1. Acceptance of Terms

By accessing or using Scribe360, you agree to be bound by these Terms of Service, the Business Associate Agreement (Appendix A), and our Privacy Policy. If you do not agree, do not use the service.

These terms constitute a legally binding agreement between you and your practice ("User," "Customer," or "Covered Entity") and Scribe360 ("we," "us," or "our," operating as "Business Associate" under HIPAA). References to "you" include individual users and the practice entity they represent.

2. Service Description

Scribe360 is an AI-powered medical scribe platform designed for office-based medical practices across 28 specialties. The service provides:

• Audio recording of patient encounters with local browser capture
• Medical-grade transcription with speaker diarization
• AI-generated SOAP note drafts from encounter transcripts
• Suggested ICD-10 diagnosis codes, CPT procedure codes, and E/M level recommendations
• After-visit summaries in patient/parent-friendly language
• Practice team management tools

3. Accounts & Registration

You must provide accurate, complete information when creating an account, including a valid NPI (National Provider Identifier) verified against the CMS NPPES registry. You are responsible for:

• Maintaining the confidentiality of your login credentials
• All activities that occur under your account
• Notifying us immediately of any unauthorized access
• Ensuring team members are assigned appropriate roles matching their clinical responsibilities

One account is permitted per NPI. Practice owners are responsible for managing team member access and ensuring appropriate role assignments.

4. Fees & Payment

Scribe360 offers tiered plans based on monthly encounter volume. Current plans are listed on our Pricing page.

• Free tier — 25 encounters/month at no charge, subject to NPI verification. By using the free tier, you consent to receive product updates, feature announcements, and promotional communications from Scribe360. You may opt out of marketing emails at any time via the unsubscribe link in each email; opting out does not affect transactional emails (password reset, verification, security alerts).
• Paid plans — billed monthly via invoice. Payment is due within 30 days of invoice date.
• Plan changes — you may upgrade or downgrade at any time. Changes take effect at the next billing cycle.
• Late payment — accounts with invoices overdue by more than 30 days may be restricted to free tier functionality until payment is received. No data is deleted due to late payment.

We may adjust pricing with 30 days' written notice. Continued use after the effective date constitutes acceptance.

5. AI-Generated Content Disclaimer

Scribe360 uses artificial intelligence to assist with clinical documentation. AI-generated content — including SOAP notes, ICD-10 codes, CPT codes, E/M levels, follow-up items, medications, and patient summaries — is provided as a draft for physician review.

• AI-generated content may contain errors, omissions, or inaccuracies
• AI output does not constitute medical advice, diagnosis, or treatment recommendations
• All AI-generated content must be reviewed, edited, and approved by a licensed physician before clinical use
• Code suggestions (ICD-10, CPT, E/M) must be independently verified before billing submission
• The AI may flag inconsistencies or documentation gaps, but these flags are advisory — clinical judgment prevails

Scribe360 is a documentation assistant. It does not practice medicine, replace clinical judgment, or substitute for professional medical oversight.

6. Physician Responsibility

Physicians using Scribe360 acknowledge and agree that:

• They bear sole clinical responsibility for all patient care decisions
• AI-generated documentation is a starting point, not a final product
• They must review and approve all SOAP notes before they become part of the clinical record
• They must verify all code suggestions before billing submission
• They must complete the physician acknowledgment before accessing clinical features
• They are responsible for the accuracy of any documentation transferred to their EHR system

7. EHR Transfer & Integration

This section applies to all methods of transferring data from Scribe360 to your Electronic Health Record (EHR) system — whether by manual copy-paste, browser extension, API integration, or any other mechanism, current or future.

• Verification before saving. You must verify that the correct patient's data has been pasted or transferred into the correct patient's chart in your EHR before saving. Scribe360 provides copy-to-clipboard functionality as a convenience; it does not control what is pasted, where it is pasted, or whether the destination chart belongs to the correct patient.
• Clipboard contents. Your device's clipboard is controlled by your operating system and browser, not by Scribe360. If clipboard contents are stale, overwritten, or corrupted by other software, Scribe360 is not responsible for the resulting data in your EHR.
• EHR compatibility. Scribe360 generates standard text output designed to be compatible with common EHR systems. We do not guarantee formatting, field mapping, or data integrity after transfer into any specific EHR. You must confirm that transferred content appears correctly in your EHR.
• Browser extension (future). If we offer a browser extension or other automated integration with your EHR, you remain responsible for verifying that data is transferred to the correct patient chart. Automated transfers are a convenience, not a substitute for physician review.
• Third-party EHR terms. Your use of your EHR system is governed by your agreement with your EHR vendor. Scribe360 is not a party to that agreement and is not responsible for changes to your EHR's interface, API, or terms of service that may affect integration.

Scribe360 is not liable for errors that occur after data leaves our platform — including copy-paste errors, wrong-chart entries, or formatting issues in your EHR.

8. Patient Consent Obligations

You are solely responsible for obtaining appropriate consent from patients (or their parents/guardians for minors) before using Scribe360 to record encounters. Specifically:

• You must obtain informed consent for audio recording of the encounter, in compliance with applicable federal and state recording laws
• You must inform the patient (or guardian) that an AI service will process their audio to generate clinical documentation
• You must obtain consent for the disclosure of PHI to Scribe360 and its subprocessors (transcription and AI providers) as described in the Business Associate Agreement
• For pediatric patients, consent must be obtained from a parent or legal guardian
• You must maintain records of consent in accordance with your practice's policies and applicable law

Scribe360 provides an in-app consent capture mechanism as a convenience. The legal sufficiency of consent is the responsibility of the treating physician.

9. Data Handling & HIPAA

Scribe360 is designed and operated as a HIPAA-compliant service:

• All data is encrypted in transit (TLS) and at rest (full-disk encryption)
• Audio recordings are deleted promptly after physician approval of the encounter
• Access to patient data is role-based, practice-scoped, and audited
• We maintain Business Associate Agreements (BAAs) with all third-party service providers that handle PHI
• All subprocessors are bound by equivalent data protection obligations

For full details, see our Privacy Policy, HIPAA Compliance page, and Appendix A (Business Associate Agreement) below.

10. Data Ownership & Licenses

Your Data. You retain full ownership of all data you input into Scribe360, including patient records, encounter audio, transcripts, and any edits you make to AI-generated content ("Your Data"). We do not claim ownership of Your Data.

License to us. You grant Scribe360 a limited, non-exclusive license to process Your Data solely for the purpose of providing the service — transcription, SOAP note generation, code suggestion, and related functionality. This license terminates when your account is closed and Your Data is deleted.

AI output. AI-generated content (SOAP notes, code suggestions, summaries) is derived from Your Data and becomes part of Your Data once generated. You own the output.

Our IP. The Scribe360 platform, algorithms, user interface, documentation, and all underlying technology remain our intellectual property.

11. De-Identification & Aggregate Data

We may de-identify Your Data in accordance with the HIPAA Safe Harbor method (45 CFR 164.514(b)) by removing all 18 HIPAA identifiers. De-identified data is no longer PHI and may be used for:

• Improving transcription and AI accuracy
• Generating aggregate usage statistics
• Research and development of the service

We will never sell de-identified data to third parties. De-identified data used for AI improvement is limited to improving accuracy of our own service.

12. Restricted Data Types

Substance abuse records (42 CFR Part 2). Scribe360 has not been designed to process records protected under 42 CFR Part 2 (substance use disorder treatment records). You agree not to use the service for encounters where Part 2 protections apply, unless you have obtained all required patient authorizations under 42 CFR Part 2.

13. Acceptable Use

You agree not to:

• Use the service for any unlawful purpose
• Attempt to gain unauthorized access to the service or other users' data
• Share your login credentials with others
• Use the service outside the scope of your assigned role
• Interfere with the service's operation or security
• Register multiple accounts using different NPIs to circumvent encounter limits
• Use the service to process data for practices other than the one registered to your account
• Reverse engineer, decompile, or attempt to extract the source code of the service

14. Indemnification

You agree to indemnify, defend, and hold harmless Scribe360 and its officers, employees, and agents from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from:

• Your use of the service, including clinical decisions made using AI-generated content
• Your failure to obtain adequate patient consent for recording and PHI disclosure
• Your violation of these Terms, applicable laws, or HIPAA regulations
• Any third-party claim arising from documentation you created, approved, or submitted using the service

15. Limitation of Liability

Scribe360 is provided "as is" without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement.

Liability cap. To the maximum extent permitted by law, our total aggregate liability for any claims arising from or related to these Terms or the service shall not exceed the greater of (a) the fees you paid to us in the 12 months preceding the claim, or (b) $500.

Excluded damages. We are not liable for:

• Any errors in AI-generated content
• Clinical decisions made based on AI-generated suggestions
• Service interruptions or data loss
• Indirect, incidental, special, consequential, or punitive damages
• Lost profits, lost data, or cost of substitute services

Exception. Nothing in this section limits our liability for breaches of the Business Associate Agreement (Appendix A) or for gross negligence or willful misconduct.

16. Service Availability

Scribe360 aims for high availability but does not guarantee a specific uptime percentage. The service may be temporarily unavailable due to:

• Scheduled maintenance (communicated in advance where possible)
• Third-party service provider outages (Deepgram, Google, Anthropic)
• Infrastructure issues beyond our reasonable control

Recording resilience. Audio recording occurs entirely in the browser and does not depend on server availability. An encounter recording in progress is unaffected by service downtime. Transcription and SOAP generation require server connectivity and will resume when the service is restored.

We do not offer service-level agreements (SLAs) or service credits at this time. Enterprise plan customers may negotiate SLA terms separately.

17. Data Portability

We are committed to data portability and will not engage in information blocking as defined under the 21st Century Cures Act. You may:

• Export encounter data (transcripts, SOAP notes, codes) at any time via the service
• Request a full data export in standard formats (CSV/JSON) at any time
• Upon account closure, export all data within a 30-day window (see Section 19)

Scribe360 is a documentation tool, not a certified EHR. It is not subject to ONC Health IT Certification requirements. However, we design our export formats to be compatible with common EHR import workflows.

18. Accessibility

We strive to make Scribe360 accessible to users with disabilities. The service includes keyboard navigation, semantic HTML, skip-links, and screen-reader-compatible markup. We welcome feedback on accessibility at support@scribe360.app.

19. Termination & Data Export

By you. You may close your account at any time. Paid plans revert to the free tier upon cancellation; no refunds for partial billing periods.

By us. We may suspend or terminate your account if you violate these terms, with notice where practicable. Practice owners may disable team member accounts at any time.

Data export. Upon account closure, you have 30 days to export your data. We will provide your encounter data in a standard format (CSV/JSON) upon written request during this period.

Data deletion. After the 30-day export window, Your Data is permanently deleted from active systems. De-identified audit records may be retained as required by law. Backup copies are purged within 7 days of active data deletion.

20. Force Majeure

Neither party shall be liable for any failure or delay in performance due to causes beyond its reasonable control, including but not limited to natural disasters, acts of government, internet or infrastructure failures, pandemics, or third-party service provider outages.

21. Governing Law & Dispute Resolution

Governing law. These Terms are governed by the laws of the State of Texas, without regard to conflict of law principles.

Dispute resolution. Any dispute arising from these Terms or the service shall first be addressed through good-faith negotiation for 30 days. If unresolved, disputes shall be resolved in the state or federal courts located in Texas, and you consent to the exclusive jurisdiction of such courts.

Class action waiver. You agree that any disputes shall be resolved on an individual basis. You waive any right to participate in a class action, class arbitration, or representative proceeding.

22. Feedback & Intellectual Property

If you provide suggestions, feature requests, or other feedback about the service, you grant us a non-exclusive, royalty-free, worldwide license to use, modify, and incorporate such feedback into the service without obligation to you. Feedback does not include Your Data or PHI.

23. General Provisions

• Entire agreement. These Terms, the Privacy Policy, and the Business Associate Agreement (Appendix A) constitute the entire agreement between you and Scribe360 regarding the service, and supersede all prior agreements or understandings.
• Severability. If any provision of these Terms is found to be unenforceable, the remaining provisions remain in full force and effect.
• Waiver. Our failure to enforce any provision of these Terms does not constitute a waiver of our right to enforce that provision in the future.
• Assignment. You may not assign your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations in connection with a merger, acquisition, or sale of assets, provided the assignee agrees to be bound by these Terms and the BAA.

24. Changes to Terms

We may update these terms from time to time. Material changes will be communicated via email and in-app notification at least 30 days before taking effect. Continued use of the service after the effective date constitutes acceptance. If you do not agree to updated terms, you may close your account before the effective date.

25. Contact

Questions about these terms? Contact us or email support@scribe360.app.

---

Appendix A: Business Associate Agreement

This Business Associate Agreement ("BAA") is incorporated into and forms part of the Terms of Service between you (the "Covered Entity") and Scribe360 (the "Business Associate").

A.1 Definitions

Capitalized terms not defined herein have the meaning set forth in HIPAA (45 CFR Parts 160, 162, and 164) and the HITECH Act. "PHI" means Protected Health Information as defined in 45 CFR 160.103 that Business Associate creates, receives, maintains, or transmits on behalf of Covered Entity.

A.2 Permitted Uses and Disclosures

Business Associate may use or disclose PHI only as necessary to:

• Perform the services described in the Terms of Service (transcription, SOAP generation, code suggestion, clinical documentation)
• Carry out its legal responsibilities under the BAA
• De-identify PHI in accordance with 45 CFR 164.514(b) as described in Section 11 of the Terms

Business Associate shall not use or disclose PHI in any manner that would violate HIPAA if done by the Covered Entity, except as permitted for Business Associate management and legal responsibilities.

A.3 Safeguards

Business Associate shall implement and maintain administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of PHI, including:

• Encryption — TLS in transit; full-disk encryption at rest
• Access controls — role-based permissions, practice-scoped data isolation
• Audit logging — immutable audit trail for all PHI access
• Authentication — bcrypt password hashing, session timeouts, CSRF protection
• PHI-stripping — application logs scrubbed of patient data
• Audio deletion — recordings deleted after physician approval

A.4 Subcontractors

Business Associate shall ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate agree to the same restrictions and conditions that apply to Business Associate under this BAA. Current subprocessors:

• Deepgram, Inc. — audio transcription (ASR). BAA in place.
• Google LLC — AI language model for SOAP generation (Gemini). BAA in place.
• Anthropic, PBC — AI language model fallback (Claude). BAA in place.

Business Associate will notify Covered Entity via email at least 30 days before engaging a new subprocessor that handles PHI. Covered Entity may object within 15 days of notification.

A.5 Breach Notification

Business Associate shall report to Covered Entity any Breach of Unsecured PHI (as defined in 45 CFR 164.402) within 10 business days of discovery. The notification shall include:

• Identification of affected individuals (to the extent known)
• Description of the types of PHI involved
• Description of what Business Associate is doing to investigate, mitigate, and prevent recurrence
• Contact information for further inquiries

Business Associate shall cooperate with Covered Entity's breach notification obligations under 45 CFR 164.404-408 and HITECH Act Section 13402.

A.6 Individual Rights

Business Associate shall, within 15 business days of a request, make PHI available to Covered Entity as needed to fulfill individual rights requests under HIPAA, including:

• Right of access — provide copies of PHI (45 CFR 164.524)
• Right to amendment — make amendments to PHI (45 CFR 164.526)
• Right to accounting of disclosures — provide records of PHI disclosures (45 CFR 164.528)
• Right to restriction — accommodate agreed-upon restrictions on use/disclosure (45 CFR 164.522)

A.7 HHS Access

Business Associate shall make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary of the U.S. Department of Health and Human Services for purposes of determining compliance.

A.8 Minimum Necessary

Business Associate shall limit its use, disclosure, and requests for PHI to the minimum necessary to accomplish the intended purpose, consistent with 45 CFR 164.502(b).

A.9 Return or Destruction of PHI

Upon termination of the Terms of Service, Business Associate shall:

• Provide a 30-day data export window as described in Section 19
• After the export window, return or destroy all PHI in its possession, including copies in backups (within 7 days of active data deletion)
• If return or destruction is infeasible, extend the protections of this BAA to any retained PHI and limit further use to the purposes that make return or destruction infeasible

A.10 Term and Termination

This BAA is effective as of the date you accept the Terms of Service and remains in effect until all PHI is returned or destroyed. Either party may terminate this BAA upon 30 days' written notice of a material breach, if the breach is not cured within the notice period.

---

Last updated: March 28, 2026