AuxoHealth
Back to home

Legal

Terms of Service

The agreement governing access to and use of the Auxo Health Solutions platform by your facility, your staff, and your patients.

Last updated · April 16, 2026

Effective Date: [TO BE SET AT PUBLICATION] Last Updated: April 16, 2026 Version: 1.0 DRAFT

⚠️ DRAFT — COUNSEL REVIEW REQUIRED BEFORE PUBLICATION. This is a template. Have a healthcare SaaS attorney review and customize before offering to any Customer.

1. Agreement

These Terms of Service (the "Agreement") govern your access to and use of the software-as-a-service platform and related products and services (collectively, the "Service") provided by Auxo Health Solutions, [LEGAL ENTITY TYPE], a Texas [LLC/PLLC/PC] ("Auxo", "we", "us", "our").

If you are entering into this Agreement on behalf of a company or other legal entity ("Customer" or "you"), you represent that you have authority to bind that entity. If you do not have such authority, you must not use the Service.

By executing a Service Order, checking an acceptance box, or accessing the Service, Customer agrees to this Agreement, the Business Associate Agreement attached as Exhibit A, the Data Processing Addendum attached as Exhibit B, and the Service-Level Agreement attached as Exhibit C, each incorporated by reference.

2. Definitions

  • "Authorized User" — Customer's employees, contractors, or clinicians whom Customer authorizes to access the Service.
  • "Customer Data" — any data, including PHI, submitted to or processed through the Service on Customer's behalf.
  • "PHI" — Protected Health Information, as defined at 45 CFR 160.103.
  • "Part 2 Data" — records of the identity, diagnosis, prognosis, or treatment of a patient maintained in connection with the performance of a Part 2 Program, as defined at 42 CFR § 2.11.
  • "Service" — the Auxo Health Solutions platform, including the software, hosting, support, documentation, and any professional services provided.
  • "Documentation" — user guides, release notes, and technical documentation Auxo makes available at https://app.auxohealthsolutions.com/docs or equivalent.
  • "Sub-Processor" — any third-party service provider retained by Auxo that processes Customer Data.
  • "Order" — a Service Order, statement of work, or other ordering document referencing this Agreement.
  • "Effective Date" — the date of Customer's acceptance of this Agreement or the effective date of the first Order, whichever is earlier.

3. The Service

3.1 License Grant

Subject to Customer's compliance with this Agreement and payment of fees, Auxo grants Customer a limited, non-exclusive, non-transferable, non-sublicensable right during the term to access and use the Service solely for Customer's internal business purposes.

3.2 Authorized Users

Customer is responsible for:

  • Providing accurate user information (including NPI and licensure where applicable)
  • Ensuring each Authorized User completes HIPAA training and any Customer-required training before accessing PHI
  • Managing access privileges and deactivating accounts promptly upon role change or termination
  • Maintaining the confidentiality of login credentials and notifying Auxo of any unauthorized access
  • All acts and omissions of its Authorized Users

3.3 Acceptable Use

Customer and Authorized Users must not:

  • Reverse engineer, decompile, disassemble, or attempt to derive source code of the Service
  • Copy, modify, or create derivative works of the Service
  • Resell, sublicense, rent, lease, or otherwise distribute the Service
  • Use the Service to develop a competing product
  • Upload malicious code, probe for vulnerabilities outside Auxo's responsible-disclosure program, or interfere with the Service's operation
  • Use the Service to process data unrelated to healthcare operations permitted by HIPAA and 42 CFR Part 2
  • Use the Service in any manner that violates applicable law (including the HIPAA Privacy, Security, or Breach Notification Rules; 42 CFR Part 2; the Ryan Haight Act; 21st Century Cures Act information-blocking provisions; or state law)
  • Circumvent role-based access controls, audit logs, or security features

4. Customer Obligations and Representations

4.1 Lawful Use

Customer represents and warrants that:

  • Customer is a HIPAA Covered Entity or otherwise legally authorized to possess the Customer Data it submits
  • Customer has obtained all patient consents and authorizations required by HIPAA, 42 CFR Part 2, state law, and Customer's Notice of Privacy Practices before submitting Customer Data to the Service
  • For Part 2 Data, Customer has obtained consents meeting the requirements of 42 CFR § 2.31 and will provide the required recipient notice (42 CFR § 2.32) when directing disclosures through the Service
  • For reproductive health information, Customer will apply the attestation requirements of 45 CFR § 164.509 (April 2024 final rule) before directing a disclosure

4.2 Customer Data Accuracy

Customer is solely responsible for the accuracy, quality, legality, and appropriateness of Customer Data submitted to the Service and for the lawfulness of Customer's instructions to Auxo regarding that data.

4.3 Independent Clinical Judgment

The Service is a software tool. Customer's licensed clinicians remain solely responsible for clinical decisions, including diagnosis, treatment planning, medication selection and dosing, prior authorization rationale, discharge planning, and any other healthcare decisions. No feature of the Service replaces the independent medical judgment of a qualified healthcare professional. See Section 6.

5. Auxo Obligations

5.1 Service Availability

Auxo will provide the Service in accordance with the Service-Level Agreement (Exhibit C). Sole and exclusive remedy for SLA failures is the service credit specified therein.

5.2 Security

Auxo will implement administrative, physical, and technical safeguards designed to protect Customer Data consistent with 45 CFR 164.308, 164.310, and 164.312 (the HIPAA Security Rule), including encryption at rest (AES-256) and in transit (TLS 1.2+), multi-factor authentication for privileged access, role-based access control, audit logging, backup and recovery, and incident response.

5.3 Support

Auxo provides support during business hours (8 AM – 6 PM Central Time, Monday through Friday, excluding U.S. federal holidays) via support@auxohealthsolutions.com and the in-app help center. Enterprise support terms are set in the applicable Order.

5.4 Sub-Processors

Auxo maintains a current list of Sub-Processors at https://app.auxohealthsolutions.com/legal/sub-processors. Auxo will provide Customer with at least 30 days' advance notice before authorizing a new Sub-Processor to process PHI and will update the list accordingly. Each Sub-Processor that processes PHI has executed a BAA with Auxo. If Customer reasonably objects to a new Sub-Processor on data-protection grounds, Customer may terminate the Order on written notice within 30 days of notice; such termination is Customer's sole remedy.

6. Artificial Intelligence and Clinical Decision Support

6.1 Decision Support Only

The Service provides clinical decision support, clinical documentation assistance, and workflow automation, including features that use artificial intelligence and machine learning ("AI Features"). The Service is not a medical device and does not provide medical advice, diagnosis, or treatment.

6.2 Human-in-the-Loop

All clinical decisions — including but not limited to diagnosis, treatment, medication selection and dosing, prior authorization, e-prescribing, discharge planning, risk stratification, and level-of-care decisions — remain the exclusive responsibility of Customer's licensed clinicians exercising independent professional judgment. AI-generated outputs (summaries, drafts, risk scores, suggested orders, notes, clinical rationale, utilization-review appeals, documentation templates, and similar) must be independently reviewed and verified by a qualified clinician before being relied upon for any clinical purpose.

6.3 No Warranty of AI Outputs

AI outputs may be incorrect, incomplete, outdated, biased, or "hallucinated." Customer assumes sole responsibility for verifying AI outputs before clinical use. The Service is intended to operate within the 21st Century Cures Act clinical-decision-support exclusion (21 U.S.C. § 360j(o)(1)(E)) and provides source citations or references where applicable to allow clinicians to independently review the basis for recommendations.

6.4 No Patient-Facing Autonomous Advice

AI Features do not provide autonomous clinical advice directly to patients. Patient-facing AI-generated content (where Customer enables such features) includes a prominent notice that the content was generated by AI and directs the patient to contact a licensed provider with clinical questions, in accordance with California AB 3030 and similar laws.

6.5 No Training on Customer Data

Auxo does not use Customer Data or PHI to train foundation AI or ML models. Our AI Sub-Processors (including Anthropic) are bound by contractual zero-data-retention commitments for Auxo's account.

6.6 E-Prescribing Disclaimer

The Service supports electronic prescribing through the Surescripts network (subject to Auxo's Surescripts certification and Customer's prescriber credentials). Drug-utilization review ("DUR") alerts, drug-drug interaction ("DDI") alerts, and similar warnings are informational only. The prescriber is solely responsible for the clinical appropriateness, dose, duration, and patient safety of any prescription. Auxo is not responsible for the contents of third-party drug databases or for clinical decisions based on those databases.

7. Data Ownership and Privacy

7.1 Customer Data

As between Customer and Auxo, Customer retains all right, title, and interest in and to Customer Data, including all PHI. Customer grants Auxo a limited, non-exclusive license to access, host, store, process, and transmit Customer Data solely to provide the Service to Customer.

7.2 BAA

To the extent Customer Data contains PHI, the parties execute the Business Associate Agreement attached as Exhibit A. In case of conflict, the BAA controls with respect to PHI.

7.3 Part 2 Data

For Part 2 Data, Auxo operates as a Qualified Service Organization under 42 CFR § 2.11. Auxo will apply the consents, restrictions, redisclosure prohibitions, and recipient notices required by Part 2.

7.4 De-Identified Data

Auxo may create and use de-identified data derived from Customer Data, provided the de-identification meets the Safe Harbor (45 CFR 164.514(b)(2)) or Expert Determination (45 CFR 164.514(b)(1)) standard. De-identified data is owned by Auxo and may be used for analytics, benchmarking, research, and product improvement.

7.5 Aggregated Usage Data

Auxo may collect and use aggregated, non-identifying usage data about the Service.

8. Fees and Payment

8.1 Fees

Customer will pay the fees specified in each Order. Fees are exclusive of taxes, which Customer will pay except for taxes based on Auxo's net income.

8.2 Invoicing

Auxo will invoice Customer monthly (or as specified in the Order). Payment is due net 30 days from invoice date via ACH, wire, or credit card. Overdue balances accrue interest at 1.5% per month or the maximum rate allowed by law.

8.3 Non-Payment

If Customer is more than 30 days late on undisputed fees, Auxo may suspend the Service on 10 business days' written notice. Auxo will not delete PHI during a suspension unless Customer directs deletion or the Agreement is terminated under Section 11.

8.4 Price Changes

For subscription terms, Auxo may increase fees upon renewal with at least 60 days' written notice before the renewal date.

9. Confidentiality

Each party may receive the other party's Confidential Information. Each party will (i) protect Confidential Information with at least the same care it uses for its own confidential information, and in no event less than reasonable care, (ii) use Confidential Information only to perform under this Agreement, and (iii) disclose Confidential Information only to personnel bound by confidentiality obligations. Confidential Information does not include information that is public, independently developed, or rightfully obtained from a third party. PHI is governed by the BAA and Section 7.

10. Intellectual Property

10.1 Auxo IP

Auxo owns all right, title, and interest in the Service, including all software, documentation, trademarks, and improvements. Customer obtains only the access license granted in Section 3.1. No rights are granted by implication, estoppel, or otherwise.

10.2 Feedback

Customer may provide feedback and suggestions to Auxo. Auxo may use feedback without restriction or attribution, subject to confidentiality.

10.3 Customer Marks

Customer grants Auxo the right to use Customer's name and logo to identify Customer as an Auxo customer in marketing materials, subject to Customer's trademark guidelines. Customer may revoke this right on written notice, which will apply prospectively.

11. Term and Termination

11.1 Term

The Agreement begins on the Effective Date and continues for the term specified in the Order, renewing automatically for successive 12-month terms unless either party gives written notice of non-renewal at least 60 days before the end of the then-current term.

11.2 Termination for Cause

Either party may terminate the Agreement on written notice if the other party (i) materially breaches and fails to cure within 30 days of notice, or (ii) becomes insolvent, is the subject of a bankruptcy petition, or assigns for the benefit of creditors.

11.3 Termination for Convenience

Except as otherwise specified in an Order, neither party may terminate for convenience during an active subscription term.

11.4 Effect of Termination

Upon termination or expiration:

  • Customer's access to the Service ends on the effective date of termination
  • Data Export Window: For 60 days following termination, Auxo will make Customer Data available for export in a documented, machine-readable format (FHIR R4 for clinical records, CSV for billing/scheduling/administrative data)
  • Data Deletion: Within 90 days after the Data Export Window expires, Auxo will securely delete Customer Data from active systems and, within 180 days of termination, from backup media on Auxo's standard backup rotation; Auxo will provide a written certificate of destruction on Customer request
  • Any PHI retained pending deletion continues to be protected by the BAA (per 45 CFR 164.504(e)(2)(ii)(J))
  • Fees accrued through termination remain due; prepaid fees for unused periods are non-refundable except on Auxo's material breach

11.5 Survival

Sections 2, 4.3, 6, 7.1, 7.2, 7.3, 7.4, 9, 10.1, 11.4, 12, 13, 14, 15, and 16 survive termination.

12. Warranty; Disclaimer

12.1 Limited Warranty

Auxo warrants that during the term the Service will perform materially in accordance with the Documentation. Customer's exclusive remedy for breach of this warranty is repair or, if repair is not commercially reasonable within 30 days of notice, termination of the affected Order and refund of prepaid fees for the remainder of the term.

12.2 Disclaimer

EXCEPT FOR THE EXPRESS WARRANTY IN SECTION 12.1, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." AUXO DISCLAIMS ALL OTHER WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND ANY WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE. AUXO DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE; THAT DEFECTS WILL BE CORRECTED; OR THAT THE SERVICE IS COMPATIBLE WITH ANY PARTICULAR HARDWARE OR SOFTWARE. AUXO DOES NOT WARRANT THE ACCURACY, COMPLETENESS, OR CLINICAL CORRECTNESS OF ANY AI-GENERATED OUTPUT, DRUG DATABASE, CLINICAL DECISION SUPPORT ALERT, OR PATIENT-MATCHING RESULT.

13. Indemnification

13.1 By Auxo

Auxo will defend Customer against third-party claims alleging the Service, as provided by Auxo and used in accordance with this Agreement and the Documentation, infringes a U.S. patent, copyright, or trademark, and will pay damages or settlement amounts attributable to such claims. Auxo's obligations do not apply to claims arising from (i) Customer Data, (ii) combinations of the Service with other products not provided by Auxo, (iii) modifications to the Service not made by Auxo, or (iv) Customer's use of the Service in violation of this Agreement or applicable law.

13.2 By Customer

Customer will defend Auxo against third-party claims arising from (i) Customer's or its Authorized Users' violation of this Agreement or applicable law, including HIPAA, 42 CFR Part 2, or state privacy law; (ii) Customer's failure to obtain required patient consents; (iii) clinical decisions made by Customer's clinicians; (iv) Customer Data (including claims that Customer Data infringes third-party rights); and (v) Customer's combinations of the Service with other products.

13.3 Procedure

The indemnified party must (i) promptly notify the indemnifying party in writing, (ii) give the indemnifying party sole control of the defense and settlement, and (iii) provide reasonable cooperation. The indemnified party may participate with its own counsel at its own expense.

14. Limitation of Liability

14.1 Exclusion of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PARTY IS LIABLE TO THE OTHER FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, LOST REVENUE, LOST DATA, OR BUSINESS INTERRUPTION, REGARDLESS OF THE THEORY OF LIABILITY AND EVEN IF THE PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

14.2 Aggregate Cap

EACH PARTY'S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT IS LIMITED TO THE FEES PAID OR PAYABLE BY CUSTOMER TO AUXO IN THE 12 MONTHS PRECEDING THE CLAIM.

14.3 Carve-Outs

Sections 14.1 and 14.2 do not apply to (i) a party's indemnification obligations under Section 13; (ii) Customer's payment obligations under Section 8; (iii) either party's violation of the other's intellectual property rights; (iv) either party's gross negligence or willful misconduct; or (v) a party's breach of the BAA resulting in unauthorized disclosure of PHI. For item (v), the parties may negotiate a super-cap (e.g., 3x fees paid in the prior 12 months) in the applicable Order.

15. Governing Law; Dispute Resolution

15.1 Governing Law

This Agreement is governed by the laws of the State of Texas, without regard to its conflict-of-law rules.

15.2 Arbitration

Any dispute arising out of or relating to this Agreement will be finally resolved by binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules. Arbitration will be conducted in [Travis County OR Dallas County], Texas, by a single arbitrator with healthcare-SaaS experience. Judgment on the award may be entered in any court of competent jurisdiction.

15.3 Class Waiver

Each party waives its right to participate in class actions, class arbitrations, or representative proceedings.

15.4 Injunctive Relief

Notwithstanding Section 15.2, either party may seek injunctive or equitable relief in a court of competent jurisdiction for violations of confidentiality or intellectual property rights.

16. General

16.1 Entire Agreement

This Agreement, the Exhibits, and any Orders constitute the entire agreement and supersede all prior negotiations and agreements regarding the subject matter.

16.2 Amendments

Auxo may update this Agreement for the public-facing version upon 30 days' notice. Material amendments to signed, custom Orders require mutual written agreement.

16.3 Assignment

Neither party may assign this Agreement without the other's written consent, except that either party may assign to an affiliate or to a successor in a merger, acquisition, or sale of all or substantially all of its assets. Any attempted assignment in violation of this section is void.

16.4 Force Majeure

Neither party is liable for delays or failures caused by events outside its reasonable control, including natural disasters, wars, terrorism, labor disputes, governmental action, cloud-provider outages, and cyberattacks.

16.5 Export Control and Sanctions

Customer represents that it is not located in, and will not use the Service from, a country subject to U.S. embargoes, and that it is not on any U.S. Government restricted-parties list.

16.6 Government End Users

The Service is "commercial computer software" and "commercial computer software documentation" under FAR 52.227-19. U.S. Government end users acquire only the rights specified in this Agreement.

16.7 Notices

Notices must be in writing and delivered by email (to legal@auxohealthsolutions.com for Auxo; to Customer's designated notice email) or overnight courier. Notices are effective upon receipt.

16.8 Severability

If any provision is held unenforceable, the remainder continues in full force, and the unenforceable provision will be modified to the minimum extent necessary to make it enforceable.

16.9 Waiver

No waiver is effective unless in writing and signed by the waiving party. A waiver on one occasion is not a waiver of future occasions.

16.10 Independent Contractors

The parties are independent contractors. This Agreement does not create a partnership, joint venture, agency, or employment relationship.

16.11 Third-Party Beneficiaries

No third-party beneficiaries.

16.12 Headings; Interpretation

Headings are for convenience only. "Including" means "including without limitation."

Exhibits:

  • Exhibit A: Business Associate Agreement (see baa.md)
  • Exhibit B: Data Processing Addendum (to be drafted)
  • Exhibit C: Service-Level Agreement (to be drafted)
  • Exhibit D: Sub-Processor List (see sub-processors.md)