Terms & Conditions

01 Acceptance of Terms

These Terms & Conditions ("Terms") constitute a legally binding agreement between you ("User," "you") and MediByte, Inc. ("MediByte," "we," "us") governing your use of the HealthMint platform, including all related web and mobile applications, APIs, and connected services (collectively, the "Service").

If you do not agree with any part of these Terms, you must not use the Service or authorize access to your healthcare data. Your continued use of the Service after any modification to these Terms constitutes your acceptance of the revised Terms.

02 Description of Services

HealthMint is a personal health intelligence platform that aggregates your health and medical data from connected sources, analyzes it using artificial intelligence, and presents actionable insights to help you and your family make informed healthcare decisions.

Core services include:

• Aggregation of health data from connected insurance providers and wearable devices
• AI-powered analysis of claims, benefits, and health trends
• Family health management with consolidated views across household members
• Personalized health recommendations and benefit optimization suggestions
• Secure storage and organization of health records

03 Healthcare Data Authorization

What you are authorizing

When you connect a data source, you explicitly authorize MediByte to access, retrieve, store, and process the following categories of health data on your behalf:

• Insurance claims, Explanation of Benefits (EOB), and coverage details
• Prescription history and medication records
• Lab results, diagnostic reports, and clinical notes (where available)
• Wearable and fitness device data (activity, heart rate, sleep, etc.)
• Provider and care team information

Scope and duration

Your authorization permits ongoing data access for as long as the connection remains active. You may revoke authorization for any connected source at any time from your account settings. Revoking access stops future data retrieval but does not automatically delete previously collected data unless you also submit a deletion request.

Data use

Authorized data is used solely to provide, improve, and personalize the Service for you. MediByte does not sell your individually identifiable health information to third parties. Aggregate, de-identified data may be used for product improvement and research in accordance with our Privacy Policy.

04 HIPAA & Privacy

MediByte is a HIPAA-covered entity and treats Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (collectively, "HIPAA"). We maintain administrative, physical, and technical safeguards required by HIPAA's Security Rule.

Key commitments include:

• PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access to PHI is role-based and logged for audit purposes
• We execute Business Associate Agreements (BAAs) with all sub-processors handling PHI
• You have the right to access, correct, and request deletion of your PHI
• Breach notification will be provided as required by the HIPAA Breach Notification Rule

For full details on how we collect, use, and protect your information, please review our Privacy Policy.

05 Eligibility & Accounts

To use HealthMint you must:

• Be at least 18 years of age, or have verifiable parental or guardian consent
• Be a resident of the United States
• Provide accurate, complete, and current registration information
• Maintain the security of your account credentials

You are responsible for all activity that occurs under your account. Notify us immediately at [email protected] if you suspect unauthorized access to your account.

Authentication is provided via Microsoft Entra External ID. Your use of authentication services is also subject to Microsoft's applicable terms of service.

06 Family Accounts

HealthMint supports family accounts with an unlimited number of household members. The account holder who creates the family account ("Account Administrator") assumes responsibility for:

• Obtaining valid authorization and consent from each adult family member added to the account
• Ensuring appropriate parental or guardian consent for minor dependents
• Managing access permissions for each family member
• All activity conducted through the family account

Each adult family member added to the account will be asked to provide individual consent before their health data is accessed. Health data belonging to different family members is logically separated; the Account Administrator has view-only access to family member data as permitted by the connected data sources and applicable law.

07 Third-Party Integrations

HealthMint connects to third-party services to retrieve your health data. Current integrations include:

• Aetna — insurance claims, benefits, and coverage data via FHIR API
• Samsung Health — wearable activity and biometric data

Additional integrations are planned and will be disclosed at the time of connection. Your use of each integration is subject to the terms of service and privacy policies of those third-party providers. MediByte is not responsible for the accuracy or completeness of data provided by third parties, or for any changes those providers make to their data-sharing policies.

By connecting a third-party service, you represent that you have the right to authorize MediByte to access data held by that service on your behalf.

08 AI-Generated Insights

HealthMint uses large language model (LLM) AI technology to analyze your health data and generate personalized insights, summaries, and recommendations. You acknowledge and agree that:

• AI-generated insights are informational only and do not constitute medical advice
• AI outputs may contain errors, omissions, or outdated information
• You should consult a qualified healthcare provider before making any medical or clinical decisions
• Your health data submitted for analysis is processed through a de-identification pipeline before being sent to AI model providers; raw PHI is never transmitted to third-party AI services

MediByte makes no warranty regarding the accuracy, completeness, or fitness for purpose of any AI-generated insight.

09 Security & Data Storage

All data is stored and processed on Microsoft Azure infrastructure located within the United States. MediByte employs industry-standard security controls including:

• End-to-end encryption for data in transit and at rest
• Multi-factor authentication for all internal access to production systems
• Regular third-party security audits and penetration testing
• Automated monitoring and anomaly detection
• Disaster recovery and business continuity procedures

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is completely secure. You use the Service at your own risk.

10 Prohibited Uses

You agree not to use the Service to:

• Misrepresent your identity or impersonate another person
• Access another person's health data without their explicit consent
• Attempt to reverse engineer, scrape, or circumvent any security feature of the Service
• Use the Service for any unlawful purpose or in violation of any applicable regulation, including HIPAA
• Transmit malware, viruses, or other harmful code
• Interfere with the integrity or performance of the Service or its underlying infrastructure

Violation of these prohibitions may result in immediate account suspension and referral to law enforcement where appropriate.

11 Termination & Data Deletion

You may close your account at any time by contacting us at [email protected]. Upon account closure:

• All active data-source connections will be revoked
• Your personally identifiable data will be deleted within 30 days, subject to any legal retention obligations
• De-identified, aggregated data derived from your usage may be retained for product improvement purposes

MediByte reserves the right to suspend or terminate your account at its sole discretion if you violate these Terms, with or without prior notice.

You may also submit a standalone data deletion request at any time without closing your account by emailing [email protected].

12 Disclaimers & Liability

No medical advice

HealthMint is not a licensed medical provider. The Service and all content, insights, and recommendations are provided for informational purposes only. Always seek the advice of a qualified physician or other qualified health provider with any questions you may have regarding a medical condition.

Limitation of liability

To the maximum extent permitted by applicable law, MediByte and its officers, directors, employees, and agents shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses, resulting from your use or inability to use the Service.

Disclaimer of warranties

The Service is provided on an "as is" and "as available" basis without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

13 Changes to These Terms

We may update these Terms from time to time. When we make material changes, we will notify you by email or via a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Terms.

We encourage you to review these Terms periodically. The current version is always available at medibyte.ai/terms.

14 Contact Us

If you have questions about these Terms or wish to exercise your data rights, please reach out: