Acceptable Use Policy

This Acceptable Use Policy ("AUP") sets out the rules that govern your use of the Gravity platform, including any AI agents you execute, build, or distribute through it. The AUP is incorporated by reference into our Terms of Service, Builder Agreement, and Creator Agreement. Capitalized terms not defined here have the meanings given in the Terms.

The AUP exists for a simple reason: Gravity executes AI agents that act autonomously on behalf of Users. With that capability comes responsibility, both yours and ours. Violations of this AUP can result in agent suspension, account termination, forfeiture of unused Credits, and reporting to law enforcement where required by law.

01Scope

1.1. This AUP applies to every interaction you have with the Platform, whether as a User executing an Agent, a Builder publishing an Agent, a Creator promoting Gravity, or a developer using our APIs.

1.2. The AUP applies to inputs you provide, outputs an Agent generates on your behalf, downstream actions an Agent takes against connected third-party services, and any conduct directed at Gravity, our staff, or other Platform participants.

1.3. If you connect a third-party service to an Agent (e.g., LinkedIn, Gmail, HubSpot), the rules of that service also apply. Nothing here overrides obligations you owe to those services.

02Core Principles

The full list of rules below derives from four principles. When something isn't explicitly listed, ask whether it would respect:

1. Human dignity. Don't use Gravity to harm, harass, deceive, or strip agency from real people.
2. Honest disclosure. Don't hide that AI was involved when disclosure would matter to a reasonable recipient (e.g., journalism, advice, contracts, votes).
3. Lawful purpose. Don't use Gravity for activity that is illegal in your jurisdiction or the recipient's.
4. Proportionate autonomy. The more autonomous the action and the higher the stakes, the more human review is required, regardless of the Agent's confidence.

03Prohibited Content

3.1. You may not use the Platform to create, request, store, distribute, or amplify content that:

• Sexualizes minors in any way (including text, image, audio, or simulated content depicting persons reasonably believed to be under 18). Violations are reported to NCMEC and to law enforcement.
• Generates non-consensual intimate imagery ("deepfake nudes"), regardless of whether the depicted person is real or fictional.
• Provides operational instructions for weapons of mass harm, including chemical, biological, radiological, nuclear, or high-yield explosive ("CBRNE") production, acquisition, or deployment.
• Targets violence at a specific person, group, or location (incitement, solicitation of murder, threats, doxing combined with calls to harm).
• Promotes terrorist organizations designated under Indian, U.S., U.K., E.U., or U.N. sanctions, including recruitment, fundraising, or propaganda.
• Facilitates human trafficking, slavery, forced labor, or commercial sexual exploitation.
• Generates malware, ransomware, exploit code, or phishing kits intended for unauthorized access to systems you do not own.
• Constitutes hate speech targeting protected characteristics (race, caste, ethnicity, national origin, religion, sex, gender identity, sexual orientation, disability, age, veteran status).
• Defames a real person or entity with statements you know or reasonably should know are false.
• Infringes intellectual property you do not own and have no license to use, including trained-model outputs that closely reproduce identifiable copyrighted works in a way that exceeds fair-dealing/fair-use limits.
• Fabricates evidence for legal, financial, employment, immigration, journalistic, or political purposes.
• Generates or distributes content prohibited under Indian law, including content that violates the Information Technology Act, 2000, the Bharatiya Nyaya Sanhita, 2023, or rules issued under either.

04Prohibited Conduct

4.1. You may not, directly or via an Agent acting on your behalf:

• Deceive a real human into believing they are interacting with another real human when this would meaningfully alter their decision (impersonation in sales, advice, dating, government processes, journalism, or interpersonal relationships).
• Conduct mass automated outreach without consent that violates anti-spam laws (CAN-SPAM, CASL, GDPR, India's UCC regulations, the EU AI Act, or local equivalents).
• Scrape personal data, contact data, or credential data from sources where the operator forbids automated access in their terms of service or via robots.txt, technical access controls, or paywalls.
• Run an Agent to manipulate elections, polls, surveys, financial markets, or public opinion through coordinated inauthentic behavior.
• Use the Platform to make irreversible decisions about other people without meaningful human review, including hiring, firing, lending, insurance underwriting, medical diagnosis, custody, immigration, or sentencing recommendations.
• Bypass any rate limit, Credit cost, billing system, or quality gate.
• Use stolen, leaked, or otherwise unauthorized credentials with any connected service.
• Resell raw access to Agents on the Platform without authorization, or wrap an Agent to disguise its origin.
• Use the Platform to compete with Gravity by replicating substantially similar marketplace, matching, or quality-control features.
• Submit content reasonably described as containing children's personal data when you do not have lawful basis under applicable child-data laws (COPPA, GDPR-K, DPDPA § 9).

05High-Risk Use Cases

5.1. Agents may not be used as the sole decision-maker for matters that materially affect a person's life, liberty, livelihood, or finances. The categories below require demonstrable human review of the Agent's output before action is taken:

• Legal advice — Agents may summarize, draft, or research, but you must engage a licensed attorney before filing, signing, or relying on legal output for a binding decision.
• Medical, mental health, or pharmacological advice — Agents may not diagnose, prescribe, or recommend dosage. Output must direct users to a licensed clinician.
• Financial advice on regulated products — Agents may not provide personalized investment advice on securities, insurance products, or credit instruments without registration with the relevant regulator (e.g., SEBI in India, SEC in the U.S., FCA in the U.K.).
• Tax filings — Agents may organize records or draft returns, but a qualified tax professional must review submissions where required by law.
• Hiring, performance reviews, lending, housing, or insurance — Agents may surface candidates or summarize records but may not be the final automated decision (per EU AI Act Annex III, India proposed Digital India Act, and equivalent rules).
• Government interactions — Filings, applications, and submissions to government bodies must be reviewed by you before submission.
• Safety-critical operations — Agents may not be wired to control physical infrastructure, vehicles, weapons systems, life-safety devices, or industrial control systems.

5.2. If you use Gravity in any of these contexts, you remain solely responsible for the human review described and for any harm that results from inadequate review.

06Autonomous Agent Behavior

6.1. Agents act with the authority you grant them. You remain responsible for the actions an Agent takes on your behalf in connected services (sending email, posting content, transferring funds, scheduling events, modifying CRM records, etc.).

6.2. You must configure spending caps, action approval thresholds, and runtime limits appropriate to the Agent's authority and the value of the actions it can take.

6.3. Recurring Automations must be reviewed periodically and disabled when the underlying purpose ends. Gravity may automatically pause Automations after extended periods of User inactivity (typically 14 days or more).

6.4. An Agent may not be used to chain into other Agents or external services in a way that obscures the chain of responsibility, defeats spending controls, or evades content rules.

6.5. If an Agent is exposed to untrusted input (e.g., emails, web pages, customer messages), you must assume the input may attempt prompt injection and configure scopes accordingly. Gravity provides isolation and guardrails, but final accountability for what the Agent does with its scopes rests with you.

07Third-Party Service Rules

7.1. When you connect a third-party service (Google Workspace, LinkedIn, HubSpot, Stripe, etc.), Gravity acts only within the OAuth scopes you grant.

7.2. You may not direct an Agent to violate the third-party service's terms (e.g., LinkedIn's prohibitions on scraping, Google's user-data terms, Razorpay's restricted business categories).

7.3. Some third-party services impose additional restrictions on AI-generated content (e.g., Apple App Store, Meta platforms, regulated email providers). You must observe those restrictions where they apply.

08Builder-Specific Rules

8.1. Builders are responsible for the on-Platform behavior of every Agent they publish. Misleading descriptions, undisclosed external dependencies, or quality regressions may result in delisting.

8.2. An Agent that calls a paid third-party API must accurately disclose the underlying cost in its Credit estimate.

8.3. An Agent may not exfiltrate User Content, Platform internals, or telemetry to systems Gravity has not authorized.

8.4. An Agent's prompts may not contain hidden instructions intended to manipulate User trust, bypass guardrails, or alter Gravity's quality scoring.

8.5. Additional Builder obligations are set out in the Builder Agreement.

09Enforcement

9.1. Gravity uses a layered enforcement model:

• Automated detection. Inputs and outputs are scanned for clear violations (CSAM signatures, malware indicators, mass-spam patterns).
• Manual review. Reports from users, third-party platforms, or partners trigger human review.
• Graduated response. First-time minor violations typically trigger a warning. Repeat or severe violations trigger suspension or termination without notice.
• Forfeiture. Termination for cause forfeits unused Credits, in line with the Terms of Service.
• Referrals. Conduct that constitutes a criminal offense is reported to the appropriate authority.

9.2. We may preserve evidence of violations for the duration of any investigation and for as long as required by law.

9.3. Decisions are made at Gravity's reasonable discretion. We are not obligated to provide specific evidence in cases where doing so would compromise an investigation or another user's safety.

10Reporting Abuse

To report a violation of this AUP, including suspected illegal content, abusive behavior, or a compromised account, email abuse@gravity.fast with as much detail as you can share safely.

For child safety emergencies, contact local law enforcement first, then notify us at abuse@gravity.fast so we can preserve evidence.

For security vulnerabilities, follow our Responsible Disclosure process instead.

11Changes

11.1. We may update this AUP to reflect new abuse vectors, regulatory changes, or product evolution. Material changes are communicated via email or prominent Platform notice at least thirty (30) days before they take effect, except where a shorter period is required to address an urgent safety or legal issue.

12Contact