Back to Trust

Acceptable Use Policy

Last updated: 2026-04-16

Template notice: this policy is a working draft pending legal review. Applies to all users of the Socianote service. Violations may result in suspension or termination per the Terms of Service.

You must not

Illegal or harmful activities

  • Use the Service for any unlawful purpose
  • Store or share data obtained illegally
  • Violate any person's rights (privacy, intellectual property, reputation)
  • Facilitate human trafficking, abuse, or exploitation
  • Store child sexual abuse material (CSAM) — we will report to law enforcement immediately

Security abuse

  • Attempt to access data you are not authorised to access
  • Probe, scan, or test vulnerabilities without written authorisation
  • Bypass authentication, rate limits, or other security measures
  • Upload malware, viruses, or malicious code
  • Conduct denial-of-service attacks
  • Harvest data via scraping or automated means beyond normal product use

System abuse

  • Reverse-engineer, decompile, or disassemble the Service (except as allowed by law)
  • Resell, sublicense, or white-label the Service without agreement
  • Use the Service to compete with Socianote
  • Exceed documented rate limits or resource quotas
  • Share accounts — each Authorised User must have their own login

Data abuse

  • Upload data you don't have lawful authority to process
  • Upload data about individuals without appropriate legal basis (PDPA consent, legal duty, etc.)
  • Store payment card numbers outside of designated billing flow (Socianote is not PCI-DSS certified for card storage)
  • Use the Service to send spam, unsolicited marketing, or phishing
  • Store classified government information
  • Store data subject to US HIPAA without a separately executed BAA (not yet supported)

Misrepresentation

  • Impersonate another person or organisation
  • Falsify metadata (timestamps, user identities)
  • Misrepresent your identity in support interactions

You must

  • Protect your credentials; report compromise to security@socianote.com
  • Report security vulnerabilities responsibly (see below)
  • Respect the privacy of Participants — access only what you need
  • Comply with applicable laws in your jurisdiction
  • Use the Service for its intended purpose: case management for social service delivery

Reporting

Abuse reports: abuse@socianote.com

Security vulnerabilities: security@socianote.com

Responsible disclosure requested. Do not exploit beyond proof of concept. Do not access data beyond what is necessary. Do not share the issue publicly until we have had a reasonable chance to fix. We acknowledge within 3 business days and aim to resolve critical issues within 30 days where technically possible.

Enforcement

  • Low severity / first offence: notice to admin, 7-day cure period
  • Medium severity: immediate suspension of affected accounts pending investigation
  • High severity / illegal activity: immediate termination and legal action as warranted; cooperation with law enforcement

Changes

We may update this AUP with 30 days' notice for material changes.