Back

RIMA TERMS OF SERVICE

Last Updated: June 10, 2025

EMERGENCY SERVICES WARNING

FOR MEDICAL EMERGENCIES, CALL 911 IMMEDIATELY

THE RIMA PLATFORM CANNOT AND DOES NOT PROVIDE EMERGENCY MEDICAL SERVICES. IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY, STOP READING AND CALL 911 OR YOUR LOCAL EMERGENCY NUMBER NOW.

IMPORTANT NOTICES

MANDATORY ARBITRATION NOTICE: THIS AGREEMENT CONTAINS A MANDATORY ARBITRATION PROVISION AND CLASS ACTION WAIVER. PLEASE REVIEW SECTION 14 CAREFULLY. YOU HAVE 30 DAYS TO OPT OUT OF ARBITRATION.

AGE REQUIREMENT: YOU MUST BE AT LEAST 18 YEARS OLD TO USE THIS PLATFORM. IF YOU ARE UNDER 18, YOUR PARENT OR GUARDIAN MUST REGISTER ON YOUR BEHALF.

MEDICAL DISCLAIMER: RIMA DOES NOT PROVIDE MEDICAL SERVICES. ALL MEDICAL CARE IS PROVIDED BY INDEPENDENT THIRD-PARTY TELEMEDICINE PARTNERS.

PLEASE READ THESE TERMS OF SERVICE ("Terms") CAREFULLY. THEY FORM A LEGALLY BINDING CONTRACT BETWEEN YOU AND RIMA SYSTEMS LLC ("Rima," "we," "our," or "us"). BY CLICKING "I ACCEPT," CREATING AN ACCOUNT, OR USING ANY RIMA WEBSITE, MOBILE APPLICATION, API, OR OTHER ONLINE SERVICE (COLLECTIVELY, THE "Platform"), YOU EXPLICITLY AGREE TO BE BOUND BY THESE TERMS AND ALL POLICIES REFERENCED HEREIN, INCLUDING THE RIMA PRIVACY POLICY AND ANY APPLICABLE BUSINESS ASSOCIATE AGREEMENT ("BAA"). IF YOU DO NOT AGREE, DO NOT USE THE PLATFORM.

1. DEFINITIONS

1.1 "Protected Health Information" ("PHI") has the meaning given in 45 C.F.R. §160.103.

1.2 "Personal Data" means any information that identifies or relates to an identifiable individual and is protected under applicable privacy or data protection laws, including but not limited to PHI.

1.3 "Services" means the wellness insights, telemedicine integration, benefit administration tools, data sovereignty infrastructure, broker portals, AI Services, and any other products or services Rima makes available through the Platform.

1.4 "User," "you," or "your" means the individual end user or the legal entity (e.g., employer, broker, healthcare provider) that registers for or accesses the Services and, if applicable, its Authorized Users.

1.5 "Telemedicine Partner" means third-party telemedicine service providers integrated with our Platform who employ or contract with healthcare Providers.

1.6 "De-identified Data" means data that has been de-identified in accordance with HIPAA standards at 45 C.F.R. §164.514(b) and applicable state law requirements.

1.7 "AI Services" means any features utilizing artificial intelligence, machine learning, or algorithmic decision-making to generate health insights, recommendations, or risk scores.

1.8 "Covered Entity" and "Business Associate" have the meanings given in 45 C.F.R. §160.103.

2. ACCEPTANCE OF TERMS; CHANGES

2.1 Eligibility. You must be (a) at least 18 years old (or the age of majority in your jurisdiction) and (b) capable of forming a binding contract. If you are accepting on behalf of an entity, you represent that you have authority to bind that entity, and "you" will refer to that entity.

2.2 Modifications. We may revise these Terms at any time by posting an updated version and updating the "Last Updated" date.

Material vs. Non-Material Changes:

  • Material changes include: changes to arbitration/dispute resolution, liability limitations, privacy practices, data usage rights, fees, or fundamental service features. Material changes take effect 30 days after posting.

  • Non-material changes include: clarifications, grammatical corrections, formatting updates, or administrative changes. Non-material changes take effect immediately.

Examples of material changes: modifying data retention periods, changing arbitration procedures, adding new fees. Examples of non-material changes: fixing typos, reformatting sections, updating contact information.

Your continued use after the effective date constitutes acceptance.

2.3 Explicit Consent Required. By clicking "I Accept," creating an account, or using the Services, you affirmatively consent to these Terms, including the mandatory arbitration provision. Passive browsing does not constitute acceptance.

2.4 Notice of Material Changes. We will provide notice of material changes via email to registered users at least 30 days before the effective date. Continued use after such notice constitutes acceptance.

3. DESCRIPTION OF SERVICES

3.1 Wellness & AI-Generated Insights. Rima provides personalized health insights, risk scores, and gamified goals based on user-provided data and AI analysis.

3.2 Telemedicine Integration. Rima integrates with third-party Telemedicine Partners who provide virtual healthcare services. RIMA DOES NOT EMPLOY HEALTHCARE PROVIDERS OR PRACTICE MEDICINE. All medical services are provided by independent Telemedicine Partners and their Providers. Rima solely facilitates access to these third-party services.

3.3 Benefit Administration & Broker Tools. Employers and brokers may use Rima's software to manage employee benefits, enrollment, and Section 125 §213(d) compliant payments.

3.4 Data Sovereignty Infrastructure. Rima offers custodial data vaults, consent management tools, and FHIR-compatible APIs enabling users to control and share health data.

3.5 Third-Party Integrations. The Services may integrate with third-party APIs (e.g., HRIS, wearables). Rima is not responsible for third-party content or accuracy.

3.6 AI Services Disclosure. Our AI Services use machine learning models to analyze health data and generate insights. These are educational tools only and are not validated as medical devices. AI-generated content may contain errors and should not replace professional medical judgment.

3.7 No TPA Services. While we provide software tools for benefit administration, Rima is not a licensed Third Party Administrator and does not provide TPA services requiring state licensure.

4. USER ACCOUNTS & SECURITY

4.1 Account Creation. You must provide accurate, complete information. You are responsible for maintaining the confidentiality of login credentials and all activities under your account.

4.2 Account Restrictions. You may not share credentials or circumvent security features. You will immediately notify Rima of unauthorized use.

4.3 Multi-Factor Authentication. Given the sensitivity of health data, we strongly recommend enabling multi-factor authentication when available.

4.4 Minors. If you are under 18, your parent or legal guardian must create and manage your account. We do not knowingly collect information from children under 13 without verifiable parental consent in compliance with COPPA.

5. TELEMEDICINE PARTNER SERVICES & DISCLAIMERS

5.1 Third-Party Medical Services. All telemedicine services are provided by independent Telemedicine Partners, not Rima. When you select telemedicine services:

  • You are establishing a relationship with the Telemedicine Partner and their Providers

  • The Telemedicine Partner's terms of service and privacy practices will also apply

  • Rima is not responsible for the medical care, clinical decisions, or malpractice of Telemedicine Partners

5.2 State-Specific Requirements. Telemedicine services are subject to state law. By using these services, you consent to:

  • Receiving care via audio, video, or text-based technology

  • The limitations of telemedicine (inability to perform physical exams, technology failures)

  • The recording of sessions if required by state law (with notice)

  • Interstate medical practice where permitted by law

5.3 No Rima Medical Advice. Except for content explicitly marked as provided by a licensed Provider through a Telemedicine Partner, all Rima content is educational only.

5.4 Emergencies. FOR MEDICAL EMERGENCIES, CALL 911. The Platform cannot support emergency medical needs.

5.5 Prescription Services. Rima does not prescribe medications. Any prescriptions are issued by Telemedicine Partner Providers under their independent medical judgment and applicable state/federal law.

5.6 Provider Credentials. While Telemedicine Partners are responsible for verifying Provider credentials, you may request credential information directly from the Telemedicine Partner.

6. PRIVACY, SECURITY & DATA USE

6.1 HIPAA Compliance & Roles.

Clear HIPAA Framework:

  • When Rima IS a Business Associate:

    • Processing PHI on behalf of employer health plans

    • Receiving PHI from healthcare providers for care coordination

    • Managing benefits administration with PHI access

    • In these cases, we execute a BAA and comply with all HIPAA requirements

  • When Rima is NOT a Business Associate:

    • You directly upload your own health records for personal use

    • You use data sovereignty tools to share between third parties you select

    • You access general wellness features without employer/provider involvement

    • In these cases, Rima acts as a technology platform, not a Business Associate

Default Position: When the relationship is unclear, Rima will default to treating data with Business Associate-level protections to ensure maximum privacy protection.

6.2 Health Data Sovereignty. Rima honors user consent directives and provides tools to export or delete PHI, subject to legal retention requirements.

6.3 De-identification & Secondary Use.

Enhanced De-identification Framework:

  • We de-identify data in strict compliance with HIPAA Expert Determination or Safe Harbor methods

  • Opt-Out Right: You may opt out of having your de-identified data used for product improvement or commercialization by:

    • Contacting our Privacy team through the contact methods provided on our website with subject line "De-identification Opt-Out"

    • Your opt-out will be processed within 30 days

    • Previously de-identified data cannot be retroactively removed but will not be used in future commercial applications

  • Clear Commitment: We will never re-identify or attempt to re-identify any de-identified data

  • We comply with all state restrictions on health data commercialization (e.g., Nevada SB 220, California privacy laws)

  • New state law compliance will be implemented within 60 days of effectiveness

6.4 CCPA/CPRA, GDPR & State Rights. Residents of applicable jurisdictions may exercise statutory rights (access, deletion, opt-out of sale/share) via the Privacy Center. Rima does not sell PHI.

6.5 Security. Rima maintains administrative, technical, and physical safeguards compliant with NIST CSF and ISO 27001. You acknowledge that no system is 100% secure and agree to implement reasonable security on your own systems.

6.6 Data Incidents. Enhanced Breach Notification:

  • Rima will notify affected parties of a breach of unsecured PHI without unreasonable delay

  • For breaches affecting 500+ individuals: notification within 60 days as required by HIPAA

  • For smaller breaches: notification within 60 days of discovery

  • We will provide preliminary notification within 72 hours of discovering a breach likely to result in high risk to individuals

  • Notifications will include: nature of breach, types of information involved, steps taken, and recommendations for protection

6.7 Subprocessors & International Transfers. Rima uses vetted subprocessors under written agreements enforcing privacy and security obligations and, where applicable, executes SCCs or relies on other lawful transfer mechanisms.

6.8 Data Retention. Optimized Retention Policy:

  • PHI retained for six (6) years after last account activity or as required by law (whichever is longer)

  • "Last activity" means: last login, last data upload, last service interaction, or last payment

  • Users may request earlier deletion where legally permissible by contacting our Privacy team

  • Deletion requests processed within 30 days unless legal hold applies

  • Automatic deletion implemented after retention period expires

6.9 Cross-Border Transfers. Comprehensive International Transfer Framework:

  • Primary processing occurs in the United States

  • For EEA/UK residents: transfers rely on Standard Contractual Clauses (SCCs)

  • For other jurisdictions: appropriate safeguards per local law (e.g., consent, adequacy decisions)

  • Users may request information about transfer mechanisms through our Privacy team

  • Where legally required, users may object to international transfers (may limit service availability)

  • We maintain transfer impact assessments available upon request

7. LICENSES & INTELLECTUAL PROPERTY

7.1 License to Users. Subject to these Terms, Rima grants you a limited, revocable, non-exclusive, non-transferable right to access and use the Services for your internal, lawful purposes.

7.2 User Content. Limited License Grant: You grant Rima a worldwide, royalty-free license to use, host, reproduce, display, and distribute content you submit:

  • Solely for providing and improving the Services

  • Only while you maintain an active account

  • Excluding any rights to health insights, analysis, or derived data specific to you

  • This license terminates 30 days after account closure, except as required for legal compliance

  • Your health data and personal insights remain yours

7.3 Feedback. You grant Rima a perpetual, irrevocable, worldwide license to use feedback without compensation.

7.4 Ownership. Rima and its licensors retain all right, title, and interest in the Platform, Services, and associated IP. No rights are granted except as explicitly stated.

7.5 AI-Generated Content. Enhanced AI Content Disclosure:

  • Content generated by our AI Services may not be unique to you

  • We retain rights to AI models and aggregated insights from de-identified data

  • Significant Decisions: Defined as decisions affecting your health benefits eligibility, coverage determinations, risk scoring for insurance purposes, or employment-related health assessments

  • For any Significant Decision, you may request human review by contacting our Support team

  • Human review requests will be processed within 5 business days

8. PROHIBITED CONDUCT

You will not: (a) violate laws; (b) reverse engineer or hack the Platform; (c) upload malicious code; (d) scrape or harvest data except via authorized APIs; (e) engage in harassment, discrimination, or harmful content; (f) use the Services to process data without proper consent; (g) attempt to identify or re-identify any de-identified data; (h) use the Services to make automated decisions about insurance eligibility, employment, or other determinations with legal effects without human review; (i) bypass age verification or parental consent requirements; (j) use the Services for any unlawful, harmful, or fraudulent purpose.

9. FEES & PAYMENT

9.1 Pricing. Certain Services are offered under a per-employee-per-month model or other pricing agreed in an order form or Master Services Agreement ("MSA").

9.3 Tax Compliance Disclaimer.

  • Section 125/213(d) Eligibility: Employers and users are solely responsible for determining tax eligibility. Rima provides software tools only and does not provide tax, legal, or TPA services.

  • No Tax Advice: We recommend consulting qualified tax professionals regarding Section 125 compliance, as we are not a licensed TPA.

9.4 No Refunds. Except as required by law or expressly stated in writing, fees are non-refundable.

10. TERM; SUSPENSION & TERMINATION

10.1 Term. These Terms remain in effect until terminated by you or Rima.

10.2 By User. You may terminate by closing your account and ceasing all use.

10.3 By Rima. We may suspend or terminate access immediately for breach, security threat, or legal requirement.

10.4 Effect. Upon termination, rights granted to you cease. Sections that by their nature survive (e.g., warranties, liability, arbitration) will continue.

10.5 Data Export. Upon termination, you have 30 days to export your data using our data portability tools. After this period, we may delete your data subject to retention requirements.

11. DISCLAIMERS

11.1 "AS IS." THE PLATFORM AND SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE." RIMA DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.

11.2 AI-Generated Content. Insights generated by machine-learning models may be inaccurate or incomplete. You assume all risk for reliance.

11.3 Third-Party Content. Rima is not responsible for third-party services, content, or links.

11.4 Algorithmic Limitations. Our AI Services have not been validated by the FDA as medical devices. Algorithmic outputs may reflect biases in training data and should not be sole basis for medical decisions.

11.5 Integration Risks. Third-party integrations (wearables, health systems) may have data quality issues. We do not warrant accuracy of third-party data.

12. LIMITATION OF LIABILITY

12.1 EXCLUSION OF DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY LAW, NEITHER RIMA NOR ITS AFFILIATES SHALL BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, OR FOR LOSS OF PROFITS, DATA, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THE POSSIBILITY.

12.2 Liability Cap.

  • For Paid Users: RIMA'S TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNTS PAID BY YOU IN THE TWELVE (12) MONTHS PRECEDING THE EVENT

  • For Free Users: RIMA'S TOTAL LIABILITY SHALL NOT EXCEED $100

  • For Enterprise Clients: AS SET FORTH IN SEPARATE ENTERPRISE AGREEMENT

  • Exclusions: THIS CAP DOES NOT APPLY TO INDEMNIFICATION OBLIGATIONS OR BREACHES OF CONFIDENTIALITY OBLIGATIONS

12.3 ESSENTIAL PURPOSE. THE LIMITATIONS ARE FUNDAMENTAL ELEMENTS OF THE BARGAIN.

13. INDEMNIFICATION

13.1 By User. You will indemnify, defend, and hold harmless Rima, its affiliates, officers, directors, employees, and agents from any claims, damages, liabilities, and costs (including attorneys' fees) arising from your (a) breach of these Terms, (b) violation of law, or (c) misuse of the Services or data.

13.2 By Rima. Rima will indemnify you against third-party claims alleging that the unmodified Services infringe U.S. intellectual property rights, subject to the limitations in Section 12.

13.3 Telemedicine Claims. You acknowledge that medical malpractice claims must be brought directly against the Telemedicine Partner and their Providers, not Rima.

14. DISPUTE RESOLUTION & ARBITRATION

14.1 Mandatory Individual Arbitration.

  • Clear Agreement: BY ACCEPTING THESE TERMS, YOU AGREE TO RESOLVE ALL DISPUTES THROUGH BINDING INDIVIDUAL ARBITRATION AND WAIVE ANY RIGHT TO A JURY TRIAL OR CLASS ACTION.

  • Process: AAA Consumer Rules apply for claims under $75,000

  • Location: Arbitration hearings will be in your county of residence for individual consumers

  • Fees: Rima pays all AAA fees for claims under $10,000 unless arbitrator finds claim frivolous

14.2 Class Action Waiver. Disputes must be brought in an individual capacity; class or representative actions are prohibited.

14.3 Governing Law. These Terms and any dispute will be governed by the laws of the State of Delaware and the Federal Arbitration Act, without regard to conflict-of-laws principles.

14.4 30-Day Right to Opt Out. You may opt out of arbitration by contacting our Legal team within 30 days of first accepting these Terms with subject line "Arbitration Opt-Out."

14.5 Small Claims Exception. Either party may bring qualifying claims in small claims court.

15. ACCESSIBILITY

Rima commits to WCAG 2.1 AA compliance for core Platform features. If you encounter accessibility barriers, please contact our Accessibility team.

16. SPECIAL STATE PROVISIONS

16.1 California Users:

  • Additional rights under CCPA/CPRA available at our Privacy Center

  • Biometric data protections apply to any facial recognition or fingerprint features

  • California Civil Code Section 1542 Waiver: You waive rights under Section 1542, which says: "A general release does not extend to claims that the creditor or releasing party does not know or suspect to exist in his or her favor at the time of executing the release and that, if known by him or her, would have materially affected his or her settlement with the debtor or released party."

16.2 Illinois Users:

  • Biometric Information Privacy Act disclosures and consent available in Settings

  • Any biometric data collected will be destroyed within 3 years of last interaction

16.3 Telehealth State Requirements:

  • Additional state-specific telehealth consents may be required and will be presented before services begin

  • Some states require in-person visits before prescribing certain medications

  • Provider licensure varies by state

17. ELECTRONIC COMMUNICATIONS & SIGNATURES

You consent to receive communications electronically and agree that electronic signatures have the same legal effect as handwritten signatures.

18. EXPORT COMPLIANCE

You may not use or export the Services in violation of U.S. export laws, including the Export Administration Regulations and sanctions programs.

19. FORCE MAJEURE

Rima is not liable for delays or failures caused by events beyond its reasonable control, including pandemics, natural disasters, acts of government, or Internet failures.

20. MISCELLANEOUS

20.1 Assignment. You may not assign these Terms without Rima's prior written consent. Rima may assign freely.

20.2 Order of Precedence. In the event of conflict, a fully executed MSA or BAA shall prevail over these Terms.

20.3 Severability. If any provision is held unenforceable, it will be modified to reflect the parties' intent, and the remaining provisions will remain in effect.

20.4 Waiver. No waiver shall be deemed a waiver of any subsequent breach.

20.5 Entire Agreement. These Terms, the Privacy Policy, and any applicable Order Form constitute the entire agreement regarding the Services.

20.6 Contact. For questions about these Terms or to contact specific teams mentioned herein (Legal, Privacy, Accessibility, Support), please visit our website for current contact information.

21. ENTERPRISE ADDENDUM

For Enterprise Clients with separately negotiated agreements, the following additional terms apply:

21.1 Custom Terms. Enterprise agreements may modify liability caps, indemnification, SLAs, and support terms.

21.2 HIPAA BAA. Enterprise Clients acting as Covered Entities will execute our standard BAA.

21.3 Implementation Services. Professional services are governed by separate Statements of Work.

22. AI SERVICES SUPPLEMENTAL TERMS

22.1 No Medical Device Claims. AI Services are not FDA-approved medical devices and should not be used for diagnosis or treatment decisions without healthcare provider oversight.

22.2 Transparency. Enhanced Transparency Commitment:

  • Upon request, we provide information about AI model types and training approaches

  • We disclose general categories of data used for training (de-identified, aggregated)

  • Specific algorithmic details remain proprietary for security and competitive reasons

  • Transparency reports available at transparency.rimasystems.com

22.3 Bias Mitigation. Proactive Bias Management:

  • We implement regular bias testing using industry-standard methodologies

  • Bias mitigation strategies updated quarterly based on testing results

  • We cannot guarantee elimination of all algorithmic bias

  • Bias testing results summary available upon request for enterprise clients

22.4 Human Review Right. For significant decisions affecting you, you may request human review of AI-generated determinations.

23. PARENTAL CONSENT FOR MINORS

23.1 Under 13. We do not knowingly collect data from children under 13 without verifiable parental consent per COPPA.

23.2 Ages 13-17. Parents/guardians must create and manage accounts for users under 18 and consent to these Terms on their behalf.

23.3 School Accounts. Educational institutions may create accounts for students pursuant to FERPA-compliant agreements.



BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THESE TERMS.



Rima Data Fabric connects all key players in the healthcare ecosystem - patients, payers, providers, physicians, and employers - on a unified platform that streamlines data flow and enables smarter decisions.

Privacy Policy

Terms of Use

© Rima Systems, All rights reserved

  • Rima is transforming how care connects. Explore how our unified platform empowers payers, providers, employers, and patients. Read more.