Acceptable Use Policy

Last updated: 2026-05-25. This policy is a working draft. It has not yet been reviewed by counsel. Read it that way. The substantive prohibitions and enforcement steps below are the operating posture today; the legal phrasing will be tightened in a subsequent counsel-reviewed revision.

This Acceptable Use Policy ("AUP") sits alongside the Terms of Service and is incorporated into them by reference. A material breach of this AUP is a material breach of the Terms.

1. Who this applies to

This AUP applies to anyone who uses the ChiefAIA platform — directly as a tenant, indirectly as an end user of a tenant's account, or as a recipient of outputs the platform produced (where the conduct in question is within the tenant's control).

2. Prohibited uses

You may not use the platform — or the applications, code, or other artifacts it produces — for any of the following:

2.1 Malicious or harmful software

• Generating, hosting, or distributing malware, ransomware, spyware, rootkits, keyloggers, worms, or any other malicious code.
• Generating exploits intended to compromise systems without authorisation.
• Building tools whose primary purpose is unauthorised access, surveillance, or destruction of computer systems or data.

Legitimate security research conducted by qualified researchers under a clearly defined scope is not the target of this clause; if you are in doubt, contact us before you begin.

2.2 Content involving minors

• Generating, hosting, or distributing content that sexualises, exploits, or endangers minors (anyone under 18).
• Building products that target minors as users without legally compliant age-verification and parental-consent flows.
• Generating content that grooms, recruits, or otherwise places minors at risk.

2.3 Spam, phishing, and abuse-at-scale

• Using the platform to generate or send unsolicited bulk communications.
• Generating phishing pages, lookalike websites, or social-engineering scripts intended to deceive recipients into revealing credentials, payment data, or other sensitive information.
• Building scraping tools that violate target sites' Terms of Service or applicable computer-misuse law.
• Generating large volumes of low-quality content for the purpose of search-engine manipulation, ad-fraud, or platform-rating manipulation.

2.4 Fraud and impersonation

• Using the platform to commit fraud, including but not limited to identity theft, payment fraud, document forgery, or fake reviews.
• Impersonating any person or organisation, including impersonating ChiefAIA, our employees, or other tenants.

2.5 Illegal content and conduct

• Generating content that is illegal in the jurisdictions where you or your end users are located, including content that incites violence, promotes terrorism, or constitutes hate speech under applicable law.
• Conduct that violates export-control law, sanctions, or anti-money- laundering law.

2.6 Prohibited industries

The operator-decided scope of prohibited industries — initial list, subject to revision in the counsel-reviewed revision of this document:

• Gambling and betting. Including online casinos, sports betting, daily-fantasy sports, and lottery products. Skill-based competitive gaming without wager-for-prize is not in scope.
• Adult content. Including sexually explicit content, escort services, and adult-content marketplaces. Sex-education products developed by qualified educators are not in scope.
• Weapons. Including platforms primarily devoted to the sale, customisation, or fabrication of firearms, ammunition, explosives, or non-civilian-grade weapons. Hunting, archery, and historical- arms collecting are not in scope.

We may revise this list (additions or refinements) with notice to tenants. If you are unsure whether your use case is permitted, contact us at [email protected] before you begin.

2.7 Privacy and personal-data abuse

• Building products that collect end-user personal data in violation of applicable privacy law.
• Generating tools whose primary purpose is unconsented surveillance, including stalkerware.

2.8 Infrastructure abuse

• Probing, scanning, or testing the vulnerability of the platform without our written authorisation.
• Interfering with or disrupting the platform's operation, including by introducing excessive load, distributed denial-of-service attacks, or attempts to evade rate limits.
• Reverse-engineering the platform other than as expressly permitted by applicable law.

2.9 IP and confidentiality

• Using the platform to infringe a third party's intellectual-property rights.
• Using the platform to misappropriate trade secrets or confidential information that you do not have the right to use.

3. AI-specific responsibilities

The platform uses large language models to produce outputs (code, specs, designs). The following supplement the prohibitions above:

• Output review. AI-generated outputs may be wrong, incomplete, biased, or insecure. You are responsible for reviewing them before use in production. This is especially important for code that handles authentication, payment, personal data, or safety-critical decisions.
• Disclosure. Where law or platform policy in your destination market requires it, disclose to your end users that AI was used to generate the product or its content.
• No deceptive outputs. Do not deploy AI-generated content as if it were authored by a real, identified person without that person's consent.

4. Enforcement

We monitor for violations of this AUP through a combination of:

• Automated detection — content classifiers, pattern matchers, anomaly detection on the build pipeline.
• Manual review — when automated systems flag a tenant for review, or when a third party reports a violation.

When we identify a likely violation we will take one of the following actions, escalating in severity:

1. Notice and cure. A written notice describing the violation and a window — typically seven (7) calendar days — to remediate.
2. Suspension. Temporary suspension of the affected tenant's account, with the ability to access an export for compliance and migration purposes.
3. Termination. Permanent termination of the subscription under Section 9 of the Terms of Service. Termination does not waive any other right we have.

For severe violations — illegal content, abuse-at-scale, security risks to other tenants, or anything that makes a notice-and-cure unsafe to grant — we may suspend or terminate immediately, without a cure window. We will provide notice as soon as it is safe to do so. Where law requires it, we will report the violation to the appropriate authority.

We may preserve evidence necessary to defend ourselves or to comply with law-enforcement requests, even after termination.

5. Reporting a violation

To report a suspected violation of this AUP — your own discovery, a violation by another tenant, or abuse of the platform — contact us at [email protected]. Please include:

• The URL or tenant context where the conduct was observed (where available).
• A description of the conduct and why you believe it violates this AUP.
• Your contact details, so we can follow up. Anonymous reports are accepted but harder to act on.

We acknowledge well-formed reports within five (5) business days and investigate without undue delay. We do not share reporter identities with the reported party except where required by law.

For DMCA or other copyright-infringement notices, send the notice to [email protected]. Counter-notices follow the procedure specified by the Digital Millennium Copyright Act.

For security vulnerabilities in the platform itself, see our security contact at [email protected].

6. Changes to this policy

We will update this AUP when our practices, the threat landscape, or the law changes. Material changes will be announced in-product and by email to tenants on file. The lastUpdated date at the top of this page always reflects the most recent revision.

7. Contact

• Abuse and AUP violations: [email protected]
• Copyright notices: [email protected]
• Security vulnerabilities: [email protected]
• General questions: [email protected]

---

This document is a working draft. It has not been reviewed by counsel. Substantive accuracy of the operating-posture statements above is the responsibility of the platform; legal sufficiency of the phrasing is pending counsel review.