hey cass.Get early access

Legal

Acceptable Use Policy

Last updated: May 23, 2026

The bright linesDo not use Cass during a live incident. Do not pass off her outputs as a credentialed PIO's work. Do not use her to generate deepfakes, disinformation, or harm. Do not feed her other people's personal data without their permission. Anything else, generally fair game.

This Acceptable Use Policy (“AUP”) governs how you may use Hey Cass AI (“Cass,” the “Service”). It is incorporated by reference into our Terms of Service. Violations may result in immediate suspension or termination of access without refund.

1. Public-safety scope limits — non-negotiable

Cass exists to make PIOs better through prep, drills, and drafting. She is not a credentialed PIO, not a notification system, and not an authoritative source. You must not use Cass for:

  • Live operational incident command. Real-time decisions during active incidents must rest with credentialed humans, not Cass. Drilling beforehand is what Cass is for.
  • Substituting Cass for a credentialed PIO. Misrepresenting Cass's outputs as the work of a credentialed human is a violation and may be unlawful in some jurisdictions.
  • Public emergency alerts. Cass is not connected to and must not be presented as a connection to IPAWS, WEA, or any official public warning channel.
  • Legal, medical, financial, or licensed engineering advice.Cass's outputs are not professional advice.

2. AI-specific prohibitions

Because Cass is generative AI, additional limits apply. You may not use Cass to:

  • Generate sexual content involving minors(CSAM) or any content sexualizing real or fictional persons under 18. This is reported to the National Center for Missing & Exploited Children and to law enforcement.
  • Generate non-consensual sexual content of any real person.
  • Create deepfakes or synthetic media designed to deceive — including impersonating real officials, agencies, journalists, or community members.
  • Generate disinformation, hoaxes, or election interference content, including fake emergency announcements or fabricated official statements.
  • Harass, threaten, defame, or stalk any individual or group.
  • Promote violence, terrorism, hate, or self-harm.
  • Generate weaponization instructions for biological, chemical, nuclear, or radiological materials, or uplift attacks on critical infrastructure.
  • Impersonate Cass herself. Cass is a Hey Cass AI property; impersonation accounts or derivatives are not permitted.

3. Privacy and third-party data

You may not:

  • Submit personal data of identifiable third parties without their consent or another lawful basis.
  • Submit sensitive personal data (health, biometric, sexual orientation, immigration status, religious belief, etc.) about third parties without their explicit consent.
  • Submit Protected Health Information (PHI), payment card data, government-issued ID numbers, or classified information.
  • Submit privileged attorney-client or work-product materials without authorization.

4. Service integrity

You may not:

  • Attempt to reverse-engineer, decompile, or extract the underlying AI models or weights.
  • Use Cass to train, fine-tune, or distill another AI system without our written permission.
  • Scrape, mirror, or systematically harvest content from the Service via automated means.
  • Interfere with the Service, including denial-of-service attacks, probing for security vulnerabilities without authorization, or circumventing rate limits and access controls.
  • Submit prompts designed to extract system prompts, jailbreak safety controls, or otherwise bypass intended scope limits.
  • Use the Service to violate any law, regulation, or right of any third party.

5. Messaging, calling, and AI-disclosure obligations

If you use Cass to draft, send, or place messages or calls — by email, SMS, voice, or chat — to people outside your own organization, you are the sender for legal purposes and must comply with all applicable law, including the U.S. Telephone Consumer Protection Act (TCPA), the FCC's February 2024 ruling treating AI voice calls as “artificial voice” under the TCPA, the CAN-SPAM Act, carrier A2P 10DLC rules, Canada's CASL, the EU's ePrivacy Directive, and state AI-disclosure laws (California AB 1018, Utah's AI Disclosure Act, and others as enacted).

At minimum, you must:

  • Obtain prior express written consent from any recipient before sending automated SMS or placing AI / prerecorded voice calls to them.
  • Honor opt-out / do-not-call / unsubscribe requests promptly (within 10 business days at the outside; sooner where law requires).
  • Identify yourself or your agency at the start of every message or call and provide a clear way to opt out (e.g., STOP for SMS, unsubscribe link for email).
  • Disclose AI involvement at the start of any AI-generated voice or chat interaction, and when sharing AI-drafted content where law or agency policy requires.
  • Maintain records of consent, disclosures, and opt-outs sufficient to demonstrate compliance during an audit.

You may not use Cass to generate unsolicited bulk communications, spoofed sender identities, robocalls without consent, content impersonating real officials or agencies, or any other communication that violates the laws and rules above.

6. Output handling — your responsibility

Cass's outputs are starting points, not finished work. You are responsible for:

  • Reviewing every output before any public use.
  • Verifying any factual claim Cass makes against authoritative sources before relying on it.
  • Ensuring outputs meet your agency's standards, accessibility requirements, and policy constraints.
  • Disclosing AI involvement to your audience where required by law, policy, or ethics (e.g., journalism, government communications, academic settings).

7. Reporting violations

If you become aware of a violation of this AUP — including content you encounter that Cass should not have produced — report it to cass@heycass.ai. We investigate every report and act quickly on confirmed safety issues.

8. Enforcement

We may, in our sole discretion, suspend or terminate access for any violation, with or without notice. We may also report violations to law enforcement when required by law or warranted by the severity of the conduct (especially items in Section 2).

9. Changes

We may update this AUP as the Service evolves, particularly as new AI capabilities or risks emerge. Material changes will be posted here with an updated “Last updated” date and communicated to active users.

10. Contact

cass@heycass.ai

Questions? cass@heycass.ai