Skip to content
Legal · Policy

Acceptable Use Policy

Apik Systemsv1.0

This Acceptable Use Policy (the “AUP”) governs the use of Apik Systems products, APIs, and services by customers, developers, partners, and end users (collectively, “you”). It is the use-case companion to our Responsible Development Policy, which governs how we build the underlying systems. The AUP governs how those systems may be used.

The AUP is structured in three tiers, modeled on a now-standard pattern in the field:12 universal standards that apply to everyone, additional requirements for high-risk use cases, and additional guidelines for specific contexts. Each tier adds, rather than replaces, the obligations of the tier above it.

We update this policy as products, capabilities, and the threat landscape evolve. The current version, prior versions, and the full changelog are public. The version applicable to your use is the version in effect at the time of use.

1. Universal usage standards

The following are prohibited on Apik Systems products, APIs, and services without exception. These prohibitions apply regardless of customer tier, product, deployment configuration, or contractual override. They apply to direct use, agentic use, automated pipelines, and use as components of derivative systems. They apply to inputs and to outputs.

You may not use our products, services, or APIs to:

Generate child sexual abuse material or content sexualizing minors. This includes, without limitation, depictions, descriptions, role-play, “loophole” framings purporting to involve fictional or aged-up minors where the underlying intent is to depict children sexually, and any output whose effect is to sexualize a person who is, or is depicted as, a minor. There is no permissible artistic, educational, or research framing for this category.

Produce operational instructions for weapons capable of mass casualties. This includes, without limitation, synthesis routes, acquisition strategies, weaponization protocols, and deployment tactics for chemical, biological, radiological, or nuclear weapons. The prohibition covers operational uplift, not general scientific literacy: a system explaining how vaccines work is not in scope; a system providing a step-by-step synthesis of a nerve agent is. Where the line is unclear, we err on the side of refusing.

Conduct attacks against critical infrastructure. This includes, without limitation, intrusion, disruption, sabotage, or operational interference targeting power grids, water systems, transit, financial systems, hospitals, emergency services, or telecommunications. It includes reconnaissance and capability development directed at such targets. Authorized defensive security research conducted by an entity with documented standing to test the system in question is not within scope; everything else is.

Develop or operate lethal autonomous weapons targeting humans. This includes systems whose function is the selection and engagement of human targets without meaningful human control. This is a use-case prohibition, not a research-topic prohibition: discussion of the policy and ethics of autonomous weapons is permissible; building or operating one is not.

Manipulate elections or suppress voters. This includes, without limitation, generation of fabricated speech or imagery attributed to real political figures, candidates, or election officials; coordinated production of synthetic political content designed to be passed off as organic; targeting strategies designed to discourage lawful voting; impersonation of election authorities; and the production of fabricated election-administration material (ballots, instructions, polling-place information).

Operate systems that systematically violate fundamental human rights. This includes, without limitation, mass surveillance directed at journalists, dissidents, human-rights defenders, or members of protected groups; profiling pipelines whose purpose is to identify members of a protected group for adverse action; and any application contributing to genocide, ethnic cleansing, or persecution as defined under international law.

Conduct targeted harassment or generate non-consensual intimate imagery. This includes, without limitation, the generation of sexual imagery depicting an identifiable real person without their consent; “doxing” pipelines that aggregate and publish private identifying information; and coordinated harassment operations targeting an individual.

Generate disinformation at scale, intentionally and deceptively. “At scale” is operationalized as: production designed for distribution that is automated, paid, or coordinated, and where the producer knows the content to be false or misleading. Honest disagreement, satire that does not deceive, and journalism that is wrong in good faith are not in scope. Coordinated inauthentic operations are.

Violate privacy. This includes, without limitation, unauthorized aggregation of personally identifiable information; biometric profiling of identifiable individuals without consent or other lawful basis; circumvention of privacy controls; reconstructing identities from de-identified data; and unauthorized re-identification.

Develop or distribute malware. This includes, without limitation, ransomware, destructive payloads, credential-stealing software, persistence mechanisms designed to evade defenders, and toolchains intended for unauthorized access. Authorized red-team and offensive-security research, conducted by an entity with documented authorization for the target environment, is not in scope; everything else is.

These prohibitions are non-exhaustive. We reserve the right to enforce against use cases that, in our considered judgment, fall within the spirit of these prohibitions even where they fall outside their letter. Where possible, we will document such enforcement so future versions of this policy can be more specific.

2. High-risk use cases — additional requirements

The following use cases are permitted, but only with additional safeguards. These additional requirements operate on top of the universal standards in Section 1, not in place of them.

For each high-risk category, you must, at minimum, satisfy the requirements listed. We reserve the right to require additional measures on a per-customer basis where our risk assessment warrants.

If you use our products to provide legal information or guidance to end users, or to make or materially inform decisions affecting individuals’ legal rights (immigration, housing, employment, criminal-justice, family law, or comparable):

  • Human-in-the-loop. A licensed legal professional must review outputs that constitute legal advice before they reach the end user, or the product must clearly position itself as legal information rather than legal advice and refrain from rendering case-specific judgments.
  • AI disclosure. End users must be told they are interacting with an AI system and that its output is not a substitute for advice from a qualified attorney.
  • Audit logging. Inputs, outputs, and any human review steps must be logged with sufficient fidelity to support after-the-fact review.
  • Jurisdiction. Where outputs are jurisdiction-specific, the system must surface the limits of its training and recency.

2.2 Medical diagnosis or treatment recommendations

If you use our products to render medical diagnoses, treatment recommendations, or guidance that an end user could reasonably rely on for a clinical decision:

  • Professional licensure. A licensed clinician must be in the loop for diagnosis or treatment recommendations affecting an identified patient, or the product must operate strictly as a non-diagnostic information tool with that limit prominently disclosed.
  • AI disclosure. End users must be told they are interacting with an AI system and that its output is not a substitute for professional medical advice, diagnosis, or treatment.
  • Crisis surfacing. Inputs indicating acute medical or psychiatric crisis must trigger surfacing of appropriate emergency resources.
  • Audit logging. Inputs, outputs, and any clinician review steps must be logged with sufficient fidelity to support clinical-quality and regulatory review.

2.3 Financial advice, credit, employment, and other consequential decisions

If you use our products to provide individualized financial advice, to make or materially inform credit decisions, to make or materially inform employment decisions (hiring, firing, promotion, scheduling), or to make decisions affecting access to housing, insurance, or government benefits:

  • Human-in-the-loop. A qualified human reviewer must be in the loop for any decision that adversely affects an individual.
  • AI disclosure. Affected individuals must be told that AI is involved in the decision process and must be given access to a human-review channel.
  • Adverse-action explanation. Where a decision adversely affects an individual, the individual must receive an explanation that, at minimum, identifies the principal factors driving the decision.
  • Bias monitoring. Operators must implement and document ongoing monitoring for disparate impact on protected groups, and must be prepared to suspend the system on detection of material disparities.
  • Audit logging. Inputs, outputs, reviewer actions, and decision outcomes must be logged with sufficient fidelity to support fair-lending, employment-law, and regulatory review.

2.4 Critical-infrastructure operations

If you use our products in the operation of critical infrastructure (power, water, transit, finance, telecommunications, hospitals, emergency services):

  • Default position. Direct control of safety-critical actuation by an autonomous system is not permitted.
  • Carve-out. Safety-monitoring assistive use, in which the system surfaces information, anomalies, or recommendations to qualified human operators who retain decision authority, is permitted, subject to the requirements below.
  • Human authority. Final authority over safety-affecting actions must rest with qualified human operators.
  • Failure modes. Operators must document the system’s failure modes and define safe-state behavior on system unavailability.
  • Audit logging. All recommendations, actions, and operator overrides must be logged with sufficient fidelity to support post-incident review and regulatory inspection.

3. Additional guidelines

These guidelines apply across products and use cases. They reflect commitments we ask of all users and that we operationalize in our products where feasible.

3.1 Election integrity

In any context related to elections, candidates, election officials, or election administration:

  • No impersonation. You may not generate content that impersonates a real political figure, candidate, election official, or election authority in a manner likely to deceive.
  • AI disclosure on political communications. Communications produced or materially shaped by AI and distributed in connection with an election must include a clear AI-involvement disclosure, in a format consistent with applicable law and platform standards.
  • Targeting thresholds. Automated, individualized political communication targeting more than 1,000 distinct individuals per operator per 24-hour period requires advance notification to Apik Systems and is subject to additional review.
  • No fabricated election-administration material. You may not generate ballots, polling-place instructions, voter-registration material, or election-result content that could be mistaken for official communication.

3.2 Mental health and crisis contexts

In any context where end users may be in mental-health distress or crisis:

  • Surface professional resources. The system must surface appropriate professional and emergency resources, in the user’s locale where determinable, on detection of crisis indicators.
  • No clinician impersonation. The system may not represent itself as a licensed mental-health professional, nor may it use clinician credentials, titles, or affirmations of standing it does not have.
  • Sensitive defaults. Defaults must err on the side of safety: encouraging help-seeking, avoiding directive guidance on self-harm, and avoiding extended unsupervised companion-style interaction with users showing acute risk.

3.3 Deepfakes and synthetic media

For synthetic media depicting identifiable real people:

  • Consent. Synthetic depiction of an identifiable person requires the documented consent of that person, except in clearly bounded cases of public-interest reporting or commentary that would be lawful under standard journalistic and satirical practice in the relevant jurisdiction.
  • Provenance metadata. Where technically feasible, synthetic media must carry provenance metadata indicating its synthetic origin (for example, content credentials consistent with the Coalition for Content Provenance and Authenticity standard).
  • Provenance preservation. Pipelines that ingest, transform, or distribute media must preserve, rather than strip, provenance metadata.
  • No non-consensual intimate imagery. Reiterated from Section 1: synthetic intimate imagery of an identifiable person without their consent is prohibited without exception.

3.4 Children and education

For products and contexts involving children, or operating in educational settings:

  • Age-gating. Products knowingly serving users under 13 (or the applicable local age threshold) must implement age verification and operate under appropriate child-protection standards.
  • Content controls. Operators must implement content controls appropriate to the audience and must default to the more restrictive setting where the audience is mixed.
  • No data exploitation. Data from children may not be used for ad-targeting, profiling, or training without consent meeting the standard of the applicable jurisdiction.
  • Educator authority. In educational settings, qualified educators retain authority over instructional content and assessment.

3.5 High-volume autonomous operation

For deployments in which an Apik Systems product takes autonomous actions at scale (sending communications, performing transactions, interacting with third-party systems):

  • Rate limits. Operators must respect product-level rate limits and must implement their own rate limits where the use case warrants.
  • Identity verification. Operators must verify the identity of the natural or legal person responsible for the deployment.
  • Audit trail. All autonomous actions must be logged with sufficient fidelity to attribute every action to the originating deployment.
  • Containment. Operators must define the scope of authorized action and must implement containment mechanisms preventing the system from acting beyond that scope.

4. Enforcement

Detection. We detect violations through a combination of automated monitoring of platform signals (consistent with our privacy and data-handling commitments), customer reporting, third-party reporting, and our own review.

Reporting. Suspected violations may be reported to security@apiksystems.com. Reports may be made anonymously. We commit to acknowledging substantive reports within 5 business days.

Investigation. On receipt of a credible report, we conduct an internal review proportionate to the seriousness and credibility of the report. Where review involves access to customer data, that access is logged, scoped to the minimum necessary, and conducted under our standard data-handling commitments.

Consequences. Confirmed violations may result in any of: warning, mandatory remediation, suspension of access, termination of access, contract termination, and referral to law enforcement or other authorities where legally required or warranted by the seriousness of the violation. The choice of consequence reflects the severity of the violation, the customer’s response, and any pattern of prior conduct. For violations within Section 1, immediate suspension is the default response.

Right of appeal. Customers subject to enforcement action have the right to appeal in writing within 30 days. Appeals are reviewed by a person not involved in the original decision. Appeal outcomes are written and reasoned.

Transparency. We will publish aggregated enforcement statistics annually, including the number of reports received, actions taken by category, and notable categorical patterns. The transparency report will not name customers, but it will not omit categories of violation merely because they are commercially inconvenient to disclose.

5. Updates and versioning

This policy is versioned on the same model as our Responsible Development Policy. Major versions reflect substantive changes to the prohibitions, requirements, or enforcement structure. Minor versions reflect clarifications and corrections.

The current version applies to your use as of its effective date. Material changes will be communicated to active customers in advance of taking effect, with a transition period proportionate to the change. Prior versions remain accessible. The full changelog is public.

VersionDateNotes
v1.02026-04-25Initial publication.

— Apik Systems · April 2026

Footnotes

  1. Anthropic, Acceptable Use Policy, referenced as a structural and methodological exemplar for tiered usage standards in frontier AI products.

  2. OpenAI, Usage Policies and Preparedness Framework, referenced as further examples of categorical use-case governance and capability-conditional deployment.

Related across the site
Safety
Safety Principles
Foundational positions on alignment, control, and oversight for frontier systems.
Safety
Responsible Development Policy
Versioned commitments on capability thresholds, evaluations, and deployment gating.
Safety
Transparency
Model reports, system cards, and incident disclosures.
Legal
Terms of Service
The terms that govern your use of the Apik Systems website and products.