Acceptable Use Policy (AUP) - Alabama

ACCEPTABLE USE POLICY (ALABAMA)

Policy Effective Date: [__/__/____]

Policy Version: [________________________________]

Service Provider: [________________________________] ("Provider")

Service(s) Covered: [________________________________] (the "Services")

This Acceptable Use Policy ("AUP" or "Policy") governs the use of the Services provided by Provider. This AUP is incorporated by reference into the agreement between Provider and Customer governing the Services (the "Agreement"). Capitalized terms not defined herein have the meanings set forth in the Agreement. This AUP is governed by the laws of the State of Alabama.

By accessing or using the Services, Customer acknowledges that it has read, understood, and agrees to comply with this AUP. Provider reserves the right to update this AUP as described in Section 14.

TABLE OF CONTENTS

1. Scope and Applicability
2. Definitions
3. Account Registration and Security
4. Acceptable Use Standards
5. Prohibited Content
6. Prohibited Conduct
7. Network and Infrastructure Security Restrictions
8. AI and Automated Systems Restrictions
9. High-Risk and Regulated Activities
10. Intellectual Property and DMCA Compliance
11. Privacy, Data Protection, and Monitoring
12. Alabama Computer Crime Act Compliance
13. Export Controls, Sanctions, and Legal Compliance
14. Reporting Violations
15. Investigation, Enforcement, and Suspension
16. Appeal and Reinstatement
17. Changes to This AUP
18. Governing Law and Dispute Resolution
19. Limitation of Liability for AUP Enforcement
20. Contact Information

1. SCOPE AND APPLICABILITY

1.1 Covered Users. This AUP applies to all users of the Services, including:

(a) Customer and its employees, officers, directors, and board members;
(b) Customer's independent contractors, consultants, and temporary workers;
(c) Customer's agents and authorized representatives;
(d) End users accessing the Services through Customer's account or under Customer's control; and
(e) Any person or entity to whom Customer grants access to the Services.

1.2 Customer Responsibility. Customer is responsible for ensuring that all users accessing the Services through Customer's account comply with this AUP. Customer shall communicate the terms of this AUP to all such users and shall be liable for any violations by its users.

1.3 Relationship to Agreement. This AUP supplements the Agreement. In the event of any conflict between this AUP and the Agreement, the Agreement shall control unless this AUP imposes a more restrictive standard, in which case this AUP shall control with respect to Service usage.

1.4 Age Restrictions. The Services are not intended for use by individuals under the age of [____] without verifiable parental or guardian consent as required by the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501-6506, and applicable Alabama law. Customer shall not permit use of the Services by minors in violation of this Section.

1.5 Alabama-Specific Application. This AUP is drafted under and shall be interpreted in accordance with Alabama law. Where federal and Alabama law impose overlapping or differing standards, the more restrictive standard shall apply.

2. DEFINITIONS

2.1 "Authorized Use" means use of the Services in compliance with this AUP, the Agreement, applicable documentation, and all applicable laws.

2.2 "Content" means any data, information, text, images, video, audio, software, code, or other material uploaded, transmitted, stored, displayed, or processed through the Services by Customer or its users.

2.3 "DMCA Agent" means the designated agent identified in Section 10 to receive notifications of claimed copyright infringement pursuant to 17 U.S.C. § 512(c)(2).

2.4 "Prohibited Content" means Content that violates Section 5 of this AUP.

2.5 "Prohibited Conduct" means actions or omissions that violate Section 6 of this AUP.

2.6 "Security Incident" means any unauthorized access to, use of, disclosure of, or disruption to the Services, Customer's account, or data processed through the Services.

3. ACCOUNT REGISTRATION AND SECURITY

3.1 Account Accuracy. Customer shall provide accurate, current, and complete information during account registration and shall update such information promptly upon any change.

3.2 Credential Security. Customer shall:

(a) Keep all usernames, passwords, API keys, access tokens, and other credentials confidential;

(b) Not share credentials beyond the scope of licensed use;

(c) Implement multi-factor authentication (MFA) where made available by Provider;

(d) Use strong, unique passwords that meet or exceed industry best practices (minimum [____] characters, including uppercase, lowercase, numeric, and special characters);

(e) Rotate credentials at intervals consistent with Customer's security policy, but not less frequently than every [____] days; and

(f) Not use shared or generic accounts for administrative access.

3.3 Compromise Notification. Customer shall notify Provider promptly (and in no event later than [____] hours) of any known or suspected compromise of credentials or unauthorized access to Customer's account. Notification shall be sent to: [________________________________].

3.4 Unauthorized Access Liability. Customer is responsible for all activity occurring under its account, whether authorized or not, until Provider receives written notice of a compromise and has had a reasonable opportunity to respond.

4. ACCEPTABLE USE STANDARDS

4.1 General Standard. Customer shall use the Services only for lawful business purposes in accordance with the Agreement, applicable documentation, and all applicable laws, including but not limited to:

(a) Federal laws, including the Computer Fraud and Abuse Act (18 U.S.C. § 1030), ECPA (18 U.S.C. §§ 2510-2522), CAN-SPAM Act (15 U.S.C. §§ 7701-7713), and COPPA (15 U.S.C. §§ 6501-6506);

(b) Alabama state laws, including the Alabama Computer Crime Act (Ala. Code §§ 13A-8-100 through 13A-8-103), the Alabama Digital Crime Act (Ala. Code §§ 13A-8-110 through 13A-8-112), the Alabama Deceptive Trade Practices Act (Ala. Code §§ 8-19-1 through 8-19-15), and the Alabama Data Breach Notification Act (Ala. Code §§ 8-38-1 through 8-38-12); and

(c) Local ordinances and regulations applicable to Customer's use of the Services.

4.2 Responsible Use. Customer shall use the Services in a manner that does not impair, disrupt, or interfere with the Services, Provider's network, or other customers' use of the Services.

4.3 Resource Consumption. Customer shall not consume computing, storage, bandwidth, or other resources in a manner that is excessive, disproportionate, or designed to evade metering or usage limits established by Provider.

5. PROHIBITED CONTENT

5.1 Customer shall not upload, transmit, store, display, distribute, or otherwise make available through the Services any Content that:

(a) Unlawful Material: Is unlawful under federal, Alabama, or other applicable law, or that promotes, facilitates, or instructs others in unlawful activity;

(b) Intellectual Property Infringement: Infringes, misappropriates, or violates any copyright, trademark, patent, trade secret, right of publicity, right of privacy, or other intellectual property or proprietary right of any third party, in violation of the Lanham Act (15 U.S.C. § 1125), Copyright Act (17 U.S.C. § 101 et seq.), or applicable state law;

(c) Malicious Software: Contains viruses, worms, Trojan horses, ransomware, spyware, adware, keyloggers, rootkits, or other malicious code designed to damage, disrupt, or gain unauthorized access to any computer system or data;

(d) Child Sexual Abuse Material (CSAM): Constitutes child sexual abuse material or exploitation of minors in any form, in violation of 18 U.S.C. §§ 2251-2260A, Ala. Code § 13A-12-191, and other applicable law;

(e) Hate Speech and Threats: Constitutes unlawful hate speech, incitement to violence, credible threats of harm, or harassment targeting any individual or group based on race, ethnicity, national origin, religion, sex, gender identity, sexual orientation, disability, or other protected characteristic;

(f) Doxxing: Publishes the private personal information of another individual (e.g., home address, phone number, Social Security number, financial information) without that individual's consent for the purpose of harassment, intimidation, or harm;

(g) Spam and Phishing: Constitutes unsolicited bulk or commercial messages (spam), phishing content designed to obtain credentials or personal information through deception, or pretexting schemes, in violation of the CAN-SPAM Act (15 U.S.C. §§ 7701-7713) or Alabama law;

(h) Fraudulent Content: Contains false or misleading information designed to deceive or defraud others, including counterfeit goods, pyramid schemes, or advance-fee fraud, in violation of the Alabama Deceptive Trade Practices Act (Ala. Code § 8-19-5);

(i) Privacy Violations: Violates the privacy rights of any individual, including unauthorized surveillance, interception of communications in violation of the ECPA (18 U.S.C. § 2511) or Alabama wiretapping laws (Ala. Code § 13A-11-30), or unauthorized collection of biometric data;

(j) Defamatory Content: Is libelous, slanderous, or otherwise defamatory under Alabama law (see Alabama common law defamation standards);

(k) False Emergency Reports: Contains false reports of emergencies, bomb threats, or other statements intended to cause public alarm or divert emergency resources; or

(l) Stolen Credentials: Contains stolen passwords, credit card numbers, Social Security numbers, financial account numbers, or other credentials obtained through unauthorized means.

5.2 Provider Discretion. Provider reserves the right to determine, in its reasonable discretion, whether Content violates this Section 5 and to remove or disable access to such Content in accordance with Section 15.

6. PROHIBITED CONDUCT

6.1 Customer shall not engage in any of the following conduct in connection with the Services:

(a) Unauthorized Access: Accessing, or attempting to access, any system, network, data, account, or resource without authorization or in excess of authorized access, in violation of the Computer Fraud and Abuse Act (18 U.S.C. § 1030) or the Alabama Computer Crime Act (Ala. Code § 13A-8-102);

(b) Vulnerability Scanning and Probing: Conducting unauthorized security scans, vulnerability assessments, penetration tests, or port scans against the Services or any third-party system accessed through the Services, unless expressly authorized in writing by Provider and the affected third party;

(c) Denial-of-Service Attacks: Launching, facilitating, or participating in denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against the Services, Provider's infrastructure, or any third-party system;

(d) Security Measure Circumvention: Circumventing, disabling, impairing, or otherwise interfering with any security feature, access control, authentication mechanism, encryption, or monitoring capability of the Services;

(e) Unauthorized Resale: Reselling, sublicensing, time-sharing, or otherwise providing access to the Services to third parties without Provider's prior written authorization;

(f) Identity Misrepresentation: Misrepresenting Customer's identity, affiliation, authority, or status, including impersonating another person or entity, using false header information, or spoofing IP addresses or email headers;

(g) Spam and Unsolicited Communications: Using the Services to send unsolicited bulk messages, including commercial email (spam), unsolicited text messages, or robocalls, in violation of the CAN-SPAM Act (15 U.S.C. § 7704), TCPA (47 U.S.C. § 227), or Alabama Telephone Solicitations Act (Ala. Code §§ 8-19C-1 through 8-19C-15);

(h) Scraping and Data Mining: Scraping, crawling, data mining, or automated extraction of data from the Services outside of documented APIs and in violation of Provider's rate limits, terms, or applicable law;

(i) Usage Limit Evasion: Creating multiple accounts, using proxies, or employing other techniques to bypass usage limits, rate limits, quotas, or fee structures;

(j) Competitive Use: Using the Services, or any data, outputs, or information obtained through the Services, to develop, improve, train, or benchmark competing products or services without Provider's prior written consent;

(k) Benchmarking Publication: Publishing performance benchmarks, comparisons, or evaluations of the Services without Provider's prior written consent;

(l) Cryptomining: Using the Services for cryptocurrency mining, blockchain validation, or similar computationally intensive activities not authorized in the Agreement;

(m) Interference: Intentionally interfering with, disrupting, or degrading the performance or availability of the Services for other customers;

(n) Computer Tampering (Alabama): Engaging in conduct constituting "computer tampering" under the Alabama Digital Crime Act (Ala. Code § 13A-8-112), including knowingly and without authorization accessing and altering, damaging, or destroying any computer, computer system, or computer network; or

(o) Offenses Against Intellectual Property (Alabama): Committing offenses against intellectual property under the Alabama Computer Crime Act (Ala. Code § 13A-8-102), including knowingly and without authorization destroying, inserting, or modifying any computer program, computer software, or data residing in or accessible through a computer, computer system, or computer network.

6.2 Scope of Employment Exception (Alabama). Consistent with Ala. Code § 13A-8-112, the prohibitions in Sections 6.1(n) and 6.1(o) do not apply to acts committed by a person within the scope of their lawful employment when such acts are reasonably necessary to the performance of their work assignment.

7. NETWORK AND INFRASTRUCTURE SECURITY RESTRICTIONS

7.1 Reverse Engineering. Customer shall not reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code, algorithms, data structures, or underlying technology of the Services, except to the extent expressly permitted by applicable law (including the Alabama UETA and the DMCA anti-circumvention exemptions at 17 U.S.C. § 1201).

7.2 Backdoors and Exploits. Customer shall not introduce, embed, or deploy any backdoor, exploit, logic bomb, time bomb, or other malicious mechanism into the Services or any system connected to the Services.

7.3 Network Integrity. Customer shall not:

(a) Attempt to probe, test, or breach the security of Provider's network infrastructure;

(b) Intercept, monitor, or sniff network traffic not intended for Customer's use;

(c) Forge TCP/IP packet headers or manipulate network protocols; or

(d) Engage in ARP spoofing, DNS poisoning, or other network-level attacks.

7.4 API and Rate Limit Compliance. Customer shall adhere to all documented API rate limits, request quotas, bandwidth limitations, and fair use guidelines published by Provider. Sustained or intentional violation of rate limits may result in throttling or suspension.

8. AI AND AUTOMATED SYSTEMS RESTRICTIONS

8.1 Model Training Prohibition. Customer shall not use Service outputs, data, or derivative works to train, fine-tune, distill, or otherwise improve machine learning models, AI systems, or large language models that compete with Provider's offerings, unless expressly authorized in writing.

8.2 Automated Decision-Making. Customer shall not use the Services for fully automated decisions that produce legal or similarly significant effects on individuals (including decisions regarding credit, employment, housing, insurance, immigration, criminal justice, or access to essential services) without:

(a) Implementing appropriate human review and oversight;

(b) Providing affected individuals with notice that automated processing is involved;

(c) Ensuring a mechanism for affected individuals to contest decisions and request human review; and

(d) Complying with all applicable federal and state laws governing automated decision-making.

8.3 Legal Practice Restrictions. Customer shall not use or hold out Service outputs as licensed legal advice without appropriate disclaimers and supervision consistent with the Alabama Rules of Professional Conduct (as adopted by the Alabama Supreme Court) and Alabama unauthorized practice of law restrictions (Ala. Code § 34-3-6). AI-generated legal content requires independent attorney review before reliance.

8.4 Medical and Professional Advice. Customer shall not use or present Service outputs as licensed medical, financial, engineering, or other professional advice without appropriate disclaimers, professional supervision, and compliance with applicable licensing and regulatory requirements.

8.5 Output Verification. Customer acknowledges that AI-generated outputs may contain errors, omissions, or inaccuracies. Customer shall independently verify all AI-generated outputs before reliance and assumes all risk associated with unverified reliance on such outputs.

9. HIGH-RISK AND REGULATED ACTIVITIES

9.1 Prohibited High-Risk Uses. Customer shall not use the Services for the following high-risk activities unless expressly agreed in a separate written addendum:

(a) Life-support systems or medical devices;
(b) Nuclear facilities, weapons systems, or military applications;
(c) Air traffic control or aviation safety systems;
(d) Critical infrastructure control systems (power grid, water treatment, transportation);
(e) Autonomous vehicle navigation or control systems;
(f) Real-time emergency response or dispatch systems; or
(g) Any other application where Service failure could reasonably be expected to result in death, personal injury, or severe environmental or property damage.

9.2 Regulated Industries. If Customer operates in a regulated industry (e.g., healthcare, financial services, government), Customer is solely responsible for ensuring that its use of the Services complies with all applicable regulatory requirements, including but not limited to HIPAA, GLBA, PCI DSS, FISMA, FedRAMP, ITAR, and applicable Alabama regulatory requirements.

10. INTELLECTUAL PROPERTY AND DMCA COMPLIANCE

10.1 Copyright Respect. Customer shall respect the intellectual property rights of Provider and third parties. Customer shall not use the Services to reproduce, distribute, publicly display, publicly perform, or create derivative works of copyrighted material without authorization from the copyright owner or a valid legal exemption.

10.2 DMCA Safe Harbor. Provider seeks to maintain protection under the DMCA safe harbor provisions (17 U.S.C. § 512). Customer's cooperation is essential to Provider's ability to maintain safe harbor eligibility. Provider has adopted and reasonably implemented a policy that provides for the termination in appropriate circumstances of users who are repeat infringers.

10.3 DMCA Takedown Notices. If Customer or any third party believes that Content on the Services infringes their copyright, a notification of claimed infringement may be sent to Provider's designated DMCA Agent in accordance with 17 U.S.C. § 512(c)(3):

DMCA Agent:
Name: [________________________________]
Address: [________________________________]
Email: [________________________________]
Phone: [________________________________]

A valid DMCA notification must include:

(a) A physical or electronic signature of the copyright owner or authorized agent;

(b) Identification of the copyrighted work claimed to be infringed;

(c) Identification of the material claimed to be infringing and information reasonably sufficient to locate the material;

(d) Contact information for the complaining party;

(e) A statement of good faith belief that use of the material is not authorized; and

(f) A statement, under penalty of perjury, that the information in the notification is accurate and that the complaining party is authorized to act on behalf of the copyright owner.

10.4 Counter-Notification. Customer may submit a counter-notification pursuant to 17 U.S.C. § 512(g) if Customer believes its Content was removed in error. Counter-notifications must comply with the statutory requirements.

10.5 Repeat Infringer Policy. Provider will terminate the accounts of users who are repeat infringers in appropriate circumstances, consistent with 17 U.S.C. § 512(i).

10.6 CDA Section 230. Provider may, in its discretion, review, moderate, or remove Content without losing the protections afforded by Section 230 of the Communications Decency Act (47 U.S.C. § 230(c)(2)), which provides immunity for good-faith content moderation. The exemption in 47 U.S.C. § 230(e)(2) clarifies that Section 230 does not limit or expand intellectual property law.

11. PRIVACY, DATA PROTECTION, AND MONITORING

11.1 ECPA and Monitoring. Customer acknowledges that Provider may monitor the Services for compliance with this AUP, security threats, and performance optimization, subject to the Electronic Communications Privacy Act (18 U.S.C. §§ 2510-2522) and the Stored Communications Act (18 U.S.C. §§ 2701-2712). Provider's monitoring activities are conducted pursuant to the service provider exception (18 U.S.C. § 2511(2)(a)(i)) and with Customer's consent as provided in the Agreement.

11.2 Alabama Wiretapping Law. Alabama is a one-party consent state for the interception of communications (Ala. Code § 13A-11-30). Provider's monitoring activities shall comply with applicable federal and Alabama wiretapping and surveillance laws.

11.3 Alabama Data Breach Notification. In the event of a Security Incident involving "sensitive personally identifying information" as defined in Ala. Code § 8-38-2, Provider shall:

(a) Notify Customer within [____] hours of discovering or being notified of the breach;

(b) Cooperate with Customer in investigating the breach and complying with notification obligations under the Alabama Data Breach Notification Act (Ala. Code §§ 8-38-1 through 8-38-12);

(c) Assist Customer with notification to affected Alabama residents within 45 days as required by Ala. Code § 8-38-5; and

(d) Assist with notification to the Alabama Attorney General and consumer reporting agencies if more than 1,000 Alabama residents are affected (Ala. Code §§ 8-38-6, 8-38-7).

11.4 Data Security Measures. Customer shall implement and maintain reasonable security measures to protect data processed through the Services, including:

(a) Encryption of sensitive data in transit and at rest;
(b) Access controls based on the principle of least privilege;
(c) Regular security assessments and vulnerability scanning;
(d) Employee security awareness training;
(e) Incident response procedures; and
(f) Compliance with Ala. Code § 8-38-2 requirements for reasonable security measures.

11.5 Law Enforcement Requests. Provider may disclose Customer data in response to valid legal process (e.g., subpoenas, court orders, warrants) issued by courts or law enforcement agencies with jurisdiction, including Alabama state courts and federal courts in Alabama. Provider will notify Customer of such requests to the extent legally permitted.

12. ALABAMA COMPUTER CRIME ACT COMPLIANCE

12.1 Alabama Computer Crime Act. Customer acknowledges that unauthorized access to, or tampering with, computer systems may violate the Alabama Computer Crime Act (Ala. Code §§ 13A-8-100 through 13A-8-103), which criminalizes:

(a) Offenses Against Intellectual Property (Ala. Code § 13A-8-102): Knowingly and without authorization destroying, inserting, or modifying any computer program, computer software, computer data, or other information or documentation residing in, communicated by, or produced by a computer, computer system, or computer network;

(b) Offenses Against Computer Equipment or Supplies (Ala. Code § 13A-8-103): Knowingly and without authorization altering, damaging, or destroying computer equipment, computer supplies, or computer data.

12.2 Alabama Digital Crime Act. Customer further acknowledges the Alabama Digital Crime Act (Ala. Code §§ 13A-8-110 through 13A-8-112), which addresses:

(a) Computer Tampering (Ala. Code § 13A-8-112): A person commits the crime of computer tampering when that person knowingly, without authorization, or exceeding authorization, accesses and alters, damages, or destroys any computer, computer system, or computer network;

(b) Computer tampering in the first degree (affecting critical infrastructure, government computers, or causing aggregate damage exceeding $2,500) is a Class B felony;

(c) Computer tampering in the second degree (all other cases) is a Class A misdemeanor.

12.3 Scope of Employment Exception. As provided in Ala. Code § 13A-8-112, the computer tampering statute does not apply to acts committed by a person within the scope of lawful employment when such acts are reasonably necessary to the performance of the person's work assignment.

12.4 Federal CFAA Overlay. In addition to Alabama state computer crime laws, Customer's use of the Services is subject to the Computer Fraud and Abuse Act (18 U.S.C. § 1030), which prohibits:

(a) Knowingly accessing a computer without authorization or exceeding authorized access to obtain protected information (18 U.S.C. § 1030(a)(2));

(b) Knowingly causing the transmission of a program, information, code, or command that intentionally causes damage to a protected computer (18 U.S.C. § 1030(a)(5));

(c) Trafficking in computer passwords or similar information (18 U.S.C. § 1030(a)(6)); and

(d) Transmitting threats to damage a protected computer to extort something of value (18 U.S.C. § 1030(a)(7)).

13. EXPORT CONTROLS, SANCTIONS, AND LEGAL COMPLIANCE

13.1 Export Control Compliance. Customer shall not use the Services in violation of applicable export control laws and regulations, including:

(a) Export Administration Regulations (EAR), 15 CFR Parts 730-774;
(b) International Traffic in Arms Regulations (ITAR), 22 CFR Parts 120-130; and
(c) Office of Foreign Assets Control (OFAC) regulations, 31 CFR Part 500 et seq.

13.2 Sanctioned Jurisdictions. Customer shall not access or use the Services from, or permit access from, comprehensively sanctioned countries or regions as designated by OFAC.

13.3 Restricted Parties. Customer shall not provide access to the Services to any person or entity appearing on OFAC's Specially Designated Nationals (SDN) List, the Commerce Department's Entity List or Denied Persons List, or any other applicable restricted party list.

13.4 Prohibited End Uses. Customer shall not use the Services in connection with the design, development, production, stockpiling, or use of weapons of mass destruction (nuclear, chemical, or biological) or missiles capable of delivering such weapons.

13.5 Alabama Consumer Protection. Customer shall comply with all applicable Alabama consumer protection laws, including the Alabama Deceptive Trade Practices Act (Ala. Code §§ 8-19-1 through 8-19-15), in connection with any goods, services, or communications offered or distributed through the Services.

14. REPORTING VIOLATIONS

14.1 Reporting Mechanism. Suspected violations of this AUP should be reported to Provider at:

Email: [________________________________]
Phone: [________________________________]
Web Form: [________________________________]

14.2 Report Contents. Reports should include, to the extent reasonably available:

(a) Description of the suspected violation;
(b) Identification of the Content or conduct at issue;
(c) Date(s) and time(s) of the observed violation;
(d) URL(s), IP address(es), or account identifier(s) involved;
(e) Screenshots, logs, or other supporting evidence; and
(f) Contact information for the reporting party.

14.3 Good Faith Reporting. Provider shall not retaliate against any person who reports a suspected violation in good faith. Reports made in bad faith, or false reports intended to harass, may themselves constitute a violation of this AUP.

14.4 Law Enforcement Referral. Provider reserves the right to refer suspected criminal violations to appropriate law enforcement authorities, including violations of the Alabama Computer Crime Act, the Alabama Digital Crime Act, and the Computer Fraud and Abuse Act.

15. INVESTIGATION, ENFORCEMENT, AND SUSPENSION

15.1 Investigation. Provider may investigate any suspected or reported violation of this AUP. Customer shall cooperate with Provider's investigations, including providing access to relevant account information and logs.

15.2 Enforcement Actions. Upon determining that a violation of this AUP has occurred, Provider may take one or more of the following enforcement actions, in its reasonable discretion:

(a) Issue a written warning;

(b) Temporarily restrict specific features or functionality;

(c) Remove or disable access to Prohibited Content;

(d) Suspend Customer's access to the Services, in whole or in part;

(e) Terminate Customer's access to the Services in accordance with the Agreement;

(f) Report violations to law enforcement or regulatory authorities; and

(g) Pursue civil remedies, including injunctive relief and damages.

15.3 Emergency Suspension. Provider may suspend Customer's access immediately and without prior notice if Provider reasonably determines that:

(a) Customer's use poses an imminent threat to the security, integrity, or availability of the Services or Provider's infrastructure;

(b) Customer's use may expose Provider or third parties to material legal liability;

(c) Customer's use involves illegal activity or suspected illegal activity; or

(d) Suspension is required by a court order, law enforcement request, or regulatory directive.

15.4 Notice of Suspension. Except in emergency situations described in Section 15.3, Provider shall provide Customer with [____] business days' prior written notice before suspending access, specifying the nature of the violation and any required remediation steps.

15.5 Fee Obligations During Suspension. Customer remains responsible for all fees accruing during any suspension period caused by Customer's violation of this AUP, unless the Agreement provides otherwise.

16. APPEAL AND REINSTATEMENT

16.1 Appeal Process. Customer may appeal a suspension or enforcement action by submitting a written request to [________________________________] within [____] business days of receiving notice of the action. The appeal shall include:

(a) A description of the enforcement action being appealed;

(b) Customer's explanation or justification;

(c) Any supporting evidence or documentation; and

(d) A description of the remediation steps taken, if applicable.

16.2 Review Timeline. Provider shall review the appeal in good faith and respond with findings, next steps, or a final determination within [____] business days of receipt.

16.3 Reinstatement Conditions. If Provider agrees to reinstate Customer's access, Provider may impose conditions, including:

(a) Implementation of specific remediation measures;
(b) Enhanced monitoring of Customer's account;
(c) Modifications to Customer's use of the Services; or
(d) Execution of an AUP compliance acknowledgment.

16.4 No Limitation on Termination Rights. The appeal process in this Section does not limit Provider's right to terminate the Agreement for cause as specified in the Agreement.

17. CHANGES TO THIS AUP

17.1 Provider's Right to Update. Provider may update, modify, or amend this AUP at any time. Provider shall provide Customer with at least [____] days' written notice of material changes.

17.2 Notification Method. Notice of AUP changes may be provided via:

☐ Email to the address on file
☐ In-product notification
☐ Posting on Provider's website with notice banner
☐ Other: [________________________________]

17.3 Effective Date. Updated AUP terms shall become effective upon the date specified in the notice, which shall not be earlier than [____] days after notice is provided.

17.4 Continued Use. Customer's continued use of the Services after the effective date of updated AUP terms constitutes acceptance of those terms. If Customer does not agree with the updated terms, Customer may terminate the Agreement in accordance with its termination provisions.

17.5 Alignment with Agreement. Material changes to this AUP shall be consistent with the notice and amendment provisions of the Agreement. In the event of a conflict between the AUP amendment process and the Agreement's amendment provisions, the Agreement shall control.

18. GOVERNING LAW AND DISPUTE RESOLUTION

18.1 Governing Law. This AUP is part of the Agreement. The Agreement's governing law provisions control. If the Agreement is silent, this AUP and any dispute arising from it shall be governed by the laws of the State of Alabama, without regard to conflict-of-law principles.

18.2 Jurisdiction and Venue. If the Agreement is silent on jurisdiction, the state and federal courts located in [________________________________] County, Alabama, shall have exclusive jurisdiction over disputes arising from this AUP. Each party irrevocably consents to the personal jurisdiction of such courts.

18.3 Federal Court Jurisdiction. Claims arising under federal statutes (including the CFAA, ECPA, DMCA, CDA, CAN-SPAM, and COPPA) may be brought in the United States District Court for the [☐ Northern ☐ Middle ☐ Southern] District of Alabama.

18.4 Equitable Relief. Provider may seek injunctive or other equitable relief in any court of competent jurisdiction without bond or other security to the extent permitted by Alabama law to prevent actual or threatened violations of this AUP.

19. LIMITATION OF LIABILITY FOR AUP ENFORCEMENT

19.1 Good Faith Enforcement. Provider shall not be liable to Customer for any damages resulting from Provider's good-faith enforcement of this AUP, including suspension, removal of Content, or termination, provided Provider complied with the notice and process requirements set forth herein.

19.2 CDA Section 230 Protection. To the extent applicable, Provider's good-faith content moderation actions under this AUP are protected by 47 U.S.C. § 230(c)(2), which provides that no provider of an interactive computer service shall be held liable on account of any action voluntarily taken in good faith to restrict access to or availability of material that the provider considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.

19.3 DMCA Safe Harbor Protection. Provider's actions taken in response to DMCA notifications are conducted pursuant to the DMCA safe harbor provisions (17 U.S.C. § 512) and shall not give rise to liability to Customer, provided Provider follows the statutory notice-and-takedown and counter-notification procedures.

20. CONTACT INFORMATION

General AUP Questions:
Email: [________________________________]
Phone: [________________________________]

Security Incident Reporting:
Email: [________________________________]
Phone: [________________________________]
24/7 Emergency Line: [________________________________]

DMCA Agent (Copyright Notices):
Name: [________________________________]
Email: [________________________________]
Address: [________________________________]

Abuse Reporting:
Email: [________________________________]
Web Form: [________________________________]

Legal Notices:
[________________________________]
[________________________________]
[________________________________]

ACKNOWLEDGMENT

By accessing or using the Services, Customer acknowledges that it has read, understood, and agrees to comply with this Acceptable Use Policy.

CUSTOMER:

Authorized Representative Signature: [________________________________]
Printed Name: [________________________________]
Title: [________________________________]
Organization: [________________________________]
Date: [__/__/____]

PRACTICE TIPS FOR ALABAMA ATTORNEYS

1. Alabama Computer Crime Act vs. CFAA: Alabama has both the older Computer Crime Act (Ala. Code §§ 13A-8-100 through 13A-8-103) and the newer Digital Crime Act (Ala. Code §§ 13A-8-110 through 13A-8-112). The Digital Crime Act addresses computer tampering with a tiered penalty structure. Ensure the AUP references both statutes, as prosecutors may charge under either.

2. Scope of Employment Defense: The Alabama Digital Crime Act contains an explicit scope-of-employment exception (Ala. Code § 13A-8-112). This is relevant for enterprise AUPs where employees may need to perform security testing. Document authorized security activities carefully.

3. DMCA Agent Registration: To qualify for DMCA safe harbor (17 U.S.C. § 512(c)), the service provider must designate an agent with the U.S. Copyright Office and make the agent's contact information available through the service. Failure to properly designate an agent may waive safe harbor protection.

4. CDA Section 230 Interplay: Section 230 (47 U.S.C. § 230) protects service providers from liability for third-party content but explicitly does not extend to intellectual property claims (47 U.S.C. § 230(e)(2)). The AUP should enforce IP compliance to maintain DMCA safe harbor while leveraging CDA Section 230 for other content moderation decisions.

5. Alabama Data Breach Timeline: Alabama's 45-day notification window (Ala. Code § 8-38-5) is more specific than some states. Internal notification timelines in the AUP should provide sufficient lead time for the provider to assist the customer in meeting this deadline.

6. One-Party Consent: Alabama is a one-party consent state for wiretapping (Ala. Code § 13A-11-30), meaning only one party to a communication needs to consent for lawful interception. However, federal ECPA still applies, and network monitoring should rely on the service provider exception (18 U.S.C. § 2511(2)(a)(i)) or documented consent.

7. ECPA and SCA Considerations: The ECPA (18 U.S.C. § 2510 et seq.) and Stored Communications Act (18 U.S.C. § 2701 et seq.) impose restrictions on interception of communications and access to stored communications. AUP monitoring provisions should be drafted to fall within statutory exceptions.

8. Jury Waiver Enforceability in Alabama: Alabama courts generally enforce knowing and voluntary jury waivers. If including a waiver, consider making it conspicuous and separately acknowledged.

SOURCES AND REFERENCES

• Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030: https://www.law.cornell.edu/uscode/text/18/1030
• Alabama Computer Crime Act, Ala. Code §§ 13A-8-100 through 13A-8-103: https://law.justia.com/codes/alabama/title-13a/chapter-8/article-5/
• Alabama Digital Crime Act, Ala. Code §§ 13A-8-110 through 13A-8-112: https://law.justia.com/codes/alabama/title-13a/chapter-8/article-5a/
• ECPA, 18 U.S.C. §§ 2510-2522: https://www.law.cornell.edu/uscode/text/18/part-I/chapter-119
• Stored Communications Act, 18 U.S.C. §§ 2701-2712: https://www.law.cornell.edu/uscode/text/18/part-I/chapter-121
• DMCA, 17 U.S.C. § 512: https://www.law.cornell.edu/uscode/text/17/512
• CDA Section 230, 47 U.S.C. § 230: https://www.law.cornell.edu/uscode/text/47/230
• Alabama Data Breach Notification Act, Ala. Code §§ 8-38-1 through 8-38-12: https://law.justia.com/codes/alabama/title-8/chapter-38/
• U.S. Copyright Office DMCA Agent Directory: https://www.copyright.gov/dmca-directory/
• Section 512 Study Resources: https://www.copyright.gov/512/
• CAN-SPAM Act, 15 U.S.C. §§ 7701-7713: https://www.law.cornell.edu/uscode/text/15/chapter/103
• COPPA, 15 U.S.C. §§ 6501-6506: https://www.law.cornell.edu/uscode/text/15/chapter/91