Acceptable Use Policy | MedRecords AI

This Acceptable Use Policy (“AUP”) governs the use of the MedRecords AI software, the Priority Support service, and any related services provided by Productivity AI, LLC, a Virginia limited liability company doing business as MedRecords AI (“Provider”). It applies to every customer, end user, agent, contractor, and authorized representative who accesses or uses any of those services (“you” or “Customer”).

This AUP is incorporated by reference into the End User License Agreement (the “EULA”) and the Priority Support Service Agreement. A material violation of this AUP is grounds for immediate termination of the Priority Support Service Agreement under Section 7.8(d) thereof and may also constitute a material breach of the EULA.

1. Prohibited Uses of the Software

You may not use the Software, or permit any third party to use the Software, to:

1.1 Unlawful or Harmful Conduct

Engage in any activity that violates applicable federal, state, local, or foreign law, including but not limited to the Health Insurance Portability and Accountability Act (HIPAA), the HITECH Act, state medical-records and consumer-protection laws, and laws governing the unauthorized practice of law.
Process medical records of, or information about, any individual without a lawful basis (e.g., a valid attorney-client engagement, an authorized records request, a Business Associate Agreement, or other lawful authority).
Attempt to identify, re-identify, or extract personally identifying information about individuals whose records are not the subject of a matter you are lawfully handling.
Use the Software to harass, defame, threaten, or harm any individual or entity.

1.2 Misuse of License or Access

Share, sublicense, rent, lease, sell, resell, or transfer your license key, credentials, or installation to any third party except as expressly permitted by the EULA.
Attempt to use a single license to provide service to multiple law firms, separate corporate entities, or end customers other than those for whom the license was purchased.
Circumvent, disable, or otherwise interfere with any license enforcement, telemetry, or update mechanism in the Software.
Reverse engineer, decompile, disassemble, or attempt to derive the source code or training-data-equivalent representations of the Software, except to the extent expressly permitted by applicable law notwithstanding this restriction.

1.3 Security and Infrastructure Abuse

Probe, scan, or attempt to penetrate the security of the Software, Provider’s network, the activation/license API, telemetry endpoints, R2 distribution endpoints, or any third-party infrastructure used to deliver the Software.
Introduce malware, viruses, worms, ransomware, time bombs, or any other malicious code into the Software environment.
Use automated scrapers, crawlers, or scripts to extract data from Provider’s websites, knowledge base, or activation API beyond the rate limits and access patterns documented or reasonably implied.
Exceed the rate limits or quota allocations Provider establishes for any cloud service the Software uses on your behalf (e.g., AWS Bedrock under your Business Associate Agreement).

1.4 Resale and Service-Bureau Use

Use the Software to operate a service bureau, BPO, or managed-services offering in which third parties pay you to process records through the Software, unless you have entered into a separate written reseller or partner agreement with Provider.
Use the Software to fulfill a contract that requires you to deliver MedRecords AI’s capabilities as a separately-priced line item to a downstream customer without Provider’s prior written consent.

2. Acceptable Use of Priority Support

The Priority Support service exists to help your firm get value from the Software. It is not a substitute for paid professional services, custom engineering, or training. The following guardrails apply:

2.1 Scope

Priority Support covers questions about, and operational issues with, the Software as documented in the Priority Support Service Agreement, Section 2.
Provider’s response-time obligations apply to a reasonable volume of well-formed support requests from a single Customer. They do not apply to ticket flooding, repeat submissions of the same issue across multiple channels, or persistent escalation of issues that have been resolved or that fall outside the documented scope.

2.2 Conduct Toward Support Personnel

Treat Provider’s support personnel professionally. Profanity, threats, harassment, discriminatory language, or sustained verbal abuse is grounds for immediate termination of Priority Support under Section 7.4(b) of the Priority Support Service Agreement and revocation of any access to Provider’s communication channels.
Provider reserves the right to record support calls, retain chat transcripts, and preserve email correspondence for the purpose of compliance, training, and dispute resolution. By contacting support, you consent to such recording and retention.

2.3 Out-of-Scope Requests

The following are not covered by Priority Support and may not be repeatedly requested through support channels after Provider has notified you in writing that the request is out of scope:

Custom development, custom integrations beyond the documented APIs, or bespoke output formats.
Hands-on training of new staff members, end-user onboarding, or video-call walk-throughs of features that are documented in the knowledge base, except as a one-time courtesy at Provider’s discretion.
Migration of historical data from third-party systems, bulk re-processing of pre-existing case files, or data-recovery work after customer-side data loss.
Operational support for software or services other than MedRecords AI (e.g., AWS account configuration beyond the documented onboarding wizard, Windows OS troubleshooting, third-party PDF tools, case-management system administration).
Legal advice, medical advice, billing-coding advice, or other advisory work that requires a licensed professional’s judgment.

Repeated submission of out-of-scope requests after written notice is a violation of this AUP and a trigger for termination under Section 7.8(b) of the Priority Support Service Agreement.

2.4 Multi-Tenant and Multi-Workstation Considerations

MedRecords AI is licensed and supported on a per-workstation basis. Operating a single license across multiple workstations, terminal-server sessions, or virtualized environments without Provider’s written approval violates this AUP and the EULA.
Support requests from any user other than the licensed Customer’s authorized representatives may be declined or routed back to the Customer for verification.

3. PHI Handling and HIPAA Compliance

MedRecords AI is designed to run on Customer hardware so Protected Health Information (“PHI”) stays inside the Customer’s environment. The following requirements protect that posture:

Do not transmit PHI to Provider via email, chat, support tickets, or any communication channel that is not the encrypted in-product diagnostic export. If a support issue requires PHI to diagnose, ask Provider for an authorized PHI-safe channel; Provider may decline if no such channel is available for your tier.
Do not include PHI in screenshots, log files, or sample case files attached to support requests. Use the Software’s built-in redaction or anonymization tools, or sanitize manually, before sharing.
Maintain a current and signed Business Associate Agreement (BAA) with AWS if you operate the Software in BYO-AWS-Bedrock mode. Use of AWS Bedrock with PHI without a BAA is a violation of HIPAA and of this AUP.
Do not share, post, or publicly display sample case files or summaries that contain real PHI, even in support forums, marketing materials, or case studies.

Important: Provider does not maintain a Business Associate Agreement with Customers for the on-premise Software because Provider does not access or process Customer PHI in the on-premise deployment model. If you operate in BYO-AWS-Bedrock mode, your BAA is between you and AWS, not Provider.

4. Compliance with Laws and Third-Party Terms

You are solely responsible for your compliance with all laws applicable to your use of the Software, including bar association rules, HIPAA, state medical-records regulations, and rules of professional responsibility for attorneys.
If the Software interoperates with third-party services (AWS Bedrock, Filevine, CASEpeer, Litify, Stripe, etc.), you are responsible for complying with those services’ terms of service and acceptable use policies in addition to this AUP.
The Software is not a substitute for the professional judgment of a licensed attorney. Every AI-generated output, including chronologies, billing summaries, valuations, and demand letters, must be verified against source records by a licensed attorney before being relied upon, presented to opposing counsel, filed in court, or used in any matter that could affect a client’s legal rights.

5. Reporting Violations

If you become aware of any violation of this AUP, including unauthorized access to your license or credentials, suspected security incidents, or third-party misuse of the Software, report it promptly to Provider at dan.direnfeld@aiproductivity.dev.

Do not attempt to investigate, exploit, or demonstrate a vulnerability against Provider’s production systems. If you discover a security issue in the Software itself or in any Provider-hosted service, send a private description to the email above before publishing or sharing it.

6. Enforcement and Remedies

Provider may take any combination of the following actions in response to a violation of this AUP, in its reasonable business judgment, with or without prior notice to you depending on the severity and nature of the violation:

Issue a written notice of violation describing the conduct and a cure period, if applicable;
Suspend or limit access to Priority Support, Provider’s knowledge base, the activation API, or any other Provider-hosted service;
Revoke or refuse to renew a license issued under the EULA where the violation also constitutes a material breach of that agreement;
Terminate the Priority Support Service Agreement immediately under Section 7.8(d) thereof, without refund;
Refer the matter to law enforcement or to applicable state bar authorities where the conduct involves illegal activity or violations of professional-responsibility rules;
Pursue any other remedies available at law or in equity.

Provider’s failure to enforce any provision of this AUP does not constitute a waiver of its right to enforce it later. Cumulative remedies apply — election of one remedy does not preclude pursuing others.

7. Updates to This AUP

Provider may update this AUP at any time by posting a revised version at aiproductivity.dev/acceptable-use.html and updating the Effective Date above. Material changes that broaden the scope of prohibited conduct will take effect thirty (30) days after posting. Non-material clarifications and additions to the list of out-of-scope support requests under Section 2.3 may take effect immediately.

Continued use of the Software, the Priority Support service, or any other Provider-hosted service after the effective date of an update constitutes your acceptance of the revised AUP.

8. Contact

Questions about this AUP, requests for clarification on whether a particular use is acceptable, and reports of violations should be directed to:

Productivity AI, LLC
City of Falls Church, Virginia
dan.direnfeld@aiproductivity.dev

This AUP is governed by the laws of the Commonwealth of Virginia, without regard to its conflict-of-laws principles. Disputes arising under this AUP are subject to the dispute-resolution and venue provisions of the agreement under which you accessed the relevant service (the EULA for the on-premise Software, the Priority Support Service Agreement for support).