This Acceptable Use Policy (“AUP” or “Policy”) governs your use of the services, platform, and products provided by Datafi Labs, Inc., a Delaware corporation (“Datafi,” “we,” “our,” or “us”). This Policy applies to all users of the Datafi platform, including Studio, Control Tower, Sentinel, and Orchestrate modules, as well as all associated APIs, documentation, and support services (collectively, the “Services”).
This AUP is incorporated by reference into Datafi’s Terms of Service. By accessing or using the Services, you agree to comply with this Policy. Capitalized terms not defined herein have the meanings set forth in the Terms of Service.
1. Purpose and Scope
The purpose of this Acceptable Use Policy is to establish clear guidelines for the appropriate use of Datafi’s Services and to protect the integrity, security, and availability of the platform for all users. This Policy applies to all individuals and entities that access the Services, including Customers, Authorized Users, administrators, and any third parties who access the Services on behalf of a Customer.
This Policy covers all use of the Datafi platform, including but not limited to: data ingestion, transformation, and storage through Studio; governance, compliance, and access management through Control Tower; security monitoring and threat detection through Sentinel; and workflow automation and orchestration through Orchestrate.
Datafi reserves the right to modify this Policy at any time. Your continued use of the Services following any changes constitutes acceptance of the updated Policy.
2. Permitted Uses
The Services are intended for lawful business and organizational purposes. Permitted uses include, but are not limited to:
- Connecting, ingesting, transforming, and analyzing data from authorized data sources using Studio.
- Configuring and managing data governance, access controls, compliance rules, and audit trails through Control Tower.
- Monitoring data pipelines, detecting anomalies, and managing security alerts using Sentinel.
- Building, deploying, and managing automated workflows and AI-driven processes through Orchestrate.
- Developing and deploying machine learning models, AI agents, and analytics applications within the platform.
- Accessing Datafi APIs and documentation in accordance with applicable rate limits and usage guidelines.
- Collaborating with Authorized Users within your organization’s workspace, subject to the permissions and roles established by your account administrator.
- Integrating third-party tools and services with the platform through supported connectors and APIs, provided such integrations comply with this Policy and applicable laws.
3. Prohibited Conduct
You agree not to use the Services in any manner that violates this Policy, the Terms of Service, or any applicable law or regulation. The following categories of conduct are strictly prohibited.
3.1 General Prohibitions
- Using the Services for any unlawful, fraudulent, or deceptive purpose.
- Violating any applicable local, state, national, or international law or regulation, including data protection and privacy laws such as GDPR, CCPA, and HIPAA.
- Infringing or misappropriating the intellectual property rights of any third party, including copyrights, trademarks, trade secrets, and patents.
- Impersonating any person or entity, or falsely claiming an affiliation with any person or entity.
- Selling, reselling, sublicensing, or otherwise providing access to the Services to any third party without prior written consent from Datafi.
- Using the Services to develop a competing product or service, or for benchmarking or competitive analysis purposes.
3.2 Security Violations
- Attempting to gain unauthorized access to the Services, other users’ accounts, or any systems or networks connected to the Services.
- Circumventing, disabling, or otherwise interfering with any security features, authentication mechanisms, or access controls of the platform.
- Probing, scanning, or testing the vulnerability of any system or network associated with the Services without prior written authorization from Datafi.
- Deploying or distributing malware, viruses, trojan horses, ransomware, spyware, or any other malicious code through the Services.
- Attempting to reverse engineer, decompile, disassemble, or otherwise derive the source code of the platform or any component thereof.
- Exploiting any bug, vulnerability, or error in the Services rather than reporting it to Datafi’s security team.
- Forging any TCP/IP packet header or any part of the header information in any email, API request, or posting.
3.3 Network Abuse
- Engaging in any activity that disrupts, degrades, impairs, or interferes with the Services, servers, or networks connected to the Services.
- Launching denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against the platform or any connected infrastructure.
- Exceeding published API rate limits, or using automated scripts or bots in a manner that places an unreasonable burden on the platform’s infrastructure.
- Flooding the platform with requests, data uploads, or other traffic intended to overwhelm system resources.
- Intercepting, monitoring, or modifying network traffic not intended for your account or workspace.
- Using the Services to operate open proxies, open mail relays, or open recursive domain name servers.
3.4 Content Restrictions
- Uploading, storing, transmitting, or processing content that is unlawful, harmful, threatening, abusive, harassing, defamatory, obscene, or otherwise objectionable.
- Storing or processing data that you do not have the legal right to collect, use, or transmit, including data obtained without proper consent or in violation of privacy laws.
- Using the Services to store or distribute child sexual abuse material (CSAM) or any content that exploits minors.
- Uploading or processing data classified at a higher security level than the Services are certified to handle, unless explicitly authorized under your Order Form.
- Storing payment card data (PCI data) in a manner that violates PCI-DSS requirements, unless your subscription includes PCI-compliant features and you have received written confirmation from Datafi.
3.5 AI-Specific Misuse
- Using AI features within the platform, including those available through Orchestrate and Studio, to generate content intended to deceive, manipulate, or defraud individuals or organizations.
- Deploying AI models or agents through the Services that make automated decisions in high-risk domains (such as healthcare, criminal justice, employment, or financial lending) without appropriate human oversight and review mechanisms.
- Training AI models on data that you do not have the right to use for that purpose, or using the Services to circumvent data licensing restrictions.
- Using AI capabilities to generate deepfakes, synthetic media designed to mislead, or content that impersonates real individuals without their consent.
- Building or deploying AI systems through the platform that discriminate against individuals based on protected characteristics such as race, gender, religion, national origin, disability, or age.
- Using AI features to conduct mass surveillance, social scoring, or profiling activities that violate applicable privacy and civil rights laws.
- Circumventing or attempting to bypass any safety guardrails, content filters, or usage restrictions built into Datafi’s AI features.
- Using AI capabilities within the Services to develop biological, chemical, nuclear, or radiological weapons, or to further any activities that constitute a threat to public safety.
4. System and Network Security
Users of the Services are responsible for maintaining the security of their own systems, accounts, and credentials. The following security requirements apply to all users:
- Credential management. You must use strong, unique passwords for your Datafi account and enable multi-factor authentication (MFA) when available. Account credentials must not be shared between individuals.
- Access controls. Account administrators are responsible for configuring appropriate roles and permissions through Control Tower, applying the principle of least privilege, and promptly deactivating accounts for users who no longer require access.
- API key security. API keys and authentication tokens must be stored securely and must not be embedded in client-side code, public repositories, or any location accessible to unauthorized parties. Compromised keys must be revoked and rotated immediately.
- Integration security. Third-party integrations must be configured in accordance with security best practices. You are responsible for ensuring that data shared with third-party services through platform integrations complies with your obligations under this Policy and applicable data protection laws.
- Incident reporting. You must promptly notify Datafi at [email protected] of any known or suspected security breach, unauthorized access, or compromise involving your account or the Services.
- Compliance. You must comply with all applicable security requirements specified in your Order Form, including any industry-specific standards such as SOC 2, ISO 27001, HIPAA, or FedRAMP, as applicable to your subscription tier.
5. Email and Messaging
The Services may include email notifications, in-platform messaging, alert systems, and other communication features. The following rules apply to all communications sent through or facilitated by the Services:
- You must not use the Services to send unsolicited commercial messages (spam), bulk emails, or phishing communications.
- You must not use the Services to distribute chain letters, pyramid schemes, or any form of deceptive communication.
- All email communications sent through the Services must comply with the CAN-SPAM Act, GDPR, and any other applicable anti-spam and electronic messaging laws.
- You must not forge, alter, or manipulate email headers, sender addresses, or other identifying information in messages sent through the platform.
- Alert and notification configurations within Sentinel and Orchestrate must not be used to harass, threaten, or send abusive communications to any individual.
- You must not use automated workflows or AI agents within the platform to generate and send messages at a scale or frequency that constitutes spam or that degrades the platform’s messaging infrastructure.
6. Reporting Violations
Datafi encourages the responsible reporting of any activity that may violate this Policy. If you become aware of any conduct that you believe constitutes a violation of this Acceptable Use Policy, please report it promptly using one of the following methods:
- Email: Send a detailed report to [email protected], including the nature of the violation, any relevant evidence (such as timestamps, screenshots, or log excerpts), and the identities of the parties involved, if known.
- Security issues: For reports involving security vulnerabilities or breaches, contact [email protected] directly.
- In-platform reporting: Where available, use the reporting features within the platform to flag content or activity that violates this Policy.
Datafi will review all reports in a timely manner and will take appropriate action as described in Section 7 below. We will not retaliate against any user who reports a violation in good faith.
7. Enforcement and Consequences
Datafi reserves the right to investigate any suspected violation of this Policy and to take any action we deem appropriate, in our sole discretion, to enforce this Policy and protect the integrity and security of the Services. Enforcement actions may include, but are not limited to:
- Warning. Issuing a written warning to the user or Customer, specifying the nature of the violation and the required corrective action.
- Temporary suspension. Suspending access to the Services, in whole or in part, pending the completion of an investigation or the implementation of corrective measures.
- Content removal. Removing, disabling access to, or requiring the removal of any data, content, or configurations that violate this Policy.
- Account termination. Permanently terminating access to the Services, including the deletion of associated data, in cases of severe or repeated violations.
- Legal action. Pursuing civil or criminal legal remedies, including seeking injunctive relief, damages, or cooperating with law enforcement authorities as required by law.
The severity of the enforcement action will depend on the nature, gravity, and duration of the violation, any prior history of violations, and the degree of cooperation shown by the user in resolving the issue. Datafi may, at its discretion, provide an opportunity to cure a violation before taking further action, but is not obligated to do so.
Termination or suspension of access under this Policy does not relieve the Customer of any payment obligations under the applicable Terms of Service or Order Form.
8. Changes to This Policy
Datafi reserves the right to modify this Acceptable Use Policy at any time. When we make material changes, we will update the “Effective date” at the top of this page and provide notice through one or more of the following methods: posting a prominent notice on the Datafi website, sending an email notification to the account administrator on file, or displaying an in-platform notification.
Changes become effective on the date stated in the updated Policy unless otherwise specified. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Policy. If you do not agree to the revised Policy, you must discontinue use of the Services.
We encourage you to review this Policy periodically. For reference, previous versions of this Policy are available upon request by contacting [email protected].
If you have any questions about this Acceptable Use Policy, need to report a violation, or require additional information, please contact us:
For information about how we collect, use, and protect your personal data, please refer to our Privacy Policy. For the full terms governing your use of the Services, please refer to our Terms of Service.
