Acceptable Use Policy for the gro.now Platform (b2b)

1.1.

1.2. - 1.7.

2.1 - 2.24.

• 2.1. Platform – the gro.now hardware and software complex, including web interfaces, mobile applications (app), backend services, AI-based analytics modules, data connectors, SDKs, and (if available) APIs, as well as related documentation.
• 2.2. Provider – Pwron LLP, BIN 241040012133, address: Republic of Kazakhstan, Almaty, Bostandyk district, Satpayev str., 90/54, apt. 5, postal code 050000; e-mail: hi@gro.now; website: https://gro.now/.
• 2.3. Client - a legal entity or natural person who has entered into a User Agreement (UA) with the Provider and has been granted access to the Platform.
• 2.4. User Agreement (UA) -
• 2.5. Services - the Provider's services for providing access to the Platform on a SaaS model, ensuring its functionality and infrastructure support within the SLA, as well as configuration works to set up the Platform's functionality (including Research Modules), if such works are provided for by the Tariff or agreed upon separately.
• 2.6. SaaS (Software as a Service) — is a cloud-based model for providing software, in which the Provider develops cloud software, provides its maintenance, automatic updates, and availability, and provides such software to customers via the Internet for a fee proportional to the volume of use. The Provider manages all hardware, standard software, including middleware, software applications, and security.
• 2.7. Client's User – any person to whom the Client has granted access to the Platform through its Account (including employees, contractors, agents, and other authorized persons).
• 2.8. Client's Account (Account) — a set of user accounts, settings, and data created by the Client on the Platform for using the Services.
• 2.9. Account Administrator – a Client's User vested with rights to manage access and Client settings on the Platform (creating/deleting users, assigning roles, selecting a tariff plan, etc.).
• 2.10. Research – a set of analytical activities carried out by the Client using the Platform's functionality and analytical tools based on data obtained from open sources, including, but not limited to, social media analysis, reviews, macroeconomic indicators, as well as conducting Electronic Surveying.
• 2.11. Research Modules – pre-configured software solutions within the Platform's functionality that allow for the automated collection and analysis of information from open sources for conducting Research. The Provider ensures their functionality and, if necessary, carries out their configuration/inclusion to the extent provided for by the Agreement.
• 2.12. Electronic Surveying – the collection and processing of data through online surveys and interviews conducted in an automated mode using the Platform.
• 2.13. Research Results – aggregated data and analytical indicators processed using the Platform's tools and/or artificial intelligence and displayed through the Platform's interface.
• 2.14. Client Data – any data, files, texts, images, metadata, and other information uploaded or otherwise transmitted by the Client to the Platform, as well as data processed on behalf of the Client.
• 2.15. Results – output data, analytical reports, visualizations, texts, models, and other materials generated by the Platform at the Client's request.
• 2.16. Trial Features – mean any free access to the Platform: a trial version, a pilot/proof of concept, a beta version, a demo environment, or other Services provided without payment, as specified by the Provider in the interface, order/invitation, or otherwise communicated to the Client.
• 2.17. Subscription – a paid right of access to the Platform for a selected period (month/year or other) within the selected Tariff, with included limits/functionality and an active SLA.
• 2.18. Tariff (Plan) – a package of functionality, limits, and conditions for the provision of Services published at https://gro.now/#pricing, indicating the price, period, and restrictions.
• 2.19. Supplementary Agreement / Order – a document signed by the Parties that explicitly provides for the Provider's special obligations to perform tasks beyond the scope of the Services (e.g., development/configuration of an additional Research Module), including the scope, deadlines, and cost of such services.
• 2.20. Website – the public pages https://gro.now/ and https://app.gro.now/.
• 2.21. DPA – the Data Processing Agreement, located at https://app.gro.now/legal/dpa, which governs the roles of the Parties (Client – operator/controller, Provider – processor, if applicable), security measures, and the procedure for interaction.
• 2.22. SLA - the Service Level Agreement, located at https://app.gro.now/legal/sla, which establishes target indicators for availability/response and service credits.
• 2.23. AUP – the Acceptable Use Policy, located at https://app.gro.now/legal/acceptable-use-policy, which defines prohibitions and restrictions when using the Platform.
• 2.24. Third-Party Services (Integrations) – external services and providers not controlled by the Provider (e.g., authentication/SSO providers, scheduling tools, payment organizations), interaction with which may be carried out at the Client's choice.

3.1. - 3.5.

• 3.1. This Policy applies to any use of the gro.now Platform, including web interfaces, bots and plugins, mobile and desktop applications, SDKs, APIs, LLM functions, connectors, and third-party integrations, as well as to all related environments (production, testing, sandbox, beta/preview).
• 3.2. The Policy is mandatory for all of the Client's Users acting through the Client's Account, regardless of their status (employees, contractors, agents, other authorized persons) and method of access (personal login, SSO, API tokens/keys, service accounts).
• 3.3. The Policy applies to: (i) Client Data uploaded or otherwise transmitted to the Platform; (ii) data exchange between the Platform and integrations/sources connected by the Client; (iii) Results generated by the Platform's tools; (iv) technical traffic and operations performed via API/interfaces.
• 3.4. The use of Trial Features is governed by the Policy, taking into account the special restrictions and reservations established by the UA and the announcement materials for the respective features. In case of a prohibition on uploading sensitive data to Trial Features, the Client is obliged to comply with such prohibition.
• 3.5. Geographical Applicability. The Provider may restrict access to the Platform, individual functions, or integrations, taking into account the requirements of export control, sanctions, and other applicable legislation, as well as contractual restrictions from technology/content suppliers. The Client undertakes to consider such restrictions when providing access to its Users and when choosing processing regions.

3.6. - 3.11.

5.1. Illegal Activity and Content.

5.2. Violation of Security and Integrity of Services.

5.3. - 5.15.

• 5.3. Circumvention of Technical and Commercial Restrictions. It is not permitted to: a) bypass limits/quotas, tariff restrictions, billing mechanisms, licensing, and access control; b) use multi-accounting/parallelization to bypass limits; c) substitute the source of requests or mask their origin.
• 5.4. Unfair Use of API and Integrations. It is prohibited to: a) automatically collect data from sources or integrations if this violates their rules/access (including robots.txt, captchas, technical prohibitions); b) make API calls to third parties through the Platform in violation of their terms; c) transfer more data than necessary to integrations (including personal and confidential data) without a legal basis.
• 5.5. Reverse Engineering and Unfair Competition. It is not permitted to: a) decompile, disassemble, or attempt to obtain the source code, algorithms, or models of the Platform; b) use the Platform solely to create a functionally competing service; c) publish benchmark results of the Platform without the prior consent of the Provider.
• 5.6. Prohibited Categories of Data. Without the express written consent of the Provider, it is prohibited to upload/process: a) primary payment data (full card numbers, CVV, PIN, etc.); b) state, attorney-client, banking, and other secrets of third parties protected by law without proper authorization; c) biometric and other special categories of personal data (if the legal basis and processing regime have not been agreed upon); d) malicious code, exploits, materials aimed at causing harm.
• 5.7. Abuse in Communications. The following are prohibited: sending spam, mass unsolicited messages, farming/phishing, manipulating metrics, rating and voting systems, including generating fake reviews or boosting.
• 5.8. Impersonation and Unauthorized Access. It is not permitted to: a) impersonate another person/organization without authorization; b) access the accounts/data of third parties without permission; c) use others' tokens/keys, share one's own access, or organize a shared account.
• 5.9. Violation of Data Subjects' Rights and Confidentiality. It is prohibited to: a) upload/process personal data without a proper legal basis and notification to the subjects (if required by law); b) publish Results containing personal data/secrets of third parties if this violates the law or the terms of the sources.
• 5.10. Manipulation of Results and Sources. It is not permitted to: a) present aggregated/synthesized Results as a primary source when the terms of the data owner do not allow it; b) remove/hide mandatory notices, watermarks, metadata, or source attributions; c) knowingly distort content to cause harm to third parties.
• 5.11. Use of Trial Features. In test, trial, and beta environments, it is prohibited to upload sensitive data (including special categories of PD and secrets) and to use such environments for production operations, unless otherwise expressly agreed with the Provider.
• 5.12. Technical Protection Measures of the Platform. It is prohibited to disable, modify, or bypass protection mechanisms (anti-bot, rate-limit, session control, webhook verification, integration policies), as well as to interfere with logs/journals to conceal actions.
• 5.13. Prohibited Content in Generated Materials. When using LLM functions, it is prohibited to request/generate materials that clearly violate the law, third-party rights, security, or other prohibitions of this section (including instructions for creating malicious tools, promoting violence, inciting hatred, exploiting minors).
• 5.14. Exceptions for Good Faith Security Research. Security testing of the Platform is permitted only on the basis of the prior written consent of the Provider and within the issued scenarios/testing windows. Discovered vulnerabilities should be reported to the Provider immediately, and their exploitation should be refrained from.
• 5.15. Consequences of Violations. Violations of this section may result in the measures provided for in Section 9 (warning, temporary restrictions, blocking, termination), as well as refusal of support and transfer of information to competent authorities if required by law or necessary to prevent damage.

6.1. Legality and Grounds.

6.2. Minimization and Proportionality.

6.3. - 6.11.

7.1. - 7.10.

• 7.1. Plans and Tariffs. The use of the Platform is carried out within the parameters established by the selected Tariff (number of users, storage volumes, request limits, functions, integrations, projects, etc.).
• 7.2. Technical Limits. The Provider establishes technical quotas (including rate limits, maximum payload sizes, task/webhook frequencies, operation parallelism). The specific values may vary by plan and may be changed by the Provider according to the rules provided for in the UA.
• 7.3. Fair Use. The Client undertakes not to perform actions that a) create a disproportionate load on the infrastructure; b) hinder the normal operation of other clients; c) bypass or artificially extend limits (including multi-accounting, proxying through third-party services, artificial 'parallelization').
• 7.4. Automation. Robots, scripts, integration buses, RPA, and other automation tools must comply with the limits and periodicity specified in the documentation. Infinite retries without an exponential backoff, 'burst' traffic, and polling cycles with intervals below the recommended ones are prohibited.
• 7.5. Exceeding Limits. Upon reaching a limit, operations may be automatically suspended/rejected until the next quota window. The Provider may temporarily restrict functions/integrations until the load is reduced or a higher plan is adopted.
• 7.6. Changing Limits. The Provider may adjust the limits to ensure the stability and security of the service, notifying the Client within a reasonable time, unless immediate measures are required. For Trial Features, limits may be changed without prior notice.
• 7.7. Peak Loads and 'Spikes'. The Provider may apply throttling and queuing. The Client is obliged to design integrations taking into account idempotency, retries, and processing delays.
• 7.8. Billing for Overage. If the Tariff provides for payment for usage exceeding the limits (overage), such charges shall be made at the current rates and terms of the tariff. The absence or delay of notifications about reaching the limits does not release from payment for actual consumption.
• 7.9. Local Restrictions. For individual functions/integrations, special limits established by third-party service providers may apply; the Client bears the risk of such restrictions and undertakes to follow them.
• 7.10. Requests for Expansion. Upon the Client's request, the Provider may offer a temporary expansion of quotas, a separate limit for a project/integration, or a transition to another plan; such changes are effective only after confirmation by the Provider.

8. Research Activities (Special Rules)

• 8.1. Applicability. This section applies to all types of research conducted through the Platform (researcher dashboards, data collection and processing, surveys, audiences, scenarios, parsing through provided connectors, etc.).
• 8.2. Legality of Purpose and Methodology. The Client ensures the legality of the research purposes, the correctness of the methodology, compliance with the rights of respondents and source owners, as well as compliance with the requirements of the platforms where data is collected.
• 8.3. Transparency and Prevention of Deception. When interacting with respondents and audiences, deception, hidden manipulations, improper incentives/pressure, and data collection contrary to the rules of the platforms or without mandatory notifications are prohibited.
• 8.4. Data Collection from Open Sources. Permitted only to the extent allowed by the respective sources (terms of use, licenses, robots.txt, technical prohibitions, anti-bot mechanisms). Bypassing captchas, access controls, and paid APIs without authorization is prohibited.
• 8.5. Personal Data and Vulnerable Groups. a) The collection/processing of PD is permitted if there is a legal basis, in compliance with mandatory notifications, consents, and restrictions on territory/cross-border transfer. b) The processing of special categories of PD, children's data, medical/biometric data is permitted only if there are special grounds and additional protective measures. c) Masking/pseudonymization, minimization of fields, and retention periods are recommended.
• 8.6. Restrictions on Content and Research Artifacts. a) It is not permitted to create/distribute artifacts (reports, datasets, instructions) that clearly violate the law, third-party rights, or the prohibitions of this Policy. b) The external publication of artifacts requires verification of source licenses, platform terms, and the removal/anonymization of PD if there is no basis for disclosure.
• 8.7. Technical Integrity. Scripts/bots/connectors must operate within the established limits, intervals, and routes, without creating an excessive load on the sources and the Platform. The Client ensures idempotency, error handling, respect for rate limits, and fault tolerance.
• 8.8. Prohibition of 'Shadow' Parsing. The use of one's own or third-party tools for the hidden collection of data through the Platform in circumvention of source rules, masking of traffic/identity, and emulation of users without permission are prohibited.
• 8.9. Sensitive Environments. In test/beta research environments, it is prohibited to place sensitive data and to conduct active impacts on external sources (mass requests, load scenarios), unless otherwise expressly agreed with the Provider.
• 8.10. Rights of Source Owners. Upon receipt of claims from data/platform owners related to a specific research of the Client, the Provider may immediately restrict the relevant functions or integrations until the incident is resolved.
• 8.11. Documentation and Reproducibility. The Client shall maintain a log of key research parameters (purposes, sources, legal bases, versions of scripts/surveys, dates), sufficient for internal control and responses to requests from regulatory authorities and source owners.
• 8.12. Liability. The Client is responsible for compliance with this section and shall indemnify the Provider for losses if third-party claims are caused by the actions of the Client or its Client's Users during the conduct of the research.

• 10.1. Communication Channels. Reports of violations of the Policy, security incidents, and vulnerabilities shall be sent through: (i) the support form in the Platform's interface; (ii) the email address t@gro.now, indicated on the Website; (iii) other channels expressly specified by the Provider in the documentation.
• 10.2. Content of the Notification. The communication should preferably include: a) the Client's Account identifier; b) the date/time (with time zone) and example(s) of requests/events; c) a description of the facts and the alleged violation; d) the contact of the responsible person; e) technical artifacts (logs, screenshots, traces) without excessive personal data.
• 10.3. Confirmation and Initial Review. The Provider shall send a confirmation of receipt of the communication (if technically possible) and conduct an initial review for the sufficiency of the information. If necessary, the Provider may request additional information from the Client and set a deadline for its provision.
• 10.4. Confidentiality and 'Responsible Disclosure'. Notifications of vulnerabilities/incidents are treated confidentially. Publication of details before the problem is resolved is not permitted. Persons who have reported vulnerabilities in good faith are not considered violators if they have refrained from exploitation and have acted in accordance with the Provider's instructions.
• 10.5. Client's Appeals on Response Measures. a) The Client has the right to appeal the measures applied (warning, restrictions, blocking, termination) by sending a justification and supporting materials through the communication channels in para. 10.1. b) The minimum content of the appeal: a reference to the notification/incident, the date the measure was applied, arguments of disagreement (factual/legal), a description of the steps taken to eliminate the causes. c) Filing an appeal does not suspend the effect of urgent measures applied under para. 9.4.
• 10.6. Consideration of the Appeal and Timeframes. The Provider shall consider the appeal within a reasonable time, taking into account the complexity of the issue and the involvement of third parties (source owners, integration providers). If necessary, the Provider may establish interim measures (mitigation of restrictions, a trial period).
• 10.7. Results of the Consideration. Based on the results of the consideration of the appeal, the Provider shall: (i) cancel the measure; (ii) change its scope/term; (iii) leave the measure unchanged; (iv) propose a corrective action plan with control points (remediation plan). The decision and its motives shall be communicated to the Client through the chosen communication channel.
• 10.8. Abuse of Procedures. The intentional submission of knowingly false reports, mass 'noise' communications, as well as refusal to cooperate in an investigation may be considered a violation of this Policy and may result in measures in accordance with Section 10.

11.1. - 11.11.

12. Liability and Limitations

13. Changes to the Policy and Entry into Force

14. Miscellaneous Provisions