Acceptable Use Policy
Effective Date: May 22, 2026 Last Updated: May 22, 2026
This Acceptable Use Policy (the "AUP") governs the use of the Muninnbase Service. It is incorporated by reference into the Terms of Service (the "Agreement") between JM3 Solutions LLC d/b/a JM3 Labs (provider of the Muninnbase service and referred to in this AUP as "Muninnbase," "we," "us," or "our") and the organization that has agreed to the Agreement (the "Customer").
Capitalized terms used but not defined in this AUP have the meanings given to them in the Agreement.
This AUP applies to Customer and to each of Customer's Authorized Users. Customer is responsible for ensuring its Authorized Users comply with this AUP, as set forth in the Agreement.
Violations of this AUP may result in suspension or termination of access to the Service as described in Section 7 below.
1. Purpose
This AUP sets out the rules that apply to Customer's and its Authorized Users' use of the Service. The goal is to keep the Service safe, secure, lawful, and useful for everyone who relies on it. Where the rules in this AUP overlap with rules in the Agreement, both apply.
2. General Prohibited Activities
Customer and its Authorized Users must not use the Service to:
(a) Engage in illegal activity or activity that violates any applicable law, regulation, or third-party right;
(b) Infringe intellectual property rights, including copyright, trademark, patent, trade secret, or rights of publicity;
(c) Harass, threaten, stalk, or abuse any individual, including through targeted messaging or content directed at a specific person;
(d) Generate or distribute defamatory content about any individual or organization;
(e) Promote, incite, or facilitate violence, terrorism, or hate against any individual or group based on race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, or other protected characteristic;
(f) Engage in fraudulent or deceptive practices, including impersonation, false claims of identity or affiliation, or misrepresentation of source;
(g) Distribute malware, ransomware, spyware, or other malicious code, or use the Service to plan, develop, or facilitate the distribution of such code;
(h) Engage in phishing, social engineering, or credential theft activities;
(i) Send spam or unsolicited bulk communications, whether through the Service or by using outputs from the Service;
(j) Endanger the health or physical safety of any person, including through advice that misrepresents qualifications or that could reasonably be expected to cause serious harm;
(k) Violate the privacy of any individual, including by collecting, storing, or disclosing personal information without lawful basis; or
(l) Engage in any activity that imposes an unreasonable load on the Service or otherwise interferes with its operation for other customers.
3. Content Restrictions
Customer Content uploaded to the Service must comply with this Section 3. Customer is solely responsible for the content of Customer Content and for ensuring it complies with these restrictions.
3.1 Prohibited content categories
The following categories of content must not be uploaded to the Service under any circumstances:
(a) Protected Health Information ("PHI") as defined under the U.S. Health Insurance Portability and Accountability Act (HIPAA). The Service is not HIPAA-compliant infrastructure. We do not sign Business Associate Agreements. Customer must not upload medical records, treatment information, payment information related to healthcare, or any other PHI.
(b) Payment card data subject to the Payment Card Industry Data Security Standard (PCI-DSS), including primary account numbers (PANs), magnetic stripe data, card verification values (CVV/CVC), and PINs. Billing for the Service is processed by Stripe; no payment card data should ever enter the knowledge base.
(c) Classified, Controlled Unclassified Information (CUI), or export-controlled information, including information subject to the U.S. International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR). The Service is not cleared or certified for such information.
(d) Personal information of children under 13 years of age (or the equivalent minimum age under applicable child-data-protection law), in a manner that would subject the upload to the U.S. Children's Online Privacy Protection Act (COPPA) or similar law.
(e) Child sexual abuse material (CSAM) or any content that sexually exploits or endangers children. We report suspected CSAM to the National Center for Missing & Exploited Children (NCMEC) and to law enforcement as required by law.
(f) Content that Customer does not have the legal right to upload, including third-party content for which Customer does not hold appropriate licenses or rights.
(g) Malware, exploits, or other content designed to harm computing systems when interpreted, downloaded, or executed.
3.2 Sensitive personal data uploaded by Customer
Customer Content may contain sensitive personal data (such as Social Security numbers, dates of birth, financial account information, home addresses, and similar information) where the nature of Customer's business requires it. Where Customer uploads such information:
(a) Customer represents that it has the legal basis to do so under applicable law;
(b) Customer remains responsible for its handling of such information under applicable law; and
(c) Customer should consider whether each Authorized User's role requires access to such information, and configure Authorized User permissions accordingly.
We do not classify Customer Content beyond Customer's tenant. Customer is the controller of its own data.
4. AI-Specific Restrictions
The Service uses artificial intelligence (AI) features powered by large language models. The following restrictions apply specifically to use of those AI features.
4.1 Prohibited AI-generated content
Customer and its Authorized Users must not use the Service to generate, request, or facilitate the creation of:
(a) Child sexual abuse material (CSAM), sexually explicit content involving minors, or content that sexualizes minors in any way;
(b) Content that provides material assistance in the development, acquisition, or use of weapons capable of mass casualties, including biological, chemical, nuclear, or radiological weapons, or advanced conventional weapons;
(c) Operational instructions for serious physical attacks against persons or critical infrastructure;
(d) Functional malicious code, including malware, ransomware, exploits, or tools designed to bypass security controls;
(e) Spam, phishing content, fraudulent solicitations, or social-engineering scripts intended for mass or targeted distribution;
(f) Disinformation campaigns or content designed to manipulate elections, public health responses, or other democratic processes;
(g) Non-consensual intimate imagery, deepfakes intended to deceive, or impersonation content that misrepresents real individuals without their consent;
(h) Harassment, stalking, or targeted-abuse content directed at specific individuals; or
(i) Content that violates the usage policies of our AI subprocessor (currently OpenAI), as published at https://openai.com/policies/usage-policies. Customer's use of the Service is subject to OpenAI's usage policies as if Customer were a direct user of OpenAI's API, in addition to the restrictions in this AUP.
4.2 Prohibited interactions with AI features
Customer and its Authorized Users must not:
(a) Attempt to jailbreak, prompt-inject, or otherwise circumvent the safety, security, or grounding mechanisms of the Service, including attempts to make the AI ignore instructions, reveal system prompts, or operate outside the bounds of Customer Content;
(b) Use the Service to extract data from other Customers' tenants or to test cross-tenant isolation;
(c) Use outputs of the Service to train, fine-tune, or evaluate competing AI models or services;
(d) Probe the AI system for the purpose of reverse engineering its underlying models, prompts, or retrieval mechanisms; or
(e) Submit queries designed to consume disproportionate compute resources or to test rate-limit and abuse-prevention systems without our prior written authorization.
4.3 High-stakes decisions
The Service is a knowledge tool, not a decision-making system. Customer and its Authorized Users must not use Service outputs as the sole basis for decisions in the following categories without meaningful human review by a qualified professional:
(a) Employment decisions (hiring, firing, promotion, compensation, performance evaluation);
(b) Credit, lending, or insurance underwriting decisions about individuals;
(c) Healthcare decisions, including diagnosis, treatment, or eligibility determinations;
(d) Legal advice or legal strategy in any matter involving an actual or potential legal proceeding;
(e) Decisions involving criminal justice, including bail, sentencing, parole, or law enforcement targeting; or
(f) Educational decisions that materially affect a student's record, eligibility, or opportunities.
This restriction does not prohibit Customer from using the Service to support such decisions, draft materials related to them, or summarize information bearing on them. It prohibits relying on AI output as the dispositive answer where a qualified human's professional judgment is the appropriate decision-maker.
5. Security Restrictions
Customer and its Authorized Users must not:
(a) Bypass or attempt to bypass authentication, authorization, access controls, rate limits, or other security measures of the Service;
(b) Probe, scan, or test the vulnerability of the Service or any related system without our prior written authorization. We welcome good-faith vulnerability reports; see Section 8;
(c) Reverse engineer, decompile, disassemble, or attempt to derive source code or underlying models of the Service, except to the extent expressly permitted by applicable law notwithstanding this restriction;
(d) Use automated tools, bots, crawlers, or scrapers to access the Service beyond the use patterns of normal human users, or to harvest content from the Service;
(e) Attempt to access Customer Content, accounts, or data belonging to another Customer or its Authorized Users;
(f) Disrupt, degrade, or interfere with the Service or with any system, network, or infrastructure that supports the Service;
(g) Use the Service to launch attacks, scans, denial-of-service activity, or other intrusions against any third-party system; or
(h) Resell, sublicense, lease, or otherwise commercially exploit access to the Service to non-Authorized Users.
6. Customer Responsibility for Authorized Users
Customer is responsible for compliance with this AUP by each of its Authorized Users, including:
(a) Communicating the existence and substance of this AUP to Authorized Users, including any updates;
(b) Configuring Authorized User permissions appropriately for each user's role;
(c) Investigating and addressing reported violations within its organization;
(d) Promptly disabling access for any Authorized User who has materially violated this AUP; and
(e) Notifying us at [email protected] of any actual or suspected violation of this AUP within Customer's organization that may have affected the Service or other customers.
7. Enforcement
7.1 Range of actions
We may take any or all of the following actions in response to a violation or suspected violation of this AUP, depending on the nature and severity of the violation:
(a) Notify Customer of the violation and request remediation within a specified time period;
(b) Restrict or disable access to specific features, Authorized Users, or Customer Content within the Customer's tenant;
(c) Suspend Customer's account in whole or in part, with or without prior notice depending on severity;
(d) Remove or quarantine specific Customer Content, including in the AI knowledge base;
(e) Terminate the Agreement in accordance with the Agreement's termination provisions;
(f) Report the violation to law enforcement or regulators where required by law or where we reasonably believe such reporting is appropriate (including mandatory reporting of CSAM); and
(g) Cooperate with civil, criminal, or regulatory investigations related to the violation.
7.2 Severity-based response
Our response is calibrated to the severity of the violation:
(a) Minor or first-time violations (such as inadvertent uploads of sensitive personal data, or isolated misuse by an individual Authorized User) typically result in notice to the Customer and a reasonable opportunity to cure.
(b) Material violations (such as repeated misuse, unauthorized scraping, or attempts to bypass security controls) typically result in immediate suspension of the affected functionality or account, pending investigation and remediation.
(c) Severe violations (including CSAM, mass-harm content under Section 4.1, intentional security attacks, or violations that pose immediate harm to other customers, users, or the public) result in immediate suspension or termination, with no obligation to provide prior notice or opportunity to cure.
Severity is determined in our reasonable judgment, taking into account the conduct, the harm caused or threatened, and Customer's prior history.
7.3 No waiver
Failure to enforce any provision of this AUP in any instance does not waive our right to enforce it in any future instance.
8. Reporting Violations and Vulnerabilities
8.1 AUP violation reports
If you become aware of a violation of this AUP — whether by a Customer, an Authorized User, or any third party using the Service — please report it to [email protected]. Include:
(a) A description of the suspected violation;
(b) The date and time it occurred (or is occurring);
(c) Any identifying information about the affected account or content (without uploading the offending content itself); and
(d) Your contact information so we can follow up.
We investigate good-faith reports of AUP violations. We do not retaliate against good-faith reporters.
8.2 Security vulnerability reports
If you discover a security vulnerability in the Service, please report it to [email protected] with "Security Vulnerability" in the subject line. We appreciate responsible disclosure and will work with you in good faith to investigate and remediate. Please do not disclose the vulnerability publicly until we have had a reasonable opportunity to remediate.
8.3 Law enforcement requests
Lawful requests from law enforcement, regulators, or courts should be directed to [email protected]. We respond to valid legal process in accordance with applicable law.
9. Changes to This AUP
We may update this AUP from time to time, including to address new abuse patterns, regulatory developments, or changes to our AI subprocessor's usage policies. Material changes will be communicated to Customer's administrator with reasonable advance notice through the Service or by email.
Customer's continued use of the Service after a change becomes effective constitutes acceptance of the updated AUP. If Customer does not agree to an updated AUP, Customer's exclusive remedy is to terminate the subscription in accordance with the Agreement before the change takes effect.
10. Relationship to the Agreement and Other Policies
This AUP is part of the Agreement. In the event of a conflict between this AUP and another document in the Agreement, the order of precedence is as set forth in Section 19.2 of the Terms of Service.
This AUP should be read alongside our:
11. Contact
Questions about this AUP:
Email: [email protected] Postal mail: JM3 Solutions LLC d/b/a JM3 Labs, 971 US Highway 202 N, Suite N, Branchburg, NJ 08876