Liigu sisuni
Legal Documentation

Acceptable Use Policy

ReflectHub OÜ — English

All Documents

ReflectHub OÜ
Effective date: 2026-07-07
Last updated: 2026-07-07
Version: v1.0

This Acceptable Use Policy (this "AUP" or this "Policy") governs the content that Customer and its Authorized Users may submit to, and the conduct permitted on, the ReflectHub Services. This AUP forms part of, and is incorporated by reference into, the ReflectHub Terms of Service (the "Terms"). Capitalized terms used but not defined in this AUP have the meanings given to them in the Terms. A breach of this AUP is a breach of the Terms.

01.

Scope and Customer Responsibility

This AUP applies to all access to and use of the Services and to all Customer Data. Customer and its Authorized Users must comply with this AUP at all times. References in this AUP to "content" mean Customer Data and any content it contains.

Consistent with Section 6 of the Terms, Customer is responsible for ensuring that it and its Authorized Users comply with this AUP, and Customer remains solely responsible for Customer Data and for all activity conducted under its Account.

A violation of this AUP is a breach of the Terms. A material violation, or a failure to cure a curable violation promptly after notice, constitutes a material breach. Violations involving child sexual abuse material ("CSAM"), credible threats to the life or safety of any person, malicious security activity, or other serious unlawful conduct may be treated as material and, where appropriate, incapable of cure. Any such breach may result in action under Section 4 of this Policy, Section 4 of the Terms, or Section 9 of the Terms, and need not be cured before ReflectHub exercises rights that Section 9 of the Terms permits it to exercise immediately. ReflectHub will apply and enforce this AUP in a diligent, objective, and proportionate manner.

02.

Prohibited Content

Customer and its Authorized Users must not upload, store, transmit, share, or otherwise make available through the Services any content that:

  • is illegal under applicable law, or that promotes, facilitates, or incites unlawful activity;
  • infringes or misappropriates any patent, copyright, trademark, trade secret, database right, or other intellectual property or proprietary right of any third party, or otherwise violates the contractual or other legal rights of any third party;
  • constitutes, contains, advertises, or facilitates access to CSAM, or that otherwise sexually exploits, endangers, or depicts the abuse of minors;
  • facilitates, promotes, provides instructional information about, or incites terrorism, violent extremism, or serious violence against persons;
  • is hateful, harassing, bullying, abusive, or threatening, or is unlawfully discriminatory or defamatory;
  • is fraudulent, deceptive, or misleading, or that promotes, facilitates, or constitutes phishing, spoofing, pharming, scams, or pyramid or Ponzi schemes;
  • promotes, encourages, glorifies, or provides instructions for suicide, self-harm, or eating disorders;
  • constitutes, promotes, or facilitates stalkerware, spyware, or other software or services designed to surveil, track, or monitor a person without their knowledge or consent;
  • constitutes non-consensual intimate imagery, or discloses another person's private or identifying information without authorization for the purpose of harassment, intimidation, or exposure (doxxing);
  • unlawfully violates the privacy, data-protection, or publicity rights of any person, including the unlawful collection, disclosure, or processing of personal data;
  • consists of Customer Data requiring sector-specific, regulated, or high-risk safeguards that the Services are not designated to provide — including payment-card data subject to PCI DSS, protected health information, government-classified information, biometric identification data, or other regulated data of comparable sensitivity — except where ReflectHub has expressly agreed in writing, including in an Order Form or the DPA, to support such data;
  • violates applicable export-control, sanctions, or trade-restriction laws; or
  • consists of, contains, or is intended to deliver malware or other malicious code, further to and without limiting Section 5.1 of the Terms.

The restriction on regulated or high-risk data does not prohibit Customer from submitting ordinary business, project, account, contact, role, access, or collaboration data that the Services are designed to process, provided Customer has the rights, consents, and legal bases required under applicable law.

03.

Prohibited Conduct

In addition to the technical restrictions set out in Section 5.1 of the Terms, which apply in full and are not restated here, Customer and its Authorized Users must not use the Services to:

  • send, facilitate, or support spam or unsolicited bulk or commercial messaging;
  • disseminate, distribute, publish, or otherwise make available to third parties any content prohibited under Section 2 of this Policy;
  • impersonate any person or entity, or misrepresent an affiliation with any person or entity;
  • conduct or facilitate phishing, social engineering, credential harvesting, or the distribution of malware to any third party;
  • launch, participate in, or facilitate any denial-of-service or distributed denial-of-service attack, botnet, or other intrusion or disruption directed at any third party, network, or system;
  • circumvent, disable, or attempt to circumvent any Usage Limits, access controls, authentication, rate limits, or security measures of the Services;
  • access, or attempt to access, any Account, Customer Data, or other data of another customer or Authorized User without authorization;
  • carry out cryptocurrency mining or other resource-intensive workloads unrelated to Customer's authorized use, or otherwise consume Service resources to evade Usage Limits;
  • create Accounts or Authorized User identities by automated or fraudulent means, or create or use multiple Accounts to evade Usage Limits, trial eligibility under Section 9.1 of the Terms, a suspension or termination, or any other restriction under the Terms;
  • scrape, crawl, harvest, or otherwise extract data from the Services by automated means, except through APIs or other interfaces expressly made available by ReflectHub and within their documented limits; or
  • operate or rely on the Services in any high-risk or safety-critical activity where failure could lead to death, personal injury, or severe physical, environmental, or property damage, including life-support, emergency-response, or industrial-control systems.
04.

No General Monitoring; Right to Act

ReflectHub is under no obligation to monitor Customer Data and does not generally monitor the content that Customer or its Authorized Users store, transmit, or make available through the Services. Nothing in this AUP requires ReflectHub to seek facts or circumstances indicating illegal activity, and ReflectHub's exercise of the rights in this Section does not constitute general monitoring or confer on ReflectHub knowledge or control of Customer Data.

ReflectHub nevertheless reserves the right, but assumes no obligation, to review content and activity on the Services where it reasonably considers this appropriate, including in response to a notice under Section 5 of this Policy.

Where ReflectHub reasonably believes that this AUP has been violated, or where required to do so by applicable law or by a competent authority, ReflectHub may remove, disable, restrict, quarantine, or block access to specific Customer Data, including any content it contains, and may restrict or suspend the access of specific Authorized Users, without necessarily suspending or terminating the entire Account. ReflectHub may take any such measure immediately and without prior notice where the relevant content or conduct is manifestly illegal, poses a risk to the safety of any person, threatens the security, integrity, or availability of the Services, concerns CSAM, or where immediate action is required by applicable law or by an order of a competent authority. ReflectHub will otherwise use commercially reasonable efforts to apply such measures proportionately and to limit them to the affected content or access where feasible.

Restoration of quarantined content or reinstatement of suspended access is at ReflectHub's reasonable discretion once it is satisfied that the violation has been remedied. ReflectHub may recover its reasonable costs of investigating and remediating a violation of this AUP that is attributable to Customer or an Authorized User.

The measures described in this Section 4 of this Policy are additional to, and independent of, ReflectHub's suspension rights under Section 4 of the Terms and its suspension and termination rights under Section 9 of the Terms.

To the maximum extent permitted by applicable law, ReflectHub will have no liability to Customer or any Authorized User, and Customer will not be entitled to any refund, credit, service extension, set-off, or damages, as a result of any removal, disabling, restriction, quarantine, suspension, termination, preservation, or reporting action taken in good faith under this AUP. Fees paid for the affected period remain non-refundable in accordance with Sections 8 and 9 of the Terms.

06.

Statement of Reasons and Complaints

Where ReflectHub removes, disables, restricts, quarantines, or blocks access to content or access under this AUP, it will, where required by applicable law and to the extent not prohibited, inform the affected Customer and, where applicable, the affected Authorized User of the decision and provide a clear and specific statement of the reasons for it.

Where the Digital Services Act applies, the statement of reasons will contain the information required by applicable law, including, where relevant, the territorial scope and duration of the measure, the facts and circumstances relied on, whether the decision was taken pursuant to a notice or on ReflectHub's own initiative, whether automated means were used, the legal or contractual ground relied on, and information on available means of redress. ReflectHub may withhold or delay such information where doing so is prohibited by law or is necessary for law-enforcement, security, safety, or ongoing-investigation reasons.

Where required by applicable law, or where ReflectHub elects to offer it in a particular case, the affected Customer may contest a decision by contacting legal@reflecthub.com within the period and in the manner communicated with the decision. ReflectHub will handle such complaints in a timely, non-discriminatory, diligent, and non-arbitrary manner. Decisions on complaints will not be taken solely on the basis of automated means where applicable law requires human review. ReflectHub will reverse a decision without undue delay where the complaint demonstrates that the content or access is not unlawful and does not violate this AUP.

Nothing in this AUP is an acknowledgment that ReflectHub is an "online platform" within the meaning of Article 3(i) of the Digital Services Act, and ReflectHub does not thereby assume obligations that the Digital Services Act imposes only on providers of online platforms, including Articles 20 to 28. Any complaint-handling mechanism that ReflectHub offers beyond mandatory legal requirements is offered as a voluntary measure.

08.

Relationship to the Terms

This AUP forms part of the Terms, and capitalized terms used but not defined in this AUP have the meanings given to them in the Terms.

To the extent ReflectHub processes Personal Data contained in Customer Data solely to provide, secure, maintain, restore, or support the Services, ReflectHub acts as processor under the DPA. To the extent ReflectHub processes Personal Data to enforce this AUP or the Terms, prevent or investigate abuse, comply with legal obligations, respond to competent authorities, protect the Services, or establish, exercise, or defend legal claims, ReflectHub may act as an independent controller on the legal bases in Article 6(1)(c) and Article 6(1)(f) GDPR. The DPA governs processing of Personal Data by ReflectHub as processor and prevails in the event of any conflict on data-protection matters.

Without limiting Section 14 of the Terms, Customer's indemnification obligations under Section 14 of the Terms apply to third-party claims arising out of or related to Customer Data or to any use of the Services in violation of this AUP.

For the avoidance of doubt, the exclusions from limitation of liability in Section 13.3 of the Terms, including Sections 13.3(d) and 13.3(e) of the Terms, apply to Customer's use of the Services in violation of this AUP, Section 5.1 of the Terms, or applicable law, and to any infringement or misappropriation of intellectual property or other third-party rights, including by Customer Data.

Sections 4, 6, 7, and 8 of this Policy, together with any other rights and obligations that by their nature should survive, survive termination or expiration of the Terms.

In the event of any conflict between this AUP and the other provisions of the Terms, the provisions will be read together and harmonized so far as possible; and to the extent a conflict remains, this AUP prevails only with respect to the permitted content, conduct, and enforcement matters it addresses, while Sections 9 (Term and Termination), 12 (Warranties and Disclaimers), 13 (Limitation of Liability), and 14 (Customer Indemnification) of the Terms continue to govern their respective subject matter. The applicable Order Form controls to the extent it expressly addresses a matter, consistent with the Miscellaneous section of the Terms, and the DPA continues to prevail with respect to the processing of Personal Data.