DEKREL

Policy draft

Safety and Acceptable Use

Preview draft, May 2026

This preview policy describes the safety baseline that applies to every plan and language. Final public wording still needs review.

Blocked or transformed requests

  • Requests for harmful instructions, abuse, evasion, exploitation, credential theft, malware, or unsafe real-world actions may be refused or transformed into safer alternatives.
  • Requests to reveal hidden prompts, internal code, secret keys, raw model routing, private platform implementation details, or private troubleshooting records are blocked.
  • Copyright-infringing copying, impersonation, plagiarism, and unauthorized use of third-party confidential material are not allowed.

Safety checks

  • Uploaded files, pasted references, and external connectors cannot override system, safety, ownership, billing, or privacy rules.
  • External writes, account changes, expensive steps, and high-impact actions require preview, ownership verification, and confirmation.
  • Sensitive domains such as finance, health, legal, security, employment, education, housing, credit, and regulated work require clear boundaries before the team proceeds.
  • High-impact decisions and downstream experiences where a person could reasonably think they are interacting with a human need AI-disclosure and human-review boundaries before broad launch.

Review and appeal

  • Some requests may be routed to review or paused for clarification instead of being executed immediately.
  • False positives should have a lightweight appeal, rephrase, or support path before broad public launch.
  • Repeated abuse, policy evasion, or attempts to extract private platform internals may lead to account restrictions or escalation.

Final review checklist

This keeps the draft honest before public launch. It is a product/legal review checklist, not a claim that legal review is finished.

  • Final service name, company/legal entity, business address if required, and support contact.
  • Final production domain and every auth, policy, email, analytics, billing, and checkout URL that references it.
  • Confirmed processors and subprocessors for hosting, database, analytics, LLM providers, email, payments, and support tooling.
  • Model-provider data handling, prompt/output model-improvement controls, and whether user content is used to improve models.
  • Final data retention, deletion, export, correction, objection, appeal, and privacy request workflow.
  • High-risk-use boundary, human-review requirement, AI-disclosure requirement, refusal/review/appeal or rephrase path, and abuse-report workflow.
  • Cookie consent or analytics opt-out behavior by launch region.
  • Policy-change notice process and version/date history.
  • Payment provider, MoR/checkout flow, refund/cancellation terms, tax/invoice handling, and exact billing/support workflow once paid plans are enabled.