GATA AI — Acceptable Use Policy

Last updated: 11 May 2026

This Acceptable Use Policy (the "AUP") governs the use of the GATA AI software-as-a-service platform (the "Service") operated by Exchester Ltd (a company incorporated in England and Wales with company number 12601661, whose registered office is at 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom), trading as GATA AI ("GATA", "we", "us", "our").

This AUP is incorporated by reference into, and forms part of, the GATA Terms of Service published at https://gata.ai/terms-of-service (the "Terms"). Capitalised terms used but not defined in this AUP have the meanings given in the Terms.

By accessing or using the Service, you (the "Customer") agree, and shall procure that each of your Authorised Users agrees, to comply with this AUP. Breach of this AUP is a material breach of the Terms and may result in suspension or termination of the Service under Section 14 of the Terms.

GATA may update this AUP from time to time. The "Last updated" date will be revised when changes are made. Material changes will be notified in accordance with clause 16.2 of the Terms.

1. Scope

This AUP applies to:

1. all Inputs that the Customer or any Authorised User submits to the Service;
2. all Outputs that the Service generates in response to such Inputs;
3. all use, distribution, publication and commercial exploitation by the Customer, any Authorised User, or any third-party recipient, of any Output; and
4. all interaction by the Customer or any Authorised User with the Service, including the front-end web application, any APIs, any administrative interfaces and any output channels.

In this AUP, references to "you" mean the Customer and each Authorised User.

2. Prohibited Content

You shall not use the Service to submit Inputs, generate Outputs, or distribute Outputs that consist of, depict, promote, facilitate or incite any of the following.

2.1 Child sexual abuse material (CSAM) and child sexualisation

1. Any content that constitutes child sexual abuse material under the Protection of Children Act 1978, the Coroners and Justice Act 2009 (in respect of prohibited non-photographic images), 18 U.S.C. § 2256, the EU Child Sexual Abuse Directive (2011/93/EU), or any equivalent law of any jurisdiction.
2. Any sexualised depiction, simulation or sexual contextualisation of any individual who is, or who is depicted as being, under 18 years of age, regardless of whether the depiction is photographic, AI-generated, illustrated, animated or otherwise synthetic.
3. Any content that grooms, sexualises, normalises sexual contact with, or otherwise endangers minors.

2.2 Non-consensual intimate imagery and sexual deepfakes

1. Any sexual, nude, semi-nude or intimate depiction of any identifiable real person produced or distributed without that person's verifiable, freely given and informed consent, including content that constitutes an offence under section 66B of the Sexual Offences Act 2003 (sharing or threatening to share intimate images) or the Online Safety Act 2023.
2. Any "deepfake" or otherwise synthetic depiction of an identifiable real person in a sexual or intimate context, regardless of consent claims, where GATA cannot verify consent through the verification process described in Section 4.
3. Any content that exposes, identifies or refers to a victim of a sexual offence in a way that is unlawful under the Sexual Offences (Amendment) Act 1992 or equivalent law.

2.3 Deceptive deepfakes of real people

1. Realistic synthetic depictions of any identifiable real person (whether public figure or private individual) saying, doing or appearing to endorse anything that the person did not in fact say, do or endorse, where the depiction is reasonably likely to deceive a viewer, except where (i) the depicted person has given verifiable consent under Section 4 and (ii) the Output is clearly labelled as AI-generated.
2. Any content that violates a person's image, likeness, voice or publicity rights under Applicable Law (including the right of publicity in US states, the German Recht am eigenen Bild, the French droit à l'image, or any equivalent regime).
3. Any content that constitutes "fraudulent representation" or impersonation of a person under section 35 of the Online Safety Act 2023 or equivalent law.

2.4 Election, civic and political disinformation

1. Synthetic depictions of candidates, elected officials, election officials, electoral processes or polling locations that could reasonably mislead voters as to the conduct, outcome or integrity of any election or referendum.
2. Content designed or reasonably likely to suppress voter turnout, misinform voters about voting eligibility, dates, locations or methods, or undermine confidence in lawful democratic processes.
3. Content that imitates or impersonates an official communication of any government, public authority, political party or election regulator.
4. Content that targets any person on the basis of their participation in democratic life, including journalists, election workers, judges or candidates.

This category applies before, during and after election periods and is not limited to UK elections.

2.5 Impersonation and identity misuse

1. Impersonation of any individual, business, public authority, governmental body, brand, news organisation or trusted institution, including the synthesis of their voice, likeness, communication style or branding, where the impersonation is reasonably likely to deceive.
2. Use of the Service to operate fake accounts, fake reviews, fake customer testimonials or fake endorsements.
3. Use of the Service to produce documents, identification, certificates, qualifications, communications or other artefacts that purport to originate from a person or institution other than the Customer.

2.6 Hate, harassment, threats and incitement

1. Content that incites, advocates or glorifies violence, terrorism, genocide, ethnic cleansing or other serious crime against any person or group.
2. Content that promotes hatred, dehumanises or seriously demeans any person or group on the basis of a protected characteristic, including race, ethnicity, national origin, religion, disability, sex, gender identity, sexual orientation, age or pregnancy/maternity status, in a manner that is unlawful under the Equality Act 2010, the Public Order Act 1986, EU hate-speech laws or equivalent law.
3. Targeted harassment, bullying, doxxing, stalking, sexual harassment, or threats of physical or sexual violence directed at any individual or identifiable group.
4. Content that constitutes "illegal content" or "content harmful to children" under the Online Safety Act 2023, including content promoting self-harm, suicide, eating disorders, or coercive behaviour.

2.7 Terrorist, extremist and dangerous-organisation content

1. Content produced for, on behalf of, or in support of any organisation proscribed under the Terrorism Act 2000, designated under the EU Common Position 931/2001, sanctioned by HM Treasury OFSI, the US OFAC SDN list or an equivalent list, or otherwise classified as a terrorist or violent-extremist organisation.
2. Content that recruits, fundraises, plans, instructs or facilitates terrorist activity, mass-casualty violence or serious organised crime.

2.8 Sexual content (general)

1. Pornographic, sexually explicit or fetish content where the Service is used by the Customer in a way inconsistent with the B2B-positioned purpose of the Service.
2. Any sexual content generated without satisfying both Section 2.1 and Section 4.

GATA may operate sub-category restrictions, watermarking, and age-gating for non-prohibited adult content where business need is established under an Order Form; absent such Order-Form provision, sexual content is not a permitted use case.

2.9 Intellectual-property infringement

1. Inputs that the Customer does not own or for which the Customer does not hold all necessary rights, licences, consents and permissions to submit to the Service for processing as contemplated by the Terms.
2. Outputs that infringe the copyright, trade mark, design right, patent, database right, trade secret, moral right or any other intellectual-property right of any third party.
3. Use of the Service to deliberately reproduce a particular third-party copyrighted work, trade-marked brand element, or registered design (including by prompting using the third party's name, title, character, scene or branding) where the resulting Output is reasonably likely to infringe.
4. Use of the Service to circumvent, defeat or remove any digital-rights-management measure, watermark, content-protection signal or AI-provenance signal.

2.10 Privacy violations

1. Submission of personal data of identifiable individuals without all consents, lawful bases and rights necessary under applicable Data Protection Laws.
2. Submission of special-category data (UK GDPR Article 9), criminal-conviction data (UK GDPR Article 10), or children's personal data, without the additional safeguards required by Applicable Law.
3. Use of the Service to surveil, profile, identify, track, locate or otherwise infringe the privacy of any individual.

2.11 Fraud, deception and unfair commercial practices

1. Phishing, scams, spoofing, pretexting, business-email-compromise content, fake invoices, fake receipts, fake support communications and similar fraudulent material.
2. Content for use in market manipulation, securities fraud, pump-and-dump schemes, fake reviews, astroturfing, or any practice prohibited by the Consumer Protection from Unfair Trading Regulations 2008, the Digital Markets, Competition and Consumers Act 2024, or equivalent law.
3. Content used in a money-laundering, sanctions-evasion, terrorist-financing or tax-evasion scheme.

2.12 Malware, exploits and cybercrime tooling

1. Malware, ransomware, spyware, viruses, worms, rootkits, keyloggers or other malicious code; instructions, exploit code or step-by-step assistance enabling unauthorised access to any system or network.
2. Content used to facilitate offences under the Computer Misuse Act 1990, the EU Cybercrime Directive (2013/40/EU), 18 U.S.C. § 1030, or equivalent law.

2.13 Dangerous goods and serious-harm uplift

1. Detailed technical instructions, designs, formulations or operational uplift for the synthesis or use of chemical, biological, radiological, nuclear or high-yield explosive (CBRNE) weapons, or for serious cyber-physical attacks on critical infrastructure.
2. Instructions for the manufacture of unlawful firearms, untraceable firearms, or firearm conversion devices unlawful in the Customer's jurisdiction.
3. Encouragement, instruction or facilitation of self-harm, suicide methods, eating disorders or other serious self-injury.

2.14 Regulated decisions about people

You shall not use the Service, or any Output, as the sole or principal basis for any of the following decisions about an identifiable individual, where such use would not satisfy the lawful-basis, fairness, transparency and human-oversight requirements of Applicable Law (including UK GDPR Article 22 and the EU AI Act):

1. employment, hiring, promotion, performance evaluation, termination or worker monitoring;
2. creditworthiness, lending, insurance underwriting or pricing;
3. housing, tenancy or eviction;
4. education admission, assessment or expulsion;
5. immigration, asylum, border control, criminal investigation, predictive policing or judicial sentencing;
6. access to essential public services, social-security benefits or healthcare; or
7. any other decision producing legal or similarly significant effects on the individual.

The Service is not designed, validated or supplied as a "high-risk AI system" within the meaning of Annex III of Regulation (EU) 2024/1689 (the "EU AI Act"). Where you intend to use the Service for any purpose described in this clause 2.14, you must contact GATA in advance under an Order Form; absent such Order Form, the use is prohibited.

3. Source Material — Customer Warranties

You represent and warrant, on each occasion that you submit Inputs to the Service, that:

3.1 Rights to Inputs. You own, or have obtained from the rights-holder all necessary rights, licences, consents and permissions in respect of, every element of every Input, sufficient to permit GATA and its Sub-Providers to host, store, process, transmit, reproduce, display and create derivative works of the Input as contemplated by the Terms.

3.2 No infringement. No Input infringes the intellectual-property rights, privacy rights, publicity rights, moral rights, contractual rights or any other rights of any third party.

3.3 Personal data lawful basis. Where any Input contains personal data (including images, voices or video footage of identifiable individuals), you have a lawful basis under Data Protection Laws for the processing of that personal data by GATA and its Sub-Providers as contemplated by the Terms, and you have provided all required notices to data subjects.

3.4 No restricted-source data. No Input has been obtained by scraping a third-party platform in breach of that platform's terms, by circumventing technical protection measures, or in breach of any contractual or fiduciary duty.

3.5 No private third-party content. No Input contains the private content (including private messages, private photographs, internal documents or trade secrets) of a third party for which you do not hold rights to disclose to GATA.

A breach of any of clauses 3.1 to 3.5 is a material breach of the Terms and the AUP, triggers the indemnity in clause 13.1 of the Terms, and may result in immediate suspension or termination under Section 14 of the Terms.

4. Voice and Likeness — Verifiable Consent

The Service can generate or transform visual depictions and audio of human characters, including via lip-sync localisation and character "reels". You shall not use the Service to clone, recreate, dub, lip-sync or otherwise synthesise the voice, face, body or other identifying physical characteristics of an identifiable real person ("Likeness Subject") except where you can produce, on request by GATA, evidence of all of the following:

1. Identity — verifiable identification of the Likeness Subject;
2. Express, written consent of the Likeness Subject (or, where the Likeness Subject is deceased and applicable law preserves a post-mortem right of personality, of the estate or holder of those rights), specifically authorising the synthesis, dubbing or other generative use proposed and the channels of distribution;
3. Informed scope — the consent must specify the territories, languages, channels and approximate time-period of intended distribution, and must reflect that the use is generative AI / synthetic;
4. Withdrawal — the consent must permit the Likeness Subject to withdraw consent on reasonable notice;
5. Capacity — the Likeness Subject must be (i) at least 18 years old, or (ii) where the Likeness Subject is a minor, the consent must be provided by all individuals with parental responsibility, and the use must comply with all child-protection law and child-image protections under Applicable Law; and
6. Lawful basis — for any personal data of the Likeness Subject processed by GATA and its Sub-Providers, an applicable lawful basis under Data Protection Laws.

4.1 Self-likeness. Where the Likeness Subject is the Authorised User personally, the Authorised User's submission of the Input via the Service is deemed to satisfy clauses (a) to (f) in respect of that Authorised User, provided the Authorised User is at least 18, has capacity to consent, and is acting voluntarily.

4.2 Public-figure / commentary use. The "consent" requirement above does not apply to ordinary editorial, satirical or commentary use of public figures that does not involve generative cloning of voice or face, that is not reasonably likely to deceive viewers as to authenticity, that complies with Section 2.3 (Deceptive deepfakes) and Section 2.4 (Election content), and that is clearly labelled as commentary or satire. Determining whether use falls within this exception is the Customer's responsibility; GATA's exercise of moderation discretion under Section 8.1 of the Terms is not an endorsement.

4.3 No reverse-engineering of likeness. You shall not use the Service to derive, reconstruct or reverse-engineer the likeness or voice of an individual from public materials in order to bypass clauses (a) to (f).

4.4 Record-keeping. You shall retain, for a minimum of six (6) years from the date of the relevant Generative Operation, records sufficient to evidence compliance with this Section 4 in respect of each Likeness Subject, and shall produce them to GATA on reasonable request.

5. Output Use Restrictions

The fact that the Service has produced an Output does not entitle the Customer to use the Output in every way. In addition to the Customer-side responsibilities in the Terms (including clauses 6.3, 8.2 and 11.4), the Customer shall:

5.1 Independent review. Independently review every Output before publication, distribution, broadcast, commercial exploitation or other use, including for "AI hallucination", factual inaccuracy, defamatory implication, bias, deepfake/likeness risk, IP risk, child-safety risk and regulatory risk. The Customer must not rely on Outputs for any purpose where errors could cause loss, harm or regulatory non-compliance, without independent human review.

5.2 EU AI Act provenance disclosure. Where the Customer makes an Output that is AI-generated or AI-manipulated visual or audio content publicly available, the Customer is responsible for complying with any disclosure or labelling obligations applicable to it under Article 50 of the EU AI Act (Regulation (EU) 2024/1689) and analogous laws (including, where applicable, the EU AI Act provenance-marking obligation on deployers, and equivalent disclosure obligations under US state laws relating to political-advertising AI disclosure).

5.3 Online Safety Act and platform terms. The Customer is responsible for ensuring that its use of Outputs and any onward distribution complies with the Online Safety Act 2023, the platform terms of any service to which the Output is uploaded, and equivalent law of every jurisdiction in which the Output is made available.

5.4 No high-risk AI deployment. The Customer shall not deploy any Output, or any system incorporating any Output, as a "high-risk AI system" or "general-purpose AI system" within the meaning of the EU AI Act, unless the Customer (a) has executed a separate Order Form expressly permitting that use and (b) takes full responsibility for, and indemnifies GATA against, all conformity-assessment, post-market-monitoring, transparency and registration obligations attaching to that deployment.

5.5 Sub-Provider terms pass-through. Outputs may incorporate, reflect or be derived from underlying Sub-Provider models. The Customer's use of Outputs is subject to any applicable Sub-Provider rules (including content rules and use restrictions imposed by Amazon Bedrock and fal.ai). In the event of any conflict between this AUP and any applicable Sub-Provider rule that prohibits a particular use, the more restrictive rule applies.

5.6 Watermarks and provenance signals. The Customer shall not remove, conceal, alter or impair any watermark, content-credentials marker, C2PA manifest, AI-provenance signal or attribution that GATA or any Sub-Provider applies to any Output.

6. Security and Platform Integrity

You shall not, and shall procure that your Authorised Users shall not:

6.1 Unauthorised access. Access or attempt to access any part of the Service, any Account other than your own, any Sub-Provider system, or any underlying infrastructure, in a manner not expressly authorised by the Terms.

6.2 Scraping and automated access. Scrape, crawl, index, harvest, or use any automated tool, bot, script or AI agent to extract content from the Service, the GATA website or any GATA API, except where (i) GATA has issued the Customer documented API credentials, (ii) the access complies with the rate limits and usage caps applicable to those credentials, and (iii) the access is for the Customer's own use of the Service in accordance with the Terms. Headless browsers, residential-proxy networks and CAPTCHA-solving services may not be used to access the Service.

6.3 Model extraction and training-data exfiltration. Use the Service to extract, reconstruct, distil, fine-tune from, or otherwise create a derivative of, the underlying machine-learning models, model weights, training data, embeddings or system prompts of GATA or any Sub-Provider, including by submitting prompts designed to elicit verbatim training data or system prompts.

6.4 Competitive AI training. Use the Service, or any Output, to develop, train, fine-tune, evaluate or benchmark any artificial-intelligence model that is competitive with the Service or with any underlying Sub-Provider model. This restriction applies whether the Output is used directly as training data or via a "teacher–student" distillation arrangement, "synthetic data" generation pipeline, or similar.

6.5 Jailbreaks and safety circumvention. Construct, share or deploy prompts, prompt-injection payloads, indirect-injection content, "jailbreak" techniques, multi-turn manipulation patterns, encoded instructions or other methods designed to:

1. cause the Service to produce Outputs that violate this AUP, the Terms or Applicable Law;
2. bypass, weaken or disable the moderation pipeline, content filters, safety classifiers, safety prompts, refusal behaviours, watermarking or rate limits of the Service or any Sub-Provider; or
3. cause the Service to disclose any system prompt, configuration parameter, internal instruction, model identifier, Sub-Provider credential or any other Confidential Information of GATA or any Sub-Provider.

6.6 Reverse engineering. Reverse-engineer, decompile, disassemble or attempt to derive the source code, model weights or underlying algorithms of the Service or any Sub-Provider's models, except to the extent expressly permitted by Applicable Law that may not be excluded by contract.

6.7 Probing, testing and "red-teaming". Conduct penetration testing, vulnerability scanning, fuzzing, denial-of-service simulation, AI red-teaming or any other security or adversarial-robustness testing against the Service, except where GATA has given prior written authorisation and the testing is conducted in accordance with the conditions of that authorisation.

6.8 Disproportionate load and rate-limit circumvention. Use the Service in a way that imposes an unreasonable or disproportionately large load on the Service or any Sub-Provider, that circumvents any usage limit, allowance or rate limit, or that uses multiple Accounts to evade per-Account limits.

6.9 Malicious payloads. Upload or submit any Input that contains malware, exploit code, malicious URLs, command-and-control beacons or other content reasonably likely to harm GATA, any Sub-Provider, the Service, any other user or any third party.

6.10 Resale and sublicensing. Resell, sublicense, time-share, white-label or otherwise make the Service available as a service to any third party other than Authorised Users, except as expressly permitted by an Order Form.

7. Data Protection — Customer-Side Obligations

Without limiting Section 10 of the Terms or the DPA:

7.1 Lawful basis. The Customer shall ensure that there is a lawful basis under Data Protection Laws for the processing carried out by GATA and its Sub-Providers in respect of any personal data contained in Inputs.

7.2 Notices. The Customer shall provide all notices to data subjects required under UK GDPR Articles 13 and 14 (or equivalent law) in respect of personal data contained in Inputs.

7.3 Special-category and children's data. The Customer shall not submit special-category personal data (UK GDPR Article 9), criminal-conviction data (UK GDPR Article 10) or children's personal data unless the Customer has the additional safeguards required by Applicable Law and has notified GATA in advance under an Order Form.

7.4 Data-subject rights. The Customer shall have appropriate processes for handling data-subject rights requests in respect of personal data submitted to the Service, including by using the Service's Customer-Content deletion features and the Export Window described in clause 15.2 of the Terms.

8. Reporting Abuse

If you become aware of any actual or suspected violation of this AUP, including any Output or activity on the Service that you believe constitutes prohibited content under Section 2 of this AUP, you should report it to GATA at:

support@gata.ai

Reports should include sufficient information to allow GATA to investigate (including, where available, the relevant Output identifier, Account identifier or URL; the nature of the suspected violation; and contact details for the reporter).

8.1 IP infringement notices. Notices of claimed copyright or other intellectual-property infringement should be sent to support@gata.ai and should include (i) identification of the work or right claimed to have been infringed; (ii) identification of the Output or material claimed to be infringing, with sufficient information to locate it; (iii) the complainant's contact information; (iv) a statement of the complainant's good-faith belief that the use is not authorised by the rights-holder, its agent or the law; and (v) the complainant's signature (electronic or physical). GATA processes IP-infringement notices in line with the notice-and-takedown frameworks of Articles 6 and 16 of the EU Digital Services Act (Regulation (EU) 2022/2065) and section 17 of the Online Safety Act 2023, to the extent applicable. GATA does not currently rely on the safe-harbour procedure under 17 U.S.C. § 512 (DMCA) — see Section 10 below.

8.2 CSAM and child-safety reports. Suspected child sexual abuse material or child-safety violations should be reported to support@gata.ai marked URGENT — CSAM, and should additionally be reported to the relevant statutory authority (in the UK, the Internet Watch Foundation at iwf.org.uk and/or the National Crime Agency at ceop.police.uk).

8.3 Privacy and personal-data complaints. Privacy complaints (including requests to remove personal data appearing in Outputs) should be sent to support@gata.ai.

8.4 No retaliation. GATA will not retaliate against any individual or organisation that reports a suspected violation of this AUP in good faith.

9. Enforcement

GATA may take any one or more of the following actions, with or without prior notice, where GATA reasonably believes that this AUP has been violated, that a violation is in progress, or that the integrity, safety or legal position of the Service, GATA, any Sub-Provider, any user or any third party is at risk:

1. refuse to process a particular Input, refuse to deliver a particular Output, or remove an Output from the Customer's Account, in accordance with clause 8.1 of the Terms;
2. issue a warning or require remedial action by the Customer;
3. restrict or rate-limit the Customer's access to specific features of the Service, including specific Generative Operation categories;
4. suspend the Customer's Account in whole or in part under clause 14.1 of the Terms;
5. terminate the Customer's Subscription and Account under clause 14.4 of the Terms, with immediate effect;
6. preserve, disclose to law-enforcement authorities, or report to regulatory authorities, any Input, Output, Account information or other data, where GATA is required or authorised to do so by Applicable Law (including under the Online Safety Act 2023, the EU Digital Services Act, mandatory CSAM reporting laws, anti-money-laundering laws and lawful-process orders);
7. preserve evidence and assist law-enforcement investigations;
8. pursue any other remedy available to GATA under the Terms or Applicable Law, including the indemnities in clause 13.1 of the Terms.

The exercise by GATA of any one or more of these enforcement measures does not waive any other right or remedy. Enforcement measures do not entitle the Customer to any refund or credit beyond the pre-acceptance refund described in clause 4.5 of the Terms.

9.1 Repeat infringer policy. GATA maintains a policy of terminating, in appropriate circumstances, the Accounts of Customers and Authorised Users that are repeat infringers of intellectual-property rights or that repeatedly violate Section 2 of this AUP.

9.2 Severability of grounds. A single act or omission may breach more than one provision of this AUP; GATA's enforcement action need not specify the particular provisions breached, and the existence of an enforcement action under one provision does not exclude reliance on any other.

10. Intellectual-property Infringement Notices

This Section 10 supplements clause 8.1 by setting out the procedure GATA follows for handling intellectual-property infringement notices in respect of Outputs and other material on the Service, in line with Articles 6 and 16 of the EU Digital Services Act (Regulation (EU) 2022/2065) and section 17 of the Online Safety Act 2023, to the extent each applies.

GATA is established in the United Kingdom and does not target the United States market. GATA has not registered a designated agent under section 512 of the US Digital Millennium Copyright Act (17 U.S.C. § 512) and does not rely on the section 512 safe harbour. Where GATA's go-to-market changes (including by onboarding US business customers, launching public self-serve sign-up to US visitors, or directing marketing at the US market), GATA will register a designated agent at the US Copyright Office's Designated Agent Directory and update this Section 10 accordingly.

10.1 Notice of claimed infringement

Notices of claimed copyright, trade-mark, design-right or other intellectual-property infringement should be sent to support@gata.ai and should include:

1. the complainant's name and contact details (postal address and email);
2. identification of the work or right claimed to have been infringed (or, where multiple works are involved, a representative list);
3. identification of the Output or other material claimed to be infringing, with information reasonably sufficient for GATA to locate it (including, where applicable, the Output URL or Output identifier);
4. a statement of the complainant's good-faith belief that the use complained of is not authorised by the rights-holder, its agent or the law; and
5. the complainant's signature (electronic or physical) and, where the complainant is acting on behalf of the rights-holder, a statement that the complainant is so authorised.

10.2 Acknowledgement and action

GATA will acknowledge receipt of a compliant notice within five (5) Business Days. Where GATA reasonably considers, on the face of the notice and any further information GATA gathers, that the material is or may be infringing, GATA may remove or disable access to the material and notify the affected Customer of the action taken and the basis for it.

10.3 Customer response and restoration

A Customer whose material has been removed or disabled may, within a reasonable period of being notified, contact GATA at support@gata.ai to set out (a) the basis on which the Customer considers the material is not infringing, including any licence, consent, fair-dealing exception or other legal basis, and (b) the Customer's name and contact details. Where, on consideration of the Customer's response and any further information GATA reasonably requests, GATA considers that the material is not infringing or that the original notice was insufficiently substantiated, GATA may restore the material and will inform the original complainant. Restoration is a discretionary matter for GATA and does not give rise to a contractual right of restoration.

10.4 Misuse of process

A person who knowingly or recklessly submits a materially false or misleading infringement notice, or a materially false or misleading response under clause 10.3, may be liable to GATA, the affected Customer or any third party for damages and costs, including under the law of defamation, malicious falsehood or unfair commercial practice.

10.5 Repeat-infringer policy

Without limiting clause 9.1, GATA maintains and enforces a policy of terminating, in appropriate circumstances, the Accounts of Customers and Authorised Users that are repeat infringers of intellectual-property rights. An Account that is the subject of three (3) or more substantiated infringement notices in any rolling 12-month period (or such other threshold as GATA determines, acting reasonably, having regard to the seriousness of the infringements and the Customer's response) is a "repeat infringer" for these purposes and may be terminated under clause 14.4 of the Terms.

11. Updates to this AUP

GATA may update this AUP from time to time, including in response to changes in Applicable Law, Sub-Provider terms, identified misuse patterns or product changes. Updates take effect on the date stated as "Last updated" at the top of this AUP. Material changes that adversely affect the Customer's rights or obligations will be notified in accordance with clause 16.2 of the Terms. The Customer's continued use of the Service after the effective date of an update constitutes acceptance of the updated AUP.

12. Contact

For all matters under this AUP — including AUP violations and abuse reports, copyright and other intellectual-property infringement notices, coordinated security disclosures, privacy complaints and personal-data removal, and service support — please contact support@gata.ai.

Last updated: 11 May 2026