Acceptable Use Policy

This Acceptable Use Policy ("AUP") applies to anyone using GuruMood's services, including our websites, APIs, AI agents, integrations, and professional services. It forms part of our Terms of Service. Non-compliance with this AUP may result in suspension or termination of service and legal consequences.

• Comply with all applicable laws and regulations, including those on data protection, consumer protection, anti-spam, telecommunications, health, financial services, and intellectual property.
• Obtain and maintain all necessary consents and legal bases from end-users before sending them messages, storing their data, or making automated decisions.
• Comply with the terms and policies of third-party platforms used through the services (Meta, Google, telephony providers, etc.).
• Keep your credentials secure and notify us immediately of any unauthorized use.

You may not use the services to produce, store, send, or facilitate:

• Illegal content, including child sexual abuse material, content that facilitates human trafficking, or content that infringes intellectual property rights.
• Hate speech, harassment, threats, incitement to violence, or content that attacks individuals based on race, ethnicity, origin, religion, gender, sexual orientation, identity, or disability.
• Deceptive or fraudulent content, including pyramid schemes, phishing, impersonation, non-consensual deepfakes, and disinformation intended to cause material harm.
• Restricted services or products sent to users who do not meet legal requirements (e.g., gambling, alcohol, tobacco, weapons, regulated medicines), without verification and compliance with applicable laws.
• Spam or unsolicited messaging on any channel (email, WhatsApp, SMS, voice), including commercial messages without verifiable opt-in.
• Automation that simulates real human interactions to manipulate surveys, reviews, clicks, rankings, or metrics.
• Collection or scraping of user data in violation of platform terms or applicable laws.

You may not:

• Carry out denial-of-service attacks, send malware, introduce malicious code, or disrupt the services.
• Circumvent, disable, or interfere with security measures, rate limits, quotas, or content filters.
• Test the security of the systems without prior written authorization (see responsible disclosure program).
• Reverse engineer, decompile, or attempt to extract source code, models, or system prompts.
• Use stolen, shared, or forged credentials, or access accounts you do not own.
• Exfiltrate data from other customers or bypass tenant isolation.

When using integrations with the WhatsApp Business Platform, Facebook/Instagram, or any Meta product, you must at all times comply with:

• Meta Platform Terms, Meta Developer Policies, and Community Standards.
• WhatsApp Business Messaging Policy and WhatsApp Business Solution Terms: requirement of verifiable end-user opt-in, respect for the 24-hour customer service window, exclusive use of approved message templates outside that window, prohibition of spam, and respect for conversation categories and pricing.
• WhatsApp Commerce Policy: prohibition of selling restricted goods and services.
• Prohibition on using Meta data to build profiles for unauthorized purposes, unlawful advertising, or decisions with legal impact without a valid legal basis.
• Obligation to notify security incidents or data loss to Meta and to us within required timelines.

You may not use the service to circumvent restrictions or blocks imposed by Meta. If Meta requires us to suspend an integration, we will do so and notify you.

When using integrations with Google APIs (Workspace, Gmail, Drive, Calendar, Ads, Analytics, Search Console, Business Profile, Maps, and others), you must comply with:

• Google API Services Terms of Service and Google API Services User Data Policy, including the Limited Use requirements for restricted and sensitive scopes.
• Product-specific Google policies (for example, Google Ads Policies, Business Profile Guidelines, Google Maps Platform Terms).
• OAuth consent screen, app verification, and CASA security assessment requirements where applicable.
• Use of the minimum scopes strictly necessary for the authorized functionality.
• Prohibition on transferring Google user data to third parties except for user-visible features, security, legal compliance, or explicit user consent.
• Prohibition on using restricted scope data to train generalized AI models or for advertising.

• Do not use agents to impersonate real people without their authorization.
• Disclose to end-users that they are interacting with an automated system where required by law (for example, the EU AI Act, California BOT law, Utah AI disclosure law).
• Do not use the services to make automated decisions with legal or similarly significant effects on individuals without complying with applicable requirements (including GDPR Art. 22 and the AI Act).
• Do not generate or use synthetic content (text, voice, video, image) with the intent to deceive, defraud, or harm third parties.
• Maintain meaningful human oversight for high-risk use cases (health, finance, employment, housing, credit, education, law enforcement).
• Respect the guardrails and content restrictions implemented in the models and services.

• Comply with applicable anti-spam laws: CAN-SPAM, CASL, PECR, GDPR, ePrivacy, TCPA, LGPD, and others.
• Maintain opt-in records for each recipient, including date, time, source, and the text of the consent.
• Offer a clear and free opt-out mechanism in every commercial communication and process unsubscribes without delay.
• Do not acquire or use contact lists without consent.
• Do not send commercial content outside the WhatsApp customer service window without an approved template.

We welcome responsible vulnerability reports. Contact security@gurumood.com with technical details, impact, and reproduction steps. Do not perform destructive testing, do not access other customers' data, and give us a reasonable time to remediate before public disclosure.

We may investigate suspected or reported AUP violations. We may require additional information, temporarily suspend the service, preserve logs, and cooperate with competent authorities where legally appropriate.

Violations of this AUP may lead to measures including, without limitation: warning, suspension of specific features, account suspension, contract termination, temporary data retention for forensic analysis, and legal action. In cases of severe violations (for example, CSAM or activities that endanger safety), we may act without prior notice and notify the authorities.

If you suspect someone is using our services in violation of this AUP, contact abuse@gurumood.com. We will investigate all reports and take appropriate action.