Acceptable Use Policy

Content that is unlawful under Australian law or the law of a jurisdiction relevant to the Customer or the End Client. This includes content that infringes copyright, trade marks, designs, patents, confidential information, trade secrets, moral rights or any other intellectual property right, and content that is defamatory, misleading, deceptive or that constitutes a serious invasion of privacy.

Any material that depicts, describes or solicits child sexual abuse, child exploitation or the sexualisation of a person under 18 years of age, including material captured by the offences in Divisions 272, 273 and 474 of the Criminal Code Act 1995 (Cth) and equivalent offences in other jurisdictions. There is no permitted use of the Platform for this material in any form, including for purposes described as research or analysis.

Content that promotes, incites, instructs or provides material support for a terrorist act within the meaning of Part 5.3 of the Criminal Code Act 1995 (Cth), and abhorrent violent material within the meaning of the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 (Cth). Material that depicts terrorist acts, murder, attempted murder, torture, rape or kidnapping in a way that a reasonable person would regard as offensive falls within this category.

Intimate images or recordings shared without the depicted person’s consent, content that is the subject of a removal notice under the Online Safety Act 2021 (Cth), and content created or modified using synthetic media techniques to depict a person in a sexual context without that person’s consent.

Material that glorifies, incites or provides operational instruction for serious violence against a person, including content that breaches Division 80 (urging violence) of the Criminal Code Act 1995 (Cth).

Content that constitutes unlawful discrimination, vilification or harassment within the meaning of the Racial Discrimination Act 1975 (Cth), the Sex Discrimination Act 1984 (Cth), the Disability Discrimination Act 1992 (Cth), the Age Discrimination Act 2004 (Cth) and equivalent State and Territory legislation. This includes content reasonably likely to offend, insult, humiliate or intimidate a person or group on the basis of a protected attribute.

Personal Information, including sensitive information and health information, where the Customer does not have a lawful basis under the Privacy Act 1988 (Cth) or other applicable privacy law to collect, use or disclose that information by way of the Platform. The Customer remains the controller of Customer Data it places in a Space and warrants that each upload is supported by a lawful basis.

Accessing, attempting to access, modifying or impairing any part of the Platform, any Donna system or any third party system, in a manner that is not expressly permitted by Donna. Conduct in this category may attract liability under Part 10.7 of the Crimes Act 1914 (Cth), the Computer Misuse Act 1990 (UK) or the Computer Fraud and Abuse Act in the United States.

Bypassing, disabling or interfering with authentication, authorisation, rate limiting, audit logging, content moderation or any other security or governance control implemented by Donna. Sharing access credentials between people, using a single Authorised User account for more than one natural person, or operating an account on behalf of a person who has been suspended.

Uploading, transmitting or distributing through the Platform any virus, worm, trojan, ransomware, spyware, keylogger or other code intended to cause harm, disrupt operation, gain unauthorised access or exfiltrate data.

Conducting penetration testing, vulnerability scanning, fuzzing, denial of service testing, prompt injection campaigns or red-team exercises against the Platform or any Donna system without Donna’s prior written consent. Section 8 sets out the responsible disclosure programme for good-faith research.

Generating volumes of requests that exceed the published or contractually agreed limits, distributing traffic across multiple accounts to defeat per-account limits, or using automation to circumvent throttling, queueing or fair-use protections.

Decompiling, disassembling or reverse engineering the Platform, or using crawlers, scrapers or harvesting tools to collect content, prompts, Outputs, telemetry or other material from the Platform other than as expressly permitted in writing.

Using the Platform to develop, train, evaluate or benchmark a product that competes with the Platform, or publishing comparative performance data about the Platform without Donna’s prior written consent.

Reselling, sublicensing, time-sharing or otherwise making the Platform available to a third party as a hosted or managed service, except to the extent the Platform is provided to End Clients within Spaces in accordance with the Platform Agreement.

The Customer must not rely on, or permit any Authorised User or End Client to rely on, an Output as a substitute for legal advice provided by an admitted legal practitioner. Outputs are working product. They must be reviewed, corrected and adopted by a qualified practitioner before they are issued, filed, lodged or relied upon for any legal purpose.

The Customer must not deploy the Platform, or any product built on the Platform, to render legal advice direct to members of the public outside an established lawyer-client relationship. This prohibition specifically extends to chat-bot or virtual-assistant front ends that surface Outputs to consumers without practitioner review of each response. Where the Customer offers any consumer-facing service powered by the Platform, an admitted legal practitioner must review each Output before it is communicated to the consumer.

The Customer must not use the Platform to make a fully automated decision that produces legal effects concerning a natural person, or that significantly affects a natural person’s rights, opportunities or access to services, without meaningful human supervision by a qualified person. Where any element of an Output forms part of such a decision, a human reviewer must be capable of, and accountable for, accepting, rejecting or modifying the Output before it is acted upon.

The Customer must not use the Platform to generate or distribute synthetic media that impersonates a judicial officer, regulator, court, tribunal, government agency, counterparty, witness or any other identifiable person, where the synthetic character of the media is not clearly disclosed and the relevant person has not consented. Lawful and clearly disclosed uses of synthetic media for training, simulation or demonstration are permitted where the depicted persons have consented.

The Customer must not attempt to extract, reconstruct or otherwise obtain the weights, parameters, training data, system prompts or internal representations of any model used by or made available through the Platform, including by means of adversarial prompting, model inversion, membership inference or distillation techniques.

The Customer must not use Outputs, prompts, telemetry or any other material obtained from the Platform to train, fine-tune, evaluate or align a machine learning model that competes with the Platform or with any service offered by Donna’s Subprocessors, including Microsoft Corp, OpenAI L.L.C., Anthropic PBC or Mistral AI SAS.

The Customer must not use the Platform to perform biometric categorisation of natural persons, including the inference of race, political opinions, trade union membership, religious or philosophical beliefs, sex life or sexual orientation. The Customer must not use the Platform to evaluate or classify natural persons over a period of time on the basis of social behaviour or known, inferred or predicted personal characteristics in a way that would constitute social scoring.

The Customer must not use the Platform to assess a natural person’s creditworthiness, employability, access to insurance, access to housing, access to education or access to other essential services, unless a qualified human reviewer is in the loop on every decision and the Customer has independently confirmed that its use complies with all law applicable to it. This is a blanket Donna policy. It applies whether or not the EU AI Act applies to the Customer.

Donna operates a responsible disclosure programme. The published scope, the permitted testing techniques and the safe harbour terms are set out at /security. Researchers acting in good faith and within the published scope must:

• Test only against accounts and resources that they own or that have been specifically authorised by Donna for testing.
• Avoid degradation of service for any other customer, avoid privacy violations, and refrain from accessing, modifying or exfiltrating Customer Data beyond the minimum needed to demonstrate the issue.
• Provide Donna with a reasonable opportunity to investigate and remediate before publishing any details of the finding.

Donna will not pursue civil or criminal action under the Crimes Act 1914 (Cth) or equivalent overseas laws against a researcher who acts in good faith and within the published scope.