These Terms of Service (“Terms”) govern your use of the DisabilityProAI platform. By creating an account or using our Service, starting checkout, or clicking “I agree,” you agree to be bound by these Terms, our Privacy Policy, and any Data Processing Agreement presented during onboarding or subscription checkout.
1. Who We Are
DisabilityProAI is operated by Canary Doctor LLC, a Maryland limited-liability company, 350c Fortune Terrace #227, Potomac MD 20854 (“we,” “our,” “us”). Questions? info@disabilityproai.com
2. What We Do
We provide a web platform that lets U.S. attorneys upload medical records and receive AI-generated text summaries and Word documents (“Service”).
3. Who May Use the Service
U.S.-based, licensed attorneys 18 or older.
By creating an account, continuing with OAuth, starting subscription checkout, or clicking “I agree,” you accept these Terms, our Privacy Policy, and any Data Processing Agreement presented in the onboarding flow.
4. Your Account
- One account per attorney; keep credentials confidential.
- Authentication: e-mail/password or magic link.
- We may suspend or close accounts for non-payment, misuse, or legal risk.
5. Your Uploads & Our License
You own all medical records and other material you upload (“User Content”).
License: You give us and our subprocessors (e.g., Google / Vertex AI) a limited, revocable license only to process User Content as needed to provide, secure, support, and maintain the Service. We do not train foundation models or customer-specific AI models on User Content.
You promise you have the right to upload the records and that doing so will not violate HIPAA, copyright, or other laws.
6. Outputs
AI summaries may contain errors (“hallucinations”). They are not legal advice, medical advice, or guaranteed accurate. You must review and verify all results before relying on them.
Data Processing Agreement
Our standard Data Processing Agreement applies when we process Customer Content on behalf of a law-firm customer and the DPA is presented through onboarding, checkout, an order form, or another written process. The DPA covers processing purposes, data categories, subprocessors, security measures, deletion, incident notice, customer instructions, and our no-model-training commitment.
The complete current DPA is fully visible on the Security page, with a signed PDF copy available for download.
We do not sell Customer Content or Personal Data. We do not share Customer Content for cross-context behavioral advertising, marketing, or unrelated third-party use. Our subprocessors process Customer Content only as needed to provide, secure, support, maintain, bill for, or legally operate the Service.
| Subprocessor | Purpose |
|---|---|
| Vercel | Application hosting, edge routing, TLS termination, firewall/rate-limit controls, and deployment logs. |
| Supabase | Postgres database, authentication, private storage, pgvector retrieval, and operational logs. |
| Google Cloud Run processing, Cloud Tasks queueing, Cloud Storage, Vertex AI OCR/embeddings/document analysis, report/PDF generation, and Gmail SMTP service emails. | |
| Stripe | Payments, subscriptions, invoices, checkout, webhook events, billing metadata, and legal-acceptance metadata. |
| Slack | Internal operational notifications, security/error alerts, signup/subscription notices, and workflow status notices where enabled. |
Security measures include encryption in transit for application traffic and backend service calls using HTTPS/TLS or authenticated TLS-protected service connections, managed encryption at rest for primary cloud data stores and object storage, authentication, server-side ownership checks, rate limits, security headers, and production change controls.
We will notify the customer within five business days after confirming a Security Incident affecting Customer Content, where legally or contractually required.
The Service is intended only for customers and authorized users located in the United States and for United States disability-law workflows. You may not use the Service for non-U.S. customers, non-U.S. authorized users, or processing that would require us to comply with non-U.S. privacy, data-protection, or international-transfer regimes unless we expressly agree in writing before such use.
A Business Associate Addendum is separate from the DPA and is available only on request for approved HIPAA-regulated workflows that require business associate terms.
7. Fees, Billing & Refunds
| Item | Details |
|---|---|
| 14-day free trial | New subscribers receive 14 days of free platform access. Cancel anytime during the trial to avoid charges. |
| Subscription | Monthly, auto-renews until cancelled in the dashboard. No refunds after the 14-day free trial period. |
| Usage credits | Pay-as-you-go, non-refundable, charged separately from subscription. |
| Non-payment | Immediate service suspension. We bill through Stripe; we don’t store card numbers. |
8. Acceptable Use
You agree not to:
- Upload unlawful, infringing, or malicious content.
- Attempt to reverse-engineer or abuse the platform or the underlying AI APIs.
- Violate anyone’s privacy rights or professional-confidentiality duties.
9. Intellectual-Property Rights
All platform software, logos, and the name “DisabilityProAI” belong to us. You get a non-exclusive, revocable right to use the Service for your own legal practice.
10. Disclaimers & Liability Cap
AS IS. We make no warranties that the Service is error-free, uninterrupted, or fit for any particular purpose.
AI limitations. Outputs are probabilistic and may be wrong.
Liability cap: Our total liability is limited to the fees you paid us in the 12 months before the claim arose. We are not liable for consequential or indirect damages.
11. Indemnity
You will defend and indemnify us against claims arising from (i) your User Content, (ii) your breach of these Terms, or (iii) your violation of law.
12. Dispute Resolution
Binding arbitration administered by AAA under its Commercial Rules in Montgomery County, Maryland. No class actions. Maryland law governs, without regard to conflict-of-laws rules.
13. Force Majeure
We are not liable for events beyond our reasonable control (e.g., cyber-attacks, outages, natural disasters).
14. Termination & Data Deletion
You may close your account at any time. We delete account data according to our then-current retention policy unless required by law to keep it longer.
15. Automatic Case Deletion
Our current standard policy is that uploaded case files, generated reports, and associated case content are automatically and permanently deleted 30 days after the case is created. This includes raw PDF uploads, OCR text, AI-generated summaries, and any intermediate processing data. Billing and usage records are retained for accounting purposes.
You are responsible for downloading any reports or documents you wish to retain before the 30-day period expires. We provide countdown indicators in the dashboard to help you track approaching deletion dates. Once deleted, case data cannot be recovered. We may update the retention period prospectively through updated Terms, a written customer agreement, or an enterprise configuration.
16. Changes to These Terms
We may update these Terms by posting a new version and emailing you. Changes take effect 30 days after notice; continued use means you accept the update.