EgoZ Acceptable Use Policy (DRAFT)
⚠️ DRAFT — NOT LEGAL ADVICE. Review with counsel before use.
Last updated: July 7, 2026
This Acceptable Use Policy ("AUP") applies to all use of EgoZ and is part of the Terms of Service. It exists to keep the platform safe and within the data-handling boundary EgoZ currently supports.
1. No regulated data (the Phase 1 boundary) — IMPORTANT
EgoZ is not currently certified or contracted to process regulated data. You must not submit to the Service — in prompts, knowledge-base documents, tool payloads, messages, or metadata — any of:
- Protected Health Information (PHI) or any data subject to HIPAA;
- payment card data subject to PCI-DSS (full card numbers, etc.);
- government identifiers (e.g. SSNs) or other special-category / sensitive personal data beyond what your plan and a signed DPA permit;
- any data whose processing requires a Business Associate Agreement (BAA) or equivalent that EgoZ has not signed with you.
This is enforced technically as well as contractually. EgoZ services only
projects whose compliance tier is standard; requests outside that tier are
rejected. Detection controls may flag or block content that appears to contain
regulated data. These controls are a backstop, not a guarantee — you remain
responsible for not submitting regulated data.
If you need to process regulated data, contact us about a future HIPAA/enterprise tier before doing so.
2. Prohibited activities
You must not use EgoZ to:
- violate any law or third party's rights;
- generate or distribute malware, phishing, or content facilitating fraud;
- produce content that sexually exploits minors, incites violence, or unlawfully harasses;
- attempt to breach, overload, or circumvent the Service's security, rate limits, or access controls;
- reverse-engineer the Service except as permitted by law;
- misuse another party's data or submit data you lack the rights to process.
3. Bring-Your-Own-Key responsibilities
Because inference runs on your provider key, you must also comply with your model provider's usage policies. A violation of your provider's policy may also be an AUP violation.
4. Security & integrity
Don't probe or scan the Service for vulnerabilities without authorisation, and don't use it to store or transmit credentials/secrets beyond what's needed to operate your own configured integrations.
5. Enforcement
We may investigate suspected violations and may suspend or terminate access, remove content, or report unlawful activity. We will act proportionately and, where practical, give notice — but may act immediately to prevent harm or legal exposure (including suspected submission of regulated data).
6. Reporting
Report abuse or suspected violations to [CONTACT EMAIL].