Acceptable Use Policy

Last updated: 19 March 2026 — Version 1.0
Important: This Acceptable Use Policy ("AUP") forms part of your agreement with ITLOX and applies to all products including AegisWire, AegisWire VPN, SynthLabTech, CareOSP, and the itlox.com website. Violation of this AUP may result in immediate suspension or termination of your access without refund.

1. Purpose and Scope

This Acceptable Use Policy sets out the rules governing permitted and prohibited uses of all services, platforms, APIs, and software provided by ITLOX ("Services"). It applies to all users, including individuals, enterprise customers, resellers, and any party accessing ITLOX Services directly or through a third party. By using any ITLOX Service, you agree to comply with this AUP. This AUP is incorporated by reference into the ITLOX Terms of Service.

2. General Principles

You must use ITLOX Services only for lawful purposes and in a manner that does not infringe the rights of any third party or restrict or inhibit any person's use and enjoyment of the Services. You are responsible for all activity on your account, including activity by any employee, contractor, or agent accessing the Services using your credentials.

3. Prohibited Conduct — General

You must not use any ITLOX Service to:

  • Violate any applicable local, national, or international law or regulation
  • Infringe any copyright, trademark, patent, trade secret, privacy right, or other intellectual property right of any person or entity
  • Transmit, distribute, store, or process any content that is illegal, harmful, threatening, abusive, harassing, defamatory, obscene, invasive of another's privacy, or otherwise objectionable
  • Engage in any form of fraudulent activity, including misrepresenting your identity or affiliation
  • Impersonate any person or entity, including ITLOX staff, or falsely represent your affiliation with any organisation
  • Harvest, scrape, or collect personal data about other users or third parties without their consent
  • Engage in unsolicited commercial communications (spam) via email, messaging, or any other medium
  • Facilitate, assist, or enable any third party to commit any of the above acts

4. Prohibited Conduct — Security and Network

You must not use ITLOX Services (including AegisWire and AegisWire VPN) to:

  • Conduct, facilitate, or assist any form of cyberattack, including distributed denial-of-service (DDoS) attacks, port scanning, network intrusion, man-in-the-middle attacks, or credential stuffing against systems you do not own or have explicit written authorisation to test
  • Distribute malware, ransomware, spyware, adware, trojans, rootkits, keyloggers, phishing pages, or any other malicious or harmful software
  • Circumvent, bypass, or disable the access controls, authentication systems, rate limiting, or security measures of any system, network, or service
  • Exploit vulnerabilities in ITLOX or third-party systems for any purpose beyond responsible disclosure to the affected party
  • Conduct unauthorised penetration testing, red teaming, or security research against systems belonging to third parties
  • Use ITLOX VPN services to conceal illegal activity or to evade detection by law enforcement where such evasion is itself unlawful
  • Interfere with or disrupt the integrity or performance of ITLOX infrastructure, servers, networks, or other customers' use of the Services
  • Attempt to gain unauthorised access to ITLOX systems, other customer accounts, or ITLOX administrative interfaces

5. Prohibited Conduct — AI and Synthetic Data (SynthLabTech)

You must not use SynthLabTech or any ITLOX AI capability to:

  • Generate synthetic data that is designed to deceive, mislead, or defraud individuals, organisations, or authorities
  • Create deepfakes, fabricated media, false identities, or misleading datasets intended to manipulate or cause harm
  • Train models on data you do not have the right to use, including data collected in violation of applicable data protection law or third-party intellectual property rights
  • Generate content that constitutes hate speech, incitement to violence, child sexual abuse material (CSAM), or content that is otherwise illegal in any applicable jurisdiction
  • Attempt to reverse-engineer, extract, or reconstruct real personal data from synthetic datasets in a way that constitutes a data protection breach
  • Use synthetic data in regulated applications (healthcare, finance, law enforcement, critical infrastructure) without ensuring compliance with all applicable regulatory requirements
  • Misrepresent AI-generated or synthetic outputs as real, independently verified, or human-generated where such misrepresentation would be harmful or misleading

6. Prohibited Conduct — Healthcare (CareOSP)

CareOSP is a Healthcare Operating System Platform intended for use by qualified healthcare organisations and professionals. You must not:

  • Use CareOSP to process patient data unless your organisation holds the required regulatory authorisations and has appropriate governance, consent mechanisms, and data processing agreements in place
  • Rely on CareOSP outputs as the sole basis for clinical decisions without appropriate clinical oversight and human review
  • Deploy CareOSP in a clinical context without ensuring compliance with CQC (UK), FDA (US), CE marking (EU), or equivalent applicable regulatory requirements
  • Provide access to CareOSP to individuals not authorised under your organisation's data governance framework

7. Intellectual Property

You must not:

  • Reverse engineer, decompile, disassemble, or attempt to derive source code from any ITLOX software, algorithm, or model
  • Remove, obscure, or alter any proprietary notices, copyright notices, or trademarks in ITLOX products or documentation
  • Use ITLOX trademarks, service marks, logos, or trade names in any manner that suggests endorsement, affiliation, or sponsorship without our prior written consent
  • Create derivative works based on ITLOX software or documentation without a separate written licence
  • Resell, sublicense, or commercially exploit ITLOX services without a formal written reseller or partner agreement

8. Account and Access Security

  • You must not share your account credentials with unauthorised parties or allow multiple individuals to use a single-user account simultaneously in a manner that violates your subscription terms
  • You must not attempt to access other customers' accounts or data
  • You must report any security incident, vulnerability, or suspected breach to security@itlox.com promptly and responsibly
  • You must not attempt to disclose, publish, or exploit security vulnerabilities affecting ITLOX before we have had a reasonable opportunity to remediate them

9. Export Controls and Sanctions

ITLOX products and services may be subject to export control laws and regulations, including UK Export Control regulations, US Export Administration Regulations (EAR), and relevant sanctions administered by OFAC, HM Treasury, and other authorities. You must not use ITLOX services in violation of applicable export control or sanctions laws. This includes using the services in, or for the benefit of, any sanctioned country, territory, entity, or individual. You represent and warrant that you are not located in, incorporated under the laws of, or under the control of a government of a sanctioned country, and that you are not on any applicable sanctions list.

10. Reporting Violations

If you become aware of any violation of this AUP by any person, or if you discover a security vulnerability in any ITLOX product, please report it to:

AUP violations and abuse reports: abuse@itlox.com

Security vulnerabilities (responsible disclosure): security@itlox.com

Legal notices: legal@itlox.com

11. Enforcement

ITLOX reserves the right to investigate any suspected violation of this AUP. In response to violations, we may, at our sole discretion and without limiting any other available remedies:

  • Issue a warning
  • Temporarily suspend access to all or part of the Services
  • Permanently terminate your account without refund
  • Remove or disable access to content that violates this AUP
  • Report suspected criminal activity to law enforcement authorities
  • Cooperate with law enforcement investigations and provide information as required by law
  • Pursue civil remedies for damages, injunctive relief, and legal costs

ITLOX is not obligated to monitor all use of the Services but may do so to enforce this AUP, comply with legal obligations, or protect the integrity of its infrastructure.

12. Changes to This Policy

We may update this AUP from time to time. Material changes will be notified to active subscribers via email with at least 14 days notice before the changes take effect. Continued use of ITLOX Services after the effective date of an updated AUP constitutes your acceptance of the changes.