Effective date: May 17, 2026
This Acceptable Use Policy (“AUP”) sets out the activities and content that are prohibited when using any service operated by Lovex AB(“Service”). It applies to every user, customer, and agent that accesses the Service, including end users invited into a workspace by a paying customer. The AUP is incorporated by reference into the Terms of Service and any Order Form. Where the AUP and the Terms of Service conflict, the document that imposes the stricter standard controls.
1. Use of the Service
You may use the Service only in compliance with applicable law, with the rights of others, and with this AUP. You are responsible for the conduct of every user invited into a workspace you control and for the content they submit through that workspace.
2. Prohibited content
You may not submit, store, transmit, or process through the Service any content that:
- Is illegal in any jurisdiction in which it is created, transmitted, or stored, including without limitation child sexual abuse material (CSAM), content that incites or threatens violence, terrorist propaganda, or content prohibited under EU Regulation 2021/784.
- Infringes third-party intellectual property, publicity, or privacy rights, including pirated software, copyrighted material you do not own or license, or trademarks used in a manner likely to deceive.
- Is deceptive or fraudulent, including phishing pages, scam invoices, impersonation of another natural or legal person, or false statements material to a commercial transaction.
- Is harassing, hateful, or threatening toward an individual or identifiable group based on protected characteristics under Swedish, EU, or applicable national law.
- Contains malicious code — viruses, worms, ransomware payloads, malware command-and-control configurations, or other code intended to damage, disable, or interfere with computer systems, networks, or data.
- Is special-category personal data under Article 9 GDPR (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identification, health data, sex life or sexual orientation) unless expressly permitted under a signed Data Processing Agreement that contemplates that processing.
- Is data of a child under the age applicable to the data subject's country (16 in most EU member states unless lowered by national law), absent a lawful basis for that processing.
3. Prohibited activities
You may not, and may not permit any other party to:
- Reverse engineer the Service, decompile or disassemble its software, or attempt to derive source code from compiled artifacts, except to the extent that this restriction is prohibited by mandatory law.
- Bypass technical limits such as rate limits, usage quotas, authentication boundaries, RLS scoping, or feature flags.
- Probe for vulnerabilities outside of a coordinated disclosure process initiated by writing to security@lovex.dev first. Unsolicited penetration testing, automated scanning, fuzzing of production systems, or denial-of-service simulation is prohibited.
- Build a competing product using the Service, including extracting data, prompts, model outputs, or design patterns for the purpose of training a competing AI model or replicating a competing user experience.
- Scrape the Service, including bulk data extraction from non-customer-owned tenants, harvesting of public pages, or automated collection of prompts and AI outputs.
- Resell or sublicense access without a written reseller agreement, including sharing account credentials, sharing agent tokens across customers, or wrapping the Service in a third-party offering for paid distribution.
- Use AI outputs without human review in any context where doing so would create unacceptable harm — for example, presenting AI-generated drafts as legally binding without counsel review, or shipping AI-generated code to production without testing.
- Send unsolicited communications through the Service, including spam, phishing, bulk marketing without prior consent, or messages that violate Swedish marketing law (Marknadsföringslagen) or the EU ePrivacy Directive.
- Use the Service in restricted-purpose categories the EU AI Act prohibits, including social scoring of natural persons, real-time biometric identification in public spaces, manipulative or subliminal AI, and emotion recognition in workplace or education contexts.
- Use the Service in high-risk AI categories the EU AI Act regulates (hiring decisions, credit scoring, education assessment, critical infrastructure, law enforcement, migration control) without a separately negotiated agreement that addresses the relevant compliance obligations.
- Interfere with the Service or its users, including by denial-of-service, resource exhaustion, intentional misuse of rate-limited endpoints, or actions that materially degrade availability for other tenants.
4. AI-specific use
AI features in the Service produce drafts. You retain responsibility for reviewing, editing, and accepting outputs before relying on them. The Service is not a substitute for licensed professional advice (legal, medical, financial, regulatory) and outputs should not be treated as such. You may not represent AI-generated outputs as human-authored where the distinction is material to a decision being made.
5. Children
The Service is intended for users 16 years of age or older (or the higher minimum age applicable under the local national law transposing GDPR Article 8). If you are below the applicable minimum age, you may not create an account or submit personal data to the Service.
6. Reporting violations
To report content or behavior that violates this AUP, write to abuse@lovex.dev with a description of the content, the URL or workspace where it appears, and any context useful for investigation. Vulnerability reports go to security@lovex.dev under coordinated disclosure. We acknowledge reports within one business day.
7. Enforcement
We investigate suspected violations on a graduated basis:
- Notice and opportunity to cure. Most violations are addressed by written notice to the workspace owner with a defined cure period (typically 7 days), after which we may suspend access until cured.
- Immediate suspension without prior notice where the violation presents an ongoing risk to other users, to the Service, or to Lovex AB — including malware distribution, active phishing campaigns, denial-of-service attacks, or content that we are required by law to remove on a timeline that does not permit prior notice.
- Termination of the Order Form for material or repeated violations, per the termination provisions of the Master Services Agreement.
- Referral to authorities where required by law or where the conduct constitutes a criminal offense affecting third parties.
Where suspension or termination occurs, you remain liable for amounts owed through the effective date and for any obligations that survive termination under the MSA. We may preserve evidence of the violation for legal or regulatory reasons, including the 7-year retention required by Swedish bookkeeping law for transactional records that touch billing.
8. Disputes about enforcement
If you believe a suspension or content removal was made in error, write to legal@lovex.devwithin 30 days. We will review and respond in writing. Disputes that cannot be resolved by review are governed by the Master Services Agreement’s dispute and forum-selection provisions.
9. Changes to this AUP
We may update this AUP from time to time to reflect new product capabilities, new categories of abuse, or new legal requirements. Material changes are announced at least 30 days in advance for paying customers, and at the time of publication for free users. Continued use of the Service after a change indicates acceptance.
10. Contact
- Abuse reports: abuse@lovex.dev
- Security and vulnerability disclosure: security@lovex.dev
- Legal and contractual disputes: legal@lovex.dev