Aquil
Aquil
Legal

Acceptable Use Policy

What customers and authorised users may and may not do when using Aquil.

Version 1.0.0 · Effective 7 April 2026

Download PDFDownload Markdown

Acceptable Use Policy (AUP)

Aquil — ISO 27001 ISMS Management Service

Version: 1.0 Effective date: 2026-04-07

This Acceptable Use Policy ("AUP") governs Customer's and Authorised Users' use of the Aquil Service. It is incorporated by reference into the MSA. Capitalised terms have the meanings given in the MSA.

1. Prohibited use

Customer and its Authorised Users may not, and may not permit any third party to:

a) Use the Service in violation of any applicable law, regulation or third-party right. b) Upload, store, transmit or process through the Service any content that is unlawful, defamatory, harassing, infringing, obscene, or that violates the privacy or publicity rights of any person. c) Upload personal data of categories listed in GDPR art. 9 (special categories — including health, race, ethnicity, political opinions, religious beliefs, trade union membership, genetic data, biometric data for unique identification, sex life and sexual orientation) or art. 10 (criminal convictions and offences) unless Customer has a valid lawful basis under art. 9(2) or art. 10, has documented that basis, and accepts full responsibility as Controller for that processing. d) Upload payment card data, authentication credentials, API keys, secrets, classified information, or export-controlled information. e) Use the Service to develop, train or improve any machine learning model, large language model or competing product. f) Reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure of the Service, except to the extent expressly permitted by applicable law notwithstanding this restriction. g) Circumvent or attempt to circumvent any access controls, rate limits, security measures or usage limits. h) Access the Service in order to monitor its availability, performance or functionality for competitive purposes, or to publish benchmark results without Sokigo's prior written consent. i) Sublicense, sell, resell, rent, lease, distribute or otherwise commercially exploit the Service, except as expressly authorised by Sokigo. j) Use the Service to send spam, phishing messages, malware, viruses or any other malicious code. k) Use the Service in a way that interferes with or disrupts the integrity, performance or use of the Service by others. l) Conduct vulnerability scanning, penetration testing or other security probing of the Service without Sokigo's prior written consent. Coordinated disclosure may be reported to infosec@sokigo.com. m) Submit prompt-injection attacks, attempts to extract system prompts, or attempts to bypass content moderation in AI features. n) Use the Service to make automated, high-volume or programmatic requests that are not part of normal interactive use, unless via an API expressly provided for that purpose and within published rate limits. o) Impersonate any person or entity, or misrepresent affiliation with any person or entity. p) Share Authorised User credentials between individuals.

2. AI-specific rules

In addition to the above:

  • AI-generated output must be reviewed by a qualified human before being relied upon for any compliance, audit, legal or regulatory purpose.
  • Customer must not present AI output as the sole basis for high-stakes decisions affecting individuals.
  • Customer must not use the Service to generate content that misleads regulators, auditors or other third parties about Customer's actual compliance posture.
  • Customer must not attempt to use the AI features to process the personal data of individuals who would not reasonably expect their data to be processed by an AI system in connection with Customer's ISMS.

3. Enforcement

  • Sokigo may investigate suspected violations of this AUP.
  • For violations that pose a security risk, threaten the integrity of the Service, or that violate applicable law, Sokigo may suspend access immediately without prior notice.
  • For other violations, Sokigo will give reasonable notice and an opportunity to cure where practicable.
  • Repeated or material violations may result in termination of the Agreement under the MSA.

4. Reporting

Suspected security vulnerabilities: infosec@sokigo.com Suspected abuse, illegal content or AUP violations: infosec@sokigo.com

[End of AUP]

Document hash (SHA-256): 113a3ea9af8bf165c9c7c75841fb61162c53a97cbaf4c9030950175b8eef31d0