1. Scope
This policy applies to all access to sachaltech.com and any deliverable, prototype, AI output, dataset, document or service produced by Sachaltech Pvt. Ltd. (Kathmandu) and its Toronto sub-branch. By using the site or engaging us, you agree to it. It is in addition to our Terms of Engagement.
2. Prohibited conduct
You must not, directly or via automated means:
- Access any non-public area, attempt to bypass authentication, exploit any vulnerability, or violate Canada's Criminal Code s. 342.1, the US Computer Fraud and Abuse Act 18 U.S.C. § 1030, the UK Computer Misuse Act 1990, the EU NIS2 Directive (EU) 2022/2555, India IT Act 2000 s. 43/66, Nepal Electronic Transactions Act 2063 ss. 44–47, Australia Criminal Code Act 1995 part 10.7, or any equivalent cybercrime law.
- Scrape, crawl, mirror or harvest the site at scale, or use it to train a third-party AI model without our prior written permission. Reasonable indexing by mainstream search engines respecting
robots.txtis allowed. - Submit malware, ransomware, viruses, worms, logic bombs, drive-by-download payloads or any code intended to harm.
- Send spam, phishing, smishing, scams, chain letters, pump-and-dump securities messages, or any communication that violates CAN-SPAM (US), CASL (Canada), GDPR direct-marketing rules, UK PECR, India DPDP Act, Australia Spam Act 2003 or Nepal ETA 2063 spam provisions.
- Use the contact form, careers application, Deal Matcher email or proposal email to impersonate another person, falsify identity, route money laundering, evade sanctions (OFAC, EU, UK OFSI, UN Security Council), or transmit Child Sexual Abuse Material — all of which we will report to NCMEC, the Canadian Centre for Child Protection, INHOPE and Nepal Police Cyber Bureau.
- Use any AI feature we offer to generate disinformation at scale, deepfake intimate imagery (NCII), bio/chem/radiological/nuclear weapon designs, instructions for critical-infrastructure attacks, instructions to defeat election integrity, or any output that violates the EU AI Act (Reg. 2024/1689) prohibited-practices list, the US Executive Order 14110 framework or Canada's AIDA proposal.
- Reverse-engineer, decompile or attempt to extract source code, prompts or model weights from any deliverable, except where such restriction is unenforceable under local law (e.g., EU Software Directive 2009/24/EC art. 6 interoperability).
- Discriminate, harass, threaten or defame any Sachaltech employee, contractor, applicant or vendor in violation of the Ontario Human Rights Code, Canadian Human Rights Act, EU Equal Treatment Directives, US Title VII, UK Equality Act 2010, Nepal's Constitution art. 18 or applicable local law.
- Use the platform for activities subject to export controls (US EAR / ITAR, EU Dual-Use Reg. 2021/821, Canada AECL, UK Export Control Order 2008) without proper licensing.
3. AI-specific rules
When you use any AI-generated output we provide (chat replies, deal-matcher reasoning, generated copy, code suggestions): you remain the responsible publisher. Outputs may be incorrect; you must verify before relying on them. You may not present AI output as professional, legal, medical, financial or investment advice, and you may not use it to train competing models without written permission.
4. Reporting abuse
Suspected abuse, vulnerability, security incident or violation of this policy: abuse@sachaltech.com. Responsible disclosure is welcomed — see Section 5.
5. Coordinated disclosure (safe harbour)
We will not pursue civil or criminal action against good-faith security researchers who (a) avoid privacy violations, service degradation, data destruction or disruption, (b) report findings to security@sachaltech.com before public disclosure, and (c) give us reasonable time to remediate (90 days default, ISO/IEC 29147 aligned).
6. Enforcement
We may suspend access, refuse service, withdraw deliverables, terminate engagements and report to law enforcement. Severe violations (CSAM, terrorism, weapons, sanctions evasion) are reported immediately.