Terms of Service

1. About These Terms

These terms of service (“Terms”) are a legal agreement between you and Exora Health Pty Ltd (“Exora”, “we”, “us”, “our”). They govern your use of the Exora platform, including our mobile app and web app at app.exora.au (the “Service”).

By creating an account or using Exora, you agree to these Terms and our Privacy Policy. If you do not agree, do not use the Service.

These Terms supplement the Apple Standard End User License Agreement (EULA) for users who download Exora through the Apple App Store. If there is a conflict between these Terms and the Apple Standard EULA, the Apple Standard EULA takes precedence on licensing matters; these Terms apply to everything else.

2. Definitions

Health Data means medical documents you upload, the clinical information our AI extracts from them (conditions, medications, allergies, vital signs, lab results, procedures, immunizations), and any related data stored in your Exora account.

AI Processing means the use of artificial intelligence to extract, structure, organize, and summarize information from your uploaded documents and to power the AI chat assistant.

Profile means a health record identity within your account. You may have a profile for yourself and profiles for dependents you manage.

3. Who Can Use Exora

To create an Exora account, you must be at least 14 years old in Australia. If you are under 14, a parent or guardian can manage your health records through a dependent profile on their account.

Minimum age requirements may differ in other jurisdictions as required by local law.

You must provide accurate information when creating your account. You may only create one account per person.

4. Your Account

You are responsible for keeping your login credentials, PIN, and biometric access secure. Do not share your account with others.

If you use PIN or biometric unlock, anyone with access to your device and your PIN (or registered biometrics) can access your Exora data. Take appropriate care when using shared devices.

You are responsible for all activity under your account, including activity by anyone you allow to use your device.

If you suspect unauthorized access to your account, contact us promptly at hello@exora.au. We may suspend accounts we reasonably believe are compromised to protect your data.

5. What Exora Does

Exora is a personal health data management tool. It lets you:

• Upload medical documents and have them processed by AI to extract, structure, and organize your health information
• Use an AI chat assistant to understand and navigate your health records
• Manage health profiles for yourself and dependents
• Share health information with people you choose, under your control

Exora is not a healthcare provider, medical device, or clinical decision support system. It is not a replacement for your doctor, pharmacist, or any healthcare professional. It is not an electronic health record system (like My Health Record) - it is a personal tool you control.

Exora is under active development. We regularly add features and improve existing ones. Some features described in our documentation may not yet be available.

6. Medical Disclaimer

This is important. Please read it carefully.

Exora is a personal health data management tool. It is not a medical device, healthcare provider, or clinical decision support system. Exora is not registered with the Therapeutic Goods Administration (TGA) as a therapeutic good or medical device.

Information in Exora - including AI-extracted data, medical codes, summaries, data quality indicators, and chat assistant responses - is for personal reference and record-keeping only. It does not constitute medical advice, diagnosis, or treatment. It is not a substitute for professional medical judgment.

Always consult a qualified healthcare professional for medical decisions. You are responsible for your own health decisions. Do not delay seeking medical advice because of information in Exora.

In a medical emergency, call 000 (Australia) or your local emergency number immediately. Do not use Exora or the chat assistant to seek emergency medical advice.

7. AI Processing and Accuracy

Exora uses two AI systems with different characteristics:

Document processing pipeline. When you upload a document, our AI reads it and extracts structured health information. This automated process may contain errors, omissions, or misinterpretations. Medical code assignments (SNOMED, LOINC, RxNorm) are AI-generated suggestions, not clinician-validated diagnoses or codes. Data quality indicators in the app reflect processing confidence, not clinical accuracy.

AI chat assistant. The chat assistant uses large language models to answer questions about your health data. Responses are AI-generated and may be inaccurate, incomplete, or contain errors. The assistant cannot examine you, access information outside your Exora records, or replace a healthcare provider.

Known limitations. You should be aware that:

• AI extraction may miss information, misinterpret handwriting, or misattribute data between encounters
• Medical code assignments are AI-generated suggestions, not clinician-validated
• Chat assistant responses may be inaccurate, incomplete, or fabricated
• AI cannot access information outside your uploaded documents

You should verify extracted information against your source documents, especially before sharing it with a healthcare provider.

If you believe any AI-extracted data is incorrect, you can edit or delete it directly in the app, or contact us for assistance.

We may update, change, or replace the AI models and providers we use to improve the Service. Changes will not reduce the privacy protections described in our Privacy Policy.

8. Your Health Data

You own your data. Specifically:

• Documents you upload - your medical records, photos, and files belong to you
• AI-extracted data - the structured health information extracted from your documents (conditions, medications, vitals, lab results, and so on) belongs to you. It was created from your documents, for your benefit
• Chat responses - conversational responses generated about your health data belong to you

We assign to you all our right, title, and interest, if any, in AI-generated output derived from your data.

Your data is never used to train AI models. Your health data is processed by third-party AI providers solely to return results to you. We may use multiple providers and may change providers based on quality, reliability, and cost. Our current providers are listed in Section 14 and in our Privacy Policy (Section 5). Under their commercial API terms, these providers do not use your data for AI model training. We do not use your health data to train or improve any AI models, including our own.

You can export your data. To request a full copy of your personal information, contact us at hello@exora.au. We will respond within 30 days. See our Privacy Policy (Section 10) for details.

You can delete your data at any time. You can delete individual records within the app, or delete your entire account from Settings. See Section 18 (Termination) and our Privacy Policy (Section 8) for details.

We do not sell, license, or commercially exploit your individual health data.

9. Your Responsibilities

When you use Exora, you agree to:

• Upload your own documents. Only upload medical records that belong to you, or that you have legal authority to upload (for example, records for a child you are responsible for)
• Keep your account secure. Do not share your PIN, biometric access, or login credentials
• Verify important information. Review AI-extracted data against your source documents, particularly before sharing it with others or relying on it for health decisions
• Not rely on Exora in emergencies. In a medical emergency, call 000 (Australia) or your local emergency number
• Manage profiles responsibly. If you manage profiles for dependents, you are responsible for the accuracy of information you provide and for managing access appropriately

These are reasonable expectations, not onerous obligations. We do not expect you to verify every data point the AI extracts.

10. Prohibited Uses

You must not:

• Use Exora for any illegal purpose
• Upload medical records belonging to someone else without their consent or legal authority
• Use Exora to impersonate a healthcare provider or misrepresent your identity
• Attempt to gain unauthorized access to other users’ data or our systems
• Use the AI chat assistant to seek emergency medical advice instead of calling 000
• Attempt to manipulate AI processing to generate false medical records or fraudulent documentation
• Use exported data to misrepresent your health status
• Scrape, bulk download, or use automated tools to access the Service in ways that could degrade it for other users
• Reverse-engineer, decompile, or attempt to extract the source code of the Service
• Use the Service in any way that interferes with other users or our infrastructure

We may suspend or terminate your account if you breach these terms. See Section 18.

11. Profiles and Sharing

Profiles. Your account may contain multiple profiles: one for you and additional profiles for dependents (such as children in your care). As the account holder, you are responsible for all profiles you create and manage.

Dependent profiles. When you create a profile for a dependent, you represent that you have legal authority to manage their health information (for example, as a parent or guardian). When a dependent reaches the minimum age for an independent account, you should work with them to transition the profile to their own account.

Sharing. You control who can access your health data and what they can see. You can revoke sharing access at any time. When you revoke access, the other party’s access ends immediately.

For details on how shared data is handled, see our Privacy Policy (Section 5).

12. Privacy and Data

Our Privacy Policy explains how we collect, use, store, and protect your personal information. It is part of these Terms by reference.

Key points relevant to these Terms:

• Your health data is stored in Australia (Sydney data centres)
• AI processing may involve overseas services (our current providers are headquartered in the United States - see Section 14 and our Privacy Policy for the full list)
• We do not use advertising cookies, tracking pixels, or cross-site tracking
• We do not currently use analytics or crash reporting tools

If there is any inconsistency between these Terms and the Privacy Policy on a privacy matter, the Privacy Policy takes precedence.

13. Intellectual Property

Our property. The Exora app, its design, code, AI pipeline, and documentation are owned by Exora Health Pty Ltd and protected by copyright and other intellectual property laws. You may not copy, modify, or distribute our app or any part of it.

Your property. You own your uploaded documents and the health data extracted from them (see Section 8). By uploading documents to Exora, you grant us a limited licence to process, store, and display your content solely to provide you with the Service. This licence ends when you delete your data or your account.

Medical codes. Medical code systems used in the app (SNOMED CT, LOINC, RxNorm, CVX) are owned by their respective organizations and used under licence. These codes are displayed in your records for informational purposes.

14. Third-Party Services

Exora relies on third-party services to operate. These include:

• Google AI (Gemini) - document processing, AI chat, and voice
• Anthropic (Claude) - document processing and AI chat
• OpenAI - document processing and AI chat
• Supabase - database and file storage (Sydney, Australia)
• Google Cloud Platform - document processing infrastructure (Sydney, Australia)
• ConnectID - identity verification (if you choose to use it)

We may change, add, or remove AI providers based on quality, reliability, and cost. Changes to AI providers that alter the countries where your data is processed will be treated as material changes under Section 19.

These providers process your data under their own terms and privacy policies. Our Privacy Policy (Section 5) lists all current providers and explains what data each receives.

We are not responsible for the practices of third-party services, but we select providers that meet appropriate security and privacy standards, and we remain accountable under the Privacy Act for how your data is handled (see Privacy Policy, Section 6).

15. Service Availability and Warranty

We aim to keep Exora available and working well, but we cannot guarantee uninterrupted access.

To the maximum extent permitted by law, the Service is provided “as is” and “as available” without warranties of any kind, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

This warranty disclaimer is subject to Section 16 (Consumer Guarantees). It does not affect your statutory rights under Australian law.

We may need to interrupt the Service for maintenance, updates, or to address security issues. Where reasonably possible, we will provide advance notice of planned interruptions.

We may modify, suspend, or discontinue features with reasonable notice (see Section 19 for material changes).

16. Consumer Guarantees

Our services come with guarantees that cannot be excluded under the Australian Consumer Law. Nothing in these Terms excludes, restricts, or modifies consumer guarantees or rights under the Competition and Consumer Act 2010 (Cth) or any equivalent state or territory legislation.

If our services fail to meet a consumer guarantee, you are entitled to the remedies available under that law.

This section applies even though Exora is currently free to use.

17. Limitation of Liability

Subject to Section 16, and to the maximum extent permitted by law:

Our total liability to you for any claims arising from or related to these Terms or your use of the Service is limited to the greater of: (a) the amount you paid us in the 12 months before the claim arose, or (b) AUD $100, or (c) the minimum amount required by applicable law.

We are not liable for:

• Indirect, incidental, special, or consequential damages
• Loss of profits, data, or business opportunity
• Damages arising from your reliance on AI-generated content
• Actions or omissions of third-party service providers

We do not exclude or limit liability for:

• Consumer guarantees under the Australian Consumer Law (Section 16)
• Death or personal injury caused by our negligence
• Fraud or wilful misconduct

Each limitation in this section reflects an agreed allocation of risk between you and us. This allocation is an essential element of these Terms.

18. Termination

You can leave at any time. You can delete your account from Settings at any time. When you delete your account:

• Your profiles and health data become inaccessible immediately
• Active shares and invitations are revoked immediately
• You have 30 days to reactivate by signing back in
• After 30 days, permanent data deletion begins

See our Privacy Policy (Section 8) for full details on data retention after account deletion.

Data export. You can request a copy of your data by emailing hello@exora.au. This is currently a manual process with a 30-day turnaround - there is no automated export button. If you request a data export during the 30-day recovery window after account deletion, we will not permanently delete your data until the export is fulfilled or you confirm you no longer need it.

We may terminate your access if you materially breach these Terms and do not remedy the breach within a reasonable time after we notify you, or if you engage in illegal activity, or if we are required to do so by law.

We may discontinue the Service with at least 90 days advance notice, unless discontinuation is required by law, regulation, or to address a security vulnerability, in which case we will provide as much notice as reasonably practicable. Before discontinuation, we will give you the opportunity to export your data.

What survives termination. Sections 6 (Medical Disclaimer), 8 (Your Health Data), 13 (Intellectual Property), 16 (Consumer Guarantees), 17 (Limitation of Liability), 20 (Disputes and Governing Law), and 21 (General) continue to apply after these Terms end.

19. Changes to These Terms

We may update these Terms to reflect changes in our practices, features, or legal requirements.

Material changes (changes to data handling, liability, AI processing scope, pricing, or your rights): We will give you at least 14 days advance notice via email and in-app notification. Material changes require you to actively accept the updated Terms to continue using the Service. If you do not accept within 30 days of the notice, your account continues under the previous Terms during a grace period, after which you may delete your account and export your data. We will not lock you out without giving you time to retrieve your data.

Non-material changes (clarifications, formatting, correcting errors): These take effect on posting. We will note the change in the version history.

Updated Terms apply from their effective date forward, not retroactively.

We maintain a version history of these Terms. Previous versions are available on request by contacting hello@exora.au.

20. Disputes and Governing Law

These Terms are governed by the laws of Australia. The courts of Australia have non-exclusive jurisdiction over any disputes arising from these Terms.

If you have a complaint:

1. Contact us. Email hello@exora.au. We will acknowledge your complaint within 5 business days
2. Investigation. We will investigate and aim to resolve your complaint within 30 days. If we need more time, we will let you know
3. Escalation. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) for privacy matters, or take action under the Australian Consumer Law

Nothing in these Terms limits your right to make a complaint to a regulator or to take legal action.

21. General

Force majeure. Neither party is liable for failure to perform obligations due to circumstances beyond reasonable control, including natural disasters, infrastructure outages, government orders, or pandemic.

Assignment. We may assign these Terms in connection with a merger, acquisition, or corporate restructure, provided the assignee agrees to honour these Terms. We will notify you of any assignment. You cannot assign your account or rights under these Terms without our consent.

Entire agreement. These Terms and our Privacy Policy constitute the entire agreement between you and Exora regarding the Service. No verbal promises or other documents apply unless explicitly referenced.

Severability. If a court finds any part of these Terms invalid or unenforceable, that part is modified to the minimum extent necessary; the remaining Terms continue in full force.

Notices. We may send you notices via email to the address on your account, or via in-app notification. You can contact us at hello@exora.au.

Waiver. If we do not enforce a term in a particular instance, that does not mean we waive our right to enforce it in the future.

Indemnification. You agree to indemnify us against claims arising from your breach of these Terms or your deliberate misuse of the Service. This does not require you to cover liability for our own negligence.

22. Contact Us

Exora Health Pty Ltd
ABN 16 690 025 462

Email: hello@exora.au

For questions about these Terms, contact us at the email address above.

See also our Privacy Policy for details on how we handle your data.

These Terms of Service are governed by the laws of Australia.