Acceptable Use Policy

1. Purpose and Scope

This Acceptable Use Policy ("AUP") sets out the standards of conduct required of all Clients, authorised users, and end users (collectively, "Users") when accessing or using the DONE MENAT FZCO platform, website, mobile applications, and associated services (collectively, the "Service").

This AUP forms part of and is incorporated into the Terms and Conditions between DONE MENAT FZCO ("DONE") and the Client. By accessing or using the Service, all Users agree to comply with this AUP in full. Where a Client deploys the Service to its own end users, the Client is responsible for ensuring that all such end users are made aware of and comply with this AUP.

DONE reserves the right to enforce this AUP in its sole discretion. Violations may result in immediate suspension or termination of access without prior notice and without liability to DONE. This AUP should be read alongside the Terms and Conditions, Privacy Policy, and Data Processing Addendum, all available at www.done.fyi.

2. Permitted Use

The Service is provided exclusively for the following permitted purposes:

• Creating, managing, and delivering online learning content and training programmes within the Client's own organisation or for the Client's own customers;
• Accessing and managing the Client's academy, learner records, course content, and performance data;
• Administering white-labelled learning applications under the Client's brand using DONE's infrastructure;
• Utilising platform tools, integrations, and reporting features for internal training and development purposes;
• Communicating with DONE's support team in connection with the Service.

Any use of the Service outside these permitted purposes requires DONE's prior written consent.

3. Prohibited Conduct — General

Users must not use the Service, or permit any third party to use the Service, in any manner that:

• Violates any applicable law, regulation, decree, order, or directive of any governmental or regulatory authority, whether in the UAE, the User's jurisdiction, or any other relevant jurisdiction;
• Infringes the intellectual property rights, privacy rights, contractual rights, or any other rights of any third party;
• Involves the transmission, publication, or storage of any content that is unlawful, defamatory, libellous, fraudulent, obscene, discriminatory, hateful, threatening, harassing, abusive, or otherwise objectionable;
• Involves impersonating any person or entity, or misrepresenting an affiliation with any person or entity;
• Involves the unauthorised collection, harvesting, or processing of personal data of any individual;
• Breaches any duty of confidentiality owed to any third party;
• Causes or is likely to cause damage to the reputation, goodwill, or legitimate business interests of DONE or any third party.

4. Prohibited Conduct — Technical

Users must not:

• Attempt to gain unauthorised access to any part of the Service, any account other than their own, any server, network, or system connected to the Service, or any data not intended for that User;
• Introduce, upload, transmit, or store any virus, worm, trojan horse, ransomware, spyware, adware, rootkit, or any other malicious, disruptive, or destructive code, file, or programme into or through the Service;
• Conduct, facilitate, or participate in any denial-of-service attack, distributed denial-of-service attack, or any other attack designed to disrupt, degrade, or impair the availability or performance of the Service or any connected infrastructure;
• Probe, scan, or test the vulnerability of the Service or any associated system or network without DONE's prior written authorisation;
• Bypass, disable, circumvent, or otherwise interfere with any security feature, access control, authentication mechanism, or protective measure implemented by DONE;
• Intercept, monitor, or capture any data or communications transmitted through the Service without authorisation;
• Use automated tools, bots, scripts, crawlers, spiders, or scrapers to access, extract, or harvest data from the Service without DONE's prior written consent;
• Attempt to reverse engineer, decompile, disassemble, or otherwise derive the source code, algorithms, or underlying architecture of the Service or any component thereof;
• Use the Service to conduct penetration testing, vulnerability assessments, or security research on DONE's infrastructure without prior written authorisation from DONE;
• Interfere with or disrupt the integrity, performance, or operation of the Service, its servers, or any network connected to the Service;
• Introduce any content or code that could disable, overburden, or impair the proper functioning of the Service or any associated infrastructure.

5. Prohibited Conduct — Content

Users must not upload, publish, transmit, store, or distribute through the Service any content that:

• Is unlawful under the laws of the UAE or any other applicable jurisdiction;
• Infringes any copyright, trademark, patent, trade secret, moral right, or other intellectual property right of any third party;
• Contains, depicts, or promotes child sexual abuse material or any content that sexually exploits or endangers minors;
• Promotes, glorifies, or facilitates violence, terrorism, extremism, or the activities of any organisation designated as a terrorist or criminal organisation by any competent authority;
• Constitutes hate speech, including content that promotes discrimination, hostility, or violence on the basis of race, ethnicity, nationality, religion, gender, sexual orientation, disability, or any other protected characteristic;
• Contains false, misleading, or deceptive information that could cause harm to any person or entity;
• Discloses the confidential or personal information of any third party without that party's consent;
• Violates the privacy rights of any individual, including by publishing private information without consent;
• Contains unsolicited advertising, marketing, spam, chain letters, or pyramid schemes;
• Is designed to facilitate phishing, social engineering, identity theft, or financial fraud.

6. Prohibited Conduct — Commercial

Users must not:

• Resell, sublicence, rent, lease, transfer, assign, or otherwise commercially exploit access to the Service or any part thereof without DONE's prior written consent;
• Use the Service to develop, market, or operate any product or service that competes directly or indirectly with the Service or with DONE's business;
• Use the Service to build a competing platform, replicate DONE's functionality, or benchmark the Service for the purpose of developing a competing product;
• Access the Service for the purpose of monitoring its availability, performance, or functionality for competitive intelligence purposes;
• Represent to any third party that they are authorised to resell or sublicence the Service unless expressly authorised by DONE in writing;
• Use the Service to process or store data on behalf of third parties in a manner that constitutes a bureau service or managed service offering without DONE's prior written consent.

7. Responsibility for Users and Content

7.1

The Client is solely and entirely responsible for: (a) all acts and omissions of its authorised users and end users in connection with the Service; (b) all content uploaded, transmitted, stored, or published through the Service by the Client or any of its users; and (c) ensuring that all users of the Client's academy or white-labelled application are aware of and comply with this AUP.

7.2

The Client shall implement reasonable measures to prevent misuse of the Service by its users, including maintaining access controls, promptly revoking access of departing personnel, and investigating and remediating any suspected violations.

7.3

DONE is not responsible for, and expressly disclaims all liability in connection with, any content uploaded or transmitted by the Client or its users through the Service.

8. Reporting Violations

If you become aware of any violation of this AUP by any user, or if you discover any security vulnerability in the Service, please report it promptly to DONE at:

Email: info@done.fyi
Subject line: AUP Violation Report / Security Vulnerability Report

DONE will investigate all reports in good faith and take such action as it considers appropriate in its sole discretion. DONE is not obligated to disclose the outcome of any investigation to the reporting party.

Responsible disclosure of security vulnerabilities is welcomed. DONE requests that any person who discovers a potential security vulnerability contact DONE privately before any public disclosure, to allow DONE a reasonable opportunity to investigate and remediate.

9. Enforcement and Consequences of Violation

9.1

DONE reserves the right, in its sole and absolute discretion, to take any of the following actions upon discovering or reasonably suspecting a violation of this AUP, without prior notice and without liability:

• Issue a formal warning to the Client;
• Remove, disable, or restrict access to any content that DONE reasonably believes violates this AUP;
• Suspend the Client's or any individual user's access to the Service, with or without notice;
• Terminate the Client's subscription immediately and without refund;
• Report the violation to relevant law enforcement or regulatory authorities;
• Take legal action against the Client or responsible user to recover damages, costs, and legal fees.

9.2

DONE's election to take or not take any enforcement action in any particular instance shall not constitute a waiver of DONE's right to enforce this AUP in any other instance.

9.3

The Client shall fully indemnify DONE against any and all claims, damages, losses, costs, and expenses (including legal fees) arising from any violation of this AUP by the Client or any of its users, in accordance with the indemnification provisions of the Terms and Conditions.

10. Monitoring

DONE does not routinely monitor the content uploaded or transmitted by Clients through the Service. However, DONE reserves the right to monitor, review, and investigate use of the Service where DONE has reasonable grounds to suspect a violation of this AUP, the Terms and Conditions, or applicable law. Any such monitoring will be conducted in accordance with DONE's Privacy Policy and applicable data protection law.

The existence of this monitoring right does not impose on DONE any obligation to monitor or any liability for failing to detect or prevent violations.

11. Third-Party Rights

This AUP is intended for the benefit of DONE and does not create any rights enforceable by third parties. However, DONE may take action to protect the rights or interests of third parties where DONE considers it appropriate to do so.

12. Updates to This Policy

DONE may update this AUP from time to time to address new risks, changes in applicable law, or changes to the Service. Material updates will be communicated to Clients in accordance with the variation procedure set out in the Terms and Conditions. Non-material updates take effect upon publication. Continued use of the Service following any update constitutes acceptance of the revised AUP.

13. Governing Law

This AUP is governed by the laws of the United Arab Emirates. Any disputes arising in connection with this AUP shall be resolved in accordance with the dispute resolution provisions set out in the Terms and Conditions.

14. Company Details

DONE MENAT FZCO
Registration: DSO-FZCO-6511
Dubai Silicon Oasis, DDP, Building A2, Dubai, UAE

www.done.fyi | info@done.fyi | +971 52 452 3339