Legal

Acceptable Use Policy

These rules protect recipients, customer domains, provider relationships, and the shared infrastructure NoticeAPI runs on.

Last updated: July 3, 2026

1. Consent-Only Sending

Marketing, newsletter, broadcast, lifecycle, and automation email through NoticeAPI must be sent only to recipients who gave valid consent for that specific category of email, including documented implied or soft opt-in consent where the law that applies to you permits it.

You must be able to explain and, when asked, provide evidence for how each audience was collected, including source, timing, message category, and any re-opt-in after unsubscribe, bounce, complaint, or suppression.

Transactional email must be tied to a real product, service, account, purchase, security event, legal notice, or user action. Do not disguise marketing, lead generation, or re-engagement campaigns as transactional messages.

Cold outreach is not allowed. Purchased, rented, borrowed, scraped, guessed, enriched, or third-party lead lists are not allowed, even if another vendor claims they are compliant.

2. Unsubscribe and Suppression Rules

Every marketing, promotional, newsletter, broadcast, automation, lifecycle, or subscribed message must carry a visible working unsubscribe path. Broadcasts and automations include List-Unsubscribe headers, and if you do not include the unsubscribe merge tag, NoticeAPI will append a footer automatically.

You may not use REST, SMTP, templates, batch sending, or another transactional path to avoid marketing unsubscribe controls.

You may not bypass, remove, obscure, break, or delay unsubscribe handling. You may not email unsubscribed, bounced, complained, suppressed, or otherwise opted-out recipients except for non-promotional transactional or relationship messages whose primary purpose is account, purchase, security, legal, or service delivery.

You are responsible for honoring opt-outs across your own systems, including imports, API calls, backups, segment rebuilds, and tools outside NoticeAPI.

3. Prohibited Content and Conduct

You may not use NoticeAPI for phishing, malware, credential harvesting, scams, deceptive identity, spoofing, impersonation, illegal goods or services, harassment, hate, threats, exploitation, adult sexual content, or content that violates applicable law.

You may not use NoticeAPI to send mail that misleads recipients about who you are, why they are receiving the message, how to unsubscribe, or what action a link or attachment will perform.

You may not send content that collects sensitive information by deception, violates intellectual property rights, evades another provider's enforcement, uses cloaking or link shorteners to hide destination or identity, or causes unreasonable load, complaints, blocks, or reputation risk.

High-risk regulated or deceptive offers, including unlawful gambling, counterfeit goods, unsafe medical claims, debt-relief scams, investment scams, or similar schemes are not allowed.

4. Platform Boundaries

NoticeAPI is for transactional email, consent-based broadcasts, and API-based email receiving. It is not a CRM, mailbox host, cold outreach platform, list broker, deliverability trick system, or dedicated-IP marketplace.

Do not attempt to evade rate limits, quotas, review gates, ramp limits, domain verification, suppression lists, unsubscribe controls, webhook signing, authentication, or abuse monitoring.

Do not use inbound receiving, webhooks, tracking, or the simulator to collect data unlawfully, harass recipients, test phishing flows, or build a mailbox, shared inbox, CRM, or cold outreach workflow.

5. Deliverability and Abuse Controls

NoticeAPI monitors bounce rates, spam complaints, provider blocks, usage patterns, and recipient outcomes. Sending may be throttled, paused, capped, reviewed, or terminated when risk thresholds are crossed.

Self-serve no-card accounts are limited to simulator testing unless NoticeAPI explicitly activates production sending. Production sending requires an approved account, a verified domain, and may be warmed up through daily caps. These controls protect everyone using shared provider capacity.

You must maintain accurate authentication and sender records, keep complaint rates low, remove bad addresses, avoid spam traps and list bombing, and follow mailbox-provider requirements that apply to your traffic.

6. Domain and Sender Requirements

You may send only from domains you own or are authorized to use. You must keep DNS records accurate and must not impersonate another organization or person.

Your messages must use truthful routing information, accurate sender identity, and legally required sender contact information. Subject lines, preview text, links, and attachments must not be deceptive.

Shared provider capacity is used for scale, not reputation tiering. Plan upgrades must not be used to avoid reputation, review, or abuse controls.

7. Enforcement

We may reject mail, suppress recipients, pause domains, pause accounts, revoke API keys, require remediation, or terminate service if we believe this policy has been violated or platform health is at risk.

If your account is paused and you believe it was a mistake, contact [email protected] with the sending domain, audience source, consent evidence, message examples, recent complaint or bounce context, and remediation plan.