← Garmo Labs

Acceptable Use Policy

Effective Date: March 1, 2026 · Last Updated: March 25, 2026

This Acceptable Use Policy ("AUP" or "Policy") governs your use of all products and services provided by Garmo Labs, LLC, a California limited liability company ("Garmo Labs," "we," "us," or "our"), including AXIOM, CHRONICLE, SUBSTRATE, our websites, APIs, and related services (collectively, the "Services").

This AUP is incorporated into and forms part of the Terms of Service. By accessing or using the Services, you agree to comply with this Policy. Violation of this Policy may result in suspension or termination of your account and, where appropriate, referral to law enforcement.

---

1. Purpose and Scope

The purpose of this Policy is to protect Garmo Labs, our customers, our infrastructure, and the broader public from harmful, illegal, or abusive uses of the Services. AI infrastructure products carry unique risks, and this Policy reflects our commitment to responsible AI deployment.

This Policy applies to all users of the Services, including individuals, organizations, and automated systems (agents) accessing the Services through APIs. It applies to all data submitted to, generated by, or transmitted through the Services.

This Policy is not exhaustive. Garmo Labs reserves the right to determine, in its reasonable discretion, whether a particular use violates the spirit of this Policy, even if not explicitly listed below. When in doubt about whether a use case is permitted, contact support@garmolabs.com before proceeding.

---

2. Universal Restrictions

The following activities are strictly prohibited when using any Garmo Labs Service:

2.1 Illegal Activity

• Using the Services for any activity that violates federal, state, local, or international law or regulation;
• Facilitating, promoting, or supporting criminal activity of any kind;
• Money laundering, terrorist financing, or sanctions evasion;
• Tax evasion or fraudulent financial activity;
• Drug trafficking or facilitating the sale of controlled substances.

2.2 Harmful Content

• Submitting, storing, or transmitting content that promotes violence, self-harm, or terrorism;
• Content that exploits, harms, or endangers children in any way, including child sexual abuse material (CSAM) — such content will be reported to the National Center for Missing & Exploited Children (NCMEC) and appropriate law enforcement;
• Content that constitutes or promotes hate speech, discrimination, or harassment based on race, ethnicity, religion, gender, sexual orientation, disability, or any other protected characteristic;
• Non-consensual intimate imagery or content that violates an individual's dignity;
• Content designed to harass, bully, intimidate, or threaten any individual.

2.3 Fraud and Deception

• Impersonating any person, organization, or entity;
• Creating fraudulent accounts or using stolen identities;
• Phishing, social engineering, or other schemes to obtain sensitive information;
• Misrepresenting the nature, source, or purpose of content submitted to the Services;
• Using the Services to generate or distribute misleading or deceptive content.

2.4 Malware and System Abuse

• Introducing viruses, worms, Trojan horses, ransomware, spyware, or any other malicious code;
• Conducting denial-of-service (DoS or DDoS) attacks against the Services or any other system;
• Attempting to gain unauthorized access to Garmo Labs' systems, networks, or other customers' accounts;
• Probing, scanning, or testing the vulnerability of the Services or any related system without authorization;
• Interfering with the proper functioning of the Services for other customers.

2.5 Privacy Violations

• Collecting, processing, or storing personal information in violation of applicable privacy laws, including CCPA, CPRA, GDPR, and other data protection regulations;
• Submitting personal information of individuals without a lawful basis for doing so;
• Doxxing — publishing or threatening to publish private identifying information about individuals;
• Using the Services to conduct unauthorized surveillance of individuals.

2.6 Intellectual Property Infringement

• Submitting, storing, or transmitting content that infringes any third party's copyright, trademark, patent, trade secret, or other intellectual property right;
• Using the Services to circumvent technological protection measures or digital rights management;
• Reproducing or distributing copyrighted material without authorization.

---

3. AI-Specific Restrictions

Given that Garmo Labs provides AI infrastructure products, the following AI-specific restrictions apply:

3.1 Weapons and Dangerous Materials

• Using the Services in connection with the development, production, stockpiling, or deployment of chemical, biological, radiological, or nuclear (CBRN) weapons or materials;
• Using the Services to design, develop, or deploy autonomous weapons systems;
• Using the Services to facilitate the procurement or production of explosives, firearms, or other dangerous weapons in violation of applicable law.

3.2 Disinformation and Manipulation

• Using the Services to create, generate, or distribute disinformation, including false news, fabricated research, or misleading propaganda;
• Creating or distributing deepfakes, synthetic media, or AI-generated content that impersonates real individuals without their consent;
• Using the Services to manipulate public opinion, interfere with elections, or undermine democratic processes;
• Operating inauthentic accounts, bot networks, or coordinated influence campaigns;
• Generating fake reviews, testimonials, or endorsements.

3.3 High-Stakes Automated Decisions

• Using the Services to make fully automated decisions (without meaningful human review) that materially affect individuals' legal rights, including but not limited to:
  • Employment decisions (hiring, firing, promotion, compensation);
  • Credit, lending, or insurance underwriting decisions;
  • Housing or rental application decisions;
  • Criminal justice or law enforcement decisions;
  • Immigration or asylum determinations;
  • Educational admissions or grading decisions;
  • Healthcare treatment or coverage decisions.
• Note: Using the Services to assist human decision-makers in these domains is permitted, provided there is meaningful human oversight and the final decision is made by a qualified human being.

3.4 Safety Control Circumvention

• Using the Services to circumvent, disable, or undermine safety controls, content filters, or alignment mechanisms in AI systems;
• Using AXIOM's compliance verification to identify weaknesses in safety controls for the purpose of exploiting them;
• Using the Services to develop jailbreaks, prompt injections, or other techniques designed to bypass AI safety measures.

3.5 Election Interference

• Using the Services to generate misleading information about voting procedures, polling locations, or election dates;
• Using the Services to impersonate election officials, candidates, or political organizations;
• Using the Services to suppress voter turnout or discourage legitimate political participation;
• Using the Services to generate targeted political content designed to manipulate individual voters based on psychological profiling.

---

4. API-Specific Restrictions

The following restrictions apply specifically to use of Garmo Labs' APIs:

4.1 Reverse Engineering

• Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code, algorithms, models, or internal processes of the Services;
• Using API inputs and outputs to reconstruct, approximate, or clone the functionality of the Services;
• Systematically probing the APIs to map internal behaviors, thresholds, or decision boundaries.

4.2 Competitive Intelligence

• Using the Services for the purpose of developing, training, improving, or benchmarking a competing product or service;
• Extracting data, patterns, methodologies, or insights from the Services to inform the design of competing offerings;
• Conducting systematic comparative analyses of the Services against competing products for the purpose of publication without Garmo Labs' prior written consent.

4.3 Benchmark Publication

• Publishing performance benchmarks, accuracy assessments, speed tests, or other evaluations of the Services without prior written consent from Garmo Labs;
• Publicly comparing the Services' outputs, accuracy, or performance with those of competing products without our authorization;
• Misrepresenting benchmark results or selectively publishing results in a misleading manner.

4.4 Rate Limit Circumvention

• Circumventing, bypassing, or attempting to evade rate limits or usage quotas through any means, including but not limited to:
  • Creating multiple accounts to multiply quotas;
  • Distributing requests across multiple API Keys to avoid per-key limits;
  • Using proxy servers, VPNs, or IP rotation to evade IP-based rate limiting;
  • Exploiting API implementation details, caching behaviors, or timing patterns;
• If you need higher rate limits, contact us about upgrading your Plan.

4.5 API Key Misuse

• Sharing, selling, leasing, or otherwise distributing your API Keys to third parties;
• Embedding API Keys in client-side code, mobile applications, or publicly accessible repositories;
• Using another customer's API Keys without authorization;
• Generating excessive API Keys for the purpose of circumventing usage limits.

4.6 Scraping and Automated Extraction

• Scraping, crawling, or using automated means to extract data from the Services beyond authorized API usage;
• Using the Services' web interfaces with automated tools (bots, scripts, browser automation) except through the provided APIs;
• Systematically downloading, caching, or archiving large volumes of data from the Services for offline use, except as explicitly permitted by your Plan.

---

5. Data Restrictions

5.1 Personal Information

• Do not include personally identifiable information (PII) in Agent States submitted to AXIOM, Episodes stored in CHRONICLE, or Entity configurations submitted to SUBSTRATE unless you have a lawful basis for processing such information (e.g., explicit consent, contractual necessity, or legal obligation);
• If your use case requires processing PII through the Services, you are solely responsible for ensuring compliance with all applicable privacy laws, including CCPA, CPRA, GDPR, and any sector-specific regulations (e.g., HIPAA for health data);
• You must implement appropriate technical and organizational measures to protect PII before, during, and after processing through the Services.

5.2 Illegal Content

• Do not submit, store, or transmit illegal content through the Services, including but not limited to child sexual abuse material, non-consensual intimate imagery, content that violates court orders, or material whose possession is prohibited by law;
• Do not use the Services to facilitate the distribution of pirated software, copyrighted content, or stolen data.

5.3 Surveillance Tools

• Do not use the Services to build, operate, or support surveillance tools, including facial recognition systems used for mass surveillance, social credit scoring systems, or tools designed to monitor individuals without their knowledge or consent;
• Do not use CHRONICLE's memory capabilities to create persistent behavioral profiles of individuals without their knowledge and informed consent;
• Do not use the Services to track, monitor, or catalog the activities, movements, or communications of individuals in a manner that violates their reasonable expectation of privacy.

---

6. Compliance Verification Restrictions (AXIOM)

The following restrictions apply specifically to the use of AXIOM:

6.1 Truthful Submissions

• You must submit accurate, truthful, and complete Agent State data for compliance verification. Submitting false, fabricated, or materially misleading data to obtain favorable Compliance Reports is prohibited;
• You must not manipulate Agent State data to pass compliance checks while deploying a different configuration in production;
• You must not selectively submit portions of your AI system's configuration to obtain misleadingly favorable results.

6.2 Report Integrity

• You must not alter, modify, or tamper with Compliance Reports after generation. Compliance Reports include cryptographic integrity signatures specifically to enable tamper detection;
• You must not present modified or fabricated Compliance Reports as genuine AXIOM outputs;
• You must not remove or obscure the cryptographic signature from Compliance Reports when sharing them with third parties.

6.3 Regulatory Submissions

• If you submit AXIOM Compliance Reports or certificates to regulatory authorities, auditors, or other oversight bodies, you must clearly disclose that these are automated verification outputs generated by Garmo Labs' AXIOM platform, not manual audits or legal opinions;
• You must not represent AXIOM Compliance Reports as government-issued certifications, legal approvals, or regulatory clearances;
• You must not use Compliance Reports as a substitute for legal advice from qualified professionals;
• You are solely responsible for ensuring that your AI systems actually comply with applicable regulations — AXIOM is a tool to assist your compliance efforts, not a guarantee of compliance.

6.4 Safety Testing Integrity

• You must not use AXIOM's safety testing capabilities (bias detection, toxicity screening, drift monitoring, hallucination detection, privacy analysis) to identify vulnerabilities in AI systems for the purpose of exploiting them;
• You must not use safety testing results to develop adversarial attacks against AI systems;
• Safety testing is intended to help you improve the safety of your AI systems, not to circumvent safety controls.

---

7. Memory System Restrictions (CHRONICLE)

The following restrictions apply specifically to the use of CHRONICLE:

7.1 Content Restrictions

• Do not store illegal content in Episodes, including content that constitutes, promotes, or facilitates criminal activity;
• Do not store content that constitutes hate speech, harassment, or threats of violence;
• Do not store child sexual abuse material (CSAM) or any content that exploits minors — such content will be detected, reported to NCMEC and law enforcement, and your account will be immediately terminated;
• Do not store content that violates third parties' intellectual property rights;
• Do not store content designed to facilitate fraud, phishing, or social engineering.

7.2 Profiling and Tracking

• Do not use CHRONICLE's memory capabilities to build persistent behavioral profiles of individuals without their knowledge and explicit consent;
• Do not use CHRONICLE to track individuals' activities, communications, locations, or associations for surveillance purposes;
• If you use CHRONICLE to store information related to identifiable individuals, you must have a lawful basis for doing so and must provide those individuals with notice and, where required, the ability to access, correct, and delete their data;
• Do not use semantic search capabilities to identify or correlate information about individuals across different contexts in ways that violate their privacy.

7.3 Data Isolation

• Do not attempt to access, query, or retrieve Episodes belonging to other users or customers;
• Do not attempt to circumvent CHRONICLE's per-user data isolation mechanisms;
• Do not use shared or predictable user_id values to gain access to another user's episodes.

7.4 Volume and Abuse

• Do not use CHRONICLE as a general-purpose database, file storage system, or data warehouse — it is designed specifically for episodic memory;
• Do not store excessively large episodes designed to consume disproportionate storage or processing resources;
• Do not submit high-frequency store operations designed to exhaust quotas or degrade service for other customers.

---

8. Cognitive Entity Restrictions (SUBSTRATE)

The following restrictions apply specifically to the use of SUBSTRATE:

8.1 Entity Integrity

• Do not attempt to extract, copy, or reverse engineer individual Cognitive Layers or their underlying implementations;
• Do not attempt to reverse engineer entity models, layer architectures, or the framework's internal cognitive processes;
• Do not attempt to reconstruct or replicate SUBSTRATE's cognitive architecture from entity outputs or API responses;
• Do not exceed your tier's entity or layer limits by circumventing License Key validation.

8.2 Entity Content

• Do not configure cognitive entities to generate, promote, or facilitate illegal, harmful, or deceptive content;
• Do not create entities designed to impersonate real individuals without their consent;
• Do not use SUBSTRATE to build autonomous systems that operate without appropriate human oversight in high-stakes domains.

8.3 License Key Security

• Do not share, sell, or distribute your SUBSTRATE License Keys to third parties;
• Do not attempt to forge, modify, or tamper with License Keys;
• Do not circumvent License Key validation or tier enforcement mechanisms.

---

9. Enforcement

Garmo Labs takes violations of this Policy seriously. Our enforcement actions are proportional to the severity and nature of the violation:

9.1 Warning

For minor or first-time violations, we may issue a written warning via email, identifying the specific policy violation and requiring corrective action within a specified timeframe. The warning will describe the violation, the required remediation, and the consequences of continued non-compliance.

9.2 Suspension

For serious or repeated violations, we may suspend your access to the Services, in whole or in part, for a defined period. During suspension:

• Your API Keys will be temporarily disabled;
• You will not be able to access the Services through any means;
• Your Customer Data will be preserved but not accessible;
• Billing may be paused or continued, depending on the nature of the violation.

We will provide written notice of the suspension, the reason for it, and the steps required to restore access.

9.3 Termination

For severe violations, repeated violations after warning, or violations involving illegal activity, we may terminate your Account immediately and permanently. Upon termination:

• Your access to the Services will cease immediately;
• Your Customer Data will be retained for thirty (30) days to allow export (except for illegal content, which will be deleted immediately);
• After thirty (30) days, remaining Customer Data will be permanently deleted;
• You will not be entitled to any refund of pre-paid Fees.

9.4 Law Enforcement Referral

For violations involving illegal activity, we may refer the matter to appropriate law enforcement authorities. This includes, but is not limited to:

• Child sexual abuse material (mandatory reporting to NCMEC);
• Terrorism-related activity;
• Fraud or financial crimes;
• Threats of violence;
• Sanctions violations or export control violations.

We may also cooperate with law enforcement investigations and comply with valid legal process (subpoenas, court orders, warrants) as described in our Privacy Policy.

9.5 Content Removal

We reserve the right to remove, disable access to, or refuse to process any content that violates this Policy, without prior notice. We are not obligated to review content proactively but may do so at our discretion.

9.6 Appeals

If you believe an enforcement action was taken in error, you may submit an appeal by emailing legal@garmolabs.com with the subject line "AUP Appeal." Include a description of the enforcement action, why you believe it was in error, and any supporting evidence. We will review appeals within fifteen (15) business days and notify you of our determination. Our determination on appeal is final.

---

10. Reporting Violations

If you become aware of any violation of this Policy, or if you believe that another user of the Services is engaging in prohibited activity, please report it to:

Email: abuse@garmolabs.com

When reporting a violation, please include:

• Your name and contact information;
• A description of the suspected violation;
• Any evidence or documentation supporting your report (screenshots, logs, URLs);
• The approximate date and time of the suspected violation;
• Any other information that may help us investigate.

We will acknowledge receipt of your report within two (2) business days and investigate promptly. We will keep your identity confidential to the extent permitted by law and our investigation needs. We will not retaliate against any person who reports a violation in good faith.

---

11. Changes to This Policy

Garmo Labs reserves the right to modify this Acceptable Use Policy at any time. We will provide at least thirty (30) days' prior notice of material changes by: (a) posting the updated Policy on our website with a revised "Last Updated" date; and (b) sending an email notification to the address associated with your Account.

Your continued use of the Services after the effective date of any modification constitutes your acceptance of the updated Policy. If you do not agree with the updated Policy, you must discontinue your use of the Services.

We may make non-material changes (such as adding clarifying examples to existing restrictions) without prior notice, provided such changes do not expand the scope of existing restrictions or impose new obligations.

---

Garmo Labs, LLC
California, United States

Abuse reports: abuse@garmolabs.com
Legal inquiries: legal@garmolabs.com
General support: support@garmolabs.com
Website: garmolabs.com

---

© 2026 Garmo Labs, LLC. All rights reserved.