Terms of Service

Effective Date: January 15, 2026 Last Updated: January 15, 2026

These Terms of Service ("Terms") govern your access to and use of the FHIRfly API platform, website, and related services (collectively, the "Service") provided by FHIRfly.io LLC ("FHIRfly," "we," "us," or "our").

By accessing or using the Service, you agree to be bound by these Terms. If you do not agree to these Terms, do not use the Service.

1. Acceptance of Terms

By creating an account, accessing the API, or otherwise using the Service, you represent that:

You are at least 18 years old
You have the legal authority to enter into these Terms
If acting on behalf of an organization, you have authority to bind that organization to these Terms

2. Description of Service

FHIRfly provides a healthcare reference data API platform that offers programmatic access to public healthcare datasets, including but not limited to:

National Drug Codes (NDC)
National Provider Identifiers (NPI)
RxNorm drug terminology
LOINC laboratory codes
ICD-10 diagnosis and procedure codes
CVX vaccine codes
MVX vaccine manufacturer codes
FDA drug labeling information

Important: FHIRfly provides reference data only. The Service is not designed to store, process, or transmit Protected Health Information (PHI) as defined by HIPAA. The data we provide is publicly available information from government sources. See Section 10 (HIPAA and Protected Health Information) for important restrictions.

3. Account Registration

3.1 Account Creation

To access the Service, you must create an account by providing accurate and complete information. You are responsible for:

Maintaining the confidentiality of your account credentials
All activities that occur under your account
Notifying us immediately of any unauthorized use

3.2 Organizations

You may create or join organizations within FHIRfly. Organization owners and administrators are responsible for managing team members and their access levels.

4. API Credentials and Access

4.1 API Keys and OAuth Credentials

We provide two types of API credentials:

Simple Credentials: API keys for straightforward integrations
Secure Credentials: OAuth 2.0 client credentials for enhanced security

You must keep all credentials confidential and are responsible for any use of the Service through your credentials.

4.2 Credential Security

You agree to:

Not share credentials with unauthorized parties
Rotate credentials if you suspect compromise
Implement appropriate security measures in your applications
Not attempt to circumvent authentication mechanisms

5. Acceptable Use

Your use of the Service is subject to our Acceptable Use Policy, which is incorporated into these Terms by reference.

You agree not to:

Violate any applicable laws or regulations
Infringe on intellectual property rights
Attempt to gain unauthorized access to our systems
Interfere with the Service's operation or other users' access
Use the Service for any unlawful or harmful purpose

6. Rate Limits and Quotas

6.1 Plan Limits

Each subscription plan includes specific rate limits and monthly request quotas. Current limits are published on our Pricing page and in our Rate Limits documentation.

6.2 Enforcement

We may temporarily or permanently suspend access if you:

Exceed your plan's rate limits or quotas
Engage in abusive API usage patterns
Attempt to circumvent rate limiting mechanisms

7. API Changes and Deprecation

7.1 API Versioning

We may update, modify, or deprecate API endpoints, response formats, or features. We will make reasonable efforts to maintain backward compatibility within major API versions.

7.2 Deprecation Notice

For planned breaking changes, we will provide notice through:

API response headers indicating deprecation
Documentation updates
Email notification for significant changes (at least 30 days in advance when feasible)

7.3 Emergency Changes

We may make immediate changes without advance notice to address security vulnerabilities, legal requirements, or to prevent harm to the Service or its users.

7.4 Version Support

We aim to support deprecated API versions for a reasonable transition period. End-of-life dates for deprecated versions will be communicated through our documentation and status channels.

8. Subscription and Billing

8.1 Plans and Pricing

We offer multiple subscription tiers with different features and limits. Current pricing is available at fhirfly.io/pricing.

8.2 Payment Terms

Paid subscriptions are billed monthly in advance
Payments are processed through Stripe
All fees are non-refundable except as required by law
We may change pricing with 30 days' notice

8.3 Taxes

All fees are exclusive of taxes. You are responsible for paying all applicable taxes, including sales tax, VAT, GST, or other transaction taxes. If we are required to collect taxes, they will be added to your invoice.

8.4 Payment Disputes

If you believe a charge is incorrect, you must notify us within 30 days of the charge. Chargebacks or payment disputes initiated without first contacting us may result in account suspension.

8.5 Free Tier

The free tier is provided at our discretion and may be modified or discontinued at any time.

8.6 Cancellation

You may cancel your subscription at any time through the dashboard. Upon cancellation:

Your subscription remains active until the end of the current billing period
You retain access to free tier features after cancellation
We do not provide prorated refunds for partial months

9. Intellectual Property

9.1 FHIRfly Property

The Service, including its design, features, and documentation, is owned by FHIRfly and protected by intellectual property laws. These Terms do not grant you any rights to our trademarks, logos, or branding.

9.2 Data Sources

The reference data provided through our APIs is sourced from public government databases. See our Data Sources & Attribution page for detailed source information and licensing.

9.3 Your Content

You retain ownership of any content or data you submit to the Service. By submitting content, you grant us a limited license to use it as necessary to provide the Service.

10. Data and Privacy

Our collection and use of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference.

11. HIPAA and Protected Health Information

11.1 Service Not Designed for PHI

The Service is not designed, intended, or authorized for the storage, processing, or transmission of Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA"). We provide healthcare reference data only—not patient data, medical records, or individually identifiable health information.

11.2 No Business Associate Agreement

We do not offer a Business Associate Agreement ("BAA"). FHIRfly is not a HIPAA-covered entity or business associate with respect to the Service.

11.3 Your Obligations

You agree that you will not submit, transmit, or store any PHI through the Service, including in API requests, query parameters, headers, or any other form. This includes but is not limited to:

Patient names or identifiers
Medical record numbers
Social Security numbers
Dates of birth combined with health information
Any other individually identifiable health information

11.4 Responsibility for Compliance

If you are a HIPAA-covered entity or business associate, you are solely responsible for your own HIPAA compliance. Your use of reference data obtained through FHIRfly in your own systems does not make FHIRfly a business associate.

11.5 Detection and Removal

If we detect or reasonably believe that PHI has been submitted to the Service, we may, without liability:

Delete the data without notice
Suspend or terminate your account
Take any other action we deem necessary to protect the Service and comply with applicable law

12. Disclaimers

12.1 "As Is" Service

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

12.2 Data Accuracy

While we strive to provide accurate and up-to-date data, we do not warrant that the data is complete, accurate, or error-free. The reference data is sourced from third-party government databases that may contain errors or become outdated.

12.3 Medical Disclaimer

FHIRfly provides reference data for informational and development purposes only. The Service is not intended to provide medical advice, diagnosis, or treatment recommendations.

Important: Using the Service does not substitute for professional medical judgment or clinical decision-making. The reference data provided should not be used as the sole basis for any healthcare decision. Always consult qualified healthcare professionals for medical decisions, and verify critical data against authoritative sources.

12.4 No Uptime Guarantee

Unless you have a separate Service Level Agreement, we do not guarantee any specific level of uptime or availability.

13. Limitation of Liability

13.1 Exclusion of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, FHIRFLY SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, OR GOODWILL.

13.2 Liability Cap

OUR TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED DOLLARS ($100).

13.3 Basis of the Bargain

THE LIMITATIONS IN THIS SECTION REFLECT THE ALLOCATION OF RISK BETWEEN THE PARTIES AND ARE AN ESSENTIAL BASIS OF THE AGREEMENT BETWEEN US.

14. Indemnification

You agree to indemnify, defend, and hold harmless FHIRfly and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

Your use of the Service
Your violation of these Terms
Your violation of any third-party rights
Any application or service you build using our APIs
Any PHI or other prohibited data you submit to the Service

15. Termination

15.1 Termination by You

You may terminate your account at any time by contacting us or using the account deletion feature in the dashboard.

15.2 Termination by Us

We may suspend or terminate your access to the Service at any time, with or without cause, and with or without notice. Reasons for termination may include:

Violation of these Terms or the Acceptable Use Policy
Fraudulent, abusive, or illegal activity
Non-payment of fees
Extended periods of inactivity
Submission of PHI or other prohibited data

15.3 Effect of Termination

Upon termination:

Your right to access the Service immediately ceases
API credentials are immediately revoked
Organization members lose access to the organization's resources
We may delete your account data after 30 days

15.4 Data Export

Prior to termination, you may export your data through the dashboard, including:

Organization and account information
API credential metadata (not secret keys)
Usage reports and history

We are not obligated to provide data export after termination.

15.5 Data Retention

After termination, we may retain:

Billing and invoice records (7 years, as required by law)
Anonymized usage data for analytics
Records necessary for legal compliance

15.6 Survival

Provisions that by their nature should survive termination will survive, including Sections 9 (Intellectual Property), 11 (HIPAA), 12 (Disclaimers), 13 (Limitation of Liability), 14 (Indemnification), and 16 (Dispute Resolution).

16. Dispute Resolution

16.1 Governing Law

These Terms are governed by the laws of the State of Wyoming, without regard to conflict of law principles.

16.2 Informal Resolution

Before filing any formal dispute, you agree to contact us at admin@fhirfly.io to attempt to resolve the dispute informally. Most disputes can be resolved this way.

16.3 Arbitration

Any dispute not resolved informally within 30 days shall be resolved by binding arbitration in accordance with the rules of the American Arbitration Association. The arbitration shall take place in Wyoming or remotely, at our discretion.

16.4 Arbitration Opt-Out

You may opt out of the arbitration agreement by sending written notice to admin@fhirfly.io within 30 days of creating your account. The notice must include your name, email address, and a clear statement that you wish to opt out of arbitration. If you opt out, disputes will be resolved in the state or federal courts of Wyoming.

16.5 Class Action Waiver

You agree to resolve disputes with us on an individual basis and waive any right to participate in class actions. This waiver applies whether you opt out of arbitration or not.

16.6 Small Claims Exception

Either party may bring an individual action in small claims court for disputes within that court's jurisdiction.

17. Changes to Terms

We may modify these Terms at any time. We will notify you of material changes by:

Posting the updated Terms on our website
Updating the "Last Updated" date
Sending notice to your registered email address for significant changes

Your continued use of the Service after changes take effect constitutes acceptance of the modified Terms.