Acceptable Use Policy

You may use OctoWealth only for lawful, personal, authorized, and legitimate personal finance management purposes.

You may not use OctoWealth in a way that:

• violates law;
• violates these rules;
• violates OctoWealth’s Terms of Service;
• violates Plaid’s terms or requirements;
• violates app store rules;
• violates financial institution terms;
• violates another person’s rights;
• harms OctoWealth, users, service providers, platforms, financial institutions, or third parties;
• creates legal, regulatory, security, fraud, operational, financial, or reputational risk.

You may not use OctoWealth to engage in, support, conceal, or facilitate:

• fraud;
• identity theft;
• account takeover;
• unauthorized account access;
• money laundering;
• terrorist financing;
• sanctions evasion;
• tax evasion;
• false statements;
• forged information;
• deceptive conduct;
• financial abuse;
• elder abuse;
• unauthorized use of financial data;
• unauthorized use of another person’s identity;
• misuse of payment methods;
• chargeback abuse;
• subscription fraud;
• synthetic identity activity;
• illegal lending, investment, or credit activity;
• violations of banking, securities, lending, tax, consumer protection, privacy, data security, or financial laws.

You may not provide false, misleading, incomplete, or deceptive information to OctoWealth, Plaid, financial institutions, payment processors, app stores, support teams, or service providers.

You may connect only financial accounts that you own or are legally authorized to access.

You may not:

• connect another person’s financial account without authorization;
• connect an account using stolen, borrowed, purchased, or misused credentials;
• connect an account for impersonation, fraud, surveillance, abuse, or unauthorized monitoring;
• access financial data belonging to another person without permission;
• use OctoWealth to monitor another person’s finances without lawful authority;
• use OctoWealth to exploit, coerce, or financially abuse another person;
• misrepresent your authority to access a financial account;
• share Plaid connections, tokens, account access, or financial data in a way that violates law, contracts, or third-party rights.

You are responsible for ensuring that you have lawful authority to connect and use any financial account you add to OctoWealth.

You may not:

• collect, store, trade, sell, buy, share, or misuse login credentials;
• ask another person for their online banking credentials for use in OctoWealth;
• enter credentials for accounts you are not authorized to access;
• use stolen credentials;
• use credentials obtained through phishing, malware, coercion, deception, scraping, social engineering, or data breaches;
• attempt to extract, reveal, intercept, or misuse Plaid tokens, authentication tokens, session tokens, API keys, secrets, or credentials;
• bypass authentication, MFA, session controls, device controls, or security protections;
• attempt credential stuffing, password spraying, brute force attacks, token replay, or similar attacks.

OctoWealth does not need your online banking password outside Plaid’s authorized connection flow. Do not provide banking passwords to OctoWealth support.

You may not attempt to access, test, probe, scan, disrupt, or compromise OctoWealth systems without prior written authorization.

Prohibited activity includes:

• unauthorized access to accounts, APIs, backend systems, databases, AWS infrastructure, logs, secrets, tokens, source code, or internal systems;
• vulnerability scanning without authorization;
• penetration testing without authorization;
• port scanning;
• fuzzing;
• exploit testing;
• privilege escalation;
• session hijacking;
• token theft;
• API abuse;
• bypassing rate limits;
• bypassing authorization checks;
• bypassing subscription gates;
• manipulating requests or responses;
• tampering with app binaries;
• tampering with network traffic;
• replay attacks;
• denial-of-service attacks;
• distributed denial-of-service attacks;
• malware delivery;
• supply chain attacks;
• phishing attacks;
• social engineering attacks against OctoWealth, users, service providers, or support staff.

If you believe you found a security issue, contact:

support@octowealthapp.com

Do not exploit, disclose, or access user data or systems beyond what is necessary to report the issue.

You may not use bots, scripts, crawlers, scrapers, automation, browser automation, emulator farms, device farms, or unauthorized tools to:

• create accounts;
• log into accounts;
• connect financial institutions;
• extract data;
• harvest financial information;
• harvest user information;
• scrape app screens;
• scrape reports;
• scrape exports;
• scrape APIs;
• monitor account activity;
• bypass usage limits;
• bypass subscription restrictions;
• generate excessive requests;
• perform bulk downloads;
• perform automated testing against production without authorization;
• overload infrastructure;
• interfere with normal operation.

You may not use OctoWealth’s APIs except through authorized app functionality.

Except to the limited extent expressly permitted by applicable law, you may not:

• reverse engineer the app;
• decompile the app;
• disassemble the app;
• derive source code;
• bypass security controls;
• bypass entitlement checks;
• bypass subscription controls;
• bypass feature gates;
• bypass rate limits;
• bypass app store billing controls;
• modify app binaries;
• tamper with app packages;
• inject code;
• hook app functions;
• intercept app traffic for misuse;
• create unauthorized clients;
• create unauthorized API integrations;
• copy workflows, screens, designs, models, or proprietary logic;
• remove copyright, trademark, or proprietary notices.

You may not use OctoWealth to build, train, benchmark, or improve a competing product or service without written permission.

OctoWealth is licensed for personal, non-commercial use unless we expressly agree otherwise in writing.

You may not:

• resell OctoWealth access;
• sublicense OctoWealth;
• rent or lease access;
• operate OctoWealth as a service bureau;
• use OctoWealth to provide services to third parties without permission;
• resell reports, exports, insights, or data generated through OctoWealth;
• sell, license, trade, broker, or distribute financial data obtained through OctoWealth;
• use OctoWealth to create a data broker product;
• aggregate data from multiple users for commercial use;
• use financial data from OctoWealth to profile, score, target, market to, or make decisions about another person without lawful authority.

You may not use OctoWealth, Plaid, or connected financial institution data to:

• violate Plaid’s terms, policies, or usage requirements;
• violate a financial institution’s terms;
• overload Plaid or financial institution systems;
• bypass Plaid controls;
• bypass financial institution controls;
• obtain data you are not authorized to access;
• access unsupported data;
• infer or derive unauthorized data;
• create unauthorized financial data products;
• make unauthorized financial decisions;
• conduct fraud, identity theft, or financial abuse;
• use read-only data access as if it were permission to move money;
• attempt to initiate payments, transfers, trades, or account changes through OctoWealth.

At launch, OctoWealth uses Plaid for read-only financial data aggregation. You may not use OctoWealth or Plaid-connected data in a way that suggests OctoWealth moves money, executes trades, issues credit, provides lending, provides banking, or makes financial decisions.

You may not upload, submit, transmit, or introduce:

• malware;
• ransomware;
• spyware;
• viruses;
• worms;
• trojans;
• logic bombs;
• corrupted files;
• harmful code;
• malicious scripts;
• credential stealers;
• keyloggers;
• exploit payloads;
• phishing content;
• deceptive links;
• spam;
• abusive content;
• content designed to interfere with OctoWealth or third-party systems.

You may not interfere with the proper operation of OctoWealth, AWS, Plaid, Apple, Google, Stripe, Sentry, Atlassian, financial institutions, market data providers, or other service providers.

You may not misuse support, privacy, deletion, or account recovery processes.

Prohibited activity includes:

• impersonating another person in a deletion request;
• attempting to delete another person’s account without authorization;
• submitting fraudulent support requests;
• submitting abusive, threatening, or harassing support messages;
• submitting excessive or automated support requests;
• using support to obtain unauthorized account information;
• using privacy request processes to harass, defraud, or overload OctoWealth;
• providing false verification information;
• attempting to bypass identity verification.

OctoWealth may decline, delay, or require additional verification for suspicious, abusive, fraudulent, or unverifiable requests.

You may not upload, submit, store, or transmit content that:

• is unlawful;
• is fraudulent;
• is deceptive;
• is defamatory;
• is harassing;
• is threatening;
• is abusive;
• is hateful;
• is exploitative;
• infringes intellectual property rights;
• violates privacy rights;
• contains another person’s sensitive information without authorization;
• contains malware or harmful code;
• contains phishing links;
• contains unnecessary sensitive information;
• violates these Terms or applicable law.

This applies to support messages, feedback, receipt uploads, screenshots, attachments, notes, labels, transaction annotations, rules, reports, and any other content you provide.

Do not upload banking passwords, full account numbers, Social Security numbers, full card numbers, government IDs, or other unnecessary sensitive information unless OctoWealth expressly requests it through a secure process.

You may use reports, exports, and app-generated insights for your own personal finance purposes.

You may not use them to:

• misrepresent your finances;
• defraud lenders, creditors, investors, employers, insurers, government agencies, or third parties;
• fabricate financial records;
• falsify income, assets, debts, expenses, or transactions;
• submit misleading financial information;
• violate tax, credit, lending, securities, insurance, employment, or consumer protection laws;
• make decisions about another person without lawful authority;
• resell, broker, or commercialize data without permission.

Reports and exports are informational only and may be incomplete or inaccurate. You are responsible for verifying information before relying on it.

You may not use OctoWealth to conduct regulated activities unless you are legally authorized and OctoWealth has expressly agreed in writing.

Prohibited regulated uses include using OctoWealth as part of:

• banking services;
• lending services;
• credit underwriting;
• credit repair;
• debt settlement;
• money transmission;
• payment processing;
• investment advisory services;
• broker-dealer services;
• securities trading;
• insurance underwriting;
• tax preparation services;
• legal services;
• employment screening;
• tenant screening;
• eligibility decisions;
• government benefit determinations;
• financial surveillance;
• consumer reporting;
• automated decision-making about other people.

OctoWealth is designed for personal finance visibility and organization, not regulated third-party decisioning or commercial financial services.

You may not:

• bypass subscription requirements;
• bypass paywalls;
• manipulate entitlement status;
• spoof receipts;
• forge app store transaction records;
• exploit free trials;
• create multiple accounts to abuse trials or promotions;
• share accounts to avoid payment;
• use stolen payment methods;
• initiate fraudulent chargebacks;
• abuse refund policies;
• interfere with Apple, Google, Stripe, or other billing systems.

OctoWealth may suspend or terminate accounts involved in subscription abuse, billing fraud, chargeback abuse, or payment misuse.

You may not use OctoWealth notifications, support channels, emails, or communications to:

• spam;
• harass;
• threaten;
• impersonate;
• phish;
• deliver malware;
• deceive users or support staff;
• collect credentials;
• obtain unauthorized information;
• interfere with service operations.

You may not misrepresent yourself as OctoWealth, Plaid, a financial institution, Apple, Google, Stripe, AWS, or any other service provider.

You may not use OctoWealth’s name, logos, trademarks, branding, content, screenshots, interface, designs, documentation, or proprietary materials in a way that:

• implies endorsement without permission;
• confuses users;
• violates intellectual property rights;
• copies protected materials;
• creates a competing service;
• misrepresents affiliation;
• harms OctoWealth’s reputation;
• violates app store rules or applicable law.

You may not remove, obscure, or alter copyright, trademark, attribution, or proprietary notices.

You may not use OctoWealth in a way that creates unreasonable load, cost, risk, or harm.

This includes:

• excessive API requests;
• excessive sync attempts;
• excessive account linking attempts;
• repeated failed authentication attempts;
• unnecessary reconnect loops;
• abusive export generation;
• excessive support submissions;
• automated workflows against production systems;
• activity that degrades performance for other users;
• activity that increases infrastructure costs in an abusive or unreasonable way.

OctoWealth may apply rate limits, usage limits, throttling, feature restrictions, or account restrictions to protect service integrity.

If OctoWealth believes you violated this Policy, the Terms of Service, the EULA, Plaid requirements, app store rules, service provider requirements, or applicable law, OctoWealth may take action.

Actions may include:

• warning you;
• limiting features;
• disabling financial account sync;
• disconnecting Plaid-linked institutions;
• restricting exports;
• restricting support access;
• suspending your account;
• terminating your account;
• deleting or disabling content;
• blocking devices, IP addresses, accounts, or identifiers;
• cancelling or revoking access to paid features where permitted;
• reporting activity to service providers, app stores, financial institutions, payment processors, or law enforcement where appropriate;
• preserving records where necessary for investigation, compliance, security, or legal purposes;
• pursuing legal remedies.

OctoWealth may act without prior notice where necessary to protect users, systems, data, service providers, financial institutions, or legal interests.

OctoWealth may monitor, log, review, investigate, and analyze activity to:

• operate the service;
• enforce this Policy;
• enforce the Terms of Service;
• protect users;
• prevent fraud;
• detect abuse;
• maintain security;
• debug errors;
• investigate incidents;
• comply with law;
• comply with service provider or platform requirements.

Monitoring is conducted subject to OctoWealth’s Privacy Policy and applicable law.

If you believe someone is misusing OctoWealth, accessing accounts without authorization, abusing financial data, or violating this Policy, contact:

support@octowealthapp.com

If you believe you discovered a security vulnerability, report it responsibly. Do not exploit the issue, access unauthorized data, disrupt service, or publicly disclose the issue before OctoWealth has had a reasonable opportunity to investigate.

OctoWealth may update this Policy from time to time.

If we make material changes, we may provide notice by email, in-app notice, app update notice, posting an updated Policy, or another reasonable method.

The updated Policy will become effective when posted or as otherwise stated in the notice.

Your continued use of OctoWealth after the updated Policy becomes effective means you accept the updated Policy.

If you have questions about this Acceptable Use Policy, contact:

OctoPath LLC d/b/a OctoWealth Email: support@octowealthapp.com Website: https://octowealthapp.com

The following short version may be shown in the app during onboarding, account creation, Plaid connection, support submission, or legal review screens:

You may use OctoWealth only for lawful, personal, authorized personal finance purposes. You may not use OctoWealth to commit fraud, access accounts without permission, misuse Plaid or financial institution services, scrape or reverse engineer the app, bypass security or subscription controls, resell data, attack systems, upload malicious content, abuse support or deletion processes, or violate applicable law. OctoWealth may suspend or terminate accounts that misuse the service.

I agree not to misuse OctoWealth, access unauthorized financial accounts, commit fraud, scrape or reverse engineer the app, bypass security or subscription controls, resell data, or violate applicable law.