Acceptable Use Policy

1. Purpose

This policy describes acceptable and unacceptable use of HippoHandover. It is binding on every user and supplements the Terms of Service.

2. You agree to

• Use the Service exclusively for legitimate clinical care or institution-approved education.
• Access only patients you are authorised to see by your service membership and coverage scope.
• Use a coded display name for every patient and avoid full identifiers in display fields.
• Use a strong, unique password and keep your session credentials confidential.
• Sign out of shared devices when you finish, and configure device auto-lock and disk encryption per your institution's policy.
• Report suspected breaches, unauthorised access, or data loss within 24 hours.

3. You will not

• Screenshot, photograph, or paste patient identifiers into messaging, email, or social media.
• Share your account, password, or session cookies with anyone — including teammates.
• Bypass or attempt to bypass authentication, rate-limits, audit logging, or the PHIA acknowledgement.
• Upload malicious files, attempt to exploit vulnerabilities, or scrape the Service.
• Use AI features to send patient data to a personal AI account or to any model/provider not configured by the institution and approved by us.
• Use the Service to conduct research or analytics without institutional ethics approval.

4. Reporting

Report suspected misuse to security@hippomedicine.com. Reports are reviewed within 48 hours.

5. Enforcement

Violations may result in account suspension, audit log review, escalation to your institution, or in serious cases referral to professional regulatory bodies and law enforcement. Where institution agreements specify additional remedies, those apply.