Legal

Developer API Terms of Service

Last updated: March 1, 2026

1. Acceptance

By registering for API access, generating API keys, or making API calls to the VisitNote platform ("Service"), you agree to these Developer API Terms of Service ("Terms"). These Terms are in addition to the VisitNote Terms of Service and Privacy Policy.

2. API Access & Approval

API access requires registration and manual approval by the VisitNote team. We reserve the right to approve, deny, or revoke API access at any time and for any reason. Approval does not guarantee continued access.

3. Authentication & Security

  • API keys and OAuth credentials are confidential. Do not share them publicly.
  • You are responsible for all activity under your API credentials.
  • Report compromised credentials immediately to security@houstonitd.com.
  • All API communication must use HTTPS (TLS 1.2 or higher).

4. Acceptable Use

You agree to:

  • Use the API only for lawful purposes consistent with your stated use case.
  • Comply with all applicable healthcare regulations including HIPAA.
  • Not attempt to access data belonging to other users or organizations without authorization.
  • Not reverse-engineer, scrape, or benchmark the API without prior written consent.
  • Not resell API access or build a competing service on top of the API.
  • Attribute VisitNote AI in any public-facing integration.

5. Rate Limits & Fair Usage

The API enforces rate limits to ensure fair access for all developers. Exceeding rate limits will result in throttled responses (HTTP 429). Persistent abuse may result in access suspension. See the Rate Limits documentation for current limits.

6. Data Handling & HIPAA

  • The VisitNote API handles Protected Health Information (PHI). You must implement appropriate safeguards as required by HIPAA.
  • You must not store PHI longer than necessary for your stated use case.
  • Organizations requiring a Business Associate Agreement (BAA) must contact us before processing PHI via the API.
  • You are solely responsible for how you use, store, and transmit data obtained through the API.

7. OAuth2 Applications

If you register an OAuth2 application, you must clearly identify your application to users during the authorization flow. You must only request scopes necessary for your integration. You must not store refresh tokens insecurely or share user tokens between applications.

8. API Changes & Versioning

VisitNote may update, modify, or deprecate API endpoints. We will provide reasonable notice of breaking changes via the API Changelog. Non-breaking changes (new fields, new endpoints) may be made without notice.

9. Liability & Indemnification

The API is provided "as is" without warranty of any kind. VisitNote and Houston IT Developers LLC are not liable for any damages arising from your use of the API, including loss of data, business interruption, or third-party claims. You agree to indemnify VisitNote against claims arising from your use of the API or violation of these Terms.

10. Termination

Either party may terminate API access at any time. Upon termination, you must immediately stop using the API and delete all API credentials. VisitNote may suspend access immediately for violations of these Terms.

11. Contact

For questions about these Terms or to report security issues, contact us at developers@houstonitd.com.