Acceptable Use Policy

Last updated: May 2026

The permitted and prohibited uses of the Vesuvian platform, applying to all users of subscribing organisations.

This Acceptable Use Policy (AUP) applies to all users of the Vesuvian platform. It exists to protect the integrity of the service, the security of client data, and compliance with applicable law. Violations may result in suspension or termination of access.

Permitted use

Vesuvian is designed for legitimate business use by authorised employees of the subscribing organisation. Permitted uses include:

  • Querying your connected business systems for operational information.
  • Drafting business communications for human review.
  • Analysing business data.
  • Automating routine business tasks within your agreed integration scope.

Prohibited use

You must not use Vesuvian to:

Regarding data and privacy

  • Process personal data beyond the scope agreed in your Data Processing Agreement.
  • Connect systems or accounts belonging to individuals or organisations who have not authorised such connection.
  • Attempt to extract, scrape, or bulk-export data from connected systems beyond normal operational use.
  • Process special category data (health, biometric, criminal records) without specific prior agreement with Vesuvian.

Regarding system integrity

  • Attempt to access data belonging to other Vesuvian clients.
  • Probe, scan, or test the security of the platform or connected systems without written authorisation.
  • Introduce malicious code, files, or prompts designed to manipulate the AI system’s behaviour in unintended ways (prompt injection).
  • Share API keys, MCP server URLs, or authentication credentials with unauthorised parties.

Regarding AI use

  • Use AI-generated output as professional advice (financial, legal, medical, accounting) without appropriate qualified human review.
  • Generate content that is deceptive, defamatory, or designed to mislead.
  • Attempt to make the AI assistant circumvent its operational guidelines or safety measures.
  • Use the platform to generate bulk external content without human editorial oversight.

Regarding legal compliance

  • Use the platform in any way that violates applicable UK or EU law.
  • Process data in a manner that breaches UK GDPR or your obligations to data subjects.
  • Use the platform to facilitate fraud, money laundering, or any criminal activity.

AI prompt responsibility

Users are responsible for the prompts they submit. Do not include in prompts:

  • Passwords or authentication credentials.
  • Payment card data.
  • National insurance numbers or other government identifiers.
  • Any data you are not authorised to process through the platform.

Reporting

If you discover a potential security vulnerability or believe another user is violating this policy, report it immediately to info@vesuvian.uk. We will acknowledge within 24 hours.

Consequences of violation

Minor violations may result in a warning. Serious violations — including any breach of data protection obligations, security probing, or deliberate misuse — will result in immediate account suspension pending investigation. We reserve the right to terminate access and pursue legal remedies where appropriate.

Changes

This policy may be updated. Active users will be notified of material changes by email.