Acceptable Use Policy

This Acceptable Use Policy (the “AUP”) forms part of the Knowledge² Platform Terms of Service and End User License Agreement (the “Terms”). Capitalized terms used but not defined in this AUP have the meanings given in the Terms.

This AUP applies to all access to and use of the Services, including use through the console, APIs, SDKs, integrations, agents, Free Services, Beta Services, and any private deployment made available by Knowledge², unless a signed written agreement expressly supersedes this AUP for a specific deployment.

1. Core Rules

1.1 Lawful Use. Customer and its Authorized Users must use the Services only in compliance with applicable law, the Terms, this AUP, and the rights of others.

1.2 Responsibility. Customer is responsible for all activity conducted through its Accounts, credentials, API keys, agents, workflows, and integrations.

1.3 Security and Oversight. Customer must maintain reasonable administrative, technical, and organizational safeguards for its use of the Services, including access controls, human review where appropriate, and procedures for validating Output before using it in production or high-impact settings.

2. Prohibited Content

Customer may not upload, submit, transmit, generate, store, retrieve, distribute, or otherwise use the Services in connection with any of the following:

2.1 Illegal Content or Activity. Content or activity that violates applicable law, including content involving fraud, theft, extortion, stalking, harassment, unlawful discrimination, or unlawful surveillance.

2.2 Infringing or Misappropriated Material. Content that infringes, misappropriates, or otherwise violates any third party’s intellectual property, privacy, publicity, confidentiality, or proprietary rights.

2.3 Malware and Exploit Material. Malicious code, ransomware, spyware, credential theft tools, exploit kits, botnet code, destructive scripts, or instructions or material primarily intended to enable unauthorized access, disruption, or damage.

2.4 Child Sexual Abuse Material and Exploitation. Any child sexual abuse material, child exploitation content, grooming material, or content that sexualizes minors or facilitates harm to minors.

2.5 Non-Consensual Sexual or Intimate Content. Non-consensual intimate imagery, sexual extortion material, deepfake sexual content involving identifiable individuals without consent, or content intended to shame, blackmail, or exploit another person.

2.6 Terrorist or Violent Extremist Content. Content that supports, promotes, organizes, or facilitates terrorism, violent extremism, or targeted violence.

2.7 Fraudulent or Deceptive Content. Phishing materials, impersonation content, forged records, fake evidence, deceptive synthetic media used to mislead, or content intended to facilitate scams or social engineering.

2.8 Unlawfully Obtained or Sensitive Data. Stolen data, unlawfully intercepted communications, exposed credentials, or Sensitive Regulated Data submitted without authorization and without any required written approval from Knowledge².

3. Prohibited Conduct

Customer may not, and may not permit any third party to, do any of the following:

3.1 Unauthorized Access and Security Violations.

1. attempt to gain unauthorized access to any Account, tenant, environment, system, model, prompt, or data;
2. probe, scan, test, or exploit the vulnerability of any Knowledge² system without prior written authorization;
3. circumvent authentication, rate limits, quota controls, security measures, or abuse-prevention mechanisms;
4. perform denial-of-service attacks, traffic flooding, credential stuffing, brute-force attacks, or similar disruptive conduct; or
5. interfere with the integrity, performance, or availability of the Services.

3.2 Abuse of Ingestion and Fetching Features.

1. use URL ingestion, remote fetching, manifests, archives, or similar features to access non-public, internal, or restricted resources without authorization;
2. attempt to bypass safeguards intended to prevent server-side request forgery, access to private IP space, or other protected network locations;
3. upload password-protected archives, zip bombs, decompression bombs, malicious payloads, or other files intended to evade scanning or destabilize the Services; or
4. disguise malicious or prohibited content using encoding, packaging, indirection, or file-format tricks.

3.3 Credential, Billing, and Account Abuse.

1. share credentials except as expressly permitted by the Services;
2. create multiple accounts, organizations, projects, or API keys to evade quotas, suspensions, or billing;
3. transfer, sell, or lease Account access or API keys to third parties without Knowledge²’s written authorization; or
4. manipulate usage patterns, logs, or request routing to avoid billing or usage measurement.

3.4 Spam, Phishing, and Social Engineering. Use the Services to send or facilitate spam, bulk unsolicited communications, phishing, credential harvesting, impersonation, or deceptive outreach.

3.5 Model and Service Extraction.

1. systematically extract Output or model behavior to recreate, replicate, reverse engineer, benchmark for public release, or compete with the Services;
2. seek to discover or extract non-public system prompts, model weights, embeddings, ranking configurations, or confidential service internals;
3. use the Services to build or improve a competing hosted retrieval, agent, or answer-generation service through automated harvesting or model extraction techniques; or
4. attempt to bypass content, safety, or policy controls for prohibited purposes.

3.6 Service Bureau and Unauthorized External Use. Provide the Services to third parties, or use the Services in a service bureau, managed service, OEM, resale, or white-label capacity, except to the extent expressly authorized in a written Order Form.

3.7 Abuse of Output. Use Output to facilitate unlawful conduct, impersonation, fraud, blackmail, discrimination, harassment, or harm to others, or to create deceptive artifacts represented as genuine where disclosure is legally required.

4. High-Risk and Regulated Uses

Customer may not use the Services, or permit the Services to be used, in connection with any of the following without Knowledge²’s prior written authorization and appropriate contractual safeguards:

4.1 Life, Safety, and Critical Infrastructure. Any use where a failure, delay, or inaccuracy of the Services could reasonably be expected to cause death, serious bodily injury, or material environmental or infrastructure harm, including operation of critical infrastructure or industrial control systems.

4.2 Medical and Emergency Contexts. Diagnosis, treatment recommendations, triage, emergency response, or other medical or safety-critical decisions without qualified professional review and legally required safeguards.

4.3 High-Impact Decisions. Fully automated or materially determinative decisions about employment, housing, credit, lending, insurance, education, immigration, public benefits, legal rights, or criminal justice, without meaningful human review and legally required testing, documentation, and oversight.

4.4 Surveillance and Biometrics. Real-time biometric identification, unlawful surveillance, social scoring, or profiling prohibited by applicable law.

4.5 Weapons and Harm Facilitation. Development, targeting, or deployment of weapons, or use intended to facilitate violence, sabotage, or unlawful acquisition or use of harmful materials.

4.6 Sensitive Regulated Data.Processing Sensitive Regulated Data, including protected health information or payment card data, without Knowledge²’s prior written approval and any required addenda.

5. Customer Responsibilities

Customer will:

5.1 Rights and Permissions. Ensure it has all rights, permissions, notices, and lawful bases necessary to submit Customer Content to the Services and to direct Knowledge² to process it.

5.2 Data Minimization. Use reasonable efforts to avoid submitting unnecessary personal data, confidential data, or Sensitive Regulated Data to the Services.

5.3 Human Review.Implement human review, validation, and escalation processes appropriate to the nature of Customer’s use case and the risks associated with relying on Output.

5.4 Security Controls. Maintain reasonable security controls for Accounts, user permissions, endpoints, webhooks, downstream systems, and API keys.

5.5 Compliance. Comply with all applicable laws regarding privacy, data protection, consumer protection, discrimination, export controls, sanctions, intellectual property, and marketing communications.

6. Monitoring, Investigation, and Enforcement

6.1 Enforcement Rights. Knowledge² may investigate any suspected violation of this AUP or the Terms and may, without limiting any other remedies:

1. reject, remove, disable, or quarantine Customer Content;
2. suspend, throttle, or terminate access to the Services;
3. block integrations, requests, workflows, or API traffic;
4. require Customer to remediate a violation or provide additional safeguards;
5. preserve relevant records or evidence; and
6. report unlawful activity to law enforcement, regulators, rights holders, or other appropriate third parties.

6.2 No Duty to Monitor. Knowledge² has no obligation to monitor all use of the Services or all Customer Content, but may do so to the extent necessary to enforce this AUP, protect the Services, or comply with law.

6.3 Cooperation. Customer will reasonably cooperate with Knowledge² in investigating suspected violations of this AUP.

6.4 No Refunds for Violations. Knowledge² may suspend or terminate access for AUP violations without refund, to the extent permitted by applicable law and subject to any contrary requirement in a negotiated Order Form.

7. Reporting Suspected Violations

To report suspected violations of this AUP, abuse of the Services, or security concerns, Customer may contact Knowledge² at hello@knowledge2.ai. For privacy-related concerns involving personal information, Customer may contact privacy@knowledge2.ai.

8. Changes to This AUP

Knowledge² may update this AUP from time to time in accordance with the change procedures set forth in the Terms. Customer’s continued use of the Services after an updated AUP becomes effective constitutes acceptance of the updated AUP.