Acceptable Use Policy

1. Introduction

This Acceptable Use Policy ("AUP") is incorporated into and made part of the Terms of Service ("Terms"), the AI Terms, or any separate Enterprise License Agreement entered into between Customer and MOURI Tech LLC, doing business as MouriQualAI ("Provider"). "Customer" shall mean any individual or entity that accesses or uses MouriQualAI products and services, whether under a paid subscription, an enterprise license, or a free trial. The term "Agreement" as used herein shall mean the Terms or the executed Enterprise License Agreement, together with the AI Terms, as applicable.

1.1. Purpose

The purpose of this AUP is to establish clear, enforceable rules for the responsible, lawful, and ethical use of MouriQualAI's products and services, including all AI-powered features, Bring Your Own Cloud (BYOC) deployments, and Bring Your Own LLM (BYOLLM) configurations, consistent with:

• MouriQualAI's AI Principles: Responsible, Transparent, Secure, Fair, and Human-Centric AI.
• MOURI Tech's Code of Business Ethics and Privacy Policy.
• Global standards including ISO/IEC 42001 (AI governance), ISO 27001:2022 (information security), ISO 9001:2015 (quality management), TISAX (automotive data security), AICPA SOC 2 Type II, HIPAA, PCI DSS, GDPR, CCPA, DPDP Act (India), and the EU AI Act.
• MOURI Tech's existing certifications: CMMI DEV/5, ISO 27001:2022, ISO 9001:2015, TISAX, AICPA–SOC, HIPAA, PCI DSS, and GDPR compliance.

1.2. Applicability

This AUP applies to all Customers, Customer Affiliates, Permitted Users, and any third parties who access or use the MouriQualAI platform, APIs, services, integrations, or Customer Environments configured under BYOC.

2. Permitted Use

Customers may use MouriQualAI's AI-powered Quality Engineering platform and services — including AI Test Generation, AI Test Orchestration, Agentic QE Workflows, Platform-level AI Analytics, and AI APIs — only for:

• Software testing, quality assurance, DevOps pipeline integration, and quality engineering workflows.
• Responsible development, debugging, test automation, and optimization of software applications.
• Internal business purposes consistent with the Agreement, this AUP, and all applicable laws.
• BYOC deployments: operating the Software within Customer's own cloud or on-premises environment for internal quality engineering use.
• BYOLLM configurations: using Customer-licensed or self-hosted large language models integrated with MouriQualAI for internal quality engineering purposes, subject to compliance with the applicable LLM provider's terms.

3. Prohibited Use

Customers must not use MouriQualAI products and services (directly or indirectly, and whether in standard, BYOC, or BYOLLM mode) for any of the following:

3.1. Unlawful Activities

• Violating any applicable law, regulation, or contractual obligation, including data protection laws, intellectual property rights, AI governance regulations, or export control restrictions.
• Engaging in fraud, bribery, corruption, money laundering, or any other unethical or criminal conduct.
• Violating US export control laws (ITAR, EAR) or accessing the platform from any US-embargoed country or territory.

3.2. Harmful or Abusive Behavior

• Harassing, exploiting, discriminating against, or harming individuals, organizations, or protected groups.
• Generating, transmitting, or deploying malicious code, malware, ransomware, spyware, spam, or denial-of-service attacks.
• Using the platform to stalk, threaten, or enable physical or digital harm to any person or organization.

3.3. AI-Specific Misuse

• Using AI-powered features to intentionally generate inaccurate, biased, unlawful, discriminatory, or harmful Outputs.
• Attempting to disable, bypass, circumvent, or tamper with AI safeguards, content filters, rate limiters, or monitoring mechanisms.
• Submitting manipulative, adversarial, or prompt-injection Inputs designed to cause the AI to produce infringing, offensive, or unsafe Outputs.
• Using AI features for high-risk prohibited purposes under the EU AI Act, including biometric surveillance, predictive policing, social scoring, or real-time remote biometric identification in public spaces.
• Using Outputs to train, fine-tune, benchmark, or improve any external or competing AI system.
• Performing systematic prompt probing, model extraction, or adversarial model behavior analysis for competitive intelligence purposes.
• Using BYOLLM configurations to route Customer Data through unauthorized or non-compliant LLM providers that violate applicable privacy or security standards.

3.4. Data & Privacy Violations

• Collecting, processing, storing, or sharing personal or sensitive data without a lawful basis, appropriate consents, or as required under GDPR, CCPA, DPDP Act, or other applicable privacy laws.
• Uploading or processing payment card data (PCI DSS), protected health information (HIPAA), government-classified data, biometric identifiers, or other regulated sensitive data unless expressly authorized under a separate Data Processing Addendum (DPA) with Provider.
• Using MouriQualAI services to build datasets for unrelated AI model training, commercial data aggregation, or data resale without Provider's prior written authorization.
• Transmitting Customer Data through BYOC or BYOLLM configurations to cloud environments or LLM providers that do not meet the data residency, security, and compliance requirements applicable to that data.

3.5. Platform Abuse

• Reselling, sublicensing, white-labeling, or redistributing MouriQualAI services to third parties without Provider's prior written authorization.
• Misusing APIs, automation scripts, or integrations to overload, disrupt, degrade, or interfere with MouriQualAI systems or other customers' environments.
• Circumventing access controls, authentication mechanisms, account protections, or license enforcement measures.
• Using BYOC deployments to operate the Software for external commercial services or to serve third-party customers.
• Sharing account credentials, API keys, or access tokens with unauthorized users or external parties.

3.6. Intellectual Property Violations

• Using MouriQualAI to reproduce, distribute, or create derivative works of third-party copyrighted material without authorization.
• Reverse-engineering, decompiling, disassembling, or attempting to extract the source code, model weights, prompt architecture, or underlying AI Components of the Software.
• Using Outputs in a manner that infringes the intellectual property rights of Provider or any third party.

4. Fair Usage Policy (FUP)

MouriQualAI is committed to ensuring optimal availability, reliability, and equitable resource distribution across its customer base. To achieve this, Provider implements a Fair Usage Policy (FUP) that balances customer needs, prevents misuse, and promotes best practices in AI-powered test execution and quality engineering workflows. FUP limits applicable to each subscription or license plan are communicated to each Customer at the time of onboarding or subscription commencement.

4.1. Time-Based Fair Usage

• Each organization is entitled to a maximum daily AI query and test execution duration based on their subscription or enterprise license plan.
• Individual Permitted User limits may apply to prevent single-user overuse or monopolization of shared AI resources.
• Idle AI sessions, long-running stalled test executions, and unused resource allocations are subject to automatic timeout and termination after a defined inactivity period.
• Under BYOC deployments, time-based limits apply to the Software's AI orchestration and API usage — Customer's cloud infrastructure costs and capacity are the Customer's own responsibility.

4.2. Resource-Based Fair Usage

• Limits are applied to specific resource types including high-demand AI model invocations, test orchestration slots, concurrent agentic workflow executions, and API call rates.
• An organization may not consume more than a pre-defined proportion of any shared resource pool at a given time.
• Excessive concurrent usage of the same configuration or AI feature may be queued or throttled to ensure fair access for all customers.
• Under BYOLLM configurations, Provider's FUP applies to the Software integration layer only. Customer's own LLM provider's usage limits, rate limits, and costs are governed by that provider's terms.

4.3. Enforcement Mechanisms

Provider monitors system-wide usage patterns to identify excessive, abusive, or unfair resource consumption. Enforcement actions include:

• Monitoring: Continuous monitoring of AI feature usage, API call volumes, and infrastructure demand.
• Notification: Customers exceeding usage thresholds will receive alerts with recommended corrective actions.
• Throttling / Queuing: Usage beyond applicable FUP limits may be delayed, queued, or deprioritized during peak periods.
• Suspension: Persistent violations or deliberate attempts to bypass FUP limits may result in temporary suspension or restricted access to AI features.
• Enterprise Exception: Customers with higher contracted limits under an Enterprise License Agreement may have customized FUP thresholds as specified in their Order Form.

4.4. Customer Best Practices

Provider encourages Customers to:

• Use parallel AI-assisted test generation strategically rather than submitting excessively long sequential prompts.
• Release unused or idle AI sessions and test execution slots promptly to free shared resources.
• Distribute test workloads across different configurations, environments, and time windows.
• Plan and schedule AI-intensive workflows efficiently to optimize allocated capacity.
• Work with Provider's support team or Account Manager for enterprise-level capacity planning and BYOC/BYOLLM architecture guidance.

4.5. Continuous Improvement

FUP thresholds are reviewed periodically to adapt to evolving usage patterns, capacity upgrades, and customer needs, taking into account:

• Global regulatory requirements including ESG transparency, GDPR, and the EU AI Act.
• Cloud infrastructure scaling, AI model capacity upgrades, and third-party LLM availability.
• Industry benchmarks for SaaS, AI-powered software testing, and quality engineering platforms.

5. Responsible AI & Business Ethics

5.1. Human Oversight

Customers must apply appropriate human review and professional judgment before relying on AI-generated Outputs for software release decisions, compliance determinations, security assessments, or any other critical business activity. No AI Output from MouriQualAI should be used as the sole basis for a production release or consequential decision without human validation.

5.2. Bias & Fairness

Customers must not use MouriQualAI's AI-powered features to enable discriminatory practices, violate human rights, create unfair treatment of individuals or groups, or produce content that is biased, prejudicial, or harmful to any protected class or community.

5.3. Transparency & Explainability

AI-assisted decisions within testing and development workflows must remain transparent and explainable in their context of use. Customers should be able to articulate why an AI-generated test case, recommendation, or Output was accepted or rejected by their engineering team.

5.4. Ethical Alignment

Use of MouriQualAI's AI-powered features must align with MOURI Tech's Code of Business Ethics, ensuring fairness, trust, accountability, and compliance with applicable global standards. Customers may not use the platform in a manner that is inconsistent with the ethical principles set out in Provider's AI Terms.

5.5. BYOC & BYOLLM Ethics

Customers operating under BYOC or BYOLLM models assume additional ethical responsibilities for the environments and models they bring. Customers must ensure their cloud environment and LLM choices do not introduce security vulnerabilities, data leakage risks, discriminatory model behavior, or violations of applicable AI regulations into their quality engineering workflows.

6. Third-Party AI Models & Services

6.1. Certain MouriQualAI AI-powered features may incorporate third-party AI models, APIs, or frameworks in Provider-default mode. Provider will disclose which third-party AI services are used in the Documentation and will update that disclosure when material changes occur.

6.2. Customers must comply with any applicable third-party acceptable use policies communicated by Provider or included in the Documentation when using features that rely on third-party AI services.

6.3. Under the BYOLLM model, Customer is solely responsible for ensuring their chosen LLM provider's terms, privacy policies, acceptable use policies, and data handling practices are compatible with Customer's obligations under this AUP, the AI Terms, and the Agreement.

7. Data Protection & Privacy

7.1. Customers must comply with all applicable data protection and privacy laws in connection with their use of MouriQualAI, including GDPR, CCPA, DPDP Act (India), HIPAA, PCI DSS, and any other applicable regulations.

7.2. Prohibited Data Uploads

Unless expressly authorized under a separate, executed Data Processing Addendum (DPA) with Provider, Customers must not upload, submit, or process through MouriQualAI:

• Payment card data or cardholder information (PCI DSS scope).
• Protected health information or individually identifiable health data (HIPAA scope).
• Government-classified, export-controlled, or national security-sensitive data.
• Biometric identifiers, facial recognition data, or sensitive personal data requiring explicit consent under applicable privacy laws.
• Personal data of EU, UK, or Indian data subjects unless a valid DPA and, where applicable, Standard Contractual Clauses are in place.

7.3. BYOC Data Responsibility

Under the BYOC model, all data processed within Customer's own cloud environment is under Customer's custody and control. Customer is solely responsible for implementing appropriate data protection, access controls, encryption, retention policies, and regulatory compliance within their Customer Environment. Provider does not have visibility into or responsibility for data processed within the Customer Environment unless access is explicitly granted for support purposes.

8. Monitoring, Enforcement & Violations

8.1. Provider may monitor service usage, API activity, and AI feature consumption for compliance with this AUP, the AI Terms, and the Agreement. Under BYOC deployments, monitoring is limited to the Software's integration layer and does not extend to Customer's internal cloud environment.

8.2. Violations of this AUP may result in any one or more of the following, at Provider's discretion:

• Written warning or notification of non-compliance with a required remediation timeframe.
• Temporary suspension or permanent termination of access to MouriQualAI services or specific AI features.
• Reporting of unlawful activities to relevant regulatory authorities or law enforcement agencies.
• Legal action and liability under applicable laws, including recovery of damages, costs, and legal fees.
• Forfeiture of any prepaid fees where termination results from Customer's material breach of this AUP.

8.3. Provider will make reasonable efforts to notify Customer of a suspected AUP violation before taking enforcement action, except where immediate action is necessary to protect the security, integrity, or availability of the platform, or where required by law.

9. Updates to this AUP

Provider may amend this AUP from time to time to reflect changes in applicable law, regulatory requirements, or platform capabilities. If Provider makes any material changes to this AUP, Provider will notify Customer by email (sent to the address on file for the account) or by a notice posted within the MouriQualAI platform, at least 30 days prior to the change becoming effective for existing customers.

Provider encourages Customers to periodically review the current version of this AUP at mouritech.com/mouriqualai/aup. Continued use of MouriQualAI services after the effective date of any update constitutes Customer's acceptance of the revised AUP.

10. Contact

For questions about this AUP, to report a suspected violation, or to request a copy of our Data Processing Addendum, AI Terms, or Privacy Policy, please contact: