Acceptable Use Policy

This Acceptable Use Policy (“AUP”) applies to all access to and use of Fluent’s services, including by Customer and its Authorized Users. This AUP is incorporated into the Master Subscription Agreement / Terms of Service (“Agreement”) and the Authorized User Terms. Capitalized terms not defined here have the meanings in the Agreement.

1. Scope and Responsibility

Customer is responsible for all activity under its account, including activity by Authorized Users, contractors, and any other persons Customer permits to access the Service. Customer must ensure all users understand and comply with this AUP.

2. Named Users; No Credential Sharing

To protect security, auditability, and compliance:

• Named users required. Each user must have their own unique login tied to an individual person.
• No credential sharing. Sharing accounts, passwords, or authentication tokens is prohibited.
• No shared accounts. Each account must belong to a single individual user and may not be shared among multiple people.

3. Data Minimization; Prohibited Data

The Service is intended for scheduling and operational coordination. Customer must submit only the minimum information necessary for those purposes.

Customer must not upload, store, transmit, or otherwise process through the Service:

• Social Security numbers or government-issued identification numbers,
• payment card data (including full card numbers, CVV, or magnetic stripe data),
• passwords or authentication credentials for any third-party service,
• psychotherapy notes (as defined under HIPAA),
• biometric identifiers or genetic data,
• or any other highly sensitive information not required for scheduling.

4. PHI and HIPAA

Conditional on BAA. This section applies only if (i) Customer has a current Business Associate Agreement (“BAA”) in effect with Fluent and (ii) Fluent has enabled HIPAA-designated features for Customer’s account. For details on HIPAA-designated features and configuration, see the Trust Center: https://www.fluentworks.com/trust/.

If a BAA is in effect and HIPAA-designated features are enabled:

• Customer and Authorized Users may input PHI only into HIPAA-designated fields as identified by Fluent (e.g., at the Trust Center or in HIPAA configuration guidance).
• Customer must not place PHI into free-text fields, messages, or notifications that may be transmitted via email, SMS, or push notification, unless Fluent has expressly designated that specific feature as suitable for PHI (including via the Trust Center or other written guidance).
• Customer is responsible for configuring user permissions and training Users to avoid including PHI in non-designated fields.

No BAA in effect. If Customer does not have a BAA in effect with Fluent, Customer and its Authorized Users must not input, store, or transmit any PHI through the Service.

5. Security and Abuse Prohibitions

Customer and Authorized Users must not:

• attempt to gain unauthorized access to the Service, user accounts, or underlying systems,
• probe, scan, or test the vulnerability of the Service or any Fluent system without Fluent’s prior written permission,
• bypass or attempt to bypass access controls, authentication, logging, or security-related restrictions,
• introduce malware, harmful code, or automated scripts that interfere with the Service,
• interfere with, disrupt, degrade, or overload the Service (including via abusive rate of requests).

Security reporting: If you believe you have found a security vulnerability, report it to security@fluentworks.com. Do not publicly disclose vulnerabilities until Fluent has had a reasonable opportunity to investigate and remediate.

6. Illegal, Harmful, or Fraudulent Use

Customer and Authorized Users must not use the Service to:

• violate any applicable law or regulation,
• impersonate others or misrepresent identity or authorization,
• facilitate unlawful, harmful, or deceptive activities,
• store or transmit content that is illegal, infringing, or violates privacy rights.

7. Automated Access; API; Scraping

Customer must not:

• scrape the Service, crawl it, or use automated means to access it except through Fluent’s documented APIs (when available),
• circumvent rate limits or access restrictions,
• use the Service to create excessive load or to extract data in bulk outside of supported export tools.

If Fluent provides APIs, Customer must comply with all API documentation, authentication requirements, and reasonable rate limits.

8. Competitive Use; Reverse Engineering; Benchmarking

Customer and Authorized Users must not:

• reverse engineer, decompile, or attempt to derive source code from the Service except to the extent expressly permitted by applicable law that cannot be waived by contract,
• access the Service to build or help build a competing product or service,
• publish benchmark results, performance tests, or comparative analyses of the Service without Fluent’s prior written consent.

9. Model Training Restrictions

Customer and Authorized Users must not use the Service or any Customer Data accessed via the Service to train, fine-tune, or develop machine learning or AI models without Fluent’s prior written consent. This restriction does not prevent Customer from exporting its own Customer Data (where export functionality is available) and using it outside the Service, provided Customer complies with applicable law and its own obligations to data subjects.

10. Enforcement

Fluent may investigate suspected violations and take action as needed, including:

• providing warnings and requiring corrective action,
• suspending access to specific users, features, or the entire account,
• terminating the Agreement for material or repeated violations.

Fluent reserves the right to suspend access immediately if Customer’s use poses a security risk, may harm the Service or others, involves suspected fraud, or may result in legal exposure or noncompliance. Enforcement remedies under this AUP are in addition to any other remedies available to Fluent under the Agreement, the Authorized User Terms, or applicable law.