Acceptable Use Policy

Last updated:

Jurisdiction: Global — applies to both REtelligent Pty Ltd (Australia) and REtelligent EU S.R.L. (Romania), as the contracting entity identified in the Agreement.

1. Application

This Acceptable Use Policy (“AUP”) applies to the Customer, its affiliates that access the Service, and all Authorised Users of the REtelligent Service. The Customer is responsible for ensuring that all Authorised Users and any third party it permits to access the Service (including trade contractors) comply with this AUP, and the Customer’s compliance with the Agreement requires compliance with this AUP. A breach of this AUP by an Authorised User or by a third party using the Customer’s account is a breach by the Customer.

REtelligent may update this AUP from time to time in accordance with Section 13. Where an update materially increases restrictions, the Customer may terminate the Agreement without penalty within the notice period (per the Terms of Service, Section 11.1 and the Master Services Agreement, Section 11.1).


2. Permitted Use

The Service is licensed solely for the Customer’s internal property, facilities, and asset management operations in respect of the properties identified in the Order Form, and in particular for: intake, triage, dispatch, tracking, and reporting of maintenance and service requests; trade contractor coordination, work order management, and approvals; communications with tenants, residents, prospective tenants, and trade contractors in respect of those properties; capture, storage, and retrieval of operational evidence (such as photos, messages, and trade contractor reports) directly related to the foregoing; and generation of operational and performance reports for the Customer’s own use and for reporting to its beneficial owners or investors. Any use of the Service outside this scope requires REtelligent’s prior written authorisation and is otherwise prohibited.


3. Prohibited Uses — General

The Customer shall not, and shall not permit any Authorised User or third party to:

3.1 Unlawful Use

IUse the Service in violation of any applicable law or regulation, including (without limitation) data protection (GDPR, Privacy Act 1988 (Cth), Romanian Law 190/2018), anti-spam (Spam Act 2003 (Cth), CAN-SPAM, CASL, the GDPR ePrivacy regime), consumer protection (the Australian Consumer Law), tenancy and residential lease laws, anti-discrimination laws, and laws relating to the lawful basis for processing personal data.

3.2 Prohibited Content

Use the Service to upload, store, transmit, or generate content that is unlawful, defamatory, harassing, threatening, abusive, obscene, or that depicts or promotes child sexual abuse, terrorism, or violent extremism. The Customer shall not use the Service to stalk, surveil, or threaten any natural person.

3.3 Safety-Critical Misuse

Use the Service in a manner that creates a foreseeable risk to the safety of any person, including by directing a trade contractor to perform work known to be unsafe, by suppressing or ignoring a documented hazard, or by overriding a safety-sensitive work classification without the human review required by Section 5.1(d).

3.4 Reverse Engineering and Derivation

Reverse engineer, decompile, disassemble, or attempt to derive the source code, models, weights, algorithms, prompt templates, or architectures of the Service or the AI Features, except to the extent expressly permitted by applicable law and only after notice to REtelligent.

3.5 Competing Products

Use the Service (or information derived from the Service, including benchmarks, performance data, or AI Feature behaviour) to develop, train, or operate a product that competes with the Service.

3.6 Circumvention

Circumvent or attempt to circumvent any security control, access control, rate limit, usage cap, geographic restriction, tenant-isolation boundary, or technical protective measure of the Service.

3.7 Network and System Abuse

Send or transmit through the Service any malicious code, malware, virus, worm, trojan, ransomware, or spyware; engage in port scanning, security probing, penetration testing (absent REtelligent’s prior written permission), or denial-of-service attacks; or otherwise interfere with or disrupt the integrity, performance, or availability of the Service or the systems, networks, or accounts of REtelligent or any third party.

3.8 Unauthorised Access

Access or attempt to access any account, environment, or data not authorised to the Customer; use the credentials of another customer; or engage in any form of impersonation.

3.9 Unsolicited Communications

Use the Service to send spam, unsolicited bulk communications, or any communication that violates anti-spam law. Communications sent via the Service must (a) be lawful, (b) include accurate sender identification, and (c) include any opt-out or unsubscribe mechanism required by applicable law.

3.10 Infringement

Use the Service to upload, store, transmit, or process content that infringes any third party’s intellectual property rights, privacy rights, publicity rights, or other rights.

3.11 Excessive Usage

Use the Service in a manner that is reasonably likely to disrupt or degrade the Service for other customers, including by exceeding documented usage limits, generating abnormally high request volumes, or operating bots, crawlers, or automated tools beyond what the Service’s published interfaces support.

3.12 Resale and Sub-Licensing

Resell, sublicense, lease, rent, or otherwise make the Service available to any third party other than Authorised Users and permitted trade contractors, except as expressly permitted in the Order Form.

3.13 Sanctions and Export Controlse

Use the Service in violation of applicable trade sanctions or export-control laws, or for the benefit of any person or jurisdiction subject to comprehensive sanctions administered by the Australian Government (DFAT), the European Union, or, where applicable, the United States (OFAC).


4. Customer Data — Lawful Authority and Permitted Inputs

4.1 Lawful Authority

The Customer represents and warrants that it has the lawful authority — including any required consents, authorisations, and notices to natural persons — to input each item of Customer Data into the Service for the processing contemplated by the Agreement. The Customer shall not input into the Service:

(a)         personal data for which the Customer lacks a valid legal basis under applicable data protection law;

(b)        personal data of a natural person who has objected to such processing or has withdrawn consent (where consent is the legal basis);

(c)         personal data of natural persons known to be under the age of majority in their jurisdiction, except where the Customer has obtained appropriate parental or guardian consents and disclosures;

(d)        “special categories” of personal data under Article 9 of the GDPR (for example racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, sex life or sexual orientation), or “sensitive information” under the Australian Privacy Principles, except where expressly authorised in writing by REtelligent and supported by appropriate safeguards;

(e)         personal data relating to criminal convictions or offences (Article 10 GDPR), except where lawful and expressly authorised;

regulated data subject to specific regulatory regimes (for example financial industry data subject to APRA standards, health data subject to the My Health Records Act 2012 (Cth), or payment card data subject to PCI-DSS) without prior written authorisation from REtelligent and the implementation of appropriate additional safeguards.

4.2 Misuse of Other Persons’ Data

The Customer shall not use the Service to surveil, harass, or unlawfully discriminate against any natural person, including by using the AI Features to make decisions on prohibited grounds, or to conduct discriminatory screening or adverse decisioning in respect of tenancy applications, renewals, or bond handling.

4.3 Customer Output Use

The Customer is responsible for its review and use of Customer Outputs, including verifying accuracy and compliance with applicable law before relying on Customer Outputs for any decision with material commercial, legal, or human-impact consequence (per the applicable clause).


5. AI Feature Use Restrictions

5.1 Human-in-the-Loop Requirements

The Customer shall maintain Human-in-the-Loop oversight of the AI Features in accordance with the applicable clause and the Delegation of Authority configured in the AI Addendum. Without limiting the foregoing, the Customer shall ensure that:

(a)         the AI Features are not used to make a decision materially affecting a natural person’s housing access, financial standing, or other legally protected interest without human review by an appropriately qualified person;

(b)        financial commitments above the AI-HITL-DISPATCH-AMOUNT threshold ( or as elected on the Order Form) require human authorisation before execution;

(c)         communications with legal effect (notices to vacate, refund or compensation offers, admissions of liability, regulatory submissions) are reviewed by a human before transmission;

safety-sensitive maintenance work classifications (structural, electrical, gas, plumbing, fire safety) are reviewed by a human before dispatch.

5.2 Automated Decision-Making Compliance

Where the Customer uses the AI Features to make automated decisions (or substantially automated decisions) affecting natural persons, the Customer shall comply with applicable automated decision-making (ADM) transparency and safeguards laws, including:

  • (AU) the Privacy Act 1988 (Cth) reforms taking effect 10 December 2026 in respect of automated decision-making affecting individuals;

  • (EU) Article 22 of the GDPR (right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects the individual), with appropriate safeguards;

  • (EU) the EU AI Act, including the Article 50 transparency obligations and, where applicable, the obligations of a deployer of a high-risk AI system under Annex III;

and the Customer shall maintain disclosures in its own privacy notices to natural persons commensurate with REtelligent’s disclosures in the Privacy Policy.

5.3 Prohibited AI Practices

The Customer shall not use the AI Features to engage in any practice prohibited under Article 5 of the EU AI Act or any equivalent law, including social scoring of natural persons, the inference of special-category attributes through biometric categorisation, or subliminal or manipulative techniques that materially distort a person’s behaviour to their detriment.

5.4 Model Evasion and Manipulation

The Customer shall not (a) attempt to circumvent the AI Features’ guardrails, including by prompt injection, jailbreaking, role-play bypass, or adversarial inputs designed to elicit prohibited outputs; (b) use the AI Features in a manner that materially deviates from the published documentation in a way intended to produce harmful, deceptive, or unlawful outputs; or (c) extract or reproduce model weights, training data, or system prompts.

5.5 No Training of Third-Party Models

The Customer shall not use the Service, Customer Outputs, or AI Feature behaviour to train, fine-tune, or evaluate any third-party AI or machine-learning model without REtelligent’s prior written consent. REtelligent’s own AI sub-processing arrangements, and the contractual prohibition on the use of Customer Data to train third-party foundation models, are described in the applicable Data Protection Addendum (the Data Processing Agreement (Australia) / the Data Processing Agreement (European Union)) and the Sub-processor List (the Sub-processor List).

5.6 Misrepresentation of REtelligent’s Role

The Customer shall not represent or imply to any third party that REtelligent is the licensed property manager, operator, or decision-maker. The Customer shall ensure that any tenant-facing or trade-contractor-facing communications generated through the Service correctly identify the Customer as the operator (per the applicable clause).


6. Evidence Integrity

The Service captures photos, messages, trade contractor reports, geolocation data, and time-stamped logs that the Customer may rely on as operational evidence. The Customer shall not, and shall not permit any Authorised User or third party to:

(a)         fabricate, alter, backdate, or otherwise tamper with photos, timestamps, geolocation data, messages, or reports captured or stored by the Service;

(b)        disable or bypass the Service’s geo-tagging or time-stamping features except where expressly permitted by the Service’s configuration;

(c)         use evidence captured by the Service in any legal, insurance, or regulatory proceeding in a manner that is misleading or that misrepresents the time, place, or context of the evidence; or

where an incident investigation is on foot, delete or withhold an audit trail that REtelligent reasonably requests in connection with that investigation.


7. Security Obligations

7.1 Customer Account Security

The Customer shall (a) assign a unique login to each Authorised User and prohibit shared accounts; (b) enforce multi-factor authentication on all Authorised User accounts; (c) require strong, unique passwords that are not shared between users; (d) maintain accurate Authorised User access lists and revoke access promptly, and in any event within one (1) Business Day, on role change or termination; (e) keep Authorised User contact details current so that security and incident notifications can be delivered; and (f) notify REtelligent at security@retelligent.co promptly, and in any event within 24 hours of becoming aware, of any suspected unauthorised access, credential compromise, or security incident affecting the Customer’s account or Customer Data, and cooperate with REtelligent’s reasonable security investigations.

7.2 Integrations and Connected Systems

Where the Customer integrates the Service with its own systems or third-party services (for example via API keys, OAuth, or webhooks), the Customer shall (a) use API keys and credentials securely, (b) not share API keys with unauthorised persons, (c) rotate keys on a reasonable cadence and in response to suspected compromise, and (d) ensure that the integration does not create a security exposure to the Service.


8. Privacy and Communications

8.1 Tenant and Resident Privacy

Where the Service is used to communicate with tenants, residents, prospective tenants, or trade contractors, the Customer shall ensure that such communications comply with applicable law (anti-spam, ePrivacy, consumer protection, and tenancy law), that natural persons receive any required notices, opt-out mechanisms, and disclosures, and that the necessary collection and use notices (including, in Australia, APP 3 and APP 5 notices) are in place.

8.2 Recording and Monitoring

Where the Service is used to record or monitor communications (including voice or video calls), the Customer shall comply with applicable two-party consent and notification requirements in the relevant jurisdiction.


9. Fair Use and Commercial Reasonableness

The Fees in the Order Form are set on the assumption of reasonable usage patterns consistent with standard property management operations. The Customer shall not (a) artificially inflate Resolution counts or other billing or service-credit metrics (for example by logging duplicate or synthetic requests) for the purpose of testing, benchmarking, or triggering Service Credits; (b) use the Service to service properties not identified in the Order Form; or (c) run sustained automated traffic exceeding the documented API rate limits. Where REtelligent reasonably believes fair use has been exceeded, it will first contact the Customer’s Account Owner to discuss usage patterns and, where appropriate, propose a revised Order Form tier. Throttling or suspension on fair-use grounds will occur only where the Customer declines to engage in good-faith usage discussions for more than 14 days, or where the usage is causing material harm to the Service or other customers.


10. Third-Party and Trade-Contractor Access

Trade contractors and other third parties may be invited into limited workflows in the Service (for example to accept a work order or upload a completion photo). The Customer is responsible for ensuring that each such third party is aware of, and subject to, the restrictions in this AUP, shall not permit a third party to use Service-issued credentials for activities outside the scope of their engagement, and shall review and deprovision third-party access on completion of the engagement.


11. Enforcement

11.1 Suspension

REtelligent may suspend the Service or any feature of the Service (in whole or in part, in respect of the Customer or specific Authorised Users) if REtelligent reasonably believes the Customer or an Authorised User has breached this AUP. REtelligent shall give written notice to the Customer of the alleged breach with reasonable specificity and, where the breach does not present imminent harm, a 5-day cure period before suspension. Where the breach presents imminent harm or material legal risk, REtelligent may suspend without prior notice and shall notify the Customer as soon as reasonably practicable thereafter.

11.2 Effect of Suspension

A suspension under Section 11.1 does not relieve the Customer of its obligation to pay Fees accrued up to the date of suspension, and REtelligent shall not be liable for any loss arising from a suspension made in good faith on reasonable grounds under this AUP. REtelligent shall restore the Service promptly once the Customer has remedied the breach to REtelligent’s reasonable satisfaction.

11.3 Termination for Breach

Material or persistent breach of this AUP is a material breach of the Agreement, supporting termination by REtelligent in accordance with the Master Services Agreement, Section 8.5 or the Terms of Service, Section 9.4. A breach of this AUP that gives rise to a third-party claim is subject to the Customer indemnity in the Agreement.

11.4 No Obligation to Monitor

REtelligent has no obligation to monitor the Customer’s use of the Service for AUP compliance; however, REtelligent may do so and may use automated systems to detect AUP breaches. Customer Data is not used for any purpose other than as expressly permitted in the Agreement, including for AUP enforcement.

11.5 Reporting Concerns

Suspected AUP breaches by the Customer or third parties using the Service may be reported to abuse@retelligent.co. REtelligent will investigate good-faith reports and take action as appropriate.


12. Cooperation with Lawful Process

REtelligent may disclose Customer Data in response to a valid subpoena, court order, search warrant, or other lawful legal process. Where lawfully permitted, REtelligent shall give the Customer prompt notice of such process to enable the Customer to seek protective orders or other remedies. REtelligent shall not voluntarily disclose Customer Data to law enforcement except as required by law.


13. Modifications

REtelligent may update this AUP from time to time on at least 30 days’ advance notice via email to the Customer’s notice contact and an update to the AUP URL. Non-material updates (for example to reflect a change in law, a security best practice, or a Service capability) take effect on publication. Material increases in restrictions allow the Customer to terminate the Agreement without penalty within the notice period, with a pro-rata refund of prepaid Fees where provided in the Agreement.