CareGist

Acceptable Use Policy

Last updated: 28 March 2026

1. Purpose

This Acceptable Use Policy ("AUP") governs your use of the CareGist website, API, and related services operated by H-Kay Limited (company number 10417923). This AUP supplements our Terms of Service and Privacy Policy.

By using CareGist, you agree to comply with this policy. We may update it from time to time and will notify registered users of material changes.

2. Permitted use

You may use CareGist to:

  • Search for and view information about CQC-registered care providers
  • Integrate provider data into your own applications, products, or reports via the API, subject to your subscription tier limits
  • Submit genuine reviews based on real experiences with care providers
  • Submit enquiries to care providers through our contact forms
  • Claim a provider listing if you are authorised to represent that provider
  • Export data within the limits of your subscription tier

3. Prohibited activities

You must not:

3.1 Data misuse

  • Scrape, crawl, or bulk-download data beyond the limits of your subscription tier
  • Redistribute, resell, or sublicense CareGist data as a competing directory or data product without our prior written consent
  • Remove or obscure CQC attribution when displaying provider data sourced from CareGist
  • Present CareGist data as your own original data or claim affiliation with the Care Quality Commission
  • Use data obtained from CareGist to send unsolicited marketing communications to care providers (spam)

3.2 API abuse

  • Attempt to circumvent rate limits, authentication, or tier restrictions
  • Create multiple free accounts to avoid purchasing a paid subscription
  • Share API keys with third parties or embed them in publicly accessible client-side code
  • Use the API to conduct denial-of-service attacks, load testing, or vulnerability scanning without our written permission
  • Reverse-engineer, decompile, or attempt to extract source code from the API

3.3 Harmful content

  • Submit false, misleading, or defamatory reviews about care providers
  • Submit fraudulent provider claims or impersonate a provider representative
  • Use the platform to harass, threaten, or intimidate care providers, their staff, or residents
  • Submit enquiries that are abusive, fraudulent, or intended to waste a provider's time
  • Post content that is illegal, discriminatory, or violates the rights of others

3.4 Technical abuse

  • Introduce malware, viruses, or malicious code through the API or website
  • Attempt to gain unauthorised access to our systems, databases, or other users' accounts
  • Interfere with the availability or performance of the service for other users

4. API usage rules

4.1 Rate limits

Each subscription tier has defined burst, daily, 7-day, and monthly limits. These are enforced automatically. When you exceed a limit:

  • The API returns HTTP 429 (Too Many Requests)
  • Response headers indicate your remaining quota and reset time
  • You should implement backoff logic in your application

4.2 API key security

  • Store API keys securely (environment variables, secrets managers) — never in source code, client-side JavaScript, or public repositories
  • Rotate your API key immediately if you suspect it has been compromised (use the /api/v1/auth/rotate-key endpoint)
  • Each API key is for use by a single organisation. Pro includes 3 named access seats, Business includes 10, and larger arrangements run through Enterprise.

4.3 Attribution

When displaying CareGist data in your application, you must include the following attribution in a visible location:

Data source: Care Quality Commission (CQC) via CareGist. CareGist is not an official CQC service.

5. Data storage and caching

You may store CareGist data only as reasonably necessary for your application's operation (e.g., caching search results for display). You must not:

  • Build or maintain a separate database containing a substantial portion of the CareGist dataset
  • Create local copies or mirrors of the CareGist database
  • Store bulk data for offline use beyond your current operational needs
  • Retain cached data for longer than 7 days without refreshing from the API

Long-term storage, bulk caching, or systematic replication of the database is prohibited without a commercial data licence. Bulk datasets and commercial redistribution licences are available under separate agreements — contact sales@caregist.co.uk.

6. Competing services

You may not use CareGist data or the CareGist API to build, operate, or improve a competing directory, database, or data product that substantially replicates the CareGist service. This includes using CareGist data to seed, train, or populate an alternative care provider directory.

7. Automated data collection

Automated access to CareGist, including scraping, crawling, or systematic downloading of data, is only permitted through the official API and within your subscription tier limits. Any automated access that bypasses the API (e.g., scraping web pages) is prohibited regardless of the method used.

8. Fair use

Even within published rate limits, you must not use the service in a way that places excessive load on our systems or attempts to download a substantial portion of the database. We reserve the right to limit or suspend accounts that we reasonably believe are attempting to replicate the CareGist dataset, even if individual requests are within tier limits.

Examples of usage patterns that may trigger fair use review:

  • Systematically paginating through the entire dataset
  • Requesting every provider by ID or slug in sequence
  • Running the same broad query repeatedly with different pagination offsets
  • Sustained usage at maximum rate limits for extended periods

9. Monitoring and enforcement

We monitor API usage patterns to detect abuse. If we identify a violation of this policy, we may:

  • Warn — notify you of the violation and request corrective action
  • Throttle — temporarily reduce your rate limits
  • Suspend — temporarily disable your API key pending investigation
  • Terminate — permanently revoke your account and API access

We will provide reasonable notice before taking enforcement action, except where immediate action is necessary to prevent harm to our service, other users, or care providers.

Unauthorised use of CareGist data may cause irreparable harm to our business. We reserve the right to seek injunctive relief and damages where necessary to protect our data, service, and users.

10. Reporting violations

If you believe another user is violating this policy, or if you have concerns about content on our platform, please report it to abuse@caregist.co.uk. We investigate all reports and respond within 5 working days.

11. Contact

Questions about this policy: legal@caregist.co.uk