Terms of Service

Effective Date: July 4, 2026

Welcome to Ember AI.

These Terms of Service govern access to and use of the Ember AI website, platform, and related services (collectively, the "Services") provided by Wisdom, Inc. d/b/a Ember AI ("Ember AI," "we," "us," or "our") to healthcare organizations and other business customers. Ember AI is an AI revenue integrity platform that helps customers improve coding accuracy, prevent denials, recover underpayments, and automate revenue cycle workflows. By accessing or using the Services, you agree to these Terms and our Privacy Policy.

Services Overview

Depending on your agreement with Ember AI, the Services may include some or all of the following:

  • Autonomous medical coding, coding audits, and charge capture review
  • Claim scrubbing, pre-submission validation, and payer-rule checks
  • Denial prevention, underpayment detection, and revenue integrity analytics
  • Denial appeals, recovery workflows, and payer correspondence support
  • Eligibility verification and prior authorization workflows where enabled under your agreement
  • Integrations with electronic health records, practice management systems, and payer portals
  • Operational reporting, audit trails, and human-in-the-loop review for exceptions

Ember AI provides software and workflow automation tools. We do not provide medical, legal, billing, or coding advice, and customer personnel remain responsible for final coding, billing, and clinical decisions unless otherwise agreed in writing.

1. Information We Collect

  • Account and Contact Information: Names, business email addresses, credentials, and related account details provided during onboarding or support.
  • Customer Data and PHI: Clinical documentation, encounter and billing data, claims, remittance and payment information, payer policies, contracts, and other data you or your systems provide to deliver the Services.
  • Integration Data: Information received from connected EHR, practice management, clearinghouse, payer, or other systems authorized by you.
  • Usage and Audit Data: Product usage logs, configuration settings, workflow actions, and audit records needed to operate, secure, and support the platform.
  • Support Communications: Information you submit through support channels, implementation requests, or feedback.

2. How We Use Your Information

We use information to operate and improve the Services, including:

  • Provide, maintain, and improve the Services you purchase, including AI-assisted coding, denial prevention, appeals, and related revenue cycle workflows.
  • Validate outputs, monitor performance, investigate errors, and route exceptions for human review.
  • Secure the platform, prevent fraud or misuse, and comply with legal, contractual, and regulatory obligations.
  • Provide customer support, onboarding, training, and product communications related to the Services.
  • Generate aggregated or de-identified analytics to improve model accuracy and platform reliability, subject to applicable law and your agreement.

3. Data Protection

  • Encryption: Customer data is encrypted in transit and at rest using industry-standard safeguards.
  • Compliance: Ember AI maintains HIPAA compliance, enters into Business Associate Agreements with covered entities, and maintains SOC 2 Type II controls with regular third-party audits.
  • Access Controls: Role-based access, audit logging, and least-privilege principles govern internal and customer access to production systems.
  • Retention: Data is retained only as long as necessary to provide the Services, meet legal obligations, or as specified in your agreement.
  • PHI Processing: Protected Health Information is processed only as permitted by your agreement and the BAA attached as Schedule A.

4. User Rights

  • Access and Correction: Authorized customer contacts may request access to or correction of account information, subject to verification and applicable law.
  • Data Requests: Individuals seeking access, portability, or deletion of personal information may contact us; requests involving PHI may require coordination with your organization as the covered entity or business controller.
  • Marketing Preferences: Where applicable, you may opt out of non-essential marketing communications.

5. Cookies and Tracking

Our website uses cookies and similar technologies to operate the site, remember consent preferences, and measure engagement. Non-essential tracking technologies load only after you provide consent through our consent banner. For details, see our Privacy Policy.

6. Data Sharing and Disclosure

We do not sell Protected Health Information. We may share information with service providers that help us host, secure, support, or deliver the Services; with integration partners you authorize; when required by law or valid legal process; or to protect the rights, safety, and security of Ember AI, our customers, and the public. Subprocessors are bound by contractual obligations appropriate to the data they process.

7. Changes to These Terms

We may update these Terms from time to time. Material changes will be posted on our website and, where appropriate, communicated through the Services. Continued use after the effective date of updated Terms constitutes acceptance of the revised Terms.

8. Contact Us

Questions about these Terms may be sent to support@embercopilot.ai.

Schedule A: Business Associate Agreement

This Business Associate Agreement ("BAA") is by and between Wisdom, Inc. d/b/a Ember AI ("Business Associate"), and Customer ("Covered Entity"), and is effective as of the Effective Date.

WHEREAS, pursuant to the Terms of Service, Business Associate will provide certain services to, for, or on behalf of Covered Entity involving the use or disclosure of Protected Health Information ("PHI"), and pursuant to such Terms of Service, Business Associate may be considered a "business associate" of Covered Entity; and

WHEREAS, Covered Entity and Business Associate intend to protect the privacy and provide for the security of PHI disclosed to Business Associate pursuant to the agreement between the parties in compliance with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 ("HIPAA") and the Standards for Privacy of Individually Identifiable Health Information promulgated thereunder by the U.S. Department of Health and Human Services at 45 CFR § 160 and § 164 (the "HIPAA Rules"), and the Health Information Technology for Economic and Clinical Health Act of 2009 (the "HITECH Act"), in each case as amended from time to time; and

WHEREAS, the purpose of this BAA is to satisfy certain standards and requirements of the HIPAA Rules and the HITECH Act, as the same may be amended from time to time.

NOW, THEREFORE, in consideration of the mutual promises below and the exchange of information pursuant to this BAA, the parties agree as follows:

1. Definitions.

Terms used but not otherwise defined in this BAA shall have the same meaning as set forth in 45 CFR Parts 160, 162 and 164, or the HITECH Act.

2. Obligations of Business Associate.

  1. Permitted Uses and Disclosures. Business Associate agrees to only Use or Disclose PHI as necessary in order to perform the services set forth in the agreement between the parties, as permitted under this BAA, or as Required by Law. Business Associate shall have the right to de-identify any and all PHI, provided that Business Associate implements a de-identification process that conforms to the requirements of 45 C.F.R. 164.514(a)-(c) ("De-identified Data"). Business Associate may Use or Disclose such De-identified Data to third parties at its discretion, as such De-identified Data does not constitute PHI and is not subject to the terms of this BAA. Business Associate shall own all right, title and interest in and to such De-identified Data.
  2. Nondisclosure. Business Associate shall not Use or further Disclose PHI other than as permitted or required by this BAA.
  3. Safeguards. Business Associate shall use appropriate administrative, technical, and physical safeguards to prevent the use or disclosure of PHI other than as provided for by this BAA. Business Associate shall maintain a comprehensive written information privacy and security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the Business Associate's operations and the nature and scope of its activities.
  4. Reporting of Disclosures; Mitigation. Business Associate shall report to Covered Entity any use or disclosure of PHI not provided for by this BAA of which Business Associate becomes aware. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of this BAA.
  5. Business Associate's Agents. Business Associate shall ensure that any subcontractors, to whom it provides PHI received from (or created or received by Business Associate on behalf of) Covered Entity agree to the same restrictions and conditions that apply to Business Associate with respect to such PHI.
  6. Availability of Information to Covered Entity. Business Associate shall make available to Covered Entity (or, as directed by Covered Entity, to an Individual) such information as Covered Entity may request, and in the time and manner designated by Covered Entity, to fulfill Covered Entity's obligations (if any) to provide access to, provide a copy of, and account for disclosures with respect to PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR §§ 164.524 and 164.528. Requests for information must be submitted at least 14 days in advance of the due date.
  7. Amendment of PHI. Business Associate shall make any amendments to PHI in a Designated Record Set that the Covered Entity directs or agrees to at the request of Covered Entity or an Individual, and in the time and manner designated by Covered Entity, to fulfill Covered Entity's obligations (if any) to amend PHI pursuant to HIPAA and the HIPAA Rules, including, but not limited to, 45 CFR § 164.526, and Business Associate shall, as directed by Covered Entity, incorporate any amendments to PHI into copies of such PHI maintained by Business Associate.
  8. Internal Practices. Business Associate shall make its internal practices, books and records relating to the use and disclosure of PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) available to the Secretary, in a time and manner designated by Covered Entity or the Secretary, for purposes of the Secretary determining Covered Entity's compliance with HIPAA and the HIPAA Rules.
  9. Documentation of Disclosures for Accounting. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.
  10. Access to Documentation for Accounting. Business Associate agrees to provide to Covered Entity or an Individual, in a time and manner designated by Covered Entity, information documented in accordance with Section 2(i) of this BAA in a time and manner as to permit Covered Entity to respond to a request by an Individual for an accounting of disclosures of PHI in accordance with 45 CFR § 164.528.
  11. Notification of Breach. During the Term of this BAA, Business Associate shall notify Covered Entity within ten (10) days of Discovery of any Breach of Unsecured PHI. Business Associate further agrees, consistent with Section 13402 of the HITECH Act, to provide Covered Entity with information necessary for Covered Entity to meet the requirements of said section, and in a manner and format to be specified by Covered Entity.
  12. Minimum Necessary. When using, disclosing, or requesting PHI from the Covered Entity, or in accordance with any provision of this BAA, Business Associate shall limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.

3. Obligations of Covered Entity.

  1. Covered Entity shall be responsible for using appropriate safeguards to maintain and ensure the confidentiality, privacy and security of PHI transmitted to Business Associate pursuant to the BAA and this BAA, in accordance with the standards and requirements of HIPAA and the HIPAA Rules, until such PHI is received by Business Associate.
  2. Upon request, Covered Entity shall provide Business Associate with the notice of privacy practices that Covered Entity produces in accordance with 45 CFR § 164.520, as well as any changes to such notice.
  3. Covered Entity shall provide Business Associate with any changes in, or revocation of, permission by an Individual to use or disclose PHI, if such changes affect Business Associate's permitted or required uses or disclosures.
  4. Covered Entity shall notify Business Associate of any restriction to the use or disclosure of PHI that Covered Entity has agreed to in accordance with 45 CFR § 164.522, if such restriction affects Business Associate's permitted or required uses or disclosures.

4. Term and Termination.

  1. Term. The Term of this BAA shall become effective as of the Effective Date and shall terminate when all of the PHI provided by Covered Entity to Business Associate, or created or received by Business Associate on behalf of Covered Entity, is destroyed or returned to Covered Entity, or, if it is infeasible to return or destroy PHI, protections are extended to such information, in accordance with the termination provisions of this Section and the Terms of Service. The provisions of this BAA shall survive termination of the BAA to the extent necessary for compliance with HIPAA and the HIPAA Rules.
  2. Material Breach. A material breach by either party of any provision of this BAA shall constitute a material breach of the BAA, if such breach is not cured by the breaching party within thirty (30) days of receipt of notice describing the material breach.
  3. Reasonable Steps to Cure Breach. If either party learns of an activity or practice of the other party that constitutes a material breach or violation of the other party's obligations under the provisions of this BAA, then the non-breaching party shall notify the breaching party of the breach and the breaching party shall take reasonable steps to cure such breach or violation, as applicable, within a period of time which shall in no event exceed thirty (30) days. If the breaching party's efforts to cure such breach or violation are unsuccessful, the non-breaching party shall either terminate the BAA, if feasible, or if termination of the BAA is not feasible and the breaching party has violated the HIPAA Rules, the non-breaching party may report the breaching party's breach or violation to the Secretary.
  4. Judicial or Administrative Proceedings. Either party may terminate the BAA, effective immediately, if the other party is named as a defendant in a criminal proceeding for an alleged violation of HIPAA, or a finding or stipulation that the other party has violated any standard or requirement of HIPAA or other security or privacy laws is made in any administrative or civil proceeding in which the party has been joined.
  5. Effect of Termination.
    1. Except as provided in paragraph (e)(2) of this Section or if required by law or regulation to be maintained by Business Associate, upon termination of the BAA for any reason, Business Associate shall return at Covered Entity's expense, or destroy all PHI received from Covered Entity (or created or received by Business Associate on behalf of Covered Entity) that Business Associate still maintains in any form, and shall retain no copies of such PHI. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate.
    2. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to Covered Entity notification of the conditions that make return or destruction infeasible. Upon mutual agreement of the parties that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this BAA to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI. The obligations of Business Associate under this Section shall survive the termination of the BAA.

5. Amendment to Comply with Law.

The parties acknowledge that state and federal laws relating to electronic data security and privacy are rapidly evolving and that amendment of the BAA may be required to provide for procedures to ensure compliance with such developments. The parties specifically agree to take such action as is necessary to implement the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, and other applicable laws relating to the security or confidentiality of PHI. Upon the request of either party, the parties shall promptly enter into negotiations concerning the terms of an amendment to the BAA embodying written assurances consistent with the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or other applicable laws relating to security and privacy of PHI. Either party may terminate the BAA upon thirty (30) days' written notice in the event the other party does not promptly enter into negotiations to amend the BAA when requested pursuant to this Section, or does not enter into an amendment to the BAA providing assurances regarding the safeguarding of PHI that satisfy the standards and requirements of HIPAA, the HIPAA Rules, the HITECH Act, or any other applicable laws relating to security and privacy of PHI.

6. No Third Party Beneficiaries.

Nothing in this BAA is intended to confer, nor shall anything herein confer, upon any person other than Covered Entity, Business Associate and their respective successors and assigns, any rights, remedies, obligations or liabilities whatsoever and no other person or entity shall be a third party beneficiary of this BAA.

7. Effect on BAA.

Except as specifically required to implement the purposes of this BAA, or to the extent inconsistent with this BAA, all other terms of the BAA shall remain in full force and effect.

8. Interpretation.

This BAA shall be interpreted as broadly as necessary to implement and comply with HIPAA, the HIPAA Rules and any other applicable law relating to security and privacy of PHI. Any ambiguity in this BAA shall be resolved in favor of a meaning that permits Covered Entity to comply with the HIPAA Rules.

9. Regulatory References.

A reference in this BAA to a section in the HIPAA Rules or the HITECH Act means the section as in effect or as amended, and for which compliance is required.

Schedule B: CPT® Notices and Disclaimers (AMA)

I. Copyright and Trademark Notices
  1. Licensee will ensure that the following text is displayed prior to initial display of CPT content.

CPT copyright 2025 American Medical Association. All rights reserved.

  1. Licensee will ensure that the following copyright notice is included on each page, or as often as reasonably practical, of any display or print-out where CPT content appears (other than that which would constitute fair use, internal reports, and claim forms for specific patients).

CPT copyright 2025 American Medical Association. All rights reserved.

  1. Licensee will include the trademark symbol ® following the first appearance of "CPT" in each section of the Licensed Products.
  2. When Licensee updates the Licensed Products with subsequent annual releases of Licensed Content, Licensee will update the copyright year as specified in the Licensed Content, which is usually the year prior to the title date (e.g., the copyright year for CPT® 2026 is 2025).
II. Other Notices and Disclaimers
  1. Licensee shall include the following notice prior to the initial display of CPT content in each Licensed Product.

U.S. Government End Users. CPT is commercial technical data, which was developed exclusively at private expense by the American Medical Association (AMA), 330 North Wabash Avenue, Chicago, Illinois 60611. Use of CPT in connection with this product shall not be construed to grant the Federal Government a direct license to use CPT based on FAR 52.227-14 (Data Rights - General) and DFARS 252.227-7015 (Technical Data - Commercial Items).

  1. If a Licensed Product includes National Correct Coding Policy content, Licensee shall include the following notice in such Licensed Product.

The responsibility for the content of any "National Correct Coding Policy" included in this product is with the Centers for Medicare and Medicaid Services and no endorsement by the AMA is intended or should be implied. The AMA disclaims responsibility for any consequences or liability attributable to or related to any use, nonuse or interpretation of information contained in this product.