2.1. The Provider grants the User a non-exclusive, non-transferable license to use the Platform for the management of professional practice in the fields of psychotherapy, psychological counseling, and coaching.
2.2. The Platform is a practice management tool. It is NOT a medical device, diagnostic instrument, or treatment system. The AI assistant does not diagnose conditions and does not replace clinical judgment of a licensed professional.
2.3. Acceptance of these Terms occurs at the moment of subscription payment or registration within the Service. By using the Service, the User acknowledges having read and agreed to these Terms, the Privacy Policy, and all related compliance documentation.
3.1. Subscription pricing is determined by the selected plan and is displayed on the subscription page at the time of purchase.
3.2. Refund guarantee: full refund within 14 days of payment, no questions asked. After 14 days, refunds are provided at the sole discretion of the Provider.
3.3. The Provider reserves the right to modify pricing for future subscription periods with 30 days' notice to existing Users.
End Client data is stored in a MySQL database on a server managed by the Provider, as well as locally in the User's browser (localStorage, IndexedDB).
The User procures their own hosting, domain, and SSL certificate. The database resides on the User's server.
All data is stored exclusively on the User's device. AI functionality requires an internet connection.
5.1. The AI assistant operates exclusively with de-identified data in compliance with the HIPAA Safe Harbor standard (45 CFR §164.514(b)). All 18 categories of identifiers defined by HIPAA are automatically removed before any data is transmitted to external AI services.
5.2. The following data is never transmitted to AI service providers: real names, dates of birth, phone numbers, email addresses, physical addresses, emergency contact information, or any other direct identifiers. The AI receives only a pseudonym (nickname) and de-identified clinical context (presenting complaints, observations, therapeutic hypotheses).
5.3. De-identified clinical context is transmitted to the AI provider (OpenAI, LLC) via an encrypted channel (TLS 1.2+). In accordance with OpenAI's data usage policy, API data is not used for model training.
5.4. De-identification is enforced at two levels: client-side (in the browser before transmission) and server-side (on the API proxy server before forwarding to OpenAI). Each de-identified data object is marked with a timestamp and method identifier for audit purposes.
5.5. The User must use pseudonyms exclusively when entering client information into AI-enabled sections of the application. The application provides explicit guidance for this at every relevant input field. The Provider accepts no liability if the User enters real identifying information in place of pseudonyms.
5.6. The User may disable AI-assisted analysis for any individual End Client at any time through the client profile settings. When AI processing is disabled for a specific End Client, no data for that client is transmitted to external AI services. This per-client control mechanism satisfies the requirement under GDPR Article 21 to accommodate an End Client's objection to automated processing. See Privacy Policy §4.4 for the full opt-out procedure.
Because the AI assistant receives only de-identified data (as defined by 45 CFR §164.514(b)), this data is no longer classified as PHI under HIPAA. Therefore, no Business Associate Agreement (BAA) with the AI provider is required for this specific data flow. The Provider maintains de-identification safeguards at both the application and server levels.
6.1. The User shall comply with all applicable laws and regulations in their jurisdiction, including but not limited to HIPAA (USA), GDPR (EU/EEA), and relevant local data protection laws.
6.2. The User shall obtain informed consent from each End Client prior to entering their data into the Platform, using the template provided in the Informed Consent Template or an equivalent document.
6.3. The User shall adhere to the minimum security requirements outlined in the User Security Requirements document.
6.4. The User shall not use the Platform for any purpose other than professional practice management in the fields specified in Section 2.1.
6.5. Video sessions — US and Canadian Users (HIPAA / PIPEDA). The Platform's built-in video conferencing feature is powered by a third-party WebRTC provider (Daily.co). At the time of these Terms, the Provider does not hold a HIPAA Business Associate Agreement (BAA) with the video infrastructure provider. Users who are Covered Entities under HIPAA (45 CFR §160.103) or subject to Canadian provincial health privacy legislation (PHIPA, HIA, FOIPPA, or equivalent) are solely responsible for ensuring that their use of the video feature complies with applicable law. Such Users must: (a) obtain explicit written consent from each End Client for audio/video recording prior to initiating a session; (b) independently verify that their use of the video feature meets all applicable regulatory requirements; and (c) consider using an externally HIPAA-certified video service (such as Doxy.me or Zoom for Healthcare) if a fully compliant end-to-end solution is required.
6.6. Recording consent. Regardless of jurisdiction, the User shall obtain and document explicit consent from the End Client before initiating any audio or video recording of a session. The User shall record the consent status in the client profile field designated for this purpose ("Recording Consent"). The Provider shall not be liable for any claim arising from the User's failure to obtain such consent.
6.7. Audio transcription — US Users (HIPAA). The Platform's session recording feature submits raw audio to OpenAI's Whisper API for speech-to-text transcription. At the time of these Terms, the Provider's OpenAI API subscription does not include a HIPAA Business Associate Agreement (BAA). Raw session audio may constitute Protected Health Information (PHI). US-based Users who are Covered Entities or Business Associates under HIPAA acknowledge this limitation and agree that: (a) they will independently assess whether activation of the recording and transcription feature is compatible with their HIPAA obligations; (b) they will obtain explicit written informed consent from each End Client for audio recording and AI transcription before any recorded session; and (c) they bear sole compliance responsibility arising from use of the transcription feature absent a BAA with OpenAI. US-based Users for whom this limitation is not acceptable should disable the recording feature and use an independently HIPAA-BAA-covered transcription workflow.
7.1. The Platform is provided "as is" and "as available." The Provider makes no warranties, express or implied, regarding the accuracy, reliability, or completeness of AI-generated insights.
7.2. The Provider shall not be liable for any clinical decisions made on the basis of AI assistant recommendations. All clinical responsibility rests solely with the licensed User.
7.3. The Provider's maximum aggregate liability under these Terms shall not exceed the total amount paid by the User in the 12 months preceding the event giving rise to the claim.
7.4. The Provider shall not be liable for data breaches caused by the User's failure to comply with the User Security Requirements.
7.5. Video infrastructure. The Provider shall not be liable for any HIPAA violation, data breach, or regulatory penalty arising from the User's use of the built-in video session feature without a BAA in place with the video infrastructure provider. The User assumes full responsibility for regulatory compliance with respect to video conferencing, as set forth in Section 6.5. This limitation applies to the maximum extent permitted by applicable law.
7.6. Audio transcription infrastructure. The Provider shall not be liable for any HIPAA violation, regulatory penalty, enforcement action, or civil claim arising from the User's use of the built-in session recording and transcription feature in the absence of a BAA between the Provider and the transcription service provider (OpenAI). The User assumes full compliance responsibility as set forth in Section 6.7. This limitation applies to the maximum extent permitted by applicable law.
8.1. Either party may terminate this agreement at any time by providing written notice. The User may cancel their subscription through the Platform or by contacting the Provider.
8.2. Upon termination, the User's data will be retained for 90 days to allow for data export. After this period, all data will be permanently deleted from the Provider's servers.
8.3. The User may request immediate deletion of all their data at any time by contacting the Provider. The Provider shall comply within 30 days.
9.1. These Terms are governed by and construed in accordance with the laws of the State of Israel.
9.2. For Users located in the EU/EEA, additional protections guaranteed by the GDPR shall apply. For Users located in the United States, HIPAA provisions shall apply to the extent applicable. For Users located in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial health privacy legislation (PHIPA, HIA, PIPA) shall apply; Canadian therapists acting as health-information custodians remain solely responsible for compliance with their provincial obligations, including obtaining client consent for collection and use of personal health information. California residents are afforded additional rights under the CCPA/CPRA as described in the Privacy Policy (Section 13.2). Users in Israel and Ukraine are subject to the jurisdiction-specific provisions set out in Sections 13.3 and 13.4 of the Privacy Policy respectively.
9.3. Any disputes arising under these Terms shall be resolved through good-faith negotiation. If unresolved within 30 days, disputes shall be submitted to the competent courts of the State of Israel, Haifa District.
10.1. The Provider may update these Terms with 30 days' advance notice via email. Continued use of the Service after the notice period constitutes acceptance. Material changes to data processing will be highlighted in the Privacy Policy changelog.
10.2. Previous versions of these Terms are available upon request.
For questions, requests, or concerns regarding these Terms of Service:
Artem Chukov
Email: aitacs@skillbuilder.club
Web: skillbuilder.club
Privacy Policy · Data Processing Agreement (DPA) · Business Associate Agreement (BAA) · Subprocessor List · User Security Requirements · Informed Consent Template · Incident Response Policy