Terms of Service

1. Overview of Services

Curo provides an AI-powered voice communication platform designed for healthcare organizations. The Services may include, but are not limited to:

• AI-powered inbound and outbound call handling
• Appointment scheduling, rescheduling, and cancellation
• Integration with electronic medical record (EMR) systems
• Call routing, transfer, and escalation
• Call recording, transcription, and analytics
• Outbound workflow automation (reminders, follow-ups, recall campaigns)
• Reporting dashboards and performance analytics

The Services are designed to assist healthcare organizations with patient communications and operational efficiency. The Services do not provide medical advice, clinical diagnoses, treatment recommendations, or clinical decision-making of any kind.

2. Eligibility and Account Registration

To use the Services, you must:

• Be at least 18 years of age
• Have the legal authority to enter into this Agreement
• Provide accurate, current, and complete information during registration
• Maintain the security and confidentiality of your account credentials

You are responsible for all activity that occurs under your account, including activity by Authorized Users. You must notify us immediately at support@curoai.com if you become aware of any unauthorized use of your account.

"Authorized Users" means your employees, contractors, and agents who are authorized by you to access and use the Services on your behalf. You are responsible for ensuring that all Authorized Users comply with these Terms.

3. Service Agreements and Order Forms

Access to the Services is governed by these Terms and by any applicable Order Form, Statement of Work, or service agreement executed between you and Curo (collectively, "Order Form"). The Order Form will specify the scope of Services, fees, term, and any additional terms specific to your deployment.

In the event of a conflict between these Terms and an Order Form, the Order Form will control with respect to the subject matter of that Order Form, except that the Order Form may not reduce or eliminate Curo's obligations regarding data security, HIPAA compliance, or breach notification.

4. Fees and Payment

Fees for the Services are set forth in the applicable Order Form. Unless otherwise specified:

• Fees are invoiced monthly in advance and are due within thirty (30) days of the invoice date.
• All fees are quoted in U.S. dollars and are exclusive of applicable taxes.
• Late payments accrue interest at the lesser of 1.5% per month or the maximum rate permitted by applicable law.
• Curo reserves the right to suspend access to the Services if payment is more than thirty (30) days overdue, upon ten (10) days' prior written notice.
• Fees are non-refundable except as expressly set forth in the Order Form or required by applicable law.
• Curo may adjust fees upon renewal of the applicable term by providing at least sixty (60) days' prior written notice. Fee adjustments will not apply during a current term unless mutually agreed in writing.

5. Customer Responsibilities

You are responsible for:

6. HIPAA Compliance and Business Associate Agreement

Where you are a Covered Entity or Business Associate under HIPAA and the Services involve the creation, receipt, maintenance, or transmission of Protected Health Information ("PHI"), the following applies:

• Curo will execute a Business Associate Agreement ("BAA") with you prior to processing PHI. The BAA is incorporated into and forms part of this Agreement.
• Curo will use and disclose PHI only as permitted or required by the BAA, these Terms, and applicable law.
• Curo will implement administrative, physical, and technical safeguards to protect PHI in accordance with the HIPAA Security Rule.
• Curo adheres to the HIPAA minimum necessary standard and will access only the minimum PHI required to perform the Services.
• In the event of a conflict between the BAA and these Terms, the BAA will control with respect to the use and protection of PHI.

You acknowledge that you are responsible for determining whether a BAA is required and for executing the BAA prior to transmitting PHI through the Services. If you transmit PHI through the Services without an executed BAA, you assume all risk and liability associated with such transmission.

7. Voice Data and Call Recordings

The Services involve the recording and transcription of voice calls. The following terms apply to all voice data:

8. AI-Specific Terms

The Services use artificial intelligence, including natural language processing, speech-to-text, text-to-speech, and conversational AI technologies. You acknowledge and agree to the following:

9. Intellectual Property

10. Data Security

Curo implements and maintains administrative, technical, and organizational security measures designed to protect Customer Data and PHI:

• Encryption. TLS 1.3 for data in transit. AES-256 for data at rest.
• Access controls. Role-based access with least-privilege principles. Multi-factor authentication required for all internal systems accessing Customer Data or PHI.
• Certifications. Curo maintains SOC 2 Type II certification, audited annually by an independent third-party auditor.
• Infrastructure. Data is processed and stored in the United States in data centers that maintain SOC 2 and/or ISO 27001 certifications.
• Monitoring. Continuous security monitoring, intrusion detection, and logging.
• Workforce. All Curo personnel with access to Customer Data or PHI undergo background checks and complete security and privacy training upon hire and annually thereafter.
• Penetration testing. Curo conducts regular penetration testing and vulnerability assessments.

11. Confidentiality

Each party ("Receiving Party") agrees to protect the confidential information of the other party ("Disclosing Party") using at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care. Confidential information includes all non-public information disclosed by either party, including business plans, pricing, technology, Customer Data, and PHI.

Confidential information does not include information that: (a) is or becomes publicly available without breach of this Agreement; (b) was known to the Receiving Party prior to disclosure; (c) is received from a third party without restriction on disclosure; or (d) is independently developed without use of the Disclosing Party's confidential information.

Confidentiality obligations survive termination of this Agreement for a period of three (3) years, except that obligations regarding PHI survive indefinitely as required by HIPAA.

12. Warranties and Disclaimers

Except as expressly set forth in this section, the services are provided "as is" and "as available." Curo disclaims all other warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, title, and non-infringement. Curo does not warrant that the services will be uninterrupted, error-free, or completely secure. Curo does not warrant the accuracy of AI-generated outputs, including speech recognition, transcription, and natural language understanding.

13. Limitation of Liability

To the maximum extent permitted by applicable law:

Neither party shall be liable for any indirect, incidental, special, consequential, or punitive damages, including damages for lost profits, lost revenue, lost data, business interruption, or loss of goodwill, arising out of or related to this agreement, whether based on warranty, contract, tort, strict liability, or any other legal theory, even if the party has been advised of the possibility of such damages.

Except for (a) either party's breach of confidentiality obligations, (b) Curo's breach of its security or HIPAA obligations, (c) either party's indemnification obligations, or (d) either party's gross negligence or willful misconduct, each party's total aggregate liability arising out of or related to this agreement shall not exceed the greater of (i) the total fees paid or payable by you to Curo in the twelve (12) months immediately preceding the event giving rise to the claim, or (ii) one hundred dollars ($100).

14. Indemnification

Each party's indemnification obligations are conditioned on the indemnified party: (i) providing prompt written notice of the claim; (ii) granting the indemnifying party sole control of the defense and settlement; and (iii) providing reasonable cooperation at the indemnifying party's expense.

15. Term and Termination

16. Governing Law

This Agreement and any dispute arising out of or relating to it will be governed by and construed in accordance with the laws of the Commonwealth of Pennsylvania, without regard to its conflict of laws principles. HIPAA and other applicable federal laws will apply where required regardless of choice of law.

17. Dispute Resolution

18. Service Level Agreement

Curo will use commercially reasonable efforts to maintain 99.9% uptime for the Services, measured monthly, excluding scheduled maintenance windows. Scheduled maintenance will be communicated at least forty-eight (48) hours in advance when practicable. Service level credits, if any, will be specified in the applicable Order Form.

19. Modifications to Terms

Curo may update these Terms from time to time. If we make material changes, we will provide at least thirty (30) days' prior notice by posting the updated Terms on our website and, where practicable, by email to the administrative contact on your account. Your continued use of the Services after the effective date of the updated Terms constitutes your acceptance. If you do not agree with the updated Terms, your sole remedy is to terminate your use of the Services.

20. Miscellaneous

21. Contact Us

If you have questions regarding these Terms, contact us at: