EverWellAI — Universal Terms of Use & Service Agreement (UK)

Effective Date: 26th October 2025

By using EverWellAI, you agree to these Terms. If you do not agree, please refrain from using the Service.

Legal Entity: EverWellAI Ltd (Company No. 16701230)

Registered Office: 33 Kinghorne Road, Barnard Castle, DL12 8GZ, United Kingdom

Contact: legal@everwellai.co.uk | privacy@everwellai.co.uk

1. Acceptance of Terms

These Universal Terms of Use & Service Agreement (“Terms”) govern access to and use of the EverWellAI website, apps and platform for recording staff supervision sessions, automatic speech recognition (ASR) transcription, and AI-assisted document generation (the “Service”). By accessing or using the Service, you agree to these Terms. If you do not agree, do not use the Service.

If you accept these Terms on behalf of an organisation (the “Customer”), you represent and warrant that you have authority to bind that organisation.

2. Who We Are

EverWellAI Ltd (“EverWellAI”, “we”, “us”) is a UK company providing an AI-assisted supervision transcription service for social care teams. We act as:

  • a Processor for supervision audio, transcripts and generated outputs handled on behalf of Customer organisations; and

  • a Controller for our website, user accounts, security logs and support interactions.

3. Incorporated Documents & Order of Precedence

These Terms incorporate by reference our Data Processing Addendum (DPA), Privacy Policy, Cookie Policy, Acceptable Use Policy (AUP), and—if the Customer is a UK public sector body—Appendix C (UK Public Sector Supplement). If there is a conflict: Order (if any) → DPA → these Terms → Policies. Appendix C prevails over the main Terms for UK public sector Customers.

4. Accounts, Eligibility & Access

  • Authorised Users: Only employees/contractors you authorise may access the Service.

  • Security: Keep credentials confidential; ensure device security; maintain accurate admin contacts.

  • Age: The Service is intended for adults in a professional context and is not directed to children under 16.

5. Customer Responsibilities (Lawful Basis, Notices, DPIA)

Customer is the Controller for supervision content and is responsible for:

  • identifying and documenting a lawful basis under Art. 6 UK GDPR and, where applicable, an Art. 9 special category condition plus an Appropriate Policy Document (DPA 2018 Sch. 1);

  • completing any required DPIA and LIA;

  • worker notices prior to recording and compliance with ICO workplace monitoring guidance;

  • data minimisation and defensible retention (especially for content that mentions or relates to children).

6. Children’s Data

  • The Service is used by adults but supervision content may reference children.

  • For content that includes children’s information, Customer must restrict access, apply shorter retention, and (where required) provide transparency to parents/guardians.

  • EverWellAI provides controls to support these obligations; Customer must configure and use them appropriately.

7. EverWellAI Responsibilities

  • Process Customer Data only on documented instructions per the DPA; maintain appropriate technical and organisational measures.

  • Maintain encryption in transit/at rest, MFA/SSO, logging/monitoring and incident response; notify without undue delay of personal data breaches affecting Customer Data.

  • Use vetted Sub-processors with EU-first configuration: AssemblyAI (EU endpoint) for ASR; Mistral (EU LLM); Supabase (Frankfurt); Railway (EU PaaS); n8n (EU automation); Google Workspace (email/docs).

  • Prefer UK/EU data residency; where support access outside the UK/EEA is necessary, use SCCs/UK Addendum and supplementary measures.

8. AI, ASR & Outputs

  • ASR: AssemblyAI EU endpoints; configured to avoid model training/retention where available.

  • LLM: EU-hosted models with zero-data retention modes where available; prompt minimisation/redaction may be applied.

  • Outputs: Assistive and may contain errors. Human review/approval is required. The Service is not legal, clinical or safeguarding advice.

9. Acceptable Use

  • No unauthorised access, interference, vulnerability scanning or stress testing.

  • No malware or harmful code; no unlawful or rights-infringing content.

  • No automated decisions with legal/similar effects without appropriate safeguards.

  • Do not upload production personal data to support channels; use secure channels/redaction as provided.

10. Privacy & Cookies

Our Privacy Policy explains how we process personal data when acting as Controller (accounts, website, support). For supervision content we act as Processor under the DPA. Our Cookie Policy explains essential cookies and optional analytics cookies used on the website.

11. Intellectual Property & Licensing

  • Customer Data: You own it. You grant EverWellAI a limited licence to process it solely to provide/support the Service.

  • Outputs: As between the parties, Customer owns Outputs to the extent permitted by law; EverWellAI assigns any of its rights in Outputs to Customer (excluding the Service IP).

  • Service IP: EverWellAI and licensors own the Service, software, models and documentation; no rights are granted except as stated.

12. Support, Availability & Changes

We provide reasonable business-hours support by email/ticket. We strive for high availability and may improve or modify features; we will not materially degrade security or core functionality during a paid term.

13. Fees & Payment (if applicable)

Fees and plan limits are defined in your Order. Fees are invoiced in GBP, 30 days net, exclusive of taxes, and non-refundable except where these Terms expressly allow (e.g., pro-rata refund on termination for material Sub-processor objection).

14. Term, Suspension & Termination

  • Term: Starts on the Effective Date and continues for the Order term, auto-renewing unless either party gives 30 days’ notice of non-renewal.

  • Suspension: For material breach, security risk, or non-payment (after notice), limited to affected parts where feasible.

  • Termination: Either party may terminate for uncured material breach after 30 days’ notice (10 days for non-payment), or immediately for insolvency. On termination we will delete or return Customer Data per the DPA; your access ends.

15. Warranties & Disclaimers

  • Authority: Each party warrants it has authority to enter this Agreement.

  • Service warranty: The Service will perform materially per documentation and be provided with reasonable skill and care.

  • Disclaimer: Except as expressly stated, the Service is provided “as is” and “as available.” We disclaim implied warranties. Outputs require human review.

16. Indemnities

  • EverWellAI (IP): We’ll defend/indemnify against UK IP claims that the unmodified Service infringes; we may procure rights, modify, or terminate with refund of unused fees.

  • Customer (Content & compliance): You’ll defend/indemnify EverWellAI for claims arising from Customer Data (including unlawful recording/notice basis), breach of law/Terms, or AUP violations.

17. Liability

  • No limits for death/personal injury by negligence, fraud, wilful misconduct, or other liability that cannot be limited by law.

  • Otherwise: no indirect/consequential damages, lost profits/revenue, or data loss (except as caused by a party’s breach of the DPA/Terms).

  • Cap: amounts paid/payable in the prior 12 months (or £25,000 if no fees were paid).

18. Publicity

We may use your name/logo in customer lists (non-endorsement) unless you opt out by written notice. Case studies require your prior written approval.

19. Changes to These Terms

We may update these Terms for legal/operational reasons. For paid subscriptions, we’ll notify admins of material changes at least 30 days in advance; if you materially object and we can’t resolve, you may terminate for convenience before the change takes effect and receive a pro-rata refund of prepaid unused fees.

20. Governing Law & Jurisdiction

These Terms are governed by the laws of England and Wales, with exclusive jurisdiction of the courts of England and Wales.

21. Miscellaneous

Assignment requires consent (not unreasonably withheld), except affiliate/merger transfers. We may subcontract (incl. Sub-processors) but remain responsible. Force majeure applies. If any clause is unenforceable, the rest stands. No waiver unless in writing. This Agreement (with incorporated documents) is the entire agreement.

Appendix A — Data Protection Summary (full DPA prevails)

  • Roles: Customer = Controller; EverWellAI = Processor (for supervision content).

  • Subject matter & duration: audio, transcripts, Outputs processed during the subscription term.

  • Nature & purpose: recording, ASR transcription, LLM structuring, export/delivery, support.

  • Data subjects: supervisees, supervisors, referenced third parties (may include children).

  • Data categories: audio, transcripts, names, scheduling/case details; may include special category data.

  • Security: encryption in transit/at rest, RBAC/MFA, logging/monitoring, incident response.

  • Sub-processors (EU-first): AssemblyAI (EU ASR), Mistral (EU LLM), Supabase (Frankfurt), Railway (EU), n8n (EU), Google Workspace.

  • Transfers: UK/EU primary; if support/admin access outside UK/EU, SCCs/UK Addendum + supplementary measures.

  • Deletion/return: On termination or written instruction, delete or return Customer Data; backups age out per schedule.

Appendix B — Current Sub-processors (UK customers)

  • AssemblyAI — Automatic speech recognition (EU endpoint: api.eu.assemblyai.com).

  • Mistral AI — EU-hosted LLM (no training/retention mode).

  • Supabase — Database/auth/storage (Frankfurt, DE).

  • Railway — Application hosting/PaaS (EU region).

  • n8n — Workflow automation (Germany/EU or EverWellAI-hosted in EU).

  • Google Workspace — Email/docs (EU data regions configurable; SCCs/UK Addendum for any non-EU access).

Appendix C — UK Public Sector Supplement

Applies if Customer is a “Contracting Authority” under the Procurement Act 2023 (or PCR 2015) or otherwise procuring with public funds. This Appendix prevails over the main Terms where there is conflict.

C1. Freedom of Information & EIR.

Assist Customer promptly with FOIA/EIR requests; provide relevant records within Customer timescales; acknowledge Customer’s right to disclose. Customer will consider EverWellAI-marked “Commercially Sensitive Information” but retains final discretion.

C2. Transparency & Publication.

Customer may publish redacted copies of this Agreement/Orders/spend data (subject to redaction of personal data and genuinely confidential technical/pricing methodologies). EverWellAI will supply clean/redacted copies within 10 working days on request.

C3. Records, Audit & NAO.

Maintain complete and accurate records for 7 years (or longer if required). Permit audits by Customer, internal audit, NAO, Cabinet Office or nominees on reasonable notice (performance, security/DP, charging). Prefer attestations (ISO/SOC2, pen-tests) before onsite access.

C4. Security, Assurance & Incident Handling.

Align with NCSC good practice; encryption at rest/in transit; RBAC/MFA; logging/monitoring; IR/BC/DR. Maintain Cyber Essentials Plus (or obtain within 6 months) or agreed equivalent. Privileged personnel: BPSS (and DBS if reasonably required). OFFICIAL data classification unless agreed otherwise. Notify without undue delay (and within Customer policy timescales where specified) of Personal Data Breaches/material incidents; cooperate with NCSC/ICO/sector regulators.

C5. Accessibility & Inclusion.

Use reasonable endeavours to conform to WCAG 2.2 AA and the UK Public Sector Bodies Accessibility Regulations 2018; provide accessibility statements and remediate issues on agreed timelines.

C6. Safeguarding, Children & Vulnerable Adults.

Train relevant staff; enforce need-to-know access and shorter retention for records flagged as containing children’s data; support DPIA/LIA and APD obligations.

C7. Modern Slavery, Bribery & Tax Evasion.

Comply with the Modern Slavery Act 2015, Bribery Act 2010, and Criminal Finances Act 2017; maintain policies/training and flow down to supply chain.

C8. Sub-processors & Supply Chain.

Provide ≥30 days’ notice of Sub-processor changes; allow reasonable objections and work to resolve. If unresolved, Customer may terminate the affected component with pro-rata refund. Prioritise UK/EU residency and document SCCs/UK Addendum and TIAs for any non-UK/EU access.

C9. Data Location, Exit & Data Return.

On request, store/process content in UK/EU regions only (subject to emergency support access with SCCs/UK Addendum). Provide assisted data export and reasonable transition for up to 30 days (or as purchased); then securely delete remaining Customer Data (backups age out on schedule). Provide deletion/return certificates on request.

C10. Termination for Convenience & Step-In.

Public sector Customers may terminate all/part of the Service on 30 days’ written notice; EverWellAI refunds prepaid, unused fees pro-rata. Where there is a serious and immediate risk to life/safety, data protection or critical service continuity and EverWellAI has not taken reasonable action, Customer may temporarily step-in (or appoint a third party) until mitigated.

C11. Pricing, Benchmarking & MFN (optional).

If specified in the Order: benchmarking cooperation; no materially better net pricing to substantially similar UK public sector customers for the same volume/term without offering Customer an equivalent adjustment at next renewal.

C12. Publicity & Purdah.

Use of Customer name/crest/logo requires prior written consent; comply with pre-election publicity (purdah) restrictions.

C13. Insurance.

Maintain: Professional Indemnity £2,000,000, Cyber Liability £2,000,000, Public Liability £2,000,000, and Employers’ Liability as required; provide certificates on request.

C14. Non-Solicitation & TUPE.

No active solicitation of the other party’s key staff directly engaged on the contract during the term and 6 months after (general advertising allowed). TUPE not expected to apply to this SaaS; if circumstances change, cooperate in good faith.

C15. Conflicts of Interest & Ethical Walls.

Notify Customer of any actual/potential conflict and implement acceptable mitigations.

C16. Order of Precedence.

If Customer has mandated public sector model terms (e.g., NHS, CCS schedules), those apply in addition to these Terms; where there’s conflict, the mandated schedule prevails to the extent required by law/framework.