Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs all access to and use of the RadMah AI platform, APIs, web interfaces, CLIs, SDKs, and all associated services (collectively, the "Service") operated by ITLOX Inc. ("RadMah AI," "we," "our," or "us"). This AUP is incorporated into and forms part of the RadMah AI Terms of Service (www.radmah.ai/legal/terms). Capitalised terms used but not defined here have the meanings given in the Terms of Service. By accessing or using the Service, you agree to comply with this AUP. If you represent an organisation, you are responsible for ensuring that all users within your organisation comply with this AUP. This AUP is designed to protect the integrity, security, and legality of RadMah AI's operations and to protect all users, third parties, and the public from harmful, illegal, or disruptive use of the Service.

The Service is designed and intended for lawful, professional purposes including: (a) Research and Development — Generating synthetic datasets for academic research, proof-of-concept development, data science experimentation, and machine learning model development and validation. (b) Security Testing — Generating synthetic ICS, SCADA, network, and protocol data for security testing, penetration testing, red team exercises, and vulnerability research in environments that you own, operate, or have explicit written authorisation to test. (c) AI/ML Training Data — Creating synthetic training datasets for AI and machine learning models, subject to compliance with the limitations described in Section 4 of this AUP. (d) Compliance and Privacy-Preserving Analytics — Generating differentially private synthetic data to enable analytics on sensitive datasets without exposing real personal data. (e) Regulatory Submissions — Generating evidence-backed synthetic datasets for regulatory submissions, clinical trial simulation, and financial model validation, subject to the disclaimers in the Terms of Service regarding fitness for regulatory purpose. (f) Industrial Simulation — Generating synthetic industrial control system (ICS), operational technology (OT), and SCADA telemetry data for simulation, testing, and training purposes in environments you own or operate. (g) Internal Data Augmentation — Supplementing internal datasets with synthetic data for analytics, dashboards, or reporting purposes. (h) Education and Training — Training technical teams on data science, security, and AI engineering using synthetic datasets. All permitted uses are subject to the restrictions in Section 4 and the export control and sanctions restrictions in Sections 5 and 6.

When using the Service, you must at all times: 3.1 Comply with all applicable laws and regulations in your jurisdiction and in any jurisdiction in which you use or deploy outputs from the Service. 3.2 Use the Service only for the benefit of your organisation or for legitimate personal professional purposes — not to benefit third parties without authorisation. 3.3 Maintain accurate account information including your organisation's legal name, business email, billing address, and a valid payment method. 3.4 Promptly notify RadMah AI at security@radmah.ai upon discovering any unauthorised use of your Account or any security vulnerability in the Service. 3.5 Respect all rate limits, credit caps, concurrent job limits, and other technical controls. Do not attempt to engineer workarounds to these limits. 3.6 Maintain appropriate security for your API keys. Rotate compromised keys immediately. Do not embed API keys in publicly accessible code repositories, client-side JavaScript, mobile application binaries, or any publicly readable environment.

The following uses of the Service are strictly prohibited. This list is illustrative, not exhaustive. RadMah AI reserves the right to determine, in its sole reasonable judgement, whether a use constitutes a violation of this AUP. ────────────────────────────── 4A. Illegal and Harmful Uses ────────────────────────────── (i) You may not use the Service to generate, process, transmit, distribute, or store data in violation of any applicable law, including laws governing data protection, privacy, financial services, consumer protection, export control, anti-money laundering, counter-terrorism, criminal law, or critical infrastructure protection. (ii) You may not use the Service to facilitate, promote, fund, or conceal any form of: money laundering; terrorist financing; fraud; sanctions evasion; tax evasion; bribery or corruption; human trafficking; illegal arms trafficking; or any other activity constituting a criminal offence in any applicable jurisdiction. (iii) You may not use the Service to generate data that is intended to be, or is used as, fraudulent personally identifiable information — including synthetic identity documents, synthetic social security numbers or national identity numbers, synthetic financial credentials, or synthetic biometric data — for the purpose of committing identity theft, account takeover fraud, synthetic identity fraud, consumer credit fraud, insurance fraud, or any other fraudulent scheme. ────────────────────────────── 4B. ICS, SCADA, and Critical Infrastructure ────────────────────────────── (iv) You may not use the Service to generate SCADA attack traffic, ICS exploit data, industrial protocol attack sequences, or operational technology (OT) security simulation data targeting critical national infrastructure, industrial control systems, or operational technology environments that you do not own or do not have unambiguous, explicit, and documented written authorisation to test. Critical national infrastructure includes, without limitation: electricity generation and distribution grids; natural gas and petroleum pipeline and distribution systems; water treatment and distribution systems; wastewater systems; railway and air traffic control systems; maritime navigation and port control systems; telecommunications and internet exchange infrastructure; financial market trading and settlement infrastructure; emergency services and public safety systems; and healthcare facility management systems. The prohibition in this subsection applies regardless of whether the generated data is intended for "defensive" or "offensive" purposes, because the data itself constitutes a dual-use technology. ────────────────────────────── 4C. AI and Machine Learning Restrictions ────────────────────────────── (v) You may not use the Service or its Generated Data as training data for AI systems whose primary or a substantial purpose is: — Automated generation of disinformation or propaganda at scale; — Deepfake, synthetic media, or voice cloning systems used to deceive, manipulate, or defraud individuals without their knowledge and consent; — Biometric spoofing, facial recognition circumvention, or liveness detection bypass; — Systems designed to score, profile, or make automated consequential decisions about individuals based on protected characteristics (e.g., race, gender, disability, religion) in violation of applicable anti-discrimination law; — Autonomous lethal weapons systems or targeting systems used in armed conflict without appropriate legal authorisation. (vi) You may not use the AI Orchestrator, Agentic Data Scientist, or any AI feature of the Service to generate prompts or outputs designed to circumvent or jailbreak AI safety controls, generate illegal content, or assist in any activity prohibited by this AUP. ────────────────────────────── 4D. Platform Abuse ────────────────────────────── (vii) You may not probe, scan, fuzz, or conduct any form of penetration testing, vulnerability research, or security assessment of RadMah AI's own infrastructure, APIs, endpoints, or systems without prior written authorisation from security@radmah.ai. (viii) You may not circumvent, disable, tamper with, or attempt to bypass: rate limits; credit or AI-request caps; queue isolation; job concurrency limits; multi-tenant data isolation boundaries; authentication mechanisms; or any other technical control implemented by RadMah AI. (ix) You may not attempt to reverse-engineer, decompile, disassemble, reconstruct, translate, or extract any proprietary algorithm, engine architecture, model weight, source code, or trade secret from the Service by any means, including through systematic API probing, timing attacks, or output analysis. (x) You may not interfere with or disrupt the Service or the servers or networks connected to the Service, including by transmitting malware, executing denial-of-service attacks, introducing excessive load inconsistent with normal usage patterns, or exploiting any vulnerability. (xi) You may not use automated scripts, bots, or scrapers to access the Service in a manner that exceeds normal usage patterns or places an undue burden on RadMah AI's infrastructure, unless you have obtained prior written permission to do so for a specific legitimate purpose. ────────────────────────────── 4E. Resale and Sublicensing ────────────────────────────── (xii) You may not resell, sublicence, white-label, re-brand, or offer the Service (or access to the Service) to third parties as a managed service, bureau service, or API product without RadMah AI's prior written consent and an executed reseller or OEM agreement. You may, however, provide Generated Data and Evidence Bundles to your own clients as outputs of your work, provided that: (a) you do not provide those clients with direct access to the RadMah AI platform; and (b) you take responsibility for those outputs under your own terms with those clients. ────────────────────────────── 4F. Reputational and Legal Harm ────────────────────────────── (xiii) You may not use the Service in any manner that: damages or tarnishes RadMah AI's brand, reputation, or legal standing; misrepresents the nature or origin of the Service; or falsely implies RadMah AI endorses, sponsors, or is affiliated with your activities. (xiv) You may not make false, fraudulent, or exaggerated chargeback or refund claims related to the Service. Such conduct constitutes a material breach of the Terms of Service and this AUP and may result in immediate Account termination and legal action.

5.1 Sanctions. You may not use the Service if you are: a national or resident of any country subject to comprehensive sanctions under US OFAC, UK OFSI, EU, or UN Security Council programmes (including Cuba, Iran, North Korea, Syria, and the designated regions of Ukraine/Russia as applicable); listed on any US, UK, EU, or UN sanctions list; or owned or controlled by any such person or entity. 5.2 Export Controls. The Service — in particular the ICS Security Simulator and Virtual SCADA Simulator engines — may constitute a controlled technology under: the US Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), the UK Export Control Order 2008, and the EU Dual-Use Regulation (EU) 2021/821. You are solely responsible for determining whether your use requires an export licence or equivalent authorisation and for obtaining any such authorisation before use. You may not export, re-export, transfer, or otherwise provide the Service, Generated Data, or any outputs of the Service to any person, entity, or destination prohibited under applicable export control laws. RadMah AI may suspend or terminate your Account without notice if your use creates export control compliance risk for RadMah AI.

6.1 Ownership and Authorisation. You may only upload Reference Datasets that you own or have the legal right to process for the purposes of using the Service. 6.2 Personal Data. If your Reference Dataset contains personal data of third parties, you must have a documented lawful basis under applicable data protection law (e.g., GDPR Article 6) and must have fulfilled all applicable notice, consent, and data protection obligations before uploading. See our Data Processing Addendum (www.radmah.ai/legal/dpa) for further obligations when uploading personal data. 6.3 Special Categories. You must not upload special category personal data (e.g., health data, biometric data, data revealing political opinions, religious beliefs, sexual orientation, or criminal records) without: (a) explicit consent of the data subjects, or (b) another valid GDPR Article 9(2) exception, and (c) prior discussion with RadMah AI's privacy team at privacy@radmah.ai. 6.4 Third-Party Intellectual Property. You must not upload datasets that contain third-party intellectual property (including proprietary databases, licensed datasets, trade secrets, or copyrighted works) without appropriate authorisation from the rights holder. 6.5 No Real Personal Data in Testing. Where you are using the Service for testing or development purposes, you must use anonymised, synthetic, or de-identified data as your Reference Dataset rather than real personal data about actual individuals.

If you become aware of, or suspect, any violation of this AUP by any user or third party (including within your own organisation), please report it to: Security incidents: security@radmah.ai AML/sanctions concerns: compliance@radmah.ai Legal violations: legal@radmah.ai General AUP concerns: support@radmah.ai RadMah AI takes all reports seriously and will investigate them promptly and confidentially. You will not be penalised for making a good-faith report of a suspected AUP violation.

8.1 RadMah AI's Rights. RadMah AI may take any or all of the following actions in response to suspected or confirmed AUP violations, at its sole and reasonable discretion: (a) Issue a warning or require corrective action; (b) Immediately suspend your Account and all API access, pending investigation; (c) Permanently terminate your Account and all sub-accounts without refund; (d) Remove, delete, or quarantine any data, Generated Data, or Evidence Bundles associated with the violating use; (e) Disclose information about the violation to relevant law enforcement, regulatory, or governmental authorities; (f) Report the Account to fraud prevention databases shared among payment processors; (g) Pursue civil or criminal legal remedies, including injunctive relief, damages, attorneys' fees, and reimbursement of investigation costs. 8.2 No Waiver. A decision by RadMah AI not to enforce a specific AUP violation does not constitute a waiver of RadMah AI's right to enforce the same or similar violations in the future. 8.3 Cooperation. You agree to cooperate fully and in good faith with RadMah AI's investigation of any suspected AUP violation, including by providing access to relevant records and responding promptly to enquiries. Failure to cooperate within 5 business days of a reasonable RadMah AI request constitutes grounds for immediate suspension.

RadMah AI may update this AUP at any time. Material changes will be communicated to registered users by email at least 30 days before they take effect. Continued use of the Service after the effective date of a revised AUP constitutes acceptance of the changes. Customers who believe a proposed change would materially and adversely affect them may notify legal@radmah.ai within the 30-day notice period to discuss the concern. RadMah AI will make reasonable efforts to accommodate legitimate objections.

For questions about this Acceptable Use Policy or to report a potential violation: Security incidents: security@radmah.ai AML / compliance concerns: compliance@radmah.ai Legal and AUP enquiries: legal@radmah.ai General support: support@radmah.ai