Acceptable Use Policy
Effective Date: Mar 30, 2026
This Acceptable Use Policy (“AUP”) governs the use of all FIL One LLC (“FIL One”) cloud storage services, APIs, and related infrastructure (the “Services”). It applies to all customers, authorized users, and any end users acting on their behalf. This AUP is part of the FIL One Service Terms and is incorporated by reference. We may revise this AUP from time to time and will give thirty (30) days’ notice before any material changes take effect. You are responsible for the compliance of your own customers or end users with the terms of this AUP. FIL One’s products and services (collectively “Services”) may be used only for lawful purposes. Transmission, distribution or storage of any content in violation of any applicable law or regulation is prohibited as further stated below.
1. Prohibited Content
The following content may not be stored, uploaded, transmitted, or made available through the Services under any circumstances:
- Content that violates any applicable law or regulation, wherever you or your users are located;
- Child sexual abuse material (CSAM) or any content that sexually exploits minors. Any discovery will result in immediate account termination and referral to NCMEC and relevant law enforcement;
- Content that infringes a third party’s copyright, trademark, patent, trade secret, or other intellectual property right;
- Malware, ransomware, spyware, exploit code, phishing kits, or anything else built to damage, surveil, or gain unauthorized access to systems;
- Content designed to harass, threaten, or incite violence or hatred toward individuals or groups based on protected characteristics; or
- Spam, fraudulent communications, or content intended to deceive recipients.
2. Prohibited Activities
You may not use the Services — or help others use them — to:
- Access systems, networks, or data without authorization, whether through hacking, credential stuffing, vulnerability exploitation, or any other means;
- Launch or assist denial-of-service attacks (DoS/DDoS), conduct port scanning, or interfere with the availability of any system or network;
- Bypass or disable security controls, rate limits, or authentication mechanisms on the Services or any third-party system;
- Resell or sublicense access to the Services without our written approval;
- Run cryptocurrency mining operations or blockchain validation as a primary workload;
- Register fraudulent accounts, use stolen payment methods, or otherwise avoid paying for what you use; or
- Distribute weapons-of-mass-destruction instructions or material that supports terrorism or attacks on critical infrastructure.
3. AI and Machine Learning Workloads
We actively support AI and ML use cases. That said, a few things are not acceptable regardless of the application:
- Training datasets made up of data scraped or collected without proper user consent or in breach of applicable privacy law;
- Model weights, outputs, or artifacts built to generate illegal content — including CSAM, targeted harassment material, or weapons instructions; and
- Synthetic datasets intended to train models for non-consensual deepfakes, fraud-enabling voice cloning, or similar harmful purposes.
4. Regulated and Sensitive Data
HIPAA. You need a signed Business Associate Agreement (BAA) with FIL One before storing any Protected Health Information (PHI). There are no exceptions. Reach out to compliance@fil.one to get that process started.
PCI DSS. If payment cardholder data passes through or lives in your environment, PCI DSS compliance is your responsibility. FIL One does not certify any particular configuration as compliant.
Government-Classified Information. FIL One’s infrastructure is not accredited for classified government data at any level. Do not store it here.
Children’s Data. Applications that collect or handle personal data from children under 13 — or a higher age where local law requires — must comply with COPPA, GDPR Article 8, and any other applicable children’s privacy rules. That obligation sits with you.
5. Export Controls and Sanctions
Do not use the Services to store, move, or share technology, software, or data in ways that would violate U.S. export control or sanctions law — including the Export Administration Regulations (EAR), the International Traffic in Arms Regulations (ITAR), and OFAC programs. By using the Services, you confirm that you are not based in, nor a national of, any country under comprehensive U.S. sanctions, and that your name does not appear on any U.S. government restricted-party list.
6. Copyright and DMCA
Storing or distributing content that infringes someone else’s copyright is not permitted. FIL One responds to valid takedown notices under the Digital Millennium Copyright Act (17 U.S.C. § 512).
Submitting a takedown notice: Email legal@fil.one with the subject line “DMCA Notice.” Your notice needs to include: (a) the copyrighted work at issue; (b) enough information to locate the infringing material; (c) your contact details; (d) a statement that you believe in good faith the use is unauthorized; and (e) a declaration, under penalty of perjury, that your information is accurate and you have authority to act.
Disputing a takedown (counter-notice): If you believe your content was removed in error, send a counter-notice to legal@fil.one including: (a) identification of what was taken down; (b) a statement under penalty of perjury that the removal was a mistake; and (c) your contact details and agreement to the jurisdiction of the relevant federal court.
Accounts that rack up multiple valid takedown notices are subject to suspension or permanent termination under our repeat infringer policy.
7. Enforcement
We look into suspected violations when they come to our attention and may take any of the following steps depending on what we find:
- Send a warning and ask you to fix the problem;
- Throttle, restrict, or remove access to specific objects, buckets, or your account as a whole;
- Suspend or close the account — with or without prior notice depending on the situation; or
- Pass information about suspected illegal activity to law enforcement or the relevant regulatory body.
We will generally give you notice and a chance to sort things out before taking serious action. That said, we will act immediately — without prior notice — if something poses a live security threat, involves content that is illegal on its face, or if a government authority requires it. We do not guarantee that we will catch every violation, and nothing here creates an obligation on our part to actively monitor stored content.
Contacts
- Abuse / violations: legal@fil.one
- DMCA notices: legal@fil.one — Subject: “DMCA Notice”
- Security disclosures: security@fil.one
- HIPAA BAA / compliance: legal@fil.one