Last updated: May 2026 · Version 1.0
This Acceptable Use Policy sets out the rules for use of the OTensity platform and forms part of the Terms of Service. It applies to all users.
The platform may be used solely for your organisation's internal NIS2 Directive compliance management, preparing compliance documentation for your own operational technology environments, managing your organisation's NIS2 assessment and evidence, and training and awareness tracking for your own staff.
MSSP customers with a separate MSSP licence agreement may use the platform to manage compliance for their clients.
You must not share login credentials between individuals, allow persons outside your organisation to access your account without a platform invite, allow multiple organisations to share a single account (each organisation requires its own subscription), or use another organisation's account or data without authorisation.
You must not use the AI assistant to: generate false or misleading regulatory submissions; create fraudulent compliance documentation; circumvent genuine compliance requirements by fabricating evidence; generate content that misrepresents your organisation's actual security posture to regulators; make excessive automated requests beyond the daily rate limit of 20 requests per user per day; or attempt to extract training data or manipulate the AI system.
You must not: upload data belonging to other organisations without authorisation; use the platform to store data unrelated to NIS2 compliance; attempt to access other customers' data; scrape, copy, or extract platform content for commercial purposes; or use assessment data or benchmark data to compete with OTensity.
You must not: conduct security testing or penetration testing of the platform without written authorisation from OTensity; use automated tools or bots to access the platform at scale; attempt to circumvent rate limits, authentication, or access controls; introduce malware or malicious code; attempt to interfere with the platform's availability for other users; or use the platform in a way that places unreasonable load on infrastructure.
You must not: submit compliance documentation to national authorities that you know to be false or misleading; use the platform to evade genuine NIS2 compliance obligations; use platform output as a substitute for qualified legal or security advice without independent verification; or use the platform in a manner that violates applicable laws including GDPR, NIS2, or Australian law.
OTensity is a compliance assistance tool, not a compliance guarantee.
AI-generated content, including compensating control justification documents and incident reports, is provided as a starting point and requires review and verification by qualified security and legal professionals before submission to regulatory authorities.
Using platform output in regulatory submissions without independent verification is a violation of this AUP and may expose your organisation to regulatory risk. OTensity accepts no liability for regulatory outcomes.
Violations of this AUP may result in: a warning and request to remedy the violation; temporary suspension of access; permanent termination of the subscription without refund; legal action where violations cause damage to OTensity or third parties; or reporting to relevant authorities where required by law.
OTensity will use reasonable judgment in determining appropriate consequences based on the nature and severity of the violation.
If you become aware of a violation of this AUP, please report it to hello@otensity.com. We take all reports seriously and will investigate promptly.
OTensity may update this AUP with 14 days notice. Continued use of the platform constitutes acceptance.