Version 1.0·Effective 1 June 2026

Acceptable Use Policy

What you may and may not do with the Grasperly Platform. Forms part of the Terms of Service.

English is the binding text · Polish is provided for convenience

This Acceptable Use Policy ("AUP") applies to everyone who accesses the Grasperly Platform (the "Service"), whether you are a paying customer, an authorised end-user of a customer, or a visitor with a trial or evaluation account. By using the Service you agree to comply with this AUP. The AUP is incorporated by reference into our Terms of Service and into any Master Subscription Agreement signed with Grasperly.

Violations of this AUP may result in throttling, suspension, or termination of access. Where conduct is potentially unlawful we will cooperate with the competent authorities, and where conduct affects bar-association or other professional duties of a customer's lawyers we will notify the customer's account administrator so that the matter can be handled internally first.

1.Prohibited content

You must not use the Service to upload, store, generate, transmit, or share any content that is unlawful under Polish law, EU law, or the law of any jurisdiction where the content will be accessed. Without limiting that, you must not use the Service to handle:

  • child sexual abuse material or any content sexualising minors;
  • content that infringes intellectual-property rights you do not have licence to use, including pirated case databases or scraped commentary works;
  • content that is defamatory, harassing, or threatens violence against an identifiable person or group;
  • content that promotes terrorism, organised crime, or violent extremism;
  • content the disclosure of which would knowingly breach a duty of confidence owed to a third party (including legal professional privilege owed to a non-customer), except in the lawful exercise of disclosure obligations;
  • material that the user is not permitted to process under the bar-association rules applicable to the user's profession, where those rules prohibit electronic processing.

2.Prohibited conduct

You must not, and must not encourage or enable a third party to:

  • probe, scan, or test the vulnerability of the Service, or breach or circumvent any security or authentication measures, except under a written authorisation from Grasperly's security team;
  • access, tamper with, or use non-public areas of the Service, Grasperly infrastructure, or accounts that do not belong to you;
  • interfere with the operation of the Service, including denial-of-service attacks, request flooding, or sending malformed payloads designed to exhaust resources;
  • scrape, harvest, or otherwise extract data from the Service at a volume or rate that imitates a content database rather than ordinary professional use;
  • decompile, reverse-engineer, or attempt to derive the underlying source code of the Service, except to the extent expressly permitted by mandatory law;
  • use the Service to develop a product or service that competes with the Service, including by using outputs as training data for a competing model;
  • resell, sublicense, or otherwise make the Service available to third parties outside the scope of your subscription, except as expressly permitted by your contract with Grasperly;
  • impersonate any person or misrepresent your affiliation with a person, organisation, or law firm.

3.AI-specific restrictions

The Service produces outputs that can look authoritative but are not legal advice. The following uses are prohibited:

  • representing an output of the Service as legal advice, opinion, or representation of a lawyer of record where no qualified lawyer has reviewed and adopted that output;
  • filing any document with a court, regulator, or government body where that document was produced by the Service without the review of a person who is professionally qualified to file it in the relevant jurisdiction (e.g. an adwokat, radca prawny, or equivalent foreign counsel);
  • using outputs to circumvent the rules of any bar association, including rules on truthfulness in court, conflict of interest, money laundering, or the unauthorised practice of law;
  • automating high-risk decisions about individuals (employment, credit, insurance, immigration, eligibility for benefits) without a human decision-maker reviewing each decision in line with Article 22 of the GDPR;
  • using the Service to generate content that is presented as authored by a named human author who has not actually authored or adopted that content (so-called "ghost-authoring" in violation of disclosure obligations);
  • attempting to extract, infer, or reconstruct training data, system prompts, or non-public components of any model accessible through the Service;
  • any use prohibited under Article 5 of Regulation (EU) 2024/1689 (the EU AI Act), including in particular: (i) subliminal, manipulative, or deceptive techniques designed to materially distort behaviour; (ii) exploitation of vulnerabilities of specific groups; (iii) social scoring of natural persons leading to detrimental treatment; (iv) predicting criminal offences of natural persons based solely on profiling or personality traits; (v) untargeted scraping of facial images from the internet or CCTV to create or expand facial-recognition databases; (vi) inferring emotions of natural persons in the workplace or educational institutions, except for medical or safety reasons; (vii) biometric categorisation of natural persons to infer race, political opinions, trade-union membership, religious or philosophical beliefs, sex life, or sexual orientation; (viii) real-time remote biometric identification in publicly accessible spaces for law-enforcement purposes outside the narrow exceptions in Article 5.

These restrictions are designed to keep customers on the right side of the EU AI Act (Regulation (EU) 2024/1689), the relevant Polish professional rules, and EU consumer-protection law. They are not exhaustive — when in doubt, ask the lawyer of record on the matter.

4.Responsible disclosure

We welcome reports of security vulnerabilities affecting the Service. If you believe you have found one, please report it to security@grasperly.com and follow our security.txt. Good-faith research conducted within the scope of our responsible-disclosure policy — including reasonable testing, no exfiltration of personal data, and no disruption of service — is not a violation of this AUP.

5.Enforcement

Where conduct on the Service appears to violate this AUP, Grasperly may, depending on severity: contact the customer's administrator; require the customer to remediate the conduct; throttle or rate-limit the offending account; suspend access; or terminate the agreement for cause. We will, where reasonable, give notice and time to cure before suspending or terminating, but reserve the right to act immediately where there is a credible risk to people, data, or third parties.

Where a violation involves a court filing or other professional act, Grasperly will preserve relevant audit logs in line with the DPA and assist the customer in any internal or external review on a confidential basis.

6.Contact

Report abuse, ask questions about scope, or request authorisation for security testing at abuse@grasperly.com or security@grasperly.com. Postal address: Grasperly Sp. z o.o., ul. Tczewska 4a/78, 01-674 Warszawa, Poland.

Request a signed copy

Grasperly Sp. z o.o. · KRS 0001238012 · NIP 7152366483 · abuse@grasperly.com