1. Purpose
This Acceptable Use Policy ("AUP") sets out the rules governing use of the Malcolm platform. It supplements our Terms of Service and applies to all users, including administrators, team members, and any person granted access to the platform by a customer organisation (including LP portal users).
Violation of this AUP may result in suspension or termination of access, as described in Section 7.
2. Permitted Use
Malcolm is designed exclusively for professional investment management activities conducted by or on behalf of investment firms, fund managers, venture capital firms, private equity firms, family offices, and similar institutional users.
Permitted uses include:
- Managing deal pipelines, portfolio companies, and fund operations
- Recording and tracking investments, valuations, and fund interests
- Generating reports, analytics, and LP communications
- Using AI-assisted features for document analysis, data extraction, and operational workflows
- Administering investor relations and LP portal access
- Storing and managing investment-related documents
3. Prohibited Activities
You may not use the platform to:
3.1 Unlawful or Fraudulent Activity
- Conduct any activity that violates applicable law, regulation, or industry code of conduct
- Process proceeds of crime, facilitate money laundering, or evade sanctions (including OFAC, EU, or UK sanctions regimes)
- Create fictitious funds, fabricated investment records, or falsified performance data
- Misrepresent fund performance, valuations, or financial positions to investors, regulators, or any third party
- Facilitate insider trading or market manipulation
3.2 Misuse of the AI Features
- Attempt to extract, reverse-engineer, or reconstruct the training data or model weights of any AI system integrated with the platform
- Use AI features to generate content intended to deceive investors, auditors, or regulators
- Submit prompt injection attacks or adversarial inputs designed to manipulate AI behaviour, bypass safety controls, or extract system instructions
- Use AI outputs as the sole basis for regulatory filings, investor communications, or any document with legal effect without independent human review and verification
- Systematically harvest AI-generated content for use outside the platform
3.3 Unauthorised Access and Security Violations
- Attempt to access another customer's data, tenant schema, or account
- Probe, scan, or test the vulnerability of the platform or any associated systems without prior written authorisation from Malcolm
- Circumvent or attempt to circumvent authentication, access controls, rate limits, or other security measures
- Share login credentials, API keys, or authentication tokens with unauthorised persons
- Access the platform through automated means (bots, scrapers, crawlers) except through documented APIs and within published rate limits
- Introduce malicious code, viruses, worms, trojans, ransomware, or any other harmful software
3.4 Data Misuse
- Upload, store, or process data unrelated to legitimate investment management purposes
- Store personal data of individuals without a lawful basis for processing (under GDPR, CCPA, or other applicable privacy law)
- Upload documents containing malware, executable code, or content designed to exploit document processing systems
- Use the platform to store or distribute illegal content, including but not limited to child sexual abuse material, content that incites violence, or material that violates intellectual property rights
- Bulk export data from the platform for the purpose of building a competing product or service
- Consume computing, storage, or AI resources at levels that degrade service quality for other users
- Create multiple tenant accounts to circumvent usage limits, billing, or access restrictions
- Use the platform for cryptocurrency mining, distributed computing, or any purpose unrelated to investment management
- Deliberately generate excessive API calls, file uploads, or AI requests to exhaust system resources
3.6 LP Portal Misuse
- Grant LP portal access to individuals who are not authorised by the fund's governing documents to receive the information made available
- Share, forward, or republish confidential LP portal content (capital call notices, distribution notices, fund reports) to unauthorised recipients
- Use the LP portal to distribute marketing materials, solicit investments, or make offers of securities in violation of applicable securities laws
3.7 Misrepresentation
- Impersonate another person, organisation, or Malcolm employee
- Register an account using false or misleading information
- Represent that your use of Malcolm constitutes endorsement by, partnership with, or certification by Malcolm, unless expressly authorised in writing
4. Customer Responsibility
Each customer organisation is responsible for:
- Ensuring that all users within its organisation comply with this AUP
- Managing user access and promptly revoking access for departed employees or unauthorised users
- Ensuring that LP portal access is granted only to appropriately qualified and authorised investors (see Section 6)
- Maintaining the confidentiality of administrative credentials and API keys
- Promptly reporting any suspected security incident or AUP violation to security@aimalcolm.com
5. Security Reporting
If you discover a security vulnerability in the platform, please report it responsibly:
Do not publicly disclose a vulnerability before we have had a reasonable opportunity to address it.
6. Investor Qualification
Malcolm provides tools that enable fund managers to share confidential fund information with investors via the LP portal. Malcolm does not verify the accreditation, qualification, or eligibility of any investor. The fund manager (customer) is solely responsible for:
- Determining whether each investor meets applicable accreditation, qualification, or eligibility requirements under securities laws (including SEC Regulation D, FCA rules, or equivalent regulations in other jurisdictions)
- Ensuring that LP portal access is granted only to investors who are legally permitted to receive the information shared
- Complying with all applicable securities laws regarding the offer, sale, and distribution of fund interests and related communications
Malcolm's provision of the LP portal infrastructure does not constitute an opinion on the legal status of any investor or the legality of any fund offering.
7. Enforcement
7.1 Investigation
We may investigate suspected violations of this AUP. During an investigation, we may:
- Review usage logs and system data relevant to the suspected violation
- Temporarily restrict or suspend access to affected accounts or features
- Contact the customer's designated administrator
7.2 Actions
If we determine that a violation has occurred, we may, at our sole discretion:
- Issue a warning and request remediation
- Temporarily suspend access to the platform or specific features
- Permanently terminate the customer's account
- Report the violation to law enforcement or regulatory authorities where required by law or where the violation involves criminal activity
7.3 Process
Except in cases involving imminent harm, security threats, or legal obligations, we will:
- Notify the customer's designated administrator of the suspected violation
- Provide a reasonable opportunity (not less than 5 business days) to respond or remediate
- Consider the customer's response before taking enforcement action
In cases involving imminent harm, active security threats, or ongoing illegal activity, we may take immediate action (including suspension) without prior notice.
8. Changes
We may update this AUP from time to time. Material changes will be communicated via email to account administrators and posted on this page with a revised effective date. Continued use of the platform after the effective date of an updated AUP constitutes acceptance.
For questions about this AUP:
- Email: legal@aimalcolm.com
- Support:
/updates/ (Support & Docs page)
This Acceptable Use Policy was last updated on [effective date].