Acceptable Use Policy

1. Purpose and scope

1.1 This Acceptable Use Policy ("AUP") governs your use of the Yielde automation, AI, and voice platform and all related services, including the client portal; per-tenant automation workspaces; the AI gateway and the large-language-model ("LLM") capabilities it provides; the voice-receptionist service; transactional messaging; and any chatbot, WhatsApp, or lead-qualification automation we build, host, or operate for you (together, the "Platform").

1.2 This AUP forms part of, and is incorporated by reference into, the Yielde Terms of Serviceand (where applicable) the Data Processing Agreement ("DPA") between you and Yielde. Where this AUP and the Terms conflict on a question of permitted use, this AUP prevails.

1.3 This AUP applies to you (our customer, an account holder, and a business), to anyone you permit to access the Platform under your account, and to all data and content you submit to, process through, or generate on the Platform.

1.4 South African law governs.This AUP is governed by, and must be read consistently with, the law of the Republic of South Africa, including the Protection of Personal Information Act 4 of 2013 ("POPIA"), the Consumer Protection Act 68 of 2008 ("CPA"), the Electronic Communications and Transactions Act 25 of 2002 ("ECTA"), and the Regulation of Interception of Communications Act 70 of 2002 ("RICA") where relevant to voice and messaging.

2. Your role and responsibility for personal information (POPIA)

2.1 You are the Responsible Party; Yielde is your Operator.When you submit, upload, or route the personal information of your leads, customers, contacts, or end-users ("End-User Personal Information") into the Platform, you are the Responsible Party for that personal information and Yielde acts as your Operator, processing it on your behalf and on your documented instructions. POPIA defines these roles by function — by who determines the purpose and means of processing — not by label (POPIA section 1).

2.2 You must have a lawful basis — Yielde does not supply one. As Responsible Party, you are solely responsible for ensuring there is a lawful basis under POPIA for every item of End-User Personal Information you feed into the Platform. Consent is only one of six justification grounds in POPIA section 11(1) — it is not a default, and you may not assume Yielde has obtained consent or any other basis on your behalf. Yielde does not select, supply, verify, or warrant your lawful basis.

2.3 You warrant lawful basis on submission. By submitting End-User Personal Information to the Platform you warrant, on each submission and on a continuing basis, that: (a) you have a valid POPIA section 11 lawful basis for the processing you instruct; (b) you have given the notifications required of a responsible party when collecting personal information, including — where applicable — notice that the information may be transferred outside South Africa and the level of protection afforded (POPIA section 18); (c) your collection complies with the minimality, purpose-specification, and further-processing-compatibility conditions (POPIA sections 10, 13–14, 15); and (d) you are entitled to instruct Yielde to process the information for the purposes you have configured.

2.4 Further-processing limits on AI/LLM use. Routing End-User Personal Information into the LLM gateway, the voice service, or any automation is further processing and must be compatible with the original purpose for which you collected it (POPIA section 15). You are responsible for ensuring that compatibility and for limiting the personal-information fields you route to what is relevant and not excessive (POPIA section 10). We recommend that you minimise or redact personal information before it is sent to AI models, particularly before prompts leave South Africa (see section 8).

2.5 Yielde as Responsible Party for its own data. Separately, Yielde is itself a Responsible Party for the account, authentication, subscription, and billing personal information it collects from you to operate your account. That processing is governed by the Privacy Policy, not by this AUP.

3. Prohibited uses — general

You must not use the Platform, and must not permit anyone to use the Platform, to do, attempt, facilitate, or encourage any of the following. These prohibitions are in addition to your obligations under the Terms of Service and the DPA.

• Anything unlawful— any use that breaches South African law (including POPIA, the CPA, ECTA, RICA, the Cybercrimes Act 19 of 2020, the Films and Publications Act, or applicable financial-sector law) or the law of any jurisdiction whose residents' data you process.
• Processing personal information without a lawful basis (section 2), or in a manner that breaches the eight POPIA conditions for lawful processing.
• Exceeding the instructions Yielde may lawfully act on — instructing Yielde to process End-User Personal Information for a purpose Yielde has not been authorised to process, or that Yielde reasonably believes is unlawful. As your Operator, Yielde must process only with your knowledge and authorisation and must keep the information confidential (POPIA section 20); you must not place Yielde in breach of that duty.

4. Spam and unsolicited marketing (POPIA section 69 and the CPA)

4.1 POPIA section 69 — direct marketing by electronic communication. You must not use the Platform to send unsolicited direct marketing by electronic means (including automated calls, email, SMS, WhatsApp, or any messaging the Platform can send) except as permitted by POPIA section 69. In particular:

• Non-customers — opt-in only. Direct marketing to a data subject who is not an existing customer of yours is prohibited unless the data subject has given prior consent. POPIA section 69 permits you to approach a data subject only once to request that consent, and not again if consent is refused or not given.
• Existing customers — limited "soft opt-in". You may send direct marketing to your own existing customers only where you obtained their contact details in the context of a sale, the marketing relates to your own similar products or services, and the customer was given a reasonable opportunity to opt out — free of charge and easily — both at collection and in each subsequent message.
• Identity and opt-out in every message. Every direct-marketing communication sent via the Platform must disclose the identity of the sender (you) and a working means to which the recipient can send an opt-out request, and must honour opt-outs promptly.

4.2 You are the sender of record. For every marketing or outbound communication you configure on the Platform, you are the party conducting direct marketing under POPIA section 69 and you carry the consent, record-keeping, and opt-out obligations. Yielde provides the tooling; Yielde does not supply, warrant, or verify consent for your recipient lists.

4.3 CPA direct-marketing limits.Where the CPA applies, you must additionally comply with the CPA's direct-marketing rules, including a consumer's right to pre-emptively block direct marketing, the prohibition on contacting consumers at prohibited times, and the disclosure obligations.

4.4 No purchased, scraped, or third-party lists without basis.You must not load into the Platform any marketing list you cannot demonstrate a lawful basis for, including purchased lists, scraped lists, or lists obtained from a third party without the data subjects' consent or another valid basis.

4.5 Voice and telephony. The voice-receptionist and any outbound calling features are subject to the same section 69 and CPA limits, plus any RICA, ICASA, or telephony-consumer requirements that apply to automated or recorded calls. You must not use the voice service for unsolicited automated marketing calls, robo-dialling, or any calling pattern prohibited by law.

5. Unlawful data harvesting and acquisition

5.1 You must not use the Platform to collect, scrape, harvest, enrich, infer, or aggregate personal information without a lawful basis or in breach of POPIA's collection conditions (POPIA sections 10, 12, 18).

5.2 You must not use the Platform to:

• harvest contact details, identifiers, or profiles from websites, social platforms, or third-party sources in breach of those sources' terms or of POPIA;
• link or cross-reference unique identifiers across data sets in a way that requires prior authorisation from the Information Regulator (POPIA section 57(1)(a)); or
• build or enrich profiles of data subjects in a way that is unlawful, deceptive, or outside the purpose you disclosed to them.

5.3 Prior-authorisation triggers (POPIA section 57).Certain processing requires the prior authorisation of the Information Regulator before it may begin. You must not use the Platform to process information for credit reporting (section 57(1)(c)); process information about criminal behaviour or unlawful conduct on behalf of third parties (section 57(1)(b)); link unique identifiers across responsible parties (section 57(1)(a)); or transfer special personal information or children's personal information to a foreign country that does not provide adequate protection (section 57(1)(d)) — without first confirming and, where required, obtaining that authorisation. You must notify Yielde before configuring any such use.

6. Special personal information and children's data

6.1 Special personal information (POPIA section 26).You must not submit, process, or instruct Yielde to process special personal information — a data subject's religious or philosophical beliefs, race or ethnic origin, trade-union membership, political persuasion, health or sex life, biometric information, or criminal behaviour — unless a lawful exclusion under POPIA section 27 (or a specific authorisation in sections 28–33) applies and you can evidence it.

6.2 Children's personal information (POPIA sections 34–35). You must not submit, process, or instruct Yielde to process the personal information of a child unless a lawful ground under POPIA section 35 applies (including the prior consent of a competent person, such as a parent or guardian), or the Regulator has authorised it.

6.3 Cross-border interaction with section 57.Transferring special or children's personal information to a third party in a foreign country that does not provide an adequate level of protection requires the prior authorisation of the Information Regulator (POPIA section 57(1)(d)). Because Yielde's AI, voice, and email features route data to providers hosted outside South Africa (section 8), you must not route special or children's personal information through those features without first confirming that the transfer is lawfully covered and, where required, authorised.

7. Circumventing controls, rate limits, and security

7.1 You must not circumvent, disable, or interfere with any rate limit, usage quota, credit metering, authentication, tenant-isolation boundary, or security control that Yielde applies to the Platform.

7.2 You must not:

• share, resell, or sublicense your account, API keys, virtual keys, or Platform access except as the Terms permit;
• use automated means to exceed your provisioned capacity, scrape the Platform, or generate load designed to evade metering or billing;
• probe, scan, or test the vulnerability of the Platform or breach its access controls without Yielde's prior written authorisation; or
• attempt to access another tenant's workspace, data, models, or credentials.

7.3 You must not introduce malware, attempt denial-of-service, or otherwise impair the integrity, availability, or security of the Platform or the shared infrastructure on which other tenants rely. Conduct of this kind may also constitute an offence under the Cybercrimes Act 19 of 2020.

8. Use of the LLM / AI gateway and cross-border processing

8.1 Prohibited content and prompts.You must not use the LLM gateway, chatbots, the voice service, or any AI feature to generate, request, or distribute content that is unlawful under South African law or the applicable model provider's acceptable-use terms, including: child sexual abuse material; content that incites violence, terrorism, or prohibited hatred; non-consensual intimate imagery; malware or exploit code; fraudulent, deceptive, or impersonating content; content that infringes intellectual-property rights; or content intended to harass, defame, or unlawfully surveil a person. You must also comply with the acceptable-use policies of the underlying model providers, which apply on a flow-down basis.

8.2 Cross-border transfer warning (POPIA section 72). You acknowledge that, to deliver AI, voice, and email features, Yielde routes data — including prompts that may contain personal information — to sub-processors hosted outside South Africa (the LLM gateway path to OpenRouter and onward to OpenAI / Anthropic in the United States; the Retell voice service; the Resend email service; and certain edge/DNS providers). POPIA section 72 prohibits the cross-border transfer of personal information unless a valid gateway applies. As Responsible Party, you carry the section 72 duty for End-User Personal Information; you must not route personal information through these features unless you are satisfied a valid gateway covers it, and you must reflect the cross-border transfer in your own privacy notice to data subjects (POPIA section 18(1)(g)). Yielde carries the section 72 protections down through the DPA and its sub-processor agreements (see our sub-processor register), but you remain the section 72 duty-holder.

8.3 No re-routing around the gateway. You must not attempt to route Platform traffic to LLM providers other than through the Yielde AI gateway, or otherwise defeat the controls (logging, redaction, no-training settings, metering) that the gateway applies.

8.4 Reliance on AI output.AI output can be inaccurate. You are responsible for reviewing and validating AI-generated output before relying on it or communicating it to a data subject, and for ensuring such output does not breach POPIA's information-quality condition (section 16) or mislead a consumer under the CPA.

9. Monitoring, suspension, and consequences

9.1 Monitoring. Yielde may monitor use of the Platform to the extent necessary to operate it, secure it, enforce this AUP, meter usage, and comply with law. Yielde does not routinely inspect the content of your tenant data and will access it only as permitted by the DPA, this AUP, or the law.

9.2 Suspension. Yielde may suspend or restrict your access to the Platform (in whole or in part) where Yielde reasonably believes that: (a) you are in breach of this AUP; (b) your use creates a legal, security, or reputational risk to Yielde, to other tenants, or to data subjects; (c) a sub-processor or model provider requires it; or (d) suspension is required to comply with the law or a lawful instruction of the Information Regulator. Where practical and lawful, Yielde will give you notice and an opportunity to cure; where the risk is urgent, Yielde may suspend first and notify promptly afterwards.

9.3 Escalation. Continued or serious breach may result in throttling, removal of offending content or configurations, termination of the engagement under the Terms of Service, forfeiture of unused credits to the extent the law permits, and — where the breach involves unlawful processing — reporting to the Information Regulator or other authorities as required by law.

9.4 Breach-notification cooperation. If a security compromise affecting End-User Personal Information occurs, Yielde will notify you immediately as required of an Operator (POPIA section 21(2)) and will assist you to discharge your own notification duties to the Information Regulator and affected data subjects (POPIA section 22). You must not obstruct or delay that process.

9.5 Your liability. You remain liable for all use of the Platform under your account and for any breach of this AUP, including breaches by anyone you permit to access the Platform. The allocation of liability and indemnities between you and Yielde is governed by the DPA and the Terms of Service.

10. Reporting and contact

10.1 To report suspected misuse of the Platform, or to ask whether a planned use is permitted, contact Yielde: Splice Computers (Pty) Ltd, trading as Yielde · 55 York Street, George, Western Cape, 6529 · support@yielde.dev · 063 611 2952.

10.2 A data subject who believes their personal information has been processed unlawfully may also complain to the Information Regulator of South Africa.

11. Changes to this AUP

11.1 Yielde may update this AUP from time to time. Material changes will be communicated to active customers in writing before they take effect, consistent with the change-notice period in the Terms of Service. Continued use of the Platform after a change takes effect constitutes acceptance.