Legal

Acceptable Use Policy

Effective date: 14 May 2026 · Last updated: 14 May 2026

This Acceptable Use Policy applies to all use of AgentHeaven, including agents hosted by AgentHeaven, self-hosted open-source model routing, third-party LLM routing, Composio tool connections, AgentMail email workflows, and any connected customer systems.

Human oversight required: AgentHeaven is a managed AI digital-employee service. Customers must use appropriate human review for outputs that affect people, money, legal rights, employment, contracts, regulated services, safety, or important business decisions.

1. Prohibited Uses

You may not use AgentHeaven to:

Violate applicable law, regulation, sanctions, export controls, or third-party rights.
Send spam, phishing messages, deceptive outreach, credential-harvesting messages, or unlawful marketing.
Generate or distribute malware, exploit code, instructions for cyber abuse, or attempts to bypass security controls.
Impersonate people or organisations without permission, or mislead recipients about whether they are interacting with an AI system.
Create defamatory, harassing, discriminatory, hateful, sexually exploitative, or violent content.
Process data from tools or systems that you are not authorised to connect.
Bypass rate limits, usage controls, provider policies, model safeguards, or connected-platform terms.
Extract prompts, hidden system instructions, model internals, credentials, or another customer's information.

2. Prohibited AI Practices

The following uses are prohibited without exception and cannot be unlocked by separate agreement, because they correspond to practices restricted or banned under Article 5 of the EU AI Act, the GDPR, or comparable law:

Social scoring of natural persons by public authorities or on their behalf for general-purpose evaluation.
Untargeted scraping of facial images from the internet or CCTV to build or expand facial-recognition databases.
Real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes.
Emotion recognition in the workplace or in education settings (other than for medical or safety reasons strictly permitted by law).
Biometric categorisation that infers race, political opinions, trade-union membership, religious or philosophical beliefs, sex life, or sexual orientation.
Profiling, behavioural prediction, or targeted advertising directed at children.
Manipulative, deceptive, or subliminal techniques designed to materially distort behaviour in a way that causes or is likely to cause harm.
Exploitation of vulnerabilities of specific groups (such as age, disability, or socio-economic situation) to materially distort their behaviour.

3. High-Risk and Regulated Uses

Unless separately agreed in writing after a compliance review, you may not use AgentHeaven as an autonomous decision-maker for:

Employment, hiring, firing, promotion, worker evaluation, or workforce monitoring decisions.
Credit, lending, insurance, housing, eligibility, or pricing decisions affecting individuals.
Medical, health, psychological, legal, tax, immigration, or financial advice.
Education access, grading, exam evaluation, or student assessment.
Law enforcement, migration, asylum, border control, or public-benefit eligibility decisions with legal or similarly significant effects.
Other uses classified as high-risk under Annex III of the EU AI Act or comparable law.

For any of the uses listed above, a written addendum identifying the human-oversight, documentation, and post-deployment monitoring measures will be required before AgentHeaven enables the use case.

4. External Communications

If an agent sends email, support replies, sales messages, or other external communications, you are responsible for ensuring that recipients are not misled, that marketing laws are followed, and that a human can review or intervene where appropriate. Where legally required, communications should disclose that an AI-assisted system is involved.

5. Connected Tools

You may connect only tools, accounts, mailboxes, CRMs, helpdesks, document sources, and APIs that you are authorised to use. You must configure least-privilege access and promptly revoke access that is no longer needed.

6. Data Restrictions

You should not connect sources containing special-category, highly sensitive, regulated, or children's data unless the use case has been reviewed and you have a lawful basis for processing. AgentHeaven may refuse, suspend, or limit use cases that create unacceptable security, privacy, legal, or safety risk.

7. Enforcement

For non-urgent enforcement, AgentHeaven will notify Customer of the alleged violation and provide a reasonable opportunity (ordinarily at least 14 days, in line with Terms §7) to remedy the issue before suspending or terminating Service.

For urgent issues — including a credible threat to other customers, third parties, providers, AgentHeaven systems, or the safety of any person, or a violation of §2 (Prohibited AI Practices) — AgentHeaven may suspend, rate-limit, disable tool access, switch routing mode, or terminate Service with immediate effect and provide notice of the action as soon as reasonably practicable thereafter.

8. Reporting

Report suspected misuse, unsafe output, or unauthorised activity to info@agentheaven.ai.