Acceptable Use Policy (AUP)

Effective date: January 23, 2026

Last reviewed: January 23, 2026

Review cadence: This AUP is reviewed at least annually and updated as needed to address new security, legal, and operational risks.

Applies to: spf.io products, services, websites, apps, integrations, APIs, and any related support channels (collectively, the “Services”).

1) Purpose

spf.io exists to make communication more accessible across languages and contexts. This Acceptable Use Policy explains how users may and may not use the Services, and how we protect information and assets that may be shared with users—such as accounts, links, embedded viewers, transcripts, captions, translations, audio, files, and APIs.

2) Scope

This AUP applies to:

• All users of the Services (including administrators, operators, speakers, attendees, viewers, and API users).

• All environments (production, beta, trials, demos).

• All content and data processed, stored, displayed, or transmitted through the Services.

If there is a conflict between this AUP and an applicable written agreement with spf.io, that agreement controls for that conflict.

3) Definitions

• “Content” means any text, audio, video, images, documents, captions, transcripts, translations, prompts, metadata, or other materials submitted to or generated by the Services.

• “Information and assets shared with users” includes (without limitation): user accounts, authentication credentials, API keys/tokens, links and embed codes, session access URLs, dashboards, recordings, transcripts/captions/translations, exported files, and any other Service outputs or resources made available to users.

• “You” / “Customer” means the individual or entity using the Services.

4) Acceptable use

You may use the Services only:

• For lawful purposes.

• In a way that respects others’ rights and safety.

• In accordance with this AUP, your contract with spf.io (if any), and applicable laws and regulations.

5) Prohibited use

You must not (and must not allow others to) use the Services to:

A. Break the law or cause harm

• Engage in illegal activity, or encourage/enable illegal activity.

• Threaten, harass, defame, bully, or discriminate against others.

• Share or facilitate exploitation, abuse, or sexual content involving minors.

B. Misuse accounts, access, or shared assets

• Access, use, or attempt to access another user’s account, session, or data without authorization.

• Share credentials, API keys, or session access URLs in a way that enables unauthorized access.

• Circumvent authentication, rate limits, security controls, or access restrictions.

C. Attack or degrade the Services

• Probe, scan, or test the vulnerability of the Services without written permission.

• Introduce malware, ransomware, spyware, or other malicious code.

• Interfere with or disrupt the Services, including via denial-of-service (DoS) attacks.

• Use automation in a way that creates unreasonable load or degrades performance for others.

D. Abuse data, privacy, or confidentiality

• Collect, scrape, or harvest information from the Services in a way that violates privacy laws or others’ rights.

• Publish or disclose content from the Services that you do not have rights to share, including confidential or personal data, unless you have a lawful basis and appropriate permissions.

• Attempt to re-identify anonymized data or infer sensitive attributes about individuals without authorization.

E. Infringe intellectual property or rights

• Upload, distribute, or generate content that infringes copyrights, trademarks, or other proprietary rights.

• Remove or alter proprietary notices, attribution, or legal markings.

• Reverse engineer the Services or attempt to extract source code or underlying models except as permitted by applicable law and your agreement.

F. Misrepresent or deceive

• Impersonate any person or entity, or misrepresent affiliation.

• Provide false information to gain access, benefits, or trust.

• Use the Services to distribute spam, phishing, or deceptive communications.

G. Violate restrictions related to regulated activity

• Use the Services in ways that violate export controls, sanctions, or other trade restrictions.

• Use the Services to handle regulated data or high-risk categories where prohibited by your agreement or by applicable law (for example, certain government-controlled data), unless explicitly authorized in writing.

6) Your responsibilities

You are responsible for:

• Keeping credentials and shared access assets secure (accounts, API keys, session URLs, embed codes).

• Managing user permissions appropriately.

• Ensuring you have the rights and permissions to submit Content and to share any outputs (captions/transcripts/translations/audio) with your intended audience.

• Complying with applicable privacy and accessibility obligations for your use case (including providing required notices and obtaining consent where legally required).

7) Reporting concerns and security issues

If you believe the Services are being misused, or if you suspect unauthorized access to information or assets shared with users, notify us at: [email protected] (or your designated support channel).

When reporting, include:

• What happened, when, and which session/account was involved (if known)

• The affected URLs/assets (if applicable)

• Any steps already taken to contain the issue

8) Enforcement

We may investigate suspected violations. If we determine a violation occurred (or is reasonably likely), we may take actions such as:

• Removing or restricting access to Content

• Suspending or terminating accounts or sessions

• Rotating/revoking credentials or API keys

• Limiting rates or disabling abusive integrations

• Reporting to law enforcement where required or appropriate

9) Changes to this policy

We may update this AUP from time to time to reflect changes in the Services, law, or security practices. The “Effective date” above indicates the current version. Material changes will be communicated in a reasonable manner (for example, via the Services or posted update).

10) Relationship to other terms

This AUP supplements your agreement with spf.io (including any Terms of Service and applicable order forms). If you are using the Services on behalf of an organization, you represent that you are authorized to bind that organization to this AUP.