Acceptable Use Policy — AI-Copliance

This Acceptable Use Policy ("AUP") defines the rules governing your use of the AI-Copliance platform ("Service"). It forms part of and is incorporated into the Terms of Service. By using the Service, you agree to comply with this AUP.

AI-Copliance is designed for a specific, serious purpose: helping organizations implement ISO 27001. Using it responsibly and within these rules protects the quality of the Service for every customer.

01 Permitted Uses

The Service is designed for: Organizations seeking ISO/IEC 27001:2022 certification or recertification, using the platform for their own internal compliance program.

The following uses are expressly permitted:

Using the AI implementation workflow for your own organization's ISO 27001 ISMS implementation
Entering your organization's real technical, operational, and risk information to generate contextually accurate documents
Uploading your existing internal policies for AI review and gap analysis
Downloading, modifying, and using AI-Generated Output as working documents within your internal compliance program
Sharing generated policies internally with your employees, management, and auditors
Using the Service to prepare for and support an ISO 27001 certification audit conducted by an accredited certification body

02 Prohibited Uses

Violations of this section may result in immediate account suspension without refund.

2.1 Misuse of AI Output

⛔ Prohibited

Representing AI-Generated Output as the product of a qualified human consultant, auditor, or certified professional to third parties (including auditors, clients, regulators, or business partners) without disclosure that the documents were AI-assisted.

⛔ Prohibited

Using the Service to generate documents for an organization other than your own without a separate written agreement with AI-Copliance authorizing reseller or multi-tenant use.

⛔ Prohibited

Submitting AI-Generated Output to a certification body as evidence of controls you have not actually implemented.

2.2 Technical Abuse

⛔ Prohibited

Attempting to reverse-engineer, extract, or probe the Service's AI prompts, context-building logic, or underlying models through adversarial inputs, prompt injection, or automated testing.

⛔ Prohibited

Using automated scripts, bots, or programmatic access to the web application outside of any officially supported API.

⛔ Prohibited

Attempting to gain unauthorized access to other customers' data, the underlying database, or administrative functions.

⛔ Prohibited

Intentionally uploading files containing malware, malicious code, or content designed to disrupt the Service.

2.3 Prohibited Content Inputs

⛔ Prohibited

Uploading documents or entering text that contains third-party personally identifiable information (PII) beyond what is strictly necessary for your compliance program (e.g., bulk employee personal data, customer personal data).

⛔ Prohibited

Entering false or deliberately misleading information about your organization with the intent to generate fraudulent compliance documentation.

⛔ Prohibited

Uploading content that infringes any third party's intellectual property rights.

2.4 Commercial Restrictions

⛔ Prohibited

Reselling, sublicensing, or white-labeling the Service or its outputs as part of a commercial compliance consulting offering without a written reseller agreement.

⛔ Prohibited

Using AI-Generated Output as training data for competing AI models, compliance tools, or document generation systems.

03 Responsible Use of AI Output

Given the compliance context in which the Service is used, we require you to observe the following practices:

Internal review before use: All AI-Generated Output must be reviewed and approved by a qualified person within your organization before being implemented as a live policy, presented to an auditor, or shared with a regulatory body.
Accuracy of inputs: The quality of AI output is directly dependent on the accuracy of your inputs. You are responsible for providing truthful, accurate information about your organization's security environment.
No substitution for professional advice: The Service does not provide legal advice, regulatory compliance advice, or professional auditing services. For complex regulatory questions (GDPR, HIPAA, PCI-DSS interactions with your ISMS), consult a qualified professional.
Audit transparency: When presenting AI-generated documents to external auditors or certification bodies, you must be prepared to demonstrate that documented controls are actually implemented in your environment. Documents alone do not constitute evidence of control implementation.

04 Enforcement

We reserve the right to investigate any suspected violation of this AUP. If we determine a violation has occurred, we may take any of the following actions, depending on severity:

Issue a warning and require remediation
Temporarily suspend your account
Permanently terminate your account without refund
Report illegal activity to relevant law enforcement authorities

We will give you reasonable notice and an opportunity to respond before taking action, except where immediate action is required to protect the Service or other users from harm.

05 Reporting Violations

If you become aware of a violation of this AUP by another user, or if you discover a security vulnerability in the Service, please report it promptly:

AUP violations: support@aicopliance.com (subject: "AUP Report")
Security vulnerabilities: security@aicopliance.com (subject: "Security Report")

We take all reports seriously and will investigate promptly.

06 Updates

We may update this AUP from time to time. Material changes will be communicated by email at least 14 days before taking effect. Continued use of the Service constitutes acceptance of the updated AUP.