Acceptable Use Policy

Last updated: June 1, 2026

This Acceptable Use Policy ("AUP") sets out the activities that are prohibited when using EmailFlow AI. It exists to protect recipients, preserve deliverability for every customer on our platform, and keep the Service lawful and trustworthy. Sending great email is a privilege built on permission and trust — this policy is how we keep that trust intact for everyone.

forward_to_inbox

The single most important rule: only email people who have given you permission to email them. Permission cannot be bought, rented, scraped, or assumed. If you cannot show how a contact opted in to hear from you, do not email them.

This AUP is part of, and incorporated into, our Terms of Service. Capitalized terms have the meanings given in the Terms. It applies to every account, every user under an account, and all use of the Service, including its AI features and APIs. We may update this AUP from time to time, and your continued use of the Service constitutes acceptance of the current version. If you become aware of any violation of this AUP, you must immediately stop it and notify us.

1. Permission-based sending only

You may send email through the Service only to recipients who have given you clear, demonstrable permission to contact them at the address used. You must be able to document, on request, how and when each recipient opted in. You must not:

Purchase, rent, lease, barter, or otherwise acquire email lists or addresses from third parties.
Scrape, harvest, or generate addresses from websites, directories, or other sources.
Email recipients who have not opted in, or who have withdrawn consent or unsubscribed.
Send to role-based or distribution addresses (such as info@, sales@, or abuse@) absent specific consent.
Import or use addresses obtained through a co-registration, list-broker, or "appended" data arrangement.

2. Anti-spam and legal compliance

You must comply with all laws, regulations, and industry standards that apply to your messages and recipients, including the U.S. CAN-SPAM Act, Canada's Anti-Spam Legislation (CASL), the EU and UK GDPR and the ePrivacy rules, and equivalent laws in other jurisdictions. At a minimum, every commercial message you send must:

Use accurate and non-deceptive header, "From," "To," reply-to, and routing information that identifies you as the sender.
Use subject lines that accurately reflect the content of the message and are not misleading.
Clearly identify the message as an advertisement where required.
Include your valid physical postal address.
Provide a clear, conspicuous, and functioning unsubscribe mechanism in every message, and honor opt-out requests promptly (and in any event within the period required by law).
Refrain from charging a fee, requiring additional information beyond an email address, or requiring any step other than a reply or a single visit to a webpage in order to unsubscribe.

You must not disable, bypass, tamper with, or fail to honor the unsubscribe and one-click list-unsubscribe mechanisms provided by the Service.

3. Prohibited content

You must not use the Service to send, host, link to, or promote content that is illegal, fraudulent, deceptive, infringing, or harmful, including but not limited to:

Malware, viruses, ransomware, phishing, spoofing, or other malicious, deceptive, or credential-harvesting material.
Content that infringes or misappropriates any patent, trademark, trade secret, copyright, publicity, or other intellectual property or privacy right.
Hate speech, harassment, threats, defamation, or content that incites or promotes violence or discrimination.
Sexual content involving minors, or any content that exploits or endangers minors; any other content that is unlawful.
Pyramid schemes, multi-level-marketing recruitment, "get rich quick" schemes, chain letters, or unlawful financial offers.
Deceptive, false, or misleading claims, including misleading health, financial, or earnings claims.
Content that violates the export-control, sanctions, or other trade laws applicable to you.

4. Restricted and high-risk categories

Certain industries and message types carry elevated deliverability, fraud, and compliance risk. We may apply additional requirements, lower limits, enhanced review, or outright restrictions to senders in categories such as cryptocurrency and digital assets, gambling and betting, pharmaceuticals and supplements, tobacco, vaping, firearms, adult content, debt collection and credit repair, lead generation, and "work from home" or affiliate-marketing offers. We may decline to provide the Service for any of these categories at our discretion.

5. List hygiene and deliverability

You are responsible for maintaining healthy sending practices that protect the shared reputation of the platform. You must:

Promptly remove invalid, undeliverable, and hard-bounced addresses, and stop sending to addresses that repeatedly soft-bounce.
Keep spam-complaint and bounce rates below industry-standard thresholds; sustained high rates may result in throttling or suspension.
Avoid sending to stale, unengaged, or purchased contacts, and re-permission or remove contacts who have not engaged over an extended period.
Warm up new sending volumes gradually rather than sending large unexpected spikes.
Properly configure sender authentication (such as SPF, DKIM, and DMARC) for the domains you send from, and only send from domains you are authorized to use.

6. Responsible use of AI

AI features are tools that assist you; they do not relieve you of responsibility. You must review and approve all AI-generated content before sending it. You must not use AI features to:

Create or distribute deceptive, fraudulent, infringing, defamatory, or otherwise prohibited content.
Generate content that impersonates a person or organization in a misleading way.
Attempt to extract underlying models, training data, or system prompts, or to reverse engineer, probe, or circumvent safety controls.
Submit prompts or content designed to overload, disrupt, or manipulate the AI systems.

7. Security and platform integrity

You must not, and must not permit any third party to:

Attempt to gain unauthorized access to the Service, other accounts, or any related systems or networks.
Probe, scan, or test the vulnerability of the Service, or breach or circumvent any security or authentication measure.
Interfere with or disrupt the integrity or performance of the Service, including through denial-of-service attacks, excessive automated requests, or evasion of rate limits or quotas.
Create accounts by automated means, operate multiple accounts to evade limits or enforcement, or share an account in a manner that exceeds your plan.
Use the Service to transmit unsolicited bulk messages at scale or to relay messages on behalf of unauthorized third parties.
Misrepresent your identity or affiliation, or use the Service in any way that could damage, disable, or impair it.

8. Consequences of violations

We monitor for abuse and investigate reports and signals of misuse. We may, at our discretion and with or without notice, take any action we consider appropriate in response to an actual or suspected violation of this AUP, including: issuing a warning; throttling or rate-limiting your sending; pausing or removing offending content or contacts; requiring re-permissioning of lists; suspending some or all features; and suspending or terminating your account. We may also retain evidence, notify affected parties, cooperate with mailbox and infrastructure providers, and report unlawful activity to law enforcement or other authorities. Suspension or termination for an AUP violation does not entitle you to any refund, and you remain responsible for fees incurred.

9. Reporting abuse

If you believe a message sent through the Service, or any use of the Service, violates this AUP, please report it to abuse@emailflow.ai with as much detail as possible (including message headers where available). We take every report seriously and will investigate promptly.