Acceptable Use Policy

1.1 This Acceptable Use Policy ("AUP") governs your use of the AssureTwin platform and all associated services operated by VynFi.com LLC (i.G.) ("VynFi," "we," "us"). This AUP is incorporated into and forms part of our Terms of Service.

1.2 By accessing or using the Service, you agree to comply with this AUP. Violations may result in enforcement actions as described in Section 8.

1.3 This AUP is intended to protect the integrity of the Service, the safety of all users, and the reputation of the audit profession. We expect all users to exercise professional judgment in their use of the platform.

2.1 AssureTwin is designed for professional and educational use. The following uses are expressly permitted and encouraged:

3.1 The following uses of the Service are strictly prohibited:

Misrepresentation of Synthetic Data

• Presenting synthetic data generated by AssureTwin as real audit evidence, actual financial statements, or genuine examination results
• Using synthetic data as the sole basis for actual regulatory filings without a clear, prominent, and unambiguous disclaimer that the data is synthetic
• Representing simulation results as the output of a real audit engagement
• Using formal verification results from simulations to certify compliance of real-world audit engagements

Security and Access Violations

• Sharing, transferring, or exposing API keys, authentication tokens, or access credentials to unauthorized third parties
• Circumventing, disabling, or interfering with rate limits, access controls, security features, or usage restrictions
• Attempting to gain unauthorized access to other users' accounts, data, or Service infrastructure
• Creating multiple accounts to circumvent tier limitations or rate limits

Reverse Engineering and Scraping

• Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code of the DataSynth engine, RustGraph, or any proprietary component of the Service
• Conducting automated scraping, bulk data extraction, or systematic downloading of Service content beyond normal usage patterns
• Using bots, crawlers, or automated tools to access the Service in a manner that exceeds reasonable human usage

Client Data and Privacy

• Uploading, transmitting, or processing real client financial data through the cloud-hosted Service (use the Enterprise Desktop App for real data)
• Including personally identifiable information (PII) of real individuals in simulation configurations or AI prompts

General Prohibitions

• Using the Service for any illegal purpose or in violation of applicable laws or regulations
• Interfering with or disrupting the integrity, performance, or availability of the Service
• Engaging in any activity that could harm, disable, overburden, or impair the Service's infrastructure
• Sublicensing, reselling, or redistributing access to the Service without prior written authorization

3.2 When working with AssureTwin outputs, you must:

• Clearly label all synthetic outputs as synthetic data when storing, sharing, or referencing them outside the platform
• Not commingle synthetic data with real audit data in a manner that could cause confusion about which data is real and which is synthetic
• Maintain clear separation between AssureTwin simulation environments and production audit engagement files
• Ensure that any team members who receive synthetic data exports understand the synthetic nature of the data

4.1 The above disclaimer, or a substantially equivalent statement, must be included whenever AssureTwin-generated data is used in any context where recipients might reasonably interpret the data as real. This includes, but is not limited to:

• Client presentations and pitch materials
• Internal reports distributed beyond the simulation team
• Academic papers and publications
• Regulatory submissions (even when supplementary)
• Any context where the audience may not be aware they are viewing simulated data

4.2 Within the AssureTwin platform itself, all generated data is clearly labeled as synthetic. You must maintain this labeling when exporting or sharing data outside the platform.

5.1 To ensure fair access and platform stability, the following rate limits apply:

5.2 Additional rate limits may apply to specific API endpoints and features. These are documented in the API reference and communicated via standard HTTP rate limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After).

5.3 We reserve the right to adjust rate limits with reasonable notice. Sustained usage patterns that significantly exceed normal use may be subject to additional limits or require an upgrade to a higher tier.

5.4 Enterprise customers may negotiate custom rate limits as part of their Enterprise Agreement.

6.1 If you access the Service via API, the following additional rules apply:

• API keys and tokens are for your use only and must not be shared, published, or embedded in client-side code
• Implement exponential backoff for retries after receiving rate limit responses (HTTP 429)
• Include a descriptive User-Agent header identifying your application
• Respect Cache-Control headers and avoid excessive polling
• Do not use the API to build a competing service that substantially replicates AssureTwin's core functionality

6.2 We reserve the right to revoke API access immediately in cases of abuse, without prior notice.

7.1 When using features that allow user-generated content (such as engagement names, descriptions, annotations, and AI prompts), you agree not to submit content that:

• Contains real client names, financial data, or personally identifiable information
• Is defamatory, harassing, threatening, or otherwise objectionable
• Infringes the intellectual property rights of any third party
• Contains malicious code, scripts, or payloads designed to exploit or disrupt the Service

8.1 We monitor usage of the Service for security, performance, and compliance purposes. Monitoring may include automated analysis of usage patterns, rate limit compliance, and content review.

8.2 Violations of this AUP may result in the following enforcement actions, applied at our discretion and proportional to the severity and nature of the violation:

8.3 In cases involving immediate threats to the security, integrity, or availability of the Service (e.g., active exploitation, DDoS attacks, or ongoing data exfiltration), we may bypass the warning stage and proceed directly to suspension or termination.

8.4 If you believe an enforcement action was taken in error, you may appeal by contacting legal@assuretwin.com within 14 days of the action. Appeals will be reviewed by a person not involved in the original enforcement decision.

9.1 If you become aware of a violation of this AUP, please report it to legal@assuretwin.com with the following information:

• A description of the suspected violation
• The identity of the user or account involved (if known)
• Any evidence or supporting information
• Your contact information for follow-up

9.2 Reports are treated confidentially. We will not disclose the identity of the reporter to the accused user without the reporter's consent, unless required by law.

For questions about this Acceptable Use Policy, to report a violation, or to appeal an enforcement action: