# Acceptable Use Policy ## **raia Platform – Acceptable Use Policy** **Effective Date:** January 1, 2025\ **Last Updated:** April 16, 2025 ### 1. Purpose This Acceptable Use Policy (“AUP”) defines the rules and restrictions governing access to and use of the **raia Platform**, including all applications (raia CX, Command, CoPilot, Chat, Connect, Control), APIs, integrations, and AI Agent services.\ \ The goal of this policy is to protect the integrity, security, and compliance of the platform while ensuring responsible use of AI technologies. *** ### 2. Scope This policy applies to all **users, administrators, partners, and organizations** that access or interact with any raia service or hosted system. \ By using raia, users agree to comply with this AUP, the raia Terms of Service, and all applicable laws and regulations. *** ### 3. Prohibited Uses Users may **not** use raia services for any purpose that violates law, regulation, or third-party rights, including but not limited to: #### 3.1 Illegal or Unlawful Activity * Engaging in or promoting any criminal, fraudulent, or deceptive activity. * Violating export controls, privacy, or data-protection laws (e.g., GDPR, HIPAA, CCPA). * Attempting unauthorized access to any system, network, or account. #### 3.2 Security Violations * Circumventing authentication or access controls. * Introducing malware, exploits, or malicious code into the platform. * Interfering with or degrading service performance or availability. * Conducting penetration testing or vulnerability scanning without written authorization. #### 3.3 Data Misuse * Uploading, processing, or storing confidential data without proper authorization. * Using the platform to exfiltrate, leak, or share personal or proprietary data. * Training AI Agents on data you do not own or have permission to use.\ \&#xNAN;*raia’s SOC 2-compliant architecture requires that each Agent’s vector store and data remain isolated and encrypted.* #### 3.4 Harassment and Harm * Generating or transmitting content that is harassing, abusive, hateful, or discriminatory. * Using Agents to impersonate others or misrepresent identity or affiliation. * Engaging in social-engineering or phishing behavior. #### 3.5 Inappropriate Content * Creating, sharing, or distributing content that is obscene, sexually explicit, violent, or otherwise inappropriate for professional use. * Using raia to generate misinformation, spam, or content designed to manipulate public opinion. #### 3.6 Platform Misuse * Reverse-engineering, copying, or attempting to derive source code from raia systems. * Overloading or abusing APIs beyond documented rate limits. * Reselling, sublicensing, or redistributing platform services without prior written agreement. *** ### 4. Data Protection and Privacy raia implements **SOC 2 Type II** and **HIPAA-aligned** controls, including encryption, audit logging, and access governance. \ Users must: * Handle all data in compliance with applicable privacy laws. * Obtain consent before processing personal information through AI Agents. * Avoid uploading data that includes health, financial, or government identifiers unless explicitly authorized for such use. * Follow least-privilege principles when granting Agent API or integration access. *** ### 5. Responsible AI Use raia enables users to create autonomous AI Agents through **Command** and manage them via **CoPilot**, **Chat**, **Connect**, and **Control**. \ Users agree to: * Use AI responsibly and transparently. * Provide accurate context and training data. * Supervise automated communications where human oversight is required. * Refrain from deploying Agents that make legal, financial, or medical decisions without human review. * Use human-in-the-loop feedback tools (CoPilot) to ensure quality and prevent harmful behavior. *** ### 6. Intellectual Property and Content Ownership * Users retain ownership of content they upload or create, but grant raia limited rights to process that content for AI training within the organization’s private environment. * Users may not infringe on third-party intellectual-property rights or upload unlicensed materials. * raia does **not** use customer data to train public AI models. *** ### 7. API and Integration Use When using raia APIs, webhooks, or Skills: * Authenticate each call with a valid Agent-Secret-Key. * Do not share or expose keys publicly. * Use API endpoints only for intended business workflows. * Respect rate limits and data-handling policies described in the API documentation. *** ### 8. Monitoring and Enforcement raia reserves the right to: * Audit use for compliance with this AUP. * Suspend or terminate access that violates this policy or poses security risk. * Report unlawful activity to authorities. * Retain logs for incident analysis consistent with SOC 2 retention controls. *** ### 9. Incident Reporting If you suspect misuse, data breach, or unauthorized access: 1. Immediately notify 2. Provide details (time, scope, systems affected). 3. Do not attempt self-remediation that may compromise evidence. *** ### 10. Policy Changes raia may update this AUP periodically to reflect evolving regulations and platform features.\ Revised versions will be posted on **docs.raiaai.com** and become effective upon publication. ***