Acceptable Use Policy

The following shall apply to and govern your use of SalesMessage, Inc (“Salesmsg”)’s Services (“Services”). The Services may not be used in any manner that: (i) is illegal; (ii) is non-compliant with accepted industry best practice guidelines, (iii) disrupts or damages any of Salesmsg's computer systems or network or other parties’ computer systems and networks, or (iv) violates any person’s rights. If you do not agree to this Policy, do not use Salesmsg Services.

Salesmsg in its sole discretion shall determine whether there has been a violation of this Policy. Salesmsg may amend this Policy from time to time.

The following list of provides examples of prohibited uses. The list is provided by way of example and should not be considered exhaustive.

Prohibited uses include use of the Salesmsg Services to:

• Engage in any messaging in violation of any relevant laws or regulations (which may include and are not limited to, the Telephone Consumer Protection Act and the Do Not Call provisions of the Telemarketing Sales Rule)
• ​Engage in any messaging that is offensive, obscene, libelous, defamatory, fraudulent, abusive, or contains tortious material.
  
• ​Engage in messaging that is unsuitable for minors.
  
• ​Engage in messaging that promotes, incites or instructs on criminal matters.
  
• ​Engage in messaging that is false, misleading or deceptive, or likely to mislead or deceive. This includes any communication that may misrepresent a healthcare purpose or improperly request health related data.
  
• ​Engage in messaging that infringes the intellectual property rights or other rights of a third party. Customers must not transmit PHI through third-party integrations, APIs, or connected platforms unless those systems are HIPAA-compliant and explicitly approved under a BAA.
  
• ​Engage in messaging that is otherwise unlawful.
• Transmit or store Protected Health Information (PHI) unless a Business Associate Agreement (BAA) is in place with Salesmsg.
• Use Salesmsg Services to send PHI-related messages that violate HIPAA requirements, including unauthorized disclosures, marketing communications involving PHI, or failure to apply minimum necessary standards.
  

In addition, you will honor immediately any requests to opt-out or stop further messaging (e.g., any “STOP” messages), and desist from sending any further message following receipt of any such opt-out or stop request. For health related communications, you must honor patient communication preferences and maintain HIPAA-compliant processes for revocation of authorization.

Salesmsg maintains robust controls and processes aligned with the AICPA Trust Services Criteria for Security. We are in the process of completing SOC 2 Type II compliance. These attestations reflect our ongoing commitment to safeguarding customer data and maintaining secure operations.

For more details about our security practices and compliance posture, please visit our Trust Center.

Violation of this Policy may result in termination or suspension of all services provided by Salesmsg and may also result in civil, criminal, or administrative liability or penalties against the client and those assisting the client. Salesmsg may immediately suspend or terminate services if PHI is used without a valid BAA or if HIPAA violations are suspected.

Any failure to enforce this Policy does not amount to a waiver of Salesmsg's rights.

HIPAA Compliance & Use of Protected Health Information (PHI)

HIPAA Compliance & Handling of PHI
If you are a Covered Entity or Business Associate subject to HIPAA, or you transmit, store, or process Protected Health Information (“PHI”) using the Salesmsg Services, you must have a valid Business Associate Agreement (BAA) executed with Salesmsg prior to using the Services for PHI.

You agree not to transmit, store, or process PHI through the Services unless a BAA is in place. If no BAA exists, the use of PHI within the Services is strictly prohibited.

Permitted Uses of PHI
If a BAA is in place, you may only use the Services to transmit or process PHI in accordance with:

• HIPAA Privacy, Security, and Breach Notification Rules
• The “minimum necessary” standard
• The permitted uses and disclosures defined in your BAA

You are responsible for ensuring that any PHI you submit or transmit is compliant with HIPAA requirements.

Prohibited PHI-Related Uses
Regardless of whether a BAA is in place, the following activities are strictly prohibited when involving PHI:

• Using PHI for marketing or promotional messaging
• Sending PHI to unauthorized individuals
• Transmitting PHI through unapproved integrations or third-party applications
• Storing PHI in message templates or automated campaigns unless secured and allowed under the BAA
• Uploading PHI belonging to minors without appropriate consent
• Using PHI for analytics, profiling, or A/B testing
• Sending PHI via unencrypted channels or bypassing required encryption settings

Customer Responsibilities
Customers are responsible for:

• Ensuring all workforce members comply with HIPAA
• Configuring access controls, user permissions, and MFA
• Ensuring no third-party system is used with PHI unless the integration is HIPAA-compliant
• Immediately notifying Salesmsg of any suspected unauthorized access

Breach Notification
If you suspect or discover a security incident affecting PHI transmitted via the Services, you must notify Salesmsg immediately. If Salesmsg becomes aware of a potential breach of unsecured PHI, we will notify impacted customers in accordance with the HIPAA Breach Notification Rule and the terms of the BAA.

Contact Information

To ask questions or comment about these Subscriber Terms and our privacy practices, contact us at:

SalesMessage, Inc
1045 East Atlantic Ave Suite 202
Delray Beach, FL 33483
‍support@salesmessage.com

Last Updated: December 17, 2025