Trust Center

Acceptable Use Policy

Catalystium, Inc. — Rhenari Platform

Version 1.0Effective date: July 1, 2026Last updated: July 1, 2026

This Acceptable Use Policy (“AUP”) governs use of the Rhenari platform and related services (the “Service”) provided by Catalystium, Inc. (“Catalystium”). It is incorporated into the Master Subscription Agreement (the “Agreement”) by reference and applies to Customer and to all Authorized Users. Capitalized terms used but not defined here have the meanings given in the Agreement and the Data Processing Agreement (DPA). If there is a conflict between this AUP and the Agreement, the Agreement controls.

Why this policy exists. Rhenari is designed to surface aggregated, team- and department-level signals — not to monitor or judge individuals. Several of the rules below exist to keep use of the Service aligned with that design and with the privacy commitments made across the Agreement, the DPA, and the Privacy Policy. Customer is responsible for its own and its Authorized Users' compliance with this AUP.

1. Scope and Updates

This AUP applies to all access to and use of the Service, including any Outputs (scores such as Momentum and Confidence, insights, alerts, and recommendations) the Service generates. Catalystium may update this AUP from time to time; material changes will be handled with reasonable notice consistent with the Agreement. Customer is responsible for ensuring its Authorized Users are aware of and comply with this AUP.

2. Responsible-Use Covenant

This Section is the heart of this AUP. The Service produces aggregated signals to support human judgment about teams and workflows. Customer and its Authorized Users will not use the Service to surveil, profile, target, discipline, or take adverse action against any individual on the basis of individual-level inferences. Specifically, Customer and its Authorized Users will not:

  • use the Service, or any Output, to monitor, evaluate, discipline, or take or support an adverse employment or personnel action against a specific individual based on individual-level behavioral inferences;
  • attempt to re-identify, single out, or reconstruct individual-level behavioral data from aggregated Outputs, or otherwise defeat the Service’s aggregation;
  • circumvent, disable, or attempt to circumvent the Service’s aggregation guardrails, including the configurable minimum group-size suppression (default three) and other controls that prevent exposure of individual-level data;
  • rely on Outputs as the sole basis for any employment, personnel, or other consequential decision; Outputs are probabilistic, interpretive, decision-support signals subject to ongoing calibration, and are not guarantees (see Agreement §9.3); or
  • use the Service in a manner inconsistent with the notices Customer has given to, and the consents and authorizations Customer has obtained from, its personnel, or otherwise outside the lawful basis Customer has established for the Processing (see Agreement §3.2 and DPA §2.4).

3. Prohibited Uses

In addition to Section 2, Customer and its Authorized Users will not:

3.1 Unlawful or infringing use

  • use the Service in violation of applicable law, including employment, privacy, data-protection, anti-discrimination, and surveillance laws; or
  • use the Service to infringe, misappropriate, or violate any third party’s intellectual-property, privacy, or other rights.

3.2 Security and integrity

  • introduce malware or malicious code, or use the Service to do so;
  • gain or attempt to gain unauthorized access to the Service, other customers’ data, or related systems, or probe, scan, or test the vulnerability of the Service without Catalystium’s prior written authorization;
  • circumvent or attempt to circumvent usage limits, access controls, authentication, or tenant-isolation measures; or
  • interfere with or disrupt the integrity or performance of the Service, including by overloading, flooding, or denial-of-service activity.

3.3 Misuse of the Service or Outputs

  • copy, modify, or create derivative works of the Service; reverse engineer or attempt to derive source code (except to the extent this restriction is prohibited by law); or use the Service to build or train a competing product or service (consistent with Agreement §2.4);
  • resell, rent, sublicense, time-share, or provide the Service to third parties on a service-bureau basis;
  • use automated means to extract data from the Service beyond the functionality and quantities permitted by the Agreement and Documentation; or
  • misrepresent identity or affiliation, or access the Service through another person’s credentials without authorization.

3.4 Data you are not authorized to provide

  • connect data sources, or provide or enable for Processing any data, that Customer does not have the right and authority to provide, or for which Customer has not given required notices or obtained required consents (consistent with Agreement §3.2 and DPA §2.4); or
  • enable a data source in violation of that source’s own platform terms, including any restrictions a connected platform places on the use of data obtained from it.

4. Data Sources and Connected Platforms

Customer controls which data sources and channels are enabled for analysis. Customer is responsible for connecting only sources it is authorized to connect, for configuring the Service consistent with the lawful basis it has established, and for honoring the terms of any connected third-party platform. Where a connected platform restricts how data obtained from it may be used (for example, Google Workspace “Limited Use” requirements), those restrictions apply to use of the Service as well.

5. Enforcement and Remedies

Catalystium may investigate suspected violations of this AUP and cooperate with law enforcement where appropriate. If Customer or an Authorized User violates this AUP, Catalystium may exercise the remedies available under the Agreement, including suspension of the Service for cause and, after the applicable notice and cure period, termination for material breach (Agreement §§4.4 and 12.3).

Emergency suspension. Catalystium may suspend access without advance notice where it reasonably determines that continued use poses an imminent risk to the security, integrity, or lawful operation of the Service, to other customers, or to individuals, or where required by law. Catalystium will narrow any suspension to what is reasonably necessary and will restore access promptly once the issue is resolved.

6. Reporting Violations

To report a suspected violation of this AUP or a security concern, contact Catalystium at support@rhenari.com.