Terms of Service

Version 1.0.0·Effective 2026-06-01

Terms of Service

These Terms of Service ("Terms") are a contract between you, the licensed health professional ("Practitioner" or "you"), and Phiusion Labs ("we," "us," or "our"). They govern your access to and use of the Phiusion application, the related websites at phiusionlabs.app and its subdomains, and any product or service we make available through them (collectively, the "Service").

Phiusion is B2B (business-to-business) software for health professionals. It is positioned as general wellness software and is not a substitute for your professional judgment. Nothing in the Service provides medical advice to your patients. The Service is offered to licensed practitioners only.

If you do not agree to these Terms, do not sign up for or use the Service.

1. Acceptance and scope

You accept these Terms by checking the acceptance box at signup and by clicking the "Agree" or equivalent button. That action creates a binding contract between you and Phiusion under the contract law of Ontario, Canada (see §11). Each subsequent login confirms your continued acceptance of the version then in effect.

These Terms cover the whole Service. Some parts of the Service are also governed by additional documents that are incorporated here by reference, including the Privacy Notice for Practitioners, the Privacy Notice for Patients, the Cookie & Tracking Notice, the Sub-Processors page, the Acceptable Use Policy, the Refund Policy, the Shipping Policy, the HIPAA Business Associate Agreement, and the Data Processing Agreement. If a conflict arises between these Terms and one of those documents, the more specific document controls for the topic it covers.

When we materially change these Terms, we will re-version them under §12 and ask you to accept the new version before you can keep using the Service.

2. Eligibility

The Service is sold to licensed health professionals only, on a B2B basis, for use in their cosmetic and general wellness practice. By signing up, you represent that all of the following are true and will remain true while you use the Service:

  • You are at least the age of majority where you live and have the legal capacity to enter into this contract.
  • You hold a current, valid medical, nursing, or other regulated health-professional license in the jurisdiction where you practice, and you are in good standing with the regulator that issued it.
  • You are signing up for your own professional use, or on behalf of a clinic that has authorized you to bind it to these Terms.
  • You will use the Service only for licensed clinical practice in cosmetic and general wellness work.

Geographic restriction. Phiusion enables signup only for Practitioners whose practice address is in the United States or in one of the ten Canadian provinces (AB — Alberta, BC — British Columbia, MB — Manitoba, NB — New Brunswick, NL — Newfoundland and Labrador, NS — Nova Scotia, ON — Ontario, PE — Prince Edward Island, QC — Quebec, SK — Saskatchewan) plus the three Canadian territories (YT — Yukon, NT — Northwest Territories, NU — Nunavut) covered by federal supervisory authority. We do not contract with customers in the European Union, the European Economic Area, the United Kingdom, or Switzerland; references to those regions in our other notices reflect the role of Universkin SAS, the French company that builds and operates the platform on our behalf, as platform operator and sub-processor, not a customer relationship.

Wellness software positioning. The Service is B2B software for health professionals and is offered as general wellness software. It is not a medical device, it does not provide medical advice, and it is not approved or cleared for medical use by the United States Food and Drug Administration, Health Canada, or any equivalent regulator. The Service surfaces information — such as a skin assessment — that you, as a licensed practitioner, curate and apply using your own professional judgment. The decision to recommend, dispense, or deliver any product or procedure is yours, made under your license. Phiusion does not make that decision.

Self-identification at signup (Decision #18 routing). During signup we ask you to identify any of the following statuses that apply to you:

  • A HIPAA (Health Insurance Portability and Accountability Act) "covered entity" — a US health-care provider, plan, or clearinghouse that conducts standard transactions electronically.
  • A custodian under Ontario's PHIPA (Personal Health Information Protection Act).
  • A custodian under Alberta's HIA (Health Information Act).
  • A trustee under Manitoba's PHIA (Personal Health Information Act) or the Atlantic-province PHIA-equivalents (New Brunswick, Newfoundland and Labrador, Nova Scotia, Prince Edward Island).
  • A similar status under another provincial public-health-information statute.

If you self-identify with PHIPA/HIA/PHIA custodian or trustee status, the standard self-serve signup flow does not establish that status, and we route you to manual sales onboarding for a bilateral agreement. Private-practice aesthetic practitioners are typically not custodians or trustees and can sign up self-serve under PIPEDA (Personal Information Protection and Electronic Documents Act) plus the applicable provincial consumer-privacy law.

If at any point you cease to satisfy any condition of this section, you must stop using the Service and notify us at support@phiusionlabs.app.

3. Accounts and security

You are responsible for everything that happens under your account. To protect your patients and your practice:

  • Keep your login credentials confidential. Do not share your password.
  • Multi-factor authentication ("MFA," a second-factor sign-in step) is required on every Practitioner account, and it cannot be disabled.
  • Do not let anyone else sign in under your account. Each individual licensed practitioner needs their own account.
  • Promptly notify us at security@phiusionlabs.app if you believe your credentials, MFA factor, or session token has been lost, stolen, or used without your authorization.
  • Keep your professional, contact, and billing information up to date so we can reach you about the Service.

You are liable for actions taken under your account until you report a compromise. After you report a compromise, we will work with you to secure the account; we are not liable for unauthorized activity before you reported.

4. Acceptable use

Your use of the Service is also governed by the Acceptable Use Policy. At a high level, and without limiting that policy:

  • You will use the Service only for licensed clinical practice in cosmetic and general wellness work.
  • You will not resell, sublicense, rent, lease, or otherwise transfer access to the Service.
  • You will not reverse-engineer, decompile, disassemble, scrape, or attempt to extract the source code of the Service, except where the law expressly preserves that right and we cannot waive it by contract.
  • You will not use the Service to make any off-label medical claim, any disease-treatment claim, or any claim that the Service or any product offered through it diagnoses, cures, prevents, or mitigates a disease.
  • You will not create patient records in bulk or by automated means without each patient's prior consent obtained as required by your professional duty and the Privacy Notice for Patients.
  • You will not interfere with the Service's security or availability, including by penetration testing without our prior written authorization.

Phiusion may suspend or terminate your account for cause, on notice, for material breach of this section or the Acceptable Use Policy (see §10).

5. Phiusion's license to operate; your license to your data; ownership

Phiusion's license to you. Subject to your compliance with these Terms, Phiusion grants you a non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Service in your professional capacity during the term of your subscription. We retain all right, title, and interest in the Service, including the software, the user interface, our trademarks, and our documentation. No rights are granted by implication.

Your patient records remain yours. You retain ownership of, and act as the controller (or PHIPA "custodian" in Ontario, where applicable) of, the patient records you create in the Service. Phiusion processes those records on your behalf, in line with your documented instructions captured through your configuration of the Service, the HIPAA Business Associate Agreement, and the Data Processing Agreement. Phiusion is the controller of your account, billing, and support information, as described in the Privacy Notice for Practitioners.

Your license to Phiusion. You grant Phiusion (and, through Phiusion, our authorized sub-processors) a worldwide, non-exclusive, royalty-free license to host, store, transmit, copy, display, and process your account information and the patient records you create, solely to deliver the Service, to keep it secure, and to perform the obligations described in the documents incorporated under §1. This license lasts only as long as we need to perform those activities and ends when the underlying retention period ends (see the Privacy Notice for Practitioners §7).

No transfer of work-product intellectual property. The clinical notes, photographs, assessments, treatment selections, and other work product you create using the Service belong to you (and to your patients, where the law gives them rights in their own health information). Nothing in these Terms transfers that work-product intellectual property to Phiusion.

Feedback. If you send us suggestions or feedback about the Service, you grant us a perpetual, worldwide, royalty-free license to use that feedback to improve the Service. We will not name you in any public material without your permission.

6. Sub-processing and BAA pass-through

You authorize Phiusion to use the named sub-processors listed at Sub-Processors to deliver the Service. That page identifies each vendor, the data categories it handles, where data is stored, and the contractual safeguards in place (Business Associate Agreement under HIPAA — "BAA"; Data Processing Agreement under GDPR Art. 28 — "DPA"; EU-US Data Privacy Framework — "DPF"; Transfer Impact Assessment — "TIA"). The BAA chain — between you (the covered entity), Phiusion (your business associate), and each downstream sub-processor that handles protected health information — is documented in our HIPAA Business Associate Agreement and flows down to each sub-processor under HIPAA Security Rule §164.314.

The BAA and DPA between Phiusion Labs and Universkin SAS, the French company that builds and operates the platform on our behalf, cover the France leg of the processing (the application is built and operated by Universkin SAS on Phiusion's behalf). Those vendor agreements with Universkin SAS are available to regulators and to data subjects exercising access rights on request.

Sub-processor changes follow a two-tier notification framework documented on the Sub-Processors page: routine PHI-affecting changes are notified at least 15 days in advance; emergency or risk-driven changes (vendor outage, security incident, regulator order, vendor insolvency, or similar) are notified as soon as practicable and may take effect before notice. You retain the right to object — to a planned change during the notice window, or to an emergency change after the fact — with the right to terminate the affected service without penalty under §11 if the objection cannot be resolved.

7. Subscription, fees, and payment

Plans. The Service is offered on a tiered model that always includes a free tier. Phiusion's primary revenue model is product sales (PBSERUM and the rest of the product catalog through the Shop); paid practitioner subscription tiers, where offered, unlock additional features beyond the free tier. The current free-tier scope, paid-tier scope, fees, and any usage allowances are shown at signup and in your billing area, and may evolve over time under the price-change notice in this section. You are not required to subscribe to a paid tier to use Phiusion; the free tier remains available.

Payment processor. We use Stripe to process payments. The card or other payment method you provide is held by Stripe, not by Phiusion; we receive a tokenized reference and the billing address you enter. Your use of Stripe is also subject to Stripe's own terms and privacy policy.

Auto-renewal (paid tiers only). Paid subscription tiers renew automatically for successive terms of the same length unless you cancel before the renewal date. You can cancel in the billing area or by writing to billing@phiusionlabs.app. Cancellation drops your account back to the free tier; it does not close your account.

Price changes. We may change subscription fees with at least 30 days' prior notice by email and in-app banner. A price change takes effect on your next renewal after the notice period ends. If you do not accept a price change, you may cancel before it takes effect; your existing term will run out at the old price.

Taxes. Fees are exclusive of sales, use, value-added, and similar taxes unless otherwise stated. Where a taxing authority requires us to collect tax, we will add it to your invoice. Stripe Tax may be enabled for tax calculation once our accountant provides the relevant classifications and jurisdictions; until then, you remain responsible for self-assessing any tax we do not collect.

Refunds. Refunds for subscription fees and for products ordered through the Service are governed by our Refund Policy. Shipping of physical products is governed by our Shipping Policy.

Late payment (paid tiers only). If a charge against a paid subscription fails or a payment is overdue, we may downgrade your paid tier back to the free tier after written notice and a reasonable cure period (at least seven days unless your contract specifies otherwise). Downgrade does not relieve you of the obligation to pay amounts owed for the paid-tier period actually used.

Quebec consumers. If you are an individual practitioner in Quebec contracting with us in a way that the Quebec Consumer Protection Act would treat as a consumer contract, that statute's mandatory disclosure and remedy rules apply to the extent they cannot be waived by contract.

8. Warranties and disclaimers

Limited express warranties. Phiusion warrants that the Service will perform materially in line with the documentation we publish for it, and that we will use commercially reasonable security measures consistent with HIPAA Security Rule §§164.302–318, PIPEDA Schedule 1 Principle 7, and the equivalent provisions of provincial privacy law.

Disclaimer of implied warranties. Except for the express warranties above, the Service is provided "as is" and "as available." To the maximum extent permitted by applicable law, Phiusion disclaims all implied warranties, including the implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, reliability, and any warranty arising out of course of dealing or trade usage. In the United States, the Service is a digital service rather than goods under Article 2 of the Uniform Commercial Code ("UCC Art. 2," the US states' common framework for the sale of goods); we disclaim implied warranties to the maximum extent UCC Art. 2 or the equivalent state law allows. In Canada, we disclaim implied warranties to the maximum extent the Ontario Sale of Goods Act and equivalent provincial statutes allow.

No medical advice; not a diagnostic tool. The Service does not provide medical advice and is not approved for medical use. The skin-assessment output produced by SkinXS is informational; the licensed Practitioner reviews and curates it before any patient-facing action. Phiusion does not warrant that the Service is fit for any diagnostic purpose, and we make no warranty of medical efficacy. You are solely responsible for the professional judgment you exercise using the Service.

Third-party content. The Service may surface content from third-party sources (for example, vendor product information). We do not warrant that third-party content is accurate, complete, or current.

Quebec carve-out. Nothing in this section limits or excludes any warranty or remedy that the Quebec Consumer Protection Act, Quebec Civil Code, or other Quebec law makes mandatory and that cannot be waived by contract. In Quebec, the legal warranty of quality (Civil Code of Quebec art. 1726) and the prohibition on certain waivers (Consumer Protection Act art. 10) override anything in this section that conflicts with them.

9. Limitation of liability

Cap on liability. To the maximum extent permitted by applicable law, the total liability of Phiusion (and our platform operator Universkin SAS, and our officers, directors, employees, and agents) arising out of or related to the Service or these Terms is capped at the amount of subscription fees you paid Phiusion in the twelve months immediately before the event that gave rise to the claim. If you have paid Phiusion no subscription fees, the cap is one hundred United States dollars (USD $100).

Excluded damages. To the maximum extent permitted by applicable law, Phiusion is not liable for any indirect, incidental, consequential, special, exemplary, or punitive damages, or for any loss of profits, revenue, goodwill, data, or business opportunity, even if we have been advised of the possibility of those damages.

Carve-outs. The cap and the exclusion of damages do not apply to (a) your obligation to pay fees that have accrued, (b) Phiusion's indemnification obligations under §10, (c) liability for fraud or willful misconduct, (d) any liability that applicable law does not allow to be limited or excluded, including the mandatory provisions of the Quebec Consumer Protection Act and Quebec Civil Code, the British Columbia Business Practices and Consumer Protection Act, and the Ontario Consumer Protection Act where they apply, and (e) any other liability that the consumer-protection law of your jurisdiction declares non-waivable.

Allocation of risk. You acknowledge that the subscription fees reflect this allocation of risk and that, without it, the fees would be materially higher.

10. Indemnification

Your indemnity to Phiusion. You will defend, indemnify, and hold harmless Phiusion (and our platform operator Universkin SAS, and our officers, directors, employees, and agents) from and against any third-party claim, demand, suit, or proceeding, and any resulting losses, damages, fines, costs, and reasonable attorneys' fees, arising out of or related to (a) your use of the Service in violation of these Terms, the Acceptable Use Policy, or applicable law, (b) any off-label medical claim or unlicensed practice of medicine by you or anyone acting under your account, (c) any patient claim that you obtained, processed, or disclosed personal information without the consent required by law, or (d) your professional services to your patients.

Mutual IP indemnity. Each party will defend, indemnify, and hold harmless the other from and against any third-party claim that the indemnifying party's intellectual property, as used as authorized by these Terms, infringes a third party's patent, copyright, trademark, or trade secret in a jurisdiction where Phiusion sells the Service. Phiusion's indemnity does not cover claims arising from (i) your modification of the Service, (ii) your combination of the Service with other software or data we did not provide, or (iii) your use of the Service in violation of these Terms.

Procedure. The indemnified party must (a) promptly notify the indemnifying party in writing of the claim, (b) give the indemnifying party sole control of the defense and settlement (except that a settlement requiring an admission of liability or imposing a non-monetary obligation on the indemnified party requires that party's written consent, not to be unreasonably withheld), and (c) cooperate reasonably at the indemnifying party's expense.

11. Term, termination, and data export

Term. These Terms apply from the date you accept them and continue until your account is closed.

Termination for convenience by you. You may cancel your subscription at any time by giving 30 days' written notice through the billing area or to billing@phiusionlabs.app. The cancellation takes effect at the end of the current billing period that follows the notice. Fees already paid are non-refundable except as set out in the Refund Policy.

Termination for cause. Either party may terminate immediately if the other party materially breaches these Terms and fails to cure the breach within 30 days after written notice describing it (or, for breaches that cannot reasonably be cured in 30 days, within a reasonable longer period agreed in writing). Phiusion may also suspend or terminate immediately if (a) we reasonably believe your use of the Service violates law, threatens platform security, or risks harm to patients, (b) you cease to satisfy the eligibility conditions in §2, or (c) you fail to pay an undisputed amount when due and do not cure within seven days of written notice.

Effect of termination. On termination, your right to access the Service ends. Phiusion will retain or delete your data in line with the Privacy Notice for Practitioners §7, applicable BAA obligations, and tax-record requirements.

Data export. For at least 30 days after termination, you may request an export of the patient records and account data associated with your account, in a structured, commonly used, machine-readable format, by writing to privacy@phiusionlabs.app. We honor the patient-record export rights required by HIPAA, PHIPA, and Quebec Law 25, including the portability right at Law 25 art. 28.1. After the 30-day window, Phiusion may delete the records in line with its retention schedule, except where the law requires longer retention.

Survival. Sections that by their nature should survive termination — including §§5 (ownership), 7 (amounts already owed), 8 (disclaimers), 9 (limitation of liability), 10 (indemnification), 11 (data export), 12–14, and any defined terms — survive.

12. Changes to these Terms

We manage updates under semantic versioning, the same way we manage our privacy notices:

  • Major version (X.0.0) — a material change to your rights, our obligations, fees, dispute resolution, or how the Service handles your data. We will gate your next login until you read and accept the new version. We will give you at least 30 days' prior notice by email and in-app banner before the change takes effect.
  • Minor version (1.X.0) — clarifications, new optional features, additional sub-processors that do not change the processing categories, and similar non-material updates. We show an in-app banner for 30 days and you can review the change at your own pace. Continued use after the banner period confirms acceptance.
  • Patch version (1.0.X) — typos, formatting, and broken links. No banner.

Every version is logged at /legal/changelog with the effective date and a plain-language summary of what changed. If you do not accept a new major version, you may cancel under §11; the prior version continues to apply until cancellation takes effect.

13. Governing law, dispute resolution, and notices

Governing law. These Terms, and any dispute arising out of or related to them or the Service, are governed by the laws of the Province of Ontario, Canada, and the federal laws of Canada applicable in Ontario, without regard to conflict-of-laws rules. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

Mandatory arbitration for disputes over USD $10,000. Any dispute, controversy, or claim arising out of or related to these Terms or the Service for which the amount in controversy exceeds USD $10,000 will be resolved by binding arbitration administered by the ADR Institute of Canada under its Arbitration Rules then in effect. The seat of the arbitration is Toronto, Ontario; the language is English; the tribunal consists of one arbitrator unless the parties agree otherwise. Judgment on the award may be entered in any court of competent jurisdiction.

Small claims carve-out. Disputes for which the amount in controversy is USD $10,000 or less may be brought in the small-claims court of the jurisdiction where you or Phiusion is located, at the claimant's election.

Injunctive relief. Either party may seek injunctive or equitable relief in any court of competent jurisdiction to protect its intellectual property, confidentiality, or security interests, without first resorting to arbitration.

No class actions. To the extent permitted by applicable law, disputes will be resolved on an individual basis, and you and Phiusion each waive the right to bring or participate in a class, collective, or representative action. This waiver does not apply where the law of your jurisdiction makes class waivers unenforceable (including Quebec under art. 11.1 of the Consumer Protection Act).

Notices. Written notice under these Terms is given by email, by hand delivery, or by reputable overnight courier, to the addresses below; notice is effective on receipt (or, for email, on confirmed delivery to a working address).

  • To Phiusion: privacy@phiusionlabs.app (privacy and legal) or billing@phiusionlabs.app (billing), with a copy by courier to Phiusion Labs, 29 East Wilmot, Richmond Hill, Ontario, Canada.
  • To you: the email address and mailing address on file for your account. Keep them current.

14. Contact and supervisory authorities

For anything covered by these Terms, write to:

  • Privacy Officer (Phiusion Labs): Jonathan Garbutt, privacy@phiusionlabs.app.
  • Data Protection Officer (Universkin SAS, France): Maître Eric ELABD, +33 (4) 93.00.11.96, dpo@universkin.com. Universkin SAS has appointed Maître Eric ELABD as its Data Protection Officer in compliance with GDPR Art. 37. The contact details published here also satisfy the public-publication prong of GDPR Art. 37(7); the corresponding notification to the Commission Nationale de l'Informatique et des Libertés ("CNIL", the French supervisory authority) is administered by Universkin SAS.

If you have a privacy or data-protection concern we have not resolved, you may also contact the supervisory authority for your jurisdiction, as listed in §13 of the Privacy Notice for Practitioners:

United States. US Department of Health and Human Services, Office for Civil Rights (HHS-OCR), https://www.hhs.gov/ocr/. Your state Attorney General handles state consumer-privacy and consumer-protection complaints.

Canada — federal. Office of the Privacy Commissioner of Canada (OPC), https://www.priv.gc.ca/.

Canada — provincial.

  • Ontario: Information and Privacy Commissioner of Ontario (IPC), https://www.ipc.on.ca/.
  • Quebec: Commission d'accès à l'information du Québec (CAI), https://www.cai.gouv.qc.ca/.
  • British Columbia: Office of the Information and Privacy Commissioner of BC, https://www.oipc.bc.ca/.
  • Alberta: Office of the Information and Privacy Commissioner of Alberta, https://www.oipc.ab.ca/.
  • Manitoba: Manitoba Ombudsman, https://www.ombudsman.mb.ca/.
  • Other provinces (NB / NL / NS / PE / SK): see your provincial commissioner's website.

Canada — territorial. Yukon, Northwest Territories, Nunavut: Office of the Privacy Commissioner of Canada acts as the federal supervisory authority, https://www.priv.gc.ca/.

For related documents, see the Privacy Notice for Practitioners, the Privacy Notice for Patients, the Cookie & Tracking Notice, the Sub-Processors page, the Acceptable Use Policy, the Refund Policy, the Shipping Policy, the HIPAA Business Associate Agreement, and the Data Processing Agreement.