Acceptable Use Policy

This Acceptable Use Policy (the "AUP") governs what you may and may not do with the Service operated by Galactiv EOOD ("Company", "we", "us") at calivina.com. The AUP is incorporated into and forms part of the Master Subscription Agreement (the "Agreement"). Capitalized terms used here have the meanings given in the Agreement.

The AUP exists to protect the Service, our other Customers, the third-party providers we depend on, and the general public. We will enforce the AUP in good faith and consistently across customers.

1. Prohibited Content

You will not host, transmit, or distribute through the Service, and your Generated Site will not contain or link to:

1.1 Illegal content

• Content unlawful in either your jurisdiction or the Republic of Bulgaria, including incitement to violence, terrorism financing, illegal weapons sales, controlled-substance trafficking, human trafficking, or content that violates applicable export-control or sanctions law.
• Child sexual abuse material (CSAM) or any content that sexually exploits or endangers a minor. We report CSAM to the National Center for Missing & Exploited Children (NCMEC) and the Bulgarian competent authority and cooperate fully with law enforcement.
• Content that infringes copyright, trademark, patent, trade secret, right of publicity, or any other intellectual-property or proprietary right of a third party.
• Content that violates a court order, injunction, or other binding legal process.

1.2 Deceptive or harmful content

• Phishing, credential harvesting, fake login pages, fraudulent commerce, or impersonation of another person, business, or government agency.
• Malware, ransomware, viruses, exploit kits, browser hijackers, drive-by downloads, cryptojacking scripts, or any code that damages, disables, or surreptitiously installs anything on visitors' devices.
• Disinformation campaigns operated as a coordinated inauthentic effort.
• Pump-and-dump schemes, fraudulent ICOs or token sales, "guaranteed" investment-return claims, deceptive multi-level-marketing recruiting, or other content designed primarily to defraud.

1.3 Harassment, hate, and threats

• Targeted harassment, stalking, doxing, or threats of violence directed at any individual or group.
• Content that incites or glorifies violence or harm against individuals on the basis of race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, or another protected characteristic.
• "Revenge porn" and non-consensual intimate imagery.

1.4 Adult, gambling, and regulated content

• Adult sexual content, escort services, pornography, or commercial sexual services. The Service is not designed for adult-content hosting and we do not provide compliance support for the U.S. Section 2257 record-keeping requirement, age-verification gateways, or similar regimes.
• Online gambling, sports betting, lotteries, or skill-gaming-for-money, except where you are a duly licensed operator and have provided us with proof of licensure on prior written request, in which case we may at our sole discretion and on customized terms permit a limited carve-out.
• Regulated firearms, ammunition, or explosives sales.
• Tobacco, e-cigarettes, vapor products, or cannabis sales (regardless of state-level legality in the United States).
• Pharmaceutical or pharmacy operations requiring a license; sale of prescription drugs, "research chemicals", or controlled substances.

1.5 High-risk verticals we do not serve at MVP tier

The Service at the MVP tier is not designed for, and you may not use it for:

• cryptocurrency exchanges, custodial wallets, or token-issuance platforms;
• consumer-credit issuance, payday lending, or loan brokerage;
• collections agencies' debtor-facing communications;
• adult-content platforms;
• mass-mailer / cold-email infrastructure as a service;
• SMS-aggregator front-ends;
• file-locker / paste-board sites whose primary function is anonymous file sharing;
• pornography aggregators, deepfake services, or any AI service that creates non-consensual sexual or impersonating imagery;
• HIPAA-covered protected health information, PCI-DSS in-scope cardholder data, FERPA student records, or any data subject to industry rules requiring a Business Associate Agreement, formal segregation, or specialized audit, unless we have separately agreed in writing.

1.6 Trademark and brand impersonation

• You may not register a Custom Hostname or use brand assets that impersonate or are confusingly similar to a third party.
• The Generated Site must not falsely imply endorsement, sponsorship, partnership, or affiliation with another business unless that relationship genuinely exists.

2. Prohibited Conduct

You will not, directly or indirectly:

(a) probe, scan, or test the vulnerability of the Service, except under a written security-testing agreement with us (write to security@calivina.com to request one); (b) breach or circumvent any security or authentication measure; (c) access, tamper with, or use any non-public area of the Service or its infrastructure; (d) interfere with or disrupt the Service or any user's use of it (including denial-of-service activity, traffic flooding, or amplification); (e) reverse engineer, decompile, or attempt to extract source code, model weights, prompts, or other proprietary materials of the Service; (f) use automated tools — bots, scrapers, headless browsers, "crawlers", AI agents — to access the Service or any Generated Site at a rate or for a purpose that imposes an unreasonable load or that is intended to copy or compete with the Service; (g) bypass rate limits, file-size limits, storage limits, or other quota set by us, or attempt to use multiple accounts to do so; (h) use the Service to send unsolicited bulk email, "cold email", or SMS, regardless of jurisdictional legality; (i) use the Service to provide any service to a third party — that is, resell, sublicense, or operate the Service as a managed service for someone else's business — except as expressly permitted in writing by us; (j) engage in cryptojacking, distributed computing, or otherwise use Service resources for purposes unrelated to operating your Generated Site; (k) use the Service in violation of any applicable law, regulation, court order, or third-party right.

3. AI-Specific Restrictions

In addition to the general restrictions above, you will not:

• use the Service to generate or host AI Content that depicts a real person without that person's consent in a manner that is sexual, defamatory, or designed to deceive viewers as to the person's actions or statements;
• use the Service to publish AI-generated factual claims about a third party (e.g., a competitor) that you have not verified;
• attempt to extract the system prompts, fine-tuning data, or model weights of any AI system used by the Service;
• use the Service to generate content intended to deceive automated systems used for biometric identification, KYC, age verification, or fraud prevention;
• use the Service to circumvent the safety policies of upstream AI providers (e.g., by chained prompts designed to elicit content that would otherwise be refused).

You acknowledge that all AI Content generated by the Service is also subject to the upstream AI providers' acceptable-use policies (Anthropic's Usage Policies, OpenAI's Usage Policies, etc.), and you will not use the Service to do anything that would violate those policies.

4. Email and Communications

If your Generated Site exposes a contact form, sign-up form, newsletter capture, or similar feature:

• you must clearly identify yourself, the type of communication, and how a recipient can opt out;
• you must obtain any consent required by the recipient's jurisdiction (e.g., explicit GDPR consent for marketing in the EU, double opt-in best practice, CASL express consent for Canadian recipients, TCPA prior express consent for SMS in the U.S.);
• you must maintain a suppression list and honor unsubscribe requests within ten (10) business days at most (sooner where the law requires);
• you must include a valid postal address in commercial email (CAN-SPAM, ePrivacy, similar);
• you must not mailing-list-purchase or use harvested addresses.

The Service is not, and may not be used as, a bulk email or SMS sender.

5. Site Performance and Resource Use

The Service is designed for typical small-business websites (≤30 pages, modest traffic). Excessive resource use that materially affects other Customers — for example, transcoding large video libraries on the fly, hosting dozens of high-resolution-image galleries, or driving sustained traffic at multiples of normal small-business volumes — may, at our discretion, result in a notice asking you to reduce usage, a tier upgrade, throttling, or termination.

We reserve the right to set reasonable storage and bandwidth limits and to publish those limits on our pricing page. We will give reasonable notice of changes that materially affect existing Customers.

6. Notice, Cure, Suspension, and Termination

6.1 Standard process

If we believe you are in breach of the AUP, we will, where practicable, send you an email notice describing the issue and asking you to cure within twenty-four to seventy-two (24–72) hours, depending on severity. If you cure within that window, no further action is taken.

6.2 Immediate suspension

We may suspend your Service immediately and without prior notice if we reasonably believe that:

• the violation is a violation of Section 1.1 (illegal content), Section 1.3 (CSAM, threats, doxing), or Section 2(a)–(d) (security or denial-of-service activity);
• the violation creates imminent risk of harm to a third party, to other Customers, or to the integrity of the Service;
• the violation creates legal exposure for us or our sub-processors;
• a sub-processor (e.g., Cloudflare, Stripe, an AI provider) has notified us that the content violates its terms.

We will, where lawful and practicable, notify you of the suspension promptly thereafter and identify any cure that we will accept.

6.3 Termination

If a violation is uncured at the end of the cure period, or if the violation falls under Section 6.2, we may terminate the Subscription under the Master Subscription Agreement. Termination forfeits any prepaid Subscription Fees and triggers the Effect of Cancellation provisions of the Agreement.

6.4 Repeat-infringer policy (DMCA)

In accordance with 17 U.S.C. § 512(i)(1)(A), we maintain a policy of terminating in appropriate circumstances accounts of repeat infringers. A Customer who is the subject of two (2) substantiated copyright complaints in any twelve-month period, or one (1) substantiated complaint of egregious or willful infringement, will be considered a repeat infringer. Termination under this Section is in addition to any other remedy.

6.5 Refunds

We do not refund Subscription Fees in connection with termination for AUP breach.

7. Reporting Abuse

If you believe content hosted on the Service violates the AUP, send a report to abuse@calivina.com with:

• the URL(s) of the offending content;
• a description of the violation;
• your contact information;
• if the report concerns copyright, a properly formed notice under our DMCA Policy.

We will acknowledge receipt of complete reports within two (2) business days and aim to resolve them within seven (7) business days, with shorter timelines for the most serious categories.

8. Cooperation with Law Enforcement

We cooperate with valid legal process. We will respond to:

• subpoenas, court orders, and warrants of competent jurisdiction;
• emergency disclosure requests in life-threatening situations (under the standard set by 18 U.S.C. § 2702(c)(4) or its Bulgarian equivalent);
• requests through Mutual Legal Assistance treaties.

We will, where lawful and consistent with the request, notify the affected Customer before disclosure and give them an opportunity to challenge.

9. Updates to this AUP

We may update the AUP from time to time. Material updates will be announced by email or in-product notice at least fifteen (15) days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

10. Contact

• Abuse reports: abuse@calivina.com
• DMCA notices: dmca@calivina.com
• Security disclosure: security@calivina.com
• General: support@calivina.com
• Mail: Galactiv EOOD, Kniaz Boris 1 55, Sofia 1000, Bulgaria, Bulgaria

Document version 1.0.0 — effective 2026-04-29.