<sup>This Acceptable Use Policy (“AUP”) is incorporated into, and forms part of, the CognitiveView Terms of Service, Master Services Agreement, Embedded Solution Agreement, Reseller Agreement, or any other written agreement governing access to or use of CognitiveView’s services (collectively, the “Agreement”).Capitalized terms not defined in this AUP have the meanings set forth in the Agreement.This AUP applies to all customers, resellers, embedded solution partners, authorized users, end users, and any other individuals or entities that access or use CognitiveView’s platform, including TRACE-RAI and any related applications, APIs, features, or services (collectively, the “Services”).

In the event of a conflict between this AUP and the Agreement, this AUP governs with respect to acceptable use obligations.

1. General Acceptable Use
To ensure the security, integrity, and lawful operation of the Services, you agree not to, and not to permit or encourage any third party (including downstream or embedded users) to:Use the Services for any unlawful, prohibited, or fraudulent purpose, or in violation of applicable laws or regulations, including without limitation laws relating to data protection, privacy, artificial intelligence, cybersecurity, or export controls.

- Probe, scan, or test the vulnerability of any system, network, or safeguard associated with the Services.
- Reverse engineer, decompile, disassemble, hack, tamper with, or otherwise attempt to derive source code, models, system logic, or underlying architecture of the Services.
- Circumvent, bypass, or disable authentication, authorization, rate-limiting, or security controls, or attempt to gain unauthorized access to any accounts, data, models, evaluation artifacts, or infrastructure.
- Modify, disable, interfere with, or disrupt the integrity, performance, or availability of the Services or related systems.
- Access or search the Services by any means other than CognitiveView’s publicly supported and documented interfaces or APIs.Copy, scrape, extract, aggregate, distribute, disclose, or create derivative works from the Services except as expressly permitted by the Agreement.
- Use the Services to monitor availability, performance, or functionality for competitive analysis, benchmarking, reverse engineering, or competitive intelligence purposes.
- Impose unreasonable or disproportionate load on the Services, including through excessive automation, scripted requests, or usage beyond documented limits.Use the Services to generate, transmit, or facilitate unsolicited communications, spam, phishing, or deceptive messaging.
- Misrepresent identity, authority, or affiliation, including through impersonation, spoofing, falsified headers, or misleading attribution.Submit, upload, process, evaluate, or store any data, content, or materials that:You do not have the legal right to use or disclose;Infringe intellectual property, confidentiality, privacy, or other rights;
- Are deceptive, fraudulent, misleading, defamatory, obscene, hateful, threatening, violent, or otherwise inappropriate;Contain malware, exploits, or malicious components;Could reasonably cause harm to individuals, organizations, or systems.
- Engage in any activity that results in unlawful bias, discrimination, or exclusion of individuals or protected groups.

2. AI-Specific and Governance-Related Use

When using AI-related features of the Services, including TRACE-RAI, evaluation workflows, metrics analysis, or generated outputs (“AI Features”), you agree not to use, and not to permit others to use, the Services:

- To make or directly facilitate fully automated decisions that produce legal effects or similarly significant impacts on an individual’s rights, safety, or well-being, without meaningful human oversight.
- To provide legal, medical, clinical, financial, or other professional advice where such activities require licensed professionals under applicable law.In a manner that constitutes use as a regulated medical device or medical device software.
- For illegal gambling, real-money betting, payday lending, or other prohibited financial practices.For political campaigning, electoral manipulation, targeted persuasion, or lobbying activities.
- To generate, amplify, or disseminate misinformation, disinformation, or intentionally deceptive content.
‍
For any use case classified as high-risk or prohibited under applicable AI laws or regulations, including but not limited to:
- Biometric identification or classification
- Emotion recognition
- Safety-critical infrastructure or products
- Employment, recruitment, monitoring, or termination decisions
- Creditworthiness or insurance eligibility determinations
- Access to essential public or private services
- In healthcare, safety-critical, or regulated contexts where known or potential inaccuracies in outputs could reasonably lead to harm.

3. Human Oversight and Output Limitations
Outputs, evaluations, scores, metrics, or recommendations generated through the Services may contain inaccuracies or limitations and do not constitute legal, regulatory, medical, or compliance advice.

You are solely responsible for independently validating outputs, applying appropriate human review and judgment, and ensuring lawful and appropriate downstream use.The Services are intended to support governance, risk assessment, and assurance workflows and are not a substitute for qualified professional decision-making.

4. Enforcement and Remedies
A violation of this AUP constitutes a violation of the Agreement.Without limiting any other rights or remedies, CognitiveView may, in its sole discretion and without liability:
- Suspend or terminate access to the Services
- Disable specific features, accounts, integrations, or embedded access
- Require corrective or remedial action
- Pursue legal or equitable remedies as permitted by law

CognitiveView may investigate suspected violations and cooperate with law enforcement or regulatory authorities where required or appropriate.

5. Updates to This Policy
CognitiveView may update this Acceptable Use Policy from time to time.Continued use of the Services after an updated AUP becomes effective constitutes acceptance of the revised policy, as provided in the Agreement.</sup>