LEGAL
Acceptable Use Policy
Last Updated
Syntari AI
Acceptable Use Policy
Version 3.0
Effective Date: February 23, 2026
Document Information
Version 3.0
Effective Date February 23, 2026
Organization Syntari AI, Inc.
Address 855 Boylston Street Suite 1000, Boston, MA 02116
Introduction and Scope
1.1 Purpose
This Acceptable Use Policy ("AUP") v3.0 establishes the rules and guidelines for acceptable conduct when using Syntari AI Services. It protects all users, maintains service integrity, ensures compliance with applicable laws, and reflects our commitment to responsible artificial intelligence use.
1.2 Scope
This AUP applies to:
All users of Syntari AI Services
All Customer Data processed through our platform
All content uploaded, transmitted, or generated using our Services
All AI models, agents, and features accessed through our platform
All integrations with external systems and third-party tools
1.3 Agreement
By using our Services, you agree to comply with this AUP. Violation of this AUP may result in enforcement actions ranging from warning to account termination.
1.4 AI Safety and Responsible Use Commitment
Syntari AI is committed to developing and deploying AI responsibly. You acknowledge that:
AI outputs must be validated and verified before reliance
AI hallucinations can occur regardless of confidence levels
You are responsible for all decisions made based on AI-generated content
Human oversight is essential for high-impact decisions
AI cannot replace professional judgment in regulated industriesGeneral Conduct Requirements
2.1 Lawful Use
You must use our Services only for lawful purposes and in compliance with:
All applicable local, state, national, and international laws
All applicable regulations and industry standards
All contractual obligations with third parties
2.2 Ethical Use
You must use our Services in a manner that respects the rights and dignity of others, does not mislead or deceive, upholds professional standards, and promotes beneficial outcomes.
2.3 Account Responsibility
You are responsible for all activities under your account, maintaining credential confidentiality, notifying us of unauthorized use, and ensuring authorized users comply with this AUP.Prohibited Activities
3.1 Prohibited Activities
You may NOT use our Services to:
Facilitate or promote illegal activities
Commit fraud, identity theft, or financial crimes
Facilitate money laundering or terrorist financing
Promote illegal drugs, weapons, or controlled substances
Operate illegal gambling operations
Facilitate human trafficking or exploitation
Infringe copyrights, trademarks, patents, or trade secrets
Conduct unauthorized access or circumvent security
Conduct denial-of-service attacks
Extract or repurpose Syntari AI models
Harass, defame, or create harmful contentAI-Specific Requirements
4.1 AI Output Validation Requirements
All users must understand and comply with the following requirements for AI-generated content:
VALIDATE BEFORE USE: Independently verify all AI-generated content before relying on it
AI HALLUCINATIONS: AI may confidently present false information as fact
HUMAN OVERSIGHT: High-stakes decisions require human expert review
RESPONSIBILITY: You are solely responsible for decisions based on AI output
DISCLOSURE: Disclose that content is AI-generated where required by law
4.2 Prohibited AI Use Cases
You may NOT use our AI features to:
Category Prohibited Use
Deception Generate content intended to deceive about AI origin
Deepfakes Create deceptive synthetic media of real individuals
Misinformation Generate and disseminate false information at scale
Discrimination Make automated decisions that unlawfully discriminate
4.3 Deepfake Restrictions
Deepfakes and synthetic media depicting real individuals are prohibited unless created for obvious artistic, educational, or satirical purposes with clear disclosure, or with explicit written consent from all individuals depicted.
4.4 Prompt Injection Prevention
You may NOT attempt to manipulate AI models through prompt injection, use adversarial inputs to bypass safety guidelines, conduct prompt hacking, or attempt to jailbreak AI systems.
4.5 AI Bias Monitoring
You must monitor AI-generated outputs for potential bias or discrimination and report identified bias to security@syntari.ai. Implement human review processes for decisions affecting protected groups.
4.6 Model Extraction Prohibition
You may NOT attempt to extract, copy, or replicate Syntari AI models, conduct model inversion attacks, reverse engineer model architectures, or use our API to train competing models without authorization.
4.7 AI-Generated Content Attribution
When AI-generated content is used in contexts where human authorship is reasonably assumed, you must clearly disclose that content is AI-generated and identify the model used.Data and Content Requirements
5.1 Data Classification
You must properly classify data according to its sensitivity:
Classification Requirements
Public No special handling required
Internal Standard access controls
Confidential Restricted access, encryption
Restricted Strictest controls, encryption, audit logging
5.2 Sensitive Data Processing
Processing of sensitive and special category data through AI features is restricted. You may NOT process personal data revealing racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or criminal convictions through AI without strict controls and legal basis.
5.3 Data Responsibilities
You are responsible for ensuring you have the right to upload all data, data is accurate and appropriate for intended use, data complies with privacy laws, and data does not violate third-party rights.Industry-Specific Requirements
6.1 Healthcare
REQUIRED: Comply with HIPAA, execute BAA before processing PHI, implement appropriate safeguards, ensure HIPAA-compliant AI features are used.
PROHIBITED: Using AI to make final clinical decisions without physician oversight, processing PHI without agreements, sharing health information without authorization, using non-HIPAA-compliant features.
6.2 Financial Services
REQUIRED: Comply with SEC/FINRA/FDIC regulations, implement required protections, maintain audit trails, validate AI recommendations before providing to clients.
PROHIBITED: Providing investment advice without licensing, using AI for market manipulation, processing payment card data outside PCI DSS, making fully automated investment decisions.
6.3 Employment Decisions
REQUIRED: Comply with equal employment opportunity laws, provide notices about AI use, maintain human oversight of automated decisions, regularly audit for bias.
PROHIBITED: Fully automated hiring decisions without human review, using AI to discriminate based on protected characteristics, using biased training data, failing to disclose AI use.
6.4 Credit and Financial Eligibility
REQUIRED: Comply with FCRA and Fair Lending laws, provide adverse action notices, implement human review and appeals, conduct regular bias auditing.
PROHIBITED: Fully automated credit scoring without human verification, credit decisions without required disclosures, discriminatory AI models, failing to honor right-to-explain requirements.
6.5 Government and Public Sector
REQUIRED: Comply with government procurement rules, meet required security standards (FedRAMP, CMMC), ensure transparency in AI use.
PROHIBITED: Processing classified information without authorization, using AI for prohibited surveillance, violating constitutional rights.
6.6 Education
REQUIRED: Comply with FERPA, obtain required parental consents for minors, provide disclosures about AI use, implement safeguards for student data.
PROHIBITED: Processing student data for prohibited purposes, using AI to discriminate in educational opportunities, facilitating academic dishonesty.Shadow AI and Unauthorized Tools
7.1 Shadow AI Definition
Shadow AI refers to unauthorized use of external AI tools (ChatGPT, Claude, Gemini, etc.) to process Syntari data, intellectual property, or confidential information. This poses significant risks including data exposure, regulatory violations, and loss of control.
7.2 Shadow AI Prohibition
You may NOT use unauthorized external AI tools to process, analyze, or summarize Syntari data, feed Customer Data into public AI services, process confidential business information through external platforms, use external AI to generate content based on Syntari data, or share prompts containing Syntari data with external services.
7.3 Consequences
Unauthorized use of external AI tools may result in immediate account suspension, termination of Services, data loss, regulatory fines, notification to authorities, and liability for resulting data breaches.Security Requirements
8.1 Account Security
You must use strong passwords (minimum 12 characters), enable multi-factor authentication, protect credentials, report compromises immediately, conduct periodic access reviews, and revoke access for departing users.
8.2 Access Management
You must implement role-based access control with least privilege principle, conduct regular access reviews (at least quarterly), and maintain segregation of duties for sensitive operations.
8.3 Incident Response
You must promptly report security incidents, data breaches, account compromise, discovered vulnerabilities, and suspected policy violations to security@syntari.ai.Security Research Program
9.1 Responsible Disclosure
Syntari AI welcomes responsible security research. Security research is permitted only with prior written authorization from security@syntari.ai. Testing is limited to authorized systems, and you must not access or delete data.
9.2 Vulnerability Reporting
Report vulnerabilities to security@syntari.ai with proof-of-concept if possible. Do not publicly disclose until 90 days have passed. Expect acknowledgment within 48 hours.
9.3 Disclosure Timeline
Day 1: Report received and acknowledged. Day 7: Triage and impact assessment. Day 30: Status update. Day 60: Remediation date communicated. Day 90: Public disclosure authorized if not resolved.
9.4 AI Misuse Reporting
Report evidence of AI being used to generate prohibited content, suspected AI bias or discrimination in outputs, AI hallucinations causing material harm, misuse of AI features by others, or adversarial attacks against AI systems to abuse@syntari.ai or security@syntari.ai.Monitoring and Enforcement
10.1 Enforcement Actions
For violations, we may take enforcement actions based on severity:
Severity Actions
Minor Warning, education, monitoring
Moderate Temporary suspension (7-30 days)
Serious Extended suspension (30-90 days)
Severe Permanent termination, legal action
10.2 Appeal Process
If your account is suspended or terminated, you may appeal by emailing legal@syntari.ai within 30 days with a detailed explanation and evidence. Decisions will be communicated within 15 business days.Reporting Violations
11.1 How to Report
Report violations to:
Abuse: abuse@syntari.ai
Security: security@syntari.ai
Legal: legal@syntari.ai
Web Form: www.syntari.ai/report-abuse
11.2 What to Include
Include description of violation, relevant URLs or account information, date and time, supporting evidence, and your contact information.
11.3 Confidentiality
We will protect reporter identity, investigate promptly, take appropriate action, not retaliate against good-faith reporters, and provide status updates.EU AI Act and Regulatory Compliance
12.1 EU AI Act Prohibited Practices
Users must comply with EU AI Act prohibited practices including cognitive behavioral manipulation, exploitation of children, social scoring, biometric categorization, law enforcement AI without safeguards, facial recognition without authorization, and emotion recognition restrictions.
12.2 High-Risk AI Systems
For high-risk use cases under EU AI Act, ensure risk assessment, data quality, transparency, human oversight, accuracy, robustness, cybersecurity standards, and bias monitoring.
12.3 Export Control
You must comply with U.S. Export Administration Regulations, OFAC sanctions, and local export laws. You may NOT export Services to embargoed countries, provide access to sanctioned parties, or use Services for prohibited end-uses.
12.4 Data Localization
If subject to data localization requirements, contact legal@syntari.ai to discuss options, ensure data residency requirements are met, and comply with local data sovereignty requirements.Compliance Certifications
13.1 Our Compliance
Syntari AI maintains compliance with SOC 2 Type 2, ISO 27001, HIPAA, GDPR, CCPA/CPRA, CMMC 2.0, and FedRAMP standards.
13.2 Your Obligations
You must ensure your use complies with all applicable frameworks, regulations, contractual obligations, this AUP, and applicable laws in your jurisdictions.Changes to This Policy
14.1 Updates
We may update this AUP to address new threats, clarify provisions, add prohibited activities, comply with new regulations, or enhance security measures.
14.2 Notice
Material changes will be communicated at least 30 days in advance. Continued use constitutes acceptance. You may terminate if you disagree with material changes.
14.3 Version History
Version Date Changes
3.0 February 23, 2026 EU AI Act compliance, Shadow AI prohibition, AI safety, enhanced security research
2.0 January 22, 2026 AI-specific provisions, healthcare/finance/employment usesContact Information
15.1 General Inquiries
Email: legal@syntari.ai
Mail: Syntari AI, Inc., 855 Boylston Street, Suite 1000, Boston, MA 02116
15.2 Report Violations
Abuse: abuse@syntari.ai
Security: security@syntari.ai
Web: www.syntari.ai/report-abuse
15.3 Security Research
Email: security@syntari.ai
Subject: "SECURITY VULNERABILITY DISCLOSURE"
This Acceptable Use Policy v3.0 is incorporated by reference into our Terms of Service.
For complete terms, visit www.syntari.ai/legal
© 2026 Syntari International, Inc. All rights reserved.
Syntari® is a registered trademark of Syntari International, Inc.