Our Terms of Service

Effective Date: 3/1/26

Last updated: 3/1/26

Company: Evera, LLC

Service: Evera Health App 

SECTION 1: Introduction

  • These Terms of Service (“Terms”) govern your access to and use of the Evera Health App (the “Services”) offered by Evera (“we,” “us,” or “our”). By accessing or using the Services, you agree to be bound by these Terms and our Privacy Policy. If you do not agree, do not use the Services.

  • The Privacy Policy is incorporated by reference. Any capitalized terms not defined in these Terms have the meanings given in the Privacy Policy.

  • If you are acting on behalf of an organization, you represent that you are authorized to bind that organization to these Terms.

SECTION 2: Definitions

  • “Authorized User” means you or your employees, contractors, or other personnel authorized to use the Services on your behalf.

  • “Content” means any data, text, images, audio, video, or other materials you or others upload, submit, or generate via the Services.

  • “Personal Data” has the meaning given in the Privacy Policy.

  • “PHI” means Protected Health Information as defined by HIPAA.

  • “SPI” means Sensitive Personal Information under applicable state privacy laws (including CPRA).

  • “Subprocessor” means any third party that processes Personal Data on our behalf.

  • “Service” or “Services” means the Evera Health App and related software, platforms, interfaces, APIs, and documentation.

  • “You” means the person or entity that uses the Services or accepts these Terms.

SECTION 3: Scope and Acceptance

  • These Terms apply to all users of the Services, including individuals, businesses, and government or academic entities, to the extent permitted by law.

  • If you have a signed Data Processing Agreement (DPA) or Business Associate Agreement (BAA) with us, that agreement will govern to the extent of any conflict with these Terms.

SECTION 4: Access, Accounts, and Eligibility

  • You may need to create an account to use certain features. You must provide accurate information and keep credentials secure.

  • You are responsible for all activity that occurs under your account and for ensuring that Authorized Users comply with these Terms.

  • You must be at least the minimum legal age to form a binding contract in your jurisdiction and meet any eligibility requirements described in the product documentation.

SECTION 5: Key Services and Usage

  • Description of Services: The Evera Health App provides health-record storage, organization, search, and related features as described in the product documentation.

  • Acceptable Use: You agree not to misuse the Services, attempt to compromise security, infringe third-party rights, or use the Services to engage in unlawful activities.

  • Restrictions: You will not reverse engineer, decompile, or modify the core components of the Services, except as permitted by law.

SECTION 6: Privacy and Data Processing

  • The Privacy Policy governs how we collect, use, share, and retain Personal Data. This Terms document complements that policy.

  • Data Minimization: We process only the Personal Data necessary to provide the Services, consistent with the purposes described in the Privacy Policy.

  • Roles: You may be a data controller for your Content; we act as a data processor or service provider for Personal Data as described in the DPA/BAA (if applicable).

SECTION : Data Security and Processing Details

  • Data in Transit: All data is transmitted using TLS (or equivalent) protections.

  • Data at Rest: Data is encrypted at rest at the provider level; encryption keys are managed as described in the Security Appendix.

  • Processing Location: Processing may occur on servers operated by our subprocessors, including server-side AI processing by Google Gemini. We document these processing locations in Appendix A.

  • Access Controls: Access to Personal Data is restricted to personnel with a legitimate need to know, governed by role-based access controls and least-privilege principles.

  • Logging and Monitoring: We maintain logs for security and operational purposes, in compliance with applicable law and the Privacy Policy.

  • Incident Response: We maintain an incident response program and will notify you of any security incidents as required by law and the Privacy Policy.

SECTION 8: HIPAA and PHI

  • HIPAA Status: The Services are not intended for use by Covered Entities or Business Associates as defined under the Health Insurance Portability and Accountability Act (“HIPAA”). Evera does not represent that the Services are HIPAA-compliant and does not enter into Business Associate Agreements for the consumer version of the Services.

  • You are solely responsible for determining whether your use of the Services is subject to HIPAA or any other healthcare regulation.

  • You are solely responsible for ensuring that PHI is only provided to the Services in compliance with HIPAA and your organizational policies. 

SECTION 9: No Medical Advice; No Provider-Patient Relationship

  • The Services are a personal health record organization tool only. Evera is not a healthcare provider and does not provide medical advice, diagnosis, treatment, or clinical services.

  • Nothing in the Services, including AI-generated summaries, reminders, preventative care alerts, or search results, constitutes medical advice.

  • You acknowledge that you are solely responsible for all medical decisions. Always consult a qualified healthcare professional for medical advice. In an emergency, call 911 or your local emergency services immediately.

  • No provider-patient relationship is created through your use of the Services.

SECTION 10: Subprocessors and Third-Party Services

  • We may engage Subprocessors to process Personal Data on our behalf. A current list of Subprocessors is provided in Appendix C.

  • We require Subprocessors to provide at least the same level of data protection as described in the Privacy Policy and applicable DPA/BAA, and we will notify you of material changes to the list of Subprocessors as required by law.

SECTION 11: Intellectual Property

  • Ownership: All rights, title, and interest in the Services, including software, interfaces, logos, and documentation, are owned by Evera or its licensors.

  • License to You: We grant you a limited, non-exclusive, non-transferable license to use the Services in accordance with these Terms.

  • Feedback: If you provide feedback or suggestions, you grant us a non-exclusive license to use and incorporate them.

SECTION 12: Fees, Billing, and Payment Terms 

  • Fees: You will pay all applicable fees described during sign-up or in the product documentation.

  • Billing: Billing terms, renewal, refunds, and payment methods will be described in the Pricing Schedule or an attached amendment.

  • Taxes: You are responsible for taxes, duties, and levies arising from your use of the Services.

SECTION 13: Disclaimers, Limitations of Liability, and Remedies

  • No Warranties: The Services are provided “as is” and “as available,” without warranties of any kind.

  • Limitation of Liability: To the maximum extent permitted by law, the aggregate liability arising out of or related to these Terms is limited to the amount paid for the Services in the twelve months preceding the claim (or a statutory minimum if no fees were paid).

  • Exclusions: We exclude indirect, incidental, consequential, and special damages to the extent allowed by law.

SECTION 14: Indemnification

  • You agree to defend, indemnify, and hold us harmless from claims arising from your use of the Services, Content, or violations of law, and from any breach of these Terms by you.

SECTION 15: Data Retention and Deletion

  • Retention: We retain Personal Data as described in the Privacy Policy and any applicable DPA/BAA.

  • Deletion: Upon termination or at your request, we will delete Personal Data in accordance with the terms in the Privacy Policy and the DPA/BAA, subject to legal and operational obligations.

SECTION 16: Your Rights under CPRA/CCPA and COPPA

  • CPRA/CCPA: Residents of California may have rights to access, deletion, correction, and opt-out of certain data processing. We will respond in accordance with the Privacy Policy and applicable law.

  • COPPA: If services are used by or on behalf of children, we comply with COPPA requirements, and you must provide parental consent where required.

  • Exercise of Rights: You may exercise rights by contacting us using the channels described in the Privacy Policy (and in Appendix B for regulatory references). We will provide responses in accordance with law.

SECTION 17: Government Access and Legal Process

  • We may disclose Personal Data in response to lawful requests by government authorities or in connection with legal proceedings, subject to applicable law and the Privacy Policy.

  • Notification: We will, where legally permissible, notify you of such requests or provide information about the scope of data disclosed.

SECTION 18: International Use and Data Transfers

  • You acknowledge that data may be transferred to and processed in jurisdictions outside your home jurisdiction, including countries with varying data protection laws. We implement appropriate safeguards as described in Appendix B (Regulatory References) and the Privacy Policy.

SECTION 19: Modifications to Terms

  • We may modify these Terms from time to time. Material changes will be communicated in accordance with applicable law and the Privacy Policy. Your continued use of the Services after changes become effective constitutes acceptance.

SECTION 20: Termination

  • You may terminate your use of the Services at any time in accordance with the procedures described in the product documentation.

  • We may suspend or terminate access for violations, non-payment, or other material breaches, with notice as required by law and the Privacy Policy.

SECTION 21: Governing Law and Dispute Resolution

  • Governing Law: These Terms are governed by the laws of the State of Georgia, without regard to its conflict of laws provisions.

  • Any claim arising out of or relating to the Services must be brought within one (1) year after the cause of action accrues, or it is permanently barred.

  • Agreement to Arbitrate: You and Evera agree that any dispute, claim, or controversy arising out of or relating to these Terms, the Services, or your relationship with Evera (“Dispute”) will be resolved exclusively through binding individual arbitration, except as expressly provided below. This arbitration agreement is governed by the Federal Arbitration Act, 9 U.S.C. §§ 1–16.

  • Informal Resolution Requirement: Before initiating arbitration, you must send written notice of the Dispute to support@everahealth.app describing the nature of the claim and the relief sought. The parties agree to attempt informal resolution for at least thirty (30) days before commencing arbitration.

  • Arbitration Administrator and Rules: Arbitration will be administered by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules then in effect. If AAA is unavailable, the parties will mutually select an alternative arbitration provider.

  • Arbitration Procedure:
    · The arbitration may be conducted in person, by telephone, by video conference, or based on written submissions.
    · If the amount in controversy is $10,000 or less, the arbitration will be conducted solely on written submissions unless either party requests a hearing.
    · The arbitrator will apply applicable substantive law and may award any relief available in court.
    · The arbitrator’s decision shall be final and binding and may be entered in any court of competent jurisdiction.

  • Fees and Costs: Arbitration fees and costs will be allocated in accordance with the AAA Consumer Arbitration Rules. Each party will bear its own attorneys’ fees unless the arbitrator determines that a claim was frivolous or brought in bad faith, or unless applicable law provides otherwise.

  • Class Action and Jury Trial Waiver:
    · You and Evera agree that all Disputes must be brought in an individual capacity and not as a plaintiff or class member in any purported class, collective, consolidated, private attorney general, or representative action.
    · The arbitrator shall have no authority to consolidate claims or conduct class arbitration.
    · You and Evera waive any right to a jury trial.
    · If a court determines that the class action waiver is unenforceable as to a particular claim, that claim must proceed in court and not in arbitration.

  • Exceptions to Arbitration: This arbitration agreement does not apply to:
    · Claims that may be brought in small claims court;
    · Claims seeking injunctive or equitable relief to protect intellectual property or confidential information;
    · Claims that applicable law prohibits from being subject to arbitration.

  • Arbitration Location:
    · If you reside in the United States, arbitration will take place in the county where you reside or by remote proceedings, at your election.
    · If you reside outside the United States, arbitration will take place in the State of Georgia unless otherwise required by applicable law.

  • Opt-Out Right: You may opt out of this arbitration agreement by sending written notice to support@everahealth.app within thirty (30) days of first accepting these Terms. Your notice must include your name, the email address associated with your account, and a clear statement that you wish to opt out of arbitration. If you opt out, disputes will be resolved in accordance with the governing law and venue provisions of these Terms.

  • Severability: If any portion of this arbitration agreement is found unenforceable, the remaining provisions shall remain in effect, except that if the class action waiver is found unenforceable, the arbitration agreement shall be void as to that claim.

SECTION 22: Export Controls

  • The Services and related technology may be subject to export controls. You agree to comply with all applicable export laws and regulations.

SECTION 23: Notices, Communications, and Electronic Signatures

  • We may communicate with you via the contact information you provide or through in-product notices. By using the Services, you consent to electronic communications.

SECTION 24: General Provisions (Severability, Assignment, Entire Agreement)

  • Severability: If any part of these Terms is unenforceable, the remaining provisions stay in effect.

  • Assignment: You may not assign these Terms without our consent; we may assign them without restriction under certain conditions.

  • Entire Agreement: These Terms (together with the Privacy Policy and any DPA/BAA) constitute the entire agreement between you and Evera regarding the Services.

Appendix A: Data Flows 

  • Data Ingress: Data is transmitted in transit via TLS.

  • Data Storage: Data is stored with provider-level encryption at rest.

  • Processing: Server-side AI processing may occur with services such as Google Gemini.

  • Access: Access to Personal Data is restricted to authorized personnel with least-privilege access.

  • You acknowledge that AI-generated content may be incomplete, inaccurate, or outdated, and you assume all risk associated with reliance on such content.

  • Data Residency: Data residency and transfer mechanisms are described in Appendix B.

  • Data Minimization and Anonymization: Wherever feasible, Data Minimization and de-identification practices are applied.

Appendix B: Regulatory References

  • HIPAA/PHI handling and any applicable BAAs/BAA addenda.

  • CPRA/CCPA rights and obligations for California residents.

  • COPPA considerations for children’s privacy.

  • Government access and legal process references.

  • Data transfer mechanisms (e.g., SCCs, UK IDTA, etc.) and cross-border transfer considerations.

  • Governing law and dispute resolution references.

Appendix C: Security Controls and Subprocessors

  • Security controls: encryption (in transit and at rest), access control, monitoring, incident response, vulnerability management, patching, etc.

  • Subprocessors: Current list of subprocessors with processing purposes and compliance standards.

  • Security certifications and audits (if applicable): e.g., SOC 2, ISO 27001, etc.

  • Data breach notification timelines and procedures.