Acceptable Use Policy (AUP)

This AUP supplements the Terms of Service. Your use of the Platform must comply with this policy. Violations may lead to suspension or termination, escalation to law enforcement, and, where appropriate, legal action including indemnity recovery.

1. Prohibited content and activities

You will not, and will not permit any Authorised User or third party to, use the Platform to:

1.1 Illegal or harmful conduct

• Violate any Indian law, including the Drugs and Cosmetics Act 1940, the Pharmacy Act 1948, the Narcotic Drugs and Psychotropic Substances Act 1985, the GST Act 2017, the Income-tax Act 1961, the IT Act 2000, the DPDP Act 2023, or any state-level pharma regulation
• Sell or facilitate the sale of medicines without a valid drug licence, prescription, or other lawful basis
• Sell or dispense Schedule X, Schedule H1, or psychotropic / narcotic drugs without complying with the prescription / register / retention requirements under Drugs Rules 1945
• Issue invoices, e-invoices, or e-Way bills that misrepresent the underlying transaction (round-tripping, dummy GSTIN, fictitious supplier, etc.)
• Engage in money laundering, tax evasion, or violation of FEMA / RBI rules
• Process personal data without lawful basis under the DPDP Act 2023

1.2 Pharma-specific prohibitions

• Bill or dispense expired stock; deliberately bypass FIFO or near-expiry quarantine controls
• Generate sample disbursements or schemes designed to evade Section 17(5)(h) of the CGST Act 2017 or UCPMP 2024
• Misuse drug-licence numbers, prescription images, or doctor identifiers
• Falsify CDSCO, state drug-control authority, or NIC GSP submissions
• Falsify MR visit data, prescription captures, or sample reconciliations

1.3 Security / abuse

• Attempt to access another Tenant's data, escalate privileges, or bypass tenant isolation
• Exploit any vulnerability in the Platform; conduct penetration tests, fuzzing, or load tests without prior written consent
• Upload malware, viruses, worms, or any code intended to damage the Platform or other systems
• Interfere with or disrupt the Platform's operation, including via denial-of-service or excessive automated requests
• Misrepresent your identity or impersonate another person, role, or entity
• Scrape, mirror, or aggregate data from the Platform other than as part of your own Tenant account's authorised export
• Reverse-engineer or attempt to derive source code, except as permitted under §52 of the Copyright Act 1957

1.4 Spam & communications abuse

• Use the Platform to send unsolicited commercial messages in violation of TRAI rules (TCCCPR 2018) or sender / template / consent requirements
• Violate WhatsApp Business Policy or Meta Business Terms when using the WhatsApp integration
• Use the Platform's email infrastructure to send phishing or scam content

1.5 IP & confidentiality violations

• Upload content that infringes copyright, trademark, trade secret, or patent rights of another party
• Use the Platform to host third-party content that you have no licence to host
• Disclose Platform features, screenshots, or pricing in a manner harmful to the Company's competitive position

1.6 AI feature misuse

• Use AI features to attempt to extract Company-internal prompts, system instructions, or other proprietary configuration
• Use AI outputs to generate content that violates this AUP or the law
• Submit data to AI features that exceeds the lawful basis under which you collected it

2. Your security obligations

• Maintain strong, unique passwords; rotate at least every 180 days; enable 2FA where offered
• Restrict Authorised User access on a need-to-know basis; revoke access on termination
• Promptly report suspected compromise to support@pharmit.in and CERT-In if required
• Keep your endpoint devices patched; do not access the Platform from compromised or unsupported environments
• Do not share credentials; the Company may treat any access using your credentials as authorised

3. Enforcement

The Company may, at its sole discretion and without prior notice:

• Investigate any suspected violation
• Suspend access pending investigation
• Remove offending content
• Terminate accounts
• Cooperate with law-enforcement and regulatory authorities under valid orders

The Company is not liable for any loss arising from enforcement action taken in good faith.

4. Reporting violations

To report a suspected AUP violation, write to support@pharmit.in with the subject "AUP report". Please include all relevant details, but do not include malware samples or prohibited content.