Acceptable Use Policy
1. INTRODUCTION
1.1. Purpose
This Acceptable Use Policy ("Policy") describes the standards of conduct required when using
services, websites, software, APIs, AI systems, infrastructure, documentation, demos, proofs
of concept, customer portals, managed deployments, and other offerings made available by XData
(collectively, the "Services").
The purpose of this Policy is to protect:
(a) the integrity, security, and availability of the Services;
(b) XData, its customers, users, partners, and suppliers;
(c) individuals whose data may be processed through the Services;
(d) the public and third parties;
(e) lawful, responsible, and trustworthy use of AI and digital technologies.
1.2. Parties
This Policy applies to every customer, user, visitor, administrator, authorized user, developer,
contractor, partner, or other person who accesses or uses the Services ("Customer", "you",
or "your").
The Services are provided by:
[XDATA LEGAL ENTITY NAME]
[XDATA REGISTERED ADDRESS]
Company registration number: [INSERT]
VAT ID: [INSERT]
Website: https://xdata.si
("XData", "we", "us", or "our").
1.3. Relationship to Other Terms
This Policy forms part of and is incorporated into the applicable agreement between XData and
Customer, including any Terms of Service, Software and AI Services Agreement, Master Services
Agreement, Order Form, Proposal, Statement of Work, Data Processing Addendum, AI Terms, or
other written agreement (the "Customer Agreement").
If there is a conflict between this Policy and a signed Customer Agreement, the signed Customer
Agreement will prevail to the extent of the conflict, unless this Policy is required to protect
security, comply with law, prevent abuse, or comply with third-party provider rules.
1.4. Changes to this Policy
XData may update this Policy from time to time. Material changes may be communicated through
the Services, website, email, account notice, or another reasonable method. Continued use of
the Services after the updated Policy takes effect constitutes acceptance of the updated Policy.
2. COMPLIANCE WITH LAWS AND REGULATIONS
2.1. General Legal Compliance
You are responsible for using the Services in compliance with all laws and regulations
applicable to you, your users, your data, your jurisdiction, your industry, and your use case.
This includes, where applicable:
(a) data protection and privacy laws, including GDPR;
(b) cybersecurity laws;
(c) intellectual property laws;
(d) consumer protection laws;
(e) anti-discrimination laws;
(f) employment, education, financial, healthcare, insurance, public sector, and sector-specific laws;
(g) export control and sanctions laws;
(h) anti-corruption and anti-bribery laws;
(i) public procurement rules;
(j) AI-related laws, including the EU AI Act.
2.2. Customer Responsibility
You are responsible for ensuring that:
(a) you have the right to upload, process, transmit, or generate content through the Services;
(b) your instructions to XData are lawful;
(c) your use of AI Services is appropriate for your risk profile;
(d) your Authorized Users comply with this Policy;
(e) your integrations, systems, data sources, APIs, and credentials are lawful and authorized.
3. SERVICE CONDUCT RESTRICTIONS
While using the Services, you must not do any of the following.
3.1. Interference with Services
You must not damage, disable, overload, disrupt, degrade, interfere with, or circumvent any
aspect of the Services, including infrastructure, APIs, databases, AI systems, search systems,
safety filters, privacy controls, rate limits, usage limits, authentication systems, integrity
controls, logging systems, monitoring systems, or security safeguards.
3.2. Abuse of Service Capacity
You must not use the Services in a way that exceeds or attempts to exceed reasonable load,
capacity, rate, token, compute, storage, indexing, or usage specifications, except as expressly
permitted in the applicable agreement.
3.3. Security Testing and Scanning
You must not test, scan, probe, penetrate, fuzz, exploit, or assess the Services for security
vulnerabilities or limitations except:
(a) with XData's prior written permission; or
(b) in strict compliance with an XData responsible disclosure or bug bounty program, if one
exists.
3.4. Circumvention
You must not bypass, disable, remove, manipulate, reverse engineer, or interfere with safety,
security, privacy, attribution, watermarking, usage, billing, moderation, content filtering,
or access control mechanisms.
3.5. Unauthorized Access
You must not attempt to gain unauthorized access to the Services, accounts, data, systems,
networks, models, prompts, logs, repositories, infrastructure, or customer environments.
3.6. Credential Abuse
You must not share accounts, share passwords, share API keys, resell access, use stolen
credentials, use credential stuffing, use automated login attempts, or otherwise misuse
authentication mechanisms.
3.7. Fee Avoidance
You must not access or use the Services in a manner intended to avoid fees, usage charges,
seat limits, subscription limits, token limits, compute charges, AI credits, storage fees,
or other payment obligations.
3.8. Scraping and Data Mining
You must not scrape, crawl, data mine, harvest, bulk download, automatically extract, or
programmatically access the Services or Service content except as expressly permitted by XData
in writing or through documented APIs.
3.9. Competitive Misuse
You must not use the Services to copy, benchmark, clone, reverse engineer, replicate, or
compete with XData by copying ideas, features, functionality, workflows, prompts, layouts,
designs, documentation, system behavior, model routing logic, or graphics of the Services.
3.10. Misrepresentation and Impersonation
You must not impersonate any person or entity, misrepresent your identity, misrepresent your
connection with any person or organization, create fake accounts, or hide the origin of your
communications.
3.11. Bad Faith
You must not act in bad faith, abuse support processes, submit fraudulent requests, manipulate
usage metrics, evade enforcement, repeatedly violate this Policy, or encourage others to do so.
3.12. High-Risk Safety-Critical Use
You must not use the Services for activities where use or failure of the Services could
reasonably lead to death, bodily injury, environmental damage, serious property damage,
critical infrastructure disruption, or other safety-critical harm, unless expressly agreed
in writing and supported by appropriate controls.
3.13. Sanctions and Export Control Evasion
You must not use the Services in a manner intended to evade sanctions, export controls, trade
restrictions, embargoes, or other legal restrictions applicable to individuals, organizations,
regions, technologies, software, models, data, or services.
3.14. Unauthorized Code Modification
You must not modify, interfere with, or use tools that modify XData code, code execution,
runtime behavior, client-side restrictions, server-side controls, or security mechanisms,
unless expressly permitted by XData.
3.15. Spam and Unwanted Communications
You must not use the Services to send, generate, facilitate, or optimize spam, unwanted
communications, unsolicited bulk messages, fake engagement, deceptive campaigns, or abusive
outreach.
3.16. Third-Party Content Misuse
You must not use content, data, files, images, code, datasets, documents, or other materials
belonging to third parties unless you have the necessary rights, permissions, licenses, or
legal basis.
3.17. Platform Abuse
You must not use the Services to host, distribute, coordinate, facilitate, or conceal illegal,
harmful, abusive, deceptive, infringing, or malicious activity.
4. CONTENT RESTRICTIONS
You must not upload, publish, transmit, process, distribute, create, collect, generate, store,
or make available through the Services content that falls into the categories below.
4.1. Fraudulent or Deceptive Content
Content that is fraudulent, false, misleading, deceptive, impersonating, manipulative, or
intended to trick individuals, organizations, systems, regulators, or the public.
4.2. Defamatory or Offensive Content
Content that is defamatory, obscene, pornographic, vulgar, excessively offensive, harassing,
bullying, threatening, or abusive.
4.3. Hate, Harassment, and Discrimination
Content that promotes, incites, or supports discrimination, bigotry, racism, hatred,
harassment, bullying, dehumanization, or harm against an individual or group based on
protected characteristics or vulnerable status.
4.4. Violence and Threats
Content that is violent, threatening, glorifies violence, encourages self-harm, promotes harm
against individuals or organizations, or provides instructions for violent activity.
4.5. Illegal or Harmful Activities
Content that promotes, facilitates, or instructs illegal or harmful activities, including
terrorism, human trafficking, exploitation, counterfeiting, illegal drugs, illegal weapons,
organized crime, fraud, or other unlawful conduct.
4.6. Malware and Destructive Software
Content that includes or facilitates malware, viruses, worms, trojan horses, spyware,
ransomware, dishonest adware, scareware, crimeware, botnets, destructive scripts, credential
stealers, exploit kits, or malicious code.
4.7. Illegal Content
Content that is illegal or solicits conduct that is illegal under laws applicable to you,
XData, the Services, or affected third parties.
4.8. Infringing Content
Content that violates intellectual property, privacy, publicity, confidentiality, database,
contractual, trade secret, or other rights of others.
4.9. Regulated Sensitive Information
Content that includes sensitive information subject to special regulation or protection unless
the applicable Customer Agreement expressly permits such processing and appropriate safeguards
are in place.
This may include:
(a) Special Categories of Personal Data under GDPR;
(b) data revealing race, ethnicity, religion, politics, trade union membership, genetics,
biometrics, health, sex life, or sexual orientation;
(c) criminal offence data;
(d) patient, medical, or health information;
(e) children's data;
(f) government identifiers;
(g) passport, identity card, tax number, social security number, or similar identifiers;
(h) financial account data;
(i) credit or debit card information;
(j) payment credentials;
(k) authentication secrets;
(l) highly confidential client data;
(m) classified or government-restricted information.
4.10. Financial and Payment Data
Content that includes credit card data, debit card data, payment credentials, bank account
credentials, financial access codes, or other regulated payment information, unless expressly
permitted in writing and protected by appropriate controls.
4.11. Minors' Data
Content that includes protected data about minors or children unless the applicable Customer
Agreement expressly permits such processing and Customer has all required legal basis, notices,
consents, and safeguards.
4.12. Government Restricted Information
Content that includes government, defense, classified, export-controlled, or restricted
information requiring specific handling or security controls beyond those expressly provided
by XData in the applicable agreement.
4.13. Secrets and Credentials
Content that includes private keys, access tokens, passwords, API keys, production secrets,
database credentials, signing keys, SSH keys, certificates, or other secrets, unless the
Service is specifically designed and contracted for such use.
4.14. Excessive Personal Data
Content that includes unnecessary, excessive, irrelevant, or unlawfully collected Personal Data.
You must follow data minimization principles when using the Services.
5. AI-SPECIFIC ACCEPTABLE USE RULES
If you use XData AI Services, you must follow the additional rules below.
5.1. AI Output Transparency
You must not deceive or mislead any person into believing that AI-generated output was solely
human-generated where disclosure is required by law, contract, platform policy, or context.
You must not remove, obscure, tamper with, or alter metadata, digital signatures, provenance
signals, watermarks, or labels that identify AI-generated output where such measures are
required or provided by the Services.
5.2. Bias, Harm, and Discrimination
You must not use AI Services in a way that causes, is intended to cause, or materially risks
unlawful bias, discrimination, exclusion, harassment, or harm against individuals or groups.
5.3. Automated Decisions About Individuals
You must not use AI Services to make solely automated decisions about individuals that could
have legal or similarly significant effects, unless such use is lawful, expressly permitted
in writing, and supported by appropriate human review, transparency, appeal mechanisms, risk
management, and data protection controls.
5.4. Prohibited AI Practices
You must not use AI Services for prohibited AI practices under applicable law, including
unlawful manipulation, exploitation of vulnerabilities, certain biometric identification or
categorization uses, social scoring, or other prohibited practices under the EU AI Act or
other applicable laws.
5.5. High-Risk AI Systems
You must not use AI Services as part of a high-risk AI system unless:
(a) the applicable Customer Agreement expressly permits such use;
(b) the parties agree role allocation under applicable AI laws;
(c) required risk management, documentation, logging, data governance, human oversight,
accuracy, robustness, cybersecurity, post-market monitoring, and conformity requirements
are addressed;
(d) appropriate legal and technical review has been completed.
5.6. Professional Advice
You must not present AI output as legal, medical, tax, financial, investment, employment,
insurance, regulatory, cybersecurity certification, or other professional advice unless
reviewed and approved by a qualified professional and legally permitted.
5.7. Safety-Critical AI Use
You must not use AI Services in safety-critical contexts, including emergency response,
medical treatment, autonomous vehicles, weapons systems, critical infrastructure control,
aviation, industrial safety, or similar high-risk contexts unless expressly agreed in writing
and supported by appropriate safeguards.
5.8. AI Cyber Abuse
You must not use AI Services to generate, optimize, or facilitate malware, phishing, credential
theft, exploit development, evasion techniques, vulnerability abuse, unauthorized scanning,
or other cyber abuse.
5.9. AI Fraud and Deception
You must not use AI Services to generate or facilitate scams, fraud, impersonation, fake
reviews, fake identity documents, social engineering, misinformation, deceptive political
or commercial persuasion, or other deceptive activity.
5.10. Model Abuse
You must not intentionally prompt, jailbreak, manipulate, or attack AI Services to bypass
safety controls, access hidden system instructions, reveal confidential information, extract
training data, generate prohibited content, or evade restrictions.
5.11. Personal Data in AI
You must not submit Personal Data to AI Services unless you have a lawful basis and the
applicable Customer Agreement permits such processing. You must not submit Special Categories
of Personal Data or other regulated sensitive data unless expressly permitted in writing.
5.12. AI Provider Policies
Where AI Services use third-party AI providers, you must comply with applicable provider
policies, which may include, depending on the configured service:
(a) OpenAI usage policies;
(b) Anthropic usage policies;
(c) Google AI usage policies;
(d) Microsoft AI code of conduct or usage rules;
(e) AWS Responsible AI Policy;
(f) Mistral or other model provider terms;
(g) open-source model license terms;
(h) other provider policies identified in the applicable Service description or Order.
5.13. AI Filters and Restrictions
AI Services may include safety filters, usage filters, attribution requirements, provider
restrictions, content moderation, logging, monitoring, or other controls. You are responsible
for complying with those controls and must not bypass or disable them unless expressly
authorized by XData.
6. API, AUTOMATION, AND INTEGRATION RULES
6.1. API Use
You must use APIs only as documented and only within permitted rate, usage, and access limits.
6.2. Automation
You must not use bots, scripts, crawlers, automation, agents, or integrations in a way that
abuses the Services, bypasses usage limits, causes excessive load, violates third-party rights,
or performs unauthorized actions.
6.3. Connected Systems
You are responsible for systems, repositories, databases, cloud services, email accounts,
calendars, storage, documents, communication tools, and other third-party systems that you
connect to the Services.
6.4. Credentials and Permissions
You must ensure that credentials, tokens, API keys, OAuth permissions, repository permissions,
cloud permissions, and other integration rights are lawful, authorized, current, and limited
to what is necessary.
6.5. Customer-Hosted Deployments
For customer-hosted deployments, you are responsible for the security, legality, and acceptable
use of the infrastructure, network, endpoints, identity systems, access controls, logs, and
connected data sources under your control.
7. SECURITY AND RESPONSIBLE DISCLOSURE
7.1. Reporting Vulnerabilities
If you discover a potential vulnerability in the Services, you should report it responsibly to:
[INSERT SECURITY CONTACT EMAIL]
You must not publicly disclose a vulnerability until XData has had a reasonable opportunity
to investigate and remediate it.
7.2. Prohibited Security Conduct
You must not:
(a) access, modify, delete, or exfiltrate data that does not belong to you;
(b) disrupt service availability;
(c) perform social engineering;
(d) access production secrets;
(e) pivot into third-party systems;
(f) install malware or persistence;
(g) perform denial-of-service testing;
(h) bypass authentication or authorization except within an approved test scope;
(i) continue testing after XData asks you to stop.
7.3. Good-Faith Research
XData may consider good-faith security research differently from malicious activity, but only
where research is conducted responsibly, lawfully, minimally, and within an approved scope.
8. INTELLECTUAL PROPERTY AND COPYRIGHT
8.1. Respect for Rights
XData respects intellectual property rights and expects users to do the same.
You must not use the Services to upload, copy, process, generate, publish, distribute, or
commercialize content that infringes copyright, trademarks, patents, trade secrets, database
rights, personality rights, privacy rights, or other rights.
8.2. Copyright Complaints
XData may provide a process for copyright or intellectual property complaints at:
[INSERT COPYRIGHT OR LEGAL CONTACT EMAIL / URL]
8.3. Repeat Infringers
XData may suspend or terminate accounts of repeat infringers or users who repeatedly submit
or distribute infringing content.
8.4. Third-Party Datasets and Media
You are responsible for ensuring that any third-party datasets, media, images, fonts, code,
documents, or other materials used with the Services are properly licensed and permitted for
the intended use.
8.5. Open-Source Licenses
You are responsible for complying with open-source licenses that apply to code, models,
datasets, or components you upload, use, generate, modify, or distribute through the Services.
9. ENFORCEMENT
9.1. Enforcement Actions
If XData reasonably believes that you have violated this Policy, encouraged others to violate
it, allowed others to violate it through your account, or used the Services in a way that
creates risk, XData may take any action it considers necessary to protect XData, users,
customers, third parties, and the public.
Such actions may include:
(a) warning you;
(b) requiring remediation;
(c) limiting or throttling usage;
(d) disabling features;
(e) blocking prompts, outputs, files, or requests;
(f) removing content;
(g) quarantining data;
(h) deleting prohibited content;
(i) suspending accounts or Services;
(j) terminating access;
(k) refusing future service;
(l) notifying affected customers or users;
(m) notifying authorities where legally required or appropriate;
(n) preserving evidence where required by law or necessary for security.
9.2. No Compensation for Policy Violations
You will not be entitled to credits, refunds, service level credits, or other compensation
for interruption, suspension, deletion, or termination caused by your violation of this Policy.
9.3. Investigation
XData may investigate suspected violations of this Policy. You agree to cooperate reasonably
with investigations, including by providing relevant information where appropriate.
9.4. Removal of Content
XData may remove or restrict access to content that violates this Policy, applicable law,
third-party rights, provider policies, or the Customer Agreement.
9.5. Preservation
XData may preserve content, logs, account information, and related evidence where necessary
for legal compliance, security investigation, fraud prevention, dispute resolution, or
enforcement of this Policy.
9.6. Appeals
Where XData provides an appeal or review process, you may request review of an enforcement
decision through the process specified by XData.
10. CONTACTS
10.1. Abuse Reports
Reports of abuse, illegal content, spam, impersonation, or misuse should be sent to:
[INSERT ABUSE CONTACT EMAIL]
10.2. Security Reports
Security vulnerability reports should be sent to:
[INSERT SECURITY CONTACT EMAIL]
10.3. Legal and Copyright Notices
Legal, copyright, intellectual property, or regulatory notices should be sent to:
[INSERT LEGAL CONTACT EMAIL]
10.4. Privacy Notices
Privacy and data protection notices should be sent to:
[INSERT PRIVACY CONTACT EMAIL]
11. DEFINITIONS
11.1. "AI Services" means Services that use, integrate, route, host, configure, orchestrate,
or otherwise rely on artificial intelligence, machine learning, large language models,
embedding models, generative AI, classifiers, agents, retrieval systems, or automation
workflows.
11.2. "Authorized User" means any user authorized by Customer to access or use the Services.
11.3. "Customer Agreement" has the meaning given in Section 1.3.
11.4. "Customer Content" means content, data, prompts, files, documents, code, configurations,
images, media, knowledge bases, records, outputs, and other materials uploaded to, submitted
to, processed by, generated through, or made available to the Services by Customer or its
Authorized Users.
11.5. "Personal Data" means any information relating to an identified or identifiable natural
person, and any other information treated as personal data or personal information under
applicable law.
11.6. "Services" has the meaning given in Section 1.1.
11.7. "Special Categories of Personal Data" means special categories of personal data under
GDPR and similar sensitive categories under applicable data protection laws.
Transforming organizations for the AI era through strategy, research, education and implementation.
SOLUTIONS
INSIGHTS
COMPANY
STAY INFORMED
Get the latest insights, research and frameworks delivered to your inbox.
EU Based & Compliant
GDPR • AI Act • ISO 42001
Secure & Sovereign
Your data. Your control.
Research Driven
Powered by Cognitio Labs
Proven Impact
Measurable results