Karmaflow.ai Acceptable Use Policy (AUP)

Last Updated: Aug 27, 2025

This Acceptable Use Policy ("AUP") governs use of the software, services, websites, APIs, voice and messaging features, and related platforms provided by Karmaflow Inc. d/b/a Karmaflow.ai ("Karmaflow.ai", "we", "us"). This AUP is incorporated by reference into the Master Services Agreement (MSA) and applies to all Customers and their end-users (collectively, "you"). By using the Services, you agree to this AUP.

We may investigate suspected violations, and we may suspend, throttle, or terminate access without notice where necessary to protect users, the public, or the platform. Capitalized terms not defined here have the meanings in the MSA.

1) Prohibited Uses — General

You may not use (or enable others to use) the Services for any illegal, harmful, fraudulent, infringing, or offensive purpose, including:

• Illegal or Non‑Compliant Activities. Violations of laws or codes (e.g., privacy and data protection; anti‑spam/telephony such as CASL, CAN‑SPAM, TCPA; consumer protection; export controls and sanctions; financial services; illegal gambling; bribery/anti‑corruption).
• Fraud & Abuse. Scams or deceptive schemes (phishing, pharming, pump‑and‑dump, pyramid schemes), multi‑level fraud, fake reviews/engagement, coordinated inauthentic behavior.
• IP & Brand Violations. Infringement or misappropriation of copyrights, trademarks, trade secrets; counterfeit goods; removal of watermarks or safety signals.
• Offensive/Harmful Content. Child sexual abuse material (CSAM); sexual exploitation of minors; bestiality; doxxing; threats, harassment, and hate; incitement of violence; glorification of self‑harm; terrorism promotion.
• Privacy Invasions. Unlawful surveillance or tracking; non‑consensual collection/processing of personal data; publishing others' private information; credential harvesting.
• Security Violations. Creating, distributing, or operating malware, spyware, botnets, or ransomware; conducting or enabling DDoS; brute‑force attacks; credential stuffing.
• Circumvention. Bypassing access controls, usage caps, rate limits, paywalls, or content filters; using proxy networks to evade enforcement.

2) Prohibited Data

Unless expressly agreed in writing (and only where the Services are configured to support it), you must not submit or process via the Services:

• Protected Health Information (PHI) under HIPAA or similar health laws.
• Payment Card Data (PCI) or full financial account numbers.
• Sensitive/Highly Regulated Personal Data: government‑issued identifiers; precise geolocation; biometric templates/voiceprints; genetic data; special categories under GDPR.
• Children's Data under COPPA or equivalent age‑of‑consent rules.
• Classified, export‑controlled, or other restricted government data.

You are solely responsible for ensuring that Customer Data submitted to the Services is lawful and compliant.

3) Security & System Integrity

You may not use the Services to violate the security or integrity of any network, system, or device. Prohibited activities include:

• Unauthorized Access/Testing. Accessing any account, API, system, or data without permission; probing, scanning, or penetration testing without prior written authorization from Karmaflow.ai.
• Interception & Tampering. Intercepting traffic or data without consent; forging headers; session hijacking; replay attacks.
• Service Disruption. Initiating or facilitating DDoS; artificially inflating traffic; resource exhaustion; crypto‑mining on the Services.
• Automated Extraction. Large‑scale or automated scraping of the Services, Outputs, or other users' content; building datasets from Outputs to compete with the Services.

4) AI Services — Specific Restrictions

When using AI agents, orchestration, or model-powered features, you must not:

• Deception/Impersonation. Mislead people about whether they're interacting with an AI; impersonate individuals or organizations without consent; create deepfakes that could reasonably cause harm or confusion (e.g., false endorsements, fabricated statements). Where required by law, you must disclose AI interaction.
• Prohibited or Harmful Generations. Generate content that is illegal, hateful, harassing, violent, sexually exploitative, or promotes self‑harm.
• High‑Risk Uses. Use the Services where failure could lead to death, personal injury, or severe property/environmental damage (e.g., control of critical infrastructure, autonomous vehicle operation, real-time medical diagnosis/treatment, emergency response).
• Automated Adverse Decisions. Make sole‑AI decisions that materially affect fundamental rights (e.g., employment, housing, credit, insurance) without appropriate human review, notices, and legal basis.
• Mis/disinformation. Intentionally generate or disseminate false content meant to mislead or cause harm.
• Model Misuse & Safety Bypass. Attempt to reverse engineer model weights; exfiltrate prompts, keys, or hidden system content; or bypass safety filters/guardrails via prompt injection or other means.
• Training on Outputs to Compete. Train or fine-tune competing models on Outputs or Service data without rights or express permission.

5) Telephony & Messaging Rules

You are responsible for all use of voice and messaging features and must:

• Obtain & Record Consent. Secure required opt‑in consents before messaging/calling.
• Honor Opt‑Outs. Immediately process STOP/UNSUBSCRIBE and DNC requests.
• Disclose Recording. Provide recording announcements and obtain required consent.
• Register Senders. Complete required registrations (e.g., A2P 10DLC, short codes) and adhere to carrier content rules and quiet‑hours where applicable.
• Truthful Identity. Accurately identify the sender; no fraudulent Caller ID spoofing.
• Emergency Calls. Do not use the Services to contact emergency services (e.g., 911/112). The Services do not support emergency calling.

6) Fair Use, API Keys & Rate Limits

• Fair Use. Excessive usage that degrades platform stability, security, or other users' experience may be throttled or suspended.
• No Circumvention. Do not bypass or manipulate rate limits, quotas, or concurrency caps.
• API Keys. Keep keys and credentials confidential; do not embed client-side without appropriate protections; do not share or resell access.
• Automation Hygiene. Use exponential backoff and reasonable retry policies; avoid hot-loop polling and abusive request patterns.

7) Human Oversight & Responsibility

AI Outputs may be inaccurate or incomplete. You must maintain appropriate human review and validation, especially in regulated or high‑stakes contexts. Outputs are not a substitute for professional advice (e.g., legal, medical, financial) unless reviewed by qualified professionals.

8) Copyright Complaints (DMCA) & Repeat Infringers

We respond to notices of alleged copyright infringement under applicable law (e.g., DMCA). Send notices to legal@karmaflow.ai with:

• Your contact information and a signature;
• Identification of the copyrighted work and the allegedly infringing material;
• The URL or location of the material;
• A statement of good-faith belief and that your notice is accurate and you are authorized to act.

We may terminate users who are repeat infringers.

9) Enforcement & Reporting

• Remove or disable content; filter traffic; block phone numbers/senders; rate-limit or suspend accounts; or terminate access.
• Preserve and share information with law enforcement, regulators, carriers, or impacted parties if we believe a violation occurred or is required by law.
• Require remediation actions (e.g., updated consent flows, templates, disclosures) before restoring service.
• Report suspected violations to report_abuse@karmaflow.ai.

10) Changes to this AUP

We may modify this AUP by posting a revised version on our website. As described in the MSA, material changes that adversely affect your rights or obligations will be communicated in advance and will not apply retroactively. Your continued use of the Services after the effective date constitutes acceptance of the updated AUP.

Definitions (Informative)

• "Outputs": content or results generated by AI Services (e.g., text, audio, images, transcripts, classifications, summaries).
• "High‑Risk Activities": uses where failure could cause death, personal injury, or severe property/environmental damage.
• "Services": Karmaflow.ai's hosted platform, tools, APIs, voice/messaging, and professional services.
• "Third‑Party Services": products/services not provided by Karmaflow.ai that integrate with or are used alongside the Services.