The line between use and abuse.

This Acceptable Use Policy ("AUP") applies to anyone who uses the Verdict service in any capacity — Customer, end user, developer, agent (human or autonomous), prospect, evaluator, or visitor. It applies to all components of the Service: hosted endpoints, MCP server, APIs, SDKs, verdict-bench CLI, documentation, support channels, and any related artifact.

You may not, and may not permit any third party to:

• Violate law, regulation, or third-party rights, or facilitate any such violation through the Service.
• Infringe, misappropriate, or dilute intellectual property, including by submitting copyrighted material you do not have rights to.
• Harass, threaten, defame, or stalk any person.
• Engage in deceptive practices, including impersonation, fraud, phishing, social engineering, or false attribution.
• Provide false information to Verdict in onboarding, support, billing, or compliance interactions.
• Use the Service in a jurisdiction or for an end use prohibited by U.S. export law, sanctions, or trade controls.
• Use the Service to develop a competing product by re-implementing the SER specification beyond what Apache 2.0 permits, or by deriving competitive intelligence from non-public materials we share under NDA.

The Service is not to be used for:

• Generating, training, fine-tuning, or evaluating models intended to produce CSAM, non-consensual intimate imagery, or content sexualizing minors.
• Generating biometric identifiers or scraping biometric data for identification of individuals in public spaces.
• Manipulating individuals or groups using sub-perceptual or deceptive techniques in ways that cause material psychological or financial harm.
• Real-time emotion or affect inference of individuals in workplaces or educational institutions.
• Social scoring of individuals by public authorities that produces detrimental treatment outside of the original context.
• Predictive policing of individuals based solely on profiling.
• Operating an AI system in a way that violates the prohibited-practices provisions of the EU AI Act (Art. 5) or analogous laws in your jurisdiction.
• Producing dangerous biological, chemical, radiological, or nuclear material design or synthesis instructions.
• Producing cyberweapons, malware, or exploit code intended for unauthorized intrusion into systems you do not own and are not authorized to test.
• Producing or operating systems that present themselves as a licensed professional (physician, attorney, accountant, financial advisor, therapist) without clear disclosure that they are AI and without the human professional review required by the Service's Terms.

You may not:

• Seal fabricated or backdated events as if they were authentic AI agent actions.
• Misrepresent the source of an event — for example, attributing an event to a model, system, or actor that did not produce it.
• Tamper with timestamps to make events appear to have occurred at a time other than when they were actually submitted.
• Operate a sealing pipeline outside the audit boundary you represented to Verdict in your Order.
• Use the FRE 902(14) certification template, EU AI Act Article 12 logging language, or insurer schema artifacts to make claims you know to be false about the underlying agent action.
• Reverse-engineer, forge, or substitute the Verdict HSM-signed Merkle root or Rekor anchor.

You may not use the Service to:

• Engage in the unauthorized practice of law (UPL) in any jurisdiction — i.e., presenting AI output as legal advice to a third party, or providing legal services through the Service to someone other than yourself unless you are a licensed attorney in the relevant jurisdiction.
• File AI-generated work product (briefs, motions, declarations, evidence summaries) with any court, tribunal, regulator, or government body without attorney verification and any required disclosure of AI assistance under the rules of that forum.
• Misrepresent the Verdict service to a court, tribunal, regulator, or opposing party — including by claiming guarantees of admissibility, coverage, or compliance that the Service does not provide (see Terms § 8).
• Use the Service in violation of professional-responsibility rules in your jurisdiction (ABA Model Rules 1.1, 1.6, 3.3, 5.5, and equivalents).

You may not:

• Exceed published rate limits, or attempt to circumvent them through multiple accounts, IP rotation, or other evasion.
• Probe, scan, or test the vulnerability of the Service, or breach security or authentication, except as authorized in writing by Verdict or under the responsible-disclosure policy in § 8.
• Submit malicious payloads (malware, exploits, prompt-injection campaigns against Verdict-hosted models) or content designed to disrupt the Service.
• Scrape, harvest, or enumerate Service endpoints, the Rekor public log via our infrastructure, or Customer data.
• Attempt to exfiltrate model weights, training data, system prompts, internal evaluation rubrics, or other non-public Verdict infrastructure through any mechanism — including via crafted MCP requests, side-channel timing, or social engineering of personnel.
• Re-host or proxy the Service to third parties without a written reseller or partner agreement.
• Use the Service to send unsolicited bulk communications or otherwise originate spam.

The Service is not a content-distribution platform, but where you transmit content through it, you may not transmit:

• CSAM or content sexualizing minors.
• Non-consensual intimate imagery.
• Content that incites imminent violence against a person or identifiable group.
• Content that violates the privacy or publicity rights of an identifiable individual without lawful basis.
• Classified U.S. government information or ITAR-controlled technical data, unless we have agreed in writing to receive it under appropriate clearances and controls.
• Payment card data subject to PCI DSS, unless we have agreed in writing.

Good-faith security testing is welcome under our coordinated-disclosure policy. Report findings to security@verdict.systems with reproduction steps and an impact assessment. We will acknowledge within 72 hours, confirm or dispute within 10 business days, and credit researchers who follow the policy. Do not publicly disclose unresolved vulnerabilities; do not access or modify data that is not yours. See our /security page for the full policy.

Report suspected AUP violations to abuse@verdict.systems with sufficient detail to identify the conduct, the actor (if known), and the time. For legal demands (subpoenas, takedown notices, government requests), use the channels in /legal-inquiries. For DMCA notices, use the channel in /dmca.

When we identify a violation, our default response is the proportional minimum sufficient to stop the violation and prevent recurrence, applied in this escalating order:

1. Notice and opportunity to cure for technical or first-time violations, with a defined cure window.
2. Suspension of the offending feature, key, integration, or account, with notice where lawful.
3. Termination of the Order and all related access, with the consequences described in Terms § 12.

We may skip steps where the violation is severe, ongoing, or creates immediate harm — for example, evidence-integrity violations (§ 4), CSAM, active intrusion attempts, or violations that present material legal risk to Verdict or other customers. We may also report unlawful conduct to law enforcement and provide them with information as required by law, consistent with /legal-inquiries.