Acceptable Use Policy (Texas)

ACCEPTABLE USE POLICY — TEXAS

Effective Date: [__/__/____]
Last Updated: [__/__/____]
Company: [________________________________] ("Provider" or "Company")
Website/Service: [________________________________] (the "Service")

TABLE OF CONTENTS

1. Definitions
2. Scope and Applicability
3. Permitted Use
4. Prohibited Conduct
5. Content Standards
6. AI and Automated Systems Usage Restrictions
7. Data Protection and Privacy Compliance (Texas-Specific)
8. Network and System Security
9. Email and Communication Standards
10. Monitoring and Enforcement
11. Violation Consequences
12. Reporting Violations
13. Texas-Specific Legal Provisions
14. Amendments and Updates
15. Acknowledgment and Acceptance
    Exhibit A — Prohibited Content Examples
    Exhibit B — Violation Reporting Form

1. DEFINITIONS

1.1 "Authorized User" means any individual or entity granted access to the Service under a valid agreement.

1.2 "Computer" means an electronic, magnetic, optical, electrochemical, or other high-speed data processing device that performs logical, arithmetic, or memory functions, as referenced in Tex. Penal Code § 33.01(4).

1.3 "Computer Network" means the interconnection of two or more Computers or computer systems by satellite, microwave, electromagnetic, or other form of high-speed data link, as referenced in Tex. Penal Code § 33.01(5).

1.4 "Content" means any data, text, images, audio, video, software, code, or other materials uploaded, transmitted, stored, or made available through the Service.

1.5 "Customer" means the entity with a valid agreement for the Service.

1.6 "Intimate Visual Material" means visual material that depicts a person with the person's intimate parts exposed, or engaged in sexual conduct, as defined in Tex. Penal Code § 21.16(a).

1.7 "Malicious Code" means viruses, worms, Trojan horses, ransomware, spyware, rootkits, or any other harmful code.

1.8 "Minor" means any individual under 18 for Texas law, or under 13 for COPPA.

1.9 "Personal Data" shall have the meaning in Tex. Bus. & Com. Code § 541.001(22).

1.10 "Prohibited Content" means Content violating this AUP, applicable law, or third-party rights.

1.11 "Sensitive Data" shall have the meaning in Tex. Bus. & Com. Code § 521.002.

1.12 "Service" means the SaaS platform, applications, APIs, websites, and related services.

1.13 "Spam" means unsolicited commercial electronic communications in violation of law.

1.14 "Sexually Explicit Media" means any visual material depicting a person with intimate parts exposed or engaged in sexual conduct, including AI-generated material, as referenced in Tex. Penal Code § 21.165.

2. SCOPE AND APPLICABILITY

2.1 Applicability. This AUP applies to all Authorized Users.

2.2 Customer Responsibility. Customer is responsible for all Authorized Users' compliance.

2.3 Age Restrictions. Not intended for individuals under [____] (default: 18) without verifiable parental consent. COPPA applies for children under 13. Texas HB 18 (Securing Children Online through Parental Empowerment — SCOPE Act) imposes additional requirements for digital services directed to Minors.

2.4 Texas Nexus. This AUP applies Texas-specific requirements to use involving Texas residents, content directed to Texas users, or activities within Texas.

3. PERMITTED USE

3.1 Authorized Purposes. Lawful business purposes within the applicable agreement.

3.2 Compliance. Federal, Texas, and local law compliance required.

3.3 Capacity Limits. Use within published limits and fair use parameters.

4. PROHIBITED CONDUCT

4.1 Illegal Activities. Authorized Users shall not:

• (a) Violate any federal, Texas, or local law;
• (b) Engage in fraud, identity theft, or social engineering;
• (c) Facilitate financial crimes;
• (d) Infringe intellectual property rights; or
• (e) Violate the CFAA (18 U.S.C. § 1030) or Texas Penal Code Chapter 33.

4.2 Texas Penal Code Chapter 33 — Computer Crimes. The following are prohibited:

• (a) Breach of Computer Security (§ 33.02): Knowingly accessing a Computer, Computer Network, or computer system without the effective consent of the owner — Class B misdemeanor; elevated to a state jail felony if the person has been previously convicted, or to a felony of the second or third degree if the access was to a critical infrastructure computer or government computer;
• (b) Online Solicitation of a Minor (§ 33.021): Using the Internet or electronic communications to solicit a Minor to engage in sexual contact — second-degree or third-degree felony;
• (c) Electronic Data Tampering (§ 33.023): Intentionally altering data as it transmits between two Computers in a Computer Network when the actor is not a party to the transmission — varies by degree based on damage amount;
• (d) Unlawful Decryption (§ 33.024): Intentionally decrypting encrypted private information without the effective consent of the owner — state jail felony;
• (e) Online Impersonation (§ 33.07): Creating a web page or posting messages using another person's name without consent and with intent to harm, defraud, or threaten — third-degree felony; or
• (f) Telecommunications Crimes (Chapter 33A): Unauthorized use of telecommunications services, manufacture of unauthorized devices, or publication of telecommunications access devices.

4.3 Security Violations. Authorized Users shall not:

• (a) Gain unauthorized access to any system, network, or data;
• (b) Conduct vulnerability scanning or penetration testing without authorization;
• (c) Launch DoS or DDoS attacks;
• (d) Introduce Malicious Code;
• (e) Intercept or alter communications;
• (f) Bypass security features or access controls;
• (g) Forge headers or identifiers; or
• (h) Decrypt encrypted data without authorization (in violation of § 33.024).

4.4 Abuse and Misuse. Authorized Users shall not:

• (a) Resell or sublicense the Service;
• (b) Use the Service to develop competing products;
• (c) Publish unauthorized benchmarks;
• (d) Engage in cryptomining;
• (e) Consume excessive resources; or
• (f) Scrape or data mine outside documented APIs.

4.5 Harassment and Harmful Conduct. Authorized Users shall not:

• (a) Harass, threaten, or intimidate any individual;
• (b) Disseminate hate speech;
• (c) Disclose Intimate Visual Material without consent in violation of Tex. Penal Code § 21.16 (Relationship Privacy Act) — state jail felony (180 days to 2 years imprisonment, up to $10,000 fine);
• (d) Promote or distribute Intimate Visual Material of another person for the purpose of harassment, as elevated from a Class A misdemeanor to a state jail felony in 2017;
• (e) Create or distribute Sexually Explicit Media (including deepfakes) depicting identifiable persons without consent in violation of Tex. Penal Code § 21.165, as amended in 2025 to cover both images and videos;
• (f) Engage in online impersonation with intent to harm, defraud, or threaten (§ 33.07);
• (g) Engage in cyberbullying as addressed by David's Law (Tex. Educ. Code § 37.0832), which permits school districts to address cyberbullying that occurs off-campus and authorizes magistrates to issue protective orders;
• (h) Dox any individual; or
• (i) File false emergency reports.

5. CONTENT STANDARDS

5.1 Prohibited Content. Strictly prohibited:

• (a) Unlawful, fraudulent, or deceptive Content;
• (b) IP-infringing Content;
• (c) CSAM or content exploiting Minors;
• (d) Non-consensual Intimate Visual Material (real or AI-generated);
• (e) Deepfake Sexually Explicit Media of identifiable persons;
• (f) Terrorist or extremist Content;
• (g) Malicious Code;
• (h) Stolen credentials, Sensitive Data, or financial information;
• (i) Spam and phishing payloads;
• (j) Content violating privacy rights; and
• (k) Content constituting online impersonation.

5.2 DMCA Compliance. Provider maintains a DMCA designated agent. Contact: [________________________________].

• (a) Takedown: Expeditious removal upon valid notice.
• (b) Counter-Notification: Available under 17 U.S.C. § 512(g).
• (c) Repeat Infringers: Terminated.

5.3 Texas Right of Publicity. Content shall not misappropriate an individual's name, likeness, or persona for commercial purposes without consent under Texas common law right of publicity and Tex. Prop. Code § 26.001 et seq.

6. AI AND AUTOMATED SYSTEMS USAGE RESTRICTIONS

6.1 Prohibited AI Uses. Authorized Users shall not:

• (a) Use Service outputs to train competing models without permission;
• (b) Make fully automated decisions with legal or significant effects without human review;
• (c) Generate deceptive synthetic media;
• (d) Create AI-generated Sexually Explicit Media depicting real individuals;
• (e) Use AI to impersonate individuals (overlapping with Tex. Penal Code § 33.07);
• (f) Hold out AI outputs as professional advice without disclaimers; or
• (g) Use AI to circumvent content moderation or safety mechanisms.

6.2 Texas-Specific AI Provisions.

• (a) Tex. Penal Code § 21.165 (Deepfake Sexually Explicit Media): As amended in 2025 by HB 449 and SB 441, this law prohibits the creation or distribution of AI-generated sexually explicit images and videos of identifiable persons without consent. The 2025 amendments expanded coverage to include still images (previously only videos), with penalties ranging from a Class A misdemeanor to a state jail felony depending on circumstances.
• (b) Tex. Penal Code § 33.07 (Online Impersonation): Using AI to create and publish content impersonating another person without consent and with intent to harm is a third-degree felony (2 to 10 years imprisonment, $10,000 fine).
• (c) TDPSA Profiling Rights: Texas consumers have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. Automated decision-making through the Service must provide opt-out mechanisms.
• (d) Election Deepfakes: While Texas does not yet have a specific deepfake elections statute, AI-generated content that misleads voters may constitute election fraud under Tex. Elec. Code Chapter 276.

6.3 Disclosure. AI-generated Content must be disclosed where required by law or where non-disclosure would be materially misleading.

7. DATA PROTECTION AND PRIVACY COMPLIANCE (TEXAS-SPECIFIC)

7.1 TDPSA Compliance (Tex. Bus. & Com. Code § 541.001 et seq.). If applicable (processing Personal Data of 100,000+ Texas consumers, or 25,000+ with 50%+ revenue from data sales):

• (a) Authorized Users shall respect consumer rights to access, correct, delete, obtain copies of, and opt out of the processing of Personal Data;
• (b) Authorized Users shall not process Personal Data for targeted advertising, sale, or certain profiling without enabling consumer opt-out;
• (c) Consent is required for processing Sensitive Data (as defined in § 541.001), including racial/ethnic origin, religious beliefs, health data, sexual orientation, citizenship/immigration status, genetic data, biometric data, children's data, and precise geolocation data;
• (d) Data protection assessments are required for processing that presents a heightened risk; and
• (e) Enforcement: Exclusive to the Texas Attorney General, who may seek civil penalties of up to $7,500 per violation; no private right of action. The AG must provide 30 days' notice and opportunity to cure before initiating enforcement.

7.2 Texas Identity Theft Enforcement and Protection Act (Tex. Bus. & Com. Code § 521.001 et seq.). Authorized Users shall:

• (a) Implement and maintain reasonable procedures to protect Sensitive Data from unauthorized disclosure;
• (b) Not dispose of Sensitive Data records without taking steps to render them unreadable; and
• (c) Comply with breach notification requirements — notification "as quickly as possible" after discovering a breach.

7.3 Breach Notification. In the event of a breach of system security:

• (a) Notify affected individuals as quickly as possible;
• (b) If 10,000+ Texas residents affected, notify consumer reporting agencies;
• (c) If 250+ Texas residents affected (as of the 2025 amendments), notify the Texas Attorney General; and
• (d) Penalties: $100 to $250,000 per breach for violations, enforced by the Attorney General.

7.4 COPPA. Verifiable parental consent for children under 13.

7.5 Texas SCOPE Act (HB 18). If the Service is a "digital service" as defined in the SCOPE Act:

• (a) Parental consent may be required for Minors to create accounts;
• (b) Default privacy settings for Minors must be set to the most restrictive option; and
• (c) Targeted advertising to Minors is prohibited.

7.6 DTPA Alignment. Collection, use, and disclosure of Personal Data through the Service must not constitute a deceptive act under the DTPA (Tex. Bus. & Com. Code § 17.46).

8. NETWORK AND SYSTEM SECURITY

8.1 Security Requirements. Authorized Users shall:

• (a) Maintain credential confidentiality and use MFA;
• (b) Report compromised credentials immediately;
• (c) Keep software current; and
• (d) Comply with Provider's security policies and API rate limits.

8.2 Vulnerability Testing. Prohibited without written authorization.

8.3 Reverse Engineering. Prohibited except as permitted by applicable law.

8.4 Texas Computer Crime Protections. Provider's systems are protected under Tex. Penal Code Chapter 33. Unauthorized access to the Service constitutes a breach of computer security (§ 33.02) and may result in criminal prosecution.

9. EMAIL AND COMMUNICATION STANDARDS

9.1 Federal CAN-SPAM. Full compliance per 15 U.S.C. § 7701 et seq.

9.2 Texas Anti-Spam (Tex. Bus. & Com. Code § 321.051 et seq.). In addition to CAN-SPAM:

• (a) It is unlawful to send commercial email with a falsified routing address to or from a computer located in Texas;
• (b) It is unlawful to send commercial email with a deceptive subject line from or to a Texas-located computer;
• (c) It is unlawful to send unsolicited commercial email that uses a third party's domain name without permission;
• (d) Violations are actionable by the Attorney General under the DTPA; and
• (e) An authorized user of a computer network or ISP may recover actual damages or $10 per unsolicited email (up to $25,000 per day).

9.3 TCPA Compliance. Prior express written consent for automated calls and texts per 47 U.S.C. § 227.

9.4 Texas No-Call List. Telemarketers using the Service must comply with the Texas No-Call List maintained by the Public Utility Commission under Tex. Bus. & Com. Code § 304.

9.5 Anti-Spam. No Spam through any format using the Service.

10. MONITORING AND ENFORCEMENT

10.1 Monitoring. Provider may monitor for compliance as permitted by law.

10.2 Investigation. Provider may investigate and cooperate with law enforcement, including the Texas Attorney General and local cybercrime units.

10.3 Content Removal. Provider may remove violating Content with or without notice.

10.4 Preservation. Content preserved pursuant to valid legal process.

11. VIOLATION CONSEQUENCES

11.1 Graduated Enforcement.

11.2 Immediate Suspension. Without notice for imminent threats, criminal activity, or CSAM.

11.3 Customer Liability. Fees continue during violation-caused suspension.

11.4 Texas Attorney General. Violations involving Texas consumers or Personal Data may be referred to the Texas Attorney General.

11.5 DTPA Remedies. Customer acknowledges that AUP violations constituting deceptive trade practices may give rise to DTPA claims by affected parties, including economic damages, treble damages for knowing or intentional violations, and attorneys' fees. The DTPA waiver provisions of § 17.42 apply only to transactions exceeding $500,000 where the consumer was represented by counsel.

12. REPORTING VIOLATIONS

12.1 Contact.

• Email: [________________________________]
• Online: [________________________________]
• DMCA Agent: [________________________________]

12.2 Report Contents. Description, evidence, dates, and user information.

12.3 Response. Acknowledgment within [____] Business Days; assessment within [____] Business Days.

12.4 No Retaliation. Good-faith reporters protected.

12.5 Intimate Visual Material Reports. Reports involving non-consensual Intimate Visual Material or deepfake Sexually Explicit Media shall be prioritized. If involving a Minor, immediately report to NCMEC and law enforcement.

12.6 Cyberbullying Reports. Reports of cyberbullying involving Texas students shall be addressed consistently with David's Law requirements, including potential referral to school districts and law enforcement.

13. TEXAS-SPECIFIC LEGAL PROVISIONS

13.1 Governing Law. This AUP is governed by the laws of the State of Texas.

13.2 DTPA. This AUP and its enforcement shall be consistent with the DTPA. Provider shall not enforce the AUP in a manner constituting an unfair or deceptive practice.

13.3 Forum Selection. Disputes shall be brought in state or federal courts in [________________________________] County, Texas.

13.4 Texas Constitution. Monitoring and enforcement shall respect the rights of individuals under the Texas Constitution, including Article I (Bill of Rights).

13.5 Section 230. Provider may take good-faith actions to restrict objectionable Content consistent with 47 U.S.C. § 230.

13.6 Texas Social Media Regulations. If the Service qualifies as a "social media platform" under Tex. Civ. Prac. & Rem. Code § 143A (HB 20), the Service shall not censor a user's expression based on viewpoint. This provision is subject to ongoing federal litigation regarding its enforceability.

14. AMENDMENTS AND UPDATES

14.1 Right to Amend. Provider may modify this AUP at any time.

14.2 Notice. Not less than [____] days' notice for material changes.

14.3 Continued Use. Continued use after effective date constitutes acceptance.

15. ACKNOWLEDGMENT AND ACCEPTANCE

Customer Acknowledgment:

Organization: [________________________________]
Authorized Representative: [________________________________]
Title: [________________________________]
Signature: [________________________________]
Date: [__/__/____]

☐ I confirm that I have read and understood this Acceptable Use Policy.
☐ I agree to communicate this AUP to all Authorized Users.
☐ I accept responsibility for Authorized User compliance.
☐ I acknowledge the Texas-specific obligations, including Penal Code Chapter 33, DTPA, TDPSA, and the Texas Anti-Spam Law.

EXHIBIT A — PROHIBITED CONTENT EXAMPLES (TEXAS)

EXHIBIT B — VIOLATION REPORTING FORM

Report Date: [__/__/____]

Reporter Information:
☐ Anonymous report

Name: [________________________________]
Email: [________________________________]
Phone: [________________________________]

Violation Type:
☐ Tex. Penal Code Ch. 33 — Computer crimes
☐ Non-consensual intimate material (§ 21.16)
☐ Deepfake sexually explicit media (§ 21.165)
☐ Online impersonation (§ 33.07)
☐ Cyberbullying (David's Law)
☐ TDPSA privacy violation
☐ Texas anti-spam violation
☐ CSAM or child exploitation
☐ DMCA / IP infringement
☐ DTPA deceptive practices
☐ Other: [________________________________]

Description: [________________________________]

Date/Time: [__/__/____] at [____]

Evidence: ☐ Screenshots ☐ Logs ☐ Email headers ☐ Other

Severity: ☐ Low ☐ Medium ☐ High ☐ Critical

Does this involve a minor? ☐ Yes ☐ No ☐ Unknown

☐ I certify this report is made in good faith.

Signature: [________________________________]
Date: [__/__/____]

This Acceptable Use Policy template is provided for informational purposes only and does not constitute legal advice. Have this document reviewed by a qualified Texas attorney before use.