acceptable use policy

1. about this policy

This Acceptable Use Policy ("AUP") sets out the conduct, content, and security rules that apply to your use of the Crumbless service ("Service") operated by Crumblx AI Ltd (trading as "Crumbless"). It is part of our Terms of Service, and breach of this AUP is breach of those Terms.

Crumbless provides an autonomous agent that can spend money, publish content, and shape audiences at scale. With that power comes a duty of care — to your customers, to the platforms you advertise on, to the people whose attention you compete for, and to the wider information ecosystem. This AUP exists to make that duty concrete.

2. compliance with law

You must use the Service only for lawful purposes and in compliance with all applicable laws and regulations, including in the United Kingdom the Consumer Rights Act 2015, the Consumer Protection from Unfair Trading Regulations 2008, the Digital Markets, Competition and Consumers Act 2024, the Online Safety Act 2023, the Computer Misuse Act 1990, and the UK GDPR / Data Protection Act 2018. Where you operate in other jurisdictions, equivalent local laws apply in addition.

3. prohibited content

You may not use the Service to create, store, distribute, advertise, or otherwise process content that:

• is illegal under any law that applies to you or to the people who will receive it;
• sexualises, exploits, or endangers children, including any child sexual abuse material ("CSAM");
• is non-consensual intimate imagery or otherwise violates a person's bodily or sexual integrity;
• incites, glorifies, or facilitates violence, terrorism, self-harm, or suicide;
• promotes hatred, harassment, threats, or discrimination based on race, ethnicity, national origin, religion, disability, age, sex, gender identity, sexual orientation, pregnancy, or other characteristics protected by applicable law;
• is defamatory, libellous, or knowingly false in a way that causes harm;
• infringes any intellectual-property right, including by counterfeit, trademark misuse, or unauthorised use of copyrighted works;
• discloses another person's private or confidential information without authority;
• contains malware, ransomware, viruses, or other malicious code;
• promotes the sale of regulated or restricted goods or services to people who may not lawfully receive them (firearms, controlled substances, gambling, prescription medicines, financial products, alcohol or tobacco to minors, and similar);
• is materially false or misleading about elections, candidates, voting procedures, or public-health emergencies, where intended to deceive;
• is a synthetic representation ("deepfake") of a real person made without that person's consent, or which is used to defraud, harass, or impersonate.

4. prohibited conduct

You may not, and may not permit any third party to:

• impersonate any person, brand, or organisation, or misrepresent your affiliation or authority;
• run advertising or content that misrepresents the nature, characteristics, or origin of a product, service, or person, or that engages in unfair or deceptive practices;
• send bulk unsolicited communications ("spam") or otherwise breach anti-spam laws including the UK PECR, the EU ePrivacy Directive, the US CAN-SPAM Act, and Canada's CASL;
• scrape, harvest, or otherwise collect data from any website or platform in breach of that source's terms or applicable law;
• aggregate, repackage, or redistribute Service output as a competing data product without our written permission;
• generate or attempt to generate content that targets a specific identified individual with deception, harassment, or stalking;
• upload Customer Content without the rights, licences, or consents required to do so;
• use the Service to make automated decisions that produce legal or similarly significant effects on individuals without offering the safeguards required by data-protection law (see clause 6 of our Privacy Policy);
• configure Chip to operate outside the scope of authority you actually hold from your customer or principal.

5. advertising and marketing standards

Where you use the Service to publish or place advertising, you remain responsible for ensuring that the advertising complies with applicable advertising standards. In the United Kingdom that includes the CAP Code and the BCAP Code administered by the Advertising Standards Authority, as well as ICO and CMA guidance on consumer protection and dark patterns. In the European Economic Area, it includes the Unfair Commercial Practices Directive and national implementations. In the United States, it includes FTC Act §5 and FTC guides on endorsements, native advertising, and AI-generated content. In other jurisdictions, equivalent local rules apply.

Specifically, you must clearly disclose paid promotions, ensure pricing and availability claims are accurate at the time of publication, hold appropriate substantiation for performance and superiority claims, and where the advertising features endorsers, ensure material connections are clearly disclosed. Generated Output that contains a synthetic representation of a real person must include the consents and disclosures required by law and platform policy.

6. third-party platform compliance

When the Service connects to third-party platforms (including Google Ads, Google Merchant Center, Stripe, and any other platform we integrate with), you remain responsible for compliance with that platform's own policies, including its advertising policies, product-listing policies, and developer terms. We will not push or perform actions on a third-party platform that we know would breach that platform's policies, and we may refuse to do so. Violations of platform policies may result in suspension of the integration or of your Crumbless account, in addition to consequences imposed by the platform itself.

7. system integrity and security

You may not:

• probe, scan, or test the vulnerability of the Service or any system or network connected to it, except under a written security-research agreement with us;
• attempt to access, interfere with, or disrupt any service, server, network, or account that you are not authorised to access;
• introduce code, files, or instructions intended to disable, harm, or interfere with the Service;
• impose an unreasonable or disproportionate load on the Service, or run automated tools against undocumented endpoints;
• bypass, disable, or otherwise circumvent rate limits, authentication, authorisation, audit logging, autonomy ceilings, scope settings, or the review queue;
• attempt to extract, replicate, or reverse-engineer our models, model weights, system prompts, training data, or proprietary tooling, including through prompt-injection, adversarial inputs, or jailbreaks;
• use the Service to develop a competing product or to benchmark against the Service for the purpose of publication, without our prior written consent.

We welcome responsible disclosure of security vulnerabilities. Email office@crumbless.ai with the subject line "Security disclosure" and we will respond promptly. Do not publicly disclose a vulnerability before we have had a reasonable opportunity to investigate and remediate.

8. ai-specific rules

In addition to the rules above, when you use the AI-powered components of the Service you must:

• review Generated Output before publishing, sending, or acting on it;
• not present Generated Output as having been produced by a specific human author where doing so would be deceptive;
• not use the Service to make credit, employment, housing, education, insurance, public-benefit, healthcare, immigration, or criminal-justice decisions that would qualify as automated decision-making with legal or similarly significant effects under data-protection law;
• not feed prompts that solicit content prohibited under this AUP, or that attempt to bypass safety controls of the underlying models;
• not represent that Generated Output is factually accurate without independent verification, and clearly label AI-generated content where required by law or platform policy.

9. notice and takedown — copyright

We respect intellectual-property rights. If you believe content stored or generated through the Service infringes your copyright, send a notice in writing to office@crumbless.ai including: (a) your contact details and electronic or physical signature; (b) identification of the copyrighted work claimed to be infringed; (c) identification of the allegedly infringing material with sufficient detail for us to locate it; (d) a statement that you have a good-faith belief that the use is not authorised; and (e) a statement that the information in your notice is accurate and, under penalty of perjury (where applicable), that you are authorised to act on behalf of the rightholder.

We may remove or disable access to allegedly infringing material on receipt of a valid notice and we may share the notice with the user who supplied the material. Repeat infringers' accounts will be terminated.

10. reporting abuse

To report content or conduct that breaches this AUP, email office@crumbless.ai with as much detail as you can safely share, including links, account or campaign identifiers, and the nature of the violation. Where the matter involves illegal content (such as suspected CSAM), we will report it to the appropriate authorities. We do our best to protect the identity of good-faith reporters where doing so is consistent with our legal obligations.

11. enforcement

We may, at our discretion, take any action we consider proportionate when we become aware of a breach or suspected breach of this AUP, including: issuing a warning; requiring corrective action; removing or blocking specific content; restricting or suspending features (including agent autonomy); suspending or terminating accounts; reversing or pausing in-flight campaigns; preserving and disclosing records to law enforcement; and pursuing legal remedies. The action we take will depend on the nature, severity, intent, and recurrence of the breach, and on the steps you take to remediate it. Material or wilful breach is grounds for immediate termination without refund.

We may, but are not obliged to, monitor use of the Service for compliance with this AUP. The absence of enforcement in any particular case does not waive our right to enforce in another.

12. changes to this policy

We will keep this AUP under review and update it where law, technology, or our Service evolves. We will post material changes on this page and update the "last updated" date above. Where a change has a meaningful impact on you, we will give reasonable advance notice by email or in-product notification.

13. contact

Abuse reports: office@crumbless.ai. Policy questions and legal notices: office@crumbless.ai. General enquiries: office@crumbless.ai. Post: Crumblx AI Ltd, 4 Bunnsfield, Welwyn Garden City, AL7 2DZ, United Kingdom. Company number: 16961442.