Acceptable Use Policy

RE::DACT Platform and Services

Effective Date: February 14, 2026
Last Updated: February 14, 2026
Version: 1.0 (Beta Testing Phase)

This Acceptable Use Policy ("AUP") sets out the rules governing use of the RE::DACT platform, SPARKS content discovery tool, RE::CORD voice transcription service, and all related applications and services (collectively, the "Services") operated by REAI Prosta Spólka Akcyjna and REDACT Inc. (together, "RE::AI", "we", "us", or "our").

This AUP forms part of our Terms of Service. By accessing or using the Services, you agree to comply with this Policy. Capitalised terms not defined here have the meanings given in the Terms of Service and Privacy Policy.

Who this Policy applies to: Individual journalists, editors, researchers, newsroom staff, freelancers, beta testers, and organisational customers (newsrooms, media outlets, publishers) who access the Services under any plan or arrangement.

1. Purpose and Journalistic Mission
2. Permitted Uses
3. Prohibited Uses
4. AI Feature Usage Rules
5. AI Allowance Controls — User Rights and Responsibilities
6. Storage Settings — User Responsibilities
7. Source Protection Obligations
8. Content Standards
9. Third-Party Content and Intellectual Property
10. Account Security and Access Controls
11. Organisational and Team Accounts
12. Beta Phase Specific Rules
13. Enforcement and Consequences
14. Reporting Violations
15. Changes to This Policy
16. Contact

§ 1. PURPOSE AND JOURNALISTIC MISSION

RE::DACT is built specifically for journalists, editors, and newsroom professionals. Our mission is to augment — not replace — human editorial judgment through responsible AI assistance. Every feature in the platform has been designed with the specific needs, ethical obligations, and legal constraints of journalism in mind.

This AUP reflects that mission. It is not a generic technology use policy. It is written for professionals who operate under codes of journalistic ethics, who have source protection obligations, who bear legal responsibility for published content, and who work in an environment where accuracy, integrity, and independence are non-negotiable.

We ask you to use the Services in a manner consistent with the standards of your profession and with the spirit of responsible AI-assisted journalism.

§ 2. PERMITTED USES

The Services are provided for professional journalistic and editorial purposes. Permitted uses include:

2.1 Core Journalistic Work

Writing, editing, and structuring news articles, investigative reports, features, and commentary
Fact-checking claims, statements, and source information using RE::CHECK
Conducting background research, source verification, and document analysis using RE::SEARCH and RE::DOC
Transcribing interviews, press conferences, and audio recordings using RE::CORD
Monitoring content, tracking topics, and discovering stories using SPARKS
Managing journalistic projects, notes, and draft documents within the platform

2.2 Organisational and Team Use

Collaborative editorial workflows within a licensed newsroom or media organisation
Onboarding and training of journalists on AI-assisted editorial tools
Institutional fact-checking pipelines and editorial quality control processes
Archiving and retrieval of editorial work product within the platform

2.3 Research and Educational Use

Academic research into AI-assisted journalism, media studies, and related fields — subject to institutional agreement
Journalistic skills training and professional development, provided the platform is not used to produce content for public dissemination without editorial oversight

2.4 Beta Testing

Testing features, reporting bugs, and providing feedback during the Beta Phase as described in the Terms of Service §6
Evaluating the platform for potential organisational adoption

§ 3. PROHIBITED USES

The following uses are strictly prohibited. Violation may result in immediate suspension or termination of access and, where applicable, legal action.

3.1 Disinformation and Harmful Content

Using the Services to generate, publish, or disseminate deliberately false or misleading information
Creating synthetic news articles, fabricated quotes attributed to real individuals, or fake eyewitness accounts
Producing content designed to incite hatred, violence, or discrimination based on race, ethnicity, religion, gender, sexual orientation, disability, or any other protected characteristic
Generating deepfake-style textual content that misrepresents the statements or actions of real persons
Creating propaganda, state-sponsored disinformation, or content designed to manipulate electoral processes

3.2 Source Endangerment

Using the Services in a manner that could expose the identity of a confidential journalistic source
Circumventing the Placeholder System to include real source identities in AI-processed content
Sharing account access with individuals who do not have a legitimate need to access source-related information
Storing source identity data in unencrypted form, in third-party storage not covered by this Policy, or in local storage accessible to unauthorised parties

3.3 Illegal and Unauthorised Activities

Using the Services to process stolen, illegally obtained, or unlawfully intercepted data
Uploading content that infringes copyright, trademark, or other intellectual property rights without authorisation
Attempting to use the Services to process classified government information, material subject to court injunction, or content the publication of which would constitute a criminal offence in the applicable jurisdiction
Using the Services in violation of applicable sanctions, export controls, or anti-money-laundering laws

3.4 Platform Abuse

Attempting to reverse-engineer, decompile, or extract the source code of any component of the Services
Using automated scripts, bots, or crawlers to access the Services except through officially provided APIs
Attempting to circumvent rate limits, usage quotas, or access controls
Attempting to access other users' accounts, data, or content without authorisation
Probing, scanning, or testing the vulnerability of RE::AI systems without prior written authorisation
Introducing malware, ransomware, or any malicious code into the Services

3.5 Misrepresentation

Impersonating another journalist, editor, public figure, or RE::AI staff member within the platform
Misrepresenting the AI-assisted origin of published content in contexts where disclosure is required by applicable editorial standards or law
Using the Services to fabricate evidence, court documents, official records, or regulatory filings

3.6 Commercial Misuse

Reselling, sublicensing, or providing access to the Services to third parties outside your licensed organisation without written authorisation from RE::AI
Using the Services to build competing products or services without a separate commercial agreement
Scraping AI outputs in bulk for commercial exploitation outside of normal journalistic use

§ 4. AI FEATURE USAGE RULES

RE::DACT's AI features are designed to assist human editorial judgment, not to replace it. The following rules apply to all AI-assisted functionality:

4.1 Editorial Responsibility

You remain solely responsible for all content you publish or submit for publication, regardless of the degree of AI assistance used in its preparation. AI-generated outputs — including fact-check results, research summaries, and suggested edits — are advisory only. You must review, verify, and exercise independent editorial judgment before relying on any AI output.

RE::AI accepts no liability for editorial decisions made on the basis of AI outputs without independent verification.

4.2 Transparency Obligations

Where your publication's editorial standards, applicable law, or applicable press council guidelines require disclosure of AI assistance in published content, you are responsible for ensuring such disclosure is made.

RE::AI's Audit Trail (Hedera Hashgraph) provides verifiable records of AI-assisted actions to support compliance with emerging AI transparency requirements, including those under the EU AI Act.

4.3 RE::CHECK — Fact-Checking

Fact-check results are based on information available to the AI model at the time of processing and may not reflect the most current information
A fact-check result indicating "verified" or similar does not constitute journalistic verification and does not replace editorial due diligence
You must not publish fact-check results as standalone editorial content without independent verification

4.4 RE::CORD — Transcription

Transcriptions are automatically generated and may contain errors, particularly with accents, technical terminology, or poor audio quality
You must review and verify all transcriptions before publication or use as a basis for quotes attributed to named individuals
Recording obligations (consent, legal basis) are your responsibility and vary by jurisdiction — RE::AI does not provide legal advice on recording laws

4.5 RE::SEARCH — Research

Research outputs are compilations based on AI knowledge and must be independently verified against primary sources before use
RE::SEARCH does not provide legal, medical, financial, or professional advice
Source citations provided by RE::SEARCH must be independently verified — AI models may generate plausible but inaccurate citations

4.6 SPARK — Content Discovery

SPARK content monitoring outputs are based on publicly available sources and algorithmic ranking — they do not constitute editorial endorsement
You are responsible for verifying the provenance, accuracy, and legal status of content discovered through SPARK before use

§ 5. AI ALLOWANCE CONTROLS — USER RIGHTS AND RESPONSIBILITIES

RE::DACT provides granular AI Allowance controls in Settings that enable you to restrict the categories of data accessible to AI processing. These controls implement your right to restriction of processing under GDPR Article 18 directly within the platform interface.

The following table describes each control, its data scope, and the effect of disabling it:

Control Data Scope Effect When Disabled GDPR Basis
--------------------------------------------------------------------------------------------------------------
User Editor Selected text and active AI does not receive the content of the Art. 18(1)(a) — restriction of
document content current document or selection. AI processing pending accuracy
responses are not contextualised to dispute; Art. 18(1)(d) — user
your text. objects to processing

User Context Role, medium, and preference AI responses are not personalised to Art. 18 — restriction of
settings from your profile your professional role or output processing; Art. 21 — right to
medium. Generic responses only. object to processing based on
legitimate interest

User Projects Project names, tab structure, AI cannot reference your project Art. 18 — restriction of
editor state, SPARK content structure, active tabs, or content processing
from other open documents.

User Interface Ability to create tabs, insert AI operates in read/respond mode Art. 22 — restriction of
text, modify editor structure only. It cannot take actions within automated action; user retains
the editor (create tabs, insert text). full editorial control

Previous Conversation history from Each session starts fresh. AI has no Art. 17 — right to erasure of
Sessions prior sessions (cross-session access to prior conversation context. session data; Art. 18 —
memory) Maximum session isolation. restriction of cross-session
processing

5.1 Your Right to Restrict Processing

Disabling any AI Allowance control constitutes a restriction of processing request under GDPR Article 18. RE::AI honours these restrictions immediately upon saving your settings. No additional formal request is required — the Settings interface is the operative mechanism for exercising this right.

You may re-enable any control at any time by returning to Settings > AI Allowance and toggling the relevant control on.

5.2 Effect on Platform Functionality

Restricting AI access to certain data categories will limit the AI's ability to personalise responses and maintain conversation context, as indicated in the Settings interface. RE::AI does not penalise you for exercising your data restriction rights. The core Services remain accessible regardless of your AI Allowance configuration.

However, certain AI features may be unavailable or significantly degraded when access to required data is restricted. RE::AI is not liable for reduced output quality resulting from user-configured restrictions.

5.3 Recommended Configuration for Sensitive Investigations

For journalists working on highly sensitive investigations involving confidential sources or politically sensitive material, we recommend the following AI Allowance configuration:

User Editor: ON — required for contextual AI assistance with your text
User Context: OFF — prevents your professional profile from being included in AI context
User Projects: OFF — prevents project structure and names from being visible to AI
User Interface: OFF — AI operates in read/respond mode only
Previous Sessions: OFF — maximum session isolation, no cross-session memory

This configuration maximises data minimisation while retaining core AI writing assistance.

§ 6. STORAGE SETTINGS — USER RESPONSIBILITIES

RE::DACT provides configurable storage options in Settings > Storage. The following table describes each option and its implications:

Storage Option          Where Data Is Stored             Who Has Access                  Encryption              RE::AI Recommended
--------------------------------------------------------------------------------------------------------------------------------------
Firestore (Cloud)       Google Cloud Firestore            User + RE::AI (operational      AES-256 at rest,        Yes
                        (EU/US region)                    access — see Privacy Policy §3) TLS in transit

End-to-End              Firestore with additional         User only (RE::AI cannot        Client-side +           Yes
Encryption              client-side encryption layer      decrypt)                        AES-256 at rest

Google Drive Backup     User's personal Google            User + Google LLC (per          Google-managed          No — optional
                        Drive account                     Google's own terms)             encryption

Microsoft OneDrive      User's personal OneDrive /        User + Microsoft (per           Microsoft-managed       No — optional
                        Azure storage                     Microsoft's own terms)          encryption

Local Device            Browser local storage on          User only (data never           Device-level only       No — no backup
                        user's device                     leaves device)

Web Browser             Browser session/local             User only (cleared on browser   Device-level only       No — no backup
                        storage                           close for session storage)

6.1 Recommended Configuration

RE::AI recommends using Firestore with End-to-End Encryption enabled (both toggles ON, as shown in the default Settings). This configuration provides:

Real-time synchronisation across devices
Full backup and recovery capability
Maximum encryption protection — with E2E encryption enabled, RE::AI cannot access the content of your documents
Compliance with GDPR data security requirements (Article 32)

6.2 Third-Party Storage (Google Drive / OneDrive)

If you enable Google Drive or Microsoft OneDrive backup, your data will be transmitted to and stored by the relevant third-party provider under their own terms and privacy policies. RE::AI is not responsible for data processed by Google or Microsoft once transmitted to their services. You are solely responsible for ensuring that use of these services is compatible with your organisation's data policies and any applicable source protection obligations.

Important: Do not enable third-party cloud backup for projects containing Source Data or Placeholder mappings, as this may transmit sensitive information to third-party infrastructure not covered by RE::AI's data protection framework.

6.3 Local Storage

If you enable Local Device or Web Browser storage, data is stored exclusively on your device and is not backed up by RE::AI. You are solely responsible for the security of locally stored data. RE::AI cannot recover locally stored data if your device is lost, damaged, or reset.

Important: Local storage is not recommended for any content containing Source Data. Device seizure, loss, or unauthorised access to your device could compromise source identities stored locally.

§ 7. SOURCE PROTECTION OBLIGATIONS

Source protection is a cornerstone of the journalistic mission and a key design principle of RE::DACT. The following rules apply to all users who process source-related information within the Services:

7.1 Mandatory Use of Placeholder System

When working with content that identifies or could identify a confidential journalistic source, you must use the Placeholder System to replace real identities with pseudonymous identifiers before submitting content for AI processing. You must not include real source names, contact details, or other identifying information directly in prompts or document content submitted to AI features.

7.2 Placeholder System Discipline

Create a Placeholder for each confidential source before beginning AI-assisted work on that story
Use consistent Placeholder identifiers throughout a project — do not use different Placeholders for the same source across sessions
Do not use Placeholder names that are recognisably derived from the source's real identity (e.g., do not use [J_SMITH] for a source named James Smith)
Review AI outputs before publication to ensure no AI-generated content has reconstructed or inferred source identity

7.3 Legal Requests Relating to Sources

If you receive a legal request (court order, subpoena, police request) relating to source information stored within RE::AI's platform, you should seek legal advice immediately. RE::AI's obligations in response to legal requests are set out in the Privacy Policy §9.5. RE::AI will notify you of legal requests affecting your Source Data to the extent permitted by law.

7.4 Organisational Source Protection Policies

Organisational customers are responsible for implementing and enforcing source protection policies within their team accounts, including training staff on Placeholder System usage and restricting access to Source Data on a need-to-know basis.

§ 8. CONTENT STANDARDS

All content processed through or stored within the Services must comply with the following standards:

8.1 Accuracy and Verification

You must not use the Services to knowingly process, generate, or publish content that you believe to be false or materially misleading. The fact that content was generated or assisted by AI does not affect your obligation to verify accuracy before publication.

8.2 Personal Data of Third Parties

When processing content that contains personal data of third parties (individuals who are subjects of reporting, sources, or others), you act as a data controller and bear independent responsibility for compliance with GDPR and applicable data protection law, including the journalistic exception under Article 85 (see Privacy Policy §18). RE::AI processes such data as your data processor.

8.3 Sensitive Personal Data

Special care must be taken when processing special categories of personal data (GDPR Article 9) relating to third parties, including health information, political opinions, religious beliefs, sexual orientation, and criminal records. Such data may only be processed in the Services where there is a clear journalistic public interest purpose and appropriate safeguards are in place.

8.4 Minors

You must not upload, process, or store within the Services any content that could identify a minor (person under 18) in a context that could expose them to harm, embarrassment, or exploitation. Content relating to minors in a journalistic context must be handled in accordance with applicable press codes and child protection legislation.

8.5 Legally Sensitive Content

You are responsible for ensuring that content processed through the Services does not violate applicable defamation law, contempt of court rules, reporting restrictions, or other legal constraints applicable in your jurisdiction. RE::AI does not review content for legal compliance.

§ 9. THIRD-PARTY CONTENT AND INTELLECTUAL PROPERTY

When using the Services to process third-party content (articles, documents, audio recordings, data sets), you represent and warrant that:

a) You have the legal right to process the content for the purposes for which you are using the Services;

b) Your use does not infringe any copyright, trademark, database right, or other intellectual property right;

c) Where you are processing copyrighted material under a fair dealing, fair use, or press freedom exception, you have assessed and are satisfied that your use falls within the applicable exception;

d) You will not upload raw copyrighted material in bulk in a manner that could constitute copyright infringement, even if individual uses would be permissible.

AI-generated outputs produced by the Services may be based in part on training data that includes third-party material. RE::AI makes no warranty regarding the intellectual property status of AI-generated outputs. You are responsible for assessing and managing IP risk in AI-generated content before publication.

§ 10. ACCOUNT SECURITY AND ACCESS CONTROLS

10.1 Account Security Obligations

You are responsible for maintaining the security of your account credentials. You must:

Use a strong, unique password for your RE::DACT account
Enable multi-factor authentication (MFA) where available — this is strongly recommended for all accounts and mandatory for organisational accounts processing Source Data
Not share your account credentials with any other person
Log out of your account when using shared or public devices
Notify RE::AI immediately at contact@reai-strategy.com if you suspect unauthorised access to your account

10.2 Session Management

For sensitive work involving Source Data or confidential investigations, you should use the Previous Sessions OFF setting in AI Allowance to prevent cross-session data retention. You should also regularly clear browser cookies and local storage if working on shared devices.

10.3 No Account Sharing

Each account is for use by a single named individual. Account sharing between multiple users is not permitted under any plan. Organisational access for multiple users requires a Team or Enterprise plan.

§ 11. ORGANISATIONAL AND TEAM ACCOUNTS

Organisations accessing the Services under a Team or Enterprise plan are subject to the following additional obligations:

The organisation's designated account administrator is responsible for managing user access and ensuring all users are aware of and comply with this AUP
The organisation is responsible for ensuring that users who leave the organisation have their access promptly revoked
The organisation must implement and enforce internal data handling policies consistent with this AUP and the Privacy Policy, including source protection training for all users
The organisation is responsible for obtaining any additional consents or legal bases required for processing content that includes personal data of third parties within the organisation's editorial workflows
Organisational customers may request a Data Processing Agreement (DPA) from RE::AI at contact@reai-strategy.com, which governs RE::AI's processing of personal data on the organisation's behalf.

§ 12. BETA PHASE SPECIFIC RULES

During the Beta Phase (as defined in the Terms of Service §6), the following additional rules apply:

The Services are provided for testing and evaluation purposes. Beta users are encouraged to report bugs, errors, and unexpected behaviour via the in-platform feedback mechanism or at contact@reai-strategy.com
Beta users must not use the Services to process highly confidential or legally sensitive content where a service disruption, data loss, or unexpected AI behaviour could cause significant harm — the Services are not yet production-grade for such use cases
Beta users must not publicly disclose specific details of unreleased features, pricing, or roadmap items without prior written consent from RE::AI
Anonymized usage data generated during the Beta Phase may be used to improve the platform as described in the Privacy Policy §8.3 and Terms of Service §6. Beta users acknowledge this as a condition of Beta access
RE::AI reserves the right to modify, restrict, or terminate Beta access at any time without prior notice

§ 13. ENFORCEMENT AND CONSEQUENCES

13.1 Violation Assessment

RE::AI takes violations of this AUP seriously. Upon becoming aware of a potential violation, we will assess the nature, severity, and context of the conduct before taking action. We distinguish between:

Minor violations: Unintentional breaches, technical misuse, or first-time procedural failures. Response: written warning and opportunity to remediate.

Serious violations: Intentional prohibited use, repeated breaches, or conduct causing harm to third parties. Response: suspension of access pending investigation.

Severe violations: Disinformation, source endangerment, illegal activity, or conduct causing significant harm. Response: immediate termination without notice, preservation of evidence, referral to relevant authorities where required by law.

13.2 Consequences

Depending on the severity of the violation, consequences may include:

Written warning
Temporary suspension of access to specific features
Temporary suspension of the entire account
Permanent termination of the account without refund
Legal action, including claims for damages
Notification of relevant regulatory authorities, press councils, or law enforcement where required by law or where serious harm has occurred

13.3 Appeals

If you believe an enforcement action has been taken in error, you may submit an appeal within 14 days of notification by emailing contact@reai-strategy.com with the subject line "AUP Enforcement Appeal". RE::AI will review your appeal within 14 business days and provide a written response.

§ 14. REPORTING VIOLATIONS

If you become aware of a violation of this AUP by another user, or if you identify content within the Services that you believe violates this Policy, please report it to us:

Email: contact@reai-strategy.com | Subject: "AUP Violation Report"

What to include: Description of the conduct, any relevant account information if known, and any supporting evidence.

Response time: We will acknowledge receipt within 2 business days and provide a substantive response within 10 business days.

Reports made in good faith will be treated confidentially. RE::AI does not tolerate retaliation against users who report violations in good faith.

§ 15. CHANGES TO THIS POLICY

RE::AI may update this AUP from time to time to reflect changes in our Services, applicable law, or industry standards.

Material changes: We will notify you by email and via in-platform notice at least 30 days before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the revised Policy.

Minor changes: We will update the "Last Updated" date. For minor clarifications or corrections that do not affect your rights or obligations, no separate notification will be provided.

Previous versions of this Policy are available upon request at contact@reai-strategy.com.

§ 16. CONTACT

For questions about this Acceptable Use Policy, to report a violation, or to appeal an enforcement decision:

General enquiries: contact@reai-strategy.com
Privacy and data protection: contact@reai-strategy.com

Legal notices:
REAI Prosta Spólka Akcyjna, Aleja Jana Pawła II 5/6, 64-920 Piła, Poland
REDACT Inc., 1111B S Governors Ave STE 99573, Delaware, United States

END OF ACCEPTABLE USE POLICY

This Policy operates in conjunction with: Terms of Service | Privacy Policy | Cookie Policy | Data Processing Agreement