Version 1.0 · June 2026
Spexsure — Version 1.0 · Effective June 2026
DRAFT — PENDING LEGAL REVIEW. This document has not been reviewed by qualified legal counsel and must not be treated as final. Do not publish or rely on it until reviewed by a licensed attorney.
This Acceptable Use Policy ("AUP") sets out the rules governing what you may and may not do with the Spexsure platform ("Service"), operated by Heuristicworks LLC ("Spexsure", "we", "us"). This AUP is incorporated by reference into the Terms of Service (spexsure.com/legal/terms) and the End User License Agreement (spexsure.com/legal/eula). Capitalised terms not defined here have the meanings given in those documents.
Violation of this AUP may result in immediate suspension or permanent termination of your account, referral to law enforcement, and civil or criminal liability. Spexsure reserves all rights and remedies available under applicable law.
This AUP applies to:
You are responsible for ensuring that all Authorised Users within your organisation comply with this AUP. A violation by any Authorised User is treated as a violation by the account holder or licensee.
The Service is designed and licensed for the following purposes:
All use must be for internal business purposes within the scope of your subscription or licence. Permitted use must at all times comply with applicable law and the terms of all incorporated policies.
You must not submit, upload, paste, or transmit through the Service any content that:
Spexsure will report any such content to the National Center for Missing & Exploited Children (NCMEC), relevant law enforcement agencies, and CSAM reporting bodies in applicable jurisdictions without exception and without prior notice to the account holder.
You must not:
(a) Attempt to gain unauthorised access to any part of the Service, its underlying infrastructure, or any account other than your own;
(b) Conduct or facilitate port scanning, network probing, penetration testing, or vulnerability scanning against Spexsure's infrastructure without prior written authorisation from Spexsure. Authorised security testing requests must be directed to security@spexsure.com;
(c) Introduce, transmit, or distribute viruses, malware, ransomware, spyware, worms, Trojan horses, or any other malicious code through the Service;
(d) Conduct or facilitate distributed denial-of-service (DDoS) attacks, volumetric attacks, or any other attack designed to degrade, disrupt, or overwhelm the Service or third-party systems reachable through it;
(e) Exploit any vulnerability in the Service. If you discover a security vulnerability, you must report it responsibly to security@spexsure.com and refrain from exploiting it or disclosing it publicly until Spexsure has had a reasonable opportunity to remediate it (see /.well-known/security.txt for our responsible disclosure policy);
(f) Intercept, monitor, or modify traffic between the Service and Anthropic or any other third-party API.
The Service uses AI systems, including large language models provided by Anthropic PBC. You must not:
(a) Submit prompt injection attacks — inputs crafted to override, circumvent, or manipulate the system instructions governing the AI model's behaviour, including attempts to extract system prompts, modify the model's operating context, or cause the model to produce outputs outside its intended scope;
(b) Submit jailbreak attempts — inputs designed to bypass the AI model's safety guidelines, content policies, or ethical constraints, whether through role-playing scenarios, hypothetical framings, encoded characters, or any other technique;
(c) Submit inputs designed to cause the AI model to produce harmful, illegal, or policy-violating outputs, including instructions for creating weapons, synthesising controlled substances, or facilitating violence;
(d) Use the Service to probe, map, or reverse-engineer the behaviour, capabilities, or limitations of the underlying AI models for competitive intelligence purposes or for use in developing a competing AI product;
(e) Attempt to extract, reproduce, or reconstruct training data, model weights, or system prompts from the AI model's outputs.
Any submission falling within the above will be flagged by our automated security systems, archived, and may be disclosed to law enforcement as described in Section 3.5 of our Terms of Service.
You must not:
(a) Create multiple accounts to obtain additional free-tier credits beyond what a single account is entitled to;
(b) Use automated scripts, bots, or other means to generate, manipulate, or circumvent credit metering;
(c) Share subscription credentials with individuals outside your organisation to exceed licensed seat limits;
(d) Resell, transfer, or sublicense Credits or Service access to third parties without Spexsure's prior written consent;
(e) Provide false or fraudulent payment information, or initiate charge-backs in bad faith;
(f) Exploit any pricing error, promotional code, or billing system bug to obtain service at an unintended price. If you discover a billing error that benefits you, you are required to notify support@spexsure.com promptly.
You must not:
(a) Use the Service's Jira integration to push tickets to a Jira workspace for which you do not have authorisation;
(b) Use the OAuth credentials obtained through the Service's Jira integration for any purpose other than the intended ticket-push functionality;
(c) Use your BYOK Anthropic API key to make calls to Anthropic outside the Service through the Service's infrastructure;
(d) Attempt to intercept, exfiltrate, or misuse encrypted OAuth tokens or BYOK keys stored by the Service.
You must not:
(a) Access the Service by automated means (bots, crawlers, scrapers) except through officially published APIs and within documented rate limits;
(b) Systematically extract or harvest content, data, or AI outputs from the Service by automated means;
(c) Use the Service to aggregate or republish AI-generated output at scale without independent review of each output.
You must not use the Service, or data derived from it, to:
(a) Benchmark Spexsure's AI output against competing products without our prior written consent;
(b) Develop, train, or improve a product or service that competes with Spexsure;
(c) Generate marketing content that misrepresents Spexsure's capabilities or AI Output quality based on cherry-picked or adversarially constructed examples.
You must not use the Service to:
(a) Generate content that is defamatory, libellous, or maliciously false about any individual or organisation;
(b) Create or distribute spam, unsolicited commercial communications, or phishing content;
(c) Facilitate any scheme designed to defraud, deceive, or harm any person.
Spexsure is an AI-assisted tool. You acknowledge that:
5.1 Human Oversight is Required. AI Output must not be deployed in production systems, presented to customers, submitted to regulators, or used in any consequential decision without independent human review and validation. This requirement is not waivable.
5.2 AI Output is Not Professional Advice. AI-generated epics, user stories, acceptance criteria, and tickets are drafts only. They do not constitute legal, engineering, financial, or compliance advice. Do not rely on them as such.
5.3 Regulated and Safety-Critical Contexts. You must not use AI Output without additional qualified human oversight where the output could influence:
5.4 EU AI Act Compliance. If you are subject to the EU AI Act, you are responsible for conducting your own conformity assessment of how you use AI Output within your own systems and processes. Spexsure's provision of AI Output does not satisfy your obligations under the EU AI Act.
5.5 Bias and Fairness. AI models may produce outputs that reflect biases present in their training data. You are responsible for reviewing AI Output for potential bias before use, particularly in contexts involving hiring, performance assessment, or customer-facing communications.
If you use the Service on behalf of a client (e.g. as a consultant, agency, or systems integrator):
(a) You represent that you have your client's authorisation to submit their PRD content to the Service and for processing by Anthropic PBC;
(b) You are responsible for ensuring your client's content complies with this AUP;
(c) You must inform your client that their content will be transmitted to Anthropic for AI processing;
(d) You remain the account holder and are liable for all use under your account, including your clients' content.
Spexsure uses automated security scanning to detect inputs that violate this AUP, including prompt injection detectors, content classifiers, and anomaly detection on usage patterns. We do not routinely read your PRD content for AUP compliance, but automated systems may flag content for review.
On detecting or receiving a report of a violation, Spexsure may take any of the following actions without prior notice, at its sole discretion:
| Severity | Actions |
|---|---|
| Minor / first offence | Warning email; temporary rate reduction |
| Moderate | Temporary account suspension (24–72 hours) pending investigation |
| Serious | Permanent account termination; no refund of prepaid fees |
| Criminal | Immediate termination; archival of all associated data; referral to law enforcement |
The action taken will be proportionate to the nature and severity of the violation. Spexsure is not required to follow a progressive enforcement sequence and may permanently terminate an account for a first offence where the violation is serious.
If you believe your account was suspended or terminated in error, you may appeal by emailing legal@heuristicworks.com within 14 days of the action, providing a detailed explanation. Spexsure will review and respond within 14 business days. Spexsure's determination following appeal is final.
Accounts terminated for violation of this AUP are not entitled to a refund of any prepaid subscription fees, unused Credits, or Captive Deployment licence fees, except where required by applicable law.
If you become aware of a violation of this AUP by another user, or if you believe the Service is being misused in a way that poses a risk to you or others, please report it to:
We review all reports and will take appropriate action. We will not disclose the identity of the reporter without consent unless required by law.
We may update this AUP at any time. For material changes, we will provide at least 14 days' notice by email before the revised AUP takes effect. Continued use of the Service after the effective date constitutes acceptance of the revised AUP. If you do not agree to the revised AUP, you must stop using the Service and close your account before the effective date.
Heuristicworks LLC · Spring City, PA, USA
Questions? legal@heuristicworks.com