Acceptable Use Policy

Last updated: June 30, 2026

This Acceptable Use Policy (“AUP”) sets out certain guidelines and restrictions relating to your use and access to Cognition AI, Inc.'s (“Cognition”, “we”, or “us”) products and services (“Services”) that you access and use pursuant to our Terms of Service available here or other written agreement between Cognition and you (the “Terms”), and is intended to help our users use the Services safely and responsibly. This AUP is incorporated into and made a part of the Terms. By using our Services, you agree to adhere to this AUP. If you do not understand or agree to this AUP, please do not use the Services. We will continue to update this AUP, including to reflect changes in our technology and our users. For users who have formerly enrolled for use of Devin Desktop (f/k/a Windsurf) under Exafunction, Inc., the terms “Cognition,” “we,” “us,” or “our” refer to Exafunction, Inc, and not Cognition AI, Inc., unless the license has been assigned to Cognition AI, Inc.

Cognition may monitor your usage to enforce our AUP so please review these policies carefully before using the Services. If you believe that any actions of another user on the Services breach this AUP, please notify us at security@cognition.ai and include a description of such breach. We will determine in our reasonable discretion whether any action on the Services constitutes a breach of this AUP. If we learn that you have violated our AUP, we may take any action in response which we deem reasonable in our sole discretion, including, without limitation, suspending your access to the Services without notice or reporting such breach to the appropriate regulatory authority. We will have no responsibility or liability to you for another user's breach of this AUP. If you discover that our model outputs are inaccurate, biased or harmful, please notify us at security@cognition.ai.

Universal Policies

We believe our Services can be powerful tools to help builders bring their ideas to life, but when using our Services, these rules apply:

You must comply with applicable laws– any use of our Services must comply with the law; it cannot infringe on anyone's intellectual property, promote or engage in illegal activity, compromise the privacy or publicity rights of others, or engage in regulated activity without complying with applicable regulations. Use of the Services is prohibited where restricted by applicable export control laws, economic sanctions, or other trade compliance regulations.

Don't repurpose or distribute output from our Services to harm others– don't use the Services or share output from our Services to defraud, scam, spam, mislead, bully, harass, exploit, defame, discriminate based on protected attributes, promote violence, hatred or the suffering of others or to sexualize children.

Don't override our security protocols – you must comply with security measures established in our Services to protect sensitive data and prevent unauthorized access. You may not provide any other user access to your account or account credentials, attempt to circumvent our security measures or otherwise interfere with the Services.

Building with our Services

Agentic Use

Our Services may take autonomous actions on your behalf, including writing and executing code, interacting with third-party systems, and making changes to your infrastructure. When using agentic features of the Services, the following additional requirements apply:

  • You are responsible for all actions taken by the Services on your behalf or at your direction, including actions taken in third-party systems, and must ensure such actions comply with applicable laws and this AUP.
  • You must not direct or configure the Services to take irreversible actions in production environments without implementing appropriate human oversight, review, and confirmation mechanisms.
  • You must not use the Services to circumvent, disable, or override access controls, authentication mechanisms, or security measures in any system, whether belonging to you or a third party.
  • You must not use the Services to autonomously interact with systems or services in a manner that violates the terms of service or acceptable use policies of those systems or services.
  • You are responsible for maintaining appropriate safeguards, monitoring, and rollback capabilities when using the Services to make changes to systems, infrastructure, or data.

Data Restrictions

You will not prompt the Service with, or otherwise upload data, that falls within the following categories (“Prohibited Data”):

  • Contains viruses, malware, malicious code or similar harmful materials.
  • Contains API keys, access tokens, passwords, private cryptographic keys, or other security credentials.
  • Contains restricted or sensitive personal data, such as biometric identifiers, government-issued identifiers (including SSN, TIN, or passport numbers), payment card data or credit card numbers, bank account numbers, or data constituting a special category under applicable privacy law.
  • Contains regulated health information, including Protected Health Information as defined under HIPAA, unless you have entered into a separate written agreement with Cognition expressly permitting such use.

Notwithstanding the above, certain categories of Prohibited Data may be permissible where Cognition has entered into a separate written agreement with you expressly authorizing such use and establishing applicable safeguards.

User Safety

We do not allow content or activity on our Services that:

  • Is unlawful or promotes illegal activities
  • Is sexually explicit, exploitative or inappropriate, especially in relation to minors
  • Is defamatory, fraudulent, or libelous, or promotes such content or activity
  • Is discriminatory or abusive towards individuals or groups, including based on attributes such as race, religion, gender, age, nationality or sexual orientation
  • Is intentionally deceptive, false, misleading or inaccurate
  • Harasses or harms others, including our employees and other users
  • Threatens, promotes or incites violence or terrorism
  • Threatens or undermines democratic processes or institutions
  • Could lead to death, personal injury, or environmental damages, including use for life support systems, emergency services, nuclear facilities, autonomous vehicles, or air traffic control (“High Risk Activities”), unless otherwise permitted in a separate written agreement with you expressly authorizing such use
  • Creates, distributes, or deploys malware, ransomware, exploit code, cyberweapons, or other tools designed to cause harm to computer systems, networks, or data

Privacy

  • Users must not use our Services to collect, store, share or otherwise process personal data without consent.
  • Users are prohibited from generating content that violates the privacy of any person or third party, such as by posting another person's personal information without consent.
  • Users must not use our Services to facilitate spyware, communications surveillance, or unauthorized monitoring of individuals.
  • Users must respect confidentiality agreements and not disclose any sensitive information.

Intellectual Property

  • Users must not use our Services to infringe upon the intellectual property rights of any party, including copyrights, trademarks, patents and rights of publicity.
  • Users must respect the intellectual property rights of our company and refrain from reverse-engineering or reproducing the Services or crawling, scraping or harvesting data from our services, unless otherwise permitted by applicable law.
  • Users may not use the Services as a part of any effort to compete with us or build a competitive product.

Spam or Inauthentic Activity

We do not allow users to:

  • Use our Services to send unsolicited or unauthorized messages, advertisements, or spam, or engage in phishing or social engineering attacks.
  • Use our Services to propagate abuse on other platforms or participate in disinformation campaigns.
  • Knowingly create or distribute content that is materially false or misleading and likely to cause harm.
  • Impersonate others or misrepresent themselves, including to represent that the output from our Services is human-generated.
  • Engage in deceptive or illegal activities, including “spoofing” or pyramid schemes or similar acts
  • Use the Services to generate outputs that you know or should reasonably know would be unlawful or infringe on the rights (including intellectual property rights) of others.
  • Request content that is “in the style of” or “similar to” third-party proprietary content or that is otherwise derivative of third-party proprietary content.
  • Request that the Services duplicate third-party proprietary content or provide outputs that duplicate the functionality of third party content.
  • Use the output from our Services to train artificial intelligence models except for your internal business purposes.

Site Access & Safety

  • Users are prohibited from using the Services in a manner that could cause technical harm, such as creating malicious code, distributing malware or viruses, launching denial-of-service attacks or doing anything else that could disable or impair a website or computer system.
  • Access to our Services is restricted to authorized users who have registered and agreed to our Terms (or the terms agreed by your organization), and users must not provide other users with access to their account or their account credentials.
  • Use of third-party models may be subject to the Acceptable Use Policies of the respective third parties (including supported countries of such providers).

User Protection

  • Users must not engage in activities that could adversely affect or harm other users, such as harassment or exploitation.
  • Users must not use the Services as the sole basis for decisions that would materially affect an individual, including decisions that would have legal, financial, employment, housing, insurance, educational, or similarly significant effects on any person.
  • Users should report any abuse or misuse of the product to ensure a safe environment for all users.

Services Usage Limits

  • Users must not reproduce, duplicate, copy, sell, or resell any portion of our Services.
  • Users must adhere to any usage limits specified in their subscription or licensing agreement.

Changes

  • We may change this AUP at any time. When we do, we will post an updated version at cognition.ai/aup, unless another type of notice is required by applicable laws.