterprise customers, as further detailed in the applicable SLA addendum:
99.9% monthly uptime commitment for production environments, measured as total minutes minus downtime divided by total minutes, excluding scheduled maintenance windows.
Scheduled maintenance windows with at least 72 hours advance notice. Maintenance performed during off-peak hours (Saturday 02:00–06:00 ET) whenever possible.
Severity 1 (production down): 15-minute initial response, continuous effort. Severity 2 (degraded): 1-hour response. Severity 3 (general): 4-hour response. Severity 4 (inquiry): 1 business day.
Monthly uptime below 99.9%: 10% credit. Below 99.0%: 25% credit. Below 95.0%: 50% credit. Credits applied against the next invoice. Maximum credit: 50% of monthly fees.
SLA commitments do not apply to: downtime caused by factors outside Medera’s reasonable control (see Force Majeure); Customer’s equipment, software, or network failures; Customer’s breach of these Terms; scheduled maintenance windows; or features expressly designated as “beta” or “preview.”
Medera and its licensors retain all right, title, and interest (including all intellectual property rights) in and to the Services, platform, algorithms, models, documentation, and all improvements, derivatives, and modifications thereof. Nothing in these Terms transfers any Medera intellectual property to Customer.
Customer retains all right, title, and interest in Customer Data. Customer grants Medera a limited, non-exclusive license to use Customer Data solely to provide the Services and as otherwise permitted under the BAA.
Medera may create De-identified Data from Customer Data in accordance with HIPAA standards. Medera retains all rights to De-identified Data and may use it for product improvement, research, benchmarking, and other lawful purposes. De-identified Data will not be re-identified or used to identify any individual.
If Customer provides suggestions, feature requests, or other feedback regarding the Services (“Feedback”), Medera may use such Feedback without restriction or obligation. No Feedback shall be considered Customer Confidential Information.
Medera may adjust pricing for renewal terms with at least sixty (60) days written notice prior to the start of the renewal period. Price increases during an active term require mutual written agreement unless the Order Form provides otherwise.
All fees are exclusive of applicable sales, use, value-added, and other taxes. Customer is responsible for all taxes, levies, and duties (excluding taxes on Medera’s net income) unless Customer provides a valid tax exemption certificate.
Fees are non-refundable except as expressly provided in the SLA (service credits), in the event of material breach by Medera, or as otherwise required by applicable law.
Each party agrees to protect the other party’s Confidential Information using at least the same degree of care it uses to protect its own confidential information, and in no event less than a reasonable standard of care.
Confidentiality obligations do not apply to information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was known to the receiving party prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) is received from a third party without breach of a confidentiality obligation.
Confidentiality obligations survive termination of these Terms for a period of five (5) years, except that obligations with respect to PHI and trade secrets survive indefinitely (or as required by applicable law).
Medera shall defend, indemnify, and hold harmless Customer from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising from:
Customer shall defend, indemnify, and hold harmless Medera from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising from:
The indemnified party must provide prompt written notice, grant the indemnifying party sole control of the defense and settlement, and provide reasonable cooperation. The indemnifying party shall not settle any claim in a manner that imposes obligations on the indemnified party without prior written consent.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING DAMAGES FOR LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, REGARDLESS OF THE THEORY OF LIABILITY.
EXCEPT FOR OBLIGATIONS ARISING UNDER THE INDEMNIFICATION SECTION, BREACH OF CONFIDENTIALITY, OR WILLFUL MISCONDUCT, EACH PARTY’S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE GREATER OF: (A) THE FEES PAID OR PAYABLE BY CUSTOMER IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY; OR (B) ONE HUNDRED THOUSAND U.S. DOLLARS ($100,000).
For claims arising from breach of the BAA, unauthorized disclosure of PHI, or breach of confidentiality, each party’s aggregate liability shall not exceed two times (2x) the fees paid or payable by Customer in the twelve (12) months preceding the event giving rise to liability.
Nothing in these Terms shall limit liability for: (a) fraud or intentional misrepresentation; (b) death or personal injury caused by negligence; (c) any liability that cannot be excluded under applicable law; or (d) Customer’s obligation to pay fees due under an Order Form.
Medera represents and warrants that:
EXCEPT AS EXPRESSLY PROVIDED HEREIN, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” MEDERA DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. MEDERA DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.
The initial term is specified in the Order Form. Unless either party provides written notice of non-renewal at least sixty (60) days prior to the end of the then-current term, the subscription will automatically renew for successive periods equal to the initial term (or one year, whichever is shorter).
Either party may terminate these Terms with sixty (60) days prior written notice. If Customer terminates for convenience during an active subscription term, pre-paid fees for the remaining term are non-refundable.
Either party may terminate immediately upon written notice if:
Enterprise customers may exercise audit rights to verify Medera’s compliance with its security, privacy, and regulatory obligations:
These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict-of-law principles.
The parties agree to attempt to resolve disputes through good-faith negotiation. If a dispute is not resolved within thirty (30) days of written notice, either party may escalate to the executive officers of each party for an additional thirty (30) day negotiation period.
Any dispute not resolved through negotiation shall be finally settled by binding arbitration administered by the American Arbitration Association (“AAA”) under its Commercial Arbitration Rules. The arbitration shall be conducted by a single arbitrator in Wilmington, Delaware. The arbitrator’s decision shall be final and binding, and judgment may be entered in any court of competent jurisdiction.
Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent irreparable harm, including with respect to breaches of confidentiality, intellectual property, or unauthorized disclosure of PHI.
ALL CLAIMS MUST BE BROUGHT IN THE PARTIES’ INDIVIDUAL CAPACITY AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS, CONSOLIDATED, OR REPRESENTATIVE PROCEEDING.
Neither party shall be liable for any failure or delay in performance to the extent caused by circumstances beyond its reasonable control, including acts of God, natural disasters, pandemics, epidemics, war, terrorism, civil unrest, government actions, power failures, internet disruptions, or third-party telecommunications failures (“Force Majeure Events”).
The affected party must provide prompt written notice describing the Force Majeure Event and use commercially reasonable efforts to mitigate the impact and resume performance. If a Force Majeure Event continues for more than ninety (90) consecutive days, either party may terminate the affected Order Form without liability. Force Majeure does not excuse Customer’s obligation to pay fees for Services already delivered, and does not relieve either party of its obligations to protect PHI.
Medera maintains the following insurance coverage during the term of these Terms:
Certificates of insurance are available upon request.
These Terms, together with all Order Forms, the BAA, DPA, SLA, and any exhibits or amendments executed by both parties, constitute the entire agreement between the parties and supersede all prior agreements, understandings, negotiations, and discussions, whether oral or written.
These Terms may not be amended or modified except by a written instrument signed by authorized representatives of both parties. Notwithstanding the foregoing, Medera may update these Terms for non-material changes (including clarifications, legal compliance updates, and new feature terms) with thirty (30) days written notice.
Neither party may assign these Terms without the prior written consent of the other party, except that either party may assign these Terms in connection with a merger, acquisition, or sale of substantially all of its assets. Any attempted assignment in violation of this provision is void.
If any provision of these Terms is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be reformed to the minimum extent necessary to make it valid and enforceable while preserving the parties’ original intent.
The failure of either party to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision. Any waiver must be in writing and signed by the waiving party.
All legal notices must be in writing and delivered by certified mail, nationally recognized overnight courier, or email (with confirmation of receipt) to the addresses specified in the Order Form. Notices are effective upon receipt.
The parties are independent contractors. Nothing in these Terms creates a partnership, joint venture, employment, or agency relationship between the parties.
These Terms do not confer any rights or remedies upon any person or entity other than the parties hereto and their permitted successors and assigns.
Customer shall comply with all applicable export control and sanctions laws and regulations. Customer represents that it is not located in, or a national or resident of, any U.S.-embargoed country and is not on any U.S. government restricted-parties list.
Each party represents that it has not and will not offer, pay, promise, or authorize the payment of any bribe, kickback, or other corrupt payment in connection with these Terms, and will comply with all applicable anti-corruption laws, including the U.S. Foreign Corrupt Practices Act.
For questions regarding these Terms, please contact us:
Email: hi@medera.info
Visit: medera.info/contact
Our legal team is available to discuss any aspect of these Terms, negotiate enterprise agreements, or provide additional documentation.