This Acceptable Use Policy (the “AUP”) governs use of the Services provided by Team Clarity, Inc. DBA Iron Gorilla (“Team Clarity,” “Iron Gorilla,” “we,” “us,” or “our”). This AUP supplements, and is incorporated into, the Terms of Service, the Data Processing Addendum (the “DPA”), and any applicable Order Form (collectively, the “Agreement”). Capitalized terms used but not defined here have the meanings given in the Terms of Service or DPA. If there is a conflict between this AUP and the Terms of Service, the Terms of Service control; if there is a conflict between this AUP and an Order Form, the Order Form controls.

1. Purpose and Scope

This AUP describes the conduct, content, and uses that are prohibited on or through the Services. It applies to Customer, to each of Customer’s users, administrators, developers, agents, and contractors, and to any person or system that accesses or interacts with the Services using Customer’s credentials, API keys, tokens, or environments (each, a “User”). Customer is responsible for compliance with this AUP by every User and for any activity that occurs under Customer’s account.

2. Definitions

“High-Risk Use” means any use described in Section 8 of this AUP and in Section 14 of the Terms of Service. “Regulated Data” means the categories of data described in Section 7 of this AUP. “Prohibited Conduct” means the conduct described in Sections 3 through 13 of this AUP. Other capitalized terms have the meanings given in the Agreement.

3. Compliance with Law and Other Policies

Customer and each User must use the Services in compliance with all applicable laws, regulations, and contractual obligations, including export-control laws, sanctions, anti-money-laundering laws, consumer-protection laws, intellectual-property laws, and data-protection and privacy laws (including the Applicable Data Protection Laws as defined in the DPA). Customer and each User must also comply with the published policies of any model provider, integration, or third-party platform whose functionality is accessed through the Services, including the usage policies of supported AI model providers such as OpenAI API, Anthropic API, and Grok API.

4. Prohibited Conduct

Customer and each User may not use the Services to:

(a) violate any law, regulation, contract, third-party right, or platform policy;

(b) engage in fraud, deception, phishing, credential theft, spam, unsolicited messaging, malware distribution, botnets, evasion of access controls, unauthorized access, or other security abuse;

(c) infringe, misappropriate, or violate any intellectual-property, publicity, or privacy right;

(d) defame, harass, threaten, stalk, or intimidate any person, or facilitate harm to a person’s safety, health, or property;

(e) interfere with, disrupt, degrade, or impose an unreasonable load on the Services, the infrastructure that supports the Services, or any other customer’s use of the Services;

(f) reverse engineer, decompile, disassemble, scrape, or otherwise attempt to derive source code, model weights, prompts, or proprietary techniques from the Services, except to the extent this restriction is prohibited by applicable law; or

(g) take any other action that the Terms of Service identifies as a prohibited use.

5. Prohibited Content and Outputs

Customer and each User may not use the Services to generate, solicit, store, transmit, or distribute content, prompts, agent instructions, or outputs that:

(a) sexually exploit or endanger minors, or constitute child sexual abuse material;

(b) facilitate non-consensual intimate imagery, sexual content involving identifiable real persons without consent, or sexual content depicting minors;

(c) promote, incite, or facilitate violence, terrorism, self-harm, or the targeting of a person or group on the basis of a protected characteristic;

(d) provide operational instructions for the creation, acquisition, or deployment of weapons capable of mass casualties, including chemical, biological, radiological, nuclear, or high-yield explosive weapons;

(e) constitute malicious code, exploit instructions, vulnerability exploitation, or other content intended to compromise the security, integrity, or availability of any system, network, or device; or

(f) are designed to deceive a person about the source, authenticity, or authorship of content in a manner that causes legal, financial, or reputational harm, including the creation of synthetic media for fraud, election interference, or impersonation.

6. Security and Integrity of the Services

Customer and each User may not:

(a) probe, scan, or test the vulnerability of the Services or any system or network connected to the Services, except under a written authorized-testing program agreed in writing with Team Clarity;

(b) breach, circumvent, or attempt to circumvent any authentication, authorization, rate-limiting, quota, isolation, sandboxing, or other security or access-control measure;

(c) access any account, environment, tenant, model, dataset, or other resource that Customer is not authorized to access;

(d) introduce malware, ransomware, time bombs, trojans, or other harmful code into the Services or any connected system; or

(e) use the Services to attack, overwhelm, or impair any third-party system, including through denial-of-service or amplification techniques.

Customer must promptly notify Team Clarity at legal@teamclarity.ai of any suspected unauthorized access, compromised credentials, unintended agent activity, misconfigured workflow, or other security incident affecting the Services, consistent with Customer’s obligations under the Privacy Policy and the DPA.

7. Data Restrictions

Customer and each User may not submit to, process through, or generate within the Services any of the following categories of data unless expressly authorized in writing through a signed Order Form, DPA, business associate agreement, security addendum, or other written agreement with Team Clarity:

(a) protected health information subject to HIPAA or analogous laws;

(b) payment card data or cardholder data subject to PCI DSS;

(c) controlled unclassified information (CUI) or federal contract information (FCI);

(d) export-controlled data, including data subject to the International Traffic in Arms Regulations or the Export Administration Regulations;

(e) classified information;

(f) personal data of children under the age of 13, or under any higher age of digital consent that applies under local law;

(g) biometric identifiers or biometric information used for unique identification;

(h) genetic data; and

(i) precise geolocation data.

Customer remains the controller of Customer Personal Data (as defined in the DPA) and is solely responsible for establishing a lawful basis, providing required notices, and obtaining required consents for any data submitted to the Services. Customer Personal Data will not be used to train or fine-tune any third-party foundation model, consistent with Section 6 of the DPA.

8. High-Risk and Regulated Use

Customer and each User may not use the Services to make, materially inform, or automate decisions in credit, employment, housing, insurance, education, healthcare, legal, financial, government benefits, immigration, or similarly regulated contexts (each, a “High-Risk Decision”) without:

(a) appropriate human review of each decision by a qualified person;

(b) a documented legal basis under applicable law;

(c) the notices, explanations, and appeal rights required by applicable law; and

(d) where required by the Agreement, Team Clarity’s prior written approval.

Customer and each User may not use the Services for the design, development, testing, or operation of weapons systems, military targeting, law-enforcement surveillance, emergency response, or the control of critical infrastructure (including power, water, transportation, or telecommunications systems) without Team Clarity’s express prior written approval. This Section 8 is in addition to, and does not limit, Section 14 of the Terms of Service.

9. Identity, Authority, and Misrepresentation

Customer and each User may not:

(a) impersonate any person or entity or misrepresent their affiliation, authority, qualifications, or identity;

(b) misrepresent that content or output generated by the Services was authored by a human, where applicable law or platform policy requires disclosure of synthetic content;

(c) use the Services to engage in unlawful collection, processing, identification, tracking, monitoring, or surveillance of individuals, including biometric identification of individuals in publicly accessible spaces; or

(d) facilitate the foregoing by others.

10. Third-Party Integrations and Connected Systems

Customer is responsible for any third-party platform, model provider, data source, application, agent, plugin, or other system that Customer connects to or accesses through the Services, including the credentials, API keys, tokens, scopes, and permissions used for those connections. Customer must:

(a) have a valid lawful basis and any required consents to access and process data through each connection;

(b) comply with the terms and policies of each connected service;

(c) configure scopes and permissions on a least-privilege basis; and

(d) promptly revoke credentials and access when no longer needed or when compromise is suspected.

Customer may not use the Services to access any third-party system without authorization from the operator of that system.

11. Resale, Competitive Use, and Benchmarking

Customer and each User may not:

(a) resell, sublicense, white-label, distribute, or provide managed services using the Services without a separate written partner agreement with Team Clarity; or

(b) use the Services or any information derived from the Services, including outputs, telemetry, benchmarks, evaluations, or documentation, to develop, train, improve, benchmark, or operate a competing AI governance, runtime, orchestration, model proxy, compliance, observability, policy, or agent-execution platform. Customer may publish performance or evaluation results regarding the Services only with Team Clarity’s prior written approval.

12. Automated Decisions and Human Review

Where Customer uses the Services to configure agents, workflows, or models that produce decisions, recommendations, or actions affecting individuals, Customer is responsible for:

(a) determining whether the use constitutes solely automated decision-making under applicable law;

(b) providing the notices, legal bases, and human-review or appeal rights required by applicable law; and

(c) implementing appropriate human-in-the-loop review for High-Risk Decisions described in Section 8. Iron Gorilla’s features for human review, logging, and policy enforcement do not relieve Customer of these obligations.

13. Customer Responsibility for End Users

Customer must:

(a) require each User to comply with this AUP, including through written terms or internal policies that are at least as protective as this AUP;

(b) ensure that each User is at least 18 years of age and is not a child whose data is subject to enhanced protections under applicable law;

(c) configure and use the Services securely, including by protecting credentials, assigning appropriate permissions, and managing connected systems consistent with the Privacy Policy and the DPA; and

(d) promptly investigate and address any suspected violation of this AUP by a User.

Customer is liable to Team Clarity for acts and omissions of its Users to the same extent as if Customer had taken those acts or omissions itself.

14. Reporting Violations

To report a suspected violation of this AUP, abuse of the Services, or security issue, contact Team Clarity at legal@teamclarity.ai. Customer must notify Team Clarity promptly upon becoming aware of any actual or suspected violation of this AUP involving Customer’s account, Users, or Customer Data. Reports should include sufficient detail to enable Team Clarity to investigate, including the affected accounts or environments, the nature of the conduct, the time period involved, and any supporting evidence.

15. Investigation, Suspension, and Termination

Team Clarity may investigate suspected violations of this AUP, including by reviewing logs, telemetry, and configurations to the extent permitted under the Agreement and applicable law. Without limiting any other rights or remedies under the Agreement, Team Clarity may, with or without prior notice:

(a) suspend or restrict access to all or part of the Services;

(b) remove or disable content, prompts, agents, workflows, or integrations;

(c) require remediation as a condition of continued use; or

(d) terminate the Agreement,

in each case where Team Clarity reasonably believes that a violation has occurred, is occurring, or is likely to occur, or that action is necessary to protect the Services, Team Clarity, its customers, or third parties. Where practicable and consistent with legal, security, and operational considerations, Team Clarity will provide notice and an opportunity to cure before suspension or termination for a non-emergency violation.

16. Changes to this Policy

Team Clarity may update this AUP from time to time. Material changes will be communicated as described in the Terms of Service. Continued use of the Services after the effective date of an update constitutes acceptance of the updated AUP.

17. Contact

Team Clarity, Inc.
1111B S Governors Ave #41605
Dover, Delaware 19904
legal@teamclarity.ai