Acceptable Use Policy
Last updated: May 2026
Effective 11 May 2026. This Acceptable Use Policy ("AUP") governs your use of Perfect Design Enterprise (trading as Cyrus)'s ("Cyrus", "we", "us") platform and services. Violations may result in suspension or termination of your account.
1. Prohibited Uses
You may not use Cyrus to:
- Spam or bulk messaging — Send unsolicited bulk messages, chain messages, or promotional blasts through any channel (widget, WhatsApp, Telegram) without prior recipient consent.
- Impersonation — Misrepresent the identity of your bot as a real person, government entity, or another organisation. Bots must be identifiable as automated agents when asked.
- Sensitive data processing without consent — Process special categories of personal data (health records, financial account numbers, biometric data, racial or ethnic origin, political opinions, religious beliefs, sexual orientation) without obtaining explicit consent from data subjects and implementing appropriate safeguards.
- Illegal content generation — Use the Service to generate, distribute, or facilitate content that violates applicable laws, including but not limited to: defamatory content, content that facilitates fraud, child exploitation material, content promoting violence or terrorism, or content that violates export control regulations.
- Quota and rate limit bypass — Circumvent usage quotas or rate limits by creating multiple accounts, cycling API keys across accounts, using automated tools to evade throttling, or any other method designed to exceed your plan's allocated resources.
- Reselling API access — Resell, sublicense, or redistribute access to the Cyrus API, dashboard, or widget infrastructure to third parties without a written partner agreement with Cyrus.
- Safety guardrail bypass — Instruct your bot persona to ignore, circumvent, or override built-in safety guardrails, content filters, or platform rules. This includes prompt injection attempts designed to make the bot produce harmful, discriminatory, or misleading outputs.
2. WhatsApp Channel Compliance
If you use Cyrus with WhatsApp Business API, you must additionally comply with:
- The WhatsApp Business Solution Terms and the WhatsApp Business Policy.
- 24-hour customer service window — You may only send free-form messages within 24 hours of the customer's last message. Outside this window, you must use pre-approved message templates.
- Consent and opt-out — You must obtain prior consent before initiating conversations. You must honour opt-out requests promptly and provide clear instructions for users to stop receiving messages.
- No unsolicited bulk messaging — You may not send bulk promotional messages to users who have not opted in. Purchasing phone number lists for outreach via WhatsApp is strictly prohibited.
- Content restrictions — You may not use WhatsApp to send content prohibited under WhatsApp's policies, including gambling, adult content, weapons, and regulated substances.
3. Telegram Channel Compliance
If you use Cyrus with Telegram Bot API, you must additionally comply with:
- The Telegram Bot API Terms of Service.
- No group spam — Bots must not send unsolicited messages in groups or channels. In group mode, bots should only respond when mentioned or configured to do so.
- Bot identification — Your bot must clearly identify itself as an automated agent. Do not configure your bot persona to deny being AI-powered when asked directly.
- Respect group admin controls — If a group admin restricts or removes your bot, you must not attempt to re-add it without permission.
4. LLM Provider Compliance
Cyrus routes conversations through third-party LLM providers including OpenAI, Anthropic, Google (Gemini), and xAI (Grok). You must comply with the acceptable use policies of the LLM provider your bot is configured to use:
- OpenAI Usage Policies
- Anthropic Acceptable Use Policy
- Google Generative AI Prohibited Use Policy
- xAI Terms of Service
Violations of upstream provider policies may trigger provider-level suspension that affects service availability for all Cyrus customers. We treat upstream policy violations as critical incidents and will take immediate action.
5. Data Ownership and Restrictions
- Content ownership — You warrant that you own or have the necessary rights and licences for all content uploaded to Cyrus, including knowledge base documents, catalog data, and bot persona prompts.
- No resale of conversation data — You may not sell, licence, or commercially distribute conversation data or end-user personally identifiable information (PII) collected through the Service.
- No competitive use — You may not use Cyrus, its APIs, or data obtained through the Service to build, train, or improve a product or service that directly competes with Cyrus.
6. Bot Configuration Standards
- Persona prompt integrity — Persona prompts must not contain instructions designed to bypass safety guardrails, hallucination prevention, or platform rules enforced by the system prompt layers.
- Prompt review — Cyrus reserves the right to review bot persona prompts and modify or disable non-compliant configurations. We will notify you before making changes except in urgent safety situations.
- Accurate representation — Your bot must not make claims about products, services, or capabilities that are knowingly false or misleading.
7. Widget and API Key Security
- Authorised domains only — Embed the Cyrus widget only on websites you own or are authorised to modify. Configure domain restrictions on your API keys to prevent unauthorised embedding.
- Key protection — Do not expose API keys without domain restrictions in client-side code, public repositories, or any publicly accessible location. Keys without domain restrictions are intended for server-side or playground use only.
- AI disclosure — If you embed the Cyrus widget on your website, your website's privacy policy must disclose the use of an AI-powered conversational agent and identify that conversations are processed by third-party LLM providers.
8. Enforcement
We enforce this policy through a graduated process:
- First violation — Written warning via email to your account's registered address. You have 7 calendar days to cure the violation.
- Repeat violation — Account suspension. Access to the dashboard and API is disabled until the issue is resolved and acknowledged in writing.
- Egregious violation — Immediate termination without prior warning. This applies to: spam or bulk unsolicited messaging, illegal content generation, processing of data that endangers individuals, and deliberate attempts to compromise platform security. No refund is provided for the current billing period.
Appeals. If you believe enforcement action was taken in error, you may appeal by emailing hello@meetcyrus.ai within 14 days of the action. We will review and respond within 10 business days.
9. Changes to This Policy
We may update this AUP from time to time. Material changes will be communicated via email at least 14 days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
10. Contact
Questions about this Acceptable Use Policy can be directed to:
Perfect Design Enterprise (trading as Cyrus)
Email: hello@meetcyrus.ai
Website: meetcyrus.ai