Last updated: July 08, 2026

Acceptable Use Policy

1. Introduction

This Acceptable Use Policy ( “AUP”) is a binding legal agreement between Customer (“you”) and Boulevard Labs, Inc. (“Boulevard”) that describes rules that apply to your access and use of the Boulevard Services, including our Software and Platform, as well as the access and use of your Users and Clients. All appendices, exhibits, schedules, and attachments to this AUP (collectively, the “Appendices”) are expressly incorporated herein by reference and form an integral part of this AUP. Customer is responsible for ensuring its Users’ and Clients’ compliance with this AUP. While this AUP explicitly describes prohibited uses and activities in connection with our Services, the list of prohibited conduct is not exhaustive. If Customer or any of your Users or Clients violates this AUP, Boulevard may suspend or terminate your access to and use of the Services in addition to any other rights and remedies Boulevard may have under any other agreement in place between you and Boulevard.

You acknowledge that this Acceptable Use Policy is hereby incorporated into and made part of the Main Services Agreement (“MSA”). If you see an undefined term in this Acceptable Use Policy, it has the same definition as in the MSA. Except as expressly provided herein, the AUP supplements the Parties' rights and obligations under the MSA. This AUP may be updated by Boulevard from time to time upon reasonable notice, which may be provided via Customer’s Account, email, or by posting an updated version of this AUP at https://www.joinblvd.com/legal/acceptable-use-policy. Your continued use of the Services shall be deemed your conclusive acceptance of any such revisions. 

BY USING OR OTHERWISE ACCESSING THE BOULEVARD SERVICES, YOU ACKNOWLEDGE AND AGREE THAT YOU HAVE READ THIS POLICY, UNDERSTAND ITS TERMS, AND AGREE TO BE LEGALLY BOUND BY ITS TERMS. IF YOU DO NOT AGREE WITH THIS AUP, YOU CANNOT USE THE SERVICES.

2. No Misuse of the Services. 

Do not use the Services to engage in, profit from, or encourage any activity that is illegal, deceptive, harmful, a violation of others’ rights, or harmful to Boulevard’s business operations or reputation.

3. No Infringing, Illegal, Inappropriate, Threatening, Defamatory, or Offensive Uses. 

You may not use the Services to violate any Applicable Law. “Applicable Law” includes all applicable laws, rules, regulations, or governmental orders applicable to you, your business, or the subject matter of this AUP, the MSA, or the use of our Services, including, without limitation, laws governing the use of individual information, deceptive and misleading business practices and advertising, privacy laws, anti-money laundering laws, laws related to the provision of healthcare services, electronic commercial communications, telemarketing and other similar laws, which include without limitation the U.S. Telephone Consumer Protection Act of 1991, U.S. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 and the Canada Anti-SPAM Legislation, if applicable, and each as amended.

Without limiting the foregoing, you shall not use the Services for, or in connection with, the following:

3.1. Theft or infringement of copyrights, trademarks, trade secrets, or other types of intellectual property.

3.2. Fraud; forgery; or theft or misappropriation of funds, credit cards, or personal information.

3.3. Creating a false identity or any attempt to impersonate any person or entity, including, but not limited to, Boulevard personnel, or falsely state or otherwise misrepresent your affiliation with a person or entity.

3.4. Attempting to mislead others as to the identity of the sender or origin of any data or communications. 

3.5. Making available any content that (i) is unlawful, tortious, defamatory, vulgar, obscene, libelous, or racially, ethnically, or otherwise objectionable; (ii) violates, or encourages any conduct that would violate, any Applicable Law or would give rise to civil liability; (iii) promotes discrimination, bigotry, racism, hatred, harassment or harm against any individual or group; (iv) is violent or threatening, or promotes violence or actions that are threatening to any other person; or (v) promotes illegal or harmful activities.

3.6. Making available any content that you do not have a right to make available under any law or under contractual or fiduciary relationships (such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under non-disclosure agreements).

3.7. Bullying, stalking, threatening, or otherwise harassing any person or entity, including Boulevard employees or partners.

3.8. Export, re-export, or transfer of restricted software, algorithms or other data in violation of applicable export control laws.

3.9. Intentionally or unintentionally violate any applicable local, state, provincial, national or international law, treaty, or regulation, or any order of a court.

3.10. Deceptive practices such as posing as another service for the purposes of phishing or pharming.

3.11. Distributing any materials of a threatening or harmful nature, including without limitation threats of death or physical harm, or materials that are malicious, harassing, libelous, defamatory, or which facilitate extortion or harmful action.

3.12. Distributing any offensive materials, including without limitation obscene, pornographic, indecent or hateful materials and materials which promote gambling or discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age.

3.13. Sending unwanted telemarketing, promotional or informational messages without having procured the necessary consents, rights and license from the recipient(s) of your messages or abiding by opt-out signals.

3.14. Sending messages in violation of the U.S. National Do Not Call Registry or related considerations under Applicable Law.

3.15. Deploying or using any tracking technologies, including but not limited to pixels, cookies, web beacons, session recording tools, or similar tracking code, in connection with the Services without (a) providing appropriate notice to end users in a compliant privacy policy, (b) obtaining all legally required consents under Applicable Law (including under CCPA/CPRA, HIPAA, and applicable state privacy laws), and (c) ensuring that no such tracking technology is applied to pages or screens where Protected Health Information or other sensitive personal information may be displayed or entered. Customers providing Healthcare Services are further prohibited from deploying third-party advertising pixels on any page where Protected Health Information (“PHI”) and/or sensitive health-related personal information (“Sensitive PI”) may be collected or displayed, consistent with HHS Office for Civil Rights guidance on online tracking technologies.

3.16. Processing PHI and/or Sensitive PI unless you are allowed under Applicable Law and have completed all the required steps to process PHI and/or Sensitive PI on the Boulevard Services, as described in the MSA, and are in compliance with this AUP, including Appendix 1, Acknowledgment of Healthcare Compliance, at all times.

3.17. Providing “Healthcare Services” only in compliance with all Applicable Law, under the supervision of a properly licensed professional, and with all necessary and applicable licenses and certifications for each specific Healthcare Service offered. For the purposes of this AUP,  “Healthcare Services”  means (i) medical care (such as diagnosis, treatment, and management of disease or health conditions, or other services that affect the structure or function of the body in a medical context), preventative care (such as services intended to prevent diseases or health conditions, or to detect them early), surgical services, mental health services, and/or dispensing and/or managing medications (collectively, “Medical Services”); and (ii) clinical care services, including aesthetician services, massage therapy, bodywork, and other hands-on wellness, cosmetic treatment, or personal care services that involve the collection or use of health-related intake information, contraindication assessments, or other personal health information from Clients in connection with the provision of such services (collectively, “Clinical Services”), regardless of whether the provider of such services is subject to HIPAA. 

3.18. Participating in, facilitating, enabling, or providing Restricted Services & Transactions as defined in Section 6, below.

3.19. Registering for more Customer Accounts than you have paid for, or registering for an Account on behalf of an individual other than yourself. 

3.20. Sharing your Account login credentials, passwords, or access tokens with any individual or entity not employed by or under a direct service contract with Customer, or permitting any unauthorized party to access or operate the Services using Customer’s Account credentials.

3.21. Violating any Restrictions on Use of the Services described herein or in the MSA.

3.22. Advocate, encourage, or assist any third party in doing any of the foregoing activities in this section.

4. No Violations of Industry Standards. 

You may not use the Services to violate Industry Standards or the requirements of any telecommunications provider, payment network, financial institution, or regulatory body. As used in this AUP, "Industry Standards" means the rules, requirements, guidelines, and best practices established or adopted by industry bodies, regulators, card networks, payment processors, and financial institutions that govern the use of payment, communications, and data services, including but not limited to: (a) the Payment Card Industry Data Security Standard ("PCI-DSS"), which governs the handling, storage, and transmission of cardholder data; (b) Anti-Money Laundering (“AML”) laws and Know Your Customer ("KYC") requirements imposed under the Bank Secrecy Act, FinCEN regulations, and any applicable state money transmission laws, including requirements to verify the identity of customers, monitor transactions for suspicious activity, and report as required by law; (c) card network rules issued by Visa, Mastercard, American Express, Discover, and any other applicable payment network; (d) fraud prevention requirements imposed by Boulevard's payment processors or financial institution partners; (e) telecommunication providers’ requirements or guidance, including those of The Campaign Registry (“TCR”) to the extent they require (i) consent to be obtained prior to transmitting, recording, collecting, or monitoring data or communications, (ii) compliance with opt-out requests for any data or communications, or (iii) prohibition of messages containing restricted content; (f) applicable state consumer protection laws governing payment services, online and internet-based activities, and data privacy, including state privacy statutes, unfair and deceptive acts and practices ("UDAP") laws, and electronic commerce regulations; and (g) applicable laws and standards governing the collection, use, storage, transmission, and disclosure of sensitive healthcare data. You are responsible for independently identifying and complying with all Industry Standards applicable to your business and use of the Services. Boulevard's obligations to its payment processors, financial institution partners, and card networks are expressly conditioned on your compliance with this Section, and any violation may result in suspension or termination of your access to Boulevard's Payment Processing Services. You acknowledge and agree that we are not responsible for any liabilities arising from your violation of this Section 4.

5. Data Security; Technical Restrictions.

Your obligations with respect to the security of data processed in connection with the Services, including requirements governing the handling, storage, transmission, and disposal of sensitive personal, financial, and health-related data, are governed by the applicable Data Processing Addendum ("DPA") and/or Business Associate Agreement ("BAA") between you and Boulevard, each of which is incorporated into the MSA. You agree to comply with all security requirements set forth in those agreements as a condition of your continued use of the Services. Technical restrictions on your use of the Services, including, without limitation, prohibitions on unauthorized access, scraping, crawling, reverse engineering, and automated or programmatic access to the platform, as set forth in the MSA. Except to the extent expressly permitted under Section 8 of this AUP and the MSA for Healthcare Services, or for Customers who have executed a Business Associate Agreement with Boulevard, you are not permitted to use or cause the Services to store or process sensitive or otherwise regulated health or financial information, including Protected Health Information. You acknowledge and agree that we are not responsible for any liabilities arising from your violation of this Section 5.

6. No Inappropriate Content or Users.

Do not use the Services to transmit or store any content or communications (commercial or otherwise) that is illegal, harmful, unwanted, inappropriate, or objectionable, including, but not limited to, content or communications that Boulevard determines (a) is false or inaccurate; (b) is hateful or encourages hatred or violence against individuals or groups; or (c) could endanger public safety. This prohibition includes the use of the Services by a hate group. Customer and its Users are also prohibited from using the Services to promote, or enable the transmission of or access to, any prohibited content or communications described in this Section.

7. No Prohibited Artificial Intelligence or Generative AI Use.

You may not use the Services to input, process, generate, or transmit content using artificial intelligence or generative AI tools in any manner that: (a) violates any Applicable Law or Industry Standard; (b) produces or disseminates false, misleading, or deceptive content, including synthetic media (such as deepfakes) that impersonates any person or entity or misrepresents the origin of any communication; (c) circumvents or undermines Boulevard's security controls, content moderation systems, or technical safeguards; (d) facilitates any activity that is otherwise prohibited under this AUP; or (e) involves the input of Protected Health Information, sensitive personal data, payment card data, or other regulated data into any third-party AI system not expressly authorized under your DPA or BAA with Boulevard. You are solely responsible for ensuring that any AI-generated content transmitted or processed through the Services complies in full with this AUP and all Applicable Law, including any applicable disclosure or labeling requirements for AI-generated content. For clarity, this Section does not restrict your use of AI tools that Boulevard itself makes available as part of the Services.

8. Restricted Services & Transactions.

You agree not to use the Services, including our Payment Processing Services, to advertise or provide services or process transactions that are illegal, or restricted by card networks, our processors, or our financial institutions (“Restricted Services & Transactions”). Marketing such services, providing such services, or processing transactions in violation of this AUP may result in a restriction of access to the Services and/or termination of your Customer Account and our Agreement with you.

8.1. Without limiting the foregoing, the following categories of services, products, and transactions are expressly prohibited. You may not use the Services, including Boulevard's Payment Processing Services, to advertise, offer, sell, facilitate, or process payments for any of the following:

  • Adult Services. The following adult-oriented services are prohibited:

    • Dating services

    • Massage parlors

    • Sex work

  • Drug-Related Products and Services. The following drug-related products and services are prohibited:

    • Drugs or drug paraphernalia

    • Marijuana, cannabis, and cannabis-derived products or services, except to the extent Customer is operating in compliance with all Applicable Law (including applicable state licensing requirements), card network rules, and Boulevard's payment processing partner requirements, and has received prior written approval from Boulevard.

  • Healthcare Services & Pharmaceuticals. The following healthcare and pharmaceutical services are prohibited:

    • Internet/Mail Order Pharmacies or pharmacy referral sales

    • Telehealth/Telemedicine services offered exclusively online without a physical location option, as further described in Section 7.2 

    • Unapproved or experimental Stem Cell, Exosome, or regenerative cell therapies not cleared by the FDA for the indicated use

    • Unapproved or experimental weight loss treatments, including HCG weight loss protocols and compounded medications lacking an applicable FDA approval or exemption; provided that FDA-approved weight management medications (including GLP-1 receptor agonists such as semaglutide and tirzepatide) are permitted for Customers meeting the supervision requirements of Section 7.2

    • Non-medically supervised ketamine, esketamine, or other dissociative administration services; provided that (i) Spravato (esketamine) in REMS-certified settings, and (ii) physician-supervised IV ketamine infusion therapy for psychiatric indications in a licensed clinical setting, are permitted for Customers meeting the requirements of Section 7.2. 

    • Ozone therapy or other treatments not approved by the FDA for the indicated use and not supervised by a licensed physician

    • Prescription peptides or compounded biological medications subject to an active FDA enforcement action, import alert, or lacking a required FDA authorization for the indicated use

  • Financial Services. The following financial products and services are prohibited:

    • Payday loans, predatory cash advance services, and short-term high-interest consumer lending not offered through Boulevard's approved payment processing or BNPL partners

    • Money transmitter

  • Gambling & Lottery. The following gambling and prize-related activities are prohibited:

    • Contests, sweepstakes, or raffles

    • Offering prizes as an inducement to purchase goods or services

  • High Risk. The following activities are prohibited due to elevated financial, legal, or reputational risk:

    • International card sales greater than 20% of total sales

    • Businesses with known or unresolved labor law violations or systemic workplace condition violations.

    • Businesses whose operations or proceeds raise material concerns under applicable laws governing the rights, lands, or resources of indigenous peoples.

    • Customers who have been subject to allegations and impacts related to human rights violations

    • Money-back guarantees exceeding 30 days

  • Illegal Activities & Products. The following illegal or legally suspect activities and products are prohibited.

    • Counterfeit or possibly counterfeit goods, or products that infringe on the intellectual property rights of others

    • Deceptive, unfair, or predatory practices

    • Hate, violence, racial intolerance, terrorism, the financial exploitation of a crime, or items or activities that encourage, promote, facilitate, or instruct others regarding the same

    • Unlawful activities, illegal substances or products, or items that encourage, promote, facilitate, or instruct others regarding the same

  • Regulated Products & Services. The following heavily regulated products and services are prohibited without regard to whether Customer holds applicable licenses, as they fall outside the scope of permitted use of the Services:

    • Age-restricted products or services, such as alcohol

    • Firearms, including ammunition

    • Tobacco, cigarettes, e-cigarettes, hookah

    • Weapons of any kind

In addition, you agree not to use the Services, including our Payment Processing Services, to submit any Transactions that are illegal, fraudulent, or unauthorized, and will only submit transactions for the sale of your own goods and services.

8.2 Healthcare Services 

As described above in Section 8.1 and in Section 3, relevant restrictions to Customers providing Healthcare Services (as defined above in Section 3) include the following:

8.2.1. Telehealth: Customers may not exclusively provide Healthcare Services online or over the phone. They must have a physical location and require an initial in-office appointment before providing any Healthcare Service. Clients must return to the office at least every 6 months for ongoing treatment. However, Customers may offer a free initial virtual consultation for informational purposes only.

8.2.2. Online Prescriptions: Customers may not exclusively provide prescriptions in connection with Telehealth services.

8.2.3. Compliance with Applicable Law: Customers may only provide Healthcare Services and process PHI in compliance with all Applicable Law, our MSA, applicable Documentation, and the AUP.

8.2.4. Supervision and Licensing: Customers may only provide Healthcare Services in compliance with all applicable state licensing requirements and scope of practice rules (“Licensure Laws”). Healthcare Service must be performed, in accordance with state Licensure Laws, by or under the supervision of a licensed professional within their legally authorized scope of practice.. In addition, Customers must have all necessary and applicable licenses and certifications for each specific Healthcare Service they offer.

In addition, by accepting this AUP, Customers providing Healthcare Services acknowledge that they have read, understand, and agree to be bound by the Acknowledgment of Healthcare Compliance set forth in Appendix 1 to this AUP, which is incorporated herein by reference. Acceptance of this AUP constitutes Customer's agreement to all terms of Appendix 1. To ensure compliance with the above requirements, Customers providing Healthcare Services will be subject to additional diligence during onboarding and before such Customers may initiate Boulevard Payment Processing Services. This additional diligence will include a review of the products and services offered for compliance with this AUP. As part of this approval process, Boulevard may require Customer to submit additional documentation, including a written memorandum describing Customer's business model and eligibility for payment processing. Submission of such documentation does not guarantee approval, and Boulevard reserves the right to withhold, condition, or revoke Payment Processing Services for any offering it determines, in its sole discretion, does not comply with this AUP.

9. Interference with the Services.

You may not interfere with or otherwise negatively impact any aspect of the Services. You may not use the Services to violate, attempt to violate, or knowingly facilitate the violation of the security or integrity of any network, electronic service, or other systems accessible through, or in connection with, the Services. You shall not use the Services in a manner that interferes with any other party’s ability to use and enjoy the Services, that interferes with Boulevard's or its service partners’ ability to provide the Services, or that otherwise may create legal liability for Boulevard or its service partners in Boulevard’s sole discretion. You shall not use the Services to violate the acceptable use policy or terms of service of any other service provider, including, without limitation, any Internet service provider.

Without limiting the foregoing, you shall not use the Services for, or in connection with, the following:

  • Reverse engineering, copying, disassembling, or decompiling the Services.

  • Attempting to bypass, exploit, defeat, or disable limitations or restrictions placed on the Services.

  • Finding security vulnerabilities to exploit the Services or attempting to bypass any security mechanism or filtering capabilities.

  • Attempting to gain unauthorized access to the Services.

  • Hacking, cracking into or otherwise using the non-public areas of the Services or any other system without authorization.

  • Unauthorized probes or port scans for vulnerabilities.

  • Unauthorized penetration tests, traffic that circumvents authentication systems or other unauthorized attempts to gain entry into any system.

  • Web crawling or scraping.

  • Unauthorized network monitoring or packet capture.

  • Forged or non-standard protocol headers, such as altering source addresses.

  • Flooding.

  • Denial of Service (DoS) attacks or any other conduct that attempts to disrupt, disable, or overload the Services.

  • Transmitting or distributing unauthorized code, data, files, scripts, agents or programs intended to do harm to the Services, including malware, viruses, Trojan horses, spyware, worms, or other malicious or harmful code

  • Using automated means, such as bots, to gain access to or use our Services, including our Platform and Software.

  • Operating network services such as open proxies; open mail relays; or open, recursive domain name servers.

  • Exceeding published API rate limits, sharing API credentials or access tokens with any party not expressly authorized under a separate written agreement with Boulevard; using API access to extract, aggregate, or compile data about other Boulevard customers, their clients, or their business operations; or using API access to circumvent billing controls, entitlement limits, or feature restrictions applicable to Customer’s subscription tier.

  • Using Boulevard’s AI Communication Features, including our AI voice receptionist or any other Boulevard AI feature to: (i) initiate unauthorized automated communications or circumvent required consent mechanisms; (ii) place any outbound call or send any message to a recipient using an AI-generated or AI-cloned voice without that recipient’s prior express written consent as required by applicable law, including FCC rules governing artificial or prerecorded voice calls under the Telephone Consumer Protection Act (“TCPA”); or (iii) represent such AI feature as a human agent when a caller directly and sincerely asks whether they are speaking with a person.

  • Sharing or publishing content from the Services to cause, or have the consequence of causing, the user of the content to be in violation of the MSA or this AUP.

  • Advocate, encourage, or assist any third party in doing any of the foregoing activities in this section.

10. No Spam.

You shall not use the Services for purposes of distributing text messaging “spam,” bulk unsolicited messages, or any other form of unsolicited electronic communications distributed on a bulk basis to recipients with whom you have no pre-existing business or personal relationship. You shall not use the Services to collect responses from spam. You shall not harvest, collect, gather, or assemble information or data of users, including email addresses, without their consent. You are solely responsible for obtaining all necessary and appropriate rights, licenses, and consents from those person(s) and entity(ies) with whom you message or otherwise communicate via the Services, prior to commencing any such messaging or communication. Additionally, you shall not use the Services to send unwanted messages to individuals who have asked to stop receiving messages through any medium. To the extent required by applicable law, you must track and record all such requests specific to your business. You must also provide recipients of those MMS/SMS messages you send via the Services with conspicuous notice of their ability to opt-out from receiving any future text messages, by texting STOP in a stand-alone message with no additional characters or punctuation. Without limiting the foregoing, you shall not use the Services for, or in connection with, the following:

  • Sending pyramid schemes.

  • Sending chain letters.

  • Sending any mail in contravention of Applicable Law.

  • Altering or obscuring mail headers or assuming the identity of a sender without the explicit permission of that sender.

  • Advocate, encourage, or assist any third party in doing any of the foregoing activities in this section.

11. Data Safeguards. 

As described in the DPA, you must take reasonable security precautions in connection with your use of the Services. You are responsible for the actions and omissions of your Users and anyone to whom you provide access to the Services or the content you create using the Services. Customer must notify Boulevard within forty-eight (48) hours of becoming aware of any actual or reasonably suspected unauthorized access to, or disclosure of, data processed through the Services, regardless of whether Customer has separately notified any regulator, affected individual, or card network.

12. Violations.

Boulevard has the right, but not the obligation, to monitor or investigate your use of the Services at any time for compliance with this AUP or any other terms of the MSA. If we believe that (i) your conduct violates the letter or spirit of this AUP, (ii) you engage in activities that could damage our reputation, or (iii) you engage in conduct that creates material reputational harm to Boulevard based on objective factors, including but not limited to regulatory actions, public statements, or media coverage, we reserve the right to take any corrective action that we deem to be appropriate. 

Corrective action may include but is not limited to, blocking your payment transaction, holding funds, suspending or restricting your use of the Boulevard Services, or terminating your Customer Account. Our determination of whether a violation of this AUP has occurred will be final and binding, and any action taken with respect to enforcing this AUP, including taking no action at all, will be at our sole discretion. Boulevard reserves the right to investigate and take appropriate legal action in accordance with the MSA and this AUP.

If you believe someone else has violated this AUP, please report the violation to Boulevard by emailing support@blvd.co.

APPENDIX 1 ACKNOWLEDGMENT OF HEALTHCARE COMPLIANCE

1. Introduction & Acceptance

This Acknowledgment of Healthcare Compliance (“Acknowledgment”) confirms that Customer complies with all applicable laws, regulations, and Boulevard policies while using our Boulevard Services, including our Approved Health Fields and other Healthcare related Services. This Acknowledgment is incorporated into and made part of this AUP.

2. Acknowledgment of Acceptable Use Policy, Prohibited Services, and Transactions

Customer certifies that it has reviewed, understood, and agrees to comply with Boulevard’s Acceptable Use Policy, including restrictions specific to Healthcare Services and Payment Processing. Customer agrees to offer only those services that are (i) permitted by applicable law and (ii) not prohibited by Boulevard’s AUP.

3. Compliance with Applicable Law

Customer agrees to comply with all federal, state, and local laws and regulations applicable to its operations, including but not limited to:

  • Healthcare licensure and practice 

  • HIPAA and general data privacy 

  • Anti-spam and marketing (TCPA, CAN-SPAM, CASL)

  • Telehealth or telemedicine 

  • Prescribing (including controlled substances)

  • Payment processing (PCI DSS and the Network Rules)

  • Consumer protection 

4. Corporate & Ownership Compliance

Customer certifies that:

  • It is properly formed in accordance with state-specific requirements, including rules governing professional service corporations (PCs/PAs) and professional limited liability companies (PLLCs);

  • Where required, it is owned and controlled by licensed physicians or other legally qualified professionals in accordance with Corporate Practice of Medicine (CPOM) or other relevant scope of practice laws in Customer’s state(s) of operation; and

  • It will provide documentation upon request to validate compliance with the above, including a Certificate of Incorporation or Formation, Shareholder/Operating Agreement, and/or MSO-PC documentation, as applicable.

5. Facility and Equipment Licensure & Business Registration

Customer affirms that:

  • It has obtained facility-level licensure, where required in its state(s) of operation, and the facility and property are constructed and maintained to ensure all services can be provided safely and in accordance with applicable laws and professional standards;

  • All equipment is maintained in accordance with the manufacturer’s instructions and specifications;

  • It is registered and in good standing with all applicable corporate and health regulatory bodies, as applicable; and

  • Its public website and all public-facing advertising accurately and completely reflect the business’s legal status and service offerings.

6. Professional Licensure & Staffing Compliance

Customer certifies that:

  • Where required, all services are performed and/or supervised by individuals holding valid, active licenses or certificates acting within their scope of practice, in accordance with applicable laws;

  • It will provide proof of licensure or certification and any reasonably relevant supporting documentation to validate compliance with the foregoing;

  • The scope of practice for all personnel (MDs, NPs, RNs, CNAs, Medical Assistants, Aestheticians) is consistent with:

    • State-specific delegation rules,

    • Required supervision levels (e.g., on-site vs. on-call), 

    • Training, licensing, registration, and credentialing obligations; and

  • Staffing levels are appropriate and compliant based on the Customer’s customer needs and for the services offered.

7. Telehealth & Teleprescribing Compliance

Customer affirms that:

  • Telehealth services are provided only where authorized under state law, by properly licensed practitioners; and 

  • It complies with:

    • Telehealth-specific licensure, technology, consent, disclosure, and all other applicable regulatory requirements;

    • Tele-prescribing regulations, including for controlled substances by, as applicable, requiring in-person examinations, establishing a bona fide prescriber-patient relationship, and otherwise complying with state and federal laws and regulations and the applicable standard of care;

    • Drug Enforcement Agency and state registration requirements, if applicable.

    • The Ryan Haight Online Pharmacy Consumer Protection Act and all applicable DEA requirements governing online prescribing of controlled substances, including any requirement of a prior in-person medical evaluation before a controlled substance may be prescribed via telemedicine, unless Customer has obtained and maintains a valid DEA special registration or other applicable exemption authorizing telemedicine prescribing of controlled substances without an in-person evaluation.

8. Privacy, Security & PHI/Data Compliance

Customer affirms that it will:

  • Comply with HIPAA (where applicable), state-specific health data privacy laws, and consumer data protection laws;

  • Encrypt all Protected Health Information (PHI) and sensitive data at rest and in transit;

  • Maintain Business Associate Agreements (BAAs) with all business associates (e.g., vendors with access to PHI) (where applicable) or otherwise take steps to ensure vendors, employees and contractors protect sensitive information;

  • Conduct regular security risk assessments;

  • Make medical records available to patients as required by applicable state and federal laws and regulations; 

  • Follow all applicable state retention requirements for medical or client record; and

  • Not store or process PCI-regulated data or Sensitive health or financial data outside the scope expressly permitted under the MSA, BAA, DPA, the Payment Processing Terms, and this AUP.

9. Adequate Insurance 

Customer certifies that it:

  • Maintains professional liability (malpractice) insurance, general liability insurance, and other customary policies with coverage limits customary for the scope of services offered, and will furnish certificates of insurance to Boulevard upon request;

  • Where required and appropriate, maintain medical director liability coverage and tail coverage for departing providers

10. Standard of Care and Consent

Customer attests that it:

  • Will deliver all services in accordance with the prevailing standard of care for similarly situated professional practices, adhere to evidence‑based guidelines, and maintain and follow current policies and procedures to promote patient safety and quality of care; and

  • Will provide a written consent to each patient that, as applicable:

    • States the patient has authority to consent and agrees to the treatment or procedure;

    • States the procedure is elective/off‑label,

    • Enumerates known and potential risks and that the patient understands and agrees to those risks,

    • Summarizes the strength of supporting evidence, 

    • Lists reasonable alternatives,

    • Includes an acknowledgement by the patient that they have been provided an opportunity to ask questions, and

    • When applicable, a service will be provided by a designated Advanced Practice Registered Nurse (APRN) or Physician Assistant (PA) .

    • Obtain parental or legal guardian consent, as required by applicable state and federal law, before providing any service to a minor, and maintain written documentation of such consent in the patient record.

  • Patient Transition Obligations. In the event of any suspension, termination, or winding-down of Customer’s use of Boulevard Services, Customer shall take all steps required under applicable law to ensure an orderly transition of patient care, including: providing patients with timely written notice; arranging for continuity of care or appropriate referral to another qualified provider; and making all patient records available for transfer upon patient request. Customer shall not engage in any conduct that constitutes unlawful abandonment of patients under applicable state medical practice standards.

11.  Marketing of Services

Customer affirms that all advertising and promotional content will comply with applicable federal and state UDAP laws, including FTC regulations, FDA rules, and guidance applicable to health-related claims and testimonials. This includes but is not limited to:

  • Avoiding disease‑treatment, cure, or structure/function claims unless specifically cleared or approved by the FDA;

  • Including a plain‑language disclaimer such as “This therapy is not FDA‑approved to diagnose, treat, cure, or prevent any disease,” where applicable;

  • Depicting typical - not exceptional - outcomes and identifying any image alteration;

  • Disclosing material risks, total costs, and the credentials of the supervising licensed prescriber;

  • Backing any comparative or superiority statements with verifiable data; and

  • Clearly indicating if testimonials reflect compensated or discounted experiences.

12. Controlled Substances 

Customer affirms that when the practice administers controlled substances it shall comply with all applicable state and federal laws and regulations governing controlled substances, including without limitation DEA registration, recordkeeping, storage, dispensing, and reporting requirements.

12.1 Substance and Therapy Compliance Attestation. 

Customer represents, warrants, and attests on a continuing basis that: (a) all substances, therapies, procedures, and treatments processed or sold through or in connection with the Boulevard Services are (i) approved by the U.S. Food and Drug Administration for the specific use offered or administered, or (ii) otherwise authorized for clinical use under a recognized and lawful regulatory pathway, including applicable compounding regulations under Sections 503A or 503B of the Federal Food, Drug, and Cosmetic Act; (b) no substance, therapy, procedure, or treatment offered or administered by Customer is listed on Boulevard's Healthcare Prohibited Services Documentation; and (c) the fact that a substance bears a "research use only," "for provider use only," or similar label does not, and shall not be construed to, satisfy any regulatory or compliance requirement under this Acknowledgment or applicable law. Customer agrees to promptly notify Boulevard in writing if any substance, therapy, or treatment offered by Customer becomes the subject of an FDA warning letter, import alert, state regulatory action, or similar enforcement action.

13. Injection Therapy & Device Safety

Customer affirms that when the practice’s treatments include injections or the use of medical devices, it shall comply with all applicable state and federal laws, regulations, and professional standards governing such services.

14. Ongoing Duty to Notify Boulevard, Monitoring & Enforcement

Customer agrees to notify Boulevard’s Customer Support team in writing via email:

  • Immediately, if:

    • Any licensure, certification, or registration required under this Acknowledgment lapses, is revoked, or becomes invalid; or

    • There is an investigation, enforcement action, or disciplinary proceeding initiated by governing bodies;

  • Within ten (10) business days, if:

    • Any representation made in this Acknowledgment of Compliance becomes false or materially inaccurate,

    • The ownership structure or business model changes in a way that may affect compliance, or

    • Customer adds additional services not already disclosed to Boulevard

Customer acknowledges that Boulevard may conduct onboarding and periodic reviews to verify compliance. Boulevard may request documentation, investigate violations, and take enforcement action as needed, including suspending or terminating Services.

Failure to provide timely notice may result in suspension or termination of Services.

15. Reliance by Boulevard

Customer acknowledges that:

  • Boulevard’s decision to provide its Services is expressly conditioned on, and in reasonable, justifiable reliance upon, the accuracy and completeness of the representations and warranties in this Acknowledgment; without which, Boulevard would not agree to provide Services to Customer.

  • Any inaccuracy or breach of those representations will constitute a material breach of the Agreement and result in the immediate suspension or termination of Services.

16. Additional Limitation of Liability & Indemnification

16.1 Healthcare-Specific Indemnification. In addition to, and without limiting, any indemnification obligations under the MSA, Customer shall defend, indemnify, and hold harmless Boulevard, its affiliates, and their respective officers, directors, employees, agents, successors, and assigns (collectively, "Boulevard Parties") from and against any and all claims, demands, suits, proceedings, losses, liabilities, damages, fines, penalties, costs, and expenses (including reasonable attorneys' fees and costs of investigation) (collectively, "Healthcare Claims") arising out of or relating to:

(a) any act or omission of Customer or its personnel (including contractors, agents, or staffing) in connection with the delivery of healthcare, aesthetic, wellness, or any other services to any patient, client, or third party;

(b) Customer's provision of, offering of, or attempt to provide, any service, product, substance, procedure, or transaction that is restricted or prohibited under Boulevard's Acceptable Use Policy, this Acknowledgment, Boulevard's Documentation, or any other applicable Boulevard policy, or that otherwise constitutes a violation of Boulevard's Acceptable Use Policy, as each may be updated from time to time;

(c) any actual or alleged violation of: (i) HIPAA, HITECH, or any applicable state health data privacy or security law; (ii) DEA regulations or the Ryan Haight Act; (iii) any federal or state healthcare licensure, prescribing, or practice law or regulation; (iv) the Corporate Practice of Medicine doctrine; (v) any telehealth or telemedicine law or regulation; or (vi) any other applicable federal, state, or local law, regulation, or professional standard referenced in this Acknowledgment;

(d) any claim by a patient, client, or third party relating to professional malpractice, negligence, injury, adverse outcome, or unauthorized disclosure of protected health information arising from Customer's operations;

(e) any investigation, enforcement action, disciplinary proceeding, or penalty imposed by any governmental authority, regulatory body, professional board, or licensing authority in connection with Customer's operations; or

(f) any inaccuracy in, or breach of, any representation, warranty, certification, or obligation made by Customer in this Acknowledgment.

16.2 Uncapped Indemnification. Notwithstanding any limitation of liability set forth in the MSA or any other agreement between the parties, Customer's indemnification obligations under Section 16.1 shall be uncapped and shall not be subject to any maximum liability limit, including any aggregate liability cap set forth in the MSA. The parties acknowledge that the nature of healthcare services creates risks of patient harm, regulatory liability, and third-party claims that cannot reasonably be limited, and that Boulevard's willingness to provide Services to Customer is expressly conditioned upon this uncapped obligation.

16.3 Indemnification Procedure. Boulevard shall: (a) provide Customer with prompt written notice of any Healthcare Claim (provided that failure to provide timely notice shall not relieve Customer of its indemnification obligations except to the extent Customer is materially prejudiced by such failure); (b) grant Customer sole control over the defense and settlement of such Healthcare Claim, subject to Boulevard's right to approve any settlement that imposes obligations or restrictions on Boulevard or does not include a full and unconditional release of the Boulevard Parties; and (c) provide reasonable cooperation in the defense of such Healthcare Claim at Customer's expense. Boulevard reserves the right to retain its own counsel at its own expense and to participate in the defense of any Healthcare Claim.

16.4 Additional Limitation of Boulevard's Liability.

(a) No Healthcare Outcome Liability. Boulevard provides scheduling, booking, payment processing, and related business software services only. Boulevard is not a healthcare provider, does not practice medicine, and does not direct, supervise, or control Customer's clinical decisions, treatments, prescriptions, or patient care. Accordingly, Boulevard shall have no liability whatsoever for any clinical outcomes, adverse events, patient harm, malpractice claims, or regulatory violations arising from Customer's delivery of healthcare or related services, regardless of the theory of liability and including any claim that Boulevard had notice of Customer's operations or practices.

(b) Exclusion of Consequential Damages. To the maximum extent permitted by applicable law, and in addition to any limitation of liability set forth in the MSA, Boulevard shall not be liable to Customer for any loss of revenue, loss of profits, loss of data, loss of goodwill, business interruption, or any indirect, incidental, special, punitive, exemplary, or consequential damages arising out of or in connection with: (i) any suspension or termination of Services due to Customer's failure to comply with this Acknowledgment; (ii) any action taken by Boulevard pursuant to its enforcement rights under Section 14; or (iii) any regulatory action, investigation, or enforcement against Customer by a governmental or professional authority.

(c) No Compliance Reliance. Boulevard makes no representation or warranty that use of the Boulevard Services will result in Customer's compliance with HIPAA, DEA regulations, applicable state healthcare laws, or any other regulatory requirement. Customer is solely responsible for ensuring compliance with all applicable laws and regulations. No review, approval, or acknowledgment by Boulevard of any Customer documentation, workflow, or use case shall be construed as legal, medical, or regulatory advice or as a determination of regulatory compliance.

16.5 Relationship to MSA. The provisions of this Section 16 are supplemental to and shall be read in conjunction with the indemnification and limitation of liability provisions of the MSA. In the event of any conflict between this Section 16 and the MSA with respect to Healthcare Claims arising from Customer's healthcare-related operations, this Section 16 shall govern and shall be deemed to impose additional or stricter obligations on Customer, without limiting Boulevard's rights or remedies under the MSA. For the avoidance of doubt, Boulevard retains all rights and remedies available under the MSA in addition to those set forth herein.

16.6 Survival. The obligations set forth in this Section 16 shall survive the expiration or termination of the MSA, this Acknowledgment, and any other agreement between the parties.

Acceptable Use Policy (OLD VERSION 2025)‎
Acceptable Use Policy (OLD VERSION 2023)