DRAFT — NOT LEGAL ADVICE. This is a starting template that requires review by a qualified attorney before customer use.

DeckTrust Acceptable Use Policy

Effective Date: [EFFECTIVE DATE — e.g., 2026-05-15]

This Acceptable Use Policy (the "AUP") governs your use of the DeckTrust Service operated by [LEGAL ENTITY NAME] ("DeckTrust"). It is incorporated into the Terms of Service and any Customer Agreement. Violations may result in suspension or termination.

Capitalized terms not defined here have the meanings given in the Terms of Service and the Privacy Policy. "Customer" means a contracting business entity (and its authorized administrators); "End User" means an individual enrolled in the Service on a Customer's behalf, such as the Customer's personnel or contractors.

The goal is simple: keep the platform safe, lawful, and reliable for every Customer.

1. You Agree Not To

1.1 Use the Service unlawfully

Use the Service in violation of any applicable law or regulation.
Use the Service to plan, facilitate, or conceal unlawful activity.
Submit content that infringes intellectual-property rights, defames a person, or violates privacy or publicity rights.

1.2 Abuse the platform

Attempt to access, probe, or test the vulnerability of any system or account that you are not authorized to access.
Bypass, disable, or attempt to circumvent authentication, role-based access control, Row-Level Security (RLS), rate limits, or any other access or security mechanism.
Use credentials that are not your own, share an individual account, or impersonate another user.
Attempt to gain access to another customer's tenant or another customer's data.
Run penetration tests, vulnerability scans, denial-of-service tests, fuzzing, or other intrusive testing against the Service without DeckTrust's prior written authorization. (Customers may request authorization at security@decktrust.dev.)

1.3 Disrupt or overload

Take any action that disrupts, degrades, or overburdens the Service, its infrastructure, or any other user's use of it.
Engage in denial-of-service, distributed denial-of-service, mail-bombing, or similar conduct.
Generate traffic that materially exceeds the use patterns of a typical customer with similar entitlements.

1.4 Reverse engineer or copy the Service

Reverse engineer, decompile, disassemble, or attempt to derive the source code or underlying ideas of the Service, except to the limited extent that applicable law permits this notwithstanding a contractual prohibition.
Scrape, crawl, harvest, or otherwise systematically extract data from the Service, except through interfaces that DeckTrust documents and authorizes for that purpose.
Copy, frame, mirror, white-label, or rebrand the Service or any DeckTrust documentation without prior written authorization.
Use the Service to build a competing product or service.

1.5 Upload harmful or unauthorized content

Upload, transmit, or store malware, ransomware, viruses, worms, trojans, exploit code, or any other malicious code.
Upload content for which you do not have the rights to upload, or content that contains personal information of individuals you are not authorized to process.
Upload sensitive categories of data not contemplated by the Service (for example, payment card data, full Social Security Numbers, or protected health information) unless DeckTrust has agreed in writing to support that data type.

1.6 Misuse communications features

Use DeckTrust's notification, email, or messaging features (including training reminders) to send unsolicited commercial email ("spam"), phishing messages, or any other content the recipient has not asked to receive.
Configure the system to deliver compliance-related notifications to recipients who are not part of your organization's compliance program.
Forge headers, sender addresses, or otherwise misrepresent the origin of any communication sent through the Service.

1.7 Misrepresent or evade

Provide false or misleading information when registering or using the Service.
Use the Service in a way intended to evade these restrictions, including by routing traffic through proxies to bypass abuse controls.

2. Vulnerability Reporting

We welcome good-faith security research disclosures. If you believe you have found a vulnerability:

Email security@decktrust.dev with details and a proof-of-concept where possible.
Do not access more data than is necessary to demonstrate the issue.
Do not exfiltrate, modify, or destroy data, and do not impact other users.
Give us a reasonable opportunity to remediate before any public disclosure.

We will not pursue legal action for good-faith research that complies with this section.

3. Enforcement

If we believe you have violated this AUP, we may take any of the following actions, depending on severity and recurrence:

Warning — written notice of the issue and what to remediate.
Suspension — temporary suspension of the account, the affected feature, or specific users.
Termination — termination of the account or Customer Agreement.

We may take immediate action without prior notice when, in our reasonable judgment, the violation creates an imminent risk to the Service, to other customers, or to legal compliance, or where we are required to act by law. We may preserve and disclose information to the extent legally required or to investigate suspected violations.

We are not required to enforce this AUP uniformly across customers, and a failure to enforce on one occasion is not a waiver of our right to enforce later.

4. Reporting Violations

If you believe another user is violating this AUP, report it to abuse@decktrust.dev with as much detail as you can share.

5. Changes to This AUP

We may update this AUP from time to time. The updated version will be posted with a new effective date. Material changes will be communicated through the Service or by email to Customers.

6. Contact

[LEGAL ENTITY NAME] Email: legal@decktrust.dev Security issues: security@decktrust.dev Abuse reports: abuse@decktrust.dev