Terms and Conditions for SecureChat
Version 1.0, effective from 1 July 2026
These terms and conditions govern the use of SecureChat, an AI-powered software service provided by DeepMed Zurich AG.
1. Provider, Scope and Order of Precedence
These General Terms and Conditions govern the use of SecureChat, an AI-powered software service provided by DeepMed Zurich AG, Toblerstrasse 80, 8044 Zurich, Switzerland.
SecureChat may be used by both private individuals and business customers. Business customers include in particular companies, organisations, practices, clinics, expert assessment bodies, public authorities, research institutions, self-employed persons, sole proprietorships and other institutions that use SecureChat for professional or business purposes or make it available to users.
By registering, subscribing to a paid plan, using SecureChat or activating access, the user or business customer accepts these terms.
Conflicting or supplementary agreements, in particular order forms, quotations, service level agreements or data processing agreements, take precedence over these terms where they expressly provide otherwise. For the processing of personal data on behalf of business customers, the data processing agreement takes precedence.
2. Definitions
• DeepMed: DeepMed Zurich AG.
• SecureChat: The AI-powered chat service provided by DeepMed, including user interface, technical infrastructure, integrations, documentation, security features and related services.
• User: Any natural person who uses SecureChat.
• Private user: A user who uses SecureChat for private purposes and not within the scope of an organisation.
• Business customer: An organisation or person that uses SecureChat for professional, business, institutional or public purposes or makes it available to users.
• Content: Inputs, prompts, chat histories, uploaded files, transcripts, documents, metadata, generated text and other information entered, processed, displayed, stored or generated via SecureChat.
• Chat content: Content entered and generated in a chat, in particular prompts, messages, responses, chat histories and documents uploaded in that chat.
• Project data: Content stored within a project or assistant outside a single chat, in particular assistants, project instructions, configurations, permanently stored project documents and comparable project-related settings.
• Metadata: Account data, technical data, security data, usage data, log data, timestamps, authorisation information, billing data and other data required for operation, security, traceability, abuse prevention, support, billing or legal and contractual obligations.
• Outputs: Responses, summaries, suggestions, draft texts, analyses, structures or other results generated by SecureChat.
3. Description and Limits of SecureChat
SecureChat is an AI-powered service for linguistic, editorial, organisational and analytical support. SecureChat may in particular be used to draft texts, summarise documents, structure information, suggest wording, prepare workflows or process content in natural language.
SecureChat is an assistance system. Outputs are to be regarded as suggestions and do not replace professional review, approval or responsibility of the user or business customer.
SecureChat is in particular not a medical device and is not intended for medical diagnosis, therapy planning, triage, monitoring, emergency assessment or other medical purposes.
4. Contract Conclusion, Registration and User Account
Use of SecureChat generally requires creation of a user account. The user must provide complete and accurate information and keep access credentials confidential.
The user is responsible for ensuring that their user account is not used by unauthorised third parties. Any suspected misuse, loss of access credentials or unauthorised access must be reported to DeepMed without delay.
DeepMed may refuse registration or suspend an account if there is reasonable suspicion of misuse, incorrect information, security risks, unlawful use or breach of these terms.
For business customers, user accounts may be managed by the business customer's administrators. The business customer is responsible for granting access only to authorised users, correctly managing roles and permissions, and revoking access promptly upon departure or role change.
5. Private Use and Business Use
Where a natural person uses SecureChat exclusively for private purposes, the provisions for private users apply.
Where a person uses SecureChat in the course of their professional activity, via a business email address, on invitation of an organisation or in the interest of a business customer, use is deemed business use. In that case, the respective business customer is responsible for use by its users.
The business customer is in particular responsible for internal instructions, training, authorisation concepts, the lawfulness of entered content, informing data subjects, compliance with professional confidentiality obligations and reviewing outputs before use.
6. Permitted Use
SecureChat may only be used lawfully, in accordance with the contract and in compliance with applicable laws, professional duties and internal instructions.
The user must in particular not use SecureChat to create, disseminate or process unlawful content, infringe third-party intellectual property rights, circumvent security mechanisms, develop or disseminate malware, test or attack systems without authorisation, deceive as to identity, harm DeepMed or third parties, or automate decisions with significant effect on persons without review.
The user must not use SecureChat to read out, circumvent or disclose system prompts, security mechanisms, internal configurations, unreleased model information or other non-publicly accessible information. Automated scraping, excessive bot access, abusive load testing, circumvention of usage restrictions and inputs or instructions aimed at circumventing security, data protection or access protection measures are also prohibited.
The user must not enter content they are not authorised to process. Particularly sensitive personal data, health data, patient data, professional secrets, trade secrets or other confidential information may only be entered if the user is authorised to do so and the selected plan and applicable data protection and security conditions permit this.
DeepMed may prohibit, restrict or technically block uses where this is necessary for security, abuse prevention, compliance with legal obligations or protection of DeepMed, customers, users or third parties.
7. No Professional Advice and No Emergency Use
SecureChat does not provide medical, psychological, legal, tax, financial or other professional advice.
Outputs from SecureChat must not be used without review and must not serve as the sole basis for diagnoses, therapies, legal assessments, financial decisions, submissions to authorities, personnel decisions, medical emergencies, triage or other decisions with significant effect.
SecureChat is not suitable for medical emergencies or acute danger. In such cases, the competent emergency services, physicians or authorities must be contacted immediately.
When used in healthcare or other regulated sectors, professional responsibility remains entirely with the responsible user, business customer or respective professional.
8. AI Outputs, Duty of Review and Responsibility
SecureChat uses AI technologies. AI systems may despite careful technical implementation produce incomplete, outdated or incorrect results or results not applicable to the specific individual case. This also applies to web research: sources may be incorrect, misleading, outdated or incomplete, and AI-generated summaries must therefore be reviewed before use. The user is responsible for carefully reviewing, correcting and approving outputs before use. This applies in particular where outputs are used vis-à-vis third parties, incorporated into documentation, used for professional purposes or used as a basis for further decisions.
DeepMed does not warrant that outputs are correct, complete, current, unique, free of intellectual property rights or suitable for a particular purpose.
Identical or similar inputs may lead to identical, similar or different outputs. Users acquire no exclusive rights in generic outputs, wording, structures or suggestions generated by SecureChat.
9. Rights in Inputs and Outputs
The user or business customer retains the rights to which they are entitled in their inputs and uploaded content.
The user or business customer grants DeepMed the rights necessary to provide SecureChat, technically process content, generate outputs, display content, implement security measures, provide support, analyse errors, prevent abuse and fulfil contractual or legal obligations.
To the extent legally possible, the user may use outputs generated for them for their own purposes. DeepMed claims no rights in outputs consisting exclusively of user-specific inputs and AI-generated wording. Reserved are DeepMed's rights in SecureChat, the software, technical systems, system prompts, workflows, methods, user interfaces, documentation, generic structures and other know-how.
DeepMed does not warrant that outputs do not infringe third-party rights. The user is responsible for reviewing outputs before publication, disclosure or business use.
10. Rights of DeepMed
SecureChat, the underlying software, user interface, technical architecture, system prompts, workflows, data models, security mechanisms, documentation, brands, designs, configurations, interfaces, operating processes and further developments remain the property of DeepMed or the respective rights holders.
The user receives a simple, non-exclusive, non-transferable and non-sublicensable right to use SecureChat during the contract term within the agreed scope.
The user must not copy, modify, reverse engineer, decompile, resell, rent, sublicense, offer to third parties as their own service, circumvent technical protection measures or misuse SecureChat to build a competing service.
11. Data Protection and Data Processing
DeepMed processes personal data in accordance with DeepMed's privacy policy, which forms part of these terms.
For private users, DeepMed generally processes personal data required for use of SecureChat as controller.
For business customers, DeepMed generally processes contract, account, billing, security, support and administration data for its own purposes as controller. Content entered by the business customer or its users in SecureChat is generally processed by DeepMed on behalf of the business customer, unless the parties agree otherwise.
Where DeepMed processes personal data on behalf of a business customer, the data processing agreement between DeepMed and the business customer and the technical and organisational measures specified therein also apply.
12. Data Location, Service Providers and Third-Party Models
Productive storage of SecureChat content is generally encrypted in Switzerland. Under current system configuration, SecureChat content is stored in AWS infrastructure in Switzerland.
For AI inference, inputs and outputs may be transmitted to AWS or Microsoft Azure services in Switzerland or the EEA where this is necessary to execute the function requested by the user.
SecureChat may use hosting, cloud, infrastructure, AI, communication, security, support, payment and administration service providers where this is necessary for provision, security, maintenance, billing or further development.
For business customers, details on sub-processors, data location, technical and organisational measures and any foreign connections are governed in the data processing agreement, the TOM or separate documentation.
13. Storage, Deletion and Archiving
Unless expressly agreed otherwise, SecureChat is not a permanent archiving or document management system.
For project-related chats, the user or business customer may set a deletion period between 0 and 365 days per project within available product settings. The period starts anew for each chat after the last input; each further input in the same chat restarts the period.
A deletion period of 0 days means that the affected chat content and documents uploaded in that chat are scheduled for deletion at the next automated deletion run after the last input. The system time configured for SecureChat is decisive.
Where no different deletion period has been set or content is not assigned to a project with its own deletion period, a standard retention period of 365 days applies for general chats.
The chat-related deletion period applies to chat content and documents uploaded in a chat. Not automatically covered are project data such as assistants, instructions, configurations and permanently stored project documents. These remain stored while the respective user account or customer account exists, unless deleted by the user or business customer or a different agreement applies.
Metadata may continue to be stored after deletion of chat content and uploaded documents where this is necessary for operation, security, traceability, abuse prevention, support, billing or legal and contractual obligations.
Backups serve exclusively to restore system availability after security incidents or technical disruptions and are overwritten or deleted according to the intended backup and deletion processes.
The user or business customer is themselves responsible for exporting or otherwise archiving chat content, outputs, documents, project data, assistants, documentation or other data in good time where they need these for legal, professional, medical, accounting, evidential or internal purposes.
14. Data Security
DeepMed implements appropriate technical and organisational measures to protect SecureChat and data processed via it against loss, misuse, unauthorised access, unauthorised disclosure, alteration or destruction.
Security measures include in particular encrypted transmission, encrypted storage, role and permission concepts, individual user accounts, access restrictions, logging, separation of environments, security reviews and organisational confidentiality measures. The specific measures are described in the TOM.
The user and business customer are responsible for secure passwords, careful handling of access credentials, appropriate internal permissions, secure end devices and compliance with internal security requirements.
15. Availability, Maintenance and Changes to the Service
DeepMed endeavours to achieve high availability of SecureChat. However, a specific availability is only owed where expressly agreed in a separate service level agreement.
DeepMed may maintain, update, extend, restrict or change SecureChat where this is necessary for security, stability, technical development, compliance with legal requirements, abuse prevention or economical provision of the service.
Maintenance work, security measures, disruptions at third-party providers, force majeure, attacks on systems, network failures, official measures or other events outside DeepMed's reasonable sphere of influence may impair availability.
DeepMed may change or discontinue functions where the essential purpose of the contract is not unreasonably impaired. For material adverse changes for paying customers, DeepMed will inform in an appropriate manner.
16. Prices, Billing and Payment Terms
Prices, scope of services, billing periods, trial phases and payment terms result from the selected plan, the website, the order form, the quotation or a separate agreement.
Unless expressly different usage quotas are agreed for a plan, reasonable use within the selected plan applies ("Fair Use"). Use must not significantly exceed the typical scope of comparable private, professional or organisational use and must not unreasonably impair the stability, availability, security or economic viability of the service.
In case of exceptionally intensive use, in particular through very extensive document processing, automated or mass requests, intensive web research, speech-to-text processing, long AI processing operations or otherwise significantly above-average use, DeepMed may contact the user or business customer, apply appropriate usage limits, offer add-on packages or require a switch to a more suitable plan.
Abusive use, in particular automated scraping, excessive bot access, circumvention of usage restrictions or technically harmful use, remains prohibited and may lead to restriction or suspension of access.
Unless otherwise agreed, fees are due in advance. In case of payment default, DeepMed may suspend access, withhold services, charge default interest and terminate the contract.
Free trial phases may be limited in time or function. DeepMed may change, restrict or discontinue free offers at any time unless a different agreement exists.
Mandatory statutory rights apply without reservation for private users. Where Swiss law provides no right of withdrawal, return or refund, such rights are only granted if DeepMed expressly agrees.
If the user begins using SecureChat or takes up services before expiry of any withdrawal period, this constitutes an express request for immediate contract performance. In that case, any withdrawal or cancellation right expires to the extent permitted by law.
17. Term and Termination
The contract runs for the duration specified in the respective plan or agreement. Unless otherwise agreed, the contract automatically renews for the agreed term unless terminated by the private user or business customer with one month's notice to the end of the respective term.
DeepMed may terminate the contract with reasonable notice unless a different term has been agreed.
The right to terminate without notice for good cause remains reserved. Good cause exists in particular in case of serious or repeated breach of these terms, payment default, abuse, security risks, unlawful use, infringement of intellectual property rights or actions that may significantly endanger DeepMed, other customers, users or third parties.
After contract end, access to SecureChat may be deactivated. The user or business customer is responsible for exporting or otherwise securing required content before contract end. Statutory retention obligations, deletion periods and technical backup processes remain reserved.
18. Suspension and Abuse
DeepMed may temporarily or permanently suspend individual user accounts, organisations, functions or content where there is reasonable suspicion of unlawful use, abuse, security endangerment, breach of these terms, infringement of third-party rights, payment default or circumvention of technical protection measures.
When suspending, DeepMed will appropriately consider the legitimate interests of the user or business customer where security, legal compliance or protection of third parties are not endangered thereby.
19. Warranty
SecureChat is provided within the agreed scope of services. DeepMed does not warrant that SecureChat is uninterrupted, error-free, secure, compatible with all systems or suitable for a particular purpose at all times.
DeepMed in particular does not warrant that outputs are correct, complete, current, free of intellectual property rights, unique or suitable for professional, medical, legal, financial or other decisions.
Mandatory statutory rights of private users remain reserved.
20. Liability
DeepMed is liable without limitation for damage caused by intentional or grossly negligent conduct, and in other cases where limitation of liability is unlawful.
For slight negligence, DeepMed is liable only for breach of essential contractual obligations and only for typical, foreseeable damage.
To the extent permitted by law, DeepMed is not liable for indirect damage, consequential damage, lost profit, loss of revenue, reputational damage, data loss, loss of business opportunities, third-party claims, damage from unreviewed use of outputs, professional wrong decisions by the user or damage arising from unlawful or contractual inputs.
Vis-à-vis private users, liability limitations apply only to the extent permitted by applicable law. Mandatory rights of private users remain reserved.
Vis-à-vis business customers, DeepMed's liability for slight negligence is, to the extent permitted by law, limited in total to the fees paid by the business customer for SecureChat in the twelve months before the event giving rise to liability. If no fees were paid in that period, liability vis-à-vis business customers is limited to CHF 100.
The user is liable to DeepMed for damage they culpably and unlawfully cause through breach of these terms, unauthorised entry of data, infringement of third-party rights or breach of confidentiality, data protection or security requirements, to the extent such liability is permitted by law. Business customers are additionally liable for acts and omissions of their users where they use SecureChat within the business customer.
21. Confidentiality
The parties treat confidential information accessible to them in connection with SecureChat as confidential and use it only for performance of the contract.
Confidential information includes in particular non-publicly known technical, business, medical, organisational, financial or legal information, trade secrets, security information, access credentials, unpublished product information and content of users and business customers.
The confidentiality obligation does not apply to information that is publicly known, lawfully obtained without confidentiality obligation, independently developed or must be disclosed due to legal obligations, official orders or court decisions.
22. Changes to These Terms
DeepMed may amend these terms where this is necessary due to changes to SecureChat, legal requirements, security requirements, technical developments, economic reasons or for clarification.
DeepMed informs registered users or business customers in an appropriate manner of material changes. If a paying user or business customer objects to a material adverse change, DeepMed may terminate the contract at the end of the current billing period or grant the user or business customer a special right of termination.
For material adverse changes, DeepMed informs paying private users in an appropriate manner before entry into force. Private users may terminate the contract before entry into force of the change to the end of the current billing period. Mandatory statutory rights of private users remain reserved.
Continued use of SecureChat after entry into force of amended terms constitutes consent to the extent permitted by law.
23. Assignment and Engagement of Third Parties
DeepMed may assign rights and obligations under the contract to an affiliated company or legal successor, in particular in the context of restructuring, merger, spin-off, financing or sale of the business area, provided legitimate interests of the user or business customer are not unreasonably impaired.
DeepMed may engage third parties to perform services. Data protection requirements, in particular for processing on behalf of business customers, remain reserved.
The user or business customer may assign rights and obligations under the contract only with prior consent of DeepMed.
24. Final Provisions
If individual provisions of these terms are or become invalid or unenforceable, the validity of the remaining provisions remains unaffected. The invalid or unenforceable provision shall be replaced by a valid provision that comes as close as possible to the economic purpose.
Communications from DeepMed may be made via the website, within SecureChat, by email or in another appropriate manner.
25. Applicable Law and Jurisdiction
Swiss law applies, excluding conflict of laws rules and the Vienna Convention on Contracts for the International Sale of Goods.
For business customers, the exclusive place of jurisdiction is Zurich, Switzerland.
For private users, statutory places of jurisdiction apply to the extent mandatory consumer protection provisions do not provide otherwise.