Legal
Terms of Service and Business Associate Addendum
Terms version 2026-06-25. BAA addendum version 2026-06-25. These terms are accepted electronically during signup or account setup.
Account authority
The person creating the account represents that they are authorized to bind the clinic or organization using MedAfter. The clinic is responsible for its users, devices, patient consent, and clinical use of simulations.
Service use
MedAfter provides visual before/after simulations for medical aesthetics consults. Simulations are educational visual aids only. They are not medical advice, treatment plans, diagnoses, guarantees, or outcome predictions.
Patient photos and records
The clinic may upload real patient photos only after accepting these Terms and the Business Associate Addendum below. Unsaved consults remain temporary. Consented saved consults persist as clinic records until deleted or otherwise directed by the clinic.
Business Associate Addendum
If the clinic is a HIPAA Covered Entity or Business Associate, this section is the parties' Business Associate Addendum. Build Better Digital LLC d/b/a MedAfter is the Business Associate, and the clinic is the Covered Entity or upstream Business Associate.
Permitted PHI use
MedAfter may use or disclose PHI only to provide the MedAfter simulation service, operate and secure the service, comply with law, and carry out obligations in this Addendum. MedAfter does not sell PHI and does not use PHI to train AI models.
Safeguards and subprocessors
MedAfter will use appropriate administrative, physical, and technical safeguards for ePHI. Current PHI subprocessors are Google Cloud services used for app hosting, AI generation, and patient media storage. MedAfter will require PHI subprocessors to protect PHI under written terms.
Security incidents and breach notice
MedAfter will report impermissible PHI use or disclosure, Security Incidents, and Breaches of Unsecured PHI without unreasonable delay and no later than the notification period required by applicable law or the parties' signed agreement.
Access, amendment, accounting
MedAfter will assist the clinic in responding to patient access, amendment, restriction, and accounting requests where MedAfter maintains the relevant PHI for the clinic.
Return or destruction
On termination or clinic request, MedAfter will return or destroy PHI it maintains for the clinic where feasible. If return or destruction is infeasible, MedAfter will continue to protect the PHI and limit further use.
State and minor-use limits
Clinics may not use MedAfter for Illinois patients or minor patients unless MedAfter has approved the required additional consent or policy workflow for that use case.
Billing
Trial, subscription, and top-up terms are shown in the product or checkout flow. Fees are non-refundable except where required by law or separately agreed in writing.
Changes
MedAfter may update these Terms. If a material update changes the Business Associate Addendum or PHI handling terms, the app may require the clinic to accept the new version before further real patient use.