🛡️ Trust Centre

Acceptable Use Policy

CLARUS® is built to keep laboratories productive, compliant, and secure — this policy simply sets the shared ground rules that protect every lab on the platform and the patients they serve.

Effective: 2026-06-26 Last updated: 2026-06-26 Applies to: CLARUS®

This Acceptable Use Policy ("AUP") explains how laboratories, their staff, and any authorised users may use CLARUS® — a cloud, hybrid, and offline Laboratory Information System (LIS) provided by CLARUS® at claruslis.com and on each lab's <subdomain>.claruslis.com tenant.

We keep these rules deliberately plain. They exist to protect the integrity of patient and health data, the reliability of the shared platform, and the trust your patients place in your laboratory. Most of what follows is what any responsible medical laboratory would expect of itself anyway.

This AUP forms part of your agreement with CLARUS® and applies alongside our Terms of Service, Privacy Policy, and Data Processing Agreement. It is effective as of 2026-06-26.

1.Purpose and Scope

This policy sets out what constitutes acceptable use of CLARUS® and the responsibilities that come with operating a medical laboratory information system. It applies to every person and entity that accesses the service: the subscribing laboratory (the "Customer"), its administrators, technicians, pathologists, physicians, receptionists, and any other authorised user, as well as any system or integration that connects to CLARUS® through our APIs, HL7, ASTM, or FHIR interfaces.

Because CLARUS® is used to process patient and health information, the standards here are higher than those of an ordinary software product. The acceptable-use expectations in this document are designed to safeguard data subjects, preserve the security and availability of a shared multi-tenant platform, and keep the service compliant with applicable healthcare, privacy, and consumer-protection laws.

By accessing or using CLARUS®, you agree to this AUP on behalf of yourself and your laboratory. If you do not agree, you must not use the service. We may update this policy as the platform, regulations, and threat landscape evolve, and we will give reasonable notice of material changes.

2.Lawful and Professional Use

You must use CLARUS® only for legitimate laboratory and healthcare operations, and only in compliance with all laws that apply to you. This includes the laws of the Arab Republic of Egypt (the governing law of your agreement) and any mandatory data-protection, medical, professional-licensing, and consumer-protection laws of the country in which your laboratory operates. Where local healthcare or accreditation rules impose stricter obligations, those stricter obligations apply.

You are responsible for ensuring that your laboratory holds the licences, accreditations, and professional authorisations required to perform the testing and diagnostic activities you record in CLARUS®, and that the individuals using the platform are qualified and authorised to do so under local regulation. CLARUS® provides the information system; it does not grant or substitute for any medical, laboratory, or professional licence.

Use of the platform must remain consistent with its intended purpose as a Laboratory Information System and with the entitlements of your subscription plan and edition. You may not use the service in any way that misrepresents your laboratory, your accreditation status, or the regulatory standing of the results you issue.

3.Prohibited Activities

To protect every laboratory on the platform, the following activities are strictly prohibited. This list is illustrative, not exhaustive — anything with a comparable purpose or effect is equally prohibited. We will act on violations to keep the service safe, lawful, and reliable for all tenants.

  • Uploading, storing, transmitting, or processing content that is illegal, fraudulent, defamatory, or that infringes the intellectual-property, privacy, or other rights of any person or third party.
  • Introducing or distributing malware, viruses, ransomware, trojans, or any malicious or destructive code, or using the platform to launch attacks against CLARUS®, other tenants, or third-party systems.
  • Attempting to gain unauthorised access to CLARUS®, to another laboratory's tenant or data, to administrative or back-end systems, or to any account, server, or network associated with the service.
  • Scraping, harvesting, crawling, or systematically extracting data, content, or metadata from the platform except through the documented APIs and within your authorised entitlements.
  • Overloading, flooding, stress-testing, denial-of-service activity, or any conduct that degrades or threatens the performance, availability, or integrity of the shared infrastructure.
  • Reselling, leasing, sublicensing, white-labelling, or otherwise making the service available to third parties without prior written authorisation from CLARUS®.
  • Circumventing, disabling, or tampering with licensing controls, usage limits, plan or edition entitlements, metering, billing, or any technical protection measure of the platform.
  • Reverse engineering, decompiling, or attempting to derive source code or underlying structures, except to the limited extent such restriction is prohibited by applicable law.
  • Impersonating any person, laboratory, physician, or CLARUS® itself, or falsifying identity, credentials, audit records, or the provenance of results.
  • Using the platform to send unsolicited bulk communications (spam) or to process data you have no lawful basis or authority to process.

4.Clinical Responsibility

CLARUS® is a tool that helps your laboratory capture, organise, calculate, and report results efficiently. It is not a substitute for professional clinical judgement, and it does not make diagnoses or medical decisions. Any analytical aids, flags, reference ranges, calculations, or AI-assisted features are decision-support conveniences only.

Your laboratory and its qualified professionals remain fully and solely responsible for the validity, accuracy, and clinical interpretation of all results. This includes verifying and validating results before release, confirming reference ranges and units appropriate to your population and instruments, performing required quality control, and applying professional review and sign-off in accordance with your accreditation and local regulatory requirements.

You must not rely on CLARUS® as the sole basis for any diagnosis, treatment, or patient-care decision. Final responsibility for what is reported to clinicians and patients rests with your laboratory and its authorised medical personnel.

5.Patient Data and Consent Responsibilities

For the patient and health data processed in CLARUS®, your laboratory is the data Controller and CLARUS® acts as the Processor on your documented instructions. CLARUS® processes that data only to provide the service and never uses patient data for its own purposes. As Controller, you carry the corresponding responsibilities toward your patients and toward the law.

You are responsible for establishing a valid lawful basis for processing, obtaining any patient consent or notice required by the laws applicable to your laboratory, and ensuring that the data you enter is accurate, relevant, and lawfully collected. You must honour data-subject rights — such as access, correction, and erasure — in line with applicable regulation, and you must not process special-category health data beyond what your authority and legal basis permit.

You are responsible for managing access to patient records within your tenant: granting roles appropriately, restricting access to a need-to-know basis, and revoking access promptly when staff change roles or leave. CLARUS® provides the per-tenant isolation, encryption, audit logging, and access controls; configuring and using them responsibly for your patients is your obligation.

6.Security Responsibilities

Security on CLARUS® is a shared responsibility. We secure the platform with encryption in transit and at rest, per-tenant isolation, role-based access control, audit logging, two-factor authentication, encrypted backups, and disaster-recovery capabilities. You are responsible for using these protections correctly and for everything that happens within your tenant and accounts.

At a minimum, you must take the following measures to keep your laboratory and its patients safe.

  • Safeguard all credentials, API keys, and access tokens; never share accounts, and ensure each user has their own identity.
  • Enable and enforce two-factor authentication (2FA) for users, especially administrators and any role that can release results or manage data.
  • Configure role-based access control (RBAC) so that each user has only the permissions their role genuinely requires, and review access regularly.
  • Keep your own endpoints, networks, and browsers reasonably secure and up to date, and protect any locally cached or offline data on hybrid/offline deployments.
  • Promptly report any suspected security incident, account compromise, data breach, or vulnerability to support@claruslis.com (or via in-app live chat) so we can respond together, and cooperate with any breach-handling steps.

7.Fair Use of Resources and the API

CLARUS® is a multi-tenant platform, which means the performance one laboratory experiences depends in part on every laboratory using resources responsibly. You agree to use compute, storage, bandwidth, and API capacity in a manner consistent with normal laboratory operations and with the entitlements of your subscription plan and edition.

When using our APIs and HL7, ASTM, or FHIR integrations, you must respect documented rate limits, authentication requirements, and usage quotas, and you must design integrations that fail gracefully rather than retry aggressively or poll excessively. Automated or integrated activity that generates abnormal load, attempts to bypass metering, or has the effect of a denial-of-service is prohibited even where no limit is explicitly stated.

If your legitimate usage is approaching the limits of your plan, we would much rather help you scale than throttle you. Contact billing@claruslis.com or your account team to right-size your plan. We reserve the right to apply reasonable technical limits, or to require an appropriate plan, to protect platform stability for everyone — and we will be transparent with you when we do.

8.Consequences of Violation

We always prefer to resolve issues through a quick conversation, and in most cases a notice and a fix is the end of the matter. Where a violation is serious, repeated, or poses an immediate risk to patients, data, or the platform, we may take stronger action proportionate to the circumstances.

Depending on the nature and severity of the violation, CLARUS® may take one or more of the following steps. Wherever it is safe and lawful to do so, we will give you notice and an opportunity to remedy the issue before escalating.

  • Issue a warning and request prompt corrective action.
  • Apply temporary rate limiting, feature restriction, or other technical safeguards to protect the platform and other tenants.
  • Suspend the affected account, integration, or tenant where there is an ongoing risk, a legal requirement, or an unremedied violation.
  • Terminate the agreement for material or repeated breach, in accordance with the Terms of Service.
  • Preserve and, where legally required, disclose information to competent authorities, and pursue available legal remedies for harm caused.

9.Reporting Abuse and Contact

If you become aware of any misuse of CLARUS®, a security vulnerability, a suspected data breach, infringing content, or any conduct that violates this policy — whether by your own users or anyone else — please tell us promptly so we can act. Responsible reporting helps protect every laboratory and patient on the platform, and we treat reports seriously and discreetly.

You can reach the right team directly, or use in-app live chat for fast help. Please include enough detail (what happened, when, affected accounts or tenants, and any evidence) for us to investigate effectively.

  • Security incidents, abuse, and general help: support@claruslis.com (or in-app live chat).
  • Privacy and data-protection concerns: privacy@claruslis.com.
  • Data Protection Officer: dpo@claruslis.com.
  • Legal and intellectual-property notices: legal@claruslis.com.
  • Billing, refunds, and plan changes: billing@claruslis.com.

10.Good-Faith Security Research

We welcome help making CLARUS® safer. If you discover a potential vulnerability, you may report it in good faith to support@claruslis.com without breaching this policy — provided you test only against your own tenant and accounts, do not access, modify or exfiltrate any patient or other tenant's data, do not degrade or disrupt the service for others, and give us a reasonable opportunity to investigate and remediate before any public disclosure.

Research conducted within these limits will not be treated as a prohibited act under this policy, and we will not pursue action against good-faith researchers who follow them.

Thank you for using CLARUS® responsibly. These rules exist for one reason: so that your laboratory, your colleagues, and your patients can rely on a secure, lawful, and dependable platform every single day. If you are ever unsure whether something is permitted, reach out — we would much rather help you find the right way to do it.

Questions about this policy?

Reach our team any time at legal@claruslis.com or via in-app chat, and we'll be glad to help.