Acceptable Use Policy

This Acceptable Use Policy (“AUP”) applies to all users of the Heurista platform, including researchers, analysts, team members, organization administrators, and survey respondents accessing the platform via shared links. By using Heurista, you agree to comply with this policy.

This AUP supplements the Heurista Terms of Service and Privacy Policy. In the event of a conflict, the Terms of Service govern.

• Use the platform lawfully and in accordance with all applicable local, national, and international laws and regulations.
• Respect the rights, privacy, and dignity of other users and research participants.
• Maintain the security of your account credentials. You are responsible for all activity under your account.
• Do not share account credentials or allow unauthorized individuals to access your account.
• Promptly notify Heurista of any unauthorized access to your account.

Heurista is designed for program evaluators, humanitarian organizations, and academic researchers working with human subjects data. Users bear sole responsibility for the ethical conduct of their research. Heurista is not a party to your research, does not review your research design, and does not validate the ethical compliance of studies conducted on the Platform.

Heurista uses artificial intelligence (powered by Anthropic’s Claude) for conversational interviews, qualitative coding, thematic analysis, and other analytical features. The following obligations apply to all AI-generated outputs:

• AI Interview Disclosure. When using AI-powered conversational interview features, you must clearly disclose to research participants that they are interacting with an AI system, not a human interviewer. This disclosure must be made before the AI interaction begins and must be presented in a manner the participant can reasonably understand. This requirement aligns with EU AI Act Article 50 transparency obligations.
• Human review required. All AI-generated outputs must be reviewed by a qualified professional before being used in decision-making, publications, or policy recommendations.
• No misrepresentation. You must not represent AI-generated content as solely human-produced without appropriate disclosure.
• Not a sole basis for decisions. You must not use AI-generated outputs as the sole basis for decisions that affect individuals, communities, or populations.
• Verification against primary data. You must verify AI-generated findings, codes, and themes against your primary data before publication or dissemination.
• Disclosure in publications. You must disclose AI assistance in all published research, reports, and deliverables that incorporate AI-generated analysis from the Platform. This disclosure obligation applies regardless of whether your journal, funder, or institution has a specific AI disclosure policy.
• No professional advice. AI-generated analysis does not constitute professional, legal, medical, clinical, or policy advice.
• Vulnerable population safeguard. You must not use AI-generated outputs as a basis — sole or primary — for decisions that directly affect the rights, benefits, safety, or welfare of individual refugees, asylum seekers, internally displaced persons, stateless persons, or other persons in situations of vulnerability, unless such outputs have been independently verified through non-AI means by qualified professionals.

The following uses of Heurista are strictly prohibited:

• Engaging in illegal activity or violating any applicable law or regulation.
• Processing personal data without a lawful basis under applicable data protection law (including GDPR, CCPA, or local equivalents).
• Deliberately inputting false or misleading data to manipulate AI outputs or analytical results.
• Using the platform to generate fraudulent, fabricated, or falsified research findings.
• Attempting to extract, reverse-engineer, copy, or replicate Heurista’s AI models, algorithms, or proprietary systems.
• Circumventing security measures, rate limits, access controls, or usage restrictions.
• Accessing or attempting to access another user’s data, surveys, analyses, or account without authorization.
• Using the platform for surveillance, profiling, or tracking of individuals without their informed consent and a lawful basis.
• Attempting to re-identify anonymized or pseudonymized data subjects using AI features or any other platform capabilities.
• Using AI features to create automated scoring, ranking, or profiling systems that categorize individual research participants or beneficiaries without meaningful human review and oversight.
• Generating, distributing, or promoting content that incites violence, discrimination, hatred, or harassment.
• Distributing spam, phishing attempts, or malware through survey links or any other platform feature.
• Reselling, sublicensing, or redistributing access to the platform without Heurista’s written authorization.
• Using the platform in any manner that violates Anthropic’s Usage Policy, which applies to all AI features on the platform. In the event of a conflict between this Acceptable Use Policy and the upstream AI provider’s usage policy as it applies to AI features, the more restrictive policy shall prevail.

• You are responsible for all data you upload, collect, or generate on the platform.
• You must have the legal authority to process all data you input into Heurista, including data collected from research participants.
• You must promptly notify Heurista at abuse@heurista.com of any data breach or security incident affecting data you have uploaded or collected through the platform.
• You must not store credentials, passwords, financial account numbers, or payment card data in survey responses, analysis fields, or any other platform input.
• Use of export and sharing features (CSV, PDF, Excel, shared links) must comply with your data protection obligations. You are responsible for securing exported data.
• You should delete or anonymize research data when the research purpose for which it was collected has been fulfilled, in accordance with your IRB-approved data retention schedule or applicable data protection requirements.

• Account owners and organization administrators are responsible for ensuring that all team members comply with this AUP and with applicable data protection requirements.
• Access permissions should follow the principle of least privilege. Grant team members only the access necessary for their role.
• Shared workspaces must not be used to circumvent individual account limits, usage quotas, or licensing restrictions.
• When a team member leaves your organization, promptly revoke their access and review any data they had access to.

• Survey content must not be deceptive, misleading, or coercive to respondents.
• Consent forms and informational materials distributed through the platform must accurately describe how respondent data will be used, including any AI-assisted processing.
• Survey distribution must comply with applicable anti-spam laws, including CAN-SPAM, GDPR ePrivacy Directive, and equivalent local regulations.
• Content uploaded for document analysis must not infringe on third parties’ intellectual property rights.

Heurista reserves the right to enforce this AUP through the following measures:

• Notice and cure period. For non-severe violations, we will provide written notice describing the specific violation and a thirty (30) day cure period. If you correct the violation within the cure period, no further action will be taken.
• Warning. For minor or first-time violations, Heurista may issue a written warning describing the violation and required corrective action.
• Suspension. Heurista may temporarily suspend access to the platform pending investigation or resolution of a violation.
• Termination. Heurista may permanently terminate accounts for severe, repeated, or uncorrected violations. Immediate suspension or termination without cure period is reserved for: illegal activity, deliberate security breaches, research fraud, or violations that pose an immediate risk to platform security or other users’ data.
• Content removal. Heurista may remove or disable access to content that violates this policy.
• Appeals. Users may appeal enforcement decisions by contacting abuse@heurista.com within 30 days of the enforcement action. Appeals will be reviewed and a response provided within 15 business days.

If you believe a user is violating this Acceptable Use Policy, please report it to abuse@heurista.com. Include as much detail as possible, including the nature of the violation, any relevant URLs or survey links, and supporting evidence. Heurista will investigate all reports promptly and maintain reporter confidentiality to the extent permitted by law.

Heurista may update this Acceptable Use Policy from time to time. We will provide at least 30 days’ notice of material changes by posting the updated policy on the platform and, where practicable, notifying affected users by email. Continued use of the platform after the effective date of a revised policy constitutes acceptance of the updated terms.

If you do not agree with a revised policy, you must stop using the platform before the changes take effect. You may export your data at any time using the platform’s export features.