FHIRfly
Dashboard

Terms of Service

Effective Date: January 15, 2026 Last Updated: January 30, 2026

These Terms of Service ("Terms") govern your access to and use of the FHIRfly API platform, website, and related services (collectively, the "Service") provided by FHIRfly.io LLC ("FHIRfly," "we," "us," or "our").

By accessing or using the Service, you agree to be bound by these Terms. If you do not agree to these Terms, do not use the Service.

1. Acceptance of Terms

By creating an account, accessing the API, or otherwise using the Service, you represent that:

  • You are at least 18 years old
  • You have the legal authority to enter into these Terms
  • If acting on behalf of an organization, you have authority to bind that organization to these Terms

2. Description of Service

FHIRfly provides a healthcare reference data API platform that offers programmatic access to public healthcare datasets, including but not limited to:

  • National Drug Codes (NDC)
  • National Provider Identifiers (NPI)
  • RxNorm drug terminology
  • LOINC laboratory codes
  • ICD-10 diagnosis and procedure codes
  • CVX vaccine codes
  • MVX vaccine manufacturer codes
  • FDA drug labeling information

Important: FHIRfly provides reference data only. The Service is not designed to store, process, or transmit Protected Health Information (PHI) as defined by HIPAA. The data we provide is publicly available information from government sources. See Section 10 (HIPAA and Protected Health Information) for important restrictions.

3. Account Registration

3.1 Account Creation

To access the Service, you must create an account by providing accurate and complete information. You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • All activities that occur under your account
  • Notifying us immediately of any unauthorized use

3.2 Organizations

You may create or join organizations within FHIRfly. Organization owners and administrators are responsible for managing team members and their access levels.

4. API Credentials and Access

4.1 API Keys and OAuth Credentials

We provide two types of API credentials:

  • Simple Credentials: API keys for straightforward integrations
  • Secure Credentials: OAuth 2.0 client credentials for enhanced security

You must keep all credentials confidential and are responsible for any use of the Service through your credentials.

4.2 Credential Security

You agree to:

  • Not share credentials with unauthorized parties
  • Rotate credentials if you suspect compromise
  • Implement appropriate security measures in your applications
  • Not attempt to circumvent authentication mechanisms

5. Acceptable Use

Your use of the Service is subject to our Acceptable Use Policy, which is incorporated into these Terms by reference.

You agree not to:

  • Violate any applicable laws or regulations
  • Infringe on intellectual property rights
  • Attempt to gain unauthorized access to our systems
  • Interfere with the Service's operation or other users' access
  • Use the Service for any unlawful or harmful purpose

6. Rate Limits and Quotas

6.1 Plan Limits

Each subscription plan includes specific rate limits and monthly request quotas. Current limits are published on our Pricing page and in our Rate Limits documentation.

6.2 Enforcement

We may temporarily or permanently suspend access if you:

  • Exceed your plan's rate limits or quotas
  • Engage in abusive API usage patterns
  • Attempt to circumvent rate limiting mechanisms

7. API Changes and Deprecation

7.1 API Versioning

We may update, modify, or deprecate API endpoints, response formats, or features. We will make reasonable efforts to maintain backward compatibility within major API versions.

7.2 Deprecation Notice

For planned breaking changes, we will provide notice through:

  • API response headers indicating deprecation
  • Documentation updates
  • Email notification for significant changes (at least 30 days in advance when feasible)

7.3 Emergency Changes

We may make immediate changes without advance notice to address security vulnerabilities, legal requirements, or to prevent harm to the Service or its users.

7.4 Version Support

We aim to support deprecated API versions for a reasonable transition period. End-of-life dates for deprecated versions will be communicated through our documentation and status channels.

8. Subscription and Billing

8.1 Plans and Pricing

We offer multiple subscription tiers with different features and limits. Current pricing is available at fhirfly.io/pricing.

8.2 Payment Terms

  • Paid subscriptions are billed monthly in advance
  • Payments are processed through Stripe
  • All fees are non-refundable except as required by law
  • We may change pricing with 30 days' notice; you will be notified via email and dashboard notification

8.3 Grandfathered Pricing

Existing subscribers will continue at their current pricing indefinitely, even if we increase prices for new subscribers. Price increases only apply to new subscriptions or plan upgrades after the effective date of the change.

8.4 Taxes

All fees are exclusive of taxes. You are responsible for paying all applicable taxes, including sales tax, VAT, GST, or other transaction taxes. If we are required to collect taxes, they will be added to your invoice.

8.5 Payment Disputes

If you believe a charge is incorrect, you must notify us within 30 days of the charge. Chargebacks or payment disputes initiated without first contacting us may result in account suspension.

8.6 Free Tier

The free tier is provided at our discretion and may be modified or discontinued at any time.

8.7 Cancellation

You may cancel your subscription at any time through the dashboard. Upon cancellation:

  • Your subscription remains active until the end of the current billing period
  • You retain access to free tier features after cancellation
  • We do not provide prorated refunds for partial months

9. Intellectual Property

9.1 FHIRfly Property

The Service, including its design, features, and documentation, is owned by FHIRfly and protected by intellectual property laws. These Terms do not grant you any rights to our trademarks, logos, or branding.

9.2 Data Sources

The reference data provided through our APIs is sourced from public government databases. See our Data Sources & Attribution page for detailed source information and licensing.

9.3 Your Content

You retain ownership of any content or data you submit to the Service. By submitting content, you grant us a limited license to use it as necessary to provide the Service.

10. Data and Privacy

10.1 Privacy Policy

Our collection and use of personal information is governed by our Privacy Policy, which is incorporated into these Terms by reference.

10.2 Data Breach Notification

In the event of a security breach that results in unauthorized access to your personal information, we will:

  • Investigate promptly: Begin investigation within 24 hours of discovering the potential breach
  • Notify affected users: Send email notification within 72 hours of confirming a breach that affects your personal data
  • Provide details: Include in our notification: (a) description of the breach, (b) types of data affected, (c) steps we are taking to address the breach, and (d) recommended actions you can take to protect yourself
  • Report to authorities: Comply with applicable data breach notification laws, including reporting to relevant regulatory authorities where required

We maintain security incident response procedures and will provide updates as our investigation progresses.

11. HIPAA and Protected Health Information

11.1 Service Not Designed for PHI

The Service is not designed, intended, or authorized for the storage, processing, or transmission of Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA"). We provide healthcare reference data only—not patient data, medical records, or individually identifiable health information.

11.2 No Business Associate Agreement

We do not offer a Business Associate Agreement ("BAA"). FHIRfly is not a HIPAA-covered entity or business associate with respect to the Service.

11.3 Your Obligations

You agree that you will not submit, transmit, or store any PHI through the Service, including in API requests, query parameters, headers, or any other form. This includes but is not limited to:

  • Patient names or identifiers
  • Medical record numbers
  • Social Security numbers
  • Dates of birth combined with health information
  • Any other individually identifiable health information

11.4 Responsibility for Compliance

If you are a HIPAA-covered entity or business associate, you are solely responsible for your own HIPAA compliance. Your use of reference data obtained through FHIRfly in your own systems does not make FHIRfly a business associate.

11.5 Detection and Removal

If we detect or reasonably believe that PHI has been submitted to the Service, we may, without liability:

  • Delete the data without notice
  • Suspend or terminate your account
  • Take any other action we deem necessary to protect the Service and comply with applicable law

12. Disclaimers

12.1 "As Is" Service

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

12.2 Data Accuracy

While we strive to provide accurate and up-to-date data, we do not warrant that the data is complete, accurate, or error-free. The reference data is sourced from third-party government databases that may contain errors or become outdated.

12.3 Medical Disclaimer

FHIRfly provides reference data for informational and development purposes only. The Service is not intended to provide medical advice, diagnosis, or treatment recommendations.

Important: Using the Service does not substitute for professional medical judgment or clinical decision-making. The reference data provided should not be used as the sole basis for any healthcare decision. Always consult qualified healthcare professionals for medical decisions, and verify critical data against authoritative sources.

12.4 No Uptime Guarantee

Unless you have a separate Service Level Agreement, we do not guarantee any specific level of uptime or availability.

13. Limitation of Liability

13.1 Exclusion of Damages

TO THE MAXIMUM EXTENT PERMITTED BY LAW, FHIRFLY SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, OR GOODWILL.

13.2 Liability Cap

OUR TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICE SHALL NOT EXCEED THE GREATER OF: (A) THE AMOUNT YOU PAID US IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM, OR (B) ONE HUNDRED DOLLARS ($100).

13.3 Basis of the Bargain

THE LIMITATIONS IN THIS SECTION REFLECT THE ALLOCATION OF RISK BETWEEN THE PARTIES AND ARE AN ESSENTIAL BASIS OF THE AGREEMENT BETWEEN US.

14. Indemnification

You agree to indemnify, defend, and hold harmless FHIRfly and its officers, directors, employees, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable attorneys' fees) arising from:

  • Your use of the Service
  • Your violation of these Terms
  • Your violation of any third-party rights
  • Any application or service you build using our APIs
  • Any PHI or other prohibited data you submit to the Service

15. Termination

15.1 Termination by You

You may terminate your account at any time by contacting us or using the account deletion feature in the dashboard.

15.2 Termination by Us

We may suspend or terminate your access to the Service at any time, with or without cause, and with or without notice. Reasons for termination may include:

  • Violation of these Terms or the Acceptable Use Policy
  • Fraudulent, abusive, or illegal activity
  • Non-payment of fees
  • Extended periods of inactivity
  • Submission of PHI or other prohibited data

15.3 Effect of Termination

Upon termination:

  • Your right to access the Service immediately ceases
  • API credentials are immediately revoked
  • Organization members lose access to the organization's resources
  • We may delete your account data after 30 days

15.4 Data Export

Prior to termination, you may export your data through the dashboard, including:

  • Organization and account information
  • API credential metadata (not secret keys)
  • Usage reports and history

We are not obligated to provide data export after termination.

15.5 Data Retention

After termination, we may retain:

  • Billing and invoice records (7 years, as required by law)
  • Anonymized usage data for analytics
  • Records necessary for legal compliance

15.6 Survival

Provisions that by their nature should survive termination will survive, including Sections 9 (Intellectual Property), 11 (HIPAA), 12 (Disclaimers), 13 (Limitation of Liability), 14 (Indemnification), and 16 (Dispute Resolution).

16. Dispute Resolution

16.1 Governing Law

These Terms are governed by the laws of the State of Wyoming, without regard to conflict of law principles.

16.2 Informal Resolution

Before filing any formal dispute, you agree to contact us at admin@fhirfly.io to attempt to resolve the dispute informally. Most disputes can be resolved this way.

16.3 Arbitration

Any dispute not resolved informally within 30 days shall be resolved by binding arbitration in accordance with the rules of the American Arbitration Association. The arbitration shall take place in Wyoming or remotely, at our discretion.

16.4 Arbitration Opt-Out

You may opt out of the arbitration agreement by sending written notice to admin@fhirfly.io within 30 days of creating your account. The notice must include your name, email address, and a clear statement that you wish to opt out of arbitration. If you opt out, disputes will be resolved in the state or federal courts of Wyoming.

16.5 Class Action Waiver

You agree to resolve disputes with us on an individual basis and waive any right to participate in class actions. This waiver applies whether you opt out of arbitration or not.

16.6 Small Claims Exception

Either party may bring an individual action in small claims court for disputes within that court's jurisdiction.

17. Changes to Terms

17.1 Notification of Changes

We may modify these Terms at any time. We will notify you of material changes by:

  • Posting the updated Terms on our website
  • Updating the "Last Updated" date
  • Sending notice to your registered email address for significant changes

17.2 Acceptance of Changes

Your continued use of the Service after changes take effect constitutes acceptance of the modified Terms.

17.3 Rejection of Changes

If you do not agree to material changes to these Terms, you may reject the changes by discontinuing use of the Service within 30 days of the notification. If you are a paying subscriber and reject material changes:

  • Your account will be terminated at the end of the 30-day notice period
  • We will refund any prepaid fees for the current billing period on a prorated basis
  • You must notify us at admin@fhirfly.io that you are rejecting the changes and requesting termination

If you do not reject material changes within 30 days, your continued use of the Service constitutes acceptance.

18. General Provisions

18.1 Entire Agreement

These Terms, together with the Privacy Policy and Acceptable Use Policy, constitute the entire agreement between you and FHIRfly regarding the Service.

18.2 Severability

If any provision of these Terms is found unenforceable, the remaining provisions will continue in effect.

18.3 Waiver

Our failure to enforce any provision of these Terms does not waive our right to enforce it later.

18.4 Assignment

You may not assign your rights under these Terms without our consent. We may assign our rights without restriction.

19. Contact Information

For questions about these Terms, please contact us:

FHIRfly.io LLC Email: admin@fhirfly.io Phone: (816) 552-2628 Address: 30 N Gould St, Ste 60120, Sheridan, WY 82801