Acceptable Use Policy (Universal)

ACCEPTABLE USE POLICY

Effective Date: [__/__/____]
Last Updated: [__/__/____]
Company: [________________________________] ("Provider" or "Company")
Website/Service: [________________________________] (the "Service")

TABLE OF CONTENTS

1. Definitions
2. Scope and Applicability
3. Permitted Use
4. Prohibited Conduct
5. Content Standards
6. AI and Automated Systems Usage Restrictions
7. Data Protection and Privacy Compliance
8. Network and System Security
9. Email and Communication Standards
10. Monitoring and Enforcement
11. Violation Consequences
12. Reporting Violations
13. Amendments and Updates
14. Acknowledgment and Acceptance
    Exhibit A — Prohibited Content Examples
    Exhibit B — Violation Reporting Form

1. DEFINITIONS

1.1 "Authorized User" means any individual or entity granted access to the Service under a valid agreement with Provider, including Customer's employees, contractors, agents, and authorized end users.

1.2 "Content" means any data, text, images, audio, video, software, code, or other materials uploaded, transmitted, stored, displayed, or otherwise made available through the Service by an Authorized User.

1.3 "Customer" means the entity that has entered into an agreement with Provider for access to the Service and is responsible for the conduct of its Authorized Users.

1.4 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, adware, rootkits, keyloggers, or any other code designed to disrupt, damage, or gain unauthorized access to computer systems.

1.5 "Personal Data" means any information relating to an identified or identifiable natural person, as defined by applicable federal and state privacy laws.

1.6 "Prohibited Content" means any Content that violates this AUP, applicable law, or the rights of any third party, as further described in Section 5 and Exhibit A.

1.7 "Service" means the software-as-a-service platform, applications, APIs, websites, and related services provided by Provider under the applicable agreement.

1.8 "Spam" means unsolicited bulk electronic messages, including email, SMS, instant messages, or social media communications, sent without the recipient's prior express consent in violation of applicable law.

2. SCOPE AND APPLICABILITY

2.1 Applicability. This Acceptable Use Policy ("AUP") applies to all Authorized Users of the Service, including Customer's employees, contractors, agents, and end users under Customer's direction or control.

2.2 Customer Responsibility. Customer is responsible for ensuring that all Authorized Users comply with this AUP. Customer shall communicate this AUP to all Authorized Users and shall be liable for any violations by its Authorized Users.

2.3 Age Restrictions. The Service is not intended for use by individuals under the age of [____] (default: 18) without verifiable parental or guardian consent where legally required. If the Service is likely to be accessed by children under 13, Customer shall ensure compliance with the Children's Online Privacy Protection Act (15 U.S.C. § 6501 et seq.) and any applicable state supplemental protections.

2.4 Supplemental Policies. This AUP is supplemented by Provider's Privacy Policy, Terms of Service, and any applicable Data Processing Agreement. In the event of a conflict, the terms of the underlying service agreement shall control unless this AUP imposes a more restrictive standard for user conduct.

2.5 International Use. Authorized Users accessing the Service from outside the United States must comply with all applicable local, national, and international laws in addition to this AUP.

3. PERMITTED USE

3.1 Authorized Purposes. Authorized Users may use the Service only for lawful business purposes as contemplated by the applicable agreement. Permitted uses include:

• (a) Accessing and using the Service's features and functionality within the scope of the applicable subscription or license;
• (b) Storing, processing, and transmitting Content in accordance with the Service's documentation;
• (c) Integrating with the Service via documented APIs within published rate limits; and
• (d) Using the Service to serve authorized end users within the scope of the applicable agreement.

3.2 Compliance. All use of the Service must comply with applicable federal, state, and local laws, this AUP, and the terms of the applicable agreement.

3.3 Capacity Limits. Use of the Service shall not exceed the capacity, usage limits, or fair use parameters specified in the applicable agreement or documentation.

4. PROHIBITED CONDUCT

4.1 Illegal Activities. Authorized Users shall not use the Service to:

• (a) Violate any applicable federal, state, or local law or regulation;
• (b) Engage in fraud, identity theft, phishing, or social engineering;
• (c) Facilitate money laundering, terrorist financing, or other financial crimes;
• (d) Distribute or traffic in illegal drugs, controlled substances, or prohibited weapons;
• (e) Engage in human trafficking, exploitation, or any form of modern slavery;
• (f) Infringe upon any patent, trademark, copyright, trade secret, or other intellectual property right; or
• (g) Violate the Computer Fraud and Abuse Act (18 U.S.C. § 1030) or any applicable state computer fraud statute.

4.2 Security Violations. Authorized Users shall not:

• (a) Gain or attempt to gain unauthorized access to any system, network, account, or data;
• (b) Probe, scan, or test the vulnerability of any system or network without express written authorization;
• (c) Interfere with, disrupt, or attempt to disrupt the Service, servers, or networks connected to the Service;
• (d) Launch or facilitate denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks;
• (e) Introduce Malicious Code into the Service or any connected system;
• (f) Intercept, monitor, or alter communications not intended for the Authorized User;
• (g) Forge headers, manipulate identifiers, or otherwise disguise the origin of any communication; or
• (h) Bypass, circumvent, or disable any security feature, authentication mechanism, or access control of the Service.

4.3 Abuse and Misuse. Authorized Users shall not:

• (a) Resell, sublicense, or provide the Service to unauthorized third parties;
• (b) Use the Service to develop or improve products or services that compete with the Service;
• (c) Publish benchmarks or performance comparisons of the Service without Provider's prior written consent;
• (d) Engage in cryptomining, cryptocurrency generation, or similar resource-intensive activities;
• (e) Deliberately consume excessive bandwidth, storage, or computing resources to impair the Service or evade metering;
• (f) Scrape, crawl, or data mine the Service outside documented APIs and rate limits;
• (g) Use automated means to create accounts, submit requests, or bypass usage limitations; or
• (h) Misrepresent identity, affiliation, or authorization level when accessing the Service.

4.4 Harassment and Harmful Conduct. Authorized Users shall not use the Service to:

• (a) Harass, threaten, intimidate, stalk, or bully any individual;
• (b) Disseminate hate speech targeting individuals or groups based on race, ethnicity, national origin, religion, gender, sexual orientation, disability, or other protected characteristics;
• (c) Publish or distribute non-consensual intimate images ("revenge porn") or deepfake pornographic content;
• (d) Dox any individual by publishing private personal information without consent;
• (e) Make false emergency reports (e.g., "swatting"); or
• (f) Engage in cyberbullying or coordinated online harassment campaigns.

5. CONTENT STANDARDS

5.1 Prohibited Content. The following types of Content are strictly prohibited:

• (a) Content that is unlawful, fraudulent, or deceptive;
• (b) Content that infringes intellectual property rights of any third party;
• (c) Child sexual abuse material (CSAM) or any content depicting the exploitation of minors;
• (d) Non-consensual intimate images, including AI-generated or digitally altered depictions;
• (e) Content promoting terrorism, extremist violence, or incitement to imminent lawless action;
• (f) Malicious Code or instructions for creating Malicious Code;
• (g) Stolen credentials, personal data, or financial information;
• (h) Spam, phishing payloads, or social engineering materials;
• (i) Content that violates privacy or publicity rights;
• (j) Defamatory content published with actual malice or reckless disregard for truth; and
• (k) Content that violates applicable export control or sanctions laws.

5.2 Intellectual Property Compliance. Authorized Users represent that they have the right to upload, transmit, or distribute all Content through the Service. Content must not infringe upon any third-party patent, trademark, copyright, trade secret, or other proprietary right.

5.3 DMCA Compliance. Provider maintains a DMCA designated agent for receiving copyright infringement notices under 17 U.S.C. § 512. Provider's DMCA policy and agent contact information are available at [________________________________].

• (a) Takedown Procedure: Upon receipt of a valid DMCA takedown notice, Provider shall expeditiously remove or disable access to the allegedly infringing Content.
• (b) Counter-Notification: An Authorized User whose Content has been removed may submit a counter-notification pursuant to 17 U.S.C. § 512(g).
• (c) Repeat Infringers: Provider shall terminate the accounts of Authorized Users who are repeat copyright infringers.

5.4 User-Generated Content. Customer is solely responsible for all Content uploaded or transmitted by its Authorized Users. Provider does not endorse, verify, or assume liability for user-generated Content.

6. AI AND AUTOMATED SYSTEMS USAGE RESTRICTIONS

6.1 Prohibited AI Uses. Authorized Users shall not:

• (a) Use Service outputs or derivatives to train, fine-tune, distill, or improve machine learning models that compete with Provider's offerings without express written permission;
• (b) Make fully automated decisions that produce legal effects or similarly significant effects on individuals (including decisions regarding credit, employment, housing, insurance, education, immigration, or criminal justice) without appropriate human review and oversight;
• (c) Generate deepfake content, synthetic media, or AI-manipulated materials intended to deceive, defraud, or harm individuals;
• (d) Use AI-generated Content to impersonate real individuals without their consent;
• (e) Hold out AI-generated outputs as licensed professional advice (legal, medical, financial, or accounting) without appropriate disclaimers and professional supervision; or
• (f) Use the Service to circumvent content moderation, safety filters, or other protective mechanisms of any platform.

6.2 Disclosure and Transparency. Where Authorized Users interact with AI-generated Content through the Service, Customer shall:

• (a) Disclose that Content is AI-generated where required by applicable law or where the absence of disclosure would be misleading; and
• (b) Independently verify AI-generated outputs before reliance, particularly for consequential business, legal, or medical decisions.

6.3 Compliance with AI Regulations. Authorized Users shall comply with all applicable federal and state laws governing artificial intelligence, automated decision-making, and synthetic media, as may be enacted or amended from time to time.

7. DATA PROTECTION AND PRIVACY COMPLIANCE

7.1 General Obligations. Authorized Users shall:

• (a) Comply with all applicable federal and state data privacy and data protection laws;
• (b) Not upload, store, or transmit Personal Data through the Service except as authorized by the applicable agreement and privacy documentation;
• (c) Implement appropriate technical and organizational measures to protect Personal Data within their control; and
• (d) Promptly notify Provider of any actual or suspected data breach involving Personal Data stored in or transmitted through the Service.

7.2 Federal Privacy Compliance.

• (a) COPPA: If the Service is directed to or knowingly collects Personal Data from children under 13, Customer shall obtain verifiable parental consent as required by 15 U.S.C. § 6502.
• (b) HIPAA: If Customer is a covered entity or business associate, use of the Service for protected health information requires a Business Associate Agreement.
• (c) GLBA: Financial institutions shall comply with the Gramm-Leach-Bliley Act safeguards when using the Service.
• (d) FERPA: Educational institutions shall comply with the Family Educational Rights and Privacy Act.

7.3 State Privacy Laws. Authorized Users must comply with all applicable state privacy laws. Where state-specific AUP versions are available (California, Florida, New York, Texas), they shall govern for activities involving residents of those states.

7.4 Cross-Border Data Transfers. Personal Data shall not be transferred outside the United States except in compliance with applicable privacy laws and the terms of the applicable Data Processing Agreement.

8. NETWORK AND SYSTEM SECURITY

8.1 Security Requirements. Authorized Users shall:

• (a) Maintain the confidentiality of account credentials and access tokens;
• (b) Use unique, strong passwords and implement multi-factor authentication (MFA) where available;
• (c) Notify Provider immediately upon discovery or suspicion of compromised credentials;
• (d) Not share account access beyond licensed use;
• (e) Keep all client-side software, operating systems, and browsers current with security updates;
• (f) Comply with Provider's published security policies and API rate limits; and
• (g) Not introduce any code, program, or mechanism designed to disrupt or monitor the Service.

8.2 Vulnerability Testing. Authorized Users shall not conduct vulnerability scans, penetration tests, or security assessments against the Service without Provider's prior written authorization. Authorized testing must comply with Provider's responsible disclosure policy.

8.3 Reverse Engineering. Authorized Users shall not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Service, except to the extent expressly permitted by applicable law (including 17 U.S.C. § 1201(f) for interoperability purposes).

9. EMAIL AND COMMUNICATION STANDARDS

9.1 CAN-SPAM Compliance. Authorized Users using the Service to send commercial electronic messages shall comply with the CAN-SPAM Act (15 U.S.C. § 7701 et seq.), including:

• (a) Not using false or misleading header information;
• (b) Not using deceptive subject lines;
• (c) Identifying messages as advertisements where required;
• (d) Including a valid physical postal address;
• (e) Providing a clear and conspicuous opt-out mechanism;
• (f) Honoring opt-out requests within 10 business days; and
• (g) Not assisting others in violating these requirements.

9.2 TCPA Compliance. Authorized Users shall comply with the Telephone Consumer Protection Act (47 U.S.C. § 227), including:

• (a) Obtaining prior express written consent before sending automated text messages or making automated calls;
• (b) Maintaining internal do-not-call lists;
• (c) Honoring the National Do Not Call Registry; and
• (d) Including identification and opt-out instructions in all automated communications.

9.3 Anti-Spam. Authorized Users shall not use the Service to send Spam as defined in Section 1.8. This includes unsolicited bulk email, SMS messages, instant messages, social media direct messages, or any form of automated unsolicited commercial communication.

9.4 Messaging Rate Limits. Authorized Users shall comply with all messaging rate limits and fair use policies published by Provider and shall not attempt to circumvent such limits.

10. MONITORING AND ENFORCEMENT

10.1 Right to Monitor. Provider reserves the right to monitor use of the Service to the extent permitted by applicable law to ensure compliance with this AUP. Monitoring may include automated scanning for Malicious Code, prohibited Content patterns, and usage anomalies.

10.2 No Obligation to Monitor. Provider is not obligated to monitor all Content or activity and does not endorse or assume liability for Content transmitted through the Service.

10.3 Investigation. Provider may investigate suspected AUP violations and may cooperate with law enforcement authorities in the investigation and prosecution of illegal activity.

10.4 Content Removal. Provider may remove or disable access to Content that violates this AUP, applicable law, or the rights of third parties, with or without prior notice.

10.5 Preservation Requests. Provider may preserve Content and account information in response to valid legal process, including subpoenas, court orders, and law enforcement requests.

11. VIOLATION CONSEQUENCES

11.1 Graduated Enforcement. Provider may, in its sole discretion, take one or more of the following actions in response to AUP violations:

11.2 Immediate Suspension. Provider may immediately suspend access without prior notice in cases of:

• (a) Activity posing an imminent threat to the security, integrity, or availability of the Service;
• (b) Activity that may expose Provider to legal liability;
• (c) Criminal conduct or law enforcement request; or
• (d) CSAM, terrorism, or imminent threat of physical harm.

11.3 Customer Liability. Customer remains responsible for all fees during suspension caused by its violations or those of its Authorized Users. Termination for AUP violation does not relieve Customer of payment obligations under the applicable agreement.

11.4 Provider's Rights Cumulative. Provider's rights under this Section 11 are cumulative and in addition to any other rights available under the applicable agreement or at law.

12. REPORTING VIOLATIONS

12.1 How to Report. Suspected AUP violations should be reported to:

• Email: [________________________________]
• Online Form: [________________________________]
• Telephone: [________________________________]

12.2 Report Contents. Reports should include:

• (a) Reporter's name and contact information (may be submitted anonymously);
• (b) Description of the suspected violation;
• (c) Date, time, and duration of the activity (if known);
• (d) Usernames, IP addresses, or other identifying information (if known);
• (e) Screenshots, logs, or other evidence (if available); and
• (f) Any action already taken by the reporter.

12.3 DMCA Reports. Copyright infringement reports should be directed to Provider's designated DMCA agent at [________________________________] and must comply with 17 U.S.C. § 512(c)(3).

12.4 Good Faith. Reports should be made in good faith. Knowingly filing false reports may result in liability and disciplinary action.

12.5 No Retaliation. Provider shall not retaliate against any individual who makes a good-faith report of an AUP violation.

12.6 Response Timeline. Provider shall acknowledge receipt of violation reports within [____] Business Days and provide an initial assessment within [____] Business Days.

13. AMENDMENTS AND UPDATES

13.1 Right to Amend. Provider reserves the right to modify this AUP at any time to address evolving security threats, legal requirements, or operational needs.

13.2 Notice of Changes. Provider shall provide not less than [____] days' written notice of material changes to this AUP via email to Customer's designated contact or through the Service's administrative console.

13.3 Effective Date. Non-material changes (clarifications, formatting, and typographical corrections) take effect upon posting. Material changes take effect [____] days after notice unless Customer objects in writing within that period.

13.4 Continued Use. Continued use of the Service after the effective date of an AUP amendment constitutes acceptance of the revised AUP.

14. ACKNOWLEDGMENT AND ACCEPTANCE

By accessing or using the Service, Customer and its Authorized Users acknowledge that they have read, understood, and agree to comply with this Acceptable Use Policy.

Customer Acknowledgment:

Organization: [________________________________]
Authorized Representative: [________________________________]
Title: [________________________________]
Signature: [________________________________]
Date: [__/__/____]

☐ I confirm that I have read and understood this Acceptable Use Policy.
☐ I agree to communicate this AUP to all Authorized Users within my organization.
☐ I accept responsibility for ensuring compliance by all Authorized Users.

Contact Information for AUP Matters:

Provider AUP Contact: [________________________________]
Email: [________________________________]
Phone: [________________________________]

EXHIBIT A — PROHIBITED CONTENT EXAMPLES

The following are non-exhaustive examples of Prohibited Content. This list is illustrative and does not limit the scope of Section 5.

EXHIBIT B — VIOLATION REPORTING FORM

Report Date: [__/__/____]

Reporter Information:

☐ I wish to report anonymously

Name: [________________________________]
Email: [________________________________]
Phone: [________________________________]
Organization: [________________________________]

Violation Details:

Type of violation (check all that apply):
☐ Illegal activity
☐ Security violation
☐ Prohibited content
☐ Spam or unsolicited communications
☐ Harassment or bullying
☐ Intellectual property infringement (DMCA)
☐ Privacy violation
☐ AI / deepfake misuse
☐ Other: [________________________________]

Description of violation:
[________________________________]
[________________________________]
[________________________________]

Date and time of violation: [__/__/____] at [____]

Duration (if ongoing): [________________________________]

User/account involved (if known): [________________________________]

URLs or links (if applicable): [________________________________]

Evidence Attached:
☐ Screenshots
☐ Log files
☐ Email headers
☐ Other: [________________________________]

Severity Assessment:
☐ Low — Minor policy violation
☐ Medium — Moderate violation requiring investigation
☐ High — Severe violation requiring immediate action
☐ Critical — Imminent threat to safety or criminal activity

Previous Reports:
☐ This is the first report regarding this issue
☐ Previous report submitted on [__/__/____], reference number [________________________________]

Declaration:
☐ I certify that this report is made in good faith and that the information provided is accurate to the best of my knowledge.

Signature: [________________________________]
Date: [__/__/____]

This Acceptable Use Policy template is provided for informational purposes only and does not constitute legal advice. Have this document reviewed by qualified legal counsel before use.