Terms & Conditions

1.1 Scope and Application

These Terms & Conditions ("Terms") apply to all services ("Services") provided by SYNAP LLC, including but not limited to our Flask-powered applications, APIs, websites ( https://synap.cloud and https://medipass.care), Google integrations, and any related mobile or third-party services. By accessing or using any part of the Services, you agree to comply with and be bound by these Terms, as well as all applicable local, state, and federal laws and regulations, including but not limited to the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA).

If you do not agree with these Terms, you must not use our Services. Your continued use of our Services constitutes your acceptance of any updates to these Terms, which may be amended from time to time to remain compliant with evolving legal requirements.

The Services are specifically designed for cannabis retailers and individuals who meet the legal requirements to engage in medical cannabis use as defined under California law. By using the Services, you represent and warrant that:

• You are at least 18 years old or the age of majority in your jurisdiction, whichever is higher.
• You are a valid medical cannabis patient or an authorized entity under California law.
• You are at least 18 years old or the age of majority in your jurisdiction, whichever is higher
• All information you provide to us, including any medical recommendations, is truthful, accurate, and complies with applicable legal standards.

Use of the Services to access, store, or transmit medical information, including cannabis recommendations, is subject to stringent data security and privacy protocols. Users acknowledge and agree that SYNAP LLC implements appropriate administrative, technical, and physical safeguards to protect user data in compliance with California's data protection laws and regulations. However, users are solely responsible for ensuring that their use of the Services aligns with all applicable laws and professional obligations.

1.2 Changes to These Terms

We may update these Terms periodically to reflect changes in our Services, practices, or applicable laws, including California-specific statutes. The most current version will be posted on our website. We will provide notice of material changes as required by law. Your continued use of the Services after such changes take effect constitutes your acceptance of the revised Terms.

2.1 Allowed File Types

You may only upload the following file types through our Services:

• png
• jpg / jpeg
• gif
• txt

By uploading files, you represent and warrant that:

• The files comply with all applicable laws, including but not limited to California data privacy and security laws.
• The files do not contain sensitive personal information beyond what is necessary for the intended use of our Services, such as medical recommendations or patient IDs.
• You have the legal right and necessary consent to upload any file containing personal or medical information, as required by California law.

We implement technical and administrative safeguards to secure uploaded files against unauthorized access, disclosure, or alteration. However, you are responsible for ensuring that uploaded files do not violate the intellectual property rights of any third party or contain malware or other harmful content.

2.2 Rate Limiting

To ensure stable performance, we enforce the following API request limits:

• Up to 10000 requests per day per IP address
• Up to 1000 requests per hour per IP address

Attempts to circumvent these limits may result in suspension or termination of your account.

2.3 Session Duration

Our Flask applications utilize session cookies and JWT tokens with a default expiration of 1 hour. After 1 hour, you may be required to log in again or refresh your token, depending on your session configuration.

2.4 JWT Implementation

We use JSON Web Tokens (JWT) for user authentication to ensure secure access to our Services. Our JWT implementation includes the following features and safeguards to comply with applicable laws, including California data privacy regulations:

1. Secure Storage and Transmission:

• Tokens are stored in secure, HTTP-only cookies to mitigate risks of unauthorized access.
• All token transmissions are protected using HTTPS to prevent interception or unauthorized disclosure.

2. CSRF Protection:

• Tokens are combined with Cross-Site Request Forgery (CSRF) protection to prevent unauthorized actions on behalf of authenticated users.

3. Token Expiration and Management:

• Access Tokens: Expire after 1 hour to minimize security risks from token misuse.
• Refresh Tokens: May be issued to extend session duration, subject to secure handling practices.
• Tokens are automatically invalidated upon logout, session revocation, or account changes.

4. User Rights and Transparency:

• Users have the right to request information about how their authentication data is used in accordance with California laws such as the CCPA and CPRA.

By using our Services, you consent to the use of JWTs as outlined above. You are responsible for safeguarding your account credentials to ensure secure access to your account.

2.5 Role-Based Access Control

We implement a least-privilege, role-based access control (RBAC) system. Only authorized roles can modify sensitive data or access admin functionality.

3.1 Google Drive Integration

We offer optional file storage via Google Drive. By linking your Google account, you grant us permission to upload, download, and manage files in your specified Drive folder.

3.2 Google Vision API

We utilize Google Vision API for document scanning and OCR (Optical Character Recognition). Document images are encrypted in transit, processed via the Vision API, and handled according to our Privacy Policy.

3.3 Redis Session Management

Our Services rely on Redis for session and token storage, including blacklisted tokens. Redis stores only the necessary session identifiers and token data needed to confirm valid sessions.

3.4 OAuth2 Authentication

We use OAuth2 for user authentication, enabling logins via external providers (e.g., Google). When you use OAuth2, you are subject to the external provider's terms in addition to ours.

Google User Data Collection and Usage:

• Data We Collect: When you authorize our application through Google OAuth, we collect:
  • Email address: Used for account identification and authentication
  • Profile picture: Used for account personalization within our platform
  • Name: Used to personalize your experience within our application
  • Google Drive files: Only specific files within the application folder that you explicitly authorize
• How Data is Used:
  • Email and profile information: Used solely for account verification, identity confirmation, and personalized user experience
  • Drive files: Used exclusively for storing and retrieving your medical recommendation documents securely at your request
  • Authentication tokens: Used to maintain secure access to your account and authorized Google services
• Data Storage:
  • Your Google authentication tokens are stored encrypted in our secure database
  • Your basic profile information is stored in our application database and encrypted at rest
  • Document files may be stored in your Google Drive (if you enable this feature) or on our encrypted servers
  • All stored data is retained only for the duration of your active account plus 30 days after deletion request
• No Selling or Sharing:
  • We never sell your Google user data to any third parties
  • We never share your Google user data with third parties except as strictly necessary to provide our services
  • We never use your Google user data for advertising or marketing purposes
  • All use of Google user data complies with Google's API Services User Data Policy and its Limited Use requirements

3.5 Google Account Access & Revocation Rights

Our Services offer optional integration with your Google account to enable features such as:

• User authentication (OAuth 2.0 login)
• Uploading, downloading, and managing files in a user-selected Google Drive folder
• Optical Character Recognition (OCR) using the Google Vision API

When you connect your Google account to our Services, we request only the minimum necessary scopes to deliver these features. This may include access to:

• Your basic profile information (name, email, profile picture)
• File metadata and contents within the specific Google Drive folder you select

You may revoke access to your Google account at any time by visiting:
https://myaccount.google.com/permissions

At this URL, you can:

• View all third-party apps with access to your Google Account
• Revoke access to any app, including MediPass or SYNAP LLC integrations
• Prevent future access to any Google data

When access is revoked:

• We will no longer be able to read or write data from your Google Drive.
• You may lose access to integrated features that depend on your Google account.

Upon account deletion or revocation, any stored tokens or session data linked to your Google account will be permanently deleted from our systems within 30 days, unless retention is required by law.

We do not retain any additional Google user data beyond what is strictly necessary for the services you authorize. Data accessed through Google APIs is never shared with third parties or used for advertising purposes, in accordance with the Google API Services User Data Policy, including its Limited Use requirements.

If you have questions about how your Google data is used, stored, or deleted, please contact us at: support@medipass.care

3.6 Third-Party Links and Content

Our Services may contain links to third-party websites or services that are not owned or controlled by SYNAP LLC. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. You further acknowledge and agree that SYNAP LLC shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such websites or services.

We strongly advise you to read the terms and conditions and privacy policies of any third-party websites or services that you visit or interact with through our Services.

4.1 Flask-Powered Applications

Our core Services run on a Flask framework, enabling user login, session handling, file uploads, membership management, and integration with external APIs.

4.2 Cannabis Recommendation Management

We provide tools for storing and verifying cannabis recommendations. SYNAP LLC does not provide medical advice. The features provided by our site only facilitate document handling. Always consult a licensed professional for actual medical advice.

4.3 Membership and Fee Processing

Certain users, such as store clients, may have membership plans or service fees. By registering under such a plan, you agree to pay any applicable fees disclosed during signup or invoicing. Further information on Subscription & Billing can be found in Section 8 of this Terms & Conditions.

4.4 Service Level Commitments

While we strive to maintain high availability of our Services, we do not provide specific uptime guarantees. Our Services may be subject to occasional maintenance or updates, which we will attempt to schedule during periods of low usage when possible. We reserve the right to perform emergency maintenance without prior notice when necessary to protect the security, stability, or functionality of our Services.

In the event of planned maintenance that may cause significant service disruption, we will make reasonable efforts to notify affected users in advance via email or in-app notifications. However, we make no warranties regarding the continuous, uninterrupted, or error-free operation of our Services.

To access complete features of the Medi+/MediPass platform, you may be required to create an account and provide accurate, current, and complete information during the registration process.

You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. You agree to notify us immediately at support@medipass.care if you suspect any unauthorized access, use of your account, or any other breach of security.

You may not create an account using false information or impersonate another person/entity.

We reserve the right to suspend or terminate any account if we believe these Terms have been violated, false or misleading information has been provided, or the platform is being misused.

You agree not to use our Services to engage in unlawful or harmful activities, including but not limited to the following:

Uploading Malicious Files or Code:

Prohibited under California Penal Code § 502, uploading malware, viruses, or malicious code to compromise systems or data is strictly forbidden.

Harassing Other Users or Distributing Spam:

Harassment, stalking, or distributing unsolicited messages (spam) violates California's Online Privacy Protection Act (CalOPPA) and anti-spam laws such as the California Business and Professions Code § 17529.5.

Bypassing Security Controls or Rate Limits

Circumventing security measures, rate limits, or access restrictions is considered unauthorized access and is punishable under California Penal Code § 502.

Violating Intellectual Property Rights

Uploading, sharing, or distributing content that infringes on copyrights, trademarks, or other intellectual property rights is a violation of both federal and California state intellectual property laws.

Storing or Distributing Content Related to Minors if Under 18 (See Section 9)

Any activity involving the exploitation, endangerment, or unauthorized handling of minors' data is prohibited under California laws, including the California Consumer Privacy Act (CCPA).

We reserve the right to suspend or terminate accounts that violate these Terms.

We employ technical and organizational measures (e.g., encryption, WAF, DDoS protection) to protect data. Full details can be found in our Privacy Policy. By using our Services, you agree to the data practices outlined therein.

7.1 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you in accordance with applicable laws and as described in our Privacy Policy. This includes timely notification about the nature of the breach, the information affected, and steps you can take to protect yourself. For complete information on our data breach notification procedures, please refer to Section 9 of our Privacy Policy.

For Retail Clients:

• Retail clients are billed on a recurring basis, either monthly or annually, depending on the agreed-upon term length at the time of service initiation. Pricing is based on the number of locations the client chooses to activate and may vary accordingly.
• We offer a 7-day free trial upon request, available to new retail clients. Activation of the full platform beyond the trial period requires successful payment.
• Payment must be received and successfully processed prior to complete account activation. If a payment attempt fails or is declined, the retail client's account will remain inactive and inaccessible to features until payment information is updated and processed successfully.
• Clients may update their billing details including canceling subscription by navigating to: Settings > Billing & Subscription > Update Payment Method on https://medipass.care/+.

If you have any concerns or disputes regarding our services, we encourage you to first contact us at support@medipass.care to attempt to resolve the issue informally and in good faith.

For Users:

• Access to MediPass is completely free for users.
• To begin using the service, users simply need to register an account at: https://medipass.care/pass
• No payment is required from individual users for creating or maintaining an account.

Our Services are not intended for individuals under the age of 18, in compliance with applicable laws, including the California Consumer Privacy Act (CCPA) and the Children's Online Privacy Protection Act (COPPA).

Prohibition on Use by Minors

Individuals under 18 are prohibited from using our Services. Any accounts found to be associated with minors will be terminated immediately.

Data Collection Practices

We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a minor, we will take the following actions:

• Delete the Information: All data associated with the minor will be permanently removed from our systems.
• Notify Parents/Guardians: If feasible, we will inform the minor's parent or legal guardian about the data breach.
• Terminate the Account: The minor's account will be disabled and removed to prevent further access to our Services.

Reporting Violations

If you believe a minor has provided personal information through our Services, please contact us immediately support@medipass.care, so we can address the issue in compliance with California privacy laws.

Privacy

By using our services, you acknowledge and agree that your personal information may be collected, used, and shared in accordance with our Privacy Policy. We are committed to protecting your data and complying with applicable privacy laws, including the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Users have the right to request the deletion of their personal information. You may delete your account at any time by navigating to Settings > Info > Delete Account on https://medipass.care/pass, or submit a data deletion request by emailing us at support@medipass.care.

Users who have linked their Google Account may revoke access at any time via https://myaccount.google.com/permissions. For full details, see Section 3.5.

Data Retention & Deletion

For full information on how we store, retain, and delete user dataincluding any information received from Google integrationsplease refer to our Privacy Policy.

11.1 Our Intellectual Property

The Services and their original content (excluding content provided by users), features, and functionality are and will remain the exclusive property of SYNAP LLC and its licensors. The Services are protected by copyright, trademark, and other laws of both the United States and foreign countries. Our trademarks and trade dress may not be used in connection with any product or service without the prior written consent of SYNAP LLC.

11.2 User-Generated Content

By uploading, sharing, submitting, or otherwise making available any content through our Services, you grant SYNAP LLC a non-exclusive, royalty-free, transferable, sublicensable, worldwide license to use, copy, modify, create derivative works based on, distribute, publicly display, publicly perform, and otherwise exploit such content in connection with the Services and SYNAP LLC's business, including for promoting and redistributing part or all of the Services.

You represent and warrant that: (i) you own the content or have the right to use it and grant us the rights and license as provided in these Terms, and (ii) the posting of your content does not violate the privacy rights, publicity rights, copyrights, contractual rights, intellectual property rights, or any other rights of any person.

11.3 Copyright Infringement

If you believe that any content on our Services infringes upon your copyright, please contact us at support@medipass.care with the following information:

• An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright interest
• A description of the copyrighted work that you claim has been infringed
• A description of where the material that you claim is infringing is located on our Services
• Your contact information, including address, telephone number, and email address
• A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright owner, its agent, or the law
• A statement by you, made under penalty of perjury, that the above information in your notice is accurate and that you are the copyright owner or authorized to act on the copyright owner's behalf

You agree to defend, indemnify, and hold harmless SYNAP LLC, its affiliates, licensors, and service providers, and its and their respective officers, directors, employees, contractors, agents, licensors, suppliers, successors, and assigns from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to:

• Your violation of these Terms
• Your use of the Services, including, but not limited to, any content submitted, uploaded, or otherwise made available by you or other users of your account
• Any violation of applicable laws, regulations, or third-party rights in connection with your use of the Services
• Any misrepresentation made by you
• Your unauthorized use of materials obtained through the Services

We reserve the right, at your expense, to assume the exclusive defense and control of any matter for which you are required to indemnify us, and you agree to cooperate with our defense of these claims. You agree not to settle any such matter without our prior written consent. We will use reasonable efforts to notify you of any such claim, action, or proceeding upon becoming aware of it.

Neither party shall be liable for any failure or delay in performance under these Terms (except for payment obligations) due to circumstances beyond their reasonable control, including acts of God, natural disasters such as earthquakes or wildfires, government actions or regulatory changes, warfare, civil unrest, public health emergencies, or infrastructure failures such as power outages or cyberattacks. Both parties agree to make reasonable efforts to mitigate the impact of such events and resume performance as soon as practicable. This clause does not excuse liability for obligations that could have been reasonably avoided or mitigated.

By using our Services, you consent to receive electronic communications from us (e.g., emails, texts, in-app messages). These satisfy any legal requirement that communications be in writing, unless otherwise required by law.

14.1 Formal Notices

Any formal notices required under these Terms shall be in writing and delivered either:

• By email to support@medipass.care (for notices to SYNAP LLC)
• By email to the email address you provided during registration (for notices to you)
• By certified mail, return receipt requested, to SYNAP LLC at 13809 Calle Bueno Ganar, Jamul, California 91935 (for notices to SYNAP LLC)
• By certified mail to the mailing address you provided during registration (for notices to you)

Notices sent by email shall be deemed received when the recipient acknowledges receipt, either by automated response or manual reply. Notices sent by certified mail shall be deemed received five (5) business days after mailing.

We welcome your suggestions, feedback, or other communications about our Services. You grant us a non-exclusive, worldwide, royalty-free license to use, modify, and incorporate your feedback without obligation to you. To deliver feedback on our site please reach out to us via email at support@medipass.care

Disclaimer:

Our Services are provided "as is" and "as available." We disclaim all warranties, express or implied, including warranties of merchantability or fitness for a particular purpose. We do not guarantee third-party services or data accuracy (e.g., Google Drive, Google Vision API, Redis).

Limitation of Liability:

To the maximum extent permitted by applicable law, SYNAP LLC, its affiliates, officers, employees, agents, and licensors shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to lost profits, data loss, or business interruption, arising from or related to your use of our Services, even if we have been advised of the possibility of such damages.

SYNAP LLC does not warrant that the Services will be uninterrupted, error-free, secure, or free of harmful components, or that any content provided through the Services is accurate or reliable.

Users are solely responsible for ensuring their compliance with all applicable laws and regulations when using our Services, including but not limited to California's privacy and cannabis-related laws. We disclaim all liability for third-party services, integrations, or content you access through our Services.

This limitation of liability applies to the fullest extent permitted by law and survives termination of your use of the Services.

We may modify, update, or discontinue portions of our Services at any time without liability. We will provide notice if these changes significantly affect your use.

Your account remains in effect until terminated by either party. We may suspend or terminate your account if you breach these Terms, violate our Acceptable Use policy, or engage in illegal activity.

Upon termination, all associated tokens and sessions may be invalidated. Any data retained thereafter is handled according to our Privacy Policy.

19.1 Governing Law

These Terms are governed by the laws of the State of California, U.S.A., without regard to conflict-of-law principles.

19.2 Dispute Resolution

Any dispute, controversy, or claim arising out of or relating to these Terms, including the formation, interpretation, breach, or termination thereof, shall be resolved as follows:

a. Informal Resolution

Before initiating any formal legal proceeding, you agree to first contact us at support@medipass.care and attempt to resolve the dispute informally. We will make a good faith effort to resolve any dispute through negotiation within thirty (30) days from the date such dispute is reported.

b. Binding Arbitration

If the dispute cannot be resolved through informal means, you and SYNAP LLC agree to resolve any dispute through binding arbitration administered by the American Arbitration Association ("AAA") in accordance with its Commercial Arbitration Rules. The arbitration shall be conducted in San Diego County, California.

c. Exceptions

Notwithstanding the foregoing, either party may seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights pending the completion of arbitration.

d. Class Action Waiver

You agree to resolve any disputes with SYNAP LLC on an individual basis, and hereby waive your right to participate in any class action lawsuit, class-wide arbitration, or consolidated proceedings against SYNAP LLC.

e. Small Claims Court

Notwithstanding the above, either you or SYNAP LLC may bring an individual action in small claims court in San Diego County, California.

You may not assign or transfer these Terms or your rights and obligations under these Terms, in whole or in part, by operation of law or otherwise, without our prior written consent. Any attempt to assign or transfer these Terms without such consent will be null and void.

SYNAP LLC may assign these Terms in whole or in part to any person or entity at any time with or without your consent. If SYNAP LLC assigns these Terms, we will post a notice on our website or otherwise notify you of the assignment, and the assignee will assume all rights and obligations under these Terms, and we will be relieved of all such obligations.

These Terms (including the Privacy Policy and any other documents incorporated by reference) constitute the entire agreement between you and SYNAP LLC regarding the Services and supersede all prior and contemporaneous agreements, proposals, or representations, written or oral, concerning the subject matter of these Terms.

No modification, amendment, or waiver of any provision of these Terms will be effective unless in writing and signed by the party against whom the modification, amendment, or waiver is to be asserted. No failure or delay by either party in exercising any right under these Terms shall constitute a waiver of that right.

The following provisions of these Terms will survive termination or expiration of these Terms: Intellectual Property Rights (Section 11), Indemnification (Section 12), Limitation of Liability & Disclaimer (Section 16), Governing Law and Dispute Resolution (Section 19), and any other provision that, by its nature, would reasonably be expected to survive termination or expiration.

If any provision of these Terms is found to be invalid or unenforceable, that provision shall be severed, and the remaining provisions will remain in full force and effect. Our failure to enforce any right or provision does not constitute a waiver of that right or provision.

The section titles in these Terms are for convenience only and have no legal or contractual effect. These Terms operate to the fullest extent permissible by law. These Terms are not intended to and do not create any third-party beneficiary rights.