# Agent Vault Acceptable Use Policy

**Effective date:** [DATE]

> This AUP is incorporated into the [Terms of Service](TERMS_OF_SERVICE.md). Violating it can result in suspension or termination.

---

## You must

- Be a licensed U.S. insurance producer in good standing
- Use Agent Vault only for collecting client information related to bona-fide insurance underwriting, binding, or servicing
- Obtain the client's consent before texting or emailing them a Agent Vault link (TCPA compliance is your responsibility)
- Identify yourself accurately on your agent profile
- Maintain the security of your login credentials
- Notify security@agentvault.io of any suspected unauthorized access within 24 hours

## You must not

### Identity & licensing
- Misrepresent your identity, license number, or NPN
- Use someone else's NPN or license
- Continue using Agent Vault if your license is suspended, revoked, or expired

### Recipient consent & contact
- Send Agent Vault links to anyone who has not consented to be contacted by you
- Send links to wrong-number recipients or do "spray and pray" outreach
- Use Agent Vault for unsolicited marketing — Agent Vault is not a marketing tool

### Data and content
- Collect information for any purpose other than insurance underwriting/binding
- Use Agent Vault to collect government-issued ID images, biometrics, or medical/clinical records (the form fields don't support these, but don't try to work around it)
- Process information you are not legally authorized to process
- Share or sell client information collected via Agent Vault to third parties

### Security & technical
- Attempt to reverse-engineer, decompile, scrape, or extract source code from Agent Vault
- Bypass or attempt to bypass rate limits, 2FA, the 90-second reveal window, or any other security control
- Use bots, scripts, or automation to interact with Agent Vault without prior written permission
- Probe, scan, or test for vulnerabilities outside of our published bug-bounty / responsible-disclosure channel (security@agentvault.io)
- Use Agent Vault to relay malware, phishing payloads, or any malicious content

### Commercial restrictions
- Resell, sublicense, white-label, or re-brand Agent Vault without a separate written agreement
- Use Agent Vault to power a competing product
- Use one Agent Vault account for multiple distinct agents (each agent needs their own seat — that's how license verification works)

### Legal & ethical
- Use Agent Vault to violate any law, regulation, or court order
- Use Agent Vault to facilitate identity theft, fraud, money laundering, or any other crime
- Use Agent Vault in a way that harms minors

## What happens if you violate this policy

| Severity | Action |
|---|---|
| Minor / first offense | Email warning + 7 days to remediate |
| Repeated minor | 30-day suspension |
| Major (e.g. misrepresented license, harassment) | Immediate termination, no refund |
| Criminal (e.g. fraud, identity theft) | Immediate termination + law enforcement referral |

We may take action without prior notice when necessary to protect users, clients, or the integrity of the Service.

## Reporting abuse

If you believe someone is misusing Agent Vault — for example, impersonating an agent, sending unsolicited intake links, or attempting fraud — email abuse@agentvault.io with as much detail as you can. We will investigate.

---

*Use Agent Vault for what it was built for: helping your real, consenting clients give you the information they need to buy real insurance.*