Terms & Conditions

These Terms of Service ("Terms") govern your use of the EMMS mobile application and related services ("EMMS," "the app," "the service") operated by Clean Slate Data Inc., a company incorporated in British Columbia, Canada. By downloading, installing, or using EMMS, you agree to these Terms.

1. Intended Use

EMMS provides end-to-end encrypted messaging and file sharing for licensed healthcare professionals in Canada. The app is a secure communication tool — it is not an electronic medical record (EMR) or long-term storage system. You are responsible for ensuring that clinically relevant information is documented in your official medical record systems.

EMMS is not intended for emergencies, urgent triage, or time-critical communication. Do not use it as the sole basis for clinical decision-making.

2. Eligibility

By using EMMS, you confirm that you:

• Hold current professional licensure or registration in Canada.
• Will use the app only in a professional capacity for healthcare communication.
• Will comply with all applicable provincial and territorial privacy and confidentiality obligations.

Account access is based on your mobile number and verification codes. We do not independently verify your licence; you are responsible for accurately representing your identity and professional status.

3. Encryption and Security Architecture

Messages and files are end-to-end encrypted between devices. Encryption keys are generated and stored on your device — our servers cannot decrypt message or file contents ("zero-knowledge" architecture).

When a recipient does not have the app, EMMS creates a time-limited encrypted secure link and opens your phone's default messaging app with the link pre-filled. You send it yourself through your own carrier — EMMS does not send SMS on your behalf. Access to the linked files is protected by a secure access code and device-based decryption. Secure links are encrypted end-to-end.

Group messages and files are encrypted and delivered to all group members. All members of a group can see messages, files, and sender information shared within that group.

4. Ephemeral Storage and Retention

• Message attachment files are deleted from our servers upon read confirmation. Message records are removed from our servers within 6 hours of confirmed local delivery.
• Unopened in-app messages are automatically deleted from servers after 30 days. SMS secure links and their associated files are removed after 7 days.
• On-device data is encrypted and may be configured to auto-delete after a set period (for example, 1 day or 7 days).
• Due to the zero-knowledge architecture, deleted data cannot be recovered by us or by you. There is no backup, cloud sync, or restore capability. This is by design.

5. Subscription and Payment

Access to EMMS requires an active subscription, managed through the Apple App Store or Google Play Store. A 14-day free trial is available for new users.

• The subscription title is "EMMS Monthly". Payment is charged to your Apple ID or Google Play account at confirmation of purchase, at the price displayed at point of sale.
• Your subscription automatically renews unless auto-renew is turned off at least 24 hours before the end of the current period. Your account will be charged for renewal within 24 hours prior to the end of the current period, at the same rate.
• You can manage or turn off auto-renew in your device's account settings (App Store or Google Play) at any time after purchase.
• Subscription fees, billing cycles, and cancellation are governed by the applicable store's terms. We do not process payments directly.
• Subscription entitlements are verified through RevenueCat, a third-party subscription management service. RevenueCat receives anonymized identifiers and purchase events only — no message content or patient data.
• You may cancel at any time during the trial at no cost.
• Cancelling your subscription may result in loss of access to messaging features. Local encrypted data remains on your device until retention policies or security events remove it.

6. Usage Limits

• In-app messages and uploads: no monthly cap. Per-file size limits: images and documents up to 10 MB; videos up to 75 MB.
• SMS secure links: up to 250 sends per user per month.
• Limits may be adjusted to protect service stability, prevent abuse, or comply with carrier or regulatory requirements.

7. SMS Delivery and Consent

By sending a secure link via SMS through your phone's native messaging app, you confirm that the recipient has consented to receive SMS communications or that you otherwise have legal authority to contact them. The secure link is sent by you through your own carrier — EMMS does not send the initial SMS on your behalf. When the recipient opens the secure link, their phone number is transmitted to our SMS provider (Twilio) solely for delivering the one-time verification code. The SMS provider does not receive message contents, file data, or patient clinical details.

Standard carrier SMS/MMS rates may apply. Links are time-limited and may be rate-limited or blocked in cases of suspected abuse.

8. Device Security

• You must set up App Lock (PIN and/or biometrics) at first use.
• Your account is linked to one device at a time. Signing in on a new device signs you out of the previous device and may trigger removal of locally stored encrypted data.
• Local encrypted data may be automatically deleted if a security event is detected, including: signing in on a different device, server-side session revocation, prolonged failure to re-authenticate, or a device integrity check failure.
• Automatic data removal is a security safeguard and cannot be reversed.

9. Privacy and Data

Our Privacy Policy describes how we handle information. Key points:

• All messages and files are encrypted end-to-end. We cannot access their content.
• We do not store your phone number in plain text. Communication is routed via hashed identifiers.
• App data is not shared with other apps or backed up to iCloud, iTunes, or Google Cloud.
• Core data processing and storage occur within Canada. Certain platform services required for app delivery — including push notification infrastructure and SMS delivery — operate through third-party providers whose infrastructure may extend beyond Canada. These services receive only the minimum technical metadata required for delivery and never receive message or file contents.
• Subscription entitlements are verified through RevenueCat, a third-party subscription management service. RevenueCat receives anonymized identifiers and purchase events only — no message content or patient data.
• We do not use your content for advertising or third-party marketing.

10. Calls

The app offers encrypted in-app voice calls over your internet connection (Wi-Fi or mobile data).

• Calls use WebRTC with DTLS-SRTP encryption. Audio is transmitted peer-to-peer whenever possible, or relayed through a secure TURN server when a direct connection cannot be established. Relayed audio remains encrypted and is never stored or inspected by the relay server.
• Calls are not recorded, transcribed, or stored by the app or its servers. A brief call log entry (direction, duration, peer identifier) is saved locally on your device for your reference only.
• In-app calls require an active internet connection and a valid subscription. Standard data charges from your internet provider may apply.
• Microphone access is required for calls. You can manage this permission in your device settings at any time.

11. Audit Logs and Metadata

• To support security, abuse prevention, and reasonable audit requirements, we may store limited metadata — for example, sender and recipient identifiers (hashed), timestamps, message/file event type, and a hashed device identifier.
• Audit logs do not include message or file contents and are stored separately from encrypted data.
• Audit metadata may be used to investigate security incidents, abuse, or legal requests where required by applicable law.

12. Contact Us (Support Tickets)

• Support messages and tickets are stored securely for troubleshooting, audit, and safety purposes.
• Deleting a local conversation does not delete server-side support tickets or history.
• Support is not for emergencies.
• Authorized staff may review support messages for quality, safety, and security purposes.
• Do not include patient identifiers or detailed protected health information in support requests. Use initials or non-identifiable descriptions where possible.
• Aggregated, de-identified metrics from support interactions may be used to improve the service.
• Support data retention follows our policies and applicable law; deletion requests may be limited by legal obligations.

13. Professional Profile

• Maintain accurate profile details (for example, full name, specialty, hospital/clinic) so colleagues can reliably identify you.
• Your registered cell phone number is visible to colleagues you communicate with and is used as your primary identifier within the app. Completing your profile (name, specialty, etc.) provides additional context but does not hide your number from contacts.
• Your cell number is not sold or used for marketing. It may be shared with our SMS delivery provider (for example, Twilio) solely to deliver verification codes to recipients, and with push notification services (Apple/Google) as part of standard notification delivery. See our Privacy Policy for full details.
• Misrepresentation or use of false information may result in suspension or loss of access.

14. Clinical Limitations

• The app is not a substitute for official medical record systems and does not replace your legal obligation to maintain accurate clinical records.
• The app is not for emergencies, urgent triage, or time-critical communication. Do not use it as the sole basis for clinical decision-making.
• You remain responsible for verifying information received and for your clinical decisions and documentation.

15. App Lock and Authentication

• You must set up App Lock (PIN and/or biometrics) at first use and re-authenticate after periods of inactivity and before sensitive actions such as sending files or viewing attachments.
• Manage App Lock in Settings → Security.
• You are responsible for securing your device, including enabling device-level passcodes. If your device is lost or stolen, sign in to EMMS on another device immediately — this automatically logs out the lost device and triggers removal of its local data. If you do not have access to another device, contact support with your Unique ID (found in Settings → Profile) to request a remote session revocation.

16. Single-Device Sign-in and Remote Wipe

• Your account is linked to one device at a time to reduce risk if a device is lost or stolen.
• Signing in on a new device signs you out of the previous device and may trigger removal of locally stored encrypted data on the previous device.
• You may be asked to re-accept these Terms and reconfigure App Lock on a new device.
• Local encrypted data may be automatically deleted if a security event is detected, including: signing in on a different device, server-side session revocation, prolonged failure to re-authenticate, or a device integrity check failure.
• Automatic data removal is a security safeguard and cannot be reversed. Once deleted, local messages and files cannot be recovered from the device or from our servers.
• You are responsible for ensuring clinically relevant information is documented in your official records before it is removed by retention policies or security events.

17. Acceptable Use

You agree to use EMMS lawfully and professionally, with appropriate consent from patients and recipients where required. You will not use the app for spam, harassment, unauthorized access, or any activity that violates professional or legal obligations. Misuse may result in suspension or termination of access.

18. Copying, Sharing, and Resending

Copying or sharing information outside the app (for example, via screenshots or file export) is technically possible but strongly discouraged due to patient confidentiality risks. You must ensure any information you export complies with applicable privacy regulations. Clean Slate Data Inc. is not liable for data breaches or misuse resulting from external sharing or poor device security practices.

19. Service Availability

The service is provided on an "as is" and "as available" basis without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, or non-infringement.

We strive for reliability but do not guarantee uninterrupted or error-free operation. Services may be modified, suspended, or discontinued for security, maintenance, legal, or performance reasons.

We do not offer any service level agreement (SLA). Scheduled or unscheduled downtime, service interruptions, or degraded performance do not entitle you to refunds, credits, or compensation of any kind.

We are not liable for any failure or delay in performance resulting from causes beyond our reasonable control, including but not limited to: natural disasters, pandemics, government actions, internet or telecommunications outages, cyberattacks, third-party service failures (including Apple, Google, Twilio, or hosting providers), power outages, or acts of war or terrorism.

20. Limitation of Liability

To the maximum extent permitted by law, we are not liable for any direct, indirect, incidental, consequential, or special damages arising from use of the app. This includes loss of data, breaches of confidentiality, or misuse of information resulting from your external sharing, your device security, or third-party services beyond our control.

In any event, our total aggregate liability to you for all claims arising out of or relating to the use of the service shall not exceed the amount you paid to us (through the applicable app store) in the twelve (12) months preceding the claim.

While the app is designed with privacy as a priority and aligned with Canadian privacy legislation, no warranty of full regulatory compliance is expressed or implied. Use is at your own professional risk.

21. Indemnification

You agree to indemnify, defend, and hold harmless Clean Slate Data Inc., its officers, directors, employees, and agents from any claims, damages, losses, or expenses (including reasonable legal fees) arising from: (a) your use or misuse of the service; (b) your violation of these Terms; (c) your violation of any third-party rights, including patient privacy rights; or (d) any content you transmit through the service.

22. Governing Law

These Terms constitute an agreement between you and Clean Slate Data Inc., a company incorporated in British Columbia, Canada.

These Terms are governed by the laws of British Columbia and the applicable laws of Canada. Disputes are heard exclusively in the courts of British Columbia (Vancouver, BC), and you consent to jurisdiction and venue.

23. Changes to These Terms

We may update these Terms from time to time. Material changes will require you to review and re-accept the updated Terms within the app before continuing to use the service.

24. General

• If any provision of these Terms is found to be unenforceable or invalid by a court of competent jurisdiction, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.
• Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision.
• These Terms, together with the Privacy Policy, constitute the entire agreement between you and Clean Slate Data Inc. regarding your use of the service and supersede any prior agreements or understandings.

25. Contact

For questions about these Terms, contact us within the app via Settings → Contact Us, or email:

EMMS is operated by Clean Slate Data Inc., a company incorporated in British Columbia, Canada.