Acceptable Use Policy

Scope — who this Policy applies to

Please carefully review this Policy, which applies to any and all of the following:

• (a) uses of our Services (as defined in the Legal Terms);
• (b) forms, materials, consent tools, comments, posts, and all other content available on the Services ("Content"); and
• (c) responsible use of AI orchestration features within our Services, including routing to third-party AI APIs configured with your credentials.

Who we are

We are Bohdan Matviichuk ("Company," "we," "us," or "our"), operating as a business registered in Poland at ul. Dziewanny 21/19, 20-539 Lublin. We operate the website https://planvault.ai (the "Site"), as well as any other related products and services that refer or link to this Policy (collectively, the "Services").

Use of the Services — relationship to our Legal Terms

The authoritative list of prohibited activities is maintained in Section 6 (PROHIBITED ACTIVITIES) of our Legal Terms at https://planvault.ai/terms, and is incorporated into this Policy by reference. To avoid contractual drift, this Policy deliberately does not restate that list; in the event of any apparent inconsistency between this Policy and the Legal Terms, the Legal Terms prevail.

In addition to Section 6 of the Legal Terms, and reflecting our role as an AI API Gateway and orchestration platform, you warrant that you will not:

• Configure, upload, or route traffic with API credentials, OAuth tokens, or signing keys belonging to any third party that you are not authorized to use (including use of another customer's bring-your-own-key credentials or credentials obtained without the owner's consent).
• Use the Services to scan, probe, fuzz, enumerate, exploit, or conduct any form of offensive security testing against systems, APIs, or endpoints that you do not own or for which you do not have prior written authorization from the system owner.
• Attempt to circumvent, bypass, or defeat PlanVault's outbound URL validation, SSRF protections, or network egress controls — including by chaining redirects to internal addresses, relying on DNS rebinding, or using orchestration features to probe networks you do not own or lack written authorization to test.
• Abuse orchestration, webhook, or runtime-execution features to generate, relay, or exfiltrate content that constitutes command-and-control (C2) traffic, malware droppers, phishing infrastructure, or unauthorized data-extraction pipelines.
• Circumvent organization-, project-, or key-level budget caps, quota enforcement, rate limits, or cost-control mechanisms — including by creating multiple organizations or accounts under false pretences, by resharing scoped API keys outside their documented scope, or by intentionally fragmenting workloads to avoid quota accounting.
• Use the Services to impersonate PlanVault, any of our customers, or our subprocessors, or to misrepresent your authority to act on behalf of an organization that you do not legitimately administer.
• Violate the separate acceptable-use or content policies of the third-party AI providers you connect under the bring-your-own-key model (for example, OpenAI, Anthropic, Google LLC (Google Cloud AI)); those providers' policies continue to apply to all traffic routed through your keys, and a violation of their policies is also a violation of this Policy.
• Use our audit, export, or GDPR-operations endpoints to extract personal data beyond the scope of your own organization or your own end-user record, or to reconstruct data sets you are not otherwise authorized to access.

AI orchestration and third-party models

PlanVault provides orchestration and infrastructure; we are not the operator of third-party foundation models. Those models are provided by vendors you connect using your credentials, and their terms govern your relationship with them. You warrant that you will not use our Services to route or process requests that:

• Deploy AI techniques that utilize subliminal, manipulative, or deceptive methods designed to distort behavior and impair informed decision-making, particularly when such actions cause significant harm to individuals.
• Exploit vulnerabilities related to age, disability, or socio-economic circumstances through AI in a way that distorts behavior or decision-making, especially if this results in significant harm to the individual.
• Use AI systems for biometric categorization that infer sensitive attributes such as race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation, except in limited cases, such as labeling or filtering lawfully acquired datasets, or specific law enforcement activities.
• Implement AI-based social scoring systems that evaluate or classify individuals or groups based on their social behavior or personal traits in a manner that causes harm, discrimination, or unfair treatment.
• Assess the risk of an individual committing criminal offenses based solely on profiling, personality traits, or other non-behavioral factors, except in narrowly defined circumstances where legal safeguards are in place.
• Compile facial recognition databases through untargeted scraping of facial images from the internet, social media, or CCTV footage, unless it is part of a legally compliant and narrowly defined purpose.
• Use AI to infer emotions in sensitive environments such as workplaces, educational institutions, or any other context where such analysis could lead to discrimination, unfair treatment, or privacy violations.
• Engage in real-time remote biometric identification in public places for law enforcement purposes, except in specific situations where there are strong legal justifications and oversight mechanisms.

Customer Workloads and Runtime Content

PlanVault is a B2B infrastructure platform. We do not operate user-facing forums, public profiles, or community features. "Customer Workloads and Runtime Content" refers to the prompts, tool and schema definitions, uploaded files, embeddings, retrieved documents, webhook payloads, and data routed to or returned from third-party APIs during execution of your orchestrated workflows through the Services.

You are responsible for ensuring that you have all rights, consents, and a lawful basis (including under GDPR and other applicable data-protection laws) to submit to the Services, and to route through the Services, all Customer Workloads and Runtime Content. In particular, you warrant that:

• You will not submit to, generate through, or route through the Services any content that is unlawful, infringing, defamatory, harassing, deceptive, sexually exploitative (including CSAM), or otherwise prohibited under applicable law or Section 6 of our Legal Terms.
• You will not use the Services' automation, webhook, or runtime-execution features to propagate malware, phishing infrastructure, spam, disinformation campaigns, or other malicious payloads — whether targeting your own end users, third parties, or other customers of the Services.
• You will not submit or generate content whose primary purpose is to exploit, harass, intimidate, or harm identifiable individuals or groups, or that would unlawfully discriminate on the basis of protected characteristics.
• You will respect the confidentiality, privacy, intellectual-property, and security obligations you owe to your own end users, business partners, and third parties whose data you route through the platform, including any contractual restrictions imposed by the upstream AI providers you connect under bring-your-own-key.
• Where Customer Workloads contain personal data of end users of your integration, you act as the data controller under Applicable Data Protection Law and PlanVault acts as a processor on your documented instructions, as further described in the Data Processing Agreement at https://planvault.ai/dpa.

Artificial intelligence — platform role

We recognize that AI-related features can have a significant impact on users and society. PlanVault provides AI orchestration capabilities; we do not train or host third-party foundation models for you, and we do not control model weights or outputs from vendors you connect with your own keys.

This Policy applies to AI-related features accessed through our Services. It sets expectations for lawful use of our platform in connection with automated or AI-assisted workflows. It does not replace your obligations under your agreements with third-party AI providers or applicable law.

Administrators, developers, and anyone who configures integrations or credentials must comply with this Policy and ensure their organization’s use of the Services remains lawful.

Enforcement

Misuse of AI-related features or failure to adhere to the standards in this Policy may result in action to protect the integrity of our platform and other users. Consequences may vary depending on the nature and severity of the violation and your history with our Services.

Violations may include, but are not limited to:

• Using AI-related features or the Services in ways that violate user privacy, manipulate data, disregard ethical guidelines, or breach applicable AI service providers’ terms of use.
• Deploying AI through our Services in a manner that introduces or causes prohibited bias or unfair treatment where such use is unlawful or breaches this Policy.
• Improper handling, storage, or use of data that leads to breaches of trust or legal compliance.
• Using AI-related features in a way that compromises the privacy and security of our systems, data, or users.

Actions we may take

Depending on the violation, Bohdan Matviichuk may take one or more of the following actions:

• Warnings: The responsible party may receive a formal warning and be required to cease violating practices.
• Temporary suspension: In cases of repeated or more severe violations, access to AI-related features or certain parts of the platform may be temporarily suspended while the issue is investigated.
• Termination of access: Serious violations, particularly those that result in harm to users or breach privacy or other regulations, may lead to permanent termination of access to the Services.
• Legal action: In cases where misuse leads to significant harm, data breaches, or legal violations, we may pursue legal action, including reporting to law enforcement or regulatory bodies.
• Public disclosure: For incidents that impact public trust or involve severe breaches, we reserve the right to disclose the violation and responsive actions where appropriate and lawful.

Responsible use and updates to this Policy

We take misuse reports seriously and may enforce this Policy as described above. We do not control third-party model weights, training data, or outputs; you must ensure that traffic you route through our Services and your use of external AI APIs comply with applicable law and your agreements with those providers.

At Bohdan Matviichuk, we are committed to refining this Policy as technology and regulation evolve. We will regularly review and update this Policy to reflect changes that remain relevant and aligned with best practices. Updates will be indicated by the date at the top of this page.

Consequences of breaching this Policy

The consequences for violating this Policy will vary depending on the severity of the breach and your history on the Services. By way of example: we may, in some cases, give you a warning; however, if your breach is serious or you continue to breach our Legal Terms and this Policy, we have the right to suspend or terminate your access to and use of the Services and, if applicable, disable your account. We may also notify law enforcement or issue legal proceedings when we believe there is a genuine risk to an individual or a threat to public safety.

We exclude our liability for all action we may take in response to any of your breaches of this Policy, to the extent permitted by applicable law.