INTENDED AUDIENCE: The Allotment Checker API agreement is only valid between AZAC (Arizona MMJ Allotment Checker) and State Approved Medical Marijuana Dispensaries. In order to publish applications using our API, you must be a registered user on the Medical Marijuana Verification System (https://azmmvs.azdhs.gov/), and have a valid “dealer_id” (provided by us after AZMMVS verification). Your application’s end-users must be AZMMJ Card Holders (end-users do not require AZMMVS verification).
DATA STORAGE & HIPAA COMPLIANCE: Our API is intended to be used in a way that protects patient information. Any attempts to save or scrape patient information is forbidden, and will result in immediate termination of your AZAC “dealer_id”. Protected information includes: MMJ Card Numbers, First/Last Name, and any information returned from our API.
If you are unsure about how to use our API in a way that protects patient data, we have developers that can help (additional cost may apply).
Using Our APIs
a. Your End Users
b. Compliance with Law, Third Party Rights, and Other Terms of Service
You will comply with all applicable law, regulation, and third party rights (including without limitation laws regarding the import or export of data or software, privacy, and local laws). You will not use the API to encourage or promote illegal activity or violation of third party rights. You will not violate any other terms of service with AZAC (Arizona Allotment Checker).
c. Permitted Access
You will only access (or attempt to access) an API by the means described in the documentation of that API. If AZAC assigns you developer credentials (e.g. dealer_id), you must use them with the applicable APIs. You will not misrepresent or mask either your identity or your API Client’s identity when using the API or developer accounts.
Your API Clients
a. API Clients and Monitoring
The APIs are designed to help you enhance your websites and applications (“API Client(s)”). YOU AGREE THAT AZAC MAY MONITOR USE OF THE APIS TO ENSURE QUALITY, IMPROVE AZAC PRODUCTS AND SERVICES, AND VERIFY YOUR COMPLIANCE WITH THE TERMS. This monitoring may include AZAC accessing and using your API Client, for example to identify security issues that could affect AZAC or its users. You will not interfere with this monitoring. AZAC may use any technical means to overcome such interference. AZAC may suspend access to the APIs by you or your API Client without notice if we reasonably believe that you are in violation of the Terms.
You will use commercially reasonable efforts to protect user information collected by your API Client, including personally identifiable information (“PII”), from unauthorized access or use and will promptly report to your users any unauthorized access or use of such information to the extent required by applicable law.
AZAC does not acquire ownership in your API Clients, and by using our APIs, you do not acquire ownership of any rights in our APIs or the content that is accessed through our APIs.
d. User Privacy and API Clients
Prohibitions and Confidentiality
a. API Prohibitions
When using the APIs, you may not (or allow those acting on your behalf to):
- Sublicense an API for use by a third party. Consequently, you will not create an API Client that functions substantially the same as the APIs and offer it for use by third parties.
- Perform an action with the intent of introducing to AZAC products and services any viruses, worms, defects, Trojan horses, malware, or any items of a destructive nature.
- Interfere with or disrupt the APIs or the servers or networks providing the APIs.
- Reverse engineer or attempt to extract the source code from any API or any related software, except to the extent that this restriction is expressly prohibited by applicable law..
- Remove, obscure, or alter any AZAC terms of service or any links to or notices of those terms.
Unless otherwise specified in writing by AZAC, AZAC does not intend use of the APIs to create obligations under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”), and makes no representations that the APIs satisfy HIPAA requirements. If you are (or become) a “covered entity” or “business associate” as defined in HIPAA, you will not use the APIs for any purpose or in any manner involving transmitting protected health information to AZAC unless you have received prior written consent to such use from AZAC.
b. Confidential Matters
- Developer credentials (such as passwords, keys, and client IDs) are intended to be used by you and identify your API Client. You will keep your credentials confidential and make reasonable efforts to prevent and discourage other API Clients from using your credentials. Developer credentials may not be embedded in open source projects.
- Our communications to you and our APIs may contain AZAC confidential information. AZAC confidential information includes any materials, communications, and information that are marked confidential or that would normally be considered confidential under the circumstances. If you receive any such information, then you will not disclose it to any third party without AZAC’s prior written consent. AZAC confidential information does not include information that you independently developed, that was rightfully given to you by a third party without confidentiality obligation, or that becomes public through no fault of your own. You may disclose AZAC confidential information when compelled to do so by law if you provide us reasonable prior notice, unless a court orders that we not receive notice.
a. Content Accessible Through our APIs
Your access to the content provided by the API may be restricted, limited, or filtered in accordance with applicable law, regulation, and policy.
b. Retrieval of content
When a user’s non-public content is obtained through the APIs, you may not expose that content to other users or to third parties.
c. Prohibitions on Content
Unless expressly permitted by the content owner or by applicable law, you will not, and will not permit your end users or others acting on your behalf to, do the following with content returned from the APIs:
- Scrape, build databases, or otherwise create permanent copies of such content, or keep cached copies longer than permitted by the cache header;
- Copy, translate, modify, create a derivative work of, sell, lease, lend, convey, distribute, publicly display, or sublicense to any third party;
- Misrepresent the source or ownership; or
- Remove, obscure, or alter any copyright, trademark, or other proprietary rights notices; or falsify or delete any author attributions, legal notices, or other labels of the origin or source of material.