Usage Policy for Toloka
All uses of Toloka must comply with this Usage Policy (or “Acceptable Use Policy” or “Policy”). We maintain strict oversight of how our products are used to ensure compliance with our guidelines and security policies. Our first priority is to ensure the responsible and ethical use of AI technology while protecting the wellbeing of all involved in the development of AI.
Please review the following Policy before using Toloka. This Policy may be updated from time to time and the continued use of Toloka constitutes acceptance of any updates. The rules described in this Policy also apply to any products developed, trained and/or improved with the usage of Toloka.
Prohibited Uses of Toloka
Users of Toloka are required to fully comply with all applicable local, national, and international laws and regulations in connection with their use of the service. Failure to comply with all applicable laws may result in immediate termination of service access.
Usage of Toloka for developing or training systems that perform real-time or post-event facial recognition in public spaces, or biometric categorization or inference of sensitive attributes (including but not limited to race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation), or emotion recognition in workplaces, schools, or law enforcement activities as restricted by the EU AI Act and other applicable laws is prohibited. This includes using Toloka to process, analyze, or generate data for such purposes.
Usage of Toloka aimed at insulting or discriminating against any group of people is prohibited.
You can’t use Toloka to generate or spread deepfakes, disinformation, or manipulated content to deceive the public, for automated content moderation that censors lawful speech or enforces biased decisions, or mass-scale personalized manipulation, including micro-targeting for political influence.
Usage of Toloka for purposes aimed at sexualizing children or creation of child sexual abuse material (child pornography) is prohibited.
You can’t use Toloka for purposes of development, training, or improving tools involving prohibited AI practices under the EU AI Act and other applicable laws, such as:
Subliminal, purposefully manipulative or deceptive techniques
Exploiting vulnerabilities (age, disability, social/economic status)
Social scoring leading to detrimental or unfavorable treatment
Criminal risk assessments / predictions based on profiling
Building facial recognition databases from Internet / CCTV data
Emotion inference in the workplace or educational institutions
Biometric categorization based on sensitive characteristics
Real-time biometric identification in public by law enforcement
Usage of Toloka to develop or deploy tools specifically targeting or accessible to minors as defined by applicable laws is prohibited.
You can’t use Toloka in ways that could harm the Toloka platform, the Toloka and Mindrift platforms, or any third party, namely:
Cause harm to our AI systems, platform infrastructure, other users, or the broader internet ecosystem through actions such as prompt injection attacks, denial of service attempts, engaging spyware, unauthorized communications surveillance, unauthorized monitoring of individuals, or other forms of system manipulation.
Encourage downloading or installing software, including malware, on personal devices.
You can’t use Toloka for developing or training systems that are aimed at predictive crime detection that assigns risk scores to individuals or communities, automated decision-making in criminal investigations without human oversight, or mass surveillance or tracking individuals without legal authorization.
You can’t use Toloka to harm yourself or others, including promoting suicide, self-harm, or other harmful activities. You can’t repurpose or distribute the output of Toloka to harm others – for example, to defraud, scam, spam, mislead, bully, harass, defame, discriminate based on protected attributes, generate graphic depictions or discussions of violence, humiliation of others, or other disturbing topics, or promote violence, hatred or the suffering of others. Toloka may be used in limited ways to generate content otherwise prohibited by this paragraph if the sole purpose of such content generation is to improve the safety, responsibility, trustworthiness and ethicality of AI systems in accordance with industry standards by employing red teaming, benchmarking or other comparable techniques.
You can’t use Toloka for deceptive recruitment and coercion, to automatically reject or rank job applicants without human intervention, to develop or train systems utilizing AI-based behavioral analysis to monitor employees without their consent and compliance with labor laws or AI-generated profiling in workplace decision-making that may lead to discrimination, or other attempts to circumvent labor classification and labor protection laws and regulations.
You can’t use Toloka for the purpose of money laundering, including scams with payments and bonuses. Do not use Toloka to automate creditworthiness assessments in ways that lack transparency or fairness, deny financial services (loans, insurance, mortgages) without human review, or create a customer risk assessment in a way that results in bias or exclusion.
You can’t use Toloka for diagnosis, treatment recommendations, or patient monitoring without medical supervision, genetic risk prediction that could impact insurance or employment decisions, or to assess mental health status without professional verification. You can’t rely solely on the output of Toloka in any healthcare-related decisions.
Usage of Toloka for academic dishonesty, including but not limited to plagiarism, cheating, falsifying research data, or completing academic assignments on behalf of others, is prohibited. Do not use Toloka to automatically evaluate students without clear, fair, and transparent criteria, to make life-altering decisions in public services (welfare benefits, asylum requests) without human review, or implement AI-based behavioral analysis on students or citizens without their consent.
You can't use Toloka to circumvent advertisement rules and regulations or involve any type of fraud related to advertising, reviews, clicks, or ratings.
Do not use Toloka in autonomous vehicles, drones, or robotics without rigorous safety validation, to control energy grids, water supplies, or transportation systems without proper risk assessment. Do not use Toloka for automated emergency response decision-making without human oversight.
The use of Toloka is strictly prohibited for any military or weapons-related purposes. This includes, but is not limited to, using Toloka to develop, improve, or operate:
Weapons systems or military equipment
Military software or control systems
Ammunition or explosives
Military vehicles or transport systems (ground, air, naval, or space)
Any other products or services intended for military applications
Correct Usage of Toloka for Purposes involving Personally Identifiable Information (PII)
Legal Basis for Processing PII
Before processing Personally Identifiable Information (PII) within Toloka, you must ensure compliance with all applicable data protection laws and regulations. As a customer, you are solely responsible for:
Determining and maintaining a valid legal basis for uploading, storing, or processing PII within Toloka.
Assessing, documenting, and maintaining compliance with privacy frameworks relevant to your jurisdiction (e.g., GDPR, CCPA, LGPD, PDPA).
Understanding acceptable legal bases, which are outlined in our Requestor’s Guide to Data Protection.
Data Minimization and Anonymization
To enhance data protection and reduce compliance risks, you should:
Anonymize or pseudonymize PII before uploading it to Toloka whenever feasible.
Ensure data accuracy and relevance, limiting processing to what is strictly necessary for the intended purpose.
Recognize your responsibility for uploaded data, even though Toloka implements industry-standard security and privacy controls.
Toloka does not validate, monitor, or assume responsibility for the lawfulness of PII uploaded by you.
Data Processing Agreements
To align with data protection regulations, the Data Processing Agreement (DPA) is an integral part of the Toloka Terms of Use and governs PII processing on the platform.
By using Toloka, you acknowledge and agree that:
The DPA defines the roles and responsibilities of both parties:
You act as the Data Controller or Data Processor (acting on behalf of the Data Controller) and Toloka acts as the Data Processor (or Sub-Processor, as applicable).
The DPA outlines technical, organizational, and contractual safeguards to ensure PII protection.
You must review, accept, and adhere to the DPA before processing any PII on Toloka.
Failure to comply with the DPA may impact your ability to process PII using Toloka.
