Acceptable Use Policy

1. PURPOSE AND SCOPE

1.1 Purpose

This Acceptable Use Policy ("AUP") establishes the rules, guidelines and standards for acceptable use ofNotify'n ("Service"), provided by HMD Corp ("Company," "we," "us"). This AUP is designed to protect the integrity of our platform, the reputation of our customers and the recipients of communications sent through our Service across all channels, including email, SMS, WhatsApp, push notifications and voice.

1.2 Binding Agreement

This AUP is incorporated by reference into our Terms of Service. By using the Service, you agree to comply with this AUP in its entirety. Violation of any provision constitutes a material breach of your agreement with us.

1.3 Updates

We may update this AUP at any time without prior notice. Changes take effect immediately upon posting. Your continued use of the Service after changes are posted constitutes acceptance of the updated AUP. It is your responsibility to review this AUP regularly.

2. EMAIL COMPLIANCE REQUIREMENTS

2.1 Permission-Based Sending Only

You may only send emails to recipients who have given you explicit, verifiable consent.This is non-negotiable. Acceptable consent includes:

• Opt-in Forms: Recipients who actively signed up through your website or app
• Double Opt-in: Recipients who confirmed their subscription via email (strongly recommended)
• Existing Business Relationship: Current customers or recent purchasers (within 18 months) where permitted by law
• Explicit Written Consent: Documented consent obtained through other legitimate means

2.2 Prohibited List Sources

The following sources are strictly prohibited and will result in immediate account termination:

• Purchased, rented, borrowed or traded email lists
• Scraped, harvested or automatically collected email addresses
• Lists from data brokers, list vendors or "lead generation" services
• Lists obtained through contests, sweepstakes or co-registration without clear consent
• Appended email addresses added to existing customer records without consent
• Role-based addresses (e.g., info@, sales@, support@) without specific consent
• Lists from third parties, partners or affiliates without proper consent transfer

2.3 Required Email Elements

Every email sent through our Service must include:

• Clear Identification: Accurate "From" name and email address identifying you as the sender
• Truthful Subject Lines: Subject lines that accurately reflect the email content (no deception)
• Physical Address: A valid physical postal address for your organization
• Unsubscribe Mechanism: A clear, prominent, one-click unsubscribe link that works immediately
• Unsubscribe Processing: Unsubscribe requests must be honored within 10 days (preferably immediately)

2.4 List Hygiene Requirements

You are responsible for maintaining clean, healthy email lists:

• Regularly remove bounced, invalid and unengaged addresses
• Process unsubscribes immediately; never email someone who has opted out
• Remove hard bounces after first occurrence
• Maintain bounce rates below 2% (hard bounces below 0.5%)
• Maintain spam complaint rates below 0.1%
• Re-confirm consent for lists older than 6 months before importing

3. PROHIBITED CONTENT

3.1 Absolutely Prohibited Content

The following content is strictly prohibited and will result in immediate, permanent account termination without warning, refund, or appeal:

3.1.1 Illegal Activities

• Content promoting or facilitating illegal activities in any jurisdiction
• Drug trafficking, illegal weapons, counterfeit goods or contraband
• Money laundering, fraud schemes or financial crimes
• Human trafficking, exploitation or any form of slavery
• Terrorism, extremism or violence promotion

3.1.2 Fraud and Deception

• Phishing, smishing or credential harvesting
• Impersonation of individuals, companies or government entities
• Fake invoices, lottery/prize scams or advance-fee fraud
• Business email compromise (BEC) attempts
• Deceptive practices designed to mislead recipients
• Get-rich-quick schemes, fake investment opportunities

3.1.3 Malicious Content

• Malware, viruses, ransomware, spyware or any malicious code
• Links to compromised or malicious websites
• Exploit kits, hacking tools or attack infrastructure
• Denial of service facilitation

3.1.4 Harmful Content

• Child sexual abuse material (CSAM) or child exploitation
• Non-consensual intimate images ("revenge porn")
• Content promoting self-harm, suicide or eating disorders
• Hate speech targeting race, ethnicity, religion, gender, sexuality or disability
• Harassment, bullying or threats of violence
• Doxxing or sharing of private information without consent

3.1.5 Intellectual Property Violations

• Pirated software, media or content
• Counterfeit goods promotion
• Trademark or copyright infringement
• Unauthorised use of brand names or logos

3.2 Restricted Content Requiring Prior Approval

The following content categories are restricted and require explicit prior written approval from our Compliance team before you may send:

• Adult Content: Sexually explicit material, adult products/services (age verification required)
• Cannabis/CBD: Cannabis, hemp or CBD products (legality verification required)
• Gambling: Casinos, betting, lotteries, fantasy sports (licensing verification required)
• Firearms/Weapons: Legal firearms, ammunition, hunting supplies (compliance verification)
• Alcohol/Tobacco: Alcohol or tobacco products (age restriction compliance required)
• Pharmaceuticals: Prescription drugs, pharmacies, health supplements (licensing required)
• Cryptocurrency: Cryptocurrency, ICOs, DeFi, NFTs (compliance verification required)
• Financial Services: Loans, credit, investments, insurance (licensing required)
• Political Content: Campaign communications, political advocacy (compliance review)

Contact compliance@notifyn.net before signing up if you operate in these industries.

4. PROHIBITED ACTIVITIES

4.1 Spam and Unsolicited Messaging

• Sending unsolicited bulk email (spam) of any kind
• Sending to purchased, rented, or scraped lists
• Sending emails without proper consent
• Using the Service for cold outreach without explicit permission
• Sending promotional emails disguised as transactional messages

4.2 Platform Abuse

• Creating multiple accounts to circumvent limits, suspensions, or bans
• Using false, misleading or fraudulent information in account registration
• Sharing account credentials or allowing unauthorised access
• Reselling, redistributing or white-labelling the Service without authorisation
• Using the Service on behalf of third parties without their accounts
• Circumventing security measures, access controls, or rate limits

4.3 Technical Abuse

• Attempting to access unauthorised areas of our systems or networks
• Conducting vulnerability scanning, penetration testing or security testing without authorisation
• Reverse engineering, decompiling or disassembling our software
• Interfering with the Service or other users' access
• Using bots, scrapers or automated tools in unauthorised ways
• Exploiting bugs, vulnerabilities or errors in the Service
• Launching denial-of-service attacks or participating in botnets

4.4 Legal Violations

• Violating CAN-SPAM, GDPR, CASL, PECR or any applicable anti-spam laws
• Violating data protection and privacy regulations
• Violating consumer protection laws
• Violating export control or sanctions laws
• Violating intellectual property rights
• Engaging in any activity that would make us liable or damage our reputation

5. SENDING THRESHOLDS AND REPUTATION

5.1 Deliverability Thresholds

To maintain platform deliverability for all users, you must stay within the following thresholds:

5.2 New Account Restrictions

New accounts are subject to sending limits during a warm-up period. Limits are gradually increased as you demonstrate positive engagement metrics. Attempting to circumvent these limits will result in account suspension.

5.3 Domain and IP Reputation

You are responsible for maintaining positive domain reputation. We may require domain verification and authentication setup (SPF, DKIM, DMARC) before enabling sending. Accounts that damage shared IP reputation may be moved to dedicated IPs or suspended.

6. LEGAL COMPLIANCE

6.1 Global Email Regulations

You are responsible for complying with all applicable messaging and privacy laws in all jurisdictions where your recipients are located, including but not limited to:

• CAN-SPAM Act (United States): Accurate headers, physical address, unsubscribe mechanism, honour opt-outs within 10 days
• GDPR (European Union): Lawful basis for processing, consent requirements, data subject rights, DPA requirements
• CASL (Canada): Express consent, identification requirements, unsubscribe mechanism, record-keeping
• PECR (United Kingdom): Similar to GDPR requirements for electronic marketing
• LGPD (Brazil): Consent requirements, data subject rights, legal bases
• CCPA/CPRA (California): Disclosure requirements, opt-out rights, data minimisation
• Spam Act (Australia): Consent, identification, unsubscribe requirements

6.2 Industry-Specific Regulations

Depending on your industry, you may also need to comply with:

• HIPAA (Healthcare): Protected health information requirements (BAA required)
• GLBA (Financial Services): Financial privacy requirements
• PCI-DSS (Payment Processing): Cardholder data protection
• FERPA (Education): Student privacy requirements

6.3 SMS, WhatsApp, Push Notification, and Voice Compliance

In addition to email regulations, you must comply with all applicable rules for each channel you use through the Service:

6.3.1 SMS

• TCPA (United States): Obtain prior express written consent before sending marketing SMS. Include opt-out instructions in every message. Honour STOP requests immediately.
• Ofcom / PECR (United Kingdom): Obtain consent for promotional SMS. Identify yourself as the sender. Process opt-out requests promptly.
• Comply with carrier guidelines and do not send from spoofed or shared short-codes without authorisation.

6.3.2 WhatsApp

• Comply with the WhatsApp Business Policy and Commerce Policy at all times.
• Only message contacts who have opted in via a channel you control.
• Do not send bulk unsolicited messages or use automation to circumvent rate limits.
• Use approved message templates for business-initiated conversations where required by WhatsApp.

6.3.3 Push Notifications

• Only send push notifications to users who have granted browser or device permission.
• Provide a clear mechanism for users to revoke notification permissions.
• Do not send misleading or excessively frequent push notifications.

6.3.4 Voice

• TCPA (United States): Obtain prior express consent before placing automated or pre-recorded calls.
• Ofcom (United Kingdom): Comply with Ofcom rules on silent and abandoned calls.
• Inform recipients at the start of any call if recording is in progress and obtain consent where required by law.
• Honour do-not-call (DNC) lists and opt-out requests immediately.

6.4 Consent Record-Keeping

You must maintain records of consent for all recipients. Upon our request, you must provide documentation of consent within 72 hours, including: date and time of consent, method of consent, what was consented to and IP address or other verification.

7. MONITORING AND ENFORCEMENT

7.1 Our Monitoring Rights

We actively monitor use of our Service to ensure compliance with this AUP. By using the Service, you consent to our monitoring, which may include:

• Automated scanning of message content for prohibited material across all channels
• Analysis of sending patterns, bounce rates and complaint rates
• Review of reported abuse complaints
• Investigation of suspicious activity
• Spam trap monitoring and blacklist checks
• Coordination with ISPs, carriers, anti-spam organisations and law enforcement

7.2 Enforcement Actions

Violations of this AUP may result in one or more of the following actions, at our sole discretion:

• Warning: Written notice of violation and request for corrective action
• Temporary Suspension: Suspension of sending privileges pending investigation
• Sending Restrictions: Reduced sending limits or approval requirements
• Account Termination: Permanent termination of your account without refund
• Legal Action: Civil or criminal prosecution, or cooperation with law enforcement
• Reporting: Reporting to relevant authorities, blacklist operators or industry groups

7.3 No Refunds for Violations

IF YOUR ACCOUNT IS SUSPENDED OR TERMINATED DUE TO VIOLATION OF THIS AUP, YOU WILL NOT RECEIVE ANY REFUND FOR UNUSED SUBSCRIPTION TIME, EMAIL CREDITS, OR OTHER PREPAID FEES.

7.4 Right to Immediate Action

We reserve the right to take immediate action, without prior notice, for severe violations that pose risk to our platform, other users or third parties. This includes, but is not limited to: sending malware, phishing, illegal content or volumes of spam.

8. REPORTING VIOLATIONS

8.1 How to Report

If you receive spam or abusive email sent through our Service, or become aware of any violation of this AUP, please report it to us:

• Email: abuse@notifyn.net
• Include the full email headers and content of the offending message
• Provide any additional context about the abuse

8.2 Response to Reports

We investigate all abuse reports and take appropriate action. Due to privacy considerations, we may not be able to disclose the specific actions taken against another user's account.

8.3 Cooperation with Authorities

We cooperate with law enforcement, regulatory authorities and industry organisations in investigating violations. We may disclose information about violators without your consent when required by law or to protect our platform and users.

9. CONTACT INFORMATION

For questions about this AUP or to request approval for restricted content:

© 2026 HMD Corp. All rights reserved. We reserve the right to update this policy at any time.