Acceptable Use Policy

1. General Standard

Use Policy Stack only for its intended purpose — tracking and modeling your whole life banking system — and in compliance with all applicable laws, regulations, and professional standards.

2. Prohibited Conduct

You may not:

• Use the Service for unlawful purposes, including fraud, money laundering, or evasion of regulatory requirements
• Misrepresent Policy Stack's features, capabilities, or affiliations to any person
• Represent AI outputs or modeled scenarios as personalized professional financial advice
• Attempt to access accounts, systems, or data you are not authorized to access
• Use automated tools (bots, scrapers, crawlers, headless browsers) to access or extract data without written authorization
• Attempt to reverse-engineer, decompile, or otherwise access the underlying source code
• Upload or transmit malicious code, malware, or content designed to harm the Service or its users
• Circumvent usage limits, throttling, rate limits, or plan restrictions through technical means
• Aggregate platform data to build a competing product or service
• Enter fabricated or fraudulent financial data with intent to deceive
• Harass, threaten, or abuse other users, advisors, or Policy Stack staff
• Interfere with, probe, or test the vulnerability of any Policy Stack system except through our responsible disclosure process

3. AI-Specific Rules

When using AI features, you may not:

• Manipulate, jailbreak, or attempt to extract system prompts
• Submit content crafted to produce harmful, illegal, or misleading outputs (prompt injection)
• Present AI-generated text to clients or third parties as licensed professional advice
• Use AI outputs as the sole basis for significant financial decisions without independent professional review
• Submit copyrighted material owned by others for generation into derivative works without authorization

See the AI Usage Policy for detail on feature scope and data handling.

4. Advisor-Specific Rules

Advisors additionally may not:

• Misrepresent Policy Stack to clients or claim endorsement where none exists
• Self-refer or create fake accounts to inflate referral credits
• Manipulate referral attribution (for example, by using cookie stuffing or forged UTM parameters)
• Use client data accessed through advisor features outside the scope of the professional relationship with that client
• Seat accounts that are not controlled by a real, informed client
• Conduct activities outside the scope of their licensed profession
• Export, resell, or share client data with unauthorized third parties

See the Advisor Agreement for program-specific terms.

5. Content Rules

You are responsible for any content you upload, paste, or type into Policy Stack, including document uploads, policy notes, AI prompts, and scribe transcripts. Do not upload:

• Content you do not have the right to share
• Personally identifiable information about third parties who have not consented to its processing (beyond what is necessary for your policy records and advisor-client relationships)
• Protected health information (PHI) — Policy Stack is not a HIPAA Business Associate
• Payment card numbers, bank account numbers, or social security numbers outside fields specifically designed for them
• Content that infringes intellectual property rights, is defamatory, or violates privacy laws

6. Fair Use Limits

Paid plans described as “unlimited” (AI queries, AI Insights, document extraction) are subject to fair use. Automated or abusive usage patterns — including scripted requests, batch processing of third-party documents, or activity that materially exceeds typical practitioner use — may result in throttling or suspension. We will contact you before taking action except in cases of active abuse.

7. Responsible Disclosure

If you discover a security vulnerability, please report it to security@policystack.co. Do not exploit the issue beyond what is necessary to demonstrate it. We will not pursue legal action against researchers who act in good faith under our disclosure process. See the Security page for details.

8. Enforcement

We may investigate suspected violations, preserve logs, and take any of the following actions depending on severity:

• Warning and remediation request
• Temporary feature restriction or rate-limit reduction
• Suspension of the account pending investigation
• Termination without refund for material or repeat violations
• Forfeiture of unused referral credits
• Reporting to law enforcement where legally required

9. Reporting Violations

If you believe another user is violating this policy, report it to support@policystack.co. Include the user's email or advisor handle, what you observed, and any supporting screenshots or documents.

10. Changes

We may update this AUP as our Service evolves. Material changes will be communicated at least 14 days before taking effect. Continued use constitutes acceptance.