Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs the use of the cwRFP platform and services provided by CWM Strategies, LLC ("Provider" or "cwRFP"). This AUP is incorporated into and forms part of the Master Services Agreement and/or Terms of Service between Provider and Client.

---

1. Purpose and Scope

1.1 Purpose

This AUP establishes acceptable and prohibited uses of the cwRFP platform to ensure the security, reliability, and integrity of the Services for all users.

1.2 Scope

This AUP applies to all persons and entities that access or use the Services, including Client and all Authorized Users.

1.3 Compliance Required

All users must comply with this AUP. Violation may result in suspension or termination of access to the Services.

---

2. Acceptable Use

2.1 Permitted Use

The Services are provided for Client's internal business purposes to:

• Create and manage Q&A response libraries for RFP responses
• Generate AI-powered answers to RFP questions
• Upload and process supporting documents
• Collaborate with team members on RFP content
• Export and use generated content in Client's RFP responses

2.2 Professional Use

The Services are designed for professional business use in the contingent workforce, staffing, and workforce solutions industries.

2.3 Lawful Use

Client and Authorized Users must use the Services in compliance with all applicable laws, regulations, and industry standards.

---

3. Prohibited Activities

3.1 Illegal Activities

Users shall not use the Services to:

• Engage in any illegal activity or facilitate illegal conduct
• Violate any applicable law, regulation, or court order
• Infringe upon intellectual property rights, privacy rights, or other rights of third parties
• Distribute, store, or transmit content that is unlawful, defamatory, obscene, or otherwise objectionable
• Engage in fraud, misrepresentation, or deceptive practices
• Violate export control laws or regulations
• Facilitate money laundering, terrorism financing, or other criminal activity

3.2 Harmful Content

Users shall not upload, store, or transmit:

• Malware, viruses, worms, trojan horses, or other malicious code
• Content that promotes violence, terrorism, or harm to individuals or groups
• Content that promotes discrimination based on race, religion, gender, sexual orientation, disability, or other protected characteristics
• Child sexual abuse material (CSAM) or content exploiting minors
• Content that violates privacy rights or contains unauthorized personal information
• Spam, unsolicited communications, or marketing materials unrelated to Client's business
• Pirated software, copyrighted materials used without authorization, or trade secrets obtained unlawfully

3.3 System Abuse

Users shall not:

• Attempt to gain unauthorized access to the Services, other user accounts, or Provider's systems
• Interfere with or disrupt the integrity or performance of the Services
• Probe, scan, or test the vulnerability of the Services or breach security measures
• Reverse engineer, decompile, disassemble, or attempt to derive source code from the Platform
• Use automated scripts, bots, or crawlers to access the Services (except through documented APIs)
• Overload or attempt to disable the Services through denial-of-service attacks or similar methods
• Circumvent usage limits, access controls, or other restrictions imposed by Provider
• Access the Services through any means other than the provided user interface or documented APIs

3.4 Account Misuse

Users shall not:

• Share account credentials with unauthorized individuals
• Allow third parties to access the Services through Client's account without proper authorization
• Create multiple accounts to circumvent usage limits or restrictions
• Impersonate another person or entity
• Use false or misleading information when creating or managing accounts
• Transfer or resell access to the Services without Provider's written consent

3.5 Competitive Use

Users shall not:

• Use the Services to develop, support, or provide competing products or services
• Access the Services to monitor availability, performance, or functionality for competitive purposes (benchmarking for competitive advantage)
• Copy, reproduce, or reverse engineer features, functionality, or user interface elements for use in competing products
• Extract or compile data from the Services to create competing databases or services

3.6 Data Mining and Scraping

Users shall not:

• Systematically extract, harvest, or scrape data from the Services
• Use the Services to build machine learning models for purposes outside Client's RFP response activities
• Aggregate data from the Services with data from other sources to create derivative databases for commercial purposes
• Use AI-generated content from the Services to train competing AI models or services

3.7 Excessive or Abusive Use

Users shall not:

• Generate excessive API calls or requests that impact system performance for other users
• Upload unreasonably large files or volumes of data beyond normal business use
• Use the Services in a manner that consumes disproportionate system resources
• Deliberately trigger expensive AI operations for purposes unrelated to legitimate business needs
• Abuse Usage Credits or attempt to exploit the credit system

---

4. Content Standards

4.1 Client Responsibility

Client is solely responsible for all content uploaded to or created through the Services, including Q&A pairs, documents, and generated answers.

4.2 Accuracy

Client represents that content uploaded to the Services:

• Is accurate and truthful to the best of Client's knowledge
• Does not contain intentionally false or misleading information
• Complies with Client's obligation to provide truthful information in RFP responses

4.3 Intellectual Property

Client represents that content uploaded to the Services:

• Does not infringe upon any third party's intellectual property rights
• Is owned by Client or Client has the right to use and process the content
• Does not contain trade secrets or confidential information belonging to third parties without authorization

4.4 Personal Data

When uploading content containing personal data, Client shall:

• Comply with all applicable privacy and data protection laws
• Have appropriate legal basis for processing the personal data
• Ensure individuals' rights are respected in accordance with the Data Processing Agreement
• Not upload sensitive personal data (health information, financial data, government IDs) unless necessary for legitimate RFP purposes

4.5 Prohibited Content

Client shall not upload or create content that:

• Contains hate speech, threats, or incitement to violence
• Promotes illegal activities or provides instructions for illegal conduct
• Violates any person's privacy or publicity rights
• Contains explicit sexual content (except as may be necessary for legitimate workforce policies in uploaded documents)
• Infringes copyright, trademark, patent, or other intellectual property rights

---

5. Security Obligations

5.1 Account Security

Users must:

• Maintain the confidentiality of account credentials
• Use strong, unique passwords
• Enable multi-factor authentication when available
• Notify Provider immediately of any unauthorized access or security breach
• Log out of accounts when using shared or public computers

5.2 Data Protection

Users must:

• Implement appropriate security measures on devices used to access the Services
• Keep software and operating systems updated with security patches
• Use antivirus and anti-malware software
• Avoid accessing the Services over unsecured public Wi-Fi networks without VPN protection
• Report suspected security incidents to Provider promptly

5.3 Access Management

Client must:

• Grant access only to Authorized Users with legitimate business need
• Promptly revoke access for employees, contractors, or agents who no longer require it
• Review and update user permissions regularly
• Maintain records of who has access to the account

---

6. Usage Limits and Fair Use

6.1 Subscription Limits

Client's use is subject to the usage limits specified in Client's subscription plan, including:

• Number of Q&A pairs
• Number of supporting documents
• Monthly Usage Credits for AI answer generation
• Storage capacity
• Number of Authorized Users

6.2 Fair Use Principles

Even within subscription limits, Client agrees to:

• Use the Services in a manner consistent with normal business operations
• Not engage in excessive or abusive usage patterns
• Not use the Services in a way that degrades performance for other users
• Not intentionally waste system resources or Usage Credits

6.3 Overage and Rate Limiting

If Client exceeds subscription limits:

• Overage charges may apply as specified in the Subscription Plan
• Provider may implement rate limiting to ensure fair access for all users
• Provider may temporarily suspend access until Client upgrades or reduces usage
• Repeated excessive usage may result in account review or termination

---

7. Monitoring and Enforcement

7.1 Monitoring Rights

Provider reserves the right to:

• Monitor usage of the Services to ensure compliance with this AUP
• Investigate suspected violations of this AUP
• Review content if there is reason to believe it violates this AUP or applicable law
• Use automated systems to detect malware, prohibited content, or unusual usage patterns

7.2 No Obligation to Monitor

Provider has the right but not the obligation to monitor or review content. Provider does not pre-screen content and is not responsible for content uploaded by users.

7.3 Cooperation with Law Enforcement

Provider will cooperate with law enforcement agencies and may disclose user information if:

• Required by law, court order, or legal process
• Necessary to investigate suspected illegal activity
• Needed to protect Provider's rights, property, or safety
• Required to prevent imminent harm to individuals

---

8. Violations and Enforcement Actions

8.1 Violation Response

Upon discovering or being notified of an AUP violation, Provider may:

• Investigate the alleged violation
• Request that Client or Authorized User immediately cease the violating activity
• Suspend access to specific features or content
• Suspend or terminate the Client's account
• Remove or disable access to content that violates this AUP
• Report illegal activity to appropriate law enforcement authorities

8.2 Immediate Suspension

Provider may immediately suspend access without prior notice if:

• The violation poses an immediate security risk
• The violation could harm other users or Provider's systems
• The violation involves illegal activity
• Required by law or legal process
• The violation could result in liability to Provider

8.3 Notice and Opportunity to Cure

For violations that do not require immediate suspension, Provider will:

• Notify Client in writing of the violation
• Provide Client with reasonable opportunity to cure (typically 48-72 hours)
• Work with Client to resolve the issue when appropriate

8.4 Repeat Violations

Clients who repeatedly violate this AUP may be subject to:

• Shorter cure periods for subsequent violations
• Increased monitoring of account activity
• Termination of Services without further opportunity to cure

8.5 Appeal Process

If Client believes an enforcement action was taken in error:

• Client may submit a written appeal to mickey@cwmstrategies.com
• Include explanation of why the action was incorrect
• Provide any supporting documentation
• Provider will review and respond within five (5) business days

---

9. Reporting Violations

9.1 How to Report

To report suspected AUP violations by other users or security concerns:

• Email: mickey@cwmstrategies.com
• Subject line: "AUP Violation Report" or "Security Concern"
• Include detailed description of the issue
• Provide any relevant evidence (screenshots, URLs, timestamps)

9.2 Investigation

Provider will:

• Acknowledge receipt of report within 48 hours
• Investigate reported violations
• Take appropriate action if violation is confirmed
• Maintain confidentiality of reporter where possible

9.3 No Retaliation

Provider prohibits retaliation against any person who reports suspected violations in good faith.

---

10. Third-Party Services and Content

10.1 Third-Party Links

The Services may contain links to third-party websites or services. Provider is not responsible for third-party content and does not endorse third-party services.

10.2 AI-Generated Content

Content generated by the AI features:

• Is provided as a tool to assist with RFP responses
• Should be reviewed and verified by Client before use
• May contain errors, inaccuracies, or inappropriate suggestions
• Remains Client's responsibility once exported or used
• Should not be relied upon as legal, financial, or professional advice

10.3 Client Verification

Client is responsible for:

• Reviewing all AI-generated content before use
• Ensuring accuracy of information in RFP responses
• Verifying that generated content complies with RFP requirements
• Making final decisions about content to include in responses

---

11. Intellectual Property Protection

11.1 Respecting IP Rights

Users must:

• Only upload content they own or have permission to use
• Respect copyright, trademark, and patent rights
• Not use the Services to store or distribute pirated content
• Obtain necessary licenses for third-party content

11.2 DMCA Compliance

Provider complies with the Digital Millennium Copyright Act (DMCA). To report copyright infringement:

• Email: mickey@cwmstrategies.com
• Subject: "DMCA Takedown Notice"
• Include all information required by 17 U.S.C. § 512(c)(3)

11.3 Counter-Notification

If Client believes content was removed in error, Client may submit a DMCA counter-notification as provided by law.

---

12. Modifications to this AUP

12.1 Right to Modify

Provider may modify this AUP at any time to:

• Reflect changes in legal requirements
• Address new security threats or abuse patterns
• Improve clarity or add examples
• Respond to user feedback

12.2 Notice of Changes

Provider will notify users of material changes via:

• Email to Client's primary contact
• In-platform notification
• Updated "Last Updated" date at the top of this document
• Posting on Provider's website

12.3 Effective Date

Changes become effective:

• Thirty (30) days after notice for material changes
• Immediately for changes required by law
• Upon publication for minor clarifications or non-material changes

12.4 Continued Use

Continued use of the Services after changes become effective constitutes acceptance of the modified AUP.

---

13. Termination Consequences

13.1 Effect of Termination

If Client's account is terminated for AUP violations:

• Access to the Services will be immediately revoked
• Client will have thirty (30) days to export Customer Data
• No refund of prepaid fees will be provided
• Client remains liable for all fees incurred prior to termination

13.2 Reinstatement

Provider may, in its sole discretion, reinstate a terminated account if:

• The violation has been cured
• Client demonstrates it has taken steps to prevent future violations
• Client pays any outstanding fees
• Provider is satisfied the violation will not recur

---

14. Disclaimer of Warranties

14.1 AUP Enforcement

Provider's enforcement of this AUP does not create any warranties or guarantees regarding:

• The accuracy, quality, or reliability of user-generated content
• The security or safety of the Services
• The prevention of all AUP violations
• The detection of all malware or malicious content

14.2 No Guarantee of Action

Provider's right to enforce this AUP does not obligate Provider to:

• Monitor all content or activity
• Take action against all violations
• Notify users of all enforcement actions
• Explain enforcement decisions

---

15. General Provisions

15.1 Severability

If any provision of this AUP is found invalid or unenforceable, the remaining provisions remain in full force and effect.

15.2 Entire Agreement

This AUP, together with the Master Services Agreement or Terms of Service, constitutes the entire agreement regarding acceptable use of the Services.

15.3 Governing Law

This AUP is governed by the laws of the Commonwealth of Pennsylvania, consistent with the Master Services Agreement.

15.4 Contact Information

---