Acceptable Use Policy
ReflectHub OÜ — English
ReflectHub OÜ — Legal Documentation
Acceptable Use Policy
ReflectHub OÜ
Effective date: 2026-07-07
Last updated: 2026-07-07
Version: v1.0
This Acceptable Use Policy (this "AUP" or this "Policy") governs the content that Customer and its Authorized Users may submit to, and the conduct permitted on, the ReflectHub Services. This AUP forms part of, and is incorporated by reference into, the ReflectHub Terms of Service (the "Terms"). Capitalized terms used but not defined in this AUP have the meanings given to them in the Terms. A breach of this AUP is a breach of the Terms.
Scope and Customer Responsibility
This AUP applies to all access to and use of the Services and to all Customer Data. Customer and its Authorized Users must comply with this AUP at all times. References in this AUP to "content" mean Customer Data and any content it contains.
Consistent with Section 6 of the Terms, Customer is responsible for ensuring that it and its Authorized Users comply with this AUP, and Customer remains solely responsible for Customer Data and for all activity conducted under its Account.
A violation of this AUP is a breach of the Terms. A material violation, or a failure to cure a curable violation promptly after notice, constitutes a material breach. Violations involving child sexual abuse material ("CSAM"), credible threats to the life or safety of any person, malicious security activity, or other serious unlawful conduct may be treated as material and, where appropriate, incapable of cure. Any such breach may result in action under Section 4 of this Policy, Section 4 of the Terms, or Section 9 of the Terms, and need not be cured before ReflectHub exercises rights that Section 9 of the Terms permits it to exercise immediately. ReflectHub will apply and enforce this AUP in a diligent, objective, and proportionate manner.
Prohibited Content
Customer and its Authorized Users must not upload, store, transmit, share, or otherwise make available through the Services any content that:
- is illegal under applicable law, or that promotes, facilitates, or incites unlawful activity;
- infringes or misappropriates any patent, copyright, trademark, trade secret, database right, or other intellectual property or proprietary right of any third party, or otherwise violates the contractual or other legal rights of any third party;
- constitutes, contains, advertises, or facilitates access to CSAM, or that otherwise sexually exploits, endangers, or depicts the abuse of minors;
- facilitates, promotes, provides instructional information about, or incites terrorism, violent extremism, or serious violence against persons;
- is hateful, harassing, bullying, abusive, or threatening, or is unlawfully discriminatory or defamatory;
- is fraudulent, deceptive, or misleading, or that promotes, facilitates, or constitutes phishing, spoofing, pharming, scams, or pyramid or Ponzi schemes;
- promotes, encourages, glorifies, or provides instructions for suicide, self-harm, or eating disorders;
- constitutes, promotes, or facilitates stalkerware, spyware, or other software or services designed to surveil, track, or monitor a person without their knowledge or consent;
- constitutes non-consensual intimate imagery, or discloses another person's private or identifying information without authorization for the purpose of harassment, intimidation, or exposure (doxxing);
- unlawfully violates the privacy, data-protection, or publicity rights of any person, including the unlawful collection, disclosure, or processing of personal data;
- consists of Customer Data requiring sector-specific, regulated, or high-risk safeguards that the Services are not designated to provide — including payment-card data subject to PCI DSS, protected health information, government-classified information, biometric identification data, or other regulated data of comparable sensitivity — except where ReflectHub has expressly agreed in writing, including in an Order Form or the DPA, to support such data;
- violates applicable export-control, sanctions, or trade-restriction laws; or
- consists of, contains, or is intended to deliver malware or other malicious code, further to and without limiting Section 5.1 of the Terms.
The restriction on regulated or high-risk data does not prohibit Customer from submitting ordinary business, project, account, contact, role, access, or collaboration data that the Services are designed to process, provided Customer has the rights, consents, and legal bases required under applicable law.
Prohibited Conduct
In addition to the technical restrictions set out in Section 5.1 of the Terms, which apply in full and are not restated here, Customer and its Authorized Users must not use the Services to:
- send, facilitate, or support spam or unsolicited bulk or commercial messaging;
- disseminate, distribute, publish, or otherwise make available to third parties any content prohibited under Section 2 of this Policy;
- impersonate any person or entity, or misrepresent an affiliation with any person or entity;
- conduct or facilitate phishing, social engineering, credential harvesting, or the distribution of malware to any third party;
- launch, participate in, or facilitate any denial-of-service or distributed denial-of-service attack, botnet, or other intrusion or disruption directed at any third party, network, or system;
- circumvent, disable, or attempt to circumvent any Usage Limits, access controls, authentication, rate limits, or security measures of the Services;
- access, or attempt to access, any Account, Customer Data, or other data of another customer or Authorized User without authorization;
- carry out cryptocurrency mining or other resource-intensive workloads unrelated to Customer's authorized use, or otherwise consume Service resources to evade Usage Limits;
- create Accounts or Authorized User identities by automated or fraudulent means, or create or use multiple Accounts to evade Usage Limits, trial eligibility under Section 9.1 of the Terms, a suspension or termination, or any other restriction under the Terms;
- scrape, crawl, harvest, or otherwise extract data from the Services by automated means, except through APIs or other interfaces expressly made available by ReflectHub and within their documented limits; or
- operate or rely on the Services in any high-risk or safety-critical activity where failure could lead to death, personal injury, or severe physical, environmental, or property damage, including life-support, emergency-response, or industrial-control systems.
No General Monitoring; Right to Act
ReflectHub is under no obligation to monitor Customer Data and does not generally monitor the content that Customer or its Authorized Users store, transmit, or make available through the Services. Nothing in this AUP requires ReflectHub to seek facts or circumstances indicating illegal activity, and ReflectHub's exercise of the rights in this Section does not constitute general monitoring or confer on ReflectHub knowledge or control of Customer Data.
ReflectHub nevertheless reserves the right, but assumes no obligation, to review content and activity on the Services where it reasonably considers this appropriate, including in response to a notice under Section 5 of this Policy.
Where ReflectHub reasonably believes that this AUP has been violated, or where required to do so by applicable law or by a competent authority, ReflectHub may remove, disable, restrict, quarantine, or block access to specific Customer Data, including any content it contains, and may restrict or suspend the access of specific Authorized Users, without necessarily suspending or terminating the entire Account. ReflectHub may take any such measure immediately and without prior notice where the relevant content or conduct is manifestly illegal, poses a risk to the safety of any person, threatens the security, integrity, or availability of the Services, concerns CSAM, or where immediate action is required by applicable law or by an order of a competent authority. ReflectHub will otherwise use commercially reasonable efforts to apply such measures proportionately and to limit them to the affected content or access where feasible.
Restoration of quarantined content or reinstatement of suspended access is at ReflectHub's reasonable discretion once it is satisfied that the violation has been remedied. ReflectHub may recover its reasonable costs of investigating and remediating a violation of this AUP that is attributable to Customer or an Authorized User.
The measures described in this Section 4 of this Policy are additional to, and independent of, ReflectHub's suspension rights under Section 4 of the Terms and its suspension and termination rights under Section 9 of the Terms.
To the maximum extent permitted by applicable law, ReflectHub will have no liability to Customer or any Authorized User, and Customer will not be entitled to any refund, credit, service extension, set-off, or damages, as a result of any removal, disabling, restriction, quarantine, suspension, termination, preservation, or reporting action taken in good faith under this AUP. Fees paid for the affected period remain non-refundable in accordance with Sections 8 and 9 of the Terms.
Reporting, Notices, and Legal Contact
ReflectHub's single point of contact for legal, Digital Services Act, abuse, and acceptable-use notices is legal@reflecthub.com. Communications may be sent in English or Estonian.
Any person or entity, including an Authorized User or a third party, may notify ReflectHub of content available through the Services that they consider to be illegal or in violation of this AUP by contacting legal@reflecthub.com.
To enable ReflectHub to assess a notice, the notice should include: (a) a sufficiently substantiated explanation of the reasons why the content is alleged to be illegal or in violation of this AUP; (b) a clear indication of the precise electronic location of the content, such as the URL, identifier, or location within the Services; (c) the name and contact details, including an email address, of the person or entity submitting the notice, except where the notice concerns content involving one of the offences referred to in Articles 3 to 7 of Directive 2011/93/EU, or other content for which applicable law does not require the notifier to be identified; and (d) a statement confirming the notifier's good-faith belief that the information in the notice is accurate and complete.
ReflectHub will handle notices in a timely, diligent, non-arbitrary, and objective manner. Where a notice allows ReflectHub, acting as a diligent operator, to identify the illegality of the content without a detailed legal examination, ReflectHub will act expeditiously in respect of it. Where required by applicable law and where the notice includes contact details, ReflectHub will confirm receipt of the notice, notify the notifier of its decision in respect of the content, and provide information on the possibilities for redress in respect of that decision. Where ReflectHub uses automated means to process or decide on a notice, and where required by applicable law, it will inform the notifier of that fact.
The notice-handling and complaint-handling commitments in this Section 5 and Section 6 of this Policy are legal-compliance measures and are not "support" for the purposes of the Service Levels, Support, and Beta Features section of the Terms.
Statement of Reasons and Complaints
Where ReflectHub removes, disables, restricts, quarantines, or blocks access to content or access under this AUP, it will, where required by applicable law and to the extent not prohibited, inform the affected Customer and, where applicable, the affected Authorized User of the decision and provide a clear and specific statement of the reasons for it.
Where the Digital Services Act applies, the statement of reasons will contain the information required by applicable law, including, where relevant, the territorial scope and duration of the measure, the facts and circumstances relied on, whether the decision was taken pursuant to a notice or on ReflectHub's own initiative, whether automated means were used, the legal or contractual ground relied on, and information on available means of redress. ReflectHub may withhold or delay such information where doing so is prohibited by law or is necessary for law-enforcement, security, safety, or ongoing-investigation reasons.
Where required by applicable law, or where ReflectHub elects to offer it in a particular case, the affected Customer may contest a decision by contacting legal@reflecthub.com within the period and in the manner communicated with the decision. ReflectHub will handle such complaints in a timely, non-discriminatory, diligent, and non-arbitrary manner. Decisions on complaints will not be taken solely on the basis of automated means where applicable law requires human review. ReflectHub will reverse a decision without undue delay where the complaint demonstrates that the content or access is not unlawful and does not violate this AUP.
Nothing in this AUP is an acknowledgment that ReflectHub is an "online platform" within the meaning of Article 3(i) of the Digital Services Act, and ReflectHub does not thereby assume obligations that the Digital Services Act imposes only on providers of online platforms, including Articles 20 to 28. Any complaint-handling mechanism that ReflectHub offers beyond mandatory legal requirements is offered as a voluntary measure.
Legal Reporting and Preservation of Evidence
Where required by applicable law, or where ReflectHub becomes aware of information giving rise to a suspicion that a criminal offence involving a threat to the life or safety of one or more persons has taken place, is taking place, or is likely to take place, ReflectHub may, and where legally required will, report the relevant information to the competent law-enforcement or judicial authorities, including as required by Article 18 of the Digital Services Act where it applies. In particular, ReflectHub will report and, where applicable, preserve CSAM and related records as required by law.
ReflectHub may preserve content, logs, and related records where reasonably necessary to comply with a legal obligation, to respond to a lawful request from a competent authority, to protect the security, integrity, or availability of the Services, or to establish, exercise, or defend legal claims.
ReflectHub may take any action under this Section 7 of this Policy without prior notice to Customer or the affected Authorized User where such notice is prohibited by law or would be likely to compromise an investigation, the safety of any person, or the integrity or security of the Services.
Relationship to the Terms
This AUP forms part of the Terms, and capitalized terms used but not defined in this AUP have the meanings given to them in the Terms.
To the extent ReflectHub processes Personal Data contained in Customer Data solely to provide, secure, maintain, restore, or support the Services, ReflectHub acts as processor under the DPA. To the extent ReflectHub processes Personal Data to enforce this AUP or the Terms, prevent or investigate abuse, comply with legal obligations, respond to competent authorities, protect the Services, or establish, exercise, or defend legal claims, ReflectHub may act as an independent controller on the legal bases in Article 6(1)(c) and Article 6(1)(f) GDPR. The DPA governs processing of Personal Data by ReflectHub as processor and prevails in the event of any conflict on data-protection matters.
Without limiting Section 14 of the Terms, Customer's indemnification obligations under Section 14 of the Terms apply to third-party claims arising out of or related to Customer Data or to any use of the Services in violation of this AUP.
For the avoidance of doubt, the exclusions from limitation of liability in Section 13.3 of the Terms, including Sections 13.3(d) and 13.3(e) of the Terms, apply to Customer's use of the Services in violation of this AUP, Section 5.1 of the Terms, or applicable law, and to any infringement or misappropriation of intellectual property or other third-party rights, including by Customer Data.
Sections 4, 6, 7, and 8 of this Policy, together with any other rights and obligations that by their nature should survive, survive termination or expiration of the Terms.
In the event of any conflict between this AUP and the other provisions of the Terms, the provisions will be read together and harmonized so far as possible; and to the extent a conflict remains, this AUP prevails only with respect to the permitted content, conduct, and enforcement matters it addresses, while Sections 9 (Term and Termination), 12 (Warranties and Disclaimers), 13 (Limitation of Liability), and 14 (Customer Indemnification) of the Terms continue to govern their respective subject matter. The applicable Order Form controls to the extent it expressly addresses a matter, consistent with the Miscellaneous section of the Terms, and the DPA continues to prevail with respect to the processing of Personal Data.