Acceptable Use Policy
Last updated: July 12, 2026
This Acceptable Use Policy ("AUP") sets the rules for using Phloz (the "Service"). It is part of, and incorporated by reference into, our Terms of Service. It applies to you, your team members, and anyone you give access to your workspace — including your clients and their contacts. You are responsible for ensuring everyone who uses your workspace follows this AUP.
If we believe a use violates this AUP or creates legal, security, or reputational risk to Phloz or others, we may investigate and take action as described in the Enforcement section — up to and including removing content and suspending or terminating access.
1. Lawful and authorised use only
You may not use the Service to:
- violate any applicable law, regulation, or third-party right;
- infringe intellectual property, publicity, or privacy rights, or misappropriate trade secrets;
- store, promote, or facilitate anything unlawful — including fraud, money laundering, illegal gambling, or the sale of illegal goods or services.
2. Prohibited content
Do not upload, store, or transmit through the Service:
- malware, ransomware, or any code intended to disrupt, damage, or gain unauthorised access to a system;
- content that is defamatory, harassing, threatening, or that depicts or promotes child sexual abuse, violence, or unlawful discrimination;
- personal data you do not have a lawful basis and the necessary rights, notices, and consents to process (see Section 4);
- special-category or highly sensitive data (e.g. government IDs, payment card numbers, health records, precise geolocation) beyond what a client-relationship and marketing-operations tool reasonably requires — Phloz is not designed to be a system of record for such data.
3. Security and platform integrity
You may not:
- access, or attempt to access, any workspace, account, or data that is not yours, or circumvent the Service's tenant isolation, authentication, or authorisation controls;
- probe, scan, or test the vulnerability of the Service, or breach its security or authentication measures — except through good-faith coordinated disclosure under our security.txt;
- interfere with or disrupt the Service, evade rate limits or usage quotas, or impose an unreasonable or disproportionately large load on our infrastructure;
- reverse engineer, decompile, or attempt to derive source code or underlying ideas of the Service, except to the limited extent that applicable law permits despite this restriction;
- resell, sublicense, or provide the Service to a third party except as expressly permitted, or use it to build a competing product or to benchmark for a competitor;
- scrape or use automated means to extract data from the Service except through interfaces we provide for that purpose (such as our export tools or MCP server), and only within their intended scope.
4. Data-protection responsibilities
As between you and Phloz, you are the controller of the personal data you and your team put into your workspace about your own clients and contacts, and Phloz processes it on your behalf under our Data Processing Addendum. You are responsible for:
- having a valid lawful basis, and providing any required notices and obtaining any required consents, before loading personal data into the Service;
- honouring the privacy rights of your own clients and contacts (access, correction, deletion, and similar) — Phloz will support you in responding, but the obligation is yours;
- not using the Service in a way that would cause Phloz to violate a law or a subprocessor's terms.
5. Anti-spam and messaging (CASL, CAN-SPAM, GDPR)
Phloz sends email and messages on your behalf (for example, client conversations, notifications, and portal invitations). When you use these features you must:
- comply with all applicable anti-spam and electronic-messaging laws, including Canada's Anti-Spam Legislation (CASL), the U.S. CAN-SPAM Act, and the EU/UK GDPR and ePrivacy rules;
- have a lawful basis or valid consent to contact each recipient, and keep records of that consent where the law requires it;
- send only to your own clients, contacts, and their authorised representatives — never to purchased, rented, scraped, or harvested lists;
- not send unsolicited bulk or commercial email, phishing, or deceptive content, and not falsify headers, sender identity, or routing information;
- honour opt-out and unsubscribe requests promptly and identify yourself accurately as the sender.
Messaging abuse harms deliverability for every Phloz customer, so we enforce this section strictly.
6. Fair use of shared resources
The Service is a multi-tenant platform with shared compute, storage, email, and rate-limited APIs. Automated, bulk, or integration usage (including via our API or MCP server) must stay within any documented limits and must not degrade the Service for other customers. We may apply reasonable technical limits to protect platform stability.
7. Enforcement
If we reasonably believe a violation has occurred, we may — with or without notice, depending on severity — investigate, remove or disable access to offending content, throttle or suspend the affected feature or account, or suspend or terminate the workspace. We prioritise proportionate action and, where practical and lawful, will tell you what happened and give you a chance to cure. Urgent risks (active security threats, ongoing spam campaigns, legal orders, or risks to others) may require immediate action. We may preserve and disclose information where required by law or to protect the rights, property, or safety of Phloz, our customers, or the public.
8. Reporting abuse
To report a violation of this AUP, email legal@phloz.com. To report a security vulnerability, follow our security.txt.
9. Changes
We may update this AUP as the Service and the legal landscape evolve. We'll revise the "Last updated" date above and, for material changes, notify account holders by email or in-app notice. Continued use after changes take effect constitutes acceptance.
10. Contact
Questions about this policy? Email legal@phloz.com — Phloz, Vancouver, BC, Canada.