Acceptable Use Policy

This Acceptable Use Policy governs what Customers (any tier — Free, Pro, Team, Enterprise) and any third party accessing Pliuz through Customer's account (employees, contractors, AI agents under Customer's control) may not do with the Pliuz Service. It is incorporated by reference into the MSA. It does not regulate end-users of Customer's own product who never interact with Pliuz directly — that relationship is governed by Customer's own terms.

• No unlawful uses: do not use Pliuz to gate, approve, audit, or facilitate fraud, money laundering, sanctions evasion (UN/EU/OFAC), CSAM, tax or other financial crimes, trade in controlled substances or restricted goods, unlawful processing of Personal Data, defamation, harassment, threats, or IP infringement.
• No harm to others: no infrastructure attacks (DDoS, spam relay, port scanning, network exploitation), targeted harassment campaigns, discriminatory automated decisions affecting protected classes where prohibited by Applicable Law, or surveillance violating data subject or workplace privacy rights.
• No abuse of Pliuz infrastructure: no rate-limit circumvention via multiple accounts, no reverse-engineering for competitive products (coordinated-disclosure security research excepted), no probing of Pliuz or other tenants without written authorization, no attempts to bypass RLS / multi-tenancy isolation, and no payloads designed to crash or compromise the service.
• No audit-integrity tampering: do not modify audit events outside Pliuz-defined mutation paths, use approval gates to launder accountability, or falsify/impersonate approver identity.
• AI-specific limits: no AI uses prohibited under EU AI Act Article 5 (subliminal manipulation, exploitation of vulnerabilities, public-authority social scoring, unlawful real-time remote biometric identification). Using Pliuz to add human oversight does not legitimize an otherwise Article 5-prohibited system. High-risk AI deployments must use Pliuz consistent with their Article 14 obligations — as effective human oversight, not compliance theater.
• Reporting violations: report suspected violations to abuse@pliuz.com (when activated; until then founder@pliuz.com). Pliuz cascades reports to the relevant sub-processor (Slack, Supabase, Vercel) where sub-processor abuse paths are implicated.
• Enforcement: Pliuz may, in its reasonable discretion, suspend the implicated tenant/agent/user pending investigation (with notice and reason), investigate via audit events and metadata (Pliuz does not read approval payload content for AUP investigation unless legally compelled — chain-of-custody preserved), terminate the MSA for material breach with audit export and deletion per the DPA, cooperate with law enforcement when legally required, and report to authorities when mandated (e.g. CSAM).
• Customer remediation: if Customer identifies an AUP violation in its own use, it must cease the violation immediately, notify founder@pliuz.com within 5 business days, cooperate with investigation, and remediate to prevent recurrence. Failure to self-report a known violation is a separate breach of the MSA.
• Updates: material changes are emailed to Customer's designated admin/billing contact at least 30 days in advance and published here; this page reflects docs/legal/product/acceptable-use-policy.md as the source of truth. Non-material clarifications may be made without advance notice.
• Severability: if any provision is held unenforceable under Applicable Law, the rest survives in full effect.

Effective: 2026-05-24. Reviewed internally; independent counsel review pending. Material changes will be emailed at least 30 days in advance.