If you accept these Terms on behalf of a company, sponsor, contract research organization, pharmacovigilance vendor, or other entity, you represent that you have authority to bind that entity. Individual users accessing the services under Customer's account (Authorized Users) must comply with these Terms and any policies we publish.

Lydra provides a software-as-a-service platform for adverse event intake, pharmacovigilance workflow automation, AI-assisted medical content generation, and regulatory dossier preparation (collectively, the "Services"). The Services include our web applications, voice and telephony channels, APIs, AI models, and related support. Professional services or integrations may be provided as described in an applicable order form, statement of work, or MSA (Master Service Agreement) (each, an "Order"). The Services are decision-support tools; they are not medical devices and do not independently provide diagnosis or treatment.

• Customer must have legal capacity to enter into these Terms and any required BAA. Authorized Users must be at least 18 years old (or the age of majority in their jurisdiction).
• Customer is responsible for account information accuracy, for maintaining confidentiality of credentials, and for ensuring Authorized Users keep login details secure.
• Customer must implement least-privilege access controls, promptly deactivate departed Authorized Users, and notify Lydra of any unauthorized access or suspected compromise.

Pharmacovigilance obligations, regulatory submissions, and clinical decisions remain Customer's responsibility. Lydra provides workflow support and automation but does not determine case report outcomes or ensure compliance with 21 CFR Part 314/600, EMA GVP, or other jurisdictional requirements. Customer must validate all data produced through the Services before filing with regulators or using results in clinical contexts.

When the Services process protected health information (PHI) on behalf of a HIPAA covered entity, Customer must execute a BAA with Lydra. Lydra will comply with the BAA and applicable HIPAA regulations. Customer must obtain required authorizations to transmit PHI and ensure disclosures follow the minimum necessary standard.

"Customer Data" means all data, content, and information submitted to or generated within the Services by or for Customer, including PHI, personal data, adverse event narratives, audio recordings, transcripts, attachments, structured case data, usage logs, and configuration. Customer retains ownership of Customer Data.

Customer grants Lydra and its subprocessors a worldwide, non-exclusive, royalty-free license to host, process, transmit, translate, display, and otherwise use Customer Data solely to provide, secure, maintain, support, and improve the Services; to develop anonymized or de-identified insights; and to meet legal or regulatory obligations. Lydra will not disclose Customer Data except as described in these Terms, the Privacy Policy, the BAA, or as instructed by Customer.

Lydra may derive de-identified or aggregated data (Derived Data) that does not identify Customer or any individual. Lydra may use Derived Data to improve the Services, develop new features, or publish benchmarks, provided Derived Data does not include personal data or PHI.

Customer and Authorized Users must comply with the following Acceptable Use obligations. You will not:

• Automated outputs may contain errors or bias; human review is required before using outputs for regulatory submissions, patient communications, or safety decisions.
• Lydra documents model versions, validation controls, and change management appropriate to the Services and their intended use, and does not provide medical advice.
• Customer must configure workflows to ensure qualified personnel review automated decision support.
• Lydra may use Customer Data to fine-tune models solely for Customer's benefit; broader use requires consent and relies on de-identified or synthetic data.
• Lydra provides transparency features (confidence scoring, audit trails). Customer must retain or export records needed for compliance.

Customer may enable integrations with third-party systems. Lydra is not responsible for third-party services; Customer's use of them is governed by third-party terms. Lydra maintains a list of subprocessors that support the Services. Customer authorizes Lydra to engage subprocessors, subject to written agreements imposing data protection obligations no less protective than these Terms and any BAA.

Lydra implements administrative, technical, and physical safeguards aligned with the HIPAA Security Rule, SOC2 controls, and good machine learning practices. If Lydra becomes aware of a security incident involving Customer Data, we will notify Customer without undue delay, provide information reasonably requested for investigation, and cooperate on mitigation. Customer must promptly notify Lydra of any suspected credential compromise or unauthorized disclosure of Customer Data.

Lydra will reasonably cooperate with Customer's regulatory obligations, including providing documentation, audit trails, and attestations necessary for pharmacovigilance, HIPAA, or GDPR compliance. Upon reasonable advance notice and no more than once per 12-month period (unless required by law), Customer may audit Lydra's compliance with the BAA and these Terms. Audits must occur during normal business hours, avoid disrupting operations, and protect confidentiality. Customer bears audit costs unless an audit reveals a material breach by Lydra.

Fees, billing cadence, and payment terms are described in the applicable Order. Unless otherwise stated, fees are invoiced annually in advance and due net 30 days. Late payments may incur a 1.5% monthly finance charge (or the maximum allowed by law) plus collection costs. Fees are non-refundable except as expressly stated. Taxes are Customer's responsibility. Usage-based charges are billed monthly in arrears.

The Subscription Term begins on the effective date of the first Order or account creation and continues for the period stated in the Order. Subscriptions renew automatically unless either party gives written notice of non-renewal at least 30 days before the current term ends. Lydra may suspend or limit access immediately if Customer breaches these Terms or the BAA, fails to pay undisputed fees, poses a security risk, or if required by law. Each party may terminate for cause if the other party materially breaches and does not cure within 30 days of written notice. Upon termination, Customer must stop using the Services; outstanding fees remain payable. Sections intended to survive termination do so.

During the Subscription Term and for 30 days after termination, Customer can export data via available APIs or request an export. After this period, Lydra may delete or anonymize Customer Data unless retention is required by law. If Customer requests earlier deletion, Lydra will delete Customer Data within a commercially reasonable timeframe, subject to legal retention needs.

Each party may receive confidential information from the other. The recipient will use confidential information only to perform obligations under these Terms, protect it with at least reasonable care, and not disclose it except to personnel, advisors, or subprocessors under confidentiality obligations. Disclosures compelled by law are permitted with prompt notice (if legally allowed) and cooperation on protective measures. Exclusions apply to information that is public, independently developed, or lawfully obtained from another source.

Lydra owns all rights, title, and interest in the Services, documentation, AI models, and underlying technology. Customer owns Customer Data. No additional rights transfer except as stated. Feedback provided by Customer or Authorized Users may be used by Lydra without restriction or compensation.

• Each party warrants that it has authority to enter these Terms and that performance will comply with applicable law.
• Lydra warrants that during the Subscription Term the Services will conform in all material respects to documentation and that professional services will be performed in a professional and workmanlike manner. Customer's exclusive remedy is re-performance or a pro-rata refund if Lydra cannot cure within 30 days.
• Except for express warranties, the Services are provided "as is" Lydra disclaims implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement, and does not guarantee uninterrupted or error-free operation.

Lydra will defend Customer against third-party claims alleging that the Services infringe intellectual property rights, subject to exclusions for claims arising from Customer Data, unauthorized modifications, or combinations. Lydra may modify the Services, procure rights, or terminate impacted features with a refund.

Customer will defend Lydra against third-party claims arising from Customer Data, use of the Services in violation of these Terms, or breach of the BAA or applicable law. Each party will pay damages and reasonable attorney fees finally awarded. The indemnified party must provide prompt notice, permit control of the defense, and cooperate.

• Neither party is liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, revenues, goodwill, or data, even if aware such damages were possible.
• Lydra's aggregate liability under these Terms will not exceed the amount paid or payable by Customer to Lydra during the 12 months preceding the event giving rise to liability.
• The limitations do not apply to indemnification obligations, breaches of confidentiality, violations of the Acceptable Use section, or Customer's payment obligations.

We may update the Services, including adding or removing features, provided changes do not materially reduce core functionality during a Subscription Term. We may update these Terms by posting a revised version and updating the date above. For material changes, we will provide at least 30 days' notice via email or in-product message. Continued use after the effective date constitutes acceptance. If Customer does not agree to a material change that materially degrades the Services, Customer may terminate the affected Order within 30 days for a pro-rata refund. Notwithstanding the foregoing, Lydra may implement changes required by law or necessary to address a material security risk immediately upon notice.

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles. Disputes not resolved informally will be submitted to binding arbitration administered by the American Arbitration Association under its Commercial Arbitration Rules in San Francisco, California, before a single arbitrator. Judgment may be entered in any court of competent jurisdiction. Either party may seek injunctive or equitable relief to protect confidentiality or intellectual property. If Customer is a U.S. government entity, this section applies only to the extent permitted by law. The parties waive their right to a jury trial.

Disputes must be brought in an individual capacity; neither party will participate in a class or representative action. If this waiver is found unenforceable, the arbitration clause is void and disputes will be heard in state or federal courts located in San Francisco, California.

If Customer is a U.S. government entity or contractor, the Services are "commercial items" as defined at 48 C.F.R. § 2.101 and are provided with the same rights and restrictions applicable to non-government customers.

Customer must comply with all export, re-export, and import laws, including the Export Administration Regulations and trade sanctions. Customer represents that it is not located in, and will not allow access from, any restricted territory or to any restricted party under U.S. law.

Notices to Lydra must be sent to legal@lydra.ai with a copy to Lydra AI, 2261 Market Street, Suite 85553, San Francisco, CA, 94114., United States. We may send notices to the email address on file for Customer's primary contact. Notices are deemed given when received (or, for email, when sent if no bounce-back is received).

• Order of precedence: BAA > Order > these Terms > documentation.
• The parties are independent contractors; these Terms do not create a partnership, joint venture, fiduciary, or employment relationship.
• Customer may not assign without Lydra's consent except to an affiliate or successor not considered a direct competitor and that assumes all obligations. Lydra may assign to an affiliate or in a merger or asset sale.
• If a provision is unenforceable, it will be modified to the minimum extent necessary; the remainder remains in effect. Failure to enforce a provision is not a waiver. Neither party is liable for failure to perform due to events beyond reasonable control, provided they mitigate and resume performance promptly.

For questions about these Terms or the Services, email legal@lydra.ai. For security incidents, contact security@lydra.ai. For HIPAA-related inquiries, contact hipaa-privacy@lydra.ai.