Acceptable Use Policy

This Acceptable Use Policy ("Policy") defines the permitted and prohibited uses of the services, platforms, and technology provided by Core Enterprise LLC d/b/a NeuralDesk ("Company," "NeuralDesk," "we," or "us") to clients and their authorized users (collectively, "you" or "Client"). This Policy protects the Company, its clients, End Users, and the public from misuse of AI-powered technology and digital marketing services.

This Policy applies to all services, including AI-powered inbound and outbound call automation, lead capture, qualification, CRM integration, appointment scheduling, website development and management, digital marketing services (SEO, Google Ads, SMM), mobile application development, and all related platforms, APIs, and tools. It applies to all clients, employees, contractors, agents, and any End User who interacts with Company-operated services.

This Policy is incorporated by reference into the Terms of Service, Master Service Agreement, and any applicable Order Form or SOW. Client's acceptance of any service agreement constitutes acceptance of this Policy. This Policy supplements, and does not replace, specific compliance obligations in the TCPA Compliance Addendum, BAA, DPA, and other applicable addenda.

The Company may update this Policy at any time upon thirty (30) days' written notice. Continued use after the effective date constitutes acceptance.

Client may use the Services solely for its own legitimate business purposes as described in the applicable service agreement, including: receiving and qualifying inbound telephone calls; initiating outbound calls to individuals who have provided legally required prior express written consent; scheduling appointments and managing calendar integrations; capturing lead data and syncing it to authorized CRM systems; operating digital marketing campaigns within approved budgets and strategies; and developing websites and mobile applications for Client's own business operations.

All permitted uses must comply with applicable federal, state, and local laws; the terms of the applicable service agreement and this Policy; the terms of service of all third-party platforms used in connection with the Services; and industry-standard ethical business practices. Legality in one jurisdiction does not authorize use that is prohibited in another jurisdiction where End Users are located.

Client is strictly prohibited from using the AI Voice Agent or any other Company calling service to: (a) initiate outbound calls to any individual who has not provided prior express written consent under TCPA (47 U.S.C. § 227) and applicable FCC regulations; (b) call numbers on the National DNC Registry without legally sufficient consent; (c) call numbers on Client's internal DNC list or those who have revoked consent; (d) contact individuals who have previously revoked consent regardless of how communicated; or (e) make calls to individuals in states with more restrictive consent requirements without complying.

Client is prohibited from instructing the Company to: (a) configure the AI Voice Agent to falsely represent that the caller is a human being to a person who sincerely inquires; (b) use deceptive caller identification in violation of the Truth in Caller ID Act (47 U.S.C. § 227(e)); (c) represent a false business name, affiliation, or identity; (d) make any false or misleading statement during a call; or (e) use manipulative, threatening, abusive, or harassing tactics, including high-pressure sales techniques that exploit vulnerability.

Client may not use the AI Voice Agent for: (a) illegal telemarketing; (b) fraudulent charity, scam, or investment solicitation; (c) debt collection in violation of FDCPA or state law; (d) products or services illegal in the recipient's jurisdiction; (e) unsolicited political robocalling; (f) marketing to minors; or (g) harassment, threats, or intimidation.

Client may not instruct the Company to: (a) record calls in all-party-consent states without consent from all parties; (b) record medical, legal, or financial communications in violation of professional confidentiality rules; (c) omit or disable required call recording disclosures; or (d) use call recordings for any purpose other than the legitimate business purpose disclosed.

Client may not use any Company service to: (a) send spam in violation of CAN-SPAM (15 U.S.C. § 7701); (b) transmit unsolicited SMS/MMS without legally required consent; (c) message purchased, rented, or scraped contact lists without required consent; or (d) circumvent email or SMS filtering systems.

Client may not use any Company service to create, distribute, promote, or advertise content that violates applicable law; infringes third-party IP; is defamatory or libelous; constitutes false advertising or unsubstantiated claims under the FTC Act; promotes violence, self-harm, or harm to others; is obscene or sexually explicit (particularly in violation of COPPA); or promotes illegal discrimination based on a protected characteristic.

No use in connection with: unregistered, unlicensed, or fraudulent financial / investment / crypto offerings; prescription drug marketing in violation of FDA or state law; tobacco / alcohol / cannabis advertising violating age-verification, platform policy, or state regulations; medical device or health claims that are false, misleading, or unsubstantiated; or real estate advertising violating the Fair Housing Act or state law.

Client may not direct the Company to create or publish: false testimonials or fabricated reviews; deceptive pricing, hidden fees, or bait-and-switch advertising; unsubstantiated performance claims; counterfeit endorsements or implied endorsements without authorization; astroturfing; or any advertising that fails to disclose required material connections under FTC guidelines.

No use of Company-managed advertising or social accounts to violate the policies of Google, Meta, LinkedIn, or any other platform; engage in click fraud or artificial engagement; scrape platform user data in violation of platform terms; or circumvent platform safety, moderation, or enforcement systems.

No collection of personal data without legally required notice, consent, or legal basis under applicable privacy law; no collection from children under 13 (or applicable threshold) without verifiable parental consent; no databases obtained through scraping, purchasing, or harvesting in violation of terms or privacy laws; and no use for purposes incompatible with those for which data was collected without additional consent.

Client may not direct the Company to: (a) process personal data in violation of GDPR, UK GDPR, CCPA/CPRA, or FDBR; (b) share personal data with unauthorized third parties (data brokers, list sellers, aggregators); (c) use personal data for purposes other than the documented purpose; (d) combine personal data in a manner creating disproportionate privacy risks; or (e) process Sensitive Personal Data without required legal basis and safeguards.

Client may not transmit, share, or direct the Company to process PHI without a fully executed BAA. Client may not attempt to circumvent PHI protections through de-identification that does not comply with HIPAA (45 C.F.R. § 164.514).

No unauthorized access to Company systems; no probing, scanning, or vulnerability testing without written authorization; no introduction of viruses, malware, or ransomware; no denial-of-service or disruptive activities; no bypass of security or access controls.

No reverse engineering, decompilation, or attempts to derive source code, algorithms, or AI models; no automated tools or bots accessing Company systems beyond authorized use; no reproduction or derivative works of Company technology; no use of authorized-access information to circumvent or compete with Company technology.

No reselling, sublicensing, white-labeling, or third-party access without written consent; no use on behalf of any entity other than Client without authorization; no representation that Client provides services powered by Company technology; no use that disguises Company technology involvement.

No artificial call volume, fake leads, or inflated engagement; no benchmarking other systems through the Services without written consent; no use of Company telephony, ad accounts, or platforms for purposes unrelated to the service agreement; no actions that unreasonably burden or disrupt Company infrastructure.

No use in violation of U.S. export control laws (EAR, OFAC); no business with sanctioned countries, entities, or SDN-listed individuals; no facilitation of any transaction exposing the Company to sanctions liability.

Client must ensure use complies with the laws of every jurisdiction where End Users are located. The Services are designed for legal U.S. business use. Client is solely responsible for legality in any non- U.S. jurisdiction.

No use of the Services or Company data to gather intelligence about other Company clients; no identifying, approaching, or soliciting other Company clients; no developing a competing service using knowledge gained from access to Company technology.

No unlicensed financial advising, securities trading, or mortgage brokering; no unauthorized medical diagnosis, treatment recommendations, or prescription; no illegal pyramid or MLM structures; no illegal gambling; no fraud, money laundering, or facilitation of criminal enterprise.

All content, data, scripts, and instructions must be accurate, truthful, and not misleading. Client is solely responsible for accuracy of call scripts, advertising copy, website content, app content, and any other materials provided.

Client warrants ownership or licensure of all content provided to the Company, including images, text, audio, video, trademarks, and data. No infringing content may be provided.

Client must not submit sensitive personal data categories (Social Security Numbers, payment card data, government IDs, health records) unless (a) a specific Addendum (e.g., BAA) is in place and (b) submission is necessary for the Services described in the agreement.

The Company reserves the right (but not the obligation) to monitor Client's use for compliance, including review of call recordings, campaign content, website content, and App Store submissions. Monitoring does not guarantee detection or assume compliance responsibility resting with Client.

Reports may be submitted to info@neuraldesk.us and are handled confidentially to the extent practicable.

Upon determining a violation, the Company may: (a) issue a written warning with cure period; (b) require Client to modify or remove non-compliant content; (c) immediately suspend the specific Services involved; (d) immediately suspend all Services without advance notice where the violation poses immediate legal risk or End User harm; (e) terminate the service agreement for cause; and/or (f) report the violation to authorities, law enforcement, or platform operators as required by law or Company policy.

The Company may immediately suspend Services without advance notice and without liability if it receives a complaint, regulatory inquiry, or legal threat; determines continued service would expose it to material legal/financial/reputational risk; a court or government authority orders suspension; or Client's use causes disruption to other clients or Company infrastructure.

The Company is not liable for losses arising from good-faith enforcement actions. Enforcement actions do not entitle Client to refund of prepaid Fees.

Client agrees to indemnify, defend, and hold harmless the Company and its members, managers, officers, employees, agents, and subcontractors from claims arising from: (a) violation of this Policy; (b) violation of applicable law (TCPA, CAN-SPAM, FDCPA, HIPAA, FTC Act, GDPR, state privacy and consumer protection laws); (c) third-party claims (End Users, regulators, platform operators) arising from Client's use; (d) false, misleading, infringing, or illegal Client-provided content; (e) failure to obtain required consents, disclosures, or authorizations; or (f) regulatory fines or corrective actions arising from Client's conduct.

This indemnification applies regardless of whether the Company had knowledge of the violation, acted in good faith reliance on Client's representations or instructions, or is named as a co-defendant. Client's indemnification is independent of and in addition to obligations under the TCPA Addendum, BAA, or other addenda.

(a) calling DNC-listed numbers without required consent; (b) configuring the AI Voice Agent to deny being automated when directly asked; (c) transmitting PHI without an executed BAA; (d) promoting investment fraud, pyramid schemes, or financial scams; (e) submitting purchased, scraped, or harvested contact lists without consent documentation; (f) call scripts with false statements about caller identity, affiliation, or call purpose; (g) using the Services to target, harass, or threaten any individual.

(a) failure to include required call recording disclosure; (b) failure to update internal DNC lists with recent opt-outs; (c) advertising claims requiring substantiation; (d) website content inadvertently incorporating copyrighted material; (e) failure to include privacy disclosures in App Store submissions; (f) inadvertent ad-spend overage without prior authorization.

In conflict, the order of precedence is: (a) applicable Addenda (TCPA, BAA, DPA) on their subject matter; (b) this Policy on prohibited uses and enforcement; (c) the Terms of Service or Master Service Agreement on commercial terms; (d) Order Forms and SOWs on project-specific terms.

This Policy is governed by Florida law. Disputes are subject to the dispute resolution provisions of the Terms of Service. The Company's right to seek immediate injunctive relief for Policy violations is preserved notwithstanding any arbitration agreement.

For questions or to report a suspected violation: Core Enterprise LLC d/b/a NeuralDesk, Attn: Compliance, 7901 4th St N, STE 300, St. Petersburg, FL 33702, info@neuraldesk.us, (561) 420-6622. Abuse reports may also be sent to abuse@neuraldesk.us.