Acceptable Use Policy

1. Overview

This Acceptable Use Policy ("AUP") governs all content uploaded, stored, processed, or delivered through the Partikl platform ("Service"), including all pipelines, workflows, namespaces, and delivery endpoints.

This AUP applies to:

• All registered accounts (Free, Pro, Team, Enterprise)
• All content processed through Partikl pipelines
• All variants generated and delivered by the Service
• All third-party addons and custom workers connected to the Service
• Content stored via Bring Your Own Storage ("BYOS") configurations

By using the Service, you agree to this AUP in addition to our Terms of Service and Privacy Policy.

2. Our Approach to Content Moderation

Partikl uses automated systems to detect content that violates this AUP. These systems operate as follows:

On upload: Every file is scanned for malware signatures, known illegal content patterns and malware signatures, and other absolute prohibition categories before processing begins.

On delivery: Content flagged as potentially non-compliant with delivery jurisdiction rules may be restricted from public delivery endpoints while remaining accessible privately.

On report: When a valid third-party report is received (DMCA, government notice, or abuse report), we review the specific asset identified — not your entire namespace or account.

We do not:

• Proactively review the semantic content of your files
• Use your content to train machine learning models
• Share your content with third parties except as required by law
• Grant human access to encrypted namespaces

3. Absolute Prohibitions

3.1 Child Sexual Abuse Material (CSAM)

Upload, storage, processing, or delivery of any content depicting the sexual exploitation or abuse of minors is strictly prohibited and constitutes a criminal offense in all jurisdictions where Partikl operates.

We employ automated hash-matching against known CSAM databases. Detection results in:

1. Immediate automated blocking of the asset
2. Immediate account suspension pending investigation
3. Mandatory reporting to relevant authorities (NCMEC, national equivalents)
4. Permanent account termination
5. No data export period for accounts terminated under this provision

3.2 Malware and Malicious Code

You may not upload, store, or distribute through Partikl:

• Executable malware, ransomware, spyware, or trojans
• Files designed to exploit vulnerabilities in third-party systems
• Phishing assets (fake login pages, credential harvesting content)
• Scripts designed to attack, probe, or enumerate external systems

Detection of malicious code results in immediate asset quarantine. Repeated violations result in account termination.

3.3 Terrorism and Violent Extremism

Content that promotes, glorifies, recruits for, or provides material support to terrorist organizations or violent extremist movements is prohibited, including imagery, manifestos, recruitment materials, and financing content.

3.4 Non-Consensual Intimate Imagery (NCII)

Upload or distribution of intimate imagery of real persons without their explicit consent is prohibited. This includes deepfake intimate imagery regardless of whether the subject is identifiable.

Reports of NCII are prioritized and handled within 24 hours of receipt.

4. Restricted Content

Restricted content is permitted under specific conditions. Failure to meet these conditions may result in content being made private, delivery being suspended, or account enforcement action.

4.1 Adult and Sexually Explicit Content (NSFW)

Private storage: Adult content stored privately in encrypted namespaces that is never delivered to public endpoints is permitted for users aged 18 or older who have accepted these terms.

Public delivery: Adult content delivered through public Partikl delivery endpoints is prohibited unless all of the following conditions are met:

• Your account is verified as belonging to a user aged 18 or older
• The namespace is explicitly flagged as adult content in your dashboard
• Your delivery implementation includes age verification compliant with applicable law in the jurisdictions where content is delivered
• You have independently verified that such delivery is lawful in all target jurisdictions
• Your use complies with the terms of any payment processor used with your Partikl account

BYOS configurations: If you use Bring Your Own Storage, adult content compliance is your sole responsibility. Partikl's processing pipeline may still apply automated moderation at the transform stage.

4.2 Copyright and Intellectual Property

You may only upload content that you own, have licensed rights to process, or that is in the public domain. Partikl processes content on your instruction and does not verify ownership of content at upload.

Infringing content reported via valid DMCA notice will be handled per our DMCA Policy. Repeat infringers will have their accounts terminated.

You are responsible for ensuring your pipeline outputs (resized, transcoded, or AI-transformed variants) do not infringe third-party rights. Transforming copyrighted content does not create a new right to that content.

4.3 Personal Data of Third Parties

If your content includes personal data of third parties (user-generated content platforms, healthcare imagery, identity documents), you are the data controller for that personal data. You must:

• Have a lawful basis for processing under applicable law (GDPR, etc.)
• Ensure your pipeline configuration does not expose such data inappropriately
• Configure appropriate access controls on the relevant namespaces
• Comply with applicable data protection laws in your jurisdiction

Partikl acts as a data processor for content you upload and is not responsible for your compliance obligations as a controller.

4.4 Regulated Industries

Content subject to specific regulatory regimes requires additional care:

Healthcare / Medical: HIPAA (US), MDR (EU) regulated medical imagery or patient data may be processed through Partikl pipelines. You are responsible for ensuring your configuration meets applicable regulatory requirements. Enterprise plans with custom DPA terms are recommended for this use case.

Financial documents: Processing of financial documents containing account numbers, tax identifiers, or similar regulated data is permitted. You are responsible for appropriate namespace access controls and encryption configuration.

Government and classified: Partikl is not certified for processing classified government information.

5. Platform Integrity

5.1 Fair Use and Resource Abuse

The Service is designed for media processing and content delivery. The following activities constitute resource abuse regardless of plan tier:

• Using processing pipelines to execute arbitrary code unrelated to media processing
• Cryptocurrency mining or proof-of-work computation through any Partikl component
• Using delivery endpoints to proxy or relay non-Partikl traffic
• Automated account creation to circumvent plan limits or free tier restrictions
• Deliberate generation of excessive failed processing tasks to probe system behavior

5.2 API and Rate Limit Compliance

You agree to respect rate limits associated with your plan. Deliberate circumvention of rate limits through distributed requests, rotating credentials, or other means is prohibited.

If your legitimate use case requires higher limits, contact us to discuss plan options or custom arrangements.

5.3 Reselling and White-labeling

Permitted: Building products and services for your customers that use Partikl as an underlying infrastructure component. You may charge your customers for your product.

Not permitted without written agreement: Reselling raw Partikl API access, presenting Partikl as your own infrastructure to competitors, or white-labeling the Partikl dashboard as your own product.

Enterprise customers may request a white-label or OEM agreement.

5.4 Security Research

Responsible security research conducted in good faith is welcomed. Please review our Security and Responsible Disclosure page before conducting any testing. Do not conduct security testing against other users' namespaces or data.

5.5 Reverse Engineering

You may not reverse engineer, decompile, disassemble, or attempt to derive the source code of any component of the Partikl Service. This restriction applies until and unless Partikl publishes source code under an open-source license, in which case the terms of that license govern the published components.

6. Addon and Integration Compliance

6.1 Third-Party Addons

When you enable a third-party addon from the Partikl marketplace:

• The addon developer's terms and privacy policy apply to data processed by that addon
• Partikl is not responsible for the behavior, availability, or compliance of third-party addons
• Data passed to addon workers may leave Partikl's infrastructure
• You are responsible for ensuring addon use is consistent with your obligations to your own users

Review addon documentation and privacy terms before enabling addons that process sensitive content.

6.2 Custom Workers and Webhooks

If you connect custom workers or webhook endpoints to your Partikl pipelines:

• You are responsible for the security and compliance of your endpoint
• Partikl will transmit asset data and metadata to your configured endpoints as instructed by your pipeline configuration
• Ensure your endpoints are secured and do not inadvertently expose asset data
• Custom worker failures do not entitle you to processing credits unless caused by a Partikl infrastructure failure

6.3 BYOS (Bring Your Own Storage)

When using your own storage backend:

• You are solely responsible for the security configuration of your storage
• You are responsible for compliance with applicable laws in the jurisdiction where your storage is located
• Partikl will read from and write to your storage as instructed by your pipelines
• Data residency compliance is your responsibility when using BYOS
• Partikl's SLA does not cover availability issues originating from your storage

7. Enforcement

7.1 Graduated Enforcement

We apply graduated enforcement proportionate to the nature and severity of the violation. Our general approach:

Severity Level First Occurrence Repeat / Severe ───────────────────────────────────────────────────────────── Minor Warning + education Temporary restriction Moderate Content removal + notice Account suspension Serious Suspension + review Termination Critical (§3) Immediate termination Authority reporting

7.2 Content Actions

When a specific asset or namespace violates this AUP, we may:

• Make content private: Asset remains in your account but is no longer delivered via public endpoints. You retain access.
• Quarantine asset: Asset is flagged and inaccessible pending review. You will be notified within 48 hours.
• Remove asset: Asset is deleted. You will be notified with a reason. Applies to serious violations.

7.3 Account Actions

• Warning: Notification via email and dashboard. No service interruption.
• Restriction: Specific features disabled (e.g., public delivery suspended) pending resolution.
• Suspension: Account access restricted. You may access dashboard to export data. Processing and delivery suspended.
• Termination: Account closed. See Section 8 for data handling.

7.4 Appeal Process

If you believe an enforcement action was made in error, you may appeal within 30 days of the action:

1. Submit appeal via the dashboard under Account → Compliance → Appeal
2. Include the asset ID, namespace, and your explanation
3. We will respond within 5 business days for content actions, 10 business days for account-level actions
4. During appeal, suspended accounts retain read-only dashboard access for data export purposes

Appeals are not available for terminations under Section 3 (Absolute Prohibitions).

8. Data Handling on Termination

8.1 Voluntary Account Closure

• Dashboard and API access: disabled immediately upon confirmation
• Your data: retained for 30 days (export window)
• Export: available via dashboard export or API during the 30-day window
• Permanent deletion: occurs at end of 30-day window
• Billing data: retained per applicable legal requirements (up to 7 years) then automatically deleted

8.2 Termination for Violation

• Minor / Moderate violations: 30-day export window applies
• Serious violations: 7-day export window, restricted to original files only (processed variants may be excluded)
• Section 3 violations (CSAM, malware, etc.): No export window. Account and all data terminated immediately.

8.3 Export Format

Data export provides:

• Original uploaded files in their original format
• Asset metadata and pipeline configurations in JSON format
• Namespace and workflow configurations

Exports can be directed to:

• A ZIP archive downloadable from dashboard (files under 10GB)
• A configured BYOS or fallback S3 destination for larger accounts

9. Reporting Violations

To report content that violates this AUP:

• Abuse reports: abuse@partikl.io
• DMCA / Copyright: dmca@partikl.io or /legal/dmca
• CSAM reports: safety@partikl.io (also reported to NCMEC as required by law)
• Security vulnerabilities: security@partikl.io

Reports should include the specific URL, asset identifier, or namespace identifier and a description of the violation. Anonymous reports are accepted but limit our ability to follow up.

We aim to acknowledge all reports within 48 hours and resolve clear violations within 7 business days.

10. Changes to This Policy

Changes to this AUP follow our standard notice periods:

You will be notified of material changes via email and dashboard banner. Continued use of the Service after the effective date constitutes acceptance.

View the full history of changes in our Legal Changelog.

11. Contact

For questions about this Acceptable Use Policy:

Partikl · legal@partikl.io

This document was last updated on April 4, 2026 (v1.0). The Legal Changelog records all historical changes.