Acceptable Use Policy
Last Updated: February 23, 2026 Effective Date: Upon acceptance of the Master Service Agreement
1. Purpose
This Acceptable Use Policy (“AUP”) defines the boundaries of permitted and prohibited use of Tacitus Systems infrastructure, including Cloud Bridge and Cortex services. This AUP is incorporated into the Master Service Agreement by reference.
For definitions of capitalized terms, refer to the Master Service Agreement, Section 2.
2. Permitted Use
Tacitus Systems infrastructure is designed for use by professionals in any industry — including legal, medical, engineering, finance, and other fields — for the purpose of AI-assisted document analysis, search, and knowledge management.
Customer may use the infrastructure to:
- Upload and process business documents within the scope of Customer’s professional activities.
- Generate AI-assisted analyses, summaries, and research outputs.
- Manage organizational knowledge through the vector search and retrieval system.
- Administer user accounts and access controls within Customer’s authorized user base.
3. Prohibited Uses
Customer agrees not to use Tacitus Systems infrastructure to:
3.1 Illegal Activities
- Generate, store, process, or distribute content that violates Polish law, European Union law, or the laws of any applicable jurisdiction.
- Facilitate, plan, or support criminal activity.
- Process personal data without a valid legal basis under GDPR or applicable data protection law.
3.2 Security Violations
- Develop automated tools for malicious cyber activities, including malware, ransomware, or exploit kits.
- Attempt to circumvent, bypass, or probe the single-tenant isolation mechanisms of Cloud Bridge.
- Attempt to access other Customers’ data, infrastructure, or encrypted volumes.
- Reverse-engineer, decompile, or disassemble the Semantic Brain inference logic, API Gateway, or any proprietary component of the Tacitus Systems software stack.
- Tamper with the physical chassis of a Cortex unit without written authorization from Tacitus Systems.
- Disable, circumvent, or interfere with the Watchdog monitoring service, chassis intrusion detection (when deployed), or USB lockdown mechanisms.
3.3 Resource Abuse
- Use Tacitus Systems infrastructure for cryptocurrency mining, distributed computing projects, or workloads unrelated to the contracted services.
- Run unauthorized third-party software, operating systems, or services on Cortex hardware.
- Deliberately overload the system to degrade performance or test resilience without prior written authorization.
3.4 Commercial Violations
- Resell, sublicense, or share access to Tacitus Systems infrastructure with third parties without prior written authorization.
- Circumvent billing mechanisms, usage limits, or licensing restrictions.
- Use the infrastructure to develop a competing product or service.
- Systematically extract or harvest Tacitus Systems’ proprietary algorithms, prompts, or system architecture.
3.5 Data Integrity
- Upload content for the purpose of manipulating or poisoning the AI’s outputs for malicious ends.
- Deliberately introduce corrupted, malformed, or adversarial files designed to exploit the ingestion pipeline.
- Host third-party personal data without the appropriate legal basis and data subject consent.
4. Enforcement
4.1 Investigation
Tacitus Systems reserves the right to investigate suspected violations of this AUP. For Cloud Bridge, investigation may include review of Instance Telemetry (not Customer Data) to identify anomalous resource usage patterns.
For Cortex units, Tacitus Systems has no access to Customer Data and cannot investigate content-level violations. Where Tacitus Systems has reasonable grounds to suspect a violation, it may require Customer to:
- Submit a Flight Recorder diagnostic bundle. The Flight Recorder generates an automatically PII-redacted, GPG-encrypted diagnostic log from the appliance. Tacitus Systems may review system health metrics, software versions, and service logs contained in the bundle — but not Customer Data, which is protected by Customer-held encryption keys.
- Ship the unit to Tacitus Systems for physical inspection. Physical inspection is limited to hardware-level examination (chassis integrity, component authenticity, firmware verification). Tacitus Systems does not access Customer Data during hardware inspection; the encryption architecture ensures that Customer Data remains inaccessible to Tacitus Systems even when the unit is in its possession.
Tamper-related enforcement is governed by the Hardware Lease Terms, Section 7 (Shield Protocol). Customer Data remains inaccessible to Tacitus Systems throughout any investigation, as Customer holds the sole decryption keys.
4.2 Remedies
Upon determination of an AUP violation, Tacitus Systems may, at its discretion:
| Severity | Response |
|---|---|
| Minor (first occurrence, non-malicious) | Written notice with 14-day cure period |
| Moderate (repeated violation or significant impact) | Temporary service suspension with 7-day cure period |
| Severe (illegal activity, security breach, intentional harm) | Immediate service termination and Security Lockout (Cortex) |
4.3 Due Process
Before taking enforcement action (except in cases of illegal activity or imminent security threat), Tacitus Systems will: (a) provide written notice describing the suspected violation, (b) allow Customer a reasonable opportunity to respond, and (c) consider Customer’s response before determining the appropriate remedy.
4.4 No Liability for Enforcement
Tacitus Systems shall not be liable for any damages arising from the suspension or termination of services due to a confirmed AUP violation.
5. Reporting
To report a suspected violation of this AUP or a security concern:
Email: contact@tacitussystems.com
6. Contact
For questions about this Acceptable Use Policy:
Tacitus Systems Ul. KrĂłtka 7 97-200 TomaszĂłw Mazowiecki Poland Email: contact@tacitussystems.com