Acceptable Use Policy

Document version: 1.1 · Effective: June 10, 2026

Prospectr Marketing Inc (DBA Prospectr Digital), a Minnesota corporation founded in 2006. Address: 3508 W 22nd St, Minneapolis, MN 55416, USA. Phone: (612) 293-0179. Email: info@prospectrdigital.com. Tagline: Every Channel. One Team. Engineered for Performance.
Download the full Acceptable Use Policy (v1.1, PDF).

Entity. Prospectr Marketing Inc (DBA Prospectr Digital), a Minnesota corporation, operating the Sovereign and Steward services (collectively, the “Services”).

This Acceptable Use Policy (the “AUP”) is part of the Sovereign and Steward Terms of Service and is incorporated by reference into the Master Services Agreement (MSA) executed with paying customers. By accessing or using the Services, you agree to this AUP. We may update this AUP from time to time. Material changes will be communicated in advance.

This AUP applies to:

• Sovereign (customer-hosted): the Sovereign agent runtime, deployment artifacts, agent skills, the Sovereign admin console, the Sovereign API, the Sovereign documentation, and any related developer tools — wherever Customer deploys them, including in Customer’s own AWS, GCP, or Azure account.
• Steward (Prospectr-hosted): the Steward skill library, the Steward managed runtime hosted by Prospectr, the Steward admin console, the Steward API, and any related developer tools.

0. Sovereign vs Steward — Two Hosting Models, Two Risk Boundaries

0.1. Sovereign (customer-hosted)

Sovereign deploys the agent runtime, skills, console, and data plane into the Customer’s own cloud account (AWS, GCP, or Azure). Customer:

• owns and pays for the underlying cloud infrastructure;
• holds the cryptographic keys, the secrets, and the network perimeter;
• is the data controller for everything stored in or processed by the deployment;
• bears primary responsibility for AUP compliance within their deployment, including compliance with applicable laws and the terms of any Third-Party Provider (Anthropic, OpenAI, Google, AWS, Microsoft Azure) whose models or APIs the deployment calls.

For Sovereign, Prospectr’s enforcement is principally upstream (license, update channel, model-provider quota) rather than direct.

0.2. Steward (Prospectr-hosted)

Steward runs on shared infrastructure operated by Prospectr on the Customer’s behalf, under a multi-tenant SaaS model with logical isolation between tenants. Prospectr can and will throttle, suspend, or terminate any tenant whose use materially endangers other tenants, Prospectr’s infrastructure, our Third-Party Providers’ terms, or applicable law. Stricter AUP scrutiny applies to Steward.

0.3. Per-tenant quotas (Steward)

Unless a higher limit is specified in your Order Form, each Steward tenant is subject to the following rolling-30-day ceilings:

• Starter ($500/mo): 1 skill, 100K outbound API calls, 5 GB storage
• Growth ($1,500/mo): up to 3 skills, 300K outbound API calls, 25 GB storage
• Pro ($2,500/mo): up to 5 skills, 750K outbound API calls, 75 GB storage
• Enterprise SLA add-on (+$1,999/mo): as contracted

LLM tokens are billed pass-through at Prospectr’s wholesale agency rate, up to the plan budget. Sovereign deployments are not bound to these ceilings — Sovereign Customers are constrained only by their own cloud account limits.

1. Prohibited uses

Except as we otherwise agree in writing, or to the extent a restriction is prohibited by law, you agree not to do — and not to assist, permit, or enable any third party to do — any of the following:

1.1. Technical and integrity restrictions

• Reverse engineer, decompile, or decode any part of the Services;
• Use any robot, spider, scraper, or other automated means to access, collect, or record the Services (except as permitted by Section 2);
• Copy, rent, lease, sell, sublicense, or create derivative works of the Services;
• Interfere with, compromise, or attempt to decipher transmissions of the Services;
• Generate or transmit viruses, worms, malware, or other harmful code;
• Overload, flood, spam, or interfere with the Services or other users’ use of them.

1.2. Competitive restrictions

• Use the Services to develop competing agent runtimes, foundation models, or other large-scale models, except as permitted by the Research and Interoperability Carve-Out in Section 2;
• Circumvent our pricing, fees, or restrictions on access.

1.3. Identity and credential restrictions

• Use a log-in credential other than your own, or share authentication credentials outside your authorized organization;
• Impersonate another person, hide your identity, or use the Services for phishing or fraud;
• Imply an endorsement by or affiliation with us beyond your permitted use.

1.4. Content restrictions — what you may not store, process, or generate

You may not use the Services in any manner that:

• Infringes any applicable law, regulation, contractual obligation, or right of any person, including intellectual property and privacy rights;
• Is fraudulent, deceptive, or defamatory, including phishing;
• Promotes hatred, violence, or harm against any individual or group;
• Sends unsolicited communications in violation of CAN-SPAM, GDPR consent rules, CASL, or similar regimes.

Outbound email — explicit compliance requirements. When you use the Services to send commercial email, you represent and warrant that:

• Every recipient was lawfully obtained (consent, opt-in, or documented GDPR Art. 6(1)(f) legitimate interest with balancing test on file);
• Every message complies with CAN-SPAM §5 (accurate headers, non-deceptive subject, postal address, working unsubscribe honored within 10 business days);
• For recipients in the EEA, UK, or other prior-consent jurisdictions (CASL, Australia Spam Act, etc.), the consent or exemption is documented;
• The sending domain has SPF, DKIM, and DMARC configured at p=quarantine or stricter (Steward enforces this baseline);
• You maintain a suppression list of all unsubscribes and bounces;
• In any 30-day window, you do not exceed a hard bounce rate of 5%, a spam-complaint rate of 0.3%, or a sustained sending pace that degrades shared sender reputation on Steward.

You may not include in any Input or attempt to generate Output containing:

• PCI-regulated data (except under a compliant contracted configuration);
• Government-issued personal identifiers (SSN, driver’s license, passport) except in documented business operations;
• Biometric identifiers;
• Health information subject to HIPAA or CMIA except under a Business Associate Agreement;
• “Sensitive personal information” or “special categories of data” absent the applicable lawful-basis;
• Data subject to ITAR, EAR, or similar export-control law;
• Personal information of children under 13 (or the applicable age of digital consent).

1.5. High-risk use restrictions

You may not use the Services or Output:

• In hazardous environments or critical systems where failure may lead to bodily injury or death (aviation, nuclear, life support, weapons systems);
• As a substitute for professional medical advice or for any clinical purpose under regulatory oversight (non-clinical research, scheduling, and billing are not restricted);
• To develop biological, chemical, nuclear, or radiological weapons or other weapons of mass destruction;
• For mass surveillance, racial profiling, or other human-rights violations;
• For fully automated decision-making in connection with significant legal or property rights, unless deployment includes meaningful human review and required disclosures (including under the EU AI Act);
• In any manner that impersonates a human or conceals the AI nature of an interaction;
• In any use considered “high-risk” under the EU AI Act, the Colorado AI Act, the Texas Responsible AI Governance Act, or similar laws, unless Customer has implemented the required compliance measures and notified Prospectr in writing.

1.6. Output integrity

• Suggesting Output is human-generated, or stripping AI watermarks/metadata;
• Using Outputs for (i) automatic ticket purchasing; (ii) lotteries, raffles, or gambling; (iii) cryptocurrency/NFT/virtual-currency trading or speculation; (iv) SEO manipulation; (v) classified-site or resale-site posting in violation of those platforms’ terms; (vi) generating fake reviews, testimonials, or social proof.

2. Research and Interoperability Carve-Out

The following are permitted notwithstanding Sections 1.1 and 1.2:

• Good-faith competitive research, journalism, and academic study via ordinary human-driven interaction with publicly accessible surfaces;
• Customer-permitted automated access to Customer’s own Sovereign instance through documented APIs;
• Interoperability development via documented APIs;
• Security research under our Coordinated Vulnerability Disclosure Policy.

Research outputs may be published with attribution, provided they do not include our proprietary code and do not violate intellectual-property law independent of this AUP.

3. Third-Party Provider pass-through

Use of the Services is subject to the policies of the Third-Party Providers whose models and infrastructure the Services use, as updated from time to time, including:

• Anthropic Acceptable Use Policy — https://www.anthropic.com/legal/aup
• OpenAI Usage Policies — https://openai.com/policies/usage-policies
• Google Generative AI Prohibited Use Policy — https://policies.google.com/terms/generative-ai/use-policy
• AWS Acceptable Use Policy — https://aws.amazon.com/aup/

A breach of any Third-Party Provider’s terms is, in addition, a breach of this AUP. A current sub-processor list is published in the Privacy Policy.

4. No-training pledge (raw data); aggregated-data opt-out

We will not, and will not permit any Third-Party Provider to, use raw Customer Input or Output to train any generative AI model used to provide the Services or any other product, without Customer’s prior written consent. This pledge applies whether the Service runs on Customer’s own AWS account (Sovereign) or on infrastructure operated by Prospectr (Steward).

4.1. Aggregated-data carve-out (opt-out)

Consistent with MSA §7.4, Prospectr may use de-identified, aggregated data derived from the Services to operate, secure, and improve the Platform, provided such data does not identify Customer or Customer’s end users. Customer may opt out of this aggregated-data use by sending written notice to legal@prospectrdigital.com at no additional fee. The carve-out does not permit use of raw Customer Input or Output, use of any data that could re-identify Customer, or sale of aggregated data to third parties.

5. Reporting violations

Believe another user is violating this AUP? Email abuse@prospectrdigital.com. We reserve the right to report apparent legal violations to law enforcement and to cooperate with investigations.

6. Enforcement and consequences

Violation may result in, at our discretion:

• Written warning and request to cure;
• Temporary suspension of the affected Service or account;
• Termination of the affected Service or account, per the Terms of Service;
• Referral to law enforcement;
• Forfeiture of prepaid fees attributable to the period of violation, where willful or repeated.

Where reasonable and lawful, we will provide notice and an opportunity to cure before terminating for AUP violations.

7. Coordinated Vulnerability Disclosure

Report security vulnerabilities to security@prospectrdigital.com. Do not publicly disclose until we have had a reasonable opportunity to investigate and remediate (typically 90 days). We will not pursue legal action against good-faith researchers who follow this process and do not access Customer data beyond what is strictly necessary to demonstrate the vulnerability.

8. Contact

Questions about this AUP: legal@prospectrdigital.com.

Prospectr Marketing Inc (DBA Prospectr Digital)
3508 W 22nd St
Minneapolis, MN 55416
USA
(612) 293-0179 · info@prospectrdigital.com