Acceptable Use Policy

This Acceptable Use Policy defines the rules and boundaries for use of the BizNerva platform, including all websites, applications, APIs, and related services. Its purpose is to protect the security, integrity, and availability of the platform and the data of all customers, and to ensure that the platform is used in a lawful and responsible manner.

You may not use the BizNerva platform to:

• Gain or attempt to gain unauthorized access to the platform, other user accounts, or any systems or networks connected to the platform, including through hacking, password mining, or penetration testing without prior written consent from BizNerva.
• Upload, transmit, or distribute malware, viruses, worms, Trojan horses, or any other malicious code or software designed to interrupt, destroy, or limit the functionality of any computer software, hardware, or network.
• Use the platform in violation of any applicable local, state, national, or international law or regulation, including but not limited to laws governing data protection, privacy, employment, and anti-discrimination.
• Knowingly collect personal information from or directed at individuals under 18 years of age as platform end users. Limited, lawful references to minors in incident reports, training records, or compliance documentation required by applicable workplace safety or labor laws are permitted.
• Circumvent, disable, or otherwise interfere with security controls, encryption mechanisms, access restrictions, or authentication features of the platform, including rate limiting, CAPTCHA verification, bot detection systems, or other automated abuse prevention mechanisms.
• Attempt to de-anonymize, re-identify, or reverse the redaction of any personally identifiable information that has been anonymized, pseudonymized, or redacted within the platform.
• Use the platform to harass, threaten, stalk, defame, or discriminate against any individual or group on the basis of race, gender, religion, national origin, disability, sexual orientation, age, or any other protected characteristic.
• Engage in automated scraping, crawling, data mining, or data extraction from the platform, except through APIs explicitly provided and authorized by BizNerva for such purposes.
• Share, transfer, or disclose account credentials (including passwords, API keys, and authentication tokens) to unauthorized individuals.
• For partners: use the platform, its data, documentation, or methodologies to build, operate, or market competing compliance services, or to assist any third party in doing so.
• Access, use, export, copy, or disclose any data belonging to another user, organization, or client except as expressly authorized through the platform and solely for the intended purpose of using the Services. You may not use any data obtained through the platform to develop, train, improve, or support any competing product or service, or for any purpose outside the scope of your authorized use of the Services. Any unauthorized use, retention, or distribution of platform data constitutes a material violation of this policy.

BizNerva is a workplace-compliance platform. It is designed to store and process documents and records that support your organization's compliance with workplace-related laws and regulations (e.g., OSHA, WVPP, labor, pay transparency, training records). The following categories of content must not be uploaded as files, pasted or typed into any free-text input (including AI Compliance Assistant chat, evidence descriptions, task notes, comments, or any other text field), transmitted, or stored on the platform:

• Protected Health Information (PHI): any information that would be covered by the HIPAA Privacy Rule if held by a Covered Entity or Business Associate. BizNerva is not a HIPAA Covered Entity and does not offer a Business Associate Agreement for customer-uploaded PHI absent a separate written agreement.
• Student-identifying information:student or pupil names, ages, grades, photos, student IDs, pupil records, Individualized Education Programs (IEPs), 504 plans, and any other information maintained in connection with a minor's enrollment at a school (collectively, "pupil records" as that term is used in Cal. Ed. Code §49073.1).
• Parent or guardian contact informationcollected in connection with a minor's enrollment at a school (form fields for parent/guardian name, phone, email, signature, or relationship).
• Student health, school-nurse, or emergency-card records,including immunization records, medication authorization forms, allergy lists for minors, and other documents collected by a school health office.
• Payment card data subject to PCI DSS. BizNerva does not process or store cardholder data and is not a payment processor.
• Classified, export-controlled, or national-security informationcovered by ITAR, EAR, or similar regimes.

File uploads to the platform are automatically screened for common patterns associated with the above categories. When such content is detected, the upload may be blocked at the client-side pre-screen (including by filename), flagged by the server-side sensitivity classifier, or have sensitive markers redacted before any AI processing.

Free-text input (AI Compliance Assistant chat messages, evidence descriptions, task notes, and other text fields) receives a narrower set of automated protections: regex-based redaction of common direct identifiers (e.g., SSNs, email addresses, phone numbers) before any text is sent to a sub-processor LLM, plus structured pattern detection for student records, IEP/504 markers, and PHI-style markers. These safeguards are pattern-based and do not reliably detect every form of prohibited content (for example, narrative references to a specific student by first name or partial identifier). You are responsible for ensuring no prohibited content is pasted or typed into any input surface, including chat.

All automated safeguards above are provided on a best-effort basis and do not relieve you of the obligation to refrain from uploading, pasting, typing, transmitting, or storing prohibited content.

If your organization needs to process any category of data listed above, contact contact@biznerva.com to discuss whether a separate product tier or written agreement is available.

As a user of the BizNerva platform, you are responsible for:

• Maintaining accurate, current, and complete account registration information and promptly updating it if any information changes.
• Securing your login credentials, including enabling and maintaining multi-factor authentication (MFA) where available, and ensuring that your password meets the platform's minimum strength requirements.
• Reporting any known or suspected security vulnerabilities, unauthorized access, or other security incidents to contact@biznerva.com promptly and responsibly. We ask that you refrain from publicly disclosing any vulnerability before we have had a reasonable opportunity to investigate and address it.
• All activities that occur under your account. If your account is compromised due to no fault of your own (e.g., a security breach on BizNerva's side), you will not be held responsible for unauthorized activities resulting from that compromise. You must notify BizNerva immediately if you become aware of any unauthorized use of your account.

BizNerva reserves the right, in its sole discretion, to investigate and take appropriate action in response to any actual or suspected violation of this AUP, including but not limited to the following:

• Notice and cure: For non-urgent violations that do not pose an immediate security risk or harm to others, BizNerva will provide written notice of the violation and a reasonable opportunity to cure (typically five (5) business days) before taking enforcement action.
• Suspension or termination: BizNerva may suspend or terminate your access to the platform, in whole or in part, immediately and without prior notice, if we reasonably believe that your use of the platform poses an immediate security risk, involves illegal activity, or is causing harm to BizNerva, its customers, or third parties.
• Refunds: No refund, credit, or compensation shall be provided for accounts terminated due to willful or material violations of this AUP. For suspensions due to minor or inadvertent violations that are cured within the notice period, no service interruption fees will apply.
• Law enforcement referral: BizNerva may report any activity that it reasonably believes to be illegal or in violation of applicable law to the appropriate law enforcement authorities, regulatory agencies, or other governmental bodies, and may cooperate with such authorities in their investigations.
• Preservation of rights: Enforcement of this AUP is not a waiver of any other rights or remedies available to BizNerva under the Terms of Service, applicable law, or equity.

If you become aware of any conduct that you believe violates this Acceptable Use Policy, please report it to us at contact@biznerva.com. Please include as much detail as possible, including the nature of the violation, any relevant account or user information, and supporting evidence. We will review all reports and take appropriate action.

We may update this Acceptable Use Policy from time to time. We will post the updated version on this page and update the effective date. For material changes, we will provide at least thirty (30) days' prior notice via email to your registered address or in-app notification. Your continued use of the platform after the effective date of any changes constitutes your acceptance of the updated AUP.

For questions about this Acceptable Use Policy, contact us at contact@biznerva.com.