EverWellAI — Acceptable Use Policy (AUP)

Effective date: 26th October 2025

By continuing, you confirm your use complies with EverWellAI’s Acceptable Use Policy and Terms. Unauthorised or unlawful use is prohibited.

Who this applies to: All customers, administrators and authorised users of EverWellAI (“you”) and anyone accessing our website, apps, APIs or services (“Service”). This AUP is incorporated into the Terms of Service and Data Processing Addendum (DPA). If you do not agree with this AUP, do not use the Service.

1) Purpose

To ensure lawful, safe and respectful use of EverWellAI, especially where the Service is used to record staff supervision sessions, transcribe audio (ASR) and generate documentation that may reference children or special category data (e.g., health).

2) Your responsibilities

  • Use the Service lawfully and in line with UK GDPR, the DPA 2018 and sector guidance (e.g., ICO workplace monitoring).

  • Ensure you have a lawful basis, notices and (where required) a DPIA/LIA before recording or uploading supervision content.

  • Keep accounts secure (MFA/SSO where available); do not share credentials.

  • Upload only the data that is necessary, configure retention and access controls, and review AI outputs before use.

3) Recording & monitoring rules

  • Transparency first: Provide clear, timely notices to staff (and any other recorded participants) before recording.

  • No covert recording through the Service.

  • Local law/policy: Follow your organisation’s policies and any union/works council agreements.

  • If recordings may capture special category data or children’s information, ensure applicable Art. 9 condition(s) and an Appropriate Policy Document (DPA 2018 Sch. 1).

4) Children’s data & safeguarding

  • Only include children’s information where it is necessary for supervision records.

  • Apply stricter access, shorter retention, and redaction where feasible.

  • If you become aware of an immediate risk of serious harm, use the appropriate safeguarding channels; the Service is not an emergency reporting tool.

5) Prohibited content & conduct

You must not use the Service to:

  • Break the law, infringe IP, privacy, or other rights, or facilitate unlawful acts.

  • Upload, generate, or share:

    • child sexual abuse/exploitation material (zero tolerance);

    • content that is harassing, discriminatory, or incites violence;

    • malware or code intended to disrupt systems.

  • Attempt to bypass security, probe, scan, or test the Service or its Sub-processors without written permission.

  • Reverse engineer or extract model weights, training data or confidential prompts; perform prompt-injection to exfiltrate secrets.

  • Circumvent rate limits, abuse free tiers, or perform excessive high-volume scraping, bulk downloads or automated queries beyond your plan.

  • Use the Service to make solely automated decisions with legal or similarly significant effects on individuals without appropriate safeguards and human oversight.

6) AI/ASR usage standards

  • Human review is required. AI outputs (summaries, notes, drafts) are assistive and may contain errors or hallucinations.

  • Data minimisation: do not include unnecessary identifiers (especially for children or third parties).

  • No model training: Do not attempt to enrol customer content into model training or analytics outside controls provided by EverWellAI.

  • No sensitive inference at scale (e.g., attempting to infer protected characteristics) without a documented legal basis and safeguards.

7) Security & account hygiene

  • Enable MFA/SSO for admins and privileged users where supported.

  • Keep devices patched; use strong, unique passwords; do not share accounts.

  • Store secrets (API keys, webhooks) securely; rotate on suspicion of compromise.

  • Report incidents or suspected abuse immediately to security@everwellai.co.uk (or your usual support channel).

8) Data handling, retention & environments

  • Use production data only in production; do not post personal data to general support tickets or chat—use secure channels provided (or redact).

  • Configure retention so raw audio is kept only as long as necessary (e.g., until transcription verification), and transcripts align to your corporate schedule.

  • Honour data subject rights requests via your controller processes; EverWellAI will assist as Processor under the DPA.

9) API, automation & integrations

  • Use only documented APIs and headers; respect rate limits and fair-use caps tied to your plan.

  • Do not build tools that enable third parties to use the Service without an appropriate agreement or licence.

  • Webhooks/integrations you configure must not forward personal data to destinations without appropriate contracts and safeguards.

10) Public sector & regulated use (where applicable)

  • Follow your authority’s security policies (e.g., OFFICIAL data handling), Cyber Essentials Plus, and any local DBS/BPSS personnel requirements.

  • Accessibility: aim to use the Service in line with WCAG 2.2 AA constraints and report issues for remediation.

  • Transparency & FOIA/EIR: contractual publication and audit rights are governed by the Terms/Public Sector Supplement.

11) Fair use & throttling

To protect service quality, EverWellAI may rate limit, throttle, or suspend activity that materially degrades the Service or exceeds plan limits (e.g., excessive concurrent transcriptions/LLM calls, burst traffic, or abnormal API patterns).

12) Vulnerability disclosure

We welcome good-faith security research under a co-ordinated disclosure approach.

  • Do not access data you do not own; avoid service disruption or privacy harm.

  • Report findings to security@everwellai.co.uk with details; do not publicly disclose before remediation timelines agreed with us.

13) Sanctions & export control

You must not use the Service in violation of UK sanctions or export control laws, or to support prohibited end-uses.

14) Enforcement

Violations may result in warnings, temporary suspension, feature restrictions, or termination (per the Terms). We may remove or restrict access to content that breaches this AUP and, where required by law (e.g., child protection), report to competent authorities.

15) Changes to this AUP

We may update this AUP for legal, security or operational reasons. For paid subscriptions, material changes will be notified to admins in line with the Terms of Service.

16) Contact

  • Abuse/security incidents: security@everwellai.co.uk

  • Privacy/data protection: privacy@everwellai.co.uk

  • General support: support@everwellai.co.uk