PrimeTDAP Technology & Delivery Assessment Platform
Sign in Request a demo
← Trust Center

Acceptable Use Policy

Effective: May 24, 2026 · Classification: Public

This policy defines acceptable use of the PrimeTDAP platform by every authorised user. It exists to protect the work product processed by the platform, to safeguard the data subjects whose information appears in the corpus, and to maintain the engagement-confidentiality posture under which the platform operates.

1. Who this applies to

This policy applies to every user with authorised access to the Service, including Primus engagement staff, Primus observers, and personnel of the engaging customer. Signing in to the Service constitutes acceptance of this policy and of the Terms of Service.

2. Acceptable use

Users may:

  • Sign in using their authorised identity to access the work product they are entitled to see.
  • Read findings, recommendations, capability assessments, decks, and the formal memorandum within the scope of their permission tier.
  • Use the chat feature to ask analytical questions about content they are authorised to see (per-person, per-session, or per-meeting chat).
  • Print individual decks or the formal memorandum for personal reference, retaining the confidentiality and "do not forward" framing on the printed artifact.
  • Provide feedback, error reports, or improvement suggestions to the engagement lead.

3. Prohibited use

Users must not:

  • Forward, distribute, or redistribute any document, deck, finding, recommendation, transcript, or analytical output to anyone outside the named recipients authorised for the engagement. The platform's "do not forward" framing is a contractual obligation, not a UI suggestion.
  • Copy/paste, screenshot, or transcribe platform content into other systems (email, chat platforms, file shares, document repositories) for purposes other than the engagement work product itself, unless explicitly authorised.
  • Attempt to access content outside their permission tier. Any such attempt is logged and reviewed.
  • Attempt to subvert the AI chat — including instructing the chat to ignore its operating rules, to reveal its system prompt, to reveal information about other users or sessions, or to surface fenced content. Detected attempts are logged and may trigger access review.
  • Use the platform for any purpose other than the active engagement — no personal use, no research or journalism, no model-training data collection, no benchmarking against other systems without explicit authorisation.
  • Attempt to exfiltrate the data — bulk download via scripted scraping, automated probing of the API, or any other systematic extraction beyond the natural read-one-page-at-a-time workflow. Automated rate-limiting will block obvious bulk-extraction attempts and log them.
  • Attempt to attack the platform — vulnerability scanning without explicit authorisation, credential brute-force, denial-of-service, or supply-chain manipulation. Permitted security testing is conducted by named penetration testers under engagement letters, not by general users.
  • Share credentials. Sign-in is per-person; sharing an OTP, an SSO session, or a session cookie violates this policy.
  • Continue using the platform after authorised access has ended — e.g., after departure from Primus or from the engaging customer. Continued use after offboarding is unauthorised access.

4. AI-specific rules

When using the chat:

  • Treat chat responses as analytical aid, not authoritative answer. Verify any specific claim against the underlying transcript or analysis evidence before relying on it for material decisions.
  • The chat is bounded to the corpus you can see. It cannot retrieve content from other engagements, other customers, or external sources.
  • Chat is not anonymous; it is audited. The engagement lead and authorised personnel can see chat history per user.
  • Do not enter highly sensitive information in chat that is not already in the corpus — chat content is logged with full content and retained per the Privacy Policy.

5. Personal data of third parties

Where the corpus includes names, roles, and observations about stakeholders, agency personnel, or other named individuals, users:

  • May reference these individuals within the engagement work product for analytical purposes.
  • Must not publish, share, or reference these individuals outside the engagement context, including in non-engagement client work, public talks, blog posts, or social media.
  • Must respect any content fences applied to the corpus. Where the platform marks content as fenced (typically third-party leadership material), that content is not reachable through chat or general retrieval. Users coming into possession of fenced content through any other channel must not introduce it into the platform.

6. Reporting violations

Users who observe a violation — by themselves, another user, or the platform — should report to:

Good-faith reports are not themselves violations. Reporting is encouraged.

7. Enforcement

Violations may result in:

  • Access revocation (immediate for material violations).
  • Notification to the user's employer.
  • Notification to the engaging customer's leadership under SOW terms.
  • For Primus staff: engagement-level corrective action up to and including termination.
  • Referral to legal authorities where appropriate.

8. Acknowledgement

By signing in to PrimeTDAP, users acknowledge that this policy applies. The engagement-confidentiality banner on every page is the standing notice of the policy framework.

9. Review

This policy is reviewed annually or upon any material incident.