Acceptable Use Policy
Last updated: 14 June 2026
This Acceptable Use Policy forms part of the SUNURA Terms and Conditions and applies to access to and use of the SUNURA website, platform, dashboards, APIs, widgets, scanners, disclosure workflows, proof-capture functions, evidence records, public verification pages, exports, integrations, documentation, and related services.
SUNURA provides operational software for AI disclosure workflows, evidence records, proof capture, public verification pages, and evidence exports. SUNURA is not a law firm and does not provide legal advice, legal representation, regulatory certification, conformity assessment, audit certification, or a guarantee that any customer is compliant with applicable law.
By using the Services, the Customer agrees to use them lawfully, accurately, securely, and responsibly.
1. Scope
This Acceptable Use Policy applies to all Customers, users, administrators, developers, agencies, contractors, clients, API users, integration users, and other persons who access or use the Services through a Customer account, workspace, API key, integration, deployment snippet, or authorized environment.
The Customer is responsible for all activity under its account, including activity by authorized users, unauthorized users who obtain access through the Customer’s systems, administrators, contractors, clients, agents, API keys, integrations, scripts, and connected services.
2. Lawful and responsible use
The Services may be used only for lawful, accurate, transparent, secure, and non-misleading AI disclosure operations, evidence-record workflows, proof-capture activities, public verification workflows, scanner use, API automation, and related compliance-operation purposes.
The Customer must comply with all applicable laws, regulations, contractual obligations, platform rules, intellectual-property rights, privacy obligations, cybersecurity obligations, consumer-protection rules, advertising rules, employment rules, sector-specific requirements, and professional obligations that apply to its use of the Services.
The Customer must not use the Services to create, support, conceal, justify, evidence, or promote unlawful, deceptive, harmful, abusive, discriminatory, fraudulent, infringing, exploitative, unsafe, or misleading activity.
3. No legal-advice, certification, or compliance misrepresentation
The Customer must not represent SUNURA outputs as legal advice, a legal opinion, regulatory approval, a conformity assessment, certification, audit certification, official compliance approval, legal sign-off, or a guarantee of compliance.
The Customer must not state or imply that SUNURA has certified, approved, endorsed, audited, legally validated, or guaranteed the Customer’s AI system, website, application, content, disclosure notice, legal position, or compliance status.
SUNURA outputs, including disclosure templates, labels, classifications, control matrices, evidence records, scanner results, dashboard statuses, reports, exports, public verification pages, and API responses, are operational records and workflow aids only.
The Customer remains responsible for legal interpretation, legal review, deployment choices, disclosure content, AI-system configuration, user-facing notices, data-protection compliance, platform compliance, and real-world implementation.
4. No misuse of evidence records
The Customer must not alter, remove, falsify, backdate, forge, manipulate, conceal, or misrepresent evidence records, proof identifiers, public verification pages, screenshots, DOM captures, hashes, notices, reports, exports, audit artifacts, scanner outputs, timestamps, API events, or verification results.
The Customer must not use the Services to create false evidence that a disclosure notice, AI label, public verification page, scanner result, API event, proof capture, or compliance workflow existed, rendered, passed, or operated when it did not.
The Customer must not use SUNURA evidence records to mislead regulators, auditors, lawyers, clients, users, consumers, platforms, investors, business partners, public authorities, or any other third party about the Customer’s actual AI deployment, disclosure practice, labelling practice, content practice, public verification status, or operational compliance controls.
5. AI, synthetic content, biometric, and emotion-recognition workflows
The Customer must not use the Services to support, conceal, justify, or evidence unlawful use of AI systems, synthetic content, deepfakes, AI-generated public-interest text, biometric categorization, emotion recognition, surveillance, profiling, automated decision-making, or other regulated AI workflows.
The Customer is responsible for determining whether its AI systems, content, disclosures, notices, labels, evidence records, and deployment practices comply with applicable law.
The Customer must not use the Services to create misleading AI disclosures, hide the use of AI where disclosure is required, falsely label human-generated content as AI-generated, falsely label AI-generated content as human-generated, or misrepresent the origin, nature, purpose, risk, or legal status of AI-generated or AI-manipulated content.
The Customer must not use SUNURA outputs to avoid human review, legal review, editorial responsibility, platform duties, user-notice obligations, or regulatory obligations that apply to the Customer.
6. Data restrictions
Unless expressly agreed in writing, the Customer must not intentionally submit to the Services:
- special categories of personal data;
- criminal-offence data;
- children’s data;
- health data;
- biometric templates;
- government identifiers;
- payment-card numbers;
- passwords;
- private keys;
- secrets;
- confidential authentication tokens;
- highly confidential third-party data;
- data that the Customer is not legally permitted to process;
- data that is unnecessary or excessive for the selected SUNURA workflow.
- The Customer must avoid unnecessary personal data in screenshots, DOM captures, URLs, labels, notes, evidence records, public verification pages, scanner inputs, support messages, exports, API payloads, integration payloads, and workspace metadata.
- The Customer remains responsible for redaction, minimization, access control, lawful basis, notices, consents, data-subject rights, retention, deletion, and other privacy requirements for Customer Data submitted to or generated through the Services.
7. Security and platform integrity
The Customer must not attempt to bypass authentication, authorization, rate limits, billing limits, plan limits, export limits, usage controls, security controls, logging controls, evidence-integrity controls, public verification controls, workspace restrictions, API restrictions, or technical safeguards.
The Customer must not probe, scan, attack, overload, disrupt, reverse engineer, decompile, scrape, abusively benchmark, stress test, interfere with, or exploit SUNURA systems or third-party systems connected to the Services.
The Customer must not introduce malware, malicious code, credential-harvesting tools, unauthorized bots, exploit scripts, denial-of-service traffic, unauthorized crawlers, or harmful automation into the Services.
The Customer must keep credentials, passwords, API keys, tokens, administrator accounts, deployment snippets, integrations, secrets, and connected systems secure.
The Customer must promptly notify SUNURA of suspected unauthorized access, API-key exposure, credential compromise, misuse, security incident, or vulnerability affecting the Customer’s account, workspace, integrations, deployment snippets, or use of the Services.
8. Scanner, API, widget, and automation rules
Scanner, API, widget, proof-capture, deployment-check, render-proof, gate-check, and automation features may be used only for websites, applications, systems, domains, content surfaces, or customer environments that the Customer is authorized to test, manage, monitor, or operate.
The Customer must not use SUNURA scanning, proof-capture, API, widget, or automation features for unlawful surveillance, credential harvesting, unauthorized scraping, denial-of-service activity, platform abuse, unauthorized testing, unauthorized vulnerability assessment, unauthorized monitoring, or unauthorized assessment of third-party systems.
The Customer must respect published limits, technical instructions, robot controls where applicable, usage restrictions, plan limits, rate limits, integration limits, and contract-specific restrictions.
The Customer must not use automation to generate excessive evidence records, artificial traffic, fake proof captures, misleading verification pages, abusive exports, or system activity that degrades the Services.
9. Public verification pages and exports
The Customer must use public verification pages and evidence exports accurately, proportionately, and lawfully.
The Customer must not publish, share, export, or distribute evidence records, reports, verification pages, screenshots, DOM captures, hashes, URLs, labels, metadata, or logs in a way that is false, misleading, defamatory, unlawful, excessive, confidential, privacy-invasive, or harmful.
The Customer is responsible for reviewing public verification pages and exports before publication, disclosure, delivery to clients, delivery to auditors, delivery to lawyers, delivery to regulators, or use in commercial communications.
The Customer must not use public verification pages or exports to imply that a regulator, court, auditor, lawyer, platform, certification body, or SUNURA has approved or certified the Customer’s legal compliance unless that statement is independently true and lawfully supported.
10. Agency, consultant, reseller, and client use
If the Customer uses the Services for third-party clients, including as an agency, consultant, developer, reseller, implementation partner, managed-service provider, or system integrator, the Customer is responsible for obtaining all required authority from those clients.
The Customer must not use SUNURA outputs to mislead clients about the legal effect, reliability, completeness, or regulatory status of SUNURA workflows, evidence records, reports, exports, public verification pages, or dashboard statuses.
The Customer must ensure that each client workspace, user account, API key, integration, export, and public verification page is configured with appropriate access controls, data minimization, confidentiality protections, and legal review.
The Customer must not resell, white-label, sublicense, commercially exploit, or provide managed services using SUNURA unless permitted by the applicable plan or agreed in writing.
11. Content and intellectual-property restrictions
The Customer must not submit, generate, publish, export, or share Customer Data or content through the Services that infringes intellectual-property rights, privacy rights, publicity rights, confidentiality rights, contractual rights, database rights, trade-secret rights, or other third-party rights.
The Customer must not use the Services to host, process, verify, evidence, export, or distribute content that is unlawful, fraudulent, defamatory, harassing, discriminatory, exploitative, threatening, malicious, deceptive, or otherwise harmful.
The Customer must not remove, obscure, alter, or misuse SUNURA names, marks, notices, product identifiers, verification identifiers, security notices, or proprietary notices.
12. Prohibited high-risk misuse
The Customer must not use the Services to support, conceal, justify, or evidence:
- fraudulent compliance claims;
- fake audits or fake certifications;
- unlawful surveillance;
- unlawful biometric or emotion-recognition deployments;
- unlawful profiling or automated decision-making;
- deceptive synthetic media operations;
- phishing, impersonation, or social-engineering activity;
- malware, ransomware, spyware, or credential theft;
- harassment, discrimination, or unlawful targeting;
- illegal scraping or unauthorized data extraction;
- unauthorized testing of third-party systems;
- circumvention of platform, security, billing, or access controls;
- activities that create unreasonable legal, security, operational, reputational, or third-party risk for SUNURA.
13. Service protection and enforcement
SUNURA may investigate suspected violations of this Acceptable Use Policy.
SUNURA may restrict, suspend, rate-limit, disable, remove, quarantine, block, or terminate access to the Services where SUNURA reasonably believes that use of the Services creates legal, security, operational, reputational, data-protection, platform-integrity, customer-protection, third-party, or service-continuity risk.
SUNURA may remove or disable public verification pages, evidence records, exports, API access, widgets, integrations, scanner access, or workspace access that appear to violate this Acceptable Use Policy, the Agreement, applicable law, or third-party rights.
SUNURA may preserve records and disclose information where reasonably necessary to comply with law, respond to lawful requests, protect rights, investigate abuse, prevent fraud, enforce agreements, protect users, protect third parties, or address security incidents.
The Customer remains responsible for fees, losses, liabilities, claims, regulatory consequences, customer consequences, third-party claims, and other consequences arising from prohibited use, misuse, unlawful use, or breach of this Acceptable Use Policy.
14. Reporting abuse
Suspected misuse of the Services may be reported to:
SUNURA Abuse / Security Contact
Email: [email protected]
Reports should include enough information for SUNURA to review the issue, such as the relevant URL, public verification page, proof identifier, account reference, workspace reference, API activity, screenshot, export, communication, or description of the suspected misuse.
15. Changes to this policy
SUNURA may update this Acceptable Use Policy from time to time.
Material changes may be notified through the website, dashboard, email, order form, or another reasonable method.
Continued use of the Services after the updated Acceptable Use Policy becomes effective constitutes acceptance of the updated policy.
16. Contact
Questions about this Acceptable Use Policy may be sent to:
SUNURA Legal / Acceptable Use Contact
Email: [email protected]