Last updated: March 2026

Acceptable Use Policy

This policy supplements the Terms of Service.

Chromacrypt is a privacy tool built for legitimate use. This policy defines the boundary.

1. Scope and Applicability

This Acceptable Use Policy applies to all components of the Chromacrypt system, including but not limited to:

The Chromacrypt client application
The relay infrastructure
The key ceremony process
All birthed key material
IPFS storage layers
Chromacrypt APIs and endpoints
WebRTC peer-to-peer connections facilitated by the service

By activating a seat or participating in any ceremony, you agree to comply with this policy in full.

2. Intended Purpose

Chromacrypt is designed for lawful, privacy-sensitive communication. Intended use cases include:

Confidential business communication
Client-professional privilege (legal, medical, financial)
Source protection for journalists and researchers
Personal privacy in sensitive correspondence
Trade secret and intellectual property protection
Any lawful communication where discretion is required

3. Prohibited Activities

3.1 Criminal Activity

You may not use Chromacrypt in furtherance of any criminal activity, including but not limited to:

Terrorism, incitement to violence, or extremist coordination
Money laundering, sanctions evasion, or financial fraud
Human trafficking, exploitation, or forced labor
Child sexual abuse material (CSAM) of any kind
Fraud, identity theft, or impersonation schemes

3.2 Harm to Persons

Harassment, intimidation, or sustained unwanted contact
Stalking or surveillance of individuals without consent
Blackmail, extortion, or coercive communication

3.3 Service Integrity

Reverse engineering, decompiling, or disassembling any part of the Chromacrypt system
Scraping, automated extraction, or bulk data collection from any Chromacrypt endpoint
Deliberate overloading, denial-of-service attacks, or resource exhaustion against any infrastructure
Circumventing access controls, seat limits, or activation mechanisms

3.4 Regulatory Circumvention

You may not use Chromacrypt to circumvent legal obligations including court orders, regulatory reporting requirements, or lawful data preservation mandates that apply to you or your organization.

Architectural Note

Chromacrypt enforces this policy at the access layer, not the content layer. The system cannot inspect, scan, or moderate message content by design. Enforcement operates through seat activation, ceremony eligibility, and relay access controls. Violations are addressed by revoking access, not by reading messages.

4. Enforcement Mechanism

When a violation of this policy is identified or reasonably suspected, Chromacrypt may take one or more of the following actions:

Immediate seat revocation without prior notice
Invalidation of activation codes associated with the seat
Termination of any active or pending ceremonies
Permanent ban from future seat acquisition

At no point will enforcement involve the disclosure, interception, or reconstruction of message content. Chromacrypt does not have the technical capability to do so.

5. Seat Holder Obligations

As a seat holder, you are responsible for:

Maintaining the security of your device and operating environment
Protecting your activation code from unauthorized use or disclosure
Vetting your counterparty before initiating a ceremony
Complying with all applicable laws and regulations in your jurisdiction
Reporting any suspected compromise of your seat or key material to security@chromacrypt.io

6. Organizational Deployments

When Chromacrypt is deployed within an organization, the administering entity bears full responsibility for all usage by its members. This includes ensuring compliance with this policy across all seats under its control.

Violations by any individual within an organizational deployment may result in revocation of the entire organization's seat allocation at Chromacrypt's sole discretion.

7. Cooperation with Law Enforcement

In response to valid legal process, Chromacrypt can provide:

Confirmation of whether a seat is active or has been revoked
Execution of seat revocation upon lawful order

Chromacrypt cannot provide, and will not attempt to fabricate or reconstruct:

Message content, past or present
Communication metadata, timestamps, or frequency data
Birthed keys or key material of any kind
IP addresses, device identifiers, or location data

This is not a policy choice. It is an architectural reality. The data does not exist within our infrastructure.

8. Indemnification

You agree to indemnify, defend, and hold harmless Chromacrypt, its operators, contributors, and affiliates from and against any claims, damages, losses, liabilities, costs, or expenses (including reasonable legal fees) arising from your violation of this policy or any unlawful use of the service.

9. Relationship to Other Policies

This Acceptable Use Policy operates alongside and supplements the Terms of Service and the Privacy Policy. In the event of a conflict between this policy and the Terms of Service, the Terms of Service shall prevail.

10. Amendments

Chromacrypt reserves the right to update this policy at any time. Material changes will be communicated through the application or via the email address associated with your seat. Continued use of the service after notification constitutes acceptance of the revised policy.

11. Governing Law and Jurisdiction

This policy is governed by the laws of Belgium. Any disputes arising from or related to this policy shall be subject to the exclusive jurisdiction of the courts of Ghent, Belgium.

12. Contact

For questions regarding this policy or to report a violation:

Legal inquiries: legal@chromacrypt.io

Security concerns: security@chromacrypt.io