Acceptable Use Policy

Last updated: May 13, 2026 This Acceptable Use Policy ("AUP") sets out what you may and may not do with the Sistava platform, AI employees, desktop companion, connected accounts, and any other part of our Services. It is incorporated by reference into our Terms of Service , and any breach of this AUP is a material breach of those Terms. We may update this AUP at any time as new abuse patterns emerge or as the law changes; the most recent version is always the one published on this page. You are responsible for all activity that takes place under your account, for the instructions and training data you give your AI employees, and for the actions your AI employees take on your behalf or on the behalf of anyone you grant access to. The fact that an action is taken by an AI employee — rather than by you personally — does not change your responsibility or your obligation to comply with this AUP and the law.

1. Universal Usage Standards

The following standards apply to all users and all use cases , with no exceptions. You must not use the Services, and must not configure, instruct, or train an AI employee, the desktop companion, a connected account, an integration, a workflow, or any other part of the Services to do any of the following.

1.1 Do Not Violate Applicable Laws or Engage in Illegal Activity

Do not use the Services, or operate AI employees on your behalf, in any way that violates applicable law, regulation, court order, or third-party rights, including intellectual property, privacy, publicity, contractual, or moral rights. This includes activity prohibited by sanctions laws (EU, UN, US OFAC, UK, or other applicable regimes).

1.2 Do Not Compromise Critical Infrastructure

Do not use the Services to disrupt, damage, attack, or gain unauthorized access to critical infrastructure, including power grids, water systems, telecommunications networks, financial systems, transportation systems, hospitals, or government emergency services.

1.3 Do Not Compromise Computer or Network Systems

Do not use the Services to develop, distribute, or deploy malware, ransomware, viruses, exploits, jailbreak tooling, prompt injection payloads, phishing kits, credential stuffing tools, or other malicious software. Do not conduct, plan, or facilitate cyberattacks, unauthorized access, denial-of-service attacks, network intrusions, credential theft, or any form of unauthorized testing against any system you do not personally own or do not have explicit written authorization to test.

1.4 Do Not Develop or Facilitate Weapons

Do not use the Services to facilitate the development, manufacture, acquisition, deployment, or use of weapons, including chemical, biological, radiological, nuclear, conventional weapons of mass destruction, or autonomous weapons systems. Do not provide instructions, designs, materials sourcing, or operational guidance for such weapons.

1.5 Do Not Incite Violence or Hateful Behavior

Do not use the Services to generate, distribute, or facilitate content that promotes, incites, or glorifies violence, terrorism, self-harm, suicide, or hatred against any individual or group based on race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, age, or any other protected characteristic.

1.6 Do Not Compromise Privacy or Identity Rights

Do not use the Services to identify, profile, surveil, track, dox, stalk, harass, or otherwise intrude on individuals without a lawful basis. Do not collect, process, or share personal data, biometric data, health data, financial data, or other sensitive data without consent and without complying with applicable data protection law. Do not generate, store, or distribute non-consensual intimate imagery, sexual deepfakes, or sexual content depicting real identifiable individuals without their explicit consent.

1.7 Do Not Compromise Children's Safety

Do not use the Services to generate, distribute, store, or facilitate child sexual abuse material (CSAM) or any sexual content involving minors. Do not use the Services to groom, exploit, endanger, or solicit minors. We report all CSAM activity to the relevant authorities (including NCMEC and equivalent agencies) and terminate the account immediately. The Services are not intended for users under 18 and are not designed for products that interact directly with minors.

1.8 Do Not Create Psychologically or Emotionally Harmful Content

Do not use the Services to manipulate, deceive, emotionally exploit, or psychologically harm individuals, including by creating deceptive personas, simulating relationships with vulnerable individuals, or generating content designed to cause emotional distress.

1.9 Do Not Create or Spread Misinformation

Do not use the Services to create or spread disinformation, fabricated news, fabricated quotes attributed to real people, or content designed to deceive readers about facts, events, or sources. Do not impersonate real public figures, journalists, government entities, or institutions.

1.10 Do Not Undermine Democratic Processes or Engage in Targeted Political Manipulation

Do not use the Services to interfere with elections or democratic processes, including by generating fabricated political content, impersonating candidates or election officials, suppressing voter participation, or running coordinated inauthentic political campaigns.

1.11 Do Not Use for Surveillance or Prohibited Law-Enforcement Purposes

Do not use the Services for predictive policing, mass surveillance, social scoring, biometric identification of individuals in public spaces, or any other AI use case prohibited by Article 5 of the EU AI Act or similar laws in your jurisdiction.

1.12 Do Not Engage in Fraudulent, Abusive, or Predatory Practices

Do not use the Services for fraud, scams, financial deception, identity theft, fake reviews, fake testimonials, fake engagement, deceptive marketing, or any form of predatory business practice. Do not target vulnerable individuals (elderly, financially distressed, ill) with deceptive offers.

1.13 Do Not Generate Sexually Explicit Content

Do not use the Services to generate, distribute, or facilitate sexually explicit content, pornography, or sexual content of any kind, including stylized, artistic, or fictional depictions. The Services are a business workforce platform and are not built or licensed for adult content of any nature.

1.14 Do Not Abuse Our Platform

Do not abuse the Services themselves — this includes the platform-abuse rules in Section 2 below.

2. Platform Abuse

You must not:

• Resell, sublicense, or redistribute the Services without our prior written permission.
• Use the Services to build, train, fine-tune, evaluate, or benchmark a competing AI product, AI agent platform, AI workforce platform, or any similar offering.
• Scrape, harvest, mine, or systematically extract data, prompts, model outputs, or any other content from the Services.
• Reverse engineer, decompile, disassemble, or attempt to derive the source code, prompt templates, system instructions, or internal architecture of any part of the Services.
• Bypass, disable, or interfere with any security feature, rate limit, usage quota, content filter, guardrail, approval gate, or abuse-prevention mechanism.
• Jailbreak, prompt-inject, or otherwise manipulate AI employees to bypass their safety guidelines, content policies, or assigned scope.
• Submit knowingly false, misleading, or fabricated information to evade abuse detection or to manipulate ranking, attribution, or analytics.
• Use shared, stolen, purchased, or otherwise unauthorized credentials to access the Services.
• Create multiple accounts to evade rate limits, free-credit limits, bans, suspensions, or to circumvent any restriction.
• Interfere with or disrupt the integrity, performance, or availability of the Services or any underlying infrastructure, including by submitting excessive requests, flooding queues, or running automated stress tests without our prior written permission.

3. AI Employee Conduct

Even though AI employees act autonomously, you are responsible for what they do. You must not configure, instruct, or train an AI employee to:

• Send unsolicited bulk messages (spam) by email, SMS, voice, chat, or any other channel, in violation of anti-spam laws (CAN-SPAM, CASL, GDPR, EU ePrivacy Directive, or similar).
• Make unsolicited cold calls or robocalls in jurisdictions where doing so is restricted or prohibited.
• Impersonate a human being in any context where applicable law requires disclosure of AI identity. You must always disclose to your end users that they are interacting with an AI system, in accordance with Section 1.B of our Terms of Service.
• Impersonate a specific real person, brand, government entity, public official, journalist, or institution.
• Engage in market manipulation, insider trading, securities fraud, or any other prohibited financial conduct.
• Generate or distribute defamatory, libelous, or knowingly false statements about any identifiable person or organization.
• Take destructive actions on systems, accounts, or data without explicit human authorization. The use of human-in-the-loop approval gates is strongly recommended for any sensitive action.

4. Desktop Companion & Connected Accounts

The desktop companion and connected accounts (Gmail, Drive, Slack, CRMs, browsers, etc.) give your AI employees real operational power. You must not use them to:

• Access any computer, account, system, or service you do not personally own or do not have explicit written authorization to use.
• Send messages, post content, make purchases, transfer funds, or take any other action on behalf of another person without that person's consent.
• Read, copy, modify, or delete files, emails, messages, or data belonging to anyone other than yourself or your organization, except with prior consent.
• Bypass security controls, terms of service, or technical restrictions of any third-party website, application, or service.
• Conduct surveillance, tracking, or monitoring of individuals without a lawful basis and disclosure required by applicable law.
• Run automated activity at a scale or in a manner that would violate the terms of service of the third-party platform being interacted with.

5. Content You Provide (Training Data, Files, Inputs)

You must not upload, paste, link, train on, or otherwise submit:

• Content you do not have the legal right to use, share, or process.
• Content owned by a competitor or third party that you obtained without authorization.
• Confidential information of a third party (including a current or former employer) that you are under an obligation not to disclose.
• Personal data of individuals (including customers, prospects, employees, or contacts) without a lawful basis under applicable data protection law.
• Sensitive personal data (health records, biometric data, financial account details, government identifiers, etc.) unless you have explicit consent and a lawful basis.
• Material containing malware, exploits, credential dumps, or other malicious payloads.
• Live credentials of any account you control — passwords, API keys, private keys, OAuth tokens, bearer tokens, session cookies, MFA seed values, recovery codes, or anything else that grants access to a live account or system. The Services apply automated safeguards to reduce the risk of accidental credential exposure, but no safeguard is comprehensive. If you need an AI employee to act on your behalf, connect the account through the supported OAuth or connection flow rather than pasting credentials into chat. You assume all risk and liability for any credential you submit through chat, voice, files, or any other input channel.

6. High-Risk Use Cases

Some use cases pose an elevated risk of harm because they affect domains that are vital to public welfare, financial security, civil rights, or individual well-being. We do not prohibit these use cases — they are legitimate, valuable applications of AI — but we require that you take two additional safeguards whenever you use the Services for any of them. Required safeguard 1: Human-in-the-loop review. When you use the Services to generate advice, recommendations, decisions, or any other output that directly affects an individual in a high-risk domain, a qualified professional in that field must review the output before it is acted on, shared with the affected individual, or used to make a final decision. You and your organization remain fully responsible for the accuracy and appropriateness of that output. Required safeguard 2: AI disclosure to affected individuals. Whenever an output produced by an AI employee is presented to an end user in a high-risk domain, you must disclose to that end user that the content was produced with the help of AI, in a clear and prominent manner, at the start of each interaction or session. This disclosure is in addition to your existing AI-disclosure obligations under Section 1.B of our Terms of Service and Article 50 of the EU AI Act . The following are High-Risk Use Cases under this AUP: The fact that a domain is listed here does not mean we have certified the Services as fit for that domain. You are responsible for evaluating whether the Services meet the legal, regulatory, ethical, and technical requirements of your specific use case in your specific jurisdiction, and for implementing the safeguards above. If you cannot or will not implement these safeguards, do not use the Services for high-risk use cases.

• Legal: legal interpretation, legal advice, legal drafting for binding agreements, litigation strategy, or any output presented as legal guidance to an individual.
• Healthcare: medical diagnosis, treatment recommendations, mental-health support, therapy, patient triage, prescription guidance, or any other clinical or medical advice. General wellness advice (sleep, nutrition, exercise, stress management) is not in this category.
• Insurance: health, life, property, disability, or other insurance underwriting, claims processing, premium-setting, or coverage decisions.
• Finance: investment advice, portfolio recommendations, loan approvals, credit scoring, financial-eligibility determinations, tax advice, or other regulated financial services.
• Employment: hiring decisions, resume screening, candidate ranking, interview scoring, promotion or termination decisions, performance evaluations, or any other determination affecting an individual's employment.
• Housing: rental application decisions, tenant screening, mortgage approval, real-estate transaction recommendations, or any other determination affecting an individual's access to housing.
• Education and admissions: standardized test scoring, school or program admissions decisions, scholarship eligibility, language-proficiency or professional-certification scoring, or evaluation and accreditation of educational institutions.
• Journalism and published media: content automatically generated by an AI employee and then published to the public as news, reporting, opinion, or factual journalism. You must clearly label AI-generated journalism and you must apply editorial review.
• Critical safety systems: any deployment in industrial, transport, energy, or life-safety contexts where an output could cause physical harm if wrong.

7. Agentic Use Cases

The entire Sistava platform is an agentic system: AI employees take real actions on your behalf, on real systems, with real-world consequences. Agentic use is inherently more powerful and more risky than passive chat. The following rules apply to every use of the Services, on top of all other AUP rules above: Agentic use cases also remain bound by our liability framing in Section 7.A of our Terms of Service : you instruct the AI, you authorize its access, you accept the consequences of its actions.

• Authorization scope. An AI employee may only act on systems, accounts, and data that you personally own or that you have explicit written authorization to control. You may not grant an AI employee access to anything you don't have the right to access yourself.
• Human approval for sensitive actions. You should require human-in-the-loop approval for any action that is destructive, financially material, legally binding, public-facing, or affects another person. Sistava provides approval gates for this purpose; failing to use them is your choice and your responsibility.
• No unsupervised high-risk actions. AI employees must not be configured to take unsupervised actions in High-Risk Use Cases (Section 6) without the human review and disclosure safeguards described there.
• Channel rules. When an AI employee communicates with end users via email, voice, phone, chat widgets, SMS, or other channels, you are responsible for compliance with anti-spam laws (CAN-SPAM, CASL, GDPR/ePrivacy), call-recording laws, robocall regulations, and any other channel-specific law in the jurisdictions of your end users.
• Self-modification limits. An AI employee may modify its own persona, skills, duties, tools, or schedules within the bounds you set. You are responsible for any such self-modification and for monitoring it. Do not configure self-modification to bypass the rules in this AUP.
• Stop and audit. You must monitor AI employee activity. If you become aware of an AI employee behaving in violation of this AUP or causing harm, you must stop it, investigate, and remediate. The platform provides activity feeds, work journals, and execution inspection for this purpose.

8. Reporting Abuse

If you encounter content, behavior, or activity on Sistava that you believe violates this AUP, please report it immediately to compliance@sista.ai . We investigate all reports in good faith. We may not respond individually to every report, but we take enforcement action when warranted.

9. Enforcement

We may, in our sole reasonable discretion and without prior notice, investigate suspected violations of this AUP and take any of the following actions: (a) issue a warning; (b) require you to stop the offending activity; (c) suspend or rate-limit your account; (d) suspend or revoke any AI employee, integration, or channel involved in the violation; (e) terminate your account permanently with no refund, in accordance with Section 6 ("Termination for Breach") of our Terms of Service; (f) preserve evidence and cooperate with law enforcement; (g) refer the matter to civil or criminal authorities; and (h) pursue any other legal or financial remedy available to us. Where you have been terminated for an AUP violation, you may not register a new account, even under a different name, identity, or email address.

10. Changes to This Policy

We may update this AUP at any time without prior notice to address new abuse patterns, legal requirements, or operational realities. The version published on this page is always the live, binding version. Your continued use of the Services after changes to the AUP constitutes your acceptance of the updated AUP. If you do not agree to a change, your sole remedy is to stop using the Services.

11. Contact

Questions about this AUP? Email contact@sista.ai . Abuse reports go to compliance@sista.ai .