This policy defines what you can and cannot do with DRAGbot. It supplements our Terms of Service.
1. General Principles
DRAGbot is designed to help organizations deploy AI-powered bots responsibly. We expect users to:
- Use the platform lawfully
- Respect end users who interact with deployed bots
- Take responsibility for bot behavior and content
- Not attempt to harm DRAGbot, its infrastructure, or other users
2. Permitted Uses
DRAGbot is designed for:
2.1 Conversational Bots
- Customer service and support
- Information retrieval and FAQ
- Guided workflows and intake processes
- Appointment scheduling
- Internal knowledge bases
2.2 Regulated Industry Applications
- Patient intake and triage (not diagnosis)
- Legal intake and document retrieval (not legal advice)
- Financial information and routing (not investment advice)
- Compliance-conscious data collection via Ghostform
2.3 Business Operations
- Lead qualification
- Employee onboarding assistance
- HR policy information
- IT helpdesk triage
3. Prohibited Uses
You may not use DRAGbot for:
3.1 Illegal Activities
- Any activity that violates applicable law
- Fraud, scams, or deceptive practices
- Money laundering or sanctions evasion
- Distribution of illegal content
3.2 Harmful Content
- Generating or distributing malware
- Harassment, abuse, or threats
- Hate speech or discrimination
- Content that exploits minors
- Non-consensual intimate imagery
- Incitement to violence
3.3 Deception
- Impersonating real individuals without consent
- Bots that deny being AI when directly asked
- Spreading misinformation deliberately
- Phishing or credential harvesting
- Social engineering attacks
3.4 Unauthorized Professional Services
Bots must not provide professional advice without appropriate oversight and disclaimers:
| Domain | Prohibited | Permitted |
|---|---|---|
| Medical | Diagnosing conditions, prescribing treatment | Intake, scheduling, general health info with disclaimers |
| Legal | Providing legal advice, drafting binding documents | Information retrieval, intake, routing to attorneys |
| Financial | Investment advice, specific financial recommendations | General information, routing to advisors |
| Mental Health | Therapy, crisis intervention (unless qualified) | Information, resource referral, scheduling |
If your use case involves professional advice, you must:
- Have qualified professionals oversee the bot
- Include clear disclaimers
- Provide escalation paths to humans
- Comply with applicable professional regulations
3.5 Privacy Violations
- Collecting data without proper consent or legal basis
- Circumventing Ghostform to capture data you shouldn't have
- Collecting sensitive categories (health, biometrics, etc.) without explicit consent
- Violating GDPR, CCPA, HIPAA, or other applicable privacy laws
- Selling or sharing end user data without authorization
3.6 Security Violations
- Attempting to access other users' data
- Probing, scanning, or testing system vulnerabilities
- Circumventing access controls or authentication
- Interfering with service availability (DoS)
- Reverse engineering the platform
- Introducing malicious code
3.7 Infrastructure Abuse
- Cryptocurrency mining
- Excessive resource consumption beyond reasonable bot operation
- Using bots as proxies for other services
- Automated scraping of the platform
- Reselling access without authorization
3.8 Spam and Bulk Messaging
- Unsolicited bulk communications
- Bots that initiate contact without consent
- Lead generation without proper consent mechanisms
4. Regulated Industry Guidelines
If you deploy bots in regulated industries, additional requirements apply:
4.1 Healthcare (HIPAA-Adjacent)
- Use Ghostform for PHI collection when possible
- Implement appropriate access controls (Bot Space permissions)
- Maintain audit trails (built-in hash chains)
- Do not store PHI longer than necessary
- Contact us if you require a BAA (admin@dragbot.io)
- Train staff on appropriate bot use
- Provide clear disclaimers that bots are not medical professionals
4.2 Legal
- Clearly state bots do not provide legal advice
- Supervise bot outputs for accuracy
- Maintain attorney-client privilege considerations
- Use Ghostform for sensitive client information
- Route substantive questions to qualified attorneys
4.3 Financial Services
- Comply with applicable regulations (SEC, FINRA, etc.)
- Do not provide personalized investment advice via bot
- Maintain required disclosures
- Archive conversations per regulatory requirements
- Use Ghostform for sensitive financial data
4.4 Education (FERPA)
- Protect student records appropriately
- Limit bot access to necessary information
- Use Ghostform for PII collection
- Train staff on appropriate use
5. Bot Design Requirements
All bots should:
5.1 Transparency
- Identify as AI-powered when relevant
- Not claim to be human if directly asked
- Provide clear information about capabilities and limitations
- Disclose when data is being collected
5.2 Safety
- Include escalation paths to humans for sensitive situations
- Not provide advice in crisis situations (suicide, abuse, emergencies) without routing to appropriate resources
- Handle edge cases gracefully
- Fail safely when uncertain
5.3 Accuracy
- Be based on accurate source documents
- Not hallucinate credentials or capabilities
- Acknowledge uncertainty when appropriate
- Be updated when source information changes
6. Your Responsibilities
You are responsible for:
| Responsibility | What This Means |
|---|---|
| Bot behavior | Everything your bot says or does |
| End user consent | Proper notice and consent for data collection |
| Content accuracy | Source documents and bot responses |
| Access control | Who can access your Bot Spaces and deployments |
| Compliance | Meeting regulatory requirements for your industry |
| Monitoring | Reviewing conversations and bot performance |
| Incident response | Addressing issues with your bots promptly |
7. Enforcement
7.1 How We Detect Violations
- Automated monitoring for abuse patterns
- User reports
- Security scanning
- Review of flagged content
7.2 Actions We May Take
| Severity | Examples | Response |
|---|---|---|
| Minor | Unintentional policy brushes, first offenses | Warning, guidance |
| Moderate | Repeated violations, negligent practices | Temporary suspension, required remediation |
| Severe | Intentional harm, illegal activity, gross violations | Immediate termination, possible legal action |
7.3 Appeals
If you believe we've made an error:
- Contact admin@dragbot.io within 14 days
- Explain the situation and provide evidence
- We will review and respond within 7 business days
8. Reporting Violations
If you observe violations of this policy:
- By other users: Report to admin@dragbot.io
- By bots you encounter: Report to admin@dragbot.io with bot URL
- Security issues: Report to admin@dragbot.io (we prioritize security reports)
We investigate all reports and maintain reporter confidentiality where possible.
9. Changes to This Policy
We may update this policy as the platform evolves and as we learn from experience. Material changes will be communicated with 30 days notice.
10. Questions
If you're unsure whether a use case is permitted:
- Email admin@dragbot.io before deploying
- We'd rather help you get it right than enforce after the fact
Quick Reference: Is This Allowed?
| Use Case | Allowed? | Notes |
|---|---|---|
| Customer support bot | ✅ Yes | Core use case |
| Patient intake with Ghostform | ✅ Yes | Use appropriate safeguards |
| Diagnostic medical bot | ❌ No | Requires physician oversight at minimum |
| Legal information retrieval | ✅ Yes | With disclaimers |
| Legal advice bot | ❌ No | Must route to attorneys |
| Employee FAQ bot | ✅ Yes | Core use case |
| Lead generation with consent | ✅ Yes | Proper consent required |
| Cold outreach spam bot | ❌ No | Never permitted |
| Mental health resources + referral | ✅ Yes | With crisis escalation |
| Therapy replacement | ❌ No | Must involve licensed professionals |
| Internal knowledge base | ✅ Yes | Core use case |
| Impersonating a celebrity | ❌ No | Deceptive |
| Chatbot that denies being AI | ❌ No | Must disclose if asked |
When in doubt, ask us. We want you to succeed within appropriate boundaries.