Terms & Conditions

1.1 Scope and Application

These Terms & Conditions ("Terms") apply to all services ("Services") provided by SYNAP, LLC, including but not limited to our Flask-powered applications, APIs, websites ( https://synap.cloud and https://medipass.care), Google integrations, and any related mobile or third-party services. By accessing or using any part of the Services, you agree to comply with and be bound by these Terms, as well as all applicable local, state, and federal laws and regulations, including but not limited to the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA).

If you do not agree with these Terms, you must not use our Services. Your continued use of our Services constitutes your acceptance of any updates to these Terms, which may be amended from time to time to remain compliant with evolving legal requirements.

The Services are specifically designed for cannabis dispensaries and individuals who meet the legal requirements to engage in medical cannabis use as defined under California law. By using the Services, you represent and warrant that:

• You are at least 18 years old or the age of majority in your jurisdiction, whichever is higher.
• You are a valid medical cannabis patient or an authorized entity under California law.
• All information you provide to us, including any medical recommendations, is truthful, accurate, and complies with applicable legal standards.

Use of the Services to access, store, or transmit medical information, including cannabis recommendations, is subject to stringent data security and privacy protocols. Users acknowledge and agree that SYNAP, LLC implements appropriate administrative, technical, and physical safeguards to protect user data in compliance with California’s data protection laws and regulations. However, users are solely responsible for ensuring that their use of the Services aligns with all applicable laws and professional obligations.

1.2 Changes to These Terms

We may update these Terms periodically to reflect changes in our Services, practices, or applicable laws, including California-specific statutes. The most current version will be posted on our website. We will provide notice of material changes as required by law. Your continued use of the Services after such changes take effect constitutes your acceptance of the revised Terms.

2.1 Allowed File Types

You may only upload the following file types through our Services:

• png
• jpg / jpeg
• gif
• txt

By uploading files, you represent and warrant that:

• The files comply with all applicable laws, including but not limited to California data privacy and security laws.
• The files do not contain sensitive personal information beyond what is necessary for the intended use of our Services, such as medical recommendations or patient IDs.
• You have the legal right and necessary consent to upload any file containing personal or medical information, as required by California law.

We implement technical and administrative safeguards to secure uploaded files against unauthorized access, disclosure, or alteration. However, you are responsible for ensuring that uploaded files do not violate the intellectual property rights of any third party or contain malware or other harmful content.

2.2 Rate Limiting

To ensure stable performance, we enforce the following API request limits:

• Up to 300 requests per day per IP address
• Up to 100 requests per hour per IP address

Attempts to circumvent these limits may result in suspension or termination of your account.

2.3 Session Duration

Our Flask applications utilize session cookies and JWT tokens with a default expiration of 1 hour. After 1 hour, you may be required to log in again or refresh your token, depending on your session configuration.

2.4 JWT Implementation

We use JSON Web Tokens (JWT) for user authentication to ensure secure access to our Services. Our JWT implementation includes the following features and safeguards to comply with applicable laws, including California data privacy regulations:

• Tokens are stored in secure, HTTP-only cookies to mitigate risks of unauthorized access.
• All token transmissions are protected using HTTPS to prevent interception or unauthorized disclosure.

• Tokens are combined with Cross-Site Request Forgery (CSRF) protection to prevent unauthorized actions on behalf of authenticated users.

• Access tokens expire after 1 hour to minimize security risks from token misuse.
• Refresh tokens may be issued to extend session duration, subject to secure handling practices.
• Tokens are automatically invalidated upon logout, session revocation, or account changes.

• Users have the right to request information about how their authentication data is used in accordance with California laws such as the CCPA and CPRA.

By using our Services, you consent to the use of JWTs as outlined above. You are responsible for safeguarding your account credentials to ensure secure access to your account.

2.5 Role-Based Access Control

We implement a least-privilege, role-based access control (RBAC) system. Only authorized roles can modify sensitive data or access admin functionality.

2.6 Blacklist Token Management

Invalidated or revoked tokens are added to a blacklist stored in Redis for the duration of the token's remaining life to prevent re-use.

3.1 Google Drive Integration

We offer optional file storage via Google Drive. By linking your Google account, you grant us permission to upload, download, and manage files in your specified Drive folder.

3.2 Google Vision API

We utilize Google Vision API for document scanning and OCR (Optical Character Recognition). Document images are encrypted in transit, processed via the Vision API, and handled according to our Privacy Policy.

3.3 Redis Session Management

Our Services rely on Redis for session and token storage, including blacklisted tokens. Redis stores only the necessary session identifiers and token data needed to confirm valid sessions.

3.4 OAuth2 Authentication

We use OAuth2 for user authentication, enabling logins via external providers (e.g., Google). When you use OAuth2, you are subject to the external provider's terms in addition to ours.

4.1 Flask-Powered Applications

Our core Services run on a Flask framework, enabling user login, session handling, file uploads, membership management, and integration with external APIs.

4.2 Medical Recommendation Management

We provide tools for storing and verifying medical recommendations. SYNAP, LLC does not provide medical advice-these features only facilitate document handling. Always consult a licensed professional for actual medical advice.

4.3 Membership and Fee Processing

Certain users, such as store clients, may have membership plans or service fees. By registering under such a plan, you agree to pay any applicable fees disclosed during signup or invoicing.

You agree not to use our Services to engage in unlawful or harmful activities, including but not limited to the following:

5.1 Uploading Malicious Files or Code

Prohibited under California Penal Code § 502, uploading malware, viruses, or malicious code to compromise systems or data is strictly forbidden.

5.2 Harassing Other Users or Distributing Spam

Harassment, stalking, or distributing unsolicited messages (spam) violates California's Online Privacy Protection Act (CalOPPA) and anti-spam laws such as the California Business and Professions Code § 17529.5.

5.3 Bypassing Security Controls or Rate Limits

Circumventing security measures, rate limits, or access restrictions is considered unauthorized access and is punishable under California Penal Code § 502.

5.4 Violating Intellectual Property Rights

Uploading, sharing, or distributing content that infringes on copyrights, trademarks, or other intellectual property rights is a violation of both federal and California state intellectual property laws.

5.5 Storing or Distributing Content Related to Minors if Under 18 (See Section 7)

Any activity involving the exploitation, endangerment, or unauthorized handling of minors' data is prohibited under California laws, including the California Consumer Privacy Act (CCPA).

We reserve the right to suspend or terminate accounts that violate these Terms.

We employ technical and organizational measures (e.g., encryption, WAF, DDoS protection) to protect data. Full details can be found in our Privacy Policy. By using our Services, you agree to the data practices outlined therein.

Our Services are not intended for individuals under the age of 18, in compliance with applicable laws, including the California Consumer Privacy Act (CCPA) and the Children's Online Privacy Protection Act (COPPA).

7.1 Prohibition on Use by Minors

Individuals under 18 are prohibited from using our Services. Any accounts found to be associated with minors will be terminated immediately.

7.2 Data Collection Practices

We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a minor, we will take the following actions:

• All data associated with the minor will be permanently removed from our systems.
• If feasible, we will inform the minor's parent or legal guardian about the data breach.
• The minor's account will be disabled and removed to prevent further access to our Services.

Our Services are controlled and operated from the United States. If you access our Services from outside the U.S., you do so voluntarily and are responsible for compliance with local laws.

Neither party shall be liable for any failure or delay in performance under these Terms (except for payment obligations) due to circumstances beyond their reasonable control, including acts of God, natural disasters such as earthquakes or wildfires, government actions or regulatory changes, warfare, civil unrest, public health emergencies, or infrastructure failures such as power outages or cyberattacks. Both parties agree to make reasonable efforts to mitigate the impact of such events and resume performance as soon as practicable. This clause does not excuse liability for obligations that could have been reasonably avoided or mitigated.

By using our Services, you consent to receive electronic communications from us (e.g., emails, texts, in-app messages). These satisfy any legal requirement that communications be in writing, unless otherwise required by law.

We welcome your suggestions, feedback, or other communications about our Services. You grant us a non-exclusive, worldwide, royalty-free license to use, modify, and incorporate your feedback without obligation to you.

Disclaimer

Our Services are provided "as is" and "as available." We disclaim all warranties, express or implied, including warranties of merchantability or fitness for a particular purpose. We do not guarantee third-party services or data accuracy (e.g., Google Drive, Google Vision API, Redis).

Limitation of Liability

To the maximum extent permitted by applicable law, SYNAP, LLC, its affiliates, officers, employees, agents, and licensors shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, data loss, or business interruption, arising from or related to your use of our Services, even if we have been advised of the possibility of such damages. Our total liability for any claims under these Terms, including for implied warranties, is limited to the amount you paid us to use the Services in the 12 months prior to the event giving rise to the liability. If no fees were paid, our liability shall be zero. The Services are provided on an “as-is” and “as-available” basis without warranties of any kind, either express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, non-infringement, or availability. SYNAP, LLC does not warrant that the Services will be uninterrupted, error-free, secure, or free of harmful components, or that any content provided through the Services is accurate or reliable. Users are solely responsible for ensuring their compliance with all applicable laws and regulations when using our Services, including but not limited to California’s privacy and cannabis-related laws. We disclaim all liability for third-party services, integrations, or content you access through our Services. This limitation of liability applies to the fullest extent permitted by law and survives termination of your use of the Services.

We may modify, update, or discontinue portions of our Services at any time without liability. We will provide notice if these changes significantly affect your use.

Your account remains in effect until terminated by either party. We may suspend or terminate your account if you breach these Terms, violate our Acceptable Use policy, or engage in illegal activity.

Upon termination, all associated tokens and sessions may be invalidated. Any data retained thereafter is handled according to our Privacy Policy.

These Terms are governed by the laws of the State of California, U.S.A., without regard to conflict-of-law principles. Disputes must be resolved in the state or federal courts located in San Diego County, California, unless otherwise required by applicable law.

If any provision of these Terms is found to be invalid or unenforceable, that provision shall be severed, and the remaining provisions will remain in full force and effect. Our failure to enforce any right or provision does not constitute a waiver of that right or provision.