Accorda

Acceptable Use

Acceptable Use Policy

Effective 31 May 2026 · Version 1.2

This Acceptable Use Policy ("AUP") describes what is and is not permitted on Accorda (the "Service"). It supplements the Terms of Service. Violation of this AUP may result in suspension or termination of your account and, where appropriate, referral to law enforcement.

In this policy, "you" means any user of the Service, whether an administrator, end-user, or other authorised person from a Customer Organisation that has subscribed to the Service.

1. Lawful use only

You must use the Service only for lawful purposes and in compliance with all applicable laws, including (without limitation) Australian privacy law, anti-spam law, intellectual property law, and the laws of any other jurisdiction relevant to your use.

2. Authorised users

You may use the Service only if you are an authorised representative of a Customer Organisation, or have been invited to the Service by such a representative. You must not:

  • Share your sign-in credentials with anyone
  • Allow another person to use your account
  • Create accounts using false or misleading information
  • Attempt to access another organisation's data or another user's account

Each individual user must have their own account.

3. Permitted content

The Service is designed for storing your organisation's compliance documentation, including (without limitation):

  • Internal policies, procedures, and guidelines
  • Training materials and reference documents
  • Audit checklists and supporting evidence
  • Records of policy sign-offs by your personnel
  • Incident records and corrective action tracking

4. Restricted content — third-party personal information

Accorda is not designed as a system of record for personal information about your end-customers, clients, patients, service recipients, or other third parties, *except* as necessary for incident and corrective action records. You must not upload to the Service:

  • Patient health records or care plans (as operational systems of record; incident records documenting a healthcare incident are permitted if you have lawful basis)
  • NDIS participant case files or progress notes (as operational systems of record; incident records documenting a safeguarding concern or incident involving a participant are permitted if you have lawful basis)
  • Customer or client case files (as operational systems of record; incident records documenting an incident or complaint are permitted if you have lawful basis)
  • Personal information about identifiable third parties beyond what is strictly necessary as an example, reference, or incident documentation within compliance documentation

Incident records and attachments: The Service includes an incident management feature for recording and tracking incidents and corrective actions. Incident records are permitted and are considered part of your compliance documentation. However, incident records may involve or reference events affecting your clients, patients, service recipients, or other vulnerable individuals. When recording such incidents, you must ensure: (1) you have a documented lawful basis for collecting and recording the incident information under Australian privacy law and any other applicable law, (2) where required by law, you have obtained appropriate consent from the affected individual or their guardian/representative, (3) the incident information is necessary for the stated compliance, incident management, or safeguarding purpose, and (4) any attachments to incidents (such as photographs, video, or documents) do not contain identifiable information about vulnerable individuals unless absolutely necessary and you have explicit lawful basis and consent. If your incident records frequently contain sensitive information about vulnerable individuals, consider whether a more specialised system (such as a clinical incident management system, safeguarding management system, or case management platform) is more appropriate than a general compliance platform.

If a compliance document must reference an individual as an example (for example, an incident response procedure that includes a worked example), de-identify or anonymise the example before uploading. This is distinct from operational incident records, which are permitted if you have lawful basis.

This restriction protects both your end-customers and your organisation. The Service is not certified as a clinical record-keeping system, safeguarding management platform, NDIS participant records system, or similar regulated data system, and should not be used as a substitute for them.

5. Prohibited content and conduct

You must not use the Service to:

  • Upload, store, or distribute content that is illegal, defamatory, harassing, threatening, obscene, or that infringes intellectual property rights
  • Upload content containing malware, viruses, or other harmful code
  • Upload content for which you lack the necessary rights or permissions
  • Use the Service to send spam, phishing messages, or other unsolicited communications
  • Attempt to gain unauthorised access to the Service, related systems, or other users' accounts
  • Probe, scan, or test the Service's security or vulnerabilities without our prior written consent
  • Reverse-engineer, decompile, or attempt to derive the source code of the Service
  • Use automated means (bots, scrapers, crawlers) to access the Service except for legitimate integration with documented APIs
  • Resell or redistribute the Service to third parties without our written agreement
  • Use the Service in any way that imposes an unreasonable load on our infrastructure or interferes with other customers' use
  • Use the Service to develop a competing product

6. AI features

Accorda includes features that use artificial intelligence to analyse content (such as the AI assistant and policy-analysis features). When using these features:

  • You acknowledge that AI-generated output may be incomplete, inaccurate, or outdated, and you are responsible for verifying it before relying on it
  • You must not rely on AI output as a substitute for professional advice (legal, regulatory, medical, or otherwise)
  • You must not use AI features to generate content intended to deceive, defraud, or harm any person
  • Customer Data submitted to AI features is processed under the terms of our Privacy Policy and Data Processing Agreement

7. Compliance evidence integrity

The Service generates compliance evidence (sign-off records, audit logs, certificates) using tamper-evident mechanisms. You must not:

  • Attempt to alter, fabricate, or delete compliance evidence except through Service-provided functionality
  • Misrepresent the nature, completeness, or scope of compliance evidence to third parties (auditors, regulators, courts, or others)
  • Use the Service's outputs to create the false impression that documents have been reviewed, approved, or signed off when they have not

You are responsible for the accuracy of the underlying business decisions and processes the Service records. The Service is a record-keeping tool, not a substitute for actual compliance.

8. Security obligations

You must:

  • Keep your credentials confidential
  • Use multi-factor authentication where required for your role
  • Notify us promptly at info@accorda.com.au if you suspect unauthorised access to your account
  • Co-operate reasonably with us in investigating any suspected security incident

9. Reporting violations

If you become aware of any actual or suspected violation of this AUP — by another user of your organisation, by a member of another organisation, or by anyone else — please notify us at info@accorda.com.au. We will investigate and take appropriate action.

10. Enforcement

We may, at our sole discretion and without prior notice:

  • Investigate suspected violations of this AUP
  • Suspend or restrict access for users or organisations whose conduct we reasonably believe violates this AUP
  • Remove content that violates this AUP
  • Terminate accounts for serious or repeated violations
  • Co-operate with law enforcement and regulatory authorities where required by law or where we consider it appropriate

We will generally attempt to notify the affected user or Customer Organisation before taking action, but reserve the right to act without notice where we consider it necessary to protect the Service, other users, or third parties.

11. Changes to this policy

We may update this AUP from time to time. When we make material changes, we will notify Customer Organisation administrators by email and update the version and effective date at the top of this page. Continued use of the Service after the effective date of an updated AUP constitutes acceptance of the changes.

12. Contact

Questions about this policy or to report a violation:

True North Analytics ABN 24 726 502 584 Email: info@accorda.com.au

Questions about this document? info@accorda.com.au