Acceptable Use Policy

Journey Works, Inc. · Last Updated: March 7, 2026

This Acceptable Use Policy (“AUP”) governs your use of the Journey Works AI platform and services (the “Platform”). This AUP is incorporated into and forms part of the SaaS Subscription Agreement (the “Agreement”) between Journey Works, Inc. (“Provider”) and Client. Violation of this AUP may result in suspension or termination of Client’s access to the Platform.

1. General Conduct

Client agrees to use the Platform only for lawful purposes and in accordance with the Agreement, this AUP, and all applicable laws and regulations. Client is responsible for ensuring that all authorized users comply with this AUP.

2. Prohibited Uses

Client shall not, and shall not permit any authorized user to, use the Platform to:

2.1 Illegal or Harmful Activity

• Violate any applicable law, regulation, or governmental order
• Facilitate or promote illegal activity of any kind
• Infringe upon or misappropriate the intellectual property rights of any third party
• Generate, store, or distribute content that is defamatory, obscene, threatening, or harassing
• Engage in any activity that could cause physical harm, property damage, or financial loss to any person

2.2 Deceptive or Misleading Content

• Create AI-generated content intended to deceive the public or misrepresent its origin without appropriate disclosure
• Generate fake reviews, testimonials, or endorsements
• Impersonate any person, organization, or government entity
• Create or distribute disinformation or misinformation about destinations, businesses, or public health and safety

2.3 Unauthorized Access and Security

• Access or attempt to access accounts, systems, or data not belonging to Client
• Circumvent, disable, or interfere with security-related features of the Platform
• Probe, scan, or test the vulnerability of the Platform without prior written authorization
• Introduce viruses, malware, worms, trojan horses, or other harmful code
• Attempt to reverse engineer, decompile, or disassemble any portion of the Platform

2.4 Abuse of Resources

• Use the Platform in a manner that consumes a disproportionate amount of infrastructure resources relative to Client’s subscription tier
• Submit automated requests designed to overload, stress-test, or degrade the performance of the Platform
• Use the Platform as a general-purpose computing resource, proxy, or relay unrelated to its intended functionality
• Resell, sublicense, or redistribute access to the Platform or its outputs without Provider’s written consent

2.5 Data and Privacy Violations

• Upload or process Personal Data without proper legal basis, consent, or notice as required by applicable Data Protection Laws
• Upload sensitive or special category data (health data, biometric data, data of minors under 13) unless expressly agreed in writing with Provider
• Use the Platform to conduct surveillance or monitoring of individuals without their knowledge and consent
• Export or transfer data in violation of export control laws or international sanctions

2.6 AI-Specific Restrictions

• Use AI Agents to generate content that violates the usage policies of the underlying AI model providers (OpenAI, Anthropic, Google)
• Attempt to extract, replicate, or reverse engineer the AI models, system prompts, or agent configurations used by the Platform
• Use the Platform to develop competing AI products or services
• Submit prompts or inputs designed to manipulate AI Agents into producing harmful, biased, or prohibited outputs (“prompt injection” or “jailbreaking”)
• Represent AI-generated outputs as human-created work in contexts where disclosure is required by law or regulation

3. Email and Communications

Client shall not use the Platform’s communication features to:

• Send unsolicited bulk email (spam) or messages that violate the CAN-SPAM Act, GDPR, or equivalent regulations
• Send communications to recipients who have opted out or unsubscribed
• Forge or manipulate email headers, sender addresses, or other communication metadata
• Harvest or collect email addresses or contact information from the Platform without authorization

4. Content Standards

All content created, uploaded, or generated through the Platform must comply with the following standards:

• Must not infringe copyrights, trademarks, trade secrets, or other proprietary rights
• Must not contain personally identifiable information of third parties without proper authorization
• Must be accurate and not intentionally misleading when used for public-facing destination marketing materials
• Must comply with all applicable advertising standards and regulations, including FTC guidelines regarding endorsements, testimonials, and AI-generated content

5. Compliance with Destination-Specific Regulations

Client acknowledges that destination marketing activities may be subject to specific local, state, or national regulations, including but not limited to tourism improvement district (TID) compliance requirements, lodging tax regulations, grant compliance obligations, and accessibility standards. Client is responsible for ensuring that its use of the Platform complies with all such applicable regulations.

6. Monitoring and Enforcement

6.1 Monitoring. Provider reserves the right (but not the obligation) to monitor use of the Platform for compliance with this AUP. Provider may use automated tools to detect violations.

6.2 Investigation. Provider may investigate any suspected violation of this AUP and may access Client Data to the extent necessary for such investigation, subject to the confidentiality obligations in the Agreement and the Data Processing Addendum.

6.3 Enforcement Actions. In the event of a violation, Provider may, at its sole discretion:

1. Issue a written warning with a reasonable cure period;
2. Suspend access to specific features or Agents;
3. Suspend access to the Platform entirely; or
4. Terminate the Agreement in accordance with its terms.

Provider shall use commercially reasonable efforts to notify Client before taking enforcement action, except where immediate action is necessary to protect the Platform, other clients, or third parties.

7. Reporting Violations

Clients who become aware of any violation of this AUP should report it promptly to abuse@journeyworks.ai. Provider will investigate all reports in good faith.

8. Changes to This Policy

Provider may update this AUP from time to time. Material changes will be communicated via email or through the Platform at least thirty (30) days before they take effect. Continued use of the Platform after changes take effect constitutes acceptance of the updated AUP.

9. Contact

Questions about this AUP should be directed to:

Journey Works AI
Email: legal@journeyworks.ai