← Legal
Acceptable use.
Effective 2026-06-01 · Olive Root Tech LLC
The short version
Rooted OS™ is built for honest, mission-driven organizations. Don't use it for things that hurt people, break the law, or compromise other users. Violations result in suspension or termination.
1. Who this applies to
This policy applies to anyone who uses Rooted OS — organization operators, administrators, staff, members, parents, board members, volunteers, and any guest with access to a tenant. Organization operators are responsible for ensuring their members comply.
2. You may use Rooted OS to:
- Run legitimate organizational operations (member management, communications, giving, events, scholarships, etc.)
- Build and maintain a public website and member portal for your organization
- Communicate with members, parents, donors, and volunteers
- Store organizational records, photos, and documents (consistent with our retention policy)
- Generate AI drafts using our integrated content tools
- Integrate with third-party services we support
You may NOT use Rooted OS to:
Any of the following will result in immediate suspension and may result in termination + reporting to law enforcement.
3. Illegal activity
- Anything that violates federal, state, or local law in any jurisdiction where the activity takes place
- Fraud, scams, or deceptive practices
- Money laundering, terrorist financing, or sanctions evasion
- Trafficking, exploitation, or abuse of any person
- Unauthorized practice of law, medicine, or other licensed professions
4. Harmful content
- Content that sexualizes minors in any form (zero tolerance — we report to NCMEC)
- Threats of violence, harassment, or stalking
- Hate speech targeting people based on protected characteristics
- Doxxing or disclosure of private information without consent
- Malware, phishing, or attempts to deceive recipients into harmful action
5. Security abuse
- Probing, scanning, or testing the platform's vulnerability without prior written permission (responsible disclosure is welcomed — see contact below)
- Reverse-engineering or scraping the platform at scale
- Attempting to access data that doesn't belong to your organization (cross-tenant access attempts trigger immediate suspension and investigation)
- Sharing account credentials with anyone outside the organization
- Using the platform to host malware, phishing pages, or command-and-control infrastructure
6. Spam & communications abuse
- Sending unsolicited bulk email or SMS to recipients who haven't opted in
- Using member lists you didn't legitimately acquire
- Bypassing unsubscribe requests
- Sending content that violates CAN-SPAM or TCPA regulations
7. AI misuse
- Generating AI content that impersonates real people without their consent
- Using AI to produce misleading communications (fake quotes, fabricated testimonials, deepfakes)
- Bypassing AI safety filters or jailbreaking the integrated AI
- Generating content for use in deceptive practices
All AI outputs ship with the label "Draft only · human review required before publishing." You are responsible for what you publish, regardless of whether AI generated it.
8. Children's data
If your organization handles children's records (childcare, school, youth ministry), you must:
- Obtain parental consent before storing identifying information about children under 13 (COPPA)
- Limit access to children's records to staff with a legitimate need
- Follow FERPA where applicable
- Promptly remove records when no longer needed
Rooted OS provides tools that support compliance (role-based access, audit logs, retention controls), but does not certify your operation as compliant.
9. Financial data
- Don't store full credit card numbers, bank account numbers, or Social Security Numbers in member notes or documents — use the integrated payment processors (Square, Stripe) which handle PCI compliance
- Don't use the platform for activities that require money-transmitter licensing unless you have it
- Tax-deductible donation receipts must accurately reflect what was given
10. Resource abuse
- Don't run high-frequency polling, scraping, or denial-of-service-like patterns against our API
- Don't upload files outside the documented size limits (8MB for brand assets, 10MB for receipts/documents)
- Don't store data that's wildly unrelated to your organization's operations
- Reasonable use is metered against your plan's quotas; abusive use may be throttled or billed
11. Reporting abuse
If you see content or behavior on Rooted OS that violates this policy, email info@oliveroottech.com with subject "Acceptable Use Report" and include:
- The tenant slug (the part after
/portal/ in the URL)
- What you saw and when
- Why you believe it violates this policy
- Whether you've reported it elsewhere (e.g., law enforcement)
We respond to abuse reports within 1 business day for the first acknowledgment and 5 business days for resolution. Critical reports (child safety, active harm) are escalated immediately.
12. Responsible security disclosure
If you discover a vulnerability, email info@oliveroottech.com with subject "Security Disclosure." Please:
- Don't access or modify data that isn't yours
- Don't disrupt service availability
- Give us a reasonable window (typically 90 days) to fix before public disclosure
We don't currently run a paid bug bounty but we always credit researchers who help us improve.
13. Enforcement
- Minor violations: warning + remediation deadline
- Repeated or moderate violations: 7-day suspension + required changes
- Serious violations: immediate termination + data export window denied
- Illegal activity: immediate termination + cooperation with law enforcement
14. Contact
Questions about this policy: info@oliveroottech.com