Acceptable Use Policy

1. Purpose and Scope

This Acceptable Use Policy ("AUP") governs the use of the Swirls platform ("Service") operated by ByteSlice, LLC. ("Company," "we," "us," or "our"). This AUP applies to all users of the Service, including individuals, organizations, and any person who accesses the Service on behalf of an organization ("you" or "Customer").

This AUP is incorporated into and forms part of the Terms of Service available at swirls.ai/terms-of-service ("Terms"). Capitalized terms used but not defined in this AUP have the meanings given to them in the Terms. In the event of a conflict between this AUP and the Terms, the Terms shall prevail unless this AUP imposes a stricter obligation, in which case this AUP shall prevail.

This AUP applies to all deployment modes of the Service, including the Swirls cloud-hosted platform, the Swirls CLI tool, and self-hosted deployments of the Service. References to the "Service" encompass all of these modes unless the context indicates otherwise.

2. Prohibited Activities: Illegal Use

You shall not use the Service for any purpose that is unlawful under applicable federal, state, local, or international law or regulation. Prohibited illegal uses include, without limitation:

• Using the Service to commit, facilitate, plan, finance, or promote any criminal offense, including fraud, identity theft, extortion, money laundering, or violations of export control or sanctions laws.
• Using the Service in violation of applicable export control and sanctions laws, including U.S. Export Administration Regulations ("EAR") and the sanctions programs administered by the Office of Foreign Assets Control ("OFAC"). You represent that you are not located in a country subject to U.S. government embargo and that you are not listed on any U.S. government restricted-party list, including the Specially Designated Nationals ("SDN") list.
• Using the Service to process, store, or transmit data in violation of applicable data protection or privacy law, including without limitation the GDPR, UK GDPR, and CCPA/CPRA.
• Using the Service to facilitate or conduct unlawful surveillance, tracking, or monitoring of individuals without their knowledge or lawful authorization.
• Using the Service to operate in any jurisdiction in which the Service, or your use thereof, is prohibited by law.

3. Prohibited Activities: Intellectual Property Infringement

You shall not use the Service in a manner that infringes, misappropriates, or violates the intellectual property rights of any third party, including without limitation:

• Reproducing, distributing, or publicly displaying copyrighted material without authorization from the rights holder or a lawful basis such as fair use or an applicable license.
• Using the Service to generate content that copies, reproduces, or substantially reproduces third-party copyrighted works in a manner that exceeds fair use or other applicable legal exceptions.
• Using trademarks, service marks, trade names, or other proprietary designations of third parties in a manner that is likely to cause confusion or that constitutes trademark infringement.
• Misappropriating trade secrets or confidential information of third parties through the use of the Service.
• Using the Service to scrape, extract, or aggregate data from third-party websites or services in violation of their terms of service, robots.txt directives, the Computer Fraud and Abuse Act (CFAA), or applicable law.

4. Prohibited Activities: Security Violations

You shall not use the Service in a manner that compromises or attempts to compromise the security or integrity of any system, network, or data, including without limitation:

• Attempting to gain unauthorized access to any part of the Service, other Customer accounts, third-party systems, computer networks, or data, whether by probing, scanning, testing for vulnerabilities, or any other means.
• Circumventing or attempting to circumvent authentication, authorization, access controls, or security mechanisms of the Service or of any third-party system.
• Using the Service to deploy, host, distribute, or execute malware, ransomware, trojans, spyware, adware, botnets, keyloggers, rootkits, or any other malicious code.
• Interfering with or disrupting the integrity or performance of the Service, its infrastructure, or data contained therein, including by injecting malicious inputs, exploiting platform vulnerabilities, or attempting to compromise the Service's cryptographic controls or key management infrastructure.
• Using the Service to conduct or facilitate phishing, credential harvesting, social engineering attacks, or other deceptive security attacks against any party.
• Intercepting, tampering with, or monitoring communications of other users of the Service without authorization.
• Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code, underlying algorithms, or security architecture of the Service.

5. Prohibited Activities: Abuse and Resource Abuse

You shall not use the Service in a manner that constitutes abuse of the platform or imposes an unreasonable or disproportionate burden on the Service or its infrastructure, including without limitation:

• Submitting excessive numbers of requests, running workflows at volumes that materially exceed normal use patterns, or otherwise intentionally generating load that degrades Service performance for other users.
• Conducting or facilitating denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against the Service or any third-party system.
• Using the Service to mine cryptocurrency or perform computationally intensive operations unrelated to the legitimate use of agentic AI workflows for which the Service is designed.
• Circumventing usage limits, Execution Credit caps, rate limits, or billing controls through the creation of multiple accounts, account sharing, technical manipulation, or any other means.
• Using the Service through automated means, bots, scripts, or crawlers in a manner that circumvents rate limits or that exceeds reasonable use, except where such access is made through the Service's official API, CLI, or documented integrations.

6. Prohibited Activities: Attacks and Harm to Third Parties

You shall not use the Service to attack, harm, or adversely affect third parties, including without limitation:

• Using agentic workflows to conduct, facilitate, or automate attacks against third-party systems, networks, or services, including automated vulnerability exploitation, credential stuffing, or account takeover attacks.
• Using the Service to scrape, harvest, or aggregate personal data from third-party sources without a lawful basis and the necessary authorizations, or to build unauthorized databases of personal information.
• Using the Service to send unsolicited bulk communications, spam, or automated messaging to individuals without their consent or in violation of applicable anti-spam laws (including the CAN-SPAM Act, CASL, or equivalent legislation).
• Using the Service to automate or amplify targeted harassment, stalking, intimidation, or threats directed at individuals or organizations.
• Using the Service to interfere with the lawful operation of third-party websites, services, or systems, including through excessive automated requests that exceed those sites' published rate limits or terms of service.

7. Prohibited Activities: AI-Specific Misuse and Harmful Content

You shall not use the Service to generate, distribute, or facilitate the creation of content or AI outputs that are harmful, unlawful, or violate the rights of third parties, including without limitation:

• Generating child sexual abuse material (CSAM) or any other sexual content involving minors. This prohibition is absolute and applies regardless of whether such content is AI-generated, synthetic, or otherwise.
• Generating content designed to facilitate or constitute defamation, unlawful harassment, targeted threats, or non-consensual intimate imagery (including deepfakes).
• Using the Service to generate, automate, or distribute disinformation, synthetic propaganda, or coordinated inauthentic content at scale with the intent to deceive or manipulate public discourse.
• Generating malware, exploit code, phishing templates, or other content designed to facilitate cybercrime or unauthorized access to systems.
• Using the Service for practices prohibited under the EU AI Act, including subliminal manipulation techniques that exploit vulnerabilities of persons to distort their behavior, social scoring systems used to evaluate or classify natural persons in ways that lead to detrimental treatment, and real-time remote biometric identification in publicly accessible spaces for law enforcement purposes, except where expressly permitted by law.
• Deploying AI-generated outputs in high-risk contexts (including medical diagnosis, legal advice, financial decisions, or safety- critical systems) without appropriate human oversight, validation, and compliance with applicable legal requirements.
• Using AI-generated outputs to misrepresent the involvement of a human in decisions or communications that affect individuals' legal rights, financial circumstances, health, or safety, in violation of applicable law.
• Using the Service to automate unlawful surveillance of individuals, build profiles of individuals without lawful basis, or facilitate the violation of individuals' privacy rights.

8. Prohibited Activities: Misrepresentation and Unauthorized Resale

You shall not engage in misrepresentation or unauthorized commercial exploitation of the Service, including without limitation:

• Impersonating ByteSlice, LLC., the Swirls brand, any Company employee, or any other person or entity in a way that is misleading or deceptive.
• Representing that you have a relationship with the Company that you do not have, including representing that you are an authorized reseller or partner without a written agreement to that effect.
• Reselling, sublicensing, or otherwise making the Service available to third parties as a standalone product or service without the Company's prior written consent. White-label or OEM arrangements require a separate written agreement with the Company.
• Using the Service to build a competing product or service that substantially replicates the functionality of the Service, or to benchmark the Service for competitive purposes without the Company's prior written consent.

9. Compliance with Third-Party Provider Policies

Swirls connects to LLM and AI providers that you configure in your workflow definitions. You are responsible for ensuring that your use of the Service, including the workflows you build and the inputs you submit to third-party providers, complies with those providers' terms of service, acceptable use policies, and content policies. Violation of a provider's policies through your use of the Service is a violation of this AUP.

The Company does not screen, filter, or limit the content you submit to third-party providers through your workflow definitions beyond the restrictions set out in this AUP. You bear sole responsibility for the content of your workflow inputs and for the downstream use of workflow outputs.

10. Enforcement

The Company reserves the right to investigate any suspected violation of this AUP. In connection with such an investigation, the Company may review workflow definitions, execution logs, and other usage data associated with the account, subject to the protections described in the Privacy Policy.

Upon determining, in its sole reasonable discretion, that a violation of this AUP has occurred or is occurring, the Company may take any one or more of the following actions without prior notice:

• Issue a warning to the account holder.
• Temporarily suspend or throttle access to the Service or to specific features of the Service.
• Terminate the Customer's account and all associated access, effective immediately.
• Remove, disable, or quarantine workflows, content, or data associated with the violation.
• Cooperate with law enforcement authorities, regulatory bodies, or other third parties investigating the conduct that prompted the enforcement action, including disclosing information about the account as required by applicable law or court order.
• Seek injunctive or other equitable relief to prevent or restrain continuing violations.

The Company shall not be liable to you or any third party for any enforcement action taken in good faith in accordance with this AUP, including without limitation account suspension or termination, removal of content, or cooperation with law enforcement.

Enforcement actions are subject to the termination provisions of the Terms of Service. For violations that the Company reasonably determines present an immediate risk of harm to the Service, other users, or third parties, the Company may act without advance notice. In all other cases, the Company will make reasonable efforts to notify the account holder before taking action.

11. Reporting Violations

If you become aware of any use of the Service that you believe violates this AUP, please report it to the Company at [email protected]. Reports should include a description of the suspected violation and any information that would assist the Company in investigating the matter.

The Company will review all reports submitted in good faith and will take such action as it determines appropriate in its discretion. The Company is not obligated to act on every report or to disclose the outcome of any investigation to the reporting party.

12. Changes to This Policy

The Company may update this AUP from time to time as the Service evolves and as new risks are identified. We will notify you of material changes by email or through the Service at least thirty (30) days before the changes take effect. Continued use of the Service after the effective date of any update constitutes your acceptance of the revised AUP. If you do not agree with the changes, you must stop using the Service and terminate your account before the effective date.

13. Contact

To report violations of this AUP, contact [email protected].

For general questions about this AUP or the Terms of Service, contact us at [email protected].

For security inquiries and vulnerability reports, contact [email protected].