Acceptable Use Policy

Last updated: April 20, 2026

These rules govern how you can use Orqesa's AI advisors and connected-tool integrations. They are designed to keep the Service safe for you, for us, and for third parties. Violations can result in suspension or termination.

1. Scope

This Acceptable Use Policy ("AUP") applies to everyone who uses Orqesa — the workspace, the advisors, and every tool integration. It supplements our Terms of Service and is incorporated by reference.

2. What advisors can do

Orqesa advisors are designed to help you run your business. They can:

Give business guidance — strategic advice, analysis, and recommendations across functions (strategy, technology, operations, finance, product, marketing, design).
Automate workflows you configure — review code, analyze metrics, draft communications, generate reports.
Work inside tools you connect — read from and, subject to your approval under the autonomy tier you set, write to connected third-party services.
Generate content — documents, plans, strategies, analysis, and other business content.
Analyze data — process and analyze business data from the sources you connect to provide insights.

3. Autonomy tiers

Agent actions are grouped into tiers. Each tier has a default level of human oversight. You can narrow the defaults at any time in your workspace settings; you cannot loosen them below what this AUP requires.

Tier	Examples	Required oversight
Tier 1 — Observe	Read-only monitoring (Sentry errors, Linear ticket status, Stripe metrics); preparing drafts visible only to you	May run automatically; you can pause at any time
Tier 2 — Propose	Drafting a PR description, suggesting a Linear issue, outlining a launch sequence	Proposals visible to you; no external effect without your approval
Tier 3 — Act (reversible)	Creating an issue, adding a comment, updating a Notion doc, tagging a PR	Requires your explicit approval per action, unless you have pre-authorized a specific narrow workflow
Tier 4 — Act (high-stakes)	Financial transactions, prod data changes or deletions, messaging external parties, publishing content, granting or revoking access, irreversible operations	Always requires your explicit, informed approval per action. No blanket pre-authorization is accepted for this tier.

You can pause any advisor, any tier, or all advisors (kill switch) at any time. The pause takes effect immediately and cancels any in-flight queued actions.

4. Meaningful review

When an advisor proposes an action, you have the right and the responsibility to:

Read the proposed action and the advisor's reasoning;
Modify it if it's close but not right;
Reject it; or
Ask for an alternative approach.

A silent or rubber-stamped "approve all" pattern for Tier 3–4 actions is not consistent with this AUP or our Terms. Automated approval is only permitted for Tier 1–2 and for explicit, narrowly scoped Tier 3 workflows you have configured.

5. Connected tools — scope, authorization, and revocation

When you connect a tool (GitHub, Slack, Notion, Linear, Stripe, etc.), you authorize Orqesa to access that tool within the scope you grant. You are responsible for granting the narrowest scope that gives you the value you need.

Revocation. You can revoke any tool at the tool provider (for example, removing the Orqesa OAuth app on GitHub) or inside Orqesa. Either action immediately terminates advisor authority for that tool and cancels queued actions in that scope.

Third-party terms.You remain responsible for complying with the terms and acceptable-use rules of the third-party tools you connect. Some providers prohibit automated actions in certain contexts — it's your responsibility to know.

Credentials and sensitive data. Neverpaste API keys, passwords, OAuth tokens, session cookies, or other credentials into advisor conversations. If a task requires a credential, use the official integration flow (OAuth, managed secrets, the Service's connector UI), not plaintext. Also avoid pasting personal-identifier data of others (social security numbers, health records, financial details) into conversations unless you have a clear lawful basis for processing it. If you accidentally share a credential or sensitive data, email hi@orqesa.com immediately so we can help you rotate and purge.

6. Prohibited uses

You may not use Orqesa, or allow anyone else to use Orqesa, to:

Violate law — including fraud, insider trading, money laundering, export-control violations, sanctions evasion, or anything else unlawful in the jurisdiction that applies.
Harm others — harass, threaten, defame, stalk, doxx, or sexually harass any person.
Generate prohibited content — child sexual abuse material; non-consensual intimate imagery; content promoting terrorism or mass violence; realistic synthetic impersonations of a real person without consent.
Attack security— probe, scan, or test the vulnerability of Orqesa or any connected system; bypass authentication; reverse engineer the Service; interfere with other customers' use.
Extract other customers' data — attempt to access data belonging to anyone else or any other tenant.
Abuse integrations— send spam; scrape sites that prohibit scraping; violate a third-party tool's ToS; use integrations to circumvent a provider's rate limits or billing.
Mass-message without consent— use advisors to send bulk emails, DMs, or notifications without the recipients' lawful consent.
Deceive — present advisor-generated content as human-authored in contexts where authorship disclosure is required (academic submissions, regulated advice, legal filings).
Train competing models — use outputs of Orqesa advisors to train a competing AI model or Service.
Process special-category data beyond what you have a lawful basis for — health, biometric, genetic, political, religious, sexual-orientation, or criminal-record data about identifiable individuals.
Use on behalf of minors — the Service is for users aged 18 or over.

7. Prompt injection and adversarial content

Content ingested by advisors from third-party tools (issues, emails, documents, tickets) may contain adversarial instructions designed to hijack an advisor. This is a known limitation of current AI systems.

We apply mitigations (context isolation, trust boundaries, output validation) but cannot guarantee immunity.
You retain responsibility to review agent proposals before approving — especially for Tier 3–4 actions and anything involving external communications, data access, or financial transactions.
If you discover a prompt-injection vector, please report it responsibly to hi@orqesa.com. We treat responsible disclosures with care and do not take legal action against good-faith researchers.

8. AI output is not professional advice

Orqesa advisors are not lawyers, accountants, doctors, licensed financial advisors, or any other regulated professional. Advisor outputs are working-level suggestions. Decisions requiring a licensed professional require a licensed professional.

9. Reporting abuse and enforcement

If you see something that violates this AUP — whether done by Orqesa's tools or by another user — report it to hi@orqesa.com. Subject line "AUP report" helps us triage.

We may, in proportion to the seriousness of a violation:

Warn you and ask for corrections;
Suspend specific actions, advisors, or integrations;
Suspend your account pending review;
Terminate your account;
Notify relevant authorities where required by law (for example, reports of child sexual abuse material).

We aim to act proportionately and to give notice where we can. For imminent harm or legal risk we may act immediately.

Appeals. If your account or access is suspended or terminated under this AUP, you may appeal within 14 days by emailing hi@orqesa.comwith subject "AUP appeal". Appeals are reviewed by someone other than the person who made the initial decision. We aim to respond within 10 business days.

10. Changes to this AUP

We may update this AUP. Material changes are notified by email (to accountholders) and by a notice on the Service. The "last updated" date at the top always reflects the current version.