Omi Scribe Cloud — Terms of Service

Version: 1.5

Effective: 1 April 2026

Provider: Omi Health B.V., Eindhoven, Netherlands

Contact: [email protected]

1. Acceptance

By creating an account, accessing, or using Omi Scribe Cloud (the “Service”), you agree to these Terms of Service (“Terms”).

If you use the Service on behalf of an organisation (the “Customer”), you represent that you have authority to bind the Customer to these Terms.

These Terms, together with any applicable order form, Data Processing Addendum (DPA), Business Associate Agreement (BAA) (if applicable), and referenced policies, form the agreement between Customer and Omi Health B.V. regarding the Service.

• Privacy Notice: /legal/cloud-privacy
• Sub‑processors: /legal/sub-processors
• DPA (GDPR Article 28): available on request — contact [email protected]
• BAA (HIPAA, US only): available on request — contact [email protected]

2. The Service

The Service provides AI‑assisted transcription, diarisation, clinical documentation drafting, structured clinical extraction, and workflow automation features.

Draft output only. The Service generates AI‑generated drafts. The clinician/user must review, edit, and approve outputs before any clinical use.

No automatic submission. The Service does not automatically submit outputs to external systems (e.g., EHR). Exports and integrations require explicit user action or Customer administrator configuration.

We may update the Service over time (including adding, changing, or removing features). If we materially reduce core functionality during a paid subscription term, we will provide reasonable notice and (where appropriate) a reasonable alternative or adjustment.

3. Eligibility and accounts

Customer and users must:

• provide accurate account information and keep it current;
• keep credentials secure and not share accounts;
• promptly notify us of suspected unauthorised access at [email protected].

Customer administrators may manage users, permissions, retention settings, and integrations for their tenant.

4. Customer Content and ownership

“Customer Content” means any audio, transcripts, notes, text, structured data, and other content submitted to or generated within the Service for the Customer.

As between the parties:

• Customer owns Customer Content.
• Omi Health owns the Service and related intellectual property (software, models, prompts, workflows, UI, documentation), excluding Customer Content.

Customer grants Omi Health a limited, non‑exclusive licence to process Customer Content solely to provide, maintain, and secure the Service, consistent with Customer configuration and instructions. This licence ends when Customer Content is deleted or when the agreement terminates, subject to limited backup retention.

5. No training on Customer Content

Omi Health does not use Customer Content to train, fine‑tune, or evaluate machine learning models.

This “no training” commitment applies during and after the term of the agreement.

Material term. This Section 5 is a material term of the agreement. If Omi Health breaches the “no training” commitment, Customer may terminate the affected Services immediately upon written notice and may seek injunctive or equitable relief (in addition to any other remedies available under law), to the extent permitted by law.

6. Privacy, data processing, security, and incident notification

• Our Privacy Notice explains how we process personal data: /legal/cloud-privacy.
• Where Omi Health processes Customer Content on Customer’s behalf, the parties will enter into a DPA (available on request).
• We implement security measures designed to protect Customer Content and Service Data, including encryption in transit, encryption at rest, access controls, and logging. No system is perfectly secure.

6.1 Security incident and breach notification

If Omi Health becomes aware of a confirmed Personal Data Breach affecting Customer Content, we will notify Customer without undue delay, and in any event no later than 48 hours after becoming aware, as set out in the DPA (unless delayed by law enforcement direction).

7. HIPAA (United States)

If Customer is a HIPAA Covered Entity (or a Business Associate) and will use the Service to process Protected Health Information (PHI), a Business Associate Agreement (BAA) must be executed before PHI is submitted.

If no BAA is in place, Customer must not submit PHI to the Service.

BAA inquiries: [email protected].

8. Acceptable use

Customer and users must:

• use the Service only for lawful purposes;
• comply with applicable healthcare, privacy, and security laws;
• ensure that users review and validate all outputs before clinical use;
• maintain appropriate administrative, technical, and physical safeguards for access to the Service.

Customer and users must not:

• reverse engineer, decompile, or attempt to extract models, prompts, or proprietary assets from the Service (except where mandatory law permits for interoperability);
• bypass security controls or access data not belonging to them;
• scrape, crawl, or systematically extract data beyond normal use;
• upload malware or engage in abusive or disruptive behaviour;
• perform penetration testing without prior written authorisation;
• use the Service or its outputs at scale to train or develop competing models or products.

Users may report abuse, misuse, or concerns about AI-generated content to [email protected].

9. AI output limitations and clinical responsibility

The Service is a clinical documentation assistant. It uses machine learning and may produce inaccurate, incomplete, or misleading outputs. The Service is not intended for diagnosis, prevention, monitoring, prediction, prognosis, treatment, or clinical decision‑making. All AI‑generated content is presented as a draft for review by a qualified healthcare professional, who is the sole author of the final clinical record and is solely responsible for clinical decisions.

9.1 Draft output; sole author

Outputs are draft suggestions only. The user acknowledges that they are the sole author of the final clinical record and accepts full responsibility for its accuracy, completeness, and compliance with clinical standards.

9.2 Human oversight required

Customer and users are solely responsible for:

• reviewing all AI‑generated content before use;
• verifying accuracy against source audio/transcripts and the clinical record;
• correcting errors, omissions, or fabricated content;
• ensuring appropriate professional judgement and regulatory compliance;
• obtaining any required patient notice/consent for recording and AI-assisted documentation.

To the maximum extent permitted by law, Omi Health disclaims liability for clinical outcomes arising from reliance on AI‑generated drafts.

10. AI regulation (EU AI Act)

10.1 Classification

The Service is a clinical documentation assistant that generates draft outputs for human review. It is not intended for diagnosis, prevention, monitoring, prediction, prognosis, treatment, or clinical decision‑making, and it does not autonomously make or materially influence decisions that produce legal or similarly significant effects on individuals.

Based on its current intended purpose and functionality, Omi Health classifies the Service outside the scope of high‑risk AI systems under Annex III of Regulation (EU) 2024/1689 (the "AI Act"). This classification is reviewed when the Service's intended purpose, functionality, or risk profile materially changes.

10.2 Transparency

Consistent with Article 50 of the AI Act, Omi Health ensures that:

• the Service is designed so that users are informed they are interacting with AI‑generated content;
• outputs are labelled as AI‑generated drafts requiring human review; and
• documentation describing the Service's general capabilities and limitations is made available to Customers.

10.3 Provider commitments

Omi Health will:

• comply with mandatory obligations applicable to providers of AI systems under the AI Act, as they become applicable;
• monitor regulatory guidance, delegated acts, and harmonised standards relevant to the Service's classification;
• maintain internal documentation proportionate to the Service's risk profile; and
• cooperate with Customers in fulfilling any AI Act obligations that apply to them as deployers of the Service.

10.4 Reclassification

If the Service's intended purpose or functionality changes such that it would fall within a higher risk category under the AI Act (for example, through the addition of clinical decision‑support features), Omi Health will:

• notify Customer of the reclassification;
• implement the additional requirements applicable to the new risk category within a reasonable timeframe; and
• update these Terms and relevant documentation accordingly.

Customer may terminate the affected Services if it reasonably determines that the reclassified risk category is incompatible with its regulatory obligations, by providing written notice within 30 days of the reclassification notification.

10.5 No unacceptable practices

The Service does not engage in any practice prohibited under Article 5 of the AI Act.

11. Integrations and third‑party services

The Service may support integrations (e.g., EHR export, storage, identity providers). Customer is responsible for:

• enabling and configuring integrations,
• ensuring appropriate authorisations and consents, and
• compliance obligations for third-party systems.

12. Fees and payment (if applicable)

Fees, billing terms, and subscription details are set out in an order form, online checkout, or other agreement with Customer. Non‑payment may result in suspension or termination.

13. Term, suspension, and termination

These Terms continue until terminated.

We may suspend or terminate access for material breach, security risk, or non‑payment.

13.1 Data export and deletion

Upon termination:

• Customer may request export of Customer Content within up to 30 days, subject to plan features and technical feasibility.
• Customer Content will be deleted from active systems in accordance with Customer retention settings and our deletion processes.
• Encrypted backups may retain data for a limited period (see Privacy Notice and DPA), after which they are overwritten on a rolling basis.

14. Warranty disclaimer

THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, OMI HEALTH DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON‑INFRINGEMENT, AND ACCURACY.

15. Limitation of liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• Omi Health is not liable for indirect, incidental, special, consequential, or punitive damages.
• Omi Health’s total liability arising out of or relating to the Service will not exceed the amounts paid by Customer for the Service in the 12 months preceding the event giving rise to the claim (or €100 if no fees were paid), unless mandatory law requires otherwise.

Nothing in these Terms limits liability that cannot be limited under applicable law (e.g., wilful misconduct or gross negligence where non‑waivable).

16. Indemnity

Customer will indemnify and hold harmless Omi Health from third‑party claims arising from:

• Customer Content,
• Customer’s unlawful use of the Service, or
• Customer’s breach of these Terms,

except to the extent caused by Omi Health’s wilful misconduct.

17. Export controls and sanctions

Customer and users must comply with applicable export‑control and sanctions laws when using the Service.

18. Governing law and forum

These Terms are governed by the laws of the Netherlands (excluding conflict‑of‑law rules).

Exclusive forum for business users: the competent courts of Oost‑Brabant (’s‑Hertogenbosch), Netherlands.

19. Changes

We may update these Terms from time to time. If changes are material, we will provide notice through the Service or by email to account administrators. Continued use after the effective date constitutes acceptance.

20. Contact

Legal: [email protected]

Privacy: [email protected]

Security: [email protected]