Acceptable Use Policy

Last updated: May 21, 2026

This Acceptable Use Policy (“AUP”) complements the Terms of Use and defines what is and is not allowed on the MyMedica Service. We write these rules so the Service stays safe for patients, lawful for us, and clear for everyone. This Policy applies from May 12, 2026.

1. Introduction

MyMedica helps a patient assemble their own medical history — documents, lab tests, discharge notes — and show a one-pager to their doctor. That focus matters: the rules below follow from it.

In the event of a conflict between this AUP and the Terms of Use, the Terms of Use prevail, except where this Policy explicitly sets a stricter rule for a specific behavior.

2. Permitted Use

You may use the Service to:

• Upload, organize, and review your own medical documents and your own health context.
• Upload documents of a minor child for whom you have parental authority or documented guardianship.
• Generate a one-pager for a visit and share it with your own doctor — on a phone screen or printed.
• Issue a short-lived doctor share link with a limited time-to-live.
• Export, delete, and port your data in line with the Privacy Policy.

3. Prohibited Conduct

The following is prohibited on the Service:

1. Uploading medical documents belonging to another person without that person’s explicit, verifiable consent as the data subject under GDPR. The exception is a minor child for whom you have parental authority.
2. Uploading illegal content: child sexual abuse material, content that promotes illegal trade in controlled substances, content that infringes a third party’s intellectual-property rights.
3. Using the Service as a clinical decision-support tool in regulated medical settings. The Service is not a medical device, is not certified for diagnosis or treatment, and is not intended to replace certified clinical systems in a doctor’s workflow.
4. Distributing malware, phishing, or spam through the Service, including via share-link pages, abuse reports, or support tickets.
5. Scraping the Service, reverse-engineering the codebase, performing automated load against the API, or sending bot traffic outside our publicly documented APIs.
6. Attempting to access other users’ data, bypass security mechanisms (including Row-Level Security and authentication), enumerate accounts, or brute-force share-link tokens.
7. Reselling, sublicensing, or rebadging the Service under your own brand without the operator’s written permission.
8. Impersonating another person, providing false identification, committing fraud, including payment-instrument fraud.
9. Harassing, threatening, or abusing operator staff or other users, sending insulting or hostile messages through support or share channels.
10. Circumventing rate limits, geographic restrictions, or paid tiers through VPN manipulation, multiple accounts, bots, forged headers, or other technical means.
11. Accessing or using the Service from, or while ordinarily resident in, a jurisdiction subject to sanctions described in §1A of the Terms of Use (Geographic Restrictions).

4. Health-Data Specific Rules

Because the Service handles health data (a special category of personal data under Article 9 GDPR), additional rules apply:

• You may upload only your own data or the data of a minor child for whom you have parental authority.
• You may not upload another adult’s data — even a family member’s, your spouse’s, or your parents’ — without their documented consent as the data subject. Adult-third-party data uploaded without consent is treated as an AUP violation and grounds for immediate deletion of that data.
• You may not use the Service to make life-threatening decisions without consulting a qualified medical professional. The Service does not diagnose conditions and does not prescribe treatment. Any summary or fact extraction is the organization of your data, not clinical advice.

5. Reporting Violations

If you spot a violation of this AUP — for example, someone uploaded your data without consent, a share link is being abused, an account is sending spam — report it to us:

• Email: support@mymedica.me
• Subject: Abuse report

Include URLs, account identifiers (if known), the behavior, and any evidence you have. We treat such reports confidentially and do not disclose the reporter’s identity without a legal basis.

We respond to abuse reports within 5 business days. For matters that constitute an imminent threat or involve illegal content, we respond without delay.

6. Operator Response and Enforcement

Depending on the nature of the violation, we apply one of the following measures:

• Warning. We send a written warning by email and stop the offending action (for example, revoking a share link or deleting a specific uploaded document).
• Temporary suspension. We suspend access to the account until the violation is resolved or circumstances are clarified. A suspension is typically capped at 14 days unless an active investigation is in progress.
• Termination. For material or repeated violations, we terminate the contract under the Terms of Use and delete the account. Data is deleted in line with the Privacy Policy.
• Immediate termination pending review. For illegal content, security attacks, or attacks on other users’ data, we terminate access immediately, preserve the minimum technical evidence required, and cooperate with the competent authorities.

Refunds are not issued for accounts suspended or terminated for AUP violations (see the “Non-Refundable Cases” section of the Refund Policy).

7. Cooperation With Authorities

We respond to lawful requests from Ukrainian state authorities and from EU member-state data-protection authorities that arrive with a proper legal basis and an adequate level of formality (a request from the competent authority within its powers, citing the applicable provision).

We do not disclose user data without a legal basis. We do not hand over data to third parties in response to informal requests, marketing approaches, or requests from parties that are not a competent authority.

Where the law permits, we notify the data subject of the request and give them the opportunity to challenge it before we respond.

8. Changes to This Policy

We may change this AUP. We notify registered users by email at least 30 days before material changes — new prohibited categories, changes to the enforcement procedure, new grounds for termination — take effect. Non-material changes (wording, typo fixes) take effect immediately upon publication.

The date at the top of the page reflects the last update.

9. Contact

• Email: support@mymedica.me

10. Related Policies

• Terms of Use — the main contract for using the Service.
• Privacy Policy — how we process personal data.
• Refund Policy — when and how we issue refunds.