Terms of Service

Last updated: 3 June 2026

These Terms of Service ("Terms") form a binding agreement between MoniDose ("we", "us", "our") and the organisation that registers for or uses the MoniDoseQMS platform ("Service"). By creating an account, accepting an invitation, or using the Service, you agree to these Terms.

If you accept these Terms on behalf of an organisation, you confirm that you are authorised to bind that organisation. The Service is intended for business (B2B) use by professional organisations, not for consumers.

1. Definitions

  • "Platform" — the MoniDoseQMS web application, APIs, and related infrastructure.
  • "Customer" — the organisation that has registered an account on the Platform.
  • "User" — any individual authorised by a Customer to access the Platform.
  • "Customer Data" — all data uploaded, entered, or generated by Users within the Platform.
  • "Personal Data" — has the meaning given in the EU General Data Protection Regulation (GDPR).
  • "Subscription" — the Customer's selected plan and the right to use the Service for a defined term.
  • "Trial" — a time-limited evaluation period granted before a paid Subscription begins.
  • "Fees" — the charges payable for the Subscription as set out in the applicable plan or order.

2. The Service

MoniDoseQMS is a cloud-based Quality Management System (QMS) that provides tools for document control, risk management, CAPA, audit management, training, electronic signatures, and other quality functions. It is provided on a Software-as-a-Service (SaaS) basis; we host and maintain the infrastructure, apply security updates, and perform backups on the Customer's behalf.

The specific modules and limits available to a Customer depend on the Subscription plan selected.

3. Account Registration and Access

To use the Service, the Customer must:

  • Provide accurate and complete registration information and keep it up to date.
  • Maintain the confidentiality of account credentials and enable multi-factor authentication where offered.
  • Notify us promptly of any unauthorised use of an account.
  • Ensure each User is at least 18 years of age and acts within the Customer's authorisation.

We may suspend or terminate accounts that materially breach these Terms or are associated with fraudulent activity, subject to the notice provisions below.

4. Plans, Trials, Fees and Billing

4.1 Plans and Subscriptions

The Service is offered under different Subscription plans. The modules, user limits, storage, and Fees applicable to each plan are presented when the Customer selects or is assigned a plan.

4.2 Free Trial and Automatic Conversion to a Paid Subscription

Please read this clause carefully — it affects when you start being charged.

We may grant a Trial for a defined period (for example, one or two months) that is agreed with the Customer at the time of onboarding. The Trial start and end dates are shown in the Customer's account.

Unless the Customer cancels before the Trial end date, the Subscription will automatically convert to the agreed paid plan at the end of the Trial, and Fees will begin to accrue from that date. We will send a reminder to the Customer's registered email before the Trial ends. If the Customer does not wish to continue on a paid basis, the Customer must cancel before the Trial end date (see Section 5).

4.3 Fees, Invoicing and VAT

  • Fees are charged in advance for each billing period (e.g., monthly or annually) according to the selected plan.
  • Invoices are issued electronically, including via Finnish e-invoice (verkkolasku) where supported, to the billing details the Customer provides (company name, VAT/Business ID, OVT/operator).
  • All Fees are exclusive of value-added tax (VAT/ALV), which is added at the applicable statutory rate. Reverse-charge rules apply for valid EU VAT-registered customers outside Finland where required.
  • Unless stated otherwise, Fees are non-refundable for the period already invoiced.

4.4 Late Payment

Invoices are payable by the due date stated on the invoice. Overdue amounts accrue late-payment interest at the statutory rate under the Finnish Interest Act (Korkolaki 633/1982), and we may recover reasonable collection costs as permitted by law. We may suspend access to the Service for accounts that remain unpaid after a reminder.

4.5 Changes to Fees

We may change Fees for future billing periods by giving the Customer at least 30 days' notice by email or through the Platform. If the Customer does not agree to a Fee change, the Customer may cancel the Subscription before the change takes effect.

5. Subscription Term, Renewal and Cancellation

A paid Subscription runs for the billing period selected and renews automatically for successive periods of the same length unless cancelled.

5.1 How to Cancel

The Customer may request cancellation at any time from within the Service (Company Settings → Subscription) or by contacting support@monidoseqms.com. A cancellation request takes effect at the end of the then-current billing period (or, during a Trial, immediately stops the automatic conversion to paid).

5.2 Effect of Cancellation

  • Access continues until the end of the period already paid for; no further Fees are charged after that.
  • Fees already invoiced for the current period are not refunded, except where required by mandatory law.
  • The Customer may export Customer Data before access ends (see Section 7).

6. Acceptable Use

The Customer and its Users agree not to:

  • Use the Service for any unlawful purpose or in violation of applicable regulations.
  • Attempt to gain unauthorised access to other accounts, systems, or networks.
  • Interfere with the integrity or performance of the Service.
  • Reverse-engineer, decompile, or disassemble any part of the Platform except as permitted by mandatory law.
  • Upload malicious code or unlawful content.
  • Share account credentials with unauthorised individuals.

7. Data Ownership and Custody

Your data is yours. The Customer retains all rights, title, and interest in Customer Data. We do not claim ownership of Customer Data and do not sell, share, or use it for advertising.

We access Customer Data only as necessary to provide the Service, perform maintenance, respond to support requests, or comply with legal obligations. On termination, the Customer may request an export in a standard format. We retain Customer Data for a limited period (not exceeding 90 days) after termination to facilitate retrieval, after which it is securely deleted unless retention is required by law (see Section 11).

8. Data Protection (GDPR)

We process Personal Data in accordance with the EU General Data Protection Regulation (Regulation 2016/679) and the Finnish Data Protection Act (Tietosuojalaki 1050/2018).

8.1 Roles

Where the Customer determines the purposes and means of processing Personal Data through the Platform, the Customer is the Data Controller and MoniDose acts as a Data Processor on the Customer's behalf. Processing by us as Processor is governed by a Data Processing Agreement (DPA), available on request, which forms part of these Terms.

8.2 Processing Activities and Legal Basis

We process Personal Data to provide and secure the Service, authenticate Users, maintain audit trails and compliance records, send service notifications, and respond to support. We rely on:

  • Contract performance (Art. 6(1)(b)) — to deliver the Service.
  • Legitimate interests (Art. 6(1)(f)) — security, fraud prevention, service improvement.
  • Legal obligation (Art. 6(1)(c)) — regulatory record-keeping.
  • Consent (Art. 6(1)(a)) — for optional features such as marketing communications.

8.3 Data Subject Rights

Individuals may exercise their rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Requests relating to data held on behalf of a Customer are directed to that Customer as Controller; we assist Customers in responding.

Important: Due to medical device and quality regulations (EU MDR, ISO 13485, FDA 21 CFR Part 11), certain records — including audit trails and electronic signatures — cannot be deleted and must be retained for the legally mandated period, as permitted under GDPR Art. 17(3)(b) and (e).

8.4 Data Location and Transfers

Customer Data is hosted within the European Economic Area (EEA). If any transfer outside the EEA is required, we ensure appropriate safeguards such as European Commission Standard Contractual Clauses (SCCs).

8.5 Breach Notification and Sub-processors

We notify affected Customers of a personal data breach without undue delay and within 72 hours of becoming aware (GDPR Art. 33). We may engage sub-processors (e.g., hosting providers within the EEA); a current list is available on request, and we notify Customers before adding new sub-processors so they may object.

9. Security

We implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS 1.2+) and at rest.
  • Role-based access controls and multi-factor authentication.
  • Regular security assessments and vulnerability scanning.
  • Automated backups with secure off-site storage and tested recovery.
  • Comprehensive audit logging of access and data modifications.
  • Strict tenant isolation between Customer organisations.

10. Customer Responsibility — The Service Is a Tool, Not a Medical Device

MoniDoseQMS is software that supports a Customer's quality management activities. It is not itself a medical device, is not a substitute for the Customer's own quality system, and does not constitute regulatory, legal, or compliance advice.

The Customer remains solely responsible for: the accuracy and completeness of the data it enters; its own compliance with EU MDR, IVDR, ISO 13485, FDA, and any other applicable regulations; the validation of the Service for its intended use within its quality system; and all decisions made using the Service. We provide tooling and audit-trail capabilities, but the Customer is the legal manufacturer / responsible economic operator for its products.

11. Regulatory Record Retention

Certain records are subject to mandatory retention periods under applicable regulations:

  • Audit trails — retained for the applicable regulatory period.
  • Electronic signatures — immutable once captured.
  • Quality records — retained as required by ISO 13485, EU MDR, and/or FDA rules.
  • User accounts — deactivated rather than deleted to preserve audit-trail integrity.

These obligations may override individual deletion requests as permitted under GDPR Art. 17(3).

12. Service Availability

We strive for high availability but do not guarantee uninterrupted access. Scheduled maintenance is communicated in advance where practicable. We are not liable for downtime caused by circumstances beyond our reasonable control (force majeure).

13. Intellectual Property

The Platform, including its source code, design, documentation, and trademarks, is the intellectual property of MoniDose. These Terms grant only a limited, non-exclusive, non-transferable right to use the Service for the duration of the Subscription.

14. Limitation of Liability

To the maximum extent permitted by applicable law, MoniDose is not liable for any indirect, incidental, consequential, or punitive damages, nor for loss of profits, data, or goodwill arising from use of the Service.

Our total aggregate liability for claims arising under these Terms shall not exceed the Fees paid by the Customer for the Service in the twelve (12) months preceding the event giving rise to the claim.

Nothing in these Terms excludes or limits liability for death or personal injury caused by negligence, for fraud, or for any liability that cannot be excluded under mandatory law.

15. Indemnification

The Customer agrees to indemnify MoniDose against claims, damages, or expenses arising from the Customer's breach of these Terms, use of the Service in violation of applicable law, or infringement of third-party rights.

16. Termination by MoniDose

In addition to the Customer's cancellation rights (Section 5), we may suspend or terminate access immediately for a material breach that is not cured within a reasonable period after notice, or where required by law. On termination, the right to access the Service ceases, subject to the data export and retention provisions. Clauses that by their nature survive termination (data protection, fees due, liability, IP) continue in effect.

17. Changes to These Terms

We may update these Terms from time to time. We notify Customers of material changes by email or through the Platform at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

18. Governing Law and Disputes

These Terms are governed by the laws of Finland, excluding its conflict-of-law rules and the UN Convention on Contracts for the International Sale of Goods (CISG). The parties will attempt to resolve disputes amicably; failing that, disputes are subject to the exclusive jurisdiction of the District Court of Helsinki (Helsingin käräjäoikeus), unless mandatory law provides otherwise.

19. Contact

MoniDose

General & billing: support@monidoseqms.com

Data protection: privacy@monidoseqms.com

You also have the right to lodge a complaint with a data protection supervisory authority, in Finland the Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto).