Contact Us

Orva End User License Agreement

Effective Date: April 22, 2025
Last Updated: May 20, 2025

This End User License Agreement (“EULA”) governs your access to and use of Orva, a perioperative voice assistant platform developed by RAIN Technology ME LTD, collectively referred to as “RAIN,” “we,” “us,” or “our.”

By accessing or using the Orva platform, you (“User”) agree to comply with the terms and conditions governed by UAE Federal Law No. 45 of 2021, ADHICS, and UAE data localization laws..

Key Definitions

  • Voice Data: Audio recordings, commands, or speech interactions captured by Orva, including any associated metadata (e.g., timestamps, device ID, user ID).

  • Personal Data: Any data identifying or relating to an identifiable individual, including medical identifiers, voiceprints, or timestamps linked to care.

  • De-identification: A data processing method that removes identifiers in compliance with HIPAA or UAE PDPL, rendering data non-attributable to individuals.

  • PHI (Protected Health Information): Health-related personal data as defined by HIPAA or equivalent local law.

  • EHR (Electronic Health Record): A digital clinical documentation system that may be integrated with Orva for workflow automation.

  • Consent: Voluntary agreement by the User or healthcare entity to allow data collection and processing for defined purposes.

1. Introduction

This End User License Agreement (“EULA”) is a binding legal agreement between you (“User,” “you,” or “your”) and RAIN Technology ME LTD, a company organized and existing under the laws of the United Arab Emirates, with its principal office located at Level 14, Al Sarab Tower, ADGM Square, Al Maryah Island, Abu Dhabi, UAE (“RAIN Technology,” “we,” “our,” or “us”). This EULA governs your access to and use of Orva, a clinical-grade, voice-activated software platform designed to operate on smart healthcare devices, including but not limited to Android tablets, wearable headsets, and clinical display TVs, within licensed surgical and procedural healthcare environments in the UAE.

By installing, accessing, or using the Orva software (“Software”), you agree to be legally bound by the terms of this EULA, in addition to all applicable terms outlined in the Orva Terms of Service (ToS) and Privacy Policy. If you do not agree to all the terms of this EULA, you are not authorized to access or use the Orva Software, and you must cease use and uninstall it immediately.

This Software is expressly licensed—not sold—and is made available exclusively for institutional clinical use by authorized healthcare providers and personnel. It may only be used in compliance with the laws and data protection frameworks of the United Arab Emirates, including the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2), UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), and other regulations set forth by the Department of Health – Abu Dhabi (DOH) and the Ministry of Health and Prevention (MOHAP).

RAIN Technology ME LTD retains all ownership, intellectual property rights, and proprietary interests in the Orva Software. This EULA grants you a limited, non-exclusive, non-transferable, and revocable license to use the Software solely for clinical and healthcare operational purposes, subject to the restrictions outlined herein. Any use of the Software outside the authorized scope, including commercial exploitation, reverse engineering, or use in non-clinical environments, is strictly prohibited and may constitute a violation of civil or criminal law.

By accepting this EULA, you represent and warrant that you are an authorized healthcare provider, administrator, or user operating under the authority of a licensed UAE healthcare facility and that you will use the Software solely within the bounds of clinical and regulatory guidelines.

2. Scope of License

Subject to your continued compliance with this EULA and all applicable laws and regulations, RAIN Technology ME LTD hereby grants you a limited, non-exclusive, non-transferable, non-sublicensable, and revocable license to install, access, and use the Orva Software solely for its intended clinical and operational purposes within a licensed healthcare institution operating under the jurisdiction of the United Arab Emirates.

This license is expressly conditioned upon the following limitations:

  • Institutional Use Only: The Software may only be used on devices owned or managed by your licensed healthcare facility. Personal or consumer use is strictly prohibited.

  • Regulatory Compliance: Use of the Software must fully comply with all applicable UAE laws and regulations, including but not limited to the Abu Dhabi Department of Health (DoH) requirements, the Abu Dhabi Healthcare Information and Cyber Security (ADHICS v2) standard, and the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021).

  • Clinical and Operational Purpose: The Software is licensed exclusively for healthcare-related use cases, such as intraoperative workflow support, clinical documentation, and analytics for improving care quality and efficiency. Any non-clinical or commercial use of the Software is unauthorized.

  • No Redistribution or Derivative Use: You may not copy, distribute, sublicense, rent, lease, or make the Software available to third parties outside your organization.

  • Prohibited Activities: You are expressly forbidden from attempting to reverse engineer, decompile, disassemble, modify, adapt, translate, or create derivative works based on the Software, its components, or underlying code. Any such actions are considered a breach of this agreement and may result in legal action and license termination.

RAIN Technology ME LTD reserves all rights not expressly granted to you under this EULA. No license or right is granted to use RAIN’s trademarks, trade secrets, patents, or other intellectual property except as explicitly permitted herein.

 

3. Voice & Audio Data Collection

As part of its core functionality, Orva may capture voice inputs and user commands initiated by a predefined wake-word trigger (“Hey Orva”). This voice-enabled interaction is designed to support clinical workflow automation, reduce manual documentation burden, and facilitate safe, hands-free operation in surgical environments.

Purposes of Collection

  • Voice data collected after wake-word activation may be used for the following limited and lawful purposes:

  • Improving System Accuracy: To enhance Orva’s speech recognition engine and improve real-time response reliability across varied clinical scenarios.

  • Accent Adaptation: To increase comprehension and transcription accuracy for regional English dialects and healthcare terminology commonly used in UAE settings.

  • Feature Optimization: To ensure the platform delivers relevant, context-aware responses that align with surgical workflows and patient safety priorities.

Privacy & Safeguards

All voice samples used for system learning are:

  • Captured only after wake-word activation, ensuring user intent and minimizing incidental collection.

  • Irreversibly de-identified before being used for AI model training or performance testing. Once de-identified, voice data cannot be linked back to any individual, user account, or healthcare encounter.

  • Encrypted at rest using AES-256 encryption and stored in secure, UAE-based environments in accordance with ADHICS standards.

  • Access-controlled using strict, role-based permissions limited to authorized RAIN Technology ME LTD personnel.

  • Audited through periodic internal reviews and third-party assessments to validate compliance with the UAE Personal Data Protection Law (PDPL) and Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2).

No voice data—whether raw or de-identified—is used for advertising, profiling, or sold to external entities under any circumstances.

4. User Consent and Data Use

RAIN Technology ME LTD processes personal and clinical data within the Orva platform in accordance with the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021) (“PDPL”), the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2), and relevant guidance issued by the Department of Health – Abu Dhabi (DoH).

Primary Lawful Basis – Direct Clinical Use

Pursuant to PDPL Article 4(1)(b), the collection and processing of personal data—including voice recordings and session metadata—is considered lawful when necessary for the provision of healthcare or treatment, without requiring additional patient consent. Orva’s use in surgical environments for real-time documentation, workflow support, and clinical safety alerts falls under this provision.

Secondary Uses – Model Training & Analytics

For purposes beyond direct care, such as AI model refinement, feature development, or clinical workflow benchmarking, Orva relies on one of the following lawful bases:

  • PDPL Article 4(1)(a) – Explicit consent: Consent is obtained from patients during the facility’s general consent process, and such consent must be documented by the healthcare institution.

  • PDPL Article 4(11) – Anonymization: If personal identifiers are irreversibly de-identified, the processing may occur without consent, provided the data cannot be re-associated with any individual.

RAIN Technology ensures that all data used for secondary purposes undergoes rigorous de-identification processes in accordance with ADHICS and industry best practices.

 

5. Messaging & Attribution

To ensure operational integrity, clinical accountability, and accurate workflow traceability, Orva systematically logs and attributes all user interactions within the platform—including but not limited to voice commands, button presses, navigation events, and session activities—to the authenticated user account performing the action.

These logs are:

  • Tied to named user accounts provisioned through the Orva Admin Panel and authenticated under role-based access controls

  • Time-stamped and session-bound, ensuring traceability of events within each intraoperative interaction

  • Used to support operational coordination, such as real-time case management, room transitions, or handoffs between clinical staff

  • Instrumental for auditing, incident reconstruction, and quality assurance, especially in environments where multiple users may interact with a single shared device or room-based deployment

All activity logs are classified as Confidential under Orva’s data management policy and are protected using industry-standard encryption and access control mechanisms. Logs are retained in accordance with the healthcare facility’s data retention policy and are not used for performance evaluation or disciplinary purposes unless directed by the institution or required under applicable UAE law.

Orva’s attribution framework aligns with ADHICS v2 requirements for auditability and PDPL mandates for lawful and transparent processing of user-related data in healthcare systems.

6. User Rights under UAE Law

In accordance with the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021) and ADHICS v2, individuals whose data is processed via the Orva platform are entitled to exercise specific rights concerning their personal and health-related data. These rights may be subject to institutional policies, medical record retention requirements, and applicable healthcare regulations.

Subject to the clinical context and lawful limitations, you may:

  • Request access to your personal data that has been collected, including voice interactions, session metadata, and account-related activity logs

  • Request rectification of inaccurate or outdated personal data stored by Orva or request erasure of data where appropriate and permissible by law

  • Withdraw consent to the use of your voice data for non-essential, non-clinical purposes such as product improvement or AI model training, provided such data has not already been irreversibly de-identified

  • Object to processing, where the processing is based solely on legitimate interest and does not impact the delivery of medical care

  • Request restriction of processing in situations where a dispute over data accuracy or lawful use exists

How to Submit a Request

Data subject rights requests should be submitted:

  • Through your healthcare provider, which acts as the data controller for all Orva-related patient data, or

  • Directly to RAIN Technology ME LTD by emailing: hello@rainstellatech.com

RAIN will acknowledge receipt of your request within five (5) business days and, where applicable, will respond in full within thirty (30) calendar days, in accordance with Article 14 of the UAE PDPL. In certain complex cases or where verification is required, the timeline may be extended by an additional thirty (30) days with prior notice.

RAIN Technology ME LTD reserves the right to request additional information to confirm the identity of the requester or to verify institutional authorization, where applicable.

7. Data Security and Compliance

RAIN Technology ME LTD is committed to safeguarding all personal, clinical, and operational data processed through the Orva platform by implementing a comprehensive, risk-based information security program. This program is designed to meet and exceed the expectations of UAE healthcare regulators and international security frameworks.

Compliance Frameworks

RAIN maintains active compliance with the following standards and regulations:

  • ADHICS v2 – The Abu Dhabi Healthcare Information and Cyber Security Standard, which outlines mandatory security and privacy controls for healthcare technology used within Abu Dhabi, including access management, encryption, monitoring, and incident response.

  • UAE PDPL – RAIN complies with the UAE Personal Data Protection Law regarding data processing, retention, breach notification, and data subject rights.

  • ISO/IEC 27001:2022 – RAIN’s internal security program is certified against the international standard for information security management systems (ISMS), reflecting a systematic approach to managing sensitive data.

Technical and Administrative Safeguards

RAIN implements the following security measures throughout the Orva platform:

  • Encryption of all data at rest and in transit using AES-256 and TLS 1.2 or higher

  • Strict internal access controls, including role-based access, least-privilege enforcement, session monitoring, and routine access reviews

  • Multi-factor authentication (MFA) for privileged access to production environments

  • Regular vulnerability scanning, penetration testing, and security patch management

  • Secure development lifecycle (SDLC) practices to ensure application-level security from design to deployment

  • Data breach response procedures that align with ADHICS and PDPL, including investigation protocols, forensic logging, impact assessments, and regulatory notifications where applicable

All security controls are reviewed at least annually, and RAIN conducts internal audits and third-party assessments to validate ongoing compliance with security standards and legal obligations.

8. Privacy Policy

This EULA incorporates the Orva Privacy Policy (UAE version), which provides detailed information on:

  • Purpose of data collection

  • Retention periods

  • Data controller responsibilities

9. System Integration

Orva may be configured to interface with hospital systems, including EHRs and scheduling tools. Integration will be scoped to the minimum necessary access and adhere to UAE-specific regulatory requirements.

10. Termination

RAIN Technology ME LTD reserves the right to suspend or terminate this End User License Agreement (EULA) and your associated access to the Orva Software at any time, with or without prior notice, under any of the following conditions:

  • Breach of Terms: You violate or fail to comply with any provision of this EULA, including misuse of the Software, unauthorized data access, or non-compliance with institutional security policies.

  • Institutional Termination: The contractual relationship between RAIN Technology ME LTD and your healthcare institution (the data controller or licensee) is terminated, suspended, or expires.

  • Legal or Regulatory Mandate: Applicable UAE laws, governmental orders, or regulatory directives (including but not limited to PDPL, ADHICS, or MOHAP rulings) require revocation, suspension, or modification of license access.

  • Security Risk: Continued use of the Software poses, in RAIN’s reasonable judgment, a material risk to patient safety, data integrity, system security, or public health.

Upon termination, the following terms shall immediately apply:

  • All rights granted to the user under this EULA shall cease

  • You must immediately discontinue use of the Software and uninstall it from any authorized devices

  • RAIN may remotely disable or restrict access to the Software without liability

  • Any ongoing obligations related to data confidentiality, intellectual property, and lawful use shall survive termination

RAIN Technology ME LTD is not liable for any disruption to clinical workflows or operations resulting from license termination when such termination is the result of breach, institutional disengagement, or legal mandate.

12. Governing Law

This EULA is governed by the laws of the United Arab Emirates, and disputes shall be resolved through the courts of Abu Dhabi.

13. Contact

RAIN Technology ME LTD
Level 14, Al Sarab Tower
ADGM Square, Al Maryah Island
Abu Dhabi, UAE
Email: hello@orvahealth.com