Acceptable Use Policy

This Acceptable Use Policy ("AUP") defines the standards of conduct expected of all users of GlobiGuard. It is incorporated into and forms part of the Terms of Service. Violation may result in immediate suspension or termination without refund.

1. Permitted Use

GlobiGuard is licensed for use as an AI governance layer in enterprise workflows. Permitted use includes: inspecting data before it is sent to AI models, applying enforcement policies, routing decisions to human reviewers, generating audit and compliance records, and testing integration logic in the Sandbox with simulated, non-real data.

2. Prohibited Use

2.1 Unlawful Data Processing

• Processing the personal data of individuals without a lawful basis under GDPR, CCPA, HIPAA, GLBA, or equivalent law
• Processing data for which you are not the authorised controller or processor
• Processing data in jurisdictions where you do not hold required authorisations

2.2 Circumventing Governance Controls

• Attempting to bypass, disable, or reverse-engineer GlobiGuard's enforcement logic, policy engine, or audit trail
• Routing data through GlobiGuard to produce a compliant-appearing audit log while the underlying activity is non-compliant
• Suppressing, falsifying, or deleting audit records before they have fulfilled their retention purpose
• Using the API to pre-screen data for the purpose of evading other compliance tools

2.3 Security Threats

• Conducting penetration testing or vulnerability scanning without prior written consent
• Transmitting malware, ransomware, spyware, or any malicious code
• Attempting to gain unauthorised access to any GlobiGuard system or another customer's data
• Exploiting any security vulnerability without responsible disclosure to [email protected]

2.4 Misrepresenting GlobiGuard's Role

• Representing to regulators, auditors, or customers that GlobiGuard guarantees regulatory compliance
• Using GlobiGuard output as a substitute for independent legal or compliance advice
• Marketing your product as "certified compliant" solely on the basis of using GlobiGuard without independent verification

2.5 Sandbox Misuse

• Submitting real personal data (real names, SSNs, policy numbers, medical record numbers, financial account details) to the demo sandbox
• Using the sandbox in production workflows where real decisions affecting real individuals are made
• Sharing sandbox credentials with individuals outside your organisation

2.6 Platform Abuse

• Using GlobiGuard in connection with AI systems that produce content intended to harm, harass, discriminate against, or deceive individuals
• Sending excessive API requests that constitute a denial-of-service attack
• Reselling, sublicensing, or white-labelling GlobiGuard access without a written commercial agreement

3. Regulated Industry Obligations

• Healthcare (HIPAA): You must execute a Business Associate Agreement (BAA) with GlobiGuard before processing Protected Health Information through the platform. Contact [email protected] to request a BAA.
• Financial services (GLBA, NY DFS): You remain solely responsible for your information security programme. GlobiGuard does not substitute for your required third-party risk management obligations.
• EU/UK (GDPR): The Data Processing Agreement must be in place before deploying GlobiGuard in workflows that process EU or UK personal data.
• Technology / SaaS (SOC 2, ISO 27001): If your organisation is subject to SOC 2 or ISO 27001 obligations, you are responsible for ensuring that your use of GlobiGuard is incorporated into your own information security management system and audit programme. GlobiGuard is designed to support — not replace — your compliance controls.
• EU AI Act (High-Risk AI Systems): If you deploy GlobiGuard in connection with AI systems classified as high-risk under the EU AI Act, you remain solely responsible for meeting all obligations applicable to providers and deployers of such systems, including risk management, transparency, human oversight, and conformity assessments.

3A. AI Detection Risk Acknowledgment

By using GlobiGuard, you acknowledge that:

• AI-based detection (including PII identification, policy enforcement, and content classification) has inherent limitations and may produce false positives (flagging data that is not sensitive) or false negatives (failing to detect data that is sensitive).
• Detection accuracy depends on configuration, data format, language, and deployment environment. No AI detection system can guarantee 100% accuracy.
• You should not rely solely on GlobiGuard for compliance with applicable laws and regulations. GlobiGuard is designed to assist with — not replace — your compliance programme, internal controls, and independent legal counsel.
• You are responsible for validating GlobiGuard's outputs, testing detection policies against your specific data types, and maintaining supplementary safeguards appropriate to your risk profile.

4. API Key Security

• Never commit API keys to version control
• Never embed production API keys in client-side code or public repositories
• Rotate keys immediately if you suspect compromise and notify [email protected]
• Use environment variables or a secrets manager for all production deployments

GlobiGuard is not liable for data exposure or billing resulting from your failure to secure credentials.

5. Reporting Violations

• Security vulnerabilities: [email protected] (responsible disclosure; we request 90 days before public disclosure)
• AUP violations: [email protected]

6. Consequences of Violation

Depending on severity, GlobiGuard may: issue a written warning; suspend access pending investigation; terminate the account without refund; report activity to law enforcement or regulatory authorities; or seek injunctive relief or damages.

7. Contact

[email protected]
GlobiGuard — Globi Explore, Inc. · Georgia, United States