Acceptable use policy

This Acceptable Use Policy (“Policy”) forms part of the ReplyArc Terms of Service (the “Agreement”) between Wondertabs Pte. Ltd. (UEN 202037320G, Singapore) (“ReplyArc”, “we”) and the business that registers a workspace (the “Customer”, “you”). It applies to the Service and to Customer Data (each as defined in the Terms of Service), and to how your AI agent interacts with End Users (as defined in the Terms of Service). You are responsible for all use of the Service under your account, including by your team members. A breach of this Policy may constitute a material breach of the Agreement.

1. Prohibited content

You must not upload to your agent's knowledge base, or transmit or display through the Service, content that:

• is unlawful under the laws of Singapore or any laws that apply to you or your End Users;
• infringes copyright, trade marks, trade secrets or other intellectual-property rights, or violates another person's privacy or publicity rights;
• contains malware, or links or instructions designed to phish, defraud or compromise devices or accounts;
• is deceptive or fraudulent, including fake reviews, fabricated credentials, or impersonation of any person or organisation;
• is hateful or harassing, threatens or incites violence, or promotes discrimination against individuals or groups;
• sexually exploits or endangers any person - any child sexual abuse material results in immediate termination and reporting to authorities; or
• promotes illegal weapons, drugs or other goods or services illegal where your End Users are located.

2. Prohibited uses

You must not:

• Send spam. Do not use the Service (including captured leads) to send unsolicited bulk or marketing messages. Marketing to captured leads requires your own lawful basis, consent records and a working unsubscribe. For Singapore telephone numbers, comply with the PDPA's Do Not Call provisions (clear consent or a DNC Registry check before marketing calls or texts, including via WhatsApp or SMS) and with the Spam Control Act for bulk email and messages. Replying to an enquiry an End User started - including via the widget's WhatsApp, Messenger, LINE, phone or booking links - is not spam; unsolicited marketing to those contacts can be. This applies equally to automated Outbound Messages the Service sends on your behalf - such as abandoned-chat recovery emails, lead follow-ups and email campaigns: enable them only for recipients for whom you hold the required consent or lawful basis, always with accurate sender identification and a working unsubscribe, and honour every opt-out (Terms of Service Section 5.9).
• Scrape or harvest. Do not crawl, scrape or bulk-extract the Service or other customers' content, or use the Service to harvest contact details or build marketing lists from people who did not provide them to you.
• Circumvent limits or billing. Do not bypass or attempt to bypass rate limits, usage caps and platform guardrails (such as conversation, message and spend limits), authentication, tenant isolation, or any current or future billing or metering - including by creating multiple workspaces or accounts to evade limits.
• Resell without consent. Do not resell, sublicense, white-label or operate the Service for third parties without our prior written consent.
• Clone competitively. Do not access the Service to build a competing product, copy its features, publish benchmarks aimed at cloning it, or use the Service or its outputs to train a competing AI model.
• Test security without permission. Do not perform penetration testing, vulnerability scanning, load testing or similar assessments without our prior written consent. Report suspected vulnerabilities responsibly to legal@replyarc.ai.
• Interfere. Do not disrupt the integrity or performance of the Service or attempt to access other customers' workspaces or data.

3. AI specific rules

Your agent talks to real people on your behalf. You must not:

1. Pass the AI off as human. You must not configure your agent to claim to be a human, and you must not remove or obscure the indication that replies are generated by AI. By default the agent presents itself as an AI assistant; you are responsible for keeping that disclosure in place where your law requires it. Do not instruct the agent to deny being AI when asked. Laws including the EU AI Act (Article 50), California's bot-disclosure law and Utah's AI Policy Act require AI disclosure; you are responsible for disclosure duties that apply to your deployment.
2. Automate significant decisions. Do not use the agent to make decisions with legal or similarly significant effects on individuals - such as decisions about credit, employment, insurance, housing, education or eligibility for healthcare or essential services - without meaningful human review.
3. Rely on it for high-stakes advice. Outputs are AI generated and can be wrong. Do not deploy the agent as the sole basis for medical, legal, financial or other regulated professional advice, and ensure human review wherever an incorrect answer could cause significant harm.
4. Solicit sensitive data without lawful grounds. Do not configure the agent to ask for or process special-category or sensitive data - health information, biometrics, religious or political beliefs, sexual life, criminal records, or national identification numbers such as NRIC/FIN - unless you have a lawful basis and any required consent under the laws that apply to you.
5. Target children. Do not embed the widget on child-directed sites or services, direct the agent at children, or knowingly collect personal data from children under 13 (or any higher applicable age) without verifiable parental consent. Do not deploy the agent as a companion, friendship or emotional-support persona directed at minors. In Singapore, treat the personal data of anyone under 18 as sensitive, per PDPC guidance.
6. Attack the guardrails. Do not jailbreak, prompt-inject or otherwise attempt to defeat platform safety guardrails or AI disclosure features - whether your own agent's or another customer's.
7. Manipulate End Users. Do not use the agent to mislead people about material facts in order to induce a purchase or other decision.

4. Your responsibilities for agent content

You control the content your agent draws on - uploaded documents, crawled pages, business facts and persona instructions. You must hold the necessary rights to that content, keep it accurate and current (especially prices, availability and regulated claims), promptly correct content you know is wrong, and review configured answers if you operate in a regulated industry. Even with accurate source content, AI outputs may be inaccurate; you remain responsible for what your agent tells End Users, as set out in the Agreement.

5. Reporting abuse

To report a violation of this Policy - whether you are a Customer, an End User, or anyone else - email legal@replyarc.ai with the website or workspace involved, the content or behaviour at issue, and why you believe it violates this Policy.

6. Enforcement

We have no obligation to pre-screen Customer Data, but we may investigate reports and suspected violations and take action proportionate to the harm:

We may also remove or disable specific content. Not enforcing this Policy in one instance does not waive later enforcement.

7. Changes

We may update this Policy as the Service and applicable laws evolve. We will post the updated version at replyarc.ai. For material changes we will give at least 30 days' notice through the dashboard or by email before the change takes effect, consistent with Section 19.2 of the Terms of Service; non-material changes take effect when posted. Continued use after a change takes effect constitutes acceptance.