Acceptable Use Policy

1. Scope and Applicability

This Policy covers all use of the Services, related APIs, SDKs, data connectors, documentation, and any sandbox or beta functionality. It applies to everyone who accesses the Services, including employees, contractors, consultants, and third parties acting on your behalf.

2. Responsible Use Obligations

You must ensure that your deployment of AI systems via the Services aligns with recognised principles of fairness, transparency, accountability, and human oversight. At a minimum you agree to:

• Continuously evaluate AI outputs for bias, discrimination, or disparate impact.
• Provide appropriate disclosure to end users about automated decision-making.
• Maintain auditable records of model provenance, training data, and policy decisions.
• Respect intellectual property, privacy, and data residency requirements in every jurisdiction where you operate.

3. Regulatory and Contractual Compliance

You remain solely responsible for complying with all laws, industry standards, and contractual duties that apply to your organisation. These include, without limitation:

• AI-specific regulations such as the EU AI Act, NIST AI RMF, and applicable sector guidance.
• Privacy and data protection regimes including the Australian Privacy Act, GDPR, and HIPAA.
• Security and resilience mandates such as SOC 2, ISO 27001, or other frameworks referenced in your agreements with raxIT.

Where local laws conflict with this Policy, you must notify raxIT promptly and work with us to implement an alternative control set that delivers equivalent protection.

4. Prohibited Conduct

You may not use the Services to facilitate, encourage, or enable activities that are illegal, unethical, or inconsistent with trusted AI. Prohibited conduct includes, but is not limited to:

• Developing or deploying models intended to cause physical, economic, or psychological harm.
• Generating or distributing content that infringes intellectual property rights or violates confidentiality obligations.
• Reverse engineering, attempting to bypass security controls, or accessing resources without authorization.
• Using the Services for high-risk use cases (e.g., weapons systems, unlawful surveillance) without raxIT’s prior written approval.
• Uploading malicious code, interfering with network stability, or launching denial-of-service attacks.

5. Data Stewardship and Privacy

You must only ingest data that you are lawfully permitted to process and must use the Services to handle personal, sensitive, or regulated data in accordance with applicable privacy laws and contractual guarantees. This includes:

• Obtaining all required consents and providing mandated notices to individuals.
• Classifying and labelling data according to its sensitivity and applying appropriate controls.
• Implementing data retention and deletion schedules aligned with regulatory obligations.
• Using secure, encrypted channels for the transfer of regulated data into and out of the Services.

6. Security and Incident Response

You must maintain industry-standard security practices and immediately notify raxIT of any actual or suspected security incident involving the Services. At a minimum you agree to:

• Apply least-privilege access, multi-factor authentication, and credential hygiene.
• Monitor usage for anomalies and implement automated guardrails where possible.
• Document and test incident response runbooks that include timely notification to raxIT within 24 hours of detection.
• Cooperate fully with raxIT during containment, investigation, and remediation activities.

7. Monitoring, Audits, and Enforcement

raxIT reserves the right to monitor use of the Services, investigate suspected violations, and suspend or terminate access where this Policy is breached. We may request evidence of your compliance activities (e.g., policies, audit logs, training records). Failure to provide such evidence within a reasonable timeframe may result in corrective action, including service suspension.

8. Reporting Obligations

If you become aware of behaviour that may breach this Policy, you must notify raxIT immediately at security@raxit.ai or through your customer success representative. Please include sufficient detail for us to assess the issue. We may request additional information or require you to take remedial steps.

9. Policy Changes

raxIT may update this Policy from time to time to reflect changes in law, industry standards, or our platform capabilities. Material updates will be communicated through the primary contact listed on your Customer Account or via in-product notifications. Continued use of the Services after an update constitutes acceptance of the revised Policy.