Knorra Acceptable Use Policy

Effective date: [STAGE_17_SHIP_DATE] Last updated: 2026-05-15

The short version

Knorra is a knowledge-management tool for software teams. This policy tells you what you can't use it for. The vast majority of customers will never bump into any of these rules. They exist because we have to be clear about misuse and we have to protect the service for everyone.

This policy is part of the Terms of Service. Breach is grounds for suspension or termination.

1. Don't break the law

You can't use Knorra:

• For any illegal purpose, including the storage, processing, or distribution of illegal content
• To violate any law, regulation, or court order applicable to you, the people whose data you're processing, or us
• To process personal data in violation of UK GDPR, EU GDPR, or any other data-protection law that applies to you
• To process payment-card data in violation of PCI DSS (Knorra is not PCI-certified; do not put cardholder data into connected sources)
• To process health data subject to specific regulation (such as data subject to HIPAA in the US, or NHS data in the UK) without a separate written agreement with us

2. Don't process data you're not authorised to process

You can only connect Sources you have lawful authority to connect. That means:

• The Jira workspace you connect must be yours (or your employer's, with permission)
• The Confluence space must be one you (or your organisation) own and have authority to grant access to
• A personal source must be your own account, not someone else's
• You must have whatever consents and notices are required to process the personal data of others (your colleagues, your customers, etc.) through Knorra

If a Source contains data you're not authorised to put through Knorra, disconnect it.

3. Don't misuse our APIs and infrastructure

You can't:

• Bypass or attempt to bypass any rate limit, quota, or other technical control
• Scrape, mirror, or otherwise systematically extract data from Knorra except via supported APIs and exports
• Use automation to inflate seat counts, abuse trial limits, or otherwise game pricing
• Run security tools (load testing, scanners, port scanners) against our infrastructure without our prior written permission (security@knorra.ai)
• Probe, scan, or test the vulnerability of our systems beyond what's required for normal use, except via our responsible-disclosure programme (security@knorra.ai)

4. Don't abuse Knorra Bot or notifications

When you install Knorra Bot or enable notifications, you can't use them to:

• Send unsolicited commercial messages
• Harass, defame, threaten, or abuse anyone
• Impersonate anyone (including pretending Bot messages are from a real person)
• Distribute malware, phishing links, or other malicious content
• Spam channels with off-topic content

5. Don't try to reverse-engineer our product

You can't:

• Decompile, disassemble, or otherwise attempt to derive the source code of Knorra
• Attempt to extract the prompts, weights, embeddings, or training data of our AI models
• Use Knorra to build, train, or improve a competing product
• Resell, sub-licence, white-label, or otherwise commercially redistribute Knorra without a separate agreement with us

Carve-out for security research. Good-faith security research is welcome and is not a breach of this section, provided you (a) disclose findings to security@knorra.ai before publishing, (b) give us reasonable time to fix issues before publication (typically 90 days), (c) don't access, modify, or exfiltrate data belonging to other customers, and (d) don't degrade service for other customers.

6. Don't store or transmit harmful content

You can't use Knorra to store, transmit, or process:

• Malware, viruses, worms, ransomware, or other malicious code
• Child sexual abuse material (we report this to the relevant authorities and law enforcement without notice to you)
• Content that incites violence, terrorism, or genocide
• Content that violates someone else's intellectual property or privacy rights
• Stolen credentials, leaked databases, or other content obtained unlawfully

7. Don't harm us or our other customers

You can't:

• Attempt to gain unauthorised access to another customer's data
• Probe for or exploit security vulnerabilities (except per the carve-out in §5)
• Send us communications that are designed to harass, defame, or threaten our staff
• Misrepresent your identity or affiliation when interacting with our support team or sales team

8. Don't misuse personal sources

The personal-source visibility model (where data from a personal source you connect is visible only to you) is a key trust commitment. You can't:

• Attempt to share personal-source Findings with anyone else through screenshots, third-party tooling, or other means in a way that misleads viewers about the source visibility
• Connect a personal source on behalf of another individual (even with their permission — they must connect their own account)
• Use a personal-source connection to circumvent your employer's own access controls or data-governance policies (this is between you and your employer; Knorra is not the arbitrator, but we won't be a tool for that)

9. Respect the trial

The trial is for evaluation. You can't:

• Use trial accounts to extract data without paying
• Create multiple trial accounts for the same organisation
• Use trial data in production workflows beyond the trial period

10. Comply with third-party terms

When you connect a Source (Jira, Slack, Google, Microsoft, etc.), that Source's terms continue to apply to you. You can't use Knorra to do something the Source's own terms prohibit. If a Source provider terminates your access to their service, you'll lose access to that data within Knorra; we're not responsible for that.

What happens if you breach this policy

Depending on severity:

• Minor / accidental breach: we'll contact you, explain the issue, and ask you to stop
• Material breach: we may suspend your account immediately while we investigate
• Serious or repeated breach: we may terminate your account without refund per the Terms of Service
• Illegal content or activity: we report to the relevant authorities and law enforcement without notice to you, and terminate your account

We use suspension sparingly. The vast majority of issues are resolved by a conversation.

Changes to this policy

We may update this policy. For material changes, we'll give 30 days' notice in line with the change-of-terms procedure in the Terms of Service. Minor changes (clarifications, examples) are published silently.

Reporting

Suspect a breach? Email abuse@knorra.ai for misuse, security@knorra.ai for security issues.

NEXTGEN SOFTWARE LTD Company number 14613977 85 Great Portland Street, London, England, W1W 7LT ICO registration: ZC148593