Acceptable Use Policy
> This document has not been reviewed or approved by counsel. Aletheos is not currently accepting paid subscriptions on these terms. Any account created during this draft window is non-binding under Canadian contract law. Final binding terms will be published after Ontario-licensed legal review.
> This document has been drafted from standard templates. It has NOT been reviewed by legal counsel. DO NOT publish or enforce until a Canadian lawyer (Ontario-licensed) has reviewed, amended, and approved. > Last drafted: 2026-04-19
Acceptable Use Policy
Company: Aletheos Technologies Inc., an Ontario corporation with its registered office at 4005 Don Mills Road, Toronto, ON M2H 3J9, Canada (hereinafter "Aletheos") Jurisdiction: Province of Ontario, Canada Effective Date: [TO BE SET BY LAWYER UPON APPROVAL] Version: DRAFT-1.0
1. Purpose and Scope
1.1 This Acceptable Use Policy ("AUP") sets out the rules for using the Aletheos platform, its APIs, endpoints, dashboards, tools, and all associated services ("Services").
1.2 This AUP applies to all users: individual consumers, business customers, developers accessing APIs, and any third parties granted access to the Services.
1.3 This AUP is incorporated into the Terms of Sale and Subscription Agreement. Violation of this AUP may result in immediate suspension or termination of your account without refund, subject to the rights described in section 7.
1.4 Aletheos's Services are designed to help you protect your own privacy and the privacy of individuals for whom you have lawful authority to act. They are not designed or licensed for offensive, unauthorized, or unlawful purposes.
2. Permitted Uses
2.1 You may use the Services to: (a) Scan publicly available data sources and AI model outputs for your own personal information or the personal information of individuals for whom you have obtained proper written consent or have lawful authority to act; (b) Submit GDPR, CCPA, PIPEDA, and other legal erasure or access requests on behalf of yourself or individuals described in (a); (c) Monitor dark web data for indicators of compromise related to your own organization or individuals described in (a); (d) Use the DLP (Data Loss Prevention) tooling to identify potential data leaks within your own organization's systems; (e) Use the OSINT (Open-Source Intelligence) features to investigate publicly available information about your own organization or for lawful due diligence purposes within your organization, in compliance with applicable law; (f) Use the sandbox and testing environments for development and integration testing against synthetic or your own data only.
3. Prohibited Uses
3.1 Illegal Data Collection and Processing. You must not use the Services to collect, process, or store personal information in violation of PIPEDA, GDPR, CCPA, or any other applicable privacy or data protection law.
3.2 Unauthorized Scanning of Third Parties. You must not use the OSINT, DLP, dark web monitoring, AI model scanning, or data broker scanning features to search for, compile, or process personal information about individuals or organizations without their explicit prior consent or your lawful authority to do so. This prohibition includes: (a) Scanning competitors' employees or customers; (b) Aggregating personal data from multiple sources to build profiles on individuals without consent; (c) Using the Services as part of a data brokerage or resale operation.
3.3 Credential Stuffing and Unauthorized Access. You must not use the Services — including any API endpoint, scanning tool, or integration — to: (a) Automate login attempts against third-party services using credential lists ("credential stuffing"); (b) Test credentials you do not own or have authorization to test; (c) Gain unauthorized access to any computer system, network, or service.
3.4 Harassment, Stalking, and Harm. You must not use the Services to locate, monitor, harass, stalk, intimidate, or harm any individual. This includes using OSINT or data broker results to facilitate physical harm, emotional abuse, or unlawful surveillance.
3.5 Reverse Engineering and Extraction. You must not: (a) Reverse-engineer, decompile, disassemble, or attempt to extract the source code or model weights of any AI component of the Services, including any fine-tuned Mistral adapter models, Anthropic Claude integrations, OpenAI model integrations, or any other machine learning component; (b) Attempt to extract, replicate, or export training data, embedding weights, or inference outputs in a manner intended to reproduce or substitute for the Aletheos platform; (c) Use automated tools to systematically scrape or mirror the Aletheos platform, its APIs, or its databases beyond what is expressly authorized in your subscription plan.
3.6 Abuse of Platform Infrastructure. You must not: (a) Use the Services in a manner that places unreasonable or disproportionate load on Aletheos infrastructure; (b) Circumvent rate limits, quotas, or access controls; (c) Use the Services to attack, probe, or scan Aletheos's own infrastructure or third-party infrastructure; (d) Introduce malware, viruses, trojans, or any other malicious code into the Services or through the Services to third-party systems.
3.7 Misrepresentation. You must not: (a) Impersonate Aletheos, another user, or any other person or entity; (b) Falsely claim to act with the authority of a data subject when submitting erasure or access requests on behalf of a third party without proper consent; (c) Use the Services to generate false or misleading erasure request submissions.
3.8 Unlawful Purposes. You must not use the Services for any purpose that violates applicable law, including but not limited to: money laundering, fraud, sanctions evasion, or human trafficking.
3.9 Minors. The Services are not directed to individuals under 18 years of age. You must not use the Services to collect or process personal information of minors.
4. Security Research
4.1 If you are a security researcher who has identified a vulnerability in the Aletheos platform, please report it responsibly to security@aletheos.tech before any public disclosure.
4.2 Unauthorized penetration testing of Aletheos systems is prohibited. If you wish to conduct authorized security testing, contact legal@aletheos.tech to arrange written authorization in advance.
5. Monitoring and Enforcement
5.1 Aletheos reserves the right to monitor use of the Services for compliance with this AUP, subject to our Privacy Policy and applicable law.
5.2 If we detect or receive credible reports of a violation, we may: (a) Issue a warning; (b) Temporarily suspend your access; (c) Permanently terminate your account; (d) Report the activity to applicable law enforcement authorities.
5.3 Account termination for AUP violation does not entitle you to a refund, except as required by applicable law or the 10-day cooling-off period under the Ontario CPA.
6. Reporting Violations
6.1 If you become aware of a violation of this AUP by another user, please report it to legal@aletheos.tech. We take all reports seriously and will investigate.
7. Customer Rights on Suspension or Termination
7.1 If we suspend or terminate your account for an alleged AUP violation, we will: (a) Notify you by email within 24 hours of the action, stating the reason; (b) Provide you with an opportunity to respond within 10 business days; (c) Review your response and provide a final decision within 10 business days thereafter.
7.2 If suspension or termination was in error, we will restore your account and, if applicable, provide a pro-rata credit for the period of suspension.
8. Changes to This Policy
8.1 We may update this AUP from time to time to reflect new features, legal requirements, or evolving abuse patterns. We will post updates at [https://aletheos.tech/legal/acceptable-use] and notify you by email at least 30 days before material changes take effect.
9. Governing Law and Disputes
9.1 Governing Law: This AUP is governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein.
9.2 Disputes: Any dispute arising out of or related to this AUP shall be submitted to the courts of the Province of Ontario, Canada.
Contact: legal@aletheos.tech Governing Law: Province of Ontario, Canada, and the federal laws of Canada applicable therein. Disputes: Courts of Ontario, Canada.