Acceptable Use Policy

Purpose & Scope

This Acceptable Use Policy defines the permitted and prohibited uses of Drafted's systems, platforms, data, and resources by employees, contractors, contributors, and authorized users. This policy applies to all access to Drafted systems, networks, applications, and data, whether remote or on-site.

Version: 1.0 | Effective: April 2, 2026 | Scope: All Drafted systems and personnel

1. Permitted Use

Drafted systems and resources are provided to facilitate legitimate business operations. Permitted uses include:

• Accessing assigned work materials and performing job responsibilities
• Communicating with colleagues, clients, and partners for business purposes
• Storing work-related files, documents, and project materials
• Participating in training, meetings, and professional development
• Limited personal use that does not interfere with work responsibilities or productivity (during breaks, lunch, or off-hours)

2. Prohibited Uses

Users are strictly prohibited from using Drafted systems to:

• Access, download, or distribute illegal or copyright-infringing content
• Create, transmit, or store threatening, harassing, abusive, or hateful content
• Engage in discrimination based on protected characteristics
• Access systems without authorization or exceed authorized access levels
• Attempt to hack, crack, or compromise system security
• Install unauthorized software or malware
• Bypass or circumvent security controls or firewalls
• Interfere with network performance or system availability
• Conduct unauthorized scanning, testing, or vulnerability assessment
• Create, send, or forward chain emails, spam, or unsolicited bulk email
• Impersonate others or misrepresent identity
• Access, modify, or delete data without authorization
• Share passwords, credentials, or API keys
• Sell, trade, or distribute access to systems or data
• Conduct personal commercial activities unrelated to Drafted
• Access adult, obscene, or sexually explicit content
• Use systems for gambling, illegal substances, or illegal activities
• Disclose confidential or proprietary information without authorization

3. Data Access & Confidentiality

All Drafted personnel with system access must:

• Access only data necessary to perform assigned job responsibilities
• Never share, disclose, or copy confidential data outside the organization
• Treat all candidate profiles, contributor data, and client information as confidential
• Follow the Information Security Policy for all data handling
• Report any unauthorized access or data breach immediately
• Return or securely delete all confidential data upon employment termination

4. Password & Authentication Security

All users must:

• Create and maintain strong, unique passwords (minimum 12 characters, mixed case, numbers, symbols)
• Never share passwords, authentication tokens, or API keys with anyone
• Change passwords if suspected compromise
• Enable multi-factor authentication (MFA) on all accounts
• Lock or log out of systems when leaving workstations unattended
• Not write down passwords or store them in insecure locations
• Use a password manager for credential storage

5. Device & Equipment Security

All personnel responsible for Drafted devices or accessing Drafted systems must:

• Enable full-disk encryption (macOS FileVault, Windows BitLocker)
• Keep devices updated with latest security patches and OS updates
• Install and maintain antivirus/anti-malware software
• Not install unauthorized software or applications
• Secure devices with lock screens and timeouts
• Not leave unattended devices unlocked or accessible
• Report lost, stolen, or compromised devices immediately
• Use only secure, encrypted Wi-Fi networks (WPA2/WPA3)
• Avoid public Wi-Fi for accessing sensitive systems or data
• Properly wipe or destroy data when devices are no longer in use

6. Email & Communications Security

When using Drafted email and communication systems:

• Do not send sensitive information (passwords, API keys, PII) via unencrypted email
• Be cautious of phishing emails and do not click suspicious links or attachments
• Report phishing attempts to security@joindrafted.com immediately
• Do not forward emails containing confidential information to unauthorized recipients
• Maintain professional and respectful tone in all communications
• Do not use email for harassment, discrimination, or inappropriate content
• Remember that all email and communications may be monitored or subject to legal holds

7. Network & System Access

All users must:

• Use only authorized network connections and VPNs when required
• Not attempt to gain access to systems, accounts, or data you are not authorized to access
• Not attempt to bypass security controls or authentication mechanisms
• Not run vulnerability scans or penetration tests without explicit written authorization
• Report suspected security vulnerabilities to security@joindrafted.com
• Immediately report any unauthorized access or suspicious activity

8. Software & Third-Party Applications

All personnel must:

• Only use authorized or approved software and applications
• Not download or install unauthorized software or browser extensions
• Not use pirated, cracked, or illegally obtained software
• Keep all authorized software updated with security patches
• Not circumvent software licensing restrictions
• Comply with all software license agreements and terms of service

9. Remote Work & VPN Usage

When working remotely or accessing systems via VPN:

• Use only secure, encrypted home Wi-Fi networks (WPA2/WPA3)
• Avoid public Wi-Fi for sensitive work
• Enable VPN when required by policy
• Maintain device security and encryption as outlined above
• Prevent unauthorized physical access to devices (lock screens, secure workspaces)
• Report any suspected compromise or security incidents immediately

10. Monitoring & Enforcement

Monitoring: Drafted may monitor system access, network activity, email, and device usage to detect violations of this policy and protect against security threats. Users should have no expectation of privacy in their use of Drafted systems.

Enforcement: Violations of this Acceptable Use Policy may result in disciplinary action, including suspension or termination of employment/contractor status, and may be subject to civil or criminal liability.

11. Reporting & Support