These Terms of Service ("Terms") govern access to and use of the Lens Health Technologies Ltd ("Lens", "we", "us", "our") software platform and related services (the "Service").
By accessing or using the Service, you confirm that you have read, understood, and agree to be bound by these Terms. If you do not agree to these Terms, you must not access or use the Service.
Lens Health Technologies Ltd ("Lens") provides an intelligence layer for health and care organisations within the United Kingdom.
The Service enables Customers to integrate data from multiple operational and related systems, analyse that data in a structured manner, and generate insights and reports to support operational decision-making, compliance activities, and service management.
The Service is designed to assist organisations in improving the accessibility and usability of their data; however, it does not replace professional judgement, regulatory responsibility, or clinical decision-making by the Customer or its Authorised Users.
The Service is provided on a business-to-business basis and is available only to organisations. Individuals may not access or use the Service in a personal capacity.
By accessing or using the Service on behalf of a Customer, you confirm that you have the authority to bind that organisation to these Terms.
Authorised Users must:
Accounts for the Service may not be created independently by individual users.
Access to the Service will only be provisioned by Lens following:
Lens reserves the right to withhold access to the Service until such agreements are in place.
The Customer is solely responsible for:
The Customer shall ensure that the Service is used only in accordance with these Terms and all applicable laws and regulations. The Customer is responsible for all use of the Service by its Authorised Users.
The Customer and its Authorised Users must not:
Lens reserves the right, without prejudice to any other rights or remedies, to:
The Service is provided on a subscription and/or usage-based basis.
All fees, pricing structures, and payment terms are set out in the applicable commercial agreement between Lens and the Customer.
The Customer shall pay all fees in accordance with the terms of that commercial agreement.
Lens reserves the right to suspend or restrict access to the Service where payment is overdue, in accordance with the applicable commercial agreement.
The Customer retains all rights, title, and interest in and to all Customer Data processed through the Service. Nothing in these Terms transfers any ownership rights in Customer Data to Lens.
The processing of Personal Data (including Health Data or other Special Category Data) by Lens on behalf of the Customer is governed by a separate Data Processing Amendment ("DPA") entered into between the parties. The DPA forms an integral part of the contractual relationship and applies to all processing activities carried out under these Terms.
The DPA sets out the full terms governing data protection compliance, including without limitation: the roles and responsibilities of each party, lawful bases for processing, data security measures, sub-processor arrangements, international data transfer mechanisms, data retention and deletion requirements, data subject rights handling, breach notification obligations, and data portability and export rights.
For the avoidance of doubt, any obligations relating to data security, confidentiality, breach notification, sub-processor use, international transfers, retention periods, deletion timeframes, and data export rights are governed in full by the DPA (and any applicable Data Processing Schedule or Annex) and not duplicated within these Terms.
Lens shall process Customer Data only in accordance with the Customer's documented instructions and the terms of the DPA.
In the event of any conflict between these Terms and the DPA, the DPA shall prevail in relation to data protection and processing matters.
The Service may include the use of artificial intelligence, machine learning models, and other algorithmic processing techniques to support functionality such as generating insights, assisting decision-making, identifying patterns, or improving system performance.
Where such AI or algorithmic processing is used, it is designed to operate as a decision-support tool and is not intended to produce solely automated decisions that have legal or similarly significant effects on individuals without appropriate human oversight.
Any use of automated processing, including the extent of human review and intervention in outputs generated by the Service, is further described in the AI Explainability Document, which forms part of the Service documentation and is made available to Customers upon request.
The AI Explainability Document sets out, where applicable, information regarding the nature of AI/ML models used, their intended purpose, limitations, data inputs, and the level of human oversight applied, in line with applicable UK GDPR requirements, including Article 22 where relevant.
Customers are responsible for ensuring that their use of the Service complies with applicable legal, regulatory, clinical safety, and governance requirements in their deployment context.
Each party shall keep confidential all information disclosed by the other party that is designated as confidential or that reasonably ought to be considered confidential given its nature ("Confidential Information").
Each party agrees to:
Confidential Information shall not include information that is publicly available through no breach of these Terms or was lawfully obtained from a third party without restriction.
Lens shall use reasonable efforts to ensure the availability and continuous operation of the Service.
The Service may be temporarily unavailable or subject to modification from time to time, including for reasons such as:
Where reasonably practicable, Lens will provide advance notice of any planned downtime.
Any specific service levels, uptime commitments, or service availability targets (if applicable) shall be set out in the relevant commercial agreement between Lens and the Customer.
Lens implements appropriate technical and organisational measures designed to protect the security, confidentiality, integrity, and availability of data processed through the Service.
Such measures include, where applicable:
Lens maintains up-to-date security information relating to the Service and will make relevant security and compliance information available via its website or upon reasonable request. Additional details of the technical and organisational security measures applied to the processing of Personal Data are set out in the Data Processing Amendment (DPA) between the parties.
The Customer is responsible for:
Lens continuously improves its security, governance, and compliance posture and seeks to align the Service with relevant healthcare, clinical safety, cyber security, and information governance standards.
The Service may be used in environments where additional healthcare, clinical safety, or regulatory frameworks apply, including (without limitation) NHS-specific standards such as DTAC, DCB0129, and DCB0160, as well as UK GDPR, Cyber Essentials, applicable Data Security and Protection Toolkit (DSPT) requirements, ISO standards (including ISO 27001 where applicable), and other related clinical safety, information governance, data protection, or procurement requirements.
Where Lens holds or maintains relevant certifications or assurances, including Cyber Essentials and alignment with the NHS Data Security and Protection Toolkit (DSPT), Lens commits to maintaining such certifications for so long as they are stated as applicable to the Service. In the event that any such certification or formal assurance materially lapses, is withdrawn, or is not renewed, Lens shall notify affected Customers without undue delay.
Up-to-date information regarding the Service's applicable standards, security posture, certifications, and compliance considerations is maintained on Lens' website and may also be provided upon reasonable request. Customers remain responsible for reviewing the most current information prior to procurement, deployment, and use of the Service.
All intellectual property rights in the Service, including the platform, software, systems, documentation, and any related materials, are and shall remain the exclusive property of Lens Health Technologies Ltd or its licensors.
Subject to these Terms and the Customer's compliance with them, Lens grants the Customer a limited, non-exclusive, non-transferable, and non-sublicensable right to access and use the Service for its internal business purposes during the term of the applicable agreement.
The Customer shall not acquire any rights, title, or interest in the Service except for the limited rights expressly granted under these Terms.
Any feedback, suggestions, ideas, or recommendations provided by the Customer or its Authorised Users regarding the Service may be used by Lens without restriction, attribution, or obligation, including for the purpose of improving, developing, or enhancing the Service.
Lens may suspend or restrict access to the Service, in whole or in part, with immediate effect where reasonably necessary, including where:
Lens will use reasonable efforts to provide prior notice of any suspension where practicable, unless immediate action is required to protect the Service, data, or security.
Either party may terminate access to the Service in accordance with the terms of the applicable commercial agreement.
Upon termination or expiry of the agreement:
Termination shall not affect any rights, obligations, or liabilities accrued prior to the date of termination.
The Service is provided on an "as is" and "as available" basis and is intended solely as an operational support tool to assist with the organisation, analysis, and interpretation of data. It does not provide medical advice, clinical diagnosis, or treatment recommendations, and must not be relied upon as a substitute for professional judgement, clinical assessment, or regulatory, safeguarding, or clinical governance responsibilities of the Customer or its Authorised Users.
Unless explicitly configured, documented, and governed under applicable clinical safety standards (including where relevant DCB0129 and DCB0160), the Service is not intended to function as a clinical decision support system and must not be used as such.
To the maximum extent permitted by applicable law:
Nothing in these Terms excludes or limits liability for anything which cannot legally be excluded or limited under applicable law, including liability for death or personal injury caused by negligence, fraud, or fraudulent misrepresentation.
Lens may update or modify the Service from time to time, including to improve functionality, performance, security, or compliance.
Lens may also update these Terms from time to time. Where changes are material, Lens will use reasonable efforts to provide notice to the Customer, which may include notification via the Service, email, or other reasonable means.
Continued use of the Service following any such updates shall constitute acceptance of the revised Terms.
These Terms, and any dispute or claim arising out of or in connection with them, shall be governed by and construed in accordance with the laws of England and Wales.
The parties agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms.