Terms of Service

1. Agreement to Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you ("User," "you," or "your") and IoT Softworks ("Company," "we," "us," or "our"), governing your access to and use of the LuminaEHR electronic health records platform, including all associated software applications, services, and websites (collectively, the "Service").

By creating an account, downloading, installing, or using the Service, you agree to be bound by these Terms. If you do not agree to these Terms, do not use the Service.

2. Description of Service

LuminaEHR is an offline-first electronic health records (EHR) platform that provides:

• Patient management and clinical documentation
• Peer-to-peer (P2P) data synchronization across devices
• Computerized Provider Order Entry (CPOE) with clinical decision support
• Billing and revenue cycle management tools
• FHIR R4 data export
• eCQM quality reporting
• Appointment scheduling and management
• Custom forms and analytics

The Service stores clinical data locally on your devices using encrypted SQLite databases. The Company's servers facilitate account management, subscription processing, device discovery, and P2P relay services but do not store your patient or clinical data.

3. Account Registration

3.1 Eligibility

You must be at least 18 years old and have the legal authority to enter into these Terms. If you are using the Service on behalf of a healthcare organization, you represent that you have the authority to bind that organization to these Terms.

3.2 Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. You must:

• Use a strong, unique password
• Enable multi-factor authentication (MFA) if available on your plan
• Notify us immediately of any unauthorized access to your account
• Not share your account credentials with unauthorized individuals

3.3 Assistant Accounts

Master account holders may create assistant accounts for authorized team members within their subscription limits. You are responsible for the actions of all assistant accounts created under your master account.

4. Subscription Plans & Payment

4.1 Plans

The Service is offered in four tiers: Free, Basic, Professional, and Enterprise. Plan features, device limits, and patient limits are described on our Pricing page and may be updated from time to time.

4.2 Free Trial

New accounts receive a 14-day free trial of the Professional plan. No credit card is required to start the trial. At the end of the trial, you may select a paid plan or continue with the Free tier.

4.3 Billing

Paid subscriptions are billed monthly or annually, depending on your selection. Payments are processed through third-party payment gateways (Paddle, Stripe, PayPal, or Lemon Squeezy). By subscribing to a paid plan, you authorize us to charge your chosen payment method on a recurring basis.

4.4 Price Changes

We may change subscription prices with at least 30 days' advance notice. Price changes will take effect at the start of your next billing period after the notice.

4.5 Cancellation

You may cancel your subscription at any time. Cancellation takes effect at the end of your current billing period. After cancellation, your account reverts to the Free tier. Your locally stored data remains on your devices.

5. Data Ownership & Privacy

5.1 Your Data

You retain full ownership of all clinical data, patient records, and other content you create or store using the Service ("Your Data"). We do not claim any ownership rights over Your Data.

5.2 Local Storage

LuminaEHR is designed as an offline-first platform. Your Data is stored locally on your devices in encrypted databases (AES-256 via SQLCipher). We do not store, access, or process Your Data on our servers.

5.3 P2P Synchronization

When you enable P2P synchronization, Your Data is transmitted directly between your authorized devices using AES-256-GCM encryption with Perfect Forward Secrecy. Our servers may facilitate device discovery and relay connections but do not store or inspect the contents of synchronized data.

5.4 Data Export

You may export Your Data at any time using the FHIR R4 export feature or other export tools provided by the Service.

6. HIPAA & Healthcare Compliance

6.1 Shared Responsibility

LuminaEHR provides tools to support HIPAA compliance, including encryption at rest and in transit, audit trails, access controls, multi-factor authentication, and inactivity lock screens. However, you are responsible for:

• Configuring the Service in accordance with your compliance obligations
• Training your staff on proper use of the system and HIPAA requirements
• Maintaining physical security of devices containing patient data
• Conducting required risk assessments for your practice
• Entering into Business Associate Agreements (BAAs) where required

6.2 Business Associate Agreement

Because LuminaEHR's offline-first architecture means we do not store or process Protected Health Information (PHI) on our servers, a BAA may not be required for typical use. However, if your use case involves our servers processing PHI (e.g., relay services), please contact us to execute a BAA.

6.3 No Medical Advice

The Service is a record-keeping and clinical workflow tool. It does not provide medical advice, diagnoses, or treatment recommendations. Clinical decision support features (drug interaction checking, allergy alerts) are informational aids and do not replace professional medical judgment.

7. Acceptable Use

You agree not to:

• Use the Service in violation of any applicable law or regulation
• Reverse engineer, decompile, or disassemble any part of the Service
• Attempt to gain unauthorized access to other users' accounts or data
• Use the Service to transmit malware, viruses, or harmful code
• Resell, sublicense, or redistribute the Service without our written consent
• Use the Service in a manner that could damage, disable, or impair its operation
• Circumvent any subscription limits, feature restrictions, or security measures

8. Intellectual Property

The Service, including its source code, design, features, documentation, and branding, is owned by IoT Softworks and is protected by copyright, trademark, and other intellectual property laws. Your subscription grants you a limited, non-exclusive, non-transferable license to use the Service for its intended purpose during your subscription term.

9. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW:

• THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED.
• WE DO NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.
• IN NO EVENT SHALL OUR TOTAL LIABILITY EXCEED THE AMOUNT YOU PAID FOR THE SERVICE IN THE 12 MONTHS PRECEDING THE CLAIM.
• WE SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOSS OF DATA, REVENUE, OR PROFITS.

10. Indemnification

You agree to indemnify and hold harmless IoT Softworks, its officers, directors, employees, and agents from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from your use of the Service, your violation of these Terms, or your violation of any applicable law or regulation.

11. Termination

We may suspend or terminate your access to the Service if:

• You violate these Terms
• Your subscription payment fails and is not resolved within a reasonable period
• We are required to do so by law
• We reasonably believe your account has been compromised

Upon termination, your right to use the Service ceases immediately. Your locally stored data remains on your devices and is not affected by account termination.

12. Changes to Terms

We may update these Terms from time to time. We will notify you of material changes at least 30 days before they take effect by email or through the Service. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Terms.

13. Governing Law

These Terms are governed by and construed in accordance with the laws of the jurisdiction in which IoT Softworks operates, without regard to conflict of law principles.

14. Dispute Resolution

Any disputes arising under these Terms shall first be attempted to be resolved through good-faith negotiation. If negotiation fails, disputes shall be resolved through binding arbitration in accordance with applicable arbitration rules, except that either party may seek injunctive relief in a court of competent jurisdiction.

15. Contact

If you have questions about these Terms, please contact us:

• Email: Contact Page
• Website: lumina.iotsoftworks.com