Acceptable Use Policy

Version 1.0 — Effective August 3, 2026 (posted July 4, 2026)

1. Purpose and Scope

This Acceptable Use Policy ("AUP") governs use of the Oystercatcher platform and related services (the "Service") provided by Oystercatcher, LLC, a Connecticut limited liability company ("Oystercatcher," "we," "our," or "us"). This AUP is incorporated by reference into, and forms part of, our Terms of Use. Capitalized terms used but not defined in this AUP have the meanings given to them in the Terms of Use.

This AUP applies to every person and organization that accesses or uses the Service, including all users invited into an organization's account. If this AUP and the Terms of Use address the same conduct, the more restrictive provision controls.

2. Lawful Use; Responsibility for Your Users

You may use the Service only for lawful business purposes and in compliance with all applicable federal, state, local, and international laws and regulations. If you are an organization, you are responsible for the acts and omissions of every user who accesses the Service through your account, including compliance with this AUP by each of those users, and any violation of this AUP by one of your users is a violation by you.

3. Communications Compliance

When contacting healthcare professionals or any other person using information obtained from the Service, you are solely responsible for complying with all laws governing your communications, including without limitation:

  • CAN-SPAM Act. Commercial email must use accurate header and routing information, must not use misleading subject lines, must include a functioning opt-out mechanism whose requests are honored within 10 business days, and must include your valid physical postal address.
  • TCPA. The Telephone Consumer Protection Act's prior-express-consent rules apply to calls, text messages, and faxes to the extent applicable to your outreach. Note that fax numbers appear in the data provided by the Service, and unsolicited fax advertising is restricted by the TCPA's junk-fax provisions; do not send fax advertisements without the consent or established business relationship the law requires.
  • State telemarketing and communications laws. Many states impose their own telemarketing, text-messaging, and commercial-email requirements, including registration, calling-time, and do-not-call rules.
  • GDPR and ePrivacy rules, where applicable. If your outreach reaches data subjects protected by the EU or UK General Data Protection Regulation or ePrivacy laws, you must have a lawful basis for the processing and comply with applicable consent and objection requirements.

You must maintain your own suppression lists and honor opt-out and do-not-contact requests across all channels (email, phone, text, fax, and mail), regardless of the channel on which the request was received.

4. Healthcare-Industry Rules

You are responsible for complying with the industry codes and healthcare laws applicable to your interactions with healthcare professionals, including the PhRMA Code on Interactions with Health Care Professionals and the AdvaMed Code of Ethics, to the extent they apply to you. If you use Open Payments (Sunshine Act) data available through the Service, you acknowledge that such data arises in a regulated context and that you are solely responsible for your own fraud-and-abuse and anti-kickback compliance, including under the federal Anti-Kickback Statute. The Service is a business tool; it does not provide legal or compliance advice, and nothing in the Service constitutes guidance on whether a given interaction, payment, or arrangement is lawful.

5. Prohibited: Eligibility and FCRA Uses

The Service is not a consumer reporting agency as defined by the Fair Credit Reporting Act ("FCRA"), 15 U.S.C. § 1681 et seq., and the data provided through the Service is not a consumer report. You may not use the Service or any data obtained from it, in whole or in part:

  • To determine any person's eligibility for employment, credentialing, licensure, insurance, credit, housing, or government benefits, or for any other purpose regulated by the FCRA;
  • As a factor in establishing any person's eligibility for any of the foregoing; or
  • To use disciplinary-action or licensure data for employment or credentialing decisions of any kind.

Any such use is a material breach of the Terms of Use and grounds for immediate termination.

6. Data-Use Restrictions

With respect to data obtained from the Service, you may not:

  • Resell, sublicense, or publicly redistribute the data, or otherwise make it available to third parties except as expressly permitted by the Terms of Use;
  • Use the data to build, train, enhance, or populate a database, product, or service that competes with the Service;
  • Engage in bulk replication of the data or any substantial portion of our database;
  • Use exports for anything other than your internal business use; or
  • Use the data to harass, stalk, intimidate, or discriminate against any person.

If a medical professional asks you directly to stop using their information, or we notify you that a record has been suppressed or corrected, you must apply that request to your exported copies — including ceasing outreach and suppressing or deleting the record from your systems — within ten (10) business days.

7. Platform Integrity

You may not:

  • Attempt to gain unauthorized access to the Service, other customers' accounts or data, or any related systems or networks;
  • Scrape, crawl, or harvest content from the Service by any automated means other than the documented API where your subscription includes it;
  • Circumvent or attempt to evade rate limits, quotas, or other technical usage controls;
  • Introduce viruses, malware, or other harmful code into the Service;
  • Conduct penetration testing, vulnerability scanning, or other security testing of the Service without our prior written permission — authorized security research is governed by our Vulnerability Disclosure Policy; or
  • Share user seats or account credentials among multiple individuals.

8. AI Features

When using AI-powered features of the Service, you may not:

  • Attempt to extract other customers' data, prompts, or outputs from AI features;
  • Conduct prompt-injection attacks or otherwise attempt to manipulate AI features into bypassing their safeguards or access controls; or
  • Represent AI-generated research or output as independently verified fact without conducting your own verification.

9. Enforcement

We may investigate suspected violations of this AUP and may suspend or terminate access to the Service, in whole or in part, for any violation, with notice where practicable. Suspension or termination under this AUP does not limit any other remedies available to us under the Terms of Use or applicable law. To report abuse or a suspected violation of this AUP, contact [email protected].

Contact

Oystercatcher, LLC
Email: [email protected]