CarFai

CarFai Acceptable Use Policy

Effective date: 2026-05-20

This Acceptable Use Policy ("AUP") sets out activities that are prohibited when using the CarFai mobile application and related services (the "Service"). The AUP supplements the Terms of Service. Violations may result in immediate suspension or termination of your account, without refund.

1. Illegal activity

You may not use the Service for, or in connection with, any activity that:

  • Violates applicable law in your jurisdiction or in the jurisdiction where the Service is hosted.
  • Facilitates fraud, money laundering, or evasion of taxes or sanctions.
  • Infringes intellectual property rights of a third party.

2. Harassment and abuse of others

You may not:

  • Harass, threaten, or abuse other CarFai users or staff (including B2B teammates).
  • Impersonate another person or organization.
  • Misrepresent your role within an organization (B2B accounts).

3. Unauthorized access and circumvention

You may not:

  • Attempt to access another user's account, vehicle, or organization data without authorization.
  • Bypass or attempt to bypass our role-based access controls (RBAC), tier-gated features, token limits, or trial restrictions.
  • Use multiple accounts or signup automation to evade limits, defeat fraud controls, or claim repeat free trials beyond what Apple/Google permit.
  • Attempt to elevate your own permissions within an organization (e.g., promoting yourself from manager to admin) by any means other than the in-app role-change UI used by an authorized admin.

4. Attacks against our AI systems

You may not:

  • Attempt prompt injection against the AI Advisor, document scanner, maintenance calendar, or any other AI feature, including:
    • Trying to make the AI reveal its system prompt or instructions
    • Trying to make the AI return another user's data
    • Embedding hostile instructions in documents you upload to scan
    • Embedding hostile instructions in vehicle metadata fields (notes, modifications, damage notes)
  • Use the AI Advisor for purposes outside its intended scope, including:
    • Generating illegal, harmful, defamatory, or sexually explicit content
    • Generating content that promotes violence, self-harm, or harm to others
    • Attempting to extract training data or proprietary prompt structures
  • Test or probe the AI's behavior in ways that consume tokens disproportionate to legitimate use.

5. Cost and resource amplification

You may not:

  • Send unusually long messages, repeated identical requests, or automated traffic specifically to consume tokens or storage faster than legitimate use.
  • Maintain idle long-running sessions specifically to consume server resources.
  • Upload files designed to consume storage or processing disproportionate to their utility (e.g., decompression bombs, oversized images, files masquerading as documents).

6. Scraping and automation

You may not:

  • Use crawlers, robots, scrapers, or other automated means to access the Service, except for our published API endpoints (B2B Enterprise tier only, when contractually agreed).
  • Aggregate, resell, or republish data accessed through the Service.
  • Use the Service to compete with us or to build a competing product.

7. Reverse engineering

You may not reverse engineer, decompile, or disassemble the Service or its mobile application, except where (and only to the extent) applicable law expressly permits this despite a contractual prohibition. You may not extract API keys, signing keys, or other secrets from the application binary.

8. Misuse of data and content

You may not:

  • Upload content you do not have the right to upload (copyright infringement, third-party personal data without consent).
  • Upload illegal content (CSAM, malware, content advocating violence).
  • Use document-scan features to extract or process documents you do not have authority over.
  • Use vehicle data or AI outputs to attempt to harm a third party (e.g., to facilitate auto theft, insurance fraud).

9. Security testing without permission

You may not conduct security testing, vulnerability scanning, or penetration testing against CarFai's infrastructure (the mobile app, Supabase backend, AI Advisor edge functions, or any other component) without our written permission.

If you discover a security vulnerability, we welcome a responsible disclosure to [email protected]. We commit to responding within 72 hours and to not pursuing legal action against good-faith researchers acting under standard responsible-disclosure norms (no data exfiltration beyond what is needed to demonstrate the vulnerability; no public disclosure before a fix is shipped or 90 days have elapsed; coordinated timing).

10. B2B-specific prohibitions

For organization (B2B) accounts:

  • You may not invite users to your organization without their consent.
  • You may not use the organization's shared resources (vehicles, documents, AI tokens) outside the legitimate scope of the organization's purpose.
  • Drivers, viewers, and managers must respect the organization's policies and use only data they are authorized to access.
  • Organization owners and admins are responsible for the conduct of their members and for the data their organization stores in CarFai.

11. Compliance with third-party terms

Your use of features that integrate with third-party services must comply with those services' terms:

  • Apple App Store / Google Play — payment, subscription, and trial terms.
  • Anthropic — usage policies (https://www.anthropic.com/legal/aup).
  • Supabase, RevenueCat, Resend — applicable to backend integrations (CarFai handles compliance, but you must not act through us in violation of those services' terms).

12. Reporting violations

If you become aware of a violation of this AUP by another user (including in B2B contexts), report it to [email protected]. We investigate reports and respond within 5 business days.

13. Consequences of violation

We may, at our sole discretion and in proportion to the severity of the violation:

  • Issue a warning.
  • Suspend access to specific features.
  • Terminate the offending account.
  • Refer the matter to law enforcement or regulatory authorities.

For paid accounts, termination for AUP violation does not entitle you to a refund.

14. Updates

We may update this AUP. Material changes will be notified via email and require continued use to indicate acceptance. The latest version is always available at https://carfai.app/aup.

15. Contact

Revision history

VersionDateNotes
v12026-05-20Initial publication.