Acceptable Use Policy

Effective Date: January 2, 2026

This Acceptable Use Policy ("AUP") governs your use of the CAIO Bridge platform and all related services, features, and functionality (collectively, the "Platform"). This AUP is incorporated into and forms part of our Platform Terms of Service.

By using the Platform, you agree to comply with this AUP. Violation of this AUP may result in suspension or termination of your account and legal action where appropriate.

1. General Conduct

1.1 Lawful Use

You may only use the Platform for lawful purposes. You must comply with all applicable local, state, national, and international laws and regulations.

1.2 Authorized Access

You may only access the Platform using your own account credentials. You may not share credentials, access others' accounts without authorization, or circumvent access controls.

1.3 Accurate Information

You must provide accurate information when creating your account and using the Platform. You may not misrepresent your identity or affiliation.

2. Prohibited Content

You may not create, upload, store, or transmit content that:

2.1 Is Illegal

• Violates any law or regulation
• Infringes patents, trademarks, copyrights, trade secrets, or other intellectual property rights
• Violates privacy rights or data protection laws
• Constitutes fraud, false advertising, or deceptive practices

2.2 Is Harmful

• Is defamatory, libelous, or slanderous
• Is obscene, pornographic, or sexually explicit
• Promotes violence, hatred, or discrimination
• Harasses, threatens, or intimidates others
• Exploits children in any way
• Promotes self-harm or dangerous activities

2.3 Is Malicious

• Contains viruses, malware, or other harmful code
• Is designed to phish or steal credentials
• Is intended to defraud or deceive recipients

2.4 Is Misleading

• Impersonates another person or entity
• Contains false or misleading information
• Creates false urgency or uses deceptive tactics

3. Email Outreach Rules

3.1 Consent Requirements

You may only send emails to recipients who have:

• Explicitly consented to receive communications from you, OR
• An existing business relationship with you, OR
• Provided their contact information in a context where commercial communication would be reasonably expected

3.2 Prohibited Practices

You must not:

• Send unsolicited bulk email (spam)
• Use purchased, rented, scraped, or harvested email lists
• Send emails to addresses obtained without consent
• Use deceptive subject lines or misleading content
• Hide or obscure your identity or affiliation
• Send emails with malicious attachments or links
• Exceed reasonable sending volumes (see Section 3.5)

3.3 Required Content

All outreach emails must include:

• Accurate "From" name and email address
• Clear identification of the sender
• Valid physical mailing address
• Clear and conspicuous unsubscribe mechanism
• Subject line that accurately reflects content

3.4 Unsubscribe Handling

• Honor all unsubscribe requests within 10 business days
• Do not require recipients to log in or pay to unsubscribe
• Do not send additional emails to unsubscribed addresses
• Maintain accurate suppression lists

3.5 Sending Limits

To maintain deliverability and prevent abuse:

Account Type	Daily Limit	Warm-up Period
New accounts	50 emails/day	First 14 days
Established accounts	200 emails/day	N/A
High-volume (approved)	Custom	Contact support

Limits may be adjusted based on complaint rates and engagement metrics.

3.6 Monitoring and Enforcement

We monitor:

• Bounce rates (hard bounces should be under 3%)
• Spam complaint rates (should be under 0.1%)
• Unsubscribe rates
• Sending patterns and volumes

Accounts exceeding these thresholds may have outreach features suspended pending review.

4. LinkedIn and Social Media Automation

4.1 Platform Compliance

You must comply with the terms of service of any social media platform you connect, including:

• LinkedIn User Agreement
• X (Twitter) Terms of Service

4.2 Responsible Automation

When using automation features, you must:

• Use realistic delays between actions
• Stay within platform rate limits
• Not create fake or duplicate accounts
• Not automate engagement with false or misleading content
• Not use automation to harass or spam users

4.3 LinkedIn-Specific Rules

• Connection requests must be genuine and relevant
• Messages must be personalized and valuable to the recipient
• Do not mass-message with identical content
• Respect connection limits and cool-down periods
• Stop automation if you receive platform warnings

4.4 Risk Acknowledgment

You acknowledge that:

• Automation carries risk of platform enforcement action
• Your accounts may be restricted or banned by platforms
• CAIO is not responsible for platform enforcement actions
• You use automation features at your own risk

5. Call Recording

5.1 Consent Requirements

Before recording any call, you must:

• Understand the consent requirements in your jurisdiction AND the jurisdiction of the person you are calling
• Obtain appropriate consent from all parties where required
• Provide clear disclosure that the call is being recorded

5.2 Jurisdiction Overview

In the United States:

• One-party consent states: Only one party (you) needs to consent
• All-party consent states: Every participant must consent (includes California, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Oregon, Pennsylvania, Washington)

International calls may have additional requirements. When in doubt, always obtain explicit consent.

5.3 Best Practices

• Begin calls with a clear recording disclosure: "This call may be recorded for quality and training purposes"
• Wait for verbal acknowledgment before proceeding
• If a participant objects, disable recording for that call
• Document consent in your CRM or call notes

5.4 Prohibited Uses

You must not:

• Record calls without required consent
• Use recordings for purposes beyond what was disclosed
• Share recordings with unauthorized parties
• Record calls in jurisdictions where you have not verified legal requirements

5.5 Data Handling

• Recordings are stored securely and processed according to our Privacy Policy
• AI analysis extracts business insights (summaries, action items) from transcripts
• You may request deletion of specific recordings at any time
• Recordings are retained according to your workspace settings and our retention schedule

6. AI Content Generation and Agent Capabilities

6.1 Responsible Use

When using AI-generated content or AI agent features, you must:

• Review all content before publication, sending, or external use
• Edit content to ensure accuracy, appropriateness, and compliance with applicable law
• Take full responsibility for published or transmitted AI-generated content
• Monitor agent activity through the Platform's decision queue and activity logs
• Configure appropriate autonomy levels and human approval requirements for agent workflows
• Not rely on AI for legal, medical, or financial advice

6.2 Prohibited AI Uses

You may not use AI features to:

• Generate content that violates this AUP
• Create deceptive, misleading, or fraudulent content
• Impersonate real individuals in outreach or content
• Generate content for illegal purposes
• Attempt to extract training data, reverse-engineer, or circumvent AI model safeguards
• Attempt to "jailbreak" or manipulate AI systems through prompt injection, adversarial inputs, or other techniques designed to bypass safety controls
• Use AI-generated content to create synthetic identities or fake testimonials
• Configure agent autonomy in a way that circumvents legal compliance requirements (e.g., auto-sending outreach without CAN-SPAM compliance)

6.3 Agent Autonomy Responsibilities

When configuring AI agent autonomy:

• Start with conservative autonomy levels and increase only after reviewing agent behavior
• Maintain human approval requirements for all external communications (email, LinkedIn, phone) until you are confident in agent quality
• Regularly review the autonomous action log for quality and compliance
• You remain responsible for all actions taken by agents on your behalf, regardless of autonomy level

7. Contact Data and CRM

7.1 Data Collection

You may only store contact data that:

• You have collected lawfully
• You have appropriate consent or legal basis to process
• You are authorized to use for business purposes

7.2 Data Accuracy

• Maintain accurate and up-to-date contact records
• Remove or correct inaccurate data promptly
• Honor data subject requests (access, correction, deletion)

7.3 Data Enrichment

When using data enrichment features:

• Verify enriched data before relying on it
• Understand that third-party data may be incomplete or outdated
• Comply with third-party data provider terms

8. Security

8.1 Account Security

• Use strong, unique passwords
• Enable multi-factor authentication when available
• Do not share account credentials
• Log out from shared devices
• Report suspected unauthorized access immediately

8.2 Prohibited Security Activities

You must not:

• Attempt to access systems or data without authorization
• Probe, scan, or test system vulnerabilities (without prior written authorization for security testing)
• Circumvent security measures or access controls
• Interfere with or disrupt Platform services
• Introduce malicious code or conduct attacks
• Harvest or collect user data without authorization
• Attempt to access other workspaces or tenant data

8.3 Credential Security

When providing third-party API keys or credentials (BYO Credentials):

• Use API keys with minimum necessary permissions
• Do not share credentials outside your organization
• Rotate credentials periodically
• Immediately revoke credentials if compromise is suspected

9. Resource Usage

9.1 Fair Use

Use Platform resources responsibly. Do not:

• Consume excessive bandwidth or storage
• Run automated processes that strain system resources
• Interfere with other users' access to the Platform

9.2 API Usage

If accessing the Platform via API or browser extension:

• Respect rate limits
• Cache responses when appropriate
• Do not make excessive or unnecessary requests
• Identify your requests with appropriate user agents

10. Reselling and Redistribution

Without prior written authorization, you may not:

• Resell or redistribute Platform access
• Create derivative services based on the Platform
• White-label or rebrand the Platform (except as permitted by your Subscription tier)
• Provide Platform access to third parties outside your organization

11. Reporting Violations

If you become aware of violations of this AUP, please report them to:

• Email: abuse@getcaio.com
• Subject: AUP Violation Report

Include as much detail as possible, including screenshots and account information if available.

12. Enforcement

12.1 Investigation

We may investigate suspected violations and may access account data as necessary to investigate complaints or enforce this AUP.

12.2 Actions

Violations may result in:

• Warning: Notice to cease violating activity
• Feature Suspension: Temporary disabling of specific features (e.g., outreach, AI agents, automation)
• Account Suspension: Temporary suspension of account access
• Account Termination: Permanent termination without refund
• Legal Action: Civil or criminal proceedings where appropriate

12.3 Severity

The action taken depends on the nature and severity of the violation. Serious violations (e.g., illegal activity, malicious content, repeated spam, AI system manipulation) may result in immediate termination without warning.

12.4 Appeals

If you believe an enforcement action was taken in error, you may appeal by contacting support@getcaio.com within 14 days of the action.

13. Changes to This Policy

We may update this AUP from time to time. Changes will be posted on our website with an updated effective date. Continued use of the Platform after changes constitutes acceptance. Material changes will be communicated via email or in-app notification.