ACCEPTABLE USE POLICY

Last updated October 1st, 2025

1. Purpose and relationship to other terms

This Acceptable Use Policy (AUP) sets the rules for using Sophiie’s products, websites, AI systems, APIs, phone numbers, integrations and related services (the Services). It forms part of your agreement with us (the Agreement), which includes our Master Terms/Service Agreement and Privacy Policy. If there is a conflict, the Agreement prevails, except that this AUP governs how the Services may be used.

2. Who this applies to

This AUP applies to:

  • Customers (the entity that contracted with Sophiie),
  • their personnel, contractors and representatives, and
  • End Users who interact with the Customer via the Services (e.g., calls, emails, SMS, forms or chat handled by Sophiie).

Customers are responsible for their users’ and End Users’ compliance with this AUP.

3. Key definitions

  • Customer Data: data you or your users provide to or through the Services (e.g., contacts, recordings, transcripts, CRM data, content).
  • Service Data: telemetry, logs, diagnostics, quality metrics and derived analytics generated by the Services.
  • Input: prompts, instructions, documents, audio and other material you submit.
  • Output: content generated by the Services in response to Input.
  • Feedback: suggestions, ideas or comments about the Services.
  • Relevant Laws: includes the Privacy Act 1988 (Cth) and Australian Privacy Principles, Spam Act 2003 (Cth), Do Not Call Register Act 2006 (Cth), Telecommunications (Interception and Access) Act 1979 (Cth), state/territory surveillance & listening devices laws, the Australian Consumer Law, and any equivalent laws where you or your End Users are located.

4. Your responsibilities

You must:

  1. use the Services lawfully and in compliance with this AUP, Relevant Laws, and applicable industry codes/regulator guidance;
  2. provide all required notices and obtain consents from End Users (including for call recording and use of AI, where required);
  3. maintain appropriate security (unique named accounts, strong passwords, MFA where offered, least-privilege access, timely off-boarding);
  4. ensure Customer Data is accurate, free of malware and that you have all necessary rights/permissions to use it with Sophiie;
  5. promptly co-operate with Sophiie on abuse, security or privacy investigations and remedial steps.

5. Prohibited conduct

5.1 Unlawful, harmful or abusive activities

You must not use the Services to: violate law; harass, threaten, defame, discriminate or incite violence; disseminate hateful or extremist content; share sexually exploitative content; or distribute child sexual abuse material.

5.2 Privacy, recording and AI transparency

  • Do not record or monitor communications without required notices/consents under applicable surveillance/listening devices laws (requirements vary by jurisdiction).
  • You must not engage in misleading or deceptive conduct or make false or misleading representations, including by omission, in connection with your use of the Services.
  • Do not upload or process Personal Information without a lawful basis or in ways that breach the Privacy Act or our Privacy Policy.

5.3 Messaging, calling and outreach

  • Comply with the Spam Act (consent, sender identification, functional unsubscribe) and Do Not Call rules; honour opt-outs and suppression lists.
  • No number spoofing, identity misrepresentation or deceptive practices.
  • No robocalling/auto-dialling at scale without lawful basis and appropriate consents.

5.4 Sensitive and regulated data

Unless (A) you have a lawful basis and (B) Sophiie has given prior written approval (or the Service expressly enables an approved capture flow), you must not input, upload, transmit, store, record, or otherwise process with or through the Services—or provide to Sophiie or our subprocessors—any of the following: full payment card PAN or CVV, Tax File Numbers (TFNs), Medicare numbers, passport/driver licence numbers, health/biometric data, or other special-category/sensitive data. This prohibition applies to all channels, including calls/recordings, voicemail, messaging, email, chat, file uploads, APIs/webhooks, CRM syncs, and support requests.

Where Sophiie has expressly approved a compliant capture flow, you remain responsible for meeting all applicable standards (e.g., PCI DSS for card data), using tokenisation/DTMF masking/redaction where applicable, minimising data collected, and obtaining all required notices/consents. Sophiie may automatically filter, redact, delete or block Restricted Data and is not obliged to store, process, recover, or restore it.

5.5 Synthetic media and voice

No voice cloning, synthetic voices or deepfakes depicting a real person without informed, provable consent or in a manner that deceives or harms others.

5.6 Security and network integrity

No probing, scanning, vulnerability testing, reverse engineering, scraping at scale, bypassing access controls or rate limits, DDoS, flooding or introducing malware.
Security research exception: only under a Sophiie-approved Vulnerability Disclosure Program (VDP) with prior written authorisation.

5.7 Intellectual property, model and competitive misuse

Do not upload content you lack rights to use. Do not remove proprietary notices, rebrand, resell or sublicense the Services or Outputs.
Do not use the Services to train or fine-tune competing models, attempt model extraction, or run deceptive or harmful benchmarks.

5.8 High-risk and regulated uses

Do not rely on Outputs for decisions that are life-critical or safety-critical without human review. For legal, medical, financial or other regulated advice, ensure appropriate professional oversight and clear disclaimers.

5.9 Numbers, carriers and third-party platforms

Comply with carrier/platform terms (e.g., telephony/CPaaS, email/SMS providers). We may act on carrier abuse notices (rate-limit, block traffic, suspend features) to preserve network integrity and compliance.

5.10 Sanctions and export controls

Comply with the Australian Sanctions Regime (DFAT) and any applicable foreign export/sanctions controls relevant to the Services or underlying providers. Do not use the Services for sanctioned parties or prohibited jurisdictions.

6. Fair use, throttling and plan alignment

To protect service quality, we may apply concurrency/rate limits, fair-use thresholds and storage caps across calls, messages, API requests and recordings. Where usage materially exceeds reasonable business patterns or risks service stability/cost, we may (acting reasonably) throttle, require plan changes or add-on fees, or suspend abusive workloads after notice where practicable.

7. Emergency services

The Services are not a substitute for emergency services (000/112) and must not be relied upon to contact or route emergency calls.

8. Data handling and roles

You remain the controller of Customer Data you introduce. We process it to provide, secure and improve the Services as described in our Privacy Policy. You must honour applicable data subject rights (access, correction, deletion) that apply to you. Both parties must comply with Notifiable Data Breaches obligations where applicable.

9. Monitoring, investigations and enforcement

We may monitor (automated and manual) to operate, secure and improve the Services and to investigate suspected AUP breaches. We may remove content, block traffic, disable credentials, limit features or suspend accounts immediately where necessary to protect users, data or networks, to comply with law/regulator/carrier requirements, or to address urgent risk. For other issues, we will act reasonably and may provide steps and timeframes to remediate.

10. Notice, takedown and appeal

If we take action under this AUP, we will (where lawful and practicable) notify the Customer with a brief reason and remediation steps. You may appeal by emailing support@sophiie.ai with context and supporting material. We will review good-faith appeals promptly.

11. Requests from authorities

We respond to valid legal process and regulator requests. If you receive a notice that may affect the Services or Customer Data held by Sophiie, promptly notify us (unless legally restricted) so we can assess and respond appropriately.

12. Changes to this AUP

We may update this AUP from time to time. Material changes will be notified at least 30 days before taking effect (or sooner if required by law or to address urgent risk). Continued use after the effective date constitutes acceptance.

13. Governing law

This AUP is governed by the laws of Queensland, Australia, and the parties submit to the exclusive jurisdiction of its courts and appellate courts (without prejudice to mandatory consumer protections where applicable).

14. Contact