Acceptable Use Policy

Last updated: August 5, 2025

This Acceptable Use Policy (“AUP”) governs access to and use of the uAPI services, software, networks, infrastructure, SDKs, documentation, websites, and related materials (collectively, the “Services”). This AUP is incorporated by reference into, and forms part of, your agreement with uAPI (the “Agreement,” e.g., our Master Service Agreement/Terms of Service). Capitalized terms used but not defined in this AUP have the meanings given in the Agreement.

By accessing or using the Services, you agree to comply with this AUP. If you do not agree, you must not access or use the Services.

1. Scope & accountability

1.1 Who is bound. This AUP applies to you and to anyone who accesses or uses the Services on your behalf or for your benefit, including your employees, contractors, consultants, agents, affiliates, subsidiaries, end users, and anyone using your credentials, accounts, keys, networks, or systems (collectively, “Users”).

1.2 Your responsibility. You are responsible for (a) all activity occurring under your accounts or via your networks or integrations; (b) ensuring Users comply with this AUP; and (c) promptly addressing any non-compliance, abuse, or security issues.

1.3 Third-party terms. You must comply with third-party terms and policies applicable to your use of their sites, APIs, or data sources (e.g., robots rules, platform terms, developer policies, and contractual restrictions).

2. Lawful, authorized use only

2.1 Legal compliance. You may use the Services only for lawful purposes and in compliance with all applicable laws and regulations, including (where applicable) the EU/UK GDPR and ePrivacy rules, the US Computer Fraud and Abuse Act (CFAA), anti-spam laws (e.g., CAN-SPAM, PECR, ePrivacy), consumer protection laws, unfair/deceptive practices laws, export controls and sanctions (see §7), intellectual property and publicity/privacy rights, and data protection/telecom rules.

2.2 Authorization required. You may not access, collect, store, use, or share any content, data, or systems without a current, valid legal basis and authorization. If authorization is withdrawn or expires, you must stop.

2.3 Behind-login & gated data. Access to materials behind authentication, paywalls, or technical access controls is prohibited unless all of the following are true:
a) you are the lawful account holder or have express written authorization from the account holder and (if different) from the relevant operator;
b) your access complies with applicable law and the operator’s terms; and
c) you can demonstrate that authorization and compliance to us on request (see §6).

2.4 No circumvention. You may not circumvent or attempt to circumvent any technical protection measures or access controls (including but not limited to login requirements, paywalls, digital rights management, geo-blocking, rate limits, fingerprinting, bot-detection, or CAPTCHAs), except where you have clear, provable authorization from the operator and such activity is lawful.

3. Prohibited activities (non-exhaustive)

The following uses are strictly prohibited. Examples are illustrative; similar conduct is also prohibited.

3.1 Security & integrity abuses

• Launching, facilitating, or testing DDoS, flooding, port scanning, unauthorized probing, credential stuffing, or brute-force attacks against third-party systems.
  
  
• Introducing or distributing malware, ransomware, viruses, spyware, rootkits, or other malicious code.
  
  
• Interfering with, degrading, or disrupting any network, host, or service (including the Services), or using the Services to bypass third-party service restrictions without permission.
  
  
• Gaining or attempting to gain unauthorized access to accounts, networks, devices, APIs, or data.
  
  

3.2 Fraud, deception, and market abuse

• Ad or click fraud, impression fraud, viewability fraud, or manipulating analytics.
  
  
• Fake engagement (e.g., fake likes, shares, comments, follows, upvotes), astroturfing, or misrepresentation.
  
  
• Impersonation, spoofing, phishing, social engineering, or deceptive origin/identity.
  
  
• SEO manipulation (e.g., synthetic click-through inflation) or manipulative ranking tactics.
  
  

3.3 Messaging & outreach abuse

• Spam: sending unsolicited, bulk, harassing, or deceptive communications (email, SMS, messaging, or calls), harvesting addresses/numbers without consent, or operating unconfirmed subscription lists.
  
  
• Violating do-not-contact rules or consent requirements; failing to maintain documented proof of opt-in/consent where required.
  
  

3.4 Unauthorized data collection or use

• Accessing, collecting, or processing non-public or restricted data without valid authorization and a lawful basis (see §2).
  
  
• Scraping or collecting sensitive personal data (e.g., children’s data; health, financial, precise geolocation, biometrics) without lawful basis and explicit permission where required.
  
  
• Any use that violates a website/platform’s terms or robots directives where such terms are enforceable and applicable to you.
  
  

3.5 Intellectual property & content violations

• Infringing or misappropriating copyrights, trademarks, trade secrets, moral rights, or rights of publicity/likeness; evading DRM or watermarking without authorization.
  
  
• Uploading, transmitting, or linking to illegal content, including threats, incitement to violence, terrorism advocacy, CSAM, or other harmful/abusive content.
  
  

3.6 High-risk verticals (require prior written approval from uAPI)

• Automated posting or interaction with classifieds/marketplaces.
  
  
• Streaming/media ripping, re-hosting, or automated access to streaming platforms.
  
  
• Cryptocurrency/NFT trading automation, arbitrage, or exchange integrations.
  
  
• In-game item/currency trading automation.
  
  
• Access to authenticated government systems or regulated datasets (e.g., protected health or financial records).
  
  
• Any activity likely to trigger significant platform or regulatory enforcement risk.
  
  

Without uAPI’s prior written approval, these uses are prohibited.

3.7 Illicit and abusive commercial practices

• Any activity in connection with illegal gambling, narcotics trafficking, weapons, or proliferation/WMD end use.
  
  
• Consumer protection violations (deceptive acts, dark patterns) and privacy violations (profiling without lawful basis, unlawful sale/disclosure of personal data).
  
  

4. Network integrity, monitoring & enforcement

4.1 Protective measures. To protect the Services, our customers, and third parties, uAPI may, at any time and at our sole discretion, implement protective measures, including but not limited to:

• rate-limiting, throttling, request/traffic shaping, and concurrency limits;
  
  
• IP/ASN/geo blocking, domain/URL/path blocking (including dynamic blocklists);
  
  
• traffic fingerprinting, anomaly detection, and automated policy enforcement;
  
  
• key/account disabling; and
  
  
• content/domain category blocking (e.g., adult content, harmful domains, honeypots).
  
  

4.2 No duty to monitor; right to review. We do not assume an affirmative obligation to monitor all activity; however, we may monitor, review, and analyze traffic or logs (subject to our Privacy Policy) for abuse detection, AUP compliance, incident response, billing integrity, and safety.

4.3 Immediate action. We may suspend, limit, or terminate any account, key, integration, or traffic with or without notice if we believe, in our sole discretion, that: (a) this AUP or the Agreement is or may be violated; (b) the integrity/security of the Services or third parties is at risk; or (c) required by law or a competent authority.

4.4 No credits / no liability. Service limitations, suspensions, or terminations taken to enforce this AUP or protect the network do not give rise to service credits, refunds, or liability of any kind.

5. KYC, use-case verification & audits

5.1 Verification. We may require you to complete identity verification (KYC/KYB), domain or ownership verification, and use-case validation (including proof of authorization for behind-login access).

5.2 Information requests. You must promptly provide accurate, complete information we reasonably request to verify compliance (e.g., copies of consents/authorizations, customer contracts, platform permissions, privacy notices, data-protection assessments).

5.3 Refusal or failure. Refusal or failure to provide requested information may result in limitation, suspension, or termination.

6. Proof of authorization & records

6.1 Maintain evidence. Where your use relies on authorization or consent (e.g., behind-login access, data subject consent, platform permission), you must maintain written evidence (and, where required, opt-in logs) for as long as you process the data and for any required retention period.

6.2 Provide on request. Upon our request (or a lawful request from a competent authority), you must promptly provide evidence of authorization/consent and of compliance with this AUP and applicable law.

7. Export controls, sanctions & restricted parties

7.1 Compliance required. You may not use the Services in or for the benefit of any country, entity, or person subject to embargoes, sanctions, or trade controls, including under US (e.g., OFAC/EAR), EU, UK, or other applicable regimes, nor for any prohibited end use (e.g., military end use/end users where restricted, WMD proliferation).

7.2 Screening. We may screen accounts and traffic for sanctions/export compliance and may suspend or terminate access where we suspect non-compliance.

8. Intellectual property complaints (including DMCA)

8.1 Respect for rights. Do not use the Services to infringe intellectual property or publicity rights.

8.2 Notices. If you believe the Services are used to infringe rights, please notify us at contact[at]uapi.nl with sufficient detail to identify the material, the rights asserted, and your contact details. If uAPI hosts or transmits allegedly infringing material, we may remove/disable access, forward notices to Users, and, where applicable to US law, act consistent with the DMCA including repeat-infringer policies.

9. Security research safe harbor (uAPI assets only)

9.1 Good-faith testing. uAPI encourages good-faith security research of uAPI-owned systems only, in accordance with our Coordinated Vulnerability Disclosure (CVD) Policy. Testing third-party systems via the Services is prohibited unless you have their explicit authorization.

9.2 Boundaries. Do not access customer data, degrade service, or violate privacy or law. We may authorize limited testing areas; out-of-scope testing may trigger enforcement.

10. Abuse reporting & contact

• Report abuse or suspicious activity: contact[at]uapi.nl
  
  
• Please include: (a) detailed description; (b) timestamps (UTC), source IPs, request IDs if available; (c) impacted domains/URLs; (d) any relevant logs or evidence.
  
  

uAPI may cooperate with law enforcement and regulators where lawful and appropriate.

11. Remedial actions & appeals

11.1 Remedies. In addition to suspension/termination, we may: block or filter traffic; rotate or revoke keys; require configuration changes; impose stricter limits; require attestations, consents, or approvals; or refer matters to competent authorities.

11.2 Appeals. If you believe we took action in error, contact contact[at]uapi.nl with your account ID, action taken, and supporting evidence. We may restore access subject to additional controls. Appeals do not stay enforcement actions.

12. Relationship to the Agreement; survival

This AUP supplements the Agreement. In case of conflict, the Agreement governs, except where this AUP provides stricter standards for acceptable use, in which case the stricter standards apply. Provisions relating to compliance, audits, records, enforcement, and limitations survive termination.

13. Changes to this AUP

We may update this AUP from time to time. Material changes will be posted to our site. Changes aimed at safety, security, or legal compliance may take effect immediately on posting. Continued use of the Services after posting constitutes acceptance.

14. Quick reference: examples matrix

Typically permitted (subject to law/third-party terms):

• Uptime testing and price/availability monitoring of public pages.
  
  
• Brand protection and counterfeit detection on public listings.
  
  
• Your own account analytics where you are the account holder and terms allow.
  
  
• Public SERP aggregation consistent with search engine terms (no fake clicks).
  
  

Approval-only (get uAPI’s prior written approval):

• Classifieds/marketplace posting automation.
  
  
• Streaming/media access or analytics automations.
  
  
• Crypto/NFT trading automations or exchange integrations.
  
  
• In-game trading automations.
  
  
• Access to authenticated government portals or regulated datasets.
  
  

Prohibited:

• DDoS, malware, unauthorized access, or evasion of access controls.
  
  
• Ad/click fraud, fake engagement, SEO click inflation.
  
  
• Spam or unconsented outreach; list harvesting; unconfirmed lists.
  
  
• Collection of non-public data without authorization and legal basis.
  
  
• IP infringement; CSAM; illegal or abusive content.
  
  

Questions?

If you have questions about this AUP or how it applies to your use case, contact contact[at]uapi.nl before you proceed.