What you can and can't do on VeryQuery.

This Acceptable Use Policy ("AUP") applies to every use of the VeryQuery service: the dashboard, the public API, the storefront embeds, the admin console (for VeryQuery personnel), and any other surface we expose. It applies whether you are a paying customer, on a trial, a Collaborator on someone else's organization, or a partner.

It binds the User who clicked accept on the Terms of Service and, through them, any Org and Property they act on behalf of. The Org owner is responsible for the conduct of every User they grant access to.

One User account per human. Shared accounts make audit logs meaningless and create real security risk. If multiple people need access, they get separate accounts.

The email address on your User must be one you actually control and read. We use it for security-critical notifications (password reset, suspicious sign-in, billing failure, breach notification). An email address you do not monitor is grounds for us to lock the account.

You may not create User accounts solely to test our anti-abuse controls, to inflate signup counts on a partner referral link (see §06), or to circumvent a suspension or termination of a prior account of yours.

The VeryQuery service is designed to index product catalogs and process shopper search queries. It is not designed to store personal data, and you must not use it as if it were.

Specifically, you must not submit, as catalog text, search-query text, or any other input field:

• Names of identifiable individuals (employees, customers, third parties) other than where the name is the product (for example, a book author or a designer who is the named brand).
• Email addresses, phone numbers, physical addresses, or other direct contact information.
• National identifiers (Social Security numbers, passport numbers, driver's license numbers, tax identification numbers).
• Payment card numbers, bank account numbers, or other financial identifiers.
• Health information, biometric data, or other special-category data under Article 9 GDPR or equivalent regimes.

We do not actively scan your catalog for personal data; the obligation to keep it clean is yours. If we become aware of personal data in your catalog through a complaint, a routine inspection, or a system signal, we may notify you and, if you do not remediate within a reasonable period, remove the offending content.

You may use the VeryQuery API and storefront surfaces only for the purposes the service is designed to support: managing your own catalog, serving search to your own shoppers, and (where permitted) acting as a Collaborator or partner with respect to another Org's catalog.

You may not:

• Scrape, crawl, or otherwise harvest content, search results, intelligence aggregates, or any other data from another customer's catalog (including by using a Collaborator role to extract data you would not otherwise have).
• Use the VeryQuery API as a backend for an unauthorized third-party search service, mirror, or proxy that exposes our service or another customer's catalog to users without that customer's consent.
• Send requests at a rate or pattern designed to test, stress, or degrade the service beyond what your traffic legitimately requires.

You may not:

• Bypass, attempt to bypass, or assist anyone else in bypassing the rate limits, authentication, authorization, entitlement, or any other protective measure on the service.
• Use credentials issued to one Org or Property to interact with another Org's or Property's resources unless you have a valid Membership or Collaboration entitling you to that access.
• Use the storefront embed to issue requests on behalf of a different store than the one the embed is installed on.
• Submit forged signatures or tampered-with payloads on any surface that uses cryptographic signing (Shopify proxy, webhook callbacks, JWT-protected APIs).

You may not:

• Sign up a merchant Org via your own partner referral link with the purpose of earning rev share on your own subscription, including by using a different name, a synthetic email, or any other obscuring mechanism.
• Refer merchant Orgs you have an undisclosed financial or controlling interest in.
• Click-stuff, automate signups against, or otherwise inflate the apparent reach of your referral link.
• Pay rebates, kickbacks, or undisclosed incentives to people in exchange for signing up through your referral link, beyond commercially-reasonable referral incentives that you fully fund and disclose.

The Partner Program Terms §13 spells out the consequences (pause of payouts, forfeiture of rev share, termination of program participation). This AUP makes the conduct rule binding on every User of the partner Org, not just the owner who accepted the Partner Terms.

You may not use automated tooling to create User accounts, Orgs, or Properties at scale, except in connection with seeding flows we have explicitly sanctioned (dev sign-in helpers, support-team-impersonation flows under MSA-shaped arrangements, etc.).

The intent here is straightforward: the friction in our signup flow exists for security, anti-fraud, and entitlement reasons; routing around it with a script breaks every downstream control.

You are responsible for the lawfulness of the content you submit to the VeryQuery service. You may not use the service to store, index, or serve content that is:

• Illegal in the jurisdictions where it will be displayed to shoppers.
• Infringing the intellectual-property rights of any third party (including unauthorized use of trademarks, copyrighted text, or copyrighted product imagery).
• Defamatory, harassing, or threatening.
• Sexually explicit content involving minors, in any form, under any circumstances.
• Designed to facilitate violence, terrorism, or the unlawful acquisition of weapons.

We may, with or without notice, remove specific content we determine in good faith to violate this section. We will notify you of significant removals. We are not obligated to monitor your catalog for §08 compliance; the obligation is yours.

The vector embeddings, normalized text, intelligence aggregates, and other derived artifacts we generate from your catalog and your shoppers' queries are available to you through the dashboard and the public API for use in connection with your own commerce operations.

You may not:

• Resell, sublicense, or otherwise commercially distribute the derived artifacts as a standalone product or as part of a competing search or intelligence offering.
• Extract derived artifacts from the service for purposes unrelated to operating your own catalog and serving your own shoppers.

The Terms of Service §06 reserves our right to use anonymized aggregates of catalog and query data internally and in cross-tenant features. That reservation does not entitle us to identify a specific customer's catalog in an attributable way; it covers genuinely-aggregated, non-attributable signals only.

You may not:

• Decompile, disassemble, or otherwise attempt to reconstruct the source code of our service or any portion of it.
• Probe the dashboard, public API, or storefront surfaces with the purpose of discovering proprietary mechanisms, internal endpoints, undocumented capabilities, or our internal vendor relationships beyond what we publish in the [Sub-Processor List](https://legal.veryquery.com/sub-processor-list/).
• Use the service to benchmark our retrieval quality against a competing product where the results are published or used in a competitive sales context, without our written permission.

This section does not prohibit good-faith security testing within the scope of §11. It does not prohibit you from using your own catalog data and your own dashboard view to evaluate the service for your own commercial purposes (including making informed decisions about which vendor to use).

If you discover a security vulnerability in the VeryQuery service, we ask that you:

• Report it to us at [email protected] with enough detail to reproduce.
• Give us a reasonable opportunity to investigate and remediate before publishing your findings.
• Do not exploit the vulnerability beyond the minimum needed to demonstrate it. Do not access, modify, or delete data belonging to another customer in the course of testing.
• Do not use vulnerability testing as cover for the conduct prohibited by §04 (scraping), §05 (bypass), or §06 (fraud).

We will treat good-faith disclosures as outside the scope of §05's bypass prohibition, will not pursue legal action against responsible reporters, and will publicly credit reporters on request after remediation.

When we believe in good faith that a User, Org, or Property has violated this AUP, our response is proportionate to the conduct:

• Warning. For first-time, low-severity, or arguably-inadvertent conduct. Sent to the Org's owners by email with a description of the issue and an opportunity to remediate.
• Content removal. Targeted removal of catalog content, search-query rows, or other artifacts that violate §03 (PII) or §08 (content) without removing the Org's overall access.
• Suspension. Temporary loss of access to the dashboard, API, or storefront features pending investigation or remediation.
• Forfeiture. For partner-program violations under §06, withholding or reversal of rev share associated with the conduct.
• Termination. Permanent loss of access. Governed by the Terms of Service §13.

Where we suspend or terminate for cause, we will state the basis in writing. We are not obligated to share investigative detail that would compromise the investigation or another customer's interests.

Nothing in this AUP limits our right under the Terms of Service to suspend or terminate the service for cause. The remedies in §12 are cumulative and non-exclusive.

We may update this AUP from time to time. Material changes follow the change-of-terms procedure in the Terms of Service. Non-material clarifications and fixes may be made without notice.