Acceptable Use Policy
Version 1.0 - Effective 2026-07-08 - Change log
Template document: review by a qualified lawyer before commercial reliance. Not legal advice.
This Acceptable Use Policy ("AUP") forms part of the Terms of Service and applies to all use of the Whistle service by clients and their authorised users. Capitalised terms have the meanings given in the Terms of Service.
Part 1: General prohibitions
You must not use the Service, or permit it to be used, to:
- Break the law. Use the Service in any way that is unlawful in any applicable jurisdiction, or that facilitates unlawful activity by others.
- Handle prohibited content. Submit, transmit, or configure the Service to produce content that is infringing, deceptive, defamatory, or obscene.
- Send spam. Send spam or other unsolicited communications through the Service.
- Impersonate. Impersonate any person or entity, or misrepresent the origin of any communication made through the Service.
- Probe or attack. Probe, scan, or test the vulnerability of the Service, or attempt any penetration testing, without our prior written authorisation.
- Circumvent controls. Circumvent or attempt to circumvent authentication, authorisation, or rate limits.
- Bypass supported interfaces. Access the Service other than through the interfaces we support and document.
- Overload. Place unreasonable load on the Service or its infrastructure.
- Reverse engineer. Reverse engineer, decompile, or disassemble any part of the Service, except to the extent permitted by law that cannot be excluded.
- Benchmark competitively. Use the Service for competitive benchmarking or analysis intended to build or improve a competing product.
- Submit data without authority. Submit personal data that you have no authority or lawful basis to submit.
Part 2: AI-specific prohibitions
You must not use or configure the Whistle assistant to:
- Give professional advice. Provide legal, medical, or financial advice. The assistant qualifies enquiries and books meetings; it does not advise.
- Pose as a human. Present the AI as a human, or remove or obscure the AI disclosure that the widget ships with.
- Make automated decisions. Make automated decisions that produce legal effects, or similarly significant effects, for individuals. This includes any automated rejection of prospective clients: the assistant must remain configured to qualify, book, or refer to a human.
- Screen candidates. Carry out recruitment or employment screening, which would be a high-risk use under the EU AI Act, Annex III 4(a).
- Perform prohibited or high-risk AI uses. Carry out any use classified as prohibited or high-risk under the EU AI Act (Regulation (EU) 2024/1689) or equivalent applicable law.
- Attack the model. Attempt prompt-injection, jailbreak, or model-extraction techniques against the assistant or its underlying models.
- Manipulate. Deploy manipulative or deceptive interaction patterns, including techniques prohibited by Article 5 of the EU AI Act.
- Process children's data knowingly. Knowingly collect or process personal data of children through the Service.
Client obligations
In addition to the prohibitions above, you must:
- Maintain your own privacy notice covering the intake data collected through the widget, as required by the EU GDPR and UK GDPR, using or adapting the wording we supply.
- Deploy the consent wording as supplied in the onboarding pack, without material alteration, unless we have agreed changes in writing.
- Not instruct or configure the assistant to solicit special-category data through free-text prompts. Where visitors volunteer such data unprompted, it is handled under the Data Processing Agreement.
Enforcement
We may suspend or terminate the Service for material breach of this AUP. Where a breach causes or risks serious harm (for example, to individuals, to other clients, or to the security of the Service), suspension may be immediate. We give notice of enforcement action where practicable and work with you in good faith to restore service once the breach is remedied.
Questions about whether a planned use is permitted can be sent to us by email before deployment; see also the AI Transparency Notice and the Terms of Service.
This document is a template and must be reviewed by a qualified lawyer before commercial reliance. It is not legal advice.