Acceptable Use Policy

This Acceptable Use Policy ("AUP") sets out rules for using websites, software, APIs, and related services provided by FASTCLINIC LIMITED ("Fastclinic"). It applies to all customers, authorised users, and others who access or interact with our systems ("you").

This AUP is incorporated by reference into our Terms of Service and enterprise agreements. Violations may result in suspension, termination, legal action, or referral to law enforcement. Capitalised terms not defined here have the meaning given in the Terms.

You must not use the Services to:

• Violate any applicable law, including NDPA 2023, healthcare confidentiality rules, anti-corruption laws, export controls, sanctions, or child protection statutes;
• Store, process, or transmit Customer Data without lawful authority, valid consent where required, or a proper healthcare legal basis;
• Access or attempt to access data, accounts, or systems belonging to others without authorisation, including credential stuffing, phishing, or social engineering;
• Introduce malware, ransomware, bots (except approved integrations), denial-of-service traffic, or other harmful code;
• Reverse engineer, circumvent, or disable security, usage limits, billing meters, or licence controls, except as mandatory law allows;
• Send unsolicited bulk commercial email, spam, or deceptive messages through or in connection with the Services;
• Infringe intellectual property, privacy, publicity, or other rights of third parties;
• Harass, threaten, defame, or discriminate unlawfully against individuals or groups;
• Mine cryptocurrency, operate file-sharing hubs for infringing content, or run unrelated high-load workloads without written approval;
• Use the Services to develop, train, or benchmark a competing product using our proprietary interfaces or data obtained in breach of agreement;
• Misrepresent affiliation with Fastclinic, impersonate another user, or falsify clinical or operational records.

You agree to:

• Maintain strong passwords and multi-factor authentication where we offer it;
• Promptly revoke access for departing personnel and contractors and rotate credentials after suspected compromise;
• Keep systems used to access the Services patched and free of malware, using organisation-appropriate endpoint protection;
• Report suspected security incidents affecting the Services or Customer Data to contact@fastclinic.xyz without undue delay;
• Use only supported integrations and APIs in accordance with documentation and rate limits;
• Segregate production and non-production environments where required by your internal policies or regulatory obligations.

You are responsible for configuring the Services to meet your regulatory obligations, including under NDPA 2023, professional conduct rules, hospital licensing, HMO requirements, laboratory accreditation, and pharmaceutical regulations, as applicable to your organisation.

You must not configure workflows or permissions in a manner that is reasonably likely to cause unlawful disclosure of patient data. You will cooperate with audits, data subject requests, and breach notifications that involve your use of the Services, including providing accurate contact points for your Data Protection Officer or privacy office.

You retain rights in Customer Data you submit. You warrant that you have the rights necessary to upload and process such data through the Services. You must not upload content that is illegal, malicious, or that violates third-party rights.

We may remove or restrict content that violates this AUP or law, or that poses a security risk, subject to contractual notice requirements where applicable.

Where the Services include artificial intelligence, machine learning, or rules-based automation, you must use them in accordance with our Responsible AI Policy and product documentation. You must maintain human oversight for clinical decisions, validate outputs where patient safety is implicated, and not rely on automated outputs as the sole basis for critical care without appropriate professional review.

We may monitor technical metadata, logs, and usage patterns to ensure security, performance, billing accuracy, and compliance with this AUP. We do not routinely access the content of Customer Data except as necessary to provide support with your permission, to prevent or address security incidents, to comply with law, or as otherwise agreed in writing.

We reserve the right to investigate suspected violations and to cooperate with law enforcement and regulators, including under NDPA 2023 and sector-specific healthcare laws.

If you become aware of a violation of this AUP, report it to contact@fastclinic.xyz with sufficient detail for us to assess the issue. We will treat good-faith reports confidentially to the extent consistent with investigation and legal obligations.

Depending on severity, we may: issue a warning; require remediation steps; suspend specific accounts or features; suspend or terminate the agreement; withhold service credits; and pursue legal remedies. We are not liable to you for any loss arising from a suspension or termination undertaken in good faith to address a violation.

We may disclose information, including Customer Data, where required by lawful process or to protect vital interests. Nothing in this AUP limits our obligations under Nigerian law, including company law under CAMA 2020 where corporate records or disclosures are implicated.