DocsFlow - Turn Documents Into Instant Answers

Acceptable Use Policy

Effective date: April 21, 2026

This Acceptable Use Policy ("AUP") is part of the DocsFlow Terms of Service. It describes how you and your end users may use the Service. Capitalized terms have the meaning given in the Terms. We may update this AUP from time to time; material changes follow the same notice procedure as in Section 21 of the Terms.

1. General principles

When you use DocsFlow, you agree to:

  • Comply with all applicable laws and regulations.
  • Only upload content you have the legal right to upload.
  • Respect the privacy and rights of third parties whose information appears in your Customer Content.
  • Maintain the security of your credentials and promptly report compromises.

2. Prohibited content and data categories

You must not upload or process through the Service:

  • Protected Health Information (PHI) covered by HIPAA or equivalent health privacy laws, unless we have signed a Business Associate Agreement with you. We do not currently sign BAAs and the Service is not HIPAA-compliant.
  • Payment card data (card numbers, CVVs, track data) covered by PCI-DSS. We are not a PCI-DSS environment.
  • Government classified information, controlled unclassified information (CUI), FedRAMP-scoped data, or data covered by ITAR or EAR controls requiring US-person handling, unless we have agreed in writing.
  • Information about minors under 13 (or under the higher age of digital consent in the relevant jurisdiction, e.g. 16 under GDPR).
  • Biometric identifiers (fingerprints, faceprints, retina or iris scans, voiceprints used for identification) collected in jurisdictions with biometric privacy laws (e.g., Illinois BIPA, Texas CUBI) unless you have obtained the specific consents required by those laws.
  • Data of any individual or entity on a sanctions list maintained by the United Nations, European Union, United Kingdom, or US OFAC.
  • Malicious code, malware, ransomware, or content designed to probe or compromise the Service or any third-party system.
  • Content that infringes any copyright, trademark, trade secret, patent, publicity, or privacy right of a third party.
  • Content that is illegal in your jurisdiction or the jurisdiction of the data subject, including child sexual abuse material, material depicting non-consensual intimate imagery, or material that incites violence.

3. Prohibited uses

You must not use the Service to:

  • Violate any law, regulation, or contractual obligation.
  • Generate legal, tax, medical, investment, or other regulated professional advice to third parties in a way that constitutes the unauthorized practice of that profession in any jurisdiction.
  • Impersonate any person or misrepresent your affiliation with any person or organization.
  • Harass, threaten, defame, or discriminate against any individual or group.
  • Scrape, crawl, or automate access to the Service in a way that exceeds documented rate limits, circumvents protections, or imposes an unreasonable load on our infrastructure.
  • Attempt to access any account, workspace, or data other than your own, or to bypass tenant isolation, authentication, or encryption.
  • Reverse-engineer, decompile, or disassemble any part of the Service, except to the extent expressly permitted by law.
  • Use the Service to train, fine-tune, benchmark, or evaluate any machine-learning model that competes with DocsFlow.
  • Use the Service to make automated decisions that have legal or similarly significant effects on individuals (e.g., credit eligibility, hiring, insurance underwriting, criminal justice) without meaningful human review.

4. Guidance for regulated professions

If you are a lawyer, accountant, tax preparer, financial adviser, healthcare provider, or other regulated professional, you must use the Service in a way consistent with your independent professional obligations, including:

  • Legal professionals: ABA Model Rules 1.1 (competence), 1.6 (confidentiality), and 5.3 (supervision of non-lawyer assistants), plus applicable state bar rules and any formal opinions on generative AI use (e.g., ABA Formal Opinion 512).
  • US tax and accounting professionals: IRS Circular 230 (31 C.F.R. Part 10), the GLBA Safeguards Rule (16 C.F.R. Part 314), IRS Publication 4557, AICPA standards, and applicable state board rules.
  • All regulated professionals: You must independently verify all Output before relying on it in client work, court filings, regulatory submissions, or any decision affecting a third party.

5. Third-party data and consent

When Customer Content contains personal data about third parties (e.g., clients, opposing parties, employees, custodians), you are responsible for:

  • Ensuring you have a lawful basis under applicable data protection laws (including the GDPR, UK GDPR, CCPA/CPRA, and any other applicable privacy regulation) to upload that data.
  • Providing the notices required by those laws to the individuals whose data you upload.
  • Honoring any access, deletion, or objection rights those individuals exercise against you.

6. Enforcement

We may take any of the following actions if we believe you have violated this AUP:

  • Remove or quarantine specific Customer Content.
  • Suspend affected Users or workspaces.
  • Terminate your account under Section 14 of the Terms.
  • Report conduct to law enforcement or regulators where required by law.

Where practicable and lawful, we will give you notice and an opportunity to cure before taking action, but we may act immediately if there is a material security risk, suspected fraud, or a legal obligation to act.

7. Reporting

To report a suspected AUP violation, abuse, or security concern, email abuse@docsflow.app. Security vulnerabilities can be reported to security@docsflow.app.