Legal

Acceptable Use Policy

Effective date: June 13, 2026

This Acceptable Use Policy (“AUP”) governs your use of the Koji platform, services, and websites (the “Service”), operated by Koji Technologies Inc. (“Koji”). It is incorporated by reference into our Terms of Service. Violations may result in suspension or termination of your account, without refund.

You agree not to use the Service to engage in any of the following.

1. Illegal or harmful content

You may not upload, process, transmit, store, or share content that:

  • Violates applicable law or regulation
  • Infringes any intellectual property, privacy, or other right of any person
  • Constitutes or promotes fraud, deception, or misrepresentation
  • Constitutes child sexual abuse material, exploitation of minors, or non-consensual intimate imagery
  • Incites violence, terrorism, or hatred against any group
  • Defames, harasses, or threatens any person
  • Discloses or facilitates disclosure of another person’s private information without authority

2. Sensitive data without authorization

You may not upload to the Service:

  • Protected health information (“PHI”) subject to HIPAA, PHIPA, or similar laws — unless we have agreed in writing to a Business Associate Agreement or equivalent
  • Cardholder data subject to PCI DSS (full card numbers, magnetic stripe, CVV) — unless we have agreed in writing
  • Information classified under government regulations requiring special handling (e.g., ITAR, EAR-controlled data, classified information)
  • Biometric data, government-issued identifiers (SSNs, SINs, passport numbers), or other sensitive personal identifiers not necessary for the document processing use case

Where you must process documents that incidentally contain such information (for example, names, addresses, or policy numbers on insurance certificates), you remain responsible for ensuring you have authority to process them and that we have appropriate agreements in place where required by law.

3. Service abuse

You may not:

  • Attempt to gain unauthorized access to the Service, other accounts, or our systems
  • Probe, scan, or test the vulnerability of the Service except as part of an authorized security disclosure
  • Circumvent or attempt to circumvent any access controls, authentication, rate limits, or usage allowances
  • Use the Service to overload, disrupt, or impair its operation or the operations of others
  • Reverse engineer, decompile, disassemble, or otherwise attempt to derive source code, models, or underlying algorithms of the Service, except to the extent expressly permitted by applicable law
  • Resell, sublicense, rent, lease, or commercially exploit the Service without our prior written consent
  • Use the Service to build a competitive product or to benchmark for the purpose of competitive intelligence
  • Use automated means (scripts, scrapers, bots) to access the Service in ways inconsistent with documentation, except through our published APIs

4. Malicious or harmful software

You may not transmit through the Service any content that contains viruses, worms, trojans, ransomware, spyware, adware, or any other malicious code, or that is designed to interfere with, disable, damage, or surreptitiously intercept any system, data, or information.

5. Spam and unsolicited communications

You may not use the Service to send, facilitate, or enable unsolicited bulk communications, spam, or other content in violation of applicable anti-spam laws (including Canada’s Anti-Spam Legislation, the US CAN-SPAM Act, and analogous laws).

6. Misrepresentation

You may not:

  • Misrepresent your identity, affiliation, or authority
  • Impersonate any person or entity
  • Use the Service to create deceptive content, including synthetic content presented as authentic, that could harm any person

7. Export and sanctions compliance

You may not use the Service in violation of applicable export controls or trade sanctions, including those administered by Canada, the United States, the United Nations, the European Union, or the United Kingdom. You may not provide access to the Service to persons or entities on applicable sanctions lists.

8. Reporting violations

If you become aware of a violation of this AUP, please report it to abuse@getkoji.dev with sufficient information for us to investigate.

9. Enforcement

We may investigate suspected violations of this AUP and take any action we deem appropriate, including:

  • Issuing warnings
  • Removing content
  • Suspending or terminating accounts
  • Cooperating with law enforcement
  • Pursuing civil or criminal remedies

We may take such action immediately and without notice where we reasonably believe the violation poses an imminent risk to the Service, other customers, or third parties.

10. Updates

We may update this AUP from time to time. We will provide notice of material changes by email or through the Service. The “Effective date” at the top reflects the latest version.

Contact

Reports of abuse: abuse@getkoji.dev General questions: legal@getkoji.dev