Cortexia Acceptable Use Policy

Version 0.1 Last updated: 23 May 2026 Effective: 23 May 2026

This Acceptable Use Policy (the "AUP") is part of the Cortexia Terms of Service. It sets out conduct that is not allowed on Cortexia. It applies to everyone who uses the Service, whether through an individual account, an organisation account, or any other route.

If you breach this AUP, we may suspend or terminate access, remove content, restrict features, retain or disclose information as required by law, and where appropriate notify authorities. Our response will be proportionate to the severity of the breach, but for the most serious categories we will act immediately and without prior warning.

Plain-language summary. Cortexia is built to support careful, well-sourced analytical work. We will not host work that is clearly designed to harm other people, to mislead public discourse on purpose, or to break the law. The rules below are how we draw that line.

1. The hard rules: never do these things on Cortexia

You must not use Cortexia to:

  1. Produce or distribute child sexual abuse material, including by generating, soliciting, processing or transmitting such material in any form. We will report suspected CSAM to Kripos and to relevant authorities in the affected jurisdictions in line with applicable law.

  2. Facilitate the development, acquisition or use of weapons of mass destruction, including chemical, biological, radiological, nuclear, or high-yield explosive uplift. This includes synthesis routes, weaponisation guidance, evasion of export controls, and procurement uplift.

  3. Conduct or enable cyberattacks, including developing malware, identifying or weaponising vulnerabilities for non-defensive purposes, conducting unauthorised access, denial-of-service, credential theft, or operating botnets or stresser services.

  4. Promote, glorify, or incite violence against persons, including terrorist propaganda, incitement to genocide or ethnic cleansing, calls for violence against identified individuals or groups, content praising perpetrators of violent attacks, or content that meets the definition of terrorist content under Regulation (EU) 2021/784 (TCO Regulation).

  5. Engage in human-rights abuses, including planning extrajudicial detention, torture, enforced disappearance, trafficking, or persecution of identifiable persons, or operating surveillance tooling targeting journalists, dissidents, human-rights defenders, or members of marginalised communities in violation of international human-rights law.

  6. Sexually exploit any person, including non-consensual intimate imagery, sexualised deepfakes of identifiable persons without their informed consent, and any sexual content involving people who are or appear to be under 18.

  7. Violate sanctions law, including providing Cortexia outputs to individuals or entities on EU consolidated sanctions lists, OFAC SDN, UK OFSI, or comparable Norwegian sanctions lists, or otherwise circumventing applicable sanctions regimes.

We do not negotiate on these rules. Accounts found to be using Cortexia for any conduct in this Section 1 will be terminated, content will be removed, and information may be preserved and disclosed to authorities as permitted by law.

2. Integrity of public discourse

Cortexia provides analytical tooling that can produce sharable outputs (briefings, summaries, widget embeds, dashboards). When you use those outputs in public, your conduct affects the integrity of public discourse. You must not use Cortexia, including any widget or embed feature, to:

  1. Publish content you know to be false as if it were true, in order to mislead an audience. Honest mistakes, contested interpretations and legitimate debate are not in scope; what is in scope is deliberate fabrication, including manufactured "leaks", fake quotations attributed to real people, fabricated statistics, and falsified primary sources.

  2. Manufacture or amplify conspiracy theories that have no credible evidentiary basis and that target identifiable persons or groups, including content that recycles long-debunked narratives without disclosing the debunking.

  3. Impersonate real people or organisations, including using AI-generated text, audio, video or imagery of identifiable persons in ways that could reasonably be mistaken for genuine output by that person, without their consent and without clear labelling.

  4. Run coordinated inauthentic behaviour, including operating networks of fake accounts, astroturf campaigns, inflated engagement, or paid amplification of content that does not disclose its sponsorship.

  5. Interfere with elections or democratic processes, including disinformation about when, where, or how to vote; voter suppression; or content fabricated to discredit candidates, officials or election administration without an evidentiary basis.

  6. Harass, intimidate, dox, or threaten individuals, including publishing private contact information, addresses, or identification, or content designed to incite harassment of identified persons.

  7. Defame identifiable persons. You are responsible for ensuring published content is accurate, sourced, and lawful where you publish it.

This Section 2 is not a content-moderation regime imposed on private analytical work in Cortexia. It governs what you publish, share, embed or otherwise distribute using Cortexia's features. Internal analytical work that wrestles with contested ideas, including conspiracy-theory ecosystems as a subject of study, is welcome on Cortexia and is part of why the platform exists.

3. Lawful and ethical use

You must comply with all laws applicable to your use of Cortexia, including:

  • intellectual property law (do not ingest material you have no right to use, do not infringe copyright or database rights);
  • privacy and data-protection law (do not process personal data through Cortexia in ways that violate GDPR, the Norwegian Personopplysningsloven, or equivalent law in your jurisdiction; respect data-subject rights);
  • competition law (do not use Cortexia to facilitate cartels, market-sharing, or other anti-competitive behaviour);
  • consumer-protection law and rules on commercial communications;
  • the Norwegian Marketing Control Act (Markedsføringsloven) for commercial messaging directed at Norwegian consumers;
  • the EU Digital Services Act (Regulation (EU) 2022/2065, DSA) where Cortexia outputs are used on platforms within its scope;
  • the EU AI Act (Regulation (EU) 2024/1689) where you deploy Cortexia outputs in a way that brings the deployment within its scope; and
  • export-control law where Cortexia outputs include technical information subject to controls.

This list is illustrative, not exhaustive. The fact that something is technically possible in Cortexia does not make it lawful.

4. Security and integrity of the Service

You must not:

  1. probe, scan, or test the vulnerability of the Service except through an authorised disclosure programme;
  2. circumvent rate limits, authentication, billing controls, geofences, classification banners, or other technical restrictions;
  3. attempt to extract, copy, reverse-engineer, or train other models on Cortexia's underlying model weights, prompts, fine-tunes, or internal data;
  4. scrape Cortexia or use unauthorised automation against its interfaces (use the published API);
  5. introduce malware, exploit code, or content designed to disrupt the Service;
  6. interfere with other customers' use of the Service or with the rights of other Cortexia users;
  7. resell, white-label, sublicense, or commercially exploit the Service or its outputs in a way that goes beyond what your subscription permits, without a separate written agreement.

Responsible security research is welcome. Report suspected vulnerabilities to security@cortexia.co. We commit to investigating in good faith and not pursuing legal action against researchers who act in good faith, follow coordinated-disclosure practice, and do not exfiltrate or damage data.

5. Brand and attribution

Use of the Revontulet and Cortexia names, logos, and other brand assets is governed by the public Revontulet Brand Bible. Do not use the brand in ways that imply endorsement, partnership or accreditation that does not exist; do not use the Revontulet fox in any colour other than the brand light blue (#93d5de); and do not modify the wordmark.

When you publish Cortexia outputs externally, attribute Cortexia where the convention of your medium would call for an attribution. Where outputs were generated with significant AI assistance, label them so. This aligns with EU AI Act Article 50 transparency expectations and with the Revontulet operating norm that AI-assisted work in external circulation is identified as such.

6. Reporting violations

If you see content or conduct on Cortexia that breaches this AUP, tell us at trust@cortexia.co. Include the URL or identifier of the content, a description of the issue, and your contact details. We will acknowledge receipt and respond within a reasonable time. Where the content is illegal under EU or Norwegian law, you may also use the notice-and-action procedure required by DSA Article 16, which Cortexia maintains at [TBC: URL].

For complaints about how we handled a moderation decision, contact appeals@cortexia.co. We provide an internal complaint-handling system in line with DSA Article 20 where it applies.

7. Enforcement

When we conclude that this AUP has been breached, we may take one or more of the following actions, in proportion to the severity and persistence of the breach:

  • a warning, with a request to remedy the breach;
  • removal or restriction of specific content or outputs;
  • restriction of specific features or rate limits for the account;
  • suspension of the account, with notice and a reasonable opportunity to remedy where appropriate;
  • termination of the account;
  • preservation and disclosure of relevant information to law-enforcement or regulators where required by law or where we reasonably consider it necessary; and
  • public statement of the action taken, where doing so is proportionate, particularly where the breach has affected the public interest.

For the categories in Section 1, we will normally act immediately and without prior warning. For Sections 2 to 4, we will normally give notice and an opportunity to remedy unless the breach is egregious. The decision rests with Revontulet AS.

We will give you a statement of reasons in line with DSA Article 17 where it applies, and we will tell you how to appeal.

8. Changes to this AUP

We may update this AUP as the Service, the threat landscape, or applicable law evolves. When the change is material, we will give reasonable notice. Your continued use after the effective date means you accept the updated AUP.