Acceptable Use Policy

1. INTRODUCTION

This Acceptable Use Policy ("AUP" or "Policy") sets out the standards and rules that govern how you may access and use the Uonyx cloud-based enterprise resource planning platform and all associated products, modules, features, APIs, integrations, and services (collectively, the "Services") provided by Uonyx, a corporation incorporated under the laws of the State of California, with its principal place of business at 7421 Edinger Ave, Huntington Beach, CA 92647, United States ("Uonyx", "we", "us", or "our").

This Policy forms part of and is incorporated into the Master Service Agreement, subscription agreement, Terms of Service, or other governing agreement between you and Uonyx (collectively, the "Agreement"). By accessing or using the Services, you agree to comply with this Policy in its entirety. In the event of any conflict between this Policy and the Agreement, this Policy shall prevail with respect to the matters it covers.

1.1 Who This Policy Applies To

This Policy applies to all individuals and entities who access or use the Services, including:

• Customers who have entered into an Agreement with Uonyx for access to the Services;
• Authorised Users, meaning any individual granted access to the Services by a Customer, including employees, contractors, agents, and representatives;
• Account administrators who configure, manage, or provision the platform on behalf of a Customer;
• Developers who access the Services through Uonyx's application programming interfaces (APIs), webhooks, integrations, or developer tools; and
• Any other person or entity that accesses or interacts with the Services in any capacity.

1.2 Scope of the Services

The Uonyx platform is a modular enterprise ERP system used by organisations to manage business operations. The Services include, without limitation, the following modules and capabilities: CRM, Newsletter, Selling, Point of Sale, Buying, Stock and Inventory Management, Manufacturing, Quality Management, Projects, Accounting and Finance, HR and Payroll, Lending, Asset Management, Helpdesk, Raven (communication and collaboration), Telephony, Learning Management System (LMS), Wiki, Drive (Document Management), Healthcare, and Property Management, together with transactional email delivery, SMS and messaging infrastructure, authentication services, AI-powered automation features, and all associated APIs, developer tools, and integrations. This list is illustrative and non-exhaustive; the Services may expand over time.

1.3 Relationship to Other Policies

This Policy should be read alongside Uonyx's Privacy Policy, Data Processing Agreement, and any other policies or guidelines published by Uonyx at https://uonyx.com/legal. In the event of a conflict between this Policy and any such supplementary policies, the terms most protective of the Services, other customers, and third parties shall prevail.

1.4 Consequences of Non-Compliance

Violation of this Policy may result in the suspension or termination of your access to the Services, removal of content, reporting of illegal activity to law enforcement, and/or civil or legal action. Uonyx reserves all rights to take appropriate action, with or without prior notice, where it determines that a violation has occurred or is reasonably suspected.

2. PERMITTED USE OF THE SERVICES

Uonyx grants you a limited, non-exclusive, non-transferable right to access and use the Services solely for lawful, legitimate business purposes and strictly in accordance with: (a) the terms of the Agreement; (b) this Policy; (c) Uonyx's Documentation, as published and updated from time to time; and (d) all applicable laws and regulations in every jurisdiction in which you operate.

2.1 Authorised Business Use

The Services are designed and intended to be used for legitimate, internal business operations. Permitted uses include, without limitation:

• Managing and operating core business processes across the functional modules included in your subscription, including sales, finance, procurement, human resources, manufacturing, customer service, and other ERP workflows;
• Using the Services to manage, store, and process business data, documents, and records in the ordinary course of your operations;
• Communicating with your own customers, employees, suppliers, and business partners through the platform's messaging, email, and telephony features, in compliance with all applicable communications laws;
• Integrating the Services with third-party applications and platforms through Uonyx's official APIs and integration tools, in accordance with Uonyx's API Documentation;
• Using Uonyx's AI and automation features to support and streamline legitimate internal business workflows; and
• Training your authorised personnel in the use of the Services for the above purposes.

2.2 Authorisation and Account Security

You are responsible for ensuring that all Authorised Users who access the Services on your behalf are aware of and comply with this Policy. You must maintain appropriate controls over account credentials, access permissions, and user authorisations, and must promptly revoke access for any individual who is no longer authorised to use the Services. You are liable for all activities conducted under your account.

2.3 Compliance with Documentation

You must use the Services in accordance with Uonyx's technical Documentation, API specifications, and operational guidelines, as updated from time to time. Use of the Services in a manner inconsistent with or in excess of the parameters described in the Documentation may constitute a violation of this Policy.

3. PROHIBITED ACTIVITIES

Important: The following activities are strictly prohibited when using the Uonyx Services. This list is not exhaustive. Uonyx reserves the right to determine, in its reasonable discretion, whether any use constitutes a violation of this Policy.

3.1 Illegal and Unlawful Activities

You must not use the Services to engage in, facilitate, or promote any activity that violates applicable law or regulation, including but not limited to:

• Violating any local, state, national, or international law or regulation applicable to your business operations or use of the Services;
• Facilitating, enabling, or participating in any form of fraud, financial crime, money laundering, bribery, tax evasion, or corruption;
• Processing, transmitting, or distributing content that is defamatory, obscene, hateful, discriminatory, or otherwise unlawful under applicable law;
• Engaging in activities that violate export control laws, trade sanctions, or embargo restrictions, including providing Services to persons or entities listed on applicable restricted party lists;
• Infringing the intellectual property rights, privacy rights, or other legal rights of Uonyx or any third party; and
• Using the Services for any purpose that is expressly prohibited by law or that would cause Uonyx to violate applicable law.

3.2 Security Violations

You must not attempt to compromise the security, integrity, or availability of the Services or any connected systems, including but not limited to:

• Attempting to gain unauthorised access to the Services, any Uonyx infrastructure, or any data, accounts, or systems belonging to other Uonyx customers or third parties;
• Probing, scanning, testing, or assessing the vulnerability of the Services or Uonyx's network or infrastructure without Uonyx's prior written authorisation;
• Circumventing, disabling, or otherwise interfering with authentication mechanisms, access controls, security features, encryption, or other protective measures;
• Intercepting, monitoring, or collecting communications, data, or information transmitted through the Services without authorisation;
• Impersonating Uonyx, any Uonyx employee, another customer, or any third party to gain unauthorised access or to deceive other users; and
• Exploiting any security vulnerability in the Services. If you discover a vulnerability, you must report it responsibly to security@uonyx.com in accordance with Section 7 of this Policy and must not exploit or disclose it.

3.3 Platform Abuse

You must not misuse or abuse the Services or Uonyx's infrastructure, including but not limited to:

• Excessive API Usage: Generating API request volumes that are disproportionate to legitimate business use, that exceed documented rate limits, or that degrade the performance or availability of the Services for other customers;
• Automated Scraping or Harvesting: Using automated tools, bots, scripts, or other mechanisms to scrape, crawl, extract, or harvest data from the Services without Uonyx's prior written consent;
• Denial of Service: Conducting, initiating, or facilitating denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks, or load testing or stress testing the Services without prior written authorisation;
• Reverse Engineering: Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code, underlying algorithms, or technical architecture of the Services or any component thereof;
• Benchmarking: Using the Services to conduct benchmarking, competitive analysis, or performance testing for the purpose of developing a competing product or service without Uonyx's prior written consent;
• Resale Without Authorisation: Sublicensing, reselling, or otherwise commercialising access to the Services to third parties without Uonyx's prior written authorisation; and
• Framing and Mirroring: Framing, mirroring, or reproducing any portion of the Services on another website or application without Uonyx's prior written consent.

3.4 Malicious Software and Harmful Code

You must not introduce, upload, transmit, distribute, or deploy any form of malicious, harmful, or disruptive software or code through or in connection with the Services, including but not limited to:

• Malware, spyware, adware, ransomware, worms, trojans, rootkits, or any other software designed to damage, disable, or gain unauthorised access to any system, network, or data;
• Viruses or any other code that replicates or propagates itself through networks or systems;
• Code designed to disrupt, impair, or interfere with the operation of the Services, Uonyx's infrastructure, or any third-party systems; and
• Time bombs, logic bombs, or any other programmatic mechanisms designed to cause disruption, deletion, or data corruption at a future time or upon a triggering event.

3.5 Communications Abuse

Because the Uonyx platform includes email delivery, SMS messaging, telephony, and messaging API capabilities, the following communications-related activities are strictly prohibited:

• Spam and Unsolicited Bulk Messaging: Sending, transmitting, or facilitating unsolicited bulk commercial email, SMS messages, or other communications ('spam') to recipients who have not provided affirmative, documented consent to receive such communications;
• Phishing and Social Engineering: Using the Services to conduct phishing campaigns, spear-phishing attacks, or other social engineering activities designed to deceive individuals into disclosing credentials, financial information, or other sensitive data;
• Fraudulent Communications: Sending communications that contain false, misleading, or deceptive information, including fraudulent representations of identity, origin, or purpose;
• Impersonation: Impersonating Uonyx, any Uonyx employee, another customer, a government entity, a financial institution, or any other person or organisation in communications transmitted through the Services;
• Harassment and Threatening Communications: Using the Services to transmit communications that harass, threaten, bully, stalk, or intimidate any individual;
• Evasion of Unsubscribe Requests: Continuing to send communications to a recipient after receiving an opt-out or unsubscribe request, in violation of applicable anti-spam or communications laws such as CAN-SPAM, CASL, or equivalent regulations; and
• Misuse of Communication Infrastructure: Using Uonyx's transactional email, SMS, or messaging infrastructure for purposes other than legitimate, transactional business communications, including using such infrastructure to send marketing or promotional messages in violation of applicable law.

3.6 Abuse of AI and Automation Features

The Uonyx platform includes AI-powered automation capabilities, automated workflow tools, and AI-assisted features across multiple platform modules. You must not use these features to:

• Generate Harmful or Illegal Content: Use AI features to create, produce, or distribute content that is harmful, hateful, discriminatory, defamatory, illegal, or that infringes the rights of any third party;
• Automated Harassment: Deploy AI or automation features to conduct automated harassment campaigns, send threatening or abusive messages, or engage in any form of automated behaviour designed to harm or intimidate individuals;
• Deceptive AI-Generated Communications: Use AI-generated content or automated communications in a manner designed to deceive recipients about the nature, origin, or authenticity of the communication, including generating fraudulent invoices, contracts, or other business documents;
• Misuse to Exploit Platform Vulnerabilities: Use AI or automation features to probe, exploit, or circumvent platform security controls, rate limits, or access restrictions;
• Unauthorised Training of AI Models: Use the Services or any data extracted from the Services to train, fine-tune, or develop AI or machine learning models that compete with Uonyx or are used for purposes other than your own authorised business operations; and
• Automated Fraud: Use AI or automation features to facilitate financial fraud, identity theft, or any other criminal activity.

4. DATA PROTECTION AND PRIVACY

You are solely responsible for ensuring that your use of the Services complies with all applicable data protection, privacy, and data security laws and regulations, including but not limited to:

• The General Data Protection Regulation (GDPR), EU 2016/679, as applicable to the processing of personal data of individuals in the European Economic Area;
• The UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018;
• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), as amended;
• The Swiss Federal Act on Data Protection (revFADP);
• The Brazilian Lei Geral de Proteção de Dados (LGPD);
• Applicable sector-specific privacy laws governing healthcare (HIPAA), financial services, telecommunications, and other regulated industries; and
• All other applicable national, state, or regional data protection and privacy laws in the jurisdictions in which you operate.

Without limiting the generality of the foregoing, you must not use the Services to:

• Upload, process, or transmit personal data for which you do not have a valid legal basis under applicable data protection law;
• Process special categories of personal data (including health data, biometric data, or other sensitive personal information) without implementing the enhanced safeguards required under applicable law;
• Use the Services to collect or process personal data in a manner that is deceptive, misleading, or inconsistent with the notices provided to data subjects; or
• Transfer personal data across national borders without implementing appropriate transfer safeguards, including the execution of a Data Processing Agreement with Uonyx where required.

Where you use the Uonyx platform to process personal data on behalf of your own customers or employees, you are acting as a data controller and Uonyx acts as a data processor on your behalf. You must execute Uonyx's Data Processing Agreement (available at https://uonyx.com/legal/dpa) before uploading or processing any personal data subject to GDPR or equivalent data protection obligations.

4.1 Children's Data

You must not use the Services to collect, process, or store personal data relating to children under the age of thirteen (13) in the United States, or under the applicable minimum age in other jurisdictions, without obtaining appropriate parental or guardian consent and implementing any additional safeguards required under applicable law, including the Children's Online Privacy Protection Act (COPPA) and equivalent legislation.

4.2 Healthcare and Regulated Data

If you use the Services to process Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), you must execute a Business Associate Agreement (BAA) with Uonyx prior to processing any such data. Uonyx's Healthcare module and HIPAA-eligible configuration options are designed to support such use cases when properly configured and covered by an executed BAA.

5. PROTECTION OF THE PLATFORM AND OTHER USERS

The Uonyx platform serves a large and diverse community of enterprise customers. Every customer's use of the Services affects the experience, performance, and security of all other customers. Accordingly, you must take all reasonable steps to use the Services responsibly and to protect the platform's integrity and availability.

5.1 No Disruption of Service

You must not take any action that intentionally or recklessly disrupts, degrades, impairs, or interferes with the availability, performance, or integrity of the Services, or with other customers' ability to access and use the Services, including:

• Generating excessive or disproportionate loads on Uonyx's infrastructure, network, or servers;
• Transmitting data volumes that exceed the operational parameters of your subscription plan or Uonyx's published usage guidelines;
• Deploying automated processes that consume platform resources in a manner that is detrimental to platform performance or other customers' use; and
• Taking any action that causes Uonyx's IP addresses, domains, or messaging infrastructure to be blacklisted, blocked, or reported as a source of spam or abuse.

5.2 Responsible Use of Shared Infrastructure

Because the Uonyx platform operates on shared cloud infrastructure, you must use the Services in a manner that is consistent with fair use principles and that does not unreasonably consume shared resources. Uonyx reserves the right to implement rate limits, usage caps, and technical controls to protect the stability and availability of the Services for all customers.

5.3 No Interference with Other Customers

You must not use the Services to access, monitor, collect, or interfere with data, accounts, systems, or operations belonging to or associated with other Uonyx customers. Uonyx's multi-tenant architecture is designed to ensure logical isolation between customers. Any attempt to circumvent or exploit tenant isolation controls is a material violation of this Policy and may constitute a criminal offence.

5.4 Responsible Disclosure

If you discover or become aware of a vulnerability, security issue, or unintended behaviour in the Services that could compromise the security or integrity of the platform or affect other customers, you are required to report it promptly to security@uonyx.com in accordance with Uonyx's Responsible Disclosure Policy. You must not publicly disclose, exploit, or share such vulnerability information without Uonyx's prior written authorisation.

6. MONITORING AND ENFORCEMENT

Uonyx takes violations of this Policy seriously. We maintain the right and responsibility to protect the Services, our customers, and third parties from harmful, unlawful, or abusive use.

6.1 Monitoring

Uonyx may, but is not obligated to, monitor use of the Services to detect violations of this Policy, security incidents, anomalous usage patterns, and potential legal or regulatory compliance issues. Such monitoring may include automated analysis of usage data, traffic patterns, API activity, and communications metadata. Uonyx's monitoring activities are conducted in accordance with its Privacy Policy and applicable law.

6.2 Enforcement Actions

Where Uonyx determines, in its reasonable discretion, that a violation of this Policy has occurred or is reasonably suspected, Uonyx may take one or more of the following actions without prior notice, except where prior notice is required by applicable law or the Agreement:

• Issuing a written warning and requiring corrective action within a specified timeframe;
• Temporarily suspending or restricting your account or the accounts of specific Authorised Users;
• Permanently terminating your access to the Services in accordance with the termination provisions of the Agreement;
• Removing, disabling, or quarantining any content, data, or communications that violate this Policy;
• Throttling or rate-limiting API access or usage of specific platform features;
• Referring violations of applicable law to relevant law enforcement authorities, regulatory bodies, or other competent authorities; and
• Seeking injunctive relief or other legal remedies to prevent ongoing or threatened violations.

6.3 No Liability for Enforcement

Uonyx shall not be liable to you or any third party for any enforcement action taken in good faith in accordance with this Section 6. Enforcement actions do not relieve you of your obligation to pay any fees or amounts outstanding under the Agreement at the time of enforcement.

6.4 Cooperation with Authorities

Uonyx will cooperate with law enforcement, regulatory authorities, and other governmental bodies as required by applicable law. Where Uonyx is required to disclose information in connection with a legal proceeding, investigation, or regulatory enquiry involving your use of the Services, it will seek to provide you with prior notice to the extent permitted by applicable law.

6.5 Customer Responsibility

You are responsible for ensuring that all Authorised Users comply with this Policy. Any violation of this Policy by an Authorised User acting within the scope of their access to your account shall be deemed a violation by you. You are required to take prompt corrective action upon becoming aware of any violation, and must notify Uonyx at legal@uonyx.com if you become aware of any actual or suspected violation.

7. REPORTING VIOLATIONS

Uonyx encourages customers, authorised users, and third parties to report suspected violations of this Policy, abuse of the Services, or security concerns. We review all reports in good faith and will take appropriate action where warranted.

7.1 How to Report

Reports of suspected violations or abuse should be submitted as follows:

7.2 What to Include in a Report

When reporting a suspected violation or security concern, please provide, where possible:

• A clear description of the suspected violation or security issue;
• The date, time, and frequency of the activity;
• Any relevant URLs, IP addresses, account identifiers, or other technical details;
• Copies of or links to any relevant communications or content; and
• Your contact information so that Uonyx may follow up if necessary.

7.3 Responsible Disclosure for Security Issues

If you discover a security vulnerability in the Services, please report it to security@uonyx.com before publicly disclosing it. Uonyx is committed to acknowledging receipt of security reports within forty-eight (48) hours, providing an initial assessment within seven (7) business days, and working in good faith to address confirmed vulnerabilities in a timely manner. Uonyx will not pursue legal action against researchers who report vulnerabilities in good faith and in compliance with responsible disclosure principles.

8. INTELLECTUAL PROPERTY AND PROPRIETARY RIGHTS

The Services, including all software, code, algorithms, AI models, user interface elements, designs, documentation, trademarks, and other materials comprising or relating to the Uonyx platform, are the exclusive intellectual property of Uonyx or its licensors and are protected by applicable intellectual property laws. Nothing in the Agreement or this Policy grants you any ownership interest in the Services.

You must not:

• Remove, alter, or obscure any proprietary notices, trademarks, copyright markings, or other proprietary rights markings on or within the Services;
• Use Uonyx's trademarks, service marks, logos, or trade names in any manner that could cause confusion, imply endorsement, or misrepresent your relationship with Uonyx, without Uonyx's prior written consent;
• Copy, reproduce, or distribute any portion of the Services or Uonyx's proprietary materials without authorisation; or
• Create derivative works based on the Services without Uonyx's prior written consent.

If you submit feedback, ideas, or suggestions regarding the Services, you grant Uonyx a perpetual, irrevocable, royalty-free licence to use and incorporate such feedback for any purpose, without obligation of attribution or compensation to you.

9. THIRD-PARTY SERVICES AND INTEGRATIONS

The Services may be integrated with or linked to third-party applications, platforms, and services ("Third-Party Services"). You acknowledge and agree that:

• Uonyx does not control Third-Party Services and is not responsible for their functionality, availability, security, or compliance with applicable laws;
• Your use of Third-Party Services is governed by the terms and conditions and privacy policies of the respective third-party providers, which you are solely responsible for reviewing and complying with;
• You must use Third-Party Services integrated with Uonyx in accordance with both the applicable third-party terms and this Policy; and
• Uonyx shall not be liable for any harm, loss, or liability arising from your use of Third-Party Services in connection with the Uonyx platform.

If you develop or deploy integrations using Uonyx's APIs, you are responsible for ensuring that your integration complies with Uonyx's API Documentation, Developer Terms, and this Policy, and does not impose unreasonable loads on Uonyx's infrastructure.

10. UPDATES TO THIS POLICY

Uonyx reserves the right to update, modify, or amend this Acceptable Use Policy from time to time to reflect changes in the Services, applicable law, industry standards, or emerging abuse patterns. When we make material changes to this Policy, we will:

• Publish the updated Policy at https://uonyx.com/legal/acceptable-use-policy with a revised 'Last Updated' date;
• Post an announcement within the Uonyx platform and/or on our website; and
• Where required by law or the Agreement, provide direct notification to Customers by email or through the platform.

Your continued access to or use of the Services following the effective date of any changes to this Policy constitutes your acceptance of the updated Policy. If you do not agree to the updated Policy, you must cease using the Services and contact Uonyx at legal@uonyx.com to discuss your options under the Agreement.

We recommend that you review this Policy periodically to stay informed of the standards governing your use of the Services. The current version of this Policy is always available at https://uonyx.com/legal/acceptable-use-policy.

10.1 Contact for Policy Questions

If you have any questions about this Policy, require clarification on whether a specific use case is permitted, or wish to request a permitted use exception, please contact: