Features Pricing FAQ
Log in Try free
GDPR-compliant

Acceptable Use Policy

Version 1.1  ·  Effective date

Article 1. Scope

  1. This Acceptable Use Policy (hereinafter: "AUP") applies to any use of the Practions Service by Customer and Users, and forms part of the Terms of Service. Capitalised terms have the meaning set out in the Terms of Service.
  2. This AUP is a minimum standard. Stricter arrangements in a separate written agreement between Provider and Customer prevail.

Article 2. Prohibited use

Customer and Users are prohibited from using the Service for or in connection with:

  1. Unlawful content, including: a. content that infringes the rights of third parties, including copyright, neighbouring rights, trade-mark rights, image rights and privacy rights; b. discriminatory, inciting, defamatory or threatening content; c. sexually explicit content involving minors; d. content that is contrary to mandatory professional or medical- disciplinary rules applicable to Customer.
  2. Unlawful conduct toward third parties, including: a. sending unsolicited commercial messages (spam) outside the arrangements Customer has with its Clients; b. phishing, social engineering or identity fraud; c. recording, transcribing or analysing conversations without consent in breach of Article 139a of the Dutch Criminal Code or comparable legislation.
  3. Impairment of the Service or other Customers, including: a. scanning, penetration testing or other security research on the Service without prior written consent of Provider; b. exploiting or disclosing identified vulnerabilities other than under the responsible-disclosure procedure (mandatory via [email protected]); c. denial-of-service-style behaviour, automated scraping or otherwise placing a disproportionate load on the Service; d. circumventing quota, rate-limit or subscription controls; e. reverse-engineering or decompiling the Service, save in so far as mandatory law (including Article 45j Dutch Copyright Act) so permits.
  4. Misuse of AI functionality, including: a. entering prompts or content seeking to take AI output outside the coaching context, such as generating politically extremist, hate-speech or sexually explicit content; b. attempting via the AI assistant to derive or imitate login credentials or other authentication data; c. deliberately feeding the system inaccurate client data to mislead AI output for fraudulent purposes.
  5. Infringement of Client rights: a. processing of special-category personal data without a valid legal basis (Article 9 GDPR); b. sharing substantive session data outside the Service without appropriate safeguards; c. using the Service for purposes outside the coaching relationship, such as employer monitoring or profiling beyond the agreed scope.

Article 3. Customer obligations

  1. Customer ensures an appropriate acceptable-use policy within its own organisation and is responsible for the conduct of its Users, including where Users act in breach of this AUP.
  2. Customer reports suspected breaches of this AUP by its own Users or third parties without undue delay via [email protected].

Article 4. Enforcement

  1. Provider is entitled, upon detection of a (suspected) breach of this AUP, to take one or more of the following measures: a. warning and request to remediate within a reasonable period; b. temporary restriction of certain features (such as AI functionality or the client portal); c. suspension of the Service or the Account; d. termination of the Agreement under Article 16 of the Terms of Service; e. removal of content stored in breach of this AUP; f. notification to a competent authority where statutorily required.
  2. The choice between these measures is reserved to Provider and is made on the basis of the severity and recurrence of the breach.
  3. Provider is not a party to disputes between Customer and Clients and adopts in principle a neutral position. For substantive disputes about the coaching relationship, Provider refers to Customer's professional or dispute-resolution framework.

Article 5. Responsible disclosure

  1. Provider welcomes responsible reporting of security vulnerabilities. Reports may be sent to [email protected].
  2. Provider takes the position that a reporter who acts in good faith, proportionately and without unlawful access to or modification of data will not be pursued civilly or criminally.
  3. Public disclosure of a vulnerability is undertaken only after mutual consultation and, in principle, after a reasonable remediation period.