Acceptable Use Policy (AUP)

Last updated: [DATE]. Effective: [DATE].

Template draft — final review required. This document has been drafted to be comprehensive but has not yet been reviewed by an attorney licensed in your jurisdiction. Before going live, replace every [BRACKETED] placeholder with the corresponding real value (legal entity name, state, address, support email, governing-law venue, etc.) and have an attorney confirm it covers the laws applicable to your business and your customers' locations.

This Acceptable Use Policy describes activities that are prohibited on the MyTradeCrate Service. It is part of, and incorporated by reference into, the MyTradeCrate Terms of Service. Violations may result in warnings, feature suspension, full Account suspension, termination without refund, and referral to law enforcement, depending on the nature and severity of the conduct. MyTradeCrate reserves the right to determine, in its sole reasonable judgment, whether conduct violates this AUP.

1. Unlawful or Harmful Conduct

Use the Service in violation of any applicable federal, state, local, or international law, regulation, or industry standard.
Violate the privacy, publicity, intellectual-property, or other rights of any person or entity, including by unauthorized collection, use, or disclosure of personal information.
Engage in fraud, money laundering, tax evasion, sanctions evasion, or any deceptive trade practice.
Process payments for prohibited categories under Stripe's Restricted Businesses list (including but not limited to firearms and ammunition, controlled substances, adult content, gambling, get-rich-quick schemes, multi-level marketing, escort services, or any business prohibited by your acquirer or card-network rules).
Operate without legally required licenses, bonding, insurance, or registrations applicable to your trade.

2. Unsolicited Communications (SMS, MMS, Voice, Email)

Send any commercial communication without documented, recipient-level express written consent obtained in compliance with the TCPA, CAN-SPAM, 10DLC carrier rules, applicable "mini-TCPA" statutes (including FL, OK, WA), and the laws of the recipient's location.
Send messages outside permitted hours (generally 8:00 AM – 9:00 PM in the recipient's local time, more restrictive in certain states).
Use purchased, scraped, rented, or appended contact lists.
Fail to honor opt-out or unsubscribe requests within ten (10) business days (immediately for STOP keywords on SMS, as required by carriers).
Conceal or falsify sender identity, header information, or routing details.
Send phishing, smishing, account-takeover, or social-engineering messages.
Send political robocalls or political SMS without complying with state robocall and consent laws.
Use the Service to send messages of a sexually explicit nature, threats, harassment, or messages targeting minors.

3. System Abuse

Reverse engineer, decompile, disassemble, or attempt to extract source code or models from the Service.
Bypass, disable, or attempt to circumvent any authentication, rate limit, quota, security control, or technical protection.
Conduct security testing, vulnerability scanning, or penetration testing without MyTradeCrate's prior written authorization.
Upload, host, or transmit any virus, worm, ransomware, Trojan horse, keylogger, time bomb, or other malicious code.
Use any robot, spider, scraper, or other automated means to access the Service beyond your own Account's data, except through documented APIs and within published rate limits.
Take any action that imposes an unreasonable or disproportionately large load on our infrastructure.
Resell, white-label, sublicense, or commercially exploit the Service without a separate written reseller agreement.
Probe or test the vulnerability of any system or network connected to the Service, or breach any security or authentication measure.

4. Content Abuse

Upload, store, or transmit content that is defamatory, libelous, obscene, hateful, threatening, harassing, or otherwise unlawful.
Upload child sexual abuse material (CSAM), images depicting minors in compromising contexts, or content that exploits or endangers minors.
Upload content that infringes or misappropriates the intellectual-property rights of any third party (copyright, trademark, patent, trade secret).
Generate, store, or distribute deepfakes, voice clones, or impersonation content used to deceive.
Use the Service to store or share information stolen from a third party.

5. Misuse of Integrations

Use the Stripe integration to process payments for businesses other than the trade business associated with your Account, or to evade Stripe's prohibited-business categories.
Use Google Drive or QuickBooks integrations to mirror or distribute prohibited content.
Modify SMS templates to mimic financial institutions, government agencies, or other legitimate organizations for the purpose of fraud or phishing.
Misrepresent the connection between MyTradeCrate and any third-party service.

6. Account Abuse

Create multiple Accounts to circumvent free-trial limits, opt-out lists, suspensions, or bans.
Provide false, misleading, or stolen information during signup or billing.
Share login credentials, API keys, or seats with unauthorized parties or post them publicly.
Allow more individuals than your paid seat count to access the Service simultaneously.
Use a competitor's identity, or register as a competitor, for the purpose of benchmarking, scraping, or reverse engineering.
Use the customer portal or public booking widget to send messages or extract data outside the scope of legitimate jobs.

7. Compliance Responsibilities

You are the sender of every message you send through the Service. You are solely responsible for collecting and documenting consent, honoring opt-outs, providing required disclosures, maintaining all records of consent and message activity, and otherwise complying with the TCPA, CAN-SPAM, FCC and FTC rules, 10DLC carrier requirements, state consumer-protection laws, and any non-U.S. law that applies based on where your recipients are located. MyTradeCrate is a passive conduit and does not pre-screen your message content.

8. Enforcement

At our reasonable discretion, we may take one or more of the following actions in response to a suspected violation:

Issue a warning by email or in-app notice.
Suspend specific features (e.g., SMS sending, Stripe payouts, API access) pending investigation.
Suspend the entire Account with read-only access preserved for data export.
Terminate the Account immediately for severe, repeat, or willful violations.
Refuse to provide further service to you or any affiliated party in the future.
Report illegal conduct to law enforcement and cooperate with lawful investigations.
Withhold or recover any commissions, credits, referral fees, or refunds otherwise payable.

For violations that present imminent risk of harm (e.g., active fraud, ongoing TCPA violations, exposure of personal data, denial of service), suspension may be immediate and without notice.

9. Reporting Violations

To report abuse, email [SUPPORT EMAIL] with subject "Abuse report" and include:

The Account, organization, or URL involved.
A clear description of the suspected violation.
Any supporting evidence (screenshots, message copies, timestamps).
Your contact information if you would like a response.

10. Appeals

If you believe your Account was suspended or terminated in error, email [SUPPORT EMAIL] within thirty (30) days of the action. We will review your appeal and respond within five (5) business days. Appeals are decided in our reasonable judgment; we have no obligation to reinstate any Account.