Appintellectlocal

Appintellect — Acceptable Use Policy

DRAFT — NOT LEGALLY REVIEWED. Fill in {{placeholders}}, have counsel review, then remove this banner.

Last updated: 2026-04-23

This Acceptable Use Policy ("AUP") is part of the Terms of Service. It spells out what you may and may not do with the Appintellect Service. When we say "you", we mean both the pilot customer organization and every individual using the Service under that organization's API key.

Violating this AUP is grounds for suspension or termination of your access, on notice or — for severe or ongoing violations — immediately.

1. The headline rule

Use Appintellect only to test mobile applications you own, you are authorized to test on behalf of the owner, or that are publicly distributed debug/test builds explicitly intended for this kind of exploration.

Everything below is detail about what that means in practice.

2. Applications you may test

  • Your organization's own mobile applications
  • Mobile applications belonging to a customer or partner who has given you written authorization to run automated exploration against them (e.g. a QA services engagement)
  • Publicly released debug / test / demo / sample builds from an application vendor where the vendor has published them for exploration, fuzzing, or similar testing
  • Your own forks / internal builds of the above

3. Applications you must not test

  • Applications you did not author and do not have written permission to test — including production builds of competitors' or third parties' apps downloaded from the App Store or Play Store
  • Applications whose Terms of Service prohibit automated interaction, scraping, or reverse engineering, unless you have obtained a specific exception from the owner in writing
  • Government or military applications that restrict automated testing
  • Applications subject to export-control restrictions that would be violated by transmitting their contents to our US-based infrastructure

4. How you use the Service

You must not:

  • Share your Appintellect API key outside your organization, or embed it in code or images you publish
  • Attempt to access another tenant's data, bypass authentication, or probe our infrastructure for vulnerabilities outside our coordinated disclosure program
  • Interfere with the availability of the Service — e.g. running crawls specifically to generate load rather than to test an application, or automating dashboard requests beyond reasonable use
  • Use the Service to circumvent rate limits, geographic restrictions, anti-fraud controls, or paywalls on third-party services accessed by applications under test
  • Send the Service content that is unlawful, infringes intellectual property, or contains malware designed to exploit our backend rather than exercise the application under test

5. Data you put through the Service

You must not:

  • Use production end-user data to authenticate the application under test where a synthetic test account would suffice. Where no synthetic equivalent exists, you must have a lawful basis for processing that production data and should minimize retention (see privacy policy and DPA)
  • Use the Service to process special-category personal data (health, biometric, political opinions, etc.) beyond what is strictly unavoidable for exercising the application under test
  • Upload applications or content that violate export controls, sanctions, or other laws applicable to you or to us

6. AI-specific rules

The Service drives a third-party AI provider (currently Google Gemini) using your API key. You are responsible for:

  • Complying with the AI provider's own usage policies
  • Setting a spend cap appropriate for your budget (the Service enforces whatever cap you set)
  • Understanding that AI outputs may be wrong and that verification before acting on them is your responsibility (see Warranty Disclaimer in the Terms)

7. Reporting abuse

If you believe someone is using Appintellect in violation of this AUP, email {{abuse_contact_email}}. We investigate every report and do not disclose reporter identity without consent.

8. Enforcement

  • Minor / first-time issues (accidental spill of production data into a crawl, obvious misconfiguration, low-volume policy breach): we contact you, work with you to remediate, and document the issue.
  • Material violations (testing apps without authorization, credential-stuffing through our infrastructure, attempting to bypass tenant boundaries): suspension pending investigation and potential termination.
  • Severe or ongoing violations (knowingly illegal activity, deliberate abuse of a third party's systems via apps driven through our agent): immediate termination + cooperation with lawful authorities.

We will always prefer a conversation over a silent cutoff where the situation allows it.

9. Contact

  • Abuse reports: {{abuse_contact_email}}
  • AUP questions: {{legal_contact_email}}
  • Security disclosure: {{security_contact_email}}