Terms and Conditions Privacy Policy User Policy

Terms & Conditions

Effective date: September 21, 2025

Important: These Terms & Conditions (the “Terms”) form a binding agreement between you and Prescripta ("Prescripta," "we," "us," or "our") governing your access to and use of our websites (including prescripta.com), web and mobile applications, dashboards, APIs, and related services (collectively, the “Services”). By creating an account, accessing, or using the Services, you agree to these Terms. If you use the Services on behalf of a clinic, practice, employer, or other entity, you represent that you are authorized to accept these Terms on its behalf and “you” will also refer to that entity.

Not medical advice. Prescripta is a software platform that helps healthcare providers and businesses manage patient outreach, operations, and communications. Prescripta does not practice medicine, provide patient care, or offer clinical, diagnostic, or treatment services. The Services and any content or outputs (including AI-generated outputs) are informational tools only and are not a substitute for professional judgment.

1. Eligibility; Accounts; Authorized Users

1.1 Eligibility. You must be (a) at least 18 years old, and (b) legally able to enter into contracts to use the Services. If you use the Services on behalf of an entity, you must have authority to bind that entity.

1.2 Account Registration. You must provide accurate, current, and complete information and keep it up to date. You are responsible for maintaining the confidentiality of your credentials and for all activities under your account.

1.3 Authorized Users. If you are a business customer, you may permit employees, contractors, or agents to access the Services under your account (“Authorized Users”). You are responsible for your Authorized Users’ compliance with these Terms and for all actions taken under your account.

1.4 Verification & Compliance. We may require identity or organization verification and may suspend or terminate access if we cannot verify or if use would violate law or these Terms.

2. Relationship to HIPAA and Patient Information

2.1 Definitions. “PHI” means protected health information under the U.S. Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, “HIPAA”). “Customer Data” means any data, content, records, files, messages, images, video, audio, documents, and other information you or your Authorized Users submit to the Services, including PHI and personal data.

2.2 Business Associate Role. To the extent you are a HIPAA “Covered Entity” or another “Business Associate” and you will upload or process PHI with the Services, Prescripta will act as your Business Associate. In that case, the parties must execute a Business Associate Agreement (BAA), which supplements these Terms. If you intend to process PHI and do not have a signed BAA in place, you must not upload PHI to the Services.

2.3 Compliance Responsibilities. You are responsible for (i) determining whether HIPAA applies to you; (ii) configuring and using the Services in a HIPAA-compliant manner; (iii) establishing appropriate notices, consents, authorizations, and policies; and (iv) safeguarding credentials and endpoint devices.

2.4 Patient Communications; TCPA/CAN-SPAM. If you use the Services to send SMS, voice, or email messages, you represent and warrant that you have obtained all required consents and authorizations and that your communications comply with applicable laws (including the Telephone Consumer Protection Act (TCPA), CAN-SPAM, state privacy laws, and professional rules). You are solely responsible for message content, contact lists, opt-in/opt-out management, and honoring patient preferences.

2.5 42 C.F.R. Part 2; Special Categories. If you process substance use disorder records (42 C.F.R. Part 2) or other special categories requiring heightened protections, you must not upload those records unless (a) permitted under law and (b) we have agreed in writing to appropriate safeguards.

3. Subscriptions, Trials, Fees, and Taxes

3.1 Plans. Access to the Services may require a paid subscription (each, a “Plan”). Plan features, limits, and pricing are described at purchase and may be updated from time to time.

3.2 Billing. You authorize us to charge your payment method for all fees under your selected Plan, including recurring fees, usage-based charges, overages, and applicable taxes. Plans renew automatically at the then-current price unless canceled in accordance with Section 12.

3.3 Trials & Promotions. Any free trial or promotional access is provided solely for evaluation. We may modify or terminate a trial at any time. At the end of a trial, your Plan will convert to a paid Plan unless you cancel before the trial ends.

3.4 Refunds. Except where required by law or expressly stated otherwise, fees are non-refundable and non-cancellable during the applicable term.

3.5 Late Payments; Suspension. Unpaid amounts may accrue interest at the lesser of 1.5% per month or the maximum allowed by law. We may suspend or terminate access for non-payment after reasonable notice.

3.6 Taxes. Fees are exclusive of taxes. You are responsible for all sales, use, VAT/GST, and other taxes, except those based on our net income.

4. Access Rights; Restrictions; Acceptable Use

4.1 License. Subject to these Terms and timely payment of fees, we grant you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services for your internal business purposes during the subscription term.

4.2 Restrictions. You will not and will not permit others to: (a) copy, modify, or create derivative works of the Services; (b) reverse engineer, decompile, or attempt to discover the source code or underlying algorithms; (c) rent, lease, sell, sublicense, or otherwise transfer rights; (d) access the Services for competitive evaluation or benchmarking without our prior written consent; (e) bypass or breach security or rate limits; (f) interfere with or disrupt the Services; (g) use the Services to store or transmit malicious code or infringing, defamatory, or illegal content; or (h) misrepresent your identity or affiliation.

4.3 Acceptable Use. You will not use the Services to: (i) send spam or unlawful communications; (ii) harass, threaten, or harm others; (iii) process data without lawful basis or required consent; (iv) collect or process children’s data subject to COPPA without signed addenda; (v) violate intellectual property rights; (vi) perform high-risk activities where a failure could lead to death or serious injury; or (vii) violate any applicable law or regulation.

5. AI-Enabled Features and Outputs

5.1 Nature of AI Features. Some features may use machine learning or generative AI models (“AI Features”). AI Features may generate text, insights, forecasts, or recommendations (“AI Outputs”).

5.2 No Medical Advice; Human Oversight. AI Outputs are generated algorithmically and may be inaccurate or incomplete. AI Outputs are not medical advice and must be reviewed by qualified personnel. You are responsible for independent verification before relying on AI Outputs for clinical or operational decisions.

5.3 Use of Inputs for Improvement. We may use de-identified data to train or improve models in accordance with Section 8 and applicable law and the BAA, if any.

5.4 Safety & Controls. You will not use AI Features to generate unlawful, discriminatory, or harmful content and will implement appropriate review processes.

6. Third-Party Services; Integrations; APIs

6.1 Third-Party Services. The Services may interoperate with or allow connections to third-party services (e.g., EHRs, CRMs, messaging providers, payment processors). Your use of third-party services is governed by those providers’ terms and policies. We are not responsible for third-party services.

6.2 Integrations & Connectors. Where we provide integrations or connectors, we may modify or discontinue them if a third party changes its API, terms, or availability.

6.3 APIs; Rate Limits. We may provide APIs subject to separate documentation and limits. You must comply with published limits and security requirements. We may throttle or suspend API access to protect the Services.

7. Intellectual Property; Feedback

7.1 Ownership. Prescripta and its licensors own all rights, title, and interest in and to the Services, including software, content, designs, interfaces, and know-how. No rights are granted except as expressly set forth.

7.2 Customer Data. As between the parties, you own Customer Data. You grant Prescripta a non-exclusive, worldwide, royalty-free license to host, copy, display, process, transmit, and otherwise use Customer Data to provide and improve the Services, prevent or address service, security, or technical issues, and as otherwise permitted by these Terms and applicable law.

7.3 Feedback. If you provide suggestions or feedback, you grant Prescripta a perpetual, irrevocable, worldwide, royalty-free license to use and incorporate it without restriction.

8. Data Privacy; De-identified and Aggregated Data

8.1 Privacy Notice. Our collection, use, and disclosure of personal data is described in our Privacy Policy, which is incorporated by reference.

8.2 Security. We maintain administrative, technical, and physical safeguards designed to protect Customer Data. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8.3 De-identified & Aggregated Data. We may create and use de-identified or aggregated data derived from Customer Data for analytics, research, benchmarking, service improvement, and other lawful purposes, provided that such data does not identify you, any Authorized User, or any individual.

8.4 Incident Notification. If we become aware of a security incident involving Customer Data, we will notify you without undue delay consistent with applicable law and our BAA, if any.

8.5 Data Location; Transfers. We may process data in the United States and other jurisdictions subject to applicable law and our contractual obligations.

9. Confidentiality

9.1 Confidential Information. Each party may receive nonpublic information from the other that is identified as confidential or that reasonably should be understood to be confidential (“Confidential Information”). Customer Data is your Confidential Information; the Services (including pricing and performance data) are our Confidential Information.

9.2 Use and Protection. The receiving party will use the disclosing party’s Confidential Information only to perform under these Terms and will protect it using reasonable measures. The receiving party may disclose Confidential Information to its employees, agents, and contractors who need to know it and are bound by confidentiality obligations no less protective.

9.3 Exclusions; Required Disclosure. Confidential Information does not include information that is publicly available without breach, independently developed, or rightfully obtained from a third party. The receiving party may disclose Confidential Information if required by law or court order, provided it gives prompt notice (unless legally prohibited) and cooperates to seek protective treatment.

10. Warranties; Disclaimers

10.1 Mutual Authority. Each party represents it has the right and authority to enter into these Terms.

10.2 Your Warranties. You represent and warrant that (a) you have obtained all consents and have all rights necessary to submit Customer Data and permit its processing as described; (b) your use of the Services will comply with law and these Terms; and (c) you will not use the Services for emergency, life-support, or high-risk activities.

10.3 Disclaimer. EXCEPT AS EXPRESSLY STATED, THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” PRESCRIPTA DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR MEET YOUR REQUIREMENTS, OR THAT AI OUTPUTS WILL BE ACCURATE OR COMPLETE.

11. Indemnification

11.1 By You. You will defend, indemnify, and hold harmless Prescripta, its affiliates, and their officers, directors, employees, and agents from and against any claim, demand, loss, damage, or expense (including reasonable attorneys’ fees) arising from: (a) your use of the Services, including communications you send; (b) Customer Data (including alleged infringement or violation of privacy or publicity rights); (c) your breach of these Terms or law; or (d) your use of AI Outputs without appropriate human review.

11.2 By Prescripta. Prescripta will defend you from any third-party claim alleging that the Services infringe a valid U.S. patent, copyright, or trademark, and will pay final damages awarded against you (or settlement we approve), provided you: (i) promptly notify us; (ii) allow us sole control of the defense and settlement; and (iii) reasonably cooperate. We may procure the right for you to continue using the Services, modify the Services, or terminate access with a pro-rata refund of prepaid fees for the terminated portion. This Section does not apply to claims arising from Customer Data, combinations not provided by us, or your breach of these Terms.

12. Term; Suspension; Termination; Data Return/Deletion

12.1 Term. These Terms are effective from the earlier of your first use of the Services or acceptance, and continue until terminated.

12.2 Suspension. We may suspend access immediately if (a) you fail to pay, (b) you or an Authorized User pose a security risk or violate law or these Terms, (c) your use could subject us to liability, or (d) required by a third party provider or law.

12.3 Termination for Convenience. You may terminate your subscription at any time effective at the end of the then-current billing period by following the cancellation process in your account or contacting support. Unless otherwise stated, fees are non-refundable.

12.4 Termination for Cause. Either party may terminate for material breach not cured within thirty (30) days after written notice. We may terminate immediately for non-payment.

12.5 Data Export; Deletion. Upon termination or expiration, you may export Customer Data available through self-service tools before your account closes. Upon request, and subject to our retention obligations, we will delete or return Customer Data within a commercially reasonable period per our policies and the BAA, if any. We may retain and use de-identified or aggregated data per Section 8.3.

12.6 Survival. Sections 2–3, 4.2–4.3, 5, 6, 7–11, 12.5–12.6, and 13–17 will survive termination.

13. Limitation of Liability

13.1 Exclusion of Certain Damages. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

13.2 Cap. EXCEPT FOR (A) YOUR PAYMENT OBLIGATIONS; (B) YOUR INDEMNIFICATION OBLIGATIONS; OR (C) YOUR BREACH OF SECTION 4 (RESTRICTIONS/ACCEPTABLE USE) OR SECTION 9 (CONFIDENTIALITY), EACH PARTY’S TOTAL LIABILITY ARISING OUT OF OR RELATING TO THE SERVICES OR THESE TERMS WILL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY YOU TO PRESCRIPTA FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

13.3 Essential Purpose. The limitations in this Section apply even if any remedy fails of its essential purpose.

14. Modifications to the Services or Terms

14.1 Services. We may enhance or modify the Services from time to time. If we materially reduce core functionality, we will provide notice and, if you object, you may terminate and receive a pro-rata refund of prepaid fees for the affected period.

14.2 Terms. We may update these Terms. We will post the updated Terms and change the “Effective date.” For material changes, we will provide additional notice (e.g., email or in-product). Your continued use after the effective date constitutes acceptance.

15. Publicity; Use of Name and Logo

Unless you notify us in writing to opt out, we may identify you as a customer and use your name and logo in accordance with your brand guidelines for marketing and promotional purposes. Any public case study or press release will require your prior written consent.

16. Export; Sanctions; Government Use

16.1 Export. You will comply with U.S. and applicable international export and sanctions laws. You will not export or permit access to the Services in violation of such laws.

16.2 Sanctions. You represent you are not located in, organized under the laws of, or ordinarily resident in any country or territory subject to comprehensive U.S. sanctions and are not a denied or restricted party.

16.3 U.S. Government. The Services are “commercial computer software” and “commercial computer software documentation.” If acquired by or on behalf of a U.S. Government entity, use is subject to the terms of these commercial licenses per FAR 12.212 and DFARS 227.7202.

17. Dispute Resolution; Governing Law; Venue; Class Action Waiver

17.1 Good-Faith Resolution. The parties will attempt in good faith to resolve any dispute arising out of these Terms.

17.2 Arbitration. Except for claims seeking injunctive relief or to protect intellectual property, any dispute will be resolved by binding arbitration administered by JAMS in accordance with its Streamlined Arbitration Rules. The seat of arbitration will be Orlando, Florida. The language will be English. Judgment on the award may be entered in any court of competent jurisdiction.

17.3 Opt-Out. You may opt out of arbitration within 30 days of first accepting these Terms by sending a written notice to [legal@prescripta.com] with subject “Arbitration Opt-Out.”

17.4 Governing Law; Venue. These Terms are governed by the laws of the State of Florida, without regard to conflicts of laws principles. For any permitted court action, the parties consent to exclusive jurisdiction and venue in the state and federal courts located in Orange County, Florida.

17.5 Class Action Waiver. You and Prescripta agree that each may bring claims only in your or its individual capacity, and not as a plaintiff or class member in any purported class or representative proceeding.

18. Notices; Electronic Communications; E-Sign

18.1 Notices. Notices to Prescripta must be sent to: Prescripta Legal, [Address], [City, State ZIP], and by email to legal@prescripta.com. Notices to you may be provided via the Services or your account email.

18.2 Electronic Communications; E-Sign. You consent to transact and receive communications electronically. Your electronic acceptance and records satisfy legal requirements for a writing and signature.

19. Miscellaneous

19.1 Assignment. You may not assign these Terms without our prior written consent. We may assign to an affiliate or in connection with a merger, acquisition, or sale of assets.

19.2 Force Majeure. Neither party is liable for failure to perform due to events beyond its reasonable control (e.g., natural disasters, acts of government, labor disputes, internet or hosting failures, DDoS attacks, or third-party platform outages), provided reasonable efforts are used to mitigate.

19.3 Entire Agreement. These Terms, any order forms, the Privacy Policy, the BAA (if applicable), and any additional policies referenced herein constitute the entire agreement and supersede all prior agreements regarding the Services.

19.4 Severability; Waiver. If any provision is unlawful or unenforceable, it will be modified to the minimum extent necessary or severed, and the remaining provisions will remain in effect. Failure to enforce any provision is not a waiver.

19.5 Headings. Headings are for convenience only and do not affect interpretation.

20. Contact

If you have questions about these Terms, please contact legal@prescripta.com.

Appendices (Optional)

Appendix A (Service Levels): If you have a separate SLA, it is incorporated by reference. Otherwise, Services are provided on an “as is” basis without uptime commitments.
Appendix B (Data Processing Addendum): For customers subject to GDPR/CCPA or international transfers, a DPA may supplement these Terms.
Appendix C (Messaging Compliance Guide): Best practices for TCPA/CAN-SPAM compliance may be provided separately as guidance only.

Disclaimer: This document is a general template and may not address all risks applicable to your business. It is not legal advice. Please consult your counsel to tailor and finalize for your specific needs (e.g., HIPAA BAA, Part 2 programs, state privacy laws, and specialty practice requirements).

‍

Privacy Policy

Effective date: September 21, 2025

This Privacy Policy explains how Prescripta ("Prescripta," "we," "us," or "our") collects, uses, discloses, and safeguards information when you use our websites (including prescripta.com), applications, APIs, and related services (collectively, the “Services”).

HIPAA Notice: If you are a HIPAA Covered Entity or Business Associate and use the Services to create, receive, maintain, or transmit Protected Health Information (PHI), our use and disclosure of PHI is governed by the Business Associate Agreement (BAA) executed with your organization. Where there is a conflict between this Privacy Policy and the BAA with respect to PHI, the BAA controls. This Privacy Policy primarily governs personal data that is not PHI.

1. Who We Are

Prescripta provides software tools that help healthcare providers and businesses manage patient communications, outreach, analytics, and operations. Contact us at privacy@prescripta.com.

If you are located in the EEA/UK/Switzerland, Prescripta is the data controller for personal data we collect directly from you via our marketing sites and self-serve products. For enterprise implementations where we process data on our customers’ instructions (including PHI), we act as a data processor/business associate.

2. Information We Collect

We collect information in the following categories. Specific data elements may vary based on how you use the Services.

2.1 You Provide Directly

Account & Profile: name, employer/clinic name, role/title, contact details (email, phone), passwords, preferences.
Customer Content/Data: messages, files, images, forms, templates, contact lists, appointment information, campaign settings, and other content you or your Authorized Users upload or input (may include PHI if you are a healthcare customer under a BAA).
Communications: support inquiries, feedback, survey responses, call/SMS/email content sent via the Services (including opt-in/opt-out status and timestamps).
Payment & Billing: subscription plan details, billing address, last four digits of card, payment tokens (processed by our payment processors). We do not store full card numbers.

2.2 Collected Automatically

Usage & Device Data: IP address, device identifiers, operating system, browser type, app version, language, time zone, pages viewed, referring/exit pages, clickstream, feature use, error logs, performance metrics.
Cookies & Similar Tech: cookies, pixels, SDKs, local storage, and similar technologies to enable core functionality, remember preferences, analyze usage, prevent fraud/abuse, and (for marketing sites) measure campaigns.

2.3 From Third Parties

Integrations: data from connected services (e.g., EHRs, CRMs, scheduling, email/SMS providers, payment processors) as authorized by you and subject to those providers’ terms.
Partners & Vendors: analytics, attribution, enrichment (e.g., firmographic data), and anti-abuse signals.

Sensitive Data. We do not seek to collect sensitive personal data outside of HIPAA contexts. Do not submit government IDs, precise geolocation, or other special categories unless required and permitted by law and your agreement with us.

3. How We Use Information

We use information for the following purposes and rely on the corresponding legal bases where applicable (EEA/UK):

Provide & Operate the Services (performance of contract): account creation, authentication, user management, delivering features, processing messages/campaigns, and providing support.
Security & Integrity (legitimate interests/legal obligation): monitoring, preventing, and detecting fraud, abuse, and security incidents; enforcing terms; quality assurance; backups and disaster recovery.
Improvement & Research (legitimate interests/consent where required): developing new features, training and evaluating models (including de-identified/aggregated data), and analytics about feature adoption and performance.
Personalization (legitimate interests/consent): tailoring in-product experiences, templates, and recommendations.
Marketing & Communications (consent/legitimate interests): sending product updates, event invites, and promotional content; measuring campaign effectiveness; honoring your communication preferences.
Compliance (legal obligation): regulatory reporting, tax, accounting, responding to lawful requests.

We may de-identify or aggregate data and use it for any lawful purpose. We do not attempt to re-identify de-identified data.

4. Cookies and Similar Technologies

We use:

Strictly Necessary Cookies for core functionality, authentication, and security.
Functional Cookies to remember preferences.
Analytics Cookies to understand usage and improve the Services.
Advertising/Retargeting Cookies on our marketing sites to reach interested audiences.

You can manage cookies through your browser settings. Where required, we obtain consent via a cookie banner and respect Global Privacy Control (GPC) signals for opt-outs related to “sale,” “sharing,” or targeted advertising, as applicable.

5. How We Share Information

We share information with:

Service Providers/Processors: hosting (e.g., cloud infrastructure), messaging (SMS, voice, email), analytics, customer support, payment processing, fraud prevention, and security vendors bound by contractual obligations.
Integrated Third Parties: when you connect third-party tools, we share data as necessary to enable the integration based on your configuration and instructions.
Affiliates: for operations and support consistent with this Policy.
Legal & Safety: to comply with law, legal process, or enforce our terms; to protect the rights, property, or safety of Prescripta, our users, or the public.
Business Transfers: in connection with a merger, acquisition, financing, due diligence, or sale of assets.

We do not sell personal information for money. We may engage in “sharing” or “targeted advertising” under certain state privacy laws for our marketing sites; you can opt out (see Section 10).

6. Data Retention

We retain personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context. Upon termination or per your request, we will delete or return Customer Data according to our Terms, applicable laws, and the BAA where applicable. We may retain and use de-identified/aggregated data.

7. Security

We implement administrative, technical, and physical safeguards designed to protect information, including encryption in transit, access controls, least-privilege practices, logging and monitoring, and regular vulnerability management. No security program is impenetrable; you are responsible for securing your credentials, endpoints, and integration secrets.

8. Children’s Privacy

The Services are not directed to children under 13 (or other age as required by local law), and we do not knowingly collect personal data from children without appropriate consent or legal basis. If you believe a child has provided personal data to us, contact privacy@prescripta.com.

9. International Data Transfers

We may transfer and process data in the United States and other countries with different data protection laws. Where required, we use appropriate safeguards, such as Standard Contractual Clauses (SCCs) and supplementary measures.

10. Your Rights and Choices

Your rights depend on your location and the nature of our relationship (controller vs processor).

10.1 Account Preferences

Manage email/SMS preferences from message footers or in-product settings.
Disable certain cookies via the cookie banner or browser controls.
For integrations, manage data flows in the third-party services you connect.

10.2 EEA/UK/Swiss Residents (GDPR)

Where we act as controller, you may have the right to access, rectify, erase, restrict, object, port, and withdraw consent (without affecting prior processing). To exercise, contact privacy@prescripta.com. When we act as processor/business associate, we will forward requests to the relevant customer and support their response.

10.3 U.S. State Privacy Laws (e.g., CA/VA/CO/CT/UT/OR/TX)

Depending on your state, you may have the right to know/access, correct, delete, port, and to opt out of sale, sharing, or targeted advertising. You may also limit the use/disclosure of sensitive personal information.

Submit requests at [URL to webform] or privacy@prescripta.com.
Opt out of sale/sharing/targeted advertising: use our "Do Not Sell or Share My Personal Information" link in the footer, adjust cookie preferences, or send a GPC signal, which we honor.
Appeals: If we deny your request, you may appeal by replying to our decision email or contacting privacy@prescripta.com with subject “Appeal.”
Authorized Agents: Where allowed, you may designate an authorized agent; we may require proof of authorization and identity verification.

10.4 Do Not Track (DNT)

We do not respond to browser DNT signals. We do honor GPC for applicable opt-outs.

11. Communications Compliance (TCPA/CAN-SPAM)

If you send SMS, voice, or email via the Services, you must have a valid legal basis and required consent. We record opt-ins/opt-outs and provide tools to manage preferences. You are responsible for the content of messages, honoring opt-out requests, and complying with applicable laws and carrier policies.

12. AI Features

Some features use machine learning/generative AI to produce content, predictions, or insights. AI outputs may be inaccurate or incomplete and require human review. We may use de-identified data to improve models in accordance with this Policy, the Terms, and the BAA where applicable.

13. Third-Party Links and Services

Our Services may link to third-party websites, apps, or services. Their privacy practices are governed by their own policies. Review those policies before providing information or enabling integrations.

14. California Privacy Notice (CPRA)

This section applies to California residents and supplements the rest of this Policy.

14.1 Categories We Collect

Identifiers; customer records; commercial information; internet/network activity; geolocation (coarse); professional/employment information; and inferences drawn from these categories. We do not knowingly collect sensitive personal information outside of HIPAA contexts.

14.2 Sources

Directly from you; automatically via the Services; from your organization; from service providers and integration partners.

14.3 Purposes

As described in Sections 3–5.

14.4 Disclosures

We disclose personal information to service providers and contractors for business purposes (e.g., hosting, analytics, fraud prevention). We do not sell personal information for money. We may share identifiers and internet activity with advertising partners for cross-context behavioral advertising on our marketing sites; you can opt out (Section 10).

14.5 Retention

We retain personal information as described in Section 6.

14.6 Your CPRA Rights

Right to know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and non-discrimination. Submit requests as described in Section 10.

15. Nevada/Colorado/Connecticut/Virginia/Utah/Oregon/Texas Notices

Residents of these states may have similar rights, including the right to opt out of targeted advertising and certain profiling. We provide mechanisms in Section 10 and honor GPC where applicable.

16. Data Controller/Processor Roles

For data we collect directly from individuals on our marketing sites and self-serve apps, Prescripta is controller.
For data we process on behalf of enterprise customers (including PHI), Prescripta is processor/business associate and processes only on documented instructions, subject to the BAA/DPA.

We enter into appropriate Data Processing Agreements (DPAs), SCCs, and BAAs as required.

17. Changes to This Policy

We may update this Policy from time to time. We will post the updated Policy with a new Effective date and, for material changes, provide additional notice (e.g., email or in-product). Your continued use after the effective date constitutes your acceptance.

18. Contact Us

For questions, requests, or complaints:

Email: privacy@prescripta.com
Mail: Prescripta Legal, [Address], [City, State ZIP]
Webform: [URL to privacy request form]

If you are in the EEA/UK and are not satisfied with our response, you may lodge a complaint with your local data protection authority. UK residents may contact the ICO. Swiss residents may contact the FDPIC.

Annex: Data Processing Addendum (Reference)

For customers subject to GDPR/UK GDPR or international transfers, our DPA (including SCCs/UK Addendum) supplements this Privacy Policy and the Terms. For HIPAA-covered implementations, the BAA governs PHI processing.

Disclaimer: This document is a general template and not legal advice. Please consult your legal counsel to tailor and finalize, including your specific vendor list, cookie categories, state-specific disclosures, and contact details.

‍

User Policy / Acceptable Use Policy (AUP)

Effective date: September 21, 2025

This User Policy / Acceptable Use Policy ("User Policy") explains the rules that apply to all users of Prescripta websites, applications, APIs, and related services (the "Services"). It supplements our Terms & Conditions and Privacy Policy. Capitalized terms not defined here have the meanings given in those documents.

Clinical disclaimer: Prescripta is a software platform. It does not practice medicine or provide clinical services. You must exercise independent professional judgment and comply with all laws and professional rules applicable to your practice.

1) Eligibility and Accounts

1.1 Minimum age & authority. You must be at least 18 and have authority to bind your organization if you use the Services on its behalf.

1.2 Accurate information. Provide accurate, current information and keep your contact and security details updated.

1.3 Account security. You are responsible for safeguarding credentials, enforcing strong passwords/MFA, managing roles/permissions, and promptly revoking access for departing users and vendors.

1.4 Authorized Users. You are responsible for your Authorized Users (employees, contractors, agents) and their actions within your account.

2) Lawful Use and Compliance

2.1 General compliance. You must use the Services only for lawful purposes and in accordance with all applicable laws and regulations, including (as applicable): HIPAA, 42 C.F.R. Part 2, TCPA, CAN‑SPAM, FTC Act, state privacy laws (e.g., CA/VA/CO/CT/UT/OR/TX), anti‑spam and telecommunications carrier rules, and export/sanctions controls.

2.2 PHI and BAA. Upload Protected Health Information (PHI) only if your organization has executed our Business Associate Agreement (BAA) and has appropriately configured the Services. Without a signed BAA, do not submit PHI.

2.3 Consents & notices. You must obtain, document, and honor patient/consumer consent (opt‑in) and provide legally required notices. Maintain proof of consent, including timestamps, source, and method.

2.4 Data minimization. Collect only what you need, retain it only as long as necessary, and keep your contact lists accurate and permission‑based.

3) Prohibited Conduct and Content

You will not, and will not allow others to, use the Services to:

3.1 Illegal or harmful activity. Engage in any activity that is illegal, fraudulent, deceptive, defamatory, harassing, hateful, violent, or otherwise harmful.

3.2 Abusive communications. Send unsolicited bulk messages or spam; make unlawful automated calls/texts; or continue messaging after an opt‑out. You must include required identification, opt‑out instructions, and respect carrier policies.

3.3 Sensitive data without safeguards. Upload government IDs, financial account numbers, precise geolocation, biometric data, or other special categories unless permitted by law, necessary for your use case, and protected by appropriate notices, consents, and contractual safeguards.

3.4 High‑risk use. Use the Services for life‑support, emergency response, or other high‑risk activities where failure could lead to death or serious injury.

3.5 Security violations. Probe, scan, or test vulnerabilities; circumvent security or rate limits; access accounts or data without authorization; distribute malware; or interfere with the Services’ integrity or availability.

3.6 IP infringement. Upload or transmit content that infringes or misappropriates intellectual property, privacy, or publicity rights.

3.7 Misrepresentation. Impersonate others; misstate your identity or affiliation; spoof sender IDs; or falsify headers.

3.8 Content restrictions. Upload or distribute content that is sexually explicit involving minors, promotes self‑harm or violence, facilitates the sale of illegal drugs or weapons, or otherwise violates law or platform policies.

3.9 Rate‑limit abuse. Circumvent or materially exceed published or assigned limits on API calls, messaging throughput, storage, file size, or automation frequency.

4) Messaging, Calls, and Campaign Rules

4.1 Opt‑in. You must obtain express consent before sending marketing texts/calls and maintain records of consent. For informational/transactional messages, ensure you have a valid legal basis.

4.2 Identification. Clearly identify your organization as the sender; include contact information and legally required disclosures.

4.3 Opt‑out. Provide easy opt‑out mechanisms (e.g., reply STOP for SMS) and honor requests within required timeframes. Do not re‑subscribe without new consent.

4.4 Quiet hours & frequency. Follow applicable “quiet hour” restrictions and carrier guidelines; set reasonable frequency caps.

4.5 Contact list hygiene. Use permission‑based lists; avoid purchased or harvested lists; maintain suppression lists.

4.6 Prohibited verticals. Certain message categories may be disallowed by carriers or require pre‑approval (e.g., SHAFT categories—sex, hate, alcohol, firearms, tobacco—and sensitive medical claims). You are responsible for compliance and approvals.

5) Data Handling and Security Practices

5.1 Least privilege. Assign the minimum roles/permissions necessary. Use SSO/MFA where available.

5.2 Endpoint security. Maintain current OS patches, anti‑malware, and device encryption for any system that accesses the Services.

5.3 Secrets management. Protect API keys, webhooks, and integration credentials. Rotate keys periodically and immediately if compromise is suspected.

5.4 Incident reporting. Notify Prescripta without undue delay of any suspected or actual unauthorized access, breach, or misuse related to the Services, and cooperate in investigation and remediation.

5.5 Exports & downloads. Safeguard exported reports or data extracts; store them securely and delete them when no longer needed.

6) AI‑Enabled Features

6.1 Human oversight. AI outputs may be inaccurate, biased, or incomplete. You must review, validate, and edit AI‑generated content before use, especially for clinical or compliance‑relevant communications.

6.2 Prohibited AI use. Do not use AI features to generate discriminatory, deceptive, or unlawful content; to create deepfakes without disclosure and consent; or to make automated decisions with legal or significant effects without appropriate notices and safeguards.

6.3 Training data. Prescripta may use de‑identified or aggregated data to improve models as permitted by law, our Terms, and (if applicable) the BAA/DPA.

7) API and Integration Rules

7.1 Documentation & limits. Follow API documentation, schemas, authentication, and rate limits. Exponential backoff is required for retries.

7.2 Webhook hygiene. Verify signatures; avoid long‑running handlers; respond with appropriate HTTP codes; and protect endpoints with TLS.

7.3 Data scope. Pull only the fields you need; avoid over‑collection; and cache responsibly respecting TTL guidance.

7.4 Third‑party terms. When you connect external services (EHRs, CRMs, messaging providers, payments), you must comply with their terms and policies. If a third party changes or revokes access, Prescripta may modify or disable the integration.

8) Intellectual Property; User Content

8.1 Your content. You retain ownership of your content and grant Prescripta the rights necessary to operate the Services (hosting, processing, transmitting, display) and to provide support and security, as described in the Terms.

8.2 Licenses & rights. You represent you have the rights and permissions to upload and use the content you submit and to grant the licenses required by the Services.

8.3 DMCA. To report alleged copyright infringement, send a notice to legal@prescripta.com with: (i) your signature; (ii) identification of the work(s); (iii) identification of the material to be removed; (iv) contact info; (v) a statement of good‑faith belief; and (vi) a statement under penalty of perjury of accuracy and authorization. Counter‑notices may be submitted per 17 U.S.C. §512.

9) Fair Use, Trials, and Beta Features

9.1 Fair use. We may apply fair‑use thresholds to prevent system abuse and maintain service quality.

9.2 Trials/betas. Trials and beta features are provided as‑is, may be rate‑limited or disabled at any time, and may be subject to additional terms.

10) Enforcement and Remedies

10.1 Monitoring. Prescripta may monitor usage (including automated analysis) to detect abuse, security issues, or policy violations while respecting privacy and confidentiality obligations.

10.2 Reports. You can report abuse or suspected violations to abuse@prescripta.com. Provide sufficient detail for investigation.

10.3 Actions. We may, at our discretion and where permitted by law: issue warnings, require corrective actions, throttle features, quarantine or delete offending content, suspend or terminate accounts, block traffic, report to carriers/partners, and notify law enforcement.

10.4 Appeals. If you believe an enforcement action was in error, contact appeals@prescripta.com with supporting facts. We will review in good faith.

11) Government, Law Enforcement, and Legal Requests

We may disclose account or usage information in response to valid legal process, consistent with applicable law, contractual obligations (including the BAA), and our Privacy Policy. We will provide notice to affected customers where legally permitted.

12) International Use; Export and Sanctions

Do not use the Services in violation of U.S. export control or sanctions laws. You represent you are not a denied/restricted party and are not located in an embargoed jurisdiction. You are responsible for any local law compliance where you use the Services.

13) Changes to This User Policy

We may update this User Policy from time to time. We will post the updated policy with a new Effective date and, for material changes, provide additional notice. Continued use after the effective date constitutes acceptance.

14) Contact

Questions about this User Policy? Contact legal@prescripta.com.

Disclaimer: This template is provided for general informational purposes and does not constitute legal advice. Consult counsel to tailor for your specific operations, specialties, jurisdictions, and vendor stack (e.g., messaging carriers, EHR integrations, and security posture).