Browse Legal docs

Acceptable Use Policy

⚠️ DRAFT — NOT YET IN EFFECT

This document is a draft framework and has not been reviewed by legal counsel. It must be reviewed and approved by a qualified attorney before publication or enforcement. Do not publish or reference this document as binding terms until legal review is complete.

Last updated: [DATE TBD on legal review] Governing jurisdiction: [JURISDICTION TBD]

2. Acceptable Use

You may use the Portal and the Service for any of the following:

  • Managing your web presence as intended — viewing and updating your hosted websites, domain settings, and the deliverables we produce for you.
  • Uploading business-related files and content — logos, photos, copy drafts, briefs, contracts, and other materials reasonably connected to the work we're doing for you.
  • Managing DNS records for your domains — adding, editing, and reviewing DNS entries for domains you own or have authority over.
  • Reviewing and approving content created for you — reading drafts, requesting changes, and signing off on articles, posts, and other deliverables we produce.
  • Using Atlas, our AI assistant, for legitimate business queries — asking questions about your account, your projects, your content, your analytics, and how to use the Portal.
  • Submitting support tickets for service-related issues — reporting problems, asking for help, or requesting changes to the work we're doing.
  • Inviting authorized colleagues to access the Portal on your behalf — provided you take responsibility for what they do (see §3).
  • Reading reports and analytics we make available to you — your traffic data, your billing history, your project status, and other dashboards we provide.

This list is illustrative, not exhaustive. The general principle is that any use directly connected to the service we're providing you is acceptable.

3. Prohibited Activities

You agree that you will not, and will not permit anyone using your account or credentials to:

  • Upload malicious files — viruses, worms, trojans, ransomware, malicious scripts, or any other software designed to harm, disrupt, or gain unauthorized access to systems.
  • Attempt to access other clients' data — clients are isolated by design. Trying to read, modify, or enumerate another client's files, accounts, conversations, or any other data is a serious violation.
  • Use the Portal to distribute spam or unsolicited communications — including using mailboxes we manage for you to send bulk unsolicited messages, or using the Portal as a hop in any spam infrastructure.
  • Attempt to circumvent security controls — including but not limited to bypassing authentication, evading rate limits, manipulating audit logs, or exploiting vulnerabilities. If you discover a vulnerability, please report it responsibly to hello@moonfactory.dev.
  • Use Atlas (our AI assistant) to generate harmful, illegal, or abusive content — including content that promotes violence, incites hatred, sexually exploits minors, defames identifiable people, or infringes intellectual property. Atlas is also not to be used as a vector for prompt-injection attacks against the Portal or its connected services.
  • Store illegal content — content that is unlawful in the jurisdiction where you reside, where the data is hosted, or where MoonFactory operates. This includes but is not limited to child sexual abuse material, content that incites terrorism, or content used to commit fraud.
  • Use the Portal for purposes unrelated to your service agreement — the Portal is a working environment for the engagement we have with you. Using it as a general file host, document repository, or tooling platform for unrelated business is outside that scope.
  • Share login links with unauthorized parties — your sign-in links and active sessions are personal to you. Each colleague who needs access should have their own invitation.
  • Engage in automated scraping or bulk API access without authorization — light, ordinary use is fine; programmatic enumeration of endpoints, data exfiltration, or load-generating patterns require prior written consent.
  • Reverse engineer Portal functionality — including disassembling client-side code, probing internal endpoints, or attempting to reconstruct proprietary algorithms or pipelines.
  • Impersonate another person or entity — including misrepresenting your identity to MoonFactory staff, to Atlas, to other clients (where any cross-client interaction occurs), or to third-party services we connect on your behalf.
  • Interfere with the Portal's operation — including denial-of-service attempts, resource exhaustion attacks, or any conduct that degrades availability for other clients.
  • Use the Portal to violate third-party rights — including intellectual property, privacy, or contractual rights of any individual or organization.
  • Use the Portal to violate applicable law — including export control law, sanctions law, anti-money-laundering law, consumer protection law, and data protection law.

This list is not exhaustive. We reserve the right to treat any conduct that endangers the Portal, our clients, our staff, or our partners as a violation of this AUP, even if it is not specifically enumerated here.

4. Content Standards

Any content you upload, generate, store, or transmit through the Service must comply with the following standards:

  • Lawful — content must comply with all applicable laws and regulations, including in the jurisdictions where MoonFactory operates and where the data is hosted.
  • Not defamatory, harassing, or discriminatory — content that defames identifiable people, harasses any individual or group, or discriminates on the basis of race, ethnicity, gender, sexuality, religion, disability, or other protected characteristics is not permitted.
  • Respectful of intellectual property rights — you must have the right to upload, store, and use any content you place in the Portal. This includes copyright, trademark, patent, trade secret, and any other applicable rights. If a takedown notice is received in respect of your content, we may remove the content pending resolution.
  • Compliant with industry-specific regulations — if your business is subject to industry-specific rules (for example, financial services regulations, healthcare privacy rules, or marketing rules for regulated products), you are responsible for ensuring that the content and use you make of the Service is compatible with those rules.
  • Suitable for the platform — content must be reasonably related to the services we provide you and must not introduce material risk to the Portal's other users or to MoonFactory's infrastructure.

You retain ownership of the content you upload, subject to the rights you grant us under your Terms of Service. We do not claim ownership of your business content by virtue of you placing it in the Portal.

5. Resource Limits

To keep the Service performant and fair across all clients, certain limits apply:

  • File uploads. Individual file uploads are limited to 50 MB per file. If you need to share a larger file, contact your account manager — we'll find a way to receive it (typically via a one-time signed upload link or via a sync to managed storage).
  • API and request rates. Some actions have usage limits to ensure fair use across all clients. Ordinary interactive use will not encounter these limits. If you have an automation or integration in mind that requires sustained or bulk requests, please coordinate with us first.
  • Storage. Storage we provide for your business content is sized to your engagement. If your usage is approaching the limits provided under your service agreement, we'll notify you and discuss whether a higher tier is needed.
  • Atlas (AI assistant) usage. Atlas usage is included with your engagement up to a fair-use threshold. If your queries become unusually heavy or sustained, we'll discuss whether a different arrangement makes sense.
  • Email mailboxes. Email accounts we manage for you are subject to the storage and sending limits of the underlying provider (typically Hostinger). We will let you know if you're approaching those limits.

We do not publish exact thresholds for every limit because they vary by engagement and may change over time. If a limit affects you, we'll tell you what it is and discuss the path to a higher allowance.

6. Monitoring and Enforcement

To keep the Service secure and compliant, we monitor activity on the Portal:

  • Audit logging is active. All significant actions in the Portal are recorded — sign-ins, file uploads, configuration changes, content publications, and similar events. The audit log exists for security, compliance, and dispute-resolution purposes. We retain audit records in line with our Privacy Policy and applicable data protection law.
  • Right to monitor for security and compliance. We may monitor traffic, content, and usage patterns where necessary to investigate suspected violations of this AUP, to comply with legal obligations, or to protect the Service's integrity. We do not routinely read your business content; monitoring is targeted to the operational and security purposes set out here.
  • Investigation cooperation. If a credible legal request, court order, or law enforcement inquiry requires us to disclose information about your account or activity, we will respond as required by law and will notify you where we are permitted to do so.

If we believe you have violated this AUP, we may, depending on severity:

  1. Issue a warning — describe the conduct, explain why it concerns us, and ask you to stop or to remediate. Most issues are resolved at this stage.
  2. Restrict service — suspend specific functionality (for example, file uploads, Atlas access, or API access), disable a feature for your account, or apply technical measures to prevent the violation from continuing. Where a restriction affects deliverables, we will discuss alternatives with you.
  3. Suspend access — temporarily suspend your sign-in while we investigate or until the underlying issue is resolved.
  4. Terminate the engagement — for serious or persistent violations, we may terminate your service agreement in accordance with its termination provisions.

For violations that involve illegal content, an active security threat, or a credible threat to other clients or to our infrastructure, we may bypass the warning step and act immediately. We will notify you of the action taken as soon as it is safe and lawful to do so.

We will exercise these rights reasonably and proportionately. The first response to most issues is a conversation, not enforcement.

7. Reporting Violations

If you become aware of conduct that may violate this AUP — whether by you, by another user of your account, or by anyone else — please report it to:

hello@moonfactory.dev

Helpful information to include:

  • A description of what you observed
  • When it happened (date, time, time zone)
  • Any URLs, file names, or identifiers involved
  • Any context that helps us understand the situation
  • Whether you are also reporting it to another party (for example, law enforcement)

We treat reports confidentially. If you ask us not to disclose your identity, we will respect that request to the extent we are legally permitted to do so.

If you are reporting a security vulnerability rather than a usage violation, the same address (hello@moonfactory.dev) is the right place; please mark the message clearly so we can route it to the security team.

8. Modifications

We may update this AUP from time to time to reflect changes in the Service, in our operations, or in the legal and regulatory environment.

When we make changes:

  • Material changes — we will notify you in advance, by email to your Portal contact address and/or by a notice in the Portal, and we will give you a reasonable opportunity to review the new policy before it takes effect.
  • Minor changes — typographical corrections, clarifications, and similar non-substantive edits may be made without advance notice. We will record the change in the document's revision history.
  • Effective date — every published version carries an effective date at the top. Continued use of the Portal after the effective date of a change indicates your acceptance of the updated policy.

If you do not accept a change to this AUP, your remedy is to stop using the Portal and to discuss the situation with us. Where a change is required by law, we will tell you that the change is non-negotiable.

This document supersedes any prior Acceptable Use Policy you have received from us in respect of the Portal.

⚠️ DRAFT — NOT YET IN EFFECT

This document is a draft framework and has not been reviewed by legal counsel. It must be reviewed and approved by a qualified attorney before publication or enforcement. Do not publish or reference this document as binding terms until legal review is complete.