--- version: 1.0.0 effective_date: 2026-04-29 policy_class: agenticx-platform --- # Acceptable Use Policy **AgenticX** **Effective Date: April 29, 2026** **Last Updated: April 29, 2026** --- ## 1. Purpose & Scope This Acceptable Use Policy ("AUP") defines the standards of conduct for using AgenticX's platform and services. This policy applies to all users, including free-tier users, trial users, and paid subscribers, across every network pack on the AgenticX platform. By using AgenticX, you agree to comply with this policy. Violations may result in: - Written warning - Account suspension - Account termination - Referral to law enforcement - Civil or criminal liability --- ## 2. Prohibited Activities ### 2.1 Illegal Activities You will not use the Service to: - Engage in activities that violate applicable law - Facilitate or promote illegal conduct - Evade law enforcement - Engage in fraud, money laundering, or financial crimes - Violate sanctions or export control regulations - Facilitate human trafficking or exploitation - Distribute or possess child sexual abuse material (CSAM) **Legal Enforcement**: We cooperate with law enforcement and may report illegal activity without notice. --- ### 2.2 Intellectual Property Violations You will not use the Service to: - Infringe copyrights, patents, trademarks, or trade secrets - Reverse engineer, decompile, or disassemble the Service - Create unauthorized derivative works - Violate open-source licenses - Circumvent digital rights management (DRM) protections - Misappropriate confidential information or trade secrets **Examples**: - Copying competitor code and using AgenticX to refine it - Using outputs to train third-party AI models without permission - Removing attribution or copyright notices - Selling access or outputs to competitors --- ### 2.3 Security & System Integrity You will not: **Unauthorized Access**: - Attempt to gain unauthorized access to the Service - Access accounts you don't own - Test security vulnerabilities without authorization - Use automated tools to scan for vulnerabilities (without written permission) - Brute force or attempt to bypass authentication **Malware & Disruption**: - Upload, distribute, or introduce viruses, worms, or malware - Conduct denial-of-service (DoS) attacks - Flood the service with excessive requests - Attempt to overload or crash systems - Exploit bugs or vulnerabilities **Credential Sharing**: - Share API keys, authentication tokens, or passwords - Allow unauthorized third parties access via your account - Resell access to the Service - Create accounts on behalf of others **Testing Without Authorization**: - Perform security testing without prior written consent - Conduct penetration testing on our infrastructure - Attempt to bypass rate limits or access controls - Reverse engineer API behavior --- ### 2.4 Data Protection Violations You will not: **Unauthorized Data Processing**: - Upload classified or restricted government information - Process personal data without consent - Violate data protection laws (GDPR, CCPA, etc.) - Collect or process data outside legal authority - Sell or trade personal data **Dangerous Data**: - Upload biometric data (face, fingerprint) without explicit consent - Process sensitive financial data (account numbers, routing numbers) - Upload health records or protected health information (PHI) - Process restricted credential databases - Upload datasets from hacks, breaches, or stolen sources **Privacy Violations**: - Integrate unauthorized Slack channels or email accounts - Scrape customer data from public databases without consent - Process data of minors without parental consent - Violate individuals' privacy expectations - Monitor employees without consent (where illegal) **Data Retention**: - Store data longer than permitted - Retain data after customer deletion request - Backup or archive data against user wishes --- ### 2.5 AI-Related Violations You will not: **Prompt Injection & Manipulation**: - Attempt to manipulate agents with hidden instructions - Use prompts designed to bypass safety guardrails - Try to extract system prompts or training data - Attempt jailbreaks or adversarial prompts - Leverage agents to engage in prohibited activities **Misuse of Outputs**: - Publish unreviewed AI outputs as human-created fact - Present AI-generated content without disclosure - Use outputs to deceive or manipulate (deep fakes, false claims) - Distribute outputs in violation of IP or privacy laws - Train third-party models without permission **Competitive Intelligence**: - Use AgenticX to systematically analyze competitors - Extract benchmarks or insights to sell to competitors - Replicate competitor strategies discovered via Service - Use outputs to directly copy competitor products --- ### 2.6 Harassment & Abusive Behavior You will not: **Harassment**: - Engage in targeted harassment of individuals - Make threats or intimidating statements - Cyberbully or defame - Engage in coordinated harassment campaigns - Make unwanted sexual advances **Hate Speech & Discrimination**: - Post content promoting discrimination based on protected characteristics - Use slurs or dehumanizing language - Advocate violence against groups **Abuse of Support**: - File false or frivolous abuse reports - Spam support or send abusive messages to staff - Attempt to social engineer employees --- ### 3. AI Output Responsibility ### 3.1 You Are Responsible for Validation You acknowledge and agree that: - AI-generated outputs are not guaranteed to be accurate - Market size estimates may be incorrect - Customer problem statements may be inaccurate - Recommended solutions may not address the actual problem - Success metrics may be poorly defined - Feature adoption predictions are speculative **You must:** - Review outputs with domain expertise - Verify facts with independent sources - Conduct human review before implementation - Take responsibility for decisions based on outputs - Disclose AI involvement when sharing outputs ### 3.2 Human Review Requirement You will not: - Implement outputs without human review - Treat outputs as ground truth without validation - Blindly follow recommendations without judgment - Publish outputs as fact without disclosure - Make critical business decisions based solely on outputs **Requirement**: All important outputs (strategy, major decisions, customer-facing artifacts) must be reviewed and approved by domain experts. ### 3.3 Accuracy Disclaimers When sharing outputs (internally or externally), you will: - Disclose that content was AI-generated - Explain validation performed - Provide caveats and uncertainty levels - Enable recipients to understand limitations - Correct inaccurate information when discovered ### 3.4 Responsible AI Use You agree to use AgenticX responsibly: - For legitimate business purposes within your active network pack's scope - With human oversight and judgment - In compliance with applicable laws - With transparency about AI involvement - With consideration for societal impact --- ## 4. Data-Related Requirements ### 4.1 Legal Basis for Data Processing You represent that you have: - Legal authority to process all data you upload - Obtained necessary consents from data subjects - Complied with data protection laws - Documented your legal basis for processing - Conducted privacy impact assessments **You may not upload**: - Data obtained through hacking or breach - Data processed without legal authority - Copyrighted content (except where you own copyright) - Trade secrets of third parties - Confidential business information ### 4.2 Data Source Restrictions **Starter & Professional Tiers**: - Do not upload classified government data - Do not upload sensitive personal data (SSN, financial accounts) without need-to-know - Do not upload health information (PHI under HIPAA) - Do not upload biometric data **Enterprise Tier Only**: - Restricted data may be uploaded with additional agreements - Requires signed Data Processing Agreement (DPA) - Requires compliance certification - Subject to audit and compliance review ### 4.3 Integration Restrictions You will not: - Connect unauthorized Slack channels (private channels you don't own) - Integrate competitor research databases - Connect third-party accounts without authorization - Scrape data from integrations and re-export - Monitor employee or customer accounts without consent --- ## 5. Competitive Use Restrictions ### 5.1 Prohibited Competitive Analysis You will not use AgenticX to: - Systematically analyze competitor products and strategies - Extract insights from competitor data for sale or resale - Use benchmarking data to replicate competitor products - Conduct competitive intelligence for licensing or sales - Monitor competitor social media or communications ### 5.2 Legitimate Competitive Analysis You *may* use AgenticX to: - Understand your own customers' needs vs. competitors' - Compare your product positioning to market options - Analyze your own competitive differentiation - Identify market gaps for your own products - Research competitor positioning from public sources **Key distinction**: Using your own customer data to understand competitive landscape (OK) vs. extracting benchmarks to create competitive intelligence for sale (prohibited). --- ## 6. Rate Limits & Fair Use ### 6.1 Rate Limits While we don't enforce strict rate limits, excessive use may trigger throttling: - **Starter**: Soft limits per network pack's published thresholds - **Professional**: Higher soft limits per network pack's published thresholds - **Enterprise**: No hard limits, custom rate agreements Specific per-tier soft limits are documented on each network pack's pricing page. ### 6.2 Fair Use Principles We reserve the right to restrict use that: - Significantly impacts service performance for other users - Consumes disproportionate computational resources - Violates these Terms **Examples of unfair use**: - Running 1,000 parallel queries to stress-test the system - Running automated loops of agent invocations - Scraping all outputs programmatically for external use - Using the API as a training dataset for ML models ### 6.3 Commercial Redistribution You will not: - Resell Service access - Offer AgenticX as a white-label solution (without licensing agreement) - Integrate outputs into competing products - Build commercial services on top of AgenticX without permission - Aggregate and resell benchmarking data --- ## 7. Content Policies ### 7.1 Prohibited Content You will not upload or generate content that: - Is sexually explicit or pornographic - Glorifies violence or harm - Contains slurs or dehumanizing language - Promotes illegal activity - Spreads misinformation or conspiracy theories - Violates intellectual property rights ### 7.2 Misinformation You will not use the Service to: - Generate false or misleading claims about products - Create fake market research or fake studies - Fabricate customer testimonials or reviews - Spread health, political, or financial misinformation - Generate deepfakes or synthetic media for deception --- ## 8. Enforcement & Consequences ### 8.1 Violation Response Timeline **First Violation**: - Written warning (email) - 10 days to cure (fix the violation) - Full explanation of violation - Examples of compliant behavior **Second Violation (within 6 months)**: - 7-day account suspension - Restriction on specific features - Requirement to sign compliance agreement - Escalation to senior team for review **Third Violation (within 12 months) or Severe Violation**: - Immediate account termination - Data deletion (unless legal hold applies) - Possible referral to law enforcement - Prohibition on future accounts **Severe Violations (immediate termination)**: - Security breaches or unauthorized access - Hacking or malware distribution - Illegal activity or fraud - CSAM or exploitation material - Extreme harassment or threats ### 8.2 Investigation Process For alleged violations, we: - Investigate and gather evidence - Document findings - Provide notice and opportunity to respond (except security emergencies) - Make determination - Communicate decision and appeals process ### 8.3 Appeals You may appeal a violation determination within 30 days by: - Emailing legal@agenticx.brightridgeai.com with "AUP Appeal" in subject - Providing detailed explanation and evidence - Requesting review by executive team Appeals are reviewed within 10 business days. --- ## 9. Reporting Violations If you discover a violation of this policy: - **Security Issues**: security@agenticx.brightridgeai.com (private) - **Abuse or Harassment**: abuse@agenticx.brightridgeai.com - **Illegal Activity**: legal@agenticx.brightridgeai.com - **General Violations**: support@agenticx.brightridgeai.com **Include**: - Specific violation details - Account or workspace information - Screenshots or evidence - Timeline of activity - Your contact information We investigate all reports confidentially. --- ## 10. Specific Use Case Examples ### 10.1 Approved Uses You **may** use AgenticX to: **Within Your Active Network Pack's Scope**: - Discover and validate problems within your domain - Generate domain artifacts as defined by your network pack - Apply your active pack's agents and lifecycle to your own data - Document decisions, rationale, and outputs **Business Operations**: - Improve your team's process within an active network pack - Teach your team how to use AgenticX agents - Benchmark your approach against best practices - Document decisions and rationale **Content & Learning**: - Learn the frameworks built into your active pack - Generate ideas for improvements within your domain - Create case studies of your own work --- ### 10.2 Prohibited Uses You **may not** use AgenticX to: **Competitive Intelligence**: - Create a database of competitor products and strategies - Monitor competitor customer feedback or products - Sell competitive analysis reports to others - Extract benchmarks to build competitive intel services **Third-Party Data**: - Analyze competitor data or customer feedback - Process customer data from other companies - Scrape and analyze data from public sources at scale - Build databases from competitor products **Resale & Redistribution**: - Resell Service access to others - Offer AgenticX as your own product - Build commercial services on top without licensing - White-label or rebrand the Service **Harmful Uses**: - Generate false market research to mislead investors - Create fake customer validation to support false claims - Generate misleading product strategies - Use outputs to deceive customers or partners --- ## 11. Special Considerations ### 11.1 Healthcare & Regulated Industries If you process data in regulated industries: - **Healthcare (HIPAA/PHI)**: Not supported in v1. AgenticX is not a HIPAA Business Associate; do not upload PHI on any tier or network pack. Roadmap item if customer demand justifies BAA legal review. See the canonical Security FAQ Q34 for full details. - **Finance (GLBA, SOX)**: Data protection agreement required - **Government (FedRAMP)**: Not available in standard cloud deployment - **Education (FERPA)**: Limited to appropriate tier with DPA Contact legal@agenticx.brightridgeai.com for industry-specific agreements. ### 11.2 Government & Law Enforcement **Law Enforcement Requests**: - We comply with valid legal process (subpoenas, warrants) - We do not comply without legal authority - We notify you except where prohibited by law - We preserve evidence in response to legal holds **Government Access**: - We do not voluntarily share data with government - We require legal process for any disclosures - We challenge overbroad or improper requests ### 11.3 Age-Restricted Content You represent that: - You are 18 years or older - Anyone whose data you process has consented - You have parental consent for minors' data (where required) - You are not collecting data from minors --- ## 12. Third-Party Content & Liability ### 12.1 Your Responsibility You are responsible for: - All data and content you upload - Accuracy and legality of inputs - Compliance with laws and this policy - Obtaining necessary rights and consents - AI-generated outputs and their use ### 12.2 We Are Not Responsible AgenticX is not responsible for: - Inaccurate, misleading, or illegal user-generated content - Data you choose to upload - Violations of law by users - Third-party claims arising from your use - Harm to third parties from your outputs --- ## 13. Monitoring & Enforcement ### 13.1 Monitoring We monitor for violations using: - Automated systems (pattern detection, abuse signatures) - Manual review (user reports, complaints) - Regular audits of compliance - Third-party security assessments ### 13.2 Privacy of Monitoring - We monitor to enforce policy and protect users - Investigation data is confidential - Results of investigations may not be shared publicly - Innocent users are not flagged or penalized --- ## 14. Updates to This Policy We may update this AUP at any time. Material changes will be: - Announced via email - Posted on our website - Effective 30 days after notice - Continued use = acceptance --- ## 15. Contact & Questions **Policy Questions**: legal@agenticx.brightridgeai.com **Violations to Report**: abuse@agenticx.brightridgeai.com **Security Issues**: security@agenticx.brightridgeai.com --- ## 16. Summary: Do's and Don'ts ### Do: - Use your own data within your active network pack's scope - Validate outputs with domain expertise - Disclose AI involvement - Comply with data protection laws - Respect intellectual property - Use for legitimate business purposes - Report violations ### Don't: - Upload data you don't own - Upload Protected Health Information (PHI) on any tier - Blindly implement AI recommendations - Present outputs as fact without review - Process restricted government data (without Enterprise) - Reverse engineer or hack the system - Systematically scrape or extract data - Resell the Service or outputs - Use outputs to deceive or manipulate --- **Document Version**: 1.0.0 **Last Updated**: April 29, 2026 **Classification**: Public **Canonical Source**: `agenticx_runtime/legal/acceptable_use_policy.md`