Legal Document

Terms of Service

Version 1.0
Effective Date 1 March 2026
Governing Law England & Wales
Provider SMEDTEC Ltd
Important notice: These Terms of Service constitute a legally binding agreement between you and SMEDTEC Ltd. Please read them carefully before using SMEDTEC OS. By creating an account or using the platform, you confirm that you have read, understood, and agree to be bound by these Terms. These Terms should be reviewed by your legal counsel before use in a regulated environment. SMEDTEC Ltd recommends that you retain a solicitor for advice specific to your circumstances.
Section 1

Definitions

In these Terms of Service, the following terms have the meanings set out below:

TermMeaning
"Agreement"These Terms of Service, together with any Order Form, the Data Processing Agreement, and any other documents expressly incorporated by reference.
"Customer"The organisation, company, or individual that has registered for and is using SMEDTEC OS under these Terms.
"Customer Data"All data, content, documents, and information submitted by or on behalf of the Customer to SMEDTEC OS, including product data, regulatory documents, work items, vault documents, user information, and any AI-generated outputs derived from Customer Data.
"Documentation"User guides, API reference, help centre content, and other supporting materials made available by SMEDTEC Ltd in connection with the Services.
"Organisation"The entity-level account within SMEDTEC OS under which users operate. All Customer Data is scoped to an Organisation.
"Services"The SMEDTEC OS platform, including all features, APIs, AI features, and integrations provided by SMEDTEC Ltd under these Terms.
"SMEDTEC Ltd" / "we" / "us"SMEDTEC Ltd, a company registered in England and Wales, reachable at [email protected].
"Subscription"The plan or tier under which the Customer accesses the Services, as set out in an Order Form or selected during account creation.
"User"Any individual authorised by the Customer to access SMEDTEC OS under the Customer's Organisation account.
Section 2

Agreement & Acceptance

2.1 Binding Agreement

By accessing or using SMEDTEC OS, the Customer agrees to be bound by these Terms. If you are accepting these Terms on behalf of an organisation, you represent and warrant that you have authority to bind that organisation to this Agreement. If you do not have such authority, or if you do not agree to these Terms, you must not use the Services.

2.2 Age and Eligibility

You must be at least 18 years of age and have the legal capacity to enter into contracts to use SMEDTEC OS. The Services are intended for commercial and professional use by organisations involved in medical device regulatory affairs. The Services are not intended for personal, household, or consumer use.

2.3 Acceptance Record

Upon first accessing an Organisation account, an authorised administrator must accept both these Terms of Service and the accompanying Data Processing Agreement. This acceptance is recorded in the platform with a timestamp and the accepting user's identifier. This record constitutes the Customer's acceptance of this Agreement on behalf of the Organisation.

Section 3

The Services

3.1 Service Description

SMEDTEC OS is a regulatory project management and operations platform purpose-built for medical device companies. The Services include:

  • Regulatory track management for EU MDR, FDA 510(k), UKCA, Health Canada, TGA, MDSAP, and other pathways
  • Product lifecycle management from concept through post-market surveillance
  • Document Vault — version-controlled, access-controlled document management
  • Claims and evidence traceability management
  • Country registration and certificate tracking
  • Market intelligence — competitor devices, predicate devices, and regulatory databases
  • Regulatory Radar — curated feed of global regulatory updates
  • Knowledge Hub — 29,500+ indexed regulatory documents with semantic search
  • AI-powered Notebook assistant (Product and Portfolio scope)
  • Team collaboration tools including role-based access control, real-time presence, and audit logging
  • API access (where included in Subscription)

3.2 Platform Classification

SMEDTEC OS is a software-as-a-service regulatory operations management platform. It is not a medical device under MDR (EU) 2017/745, the UK Medical Devices Regulations 2002 (as amended), or the FDA's definition under 21 U.S.C. §321(h). Customers remain solely responsible for the substantive content and accuracy of their regulatory submissions, technical documentation, and compliance activities.

3.3 Service Modifications

SMEDTEC Ltd may modify, enhance, or discontinue features of the Services at any time. We will provide reasonable advance notice of material changes that may adversely affect the Customer's use of the Services. Minor updates, bug fixes, and security patches do not require prior notice.

3.4 Third-Party Services

The Services integrate with or rely upon certain third-party services, including our managed cloud backend provider (database, authentication, and storage infrastructure), Anthropic (AI model), and Stripe (payment processing). The named sub-processor list — including the legal entity behind our cloud backend — is disclosed to Customers under the Data Processing Agreement. These third parties have their own terms and privacy policies. SMEDTEC Ltd is not responsible for the acts or omissions of third-party providers, except to the extent provided in the Data Processing Agreement.

Section 4

Accounts & Access

4.1 Account Registration

To use SMEDTEC OS, the Customer must create an Organisation account and provide accurate, complete, and current information. The Customer is responsible for maintaining the accuracy of this information and updating it promptly if it changes.

4.2 Account Security

The Customer is responsible for maintaining the confidentiality of all account credentials and for all activity that occurs under their Organisation account. The Customer must:

  • Notify SMEDTEC Ltd immediately at [email protected] upon becoming aware of any actual or suspected unauthorised access to their account
  • Ensure that Users comply with these Terms
  • Not share account credentials between Users — each User must have their own unique login
  • Promptly revoke access for any User who is no longer authorised (e.g., upon departure from the Customer's organisation)

4.3 User Roles

SMEDTEC OS implements a role-based access control system with three roles: Admin, Member, and Viewer. The Customer is responsible for assigning appropriate roles to Users and for ensuring that role assignments reflect the Customer's internal access control requirements. SMEDTEC Ltd enforces role-based permissions at the application and database levels, but the assignment of roles is the Customer's responsibility.

4.4 Seat Limits

The number of Users permitted is determined by the Customer's Subscription. Exceeding seat limits without upgrading may result in suspension of access for additional users. The Customer is responsible for managing their User count within their Subscription limits.

Section 5

Acceptable Use

5.1 Permitted Use

The Customer may use SMEDTEC OS for its internal regulatory affairs operations in connection with medical device development, compliance, and market access activities. Use must comply with all applicable laws and regulations, including those of the jurisdictions in which the Customer operates.

5.2 Prohibited Use

The Customer must not, and must ensure that Users do not:

  • Use the Services for any unlawful purpose or in violation of any applicable law or regulation
  • Attempt to gain unauthorised access to any part of the Services or to any other Customer's data
  • Interfere with or disrupt the integrity or performance of the Services or the data contained therein
  • Upload or transmit any malicious code, virus, or any content that is illegal, defamatory, or infringes any third-party rights
  • Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of SMEDTEC OS
  • Resell, sublicense, or otherwise make the Services available to third parties, except as expressly authorised by SMEDTEC Ltd in writing
  • Use the Services to build a competitive product or service, or to benchmark the Services for purposes of publication without prior written consent
  • Remove, obscure, or alter any proprietary notices, labels, or marks on or in the Services
  • Use the Services to process any data that the Customer does not have the right to process
  • Attempt to circumvent any rate limits, usage controls, or access controls implemented by SMEDTEC Ltd

5.3 Regulatory Compliance

The Customer is solely responsible for ensuring that its use of SMEDTEC OS complies with all applicable medical device regulations, including but not limited to MDR (EU) 2017/745, IVDR (EU) 2017/746, UK Medical Devices Regulations 2002, FDA 21 CFR Parts 800–898, and any other jurisdiction-specific requirements. SMEDTEC OS is a tool to assist with regulatory operations — it does not guarantee regulatory compliance and does not provide legal, regulatory, or clinical advice.

Section 6

Data Ownership

6.1 Customer Data Ownership

All Customer Data remains the sole and exclusive property of the Customer. SMEDTEC Ltd does not claim any ownership rights over Customer Data. SMEDTEC Ltd processes Customer Data solely to provide and improve the Services, as further described in the Data Processing Agreement.

6.2 Licence to Process

By using the Services, the Customer grants SMEDTEC Ltd a limited, non-exclusive, non-transferable licence to access, use, process, and store Customer Data solely to the extent necessary to provide the Services. This licence terminates upon expiry or termination of the Customer's Subscription and completion of the data deletion process described in Section 15.3.

6.3 Data Export

The Customer may export their Customer Data at any time during their Subscription via the API or platform export features. SMEDTEC Ltd will maintain data export functionality for the duration of the Customer's active Subscription.

6.4 Prohibited Data

The Customer must not upload to SMEDTEC OS: (a) data relating to identifiable patients, clinical trial participants, or data subjects beyond what is strictly necessary for regulatory documentation purposes; (b) financial instrument data, payment card data, or national insurance/social security numbers; or (c) any data whose processing would violate applicable law. SMEDTEC OS is not designed to be a primary patient data repository.

Section 7

AI-Assisted Features

7.1 Nature of AI Features

SMEDTEC OS includes AI-powered features including the Product Notebook, Portfolio Notebook, semantic search, and document embeddings. These features are powered by Claude (Anthropic). All AI calls are proxied through authenticated SMEDTEC OS Edge Functions — no Customer Data is sent directly from the Customer's browser to the AI provider.

7.2 Human Review Requirement

AI-generated content, suggestions, and analyses within SMEDTEC OS are provided as assistance only. The Customer is solely responsible for reviewing, verifying, and approving all AI-generated content before relying on it for regulatory submissions, compliance decisions, or any other purpose. SMEDTEC OS AI features do not constitute regulatory, legal, or clinical advice.

7.3 AI Usage Logging

All AI feature usage is logged per Organisation, including feature type, token consumption, and timestamp. This log is accessible to Organisation admins and to SMEDTEC Ltd for billing, capacity planning, and abuse prevention purposes.

7.4 Document Processing

Document content uploaded for AI feature processing (e.g., embedding generation for the Notebook) is processed in-memory. Document content is not retained by the AI provider (Anthropic) beyond the processing session, subject to Anthropic's then-current API terms. Embeddings (numerical vector representations of document content) are stored within the Customer's Organisation data in SMEDTEC OS.

7.5 Rate Limits

SMEDTEC Ltd implements per-Organisation rate limits on AI features to protect platform availability and manage costs. Rate limits may be adjusted from time to time. Exceeding rate limits will result in temporary suspension of AI features for the affected Organisation until the limit window resets.

Section 8

Intellectual Property

8.1 SMEDTEC OS Platform

SMEDTEC OS, including all software, code, designs, interfaces, algorithms, models, databases, and documentation, is and remains the sole and exclusive intellectual property of SMEDTEC Ltd. Nothing in this Agreement transfers any intellectual property rights in SMEDTEC OS to the Customer. The Customer is granted a limited, non-exclusive, non-transferable, revocable licence to use SMEDTEC OS solely in accordance with these Terms.

8.2 Regulatory Knowledge Base

The SMEDTEC OS Knowledge Hub contains indexed and processed content derived from publicly available regulatory sources including FDA, European Commission, MHRA, Health Canada, TGA, and international standards bodies. This processing is proprietary to SMEDTEC Ltd. The underlying regulatory documents remain the property of their respective issuers and are subject to their own terms of use.

8.3 Feedback

If the Customer or any User provides SMEDTEC Ltd with feedback, suggestions, or ideas regarding the Services ("Feedback"), the Customer grants SMEDTEC Ltd an irrevocable, worldwide, royalty-free licence to use that Feedback for any purpose without compensation or attribution. SMEDTEC Ltd is not obliged to act on any Feedback.

8.4 No Implied Licences

No rights or licences are granted to the Customer except those expressly set out in this Agreement. The Customer must not represent that it owns any part of SMEDTEC OS or use SMEDTEC Ltd's name, logos, or trademarks without prior written consent.

Section 9

Payment & Subscription

9.1 Subscription Fees

Access to SMEDTEC OS is provided on a Subscription basis. Fees are set out in the applicable Order Form or pricing page. SMEDTEC Ltd reserves the right to change its pricing on reasonable advance notice. Continued use of the Services after a price change takes effect constitutes acceptance of the new pricing.

9.2 Payment Terms

Subscription fees are payable in advance, unless otherwise agreed in writing. Payment is processed by Stripe. The Customer authorises SMEDTEC Ltd to charge the payment method on file on each billing cycle. All fees are exclusive of VAT, taxes, and duties, which are the Customer's responsibility. SMEDTEC Ltd does not store payment card data — all payment information is handled directly by Stripe in accordance with Stripe's PCI-DSS compliance programme.

9.3 Late Payment

If any payment is overdue, SMEDTEC Ltd may suspend access to the Services until all outstanding amounts are paid. Overdue invoices may attract interest at the statutory rate under the Late Payment of Commercial Debts (Interest) Act 1998.

9.4 No Refunds

Subscription fees are non-refundable except as required by applicable law or as expressly agreed in writing. Unused portions of a Subscription period following cancellation are not refunded.

9.5 Free Trials

SMEDTEC Ltd may offer free trials of the Services at its discretion. At the end of a free trial, access will convert to a paid Subscription or be suspended, as notified to the Customer. Customer Data is retained during and after a free trial period in accordance with the data retention provisions in the DPA.

Section 10

Availability & Support

10.1 Service Availability

SMEDTEC Ltd will use commercially reasonable efforts to make the Services available 24 hours a day, 7 days a week. However, SMEDTEC Ltd does not guarantee uninterrupted availability. The Services may be temporarily unavailable due to scheduled maintenance, unscheduled outages, or events beyond SMEDTEC Ltd's control.

10.2 Maintenance Windows

SMEDTEC Ltd will endeavour to schedule planned maintenance during off-peak hours and will provide advance notice via the platform's status page or by email where practical. Emergency maintenance may occur without prior notice.

10.3 Support

SMEDTEC Ltd provides technical support via email at [email protected]. Response times and support scope are determined by the Customer's Subscription tier. SMEDTEC Ltd does not provide regulatory affairs consultancy, legal advice, or clinical evaluation support as part of the Services.

10.4 Status Page

Current and historical service status information is available at smedtec.co.uk. The Customer is encouraged to subscribe to status updates to receive notifications of incidents and maintenance.

Section 11

Confidentiality

11.1 Mutual Obligation

Each party agrees to keep confidential all non-public information disclosed by the other party in connection with this Agreement that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and the circumstances of disclosure ("Confidential Information").

11.2 Customer Data

SMEDTEC Ltd treats all Customer Data as Confidential Information of the Customer. SMEDTEC Ltd will not disclose Customer Data to third parties except as required to provide the Services, as required by law, or with the Customer's prior written consent. SMEDTEC Ltd personnel who access Customer Data are bound by confidentiality obligations.

11.3 Exclusions

Confidentiality obligations do not apply to information that: (a) is or becomes publicly known through no breach of this Agreement; (b) was known to the receiving party without restriction before disclosure; (c) is independently developed by the receiving party without use of the Confidential Information; or (d) is required to be disclosed by law, court order, or regulatory authority, provided that the disclosing party is given prior written notice to the extent permitted by law.

Section 12

Warranties & Disclaimers

12.1 SMEDTEC Ltd Warranties

SMEDTEC Ltd warrants that: (a) it has the right and authority to enter into this Agreement and provide the Services; (b) it will implement and maintain reasonable security measures to protect Customer Data as described in the Data Processing Agreement; and (c) the Services will function substantially in accordance with the Documentation under normal use.

12.2 Customer Warranties

The Customer warrants that: (a) it has the authority to enter into this Agreement; (b) it has all necessary rights to provide Customer Data to SMEDTEC OS for processing; (c) Customer Data and its use in connection with the Services will not violate any applicable law or infringe any third-party rights; and (d) it will use the Services in compliance with these Terms.

12.3 Disclaimer

EXCEPT AS EXPRESSLY STATED IN SECTION 12.1, THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND. SMEDTEC LTD EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO: IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND WARRANTIES ARISING FROM COURSE OF DEALING OR USAGE OF TRADE.

SMEDTEC Ltd does not warrant that the Services will meet the Customer's specific regulatory or compliance requirements, that the Services will be error-free or uninterrupted, or that any AI-generated output will be accurate, complete, or suitable for regulatory submission purposes.

Section 13

Limitation of Liability

13.1 Exclusion of Consequential Loss

To the fullest extent permitted by applicable law, neither party shall be liable to the other for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, loss of revenue, loss of business, loss of data, or loss of anticipated savings, arising out of or related to this Agreement, even if the party has been advised of the possibility of such damages.

13.2 Cap on Liability

SMEDTEC Ltd's total aggregate liability to the Customer arising out of or in connection with this Agreement, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed the total Subscription fees paid by the Customer to SMEDTEC Ltd in the twelve (12) months immediately preceding the event giving rise to the claim.

13.3 Exceptions

Nothing in this Agreement limits or excludes liability for: (a) death or personal injury caused by negligence; (b) fraud or fraudulent misrepresentation; (c) any liability that cannot be excluded or limited under applicable law; or (d) SMEDTEC Ltd's obligations under the Data Processing Agreement in respect of personal data.

13.4 Regulatory Outcomes

SMEDTEC Ltd is not liable for any regulatory decision, submission rejection, enforcement action, or other regulatory outcome arising from the Customer's use of or reliance on the Services. The Customer is solely responsible for the content, accuracy, and completeness of its regulatory submissions.

Section 14

Indemnification

14.1 Customer Indemnity

The Customer will defend, indemnify, and hold harmless SMEDTEC Ltd and its officers, directors, employees, and agents from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable legal fees) arising out of or related to: (a) the Customer's breach of these Terms; (b) the Customer's use of the Services in violation of applicable law; (c) Customer Data that infringes third-party intellectual property rights or violates applicable data protection law; or (d) the Customer's regulatory activities and submissions.

14.2 SMEDTEC Ltd Indemnity

SMEDTEC Ltd will defend the Customer against claims by third parties that SMEDTEC OS, as provided by SMEDTEC Ltd, infringes the intellectual property rights of that third party, and will pay any damages finally awarded against the Customer in such a claim. This indemnity does not apply if the claim arises from: (a) modification of SMEDTEC OS by anyone other than SMEDTEC Ltd; (b) combination of SMEDTEC OS with products or services not provided by SMEDTEC Ltd; or (c) use of SMEDTEC OS in violation of these Terms.

Section 15

Termination

15.1 Termination by Either Party

Either party may terminate this Agreement on written notice if the other party: (a) materially breaches this Agreement and fails to cure the breach within 30 days of written notice specifying the breach; or (b) becomes insolvent, makes an assignment for the benefit of creditors, or becomes subject to insolvency proceedings that are not dismissed within 60 days.

15.2 Termination by Customer

The Customer may cancel their Subscription at any time via the platform settings or by contacting [email protected]. Cancellation takes effect at the end of the current billing period. The Customer will retain access to the Services until the end of the paid period.

15.3 Effect of Termination — Data

Upon expiry or termination of the Customer's Subscription:

  • The Customer will have 30 days from the termination date to export their Customer Data
  • SMEDTEC Ltd will delete all Customer Data from its active systems within 30 days of the expiry of the export period
  • SMEDTEC Ltd may retain Customer Data in encrypted backup systems for up to 90 days following deletion from active systems, after which it will be permanently destroyed
  • Anonymised, aggregated usage statistics that do not identify the Customer or any individual may be retained by SMEDTEC Ltd indefinitely

15.4 Survival

Sections 6 (Data Ownership), 8 (Intellectual Property), 11 (Confidentiality), 12.3 (Disclaimer), 13 (Limitation of Liability), 14 (Indemnification), 15.3 (Data Deletion), and 17 (Governing Law) survive termination of this Agreement.

Section 16

Changes to Terms

SMEDTEC Ltd may modify these Terms from time to time. Material changes will be notified to the Customer by email to the registered admin email address or by a prominent notice within the platform, with at least 30 days' advance notice before the changes take effect. Continued use of the Services after the effective date of a change constitutes acceptance of the revised Terms. If the Customer does not agree to a material change, the Customer may terminate their Subscription before the effective date of the change, and SMEDTEC Ltd will provide a pro-rata refund of any prepaid fees for the unused period.

Section 17

Governing Law

This Agreement is governed by and construed in accordance with the laws of England and Wales. The parties irrevocably submit to the exclusive jurisdiction of the courts of England and Wales in respect of any dispute arising under or in connection with this Agreement, except that either party may seek interim or emergency relief from any court of competent jurisdiction to protect its rights pending resolution of the dispute.

Section 18

Contact

For questions, notices, or legal correspondence regarding these Terms, please contact SMEDTEC Ltd at:

SMEDTEC Ltd
Email: [email protected]
Website: www.smedtec.co.uk

For data protection enquiries specifically, please mark correspondence: Attention: Data Protection