RecapMedica — Terms of Use

Effective Date: 20.08.2025 Legal Entity: NOTRINO RESEARCH BİLGİ TEKNOLOJİLERİ ARAŞTIRMA GELİŞTİRME LİMİTED ŞİRKETİ (“Notrino”, “we”, “our”, “us”) Registered Address: ÜNİVERSİTELER MAH. İHSAN DOĞRAMACI BLV. ARGE VE EĞİTİM MERKEZİ NO: 13 ÇANKAYA/ ANKARA Service Name: RecapMedica (the “Service” or “Services”)

These Terms of Use (the “Terms”) form a binding agreement between Notrino and the customer identified on an order form, proposal, or online checkout (the “Customer”) governing Customer’s access to and use of the Services. Each order form, proposal, purchase order, SOW, or similar document that references these Terms is an “Order Form.” If there is a conflict between these Terms and an Order Form, the Order Form controls only for that Order Form.

Important: The Services are not a medical device, do not provide medical advice, and do not replace the clinical judgment of licensed professionals. Customer remains solely responsible for all clinical decisions and for obtaining all consents required by applicable law.

1) Definitions

  • Affiliate means any entity controlled by, controlling, or under common control with a party, where control means direct or indirect ownership of more than 50% of voting securities or the power to direct management.
  • Customer Data means audio/video recordings, transcripts, content, and other data uploaded to or generated through the Services by or for Customer (excluding Notrino Technology).
  • Documentation means online help files, user manuals, and technical documentation we make available for the Services.
  • EHR means any electronic health record system used by Customer to upload or store outputs from the Services.
  • Fees means the fees specified in an Order Form.
  • Notrino Technology means the Services, software, algorithms, models, APIs, SDKs, user interfaces, Documentation, and all related IP, materials, and know‑how we provide.
  • PHI means “protected health information” as defined under HIPAA (45 C.F.R. §160.103), when applicable.
  • Recordings means audio and/or video captured or uploaded by Customer and any transcriptions or derivatives thereof.
  • Supplemental Services means configuration, implementation, integration, training, or other professional services identified in an Order Form.
  • Usage Data means telemetry, logs, and other data generated by the operation of the Services that does not identify an individual.
  • User means an employee, contractor, or agent of Customer authorized to access the Services.
  • De‑Identified Data means data derived from Customer Data that cannot reasonably identify an individual and meets legal de‑identification standards where applicable (e.g., HIPAA, GDPR/KVKK pseudonymization/de‑identification guidance).

2) Access to the Services; Licenses

2.1 Rights Granted. During the applicable Order Form term and subject to these Terms, Notrino grants Customer a non‑exclusive, non‑transferable (except as permitted in §15.5), non‑sublicensable, revocable right to access and use the Services and to use the Documentation for Customer’s internal business purposes, in accordance with any usage limits stated in the Order Form.

2.2 Affiliate Use. Affiliates may use the Services if identified in an Order Form. Customer remains responsible for its Affiliates’ and Users’ compliance.

2.3 Software & Integrations. If we provide software, connectors, or utilities to facilitate EHR or other integrations, Customer may install and use them solely to enable the Services during the Order Form term.

2.4 Restrictions. Customer shall not, and shall not permit any third party to: (a) reverse engineer, decompile, or attempt to derive source code or underlying ideas; (b) use the Services to build a competing product; (c) rent, lease, sell, sublicense, or otherwise transfer rights; (d) remove proprietary notices; (e) interfere with security or access controls; (f) exceed agreed usage limits; or (g) use the Services except as permitted in these Terms and the Documentation.

2.5 Suspension. We may temporarily suspend access if we reasonably believe Customer or a User is violating these Terms, provided we use commercially reasonable efforts to limit suspension in scope and duration.

3) Customer Obligations

3.1 Accounts & Security. Customer is responsible for Users’ accounts and for configuring appropriate access controls.

3.2 Consents & Notices. Customer is solely responsible for providing any notices and obtaining all consents required under applicable law (e.g., patient consent to recording, data processing consents under KVKK/GDPR, HIPAA authorizations if applicable, and local audio/video recording laws). Customer represents and warrants that it has provided all required notices and obtained all required consents for Customer Data to be processed by the Services.

3.3 Recording & Clinical Use. Customer acknowledges that the Services facilitate transcription and summarization of clinical encounters but do not replace medical examination, consultation, or record review. Customer must verify the accuracy of all outputs prior to clinical use or EHR upload and remains solely responsible for all diagnoses, treatment decisions, billing/coding, and documentation.

3.4 EHR Access. Customer is responsible for any licenses, fees, and permissions needed for EHR integrations and for enabling our access solely as required to provide the Services.

3.5 Systems. Customer is responsible for the equipment, networks, and connectivity necessary to access the Services.

3.6 Cooperation. Customer will provide reasonable cooperation to facilitate implementation, integrations, and Support; timelines are extended to reflect Customer-caused delays.

4) Data; Privacy; Security

4.1 Customer Data License. Customer grants Notrino a worldwide, royalty‑free license to host, store, process, transmit, display, and create derivative works from Customer Data as necessary to (a) provide and support the Services; (b) comply with law; and (c) maintain and improve the Services, models, and underlying technologies, including via machine learning. Where law requires consent for such improvement use (e.g., GDPR/KVKK), we will rely on Customer’s lawful basis and instructions as documented in the Data Processing Addendum (Annex A) and/or obtain additional consents as required.

4.2 De‑Identified & Aggregated Data. We may create De‑Identified Data from Customer Data. During and after the Term, we may use De‑Identified Data and Usage Data for lawful purposes including analytics, benchmarking, and improving the Services. We will not attempt to re‑identify De‑Identified Data.

4.3 Privacy & DPA/BAA. Our processing of personal data is further governed by the Data Processing Addendum (Annex A) reflecting KVKK/GDPR requirements where applicable, and by a Business Associate Agreement (Annex B) when Customer is a HIPAA Covered Entity or Business Associate and the Services involve PHI in the United States. In case of conflict regarding PHI, the BAA controls; for EU/UK/Türkiye personal data, the DPA controls.

4.4 Security. We maintain administrative, physical, and technical safeguards designed to protect Customer Data, including encryption in transit and at rest, access controls, logging, and vulnerability management. We will notify Customer without undue delay of any personal‑data breach affecting Customer Data as required by applicable law and the DPA/BAA.

4.5 Subprocessors. We may engage subprocessors to support the Services. We will impose data‑protection obligations on subprocessors substantially similar to those in these Terms and Annex A/B and will remain liable for their performance.

5) Fees; Payment; Taxes; Audit

5.1 Fees & Invoicing. Customer will pay the Fees stated in the Order Form. Unless otherwise stated, Fees are invoiced monthly in TRY (₺) or another currency specified in the Order Form and are non‑cancelable and non‑refundable.

5.2 Payment Terms. Invoices are due 30 days from date of invoice. Late amounts may accrue interest at the lesser of 1.5% per month or the maximum permitted by law. Customer will reimburse reasonable travel expenses pre‑approved in writing for on‑site Supplemental Services.

5.3 Taxes. Fees are exclusive of taxes. Customer is responsible for VAT/KDV, sales, use, and similar taxes (excluding taxes on our net income).

5.4 Audit. During the Term, upon 7 business days’ written notice, we may audit Customer’s records reasonably necessary to verify compliance with usage limits and payment obligations. If an audit reveals underpayment exceeding 5% of amounts due for the audited period, Customer will pay the shortfall plus reasonable audit costs.

6) Term; Termination; Effect

6.1 Term. These Terms start on the effective date of the initial Order Form and continue so long as any Order Form remains in effect.

6.2 Renewal. Each Order Form renews automatically for successive terms equal to the initial Order Form term unless either party gives at least 30 days’ notice of non‑renewal.

6.3 Termination for Cause. Either party may terminate these Terms or an affected Order Form for material breach not cured within 30 days (10 days for payment breaches) of written notice. Either party may terminate if no Order Forms are active.

6.4 Effect. Upon termination or expiration: (a) Customer’s license to access the Services ends; (b) each party will return or destroy the other’s Confidential Information in its possession, subject to standard backups; and (c) Customer will pay all outstanding Fees.

6.5 Data Export. For 30 days after termination, upon request and if all amounts due are paid, we will make available to Customer a commercially reasonable export of Customer Data in our standard format.

7) Warranties; Disclaimers

7.1 Mutual Authority. Each party represents that it has full power and authority to enter into and perform under these Terms.

7.2 Service Warranty. We will provide the Services in a professional and workmanlike manner consistent with industry standards. Customer’s exclusive remedy for breach of this warranty is for us to use commercially reasonable efforts to correct non‑conformities.

7.3 Customer Warranties. Customer represents and warrants that: (a) it has obtained all notices and consents required to process Customer Data via the Services; (b) its use of the Services will comply with law and the Documentation; and (c) it will not submit infringing, illegal, or harmful content.

7.4 General Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN §7.2, THE SERVICES AND ANY OUTPUTS (INCLUDING TRANSCRIPTS, SUMMARIES, OR CODING SUGGESTIONS) ARE PROVIDED “AS IS.” WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON‑INFRINGEMENT, AND THAT THE SERVICES WILL BE ERROR‑FREE OR UNINTERRUPTED. CUSTOMER IS SOLELY RESPONSIBLE FOR VERIFYING THE ACCURACY AND APPROPRIATENESS OF ALL OUTPUTS PRIOR TO ANY CLINICAL, CODING, OR BILLING USE.

7.5 Medical Disclaimer. WE DO NOT PRACTICE MEDICINE, PROVIDE MEDICAL ADVICE, OR MAKE CLINICAL, CODING, OR BILLING DECISIONS. THE SERVICES DO NOT REPLACE CLINICAL CARE OR PROFESSIONAL JUDGMENT. CUSTOMER REMAINS RESPONSIBLE FOR ALL PATIENT CARE, DOCUMENTATION, CODING, BILLING, AND COMPLIANCE.

8) Limitation of Liability

8.1 Exclusion of Damages. NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOST PROFITS, REVENUE, DATA, OR GOODWILL, EVEN IF ADVISED OF THE POSSIBILITY.

8.2 Cap. EXCEPT FOR CUSTOMER’S PAYMENT OBLIGATIONS, A PARTY’S BREACH OF CONFIDENTIALITY OR DATA‑PROTECTION OBLIGATIONS (INCLUDING UNDER THE DPA/BAA), OR A PARTY’S WILLFUL MISCONDUCT OR FRAUD, EACH PARTY’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATING TO THESE TERMS WILL NOT EXCEED THE AMOUNTS PAID OR PAYABLE BY CUSTOMER FOR THE SERVICES IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO LIABILITY.

8.3 Fundamental Basis. The limitations in this §8 apply to the maximum extent permitted by law, regardless of theory of liability or failure of essential purpose of any remedy.

9) Indemnification

9.1 By Notrino. We will defend and indemnify Customer against third‑party claims alleging that the Services, as provided by us and used by Customer in accordance with these Terms, infringe a valid intellectual‑property right, and will pay resulting damages and reasonable attorneys’ fees finally awarded, provided Customer: (a) promptly notifies us; (b) gives us sole control of the defense and settlement; and (c) cooperates as reasonably requested. We have no obligation for claims arising from: (i) Customer Data; (ii) combinations with items not provided by us; (iii) use not in accordance with the Documentation; or (iv) modifications not made by us. If the Services are enjoined or likely to be, we may: procure rights, modify the Services, or terminate the affected Order Form and refund any prepaid, unused Fees.

9.2 By Customer. Customer will defend and indemnify Notrino against claims arising from (a) Customer’s breach of §§3, 4, or 7.3; (b) Customer’s clinical, coding, or billing decisions or patient care; or (c) Customer Data or use of the Services in violation of law or these Terms.

10) Confidentiality

10.1 Definition.Confidential Information” means non‑public information disclosed by a party that is designated as confidential or should reasonably be understood to be confidential, including Customer Data, Notrino Technology, product roadmaps, pricing, security reports, and business information. Confidential Information does not include information that is public without breach, independently developed without use of the other party’s information, or lawfully obtained from a third party without duty of confidentiality.

10.2 Use & Protection. The receiving party will use Confidential Information only to perform under these Terms, will protect it with at least the same care used for its own similar information (and no less than reasonable care), and may disclose it to its personnel and subprocessors who have a need to know and are bound by confidentiality obligations.

10.3 Compelled Disclosure. The receiving party may disclose Confidential Information to the extent required by law or court order, provided it gives prompt notice (if legally permitted) and cooperates in seeking protective treatment.

10.4 PHI and Personal Data. Where applicable, PHI and personal data are additionally governed by Annex A (DPA) and Annex B (BAA).

11) Publicity

With Customer’s prior written consent (email sufficient), we may list Customer’s name and logo on our website and marketing materials. Any use of Customer’s marks will comply with Customer’s branding guidelines.

12) Compliance; Use Restrictions

Customer will not use the Services to store or transmit: (a) content that is unlawful, infringing, or harmful; (b) malicious code; or (c) data subject to export controls where Customer lacks required authorizations. Customer will comply with all applicable laws (including, as applicable, KVKK (Law No. 6698), GDPR, HIPAA, local audio/video recording laws, and medical confidentiality obligations).

13) Service Changes; Availability

We may modify features or functionalities, provided no material reduction in core functionality during an active Order Form term without providing substantially equivalent alternatives. We will use commercially reasonable efforts to provide the Services with high availability, excluding scheduled maintenance and factors outside our reasonable control.

14) Force Majeure

Neither party is liable for delay or failure to perform due to events beyond its reasonable control (including labor disputes, power failures, cyberattacks, epidemics, acts of government, or natural disasters). Payment obligations are excluded.

15) General

15.1 Governing Law & Venue (Türkiye). These Terms and any disputes arising out of or related hereto are governed by the laws of the Republic of Türkiye, excluding conflict‑of‑law rules. The courts and enforcement offices of Ankara shall have exclusive jurisdiction and venue.

Alternate Jurisdiction Addendum (if expressly agreed in an Order Form): For U.S. Customers receiving Services involving PHI, the governing law may be the laws of a specified U.S. state, with venue in its specified courts, and Annex B (BAA) will apply.

15.2 Export. Each party will comply with applicable export and sanctions laws.

15.3 Entire Agreement. These Terms, together with the Order Forms and Annexes, constitute the entire agreement and supersede prior agreements on the subject.

15.4 Amendments. Changes must be in writing and signed by both parties, except that we may update the Documentation and Security Practices from time to time.

15.5 Assignment. Neither party may assign these Terms without the other’s written consent, except to a successor in interest in connection with a merger, acquisition, or sale of substantially all assets, provided the assignee assumes all obligations.

15.6 Severability; Waiver. If any provision is unenforceable, it will be modified to the minimum extent necessary; the remainder remains in effect. Failure to enforce is not a waiver.

15.7 Notices. Legal notices to Notrino must be sent to the address first written above, Attn: Legal, and by email to legal@notrino.com (or as updated in the Documentation). Notices to Customer will be sent to the contact on the Order Form.

15.8 Relationship. The parties are independent contractors; no agency, partnership, or joint venture is created.

15.9 Counterparts; E‑Signatures. Order Forms may be executed electronically and in counterparts.

Annex A — Data Processing Addendum (KVKK/GDPR)

This Annex A applies where Notrino processes personal data on behalf of Customer subject to KVKK, GDPR, or similar data‑protection laws.

A1. Roles. Customer is data controller; Notrino is data processor. Customer instructs Notrino to process personal data to provide, support, and improve the Services (including quality, safety, and model improvement) and as further documented in these Terms and the Order Form.

A2. Categories & Purpose. Data subjects may include patients, clinicians, and staff. Personal data may include identification, contact details, audio/video, transcripts, clinical context, metadata, and usage logs. Processing purposes: provision of the Services; security; support; analytics; service improvement (where permitted by law and Customer’s instructions); compliance with law.

A3. Lawful Basis & Consents. Customer is responsible for establishing a lawful basis and providing required notices/consents to data subjects. Where consent is the basis, Customer represents it has obtained and documented valid consent.

A4. Security. Notrino implements appropriate technical and organisational measures (encryption in transit/at rest; access controls; least‑privilege; logging; vulnerability management; incident response). On request, Notrino will provide a summary of security practices.

A5. Subprocessing. Notrino may appoint subprocessors, including cloud providers and transcription components, subject to written agreements imposing data‑protection obligations no less protective than this Annex. Customer may subscribe to updates on subprocessors as described in the Documentation and may object on reasonable grounds.

A6. International Transfers. Where personal data is transferred outside Türkiye/EU/UK, Notrino will implement appropriate safeguards (e.g., Standard Contractual Clauses, UK IDTA/Addendum, or KVKK‑compliant mechanisms). Data‑transfer details will be provided upon request.

A7. Assistance. Taking into account the nature of processing, Notrino will assist Customer with data‑subject requests and with security‑incident notifications, DPIAs, and consultations with authorities, as reasonably necessary and at Customer’s expense if substantial effort is required.

A8. Breach Notification. Notrino will notify Customer without undue delay of a personal‑data breach affecting Customer Data and provide information reasonably required to meet Customer’s obligations.

A9. Return/Deletion. Upon termination, at Customer’s choice, Notrino will return or delete personal data, unless retention is required by law. Backups will be overwritten on standard cycles.

A10. Audits. Notrino will make available information necessary to demonstrate compliance and, upon reasonable prior notice, allow audits by Customer or a mutually agreed independent auditor up to once per year (and after a breach), subject to confidentiality and safety restrictions.

A11. Processing of Special Categories. Where audio/video contains health data, Notrino will apply enhanced controls commensurate with risk and process such data only as instructed by Customer.

Annex B — Business Associate Agreement (HIPAA) (High‑Level Framework)

Note: Annex B applies only when Customer is a HIPAA Covered Entity or Business Associate and the Services involve PHI in the United States. A detailed BAA may be executed between the parties. Key principles:

  • Permitted Uses/Disclosures. Provide the Services; management/administration; legal compliance; de‑identification per 45 C.F.R. §164.514(b).
  • Safeguards. Administrative, physical, and technical safeguards; encryption; workforce training.
  • Subcontractors. Bound by written agreements with HIPAA‑equivalent obligations.
  • Breach/Security Incident. Prompt notification without undue delay, content per 45 C.F.R. §164.410.
  • Individuals’ Rights. Support access, amendment, and accounting requests via Customer.
  • Return/Destruction. Upon termination, return or destroy PHI; if infeasible, continue protections.
  • Miscellaneous. Incorporation of mandatory provisions of HIPAA/HITECH; conflict with Terms resolved in favor of BAA.

Exhibit 1 — Service Description (Informative)

RecapMedica is an ambient clinical documentation and coding‑assist platform that converts clinician–patient conversations into structured notes and suggestions. Typical outputs include encounter summaries and draft notes adapted to specialty‑specific templates. RecapMedica is not a medical device, diagnosis, or treatment system.

Exhibit 2 — Security Overview (Informative)

  • Encryption in transit (TLS) and at rest.
  • Access control with MFA and least privilege.
  • Secure software development lifecycle; code review; vulnerability scanning.
  • Logging/monitoring; incident response; vendor risk management.
  • Regular backups and tested restoration procedures.

Contact NOTRINO RESEARCH BİLGİ TEKNOLOJİLERİ ARAŞTIRMA GELİŞTİRME LİMİTED ŞİRKETİ ÜNİVERSİTELER MAH. İHSAN DOĞRAMACI BLV. ARGE VE EĞİTİM MERKEZİ NO: 13 ÇANKAYA/ ANKARA Attn: Legal Email: legal@notrino.com

Last updated: 20.08.2025