Published for transparency while formal governance documents are prepared with counsel. There is no binding effective date until this banner is removed.
This Acceptable Use Policy describes conduct that is not permitted on the shteg.ai platform, the ShtegMed product, the clearinghouse and settlement services, and the developer API. It applies to every user and integration. It is a draft published for transparency; the binding version, prepared with counsel, will state the enforceable obligations. Nothing here narrows the safeguards described in our other governance documents.
You may not use the platform for any unlawful purpose, to submit fraudulent claims, or to facilitate money laundering or sanctions evasion. You may not send or attempt to route protected health information without an executed Business Associate Agreement in place — the system is designed to refuse this, and deliberately circumventing that refusal is prohibited. You may not misrepresent clinical, coding, or settlement data, attempt to bypass the settlement gate or the compliance conditions that authorize money movement, or use clinical decision-support output as an autonomous authority in violation of the propose-never-dispose doctrine, under which automation suggests and a human decides.
You may not probe, scan, or attempt to breach the security of the platform except as expressly permitted by our Responsible Disclosure Policy at /legal/responsible-disclosure. Do not attempt to access data belonging to another tenant, interfere with the audit ledger, deploy malware, or disrupt service availability. Authorized, good-faith security research is welcome through the disclosure channel; unauthorized intrusion is not.
The developer API is subject to rate limits and fair-use expectations. Do not scrape, resell, or redistribute data obtained through the API beyond your authorized purpose, and do not attempt to defeat rate limiting or authentication. Unconfigured or unauthorized calls receive typed, fail-closed refusals rather than fabricated success; treating those refusals as an error to be worked around is a misuse. Specific published limits will accompany the binding version.
Violations may result in throttling, suspension of API access, suspension or termination of an account, and, where required, notification to affected parties or authorities. Because the platform fails closed, many violations simply do not execute — but repeated or deliberate abuse is grounds for termination. Questions about whether a use is permitted should go to a human before you rely on it.
Unsure whether a use is permitted under this draft policy? Send a note and a human will answer before you build on it. No form that posts into a void.