Acceptable Use Policy

01Scope

This Acceptable Use Policy ("AUP") applies to every person and entity that uses ATLAS, the website at tryatlasagi.com, and all related services offered by XAGI Labs Private Limited. It is incorporated by reference into our Terms of Service. A violation of this AUP is a material breach of those Terms.

This AUP also gives effect to Rule 3(1)(b) of the IT Rules 2021, which requires intermediaries to inform users of categories of content they must not host, display, upload, modify, publish, transmit, store, update or share. The prohibited categories listed in that rule are reflected throughout the sections below.

02The core principle

Use ATLAS to do useful things you would be willing to put your own name on. Do not use it to harm people, break the law, or attack the systems, accounts or data of others. Do not use it to do at machine scale what would be unacceptable if you did it manually.

03Illegal activity

You must not use the Services to plan, perform, facilitate, encourage, automate or solicit any activity that is illegal in your jurisdiction or in any jurisdiction where the activity has effects, including:

• Money laundering, sanctions evasion, terrorist financing, fraud, market manipulation, insider trading;
• Trafficking in persons, drugs or weapons;
• Tax evasion, customs fraud, or knowingly false regulatory filings;
• Production of counterfeit goods, fraudulent identification documents, or forged credentials;
• Any activity prohibited by applicable export-control or sanctions laws.

04Harm to people

You must not use ATLAS to plan or carry out physical or psychological harm. This includes:

• Designing, building, acquiring or deploying chemical, biological, radiological, nuclear or high-yield explosive weapons, or providing meaningful operational uplift toward those goals;
• Building cyberweapons, malware or ransomware intended to cause damage to systems or to people who depend on them;
• Inciting or organising violence, terrorism, mass attacks, genocide or armed insurrection;
• Self-harm, suicide and eating-disorder content that promotes, glorifies or provides instructions;
• Targeted harassment, doxxing or stalking of any individual;
• Generating realistic instructions for committing assault, murder or kidnapping.

05Cybersecurity violations

You may not use ATLAS to:

• Gain unauthorised access to any system, account, network or data;
• Develop, distribute or operate malware, ransomware, keyloggers, spyware, RATs, credential stealers, or carrier-grade phishing kits;
• Carry out denial-of-service or denial-of-wallet attacks;
• Defeat, weaken or disable security controls of any service, including ATLAS itself;
• Mass-scrape services in violation of their robots.txt, ToS or rate-limits;
• Compromise, exfiltrate or trade in stolen data, secrets, or credentials;
• Conceal the origin of network traffic for the purpose of evading abuse-detection.

Authorised security testing — defensive research, CTF challenges, penetration tests with written permission, vulnerability disclosure on systems you own or have a right to test — is permitted and encouraged. State the authorisation context in your prompt.

06Deception & impersonation

You may not use ATLAS to deceive in ways that materially harm others. This includes:

• Impersonating a real person, public figure, organisation, government or brand without permission;
• Generating non-consensual deepfakes, voice clones or sexual imagery of real people;
• Creating realistic-looking communications from a recipient's bank, employer or government to induce action;
• Producing political messaging that misrepresents the speaker's identity or affiliation;
• Producing fake reviews, fake engagement, fake academic submissions, or fake legal/medical credentials.

Satire, parody and clearly-labelled fiction are not deception. Use your judgment.

07Privacy violations

You may not use ATLAS to:

• De-anonymise individuals;
• Aggregate personal information for the purpose of surveillance, social scoring, or unauthorised credit decisions;
• Track an individual's location, communications or relationships without their meaningful consent;
• Process biometric data for identification of natural persons in public spaces;
• Process the personal data of others in a way that violates the DPDP Act, GDPR, CCPA or any other privacy law that applies to you.

08Sexual content

The Services may not be used to generate, request, share or distribute:

• Child sexual abuse material (CSAM) of any kind, regardless of whether the depictions are real, illustrated, animated, or AI-generated;
• Sexual content involving minors;
• Non-consensual sexual content of real people, including intimate imagery shared without consent ("revenge porn") and AI-generated nudes of identifiable people;
• Content that depicts or facilitates sexual exploitation, trafficking or abuse.

Suspected CSAM is reported to the National Cyber Crime Reporting Portal (India), NCMEC and equivalent authorities, with the offending account preserved for investigation.

09Hate speech & harassment

You may not use ATLAS to attack, demean, threaten or dehumanise people on the basis of protected characteristics — including caste, race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, age, disability, serious medical condition or refugee status.

You may not use the Services to organise targeted harassment, sustained hate campaigns, or mass-reporting attacks against any individual or group.

10High-risk & regulated uses

Some uses are not blanket-prohibited but require additional safeguards. If you operate in any of the following areas, you must implement qualified human review and meet the standards of your industry:

• Healthcare, medical diagnosis, drug dosing or treatment recommendations;
• Legal advice, regulatory filings, court submissions;
• Financial advice, lending, insurance underwriting, securities trading;
• Employment, housing, credit and other consequential automated decision-making;
• Critical infrastructure (energy, water, transport, telecommunications);
• Election integrity, political campaigning, government communications;
• Use cases that the EU AI Act classifies as "high-risk".

The Services are not certified for life-safety or autonomous-vehicle use. Do not deploy ATLAS in a path where its failure can cause serious physical injury or death.

11Abuse of the Service

You may not:

• Share or sell access to your account, or use someone else's account without authorisation;
• Operate multiple accounts to circumvent rate limits, credit caps or trial restrictions;
• Reverse engineer, scrape, or extract our prompts, embeddings, model outputs or proprietary data sets;
• Resell ATLAS access to your customers as a wrapper service without our written permission;
• Use the Services to train or evaluate competing AI products;
• Interfere with our infrastructure, attempt to overload it, or disrupt other users' access.

12Agent-specific rules

Because ATLAS controls a real computer and connected accounts, additional rules apply:

• Do not direct ATLAS to act in services you do not control or have not been authorised to use;
• Do not direct ATLAS to violate the terms or rate limits of any third-party service it uses on your behalf;
• Do not configure ATLAS to operate as an unattended worker on critical systems without appropriate human oversight;
• Do not use ATLAS to send unsolicited bulk messages on Telegram, Discord, Slack, WhatsApp, email or any other channel;
• Do not disable, bypass or attempt to defeat the safety features built into ATLAS — sandboxing, secrets-sanitiser, the AUP enforcement guard, the spending caps, or the audit log.

13India: prohibited content under IT Rules 2021

If you are accessing the Services from India, or your content has effects in India, you specifically agree not to host, display, upload, modify, publish, transmit, store, update or share any content that:

• Belongs to another person and to which the user does not have any right;
• Is defamatory, obscene, pornographic, paedophilic, invasive of another's privacy including bodily privacy, insulting or harassing on the basis of gender, libellous, racially or ethnically objectionable, relating or encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the laws of India;
• Is harmful to a child;
• Infringes any patent, trademark, copyright or other proprietary right;
• Violates any law for the time being in force;
• Deceives or misleads the addressee about the origin of the message, or knowingly and intentionally communicates any misinformation or information which is patently false and untrue or misleading in nature;
• Impersonates another person;
• Threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence, or prevents investigation of any offence, or is insulting other nation;
• Contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;
• Is patently false or untrue, written or published in any form, with the intent to mislead or harass a person, entity or agency for financial gain or to cause any injury to any person.

This list mirrors Rule 3(1)(b) of the IT Rules 2021 and supplements (does not replace) the rest of this AUP.

14Enforcement

If we find a violation, our response will depend on its severity, your history, and any harm caused. Possible actions include:

• Refusing a single request;
• Issuing a written warning;
• Restricting account features (lower model tier, fewer credits, slower responses);
• Suspending or terminating the account;
• Banning the device, organisation or individual;
• Reporting to law enforcement and preserving relevant evidence.

Severe violations — CSAM, threats of violence, large-scale fraud or attacks on critical infrastructure — result in immediate termination, evidence preservation and referral to authorities. We may notify affected third parties when appropriate.

If you believe an enforcement action against you was a mistake, you may appeal by writing to trust@xagilab.com within 30 days.

15Reporting violations

If you believe someone is using ATLAS in a way that violates this AUP, or you have encountered a security vulnerability, please report it to:

• Abuse: abuse@xagilab.com
• Security: security@xagilab.com
• Trust & Safety: trust@xagilab.com

Include enough detail for us to investigate (URLs, timestamps, account identifiers if you know them). Reports are kept confidential to the extent permitted by law.

16Contact