1. Acceptance of Terms

These Terms of Service ("Terms") govern your access to and use of products and services provided by Mirav Labs, including CareLearn LMS, VoiceIQ, Network Ops Agent, Industrial Vision AI, and any associated APIs, dashboards, or integrations (collectively, "Services").

By using the Services, you represent that you have authority to bind yourself or your organisation to these Terms and that you agree to comply with them.

2. Eligibility and Accounts

• You must be at least 18 years old and have legal capacity to enter into contracts.
• You are responsible for maintaining the confidentiality of your account credentials.
• You are responsible for all activities that occur under your account.
• You must notify us immediately of any unauthorised account access at info@d2c.in.

3. Licence and Permitted Use

Subject to your compliance with these Terms and payment of applicable fees, Mirav Labs grants you a limited, non-exclusive, non-transferable, non-sublicensable licence to access and use the Services for your internal business operations.

You may not:

• Resell, sublicence, or provide the Services to third parties without prior written consent
• Reverse engineer, decompile, or attempt to extract source code
• Use the Services to train competing AI models without a separate written agreement
• Circumvent, disable, or interfere with security features
• Use the Services for any unlawful purpose or in violation of applicable regulations
• Transmit malware, spam, or any harmful code through the Services

4. Fees and Payment

• Service fees are specified in your Order Form or Statement of Work.
• Invoices are due within 30 days of issue unless otherwise agreed in writing.
• Late payments accrue interest at 1.5% per month (or the maximum permitted by law).
• Mirav Labs reserves the right to suspend access for accounts more than 45 days overdue.
• Fees are non-refundable except as specified in our Refund Policy.

5. Intellectual Property

Our IP: All software, models, algorithms, methodologies, documentation, and branding associated with Mirav Labs services are our exclusive intellectual property. These Terms do not transfer any ownership rights to you.

Your Data: You retain all ownership rights to your data. You grant Mirav Labs a limited licence to process your data solely for the purpose of providing the Services as described in the applicable data processing agreement.

Feedback: Any suggestions or feedback you provide may be used by Mirav Labs without restriction or compensation.

6. Warranties and Disclaimers

Mirav Labs warrants that the Services will perform materially in accordance with our documentation. To the maximum extent permitted by law, we disclaim all other warranties, express or implied, including fitness for a particular purpose.

7. Limitation of Liability

To the maximum extent permitted by applicable law, Mirav Labs' total liability for any claims arising under or related to these Terms shall not exceed the fees paid by you in the 12 months preceding the claim. In no event shall Mirav Labs be liable for indirect, incidental, special, or consequential damages.

8. Indemnification

You agree to indemnify, defend, and hold harmless Mirav Labs and its officers, directors, and employees from any third-party claims arising from your use of the Services in violation of these Terms or applicable law.

9. Termination

Either party may terminate these Terms with 30 days written notice. Mirav Labs may terminate immediately for material breach, non-payment, or violation of the Acceptable Use Policy. Upon termination, your access is revoked and data is handled per our Privacy Policy and Data Processing Agreement.

10. Governing Law and Disputes

These Terms are governed by the laws of India. Disputes shall first be attempted to be resolved through good-faith negotiation. If unresolved, disputes shall be submitted to arbitration in Delhi, India under the Arbitration and Conciliation Act, 1996.

11. Modifications

We may update these Terms from time to time. We will notify you 30 days before material changes take effect. Continued use of the Services constitutes acceptance of the revised Terms.

1. Scope and Application

This HIPAA Policy applies to Mirav Labs when acting as a Business Associate (as defined under 45 CFR §160.103) in providing healthcare-related services — specifically the CareLearn LMS platform — to Covered Entities such as hospitals, clinics, and health systems.

2. Protected Health Information (PHI)

In the context of CareLearn LMS, Mirav Labs may receive or create limited PHI including:

• Employee names and identifiers linked to training records
• Training completion dates, quiz scores, and certification statuses
• Department assignments and role-based access information

3. Administrative Safeguards (45 CFR §164.308)

• Security Officer: A designated Security Officer oversees HIPAA compliance and incident response.
• Workforce Training: All Mirav Labs employees with access to PHI receive annual HIPAA training.
• Access Management: Role-based access controls limit PHI access to minimum necessary personnel.
• Risk Analysis: Annual security risk assessments are conducted and documented.
• Contingency Plan: Documented data backup, disaster recovery, and emergency access procedures are maintained.
• Business Associate Agreements: We require BAAs with all sub-processors who may access PHI.

4. Physical Safeguards (45 CFR §164.310)

• Data is hosted in AWS Mumbai and Azure India Central — both SOC 2 Type II certified facilities.
• Physical access to data centres is controlled by the respective cloud providers under their security programs.
• Workstation use policies restrict PHI access to authorised devices only.

5. Technical Safeguards (45 CFR §164.312)

• Encryption in Transit: All data transmitted uses TLS 1.2 or higher.
• Encryption at Rest: PHI stored in databases and object storage is encrypted with AES-256.
• Unique User Identification: Each user has a unique credential; shared accounts are prohibited.
• Automatic Logoff: Sessions are terminated after periods of inactivity.
• Audit Controls: Comprehensive audit logs track all access to and modification of PHI.
• Integrity Controls: Data checksums and integrity verification prevent unauthorised alteration.

6. Breach Notification

In the event of a breach affecting unsecured PHI, Mirav Labs will:

• Notify the Covered Entity within 60 days of discovering the breach (per 45 CFR §164.410)
• Provide a description of the breach, types of PHI involved, and remediation steps taken
• Cooperate fully with the Covered Entity's breach notification obligations to affected individuals and HHS

7. Business Associate Agreement

Covered Entities using CareLearn LMS for any function involving PHI must execute a signed Business Associate Agreement (BAA) with Mirav Labs prior to deployment. Contact info@d2c.in to request a BAA template or to arrange execution.

8. HIPAA Training Content

CareLearn LMS includes a comprehensive HIPAA Privacy & Security course aligned with:

• 45 CFR Part 164 — Security Rule
• 45 CFR Part 160 — General Administrative Requirements
• The HITECH Act provisions affecting Covered Entities and Business Associates
• HHS Office for Civil Rights (OCR) enforcement guidance

1. Infrastructure Security

Cloud Infrastructure

• Hosted on AWS Mumbai (ap-south-1) and Azure India Central — SOC 2 Type II certified
• Virtual Private Cloud (VPC) isolation with private subnets for sensitive workloads
• Web Application Firewall (WAF) with OWASP Top 10 rule sets
• DDoS protection via AWS Shield Standard and Azure DDoS Protection
• Network segmentation with security groups enforcing least-privilege access

Data Encryption

• In transit: TLS 1.2 minimum (TLS 1.3 preferred) on all connections. HSTS enforced.
• At rest: AES-256-GCM encryption for all stored data and backups.
• Key management: AWS KMS and Azure Key Vault with automatic key rotation (365-day cycle).
• Database encryption: PostgreSQL and MySQL instances use transparent data encryption (TDE).

2. Application Security

• OWASP Top 10 reviewed in every release cycle
• Input validation and parameterised queries to prevent SQL injection and XSS
• Content Security Policy (CSP) headers enforced on all web interfaces
• Secure Software Development Lifecycle (SSDLC) with mandatory security review for high-risk changes
• Dependencies scanned for known CVEs on every build (Dependabot / Snyk)
• Secrets managed via AWS Secrets Manager and Azure Key Vault — never in source code

3. Access Controls

• Multi-Factor Authentication (MFA): Required for all production system access by Mirav Labs engineers.
• Role-Based Access Control (RBAC): Least-privilege access enforced at all layers.
• Zero-Trust Architecture: Internal services require authenticated and authorised requests regardless of network origin.
• Privileged Access Management: Elevated access requires just-in-time (JIT) approval and is logged.
• Employee offboarding: Access revoked within 2 hours of employment termination.

4. Monitoring and Detection

• 24/7 Security Information and Event Management (SIEM) with automated alerting
• Anomaly detection for unusual access patterns, data exfiltration attempts, and privilege escalation
• Comprehensive audit logs retained for 12 months, with tamper-evident storage
• Victoria Metrics-based infrastructure monitoring with predictive alerting
• Uptime SLA monitoring with automated incident notification

5. Vulnerability Management

• Automated vulnerability scans on all production infrastructure (weekly cadence)
• Critical CVEs patched within 24 hours; high severity within 7 days
• Annual third-party penetration testing by accredited security firms
• Bug bounty programme available — contact info@d2c.in to participate

6. Incident Response

Our incident response lifecycle follows NIST SP 800-61:

1. Preparation: Documented runbooks, trained response team, defined escalation paths
2. Detection & Analysis: Automated detection + human review; severity classification within 1 hour
3. Containment: Isolation of affected systems within 4 hours for P1 incidents
4. Eradication & Recovery: Root cause remediation and service restoration
5. Post-Incident Review: Written RCA within 5 business days; lessons applied to future controls

Customer notification for security incidents affecting their data: within 72 hours of discovery.

7. Backup and Disaster Recovery

• Automated daily backups with 30-day retention; encrypted using the same AES-256 standard
• Recovery Time Objective (RTO): 4 hours; Recovery Point Objective (RPO): 1 hour
• Cross-region backup replication for critical data
• Disaster recovery plan tested bi-annually

8. Third-Party and Supply Chain Security

• All third-party vendors undergo security questionnaire review before onboarding
• Data Processing Agreements (DPAs) executed with all sub-processors
• Open-source dependencies reviewed for licence compliance and security posture

9. Employee Security

• Background verification for all employees with access to production systems
• Mandatory security awareness training on joining and annually thereafter
• Acceptable Use Policy signed by all employees
• Phishing simulation exercises conducted quarterly

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They allow websites to remember your preferences, maintain sessions, and collect analytics data. We also use similar technologies such as local storage and session storage.

2. Types of Cookies We Use

3. Managing Cookies

You can manage cookie preferences through your browser settings:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Options → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions

Disabling essential cookies will prevent login and core platform functionality. Analytics cookies can be disabled without affecting your use of the Services.

4. Third-Party Cookies

We use Google Analytics (with IP anonymisation enabled) for website analytics. Google's privacy practices are governed by their Privacy Policy at policies.google.com. You may opt out using the Google Analytics Opt-out Browser Add-on.

1. SaaS Subscription Products

1.1 CareLearn LMS & VoiceIQ

• Free Trial: Eligible products offer a 14-day free trial. No refund is applicable for trial periods.
• Monthly Subscriptions: Cancellable at any time. No refund for the current billing period; access continues until period end.
• Annual Subscriptions: Pro-rated refund available within 30 days of purchase if the service is materially not performing as described. No refunds after 30 days except in cases of service outage exceeding the SLA.

2. Professional Services and Custom Development

• Project deposits (typically 30–50% of contract value) are non-refundable once project kickoff has occurred.
• Milestone payments are non-refundable once the milestone deliverable has been accepted in writing.
• If Mirav Labs fails to deliver a milestone within the agreed timeline due to our fault, we will offer a credit of up to 15% of the milestone value against future invoices.

3. Service Credits for Downtime

If our platform experiences downtime beyond the SLA guarantee (99.5% monthly uptime), eligible customers will receive service credits:

Credits must be claimed within 30 days of the incident and are applied to the next invoice. Credits are not redeemable for cash.

4. How to Request a Refund

Submit your refund request via email to info@d2c.in with:

• Your account email and organisation name
• Invoice number and date of purchase
• Reason for refund request

We will respond within 5 business days. Approved refunds are processed within 10 business days to the original payment method.

5. Exceptions

Refunds will not be issued for:

• Accounts suspended for violation of our Terms of Service or Acceptable Use Policy
• Failure to use the service after purchase
• Dissatisfaction with AI-generated outputs (subject to our AI disclaimer in the Terms of Service)
• Requests made after the eligible refund window

1. AI Output Disclaimer

Mirav Labs products use large language models and machine learning algorithms to generate recommendations, diagnoses, training content, and voice interactions. While we design our AI systems to be accurate and helpful, no AI system is infallible.

• CareLearn LMS: Training content is reviewed against regulatory sources but should not be used as a substitute for official regulatory guidance, legal counsel, or qualified clinical instruction.
• Network Ops Agent: Automated remediation actions are provided as recommendations. Organisations remain responsible for verifying actions before execution in production environments.
• VoiceIQ: Voice agent scripts are designed to be RBI-compliant but do not constitute legal advice on debt recovery. Financial institutions remain responsible for their own regulatory compliance.
• Industrial Vision AI: Defect detection outputs require confirmation by qualified personnel before product disposition decisions.

2. Accuracy of Information

While we strive to keep all information on our website and platforms current and accurate, Mirav Labs makes no representation or warranty regarding the completeness, accuracy, or timeliness of any content. Regulatory requirements referenced in training courses are subject to change; always verify against the most current official publications.

3. External Links

Our website may contain links to third-party websites and resources. We are not responsible for the content, accuracy, or privacy practices of those external sites. Links are provided for convenience only and do not imply endorsement.

4. Professional Advice

Nothing on our platform constitutes medical advice, legal advice, financial advice, or technical engineering advice for safety-critical systems. Always consult qualified professionals for decisions in these domains.

1. Our Commitment

We are committed to ensuring digital accessibility for people with disabilities and are continually improving the user experience for everyone. Mirav Labs aims to conform to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA.

2. Current Status

CareLearn LMS incorporates the following accessibility features:

• Keyboard navigation throughout the platform
• ARIA labels on interactive elements and form controls
• Sufficient colour contrast ratios (WCAG 2.1 AA minimum)
• Scalable text — up to 200% without loss of functionality
• Screen reader compatible HTML structure
• Video captions for instructional content (where applicable)
• Focus indicators on all interactive elements
• Skip navigation links for keyboard users

3. Known Limitations

We are aware of the following limitations and are actively working to address them:

• Some third-party embedded content may not meet full WCAG 2.1 AA compliance
• Complex data visualisations in the admin dashboard currently lack full alternative text descriptions
• Older PDF certificates may not be fully accessible — updated templates in progress

4. Feedback and Contact

If you experience any accessibility barriers while using Mirav Labs products, we want to know. Please contact us:

• 📧 info@d2c.in (subject: ACCESSIBILITY)
• 📍 Opposite Metro Station, Shalimar Bagh, Delhi 110088, India

We aim to respond to accessibility feedback within 5 business days and to resolve issues within 30 days where technically feasible.