Legal

Acceptable Use Policy

Last updated: February 2026

1. Purpose

This Acceptable Use Policy ("AUP") defines the permitted and prohibited uses of the Rymeda platform. This AUP is incorporated by reference into the Terms of Service and applies to all users of Rymeda services. Violations of this AUP may result in suspension or termination of access as described in the Terms of Service.

2. Acceptable Use

You may use the Rymeda platform to:

  • Access and manage healthcare compliance workflows for your organization.
  • Verify provider credentials and manage provider marketplace interactions.
  • Utilize AI-powered clinical automation features in accordance with applicable healthcare regulations and the AI disclosures in our Privacy Policy.
  • Participate in community features in a professional and respectful manner.
  • Access analytics, reporting, and audit trail features for your organization's data.

3. Prohibited Activities

You shall not:

  • Use the platform for any purpose that violates applicable federal, state, or local law, including but not limited to HIPAA (42 USC §1320d et seq.), the CMIA (Cal. Civ. Code §56 et seq.), or the CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.).
  • Access, use, or disclose Protected Health Information ("PHI") except as authorized by the Business Associate Agreement and applicable law.
  • Attempt to gain unauthorized access to any systems, accounts, data, or networks, or assist others in doing so.
  • Transmit malware, viruses, or any code designed to disrupt, damage, or limit the functioning of the platform.
  • Circumvent, disable, or interfere with security features, access controls, or usage limits.
  • Reverse-engineer, decompile, disassemble, or attempt to derive the source code of the platform.
  • Scrape, harvest, or collect data from the platform using automated means without written authorization.
  • Impersonate any person or entity, or misrepresent your affiliation with any person or entity.
  • Use the platform to send unsolicited communications (spam), phishing messages, or fraudulent content.
  • Sublicense, resell, or redistribute access to the platform without written authorization.
  • Use AI features to generate clinical diagnoses or treatment plans without appropriate human oversight by a licensed healthcare professional.

4. Healthcare-Specific Requirements

Users of the Rymeda platform in a healthcare context must:

  • Maintain the confidentiality of PHI in accordance with HIPAA (45 CFR Part 164) and the Business Associate Agreement.
  • Use the minimum necessary standard when accessing or requesting PHI (45 CFR §164.502(b)).
  • Ensure that any use of AI-generated outputs in clinical settings is reviewed and validated by a licensed healthcare professional, consistent with AB 3030 (Cal. Health & Safety Code §1279.6).
  • Obtain appropriate patient consent before processing medical information through the platform, in accordance with the three-consent model described in our Privacy Policy: HIPAA authorization, CMIA consent, and platform consent.
  • Report any suspected unauthorized access to or disclosure of PHI to security@rymeda.com immediately.

5. Security Requirements

All users are responsible for:

  • Maintaining the confidentiality of login credentials and not sharing accounts.
  • Using multi-factor authentication when available.
  • Accessing the platform only from secure, authorized devices and networks.
  • Promptly reporting any suspected security incidents to security@rymeda.com.
  • Complying with the security measures described on our Security page.

6. Monitoring and Enforcement

Rymeda reserves the right to monitor use of the platform to ensure compliance with this AUP. Rymeda may, at its sole discretion, investigate suspected violations and take appropriate action, including:

  • Issuing a warning to the user.
  • Temporarily suspending access pending investigation.
  • Permanently terminating access in accordance with the Terms of Service.
  • Reporting violations to appropriate law enforcement or regulatory authorities.

All monitoring activities are documented in immutable audit trails and are subject to the Privacy Policy.

7. Reporting Violations

If you become aware of any violation of this AUP, please report it immediately to security@rymeda.com or legal@rymeda.com. Reports may be made anonymously.

8. Contact

For questions about this Acceptable Use Policy: