Cendigo
Legal

Acceptable Use Policy

Effective 2026-03-27. Versioned in the Cendigo policy hub.

Back to Legal Hub

1. Scope

This Acceptable Use Policy ("AUP") applies to any person or entity that accesses or uses Cendigo websites, dashboards, APIs, hosted environments, or supporting services. By using the services you agree to follow this AUP in addition to the Terms of Service.

2. Prohibited content

  • Illegal content under applicable law of the user, the audience, or Cendigo's operating jurisdictions
  • Sexual content involving minors, or content that exploits or endangers minors in any way
  • Content that incites violence, terrorism, self-harm, or genocide
  • Hate speech targeting protected classes (race, ethnicity, religion, national origin, sexual orientation, gender identity, disability)
  • Content that infringes intellectual property, trade secrets, publicity, or privacy rights
  • Defamatory, fraudulent, or deceptive content (including impersonation and forged headers)
  • Regulated content offered without required licenses (firearms, pharmaceuticals, gambling, financial advice)

3. Prohibited activities

  • Spam, unsolicited bulk email, SMS pumping, or comment/affiliate spam
  • Phishing, credential harvesting, fake login pages, or social engineering kits
  • Distribution of malware, ransomware, cryptominers, droppers, or rootkits
  • Denial-of-service, amplification attacks, or traffic flooding (originating or targeting)
  • Unauthorized scanning, fingerprinting, probing, or penetration testing of Cendigo systems
  • Circumventing rate limits, authentication, authorization, or billing controls
  • Scraping platform interfaces in violation of robots directives or rate limits
  • Operating tor exit relays, open proxies, anonymizing relays, or open mail relays on Cendigo infrastructure
  • Mining or staking cryptocurrency, or hosting unattended high-CPU/long-running workloads
  • Reselling Cendigo capacity to third parties outside an authorized partner program

4. Mail and messaging

All outbound mail must comply with CAN-SPAM, CASL, GDPR/PECR, and any other applicable anti-spam regulation. Marketing email requires verifiable consent, accurate sender identity, accurate subject lines, and a working one-click unsubscribe. Cendigo may throttle, quarantine, or block outbound traffic that triggers feedback loops, blocklist hits, or abuse reports.

5. Security expectations

  • Use unique, strong passwords and enable MFA where offered
  • Promptly rotate credentials, API keys, and tokens after suspected compromise
  • Report vulnerabilities to security@cendigo.com — do not exploit them
  • Do not upload customer payment card data into general-purpose forms or storage

6. Reporting abuse

Report suspected violations to abuse@cendigo.com with the affected URL, timestamps, headers or logs if available, and a short description. We acknowledge actionable abuse reports within one business day and prioritize active harm (phishing, malware, CSAM).

7. Enforcement

Depending on severity and history we may: contact the account owner, throttle traffic, remove specific content, suspend the affected site, suspend the account, terminate the agreement, preserve evidence under legal hold, or cooperate with law enforcement. We aim to provide notice before suspension when safe and feasible; for active harm (CSAM, ongoing phishing, active attacks) we act first and notify after.

8. Appeals

Account owners may appeal enforcement actions by replying to the enforcement notice or emailing trust@cendigo.com within 30 days. Appeals are reviewed by a person who was not the original enforcer.

9. Changes

We may update this AUP as threats evolve. Material changes are summarized in the Trust Center change log and announced in-product at least 14 days before they take effect.