Acceptable Use Policy

Last updated: 15 April 2026

1. Purpose and scope

This Acceptable Use Policy (the "Policy" or "AUP") sets out the rules of conduct that apply to all users of the shkiper.app mobile application and website, including all related services, APIs, materials, and artificial-intelligence-powered features (collectively, the "Service"). The Service is operated by Individual Entrepreneur Valentin Valentinovich Morev, registered in the Russian Federation (the "Operator", "we"). The Service is an educational tool in the field of yachting and seamanship that makes use of generative AI models.

By using the Service, you (the "User", "you") confirm that you have read this Policy, understand its contents, and agree to abide by it. This Policy is an integral part of the Terms of Service and applies together with the Privacy Policy, End User License Agreement (EULA), DMCA Policy, and other applicable documents.

Violations of this Policy may result in the measures described in Section 7, up to and including permanent account termination and referral of information to competent authorities. We may update this Policy from time to time; material changes take effect 14 days after notice is posted.

2. General prohibited conduct

When using the Service, you must not:

• Illegal activity or content. Engage in or plan any activity that violates the laws of the Russian Federation, the European Union, the United States, or any other applicable jurisdiction, including matters involving drugs, weapons, extremism, terrorism, human trafficking, or other criminal conduct.
• Harassment, threats, and hate speech. Direct abuse, threats, or stalking at other users or third parties; post material that incites hatred on the basis of race, ethnicity, religion, gender, sexual orientation, disability, or any other protected characteristic.
• Spam and unsolicited bulk messaging. Use the Service to send advertising, phishing messages, chain mail, invitations to third-party services, or any other bulk or unsolicited communications.
• Malware, viruses, and exploits. Upload, distribute, or attempt to deploy viruses, trojans, ransomware, spyware, vulnerability exploits, password-cracking or credential-stuffing tools, or unauthorized penetration-testing payloads.
• Intellectual-property infringement. Upload or distribute material protected by copyright, trademark, or other rights without authorization from the rights holder. Notices of infringement are handled under our DMCA Policy (see the "DMCA / Copyright Complaints Policy" document).
• Privacy violations. Publish the personal information of third parties without a lawful basis, engage in doxxing, or collect personal data of other users or third parties in ways that violate Federal Law No. 152-FZ (Russia), the GDPR, the CCPA, or other applicable data-protection laws.
• Automated access and scraping. Use bots, scrapers, spiders, crawlers, or other automated means to access the Service; circumvent rate limits, CAPTCHA, geofencing, CSRF tokens, or other technical protection measures. No public API to the Service is currently offered.
• Reverse engineering and model extraction. Disassemble, decompile, or reconstruct the source code of client or server software; extract or reconstruct system prompts, internal instructions, model weights, embeddings, or training data; systematically probe the model in order to reconstruct its behavior or prepare a model export.
• Account sharing, resale, and multi-accounting. Disclose credentials to third parties, share a single account, sell or rent an account, or create multiple accounts to circumvent limits, quotas, bans, or promotional terms (free trials, promo codes).

3. AI-specific restrictions

In addition to Section 2, when using the AI features of the Service you must not:

• Prompt injection and safety-filter bypass. Embed, in queries or uploaded documents or images, instructions designed to bypass safety policies, switch model roles, or elicit prohibited content.
• Jailbreaking. Ask the model to ignore safety policies, impersonate an "unrestricted" or "alternative" version, or perform roles that purport to remove ethical constraints.
• Extracting system prompts and internal instructions. Attempt to reveal, reconstruct, or publish system prompts, moderation configuration, or the Operator's internal instructions.
• Training competing models. Use inputs or outputs of the Service to train, fine-tune, distill, or benchmark competing generative AI models; or systematically collect prompt-response pairs for use in training third-party systems.
• Professional advice outside yachting. Rely on Service outputs as professional medical, legal, financial, tax, or psychological advice. The Service is an educational tool for yachting and does not replace consultation with a qualified professional.
• Use of AI as the sole source for real-time vessel navigation. STRICTLY PROHIBITED: using the Service as the sole or primary source of information for operating a real vessel, planning passages, evaluating weather conditions, or making decisions affecting the safety of crew or passengers. The Service is NOT a navigation system, decision-support system, or search-and-rescue (SAR) system. Life-safety decisions must be made on the basis of official charts, meteorological data, onboard equipment, and the judgment of a qualified skipper.
• Generating harmful, illegal, or exploitative content. Produce child sexual abuse material (CSAM) — an absolute prohibition; content promoting terrorism or violence; instructions for manufacturing weapons, explosives, or narcotics; content promoting self-harm or suicide.
• Impersonation. Pose as the Operator, Service staff, real instructors, examiners, representatives of certifying bodies (ISSA, RYA, IYT, Rosmorrechflot, etc.), or any other natural or legal person.
• Deceptive practices. Use the Service to create disinformation, fake certificates, examination answers for external proctored tests, fake reviews, or document forgeries.
• High-stakes unsupervised decisions. Use Service outputs for automated decisions that have legal or materially significant effects on third parties without mandatory human review by a qualified specialist.

The Service discloses its AI nature: you are communicating with a language model, not a human instructor. Responses may contain inaccuracies (hallucinations); critical information must be verified against primary sources (textbooks, official charts, regulations, instructors).

4. Compliance with OpenAI policies

The AI features of the Service are implemented using models provided by OpenAI Inc. (USA). Your use of the Service must comply with OpenAI's Usage Policies. Requests routed through our proxy are forwarded to OpenAI with personal identifiers stripped; by default, the OpenAI API does not use your data to train models. In particular, you agree not to use the Service to:

• generate content that violates OpenAI's Usage Policies (illegal, harmful, CSAM, violent, or hateful content);
• make high-stakes automated decisions without human review (medicine, law, critical infrastructure, life safety);
• conceal the AI nature of the Service from third parties when further disseminating outputs;
• attempt to extract training data, system instructions, or model structure;
• circumvent or share quotas and tokens beyond what is officially permitted through the Service;
• engage in any other activities prohibited by OpenAI's policies as in force at the time of use.

5. Sanctions compliance

Given the Operator's status as an individual entrepreneur registered in the Russian Federation and its reliance on AWS infrastructure (eu-central-1, Frankfurt, Germany) and OpenAI (USA), the Service is subject to the sanctions regimes of several jurisdictions. By using the Service, you represent and warrant that you:

• are not listed on US OFAC sanctions lists (SDN List, SSI List, NS-MBS List, etc.), EU sanctions lists (including the EU consolidated list), UK sanctions lists (UK OFSI / HM Treasury), or the sanctions lists of the United Nations Security Council;
• are not located in, and are not a resident of, jurisdictions subject to comprehensive US embargoes (Cuba, Iran, North Korea, Syria, and the Crimea, Donetsk, Luhansk, Kherson, and Zaporizhzhia regions) or comprehensive EU/UK sanctions;
• are not acting on behalf of, for the benefit of, or under the control of any person or entity included in the above sanctions lists;
• will not use the Service for purposes that violate US export controls (EAR), EU export controls (Regulation 2021/821 on dual-use items), UK export controls, or Russian export-control law (Federal Law No. 281-FZ);
• will immediately cease using the Service if you become subject to any of the sanctions lists referenced above.

The Operator may refuse to provide, or terminate the provision of, the Service without notice if violations of sanctions law are detected. The Operator applies reasonable sanctions-screening measures; however, each User remains personally responsible for compliance with the sanctions restrictions applicable to them.

6. Technical controls and anti-abuse measures

To ensure fair and safe use of the Service, the following technical controls apply:

• Per-user per-day AI question quotas by plan: Free — a limited number of trial questions; Course Pass, Monthly, and Annual — published ceilings listed on the pricing page and in the app. Ceilings may change on 14 days' notice.
• Automated anti-abuse systems may temporarily rate-limit requests when anomalous activity, potentially harmful patterns, or suspected automated access are detected.
• No public API or external programmatic access to the Service is currently offered. Any access outside the official client (mobile app, web interface) is a violation of this Policy.
• Logs of requests, security events, and session metadata are retained for 90 days for the purposes of abuse and security investigations, after which they are deleted or anonymized in accordance with the Privacy Policy.

Deliberately crafting expensive prompts to inflate Operator costs, launching denial-of-service (DoS/DDoS) attacks, and other forms of load abuse are strictly prohibited.

7. Enforcement (tiered)

When violations of this Policy are detected, we apply a tiered approach. The specific measure depends on the nature, severity, frequency, and potential harm to other users or third parties.

1. <strong>Tier 1 — soft redirect.</strong> For off-topic queries (outside yachting and seamanship) or low-risk jailbreak attempts, the model will politely redirect the user to a relevant topic. No penalty is applied and no incident record is created.
2. <strong>Tier 2 — warning.</strong> For a first confirmed AUP violation (other than the serious violations listed below), we send a written warning to the email address associated with the account, identifying the violated provision and requesting that the conduct cease.
3. <strong>Tier 3 — temporary suspension (7 days).</strong> For a repeat violation following a warning, or for a single serious violation, the account is suspended for 7 days. Access to the Service is unavailable during this period; user data is preserved.
4. <strong>Tier 4 — permanent ban.</strong> Applies to repeat violations following a temporary suspension, or to particularly severe violations on first occurrence: creating or distributing CSAM; active facilitation of terrorism, human trafficking, or violent crime; large-scale attacks on Service infrastructure; gross violation of sanctions law. The account is permanently blocked; related data is deleted per the Privacy Policy timelines; information may be transferred to competent authorities.

Appeal process. Within 14 days of an enforcement action, you may submit a reasoned appeal to abuse@shkiper.app specifying the account identifier, the date and nature of the action taken, and the circumstances that in your view should be taken into account. We will review the appeal and provide a reasoned response within 14 business days. A successful appeal restores access; otherwise the measure stands. A decision on appeal is final within the Operator's internal procedure and does not deprive you of the right to judicial recourse.

8. Reporting abuse

If you become aware of a violation of this Policy or other misuse of the Service, please report it through the following channels:

• General AUP violations, spam, fraud, impersonation, and generative content that breaches the rules — abuse@shkiper.app. We aim to respond within 5 business days.
• Child sexual abuse material (CSAM) — report to the National Center for Missing & Exploited Children (NCMEC, https://www.missingkids.org/gethelpnow/cybertipline) or to competent authorities at your place of residence. In parallel, notify us at abuse@shkiper.app; we are required to cooperate with investigations and, under applicable law, to preserve and provide evidence to competent authorities.
• Security incidents and personal-data breaches — privacy@shkiper.app. We will notify supervisory authorities (Roskomnadzor, EU supervisory authorities) within the timeframes required by law.

When submitting a report, please include: the identifier or description of the violator, the date and time, a description of the violation, links or screenshots (where available), and your contact information for follow-up. We do not disclose the reporter's identity to the reported party without your consent.

9. User responsibility and Operator disclaimers

Users are fully responsible for the content of their queries to the Service, the files they upload, their use of any responses obtained from the Service, and compliance with applicable law. The Operator does not pre-moderate all queries or outputs but applies automated and manual moderation where warranted.

You agree to indemnify the Operator for losses (including reasonable legal defense costs) arising from third-party claims related to your breach of this Policy, third-party rights, or applicable law, to the extent permitted by applicable law.

10. Relationship to other documents

This Policy applies together with the Terms of Service, Privacy Policy, EULA, DMCA Policy, Children's Policy, Refund Policy, and other documents published at https://shkiper.app/legal/. In the event of conflict, the document with the more specific subject matter prevails, unless expressly stated otherwise.

11. Policy updates

We may amend this Policy from time to time. We will give at least 14 days' notice of material changes before they take effect — via the email address associated with your account, in-app notifications, and/or publication at https://shkiper.app/en/legal/aup. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy. Non-material editorial changes (typo fixes, wording clarifications without substantive change) may be applied without prior notice.

12. Contact

For all matters relating to this Policy and to report violations, please contact abuse@shkiper.app. General inquiries — hello@shkiper.app; data-protection matters — privacy@shkiper.app.

Operator: Individual Entrepreneur Valentin Valentinovich Morev, Russian Federation. Registered address is provided upon request in accordance with applicable law.