Terms of Service

The Leafjourney platform is licensed for use by clinicians, staff, and patients of authorized practices. Users are strictly prohibited from reverse-engineering, decompiling, or disassembling the software; using it to build a competing electronic medical record system or marketplace; or sharing login credentials with unauthorized personnel.

You may not scrape, exfiltrate, or attempt to bulk-export Protected Health Information (PHI) outside the export pathways that Leafjourney provides. You may not interfere with the integrity or performance of the Service or attempt to circumvent the authentication, scope, or audit controls that protect it.

Leafjourney and the practice user agree to strict adherence to the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), and any state-specific privacy laws applicable to the practice's jurisdiction.

Practices acting as Covered Entities must execute a separate Business Associate Agreement (BAA) with Leafjourney that defines how Protected Health Information is created, received, maintained, or transmitted on the practice's behalf. The BAA controls in the event of a conflict between it and these Terms.

Leafjourney owns the platform, its source code, and all associated intellectual property. The practice retains ownership of all Client Data, including patient records, clinical notes, and outcomes data created within the Service.

The practice may export Client Data at any time during the contract term, in industry-standard formats (CSV, FHIR R4, and JSON bundles). Leafjourney is granted a perpetual, royalty-free license to use de-identified, aggregated data for benchmarking, quality improvement, and research, in accordance with the HIPAA Safe Harbor de-identification standard.

Leafjourney is a clinical workflow tool. It is not a medical device, and it is not a substitute for the professional judgment of a licensed clinician. Clinical decisions — including diagnoses, treatment plans, and prescribing — remain the sole responsibility of the treating provider.

To the maximum extent permitted by law, Leafjourney disclaims liability for medical errors, diagnostic inaccuracies, third-party content, and Service interruptions. Aggregate liability under these Terms is limited to fees paid in the twelve months preceding the event giving rise to the claim.

Either party may terminate the contract for convenience with ninety (90) days' written notice. Either party may terminate immediately for material breach if the breach is not cured within thirty (30) days of written notice.

Upon termination, the practice will have a thirty (30) day window to retrieve Client Data before access is removed. Following the export window, Leafjourney will retain Client Data only as required by HIPAA recordkeeping requirements (six years, where applicable) and will then securely destroy it.

The practice is responsible for verifying the accuracy of patient information, including but not limited to medication lists, allergies, problem lists, immunization records, and demographic data. Leafjourney provides tools — including AI-generated drafts — to assist with documentation and reconciliation, but every entry that affects care must be reviewed and signed by an authorized clinician before it becomes part of the record.

The practice must obtain all legal authorizations from patients required to use a digital platform on their behalf and to share their PHI with downstream systems Leafjourney integrates with (e.g., laboratories, pharmacies, dispensaries, payers). Leafjourney provides consent-capture tooling but is not the consent-holder.

Leafjourney commits to commercially reasonable administrative, physical, and technical safeguards, including encryption of PHI in transit and at rest, scoped API keys, multi-factor authentication for clinician accounts, and an immutable audit log of access to patient records.

The practice is responsible for operational safeguards on its side: logging out of shared terminals, securing printed records, training staff on phishing and social engineering, and promptly disabling accounts of departing personnel.

Leafjourney may update these Terms from time to time. Material changes will be communicated via the operator admin panel and via email to the practice's designated contact. Continued use of the Service after the effective date of an update constitutes acceptance.

Questions or concerns about these Terms may be directed to neal@leafjourney.com and scott@leafjourney.com.