Acceptable Use Policy

1) Purpose & Scope

This Acceptable Use Policy (“AUP”) governs use of HoolzLab websites, services, APIs, software, and infrastructure (collectively, the “Services”). By accessing or using the Services, you agree to comply with this AUP in addition to any applicable Terms of Service and Privacy Policy.

2) Definitions

Customer Content: data, files, code, text, or other materials you submit to or through the Services.
Malicious Activity: actions intended to compromise confidentiality, integrity, or availability of systems, data, or users.
Automated Access: scripted/programmatic requests, crawlers, or bots.
Good-Faith Research: security testing under our Disclosure rules with minimal impact and no abuse of data.

3) Prohibited Activities

You may not, directly or indirectly:

Examples are illustrative; HoolzLab may determine misuse at its reasonable discretion.
Category	Examples (non-exhaustive)
Unauthorized Access	Bypass controls; access accounts or data without permission; use stolen credentials; exploit vulnerabilities; scan/probe production systems without prior written authorization.
Service Interference	DoS/flooding; excessive parallelization; resource exhaustion; intentionally triggering error/edge cases to degrade service.
Malware & Abuse	Distribute malware/spyware/ransomware; C2; phishing; spam; social engineering; host droppers or exploit kits.
Misuse of Data	Exfiltrate, scrape, harvest, or resell personal/confidential data; deanonymize individuals; violate privacy, export, or data-residency laws.
Impersonation & Fraud	Pretend to be HoolzLab or another user; misrepresent affiliation; payment/billing fraud; account takeovers.
Circumvention	Evade rate limits/quotas; rotate identities or tamper with headers/telemetry to avoid enforcement; manipulate geofencing.
Illegal Content	Host or transmit unlawful content; infringe IP rights; promote violence or exploitation; violate sanctions/embargoes.
High-Risk Use	Use in safety-critical contexts (e.g., medical diagnosis, life support) without appropriate controls and written authorization.

4) Allowed / Permitted Uses

Normal, interactive use of websites and applications, within published limits and documentation.
Automated access via documented APIs within assigned quotas, with a stable User-Agent and valid credentials.
Good-faith security research under our Coordinated Vulnerability Disclosure terms.

5) Accounts & Access

You are responsible for activity under your accounts, credentials, keys, and devices.
Keep secrets secret (API keys, tokens). Rotate promptly if exposure is suspected.
Use strong authentication and maintain accurate registration information.
Do not share accounts unless expressly permitted in writing.

6) Security & Abuse

Do not attempt to compromise or bypass security on production systems without explicit prior written authorization.
Respect robots.txt, rate limits, and technical restrictions.
If you believe you’ve found a vulnerability, use the Disclosure process.

Traffic hygiene

Excessive or noisy traffic may be limited or blocked. Avoid rapid bursts, sub-second polling, or header tampering. Honor HTTP 429 with jittered backoff.

7) API & Automation

Use official endpoints and documented parameters only; do not scrape where an API exists.
Stay within quotas; cache responsibly; avoid hot-looping.
Identify your client with a stable User-Agent and contact email/URL.

8) Use of AI Features

Do not use AI features to generate or disseminate illegal, harmful, or deceptive content.
Do not attempt to extract secrets, personal data, or model parameters beyond intended functionality.
When outputs affect individuals materially, apply human review and appropriate safeguards.

9) Content Standards

Do not upload or transmit unlawful, harmful, defamatory, harassing, hateful, or infringing content.
Do not submit personal data you have no right to process or that violates applicable law or contracts.
You retain ownership of your content; you grant the rights needed to operate the Services as described in our Terms.

10) Data Protection & Residency

HoolzLab processes data as described in our Privacy Policy. You are responsible for your own legal obligations.
Do not attempt to re-identify anonymized data or defeat privacy controls.
Respect regional data restrictions and data-residency requirements when applicable.

11) Third-Party Services

Our Services may interact with third-party services. Their terms and privacy policies apply to your use of those services. You are responsible for complying with third-party terms and for any integrations you enable.

12) Monitoring & Enforcement

HoolzLab may monitor usage to protect users and infrastructure. We may take lawful action in response to suspected violations.

Severity	Typical Indicators	Potential Actions
Low	Accidental misuse, minor overage, noisy client.	Warning; request for corrective action; temporary rate-limit.
Medium	Repeated overages; scraping despite API; ignoring 429.	Stricter rate-limit; feature restriction; temporary blocks; key rotation.
High	Credential stuffing; exploitation attempts; exfil signals.	Immediate block; IP quarantine; account suspension; evidence preservation; notifications as required by law.

13) Coordinated Vulnerability Disclosure (Safe Harbor)

We welcome good-faith security research conducted under this policy. Email [email protected] with details sufficient for reproduction.

Do: Avoid privacy violations, service disruption, or data destruction; limit tests to what’s necessary to demonstrate a finding.
Do not: Access customer data; exfiltrate data; DDoS; spam; social-engineer staff; affect availability of production systems.
We will not pursue or recommend legal action for good-faith research following this policy and applicable law.

Response targets (non-binding)

Acknowledgment: 3 business days
Initial triage: 7 business days
Status updates: every 14 days until resolution

Note: This is not a bug bounty and does not guarantee payment.

14) Report Abuse or Policy Violations

Report spam, malicious activity, or AUP violations to [email protected]. Include timestamps (UTC), IPs, request/incident IDs, and relevant headers or logs.

Tip: Error screens may display an “Incident ID” and “Fingerprint.” Include them in your report.

15) Legal

15.1 Jurisdiction

This AUP is governed by the laws of the State of Illinois, USA. Exclusive venue lies in courts in Cook County, Illinois, unless otherwise required by law.

15.2 Export Controls & Sanctions

Comply with U.S. and applicable international export and sanctions laws. Do not use the Services if you are in a comprehensively sanctioned jurisdiction or are a restricted party.

15.3 DMCA / IP

For copyright complaints under the DMCA, contact [email protected] with sufficient detail to locate and assess the material.

15.4 Severability

If any provision of this AUP is held invalid, the remainder will continue in full force and effect.

16) Changes & Contact

We may update this AUP from time to time. Material changes will be posted here with a new “Last updated” date.

For questions, contact [email protected].

↩ Back to Home

This AUP is for clarity and deterrence. It does not limit any rights HoolzLab may have under the Terms of Service or applicable law.

17) Glossary

Rate limiting: restricting request volume in a period. Quota: a hard usage cap (e.g., requests, tokens, storage). IP quarantine: temporary block applied to a source address or range.