Acceptable Use Policy

Illegal or Fraudulent Activity

• •Using the platform to conduct or facilitate any illegal activity
• •Impersonating another person or entity in guest communications
• •Providing materially false or misleading information to guests
• •Using the platform to harass, threaten, or abuse guests or third parties

Data Misuse

• •Using guest personal data obtained through the platform for any purpose outside the contracted service
• •Selling, renting, or sharing guest data with third parties not party to your service agreement
• •Attempting to combine guest data from the platform with external databases for profiling or targeting
• •Retaining or exporting guest data in violation of the DPA or applicable law

Platform Security

• •Attempting to gain unauthorized access to any component of the Dimora AI platform
• •Probing, scanning, or testing the vulnerability of systems without explicit written authorization from Dimora AI
• •Introducing malware, ransomware, or other malicious code into the platform or connected systems
• •Attempting to circumvent authentication controls or rate limits
• •Scraping or bulk-exporting data from the platform other than through provided export tools

Misrepresentation of AI

• •Representing AI-generated communications as written by a human in contexts where this distinction is material
• •Suppressing required disclosures that AI is involved in voice or written communications (per applicable law)

Interference

• •Using the platform in a manner that interferes with or disrupts the service for other Clients
• •Exceeding API rate limits or attempting to circumvent usage controls
• •Reverse-engineering, decompiling, or attempting to extract the source code of any platform component

No Deepfakes or Impersonation Content

• •Do not use platform outputs to generate voice clones, synthetic audio, or video deepfakes of real individuals
• •Do not configure Voice AI to impersonate a named individual without that person's express written consent
• •Do not use AI-generated content to deceive guests about the identity or qualifications of the communicating party

Prohibited Data Inputs

• •No PHI: Do not input protected health information (as defined under HIPAA) into any platform component. Dimora AI is not a HIPAA Business Associate and does not sign BAAs.
• •No children's data: Do not input personal data of individuals under 13 (US) or under 16 (EU/UK) without verifiable parental or guardian consent. Dimora AI is not directed to children and does not knowingly process children's data.
• •No biometrics: Do not use the platform to collect or process biometric identifiers (facial recognition data, fingerprints, retinal scans) as part of guest interactions.

No High-Risk Automated Decision-Making

Do not use AI outputs from Dimora AI as the sole basis for automated decisions that significantly affect individuals in the following domains, without meaningful human review:

• •Employment decisions (hiring, termination, performance evaluation)
• •Credit, lending, or insurance underwriting decisions
• •Educational admissions or assessment
• •Law enforcement, immigration, or asylum decisions

This restriction reflects both EU AI Act high-risk classifications (Annex III) and the general principle that AI tools designed for hospitality operations should not be repurposed for consequential decisions in unrelated domains.

No Prompt Manipulation or Safety Bypass

• •Do not attempt to inject malicious instructions into AI prompts via guest messages or property data (prompt injection)
• •Do not attempt to override, bypass, or circumvent AI safety controls or content policies embedded in the platform
• •Do not train or fine-tune any AI model using platform outputs without express written authorization from Dimora AI

Sanctions Status

• •Customer is not located in, incorporated under the laws of, or a resident of any country or territory subject to comprehensive US, EU, or UK sanctions (including Cuba, Iran, North Korea, Russia, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine as currently sanctioned)
• •Customer is not listed on, and does not act on behalf of any person or entity listed on, the US OFAC Specially Designated Nationals (SDN) list, the EU Consolidated Financial Sanctions List, or the UK OFSI Consolidated Sanctions List
• •Customer will not provide access to the Service to any person or entity that does not meet the criteria above

Export Administration Regulations (EAR)

• •Customer will not export, re-export, transfer, or provide access to the Service or any outputs in violation of the US Export Administration Regulations (15 C.F.R. Parts 730-774)
• •Customer acknowledges that AI software and services may be subject to EAR controls and agrees to comply with all applicable export license requirements
• •Customer will not use Service outputs to provide material support to any person, group, or entity designated as a Foreign Terrorist Organization by the US Department of State

Designated DMCA Agent

Notice of Copyright Infringement (§ 512(c)(3))

To report alleged copyright infringement, your written notice must include all of the following elements required by 17 U.S.C. § 512(c)(3):

1. 1.A physical or electronic signature of the copyright owner or a person authorized to act on their behalf
2. 2.Identification of the copyrighted work claimed to have been infringed (or, if multiple works, a representative list)
3. 3.Identification of the material claimed to be infringing and its location on the platform (URL or sufficient detail to locate the material)
4. 4.Contact information for the complaining party (name, address, telephone number, and email address)
5. 5.A statement that the complaining party has a good-faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law
6. 6.A statement, made under penalty of perjury, that the information in the notice is accurate, and that the complaining party is authorized to act on behalf of the copyright owner

Counter-Notification (§ 512(g)(3))

If you believe that material was removed from the platform in error, you may submit a counter-notification. The counter-notification must include:

1. 1.Your physical or electronic signature
2. 2.Identification of the material that was removed and its former location
3. 3.A statement under penalty of perjury that you have a good-faith belief that the material was removed as a result of mistake or misidentification
4. 4.Your name, address, and telephone number; and a statement that you consent to the jurisdiction of the federal district court for the judicial district in which your address is located

Upon receipt of a valid counter-notification, Dimora AI will forward it to the original complainant and may restore the removed material after 10-14 business days unless the complainant files a court action.

Repeat Infringer Policy

Dimora AI has adopted a policy of terminating, in appropriate circumstances, the accounts of Customers who are repeat infringers. A Customer is a repeat infringer if Dimora AI receives more than two valid DMCA takedown notices relating to that Customer's account within any rolling 12-month period.