1. Purpose
This Acceptable Use Policy ("AUP") defines the conditions under which users may use the CoreLab Creative platform. It applies to all users: account owners, administrators, client team members, and CoreLab's internal staff. This policy supplements the Terms and Conditions of Service and forms an integral part of the agreement with CoreLab.
2. Permitted Uses
The Platform is designed exclusively for:
2.1 Design Request Management
- Creating, editing, and tracking design service requests within the types and limits defined by the contracted plan.
- Attaching reference files, briefings, and brand materials relevant to requests.
- Adding follow-up comments, clarifications, and approvals on design work.
2.2 Team and Account Management
- Inviting organization team members with appropriate roles.
- Managing projects within plan limits.
- Administering the organization's billing, subscription, and payment method.
- Configuring account and language preferences.
2.3 Collaboration with the CoreLab Team
- Communicating with CoreLab staff through the ticket system to guide design production.
- Reviewing and approving deliverables provided by CoreLab.
3. Prohibited Uses
3.1 Illegal or Fraudulent Activities
It is strictly prohibited to use the Platform for:
- Illegal activities under any applicable jurisdiction.
- Fraud, scams, or false representation of identity or affiliation.
- Tax evasion or money laundering.
- Requesting designs that facilitate illegal activities (document forgery, counterfeit products infringing registered trademarks, etc.).
- Any activity that violates international sanctions.
3.2 Prohibited Content in Requests and Attachments
It is not permitted to upload, transmit, or request the creation of content that:
- Infringes intellectual property: Material protected by copyright, trademarks, patents, or trade secrets of third parties without the rights holder's authorization.
- Is sexually explicit: Pornography, material involving minors (absolutely prohibited and reported to authorities), or unsolicited erotic content.
- Promotes hatred or discrimination: Content that incites hatred, violence, or discrimination based on race, gender, sexual orientation, religion, disability, or other protected characteristics.
- Is violent or disturbing: Graphic depictions of violence, mutilation, or content designed to terrorize or harass.
- Contains malicious code: Executable files, scripts, macros, or any code designed to damage systems, steal information, or bypass security controls.
- Violates third-party privacy: Personal data of natural persons without their consent, including images, contact information, or medical or financial data of third parties.
- Is defamatory or slanderous: False statements that damage the reputation of identifiable persons or entities.
3.3 Platform Abuse
The following are prohibited:
- Credential sharing: Sharing username and password with unauthorized persons as a substitute for formal team invitations.
- Exceeding plan limits: Attempting to technically circumvent the request, project, or team member limits established by the contracted plan.
- Unauthorized automation: Using scripts, bots, scrapers, or automated tools to interact with the Platform without prior written authorization.
- Excessive resource use: Actions that deliberately degrade Platform performance for other users.
- Multiple accounts: Creating multiple accounts or workspaces to circumvent contracted plan limits.
3.4 Security Attacks and Exploitation
The following are strictly prohibited:
- Attempting unauthorized access to other users' accounts or CoreLab's infrastructure.
- Conducting penetration testing, vulnerability scanning, or attacks of any kind against the Platform without CoreLab's prior explicit written authorization.
- Exploiting known or discovered vulnerabilities.
- Intercepting or capturing Platform network traffic.
- Conducting denial of service attacks (DoS/DDoS).
- Attempting to bypass authentication, the roles system, or database security policies.
Safe harbor for security researchers (Responsible Disclosure)
CoreLab recognizes the value of good-faith security research. If you discover a vulnerability:
- Email: info@corelabcreative.com — Subject:
[SECURITY] - Include: detailed description, steps to reproduce, potential impact, and minimal proof of concept. Do not include real data from other users.
- CoreLab will acknowledge receipt within 5 business days and keep the reporter informed.
- Safe harbor: CoreLab will not take legal action against researchers who act in good faith, do not access real user data, do not exploit the vulnerability beyond what is necessary to demonstrate it, and do not publicly disclose it before CoreLab has had the opportunity to remediate it (90-day window).
3.5 Reverse Engineering
It is prohibited to decompile, disassemble, or reverse-engineer any part of CoreLab's software; attempt to extract the Platform's source code; and replicate or clone the Platform or any substantial functionality thereof.
3.6 Use of Artificial Intelligence (AI)
Using AI tools to prepare design requests (writing briefs, generating reference images) is permitted, provided the content complies with all other provisions of this Policy.
It is prohibited to use AI or automated tools to:
- Generate fraudulent visual representations of real persons (non-consensual deepfakes).
- Pass off autonomously generated content as original human work with the intent to obtain intellectual property rights that the law does not recognize.
- Attempt to extract, replicate, or reconstruct CoreLab's logic, code, or data through automated inference techniques.
- Automate the bulk creation of requests to circumvent contracted plan limits.
- Generate content that infringes the terms of use of the AI tools used.
4. Specific Content Requirements
4.1 File Attachments
| Requirement | Detail |
|---|
| Maximum size | 10 MB per file |
| Permitted types | PNG, JPEG, GIF, WebP, PDF, TXT, DOC/DOCX, XLS/XLSX, PPT/PPTX, ZIP |
| Purpose | Related to the contracted design service |
| Content | Must not contain prohibited material described in §3.2 |
4.2 Design Requests
- The title must genuinely describe the design work requested.
- The description must contain sufficient and truthful information to execute the work.
- Priority must be honestly assigned based on actual urgency.
- Fictitious or test requests must not be repeatedly created in production.
4.3 Team Invitations
- Only persons who genuinely belong to the client's organization may be invited.
- Roles must be assigned according to the actual level of access needed.
- Persons may not be invited to inflate member numbers without a legitimate purpose.
5. Third-Party Intellectual Property Rights
The Client is responsible for ensuring that all content uploaded to the Platform has the necessary licenses and authorizations. CoreLab does not proactively verify ownership of rights over uploaded content, but will respond to valid copyright infringement notices. To submit a notice: info@corelabcreative.com — Subject: [DMCA].
6. Responsible Use of Personal Data
If the Client uploads personal data of third parties to the Platform, they must have a legal basis to process and share such data with CoreLab; must not upload special categories of personal data without justified need; and must inform the data subject that their data will be processed by CoreLab as a service provider.
7. Team Member Compliance
The Owner and administrators are responsible for ensuring all team members are aware of and comply with this Policy. Non-compliance by a team member is attributable to the Client.
8. Consequences of Non-Compliance
| Severity | Action |
|---|
| Minor (first minor infraction) | Formal warning by email |
| Moderate (repeated or higher-impact infraction) | Temporary access suspension until resolution |
| Serious (illegal content, security attack, material exploiting minors) | Immediate cancellation without prior notice or refund |
| With consequences for third parties | Legal action, notification to competent authorities |
CoreLab may remove any content that violates this policy without prior notice.
9. Reporting Non-Compliance
If you detect content or behavior that violates this policy, you may report it to:
info@corelabcreative.com — Subject: [ABUSE] - brief description
CoreLab investigates all reports within a reasonable timeframe and maintains the confidentiality of the reporter to the extent possible.
10. Updates
CoreLab may update this policy to reflect changes in the Platform or the regulatory context. Active users will be notified at least 14 days in advance of significant changes.
11. Export Controls and International Sanctions
11.1 Prohibited Persons and Entities
Access to and use of the Platform is prohibited for:
- Persons or entities listed on OFAC (US) sanctions lists, including the SDN list.
- Persons or entities subject to EU, UK, United Nations, or other applicable government sanctions.
- Persons located in countries subject to comprehensive US or EU embargoes (currently Cuba, Iran, North Korea, Syria, and specifically sanctioned regions), to the extent that service provision is restricted.
11.2 Export Controls
CoreLab's software may be subject to United States export control laws and other applicable regulations. The Client agrees not to export, re-export, or transfer access to the Platform in violation of such laws.
11.3 Client Declaration
By registering, the Client declares that:
- They are not located in, nor a citizen or resident of, nor under the control of a government of any embargoed country.
- They do not appear on any prohibited persons or entities list.
- They will not use the Platform in violation of any applicable export law or sanctions.
Non-compliance with this §11 may result in immediate account cancellation and reporting to competent authorities.