Acceptable Use Policy

This Acceptable Use Policy ("AUP") is part of your agreement with Zerokit and applies to every message and every byte sent through the Service. It exists for one reason: keep the sending reputation of our customers — and of the platform — clean. A few bad senders can degrade deliverability for everyone, which is why the rules below are enforced strictly.

1. Transactional vs. marketing email

Zerokit is built for transactional and operational email: messages triggered by a specific user action or relationship — sign-up confirmations, password resets, receipts, shipping notifications, security alerts, calendar invites, and similar.

Marketing, newsletter, and promotional email is not enabled by default. Customers who need to send these classes of email must contact [email protected] in advance to enable the marketing path, accept the additional consent and list-hygiene requirements, and route those messages through the designated streams.

2. Consent and recipient relationship

You must have a legitimate basis to email every recipient: a direct request, an existing customer relationship, or another lawful basis under applicable law (GDPR, CAN-SPAM, CASL, ePrivacy, and local equivalents). You may not send to:

• Purchased, rented, scraped, or harvested address lists.
• Addresses appended from third parties without a clear opt-in path.
• Recipients who have unsubscribed, marked your mail as spam, or previously hard-bounced.
• Role or generic aliases when you have no relationship with them.

3. Prohibited content and use

You may not send, host, or facilitate any of the following:

• Unsolicited bulk email ("spam"), chain letters, or pyramid/MLM solicitations.
• Phishing, brand-impersonation, credential-stealing, or wallet-drainer content; any message that misrepresents the sender, the domain, or the brand it claims to act on behalf of.
• Malware, ransomware, droppers, exploit kits, credential stealers, remote-access trojans, or any executable / link delivery designed to compromise recipients.
• Adult or sexually explicit content sent without an unambiguous opt-in.
• Promotion or facilitation of illegal goods or services — controlled substances, weapons, counterfeit items, fraud-as-a-service, stolen-data trading, money-laundering services.
• Content that incites violence, hate, harassment, or discrimination on the basis of race, ethnicity, national origin, religion, gender identity, sexual orientation, disability, or other protected characteristic.
• Sexual content involving minors, or any content that endangers children. Such content will be reported to authorities.
• Cryptocurrency or financial promotions that are misleading, that target unsophisticated retail audiences with implied returns, or that violate applicable financial-promotion rules.
• Pump-and-dump, "guaranteed returns", get-rich-quick, or MLM recruitment messages.
• Political campaigning or fundraising email sent without the consent and disclosures required by applicable election law.
• High-volume password-reset or one-time-code blasts when used as a delivery vector for harassment or as a smokescreen for account enumeration.

4. Technical hygiene

You agree to:

• Authenticate every sending domain with SPF, DKIM, and DMARC. We provide guided setup and will refuse to send from domains that fail authentication.
• Honor every List-Unsubscribe header and provide a working one-click unsubscribe on any message that is not strictly transactional.
• Maintain healthy lists — remove hard bounces and complainers promptly; respect opt-out requests within 10 days at the latest.
• Keep complaint rates below 0.1% and hard-bounce rates below 5%. We may rate-limit or suspend sending that exceeds these thresholds, regardless of intent.
• Use API keys with the minimum necessary scopes and rotate them when team members leave.

5. Platform misuse

You may not:

• Attempt to probe, scan, or test the vulnerability of the Service or circumvent its security controls without our prior written consent (see our security-research process below).
• Reverse-engineer, decompile, or attempt to extract the source code of the Service, except where this restriction is prohibited by law.
• Use the Service to build a directly competing product or benchmark it for publication without our consent.
• Resell, sublicense, or white-label the Service except under a separate written agreement.
• Interfere with other customers' use, exhaust shared resources deliberately, or evade rate limits via account-splitting.

6. Reporting abuse

If you receive spam, phishing, or other abusive email that appears to originate from Zerokit, please forward the full message with headers to [email protected]. We investigate every credible report and act on confirmed abuse promptly.

Security researchers can report vulnerabilities to [email protected]. We will not pursue legal action against good-faith research that respects the scope on our Security page.

7. Enforcement

We can throttle, suspend, or terminate accounts that violate this AUP — with or without prior notice — depending on the severity of the violation and the risk to other customers and recipients. In cases of imminent harm (active phishing campaigns, deliverability attacks, etc.) suspension is immediate.

Repeated minor violations may be handled with warnings, sending quotas, mandatory account review, or feature restrictions. We log enforcement actions and may share aggregate or anonymized data with peer providers to combat industry-wide abuse.

8. Changes

We may update this AUP from time to time. Continued use of the Service after the effective date constitutes acceptance.