Acceptable Use Policy

Last Updated: 2026-05-24

This Acceptable Use Policy ("AUP") sets out the rules that govern your use of the MainBook service ("Service") provided by Human Beyond LLC ("MainBook", "we", "us", "our"). This AUP is incorporated by reference into our Terms of Service, and violation of this AUP is a material breach of those Terms.

Capitalized terms not defined here have the meanings given in the Terms of Service.

This AUP applies to any use of the Service, including use through any Account, guest access, free tier, paid tier, API, or integration.

1. Document Authority

You must have full legal authority to process every document you upload. Specifically, you may upload only documents that:

(a) you own;

(b) belong to your client (where you are a bookkeeper, accountant, certified public accountant, tax preparer, financial advisor, or other authorized professional) and you have the client's authorization to use the Service for that client's documents; or

You may not upload any document you do not have legal authority to process, regardless of how the document was obtained.

2. Document Integrity

You may not upload, submit, or process through the Service any document that is:

(a) forged, fabricated, falsified, altered to misrepresent its source or content, or otherwise not a genuine record from the financial institution that purports to have issued it;

(b) created or altered for the purpose of deceiving any third party (including but not limited to lenders, landlords, employers, tax authorities, courts, regulators, or insurance companies);

(d) the subject of a court order, subpoena, or legal hold that limits or prohibits its use through the Service.

Using the Service to create, edit, validate, or process fabricated or altered financial documents is strictly prohibited and is a material breach of these Terms. We may report any apparent or attempted document fraud to law enforcement and to affected third parties.

3. Prohibited Industries and Activities

The Service is operated using payment infrastructure provided by Stripe, Inc. As a Stripe merchant, we are required to prohibit certain business categories. You may not use the Service in connection with, or for the benefit of, any of the following business categories (this list mirrors and incorporates by reference the Stripe Restricted Businesses list, as updated from time to time):

(a) gambling, betting, lotteries, sweepstakes, fantasy sports for real money, and similar activities;

(b) adult content or services (including but not limited to pornography, prostitution, escort services, pay-per-view adult entertainment, sexual massages, fetish services, mail-order brides, adult live-chat features, and pay-per-call lines that are sexually oriented);

(c) drugs, drug paraphernalia, marijuana products (including CBD products to the extent prohibited by Stripe), or pharmaceuticals offered without a valid prescription;

(d) weapons, ammunition, explosives, fireworks, and accessories or modifications intended for use in committing violence;

(e) get-rich-quick or high-yield investment schemes; pyramid, multi-level marketing, or matrix schemes; chain letters; pyramid-based franchise schemes; promises of fast money; high-reward investment claims;

(f) suspicious remote technical support; remote desktop scams; tech-support scams;

(g) document falsification services, identity-document services intended to deceive, services that purport to "boost" credit by manipulation or fabrication, and similar services;

(h) card testing, transaction laundering, money laundering, structuring, or any service whose principal use is the processing of fraudulent transactions;

(i) any other unfair, deceptive, predatory, or unethical business that we, in our sole judgment, determine should be prohibited;

(j) any other category prohibited by our payment processor or any other vendor on whose terms the Service relies.

If you are unsure whether your intended use of the Service is within a prohibited category, contact us at hello@human-beyond.ai before proceeding.

4. Regulated-Industry Exclusion

The Service is not tailored to comply with, and you may not use the Service for any use that is subject to:

(a) the Health Insurance Portability and Accountability Act ("HIPAA") or its Protected Health Information ("PHI") requirements;

(b) the Gramm-Leach-Bliley Act ("GLBA") or its Non-public Personal Information ("NPI") requirements (the Service is intended for personal use of statements by their owners, or for use by professionals processing their clients' personal statements; it is not designed for use by a "financial institution" within the meaning of the GLBA processing customer information of consumers);

(d) the Payment Card Industry Data Security Standard ("PCI-DSS") with respect to cardholder data of third parties;

(e) the Sarbanes-Oxley Act ("SOX") with respect to public-company internal-controls obligations;

(f) the Family Educational Rights and Privacy Act ("FERPA") or its educational-records requirements;

(g) the Children's Online Privacy Protection Act ("COPPA") (the Service is intended for users eighteen (18) years of age or older only).

If your use of the Service would be subject to any such law, you may not use the Service.

5. Prohibited High-Stakes Automation

You may not use the Service, or any Output of the Service, to automate or substitute for human judgment in any decision that has legal or material consequences for any person, without independent human review by a licensed or qualified professional. High-stakes decisions include but are not limited to:

(a) financial activities and credit decisions (including but not limited to credit underwriting, loan approval, account opening, denial of service, or risk-based pricing);

(b) tax filings, tax-return preparation, audit responses, or any communication with a tax authority;

(d) regulatory submissions, compliance certifications, or any communication with a regulator;

(e) legal proceedings (including litigation discovery, evidentiary submissions, and discovery responses);

(f) medical decisions and health-care assessments;

(g) employment decisions (including hiring, firing, promotion, compensation, or discipline);

(h) housing decisions (including approval or denial of rental applications, mortgage applications, or tenant screening);

(i) insurance decisions (including underwriting, denial, or rate-setting);

(j) educational decisions (including admissions, scholarships, or financial aid);

(k) essential government services or eligibility determinations;

(l) product-safety components or critical-infrastructure decisions;

(m) national-security, migration, or law-enforcement decisions.

6. Geographic and Sanctions Compliance

You may not access or use the Service from, or for the benefit of any person or entity in:

(a) Cuba, Iran, North Korea, Syria, or the Crimea, Donetsk, or Luhansk regions of Ukraine;

(b) any other jurisdiction subject to comprehensive U.S. sanctions; or

(c) any person or entity on a restricted-party list maintained by the United States, the United Kingdom, the European Union, or the United Nations (including but not limited to the U.S. Office of Foreign Assets Control "SDN" list, the U.S. Bureau of Industry and Security Entity List, and the EU consolidated list).

You may not use the Service to violate any applicable export-control, sanctions, or anti-money-laundering law.

7. Account and Authentication

7.1 One Account per person. You may not maintain more than one Account.

7.2 Sharing prohibited. You may not share your Account credentials with, or allow access by, any other person, except that an entity-level Account may be used by employees, contractors, or agents of that entity acting within the scope of their employment or engagement.

7.3 No bypass. You may not create multiple Accounts, use multiple devices, alter device fingerprints, use VPNs or proxies in a manner designed to bypass our anti-abuse measures, or otherwise attempt to bypass, defeat, or circumvent any guest-tier limit, free-tier limit, anti-fraud measure, rate limit, or other access control we apply to the Service.

7.4 Identity. You may not impersonate any other person or entity, misrepresent your affiliation with any person or entity, or use false identity information to register an Account or to use the Service.

8. Technical Abuse

You may not:

(a) interfere with or disrupt the Service, the servers or networks connected to the Service, or any other user's use of the Service;

(b) attempt to gain unauthorized access to the Service or to any related systems, accounts, or data, by any means including but not limited to credential stuffing, SQL injection, cross-site scripting, cross-site request forgery, server-side request forgery, command injection, path traversal, or other technical attack;

(c) probe, scan, or test the vulnerability of the Service or its infrastructure other than as part of a responsible-disclosure submission to security@human-beyond.ai (or as may be authorized by us in writing);

(d) reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, prompts, model configurations, or other internal structure of the Service, except to the extent expressly permitted by mandatory applicable law;

(e) use any automated means (scrapers, bots, spiders, crawlers, headless browsers) to access the Service, except as expressly permitted in writing by us or by a publicly documented API;

(f) submit content that contains malware, viruses, ransomware, worms, trojans, time bombs, or other malicious code;

(g) overload, throttle, or otherwise abuse the Service in a manner not consistent with normal individual use;

(h) attempt to extract, copy, or train any model on, our prompts, system instructions, model configurations, or other proprietary information of the Service.

9. Prohibited Use to Train Competing AI

You may not use the Service, the Output, or any data obtained through the Service to train, develop, fine-tune, evaluate, benchmark, or improve any AI, machine-learning, or large-language-model product, service, or model that competes with the Service or with our AI sub-processors' offerings, whether directly or indirectly.

10. Communication Abuse

You may not use the Service or any communication channel associated with the Service to:

(a) send spam, unsolicited commercial communications, or content in violation of the CAN-SPAM Act, the Telephone Consumer Protection Act, the EU ePrivacy Directive, the Canadian Anti-Spam Legislation, or any analogous law;

(b) send abusive, harassing, threatening, defamatory, obscene, or hateful communications;

11. Reporting Violations

If you become aware of a violation of this AUP by any other user, please report it to hello@human-beyond.ai with a clear description of the violation and any supporting evidence.

If you become aware of a security vulnerability in the Service, please report it to security@human-beyond.ai (responsible disclosure) before any public disclosure, and allow us a reasonable opportunity to investigate and remediate.

12. Enforcement

12.1 Sole discretion. We may investigate, suspend, restrict, or terminate access to the Service, any Account, or any feature of the Service at any time, with or without notice, at our sole discretion, where we have a reasonable belief that you have violated, are violating, or are about to violate this AUP, the Terms of Service, any other policy referenced in the Terms of Service, or any applicable law.

12.2 Available remedies. Our remedies include (without limitation): warning; rate-limiting; feature restriction; Account suspension; Account termination; forfeiture of unused Credits (consistent with Section 4 of the Refund Policy); refusal of future service; deletion of offending content; legal action; referral to law enforcement; cooperation with any third party (including any of your clients) whose rights have been infringed.

12.3 No cure period. We are under no obligation to provide notice, an opportunity to cure, or any other process before suspending or terminating your Account or access to the Service in response to a suspected violation of this AUP. This is in recognition of the urgency required to protect the Service, other users, and third parties.

12.4 No waiver. Our failure to take action in any specific case is not a waiver of our right to take action in any other case.

12.5 Cooperation with law enforcement and third parties. We may, in our sole discretion, cooperate with law enforcement, regulators, or affected third parties (including the financial institutions whose statements are involved) in any investigation involving suspected violation of this AUP, including by sharing relevant Account, Content, and processing records.

13. Indemnification

Without limiting any other provision of the Terms of Service, you agree to indemnify, defend, and hold harmless MainBook and its officers, directors, members, managers, employees, agents, contractors, licensors, and affiliates from and against any and all third-party claims, demands, actions, proceedings, losses, damages, liabilities, judgments, settlements, costs, and expenses (including reasonable attorneys' fees and court costs) arising out of or relating to any violation by you of this AUP, including any claim arising from any document or activity that violates Section 2 (Document Integrity) or Section 3 (Prohibited Industries and Activities).

14. Modifications

We may modify this AUP from time to time. The "Last Updated" date at the top reflects the date of the most recent change. Material changes take effect on at least thirty (30) days' notice; non-material changes take effect upon posting.

15. Contact

For questions about this AUP, including whether a planned use is within an allowed category:

Human Beyond LLC Email: hello@human-beyond.ai