Acceptable Use Policy

Effective for: All users of the AssetShop SCO Service

Version: 1.1 (counsel-ready draft · pending commercial counsel review before publication)

Exhibit to: Master Services Agreement

Referenced by: Terms of Service (for public sites)

This Acceptable Use Policy ("AUP") describes prohibited conduct in connection with the AssetShop SCO Service, the public AssetShop sites, and any related AssetShop tools or services (collectively, the "Service"). The AUP applies to Customer, Authorized Users, and any person accessing the Service.

1. Prohibited content and conduct

You may not use the Service to:

1.1 Unlawful activity

• Engage in or facilitate any unlawful activity, including violations of intellectual property rights, privacy rights, or anti-discrimination laws
• Engage in fraud, money laundering, or financial crimes
• Distribute illegal content

1.2 Harmful content

• Distribute malware, viruses, ransomware, worms, trojans, or other malicious code
• Transmit content designed to harm minors

1.3 Security violations

• Probe, scan, or test the vulnerability of any system or network without authorization (other than coordinated vulnerability disclosure submitted through AssetShop's published process)
• Attempt to gain unauthorized access to any account, system, or data
• Bypass or circumvent authentication, security controls, rate limits, or access restrictions
• Interfere with the integrity, availability, or operation of the Service or any other party's systems
• Conduct denial-of-service attacks or other actions that degrade Service performance for others

1.4 Abuse of Service

• Use the Service to send unsolicited bulk communications (spam)
• Use the Service to harvest data about other users
• Reverse engineer, decompile, or disassemble non-open-source components of the Service
• Use the Service to develop a competing product or service
• Resell, sublicense, or redistribute the Service without authorization

1.5 Misrepresentation

• Misrepresent your identity, affiliation, or authority
• Falsify or remove copyright, trademark, or other proprietary notices
• Misrepresent the origin or authenticity of Service-generated outputs

1.6 Data misuse

• Submit data to the Service that violates the privacy or other rights of third parties
• Submit data that you are not authorized to submit (e.g., another organization's confidential data without permission)
• Use the Service to process Special Categories of Personal Data (Article 9 GDPR - health, race, religion, sexual orientation, etc.) without prior written agreement with AssetShop
• Use the Service for purposes that materially differ from the purposes specified in the MSA without notifying AssetShop

1.7 Operational misuse

• Submit deliberately misleading or fraudulent operational data (e.g., to falsify ROI claims to internal stakeholders)
• Use the Service to circumvent regulatory reporting obligations
• Use the Service in a manner inconsistent with documented Service capabilities (e.g., as middleware in the request path of an enterprise system, when the Service is architected for read-only observation)

2. Resource limits

The Service is provisioned with capacity limits set forth in the Order Form. Use that exceeds these limits may result in rate limiting, additional charges, or suspension. Capacity limits include (without limitation):

• Maximum API calls per minute per tenant
• Maximum data volume per ingestion batch
• Maximum sustained ingestion throughput (default 100,000 observations/minute per tenant)
• Maximum concurrent users
• Maximum stored data volume per tenant

Customers requiring higher limits should specify in the Order Form or contact AssetShop to upgrade.

3. Reporting violations

To report a suspected AUP violation, security vulnerability, or abuse, contact: AssetShopCo@gmail.com. AssetShop's full vulnerability disclosure policy is published at: https://trust.enterprise.assetshop.eth.limo/.well-known/security.txt

4. Enforcement

AssetShop may, at its discretion and in addition to any other remedies available under the MSA or applicable law:

(a) Investigate suspected violations, including reviewing Service activity and Customer Data (subject to Customer's reasonable confidentiality expectations and the DPA)

(b) Issue a warning to Customer

(c) Suspend or limit Customer's access to the Service (in whole or for the violating user or activity)

(d) Remove or disable access to violating content

(e) Terminate the affected Order Form for cause per Section 10.2 of the MSA

(f) Cooperate with law-enforcement requests as legally required

For minor or inadvertent violations, AssetShop will typically issue a warning and provide an opportunity to cure. For material or willful violations (including security violations, fraud, or material harm to AssetShop or third parties), AssetShop may suspend or terminate immediately.

5. Updates

AssetShop may update this AUP from time to time. Updates take effect 30 days after notice to Customer (via email to designated privacy/compliance contact or in-product notice), except updates required by law, regulation, or to address an active security threat may take effect immediately.

This AUP is provided as a counsel-ready draft. Please review with commercial counsel before publication.