Skip to content

Legal

Acceptable Use Policy

Effective date: March 22, 2026 · Last updated: March 26, 2026

1. Overview

This Acceptable Use Policy ("AUP") governs your use of the Intended platform, APIs, SDKs, CLI tools, and related services (collectively, the "Services"). This AUP supplements the Intended Terms of Service. By using the Services, you agree to comply with this AUP. Violation of this AUP may result in throttling, suspension, or termination of your access to the Services.

2. Prohibited uses

You may not use the Services to:

  • Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of any part of the Services, except as expressly permitted by applicable law
  • Gain or attempt to gain unauthorized access to the Services, other customers' accounts, data, authority decisions, or infrastructure
  • Conduct denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against the Services or any related infrastructure
  • Scrape, crawl, or use automated means to extract data from the Services beyond what is provided through the documented APIs
  • Circumvent, disable, or interfere with authority decisions issued by the Authority Engine, including attempting to use denied or expired authority tokens
  • Forge, modify, replay, or otherwise tamper with authority tokens, including altering claims, signatures, nonces, or expiry timestamps
  • Tamper with, modify, delete, or corrupt audit trail records, hash chains, or evidence bundles
  • Use the Services to process data that you do not have the legal right to process
  • Use the Services to authorize actions that violate applicable laws, regulations, or third-party rights
  • Apply or deploy generated runtime policy artifacts to third-party systems without the review and change control appropriate for the target environment
  • Share, resell, sublicense, or redistribute access to the Services without written authorization from Intended
  • Attempt to access other tenants' data, signing keys, policies, or authority decisions
  • Introduce malicious code, viruses, worms, or other harmful software through the Services or APIs
  • Use the Services in any manner that could damage, disable, overburden, or impair the Services

3. AI agent rules

AI agents connected to the Intended platform must comply with the following rules. As the customer, you are responsible for ensuring your AI agents' compliance:

  • Agents must not attempt to bypass, circumvent, or manipulate authority decisions. If an intent is denied, the agent must respect the denial and not resubmit equivalent intents designed to evade the policy
  • Agents must not submit fraudulent, misleading, or intentionally malformed intents designed to exploit the risk scoring engine, policy evaluation logic, or intent classification system
  • Agents must not attempt privilege escalation by submitting intents with inflated permissions, spoofed identifiers, or manipulated context parameters
  • Agents must not attempt to exfiltrate data from the Authority Engine, including other tenants' policies, decisions, or configuration data
  • Agents must respect rate limits and must not engage in automated retry patterns that constitute abuse
  • Agents must not attempt to use authority tokens issued to other agents, tenants, or for different actions than those specified in the token claims
  • Agents must include accurate and complete metadata in intent submissions, including correct action types, target systems, and environment identifiers
  • Agents and operators must not represent customer-operated third-party runtimes or preview integrations as Intended-managed services where Intended does not actually operate the runtime

4. Rate limiting and abuse

Intended enforces rate limits to protect the availability and performance of the Services for all customers. The following policies apply:

  • API rate limits are set per plan tier and are documented in the API reference. Exceeding rate limits will result in HTTP 429 responses
  • Automated patterns consistent with abuse — including rapid-fire intent submissions, credential stuffing, or systematic probing of the API — may result in immediate temporary throttling
  • Persistent abuse patterns may result in permanent rate limit reduction or suspension of API access
  • Intended reserves the right to implement adaptive rate limiting based on usage patterns to protect platform integrity
  • If you believe your legitimate use case requires higher rate limits, contact your account team or support@intended.so to discuss plan adjustments

5. Reporting violations

If you become aware of a violation of this AUP, or if you believe another user is engaging in prohibited conduct, please report it promptly:

  • Email: abuse@intended.so
  • Include: a description of the violation, any relevant evidence (logs, timestamps, identifiers), and your contact information
  • Intended will investigate all credible reports and take appropriate action
  • Reports are treated confidentially. Intended will not disclose reporter identity to the accused party except as required by law

6. Consequences of violation

Intended enforces this AUP through a graduated response process. The severity and persistence of the violation will determine the response:

  • Warning: For first-time or minor violations, Intended will issue a written warning via email describing the violation and required corrective action
  • Throttling: For repeated violations or abuse patterns, Intended may reduce API rate limits or restrict access to specific features
  • Suspension: For serious violations or failure to remediate after warning, Intended may suspend access to the Services. During suspension, data export remains available
  • Termination: For severe violations (forging tokens, tampering with audit trails, unauthorized access attempts), Intended may terminate the account immediately. Data export will be available for 30 days following termination
  • Intended reserves the right to skip steps in the graduated response process for severe violations that pose an immediate threat to platform security or other customers

7. Customer responsibility for AI agents

You are solely responsible for the behavior of AI agents you connect to the Intended platform. Intended provides the Authority Runtime as a policy enforcement and audit layer, but does not control or monitor the internal behavior of your AI agents. You acknowledge and agree that:

  • Intended shall have no liability for actions taken by your AI agents, whether or not those actions were authorized by the Authority Engine
  • You are responsible for configuring appropriate policies, risk thresholds, and escalation workflows to govern your AI agents
  • You are responsible for monitoring your AI agents' behavior and promptly addressing any violations of this AUP
  • You are responsible for securing and operating any third-party runtime, gateway, or target system that you configure with Intended-generated artifacts or credentials
  • If your AI agent's behavior violates this AUP, Intended may take enforcement action against your account, including throttling, suspension, or termination
  • You will indemnify Intended against claims arising from your AI agents' behavior, as specified in the Terms of Service

8. Changes to this policy

We may update this AUP to address new threats, technologies, or regulatory requirements. Material changes will be communicated with at least 30 days advance notice through the Services or by email. Continued use of the Services after the effective date constitutes acceptance of the updated AUP.

9. Contact

For questions about this Acceptable Use Policy, contact legal@intended.so. To report abuse or violations, contact abuse@intended.so.