Acceptable Use Policy

Last updated: April 2026

This Acceptable Use Policy ("AUP") is part of Your Terms with InPolicy LLC. Any capitalized terms used but not defined here have the meaning set forth in the Terms of Service. This AUP applies to all users of the Service, including Authorized Users accessing the Service under Your account. You are responsible for ensuring that all individuals who access the Service through Your account comply with this AUP. Any violation of this AUP by an Authorized User shall be deemed a violation by You. InPolicy may update this AUP from time to time, and continued use of the Service after any such update constitutes Your acceptance of the revised AUP.

By using the Service, You agree not to, and not to direct or allow users or third parties to use the Service to: The following restrictions are not exhaustive. InPolicy reserves the right to determine, in its sole reasonable discretion, whether any particular use of the Service violates this AUP.

1. Violate Applicable Laws

Including using the Service to:

  • violate, encourage the violation of, or otherwise compromise the privacy or legal rights of others
  • infringe, misappropriate, or violate the intellectual property rights of any third party
  • identify an individual from biometric data or create a biometric database
  • exploit vulnerabilities of an individual or group arising from their age, disability, or specific social or economic situation with the aim of causing harm
  • evaluate or classify individuals based on their social behavior or personal information in a manner that violates applicable law
  • characterize individuals in a manner that results in detrimental, unfair, or discriminatory treatment

violate applicable export control laws, economic sanctions, or anti-money laundering regulations, including those administered by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the U.S. Department of Commerce Bureau of Industry and Security (BIS), or any equivalent authority in your jurisdiction

use the Service in connection with any high-risk AI application as defined under the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) or any analogous legislation, except to the extent expressly permitted by InPolicy in writing and subject to any additional terms InPolicy may require

  • use the Service in a manner that facilitates or promotes fraud, money laundering, terrorist financing, or any other financial crime
  • use the Service to engage in or facilitate any form of surveillance, tracking, or monitoring of individuals without their knowledge and consent, except as expressly authorized by applicable law

2. Compromise Security or Integrity

Including using the Service to:

  • intentionally distribute viruses, worms, Trojan horses, corrupted files, or other destructive or deceptive items
  • interfere with the use of the Service or the equipment used to provide it
  • attempt to disable, circumvent, or interfere with any aspect of the Service
  • attempt to gain unauthorized access to InPolicy's systems, networks, or data
  • probe, scan, or test the vulnerability of any InPolicy system without prior written authorization
  • use the Service to transmit, store, or process any ransomware, spyware, adware, cryptominers, or any other malicious or unauthorized software or code
  • engage in any activity that could create a denial-of-service condition, excessive load, or otherwise impair the performance, availability, or integrity of the Service for other users
  • intercept, monitor, or capture any data or communications transmitted through the Service without proper authorization

3. Misuse the Service

Including:

  • attempting to reverse engineer, decompile, or discover the source code, underlying models, or algorithms of the Service
  • using automated means to scrape, extract, or harvest Content or Output at scale
  • reselling, sublicensing, or providing access to the Service to third parties without InPolicy's prior written consent
  • building products or services that compete with the Service using knowledge gained from it
  • using the Service in any manner not expressly permitted by the Terms of Service
  • benchmarking, evaluating, or comparing the Service for the purpose of developing or improving a competing product or service, or publishing any performance benchmarks of the Service without InPolicy’s prior written consent
  • using the Service to generate output that is presented as human-generated content without appropriate disclosure that AI-assisted tools were used in its creation, where such disclosure is required by applicable law or industry standards
  • accessing, using, or attempting to use the Service to circumvent any usage limits, rate limits, or other technical restrictions imposed by InPolicy
  • framing, mirroring, or creating derivative works based on the Service or any portion thereof without InPolicy’s express written consent

4. Upload Harmful or Unlawful Content

Including uploading, submitting, transmitting, or otherwise causing the Service to receive, store, host, or make available any content that:

  • is unlawful, harmful, threatening, abusive, harassing, defamatory, or obscene
  • violates the rights of any third party including privacy and intellectual property rights
  • contains personally identifiable genetic or biometric data
  • constitutes Protected Health Information (PHI) as defined under HIPAA and its implementing regulations
  • you do not have the legal right to use or process
  • is subject to the International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR), or any similar regulatory classification that restricts its transmission or processing
  • contains payment card industry (PCI) data, including credit card numbers, cardholder data, or sensitive authentication data, except to the extent the Service is expressly certified for such processing
  • contains classified or government-restricted information of any government, including information marked as Controlled Unclassified Information (CUI), unless expressly authorized by InPolicy in writing
  • contains the personal data of children under the age of eighteen (18), or any data subject to the Children’s Online Privacy Protection Act (COPPA) or equivalent legislation

InPolicy does not offer Business Associate Agreements and will not enter into one under any circumstances. PHI is prohibited from the Service unconditionally. You acknowledge and agree that any processing of PHI through the Service constitutes a material breach of the Terms of Service and this AUP. You are solely responsible for ensuring that no PHI is submitted to the Service, and You shall indemnify and hold InPolicy harmless from any claims, damages, or regulatory penalties arising from Your submission of PHI to the Service.

5. Make Automated Compliance Decisions Without Human Review

The Service is a detection assistance tool, not a compliance officer. You may not:

  • rely solely on Output as a final compliance determination without human review by a qualified professional
  • use Output as legal advice or as a substitute for legal counsel
  • make automated decisions with material legal or regulatory consequences based on Output alone
  • represent or imply to any third party that Output constitutes a legal opinion, regulatory certification, or formal compliance determination
  • use Output as the sole basis for disciplinary action, termination of employment, or any other adverse action against any individual without independent human review and verification
  • deploy the Service in a manner that removes or limits meaningful human oversight over decisions that materially affect the rights, safety, or welfare of individuals
  • fail to maintain adequate records of human review decisions made in connection with Output, to the extent required by applicable law or regulation

6. Circumvent Access Controls

Including:

  • sharing access credentials between users
  • attempting to access another organization's data or configuration within the Service
  • using access codes or beta access in ways inconsistent with their intended purpose
  • creating multiple accounts to circumvent account-level restrictions, suspension, or termination
  • using the Service through any automated means (including bots, scripts, or crawlers) except through APIs or interfaces expressly provided and authorized by InPolicy
  • failing to promptly revoke access credentials for any Authorized User who no longer requires access or who has left Your organization

7. Responsible AI Use and Data Integrity

You are responsible for ensuring the accuracy, quality, and legality of all data and content You submit to the Service. You shall not:

  • intentionally submit inaccurate, misleading, or fabricated data or content to the Service for the purpose of manipulating Output or undermining the integrity of policy detection
  • use the Service to generate false or misleading compliance reports, certifications, or documentation
  • attempt to manipulate, poison, or adversely affect the quality of the Service’s AI models through adversarial inputs, prompt injection, or similar techniques
  • use the Service in a manner that could compromise the accuracy or reliability of Output for other users of the Service
  • use the Service to produce output intended to deceive or mislead any person, regulatory authority, or organization regarding the compliance status of any communication, document, or business practice

8. Rate Limits and Fair Use

InPolicy may impose reasonable rate limits, usage quotas, or other technical restrictions on the use of the Service to ensure fair access and system stability. You shall not exceed any such limits or take any action designed to circumvent them. InPolicy reserves the right to throttle, suspend, or restrict access to the Service if Your usage materially exceeds normal usage patterns or threatens the stability or performance of the Service. InPolicy will use commercially reasonable efforts to notify You before imposing such restrictions, except where immediate action is necessary to protect the Service or other users.

Enforcement

InPolicy reserves the right to investigate suspected violations and, where confirmed, to suspend or terminate access immediately and without notice. InPolicy may report suspected illegal activity to appropriate law enforcement authorities. InPolicy may take any of the following enforcement actions, individually or in combination, in response to a confirmed or suspected violation of this AUP: (a) issue a written warning specifying the nature of the violation and the corrective action required; (b) temporarily suspend access to the Service pending investigation or remediation; (c) permanently terminate access to the Service; (d) remove or disable access to any content that violates this AUP; or (e) pursue any other remedies available under the Terms of Service or applicable law. The severity of the enforcement action shall be proportionate to the nature, gravity, and recurrence of the violation. For violations that do not pose an imminent security risk or threat of harm, InPolicy will use commercially reasonable efforts to provide written notice and a reasonable opportunity to cure the violation before taking enforcement action, except where such notice would compromise an investigation or the security of the Service. Nothing in this AUP shall limit InPolicy’s rights under the Terms of Service, including the right to seek injunctive relief or other equitable remedies.

Reporting Violations

Report suspected violations to security@inpolicy.ai. InPolicy encourages the good-faith reporting of suspected AUP violations and will not retaliate against any individual who reports a suspected violation in good faith. InPolicy will acknowledge receipt of all violation reports within five (5) business days and will use commercially reasonable efforts to investigate and respond to all reports in a timely manner. Reports may be made anonymously. InPolicy will maintain the confidentiality of the reporting party’s identity to the extent permitted by applicable law and consistent with the needs of the investigation.

This AUP is incorporated by reference into InPolicy's Terms of Service. For questions: legal@inpolicy.ai

Violation of this AUP may constitute a material breach of the Terms of Service and may result in enforcement actions as described above, in addition to any other remedies available under the Terms of Service or applicable law. This AUP shall be interpreted in conjunction with the Terms of Service, Privacy Policy, Security Addendum, and any applicable Order Form. In the event of a conflict between this AUP and the Terms of Service, the Terms of Service shall control unless this AUP imposes a more restrictive obligation, in which case the more restrictive obligation shall apply.