Terms of Service
UPStandards LLC Platform Terms
These Terms of Service ("Terms") govern access to and use of the UPStandards software-as-a-service platform, website, applications, documentation, interfaces, AI-assisted drafting/report features, and related services (collectively, the "Services") provided by UPStandards LLC, a California limited liability company ("UPStandards," "we," "us," or "our").
These Terms are intended for organizational customers and their authorized workforce users. The Services are not directed to patients, consumers, or members of the public seeking medical, behavioral-health, legal, accreditation, emergency, or crisis advice.
1. Acceptance and Relationship to Customer Agreements
By accessing or using the Services, creating an account, accepting an Order Form, clicking acceptance, or using the Services on behalf of an organization, you agree to these Terms and represent that you have authority to bind the organization you represent. If you do not have that authority, you may not use the Services on behalf of that organization.
If a customer has executed a Master Subscription Agreement, Order Form, Business Associate Agreement, Data Processing Addendum, Statement of Work, or other written agreement with UPStandards, that written agreement controls to the extent it conflicts with these Terms. These Terms supplement the customer agreement by governing platform access, user conduct, online use, acceptable use, disclaimers, and operational rules.
2. Intended Users; No Patient-Facing Use
The Services are intended for behavioral health organizations, outpatient programs, partial hospitalization programs, residential programs, substance use treatment programs, compliance personnel, facility personnel, clinical supervisors, reviewers, administrators, and other authorized workforce users of organizational customers.
Patients, clients, family members, emergency contacts, and consumers should not rely on the Services for care, diagnosis, treatment, crisis response, patient communication, or health record access. Customers remain solely responsible for patient-facing communications, medical records, treatment decisions, patient rights, and notices of privacy practices.
3. What UPStandards Does and Does Not Do
UPStandards supports accreditation-readiness and compliance-administration workflows, including facility compliance rounds, chart-audit tracking, policy and procedure management, environment-of-care findings, Q15 observation workflow support, restraint and seclusion documentation workflow support, risk scoring, reviewer notes, and survey-readiness reporting.
UPStandards is not an electronic health record, designated record set, patient portal, emergency service, clinical documentation system, diagnosis tool, treatment-planning platform, billing platform, utilization-management system, legal-advice platform, accreditation-body representative, or substitute for professional judgment. Customer remains responsible for all clinical, legal, regulatory, accreditation, Part 2, patient-consent, recordkeeping, reporting, and provider obligations.
4. Account Registration and Authorized Users
Customers and Authorized Users must provide accurate account information, maintain current contact information, and keep account credentials confidential. Customer is responsible for all activity occurring through its accounts and for ensuring that Authorized Users comply with these Terms and all customer agreements.
Customer must promptly disable access for workforce members who no longer require access, who leave Customer organization, or whose access creates a security or compliance risk. UPStandards may suspend or restrict access if it reasonably believes credentials are compromised, use is unauthorized, or continued access could create legal, security, privacy, or operational risk.
5. Permitted Use
Subject to these Terms and any applicable customer agreement, UPStandards grants authorized organizational users a limited, non-exclusive, non-transferable, revocable right to access and use the Services during the applicable subscription term solely for Customer internal accreditation, compliance, audit, facility-rounds, policy-management, survey-readiness, and related administrative workflows.
Users may not use the Services for any purpose outside the applicable subscription tier, Order Form, documentation, law, or customer authorization. Any use of the Services for production PHI must be subject to an executed or accepted Business Associate Agreement between UPStandards and the covered-entity customer.
6. Acceptable Use Rules
Users shall not: (a) access or use the Services without authorization; (b) share credentials or permit use by unauthorized persons; (c) bypass, disable, or interfere with authentication, access controls, logging, rate limits, security features, or usage restrictions; (d) reverse engineer, decompile, copy, scrape, frame, or reproduce the Services except as expressly permitted; (e) introduce malware, malicious code, automated attacks, vulnerability scans, denial-of-service traffic, or other harmful material; (f) use the Services to violate law, accreditation rules, patient privacy, or third-party rights; (g) upload data for which Customer lacks authority, consent, authorization, or legal permission; (h) use general notes or free-text fields to store unnecessary PHI, diagnoses, treatment plans, progress notes, psychotherapy notes, SUD counseling notes, billing PHI, or full medical records; (i) transmit PHI to vendors, integrations, AI tools, email systems, or third-party services not approved for that data type; (j) use the Services as a substitute for required charting, clinical review, patient observation, restraint/seclusion compliance, mandated reporting, or emergency response; (k) create misleading, defamatory, unlawful, discriminatory, or abusive content; (l) use the Services to build or train a competing product except as permitted by law; (m) remove proprietary notices; or (n) use the Services in a manner that could damage, disable, overburden, impair, or compromise the Services or another user environment.
Customer is responsible for configuring workflows, roles, permissions, naming conventions, user training, and data-entry practices to follow the minimum necessary standard and to prevent unnecessary PHI entry. UPStandards may investigate suspected violations and may remove content, suspend accounts, throttle access, or take other reasonable action to protect the Services, customers, patients, systems, or legal compliance.
7. PHI, HIPAA, Part 2, and Customer-Controlled Data
UPStandards may process Protected Health Information ("PHI") as a business associate when providing the Services to covered-entity customers. PHI processing is governed by the applicable Business Associate Agreement. The Services are designed for a limited accreditation, safety, audit, and compliance workflow data set, not full EHR storage.
Some workflows may involve named-patient identifiers where operationally necessary, such as Q15 patient safety observation logs, restraint and seclusion documentation, and certain chart-audit fields. Customer remains responsible for determining what information may be entered, whether information is subject to 42 CFR Part 2, whether patient consents or authorizations are required, and whether additional restrictions apply.
Users should not submit diagnoses, SUD diagnoses, treatment plan content, goals, interventions, modalities, progress notes, psychotherapy notes, SUD counseling notes, full medical records, lab results, imaging, prescriptions, billing PHI, financial PHI, or other data outside supported workflows unless a written agreement or product workflow expressly permits it.
8. AI-Assisted Features
UPStandards may include AI-assisted features for policy drafting, language refinement, reporting support, summaries, or similar administrative functions. These features are intended to assist qualified users, not replace human review, clinical judgment, legal review, accreditation judgment, or compliance responsibility.
UPStandards current product position is that PHI, Part 2 Records, named-patient logs, identifiable chart-audit findings, or other identifiable patient information should not be transmitted to Anthropic or other AI model providers. AI inputs should be aggregate, de-identified, or otherwise non-PHI. Users are responsible for reviewing AI-assisted outputs before use and for confirming accuracy, completeness, suitability, and compliance with applicable accreditation, clinical, and legal requirements.
9. Transactional Email and No-PHI Email Architecture
UPStandards may use Postmark or another transactional email provider to send account, authentication, billing, security, administrative, and service-related messages. The Services are designed so transactional emails do not contain PHI, Part 2 Records, patient identifiers, chart-audit details, Q15 observation content, restraint or seclusion details, clinical content, or other identifiable patient information.
Customer and Authorized Users must not configure, request, or use email notifications in a manner that includes PHI unless UPStandards has expressly approved a HIPAA-compliant email workflow in writing and appropriate vendor agreements are in place.
10. Customer Responsibilities
Customer is responsible for: (a) obtaining all rights, consents, authorizations, and permissions needed to submit Customer Data; (b) maintaining its EHR, clinical records, designated record set, patient notices, authorizations, Part 2 consents, and accreditation records; (c) configuring user permissions and access levels; (d) training users; (e) validating reports and outputs; (f) preserving required records outside UPStandards if required by law or accreditation rules; (g) maintaining backups or exports needed for its operations; and (h) ensuring use of the Services complies with applicable law, accreditation standards, customer policies, and professional obligations.
UPStandards does not monitor every data-entry field for compliance and is not responsible for Customer failure to train users, configure permissions, limit data entry, maintain required records, respond to patients, preserve evidence, or follow accreditation or clinical requirements.
11. No Medical, Legal, Accreditation, or Emergency Advice
The Services and any reports, dashboards, AI-assisted content, scores, checklists, templates, or recommendations are informational and administrative tools only. UPStandards does not provide medical advice, diagnosis, treatment, legal advice, accreditation-body advice, crisis intervention, emergency response, or regulatory representation.
Customer must exercise independent professional judgment and should consult qualified clinicians, compliance personnel, legal counsel, accreditation consultants, or other professionals as appropriate. UPStandards does not guarantee survey readiness, accreditation, continued accreditation, deficiency avoidance, legal compliance, regulatory approval, reimbursement, patient-safety outcomes, or any particular operational result.
12. Subscription Fees, Trials, Renewals, and Cancellation
Fees, subscription tier, Site count, billing cycle, trial period, renewal terms, cancellation terms, and any special terms are stated in the applicable Order Form, checkout flow, invoice, or customer agreement. UPStandards may offer a 30-day free trial. Unless otherwise stated or required by law, fees are non-refundable, upgrades may be prorated, downgrades take effect at renewal, and access may be suspended for overdue amounts after reasonable notice.
Subscriptions may renew automatically unless cancelled or non-renewed as described in the applicable Order Form or checkout flow. UPStandards should configure online signup flows to provide required automatic-renewal disclosures, obtain affirmative consent to renewal terms, send renewal or trial reminders where required, and provide legally required cancellation methods. Contract language alone is not a substitute for a compliant checkout and cancellation flow.
13. Customer Data; Export; Retention; Deletion
Customer retains ownership of Customer Data. During the subscription term, Customer may export available Customer Data through standard platform features. After termination, UPStandards will use commercially reasonable efforts to make exportable Customer Data available for 30 days for standard self-serve accounts, unless access is restricted due to serious security abuse, unlawful activity, nonpayment after notice, or legal restriction. Enterprise Order Forms may provide a longer 60-90 day export window.
After the applicable export period, UPStandards may delete, de-identify, or retain data according to its retention practices, customer agreement, BAA, DPA, backup cycles, and applicable law. Backup copies may persist temporarily but will remain protected and will not be used for unrelated purposes.
14. Security
UPStandards uses commercially reasonable administrative, physical, and technical safeguards designed to protect the Services and Customer Data. No system is perfectly secure, and UPStandards does not warrant that unauthorized access, security incidents, interruptions, errors, data loss, or vulnerabilities will never occur.
Customer is responsible for secure user practices, device security, network security, role assignment, password hygiene, MFA where available, prompt revocation of unnecessary access, and notifying UPStandards of suspected unauthorized access or misuse.
15. Third-Party Services and Integrations
The Services may rely on or interoperate with third-party services, including infrastructure, email, payment, AI, analytics, authentication, or future integration partners. UPStandards is not responsible for third-party services outside its reasonable control. Future EHR, accreditation-body, API, SSO, data-sync, or other integrations are not included unless expressly stated in an Order Form or written addendum.
Customer may not route PHI, Part 2 Records, or sensitive data through third-party services unless the workflow is approved for that data type and appropriate legal and technical controls are in place.
16. Intellectual Property; Feedback; Aggregated Data
UPStandards and its licensors retain all rights in the Services, software, workflows, documentation, designs, know-how, templates, analytics, interfaces, and technology. Customer receives only the limited use rights expressly granted in these Terms or a customer agreement.
Customer grants UPStandards the rights necessary to host, process, display, transmit, and use Customer Data to provide, secure, support, and improve the Services. Customer grants UPStandards a perpetual, irrevocable, royalty-free right to use feedback, suggestions, and improvement ideas without restriction. UPStandards may create and use aggregated or de-identified information as permitted by law and the applicable customer agreements.
17. Confidentiality
Each party may receive confidential information of the other party. The receiving party will use reasonable care to protect confidential information and will use it only for purposes of the Services, customer relationship, legal compliance, or as otherwise permitted by agreement. PHI is governed by the BAA. Personal Data subject to a DPA is governed by the DPA.
18. Warranty Disclaimers
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICES, WEBSITE, DOCUMENTATION, REPORTS, DASHBOARDS, AI-ASSISTED OUTPUTS, TEMPLATES, CHECKLISTS, SCORES, AND OTHER MATERIALS ARE PROVIDED "AS IS" AND "AS AVAILABLE." UPSTANDARDS DISCLAIMS ALL WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, ACCURACY, COMPLETENESS, AVAILABILITY, SECURITY, ERROR-FREE OPERATION, QUIET ENJOYMENT, AND RESULTS.
UPStandards does not warrant that the Services will be uninterrupted, error-free, vulnerability-free, compliant with every accreditation or legal requirement, accepted by any accreditation body, or sufficient for any particular customer workflow. Customer assumes responsibility for reviewing and validating all outputs before use.
19. Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, UPSTANDARDS WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, ENHANCED, OR PUNITIVE DAMAGES; LOST PROFITS; LOST REVENUE; LOSS OF GOODWILL; BUSINESS INTERRUPTION; LOSS OR CORRUPTION OF DATA; SUBSTITUTE SERVICES; ACCREDITATION FAILURE; SURVEY DEFICIENCIES; REGULATORY ACTIONS; PATIENT-CARE OUTCOMES; OR DAMAGES ARISING FROM CUSTOMER CONFIGURATION, USER ERROR, CUSTOMER DATA ENTRY, CUSTOMER FAILURE TO OBTAIN CONSENTS, OR USE OF THE SERVICES OUTSIDE THE DOCUMENTATION.
To the maximum extent permitted by law, UPStandards aggregate liability arising out of or relating to the Services will not exceed the amounts paid by Customer to UPStandards for the Services giving rise to the claim during the 12 months before the event giving rise to liability, unless a written customer agreement states a different cap. Some jurisdictions do not allow certain limitations, so some limitations may not apply to the extent prohibited by law.
20. Indemnity
Customer will defend, indemnify, and hold harmless UPStandards from and against claims, damages, liabilities, costs, and expenses arising from Customer Data; Customer violation of law; Customer failure to obtain consents or authorizations; Customer submission of prohibited data; Customer Part 2 determinations or consent failures; Customer misuse of the Services; unauthorized use by Customer users; or Customer breach of these Terms or any customer agreement.
UPStandards will provide any IP infringement indemnity only to the extent expressly stated in a signed customer agreement. Public website access or self-serve use does not create indemnity obligations beyond those required by law.
21. Suspension and Termination
UPStandards may suspend or terminate access for nonpayment, security risk, suspected unauthorized access, unlawful activity, violation of these Terms, submission of prohibited data, misuse of AI features, excessive use, harm to the Services, or conduct that creates legal, privacy, security, accreditation, or operational risk. UPStandards will use commercially reasonable efforts to provide notice where practicable, but may act immediately where needed to protect systems, data, customers, patients, or legal compliance.
Upon termination, Customer must stop using the Services. Data export, deletion, and survival obligations are governed by the applicable agreement, BAA, DPA, and retention policies.
22. Changes to the Services or Terms
UPStandards may update the Services, features, documentation, security measures, vendors, and these Terms from time to time. Material changes will be posted or otherwise communicated as appropriate. Continued use after an update constitutes acceptance unless a signed customer agreement provides a different process.
23. Governing Law; Venue
These Terms are governed by California law, without regard to conflict-of-law rules, unless a signed customer agreement states otherwise. Courts serving Lake County, California will have exclusive jurisdiction and venue, except that UPStandards may seek injunctive or equitable relief in any court of competent jurisdiction for misuse of confidential information, IP infringement, data-security threats, or unauthorized access.
24. Contact
Questions about these Terms may be sent to UPStandards LLC, PO Box 1554, Cobb, CA 95426, or support@upstandards.net">support@upstandards.net. Privacy-related inquiries may be sent to privacy@upstandards.net">privacy@upstandards.net.