1. Agreement to Terms
By creating an account or using OrgMyx, you agree to these Terms of Service (“Terms”) on behalf of the organization you represent (“Customer”). You confirm that you have the authority to bind Customer to these Terms. If you do not agree to these Terms, do not use the Service.
These Terms, together with our Privacy Policy, Data Processing Agreement, and any order forms or statements of work, constitute the entire agreement between you and OrgMyx, Inc. (“OrgMyx,” “we,” “us,” or “our”) regarding your use of the Service.
You must be at least 18 years of age to use the Service. The Service is designed for business use; it is not directed at individual consumers.
2. Definitions
“Service” means the OrgMyx platform, including the web application, APIs, documentation, and any related services provided by OrgMyx.
“Customer” means the organization that has agreed to these Terms by creating an account or executing an order form.
“Authorized Users” means the individuals authorized by Customer to access and use the Service under Customer’s account, including administrators, editors, and viewers.
“Customer Data” means all data, content, and information submitted to the Service by Customer or its Authorized Users, including but not limited to organizational structures, employee records, session content, comments, and uploaded files.
“Confidential Information” means non-public information disclosed by either party to the other, whether orally, in writing, or through access to systems, that is designated as confidential or that a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure.
“Effective Date” means the date Customer first accepts these Terms or accesses the Service.
“Subscription Term” means the period for which Customer has subscribed to the Service as specified in the applicable order form or billing arrangement.
“Documentation” means the user guides, help articles, and technical documentation provided by OrgMyx for the Service.
3. Service Description and License Grant
OrgMyx is a collaborative workspace for organizational design and scenario planning. The Service enables leadership teams to model organizational changes, explore restructuring scenarios, and align on decisions in a shared workspace that operates independently of live HRIS data.
Subject to these Terms and payment of applicable fees, OrgMyx grants Customer a limited, non-exclusive, non-transferable, non-sublicensable license to access and use the Service during the Subscription Term for Customer’s internal business purposes only.
Customer’s use of the Service is subject to the plan limitations applicable to Customer’s subscription tier (Team, Business, or Enterprise), including limits on the number of employees in the system and active sessions. Authorized User seats (editors and viewers) are unlimited at all tiers.
OrgMyx reserves the right to modify the Service from time to time, provided that any material reduction in core functionality during a Subscription Term will be communicated to Customer at least 30 days in advance.
4. Account Registration and Security
When registering for the Service, Customer and its Authorized Users must provide accurate and complete information and keep that information current.
Customer is responsible for:
- maintaining the confidentiality of all account credentials;
- all activity that occurs under Customer’s account, whether or not authorized by Customer;
- notifying OrgMyx promptly at security@orgmyx.com if Customer becomes aware of any unauthorized access to or use of Customer’s account;
- designating and managing account administrators who control access for other Authorized Users.
The Service supports authentication via single sign-on (SSO) through SAML and OpenID Connect protocols, managed by WorkOS. Customer may configure SSO enforcement, including requiring SSO for all users or only administrators. The Service also supports multi-factor authentication (MFA) configuration.
Customer acknowledges that account security is a shared responsibility. OrgMyx implements role-based access controls at the account level (owner, administrator, and member roles) and at the session level (owner, editor, and viewer roles), along with configurable per-user permissions for sharing, exporting, and commenting.
5. Customer Data Ownership
Customer and its licensors own all Customer Data, including all intellectual property rights therein. No ownership rights in Customer Data are transferred to OrgMyx under these Terms.
Customer grants OrgMyx a limited, non-exclusive license to access, use, and process Customer Data solely to provide, maintain, and improve the Service as described in these Terms and our Privacy Policy. OrgMyx will not use Customer Data to train machine learning models, provide services to other customers, or for any purpose not described in these Terms.
OrgMyx may generate aggregated, de-identified data derived from Customer Data that cannot be used to identify Customer or any individual (“Aggregate Data”). OrgMyx may use Aggregate Data for product improvement, benchmarking, and research purposes. Aggregate Data does not include any information that could identify Customer or any individual.
6. Acceptable Use Policy
Customer agrees not to, and will not permit any Authorized User to:
use the Service in violation of any applicable law or regulation;
infringe or misappropriate the intellectual property rights of any third party;
upload or transmit any malware, viruses, or other malicious code;
attempt to gain unauthorized access to the Service, other accounts, computer systems, or networks connected to the Service;
reverse engineer, disassemble, decompile, or otherwise attempt to derive the source code of the Service;
resell, sublicense, or make the Service available to any third party other than Authorized Users;
use the Service to develop a competing product or service;
use the Service in a manner that degrades performance for other customers, including through excessive automated requests;
circumvent any security controls, access restrictions, or usage limitations of the Service;
upload Protected Health Information (PHI) as defined under HIPAA unless a Business Associate Agreement (BAA) has been executed between Customer and OrgMyx (see Section 20);
upload data that exceeds the defined scope of workforce planning data, including clinical records, health plan claims data, or patient information.
OrgMyx reserves the right to suspend access to the Service immediately upon discovering a violation of this Acceptable Use Policy. OrgMyx will provide notice to Customer as soon as reasonably practicable after any such suspension.
7. Payment and Billing
OrgMyx offers three subscription tiers: Team, Business, and Enterprise. Current pricing is available at orgmyx.com/pricing. All fees are stated in U.S. dollars unless otherwise specified in an order form.
Subscriptions are billed monthly or annually. Annual subscriptions receive a 20% discount. Payment is due at the start of each billing period. OrgMyx uses Stripe, Inc. as its payment processor. By providing payment information, Customer authorizes Stripe to process charges in accordance with Stripe’s terms of service.
Subscriptions automatically renew at the end of each billing period unless Customer cancels at least 30 days before the renewal date. OrgMyx will provide at least 30 days’ advance notice before any price increase takes effect.
If payment is not received when due, OrgMyx will follow this escalation process: (a) notification of past-due status; (b) grace period of 15 days; (c) restriction of account to read-only access after 30 days past due; (d) account suspension after 60 days past due. OrgMyx will not delete Customer Data solely due to non-payment during the first 90 days of delinquency.
Customer is responsible for all applicable taxes, duties, and fees imposed by any governmental authority, except for taxes based on OrgMyx’s net income.
OrgMyx offers a 14-day free trial with no credit card required. Trial accounts convert to paid subscriptions only upon Customer’s affirmative purchase. No charges are incurred during the trial period.
8. Confidentiality
Both parties agree to treat the other party’s Confidential Information with at least the same degree of care used to protect their own Confidential Information, and in no event less than reasonable care.
Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was rightfully in the receiving party’s possession before disclosure; (c) is independently developed by the receiving party without use of the disclosing party’s Confidential Information; or (d) is rightfully received from a third party without restriction.
A party may disclose Confidential Information if required by law, regulation, or court order, provided that the disclosing party gives the other party prompt notice (to the extent legally permitted) and cooperates in any effort to obtain protective treatment.
Confidentiality obligations survive for three (3) years after termination of these Terms, or indefinitely for trade secrets.
9. Data Security
OrgMyx maintains industry-standard security measures to protect Customer Data, including:
Encryption in transit using TLS 1.2 or higher for all data transmitted between Customer’s browser and the Service;
Role-based access controls at the account level (owner, administrator, member) and session level (owner, editor, viewer), with configurable per-user permissions;
Comprehensive audit logging of all significant actions, including user authentication, data access, permission changes, and administrative actions, with actor identification, timestamps, IP addresses, and change details;
Rate limiting across API endpoints to prevent abuse, with tiered limits for standard operations, sensitive operations, authentication, and data exports;
Session management with configurable idle timeouts, IP-based access restrictions supporting CIDR notation, and concurrent session limits;
Configurable data export controls with watermarking capabilities.
OrgMyx hosts all Customer Data on Amazon Web Services infrastructure in the United States (us-east-2 region). Data at rest is protected by AWS infrastructure-level encryption.
In the event of a confirmed data breach involving Customer Data, OrgMyx will: (a) notify Customer within seventy-two (72) hours of confirmation; (b) provide details of the breach and data affected; (c) cooperate with Customer’s incident response efforts; and (d) take reasonable steps to mitigate harm.
OrgMyx is pursuing SOC 2 Type I certification. Upon achieving certification, a copy of the most recent report will be available to Customers under NDA upon request.
10. Privacy and Data Processing
Our collection, use, and disclosure of personal information is described in our Privacy Policy.
With respect to Customer Data containing personal information, Customer acts as the data controller and OrgMyx acts as the data processor. Our Data Processing Agreement governs how we process personal data on Customer’s behalf and is incorporated into these Terms by reference. In case of conflict between these Terms and the DPA regarding data processing, the DPA will prevail.
A list of our current sub-processors is available at /subprocessors. We provide customers at least 30 days’ advance notice before adding new sub-processors.
OrgMyx does not sell personal information. OrgMyx does not use Customer Data for advertising, profiling, or any purpose not described in these Terms and the Privacy Policy.
For purposes of the California Consumer Privacy Act (CCPA), OrgMyx is a “service provider” with respect to Customer Data and processes such data only for the business purposes described in these Terms and the DPA.
11. Intellectual Property
OrgMyx and its licensors own all rights, title, and interest in and to the Service, including all software, technology, documentation, trademarks, and other intellectual property embodied in or related to the Service. Nothing in these Terms transfers any such rights to Customer.
Customer retains all rights in Customer Data as set forth in Section 5.
If Customer provides suggestions, feedback, or ideas about the Service (“Feedback”), OrgMyx may use that Feedback without restriction and without obligation to Customer. Customer has no obligation to provide Feedback.
12. Warranties and Disclaimers
OrgMyx warrants that: (a) the Service will perform materially in accordance with the Documentation during the Subscription Term; (b) OrgMyx has the right to provide the Service; and (c) OrgMyx will comply with applicable laws in providing the Service.
Customer warrants that: (a) Customer has the right to provide Customer Data to the Service; (b) Customer’s use of the Service complies with applicable laws; and (c) the person accepting these Terms has authority to bind Customer.
EXCEPT AS EXPRESSLY SET FORTH ABOVE, THE SERVICE IS PROVIDED “AS IS” AND “AS AVAILABLE” WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. ORGMYX DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. ORGMYX DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR COMPLETELY SECURE.
13. Limitation of Liability
To the maximum extent permitted by applicable law:
(a) General Cap. NEITHER PARTY’S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS WILL EXCEED THE GREATER OF (I) THE FEES PAID BY CUSTOMER DURING THE TWELVE (12) MONTHS PRECEDING THE CLAIM OR (II) ONE THOUSAND U.S. DOLLARS ($1,000).
(b) Super Cap. FOR CLAIMS ARISING FROM DATA BREACH, BREACH OF CONFIDENTIALITY OBLIGATIONS, OR INDEMNIFICATION OBLIGATIONS, THE LIABLE PARTY’S TOTAL AGGREGATE LIABILITY WILL NOT EXCEED TWO TIMES (2X) THE GENERAL CAP.
(c) Exclusion of Consequential Damages. NEITHER PARTY WILL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITY, REGARDLESS OF WHETHER SUCH DAMAGES WERE FORESEEABLE AND WHETHER OR NOT A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
(d) Carve-Outs. The limitations in this Section 13 do not apply to: (i) liability arising from gross negligence or willful misconduct; (ii) fraud; or (iii) indemnification obligations for intellectual property infringement under Section 14.
14. Indemnification
OrgMyx will indemnify, defend, and hold harmless Customer from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising from allegations that the Service, as provided by OrgMyx and used in accordance with these Terms, infringes a third party’s intellectual property rights.
Customer will indemnify, defend, and hold harmless OrgMyx from and against any third-party claims, damages, losses, and expenses (including reasonable attorneys’ fees) arising from: (a) Customer Data; (b) Customer’s use of the Service in violation of these Terms; or (c) Customer’s violation of applicable laws.
15. Term, Termination, and Data Retrieval
These Terms are effective as of the Effective Date and continue until the Subscription Term expires or is terminated.
Either party may terminate these Terms for convenience by providing at least 30 days’ written notice before the end of the then-current billing period.
Either party may terminate these Terms for cause if the other party materially breaches these Terms and fails to cure such breach within 30 days after receiving written notice.
Upon termination or expiration:
Customer will have 30 days after the effective date of termination to export Customer Data using available export features (currently audit log CSV export);
After the 30-day retrieval window, OrgMyx will securely delete all Customer Data within 30 additional days, including data in backups as they expire through normal rotation;
Upon Customer’s written request, OrgMyx will provide written certification of deletion.
Customer Data will not be held hostage for non-payment. Export functionality remains available regardless of payment status during the 30-day retrieval window.
The following sections survive termination: 5 (Customer Data Ownership), 8 (Confidentiality), 11 (Intellectual Property), 12 (Warranties and Disclaimers), 13 (Limitation of Liability), 14 (Indemnification), and 19 (Contact Information).
16. Modifications to Terms
OrgMyx may update these Terms from time to time. We will provide at least 30 days’ advance notice of material changes by email to the account administrator and by posting a notice within the Service.
Material changes require re-acceptance. Continued use of the Service after the effective date of non-material changes constitutes acceptance.
If Customer disagrees with any changes, Customer may terminate the subscription by providing notice before the effective date of the changes. An archive of prior versions of these Terms is available upon request.
17. Dispute Resolution
These Terms are governed by the laws of the State of [STATE], without regard to its conflict of laws provisions.
Before initiating formal proceedings, the parties will attempt to resolve any dispute through good-faith negotiation for a period of 30 days after written notice of the dispute.
If the dispute is not resolved informally, it will be resolved by binding arbitration administered under the rules of the American Arbitration Association. Each party will bear its own costs. The arbitrator’s decision will be final and binding, and judgment may be entered in any court of competent jurisdiction.
CLASS ACTION WAIVER: Each party agrees that any dispute resolution proceeding will be conducted only on an individual basis and not as a class, consolidated, or representative action.
18. General Provisions
Force Majeure. Neither party will be liable for delays or failures in performance resulting from causes beyond that party’s reasonable control, including acts of God, natural disasters, pandemics, government actions, cyberattacks, or infrastructure failures.
Assignment. Customer may not assign these Terms without OrgMyx’s prior written consent. OrgMyx may assign these Terms in connection with a merger, acquisition, or sale of all or substantially all of its assets. Any purported assignment in violation of this section is void.
Entire Agreement. These Terms, together with the Privacy Policy, DPA, and any applicable order forms, constitute the entire agreement between the parties regarding the subject matter hereof and supersede all prior agreements, understandings, and communications, whether written or oral.
Severability. If any provision of these Terms is held to be invalid or unenforceable, the remaining provisions will remain in full force and effect.
Waiver. The failure of either party to enforce any right or provision of these Terms will not constitute a waiver of such right or provision.
Notices. All formal notices must be sent by email to the registered account email address (for notices to Customer) or to legal@orgmyx.com (for notices to OrgMyx). Notices are deemed received on the business day after sending.
Independent Contractors. The parties are independent contractors. Nothing in these Terms creates an employment, agency, partnership, or joint venture relationship.
No Third-Party Beneficiaries. These Terms do not create any rights for any third party.
Export Compliance. Customer will comply with all applicable export and import control laws and regulations in connection with Customer’s use of the Service.
19. Contact Information
For questions about these Terms or other inquiries:
OrgMyx, Inc.
[ADDRESS — TO BE ADDED]
20. Healthcare-Specific Provisions
PHI Boundary Statement
The Service is designed to process organizational workforce planning data including, but not limited to, employee rosters, organizational charts, staffing schedules, credentials, and role assignments. The Service is not designed to create, receive, maintain, or transmit Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Customer acknowledges that workforce employment records held by an employer in its capacity as an employer are not PHI under HIPAA, as stated by the U.S. Department of Health and Human Services (HHS).
AUP PHI Prohibition
Customer shall not upload, store, process, or transmit PHI through the Service unless a Business Associate Agreement (BAA) has been executed between Customer and OrgMyx. If OrgMyx becomes aware that PHI has been uploaded to the Service without a BAA in place, OrgMyx will promptly notify Customer and cooperate to securely delete the PHI.
BAA Availability
For Customers requiring a BAA, OrgMyx will make a BAA available upon request. Contact privacy@orgmyx.com to initiate a BAA.
State Health Data Law Acknowledgment
Customer acknowledges that state privacy laws, including but not limited to the Washington My Health My Data Act and CCPA/CPRA, may impose obligations on health-related employee data that fall outside HIPAA’s scope. Customer is responsible for determining the applicability of such laws to its use of the Service.
© 2026 OrgMyx, Inc. All rights reserved.