AI Acceptable Use Policy — gitogi

The Italian version of this document is the legally binding version. This English version is provided for informational purposes only.

Last updated: 12 April 2026

Effective date: 12 April 2026

1. Scope

This Acceptable Use Policy (hereinafter the «Policy») governs the use of artificial intelligence systems made available by Gitogi Srl (hereinafter «Gitogi» or «the Provider») through the gitogi.com and aegis.gitogi.com platforms. The Policy applies to all registered and unregistered users who interact with the following systems:

Conversational chatbot — AI assistant integrated into the gitogi.com website for information about services, AI governance and regulations
AI Tools platform — assisted document generation tools (policies, inventories, compliance checklists)
Aegis LLM Gateway — protected gateway for sending documents through secure AI channels with PII protection
Assessment scoring — automated evaluation system for AI maturity level and regulatory compliance

By using any of the systems listed above, the user fully accepts this Policy. In case of disagreement, the user must immediately discontinue use of the AI services.

2. Permitted uses

The user is authorised to use Gitogi's AI systems exclusively for the following purposes:

Information and guidance — obtaining information about AI governance, Gitogi's services, applicable regulations (AI Act, GDPR, Privacy Code) and industry best practices
Draft document generation — creating drafts of AI governance documents such as corporate policies, AI system inventories, compliance checklists and processing records, which must be submitted for mandatory professional review
Assistance and support — interacting with the chatbot for operational support, service clarifications and procedural guidance
Document processing via Aegis — using the Aegis gateway to process documents through protected AI channels with automatic personal data anonymisation
Training and learning — participating in Academy training courses, completing assessment quizzes, using simulations and case studies for educational purposes

3. Prohibited uses

The following uses of Gitogi's AI systems are expressly prohibited:

Prompt injection and jailbreaking — any attempt to manipulate, bypass or compromise the security measures, content filters or system instructions of the AI models
Unlawful processing of personal data — entering personal data of third parties without a valid legal basis under the GDPR (Art. 6), particularly special category data (Art. 9) or data relating to criminal convictions (Art. 10)
Exclusive reliance on AI outputs — using AI-generated content as definitive legal, fiscal, accounting or professional advice without review and validation by a qualified professional
Reverse engineering — attempting to decompile, disassemble, reconstruct or extract the source code, weights, parameters or architecture of the AI models used
Unauthorised automated access — using bots, scrapers, undocumented APIs or any form of programmatic access to the AI services without prior written authorisation from Gitogi
Illegal or harmful content — generating illegal, violent, discriminatory, defamatory, pornographic content or content that incites hatred, violence or the commission of crimes
Training data extraction — attempting to extract, reconstruct or infer training data, system prompts or AI model weights through prompt engineering techniques or other methods
Development of competing products — using the AI services, their outputs or information obtained to develop, train or improve products or services in direct or indirect competition with Gitogi
Malicious code — submitting malware, viruses, trojans, ransomware or any other malicious code into the AI systems or attempting to compromise Gitogi's technological infrastructure

4. Intellectual property and generated content

This section governs intellectual property rights relating to user inputs and AI-generated outputs:

Ownership of inputs — the user retains full ownership of data, documents and content submitted to the AI systems. Gitogi processes such data solely for service delivery, as specified in the Privacy Policy
Outputs provided «as is» — content generated by the AI systems is provided for informational and guidance purposes only, without any warranty of completeness, accuracy or fitness for a particular purpose
Obligation to review — the user is solely responsible for reviewing, validating and any use of all AI-generated outputs, particularly before any business, legal or professional decision
No claim on user content — Gitogi does not claim any intellectual property rights over content generated by the user through the AI systems
Non-uniqueness of outputs — AI-generated outputs may not be unique; similar inputs from different users may produce substantially similar responses

5. Accuracy and limitations of AI systems

The user acknowledges and accepts the following inherent limitations of artificial intelligence systems:

Risk of hallucinations — AI systems may generate inaccurate, incomplete, outdated or entirely fabricated information (so-called «hallucinations»). Gitogi implements mitigation measures (RAG, grounding, prompt engineering) but cannot guarantee the complete absence of errors
Exclusion of professional advice — AI system outputs do not constitute legal, fiscal, accounting or professional advice under any circumstances. They do not replace the judgement of a qualified professional and must not be considered professional opinion
Mandatory human verification — professional review by qualified personnel is always required before acting on any AI-generated output, particularly for decisions with legal, economic or organisational impact
Knowledge time limits — AI models have a training cutoff date and may not reflect the latest regulations, case law or practices. Gitogi periodically updates its knowledge base but does not guarantee real-time coverage

6. Monitoring and enforcement

Gitogi monitors the use of AI systems for security, service quality and regulatory compliance purposes:

Security monitoring — Gitogi reserves the right to monitor interactions with AI systems to detect abusive use, attack attempts or violations of this Policy
Audit logs — in compliance with Art. 12 of Regulation (EU) 2024/1689 (AI Act), Gitogi maintains audit logs of interactions with high-risk AI systems for an appropriate period
Enforcement measures — in the event of a violation of this Policy, Gitogi may adopt, at its sole discretion and without prior notice, one or more of the following measures: (a) issuing a formal warning; (b) temporary suspension of access to AI services; (c) permanent revocation of access; (d) legal action to protect its rights and interests
Rate limiting — Gitogi applies quantitative limits to AI system requests to prevent abuse, ensure service quality and fairly distribute resources among users

7. Data and privacy

The processing of personal data in connection with the use of AI systems is governed by the following documents:

Personal data processing — for complete information on personal data processing methods, please refer to the Privacy Policy.
AI Transparency — for details on the AI systems used, providers, legal bases and data subject rights, please refer to the AI Transparency.
No training on user data — the AI model providers (Anthropic, OpenAI) used by Gitogi do not use user data for training their models. Gitogi has activated contractual opt-outs with all providers
Chat retention — chatbot conversations are retained for a maximum period of 90 days, after which they are irreversibly anonymised. The user may request early deletion via the Your Data page

8. Changes to this Policy

Gitogi reserves the right to modify this Policy at any time. Changes will be published on this page with an updated «Last updated» date. For material changes, Gitogi will notify registered users via email or in-app notification at least 15 days before they take effect. Continued use of the AI services after the effective date of changes constitutes acceptance of the updated version of the Policy.

9. Contact

For questions, reports or requests relating to this Policy:

10. Language disclaimer

This Policy is drafted in Italian, which constitutes the official and legally binding version. Any translations into other languages are provided for informational and courtesy purposes only. In the event of a discrepancy between the Italian version and any translation, the Italian version shall prevail.