Effective Date: April 22, 2025
Last Updated: May 20, 2025
This End User License Agreement (“EULA”) governs your access to and use of Orva, a perioperative voice assistant platform developed by RAIN Technology, Inc. (for U.S. users) and RAIN Technology ME LTD (for UAE users), collectively referred to as “RAIN,” “we,” “us,” or “our.”
By accessing or using the Orva platform, you (“User”) agree to comply with the terms and conditions applicable to your jurisdiction.
Users are subject to the version of this EULA corresponding to their jurisdiction:
Applies to users located in the United Arab Emirates
This End User License Agreement (“EULA”) is a binding legal agreement between you (“User,” “you,” or “your”) and RAIN Technology ME LTD, a company organized and existing under the laws of the United Arab Emirates, with its principal office located at Level 14, Al Sarab Tower, ADGM Square, Al Maryah Island, Abu Dhabi, UAE (“RAIN Technology,” “we,” “our,” or “us”). This EULA governs your access to and use of Orva, a clinical-grade, voice-activated software platform designed to operate on smart healthcare devices, including but not limited to Android tablets, wearable headsets, and clinical display TVs, within licensed surgical and procedural healthcare environments in the UAE.
By installing, accessing, or using the Orva software (“Software”), you agree to be legally bound by the terms of this EULA, in addition to all applicable terms outlined in the Orva Terms of Service (ToS) and Privacy Policy. If you do not agree to all the terms of this EULA, you are not authorized to access or use the Orva Software, and you must cease use and uninstall it immediately.
This Software is expressly licensed—not sold—and is made available exclusively for institutional clinical use by authorized healthcare providers and personnel. It may only be used in compliance with the laws and data protection frameworks of the United Arab Emirates, including the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2), UAE Federal Decree Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), and other regulations set forth by the Department of Health – Abu Dhabi (DOH) and the Ministry of Health and Prevention (MOHAP).
RAIN Technology ME LTD retains all ownership, intellectual property rights, and proprietary interests in the Orva Software. This EULA grants you a limited, non-exclusive, non-transferable, and revocable license to use the Software solely for clinical and healthcare operational purposes, subject to the restrictions outlined herein. Any use of the Software outside the authorized scope, including commercial exploitation, reverse engineering, or use in non-clinical environments, is strictly prohibited and may constitute a violation of civil or criminal law.
By accepting this EULA, you represent and warrant that you are an authorized healthcare provider, administrator, or user operating under the authority of a licensed UAE healthcare facility and that you will use the Software solely within the bounds of clinical and regulatory guidelines.
Subject to your continued compliance with this EULA and all applicable laws and regulations, RAIN Technology ME LTD hereby grants you a limited, non-exclusive, non-transferable, non-sublicensable, and revocable license to install, access, and use the Orva Software solely for its intended clinical and operational purposes within a licensed healthcare institution operating under the jurisdiction of the United Arab Emirates.
This license is expressly conditioned upon the following limitations:
RAIN Technology ME LTD reserves all rights not expressly granted to you under this EULA. No license or right is granted to use RAIN’s trademarks, trade secrets, patents, or other intellectual property except as explicitly permitted herein.
As part of its core functionality, Orva may capture voice inputs and user commands initiated by a predefined wake-word trigger (“Hey Orva”). This voice-enabled interaction is designed to support clinical workflow automation, reduce manual documentation burden, and facilitate safe, hands-free operation in surgical environments.
Purposes of Collection
Privacy & Safeguards
All voice samples used for system learning are:
No voice data—whether raw or de-identified—is used for advertising, profiling, or sold to external entities under any circumstances.
RAIN Technology ME LTD processes personal and clinical data within the Orva platform in accordance with the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021) (“PDPL”), the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS v2), and relevant guidance issued by the Department of Health – Abu Dhabi (DoH).
Primary Lawful Basis – Direct Clinical Use
Pursuant to PDPL Article 4(1)(b), the collection and processing of personal data—including voice recordings and session metadata—is considered lawful when necessary for the provision of healthcare or treatment, without requiring additional patient consent. Orva’s use in surgical environments for real-time documentation, workflow support, and clinical safety alerts falls under this provision.
Secondary Uses – Model Training & Analytics
For purposes beyond direct care, such as AI model refinement, feature development, or clinical workflow benchmarking, Orva relies on one of the following lawful bases:
RAIN Technology ensures that all data used for secondary purposes undergoes rigorous de-identification processes in accordance with ADHICS and industry best practices.
To ensure operational integrity, clinical accountability, and accurate workflow traceability, Orva systematically logs and attributes all user interactions within the platform—including but not limited to voice commands, button presses, navigation events, and session activities—to the authenticated user account performing the action.
These logs are:
All activity logs are classified as Confidential under Orva’s data management policy and are protected using industry-standard encryption and access control mechanisms. Logs are retained in accordance with the healthcare facility’s data retention policy and are not used for performance evaluation or disciplinary purposes unless directed by the institution or required under applicable UAE law.
Orva’s attribution framework aligns with ADHICS v2 requirements for auditability and PDPL mandates for lawful and transparent processing of user-related data in healthcare systems.
In accordance with the UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021) and ADHICS v2, individuals whose data is processed via the Orva platform are entitled to exercise specific rights concerning their personal and health-related data. These rights may be subject to institutional policies, medical record retention requirements, and applicable healthcare regulations.
Subject to the clinical context and lawful limitations, you may:
How to Submit a Request
Data subject rights requests should be submitted:
RAIN will acknowledge receipt of your request within five (5) business days and, where applicable, will respond in full within thirty (30) calendar days, in accordance with Article 14 of the UAE PDPL. In certain complex cases or where verification is required, the timeline may be extended by an additional thirty (30) days with prior notice.
RAIN Technology ME LTD reserves the right to request additional information to confirm the identity of the requester or to verify institutional authorization, where applicable.
RAIN Technology ME LTD is committed to safeguarding all personal, clinical, and operational data processed through the Orva platform by implementing a comprehensive, risk-based information security program. This program is designed to meet and exceed the expectations of UAE healthcare regulators and international security frameworks.
Compliance Frameworks
RAIN maintains active compliance with the following standards and regulations:
Technical and Administrative Safeguards
RAIN implements the following security measures throughout the Orva platform:
All security controls are reviewed at least annually, and RAIN conducts internal audits and third-party assessments to validate ongoing compliance with security standards and legal obligations.
This EULA incorporates the Orva Privacy Policy (UAE version), which provides detailed information on:
Orva may be configured to interface with hospital systems, including EHRs and scheduling tools. Integration will be scoped to the minimum necessary access and adhere to UAE-specific regulatory requirements.
RAIN Technology ME LTD reserves the right to suspend or terminate this End User License Agreement (EULA) and your associated access to the Orva Software at any time, with or without prior notice, under any of the following conditions:
Upon termination, the following terms shall immediately apply:
RAIN Technology ME LTD is not liable for any disruption to clinical workflows or operations resulting from license termination when such termination is the result of breach, institutional disengagement, or legal mandate.
This EULA is governed by the laws of the United Arab Emirates, and disputes shall be resolved through the courts of Abu Dhabi.
RAIN Technology ME LTD
Level 14, Al Sarab Tower
ADGM Square, Al Maryah Island
Abu Dhabi, UAE
Email: hello@orvahealth.com
Applies to users located in the United States
This End User License Agreement (“EULA”) is a binding legal agreement between you (“User,” “you,” or “your”) and RAIN Technology, Inc., a Delaware corporation with its principal office located at 5526 W 13400 S #60, Herriman, UT 84096 (“RAIN,” “we,” “our,” or “us”). This EULA governs your installation, access, and use of Orva, a voice-driven software platform designed to support surgical and clinical workflows through hands-free interaction.
Orva is intended exclusively for professional use by healthcare providers, administrators, and clinical staff operating within licensed healthcare facilities in the United States. The platform is delivered through Android-based devices, including tablets, smart TVs, and wearable headsets, and is designed to assist with intraoperative workflow management, documentation, and patient safety coordination.
By installing, accessing, or using the Orva software (“Software”), you acknowledge that you have read, understood, and agree to be legally bound by the terms of this EULA, along with the Orva Terms of Service (ToS), Privacy Policy, and any applicable Business Associate Agreement (BAA) between RAIN and your healthcare organization. If you do not agree to the terms of this EULA, you are not authorized to use the Software, and you must immediately uninstall and discontinue all use.
This Software is licensed, not sold, and remains the intellectual property of RAIN Technology, Inc. Your license is limited, non-exclusive, non-transferable, non-sublicensable, and revocable, and it permits use of the Software solely in accordance with this EULA and applicable U.S. federal and state privacy and healthcare laws, including:
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Health Information Technology for Economic and Clinical Health (HITECH) Act
California Consumer Privacy Act (CCPA/CPRA) and similar state-specific laws, where applicable
The Orva platform is not a medical device, diagnostic system, or substitute for professional medical judgment. You acknowledge and agree that Orva is a clinical support tool intended to assist—not replace—human decision-making in patient care.
Subject to your continued compliance with this EULA, the Orva Terms of Service, applicable Business Associate Agreements (BAAs), and all relevant federal and state laws, RAIN Technology, Inc. hereby grants you a limited, non-exclusive, non-transferable, non-sublicensable, and revocable license to access and use the Orva Software solely for internal clinical and operational purposes within your licensed healthcare organization in the United States.
This license is conditioned on the following limitations and obligations:
RAIN may monitor system usage for compliance and security purposes and reserves the right to suspend or terminate access if the Software is used outside of these terms or in violation of any applicable law or agreement.
As part of its core functionality, Orva captures voice inputs and spoken commands triggered by a designated wake word (e.g., “Hey Orva”). This feature is designed to enable hands-free interaction during surgical procedures and clinical workflows, enhancing efficiency, safety, and documentation accuracy.
Purposes of Collection
Privacy and Security Safeguards
RAIN Technology, Inc. employs strict safeguards to ensure the secure and compliant processing of voice data:
RAIN does not use voice data for advertising, commercial profiling, or any non-clinical purpose. Data is never sold or disclosed to third parties unless required by law or explicitly authorized under a Business Associate Agreement.
By accessing and using the Orva platform, you acknowledge and consent to the collection, processing, and secure storage of personal data—including voice interactions and system metadata—as required for clinical operations, product functionality, and permitted secondary uses under applicable U.S. law.
All collection and handling of Protected Health Information (PHI) by RAIN Technology, Inc. adheres strictly to the “minimum necessary” standard as outlined in the HIPAA Privacy Rule (45 CFR §164.502(b)). PHI is accessed, used, and disclosed only to the extent necessary to fulfill the intended clinical or operational purpose.
By using the Orva Software, you expressly consent to the following:
RAIN does not use, disclose, or retain data beyond what is required for the delivery and support of the Orva platform, except as otherwise permitted by law or contractual agreement.
To promote clinical accountability, support operational transparency, and ensure compliance with healthcare data regulations, Orva automatically logs and attributes all user interactions within the platform to the authenticated account associated with the session.
The following types of activity are logged by the system:
Each recorded action is tied to the verified user account authenticated through the Orva Admin Panel. Logs are tamper-resistant and include time-stamped entries for auditability and historical traceability.
RAIN does not use operational logs for employee or clinician performance evaluation. Logs are strictly maintained to uphold the integrity of the system, ensure accurate attribution, and support clinical governance.
As a user of the Orva platform or a data subject whose information may be processed through clinical use of the Software, you are entitled to certain rights under applicable U.S. data protection laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and state-level laws such as the California Consumer Privacy Act (CCPA/CPRA), where applicable.
Subject to verification of identity, institutional policy, and applicable exceptions under law, you may exercise the following rights:
You may request a copy of your personal data, including PHI or system-attributed activity, that has been collected or maintained through Orva.
You may request that inaccurate or incomplete personal data be corrected, in accordance with HIPAA’s Right to Amend under 45 CFR §164.526.
You may withdraw your consent for the use of your voice data for non-essential purposes, such as system training or enhancement, provided that the data has not already been de-identified or is not required for clinical or operational integrity.
You may request deletion of personal data not required to be retained under HIPAA or other regulatory obligations. Deletion requests are evaluated on a case-by-case basis and must not conflict with medical record retention or legal hold requirements.
Requests should be submitted through one of the following channels:
All requests will be:
RAIN Technology, Inc. reserves the right to request additional information to verify your identity or authority before processing any request and may refer certain requests to your healthcare provider for fulfillment where appropriate.
RAIN Technology, Inc. implements a multi-layered security program to ensure the confidentiality, integrity, and availability of all personal and protected health information (PHI) processed by the Orva platform. This program aligns with U.S. healthcare regulatory requirements and internationally recognized security standards.
RAIN complies with the following frameworks:
RAIN applies the following safeguards to protect Orva data and infrastructure:
All security controls are reviewed at least annually, and independent assessments are conducted periodically to validate effectiveness and compliance.
This EULA incorporates the Orva Privacy Policy (U.S. version). Users are encouraged to review it for full transparency on data handling, retention, and transfer practices.
Orva may interface with third-party applications (e.g., EHR platforms), but only under HIPAA-compliant architecture and Business Associate Agreements (BAAs), as required.
RAIN Technology, Inc. reserves the right to suspend or terminate your license to use the Orva Software at any time, with or without prior notice, under any of the following conditions:
Upon termination:
RAIN Technology, Inc. will not be liable for any loss of access, operational disruption, or data resulting from the lawful enforcement of termination provisions as defined herein.
This End User License Agreement (EULA) shall be governed by and construed in accordance with the laws of the State of Delaware, United States of America, without regard to its conflict-of-law principles or provisions that would result in the application of the laws of another jurisdiction.
In the event of any dispute, claim, or controversy arising out of or relating to this EULA, the Orva Software, or your use thereof, the parties agree to the following dispute resolution process:
Notwithstanding the foregoing, either party may seek:
Each party shall bear its own legal fees and costs unless otherwise determined by the arbitrator or agreed in writing.
RAIN Technology, Inc.
5526 W 13400 S #60
Herriman, UT 84096
Email: hello@orvahealth.com