Usage Policy

This Usage Policy governs use of the Momental platform and Services provided by Avery Intelligence, Inc. ("Momental"). It is incorporated by reference into our Terms of Service. Violation of this policy may result in suspension or termination of access.

Acceptable Use

Customer agrees to use the Services only for lawful business purposes and in accordance with the Terms of Service. Customer agrees not to:

• Violate any applicable laws, regulations, or third-party rights
• Attempt to reverse engineer, decompile, or extract the underlying models or algorithms
• Use the Services to harass, abuse, or harm others
• Interfere with or disrupt the Services or connected infrastructure
• Use the Services to generate spam, malware, or malicious content
• Attempt to gain unauthorized access to other customers' accounts or data
• Scrape, data-mine, or harvest information through automated means
• Resell or redistribute the Services without explicit written permission
• Access the Services to build a competing product or train competing AI models
• Use automated tools, scripts, or agents to access the Services at volumes exceeding normal human use without prior written approval

Prohibited Data Types

The following data types must not be input into the Services:

• Protected Health Information (PHI) as defined by HIPAA
• Payment Card Data including credit card numbers, CVV codes, or other PCI-DSS protected information
• Government Identity Numbers including Social Security numbers, tax identification numbers, or national identity numbers
• Financial Account Credentials such as bank account numbers, routing numbers, or investment account access codes
• Biometric Data including fingerprints, retina scans, or facial recognition data
• Children's Personal Information of individuals under 13 years old (COPPA)
• Authentication Credentials including passwords, API keys, access tokens, or cryptographic private keys

The Services are not HIPAA-compliant, not PCI-DSS compliant, and not designed for regulated data. Customer is responsible for implementing appropriate controls to prevent prohibited data from entering the Services.

If prohibited data is accidentally submitted, delete the content immediately and contact [email protected]. We will make commercially reasonable efforts to remove it from our systems but cannot guarantee removal from third-party AI provider systems or backup snapshots.

Prohibited Use Cases

Regulated Professional Services. Medical diagnosis or treatment, legal representation or advice, investment advice or financial planning, insurance underwriting, credit decisioning, tax preparation, or any use requiring professional licensure.

Life-Safety Critical Systems. Aviation systems, medical devices, autonomous vehicles, emergency dispatch, nuclear facilities, or any system where failure could result in death or serious injury.

Government Use Requiring Clearances. Classified information systems, defense applications requiring security clearances, critical infrastructure, or federal use requiring FedRAMP or similar certifications.

Other Prohibited Uses. Automated decision-making with legal or similarly significant effects on individuals (including employment, credit, housing, insurance, healthcare, or education decisions) without meaningful human review, law enforcement or criminal justice applications, weapons development, political voter manipulation, or child safety applications.

EU AI Act Article 5 Prohibited Practices. Customer may not deploy the Services to operate any AI practice prohibited under Article 5 of Regulation (EU) 2024/1689 (the EU AI Act), including: (a) subliminal, manipulative, or deceptive techniques that materially distort behavior and cause significant harm; (b) exploiting vulnerabilities of a person due to age, disability, or social or economic situation; (c) social scoring of natural persons by public or private actors leading to detrimental or disproportionate treatment; (d) predicting the risk of a natural person committing a criminal offense based solely on profiling or personality traits; (e) untargeted scraping of facial images from the internet or CCTV to build or expand facial-recognition databases; (f) inferring emotions in workplaces or educational institutions, except where required for medical or safety reasons; (g) biometric categorization to deduce race, political opinions, trade-union membership, religious or philosophical beliefs, sex life, or sexual orientation; or (h) real-time remote biometric identification in publicly accessible spaces for law enforcement, except as expressly permitted by the EU AI Act.

High-Risk and Consequential Decisions. Customer may not deploy the Services as the basis for "high-risk" or "consequential" automated decisions as defined under applicable AI laws, including the Colorado AI Act, the Texas Responsible Artificial Intelligence Governance Act, New York City Local Law 144 (automated employment decision tools), and Annex III of the EU AI Act, unless under a separate written enterprise addendum with Momental that expressly permits the deployment and allocates the corresponding compliance obligations.

Minor Safety, Companions, and Mental-Health Use. Customer may not deploy Momental-powered agents as: (i) companion, romantic-partner, or persona bots targeting users under the age of 18; (ii) primary mental-health, suicide-prevention, crisis-intervention, eating-disorder, or self-harm support resources; or (iii) any consumer-facing surface accessible to users under the age of 18 without age-gating and parental-consent mechanisms required by COPPA, the EU AI Act, and applicable state laws. Customer may not collect or process personal information of children under 13 (or under 16 in jurisdictions where the age threshold is higher) without verifiable parental consent and a separate written addendum with Momental.

AI Marketing Honesty. Customer may not market its own products or services that are powered by the Services using deceptive AI claims (so-called "AI washing"), including overstating, mischaracterizing, or omitting material facts about how AI is used, what data trained it, what certifications it holds, or what professional roles it can replace.

Geographic Restrictions. The Services may not be used from or accessed in countries subject to comprehensive U.S. trade embargoes (including Russia, Iran, North Korea, Syria, Cuba) or by individuals on U.S. Denied Persons Lists.

AI Accuracy and Human Oversight

The Services use AI that produces probabilistic outputs. Customer acknowledges that:

• AI-generated content may contain errors, inaccuracies, or fabricated information
• AI may generate false statistics, cite non-existent sources, or present incorrect information with apparent confidence
• The Services do not provide professional advice of any kind (legal, medical, financial, engineering, or accounting)
• Customer is responsible for reviewing and verifying all AI-generated content before relying on it
• AI outputs do not constitute professional opinions and should not be treated as such

Customer must review and verify AI recommendations before implementation and must not authorize AI features to make legally binding commitments without human review.

Untrusted Inputs and Prompt Injection

The Services may ingest data from sources controlled by parties other than the Customer (including emails, web pages, third-party document stores, third-party MCP tools, public websites, and content authored by Customer's own users). Such data may contain adversarial instructions, malicious prompts, or other content designed to manipulate agent behavior, exfiltrate Customer Content, or escalate agent privileges (collectively, "prompt-injection attacks"). Customer acknowledges this risk and agrees to:

• Treat data from sources outside Customer's organization, and content authored by unauthenticated or low-trust users, as untrusted
• Apply scoped credentials with minimum privileges to agents that process untrusted input
• Enable Momental's recommended safety controls (including human review for irreversible actions and tool-call confirmation) when an agent processes untrusted input
• Promptly investigate and report to [email protected] any suspected prompt-injection attack affecting Customer's workspace

Momental's liability for damages caused by a prompt-injection attack arising from data that Customer ingested or directed an agent to ingest is subject to the cap and exclusions in the Terms of Service.

AI Transparency and Watermarks

Where the Services generate image, audio, or video content ("Generated Media"), Momental may embed an industry-standard provenance signal (such as C2PA metadata, an invisible watermark, or a manifest disclosure) consistent with the California AI Transparency Act (SB 942) and equivalent transparency requirements. Customer agrees not to remove, disable, alter, or obscure such provenance signals. Customer also acknowledges that AI-generated content presented to end users in jurisdictions that require AI-disclosure labeling (including California, Utah, and the EU under Article 50 of the EU AI Act for synthetic content) must be labeled by Customer in accordance with those laws when Customer publishes or distributes the content.

Agent Scope and Authorization

Customer acknowledges that the Services include AI agents capable of taking actions in Customer-connected systems within the permission scope Customer grants. Customer agrees to:

• Grant agents the minimum permissions necessary for the intended use case (principle of least privilege)
• Review and approve the integration scopes (e.g., GitHub permissions, Slack channels, document folders) before enabling each agent
• Monitor agent activity logs in Customer's workspace and revoke access promptly upon any unexpected behavior
• Not authorize agents to make legally binding commitments, send messages to third parties outside Customer's organization, or execute irreversible destructive actions without a human-in-the-loop review step
• Maintain backups and version control of any systems agents may modify

Customer is responsible for actions taken by agents within Customer-granted scope. Momental is not responsible for agent actions resulting from over-broad permission grants, compromised Customer credentials, or use cases outside the agent's documented capabilities.

Enforcement

For non-egregious violations (e.g., exceeding fair use limits, minor policy violations), Momental will provide written notice and a 30-day cure period before suspension or termination.

For egregious violations (input of prohibited data types, illegal use, deliberate circumvention of security controls, use in sanctioned countries), Momental may immediately suspend or terminate access without prior notice and without refund.

In all cases, violation of this Usage Policy may also result in:

• Customer liability for any resulting regulatory violations, fines, or penalties
• Customer obligation to indemnify Momental for claims arising from prohibited use, as described in the Terms of Service (Section K)
• Reporting to relevant regulatory authorities where required by law

Contact