Terms of Service

1. Agreement to Terms

These Terms of Service constitute a legally binding agreement between you and DSP Cyber Security LLC, a Florida limited liability company, governing your access to and use of the DSP HIPAA Comply™ platform and all related services (the “Service”).

By registering for an account or using the Service, you represent that: (a) you have read and understood these Terms; (b) you are at least 18 years of age; (c) you have authority to bind yourself or your organization; and (d) you agree to be bound by these Terms.

2. Description of Service

DSP HIPAA Comply™ is a SaaS compliance management platform for covered entities managing HIPAA Security Rule compliance. The Service includes:

• HIPAA Security Rule controls tracker (45 CFR §§164.308, 164.310, 164.312, 164.314, 164.316)
• Security Risk Assessment wizard and documentation tools
• Risk register and heat map functionality
• Business associate registry and BAA tracking
• Security incident tracking and documentation
• Policy and procedure template library
• SRA report generation and sign-off workflow

Important: The Service is a compliance management tool only. It does not constitute legal advice or guarantee HIPAA compliance. DSP Cyber Security LLC is not a law firm.

3. Accounts and Registration

You must provide accurate information including your organization name and valid email. You are responsible for all activities under your account. Each account is associated with a single organization. Your data is logically isolated from all other organizations.

4. Subscription and Payment

Continued access requires a paid subscription after any trial period. Fees are as specified on the pricing page. All fees are non-refundable except as required by law. Payments are processed through Stripe, Inc.

5. Intellectual Property Rights

5.1 Ownership

The Service, including all software, algorithms, user interface designs, compliance frameworks, control libraries, assessment methodologies, content, and documentation, is the exclusive proprietary property of DSP Cyber Security LLC protected by U.S. and international intellectual property laws.

5.2 License Grant

DSP Cyber Security LLC grants you a limited, non-exclusive, non-transferable, revocable license to access and use the Service solely for your organization’s internal HIPAA compliance management during your subscription term.

5.3 Restrictions

You expressly agree NOT to:

• Copy, reproduce, sell, or exploit any portion of the Service
• Reverse engineer or attempt to derive the source code of the Service
• Create derivative works based on the Service
• Use the Service to build a competing product or service
• Use automated means to scrape or extract data from the Service
• Share or transfer access to the Service to any third party

6. Data and Privacy

6.1 No ePHI Storage

The Service does NOT store electronic Protected Health Information (ePHI). Users must NOT enter patient names, medical records, diagnoses, or any other ePHI into the Service. DSP Cyber Security LLC is not a Business Associate under HIPAA.

6.2 Data Security

We implement encryption in transit (TLS) and at rest, access controls, and host on Google Cloud Platform’s HIPAA-eligible infrastructure.

7. Prohibited Uses

You agree not to violate any laws, store ePHI, impersonate any person, interfere with the Service, attempt unauthorized access, introduce malicious code, or use the Service fraudulently.

8. Disclaimers and Limitation of Liability

THE SERVICE IS PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND. DSP CYBER SECURITY LLC DOES NOT WARRANT HIPAA COMPLIANCE. TOTAL LIABILITY SHALL NOT EXCEED AMOUNTS PAID IN THE TWELVE MONTHS PRECEDING THE CLAIM.

9. Indemnification

You agree to indemnify and hold harmless DSP Cyber Security LLC from claims arising from your use of the Service or violation of these Terms.

10. Termination

We may terminate your access immediately for breach of these Terms. Upon termination, your data is retained 30 days then permanently deleted.

11. Governing Law

These Terms are governed by Florida law. Disputes are resolved exclusively in Manatee County, Florida courts.

12. Contact

Privacy Policy

DSP Cyber Security LLC is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, and safeguard information when you use DSP HIPAA Comply™.

1. Information We Collect

1.1 Account Information

• Name and email address
• Organization name, type, and size
• Payment information (processed by Stripe — we do not store card numbers)
• Date and time of Terms of Service acceptance

1.2 Compliance Program Data

• HIPAA control implementation statuses and notes
• Risk register entries and assessments
• Business associate names and verification records
• Security incident documentation
• SRA responses and reports

We do not collect, store, or process ePHI. Users are prohibited from entering ePHI into the Service.

2. How We Use Your Information

• To provide and maintain the Service
• To process payments and manage subscriptions
• To send transactional emails
• To respond to support requests
• To comply with legal obligations and detect fraud

3. How We Share Your Information

We do not sell your personal information. We share only with service providers (Google Cloud, Stripe, Firebase), when required by law, or in a business transfer.

4. Data Security

• TLS encryption for all data in transit
• Encryption at rest via Google Cloud Platform
• Firebase Authentication with MFA support
• Organizational data isolation
• Audit logging of all data access

5. Data Retention

Your data is retained while your account is active. Upon termination, data is retained 30 days for export then permanently deleted.

6. Contact

Acceptable Use Policy

This Acceptable Use Policy governs your use of DSP HIPAA Comply™ operated by DSP Cyber Security LLC.

1. Permitted Uses

• Manage your organization’s HIPAA Security Rule compliance program
• Document security controls, risks, policies, and procedures
• Track business associate agreements and verifications
• Log and manage security incidents
• Generate and maintain Security Risk Assessment documentation

2. Prohibited Uses

• No ePHI: Do not enter patient names, medical records, diagnoses, or any protected health information
• No reverse engineering: Do not access or reproduce source code, algorithms, or methodologies
• No competing products: Do not use the Service to build competing compliance software
• No unauthorized access: Do not access other organizations’ data or exploit vulnerabilities
• No credential sharing: Do not share login credentials outside your organization
• No misrepresentation: Do not falsify compliance data or certifications
• No scraping: Do not use automated tools to extract data from the Service

3. Intellectual Property

All compliance frameworks, control libraries, assessment methodologies, policy templates, and interface design are proprietary trade secrets of DSP Cyber Security LLC. Violations may result in immediate termination and legal action.

4. Consequences of Violations

• Immediate suspension or termination without refund
• Civil litigation for damages including lost profits
• Injunctive relief to prevent ongoing harm
• Referral to law enforcement for criminal conduct

5. Contact