Acceptable Use Policy

This Acceptable Use Policy (the "AUP") sets out what you may not do with Saaya. It forms part of the Terms of Service and applies to the Customer, every User in your workspace, and any third party you give access to the Service.

Saaya is an Indian platform, and this AUP is anchored in Indian law — the Information Technology Act, 2000 and the rules under it; the Digital Personal Data Protection Act, 2023; the Bharatiya Nyaya Sanhita, 2023 (BNS); the Telecommunications Act, 2023 and TRAI's Telecom Commercial Communications Customer Preference Regulations, 2018 (TCCCPR); the Consumer Protection Act, 2019; and the Protection of Children from Sexual Offences Act, 2012 (POCSO). Where the conversation reaches users outside India, the Customer remains responsible for additional jurisdictional rules that apply to them.

We keep the list short and concrete. If you are unsure whether a use case sits on the wrong side of the line, write to info@illusionart.ai before you ship and we will give you a straight answer.

Plain English: Saaya is for legitimate, lawful, consented conversations. Don't use it to harm, deceive, harass, or mislead.

1. Zero tolerance

The following are immediate, irrevocable termination of your account with no refund and reporting to Indian law enforcement and to CERT-In where required:

• generating, distributing, or facilitating sexual content involving children, including any conduct caught by the POCSO Act, 2012 or by Section 67B of the IT Act;
• any attempt to use the Service for the sexual exploitation, grooming, or trafficking of any person;
• using the Service to materially aid the commission of a violent crime, terrorism, or to incite waging war against the Government of India under the BNS;
• credible threats of physical harm against an identifiable person or group.

2. Prohibited use

You may not, and may not permit any other person to, use the Service to:

2.1 Break Indian law

• violate any provision of the IT Act, the BNS, or any other Indian statute, rule, regulation, or notification that applies to you;
• conduct unlicensed regulated activity (financial advice without a SEBI / RBI / IRDAI licence as applicable, medical practice without registration with the relevant medical council, legal advice without enrolment with a Bar Council, etc.) where Indian law requires authorisation;
• breach Indian export-control rules or sanctions notifications.

2.2 Deceive or impersonate

• generate deepfakes — synthetic audio, video, or images impersonating a real person — without that person's authorisation, except for clearly disclosed satire, education, or journalism that is lawful in India;
• impersonate Saaya, our personnel, a Sub-processor, a Government of India authority, or any other person or entity;
• run conversations that misrepresent that the user is interacting with a human, where any Indian law, regulator advisory (including MeitY advisories on AI-generated content), or sectoral code of conduct requires disclosure that they are interacting with an AI;
• mislead recipients about the source, sponsorship, or purpose of the communication, in violation of Section 66D of the IT Act (cheating by personation using a computer resource), the Consumer Protection Act, or related rules.

2.3 Send unwanted messages

• place voice calls, send SMS, or send WhatsApp messages without a lawful basis under the Telecommunications Act, 2023 and TRAI's TCCCPR, 2018 — including registration with the relevant Telemarketer / Principal Entity ledger, observing the Do Not Disturb (DND) preferences of recipients, sending only during permitted time windows, and using only consented templates and headers;
• send mass unsolicited communication, including bulk lead-generation outreach to recipients who have not opted in;
• ignore opt-out, do-not-disturb, or unsubscribe signals;
• use the Service for any "Unsolicited Commercial Communication" (UCC) as defined under TRAI regulations.

2.4 Harm people

• harass, bully, threaten, or stalk an individual (including conduct caught by Sections 78 and 79 of the BNS, or by the IT Act);
• generate content intended to incite violence, communal disharmony, or self-harm;
• generate content that targets a person or protected class with hate, slurs, or harassment;
• collect or process biometric information (voiceprints, faceprints) in violation of the IT Rules, 2011 (which classify biometric information as Sensitive Personal Data or Information) or the consent and security obligations of the DPDP Act.

2.5 Exploit the platform

• attempt to bypass safety controls, content filters, or rate limits built into the Service or into the third-party model providers we route to;
• run prompt-injection or jailbreak attacks against the Service for purposes other than authorised security testing;
• reverse-engineer, decompile, model-extract, or scrape the Service;
• use the Service to develop a directly competing product, or to train a model on Saaya Outputs;
• run denial-of-service or resource-exhaustion attacks (which may also constitute offences under the IT Act);
• use the Service in a manner that materially impairs the experience of other customers.

2.6 Abuse special-purpose features

• use call-recording features without obtaining the consents and giving the disclosures required in the recording's jurisdiction (in India, recording one's own conversations is generally lawful, but consent of all parties is the safer industry practice and may be required by sectoral rules — for example RBI / SEBI / IRDAI customer-call rules);
• attribute Outputs to Saaya, our personnel, or a Sub-processor in a way that implies endorsement;
• use the API for an unauthorised resale or sublicense of the Service.

3. High-risk and regulated use

Some uses are not prohibited by default but require additional care. If your use case touches the following, you must run a pre-launch review with us (write to info@illusionart.ai with the subject "[High-risk use]") and you must comply with the heightened legal requirements that apply to you in India:

• healthcare conversations that surface health information regulated under the IT Rules, 2011 (we do not currently sign Business Associate Agreements; do not use the Service to process US Protected Health Information);
• credit, employment, education, housing, or insurance decisions that materially affect a person's life chances — RBI digital-lending guidelines, IRDAI rules, and similar sectoral regulators apply;
• conversations with children (additional consent and design obligations under the DPDP Act);
• conversations involving emergency or crisis support without a documented escalation path to a human;
• collection of Sensitive Personal Data or Information under the IT Rules, 2011 or biometric / health data under the DPDP Act.

We may set additional conditions on these use cases or decline them.

4. Reporting abuse

If you encounter content or behaviour that violates this AUP — whether generated by your own deployment, a Sub-processor's response, or another party — report it to info@illusionart.ai with the subject "[AUP report]". We will investigate and respond.

For grievances under the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, follow the grievance-officer process described in the Privacy Policy.

5. Enforcement

We may, depending on the severity and frequency of the violation:

• suspend the offending workspace, agent, or feature until the issue is resolved;
• terminate the account for material or repeated violations;
• notify Indian law enforcement, CERT-In, or affected third parties where required by Indian law;
• permanently bar the principals of a terminated account from re-registering.

We reserve the right to act without prior notice where the violation is ongoing, serious, or where notice would risk further harm.

6. Updates

We may update this AUP as the Indian regulatory and threat landscape evolves. Material changes are announced through the dashboard or by email at least 15 days before they take effect.