Acceptable Use Policy
policies-public/aup.mdAcceptable Use Policy
Version: 1.0 | Last reviewed: 2026-06-17 Effective date: 2026-05-28 Last updated: 2026-06-30
This Acceptable Use Policy ("AUP") applies to everyone who uses the TimerOS service operated by Vezoft (a company registered in Bulgaria under company number (EIK) 202823109, with its registered office in Kardzhali, Bulgaria) ("Vezoft", "we", "us"). It is part of the Terms of Service and the Customer Data Processing Agreement.
You agree not to do, and not to permit your users to do, any of the following:
1. Illegal use
- Use the Service in violation of any law, regulation, or third-party right.
- Process personal data without a lawful basis under GDPR, UK GDPR, CCPA/CPRA, or any other applicable privacy law.
- Use the Service in connection with money laundering, terrorism financing, or fraud.
2. Worker rights and employment law
- Use TimerOS to monitor employees, contractors, or any other workers without giving them clear written notice in their language, before monitoring begins.
- Use TimerOS in any country where workplace monitoring requires consultation with a works council, trade union, or employee representatives, without first completing that consultation and keeping a record of it.
- Use the activity classification output of the Service as the sole or primary basis for any decision affecting a worker's employment, pay, discipline, promotion, or termination. Activity classifications are approximate, machine-generated labels intended for self-observation and team-resource allocation. Employment decisions must be made by a human, based on broader evidence, and in line with applicable labour and anti-discrimination law.
- Use the Service in any way that targets a worker on the basis of their race, ethnicity, religion, sex, sexual orientation, gender identity, age, disability, national origin, citizenship status, pregnancy, family status, union membership, or any other characteristic protected by applicable law.
3. Security and integrity
- Probe, scan, or test the vulnerability of the Service or any related infrastructure except through our security disclosure programme at security@timeros.ai. We welcome good-faith security research; see Section 6.
- Bypass any authentication, rate limiting, or access control.
- Use the Service to send malware, viruses, ransomware, or any other malicious code.
- Attempt to access data of another customer or user.
- Reverse engineer, decompile, or disassemble any part of the Service, except to the extent expressly permitted by mandatory law (e.g. EU Software Directive Art. 6 interoperability rights).
4. Service abuse
- Use the Service to send unsolicited messages (spam) of any kind.
- Use the Service for cryptocurrency mining, DDoS attacks, or any other resource-abusive activity.
- Resell, sublicense, or expose the Service or any part of it as a service to third parties not covered by your subscription.
- Exceed the seat count or other quotas of your subscription plan by sharing accounts among multiple individuals.
- Use automated tools (scripts, bots, scrapers) to interact with the Service except via the documented API and within the published rate limits.
5. Content restrictions
- Upload content that infringes any third party's intellectual property, privacy, publicity, or other rights.
- Upload content that is unlawful, obscene, defamatory, harassing, hateful, or that promotes violence or self-harm.
- Upload content that contains special-category personal data under GDPR Art. 9 (health, racial origin, biometric data, political opinions, etc.) unless you have a lawful basis under Art. 9(2) and have notified us in advance under the DPA.
6. Security research — what we welcome
We welcome security research conducted in good faith. To stay within this AUP:
- Test only against your own account and tenant; do not access other tenants' data.
- Do not exfiltrate data beyond the minimum needed to demonstrate the vulnerability.
- Do not run high-volume automated scans against production without prior coordination.
- Report findings to security@timeros.ai with steps to reproduce and a 90-day disclosure window.
- We will respond within 5 business days and credit researchers who report valid issues responsibly.
7. Consequences
We may suspend or terminate access for any violation, without notice for serious violations. We may also disclose information to law enforcement when required by valid legal process or where a credible threat to safety exists.
8. Reporting violations
To report a suspected violation by another user or customer, email security@timeros.ai.