Effective May 12, 2026. Rules for the Platform, AI Agents, APIs, and Marketplace. Violations route to enforcement under Section 12.
This Acceptable Use Policy ("AUP") governs use of the ROOF_OS platform, websites, AI Agents, APIs, mobile and desktop clients, and marketplace by Customers, end users, integrators, and contractors. It is incorporated by reference into the Terms of Service at /terms. Violations may result in immediate suspension, content removal, license revocation, account termination, refund forfeiture, reporting to law enforcement or industry databases, and civil action.
You may not use the Platform to create, upload, transmit, store, or distribute content that: (a) infringes any patent, trademark, trade secret, copyright, right of publicity, or other intellectual property right; (b) is defamatory, libelous, fraudulent, deceptive, or knowingly false; (c) is obscene, pornographic, sexually exploitative of minors, or otherwise harmful to children (CSAM is reported to NCMEC and law enforcement without notice); (d) promotes or facilitates violence, terrorism, organized crime, human trafficking, or self-harm; (e) constitutes hate speech, harassment, or threats against any person or protected class; (f) violates any export-control, sanctions, anti-corruption, consumer-protection, or fair-housing law; or (g) advertises or facilitates unlawful gambling, unregistered securities offerings, unlicensed lending, or controlled substances.
You may not: (a) probe, scan, or test the vulnerability of the Platform or breach any security or authentication measure; (b) access any account or data not owned by you or that you are not authorized to access; (c) introduce viruses, worms, ransomware, trojans, or other malicious code; (d) interfere with or disrupt the integrity or performance of the Platform; (e) impersonate any person or entity or misrepresent your affiliation; (f) collect or harvest personal data of other users; (g) decompile, reverse engineer, or disassemble any portion of the Platform except as expressly permitted by mandatory law; (h) bypass usage limits, watermarks, security restrictions, or technical measures; (i) frame, mirror, or scrape the Platform without prior written consent; or (j) use the Platform to develop or evaluate any competing product, model, or dataset.
AI Agents may take actions on your behalf only within the rules you configure. You agree: (a) you alone configure, supervise, and bear responsibility for every Agent action; (b) you will not use Agents to impersonate any natural person without informed disclosure that the recipient is interacting with an AI; (c) you will not use Agents to generate or distribute content prohibited by Section 1; (d) you will not use Agents to make material misrepresentations to homeowners, leads, regulators, lenders, insurers, or government agencies; (e) you will preserve and review the audit log of Agent actions and will not delete logs to obscure conduct; (f) you will comply with all AI-specific disclosure laws (e.g., California BOT Act, Colorado AI Act, EU AI Act) applicable to your use; (g) you will not use Agents in the high-risk categories restricted by applicable AI regulation (biometric identification, social scoring, predictive policing) using ROOF_OS infrastructure.
You are SOLELY RESPONSIBLE for the legality of all SMS, MMS, RCS, voice, email, push, and chat communications sent through the Platform or initiated by an Agent on your behalf. Without limitation, you will: (a) obtain prior express written consent where required by the TCPA before placing an autodialed or pre-recorded call or SMS to any U.S. mobile number; (b) scrub against the National DNC Registry and any applicable state DNC list; (c) honor opt-outs within ten (10) business days; (d) include a CAN-SPAM-compliant identification, postal address, and opt-out in every commercial email; (e) limit calling to allowed hours under federal and state law; (f) obtain GDPR Article 6 lawful basis (typically consent) before contacting EU residents; (g) maintain consent records for at least five (5) years and produce them on request; (h) not contact homeowners on the National Do Not Knock registries or in violation of any state "head-of-household" rule. You agree to indemnify ROOF_OS for any TCPA, TSR, DNC, CAN-SPAM, or analogous claim arising from your messaging.
API access is subject to published rate limits and any limits stated in your Order Form. You may not: (a) exceed published rate limits; (b) circumvent throttling by rotating credentials, IPs, or proxies; (c) parallelize requests across multiple accounts to multiply effective limits; (d) hold credentials in client-side or otherwise insecure storage; (e) share an API key across legal entities; or (f) use the API to build a substantially equivalent competing service. We may throttle, suspend, or revoke API access for any actual or suspected violation. Webhook signing secrets must be verified on every callback; failure to verify is your liability.
You may not scrape, crawl, index, or otherwise collect data from the Platform except through documented APIs and within your Order Form's entitlement. Automated scraping is a violation of these Terms regardless of robots.txt configuration. Where Output is delivered to your account, you may use it only for your internal business purposes consistent with the Terms of Service.
You will not: (a) provide false or misleading registration or KYC information; (b) use the Platform to launder money, evade sanctions, finance terrorism, or evade taxes; (c) initiate chargebacks for transactions you authorized ("friendly fraud" — see /payment-terms § 7); (d) abuse promotional credits, free trials, or referral programs; (e) reuse free trials by creating sock-puppet accounts; or (f) sell, rent, or transfer your account to any third party. We may, without notice, suspend the Platform and freeze associated payments while investigating suspected fraud.
You will: (a) enforce strong unique passwords and MFA on every account, with hardware-key MFA mandatory for administrative roles; (b) revoke credentials of departed employees within 24 hours; (c) report any suspected compromise to security@roof10x.com within 24 hours of discovery; (d) not test ROOF_OS infrastructure for vulnerabilities except under our published responsible-disclosure program; and (e) cooperate with reasonable security investigations. You will not store passwords, full PAN, CVV, or private keys in custom fields, descriptions, file uploads, or Agent prompts.
Unless an Order Form expressly authorizes processing and we have executed a Business Associate Agreement or equivalent: (a) you will not submit Protected Health Information (PHI) under HIPAA; (b) you will not submit "sensitive personal information" under the CCPA (SSN, government ID, precise geolocation, biometric or genetic data, content of mail/email/text) except where strictly necessary for the roofing services use case; (c) you will not submit children's data subject to COPPA, FERPA, or GDPR Article 8; (d) you will not submit payment-card data (PAN, CVV) outside the hosted Payment Partner fields; (e) you will not submit information subject to attorney-client privilege without prior written notice.
If you publish to or transact in the Marketplace: (a) your offerings must comply with this AUP and the Marketplace policies; (b) you grant ROOF_OS a non-exclusive worldwide license to host, display, and route transactions; (c) you remain responsible for any homeowner-facing claims, warranties, and license obligations; (d) you will respond to support requests within posted SLAs; (e) we may, in our reasonable discretion, remove offerings that violate any policy or that we determine create reputational or legal risk; (f) you will not pay or accept undisclosed referrals or kickbacks that would constitute an undisclosed conflict of interest under /refund-policy.
You will cooperate with ROOF_OS investigations of suspected violations, including by responding promptly to written information requests, preserving relevant records, and granting reasonable access to logs you control. Failure to cooperate is itself a violation. ROOF_OS may, but is not obligated to, monitor the Platform; absence of action does not waive the right to act later.
ROOF_OS may take any combination of the following actions for any actual or reasonably suspected violation, with or without notice and without liability: (a) remove or disable specific content or accounts; (b) suspend or terminate the offending account; (c) restrict API or Agent execution; (d) require additional KYC; (e) reverse promotional credits; (f) demand reimbursement of costs incurred (chargeback fees, regulator fines, investigation costs); (g) report conduct to law enforcement, regulators, or industry databases; (h) commence civil or criminal action. The remedies in this Section are cumulative.
We may update this AUP with notice via the Platform or email. Continued use after the effective date constitutes acceptance. We will not retroactively apply a new prohibition to lawful conduct that occurred before the effective date.
Report abuse: abuse@roof10x.com. Security incidents: security@roof10x.com. DMCA: dmca@roof10x.com. Disputes: arbitration@roof10x.com.
