XUND Version 1
1. Scope of Agreement and Services, General Terms
The XUND App (“App“, “XUND“) is provided by XUND Solutions GmbH, Webgasse 9/2.8, 1060 Vienna, email@example.com, (“we“, “us“). It enables users to get medical feedback on symptoms. XUND is a mobile application that operates only on iPhone model 5S or later running iOS 11 or higher.
XUND processes symptoms and generic profile information provided by the user to generate a preliminary assessment in diagnostic decisions. The purpose is to find potential evidence-based causes for the symptoms of the users and empower them to identify relevant treatment pathways in the healthcare system. The result is intended solely for informational purposes and should not be treated as medical consultation, diagnosis, or advice.
XUND can be used by anyone who meets the minimum age of 18, is proficient in the languages available in the app and has read the user manual. The foreseen user is a layperson and requires no prior knowledge or education. The indications XUND provides cover the most common diseases in primary care.
The user shall request a paper-based copy of the Instructions of Use via firstname.lastname@example.org. A digital version of the Instructions of Use document is provided in the app.
These Terms and Conditions (“Terms“) apply to all visitors and users of our App (“User“, “you“, “your“). These terms are accepted by you through your use of our App and your click on the respective checkbox in the registration process.
We may amend these Terms from time to time. We will provide you with an updated version via our App. Further, if you are a registered User, we will provide you with advance notice of the changes via e-mail at least 14 days prior to the effective date of the updated Terms. If you do not contradict the amendment within a 14 days period, you are deemed to consent to the updated Terms. We will highlight your right to revoke and the consequences of not doing so in such notice. In case you contradict the amendments, the agreed version of the Terms remains in force unless we terminate your registration according to point 3.3. below.
2. Registration and Account
To be able to conduct an assessment, Users have to validly register for an account (“Account“) by filling in the registration form in the App. With the registration, you represent and warrant that you are at least 18 years old as well as legally competent to use the App.
You must provide accurate and complete information and keep your Account information updated without undue delay. By registering, you as a User confirm the correctness of the provided information and compliance with these Terms.
Users are at their sole discretion responsible for keeping the respective Account login information (username and password) confidential. We can only verify whether the access password matches a properly activated username. We shall not be obligated to perform any further verification. You shall notify us immediately if you become aware of any loss or unauthorized use of its login information. We can only determine your profile if you provide us with the e-mail address you used for registration. If applicable, we will then block access to the respective Account and delete it. In case of the User’s negligent breach of this information obligation, the User shall be responsible for any person that logs in at our App through the User’s authorization details and any activities occurred.
3. Restrictions of Use
It is important that the App is used safely and in accordance with the law. Thus, Users are prohibited to use the App, in particular but not limited, to (“Use Restrictions”):
(a) make untrue statements and allegations or provide information against better knowledge;
(b) misuse the App for promotion and marketing of own services;
(c) promote any illegal activity, or advocate, promote or assist any unlawful act;
(d) violate legal rights (including the rights of publicity and privacy) of others or submit any content that could give rise to any civil or criminal liability under applicable laws or that otherwise may be in conflict with these Terms;
(e) decompile, disassemble, reverse engineer, copy, transfer, or otherwise use the App or any content except as permitted by copyright law;
(f) crawling, scraping, caching or otherwise assessing any content on the App via automated means;
(g) submit any material or content that attempts to falsely state or otherwise misrepresent your identity or affiliation with a person or entity;
(h) use the App in a manner that (i) is likely to interrupt, suspend, slow down or hinder the continuity of the App, (ii) constitutes an intrusion or attempt to break into the App or our IT infrastructure, (iii) will divert of the App system resources, (iv) may place a disproportionate load on the infrastructure of the App, or (v) constitutes an attack on security and authentication measures of the App or our IT infrastructure;
(i) distribute any part of the App, including but not limited to any content, in any medium without the prior written authorisation of us or the respective owner;
(j) otherwise use the App for purposes other than those for which it is designed.
Users should refer to the user manual for contraindications, incident reporting and other relevant information for the use of the App.
We may remove or block your Account in case we – in our sole discretion – determine a violation of these Terms or applicable laws.
4. Intellectual Property Rights
Except for the content provided by Users, all elements of the App, such as text, pictures, illustrations, as well as design and structure of the App and structure and contents of the database are subject to copyright protection and the protection of intellectual property. Unless we expressly agree in writing, these elements may not be copied, sent, made available, presented, performed, modified, translated or utilised.
5. App Security
We ensure our internal network protection with a firewall. We protect our internal network with multi-level firewall protection. In all cases, a hardware firewall (border protection device) is located at the entry points of the applied public networks. The data is stored redundantly, that is, in several places, so it is protected from destruction, loss, damage, or illegal destruction due to the failure of the IT device.
Our internal networks are protected from external attacks with a multi-level, active protection against complex malicious code (e.g. virus protection). The external access to the IT systems and databases is operated by us using SSH key identification via an encrypted data connection from any IP address. Our IT tools and software continuously comply with the generally accepted technological solutions in the market.
The App provides multiple layers of security:
(a) When downloading user-related data, the App communicates with the backend using end-to-end encryption. The used encryption algorithm is provided by the libsodium library’s crypto_box_easy function. The keys and nonces are generated randomly also by libsodium. (using crypto_box_keypair, randombytes_buf functions.)
(b) When it communicates with the medical backend, the App does not use end-to-end encryption. In case of hacking these simple https requests, the Users won’t be identifiable.
(c) The health data is encrypted by the client with libsodium’s recommended Secret-Key cryptography algorithm which is provided by the lib’s crypto_secretbox_easy function. For the encryption the application uses a randomly generated masterKey as a key. To provide the multi-device support an encrypted version of the master key is stored in the backend. That master key can be decrypted only with the User’s password’s BLAKE2b hashed version.
(d) On the client’s side the User’s password is hashed with Argon2 algorithm and a deterministic salt (generated by raw password). After the backend received the hashed password, it hashes again with a random salt, and stores that hash.
(e) When the User starts a new check, the required health data is downloaded from the Health Tresor and decrypted by the client.
The User is aware of the fact that (i) the information used for rendering the checks is limited, (ii) recommendations are also limited and provisional, (iii) the checks and further information is not intended to and cannot replace a full medical evaluation or an in-person visit with a physician.
The User acknowledges that the main service of the App is the provision of access to preliminary assessments in diagnostic decisions. Due to the great extent of content, information, material and data provided by Users, we do not have any influence on the availability, correctness, reliability and accuracy of specific contents. Accordingly, the App is provided in the state it is without our warranties of any kind, either express or implied, as to the accurateness and appropriateness of the assessments’ outcome.
We provide the App with due care. However, it is not possible to entirely avoid errors, infringements by third parties or mistakes in the App. We can – also in consideration of the risks of the internet – not warrant the accuracy, reliability, quality, suitability, safety, completeness and timeliness of the App and its content. In consideration of these circumstances, some information on the App may not be up to date, complete or accurate. Nevertheless, we will make diligent efforts to duly eliminate any noticed or notified error.
We are not obliged to provide certain IT infrastructure and will thus not be liable for any modification, suspension or discontinuation of the App or the loss of any content from your Account. We can furthermore not guarantee that the App is available uninterruptedly. Temporary connection interruptions may occur. We reserve the right to do maintenance works at any time without prior notice.
Nothing in this Point 6 shall limit or exclude any statutory warranty claims by Consumers against us for defects in our services.
We shall not be liable for damages caused by slight negligence unless in case of infringement of main obligations. No limitation of liability does apply to damages caused by intent or gross negligence, injury of life, personal harm and injury of health.
Your use of any information or materials provided in our App is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to reasonably review the assessments and the recommendations and to obtain the full medical evaluation or an in-person visit with a physician.
The User shall fully indemnify and hold us harmless from and against any claims, damages, liabilities, costs, losses and expenses arising out of (i) User’s negligent breach of these Terms and (ii) User’s negligent violation of any third party right, including without limitation any intellectual property, right of publicity, or privacy right.
9. Final Provisions
Any legal dispute arising from the use of the App shall be governed exclusively by the substantive law of Austria, without giving effect to any principles of conflicts of law. In case the User is a consumer, this choice of law is effective to the extent that no more stringent consumer protection law at consumer’s residence is applicable.
The competent court in Vienna 1010 shall have exclusive jurisdiction to decide all disputes arising in connection with contractual relationships in which no consumer is involved.
Version as of September 2020