Acceptable Use Policy
Last updated: March 1, 2026
This policy governs how partners, their systems, and their AI agents interact with MIR's participation history infrastructure. It supplements the API Terms of Use and applies to all entities — human and autonomous — that submit, query, or consume MIR data.
Core Principle: MIR provides facts, not judgments. Participation history informs decisions — it does not make them. You are responsible for every action taken with MIR data, whether that action is performed by a human operator or an autonomous agent acting on your behalf.
1. Interpretation of Continuity Data
1.1 Continuity Is Not Trust
MIR participation history records that an entity was independently observed across systems. It does not certify trustworthiness, predict future behavior, or endorse the entity in any way.
- Do not treat event count as a trust score
- Do not auto-approve or auto-deny access based solely on MIR data
- Do not present MIR participation history as a "rating," "grade," or "reputation score" to end users
- Do not use MIR data as the sole factor in any consequential decision (credit, employment, housing, insurance, or access to essential services)
1.2 Your Policy Layer Is Required
Every system consuming MIR data must apply its own policy layer before acting on continuity information. MIR data is one input to your decision — never the decision itself.
- Define your own thresholds for what participation history means in your context
- Implement step-up verification for high-impact decisions regardless of MIR data
- Maintain the ability to override any MIR-informed decision with human judgment
- Document how your system interprets MIR data and make that documentation available to affected users on request
2. Event Submission Standards
2.1 Accuracy and Truthfulness
Every event submitted to MIR must represent a real, verified occurrence on your platform.
- Do not submit fabricated, inflated, or speculative events
- Do not submit events for actions that did not occur
- Do not submit duplicate events to inflate participation counts
- Do not backdate events to misrepresent when participation occurred
- Do not submit events on behalf of users who have not interacted with your platform
2.2 Actor Type Attestation
When submitting events, you may specify the actorType field to indicate whether the action was performed by a HUMAN, an AGENT, or is UNKNOWN.
- Attest actor type honestly — do not label agent-initiated actions as human
- If you cannot determine actor type, use
UNKNOWN(the default) - MIR records your attestation as-is — it does not validate actor type
- Consuming systems may use actor type to apply different governance policies; misrepresenting it undermines the integrity of the entire network
Misrepresenting actor type is a violation of this policy. Deliberately labeling autonomous agent activity as human-initiated undermines the trust infrastructure MIR exists to support and is grounds for suspension.
2.3 Timeliness
Events should be submitted within 30 days of occurrence. Events older than 30 days must use the occurredAt field and the BACKFILL batch type. MIR records when an event was submitted separately from when it occurred — both timestamps are visible to consuming systems.
3. AI Agent and Autonomous System Requirements
If your integration uses AI agents, autonomous systems, or automated pipelines to interact with MIR's API, additional requirements apply.
3.1 Agent Identification
- Register all AI agents through MIR's agent management API
- Each agent must have its own scoped API key — do not share credentials between agents or between agents and human operators
- Set
actorType: "AGENT"on all events submitted by autonomous systems
3.2 Context Safety
AI agents operating over long sessions are subject to context window compaction, which can silently discard safety instructions, rate limit awareness, and governance constraints. You are responsible for engineering around this.
- Pin all MIR-related constraints (interpretation rules, rate limits, data handling policies) in the agent's system prompt or persistent instruction layer — not in conversational context
- Re-inject governance constraints at regular intervals during long-running sessions
- Monitor agent behavior for drift — if an agent begins auto-approving based on event count alone, its constraints have been compacted out
- Implement server-side guardrails that cannot be bypassed by agent context drift
See Context Safety for detailed engineering guidance.
3.3 Agent Accountability
You are responsible for all actions taken by agents operating under your API credentials, including:
- Events submitted by agents on your behalf
- Queries made by agents against MIR's API
- Decisions made by agents based on MIR data
- Violations of this policy caused by agent context drift, misconfiguration, or emergent behavior
An agent's context compacting away a constraint does not relieve you of the obligation that constraint represents.
4. Data Handling
4.1 Retention
- Cache MIR API responses for no more than 24 hours
- Delete all cached MIR data upon partnership termination
- Do not persist raw API responses in application logs — extract only the fields needed for your policy decision
4.2 Sharing and Redistribution
- Do not sell, license, or redistribute MIR participation data
- Do not share raw MIR data with third parties, including parent companies, subsidiaries, or affiliates, without explicit written authorization
- Do not use MIR data to build competing participation history or reputation systems
- Do not aggregate MIR data across users to build behavioral profiles, cohort analyses, or targeting segments
4.3 Privacy
- Comply with all applicable privacy laws in your jurisdiction (GDPR, CCPA, etc.)
- Do not attempt to re-identify anonymized users through MIR data correlation
- Do not use MIR data to build shadow profiles of users who have not consented to your platform
- Respect user unlinking — when a user disconnects from your platform, stop querying MIR for their data
5. Rate Limits and System Integrity
- Do not circumvent, probe, or attempt to bypass rate limits
- Do not use multiple API keys to multiply your effective rate limit
- Do not scrape, crawl, or bulk-extract data from MIR's API or web interfaces
- Do not attempt to reverse-engineer MIR's internal signal aggregation, weighting, or tiering logic
- Do not submit synthetic or generated events for the purpose of testing MIR's detection systems
- Do not probe for vulnerabilities outside of an authorized, coordinated disclosure process
If you need higher rate limits, contact us. We accommodate legitimate high-volume use cases through enterprise tier agreements.
6. Network Integrity
MIR's value depends on the integrity of every participant. Each partner's data contributes to a shared infrastructure layer. Abuse by one partner degrades the system for all.
The trust is mutual. MIR trusts partners to submit accurate data. Partners trust MIR to remain neutral. Users trust the network to be honest. This policy exists to protect all three relationships.
- Do not collude with other partners to inflate or manipulate participation history
- Do not submit events designed to game tier progression for your users or yourself
- Do not use MIR data to discriminate against users based on which partners they participate with
- Do not weaponize claims — submitting false negative claims to damage a user's continuity record is a serious violation
7. Enforcement
7.1 Violation Response
MIR will respond to policy violations proportionally:
- Warning: First-time minor violations or ambiguous cases — we will notify you and request corrective action
- Rate reduction: Repeated minor violations or negligent data quality — temporary rate limit reduction while issues are resolved
- Suspension: Serious violations or failure to correct warned behavior — API access suspended pending review
- Termination: Deliberate abuse, data fabrication, actor type misrepresentation, or actions that compromise network integrity — permanent revocation of API access
7.2 Transparency
MIR will notify you of any enforcement action and provide a clear explanation of what triggered it. You may appeal any action by contacting partners@myinternetreputation.org.
7.3 Reporting Violations
If you observe another partner violating this policy — submitting false events, misrepresenting actor types, or misusing MIR data — report it to partners@myinternetreputation.org. Reports are confidential.
8. Related Documents
- API Terms of Use — contractual terms governing API access
- Privacy Policy — how MIR handles user and partner data
- Security — infrastructure and operational security practices
- Context Safety — engineering guidance for AI agents consuming MIR data
- The Rogue Agent Problem — position paper on autonomous agent trust failure modes
- Bill of Rights — user rights within the MIR network
- Constitution — MIR's governing principles
Questions about this policy? Contact partners@myinternetreputation.org