Acceptable Use Policy

1. Scope

This Acceptable Use Policy ("AUP") applies to all use of AYBIZA services, including the Agents capability, Parties capability, Bridges capability, all APIs, MCP tools, webhooks, integrations, white-label deployments, and agency sub-organizations — by all account holders, authorized users, end-users of white-labeled deployments, and any systems or automated processes acting on their behalf. By using AYBIZA services, you agree to comply with this AUP at all times and to ensure that all users and systems under your account also comply.

2. Permitted Use

AYBIZA services are provided exclusively for lawful business purposes. Permitted uses include:

• Deploying AI agents for customer support, sales assistance, appointment scheduling, lead qualification, and other legitimate B2B customer communication
• Managing internal business operations through Parties, including CRM, sales pipelines, support tickets, project management, HR, and finance
• Using Bridges for internal team collaboration, agent interaction, and MCP tool connections
• Building integrations through AYBIZA APIs and MCP tools for legitimate business workflows
• Operating white-label deployments for your own customers, provided those customers also comply with this AUP
• Managing agency sub-organizations, provided all sub-organizations comply with this AUP

All use must comply with applicable laws and regulations, and all required consents must be obtained before initiating any communication or processing any personal data.

3. Prohibited Activities

3.1 Illegal and Harmful Activities

• Using AYBIZA services for any purpose that violates applicable local, state, national, or international law or regulation
• Facilitating or enabling fraud, deception, identity theft, money laundering, terrorist financing, or other financial crimes
• Transmitting, generating, storing, or distributing malware, ransomware, spyware, viruses, trojans, or any malicious code through the platform
• Engaging in activities that violate the privacy rights of individuals, including unauthorized collection, processing, sale, or disclosure of personal data
• Processing data of individuals known to be under the age of 13 (or the applicable age of digital consent in their jurisdiction) without verifiable parental consent as required by COPPA or equivalent law
• Using the platform to facilitate human trafficking, exploitation, child sexual abuse material (CSAM), or any form of abuse
• Using the platform for gambling, illegal drug trade, weapons trafficking, or other activities prohibited by law
• Using the platform to stalk, dox, or compile personal information about individuals for purposes of harassment or intimidation

3.2 Unauthorized and Unsolicited Communications

• Initiating outbound voice calls, SMS messages, or messaging to any contact without legally required prior consent as defined under TCPA, FCC rules, GDPR, and applicable state and international law
• Contacting individuals listed on the National Do Not Call Registry or any applicable state or international DNC list without a valid legal exemption
• Failing to honor opt-out requests from contacts within legally required timeframes
• Using shared, pooled, or third-party consent to satisfy individual consent requirements
• Sending unsolicited commercial messages (spam) via any channel, including voice, SMS, email, chat, WhatsApp, or any messaging platform
• Initiating robocalls or auto-dialed calls in violation of TCPA or applicable state law
• Initiating calls or messages to emergency services numbers (911, 112, 999, or equivalents)
• Transmitting misleading header information or using deceptive subject lines in email communications
• Failing to provide a valid physical address or clear unsubscribe mechanism in commercial email as required by CAN-SPAM

3.3 AI Agent Misuse

• Deploying AI agents that fail to disclose to end-users that they are interacting with an AI when such disclosure is required by law, including FCC Declaratory Ruling FCC-24-17, state AI disclosure laws, and equivalent international requirements
• Configuring AI agents to affirmatively deny being AI or to claim to be human when asked
• Cloning, synthesizing, or imitating the voice of any identifiable real person without their prior written consent
• Configuring agents to impersonate emergency responders, law enforcement, government officials, or regulated professionals (doctors, lawyers, financial advisors, therapists) in a manner that is misleading or could cause reasonable confusion
• Using agents to harass, threaten, abuse, intimidate, bully, or deceive individuals
• Attempting to disable, bypass, or circumvent AYBIZA's built-in compliance controls, including AI disclosure injections, opt-out detection, and content filtering
• Using agents to generate or distribute content that is defamatory, obscene, constitutes illegal discrimination, or incites violence
• Using agents to generate deepfakes, synthetic media for deception, or non-consensual intimate imagery
• Deploying agents for deceptive practices including fake reviews, astroturfing, social engineering attacks, or phishing
• Using agents to provide medical diagnoses, legal advice, financial advice, or other professional services without appropriate licensure and disclosure

3.4 Platform and Infrastructure Abuse

• Attempting to gain unauthorized access to AYBIZA systems, infrastructure, other customer accounts, or data belonging to other customers or AYBIZA
• Probing, scanning, or testing the vulnerability of AYBIZA systems without prior written authorization from AYBIZA's security team
• Exceeding documented API rate limits or intentionally causing degraded service, denial of service, or resource exhaustion for other customers
• Circumventing, manipulating, or interfering with usage metering, credit consumption tracking, or billing systems
• Attempting to extract, reverse-engineer, decompile, disassemble, or replicate AYBIZA's proprietary software, AI models, algorithms, or platform architecture
• Scraping, crawling, or using automated means to extract data from AYBIZA's platform, website, or APIs beyond what is expressly permitted
• Reselling, sublicensing, or providing access to AYBIZA services to third parties without written authorization from AYBIZA (this does not apply to authorized white-label deployments or agency sub-organizations)
• Creating multiple accounts to circumvent usage limits, free tier restrictions, or enforcement actions
• Using the platform to benchmark or create competitive analysis of AYBIZA's services for the purpose of building competing products
• Interfering with or disrupting the integrity or performance of the Services or any component thereof

3.5 Data Misuse

• Selling, renting, or commercially distributing personal data of individuals processed through AYBIZA
• Using customer interaction data processed through AYBIZA to build competing products or services
• Combining data processed through AYBIZA with data from other sources to create unauthorized profiles, dossiers, or surveillance databases of individuals
• Retaining or using AYBIZA-processed data beyond the purposes stated in your agreement with AYBIZA, your privacy policy, and your data subjects' consent
• Processing special categories of personal data (health, biometric, genetic, financial, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, trade union membership) through AYBIZA without the appropriate legal basis and, where required, explicit consent from data subjects
• Transferring personal data internationally without complying with applicable data transfer requirements (including GDPR Chapter V, UK GDPR, and equivalent frameworks)
• Failing to implement appropriate data retention and deletion policies for data processed through the platform

3.6 Harmful Content

• Generating, storing, transmitting, or distributing hate speech targeting individuals or groups based on race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, or any other protected characteristic
• Harassment, cyberbullying, or targeted abuse of individuals through any platform channel
• Content that promotes self-harm, suicide, eating disorders, or dangerous activities
• Content that exploits or endangers minors in any way
• Disinformation campaigns or coordinated inauthentic behavior designed to mislead the public
• Content that promotes terrorism, extremism, or radicalization

4. Outbound Communications Requirements

All outbound voice, SMS, email, and messaging campaigns conducted through AYBIZA must comply with the Outbound Communications section of our Terms of Service (Section 13). Key requirements include:

• Consent: Prior express written consent is required for all AI-generated voice calls to consumer wireless numbers for marketing purposes. Informational calls require prior express consent. Transactional messages have different consent requirements by channel.
• GDPR consent: For contacts in the EU/EEA/UK, consent must meet GDPR Article 7 standards — freely given, specific, informed, and unambiguous, with the ability to withdraw consent at any time.
• DNC scrubbing: Contact lists must be scrubbed against applicable DNC registries at minimum every 31 days before initiating outbound campaigns.
• AI disclosure: Every AI-generated voice call must include a clear and conspicuous disclosure at the commencement of the call identifying the caller and stating the call uses AI-generated voice.
• Caller ID: Accurate caller identification must be transmitted on all outbound calls. Caller ID spoofing or manipulation is strictly prohibited.
• Opt-out: Clear and functional opt-out mechanisms must be present in every outbound interaction. Opt-out requests must be honored within the legally required timeframe (immediately for calls, within 10 business days for other channels, or sooner as required by applicable law).
• Record retention: Consent records and opt-out logs must be maintained for a minimum of five years or such longer period as required by applicable law.
• Calling hours: All outbound calls must comply with applicable calling hour restrictions, including the TCPA restriction on calls before 8:00 AM or after 9:00 PM in the called party's local time.

5. AI Disclosure Requirements

AYBIZA AI agents must disclose their AI nature when legally required. Specifically:

• All outbound voice calls using AI-generated voice must include a disclosure as required by FCC Declaratory Ruling FCC-24-17.
• AI agents must not affirmatively deny being AI or claim to be human.
• In jurisdictions with AI disclosure laws (including California Bot Disclosure Law SB 1001, and emerging state and international requirements), agents must disclose their AI nature when interacting with consumers.
• In healthcare contexts, AI agents must clearly disclose they are not medical professionals and that their output does not constitute medical advice.
• In financial contexts, AI agents must clearly disclose they are not financial advisors and that their output does not constitute financial advice.

You are responsible for configuring appropriate disclosures in your agent settings. AYBIZA provides disclosure tools and templates, but proper configuration and legal compliance is your responsibility.

6. Industry-Specific Requirements

6.1 Healthcare

• A Business Associate Agreement (BAA) must be executed with AYBIZA before any Protected Health Information (PHI) is processed. BAAs are available only on Enterprise tier qualifying configurations.
• Healthcare use cases must be declared during KYB verification.
• PHI must only be processed through AYBIZA features and configurations covered under the executed BAA.
• You remain responsible for your own HIPAA compliance, including conducting risk assessments, implementing minimum necessary standards, and maintaining required policies and procedures.
• AI agents handling PHI must include appropriate disclaimers and must not provide medical diagnoses or treatment recommendations unless operated under the supervision of a licensed healthcare professional.

6.2 Financial Services

• Use cases involving nonpublic personal financial information must comply with the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule.
• Applicable license numbers (NMLS, state insurance, broker-dealer, RIA) must be provided during KYB.
• AI agents must not provide personalized financial advice, investment recommendations, or insurance quotes unless operated under the supervision of an appropriately licensed professional.
• Fair lending laws (ECOA, Fair Housing Act) must be observed — AI agents must not discriminate in credit, insurance, or housing decisions.

6.3 Debt Collection

• Use by third-party debt collectors requires documented FDCPA compliance programs submitted during KYB.
• Debt collection accounts are subject to enhanced review and are not self-activated.
• AI agents used for debt collection must comply with all FDCPA requirements, including mini-Miranda disclosures, validation notices, and calling hour restrictions.
• Regulation F requirements regarding communication frequency limits must be observed.
• State debt collection licensing requirements must be met in all jurisdictions of operation.

6.4 Political Communications

• Use for political campaign calls, voter outreach, or political advocacy is subject to additional FCC requirements and requires advance written notification to AYBIZA.
• Political use cases are not self-activated and require AYBIZA approval.
• All applicable campaign disclosure, reporting, and do-not-call requirements must be observed.
• AI-generated political advertisements must comply with applicable disclosure requirements, including the FCC's AI-generated content rules for political ads.

6.5 Legal Services

• AI agents must not provide legal advice unless operated under the supervision of a licensed attorney.
• Appropriate disclaimers must be included that AI output does not constitute legal advice and does not create an attorney-client relationship.

7. BYOK Responsibility

If you use the Bring Your Own Keys (BYOK) feature to connect your own API keys for third-party providers (LLM, STT, TTS, S2S):

• You are solely responsible for compliance with your chosen provider's terms of service, usage policies, and acceptable use policies.
• You are responsible for ensuring that your use of third-party providers through AYBIZA does not violate the provider's terms, including restrictions on specific use cases, content types, or industries.
• You are responsible for the security of your API keys. If you suspect a key has been compromised, you must immediately rotate the key and notify AYBIZA.
• AYBIZA is not responsible for content generated by third-party models accessed through your BYOK keys, including accuracy, bias, harmful content, or compliance with any standard.
• If a third-party provider terminates your access or takes action against your API keys, AYBIZA is not responsible and Service availability may be impacted.

8. White-Label Responsibility

If you operate a white-labeled deployment of AYBIZA:

• You are solely responsible for ensuring that your end-users comply with this AUP and all applicable laws.
• You must maintain your own terms of service, privacy policy, and acceptable use policy for your end-users that are no less restrictive than AYBIZA's.
• You must clearly identify yourself (not AYBIZA) as the service provider to your end-users unless otherwise agreed in writing.
• You are responsible for handling end-user data subject requests (access, deletion, correction) under applicable privacy laws.
• Violations by your end-users will be attributed to your account and may result in enforcement actions against your entire white-label deployment.
• You must promptly investigate and address any AUP violations by your end-users that come to your attention.

9. Agency Responsibility

If you operate as a parent organization with agency sub-organizations:

• You (the parent organization) are jointly and severally responsible for all sub-organization compliance with this AUP, the Terms of Service, and all applicable laws.
• You must ensure that all sub-organizations complete appropriate onboarding and are aware of their compliance obligations.
• Pooled credit usage across sub-organizations must comply with all applicable terms and policies.
• Violations by any sub-organization may result in enforcement actions against the parent organization and all sub-organizations.
• You must promptly investigate and remediate any sub-organization AUP violations.

10. Monitoring and Enforcement

AYBIZA reserves the right, but has no obligation, to monitor use of the Services for AUP compliance. AYBIZA may use automated systems, manual review, or a combination thereof to detect violations. AYBIZA's decision not to enforce the AUP in any particular instance does not constitute a waiver of its right to enforce it in the future.

11. Reporting Violations

To report suspected AUP violations by another AYBIZA customer, to report platform abuse, or to report security concerns, contact [email protected]. AYBIZA investigates all credible reports and takes appropriate action. Reports may be submitted anonymously. AYBIZA will not retaliate against good-faith reporters.

12. Consequences of Violation

AYBIZA reserves the right to take any of the following actions in response to AUP violations, at its sole discretion:

• Warning: Written notice of the violation with a specified timeframe to cure (typically available for first-time, non-severe violations).
• Feature restriction: Suspension of specific features (such as outbound communications) while the account remains otherwise active.
• Account suspension: Temporary suspension of full account access pending investigation or remediation.
• Account termination: Permanent termination of the account without refund.
• Regulatory reporting: Reporting violations to relevant regulatory authorities, including the FCC, FTC, state attorneys general, data protection authorities, and law enforcement.
• Legal action: Pursuing legal action and seeking indemnification for regulatory penalties, damages, and costs incurred by AYBIZA as a result of your violation.

Immediate action without warning may be taken for severe violations, including but not limited to: illegal activity, unauthorized access to systems or data, processing of CSAM, significant telecommunications law violations, conduct posing imminent harm to individuals, or violations that expose AYBIZA to significant legal, regulatory, or reputational risk.

AYBIZA shall not be liable for any damages, losses, or costs arising from enforcement actions taken in good faith under this AUP, including account suspension or termination. You waive any claims against AYBIZA arising from such enforcement actions.

13. Changes to This Policy

AYBIZA may update this AUP from time to time. Material changes will be communicated via email to your registered address at least 30 days before taking effect. Non-material changes (such as clarifications or additions to prohibited activity examples) may be made without advance notice. The current version is always available at aybiza.com/aup. Continued use of the Services after changes take effect constitutes acceptance of the updated AUP.

14. Contact

Report violations: [email protected]
Policy inquiries: [email protected]
AYBIZA LLC, a Wyoming limited liability company
32222 Tamina Rd Ste A5-11, The Woodlands, TX 77354