Legal

Terms of Service

Terms for Profound Health’s integrated care platform.

Last updated: November 5, 2025

1. Introduction & Agreement

These Terms of Service (the “Terms”) govern access to and use of the Profound Health integrated care platform, portals, APIs, websites, and related services (collectively, the “Services”) provided by Profound Health Institute LLC (“Profound Health,” “we,” “us,” or “our”).

By accessing or using the Services, you represent that you are authorized to act on behalf of, or are employed or contracted by, a healthcare organization, practice, health system, or other entity that has a relationship with Profound Health (a “Partner”), and you agree to be bound by these Terms. If you do not agree, do not use the Services.

2. Who We Are and What We Do

Profound Health provides a virtual, turnkey integrated care platform that supports Collaborative Care (CoCM) and related care programs. The Services include partner-facing portals, provider tools, communications, analytics, and EHR interoperability capabilities.

Profound Health is not a medical group, provider, or pharmacy and does not practice medicine, provide diagnosis or treatment, or submit claims. Clinical decisions are made by licensed professionals. Any AI features generate drafts only and require human review and approval.

  • Partners remain the billing entity and submitter of record.
  • Warm handoffs, consults, and documentation are facilitated but not a substitute for clinical judgment.
  • Emergency use is prohibited; call 911 or local emergency services in an emergency.

3. HIPAA Business Associate Relationship

To the extent Profound Health receives, creates, maintains, or transmits protected health information (“PHI”) on behalf of a Partner that is a HIPAA Covered Entity, we act as the Partner’s Business Associate. The parties will execute a Business Associate Agreement (“BAA”), which governs PHI processing and prevails over conflicting provisions in these Terms with respect to PHI.

  • Minimum necessary: We design Services to handle the minimum necessary PHI and avoid PHI in logs or notifications.
  • Subprocessors: We engage subcontractors and service providers under written agreements and, where applicable, BAAs.
  • Breach notice: We will notify the Partner of a breach of unsecured PHI as required by law and the BAA.
  • Partner responsibilities: Partners must ensure lawful authority to disclose PHI to Profound Health and to direct the exchange with EHRs and other systems.

4. Accounts, Access, and Eligibility

Use of the Services requires an authenticated account. You must be an authorized user of a Partner and use the Services only within your assigned organizational scope. You must keep credentials confidential and promptly report suspected compromise.

  • Provide accurate account information and keep it current.
  • Do not share accounts or bypass access controls or row-level security.
  • Do not use the Services for personal, consumer, or non-Partner purposes.

5. Acceptable Use

You will use the Services only for lawful, intended purposes consistent with these Terms and applicable policies.

  • No unauthorized access, vulnerability scanning, scraping, or reverse engineering.
  • No uploading of malware or interference with the Services or third-party systems.
  • No sending PHI through insecure channels or including PHI in logs, tickets, or support emails.
  • Respect tenant boundaries; never attempt to access data of other organizations.

6. EHR Connectivity and Data Exchange

The platform supports EHR integration via Particle Health, direct FHIR, and fallback SFTP/document bundles, as configured per Partner. We implement idempotent, auditable data flows with outbox/dispatcher patterns and maintain access controls and audit trails.

Partners are responsible for ensuring EHR connectivity, credentials, and any required vendor approvals. Profound Health is not responsible for EHR downtime or vendor-imposed limitations.

  • You authorize Profound Health to exchange data with your EHR and related systems to deliver the Services.
  • Write-back may include encounters, observations (e.g., PHQ‑9/GAD‑7), tasks, and documents, subject to Partner configuration.
  • If structured write-back is unavailable, document summaries may be delivered instead.

7. Communications (SMS, Email, Voice, Push)

The Services may send SMS, email, voice, and push notifications via providers such as Twilio and SendGrid. We avoid PHI in message content. Message frequency varies and message/data rates may apply. Recipients can opt out of SMS as provided in the message.

8. Billing and Payments

Partners may receive monthly invoices and remit payment via Stripe (ACH or card) using hosted payment pages. Profound Health does not store card PANs; payment instruments are handled by Stripe. Disputes must be raised promptly in writing.

  • Invoices are issued per organization and reflect agreed commercial terms.
  • Stripe webhooks update invoice and payment status records; the hosted invoice URL is surfaced for payment.
  • If autopay is enabled, you authorize Profound Health to initiate charges to the payment method on file.

9. Security and Confidentiality

We implement administrative, technical, and physical safeguards appropriate to the nature of the data, including role- and tenant‑scoped access controls (RLS), encryption, secrets management, audit logging, and least‑privilege service patterns. No security measure is perfect, and we cannot guarantee absolute security.

  • Edge Functions require authorization and enforce access checks; PHI is not returned via open CORS.
  • Operational logs and notifications are designed to exclude PHI; identifiers are minimized.
  • Org‑scoped credentials are encrypted and access is auditable.

10. Service Availability and Support

We aim for high availability with safe retries and backoff. Maintenance and updates may occur. Certain features (e.g., EHR integrations, notifications) depend on third‑party providers and network connectivity, which may affect availability.

11. Beta Features and AI

From time to time, we may make beta or preview features available, including AI‑assisted drafting. Such features are provided “as is” and may be subject to additional terms. AI outputs are drafts only and must be reviewed and approved by a human. Profound Health does not use PHI to train general‑purpose models unless expressly permitted under a BAA and enabled by the Partner.

12. Intellectual Property and Data Ownership

Profound Health and its licensors retain all right, title, and interest in and to the Services and related IP. Subject to these Terms, we grant authorized users a limited, non‑exclusive, non‑transferable right to use the Services during the Partner’s subscription.

Partners own their data, including PHI and EHR‑sourced records. We process such data solely to provide and improve the Services, as permitted by law, these Terms, and the BAA.

13. Term, Suspension, and Termination

We may suspend or terminate access for material breach, security risk, non‑payment, fraud, or unlawful use. Upon termination, we will disable access and handle data consistent with the BAA, applicable law, and any written data return or deletion instructions agreed with the Partner.

14. Disclaimers

THE SERVICES ARE PROVIDED “AS IS” AND “AS AVAILABLE.” TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON‑INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE ERROR‑FREE OR UNINTERRUPTED.

15. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER PROFOUND HEALTH NOR ITS AFFILIATES OR SUPPLIERS WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, COVER, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, DATA, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY. OUR AGGREGATE LIABILITY ARISING FROM OR RELATED TO THE SERVICES WILL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY THE PARTNER FOR THE SIX (6) MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

16. Indemnification

Partner will defend, indemnify, and hold harmless Profound Health from and against claims arising from Partner’s or its users’ unlawful use of the Services, violation of these Terms, or misuse of data, except to the extent caused by Profound Health’s breach of these Terms or the BAA.

17. Third‑Party Services and Subprocessors

We use third‑party providers to deliver the Services. Typical providers include Supabase (managed Postgres and Edge Functions), Particle Health (EHR connectivity), Stripe (payments), Twilio (SMS/voice), SendGrid (email), LiveKit (video), Infisical (secrets management), and Honeycomb (observability). We may update this list from time to time. Where required, we maintain BAAs or equivalent data protection agreements with such providers.

18. Governing Law and Venue

These Terms are governed by the laws of the State of Texas, without regard to conflicts of law rules. The parties consent to exclusive jurisdiction and venue in the state or federal courts located in Brazos County, Texas, for any dispute not subject to a mandatory arbitration agreement executed by the parties.

19. Changes to These Terms

We may update these Terms from time to time. Material changes will be posted to this page with an updated effective date. Your continued use after changes become effective constitutes acceptance.

20. Contact Information

Profound Health Institute LLC

3608 East 29th Street, Suite 204, Bryan, TX 77802

+1‑512‑270‑7078

Privacy: [email protected] | Security: [email protected]

For PHI matters, the BAA controls in the event of any conflict with these Terms.

Footer

© 2025 Profound Health Institute.HIPAA Compliant - BAA Available