Acceptable Use Policy – Sleak AI

1 Responsible Use of AI

Sleak can support human decision-making – but cannot replace it. Where Sleak outputs influence decisions about hiring, performance, or professional development, you are responsible for maintaining effective human oversight.

Human Oversight

• Persons evaluating AI-generated assessments must be able to appropriately interpret outputs, taking their limitations into account.
• Be aware of the tendency to automatically or excessively trust AI outputs – particularly when they influence decisions about people.
• Any person using Sleak outputs for decision-making must be able to disregard, overrule, or revise outputs in individual cases.
• Sleak assessments may not be used as the sole basis for hiring, dismissal, promotion, demotion, compensation changes, or disciplinary measures. Sleak provides information; a qualified person makes the decision.

Transparency

• Inform employees, contractors, and candidates when AI-powered assessments are part of a process.
• Explain upon request how assessments work and how outputs feed into decisions.
• Provide meaningful information about your assessment approach.

Fairness

Use Sleak in accordance with fairness, equal opportunity, and applicable anti-discrimination law:

• Design assessment criteria that measure relevant skills and behaviours.
• Do not create criteria that discriminate directly or indirectly on the basis of protected characteristics.
• Review processes for potential bias and take corrective action where necessary.
• Provide channels for concerns or requests for human review.

Understanding AI Limitations

• AI outputs may contain errors, inaccuracies, or omissions, or reflect biases in data.
• AI cannot capture everything that is relevant about a person or their competencies.
• Sleak outputs may be one of many factors in your decision-making – but are not a substitute for human judgement or professional advice. Review outputs carefully, particularly in critical applications.

You remain responsible for decisions made using Sleak.

2 Prohibited Conduct

The following actions are not permitted. Violations may result in enforcement measures.

Misuse of AI Assessments

• Automated Decision-Making: Sleak may not be used as the sole or decisive basis for employment decisions. Do not design processes that effectively delegate such decisions to Sleak outputs.
• Circumventing Human Oversight: Do not design or operate processes that eliminate meaningful human review of AI-generated assessments.
• Inferring Protected Characteristics: Do not use Sleak to infer, predict, or assess protected characteristics under anti-discrimination law, including race, ethnic origin, gender, sexual orientation, religion, disability, health status, age, or national origin. Do not use outputs as proxies for these characteristics.
• Discriminatory Criteria: Do not create assessments that discriminate directly or indirectly on the basis of protected characteristics.
• Emotion Recognition: Do not use Sleak to infer or classify emotional states from biometric data (voice patterns, facial expressions, body movements, etc.). Sleak does not perform emotion recognition, and this practice is prohibited under the EU AI Act for workplace and educational contexts. Do not configure or combine Sleak with external tools to achieve such outcomes.

Privacy Violations

Do not upload recordings, transcripts, or personal data of third parties without proper consent or another valid legal basis.

Do not enter any of the following categories of sensitive personal data:

• Government-issued identification numbers
• Financial account credentials or payment card numbers
• Protected health information or medical records
• Biometric data for identification purposes
• Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation

Age Restrictions

• Use of Sleak is only permitted for persons aged 16 and over. Do not process personal data of persons under 16 via the platform.
• For persons aged 16 or 17, processing is only permitted if the individual has provided valid consent under applicable law, a parent or guardian has consented, or another valid legal basis with appropriate safeguards exists.

Surveillance

Do not use Sleak for surveillance or monitoring that goes beyond what has been communicated to the persons concerned in advance and is permissible under applicable law, including employment law, data protection law, and, where applicable, the EU AI Act.

Candidate Data

When using Sleak profiles and talent pools:

• Respond promptly to deletion and portability requests.
• Obtain appropriate consent before retaining profiles beyond the original application for future roles.
• Restrict access to authorised persons with a legitimate need.
• Consider whether older assessments remain relevant before using them for new decisions.

System Integrity

• Reverse engineering, decompiling, or disassembling Sleak software or AI models is prohibited, except to the extent permitted by law and not contractually restricted.
• Do not circumvent usage limits, credit restrictions, access controls, or technical safeguards.
• Do not use adversarial inputs, prompt injection, or similar techniques to manipulate AI behaviour or circumvent system safeguards.
• Do not use Sleak outputs without Sleak's express written permission to train, improve, or develop competing AI systems.
• Do not introduce viruses, malware, or other malicious code.
• Do not create multiple accounts to circumvent restrictions or abuse promotions.

Deception

• Do not impersonate real individuals in training sessions without their consent.
• Do not present AI-generated content as human-created where disclosure is required by law or context.
• Do not create personas or scenarios designed to deceive users about whether they are interacting with an AI system.
• Do not use Sleak for fraud, phishing, scams, or social engineering.
• Do not intentionally spread misinformation or knowingly false content.
• Do not misrepresent your identity, authority, or affiliation when using Sleak.

Harmful Content

Do not upload or generate content that is:

• Unlawful, fraudulent, defamatory, or unauthorised
• Promoting or inciting violence, terrorism, or violent extremism
• Promoting self-harm or suicide
• Constituting hate speech or discrimination
• Harassing, bullying, intimidating, or threatening
• Sexually explicit, pornographic, or obscene
• Exploiting, endangering, or sexualising minors
• Depicting or promoting illegal activities

Unauthorised Commercial Use

• Resale, redistribution, or sublicensing of access to Sleak without prior written permission is prohibited.
• Do not use Sleak to provide services to third parties on a commercial basis without an appropriate agreement with Sleak.
• Do not use Sleak outputs in competing products or services without written consent.

3 Role-Based Obligations

All Users

• Comply with this Policy and applicable law.
• Use Sleak honestly and in good faith.
• Review AI outputs before relying on them.
• Maintain account security.
• Report violations or concerns.

Workspace Owners and Administrators

Configuration:

• Configure features in accordance with the needs, values, and legal obligations of your organisation.
• Document your configuration decisions and communicate them internally.
• Decide on visibility levels for managers and data flows (including integrations).

Third-Party Integrations:

When activating integrations with CRM, ATS, HRIS, calendar, or communication tools:

• You control which data flows to and from integrated systems.
• Ensure that data sharing complies with applicable data protection law, including appropriate legal bases and required notices.
• Review the terms and privacy practices of third-party providers.
• Regularly review integration activities.
• Deactivate unused integrations promptly.

Sleak is not responsible for the privacy practices of third-party platforms you integrate.

Compliance:

• Ensure that users in your workspace comply with this Policy.
• Implement processes for human oversight in critical applications of AI insights.
• Establish and communicate internal policies that clearly distinguish between tools used only for learning and practice, and tools that form part of HR decision-making processes.
• Respond to requests from employees and candidates regarding AI use in your organisation.

For EU Deployers Using High-Risk Features:

• Use Sleak in accordance with its documentation, intended purpose, and stated limitations.
• Assign human oversight to persons with the necessary competence, training, and authority.
• Inform affected employees before deploying the AI system for performance assessment.
• Inform candidates that a high-risk AI system is used in the assessment process.
• Retain logs for at least 6 months (or longer if required by applicable law). Sleak provides usage logs and assessment data upon request; you are responsible for archiving in accordance with your statutory retention obligations.
• Suspend use and notify Sleak and relevant authorities immediately in the event of serious incidents.
• Conduct required impact assessments:
  • Data Protection Impact Assessment (DPIA) under GDPR, where applicable
  • Fundamental Rights Impact Assessment under Art. 27 of the EU AI Act, where required

Managers

Where you have access to performance or behavioural data about employees:

• Use insights to support development, not to penalise learning.
• Combine AI assessments with your own observations and professional judgement.
• Have genuine conversations with employees about their development.
• Do not make significant employment decisions based solely on Sleak data.
• Respect the privacy and dignity of the people you manage.
• Follow your organisation's internal policies on the use of AI in HR processes.

4 Candidate Rights

If you are being assessed via Sleak Recruiter, you have the following rights:

Right to Information

The assessing organisation must inform you that AI is used in the assessment process. You may request information from the assessing organisation about:

• How Sleak is used in their process
• What types of skills and behaviours are being assessed
• How Sleak outputs are combined with other inputs (interviews, tasks, etc.)
• The logic underlying the automated processing and its significance for you

Sleak provides documentation to support these disclosures.

Right to Human Involvement

A human reviews and makes the final hiring decision. You are not subject to decisions based solely on automated processing. The assessing organisation is responsible for ensuring meaningful human oversight.

Right to Review

You may request a human review of your assessment. Contact the organisation that invited you to complete the assessment. Sleak provides assessment data and logs upon request from the assessing organisation to support such reviews.

Right to Fair Treatment

You are assessed on skills and behaviours relevant to the role, not on protected characteristics. The assessing organisation designs the assessment criteria; Sleak does not perform emotion recognition or infer protected characteristics.

Right to Accessibility

Contact the assessing organisation for adjustments in the application process. They are responsible for ensuring accessibility and may offer alternative arrangements.

For platform accessibility issues, please contact support@sleak.ai. We welcome feedback and continuously work to improve accessibility.

Organisations using Sleak Recruiter should:

• Provide candidates with a clear opportunity to request adjustments before or during the assessment
• Work with Sleak to identify alternative formats where standard formats present barriers
• Ensure that accessibility requests do not negatively affect a candidate's assessment

5 Enforcement

Handling Violations

We may detect potential violations through automated systems, manual review, or user reports. Depending on the severity, nature, and frequency of violations, we may take one or more of the following measures:

• Warning and required corrective action
• Feature or content restrictions
• Temporary suspension
• Permanent termination
• Forfeiture of credits without refund
• Legal action
• Reporting to law enforcement, data protection authorities, or other regulatory bodies where necessary or appropriate

Minor first-time violations will generally result in warnings. Serious or repeated violations may result in immediate termination.

A violation of this Policy constitutes a breach of your agreement with Sleak (Terms of Service or Master Services Agreement). This may trigger termination rights and other consequences under those agreements.

Appeals

If you believe an enforcement measure was taken in error, please contact legal@sleak.ai within 30 days with:

• A description of the enforcement measure
• Your reasons for the appeal
• Any supporting information

We will review appeals in good faith and respond within a reasonable timeframe. The enforcement measure will generally remain in effect during the appeals process.

6 Reporting Concerns

If you believe someone is violating this Policy, or if you have concerns about the use of Sleak or AI-generated insights, please contact us:

Email: info@sleak.ai

Please include where possible:

• Description of the concern or violation
• Relevant details, including dates, accounts, or affected content
• Any supporting documentation

Reports may be made anonymously where permitted by law. We protect good-faith reporters from retaliation.

If you are an employee with concerns about how your organisation uses Sleak, you may also raise them internally via your organisation's policies, or externally via appropriate regulatory channels (e.g. data protection authorities, labour authorities).

7 Changes to This Policy

We may update this Policy to reflect changes to our services, legal requirements, or best practices.

For material changes, we will:

• Update the effective date
• Notify you by email or via the services
• Provide reasonable advance notice before changes take effect, where legally required

Continued use after changes take effect constitutes acceptance of the updated Policy. If you disagree with changes, you should stop using Sleak.