Acceptable Use Policy

1. What this Policy covers

This Acceptable Use Policy ("AUP") tells you what kinds of content and behavior are not allowed on Yve. It applies to everyone who uses the Service, on any plan.

This AUP is part of our Terms of Service. Violating this AUP is a violation of the Terms and can result in your account being suspended or terminated.

2. No Protected Health Information (PHI)

Protected Health Information (PHI) is the term HIPAA uses for any information that identifies an individual and relates to their physical or mental health, their healthcare, or payment for their healthcare.

HIPAA defines 18 specific categories of identifiers. If any of these appear together with health information, the data is PHI. The categories are:

1. Names. First name, last name, initials, nicknames, or partial names that could identify someone in context (e.g., "Ms. P. in room 304").
2. Geographic subdivisions smaller than a state. Street addresses, cities, counties, precincts, ZIP codes (if the area has fewer than 20,000 people, the ZIP is identifying).
3. Dates related to an individual other than the year alone. Date of birth, admission date, discharge date, date of death, date of a procedure, date of a visit. All ages over 89 must be aggregated as "90 or older."
4. Telephone numbers.
5. Fax numbers.
6. Email addresses.
7. Social Security numbers.
8. Medical record numbers (MRNs). The identifier your clinical site uses to track this patient specifically.
9. Health plan beneficiary numbers. Medicare, Medicaid, or private insurance member IDs.
10. Account numbers. Hospital billing accounts, clinic accounts.
11. Certificate or license numbers.
12. Vehicle identifiers and serial numbers, including license plate numbers.
13. Device identifiers and serial numbers. Pacemaker serial numbers, infusion-pump IDs, implant IDs.
14. Web URLs.
15. Internet Protocol (IP) addresses.
16. Biometric identifiers. Fingerprints, voice prints, retinal scans.
17. Full-face photographs or any comparable images that could identify the person.
18. Any other unique identifying number, characteristic, or code not listed above that could be used to identify someone in context.

The combination matters. A first name alone is not PHI. A diagnosis alone is not PHI. A first name plus a diagnosis plus the day of admission can be PHI, especially in a small clinical setting where the combination uniquely identifies a patient.

3. Your promise to us

By using Yve, you warrant — meaning, you make a legally binding promise — that:

• Every file, image, paste, or message you submit to Yve has been anonymized or is otherwise free of all 18 categories of PHI listed above.
• If you upload clinical examples (care plans, case studies, SOAP notes you have practiced writing), you have removed or fictionalized all identifiers.
• You will use anonymized, fictional, textbook, or de-identified examples for clinical practice in Yve.
• You will not paste content directly from electronic health record systems (EHRs) like Epic, Cerner, Meditech, or similar.

4. What happens if you violate the PHI rule

Yve runs an automated detector that flags inputs containing common PHI patterns (MRN-shaped numbers, SSN patterns, name+date combinations). The detector is permissive — it will sometimes warn you about things that are not actually PHI. If it warns you, the safest move is to stop and check the input.

If we discover real PHI in your account, we may:

• Delete the content containing PHI.
• Suspend or terminate your account.
• Report the incident to your clinical site, school, or regulatory authorities where required by law.
• Pursue any remedies available to us under the Terms of Service.

This is not a hypothetical. PHI in an unauthorized system is a real HIPAA breach that can result in fines for you, your school, your clinical site, and us. Take the prohibition seriously.

5. What to do instead

If you want to practice writing a SOAP note, a care plan, or a clinical scenario in Yve:

• Use a fictional name and demographics. "Mr. Garcia, 67 years old" is fine if Mr. Garcia is fictional.
• Use a textbook case study or one from your course materials.
• Anonymize a real case fully before pasting: remove the name, shift the dates, change the location, change the MRN to "MRN-FICTIONAL-001." Anonymization is your responsibility and Yve will not do it for you.
• When in doubt, do not paste it.

6. Other prohibited uses

Beyond the PHI rule, you may not use Yve to:

• Engage in unlawful activity or content that infringes others' legal rights.
• Harass, threaten, defame, or stalk any person.
• Generate or distribute material that sexually exploits minors, or any content that violates child-protection laws.
• Generate content designed to harm or deceive specific individuals — fraudulent communications, impersonation, forged credentials, fake medical documentation intended to deceive a real party.
• Attempt to identify, contact, or de-anonymize another person through Yve's outputs.
• Reverse-engineer Yve's systems, scrape it programmatically, probe it for vulnerabilities (without prior written authorization), or attempt to derive its source code.
• Submit content you do not have the right to submit (copyright infringement, trade-secret violations, etc.).
• Use Yve to build, train, or improve a competing product or AI system.
• Resell, sublicense, or commercially redistribute Yve's outputs in ways that imply Yve has produced or endorsed professional content.
• Submit any data subject to specific regulatory protections you are not authorized to share — PHI as covered above, but also payment card data (PCI-DSS), financial-account data (GLBA), educational records covered by FERPA in a way that violates your institution's policy, or controlled unclassified information.

7. Academic integrity is your responsibility

Yve provides study help and assignment-solving tools. Your school, program, and instructors set the rules about when and how AI assistance is allowed for your coursework.

You are responsible for knowing those rules and following them. Some examples of situations to consider:

• Some courses require all assignments to be your original work. Submitting Yve's output as your own may violate that policy.
• Some courses allow AI for studying but not for final submissions. Use Yve to learn; produce final submissions yourself.
• Some courses require citation of AI assistance. Cite Yve in your work where your institution requires it.

We do not police academic integrity. We provide a tool. How you use it within your academic context is your call and your responsibility.

8. Reporting violations

If you become aware of someone using Yve in violation of this Policy — for example, sharing screenshots of a Yve conversation that contains real PHI, or using Yve to generate harassing content — email support@getyve.com. Include enough detail for us to investigate (account email if known, a description of the violation, links or screenshots where appropriate).

We treat reports confidentially within our team and will not disclose the reporter's identity to the reported user except where required by law.

9. Changes to this Policy

We may update this Policy. When we do, we update the "Last updated" date above. For material changes, we will email registered users at least 14 days before the change takes effect.

10. Contact

Questions, reports, or anything else: support@getyve.com.