End User License Agreement (EULA)

1. INTRODUCTION

This End User License Agreement ("Agreement") is a legally binding agreement between you ("User" or "End-User") and Dr. M. Choundappan ("Licensor" or "Developer"), located at:

Vanitha Hospital
3/231, Sankagiri Main Road
Kondalampatty, Salem
Tamil Nadu – 636002
India

This Agreement governs your use of the SurgMD mobile application ("Application").

By downloading, installing, or using the Application via the Apple App Store or Google Play Store ("Services"), you agree to be bound by this Agreement.

2. ACKNOWLEDGEMENT

• This Agreement is between the User and the Developer only
• Apple Inc. and Google LLC are not parties to this Agreement
• The Developer is solely responsible for:
  • The Application
  • Its content
  • Maintenance and support
  • Warranty and liability

This Agreement does not supersede:

• Apple Media Services Terms and Conditions
• Google Play Terms of Service

3. THE APPLICATION

SurgMD is a digital clinical logging and productivity application intended for use by licensed healthcare professionals to:

• Document clinical and surgical cases
• Maintain structured logs for personal and professional reference
• Organize case-related images and notes
• Optionally, enter case data using voice input (see Section 8.6)

The Application is not intended to function as a regulated Electronic Medical Record (EMR) system.

4. SCOPE OF LICENSE

Subject to compliance with this Agreement, the Developer grants you a limited, non-exclusive, non-transferable, and non-sublicensable license to install and use the Application.

You may:

• Use the Application for personal logging of cases

You may NOT:

• Use the Application in a healthcare setting, including but not limited to hospitals or clinics, as an Electronic Medical Record (EMR) system
• Sell, rent, lease, sublicense, or redistribute the Application
• Reverse engineer, decompile, or attempt to extract source code
• Use the Application in violation of applicable laws or medical regulations

This license also applies to updates unless otherwise specified.

5. TECHNICAL REQUIREMENTS

Use of the Application requires:

• Compatible iOS or Android device
• Internet connectivity for certain features
• Updated operating system versions

The Developer shall not be liable for issues arising from unsupported devices or outdated software.

6. MAINTENANCE AND SUPPORT

The Developer may, at its sole discretion, provide maintenance and support services. Apple and Google have no obligation to provide such services.

7. CLINICAL AND REGULATORY DISCLAIMER

7.1 No Medical Advice or Diagnostic Services

The Application is a clinical productivity tool and does not provide medical advice, diagnosis, or treatment recommendations. All clinical decisions remain the sole responsibility of the User. Use of the Application does not establish any doctor-patient relationship with the Developer.

7.2 Accuracy of Clinical Data

The User is solely responsible for the accuracy, completeness, and integrity of all data entered. The Developer shall not be liable for any medical errors, complications, or professional negligence resulting from inaccurate or delayed data entry.

7.3 Geographic Restrictions

The Application is intended for use in India and select Southeast Asian regions. It is not designed to comply with regulatory frameworks such as HIPAA, GDPR, or UK Data Protection laws. Users in restricted jurisdictions (including the United States, Canada, the United Kingdom, and the European Union) are prohibited from uploading protected health information. The Developer disclaims all liability arising from such use.

8. DATA USE, SECURITY, AND RESPONSIBILITY

8.1 Data Responsibility

The User is responsible for ensuring compliance with applicable patient privacy laws and for obtaining necessary patient consent prior to uploading any clinical data.

8.2 Data Security and User Responsibility

The Application employs client-side AES-256 encryption, meaning your case data and clinical media are encrypted on your device before they are transmitted to or stored on our servers. This ensures that your data remains unreadable to any third-party processor, even in the event of a server-side breach or ransomware attack.

While the Application employs these security measures, the User is responsible for:

• Maintaining confidentiality of login credentials
• Preventing unauthorized access
• Ensuring compliance with local data protection regulations

8.3 Responsibility for Device Security

The User is solely responsible for securing the device used to access the Application, including the use of biometric authentication, passcodes, and safeguarding against unauthorized access.

8.4 Encryption Recovery Codes

Upon enabling encryption, the Application generates a unique Recovery Code tied to the User's encryption key. This code is the only means of decrypting your data in the event of device loss, account migration, or a system-level incident such as a ransomware attack. The Developer does not store, escrow, or have any access to Recovery Codes. The User is solely responsible for:

• Storing the Recovery Code in a secure location outside the Application (e.g., a password manager, printed and stored in a secure physical location)
• Ensuring the Recovery Code is not lost — a lost Recovery Code means permanent, irrecoverable loss of all encrypted data
• Never sharing the Recovery Code with any unauthorised person

The Developer shall bear no liability for data loss arising from the User's failure to retain their Recovery Code.

8.5 Automated Encrypted Backups and User Export Responsibility

SurgMD maintains automated encrypted backups of case metadata (via Supabase) and clinical media (via AWS). These backups are encrypted with the same client-side key and therefore require the User's Recovery Code to decrypt. In the event of a ransomware attack or catastrophic data loss, backup restoration is only possible if the User retains their Recovery Code.

The User is strongly advised to export their data at regular intervals using the in-app "Export Data" function. Data exported in this manner is provided in decrypted form, giving the User a human-readable, portable copy of their records that is independent of the Application's encryption infrastructure. Such exports should be stored on a secure physical drive or hospital-approved server. The Developer shall not be liable for data loss resulting from the User's failure to perform regular exports.

8.6 Voice Entry and Third-Party Audio Processing

The Application includes an optional voice entry feature that allows clinical data to be dictated via the device microphone. This feature is disabled by default and must be explicitly enabled by the User in the Application's Settings.

When voice entry is enabled and in use, audio recordings are transmitted to third-party service providers for speech-to-text transcription. The Application currently uses Groq, Inc. ("Groq") and Deepgram, Inc. ("Deepgram") as service providers. The Developer may use either service or both in combination for audio processing based on operational, performance, or availability requirements. By enabling this feature, the User acknowledges and agrees that:

• Audio — including any patient-related information spoken during dictation — will be transmitted to Groq and/or Deepgram's servers for processing
• The User is solely responsible for ensuring that such transmission is permissible under applicable patient privacy laws and that appropriate patient consent has been obtained before dictating any identifiable patient information
• The Developer does not control Groq's or Deepgram's data handling practices; the User should review their respective privacy policies before enabling this feature:
  • Groq's Privacy Policy
  • Deepgram's Privacy Policy
• The Developer shall bear no liability for any breach, misuse, or unauthorised disclosure of data that occurs at Groq's or Deepgram's end
• The Developer reserves the right to change, modify, or switch between third-party service providers at any time without prior notice to optimize performance, security, or cost

The voice entry feature may be disabled at any time from Settings.

9. USER-GENERATED CONTENT

The User retains ownership of all uploaded content but grants the Developer a limited license to store, process, and display such data solely for Application functionality.

10. DATA DELETION AND IRREVERSIBILITY

The Application provides a two-step account deletion process.

Upon final confirmation:

• All user data, including clinical logs, images, and patient records, will be permanently deleted
• Data will be removed from all systems, including third-party services such as Supabase and Cloudflare R2

This action is irreversible.

The Developer shall not be liable for:

• Loss of data
• Inability to recover deleted records
• Any professional consequences resulting from deletion

11. SERVICE AVAILABILITY

The Application is provided on an "as-is" and "as-available" basis.

It is not intended for:

• Emergency use
• Life-critical clinical decision-making
• Primary record-keeping in critical care environments
• Primary backup of user data

The Developer shall not be liable for:

• Downtime
• Server interruptions
• Inaccessibility during clinical procedures

12. MODIFICATIONS TO THE SERVICE

The Developer reserves the right to:

• Modify features
• Update functionality
• Suspend services temporarily

The Developer shall not be liable for workflow disruptions caused by:

• Application updates
• Changes in dependencies (e.g., Flutter/Dart environment)
• Third-party API changes

13. LIABILITY AND LIMITATION OF DAMAGES

To the maximum extent permitted by law:

• Data Redundancy: The User acknowledges that SurgMD is not a primary media or patient record backup solution. The Developer shall not be liable for any loss of data (media or text) resulting from the User’s failure to maintain independent copies on a physical drive or failure to utilize the in-app "Export Data" function regularly.
• No Clinical Liability: The Developer is not responsible for clinical decisions, patient outcomes, or medico-legal issues arising from the use of the licensed software.
• The Developer shall not be liable for indirect, incidental, or consequential damages.
• Total liability shall not exceed the amount paid by the User in the preceding 18 months for annual subscribers, or the preceding 3 months for monthly subscribers, calculated from the date of the event giving rise to the claim.

14. PROFESSIONAL INDEMNITY

The User agrees to indemnify and hold harmless the Developer from any claims, damages, or legal costs arising from:

• Medical malpractice claims
• Professional negligence
• Unauthorized disclosure of patient information
• Violation of medical council or regulatory guidelines

15. TERMINATION

This Agreement remains effective until terminated.

It will terminate automatically if the User violates any terms. Upon termination, the User must cease all use and delete the Application.

16. THIRD-PARTY TERMS

Use of the Application is subject to:

• Apple App Store terms
• Google Play Store terms
• Groq's Privacy Policy — applicable when the optional voice entry feature is enabled
• Deepgram's Privacy Policy — applicable when the optional voice entry feature is enabled

17. INTELLECTUAL PROPERTY

All rights, title, and interest in the Application remain the exclusive property of the Developer.

18. APPLICABLE LAW

This Agreement shall be governed by the laws of India, with jurisdiction in Tamil Nadu.

19. CONTACT INFORMATION

Dr. M. Choundappan
Vanitha Hospital
Salem, Tamil Nadu, India

20. MISCELLANEOUS

• If any provision is invalid, the remainder remains enforceable
• Failure to enforce any right shall not constitute waiver
• This Agreement constitutes the entire agreement between the parties