Acceptable Use Policy

1. Scope

This Acceptable Use Policy ("AUP") applies to every person and entity that accesses or uses the Meridian platform — including the Polaris desktop application, the Aurora mobile companion application, the Island Bar widget, the public website, and any related APIs (collectively, the "Service"). The AUP is incorporated by reference into the Master Subscription Agreement and the Terms of Service. By accessing the Service you agree to comply with this AUP.

2. Lawful use

You must use the Service only for lawful purposes and in compliance with all applicable laws, regulations, and professional codes of conduct, including immigration laws, privacy laws, anti-money-laundering laws, consumer protection laws, and the codes of professional conduct that govern licensed Canadian immigration consultants, Quebec immigration consultants, and members of any provincial law society.

3. Prohibited conduct

You must not, and must not permit any user, agent, contractor, or integration to do any of the following:

3.1 Illegal or harmful activity

• Use the Service to plan, commit, facilitate, conceal, or promote any illegal activity, including fraud, identity theft, human trafficking, immigration fraud, document forgery, tax evasion, money laundering, sanctions evasion, or unauthorized practice of law.
• Use the Service to harass, threaten, defame, stalk, dox, or otherwise harm any individual.
• Provide the Service to a person whose use would violate applicable export, sanctions, or trade-control law.

3.2 Misrepresentation

• Impersonate any person or entity, including impersonating Nova System staff or any government official.
• Falsely state or imply that the Firm holds a regulatory licence it does not hold, or that an unauthorized person is an authorized representative.
• Use the Service to make false declarations on behalf of, or to, any government authority.

3.3 Abuse of the Service

• Reverse-engineer, decompile, disassemble, or attempt to derive source code, model weights, prompts, or internal algorithms from the Service except to the extent that applicable law expressly permits despite this restriction.
• Probe, scan, or test the vulnerability of the Service except as permitted under our coordinated vulnerability disclosure program; see the Security Overview.
• Interfere with or disrupt the integrity, performance, or availability of the Service, including by transmitting malware, conducting denial-of-service attacks, sending excessive automated requests, or attempting to overload infrastructure.
• Circumvent, disable, or interfere with security, rate-limiting, authentication, billing, audit-logging, or content-filtering features.
• Use credentials that are not yours, or share credentials in a way that allows multiple individuals to share a single seat.
• Scrape, mirror, or systematically download content from the Service except through APIs we expressly provide for that purpose.

3.4 Misuse of data

• Upload, transmit, or store data that you do not have the right to upload or that infringes any third party's intellectual property, privacy, or other rights.
• Submit categories of personal information outside the scope set out in the MSA, including payment card data outside our explicit payment flows, government classified information, or biometric identifiers unrelated to immigration matters.
• Use Customer Data of one Firm to compete with or analyze that Firm, or to develop a product that competes with the Service.

3.5 Misuse of intelligent features

• Submit content to the assistant or other intelligent features that is intended to elicit hateful, harassing, sexually explicit, violent, deceptive, or otherwise harmful output.
• Attempt to bypass content-moderation, jailbreak the assistant, or trick it into producing output that violates this AUP, the Third-Party Intelligence Services Terms, or applicable law.
• Present assistant output to a Firm Client, government authority, court, tribunal, or regulator as if it were the unaided work of a licensed human professional. Output must always be reviewed by a qualified human before reliance.
• Use the Service to make decisions about a Firm Client that produce significant legal effects without meaningful human review.

3.6 Spam and outbound messaging

• Use the Service to send unsolicited bulk messages, spam, or messages that violate Canada's Anti-Spam Legislation (CASL), the U.S. CAN-SPAM Act, or other applicable communication laws.
• Use the Service to send messages with deceptive headers, false sender information, or misleading subject lines.
• Disable, modify, or fail to honour recipient opt-out / unsubscribe mechanisms required by law.

3.7 Children

• The Service is not directed to children under 16. Do not knowingly create accounts for, or collect personal information directly from, individuals under 16 except where the Firm has appropriate legal basis (for example, parental consent for a minor child included in an immigration case file).

4. Resource and rate limits

The Service applies reasonable resource and rate limits to protect availability and quality of service for all customers. We may publish current limits in the Documentation and may adjust them over time. You must not attempt to bypass limits or to consume an unreasonable share of resources at the expense of other customers.

5. Mobile app conduct

The Aurora mobile companion app is for use by Authorized Users of a subscribed Firm. You must not (a) attempt to log into Aurora with an account that is not yours, (b) jailbreak or root the device on which Aurora is installed and then use Aurora for production work, (c) use Aurora to capture confidential information through screen recording or third-party screen-grabber utilities, or (d) leave Aurora unlocked on an unattended device.

6. Island Bar conduct

The Island Bar is a public-facing widget that firms embed on their websites. Visitors who use the Island Bar must not (a) submit information about a third party without that person's knowledge and consent, (b) attempt to extract internal data, (c) attempt to elicit unlawful or harmful output from the assistant, or (d) use the bar to test, probe, or stress the Service. Additional terms apply at Island Bar Visitor Terms.

7. Security obligations

• Choose strong passwords and enable multi-factor authentication for any role with administrative or privileged access.
• Keep devices that access the Service patched and up to date.
• Remove access promptly for users whose employment, engagement, or authorization ends.
• Notify security@thenovasystem.com immediately if you suspect a credential compromise, security incident, or vulnerability.

8. Reporting

To report a violation of this AUP, abuse, suspected fraud, intellectual property infringement, or threats to safety, email abuse@thenovasystem.com. For security vulnerabilities, write to security@thenovasystem.com.

9. Enforcement

We may investigate suspected violations of this AUP. Depending on severity, we may (a) require the Firm to take corrective action, (b) suspend specific users or features, (c) suspend the entire account, (d) terminate the subscription for cause, and/or (e) cooperate with law enforcement and regulators. Where prompt action is necessary to protect the Service or others, we may act before notifying the Firm.

10. Changes

We may update this AUP from time to time. Material changes will be communicated as set out in the MSA. The most current version always applies.

11. Contact

Questions: legal@thenovasystem.com. Reports of suspected abuse: abuse@thenovasystem.com.