Contact Us

 Orva Terms of Service

Effective Date: April 22, 2025
Last Updated: May 20, 2025

These Terms of Service (“ToS”) constitute a legally binding agreement between you (“User,” “you,” or “your”) and RAIN Technology ME LTD, a limited liability company registered in Abu Dhabi Global Market (ADGM), regarding your access to and use of the Orva platform (“Orva”) within the United Arab Emirates.

Orva is a clinical-grade, voice-activated platform designed to assist healthcare professionals in surgical and procedural environments by enabling hands-free documentation, workflow automation, and real-time voice interaction.

This platform is intended solely for institutional use by:

     

      • Licensed healthcare providers operating in the UAE

      • Public or private hospitals, surgical centers, and clinics

      • Organizations authorized under the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2) and Federal Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)

         

    By accessing or using Orva, you agree to:

       

        • Comply with these Terms and any referenced policies (including the Orva Privacy Policy and End User License Agreement)

        • Abide by all applicable UAE healthcare regulations, including Department of Health–Abu Dhabi (DoH), Dubai Health Authority (DHA),  and Ministry of Health and Prevention (MOHAP) standards

        • Ensure that your use is authorized and governed by your healthcare institution’s internal policies and controls

      If you do not agree to these Terms, you are not permitted to access or use the Orva platform.

      1. Definitions

      For the purposes of this Terms of Service, the following definitions apply. Capitalized terms used throughout this agreement shall be interpreted as defined below:

         

          • PHI (Protected Health Information): Any clinical, biometric, or demographic data that is directly or indirectly identifiable to a patient and is subject to regulation under the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021) and the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2). This includes, but is not limited to, patient names, medical record numbers, diagnosis codes, treatment history, and voice-recorded commands containing clinical context.

          • PII (Personally Identifiable Information): Any information that can be used, either alone or in combination with other data, to identify a natural person. Examples include full name, date of birth, email address, phone number, Emirates ID number, or device identifiers. PII is protected under the UAE PDPL and relevant sectoral guidance.

          • User: Any authorized individual—such as a licensed clinician, nurse, anesthetist, surgical staff member, or administrative personnel—who is granted access to the Orva platform under an institutional agreement. Users must operate within the scope of their professional role and in accordance with their healthcare provider’s internal policies.

          • Device: Hardware approved to run the Orva platform, including Android-based tablets, smart displays, operating room televisions, and wearable headsets that support real-time, hands-free interaction in surgical environments.

          • Applicable Law: The full body of laws, standards, and regulatory requirements governing the use of digital health technologies and data in the UAE, including:
            • ADHICS v2 (Abu Dhabi Healthcare Information and Cyber Security Standard)
            • UAE Federal Law No. 45 of 2021 (UAE Personal Data Protection Law)

               

                • MOHAP and Department of Health (DoH) regulations, circulars, and guidance relating to the protection and management of health information

          2. Introduction

          Orva is a clinical-grade, voice-activated platform developed to support surgical and procedural teams in the United Arab Emirates. The system enables hands-free intraoperative documentation, time-stamped milestone logging, and verbal interaction with key workflow functions—designed to improve efficiency, safety, and compliance in operating room environments.

          Orva is intended solely for institutional deployment by:

             

              • Licensed surgical centers and hospitals in the UAE

              • Facilities operating under the authority of the Department of Health – Abu Dhabi (DoH), Ministry of Health and Prevention (MOHAP), or other recognized health authorities

              • Organizations that comply with ADHICS v2 and the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021)

                 

            The platform may only be accessed by authorized healthcare professionals trained in its use and provisioned under the governance of an approved healthcare provider.

            Unauthorized or non-clinical use of Orva is strictly prohibited. Use of the platform is also subject to any applicable clinical governance policies issued by your healthcare institution, including patient data handling and informed consent protocols.

            3. Usage Policy

            Use of the Orva platform is restricted to authorized clinical personnel operating within licensed UAE healthcare institutions. By accessing and using Orva, Users agree to strictly adhere to institutional policies, applicable UAE regulations, and the terms of this agreement.

            All Users must:

            1. Operate Within Approved Clinical Settings

               

                • Use Orva exclusively within licensed surgical environments, such as operating rooms, procedural suites, and other designated clinical areas approved by their institution

                • Ensure that the platform is deployed only on authorized, institution-provisioned devices managed under appropriate mobile device management (MDM) controls

                • Use the system only during the course of official duties within a recognized healthcare provider subject to UAE health regulations

              2. Avoid Unauthorized, Recreational, or Unlawful Use

              Users may not:

                 

                  • Use Orva for any personal, entertainment, or recreational purposes

                  • Attempt to repurpose, reverse-engineer, or tamper with the platform for unauthorized clinical applications or software testing

                  • Transmit, store, or process any data through Orva that would violate UAE federal law, cybercrime statutes, or healthcare sector data handling rules

                     

                3. Comply with UAE National Healthcare Privacy Standards

                Users must comply with:

                   

                    • The Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2)

                       

                    • The UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021)

                       

                    • Any additional regulations or circulars issued by the Department of Health – Abu Dhabi, MOHAP, or Dubai Health Authority (DHA) relevant to voice data, clinical system use, and digital health platforms

                  Failure to comply with this Usage Policy may result in suspension or revocation of access, internal disciplinary action, and/or regulatory notification where required by law.

                  4. User Accounts

                  Access to the Orva platform requires an authorized user account, which must be provisioned and managed through the secure Orva Admin Panel. Each account is linked to a verified healthcare role and is subject to institutional access control policies.

                  To protect the confidentiality and integrity of clinical data, all user accounts must adhere to the following security measures:

                  Account Security Features

                     

                      • Strong Password Requirements: All passwords must meet defined minimum standards for length, complexity, and uniqueness, in alignment with ADHICS v2 access management controls

                         

                      • Two-Factor Authentication (2FA): Required at the time of initial account setup and during any password reset events. 2FA may use time-based one-time passcodes (TOTP), authenticator apps, or SMS verification, based on institutional policy

                      • Session Timeout & Re-authentication: Sessions are automatically terminated after a defined period of inactivity. Users must re-authenticate using their password to resume system access

                      • Enforced Password Resets: Users may be required to change their passwords at regular intervals, as mandated by institutional policy or system configuration settings

                    User Responsibilities

                    Each User is solely responsible for:

                       

                        • Maintaining the confidentiality of their credentials and not sharing their account with any other individual

                        • Promptly reporting any suspected compromise of account access or unusual system behavior to their IT/security team or designated Orva administrator

                        • Using only their assigned credentials, and not attempting to bypass access controls or impersonate other users

                      RAIN Technology ME LTD reserves the right to suspend, deactivate, or audit user accounts in response to detected anomalies, potential misuse, or institutional policy enforcement.

                      5. Data Management

                      The Orva platform collects and processes data essential for clinical workflow support, operational integrity, and regulatory compliance. All data is handled in accordance with the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2) and the UAE Personal Data Protection Law (PDPL – Federal Decree Law No. 45 of 2021).

                      Categories of Data Collected

                      Orva may collect the following data types during clinical use:

                         

                          • Surgical Milestones & Workflow Logs: Time-stamped events representing clinical actions, procedural steps, or documented notes entered via voice or touchscreen

                          • Wake-Word Activated Voice Inputs: Audio recordings triggered only after the system detects its activation phrase (“Hey Orva”), capturing user commands or dictated notes for in-session processing

                          • Session Metadata & Device Information: Includes anonymized session identifiers, user role tags, device IDs, room identifiers, session duration, and system performance logs

                        All data is collected under the authority of the deploying healthcare institution and governed by its data handling, consent, and access control policies.

                        Data Protection & Hosting

                        All data—including PHI and PII—is safeguarded using the following technical controls:

                           

                            • AES-256 encryption at rest and TLS 1.2/1.3 encryption in transit, ensuring confidentiality and integrity of all transmitted or stored data

                            • Role-based access restrictions and audit logging enforced at both the application and infrastructure layers

                            • Cloud storage within UAE borders, using ADHICS-compliant hosting environments to maintain residency and compliance with Ministry of Health and Prevention (MOHAP) and Department of Health (DoH) standards

                          RAIN Technology ME LTD enforces regular security reviews, access audits, and vulnerability assessments to protect data throughout its lifecycle.

                          Data is retained and disposed of according to the healthcare provider’s policies and applicable retention obligations, including incident response and forensics, where applicable.

                          6. Data Privacy

                          RAIN Technology ME LTD is committed to maintaining the confidentiality, integrity, and lawful processing of all Protected Health Information (PHI) and Personally Identifiable Information (PII) collected and processed through the Orva platform. All data privacy practices comply with the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021) and the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2).

                          Data Residency and Access

                          All PHI and PII processed by Orva is:

                             

                              • Stored exclusively within UAE jurisdiction, using cloud hosting environments that are certified for health sector compliance under ADHICS

                              • Accessible only by authorized personnel, including clinical users and approved system administrators who have been provisioned with appropriate access rights

                              • Protected by role-based access controls (RBAC), audit trails, and session logging mechanisms to ensure accountability, traceability, and adherence to institutional policies

                            Access to any sensitive data is governed by the healthcare institution’s internal policy and is monitored for unauthorized activity or abnormal patterns.

                            International Data Transfer Restrictions

                            Orva does not transfer PHI or PII outside of the United Arab Emirates unless all of the following conditions are met:

                               

                                • The data is fully anonymized in accordance with UAE PDPL standards, such that individuals cannot be re-identified directly or indirectly

                                • The transfer is made only for system improvement, security audit, or development purposes

                                   

                                • The transfer has been explicitly approved in writing by the data controller, i.e., the deploying healthcare provider or institution

                              Any such transfers are logged, subject to contractual safeguards, and periodically reviewed for compliance.

                              7. Voice Samples for System Improvement

                              To support the accuracy and contextual responsiveness of Orva’s speech recognition and natural language understanding (NLU) models, de-identified voice samples may be used for internal training and system enhancement purposes.

                              Scope of Use

                              Voice samples are:

                                 

                                  • Only captured after the system detects the wake word (“Hey Orva”), ensuring user-initiated activation

                                  • Used to improve the platform’s ability to recognize clinical terminology, regional accents, and real-time surgical language patterns

                                  • Processed strictly for the purpose of improving Orva’s performance, safety workflows, and speech recognition models

                                     

                                RAIN Technology ME LTD does not use voice data for:

                                   

                                    • Commercial advertising, marketing, or behavioral profiling

                                       

                                    • Monetization, resale, or third-party licensing of any audio content or training data sets

                                  De-identification & Privacy Safeguards

                                  Before any voice sample is used for system improvement, it undergoes a rigorous de-identification process to ensure that it no longer constitutes PHI or PII under the UAE Personal Data Protection Law (PDPL) and ADHICS standards. This includes:

                                     

                                      • Stripping metadata and clinical identifiers

                                      • Audio review to remove personally revealing speech content

                                      • Ensuring data is irreversibly anonymized such that re-identification is not possible

                                    Access to de-identified training data is restricted to authorized RAIN personnel under strict role-based permissions, and all use is auditable and logged for accountability.

                                    8. User Responsibilities

                                    All authorized users of the Orva platform are expected to operate within the scope of their clinical role and adhere to their healthcare institution’s privacy, security, and compliance policies. Use of the Orva system implies an ongoing responsibility to safeguard sensitive information, ensure lawful use, and maintain operational integrity.

                                    Users must:

                                    1. Ensure Appropriate Use of the System

                                       

                                        • Use Orva solely for approved clinical and operational purposes

                                           

                                        • Follow institutional guidelines related to the use of voice-activated technology in surgical settings

                                        • Avoid any unauthorized or experimental use of the platform, including non-clinical data entry, testing, or external integrations

                                      2. Safeguard Account Credentials

                                         

                                          • Keep usernames, passwords, and any two-factor authentication (2FA) mechanisms confidential and secure

                                             

                                          • Never share login credentials or allow unauthorized individuals to access the platform under their account

                                          • Log out of active sessions when leaving a device unattended in clinical areas

                                        3. Report Misuse or Security Incidents Promptly

                                           

                                            • Immediately report any suspected data breach, unauthorized access, or misuse of the Orva platform to their institution’s designated security or privacy officer

                                            • Cooperate with internal investigations, incident response efforts, and compliance reviews when requested

                                            • Report any device loss or suspected credential compromise to their IT department to initiate secure deactivation

                                          RAIN Technology ME LTD reserves the right to suspend or terminate access for any user found to be in violation of these responsibilities or whose activity presents a risk to data privacy, patient safety, or system integrity.

                                          9. Liability

                                          To the fullest extent permitted under applicable UAE law, RAIN Technology ME LTD disclaims liability for any direct, indirect, incidental, special, or consequential damages arising from the use—or inability to use—the Orva platform.

                                          RAIN Technology ME LTD is not liable for:

                                          1. Clinical Decisions or Outcomes

                                          Orva is a workflow support tool, not a medical device, diagnostic engine, or decision-support system. All medical and clinical decisions remain the sole responsibility of the attending licensed healthcare professionals.
                                           RAIN Technology ME LTD shall not be held liable for:

                                             

                                              • Treatment errors

                                              • Delayed interventions

                                              • Adverse clinical outcomes resulting from reliance on, or misinterpretation of, Orva prompts, timestamps, or system feedback

                                            2. Unauthorized Use or Misuse

                                            RAIN is not responsible for damages or breaches resulting from:

                                               

                                                • Use of the Orva platform by individuals not authorized by a licensed healthcare provider

                                                • Misconfiguration, negligent deployment, or failure to follow security protocols

                                                • Improper storage, handling, or reuse of shared devices without appropriate re-authentication controls

                                              3. Downtime or Service Interruptions

                                              While Orva is designed to operate reliably in healthcare environments, it depends on external infrastructure, including internet connectivity, cloud service providers, and device performance.
                                               RAIN Technology ME LTD is not liable for:

                                                 

                                                  • Temporary service interruptions due to third-party hosting failures

                                                  • Connectivity disruptions at the facility level

                                                  • Delays caused by scheduled maintenance, software updates, or force majeure events

                                                In all cases, the total cumulative liability of RAIN Technology ME LTD under this agreement shall be limited to the amounts paid by the healthcare provider for use of the Orva platform in the preceding 12 months, unless otherwise required by UAE commercial law.

                                                 

                                                10. Modifications

                                                RAIN Technology ME LTD reserves the right to update the ToS at any time. Changes become effective upon written notice to healthcare facilities or posting on the platform.

                                                11. Dispute Resolution

                                                This Terms of Service (ToS) shall be governed by and interpreted in accordance with the laws of the United Arab Emirates, including any applicable health, data protection, and civil regulations issued by federal authorities or regional regulators such as the Department of Health – Abu Dhabi (DoH) and MOHAP.

                                                Resolution Process

                                                In the event of any dispute, claim, or controversy arising out of or relating to the use of the Orva platform, the parties agree to pursue resolution through the following process:

                                                1. Mediation or Arbitration (Optional by Agreement)

                                                Where possible, the parties shall first seek to resolve disputes amicably through good faith negotiations. If unresolved, the parties may mutually agree to submit the matter to:

                                                   

                                                    • Mediation under the rules of the Abu Dhabi Global Market (ADGM) Arbitration Centre, or

                                                    • Binding arbitration conducted in Abu Dhabi, in accordance with the rules of the applicable arbitral body (e.g., ADCCAC or DIAC)

                                                  The language of proceedings shall be English, unless otherwise agreed.

                                                  2. Judicial Proceedings

                                                  If arbitration or mediation is not mutually agreed to, or if either party seeks immediate legal relief:

                                                     

                                                      • All disputes shall be subject to the exclusive jurisdiction of the civil courts of Abu Dhabi, including the courts of ADGM where contractually applicable

                                                      • Nothing in this clause prevents a party from seeking interim or injunctive relief through the courts, including the preservation of evidence or enforcement of confidentiality obligations

                                                    Exclusion of Foreign Law

                                                    The United Nations Convention on Contracts for the International Sale of Goods (CISG) shall not apply to this agreement.

                                                    12. Contact

                                                    RAIN Technology ME LTD
                                                    Level 14, Al Sarab Tower
                                                    ADGM Square, Al Maryah Island
                                                    Abu Dhabi, UAE
                                                    Email: hello@rainstellatech.com