Acceptable Use Policy

I. Introduction to the Pyrana Acceptable Use Policy

Purpose and Scope of the AUP

This Acceptable Use Policy ("AUP") outlines the permissible and prohibited uses of the Pyrana Agentic Solution Platform ("Service") provided by Zeroth Agents, Inc. ("Zeroth"). Its purpose is to ensure the secure, reliable, and ethical operation of the Service for all customers and to protect Zeroth's systems, data, and reputation. The AUP applies to all customers ("Customer") and their authorized users ("Authorized Users") who access or use the Service, including any associated software, APIs, dashboards, agentic AI features, and documentation.

Relationship with Zeroth's Enterprise Terms of Service and Comprehensive Security Policy

This AUP is incorporated by reference into Zeroth's Enterprise Terms of Service (U.S.) ("Agreement") (Section 3.1) and forms an integral part of the legal agreement between Zeroth and its Customers. Any violation of this AUP constitutes a material breach of the Agreement. This AUP also complements Zeroth's Comprehensive Security Policy, which details Zeroth's commitment to safeguarding information assets, achieving SOC 2 compliance, and implementing robust security measures, including those specific to agentic AI. Customers are responsible for adhering to the principles outlined in both documents.

Definitions of Key Terms

• Service: The Pyrana Agentic Solution Platform, including any software, APIs, dashboards, and agentic AI features provided by Zeroth, as well as any associated documentation.
• Customer Data: Any data, content, or materials that Customer or its Authorized Users input into the Service or that the Service processes on Customer's behalf, including any output generated for Customer through the Service.
• Authorized Users: Employees or contractors of Customer (or other persons authorized by Customer) who are permitted to access and use the Service under Customer's account.
• AI Agents: The AI-driven components within the Service that can perform tasks autonomously across integrated applications.
• Prompt: Input given to an AI model to get a specific response.
• Output: New data an AI creates or synthesizes based on Prompt data and the AI's algorithm.
• Context Unit (CXU): Structured knowledge derived via proprietary methods that grounds agent knowledge and provides verifiable context.
• Action Unit (AXU): A framework that defines, manages, and logs agent actions, ensuring predictability and safety within defined business rules.
• Audit Log: Comprehensive logging mechanism within Pyrana that tracks and reviews agent actions and decisions, providing essential auditability for AI-driven operations.
• Performance Agent: A component of the Pyrana framework that checks real outcomes against expected outcomes to ensure agents remain aligned with objectives and operate within defined parameters.

II. General Acceptable Use and Prohibitions

A. Permitted Uses

The Service is intended solely for Customer's internal business purposes, as specified in the applicable Order Form and in material accordance with the Service Specifications or Documentation (Section 2.1). Permitted uses include leveraging Pyrana's automation modalities, such as Prompted, In-the-Loop, Automated, and BYOA, as well as its integration modalities, including Human/Manual, GUI-Based, API-Enabled, and Embedded options, to enhance efficiency, reduce costs, create value, and drive innovation within the Customer's organization. This encompasses using AI agents to generate content, predictions, and solutions, automate tasks with reasoning, and perform high-level decision-making with structured, governed actions, provided such uses comply with all other terms of this AUP.

B. Prohibited Activities

Customer shall not (and shall not permit any user or third party to) use the Service in any manner that is illegal, harmful, malicious, interferes with the Service, or violates third-party rights.

Illegal and Unlawful Conduct

The use of the Service is strictly prohibited in violation of any applicable local, state, federal, or international laws or regulations, including those pertaining to export, data protection, and anti-spam. This prohibition explicitly extends to activities related to sexual harassment or hostile workplace environments. Furthermore, engaging in or promoting any criminal activity, including but not limited to fraud, money laundering, or terrorism, is strictly forbidden.

Harmful or Malicious Activities

The introduction of malicious programs into the network or server, such as viruses, worms, Trojan horses, e-mail bombs, spyware, adware, password cracking programs, packet sniffers, or port scanners, is prohibited. Interference with or disruption of the integrity or performance of the Service or any third-party data contained therein is also forbidden. Attempts to gain unauthorized access to the Service or its related systems or networks, or to circumvent Zeroth's computer security measures, are strictly prohibited. Any purposeful engagement in activities that may degrade the performance of information systems or deprive an authorized Zeroth user access to a Zeroth resource is considered a violation.

Misuse of System Resources

Obtaining extra resources beyond those allocated in the Order Form is not permitted. Reverse-engineering the Service or any component is prohibited, except to the extent permitted by law for interoperability. Installing any software, upgrades, updates, or patches on any computer or information system without prior Zeroth consent is forbidden. Additionally, using Zeroth information systems for personal benefit is prohibited if such use results in direct costs to Zeroth or interferes with work duties.

Content Restrictions

Transmitting or storing any content that is obscene, harassing, infringing, or otherwise objectionable is prohibited. This includes content that violates sexual harassment or hostile workplace laws. Uploading or distributing "pirated" or unlicensed software, or unauthorized copying of copyrighted material, is also forbidden.

Violation of Third-Party Rights or Terms

Integrating the Service with any third-party systems without having the necessary rights and permissions or in violation of any third-party terms is prohibited. Uploading or providing Customer Data or content that infringes or violates the intellectual property rights of a third party is also forbidden.

III. Specific Acceptable Use Guidelines for Agentic AI Functionality

A. Principles of Responsible AI Use

Zeroth Agents is committed to the responsible development and deployment of AI. Customers using the Pyrana platform's agentic AI functionality must adhere to the following principles, which align with Zeroth's "Transparent & Explainable AI" and "Governed Agentic Architecture".

Transparency and Explainability

Customers should utilize the Service's inherent design, including Context Units (CXUs) and Action Units (AXUs), to ensure visibility into the AI's reasoning and actions. This involves leveraging tools such as activity logs, audit trails, and configurable permissions provided by Zeroth to understand and review agent decisions and actions.

Human Oversight and Control

Customers are solely responsible for configuring and monitoring agent settings appropriate to their use case and for providing appropriate instructions and data to the AI agentic solutions. Customers must exercise human oversight over the AI agentic solutions' activities and outputs, especially in any high-risk or sensitive operations. This includes reviewing outputs, verifying actions, and intervening when agents behave unpredictably, hallucinate, or produce undesirable outcomes. Customers should be able to override, pause, or customize agent actions and behaviors, and explicit confirmation should be sought for any actions that impact user data or systems.

Bias Minimization and Fairness

Customers should strive to use the Service in a manner that promotes fairness and avoids perpetuating or amplifying social, racial, gender, or other prejudicial biases in AI outputs or decisions. Customers are responsible for reviewing AI outputs for potential biases and for providing diverse, high-quality data to the Service to mitigate bias.

Non-Deception and Clarity

Customers must ensure that any use of AI agents does not deceive end-users into believing they are interacting with a human. The purpose, capabilities, and limitations of the AI agent should be clearly communicated to any individuals interacting with it.

Fair Failure and Graceful Escalation

Customers should configure agents to gracefully handle situations where the agent cannot resolve a task or lacks confidence, by escalating to a human or providing clear fallback responses.

B. Prohibited AI-Specific Activities

Misuse for High-Risk Activities

Using the Service for any inherently dangerous or high-risk activities, such as the operation of nuclear facilities, life support systems, or weapons systems, is strictly prohibited. This prohibition takes on a deeper ethical and societal significance for an agentic AI platform, reinforcing Zeroth's "Robust & Responsible" design philosophy and aligning with broader responsible AI principles.

Attempts to "Jailbreak" or Circumvent AI Guardrails

Any attempt to bypass, "jailbreak," or circumvent the inherent security controls, guardrails, or defined boundaries of the AI agents or the Pyrana platform, including but not limited to prompt injection, data poisoning, or memory poisoning, is strictly prohibited.

Generation or Dissemination of Harmful AI Outputs

Using the Service to generate, disseminate, or facilitate the creation of content that is fraudulent, discriminatory, defamatory, harassing, obscene, or infringing is prohibited. Explicitly prohibited uses include creating deepfakes, engaging in fraudulent activities, generating Child Sexual Abuse Material (CSAM), or producing non-consensual intimate imagery.

Use for Deceptive Claims or Misrepresentation of AI Capabilities

Using the Service to make deceptive or unsubstantiated claims about the capabilities, benefits, or accuracy of AI tools, particularly concerning financial gains, security, or health, is prohibited. Misrepresenting work generated by an AI agent as one's own original work without proper disclosure is also forbidden.

Unauthorized AI Model Training or Data Usage

Attempting to use Customer Data or any other data processed by the Service to train, retrain, or improve any third-party AI models or services without explicit permission, in violation of Zeroth's "Private Model Inference" commitment, is strictly prohibited.

Integration of Unapproved Third-Party AI Tools

Integrating any third-party generative AI tools with the Service or internal Customer software used with the Service without first receiving specific written permission from Zeroth is prohibited. This restriction is in place to prevent malicious chatbots or unvetted tools from compromising the integrated environment.

IV. Data Handling and Privacy within the AUP

A. Customer Data Responsibilities

Compliance with Data Privacy Laws

Customer will ensure that its provision of Customer Data (including any personal data) to Zeroth and its use of the Service is in compliance with all applicable data privacy laws and regulations. This includes adherence to global regulations such as GDPR and CCPA, and financial industry guidelines like PCI DSS, where applicable.

Obtaining Necessary Consents

Customer is responsible for obtaining any necessary consents or authorizations from data subjects for processing of personal data by the Service. If required under applicable law, the parties will enter into a separate Data Processing Addendum (DPA) to address the handling of personal data.

Strict Data Restrictions

Customer shall not upload or otherwise provide any sensitive personal information (e.g., personal health information (PHI), payment card data (PCI-DSS), Social Security Numbers (SSNs)) or any other data that is subject to heightened regulatory or security requirements (such as HIPAA, ITAR, etc.) unless an applicable Order Form specifies that the Service is compliant with those requirements or the parties have executed a supplemental agreement covering such data.

B. Secure Data Practices

Adherence to Zeroth's Encryption and Key Management Standards

While Zeroth is responsible for its platform's encryption (TLS 1.2+ in transit, AES-256 at rest) and key management (Azure Key Vault, Google Cloud KMS), Customers are responsible for ensuring their own data handling practices align with these standards when interacting with the Service. This includes safeguarding any keys or tokens used with the Service and not providing user passwords or credentials to Zeroth directly (except through secure OAuth or similar token mechanisms).

Data Retention and Secure Disposal

Customers are responsible for adhering to their own data retention policies for Customer Data and ensuring that data uploaded to Pyrana is managed in accordance with their internal retention schedules. Zeroth commits to secure data disposal upon expiration of retention periods or termination of services, and customers should ensure their own data export and deletion processes align with this.

V. User Responsibilities and Accountability

A. General User Responsibilities

Adherence to the AUP and all Zeroth policies

All Authorized Users are responsible for understanding and strictly adhering to this AUP, the Enterprise Terms of Service, and Zeroth's Comprehensive Security Policy.

Accountability for all activities under user accounts

Customer is responsible for all use of the Service under its accounts and for its users' compliance with this Agreement. Each Authorized User is accountable for activity under their unique login credentials.

Safeguarding User Credentials and Access

Each Authorized User must have unique login credentials; sharing of accounts is prohibited. Multi-Factor Authentication (MFA) will be mandatory for all access to internal systems, cloud environments (Azure, Google Workspace), and critical third-party applications. Customers must ensure their users enable and utilize MFA. Users must secure their PCs, laptops, and workstations with password-protected screensavers and lock them when unattended. Users must log off or restart their PC after their shift.

Prompt Reporting of Security Incidents or Policy Violations

All employees and contractors are obligated to promptly report any suspected security incidents or policy violations to their immediate supervisor and/or Zeroth's designated Security Lead. This includes reporting any weaknesses in computer security.

B. Specific Responsibilities for AI Agent Management

Configuring and Monitoring Agent Settings

Customer is responsible for configuring and monitoring the agent solution settings appropriate to its use case. This includes defining "Usage Boundaries" for data input and "Guardrails" for agent tool access and overall behavior.

Providing Appropriate Instructions and Data to Agents

Customer must provide appropriate instructions and data to the AI agentic solutions. This implies a responsibility for data quality and relevance.

Exercising Human Oversight over Agent Activities and Outputs

Customer agrees to exercise oversight over the AI agentic solution's activities and outputs, especially in any high-risk or sensitive operations. This includes meticulous review, verification, and editing of AI-generated outputs for content validity, accuracy, and bias. Customers must use the tools provided by Zeroth, such as activity logs, audit trails, and configurable permissions, to facilitate such oversight and accountability.

Reviewing Activity Logs and Audit Trails

Customers should regularly review the Pyrana platform's internal Audit Log to track and review agentic solution actions and decisions, ensuring they operate within defined parameters and business rules.

VI. Enforcement and Consequences of Violations

A. Monitoring and Auditing

Zeroth reserves the right to monitor Service usage, Customer Data, and AI agentic solution activities to ensure compliance with this AUP, the Agreement, and applicable laws. This monitoring is conducted in accordance with Zeroth's Comprehensive Security Policy, leveraging tools like Azure Monitor, Log Analytics, and Microsoft Sentinel for comprehensive logging and analysis. Crucially, Pyrana's internal Audit Log will serve as a primary source for tracking and reviewing agentic solution actions and decisions for compliance purposes.

B. Reporting Violations

Customers and Authorized Users are obligated to promptly report any suspected violations of this AUP or any security incidents related to the Service to Zeroth's designated Security Lead or support channels.

C. Actions for Non-Compliance

Investigation Procedures

Upon receiving a report or detecting a potential violation, Zeroth will investigate the matter promptly and thoroughly. Zeroth reserves the right to remove any non-business related software or files from any system.

Suspension or Termination of Service Access

Zeroth reserves the right, in its sole discretion, to suspend or terminate Customer's access to the Service (including all Order Forms) immediately and without prior notice if Customer or any of its Authorized Users materially breaches this AUP. This includes, but is not limited to, instances of illegal conduct, malicious activities, or severe misuse of AI functionality. If the Agreement is terminated by Zeroth for Customer's breach, any unpaid fees for the remaining portion of the Term will become immediately due and payable, and any amounts paid in advance will not be refunded.

Legal Action and Indemnification

Violations of this AUP may result in legal action, including civil or criminal penalties. Customer shall defend and indemnify Zeroth and its affiliates against any claim or proceeding made or brought by a third party arising from or relating to Customer's or its users' use of the Service in violation of this AUP or applicable law.

Disciplinary Action (for internal users, if applicable)

For internal Zeroth employees or contractors, violations may also result in disciplinary action, up to and including immediate termination of employment.

VII. Conclusion: Building Trust and Ensuring Responsible Innovation

This Acceptable Use Policy is more than a set of rules; it is a foundational pillar of Zeroth Agents' commitment to responsible AI innovation and a secure operating environment. By clearly defining the boundaries of acceptable use, it enables customers to confidently leverage the transformative power of the Pyrana Agentic Solution Platform while minimizing risks. The AUP reinforces Zeroth's "Secure by Design" philosophy, "Private Model Inference" commitment, and "Governed Agentic Architecture", ensuring that AI agentic solutions operate transparently, predictably, and safely within defined business rules.

The success of the Pyrana platform, particularly in managing the unique challenges of agentic AI, relies on a robust shared responsibility model. While Zeroth provides the secure platform and inherent AI governance features, Customers play a critical, active role in configuring, monitoring, and overseeing their AI agentic solutions, and ensuring their data and usage comply with all applicable laws and ethical guidelines. By adhering to this AUP, customers become integral partners in fostering a secure, ethical, and highly effective ecosystem for agentic AI, building collective trust and driving innovation responsibly.

This AUP is not a static document but one designed for continuous evolution. As the capabilities of agentic AI expand and the threat landscape shifts, this policy will be periodically reviewed and updated to reflect new best practices, regulatory requirements, and technological advancements. This adaptive approach ensures that the AUP remains relevant and effective in guiding the responsible use of the Pyrana platform, thereby sustaining trust and enabling long-term, secure innovation in the field of agentic AI.

Contact Information

For questions about this Acceptable Use Policy or to report violations, please contact Zeroth's designated Security Lead or support channels at support@zeroth.technology.