Acceptable Use Policy

SaaS — Acceptable Use Policy
Version 2026-03-26

This Acceptable Use Policy (“AUP”) describes the rules governing use of the SaaS platform (“Service”) operated by DEW Diligence, LLC (“Licensor”). By using the Service, you and your Authorized Users agree to comply with this AUP. This AUP is incorporated into and forms part of the Software License Agreement and Terms of Service.

Violations of this AUP may result in immediate suspension or termination of access without prior notice and without liability to Licensor.

1. Authorized Use Only

You may use the Service only for its intended purpose: operating and managing your organization’s responsible AI governance program. All use must be within the scope of your active Subscription Tier and the Software License Agreement.

2. Prohibited Activities

You must not use the Service to:

2.1 Security and Infrastructure Violations

• Attempt to gain unauthorized access to any account, system, module, or data you are not permitted to access;
• Probe, scan, fuzz, or test the vulnerability of the Service or its supporting infrastructure without Licensor’s prior written authorization;
• Bypass, disable, or circumvent authentication controls, session management, authorization boundaries, WAF rules, or any other security mechanism;
• Introduce malware, viruses, ransomware, spyware, Trojan horses, or other malicious code into the Service;
• Conduct denial-of-service or distributed denial-of-service attacks against the Service or its infrastructure;
• Intercept, monitor, or modify network traffic, API calls, or communications between the Service and its components without authorization.

2.2 Data and Privacy Violations

• Submit data to the Service that you do not have the legal right to process or share;
• Use the Service to process personal data in violation of applicable privacy laws (including GDPR, CCPA, or equivalent), your privacy policy, or your data processing agreements;
• Submit data that contains or constitutes classified government information, protected health information subject to HIPAA, payment card data subject to PCI-DSS, or other regulated data categories without confirming compliance with applicable requirements;
• Attempt to de-anonymize, re-identify, or correlate anonymized or de-identified data;
• Exfiltrate, scrape, or bulk-export Customer Data or Service content for purposes beyond your own legitimate governance operations.

2.3 Intellectual Property and Competitive Violations

• Reverse engineer, decompile, disassemble, or attempt to extract source code, model weights, internal system prompts, embedding structures, or proprietary algorithms from the Service;
• Use outputs, interfaces, or AI interactions from the Service to train, benchmark, fine-tune, or inform the development of any competing software, AI system, or governance product;
• Remove, obscure, or alter any copyright notices, trademarks, watermarks, or proprietary legends within the Service;
• Frame, mirror, or scrape Service pages or content without authorization.

2.4 Fraud, Misrepresentation, and Abuse

• Provide false, misleading, or fraudulent information during registration or in connection with subscription requests;
• Impersonate any person, organization, or role within the Service;
• Share account credentials with individuals who are not Authorized Users, or create accounts to circumvent seat caps;
• Use the Service to create false or misleading governance records, evidence packs, audit trails, or board reports for the purpose of deceiving regulators, auditors, investors, or other stakeholders;
• Manipulate AI governance gate outcomes or approval workflows to conceal non-compliance.

2.5 Harmful and Unlawful Use

• Use the Service in furtherance of any activity that violates applicable federal, state, or international law, including computer fraud statutes (e.g., 18 U.S.C. § 1030, CFAA), cybercrime laws, export control regulations, anti-corruption laws, or sanctions;
• Use the Service to facilitate, plan, or conceal illegal activity, including unauthorized access to third-party computer systems, financial fraud, bribery, or market manipulation;
• Use the Service to harass, threaten, defame, or harm any individual or group;
• Sublicense, resell, or make the Service available to third parties as a managed or bureau service without a valid reseller agreement with Licensor.

2.6 AI and Copilot Misuse

• Attempt to extract, reproduce, or surface Licensor’s internal system prompts, model configurations, retrieval corpora, or proprietary AI instructions through prompt injection, adversarial prompting, or other techniques;
• Use the AI-Assistant, agent workflows, or other AI features to generate content that is fraudulent, defamatory, or designed to deceive regulators or stakeholders;
• Submit prompts designed to cause the AI to violate this AUP, the Terms of Service, or applicable law;
• Rely on AI-generated governance outputs as legal, regulatory, or professional advice without independent expert review.

3. Reporting Violations

If you become aware of any violation of this AUP by any party (including Authorized Users within your organization), report it promptly to [email protected]. We take AUP violations seriously and will investigate all credible reports.

4. Good-Faith Security Research

Licensor supports good-faith security research conducted under a responsible disclosure program. If you believe you have discovered a vulnerability in the Service, do not exploit it or disclose it publicly. Report findings to [email protected] with sufficient detail to reproduce the issue. Licensor will acknowledge valid reports and work to remediate confirmed vulnerabilities. Good-faith researchers who comply with this process will not be subject to legal action for their research activities, consistent with DOJ guidance on good-faith security research.

5. Enforcement

Licensor reserves the right to investigate any suspected violation of this AUP. Licensor may, without prior notice: suspend or terminate access to the Service; remove or disable access to content that violates this AUP; report suspected illegal activity to law enforcement; pursue civil remedies for violations causing harm to Licensor or third parties.

Licensor’s failure to enforce any provision of this AUP does not waive its right to enforce that provision in the future.

6. Updates to This Policy

Licensor may update this AUP by publishing a new version and incrementing the legal bundle version. You will be required to re-acknowledge the updated AUP before continuing to use the Service. Questions about this AUP may be directed to [email protected].