Terms and Conditions

These Terms and Conditions ("Terms") constitute a legally binding agreement between you ("User," "you," or "your") and RainerTek LLC ("Company," "we," "us," or "our"), governing your access to and use of the BioSure Lab Portal platform, including the website at biosurelab.com and associated subdomains, application programming interfaces (APIs), report generation services, client portal, and any related services (collectively, the "Service").

By creating an account, accessing, or using the Service, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy (/privacy-policy). If you are accepting these Terms on behalf of an organization (laboratory, company, pharmacy, or other entity), you represent and warrant that you have the authority to bind that organization to these Terms.

If you do not agree to these Terms, you must not access or use the Service.

BioSure Lab Portal is a cloud-based Laboratory Information Management System (LIMS) developed and operated by RainerTek LLC. The platform is designed to digitize and streamline the end-to-end workflow of environmental monitoring laboratories, with an initial focus on USP 797 compliance testing for compounding pharmacy cleanrooms.

The Service includes, but is not limited to:

• Laboratory management: Multi-tenant lab configuration, employee management, equipment tracking, organism databases, and signature management
• Client company management: Client organization onboarding, facility location management with floor plan uploads, sample location mapping, and employee access management
• Chain of custody (CoC) management: Digital creation, submission, and tracking of chain-of-custody forms for sample intake
• Sample result entry: CFU count recording, organism identification, plate image upload, incubation tracking, and alert/action level evaluation
• Report generation: Automated PDF lab report generation with historical trending analysis, electronic signatures, and version control
• Report management: Review and approval workflows, version history, client visibility controls, and bulk download capabilities
• Scheduling: Recurring sample submission scheduling with calendar views and occurrence tracking
• Client portal: Self-service portal for client companies to access reports, submit CoC forms, comment on reports, and manage their employees
• Notifications: Real-time in-app notifications and email alerts for key platform events
• Analytics and audit trails: Dashboard analytics, activity logging, and global search

3.1 Account Creation

Accounts on BioSure Lab Portal are created through one of the following methods:

• Lab tenant creation: A Super Administrator provisions a new laboratory tenant and creates the initial Lab Administrator account
• Lab employee invitation: A Lab Administrator creates employee accounts, which triggers an invitation email to the new user
• Client company onboarding: A Lab Administrator creates a Company Administrator account during client onboarding, which triggers an invitation email
• Client employee creation: A Company Administrator creates employee accounts for their organization

You may not create an account using false or misleading information. Each user must have a unique, valid email address.

3.2 Third-Party Authentication

The Service supports sign-in via third-party authentication providers, including Google and Microsoft. By choosing to sign in through a third-party provider:

• You authorize us to receive your name, email address, profile picture, and account identifier from that provider for the purpose of creating or authenticating your BioSure account
• You acknowledge that your use of the third-party provider is also governed by that provider's own terms of service and privacy policy
• You are responsible for maintaining the security of your third-party account; if your Google or Microsoft account is compromised, your BioSure account may also be at risk
• You may revoke BioSure's access to your third-party account at any time through the provider's settings; this will prevent future sign-in via that method but will not automatically delete your BioSure account

3.3 Account Security

You are responsible for:

• Maintaining the confidentiality of your login credentials (whether email/password or third-party sign-in)
• Changing your password upon first login when required by the system
• All activities that occur under your account
• Immediately notifying us of any unauthorized use of your account

We implement the following security measures to protect your account:

• Passwords are hashed using bcrypt and are never stored in plaintext
• Account lockout is automatically activated after a configurable number of failed login attempts
• Sessions are managed through JWT-based access tokens and refresh tokens with defined expiry periods
• Third-party sign-in uses industry-standard OAuth 2.0 / OpenID Connect protocols
• Rate limiting is applied to prevent brute-force attacks

3.4 User Roles and Permissions

The Service operates with a hierarchical permission model consisting of five user roles:

• Super Admin: Platform-level administrators (RainerTek LLC) with oversight across all lab tenants
• Lab Admin: Laboratory owners/directors with full control over their lab tenant, including employee management, company onboarding, and report approval
• Lab Employee: Laboratory technicians and staff with access to sample processing, result entry, and report generation as permitted by their assigned role
• Company Admin: Client organization managers with access to reports, CoC submission, employee management, and scheduling for their company
• Company Employee: Client organization staff with access to view reports and notifications for their company

Access is further controlled through granular role-based access control (RBAC), which allows per-module and per-action permission configuration, as well as per-user permission overrides. You agree to use the Service only within the scope of the permissions assigned to your account.

4.1 Service Plans

BioSure Lab Portal is offered as a Software-as-a-Service (SaaS) subscription. We offer multiple plan tiers to accommodate laboratories of different sizes and requirements. Current plan details and fees are provided upon request by contacting our sales team at sales@biosurelab.com or via /contact.

Access for client organization users (Company Admins and Company Employees) is included as part of the laboratory's subscription, subject to the terms of that subscription.

4.2 Payment

• Subscription fees, if applicable, are governed by the order form, quote, or plan terms executed between you and RainerTek LLC
• Payment is due according to the billing cycle specified in your plan
• All fees are quoted in United States Dollars (USD) unless otherwise specified
• Fees are exclusive of applicable taxes, which will be added where required by law

4.3 Plan Changes

• You may upgrade your plan at any time; upgrades take effect immediately, and fees are prorated for the remainder of the current billing cycle
• You may downgrade your plan at the end of the current billing cycle, provided your usage falls within the limits of the target plan
• If your usage exceeds the limits of your current plan, you may be required to upgrade or reduce usage

4.4 Evaluation Access

• We may, at our discretion, provide evaluation or pilot access to the Service for a limited period
• Evaluation access may include only a subset of the Service's features as specified in the evaluation offer
• At the end of the evaluation period, continued use of the Service requires an active subscription
• We reserve the right to modify or discontinue evaluation access at any time

4.5 Refunds

• Subscription fees are generally non-refundable
• If you cancel a subscription before the end of a billing cycle, you will retain access until the end of that cycle; no partial refunds will be issued
• Refund exceptions may be granted at our sole discretion for billing errors or service disruptions covered under our uptime commitments

5.1 Permitted Use

You may use the Service solely for its intended purpose: managing laboratory information, environmental monitoring workflows, sample tracking, report generation, and client communication within a professional laboratory context.

5.2 Prohibited Conduct

You agree not to:

• Use the Service for any unlawful purpose or in violation of any applicable local, state, national, or international law or regulation
• Access or attempt to access any other user's account, or any lab tenant's data that you are not authorized to view
• Circumvent, disable, or interfere with security features of the Service, including the role-based access control system, rate limiting, or tenant isolation mechanisms
• Attempt to reverse engineer, decompile, or disassemble any portion of the Service
• Upload, transmit, or distribute any malicious code, viruses, or harmful software through the Service
• Use the Service to store or transmit content that infringes the intellectual property rights of any third party
• Scrape, crawl, or use automated tools to extract data from the Service without our written consent
• Resell, sublicense, or commercially distribute the Service or any portion thereof without our express written permission
• Intentionally enter false, misleading, or fabricated laboratory data, sample results, or reports
• Use the Service in any manner that could damage, disable, overburden, or impair our servers or interfere with any other party's use of the Service
• Share login credentials or allow unauthorized individuals to access your account
• Use third-party sign-in (Google, Microsoft) with an account you are not authorized to use

5.3 Data Accuracy

Given the regulated nature of laboratory testing and environmental monitoring (USP 797 compliance), you acknowledge your responsibility to:

• Enter accurate and truthful data for all sample results, organism identifications, and CoC forms
• Ensure that generated reports accurately reflect the underlying test data
• Maintain proper chain-of-custody documentation standards
• Review and verify report content before approving and publishing to client companies

The Service provides tools to facilitate accuracy (alert/action level calculations, historical trending, ISO class evaluations), but the accuracy and validity of the underlying data remains your responsibility.

6.1 Your Data

You retain full ownership of all data you enter, upload, or generate through the Service, including but not limited to:

• Laboratory configurations and settings
• Client company and employee information
• Chain-of-custody form data
• Sample results, organism identifications, and plate images
• Generated PDF reports and their contents
• Floor plan images and sample location mappings
• Comments and communications
• Scheduling configurations

6.2 License to Us

By uploading or entering data into the Service, you grant us a non-exclusive, worldwide, royalty-free license to host, store, process, and transmit your data solely for the purpose of providing the Service to you. This license terminates when you delete your data or close your account, subject to any legal retention obligations.

6.3 Our Intellectual Property

The Service — including its software, architecture, design, user interface, documentation, branding, logos, and all related intellectual property — is and remains the exclusive property of RainerTek LLC. These Terms do not grant you any rights to our intellectual property except the limited right to use the Service as permitted herein.

You may not:

• Copy, modify, or create derivative works of the Service
• Use our trademarks, logos, or branding without our written consent
• Remove or alter any copyright, trademark, or proprietary notices from the Service

6.4 Feedback

If you provide us with suggestions, ideas, or feedback regarding the Service, you grant us an unrestricted, perpetual, irrevocable, royalty-free license to use such feedback for any purpose without compensation or attribution to you.

7.1 Report Generation

The Service includes an automated Report Generator that produces PDF lab reports from your CoC and sample result data. You acknowledge that:

• The Report Generator processes the data you have entered and produces reports based on that data
• The accuracy of generated reports is dependent on the accuracy of the input data
• Reports include historical trending analysis (mean, standard deviation, z-scores) calculated from previously entered data; the correctness of trending depends on the completeness and accuracy of historical records
• You are responsible for reviewing all generated reports before approving and publishing them to client companies

7.2 Electronic Signatures

The Service supports electronic signatures on lab reports (lab director, QC manager). By uploading and using electronic signatures:

• You represent that you are authorized to use the signature and that the signature is a valid representation of your or the signatory's intent to approve the report
• You acknowledge that electronic signatures on reports constitute approval of the report's content
• You understand that the Service maintains version history and audit trails of all report approvals for compliance purposes

7.3 Regulatory Compliance Readiness

While the Service is designed with regulatory compliance in mind (USP 797 workflows, audit trails, electronic signature support, 21 CFR Part 11 readiness), the Service does not itself constitute regulatory compliance. You remain solely responsible for ensuring that your laboratory operations, testing procedures, and reporting practices comply with all applicable regulations, standards, and guidelines, including USP 797, USP 800, ISO 17025, 21 CFR Part 11, and any state or federal requirements.

8.1 Uptime

We will use commercially reasonable efforts to maintain the availability of the Service. Our target uptime is 99.9% measured on a monthly basis, excluding scheduled maintenance windows. Customers on certain plans may negotiate custom Service Level Agreements (SLAs) with specific uptime commitments.

Planned maintenance will be scheduled during low-usage periods where possible, and we will provide advance notice of significant maintenance windows.

8.2 Support

Support availability and response times vary by subscription plan. Details of the support included with your plan are provided in your service agreement and on our website.

8.3 Modifications to the Service

We reserve the right to modify, update, or discontinue any feature or aspect of the Service at any time. For material changes that reduce functionality available on your current plan, we will provide at least 30 days' advance notice and, where possible, offer alternatives or migration paths.

The Service integrates with or relies upon the following categories of third-party services:

• Cloud infrastructure providers for hosting and compute
• Amazon Web Services (AWS) S3 for file storage (reports, images, floor plans)
• Google OAuth and Microsoft OAuth for third-party authentication
• SMTP email providers for transactional email delivery
• Redis for message queue management

Your use of the Service is also subject to the terms and policies of these third-party providers where applicable. In particular, if you choose to sign in via Google or Microsoft, your authentication is additionally governed by Google's Terms of Service / Privacy Policy and Microsoft's Services Agreement / Privacy Statement, respectively. We are not responsible for the practices, availability, or security of third-party services beyond our contractual obligations with them.

10.1 Disclaimer of Warranties

• THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE
• THE RESULTS OBTAINED FROM THE SERVICE WILL BE ACCURATE OR RELIABLE
• THE SERVICE WILL MEET YOUR SPECIFIC REQUIREMENTS OR REGULATORY OBLIGATIONS
• ANY DEFECTS IN THE SERVICE WILL BE CORRECTED
• THIRD-PARTY AUTHENTICATION PROVIDERS (GOOGLE, MICROSOFT) WILL BE CONTINUOUSLY AVAILABLE

10.2 Limitation of Liability

• ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
• ANY LOSS OF PROFITS, REVENUE, DATA, GOODWILL, OR BUSINESS OPPORTUNITY
• DAMAGES ARISING FROM YOUR USE OR INABILITY TO USE THE SERVICE
• DAMAGES ARISING FROM ERRORS, INACCURACIES, OR OMISSIONS IN REPORT GENERATION OR DATA PROCESSING
• DAMAGES RESULTING FROM UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR DATA
• DAMAGES ARISING FROM UNAVAILABILITY OF THIRD-PARTY AUTHENTICATION PROVIDERS
• ANY AMOUNT EXCEEDING THE TOTAL FEES PAID BY YOU TO US IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM

10.3 Acknowledgment of Risk

You acknowledge that:

• Laboratory testing, environmental monitoring, and regulatory compliance involve inherent risks and professional judgment that the Service cannot replace
• The Service is a tool to facilitate your laboratory workflows; it is not a substitute for qualified laboratory personnel, professional judgment, or regulatory compliance expertise
• You are solely responsible for the accuracy, legality, and appropriateness of all data entered into and reports generated from the Service

You agree to indemnify, defend, and hold harmless RainerTek LLC, its officers, directors, employees, agents, and affiliates from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorney's fees) arising from:

• Your use of the Service in violation of these Terms
• Your violation of any applicable law, regulation, or third-party rights
• The content, accuracy, or legality of the data you enter into the Service
• Laboratory reports generated from your data
• Any dispute between you and your laboratory clients, employees, or regulators
• Your failure to maintain adequate account security, including the security of third-party sign-in accounts used to access the Service

12.1 Termination by You

• You may cancel your subscription at any time through your account settings or by contacting us
• Cancellation takes effect at the end of the current billing cycle
• Upon cancellation, you will retain access to the Service until the end of the paid period, after which your account will be deactivated

12.2 Termination by Us

We may suspend or terminate your access to the Service, with or without notice, if:

• You breach any provision of these Terms
• Your subscription payment fails and is not resolved within a reasonable grace period
• You engage in conduct that we reasonably believe is harmful to the Service, other users, or our business interests
• We are required to do so by law or regulatory authority
• We discontinue the Service entirely (with at least 90 days' notice)

12.3 Effect of Termination

Upon termination:

• Your right to access the Service ceases immediately (or at the end of your paid period, in the case of voluntary cancellation)
• We will retain your data for a period of 30 days following termination to allow for data export or reactivation
• After the 30-day retention period, we will delete or de-identify your data, except where retention is required by law or for audit trail purposes
• You may request an export of your data during the retention period by contacting us
• Provisions of these Terms that by their nature should survive termination (including Sections 6, 10, 11, and 14) will continue to apply

Please refer to our Privacy Policy (/privacy-policy) for comprehensive details on how we collect, use, store, and protect your data.

Key security commitments include:

• All data encrypted in transit (TLS 1.2+) and at rest (AES-256 for stored files)
• Password hashing with bcrypt
• Third-party authentication via OAuth 2.0 / OpenID Connect (Google, Microsoft)
• Role-based access control with per-user permission overrides
• Multi-tenant data isolation at the database query level
• Complete audit trails for all data mutations
• Automated database backups
• Rate limiting and input validation on all API endpoints
• SQL injection and XSS protection
• CORS restrictions to allowed origins

14.1 Governing Law

These Terms shall be governed by and construed in accordance with the laws of the United States and the State of Delaware, without regard to its conflict of law provisions. Any disputes arising from these Terms or the Service shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware.

14.2 Entire Agreement

These Terms, together with our Privacy Policy (/privacy-policy) and any plan-specific terms or order forms, constitute the entire agreement between you and RainerTek LLC regarding the Service and supersede all prior agreements, communications, and understandings.

14.3 Severability

If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions shall continue in full force and effect. The invalid or unenforceable provision shall be modified to the minimum extent necessary to make it valid and enforceable.

14.4 Waiver

Our failure to enforce any right or provision of these Terms shall not constitute a waiver of that right or provision. Any waiver must be in writing and signed by an authorized representative of RainerTek LLC.

14.5 Assignment

You may not assign or transfer your rights or obligations under these Terms without our prior written consent. We may assign our rights and obligations without restriction.

14.6 Force Majeure

We shall not be liable for any failure or delay in performing our obligations under these Terms due to causes beyond our reasonable control, including natural disasters, acts of government, internet or infrastructure failures, pandemics, third-party service outages (including Google or Microsoft authentication services), or force majeure events.

14.7 Notices

Notices to you may be sent to the email address associated with your account. Notices to us should be sent to the contact information listed below. Notices are deemed received upon delivery for email communications.

If you have questions about these Terms, please contact us:

• RainerTek LLC
• Email: legal@biosurelab.com
• Website: https://biosurelab.com

*These Terms and Conditions apply to the BioSure Lab Portal platform and all related services operated by RainerTek LLC.*