This Acceptable Use Policy (“AUP”) governs Customer’s access to and use of the Sentiva products and services (collectively, the “Services”). This AUP forms part of the applicable Cloud Services Agreement, Order Form, Data Processing Agreement, and other governing agreements between Sentiva LLC (“Sentiva” or “Provider”) and the customer (“Customer”).

Capitalized terms not defined in this AUP have the meanings set forth in the Cloud Services Agreement.

1. Purpose and Security Objectives

This AUP is intended to:

• Protect the confidentiality, integrity, and availability of the Services and Customer Data;

• Establish clear acceptable and prohibited use standards for authorized users;

• Reduce risks arising from misuse, unauthorized access, or insecure behavior;

• Support Sentiva’s information security, privacy, and compliance obligations.

  
  

2. Authorized and Permitted Use

Customer may access and use the Services solely:

• for lawful employment, recruitment, workforce management, and related internal business purposes;

• in accordance with the Agreement, applicable Order Forms, this AUP, Sentiva Documentation, and all applicable laws and regulations; and

• through authorized users who have been properly provisioned and authenticated.

Customer is responsible for ensuring that:

• access credentials are kept confidential;

• access is limited to users with a legitimate business need; and

• access is promptly revoked when no longer required (e.g., role changes, termination).

  
  

3. Prohibited Use

Customer shall not, and shall not permit any authorized user or third party to:

3.1 Unlawful, Abusive, or Harmful Activity

• Use the Services in violation of any applicable law, regulation, or binding obligation, including employment, labor, anti-discrimination, data protection, or export control laws.

• Use the Services to engage in discriminatory, retaliatory, unethical, or unlawful employment practices.

3.2 Insecure or Unauthorized Access

• Share accounts, credentials, or authentication factors between users.

• Attempt to gain unauthorized access to the Services, systems, data, or networks.

• Bypass or weaken authentication, authorization, logging, or monitoring controls.

3.3 Misuse of AI-Assisted Features

Customer shall not:

• Represent AI-assisted outputs as deterministic, authoritative, or legally binding.

• Use AI-assisted features as the sole basis for employment, hiring, termination, promotion, compensation, or compliance decisions without appropriate human oversight.

• Use AI-assisted features in a manner intended to deceive, manipulate, or unfairly disadvantage candidates or employees.

3.4 Data Protection and Privacy Violations

Customer shall not:

• Upload, process, or store Prohibited Data.

• Submit Personal Data without a valid legal basis, required notices, or consents.

• Process Personal Data in a manner inconsistent with the Data Processing Agreement.

3.5 Platform Abuse and Operational Risk

• Interfere with the normal operation, performance, or availability of the Services.

• Circumvent usage limits, quotas, or metering mechanisms.

• Deploy automated scripts, bots, or scraping tools except as expressly permitted.

3.6 Intellectual Property and Security Violations

• Upload content that infringes or misappropriates third-party rights.

• Reverse engineer, decompile, or attempt to extract source code, system logic, or underlying AI models, except as permitted by law.

  
  

4. Customer Security Responsibilities

Customer is solely responsible for:

• Implementing appropriate user access management, including role-based access and least-privilege principles.

• Ensuring authorized users follow secure practices (e.g., strong passwords, MFA where available).

• Maintaining internal policies and training to support lawful and secure use of the Services.

• Ensuring that Customer Content is accurate, lawful, and appropriate.

Sentiva does not review Customer Content for legal compliance and does not assume responsibility for Customer’s use of the Services.

5. Monitoring, Logging, and Enforcement

Sentiva may monitor and log usage of the Services to:

• Detect and investigate security incidents, misuse, or policy violations;

• Maintain system security, reliability, and operational integrity; and

• Comply with legal or regulatory obligations.

Where Sentiva reasonably determines that Customer has violated this AUP, Sentiva may, in accordance with the Agreement:

• Require corrective or remedial actions;

• Suspend or restrict access to affected accounts or features;

• Terminate the Agreement for material or repeated violations.

6. Incident Reporting Obligation

Customer shall notify Sentiva within seventy-two (72) hours of becoming aware of:

• any unauthorized access to Customer accounts;

• any compromise of credentials associated with the Services; or

• any suspected misuse of the Services that could impact security, availability, or data protection.

7. Consequences of Violation

Violations of this AUP may result in:

• suspension or termination of access to the Services;

• liability under the indemnification provisions of the Agreement; and

• additional legal or regulatory consequences arising from Customer’s conduct.

8. Updates to This AUP

Sentiva may update this AUP from time to time by providing at least thirty (30) days' prior notice. Continued use of the Services after the effective date of an updated AUP constitutes acceptance of the revised policy, subject to the Agreement.

9. Precedence

This AUP supplements the Agreement. In the event of any conflict, the Agreement shall prevail.