Last updated: 6 June 2026 · Version 2.0
Orova is an enterprise platform for compliant business communications. We do not permit cold calling, purchased-list dialing, or any campaign that violates the TCPA, the National DNC Registry, FDCPA, GDPR, or local equivalents. Every outbound program is audited before launch and we reserve the right to suspend any account that places a single non-compliant call.
This Acceptable Use Policy (the "AUP") applies to every customer, end user, and integration that touches the Orova platform, websites, APIs, or related services (collectively, the "Service"). By using the Service, you agree to follow this AUP in addition to the Orova Terms of Service. We will enforce this policy actively. We will pause, suspend, or terminate access without prior notice when the safety, legality, or reputation of the Service is at risk.
1. Who this applies to
This AUP applies to every account, end user, voice agent, integration, sub-account, and re-seller deployment that uses Orova. You are responsible for the acts and omissions of anyone you authorize to use the Service, including your employees, contractors, end users, and downstream customers, and you will ensure they comply with this AUP.
2. Compliant business communications only
Orova may only be used for legitimate, opt-in business communications, with traffic patterns and content that match what an enterprise compliance team would approve. Examples of permitted use include calling existing customers about products they bought, scheduled appointment reminders, support callbacks, internal notifications, and prospects who provided documented prior express written consent.
3. Strictly prohibited use
You may not use the Service to: cold call individuals; dial purchased, scraped, or rented contact lists; place calls to numbers on the US National Do Not Call Registry, state DNC lists, or our internal suppression lists; harass, threaten, or deceive any person; impersonate Orova, a real person, a government agency, or another business; engage in robocalling, spamming, smishing, vishing, lead-laundering, or pump-and-dump schemes; or violate the TCPA, FDCPA, GDPR, ePrivacy Directive, the UK PECR, the EU AI Act, or any equivalent local law.
4. Pre-launch audit for outbound programs
Every outbound program must pass an Orova pre-launch review before any production traffic is sent. The review covers your contact-list provenance, opt-in proof, suppression hygiene, calling hours, identification practices, scripts, and recording configuration. Going live without an audit is a material breach of this AUP, and a single non-compliant call may trigger immediate suspension.
5. AI disclosure
You are responsible for AI-disclosure compliance based on the regions you call. Several jurisdictions, including California (SB 1001), Utah (AI Disclosure Act), and the EU under the AI Act, require disclosure that the caller is an AI. Where required, your voice agent must clearly identify itself as an AI at the start of the call and on request. Orova provides configurable disclosure prompts and we strongly recommend enabling them by default.
6. Recording consent
Customers configure call recording at the platform level and can enable or disable it per deployment. You are solely responsible for collecting any consent required by two-party-consent jurisdictions (e.g., California, Florida, Illinois, Massachusetts, Pennsylvania, Washington, and applicable EU member states), for storing recordings securely, and for honoring data subject requests to access or delete recordings.
7. Prohibited industries and use cases
Orova does not serve, and you may not use the Service for, any of the following industries or use cases: adult entertainment, pornography, and sexually explicit services; cannabis, marijuana, CBD, and related products; gambling, betting, casinos, and games of chance; payday lending and other short-term high-interest lending products; multi-level marketing (MLM), pyramid schemes, and business opportunity schemes; unsolicited telemarketing, cold-calling campaigns, robocalling, and spam marketing; and any illegal, fraudulent, deceptive, or misleading products, services, or business practices.
8. Restricted industries (case-by-case approval)
The following industries are not banned outright but require explicit written approval from Orova before any production traffic is sent. Approval depends on regulatory licensing, AML and KYC programs, jurisdictional restrictions, and traffic patterns. Restricted categories include: cryptocurrency exchanges, crypto payment processors, token issuers, decentralized finance (DeFi) platforms, Web3 financial products, and digital asset investment services. Healthcare workflows that involve protected health information require a signed Business Associate Agreement (BAA). Financial collections require explicit FDCPA compliance attestation. Political and election-related campaigns are reviewed case by case.
9. Security and platform integrity
You will not probe, scan, or test the vulnerability of the Service without our prior written consent; bypass authentication, rate limits, or quotas; reverse engineer or attempt to extract the weights of any Orova proprietary model (Orovos, Graphos, Orolex, Vocos); use the Service to develop a competing product; or upload malware, exploits, or content that infringes third-party rights.
10. Enforcement
We monitor for AUP violations using a combination of automated signals and human review. We may, at our sole discretion and without prior notice: throttle traffic, freeze a campaign, disable an account, terminate the Order, report to telecom carriers, or notify law enforcement. We will not refund fees for usage that violates this AUP and you remain liable for damages arising from such use.
11. Reporting abuse
If you believe an Orova-powered call violated this policy or applicable law, contact abuse@orova.ai. Include the time, calling number, called number, and any recording or transcript you can share. We aim to acknowledge reports within one business day and will take action where the facts warrant it.
12. Changes to this AUP
We may update this AUP to reflect new laws, threats, or platform behavior. Material changes will be announced at least thirty (30) days before they take effect. The current version is always available at orova.ai/acceptable-use.
13. Contact
Compliance and trust questions: trust@orova.ai. Abuse reports: abuse@orova.ai. Privacy and EU/UK data subject requests: eu-privacy@orova.ai. Postal: Orova AI, Inc., 2261 Market Street, San Francisco, CA 94114, United States.