Anchor Terms of Service
Effective Date: [PLACEHOLDER: Insert effective date before publishing] Last Updated: [PLACEHOLDER: Insert last-updated date]
1. Acceptance
These Terms of Service ("Terms") form a legally binding agreement between Safety Harmonics, Inc. ("Safety Harmonics," "we," "us," or "our") and the organization or individual accessing the Anchor platform ("Customer," "you," or "your"). By registering for or using Anchor, you agree to these Terms. If you are using Anchor on behalf of an organization, you represent that you have authority to bind that organization to these Terms.
If you do not agree to these Terms, do not use the Service.
These Terms incorporate by reference:
- Our Privacy Policy
- Our Acceptable Use Policy (Section 7 below)
- Any Order Form, Statement of Work, or executed Master Service Agreement (collectively, the "Order") — which governs in the event of a conflict with these Terms
2. Definitions
| Term | Meaning |
|---|---|
| Anchor or Service | The incident documentation, root cause analysis, and organizational learning platform operated by Safety Harmonics, including all web interfaces, APIs, and AI-assisted features. |
| Customer Data | All data, content, and information uploaded, entered, imported, or generated by you or your Users in connection with the Service, including incident records, debrief transcripts, evidence sources, RCA content, and AI-generated outputs derived therefrom. |
| Personal Data | Information that identifies or is reasonably linkable to an individual person, as defined under applicable privacy law. |
| Protected Health Information (PHI) | Health information that identifies or could identify an individual, as defined under HIPAA. |
| User | An individual authorized by Customer to access and use the Service under Customer's account. |
| Authorized Use | Use of the Service for Customer's internal incident documentation, post-incident review, root cause analysis, and organizational learning activities, consistent with these Terms. |
| Documentation | Technical and operational documentation for the Service provided by Safety Harmonics at https://safetyharmonics.com/docs. |
3. License and Access
License grant. Subject to these Terms and timely payment of applicable fees, Safety Harmonics grants Customer a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Service during the subscription term, solely for Authorized Use.
Users. Customer may authorize its employees, contractors, and agents to use the Service as Users. Customer is responsible for all Users' compliance with these Terms. User access is limited to the scope of Customer's subscription.
Restrictions. Customer may not:
- Resell, sublicense, or otherwise make the Service available to third parties outside Customer's organization;
- Reverse engineer, decompile, or attempt to extract source code from the Service;
- Modify, adapt, or create derivative works of the Service;
- Use automated tools to scrape, extract, or index data from the Service outside of officially provided APIs;
- Use the Service to develop a competing product or service;
- Remove or obscure any proprietary notices in the Service;
- Interfere with or disrupt the integrity or performance of the Service.
4. Customer Data
Ownership. Customer retains all ownership rights in Customer Data. Safety Harmonics claims no ownership over Customer Data.
License to Safety Harmonics. Customer grants Safety Harmonics a limited, non-exclusive license to access, process, copy, and use Customer Data solely to provide the Service to Customer, fulfill Safety Harmonics' legal obligations, and as otherwise directed by Customer. This license terminates when Customer Data is deleted per Section 4 (Deletion) or when the subscription terminates.
No use for AI training. Customer Data is not used to train, fine-tune, or otherwise improve any AI or machine learning model, whether operated by Safety Harmonics or any third-party sub-processor. Safety Harmonics will not use Customer Data to improve services provided to other customers.
Customer responsibility. Customer is responsible for:
- Ensuring it has the right to collect and submit Customer Data to the Service;
- The accuracy, quality, and legality of Customer Data;
- Using the Service in compliance with applicable law, including obtaining required consents from participants in debrief sessions;
- Configuring access controls and user permissions within its account.
Deletion and export. Following termination or expiration of your subscription, Safety Harmonics will provide Customer with 60 days to export Customer Data. After this period, Safety Harmonics will delete Customer Data from production systems. Backup copies are deleted within 90 days thereafter. Safety Harmonics will provide written confirmation of deletion upon request. Customer Data subject to legal holds or statutory retention obligations is exempted from routine deletion at Customer's written request.
Export formats. Customer Data exports are provided in JSON and CSV format. Contact support@safetyharmonics.com to request an export.
5. AI-Assisted Features
Anchor provides AI-assisted features including automated synthesis, AI-facilitated debrief interviews, root cause analysis guidance, learning proposals, and tag suggestions. These features are currently powered by the Anthropic API. A migration to AWS Bedrock (HIPAA-eligible) is planned.
Data processing. When you use AI-assisted features, Customer Data relevant to the requested task is transmitted to the AI inference provider to generate the output. The provider processes this data as a sub-processor and does not use API data to train foundation models.
No warranty on AI outputs. AI-generated outputs are provided for informational and workflow assistance purposes only. They are not professional advice (legal, medical, clinical, or otherwise). Safety Harmonics makes no warranty regarding the accuracy, completeness, or fitness for purpose of any AI-generated output. Customer is responsible for reviewing AI-generated content before acting on it.
HIPAA and regulated data. The current AI provider (Anthropic API) does not offer a HIPAA BAA. Customers must not submit Protected Health Information (PHI) to AI-assisted features until the planned migration to AWS Bedrock is complete. After migration, customers who are Covered Entities under HIPAA and have executed a BAA with Safety Harmonics may submit PHI to AI-assisted features. Contact hipaa@safetyharmonics.com for current status. See Section 12 (HIPAA and Regulated Data) and our Privacy Policy Section 14.
6. Account Registration and Security
Registration. To use the Service, you must register for an account and provide accurate information. Organizations are required to authenticate through our identity provider (Clerk). You agree to keep your account information current.
Account security. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify us immediately at security@safetyharmonics.com if you become aware of any unauthorized access to your account.
Debrief participants. Debrief sessions require authenticated participants. Organizations are responsible for ensuring that all debrief participants have been added to the session and have the appropriate access before a debrief begins.
7. Acceptable Use
You may use the Service only for lawful purposes consistent with these Terms. You agree not to use the Service:
In ways that harm others or violate the law
- In violation of any applicable federal, state, local, or international law or regulation;
- To transmit any content that is defamatory, fraudulent, harassing, abusive, threatening, obscene, or otherwise objectionable;
- To infringe any intellectual property, privacy, or other rights of third parties;
- To impersonate any person or organization or misrepresent your affiliation;
- To generate false, fabricated, or materially misleading incident records.
In ways that harm the Service
- To upload or transmit viruses, malware, or any other harmful code;
- To interfere with, disrupt, or overload the Service or its infrastructure;
- To probe, scan, or test the vulnerability of the Service without our prior written authorization;
- To circumvent any access controls, authentication, or security measures.
For prohibited data types (without required agreements)
- To upload or process Protected Health Information (PHI) under HIPAA without an executed Business Associate Agreement with Safety Harmonics;
- To upload or process Criminal Justice Information (CJI) as defined by the CJIS Security Policy without a written agreement establishing the applicable security requirements;
- To re-identify de-identified data.
Safety Harmonics reserves the right to suspend or terminate any account that violates this Acceptable Use Policy, with or without prior notice, depending on the severity of the violation.
8. Fees and Payment
Subscription fees. Customer agrees to pay the fees set forth in the applicable Order Form. All fees are due in advance of the subscription period unless otherwise stated in the Order.
Invoicing. [DECISION NEEDED — ANC-163: Describe billing cycle, invoice terms, and accepted payment methods before activating paid tiers.]
Late payment. Unpaid invoices are subject to 1.5% monthly interest or the maximum rate permitted by law, whichever is lower. Safety Harmonics reserves the right to suspend access to the Service for overdue accounts after 30 days' written notice.
Taxes. Fees are exclusive of applicable taxes. Customer is responsible for all sales, use, VAT, GST, and similar taxes arising from the transaction, excluding taxes on Safety Harmonics' income.
No refunds. Except as required by law or as expressly stated in your Order, all fees are non-refundable.
Fee changes. Safety Harmonics may change fees for future subscription periods with 60 days' advance written notice.
9. Confidentiality
Mutual obligations. Each party ("Receiving Party") agrees to protect the other party's confidential information ("Disclosing Party's Confidential Information") using at least the same care it uses to protect its own confidential information, but in no event less than reasonable care. Each party agrees not to use the other's Confidential Information except as necessary to perform its obligations or exercise its rights under these Terms.
Confidential Information means any non-public technical, business, or operational information disclosed by one party to the other that is marked as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure.
Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the Receiving Party; (b) the Receiving Party already knew before disclosure; (c) is independently developed without use of Confidential Information; or (d) is rightfully received from a third party without a duty of confidentiality.
Compelled disclosure. The Receiving Party may disclose Confidential Information to the extent required by law or court order, provided it gives the Disclosing Party prompt written notice (where legally permitted) and reasonably cooperates with the Disclosing Party's efforts to limit the scope of disclosure.
Customer Data. All Customer Data is deemed Customer's Confidential Information. Safety Harmonics will not access Customer Data except to provide the Service, prevent or respond to technical or security issues, or at Customer's request.
10. Intellectual Property
Safety Harmonics IP. Safety Harmonics retains all right, title, and interest in the Service, including all software, models, interfaces, documentation, and underlying technology. Nothing in these Terms grants Customer any rights in Safety Harmonics IP except the limited license described in Section 3.
Feedback. If Customer provides suggestions, ideas, or feedback regarding the Service ("Feedback"), Safety Harmonics may use that Feedback without restriction or compensation to Customer. Feedback does not include Customer Data.
Customer IP. Customer retains all right, title, and interest in Customer Data and in Customer's organization name, logos, and marks. Nothing in these Terms grants Safety Harmonics any rights in Customer IP except the limited license described in Section 4.
11. Security
Safety Harmonics maintains reasonable technical and organizational measures designed to protect Customer Data from unauthorized access, disclosure, alteration, or destruction. A description of our security practices is available at https://safetyharmonics.com/security.
Security incidents. In the event of a confirmed security incident affecting Customer Data, Safety Harmonics will notify Customer without undue delay and in accordance with applicable law (no later than 72 hours of discovery for incidents triggering GDPR breach notification obligations). Notification will include the nature of the incident, categories of data affected, likely consequences, and measures taken.
12. HIPAA and Regulated Data
HIPAA. If Customer is a Covered Entity or Business Associate under HIPAA and Customer's use of Anchor involves Protected Health Information (PHI), Customer must execute a Business Associate Agreement (BAA) with Safety Harmonics before uploading or processing PHI in the Service. Contact hipaa@safetyharmonics.com to request a BAA.
AI features and PHI. Anchor's AI-assisted features currently use the Anthropic API, which does not offer a HIPAA BAA. Customers must not submit PHI to AI-assisted features until the planned migration to AWS Bedrock is complete. After migration, customers who have executed a BAA with Safety Harmonics may submit PHI to AI-assisted features consistent with the terms of that agreement.
CJIS. Anchor is not currently certified under the FBI Criminal Justice Information Services (CJIS) Security Policy. Customers must not use Anchor to store or transmit Criminal Justice Information (CJI) as defined by the CJIS Security Policy without a separate written agreement establishing applicable security requirements.
Customer responsibility. Customer is responsible for determining whether its use of Anchor triggers HIPAA, CJIS, or other regulatory obligations, and for ensuring compliance before uploading regulated data.
13. Warranties and Disclaimers
Safety Harmonics warrants that:
- The Service will perform materially in accordance with the Documentation under normal use;
- Safety Harmonics will maintain reasonable security measures to protect Customer Data as described in Section 11;
- Safety Harmonics has the authority to enter into these Terms and perform its obligations.
DISCLAIMER. EXCEPT AS EXPRESSLY STATED ABOVE, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." SAFETY HARMONICS AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. SAFETY HARMONICS DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR FREE OF HARMFUL COMPONENTS, OR THAT ANY DEFECTS WILL BE CORRECTED.
AI outputs. AI-generated content is provided without warranty of any kind. Safety Harmonics specifically disclaims any warranty that AI-generated synthesis narratives, RCA suggestions, learning proposals, or other AI outputs are accurate, complete, or suitable for clinical, operational, or legal decision-making.
14. Limitation of Liability
Exclusion of consequential damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF DATA, OR BUSINESS INTERRUPTION), ARISING FROM OR RELATED TO THESE TERMS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Aggregate liability cap. EXCEPT AS DESCRIBED BELOW, EACH PARTY'S TOTAL CUMULATIVE LIABILITY ARISING FROM OR RELATED TO THESE TERMS WILL NOT EXCEED THE GREATER OF (A) THE TOTAL FEES PAID BY CUSTOMER TO SAFETY HARMONICS IN THE 12 MONTHS PRECEDING THE CLAIM OR (B) US$[DECISION NEEDED: $10,000 (conservative) or $25,000 (recommended for enterprise credibility — see D-8)].
Exceptions to the cap. The aggregate liability cap does not apply to:
- Death or personal injury caused by a party's gross negligence;
- Fraud or willful misconduct;
- A party's indemnification obligations under Section 15;
- Breach of confidentiality obligations under Section 9;
- Customer's payment obligations;
- HIPAA breach notification costs and remediation expenses arising from Safety Harmonics' breach of its obligations under the Business Associate Agreement.
15. Indemnification
By Safety Harmonics. Safety Harmonics will defend Customer from and against any third-party claim alleging that the Service, as provided and used in accordance with these Terms, infringes any third party's patent, copyright, trademark, or trade secret. Safety Harmonics will pay resulting damages, settlements, and reasonable legal fees, provided Customer: (a) gives Safety Harmonics prompt written notice; (b) grants Safety Harmonics sole control of the defense; and (c) reasonably cooperates. If the Service becomes or is likely to become subject to an infringement claim, Safety Harmonics may at its option: modify the Service, obtain a license, or terminate Customer's access with a pro-rata refund of prepaid fees.
By Customer. Customer will defend Safety Harmonics from and against any third-party claim arising from: (a) Customer Data (including its collection, use, or processing in violation of applicable law); (b) Customer's violation of the Acceptable Use Policy; (c) Customer's violation of applicable law, including HIPAA or CJIS obligations; or (d) Customer's use of the Service in a manner not authorized by these Terms. Customer will pay resulting damages, settlements, and reasonable legal fees, subject to the same conditions (notice, control, cooperation) as Safety Harmonics' indemnification above.
16. Term and Termination
Term. These Terms commence on the date you first access the Service and continue until terminated.
Termination by Customer. Customer may terminate these Terms at any time by providing written notice. Termination does not entitle Customer to a refund of prepaid fees.
Termination by Safety Harmonics. Safety Harmonics may terminate these Terms:
- For cause, if Customer materially breaches these Terms and fails to cure the breach within 30 days of written notice;
- Immediately, for serious violations of the Acceptable Use Policy (e.g., uploading malware, attempting to breach the platform, unauthorized HIPAA data processing);
- Immediately, if Customer becomes insolvent, makes an assignment for the benefit of creditors, or is the subject of insolvency proceedings.
Effect of termination. On termination: (a) all licenses granted under these Terms terminate; (b) each party returns or destroys the other's Confidential Information (except as required by law); (c) Safety Harmonics provides Customer with the data export opportunity described in Section 4 (Deletion and Export). Sections 2, 4 (ownership and deletion), 9, 10, 13, 14, 15, 16, and 17 survive termination.
17. General Provisions
Governing law. These Terms are governed by the laws of the Commonwealth of Kentucky, without regard to its conflict of law provisions.
Dispute resolution. Any dispute arising out of or relating to these Terms will be resolved by litigation in the state or federal courts located in Woodford County, Kentucky. Each party consents to the personal jurisdiction of such courts and waives any objection to venue in such courts.
Changes to Terms. Safety Harmonics may modify these Terms by providing at least 30 days' advance written notice. Your continued use of the Service after the effective date constitutes acceptance. For material changes, you may terminate your subscription before the effective date and receive a pro-rata refund of prepaid fees.
Entire agreement. These Terms, together with any applicable Order Form, constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior and contemporaneous agreements, representations, and understandings. In the event of a conflict between these Terms and an Order Form, the Order Form governs.
Assignment. Neither party may assign these Terms without the other's prior written consent, except that Safety Harmonics may assign these Terms to a successor in connection with a merger, acquisition, or sale of all or substantially all of its assets. Any attempted assignment in violation of this provision is void.
Severability. If any provision of these Terms is held invalid or unenforceable, the remaining provisions continue in full force and effect. The invalid provision will be modified to the minimum extent necessary to make it enforceable.
Waiver. Failure by either party to enforce any provision of these Terms will not constitute a waiver of future enforcement of that provision.
Force majeure. Neither party is liable for delays or failures in performance resulting from causes beyond its reasonable control, including natural disasters, acts of government, labor disputes, or telecommunications failures. The affected party must provide prompt written notice and use reasonable efforts to minimize the impact.
Notices. Notices under these Terms must be in writing and delivered by email (with confirmation of receipt) or certified mail to the addresses on file for each party. Notices to Safety Harmonics should be sent to legal@safetyharmonics.com.
Relationship of the parties. The parties are independent contractors. Nothing in these Terms creates an employment, agency, partnership, or joint venture relationship.
No third-party beneficiaries. These Terms are for the benefit of the parties only and do not confer rights on any third party.
Export compliance. Customer agrees to comply with all applicable export control laws and regulations. Customer represents that it is not located in a country subject to a U.S. government embargo and is not on any U.S. government restricted parties list.
Exhibit A: Data Processing Agreement (DPA)
[PLACEHOLDER: Attach a GDPR-compliant DPA as Exhibit A. The DPA should address: subject matter and duration; nature and purpose of processing; categories of personal data and data subjects; processor obligations; sub-processor list and notification; international transfer mechanisms (SCCs); data subject rights assistance; security measures (TOMs); breach notification (72 hours to controller); audit rights; and return/deletion on termination. Reference Atlassian's public DPA as a structural model.]
Exhibit B: Business Associate Agreement (BAA)
[PLACEHOLDER: Attach a HIPAA-compliant BAA as Exhibit B. The BAA should be executed with every customer that is a Covered Entity or Business Associate under HIPAA. Key provisions: permitted uses and disclosures of PHI; safeguards; breach notification (60 days per HIPAA, best practice is 72 hours); sub-BAAs with Supabase, Clerk, and AWS; return or destruction of PHI on termination; survival of obligations. Reference ESO's BAA structure — they execute it as a standard exhibit with every EMS customer, not as an enterprise-only option.]