Acceptable Use Policy

This Acceptable Use Policy ("AUP") defines the permitted and prohibited uses of NexGenQE, and related services provided by Pion Global Private Limited ("Pion Global", "we", "us", or "our"). It is designed to protect the security, availability, integrity, lawful operation, and responsible AI-enabled use of NexGenQE.

NexGenQE is an AI-powered Quality Engineering and Test Automation product built on the PIEDAP platform. It may support requirements analysis, test case design, test management, automation assistance, defect intelligence, API and UI test execution, CI/CD integrations, dashboards, analytics, and related quality engineering workflows.

This AUP applies to customers, administrators, authorized users, contractors, partners, visitors, API users, and anyone who accesses NexGenQE or uses credentials issued for NexGenQE.

Where a signed agreement contains stricter usage, security, data, or integration obligations, the stricter obligation will apply.

Users must use NexGenQE in a lawful, secure, ethical, and business-appropriate manner. The core principles are:

• Use only for authorized quality engineering, test management, product assurance, DevOps, analytics, and related business purposes.

• Protect credentials, customer environments, test assets, source code, test data, logs, and confidential information.

• Avoid activities that could disrupt NexGenQE, PIEDAP, connected systems, other customers, or third-party services.

• Use AI-assisted features with human review, professional judgment, and appropriate safeguards.

• Promptly report suspected misuse, vulnerabilities, unauthorized access, or security incidents.

Subject to the applicable subscription, order form, role permissions, and product documentation, users may use NexGenQE to:

• Create, manage, analyze, and execute test cases, test suites, test plans, defects, requirements-to-test traceability, and related quality engineering assets.

• Connect approved development, project management, DevOps, CI/CD, source control, ticketing, cloud, and testing tools for authorized business workflows.

• Use AI-assisted features to summarize, classify, recommend, draft, or analyze quality engineering artifacts, provided outputs are reviewed before operational reliance.

• Generate reports, dashboards, metrics, and evidence relevant to software quality, delivery assurance, release readiness, defect trends, and engineering governance.

• Perform authorized test automation activities within agreed technical limits and within systems for which the customer has valid rights and approvals.

• Do not share user accounts, passwords, API keys, secrets, access tokens, or session information except through approved enterprise access management processes.

• Do not impersonate another person, misrepresent identity or authorization, or bypass role-based access controls.

• Use multi-factor authentication where enabled or required by the customer or Pion Global.

• Immediately revoke or rotate credentials when a user leaves, changes role, or credentials are suspected to be compromised.

• Do not create accounts, bots, service users, or integrations to evade license limits, audit controls, rate limits, or usage restrictions.

Users must not use NexGenQE, its APIs, integrations, support channels, or connected systems to:

• Gain or attempt to gain unauthorized access to NexGenQE, PIEDAP, customer environments, third-party systems, data, networks, or accounts.

• Probe, scan, penetration test, stress test, fuzz, exploit, or vulnerability-test NexGenQE or PIEDAP without Pion Global's prior written authorization.

• Introduce, upload, transmit, test, store, or execute malware, ransomware, spyware, credential stealers, botnets, destructive payloads, or exploit code, except where explicitly approved in writing for a controlled customer-owned security validation environment.

• Disable, bypass, degrade, tamper with, or circumvent authentication, authorization, encryption, logging, monitoring, audit trails, security controls, or license enforcement.

• Perform denial-of-service, distributed denial-of-service, resource exhaustion, abusive scraping, credential stuffing, password spraying, or similar disruptive activity.

• Exploit vulnerabilities, configuration weaknesses, prompt injection, insecure integrations, or exposed secrets to extract data or gain unauthorized privileges.

Because NexGenQE may execute or coordinate tests against customer applications, users must ensure that testing activities are authorized, safe, scoped, and proportionate.

• Do not run automated tests, load tests, stress tests, destructive tests, or security tests against systems unless you have explicit permission from the system owner.

• Do not use NexGenQE to create excessive requests, traffic spikes, recursive jobs, uncontrolled parallel execution, infinite loops, or pipelines that could impair product availability or connected systems.

• Do not use shared SaaS environments for production-like load, soak, stress, chaos, or destructive testing unless expressly supported under the customer's subscription or written agreement.

• Do not intentionally corrupt data, alter production records, delete assets, or trigger real-world transactions through test scripts unless the environment, approvals, rollback plan, and safeguards are in place.

• Use synthetic, masked, anonymized, minimized, or non-production test data wherever feasible.

Users are responsible for ensuring that all information uploaded, generated, transmitted, or connected through NexGenQE is lawful, authorized, and appropriate for the service.

• Do not upload, store, or process personal data, confidential information, source code, credentials, keys, tokens, production logs, regulated records, or customer data unless you are authorized and the processing is permitted under the applicable agreement and law.

• Do not upload unnecessary sensitive data into prompts, comments, defect descriptions, screenshots, logs, attachments, test evidence, or integration payloads.

• Do not use NexGenQE to process data that is unlawful, defamatory, discriminatory, harassing, exploitative, harmful to minors, infringing, deceptive, or otherwise inappropriate for enterprise use.

• Do not use test artifacts, automation scripts, or evidence files in a way that violates intellectual property rights, confidentiality obligations, open-source license obligations, or third-party terms.

• Do not use NexGenQE as a general-purpose storage repository, backup service, file distribution service, or data archive outside the documented product purpose.

NexGenQE may include AI-assisted capabilities for test design, impact analysis, defect summarization, release insights, automation support, and quality recommendations. Users must apply human oversight and must not use AI features to:

• Generate, request, refine, or operationalize harmful, unlawful, misleading, discriminatory, deceptive, infringing, or unsafe outputs.

• Make final legal, regulatory, employment, financial, safety-critical, medical, or high-impact decisions without qualified human review and independent validation.

• Attempt to extract system prompts, hidden instructions, model weights, training data, other customers' data, confidential product information, or security controls.

• Perform prompt injections, jailbreaks, model manipulation, adversarial input attacks, data poisoning, automated abuse, or bypass of AI safety controls.

• Use AI outputs as a substitute for professional testing judgment, product owner approval, security review, release governance, or customer-specific validation.

• Create or support prohibited or high-risk AI use cases in violation of applicable AI laws or customer policies, including manipulative, exploitative, discriminatory, unauthorized biometric, social scoring, or unlawful surveillance activities.

• Use APIs, webhooks, connectors, and service accounts only for documented and authorized business purposes.

• Do not exceed published or contractually agreed rate limits, storage limits, concurrency limits, payload limits, or fair-use thresholds.

• Do not use integrations to extract, replicate, scrape, harvest, or synchronize data beyond the permissions granted by the system owner.

• Do not connect unapproved third-party tools, public repositories, test environments, or automation runners in a manner that exposes secrets, data, logs, or confidential artifacts.

• Do not conceal the origin of API calls or use rotating identities, proxy abuse, automation farms, or other methods to evade monitoring or limits.

Except where expressly permitted by law or contract, users must not:

• Copy, reproduce, resell, sublicense, rent, host, white-label, commercially exploit, or provide NexGenQE to third parties outside authorized use.

• Reverse engineer, decompile, disassemble, modify, create derivative works from, or attempt to discover source code, architecture, algorithms, model behavior, or non-public APIs.

• Remove, obscure, or alter copyright, trademark, security, audit, watermark, license, or proprietary notices.

• Benchmark or publish comparative performance, security, AI quality, or reliability results without prior written consent where such disclosure is restricted by contract.

• Use NexGenQE to develop or train a competing product by unauthorized extraction of workflows, prompts, outputs, taxonomy, UI design, APIs, or product behavior.

• Do not use NexGenQE communications, notifications, comments, reports, exports, or support channels to send spam, phishing, malware, deceptive messages, harassment, threats, or unlawful content.

• Do not submit false, abusive, misleading, or malicious support requests, vulnerability reports, legal notices, or incident reports.

• Do not include unnecessary secrets, credentials, tokens, private keys, regulated personal data, or confidential third-party information in support tickets or public comments.

Pion Global encourages responsible reporting of suspected vulnerabilities or security issues. Users must:

• Report suspected vulnerabilities, unauthorized access, data exposure, or misuse promptly to [email protected] or the support channel designated for the customer.

• Avoid exploiting, escalating, persisting, exfiltrating, modifying, deleting, or publicly disclosing vulnerability information without written authorization.

• Provide sufficient detail to support investigation, including affected account, timestamp, environment, endpoint, steps to reproduce, screenshots if safe, and potential impact.

• Act in good faith and avoid privacy violations, service disruption, data destruction, or access to data that does not belong to the reporter.

Users must ensure that NexGenQE is configured and used consistently with the customer's regulatory, contractual, and internal control obligations. Without limiting the applicable agreement, users must not:

• Use NexGenQE to process regulated, classified, export-controlled, payment card, health, child, biometric, government, defense, or similarly sensitive data unless the applicable agreement, product configuration, and safeguards support that use.

• Use NexGenQE to violate sanctions, export control laws, anti-corruption laws, privacy laws, cybersecurity laws, labor laws, intellectual property laws, or third-party platform terms.

• Use NexGenQE to create or facilitate unauthorized surveillance, profiling, discrimination, social scoring, workplace emotion inference, or other restricted AI/data practices.

• Misrepresent quality, compliance, audit, security, or certification outcomes generated through NexGenQE.

Beta, trial, proof-of-concept, sandbox, preview, or evaluation features may be limited, experimental, unsupported, rate-limited, or changed without notice.

• Do not place production workloads, regulated data, irreversible transactions, or mission-critical release decisions in trial or beta environments unless expressly authorized.

• Do not use trial accounts to bypass subscription limits, create multiple organizations for the same purpose, conduct competitive analysis prohibited by contract, or continue unpaid use beyond the permitted evaluation period.

Pion Global may monitor product usage, logs, audit trails, access patterns, API calls, system health, automation execution, and security alerts to protect NexGenQE, PIEDAP, customers, users, and third parties. Monitoring will be performed in accordance with applicable privacy and data protection obligations.

If Pion Global reasonably believes that a user has violated this AUP or created a security, legal, operational, or reputational risk, Pion Global may investigate, throttle usage, disable integrations, remove offending content, suspend accounts, restrict features, or terminate access.

Pion Global may notify the customer administrator, preserve relevant logs, cooperate with regulators or law enforcement where legally required, and take emergency action without prior notice where necessary to prevent harm.

Customers remain responsible for their users, administrators, contractors, automation jobs, service accounts, and integrations.

Violations of this AUP may result in one or more of the following actions, depending on severity and urgency:

• Warning, remediation request, or mandatory configuration change.

• Temporary throttling, access restriction, integration disablement, or account suspension.

• Removal or quarantine of offending content, scripts, files, jobs, or data.

• Termination of services in accordance with the applicable agreement.

• Reporting to affected customers, regulators, CERT-In, law enforcement, or other competent authorities where legally required or appropriate.

• Recovery of costs, damages, liabilities, investigation expenses, or indemnity where permitted under the applicable agreement and law.

• Assign appropriate roles and least-privilege access based on job responsibilities.

• Review user access, service accounts, API keys, connected tools, and automation runners periodically.

• Configure integrations, test environments, retention settings, notifications, and permissions consistently with organizational policies.

• Train users on safe handling of test data, secrets, logs, screenshots, AI prompts, and quality engineering evidence.

• Promptly notify Pion Global of suspected misuse, compromised credentials, unauthorized access, or policy violations.

Pion Global may update this AUP from time to time to reflect product changes, legal requirements, threat landscape changes, responsible AI considerations, or operational practices. The updated version will be posted on nexgenqe.com or otherwise made available with a revised "Last Updated" date. Continued use of NexGenQE after the effective date of an update constitutes acceptance of the updated AUP, unless a written agreement provides otherwise.

The following examples illustrate unacceptable use. They are not exhaustive.

Customers may use the following controls to reduce AUP violations and operational risk: