Acceptable Use Policy
Effective date: 2026-05-07 Version: 0.1 (pre-lawyer-review draft)
Pending legal review. This document was drafted in good faith from standard SaaS templates and Homaic's constitutional commitments. It will be reviewed by counsel before Homaic's public launch.
This Acceptable Use Policy (the "AUP") is part of the Terms of Service. It describes what you may not do with Homaic. Violations of the AUP are violations of the Terms.
1. What you may not do
The following uses of the Service are prohibited.
1.1 Fraud and deception
- Create fake or fraudulent property records to deceive an insurer, lender, buyer, tenant, contractor, or any other third party.
- Use the brief generator, decision records, or share-token surfaces to misrepresent a property's condition, history, or ownership.
- Use Homaic to facilitate insurance fraud, mortgage fraud, deed fraud, tax fraud, real estate fraud, or any other unlawful misrepresentation.
- Falsify maintenance records, service event histories, contractor relationships, or warranty documentation.
1.2 Processing data you do not have rights to
- Use Mode A AI to extract or structure data from documents you do not have the right to use (for example, processing a neighbor's records, an employer's confidential documents, or third-party content under copyright that you have no license to).
- Upload third-party content under copyright that you have no license to redistribute through the Service.
- Use the share-token flow to share another person's data without their consent.
1.3 Abuse of the API and MCP integration
- Use the API or the MCP integration to scrape, harvest, or re-publish data from third parties in violation of those parties' terms of service.
- Use the API or MCP integration as a pass-through proxy to re-sell Homaic's AI capacity to other users.
- Build a competing product using the API or MCP integration in a way that materially relies on Homaic's hosted infrastructure rather than the AGPL self-hosted option.
1.4 Circumventing limits and isolation
- Attempt to circumvent the rate limits, AI quotas, or feature gates of your tier.
- Attempt to access another user's data, bypass row-level security, or escalate privileges.
- Attempt to exploit, fingerprint, or otherwise probe the Service in a way that is not part of an authorized security disclosure (see §3 below).
1.5 Illegal content
- Upload or transmit content that is unlawful in your jurisdiction or in the United States, including but not limited to: child sexual abuse material (CSAM), content that incites imminent violence, malware, or content used to facilitate a credible criminal threat.
- Use the Service to harass, threaten, or stalk a person.
1.6 Network and operational abuse
- Run a denial-of-service attack against the Service or use the Service to attack a third party.
- Send unsolicited bulk communications using the share-token flow or any other Service surface.
- Attempt to introduce malware into the Service or into the systems of a third party who interacts with the Service through your account.
1.7 Brand and trademark abuse
- Use the Homaic name, wordmark, or logo to identify a modified or competing service in a way likely to cause confusion. (See Terms §9.3.)
2. Consequences
Homaic responds to AUP violations on a graduated ladder. Where the violation is correctable and not egregious, Homaic will give you a reasonable opportunity to correct it before escalating.
| Severity | Response |
|---|---|
| Minor / first-time / correctable | Notice to the email on file with a request to correct the behavior. Quotas may be reduced temporarily. |
| Repeat or moderate | Account suspension with a defined return path (correct the behavior, acknowledge the AUP). |
| Egregious or unlawful | Permanent account termination, data preservation only as required by law, referral to law enforcement where appropriate. |
Egregious violations (CSAM, credible threats, security attacks, fraud) trigger immediate termination without warning. In all cases, Homaic preserves the minimum data required by applicable law and purges the rest per the Privacy Policy §5.
3. Reporting
3.1 Reporting an AUP violation
If you observe a violation of this AUP, contact abuse@homaic.io. Include enough detail for Homaic to investigate (account, share-token, content, screenshots if applicable). Homaic does not disclose the identity of reporters to the reported party except as required by law.
3.2 Reporting a security vulnerability
If you have found a security vulnerability in the Service, do not exploit it beyond what is necessary to demonstrate the vulnerability, and disclose it to security@homaic.io. Homaic operates a coordinated-disclosure process; we will acknowledge receipt within 5 business days and work with you on a remediation timeline. Good-faith security research is welcomed and is not a violation of this AUP.
[LAWYER REVIEW NEEDED] — formal safe-harbor language for security researchers (Hackerone-style) to be added at counsel review.
4. Updates
Homaic may update this AUP from time to time. Material changes are subject to the same 30-day notice rule as the Terms (Terms §12). The version history is maintained at /aup and in the source repository.
Version history
- 0.1 — 2026-05-07 — Initial pre-lawyer-review draft, authored as part of Phase 5 Sub-Session 5B.psi. Pending counsel review before public launch.