LEGAL
Acceptable Use Policy
Last Updated: July 10, 2026
This Acceptable Use Policy ("Policy") is part of our Terms of Service ("Terms") and should be read alongside our main Terms at sonomos.ai/terms. Capitalized terms used but not defined in this Policy have the meanings given to them in our Terms.
In this Policy, "Software" means Sonomos Locke, the Sonomos desktop privacy application, including its local daemon, graphical application, command-line tools, and related installers, as further defined in our End-User License Agreement.
When you use the Services provided by Sonomos, Inc., a Delaware corporation with its principal place of business at 9924 Kika Court #2416, San Diego, CA 92129, United States ("Company," "we," "us," or "our"), you agree to comply with this Policy, our Terms, our Privacy Policy, and all applicable laws.
We may update this Policy from time to time. Material changes will be communicated in accordance with the notice provisions in our Terms.
1. General Conduct
You agree to use the Services only for their intended purpose: to help you identify, manage, and protect sensitive information when interacting with AI tools and online services. You will use the Services in a lawful, ethical, and responsible manner that respects the rights and privacy of all individuals.
2. Prohibited Uses
2.1 Violate Laws or Regulations
- Engage in any activity that violates applicable federal, state, local, or international law or regulation.
- Facilitate the concealment, destruction, or alteration of information in violation of legal discovery obligations, court orders, regulatory requirements, or reporting obligations. This includes using the Software's masking features to hide information that you are legally required to disclose or preserve.
- Circumvent anti-money laundering, know-your-customer, sanctions, or other financial compliance requirements.
- Process, transmit, or store information in violation of any applicable data protection or privacy law.
2.2 Abuse the Platform
- Systematically retrieve data or content from the Services to create or compile a collection, database, or directory without our prior written permission.
- Circumvent, disable, or interfere with security, authentication, license management, or rate-limiting features of the Services.
- Interfere with, disrupt, or create an undue burden on the Services or connected networks and infrastructure.
- Attempt to bypass any technical measures designed to prevent or restrict access to the Services.
- Use automated means — including scripts, bots, scrapers, spiders, robots, or similar tools — to interact with, access, or extract data from the Services.
- Upload or transmit viruses, Trojan horses, worms, or other malicious code.
- Upload or transmit any material that acts as a passive or active information collection or transmission mechanism.
- Engage in unauthorized framing of or linking to the Services.
2.3 Misuse Accounts and Credentials
- Create accounts by automated means or under false pretenses.
- Attempt to impersonate another user, person, or entity.
- Share, sell, or transfer your account, login credentials, or subscription access to any unauthorized person.
- Collect usernames, email addresses, or other user information for the purpose of sending unsolicited communications.
- Attempt to learn sensitive account information such as other users' passwords.
2.4 Infringe Intellectual Property
- Copy, modify, adapt, reproduce, distribute, or create derivative works based on the Services, the Software, or any Content, except as expressly authorized.
- Decipher, decompile, disassemble, or reverse engineer any software comprising any part of the Services, except to the extent expressly permitted by applicable law.
- Remove, alter, obscure, or deface any copyright, trademark, or other proprietary rights notice.
2.5 Harm Users, Employees, or Third Parties
- Harass, abuse, threaten, intimidate, stalk, or harm any person.
- Use information obtained from the Services to harass, abuse, or harm another person.
- Submit false reports of abuse, misconduct, or security vulnerabilities.
- Disparage, tarnish, or otherwise harm the reputation of the Company, the Services, or other users.
2.6 Engage in Unauthorized Commercial Activity
- Use the Services for competitive analysis, benchmarking, or developing a competing product or service.
- Use the Services or any Content for any revenue-generating endeavor not specifically endorsed or approved by us.
- Use the Services to advertise or offer to sell goods and services not authorized by us.
- Share, distribute, sublicense, or otherwise make the Software or any local processing components available to unauthorized third parties.
3. Locke-Specific Restrictions
Because the Software is a privacy-protection tool, the following uses are specifically prohibited because they invert its purpose. You must not use the Software to:
- Defeat another party's privacy. Identify, re-identify, or extract personal information from data that you do not lawfully hold and are not lawfully authorized to process, or attempt to defeat anonymization, pseudonymization, or redaction applied by a third party.
- Engage in "privacy washing." Represent to any regulator, auditor, data subject, court, or counterparty that data processed by the Software is "anonymous" or "non-personal" when you retain the encryption keys or mapping data that would permit re-identification. Pseudonymized data is still personal data.
- Evade data-subject rights or legal holds. Obscure, restructure, or "launder" data for the purpose of evading a data-subject access request, a right-of-erasure request, a legal hold, a subpoena, or any analogous statutory or regulatory obligation.
- Bypass an AI provider's safeguards. Obscure, fragment, or transform prompts or completions for the purpose of evading the abuse-detection, safety, content-moderation, or rate-limiting controls of an AI provider or other third-party service the Software is used with.
- Misuse the local mapping store. Export, copy, or share the Software's local mapping store, encryption keys, or related decryption material outside the scope of your own lawful processing, or provide it to any party not legally authorized to receive the underlying plaintext.
4. Subscription-Specific Restrictions
If you subscribe to a paid tier of the Services, you additionally agree that you will not:
- Use, copy, redistribute, publish, display, or retransmit any portion of the Services beyond the scope of your subscription.
- Provide or make available your subscription access to any unauthorized third party.
- Intercept, access, or attempt to access any data not intended for you.
- Damage, reveal, alter, or interfere with any other user's data, account, or information.
- Use the Services to circumvent safeguards, rate limits, or technical protections beyond your authorized use.
- Exceed the number of authorized users, devices, or installations permitted by your subscription plan.
5. Use of Locke's Privacy Features
The Software, including its real-time detection and on-device masking features, is designed to help you protect sensitive information before you share it with third-party services. You acknowledge and agree that:
- You are responsible for your decisions. The Software provides detection alerts and masking tools to assist your judgment. It does not make legal, compliance, or security decisions for you.
- The Software is not a compliance solution by itself. The Software may be used as one component of a broader compliance and security program, but it does not guarantee compliance with any law, regulation, or industry standard.
- You may not use the Software to evade legal obligations. You may not use its masking or encryption features to conceal, destroy, or alter information that you are legally required to disclose, preserve, or produce.
- You may not use the Software to facilitate fraud. You may not use detection or masking features to deceive counterparties, obscure material information in transactions, or otherwise facilitate fraudulent or deceptive conduct.
- Detection results are not guaranteed. The Software uses pattern matching and on-device machine learning. It may produce false positives or false negatives. You should not rely solely on the Software to identify all sensitive information.
- Local processing is not absolute security. While the Software processes data locally on your device, local processing does not protect against threats to your device itself, such as malware, keyloggers, unauthorized physical access, or a compromised operating environment.
6. Reporting Violations
If you become aware of any violation of this Policy, please report it to us:
- Email: info@sonomos.ai
- Online: sonomos.ai/contact
We encourage responsible reporting and will not retaliate against anyone who reports a violation in good faith.
7. Consequences of Violations
We take violations of this Policy seriously. We may take one or more of the following actions:
- Warning. We may issue a formal notice describing the violation and requiring you to cease the prohibited conduct immediately.
- Suspension. We may temporarily suspend your access to all or part of the Services while we investigate.
- Termination. We may permanently terminate your account and access. Termination under this section constitutes termination for cause, and no refund of prepaid fees will be provided.
- Legal Action. We may pursue legal remedies, including injunctive relief, damages, and reporting of the violation to law enforcement or regulatory authorities.
We are not obligated to provide advance notice before taking action, except where required by applicable law. We exclude our liability for actions taken in good faith in response to violations, to the maximum extent permitted by applicable law.
8. Relationship to Other Policies
This Policy supplements, and does not replace, our Terms of Service, End-User License Agreement, and Privacy Policy. In the event of any conflict between this Policy and our Terms, the Terms shall control unless this Policy expressly states otherwise.
- Terms of Service — sonomos.ai/terms
- End-User License Agreement — sonomos.ai/eula
- Privacy Policy — sonomos.ai/privacy
9. Contact Us
Sonomos, Inc.
9924 Kika Court #2416
San Diego, CA 92129
United States
General: info@sonomos.ai
Online: sonomos.ai/contact