AUP

Acceptable Use Policy

Last updated 2026-04

This Acceptable Use Policy ("AUP") applies to everyone who uses PersonaMesh — directly through the Studio, programmatically via the API/SDKs, or as an end user of a customer's persona. Violations may result in immediate suspension or termination. Persistent or egregious violations are reported to the relevant authorities.

Identity & disclosure

  • Personas must disclose AI status when directly asked. Customers may configure "required" (default), "on-request", or "never" — but "never" requires a separately executed amendment with us.
  • Do not build a persona that represents a real, identifiable person without that person's documented, ongoing consent. Verified consent is a hard prerequisite for "real-person" personas.
  • Do not use personas to impersonate brands, organizations, or officials.

Prohibited content & uses

  • Child sexual abuse material (CSAM) — zero tolerance.
  • Content that incites violence, self-harm, or a credible threat against any person or group.
  • Targeted harassment of an individual.
  • Generation or distribution of malware, exploits, or instructions for committing fraud.
  • Discrimination prohibited by law (housing, employment, credit, public accommodation).
  • Election interference — automated targeted political messaging that misrepresents its source.
  • Synthetic intimate imagery of a real person without verified consent.
  • Practicing medicine, law, or financial advice as if licensed in the user's jurisdiction without an appropriate licensed professional in the loop.

Platform integrity

  • Do not use the Service to train competing model providers or to scrape its outputs at scale for that purpose.
  • Do not bypass rate limits, budget caps, or safety classifiers.
  • Do not deliberately attempt to extract another customer's data or persona spec.
  • Respect declared tool egress allowlists — do not exfiltrate via permissive webhook targets you control.
  • Do not use the Service to generate or send unsolicited bulk communications (spam).

Security responsibilities

  • Treat API keys like passwords — keep them out of source control and revoke them when compromised.
  • Report security issues to security@personamesh.ai. See our security page for the disclosure timeline.
  • Do not test someone else's PersonaMesh deployment without their written permission.

Reporting violations

If you encounter a persona or use of the Service that violates this AUP, email abuse@personamesh.ai. We respond within one business day and investigate; serious violations are actioned within 24 hours of confirmation.

Enforcement

For minor violations we contact the workspace owner and request remediation. For material or repeated violations we suspend the workspace and may terminate the account. For violations of law we cooperate with appropriate authorities under valid legal process.

Changes

We post material changes at least 30 days before they take effect, with notice to workspace owners by email. Continued use after the effective date constitutes acceptance.