Master Services Agreement (Template)
Standard terms for pilot and ongoing engagements. Covers scope, fees, IP ownership, confidentiality, liability caps, termination.
Request MSA template →Legal
Our legal framework is designed for regulated life sciences environments. Templates available for review — finalized agreements executed per engagement.
Templates provided for review. Final agreements customized per engagement.
Templates provided for review — finalized agreements customized per engagement.
Standard terms for pilot and ongoing engagements. Covers scope, fees, IP ownership, confidentiality, liability caps, termination.
Request MSA template →GDPR Art. 28 compliant. Covers subprocessors, data subject rights, breach notification, international transfers, audit rights.
Request DPA template →HIPAA-compliant BAA for customers requiring it. Covers permitted uses, safeguards, breach notification, termination.
Request BAA template →Standard mutual confidentiality agreement for evaluation discussions. 2-year term, standard carveouts.
Request NDA template →Last updated: July 2025. Next review: January 2026.
Template provided for review — finalized per engagement.
NextConsensus, Inc. (Delaware corporation). Contact: [email protected]
We process minimal personal data:
We do not process PHI, sensitive health data, or proprietary clinical data.
You may exercise: Access, Rectification, Erasure, Restriction, Portability, Objection. Submit via contact form or [email protected]. Response within 30 days.
Infrastructure on Cloudflare (US/EU). Standard Contractual Clauses (2021) for US-EU transfers. EU data residency available via regional routing.
See Security & Compliance for SOC 2, encryption, access controls, incident response.
Last updated: July 2025. Next review: January 2026.
Template provided for review — finalized per engagement.
NextConsensus provides evidence-sensitive claim support intelligence: ranked re-review lists and claim-specific assessments for approved claims, based on public evidence sources and customer-provided claim text.
Mutual. 2-year obligation post-termination. Standard carveouts (public domain, independent development, legal compulsion).
Assessments are evidence-impact analyses, not clinical, legal, or regulatory judgments. No warranty of clinical truth, regulatory outcome, or commercial result.
Delaware law, exclusive jurisdiction Delaware state/federal courts. GDPR Art. 27 EU representative designated.
Full DPA available on request. Key terms:
Customer = Controller. NextConsensus = Processor.
Claim text, use context, evidence sources → Assessments. No PHI/PII.
Cloudflare (infrastructure). Written notice 30 days before new subprocessor. Objection right.
SOC 2 Type II (in progress), encryption at rest/in transit, access controls, audit logging.
Processor assists Controller with access, rectification, erasure, portability requests within 15 days.
Processor notifies Controller within 24 hours of confirmed breach affecting personal data.
SCCs (2021) for US-EU. EU residency option via regional routing.
Controller may audit annually with 30-day notice. Third-party auditor acceptable. Costs shared unless material non-compliance.
30 days post-termination. Certification of destruction available.
Full DPA (GDPR Art. 28 compliant) available via contact form.
Full BAA template available on request for HIPAA-covered entities. Key terms:
NextConsensus does not create, receive, or maintain PHI. BAA covers incidental exposure risk only.
Administrative, physical, technical per 45 CFR §164.308/310/312. Encryption, access controls, audit logs, workforce training.
Business Associate notifies Covered Entity within 15 days of discovery (45 CFR §164.410).
Return/destroy PHI (if any) per 45 CFR §164.504(e)(2)(ii)(J). Certification of destruction.
Full BAA available via contact form.
We'll send the full document package within 1 business day.