Legal
Acceptable Use Policy
Effective 2026-04-26.
1. Purpose
This Acceptable Use Policy governs the conduct permitted on Sovereignty Stack, including the AI course assistant. It forms part of the Terms of Service by reference. By using the service, you agree to the conduct described here.
The policy exists for two reasons. The first is to keep the service useful and safe for the subscribers who paid for it. The second is to keep the cost structure of the AI course assistant inside the bounds the subscription pricing assumes; uncapped use by a small number of accounts would make the assistant untenable for everyone else.
2. Account use
You agree to the following with respect to the account itself.
- One natural person per account. You may not share credentials and you may not allow another person to access the service through your account.
- You may not register multiple accounts to evade rate limits, suspensions, refund records, or trial conditions.
- You agree to maintain the confidentiality of your password and to write to us promptly if you suspect that another person has obtained it.
3. AI course assistant
The AI course assistant is the chatbot embedded on each lesson page. It is scoped to the lesson you are working on and is governed by the rules in this section.
Token budget
A daily token budget applies to the assistant per account. The budget is generous enough that an honest learner working through one lesson at the recommended pace will not see it; it is finite enough that automated scraping or jailbreak loops will hit it within minutes. The current budget is published inside the dashboard at /account/preferences.
When you reach the budget, the assistant returns a hard-cut notice and resumes the next day at the reset time (Europe / Lisbon timezone). The token budget is per natural person, not per device. Repeated patterns of attempting to exhaust the budget on purpose are treated as a breach of this policy.
Lesson-scoped context
The assistant is scoped to the lesson you are working on. It receives the body of the current lesson, the titles and key points of the immediately preceding and immediately following lessons, and (if you have explicitly enabled the personal-data toggle) your saved notes for the current lesson and the relevant diagnostic summary. It does not receive the whole course corpus, the whole site, or other subscribers' data.
You agree not to use the assistant as a general-purpose chatbot. Off-topic conversation, tasks that have nothing to do with the lesson, and attempts to use the assistant as a replacement for legal, medical, financial, or therapeutic advice all fall outside the scope of the service.
No jailbreak attempts
You agree not to attempt to extract the system prompt, not to attempt to make the assistant assume an alternative persona that contradicts its instructions, not to use prompt-injection attacks against it, and not to use it as a vector for any of the prohibited content listed in section 5.
The assistant is instructed to refuse such attempts. We log every attempt; repeated attempts result in the consequence ladder in section 6.
4. Data and automation
You agree to the following with respect to the data on the platform.
- No scraping. You may not crawl or scrape the platform with automated tools, headless browsers operating at machine speed, or any other automated means. The platform is paced to a human reader.
- No automated access. You may not use any robot, spider, scraper, or other automated tool to access the service for any purpose without our prior written permission.
- No reselling assistant output. You may not resell, sublicense, or commercially redistribute the responses you receive from the AI course assistant. The assistant is part of the curriculum, not a standalone product.
- No bulk export. You may export your own data through the data-export request procedure. You may not export other subscribers' data, the whole course corpus, the assistant's training inputs, or any other dataset that does not belong to you.
5. Prohibited content
The following content is prohibited on every surface of the service, including the AI course assistant, the chatbot conversations, the journal entries, the lesson responses, and any communication you send to support.
- Illegal content. Any content the production, possession, or distribution of which is illegal in Portugal or in your country of residence.
- Child-safety content. Any content that sexualises a minor, that depicts a minor in a sexual context, or that solicits a minor for any purpose. Such content is treated as the most serious possible breach and triggers the immediate-termination path of section 6, plus reporting to the appropriate authorities.
- Harm-to-others content. Specific instructions for the construction of weapons capable of mass casualties, specific instructions for harm to a named person, and any content that constitutes a credible threat against a person.
- Harm-to-self content. Specific solicitation of methods of suicide or serious self-injury. The course addresses self-regulation as a competency; the chatbot will redirect to support resources where you describe distress, not generate methods.
- Harassment. Targeted harassment of any person inside or outside the platform.
- Hate. Content that calls for or celebrates violence against a person or a group on the basis of race, religion, sex, sexual orientation, disability, or national origin.
- Fraud. Use of the service to commit fraud, to launder money, to evade tax, or to misrepresent identity.
6. Consequence ladder
Where we conclude that you have breached this policy, we apply one of the following consequences in proportion to the breach.
| Step | Trigger | Action |
|---|---|---|
| 1 | First minor breach (off-topic chatbot use, low-grade jailbreak attempt, single token-budget abuse pattern) | A written warning by email, with a citation to the section breached and a request to stop. |
| 2 | Repeat of the same minor breach after a warning, or a more serious first breach (concerted scraping, multiple jailbreak attempts, distribution of unlocked material) | Temporary suspension of the account for a period proportionate to the breach (typically seven to thirty days). The subscription continues to bill during the suspension; access does not. |
| 3 | Repeat after suspension, or a single serious breach (publication of course material outside the personal-use license, sale of credentials) | Termination of the account. The subscription is canceled immediately and access is revoked. Any unused portion of an annual term is refunded pro-rata at our discretion. |
| 4 | Child-safety breach, credible threat against a named person, or any other breach we judge incompatible with continued access | Immediate termination, blacklisting of the email address from future signups, and where the breach is criminal in nature, a report to the appropriate authorities. |
We exercise judgement at every step. The escalation is not mechanical; we may step directly to termination where the breach is serious enough, and we may decline to escalate where the circumstances justify leniency.
7. Appeal
You may appeal any consequence under section 6 by writing to support@mysovereigntystack.com with the words "Acceptable Use Appeal" in the subject line. The appeal should describe the action you are appealing, the basis on which you appeal, and any context you wish us to consider.
We respond within fifteen business days. The appeal is reviewed by a person who was not involved in the original action. The reviewer may uphold the action, reduce it, or reverse it. Where the action is reversed, we restore access and refund any pro-rated charge.
8. Audit log
Every action that this policy governs is recorded in our audit log. The audit log retains the actor, the action, the timestamp, the IP address, and a structured detail field. Chatbot-specific events are recorded for one year; admin-mutation events are retained indefinitely; the full retention table is in the Privacy Policy section 8 and in business-logic.md §16.
The audit log is the source of record for any consequence applied under section 6. You may request a copy of the audit-log entries that pertain to your own account through the data-subject request procedure on the support page.
9. Reporting
If you observe a breach of this policy by another subscriber, you may report it through the support page. We treat reports in confidence. We do not share the identity of a reporter with the reported account.
10. Updates
We will update this page when the conduct rules change. The effective date below tracks the most recent change. Where a change introduces a new prohibition, we apply it prospectively only; existing accounts are notified by email at least thirty days before the change takes effect.
11. Contact
For any acceptable-use question, write to support@mysovereigntystack.com or use the support page.