Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs your access to and use of the TransactionFlow product of Nalepa Labs™ platform ("Platform"), operated by Open Mind Archives LLC ("Company," "we," "us," or "our"), accessible at omtransactionflow.com. This AUP is incorporated by reference into our Terms of Service. By accessing or using the Platform, you agree to comply with this AUP. Capitalized terms not defined herein have the meanings assigned in our Terms of Service.

1. Permitted Uses

The Platform is designed and licensed exclusively for the following lawful purposes:

1.1 Professional Bookkeeping and Accounting Workflow Assistance

• Uploading, parsing, and categorizing bank and credit card statements for bookkeeping purposes.
• Maintaining a general ledger with double-entry journal postings.
• Generating financial reports, including profit and loss statements, balance sheets, and trial balances.
• Mapping chart of accounts entries and categorizing transactions.
• Using AI-assisted statement parsing and transaction categorization as a productivity aid, subject to your independent professional verification.

1.2 Tax Planning and Informational Tools

• Generating informational Schedule C reports based on categorized transactions.
• Running estimated tax projections for quarterly planning purposes.
• Utilizing S-Corp compliance scoring as an informational reference tool.
• Computing MACRS depreciation schedules and Section 179 estimates for planning purposes.
• Reviewing self-employment tax calculations as informational estimates only.

1.3 Third-Party Integrations

• Connecting to QuickBooks Online ("QBO") accounts that you own or are authorized to access, for the purpose of syncing chart of accounts, vendors, and pushing journal entries.
• Linking bank accounts through Plaid for automated transaction import, using accounts you own or are legally authorized to access.
• Processing subscription payments through Stripe.

1.4 Team and Client Management

• Creating and managing client records within your authorized team workspace.
• Inviting team members to collaborate within the boundaries of your subscription plan.
• Using the Accountant Hub to manage a portfolio of client bookkeeping engagements.

2. Prohibited Uses

You shall not use the Platform, directly or indirectly, for any of the following purposes. Violation of this Section 2 may result in immediate suspension or termination of your account without prior notice and without refund.

2.1 Illegal Activity

• Using the Platform to facilitate, support, or conceal fraud, money laundering, tax evasion, embezzlement, or any other illegal financial activity.
• Uploading, processing, or storing financial records that you know or have reason to believe are fabricated, falsified, or associated with illegal transactions.
• Using the Platform to violate any applicable federal, state, local, or international law, regulation, or ordinance, including but not limited to the Bank Secrecy Act, Anti-Money Laundering (AML) regulations, and the USA PATRIOT Act.
• Utilizing the Platform to process transactions involving sanctioned persons, entities, or jurisdictions as designated by the Office of Foreign Assets Control (OFAC) or equivalent authorities.

2.2 Unauthorized Access and Security Violations

• Attempting to access another user's account, team workspace, client data, or any portion of the Platform to which you have not been granted access.
• Circumventing, disabling, or otherwise interfering with security features of the Platform, including authentication mechanisms, team isolation boundaries, entitlement controls, or subscription enforcement.
• Probing, scanning, or testing the vulnerability of the Platform or any connected system or network, unless expressly authorized in writing by the Company.
• Attempting to bypass rate limits, API throttling, subscription tier restrictions, trial limitations, or feature gates through any means, including but not limited to modifying client-side code, forging request headers, or exploiting API endpoints.
• Intercepting, monitoring, or modifying data transmitted to or from the Platform without authorization.

2.3 Reverse Engineering and Scraping

• Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code, algorithms, data structures, or underlying ideas of the Platform or any of its components.
• Scraping, crawling, or using any automated means (including bots, spiders, or scripts) to extract data from the Platform beyond what is available through the intended user interface or documented APIs.
• Copying, reproducing, or creating derivative works based on the Platform's proprietary parsing algorithms, categorization logic, compliance rules, tax computation methods, or AI prompt engineering.
• Accessing the Platform's API for purposes of building a competing product or service, or for resale of Platform functionality.

2.4 Misuse of AI Features

• Using the Platform's AI-powered features (including but not limited to bank statement parsing, transaction categorization, the Business Assistant, or any chat-based functionality) to generate content that is misleading, defamatory, or harmful.
• Attempting to manipulate AI features through prompt injection, adversarial inputs, or techniques designed to cause the AI to produce unauthorized outputs or bypass its intended limitations.
• Relying on AI-generated outputs as the sole basis for tax filing, legal compliance, or financial decisions without independent professional verification. The AI features are productivity tools, not professional advice.

2.5 Harmful Content and Conduct

• Uploading files containing malware, viruses, ransomware, trojans, worms, or any other malicious code or software designed to damage, disrupt, or gain unauthorized access to computer systems.
• Uploading content that is obscene, threatening, harassing, defamatory, or that infringes upon the intellectual property rights of any third party.
• Using the Platform to send unsolicited communications, spam, or phishing attempts.
• Engaging in any conduct that could damage, disable, overburden, or impair the Platform or interfere with any other user's use and enjoyment of the Platform.

2.6 Misrepresentation

• Impersonating any person or entity, or falsely stating or otherwise misrepresenting your affiliation with a person or entity.
• Providing false, inaccurate, or misleading information during account registration, subscription purchase, or at any point during your use of the Platform.
• Representing that outputs generated by the Platform constitute certified financial statements, tax returns, or professional accounting opinions when they do not.

3. API and Rate Limits

3.1 Usage Thresholds

The Platform enforces usage limits based on your subscription tier. These limits may include, but are not limited to, the number of clients, bank statement uploads per period, API requests per minute, QBO sync operations, Plaid connection attempts, and AI-assisted parsing requests. Current limits for each subscription tier are published on our pricing page and within the Platform's subscription management interface.

3.2 Fair Use

Even where specific numerical limits are not stated, you agree to use the Platform in a manner consistent with reasonable professional bookkeeping and accounting use. The Company reserves the right to throttle, suspend, or restrict access to any account that exhibits usage patterns that are disproportionate, abusive, or inconsistent with the intended use of the Platform, including but not limited to:

• Excessive automated or scripted requests to Platform endpoints.
• Bulk uploading of files designed to stress-test or benchmark the Platform.
• Sustained high-volume API usage that degrades service quality for other users.

3.3 Trial Limitations

Accounts on a free trial are subject to additional restrictions, including but not limited to limits on the number of accounts (asset and liability) per client, date range restrictions on statement data, and restricted access to certain premium features. These trial restrictions are enforced programmatically and may not be circumvented. Detailed trial limitations are presented during the trial period within the Platform.

4. Multi-User and Team Usage

4.1 Team Workspaces

The Platform operates on a team-based multi-tenancy model. All client data, general ledger entries, categorization rules, and financial records are scoped to your team workspace. You are responsible for all activity that occurs within your team workspace, regardless of which team member initiated the activity.

4.2 Team Member Responsibilities

The team owner or administrator is responsible for:

• Ensuring that all team members are aware of and comply with this AUP.
• Managing team member access and permissions appropriately.
• Promptly revoking access for team members who no longer require it, including former employees, contractors, or clients.
• Ensuring that team members access only client data they are authorized to view and manage.

4.3 Accountant Hub Usage

Accounting professionals using the Accountant Hub product to manage client portfolios must ensure that they have proper authorization from each client to access, process, and store the client's financial data on the Platform. The Company is not responsible for verifying the existence or validity of engagement letters, powers of attorney, or other authorization documents between you and your clients.

5. Account Sharing Restrictions

5.1 Individual Accounts

Each user account is for a single individual. You may not share your login credentials (username, password, session tokens, or any authentication mechanism) with any other person. You are solely responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account.

5.2 Prohibition on Credential Sharing

You may not allow multiple individuals to use the same account simultaneously or sequentially. If you require multiple users to access the Platform, each user must have their own individual account and be properly added as a member of the relevant team workspace.

5.3 Third-Party Integration Credentials

You are responsible for the security of any third-party credentials used in connection with the Platform, including QuickBooks Online OAuth tokens and Plaid access tokens. You must not share, export, or expose these credentials outside of the Platform's intended integration workflows.

6. Data Upload Restrictions

6.1 Permitted File Types

You may only upload files in formats supported by the Platform (including PDF, CSV, OFX, and QFX bank statement formats) for the purpose of bank statement parsing, transaction import, and bookkeeping. All uploaded files must contain legitimate financial data that you are authorized to process.

6.2 Prohibited Uploads

You must not upload to the Platform:

• Files containing malware, viruses, or any form of malicious code.
• Files designed to exploit vulnerabilities in the Platform's parsing engine or AI models.
• Files containing content that is illegal, obscene, defamatory, or that violates the rights of any third party.
• Files containing personally identifiable information (PII) beyond what is reasonably necessary for bookkeeping purposes (for example, do not upload Social Security numbers, medical records, or personal identification documents through the statement parsing feature).
• Files exceeding the size limits established for your subscription tier.

6.3 Data Accuracy

You are solely responsible for the accuracy and legitimacy of all data you upload to or enter into the Platform. The Company does not verify the authenticity of uploaded financial documents and accepts no liability for decisions made based on data you have provided.

7. Compliance with Applicable Laws

7.1 General Compliance

You are responsible for ensuring that your use of the Platform complies with all applicable federal, state, local, and international laws and regulations, including but not limited to:

• U.S. Internal Revenue Code and Treasury Regulations (to the extent applicable to your use of tax planning tools).
• State and local tax laws and filing requirements.
• Data protection and privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Florida Information Protection Act (FIPA).
• Anti-money laundering (AML) laws, the Bank Secrecy Act (BSA), and related regulations.
• Professional licensing requirements applicable to accounting, bookkeeping, or tax preparation services in your jurisdiction.

7.2 Export Controls

You may not use or export the Platform or any data derived from the Platform in violation of U.S. export control laws and regulations, including the Export Administration Regulations (EAR) administered by the U.S. Department of Commerce.

7.3 Professional Standards

If you are a licensed accountant, enrolled agent, tax preparer, or other regulated financial professional, you are solely responsible for ensuring that your use of the Platform conforms to the professional standards, ethical rules, and continuing education requirements applicable to your license or credential. The Platform does not provide professional accounting, tax, or legal advice and is not a substitute for professional judgment.

8. Enforcement and Consequences

8.1 Monitoring

The Company reserves the right, but is not obligated, to monitor use of the Platform for compliance with this AUP. Monitoring may include, without limitation, reviewing usage patterns, system logs, API call volumes, and uploaded content to identify potential violations.

8.2 Enforcement Actions

Upon determining, in its sole discretion, that a violation of this AUP has occurred, the Company may take one or more of the following actions without prior notice:

• Warning: Issuing a written notice of the violation and requesting corrective action.
• Restriction: Limiting access to specific features or reducing usage quotas.
• Suspension: Temporarily suspending access to the Platform or specific team workspaces.
• Termination: Permanently terminating the account and deleting associated data, subject to applicable data retention laws.
• Legal Action: Pursuing civil or criminal legal remedies, including seeking injunctive relief and damages.
• Reporting: Reporting suspected illegal activity to appropriate law enforcement or regulatory authorities.

8.3 No Refunds

If your account is suspended or terminated due to a violation of this AUP, you are not entitled to a refund of any subscription fees, write-up package fees, or other amounts previously paid.

8.4 Effect on Data

Upon termination for an AUP violation, the Company may, at its discretion, immediately delete all data associated with your account and team workspace(s), including but not limited to client records, general ledger entries, uploaded statements, categorization rules, financial snapshots, and QBO integration configurations. You will have no right to retrieve data after termination for cause.

9. Reporting Violations

If you become aware of any violation of this AUP, or if you believe that another user is engaging in prohibited conduct on the Platform, you are encouraged to report it promptly. Reports may be submitted to:

All reports will be reviewed and investigated. The Company will endeavor to maintain the confidentiality of the reporting party to the extent reasonably possible. The Company will not retaliate against any user who reports a suspected violation in good faith.

10. Modifications to This Policy

The Company reserves the right to modify this AUP at any time. Material changes will be communicated through the Platform (via in-app notification or email to the address associated with your account) at least thirty (30) days before the effective date of the change, unless the change is required to address an imminent security threat, legal requirement, or ongoing abuse, in which case the change may take effect immediately. Your continued use of the Platform after the effective date of any modification constitutes your acceptance of the modified AUP.

11. Contact Information

If you have questions about this Acceptable Use Policy, please contact us at:

---

This Acceptable Use Policy is effective as of February 11, 2026, and applies to all users of the TransactionFlow product of Nalepa Labs™ platform.