Acceptable Use Policy.

• Engage in or facilitate any activity that is unlawful under applicable law, including U.S. federal, state, and local law and the laws of any jurisdiction where the User operates or where the User’s data subjects are located.
• Violate export control laws, sanctions regulations, or anti-corruption laws.
• Engage in money laundering, terrorism financing, or other financial crimes.

• Upload, generate, store, or transmit content that depicts or facilitates child sexual abuse material (CSAM).
• Upload, generate, store, or transmit content that incites or facilitates violence against any person or group, or that promotes terrorism or violent extremism.
• Upload, generate, store, or transmit content that harasses, threatens, defames, or stalks any individual, or that constitutes hate speech directed at protected groups.
• Upload, generate, store, or transmit content that exploits, sexualizes, or endangers minors in any way.

• Infringe upon the intellectual property rights of any third party, including copyrights, trademarks, patents, trade secrets, and rights of publicity.
• Misappropriate or improperly disclose confidential or proprietary information of any third party.
• Use the Platform to circumvent technical protection measures, digital rights management systems, or paywalls.

• Process personal data in violation of applicable data protection laws, including GDPR, HIPAA, CCPA/CPRA, and similar regimes.
• Collect or process personal data without a lawful basis or without providing required notices and obtaining required consents.
• Use the Platform to track, profile, or surveil individuals in a manner that violates their privacy rights or applicable law.

• Send unsolicited bulk email, SMS, or other communications in violation of CAN-SPAM, TCPA, CASL, or similar laws.
• Use the Platform to operate phishing schemes, scams, or other deceptive communication campaigns.
• Send communications with falsified headers, sender information, or routing information.

• Attempt to gain unauthorized access to the Platform, related systems, or other Users’ accounts, data, or environments.
• Probe, scan, or test the vulnerability of the Platform without Kainam’s prior written authorization (see Security Research below for the responsible disclosure process).
• Introduce viruses, worms, ransomware, trojans, time bombs, or other malicious code into the Platform or any system connected to it.
• Interfere with or disrupt the integrity, performance, or availability of the Platform, including denial-of-service attacks, flooding, or resource exhaustion attempts.
• Bypass or attempt to bypass authentication, authorization, rate-limiting, or other security or usage-control mechanisms.

• Use the Platform in a manner that imposes an unreasonable or disproportionately large load on Kainam’s infrastructure, including high-volume automated requests not consistent with the User’s typical use pattern, where such use is not separately authorized as a high-volume use case.
• Mine cryptocurrency, conduct distributed computation unrelated to the User’s authorized use, or otherwise use the Platform’s compute resources for purposes outside the scope of the Agreement.
• Resell, sublicense, or redistribute the Platform or access to it, except as expressly authorized by an Agreement (such as a Kainam Reseller Agreement or OEM and White-Label Agreement).
• Use the Platform to develop, train, or operate a product or service that competes with the Platform.
• Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, or underlying structure of the Platform, except to the extent expressly permitted by applicable law.

• Use the Platform’s AI/ML features to generate content that is illegal, harmful, or abusive as described above.
• Rely on AI-generated outputs as the sole basis for decisions that have legal or similarly significant effects on individuals (such as decisions regarding employment, credit, housing, insurance, education, or access to essential services) without appropriate human review.
• Use the Platform’s AI/ML features to extract, replicate, or recreate the underlying models, or to train competing AI models.
• Misrepresent AI-generated content as human-generated in contexts where such misrepresentation would be deceptive or harmful.

Security incident reports and vulnerability disclosures should be sent to security@kainam.ai. Users must not publicly disclose suspected vulnerabilities prior to providing Kainam with a reasonable opportunity to investigate and remediate (a coordinated disclosure period of at least ninety (90) days is generally considered reasonable, though shorter periods may be appropriate where active exploitation is occurring).

Kainam welcomes good-faith security research and will not pursue legal action against researchers who: (a) make a good-faith effort to avoid privacy violations, destruction of data, and interruption of Platform services; (b) only use exploits to the extent necessary to confirm a vulnerability’s presence; (c) provide Kainam with a reasonable amount of time to resolve the issue before public disclosure; and (d) do not exploit the vulnerability for any purpose other than reporting it.

For most suspected violations of this AUP, Kainam will provide written notice to the affected User (or, where applicable, to the Kainam partner responsible for the User) describing the suspected violation and providing a reasonable opportunity to cure — generally at least ten (10) business days, though the exact period may vary depending on the nature of the violation and any third-party obligations Kainam has.

If the User fails to cure the violation within the cure period (or refuses to engage with Kainam regarding the violation), Kainam may suspend the User’s access to the Platform, in whole or in part, until the violation is cured. Kainam will continue to invoice and the User remains obligated to pay applicable fees during the suspension.

Notwithstanding the notice-and-cure approach above, Kainam reserves the right to suspend a User’s access to the Platform immediately, without prior notice, where Kainam reasonably determines that:

• The violation involves illegal activity, child exploitation, terrorism, or other categories of content described in the Prohibited Content and Activities section as harmful or abusive;
• The violation poses an imminent threat to the security, availability, or integrity of the Platform or to other Users;
• Immediate suspension is required to comply with applicable law, a court order, or a regulatory demand; or
• Immediate suspension is necessary to prevent material harm to Kainam, a Kainam partner, another User, or a third party.

If a violation is repeated, materially harmful, or not cured within a reasonable period after suspension, Kainam may terminate the applicable Agreement in accordance with its terms. Termination rights under this AUP are in addition to any other rights and remedies Kainam may have under the applicable Agreement or at law.

Kainam will cooperate with law enforcement and regulatory authorities in connection with investigations of suspected illegal activity, including by preserving and producing User data and account information in response to lawful requests.

Nothing in this AUP requires Kainam to monitor User activity, content, or use of the Platform. Kainam reserves the right (but undertakes no obligation) to investigate suspected violations.