This Business Associate Agreement (“BAA”) supplements the Cloud Service Agreement between Provider and Customer. This BAA consists of: (1) the Cover Page below and (2) the Common Paper Business Associate Agreement Standard Terms Version 1.0, which are incorporated by reference.
Cover Page
Provider: JE Vectors LLC, a Florida limited liability company
Provider Contact: joe@nquiry.ai
Customer: As identified in the executed Cover Page
BAA Effective Date: The date the last party signs this Cover Page, or if unsigned, the date Customer first transmits PHI to the Cloud Service.
Cloud Service Agreement: The JE Vectors LLC Terms of Service (Cloud Service Agreement, Common Paper CSA v2.1), as in effect between the parties.
Cloud Service: Nquiry — an AI-powered evidence analysis platform operated at app.nquiry.ai.
Permitted Uses and Disclosures of PHI
Business Associate may use and disclose PHI solely as necessary to perform services under the Cloud Service Agreement, specifically:
- Storing Customer-uploaded evidence files that may contain PHI
- Processing Customer Data through AI analysis features (Amazon Bedrock) to generate structured analytical outputs
- Maintaining audit logs of data access and processing events
- Providing technical support when Customer initiates a support request involving PHI
Business Associate will not use or disclose PHI for any purpose other than as permitted by this BAA and the Cloud Service Agreement.
Key Terms and Limitations
Subcontractors
Business Associate uses the following Subcontractors to process PHI:
| Subcontractor | Service | BAA Status |
|---|---|---|
| Amazon Web Services, Inc. | Infrastructure (RDS, S3, ECS, Bedrock, Cognito) | Covered under separate AWS BAA with Provider |
Business Associate will enter into a BAA with any future Subcontractor before permitting access to PHI, and will notify Customer of any new Subcontractor at least 30 days before the Subcontractor begins processing PHI.
Offshoring
PHI will be processed and stored exclusively within the United States. All AWS infrastructure is deployed in the us-east-1 region. Business Associate will not transfer PHI outside the United States without prior written consent from Customer.
De-Identification
Business Associate will not de-identify PHI.
Data Aggregation
Business Associate will not aggregate PHI from multiple Covered Entities for any purpose.
AI Processing Disclosure
Customer Data containing PHI may be processed by AI models through Amazon Bedrock. The following safeguards apply:
- No model training: Amazon Bedrock does not use customer inputs or outputs to train, improve, or develop AI foundation models.
- Provider isolation: The AI model provider (Anthropic, via Amazon Bedrock) has no direct access to Customer Data. All AI processing occurs within Provider's AWS account through Bedrock's inference API.
- Content filtering: Amazon Bedrock Guardrails provides best-effort content filtering. This is a supplementary safeguard, not a guarantee of PHI detection or redaction.
- No data persistence: AI model inputs and outputs are not persisted by Bedrock beyond the duration of each inference request.
Breach Notification
Business Associate will notify Customer of any Breach of Unsecured PHI within 30 calendar days of discovery, as required by 45 CFR §164.410.
Return or Destruction of PHI
Upon termination of the Cloud Service Agreement, Business Associate will:
- Provide Customer 30 days to export all Customer Data (including PHI) using the platform's export feature
- After the 30-day export period, delete all PHI from production systems within 30 days
- PHI in encrypted backups will be destroyed according to the backup retention schedule (maximum 90 days)
Modifications to Standard Terms
None at this time.
To execute this BAA, contact compliance@nquir.ai.