Acceptable Use Policy — Agent Armory

Version: 2026-05-19 (draft 1) Status: Draft for review by Dutch counsel before publication.

This Acceptable Use Policy ("AUP") is part of the Agent Armory Terms of Service. Capitalised terms have the meaning set out there. Breach of this AUP is a material breach of the Terms.

1. Prohibited content

You may not use the Service to create, upload, store, transmit, or make available any content that:

1. is illegal under EU law or Dutch law, including child sexual abuse material, content glorifying or facilitating terrorism (Regulation (EU) 2021/784), or content that infringes a third party's intellectual property;
2. is defamatory, harassing, or threatening to an identifiable person;
3. constitutes personal data of another person uploaded without a lawful basis under the GDPR — in particular, do not paste customer data, employee data, or other people's contact details into User Skills;
4. contains secrets — API keys, OAuth tokens, passwords, private keys, signed certificates — whether yours or anyone else's. Our secret-redactor is best-effort and is not a control you may rely on;
5. contains malware, ransomware, cryptominers, or any code designed to damage, disable, exfiltrate from, or gain unauthorised access to any system;
6. contains prompt-injection payloads intended to manipulate other users' AI agents (for example, instructions hidden in a Skill that try to exfiltrate the calling agent's other tools or memory).

2. Prohibited use of the Service

You may not:

1. circumvent rate limits, quota enforcement, billing, or access controls, including by rotating API keys, sharing accounts beyond authorised seats, or scraping the catalogue via parallel anonymous sessions;
2. scrape the catalogue in bulk outside the supported API. The catalogue is a database protected by the sui generis right under Directive 96/9/EC; substantial extraction is prohibited;
3. train, fine-tune, distill, or otherwise use the Service's API responses, ranking data, embeddings, telemetry, or aggregated metadata to develop a competing AI catalogue, model, or service. This restriction is a service-level restriction on the API and does not affect the rights you receive directly under the open-source licence of any individual Catalogue Skill;
4. interfere with other users, including denial-of-service, credential stuffing, or sending forged authentication headers;
5. probe, scan, or test the Service's security without written authorisation. To report a vulnerability, see Section 6;
6. reverse engineer, decompile, or disassemble the proprietary parts of the Service except to the extent expressly permitted by Article 6 of the Software Directive (2009/24/EC);
7. resell, sublicence, or white-label the Service without our written agreement.

3. High-risk and prohibited AI uses

You may not deploy Skills retrieved from the Service for any practice prohibited under Article 5 of Regulation (EU) 2024/1689 (AI Act), including:

• subliminal techniques that materially distort behaviour;
• exploitation of vulnerabilities of a person or group based on age, disability, or social or economic situation;
• social scoring by public authorities;
• predictive policing based solely on profiling;
• untargeted scraping of facial images from the internet or CCTV;
• emotion inference in the workplace or in education (except for medical or safety reasons);
• biometric categorisation to infer race, political opinions, trade- union membership, religious or philosophical beliefs, sex life, or sexual orientation;
• real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes (subject to AI Act exceptions).

You may not deploy Skills, without our prior written agreement and an independent risk assessment, for:

• medical diagnosis, treatment, triage, or any other clinical decision-making;
• operation of safety-critical infrastructure (power grids, water, aviation, rail, autonomous vehicles);
• weapons design, targeting, or autonomous engagement;
• election influence operations;
• decisions producing legal effects on a person under Article 22 GDPR (credit, hiring, benefits, insurance underwriting, criminal justice).

4. Professional-advice disclaimer

Skills are not legal, medical, financial, tax, or other professional advice. You may not present Output to end users as professional advice without your own qualified review.

5. Age

You must be at least 16 years old to use the Service.

6. Vulnerability disclosure

If you discover a vulnerability, please email [email protected] with a description and reproduction steps. We commit to:

• acknowledge within 3 business days;
• not pursue legal action against good-faith researchers who follow this process;
• coordinate disclosure within 90 days of the report or as soon as a fix is deployed, whichever is earlier.

Do not access data that is not yours, do not pivot, and do not run denial-of-service tests.

7. Enforcement

We enforce this AUP at our discretion. Possible actions include:

• removing or restricting specific content;
• demoting or unpublishing a public User Skill;
• suspending API keys;
• suspending or terminating the account;
• reporting to law enforcement.

For each enforcement action against a User Skill or account we issue a statement of reasons as required by Article 17 DSA, and we operate the internal complaint-handling route described in Section 11.3 of the Terms (appeals accepted for six months from the decision, reviewed without re-running the original automated route, substantive reply within 14 calendar days).

Anyone — Customer or not — can submit a notice about content that they consider to violate this AUP using the form at agentarmory.ai/report or by emailing [email protected]. See Section 11.1 of the Terms for what a notice must contain and how it is processed.

8. Changes

We may update this AUP. Material changes are notified by email with at least 30 days' notice, except where shorter notice is necessary to address a clear and imminent risk to users or third parties.

This document is a draft. Consult Dutch counsel before publication.