Acceptable Use Policy

This Acceptable Use Policy ("AUP") applies to all users of the Zeptix platform, regardless of role:

• Bot Operators (tenants): in addition to Terms § 7. Violations may lead to immediate termination.
• End users (visitors): in addition to the End-User Terms of Use. Violations may lead to account suspension by the Bot Operator or by Zeptix.
• Platform staff and subprocessors are bound by their own contracts.

The following content and use cases are prohibited — both as bot personality/knowledge base (tenants) and as input (end users).

2.1 Illegal content

• Instructions for crimes (drug synthesis, weapons manufacturing, hacking, explosives)
• Child sexual abuse material — zero tolerance
• Hate speech, Holocaust denial, glorification of totalitarian regimes
• Instructions on self-harm, suicide, eating disorders
• Content that violates sanctions regimes (EU/UN/US embargoes)
• Money laundering advice, tax evasion, market manipulation

2.2 EU AI Act — high-risk use cases (prohibited without separate agreement)

Pursuant to EU AI Act Art. 5, the following applications are prohibited without explicit conformity assessment and CE marking — and are not covered by the standard Zeptix platform:

• Social scoring
• Predictive policing
• Subliminal manipulation or exploitation of vulnerability
• Real-time biometric identification in public spaces
• Emotion recognition at workplace or in education
• Autonomous decisions on creditworthiness, insurance risk, candidate suitability (advisory use is allowed)
• Medical diagnosis or therapy decisions as a Medical Device under MDR

2.3 Data protection limits

• Art. 9 GDPR data (health, biometrics, ethnic origin, religious/political beliefs, sex life) without explicit consent
• Data of children under 16 without parental consent (Art. 8 GDPR)
• Professional secrets (lawyers, doctors, tax advisors) without safeguards
• Personal data of third parties without legal basis

2.4 Platform abuse

• Spam, automated mass requests (unless explicitly agreed)
• Reverse engineering of the platform, models, or knowledge data
• Prompt injection attacks or attempts to bypass safety rules
• Load attacks (DDoS, scraping, crawlers ignoring robots.txt)
• Sharing of credentials (account sharing beyond plan limits)
• Building competing platforms using Zeptix data/models

2.5 NSFW / sexual content

Pornography, explicitly sexualised bot personas, companion bots with sexualised conversation, erotic chat services and similar NSFW use cases are not permitted on the Zeptix standard platform. In particular, the following is forbidden:

• any form of sexual depiction of minors or insinuations thereof — zero tolerance, immediate suspension, report under § 184b German Criminal Code
• bot personas advertised as "AI girlfriend / boyfriend" or sexualised role-play
• erotic coaching bots, sexual counselling in a consumer context without age verification and separate enterprise contract
• generation of sexual texts (storytelling, role-play) even between adult actors without explicit written side agreement with Zeptix

2.6 Deepfakes & identity deception

Bot personas designed to appear as a specific real person (politician, celebrity, employee of a third-party company, authority, relative) are not permitted, nor is the generation of text-based or API-rendered deepfake statements. Specifically forbidden:

• impersonation of real persons without their demonstrable written consent (right to one's own image, personality rights)
• bots suggesting they are employees of another company, an authority, a bank, a utility, etc. (identity deception, § 263 German Criminal Code)
• generation of fake "quotes" of real persons that are not clearly marked as AI hallucination
• synthetic texts/voices not labelled as AI output per EU AI Act Art. 50
• bot answers worded so that end users get the impression they are speaking with a human (concealment of the AI nature)

2.7 Scam, phishing & fraudulent business models

Strictly forbidden — suspension without prior warning:

• phishing bots (asking for login data, TANs, recovery codes, card or bank data under false pretences)
• "support" bots pretending to provide support for third parties (Microsoft, Apple, banks) without an actual mandate
• advance-fee fraud / romance scam / 419 scam / inheritance scam
• investment scams: alleged crypto / forex / NFT advisory bots that lead to unregulated platforms or promise guaranteed returns
• pump-and-dump signals, meme-coin advertising with insider promises
• fake authority bots (tax office, police, customs, bailiff) threatening fines or penalties
• bots usable to circumvent consumer protection, anti-money-laundering rules or sanctions

2.8 Copyright, trademarks & protected content

The knowledge base may only contain content for which the bot operator holds the required rights. Specifically forbidden:

• uploading protected books, e-books, teaching materials, course scripts without a licence
• verbatim reproduction of entire articles / song lyrics / screenplays in bot output
• training data or "style" clones that purposely imitate another author / another bot / another software without holding the rights
• bypassing technical protection measures (DRM, robots.txt, noindex/noai headers, login walls, captchas, paywalls)
• trademark usage that suggests an official affiliation with the trademark owner (e.g. "Coca-Cola support bot" without licence)
• bots used to generate "licence-free" texts / images / code from clearly protected material

Rights holders can submit complaints (with proof of the right and the concrete URL/bot slug) to [email protected] or via /legal/incident-reporting. Zeptix removes substantiated infringing content promptly under notice-and-action (DSA Art. 16).

Anyone operating a bot assumes additional responsibilities towards their own end users and towards Zeptix:

• Provide own privacy notice describing the bot purpose, processing and responsibilities (GDPR Art. 13/14).
• Link own imprint so end users can contact the responsible party.
• Do not remove the AI notice (EU AI Act Art. 50 — transparency obligation).
• Verify knowledge base: uploaded documents and content entered via the training AI must be used lawfully (copyright, licence terms, third-party data protection).
• 48-hour response deadline for reported incidents (end-user reports in the dashboard "Feedback" tab). See Terms § 7a.
• Inform end users of material changes to the knowledge base or bot personality where relevant for an ongoing relationship.

• Truthful inputs — no false identity claims
• No inputs with prohibited content (see Section 2)
• No abusive reports (reports against legitimate answers without factual reason can themselves be treated as abuse)
• Do not share account or credentials

For violations of this AUP, Zeptix reserves the following measures — depending on severity and repetition:

• Stage 1 — Notice: single minor violation → written request to correct.
• Stage 2 — Feature lock: individual features temporarily blocked.
• Stage 3 — Bot shutdown: tenant taken offline, existing end users can no longer chat.
• Stage 4 — Account suspension: owner/end-user account is suspended. For terms violations with damages potential: immediate termination per Terms § 7 (8).
• Stage 5 — Criminal complaint: for content relevant to criminal law (child abuse, terrorism, severe hate speech), Zeptix files a complaint and transmits data to law enforcement where legally permitted or required.

Emergency escalation: in case of acute danger to life or health (e.g. suicide indication, concrete violence threat), Zeptix immediately notifies emergency services — even without the user's data protection consent (Art. 6 (1) d GDPR).

You can report violations through the following channels:

• In chat: "⚑ report" button below each bot answer → goes to the Bot Operator, copied to Zeptix audit.
• Email to Zeptix: [email protected] (processing time max. 5 business days).
• Structured incident reporting: /legal/incident-reporting — anonymous reporting also possible.

This AUP is reviewed regularly, in particular when EU AI Act, DSA, GDPR or threat landscape change. Material changes are announced to bot operators by email; to end users via in-chat notice.

Current version: 2026-05-28