Acceptable Use Policy

Introduction

This Acceptable Use Policy ("AUP") describes the conduct we require from everyone who accesses or uses ChronoLedger (the "Service"). It applies in addition to our Terms of Use and forms part of the Agreement between you and us. Capitalised terms not defined here take the meaning given in the Terms of Use.

We may update this AUP from time to time to address new abuse patterns and emerging legal requirements. Updates take effect on publication.

The goal is simple: keep ChronoLedger useful, lawful, secure, and respectful for the agencies, freelancers, employees, and clients who rely on it for billable time-tracking. Violations damage other customers and damage us; we enforce this AUP rigorously.

Prohibited content & activities

You must not use the Service to:

• upload, store, or transmit content that is unlawful, infringing, defamatory, obscene, abusive, harassing, or that depicts the sexual exploitation of minors;
• harass, threaten, intimidate, dox, stalk, or discriminate against any person, including on the basis of any characteristic protected by applicable law;
• process personal data without a lawful basis, in violation of applicable privacy law, or in a manner that circumvents the rights of a Data Subject;
• impersonate another natural or legal person, falsely state your affiliation with any entity, or impersonate a ChronoLedger team member;
• distribute malware, ransomware, phishing kits, exploit code, or links to credential-harvesting sites;
• promote or facilitate fraud, money laundering, terrorist financing, sanctions evasion, tax evasion, or other financial crime;
• upload content that infringes a third party's intellectual-property right, including copyright, trademark, trade-secret, patent, right of publicity, or right of privacy;
• use the Service to operate a parallel timekeeping product, white-label our brand, build a service that competes with the Service, or train any AI / ML model on data extracted from the Service;
• encourage, solicit, or facilitate any of the above by any other person.

System & resource abuse

You must not interfere with the Service or its infrastructure. In particular, you must not:

• probe, scan, or test for vulnerabilities except under our published responsible-disclosure programme — see /.well-known/security.txt;
• conduct any penetration test, fuzzing, denial-of-service, or stress test against the Service without our prior written authorisation;
• bypass, disable, or otherwise circumvent rate limits, quotas, token-based metering, or geographic restrictions;
• use scrapers, bots, headless browsers, or any other automation that materially exceeds normal interactive use, except via the agent API in compliance with the AI / agent API obligations below;
• attempt unauthorised access to other workspaces, accounts, infrastructure, source code, or backend systems;
• generate excessive load on our APIs or storage in a way that affects other customers or our ability to provide the Service;
• reverse engineer, decompile, or disassemble the Service, or attempt to derive source code or trade-secret information from the Service, except where such restriction is prohibited by applicable law and only to the minimum extent necessary;
• introduce code or data that materially degrades the integrity, security, or performance of the Service.

We may impose technical safeguards — request throttling, queueing, challenge presentation (including via Cloudflare Turnstile), temporary suspension, or other proportionate measures — to protect the Service. Where reasonably practicable and not contrary to a law-enforcement direction, we will notify the Workspace Owner before taking non-emergency action.

AI / agent API obligations

Where you connect a third-party automated system to the Service via the agent API (including any large language model, workflow agent, or similar tool), the obligations in the Agent API and customer-side AI section of the Terms of Use apply, and you in particular agree:

• to disclose to your employees, contractors, and clients the use of the AI system and its role in any decision affecting them, where required by GDPR Article 13 / 14 / 22 or any equivalent law applicable to you;
• not to use the Service to take a final adverse employment, compensation, or contractual action solely on the basis of an AI output without human review;
• to maintain a documented human-in-the-loop process for any AI-driven decision affecting a natural person within the meaning of EU AI Act Annex III §4 or any equivalent law applicable to you;
• to indemnify ChronoLedger against any claim arising from your use of the agent API or from the operation of any automated system you connect to the Service, as set out in the indemnification clause of the Terms of Use.

Workspace members under 16

ChronoLedger is intended for use by adults in a professional capacity. Where the Workspace Owner invites a person under the age of 16 to the workspace — for example, a 15-year-old apprentice or a summer hire — the Workspace Owner is solely responsible for obtaining any parental or legal-guardian consent required under applicable law, including under GDPR Article 8 and any national transposition or higher local age threshold.

We may, at any time and at our discretion, suspend any workspace that we have reason to believe is processing the personal data of a person under 16 without a documented lawful basis.

Reporting violations

If you believe content or activity on ChronoLedger violates this AUP, report it to abuse@chrono-ledger.com with as much detail as possible: the workspace identifier, the URL or resource, the nature of the violation, and any supporting evidence. For copyright concerns, please include a notice that meets the requirements of the relevant copyright law (for example, the elements of a notice under 17 U.S.C. § 512(c)(3)(A) for U.S. claims). For security vulnerabilities, see the responsible- disclosure programme at /.well-known/security.txt.

We treat reports confidentially, may follow up for clarification, and will action verified reports proportionately. Reporters do not receive ongoing case updates except where required by law or by our internal policy.

Enforcement procedure

We may, at our sole discretion and proportionate to the severity and recurrence of the violation, take any of the following actions:

• warn the Workspace Owner;
• require remediation within a stated time;
• remove or restrict access to specific content or features;
• throttle or rate-limit specific endpoints or actions;
• suspend the workspace, in whole or in part, with or without prior notice;
• terminate the Agreement and the workspace under the Termination clause of the Terms of Use;
• report the conduct to law enforcement, regulators, payment-processor partners, or industry partners.

Where we take a non-emergency enforcement action, we will, where reasonably practicable, give the Workspace Owner written notice that includes (a) the AUP clause we consider violated, (b) a summary of the conduct alleged to violate it, and (c) the action we are taking or propose to take. We are not obliged to disclose evidence the disclosure of which would compromise an ongoing investigation, expose a third-party reporter, or be contrary to law.

Where there is an imminent risk of harm to people, third parties, the Service, or our other customers, or where required by a law- enforcement direction, we may act without prior notice and provide retroactive notice within a reasonable period.

Repeated, severe, or coordinated violations result in termination without refund. We may report the conduct to relevant authorities, and we may share with payment processors, fraud-detection services, and industry partners information necessary to prevent recurrence.

Appeals

The Workspace Owner of an account that has been subject to a non-emergency suspension or termination may appeal in writing to legal@chrono-ledger.com within 14 days of receiving notice. The appeal must:

• identify the workspace and the action appealed;
• state the AUP clause cited and explain why the action is not, in your view, justified;
• attach any evidence the Workspace Owner wishes to be considered.

Appeals are reviewed by a member of our team who was not the original decision-maker and resolved within 30 days of receipt. The reviewer's decision is final under this AUP and is without prejudice to any right you may have under applicable law. Pending the outcome of an appeal, the original action remains in force.

Workspace-ownership disputes

Where two or more parties claim to be entitled to a workspace — for example, an organisation and an individual who registered the workspace under a personal email — we are not a party to the dispute and do not adjudicate. On receipt of a credible written dispute notice, we may freeze the workspace in read-only mode for up to 30 days to allow the parties to resolve the matter between them or to obtain a court order. We will release the freeze on written instruction signed by all claimants, on production of an order from a court of competent jurisdiction, or on expiry of the 30-day period (in which case the workspace remains under the control of the existing email of record). We may extend the freeze in our discretion where a dispute is escalating.