Scope
This AUP applies to anyone who accesses or uses the TrustReply service, including paid customers, free-trial users, and anyone authorized to use a customer's account. Capitalized terms not defined here have the meaning given in the Terms of Service.
If you allow a third party to access TrustReply through your account, you're responsible for their compliance with this AUP.
Prohibited content
You may not upload, generate, store, transmit, or share content that:
- Is unlawful or facilitates illegal activity in any jurisdiction where you operate or where TrustReply operates.
- Infringes anyone's intellectual-property rights — copyright, trademark, trade secret, patent, or otherwise — including unauthorized uploads of someone else's SOC 2 report, security policies, or confidential documentation.
- Violates someone's right to privacy or publicity, or contains personal data you don't have a lawful basis to process.
- Is defamatory, fraudulent, threatening, harassing, or invasive of another person's privacy.
- Contains malware, exploits, ransomware, or any code designed to disrupt, damage, or gain unauthorized access to systems.
- Contains child sexual abuse material (CSAM) or content that sexually exploits or endangers minors. We report CSAM to the National Center for Missing & Exploited Children (NCMEC) and law enforcement.
- Contains content that promotes or incites violence, terrorism, self-harm, or hate speech targeting protected groups.
- Contains weapons-of-mass-destruction information, instructions for synthesizing controlled substances, or other content with no legitimate research purpose and high potential for harm.
- Contains protected health information (PHI) or other special-category data — TrustReply is not HIPAA-configured today; do not upload PHI to the service.
Prohibited conduct
You may not:
- Use TrustReply to violate any law, regulation, or third-party right.
- Use the service in a way that interferes with other customers' use or that creates unreasonable load on our infrastructure.
- Probe, scan, or test the vulnerability of any system or network without written authorization. (Authorized security research is covered by our Responsible Disclosure Policy.)
- Breach, circumvent, or attempt to circumvent authentication, authorization, rate limits, or any other security or access control.
- Reverse-engineer, decompile, or attempt to derive the source code of the service, except to the extent applicable law prohibits this restriction.
- Scrape or crawl the service except through supported APIs and within published rate limits.
- Use multiple accounts to evade limits or bans.
- Resell, sublicense, lease, or otherwise provide the service to third parties as a service bureau, hosting service, or competitive offering.
- Use TrustReply to benchmark, train, or build a competing product or LLM.
- Impersonate any person or entity, or misrepresent your affiliation with one.
- Send unsolicited commercial communications via or through the service.
- Interfere with TrustReply's billing, abuse detection, or compliance processes.
AI-specific misuse
TrustReply's core capability is generating draft answers to security and compliance questionnaires. You may not use the service to:
- Generate content you intend to submit to a customer, vendor, auditor, regulator, court, or other third party without first reviewing it for accuracy, completeness, and suitability. Nothing in TrustReply auto-submits; the obligation to review is on you.
- Knowingly or recklessly submit AI-generated drafts that misrepresent your actual security posture, compliance status, or operational practices. TrustReply is a drafting tool, not a fabrication tool.
- Generate, store, or transmit content designed to deceive a regulator, auditor, court, or other authority.
- Generate content that defames a person or entity, including drafted answers that knowingly contain false statements about a third party.
- Bypass our safety measures (prompt injection of system instructions, jailbreaks designed to produce prohibited content) for the purpose of producing content that would otherwise violate this AUP.
- Use TrustReply's drafted output as legal, compliance, regulatory, or security advice. AI drafts are starting points, not professional advice.
You are responsible for every draft you submit. See Section 8 of the Terms of Service.
Rate limits and technical restrictions
We apply rate limits, fair-use ceilings, and other technical restrictions to keep the service reliable for everyone. You agree not to attempt to bypass them.
If your legitimate use case requires higher limits, email legal@trustreply.app with the specifics — we're generally accommodating for paying customers acting in good faith.
Reporting violations
If you believe someone is violating this AUP — for example, using TrustReply to share content that infringes your rights — please report it to abuse@trustreply.app. Include:
- A clear description of the conduct or content in question;
- The TrustReply account or URL involved, if known;
- Why you believe it violates this AUP;
- Your contact information so we can follow up;
- If applicable, identification of the protected work or right at issue.
For DMCA notices, follow the procedure in our Terms of Service.
Enforcement
We may take any of the following actions in response to suspected violations:
- Remove or restrict access to specific content;
- Suspend or terminate accounts;
- Disable specific features;
- Decline to renew a subscription;
- Refer the matter to law enforcement.
For severe violations — including CSAM, credible threats of violence, or active attacks on our infrastructure or customers — we may take immediate action without prior notice. For other violations, we'll generally give notice and a chance to cure where practical.
We cooperate with lawful requests from law enforcement and government authorities, and will challenge requests we believe are overbroad.
Changes to this policy
We may update this AUP from time to time. For material changes, we'll notify you by email or in-product at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance.
Contact
Questions about this AUP: legal@trustreply.app.
Reports of abuse: abuse@trustreply.app.
Questions about this policy?
Email us at legal@trustreply.app. We'll respond within 5 business days.