Acceptable Use Policy
This page includes Persimmony's current standard policy info for reference. If your organization has a signed contract with Persimmony, that executed agreement governs and prevails over this published version wherever they differ.
Effective Date: July 6, 2026
1. Purpose
This Acceptable Use Policy ("AUP") describes what Users may not do when using Persimmony ("Provider") software-as-a-service offerings (the "Service"). It exists to protect the Service, the sensitive data it holds, and every organization that relies on it. Persimmony serves government health and human services agencies on a shared platform — misuse by one User can affect the security and availability of the Service for everyone.
2. Scope
This AUP applies to every person who accesses the Service ("User"), under any Customer's agreement with Persimmony. It supplements, and does not replace, the Customer's contract with Persimmony; where the contract says something different, the contract controls. Customers are responsible for ensuring their Users comply with this AUP.
3. Accounts & Access
- Credentials are individual. Each User accesses the Service with their own account. Accounts and credentials must not be shared, pooled, or transferred.
- Protect your credentials. Users must keep credentials secure and promptly report any suspected compromise — through the in-product support system, or through the Customer's administrator.
- Access only what you are authorized to access. Users must not attempt to view, use, or modify data, accounts, or functions beyond the permissions assigned to them, and must not circumvent or attempt to circumvent role-based access controls.
4. Prohibited Uses
Users must not:
- Break the law. No use of the Service that violates applicable law or regulation, or that stores, transmits, or displays unlawful or infringing material.
- Interfere with security. No penetration testing, vulnerability scanning, or security probing of the Service without Persimmony's prior written consent. No introducing malware or malicious code. No circumventing, disabling, or interfering with authentication, encryption, logging, or any other security feature.
- Access without authorization. No attempting to access another Customer's data or environment, another User's account, or any non-public area of the Service or its infrastructure.
- Disrupt the Service. No conduct that imposes an unreasonable load on the Service or degrades its availability or performance for other Users or Customers.
- Extract data in bulk outside supported features. No scraping, crawling, or automated bulk extraction of data except through features, reports, and interfaces Persimmony provides for that purpose.
- Resell or misuse access. No reselling, sublicensing, or making the Service available to anyone other than authorized Users; no using the Service to build or assist a competing product; no reverse engineering except where permitted by law that cannot be contractually waived.
5. Data Responsibilities
- Customers and their Users control what data they enter into the Service, and must enter only data they are permitted to collect and process under their own agreements, policies, and applicable law.
- Protected Health Information (PHI) belongs in the Service itself, where it is protected — not in support tickets, emails, screenshots, or any other channel. See the Customer Support Policy for how to get help without exposing sensitive data.
- Users who become aware of a suspected security issue, vulnerability, or data exposure must report it promptly through the in-product support system, and must not publicly disclose it or exploit it while it is being addressed.
6. Enforcement
Persimmony may investigate suspected violations of this AUP and may suspend or limit a User's or Customer's access to the Service where reasonably necessary to protect the Service, its data, or other Customers — with notice to the Customer where practicable, and restoring access when the issue is resolved. Violations may also constitute a breach of the Customer's contract or of applicable law. Persimmony's handling of any related security incident follows its published security practices and contractual commitments.
7. Changes to This Policy
Persimmony may update this AUP with notice to Customers. Updates will not materially reduce Persimmony's security posture. Where a Customer's contract incorporates a specific version of this AUP, that version controls for that Customer.
8. Contact
Persimmony, Inc.
5830 Granite Parkway Suite 100-217, Plano, TX 75024
Questions about this policy: support@persimmony.com (general inquiries)
Suspected security issues: through the in-product support system