Acceptable Use Policy

fileAI’s products are built to help businesses process documents, automate financial workflows, and extract intelligence from data at scale. That power comes with responsibility — ours and yours. This Acceptable Use Policy (“AUP”) sets out what you may and may not do with the fileAI platform, products, and services (collectively, the “Services”).

This AUP applies to users of our Services, including visitors to our website and self-serve subscribers. It is incorporated by reference into fileAI’s Legal Terms. Capitalised terms used but not defined here have the meanings given in the Legal Terms.

If you have questions about whether a particular use is permitted, contact us at legal@file.ai before proceeding.

You are responsible for all activity that occurs under your account, including activity by your users and anyone you grant access to the Services. You must:
- keep your login credentials secure and not share them with anyone outside your organisation
- ensure each set of credentials is used by one individual only — no shared or pooled accounts
- promptly notify fileAI at support@file.ai if you become aware of any unauthorised access to your account
- provide accurate and current information when registering for or maintaining your account

You must not create accounts using automated means, create multiple accounts to circumvent usage limits, or misrepresent your identity or organisation when signing up.
‍

You may use the Services for lawful business purposes in accordance with your applicable subscription agreement, the Documentation, and this AUP. Permitted uses include:
- processing, classifying, extracting, and automating workflows for documents and data in your organisation’s possession for which you have the right to process
- integrating the Services with your internal systems and third-party tools through fileAI’s documented APIs
- using AI-generated outputs to support internal business decisions, subject to appropriate human review
- accessing the Services on behalf of your employer or organisation, where you are authorised to do so
‍

The following are prohibited. These restrictions apply to you and to anyone who accesses the Services through your account.

‍3.1  Illegal and Harmful Activity
‍You must not use the Services to:
- violate any applicable law, regulation, or legally binding order of any governmental authority
- facilitate, promote, or enable fraud, money laundering, terrorism financing, or any other financial crime
- process data or conduct activities that infringe any third party’s intellectual property rights, privacy rights, or other legal rights
- stalk, harass, intimidate, defame, or otherwise harm any individual or groupgenerate, distribute, or assist in creating content that constitutes hate speech under applicable law or that promotes or incites violence or discrimination on the basis of race, ethnicity, religion, gender, sexual orientation, disability, nationality, or any other protected characteristic
- produce, transmit, or facilitate child sexual abuse material or any other content that sexually exploits or endangers minors
- assist in the commission of any crime or tortious act, or conspire with others to do so

‍3.2  Deception and Manipulation
‍You must not use the Services to:
- generate or distribute misinformation, disinformation, or materially false content with the intent to deceive or mislead
- create or disseminate synthetic media (including deepfakes) that misrepresent real individuals, organisations, or events in a deceptive or harmful way
- impersonate any individual, organisation, government authority, or fileAI — whether through generated content, communications, or otherwise
- produce or distribute spam, phishing content, or deceptive communications at scale
- manipulate search engine results, platform algorithms, or user engagement metrics through artificial means

‍3.3  Security and System Integrity
‍You must not use the Services to:
- probe, scan, or test the vulnerability of the Services or any related systems or networks without fileAI’s prior written authorisation
- circumvent, disable, or otherwise interfere with any security feature, access control, rate limit, or authentication mechanism of the Services
- access any part of the Services, fileAI systems, or other customers’ data through unauthorised means, including by exploiting bugs or vulnerabilities
- introduce, transmit, or facilitate malware, ransomware, viruses, exploits, or other malicious code through the Servicesconduct denial-of-service (DoS or DDoS) attacks or any other activity that degrades or disrupts the Services, their infrastructure, or any connected systems
- use the Services to conduct offensive cyber operations against any third party

‍3.4  Data and Privacy
‍You must not use the Services to:
- submit data you do not have the right to process, including personal data submitted without the necessary legal basis, consent, or authorisation under applicable data protection law
- process sensitive personal data categories (such as health, biometric, or financial data) in jurisdictions or contexts where you lack the legal authority to do so
- attempt to re-identify individuals from anonymised or aggregated data sets, whether produced by fileAI or otherwise
- use outputs from the Services to build unauthorised profiles on individuals or to enable mass surveillance
- exfiltrate, harvest, or scrape data from the Services or fileAI’s systems beyond what is permitted through documented APIs and your authorised access level

‍3.5  Competitive and Reverse Engineering Activity
‍You must not:
- use the Services or any output, data, or insights derived from them to build, train, benchmark, or improve a competing product or service
- reverse engineer, decompile, disassemble, or otherwise attempt to extract source code, model weights, training data, algorithms, or trade secrets from the Service
- suse automated queries, bots, or scrapers to extract data or content from the Services at scale outside of documented APIs and permitted use
- sublicense, resell, or otherwise make the Services available to third parties without fileAI’s prior written authorisation

‍3.6  AI-Specific Prohibitions
‍Given the nature of AI-powered services, the following additional restrictions apply:
- you must not use the Services to generate content designed to circumvent or manipulate AI safety systems — including those of fileAI or any third party
- you must not use the Services in fully automated pipelines that make consequential decisions affecting individuals — such as credit decisions, employment screening, or healthcare triage — without meaningful human review and oversight
- you must not represent AI-generated outputs as having been produced, verified, or certified by a human professional (including a licensed accountant, lawyer, or regulated adviser) where that is not the case
- you must not use the Services to generate synthetic training data intended to circumvent copyright or IP protections, or to generate content that infringes third-party IP
- you must not use automated prompting techniques specifically designed to cause the Services to produce outputs that violate this AUP or applicable law (commonly referred to as “prompt injection” or “jailbreaking”)

‍3.7  Regulated and High-Risk Activities
‍You must not use the Services as the sole or primary basis for decisions in contexts where errors could cause serious harm, including:
- medical diagnosis, treatment decisions, or clinical recommendations
- legal advice or representation in proceedingsthe rendering of professional opinions that require licensure under applicable law (including audit opinions, tax certifications, and securities advice)
- safety-critical operational controls in infrastructure, aviation, defence, or similar sectors
‍

You are responsible for all data, documents, prompts, and other content (“Input”) you submit to the Services, and for ensuring that your use of any outputs the Services generate (“Output”) complies with this AUP and applicable law.

‍4.1  Your Input
‍You must not submit Input that:
- you do not have the legal right to process or share
- is designed to elicit Output that would violate Section 3 of this AUP
- contains malicious code, instructions intended to compromise system integrity, or content designed to manipulate the Services into producing prohibited content

‍4.2  Your Output
‍You are responsible for reviewing Output before relying on it or sharing it with others. You must not:
- use Output in a misleading or deceptive way that could harm third parties
- represent Output as having been produced without AI involvement in contexts where such disclosure is required by law, regulation, or professional obligation
- use Output that you know or reasonably suspect is inaccurate in a context where accuracy is material to a decision affecting third parties

‍4.3  Third-Party Content
‍If you submit third-party content (documents, datasets, or other materials belonging to others) to the Services, you represent and warrant that you have all necessary rights and permissions to do so.
‍

If you access the Services through fileAI’s APIs or build integrations that connect third-party systems to the Services, additional requirements apply:
- you may only access the Services through documented, authorised API endpoints and methods
- you must not exceed the rate limits or usage quotas applicable to your subscription tier\
- you must implement reasonable security measures to protect your API keys and tokens, and must rotate them promptly if you suspect compromise
- if you build a product or application that uses the Services, you are responsible for ensuring that your end users’ use of that product complies with this AUP and all applicable laws
- you must not use the API to bypass usage limits, access controls, or other restrictions applicable to your subscription
- you must include appropriate disclosures in any product you build that uses the Services to inform end users that the product is powered by AI
‍

fileAI reserves the right to investigate any suspected violation of this AUP. If fileAI determines, in its reasonable judgement, that a violation has occurred or is likely to occur, fileAI may take any of the following actions, immediately and without prior notice where necessary to prevent harm:
- suspend or restrict access to the Services, in whole or in part
- terminate the account and all associated subscriptions
- remove, disable, or limit access to specific content, outputs, or integrations
- report the activity to relevant law enforcement or regulatory authorities
- preserve evidence and cooperate with lawful investigations

Where it is practicable to do so without prejudicing any investigation or security response, fileAI will notify you of any enforcement action taken and give you an opportunity to remedy the breach. fileAI’s failure to act on a particular violation does not waive its right to act on future violations.
‍

If you become aware of any use of the Services that violates this AUP, or if you discover a security vulnerability or potential abuse of the platform, please report it to us promptly:
- AUP violations:  legal@file.ai
‍- Security vulnerabilities:  security@file.ai
‍- General support:  support@file.ai

‍We take all reports seriously and will investigate promptly. We will not take adverse action against anyone who reports a genuine concern in good faith.
‍

fileAI may update this AUP from time to time to reflect changes in our products, applicable law, or industry best practice. For material changes, we will provide at least 30 days’ notice by email or through in-product notification before the change takes effect. Non-material clarifications may take effect immediately. The date at the top of this document reflects the most recent version.

Continued use of the Services after a change takes effect constitutes your acceptance of the updated AUP. If you do not accept a material change, you may terminate your subscription in accordance with your applicable agreement before the change takes effect.
‍

This AUP is incorporated into and forms part of fileAI’s Legal Terms. In the event of a conflict between this AUP and the Legal Terms, this AUP prevails with respect to acceptable use obligations.