Sign in Start free
← Legal Legal

Acceptable Use Policy

Legal·Updated Jun 18, 2026
Draft — under review. This page is being finalized with counsel and is not yet the binding agreement.
Draft — review with qualified counsel before publishing. This document states the rules PubSentry intends to enforce, in plain language, so a lawyer can turn it into a binding policy. It is not legal advice and is not the final agreement. Bracketed placeholders must be completed before this page goes live.

This Acceptable Use Policy (the "AUP") governs how you may use the PubSentry service, dashboard, detection tag, APIs, and website (together, the "Service") provided by [LEGAL ENTITY NAME] ("PubSentry," "we," "us"). It is part of our Terms of Service. By using the Service you agree to this AUP; where it and the Terms overlap, the broader restriction controls.

Effective date: [EFFECTIVE DATE] Provider: [LEGAL ENTITY NAME], [REGISTERED ADDRESS] — report abuse to [DPO/CONTACT EMAIL]. Governing law: [GOVERNING JURISDICTION].

1. The spirit of this policy

PubSentry exists to detect and prevent invalid traffic (IVT) and ad fraud and to protect a publisher's revenue and standing with ad networks. Everything below follows from one principle: the Service must never be used to do the opposite of what it is for. If a use would help someone commit, conceal, or profit from ad fraud — or would degrade the Service for other customers — it is prohibited, whether or not it is named explicitly here.

2. Lawful publisher use only

You may use the Service only:

  • On websites and properties you own or are authorized to operate, and only to protect ad traffic on those properties;
  • In compliance with all applicable laws, including data-protection, anti-fraud, computer-misuse, and consumer-protection law in [GOVERNING JURISDICTION] and any jurisdiction where your visitors are located;
  • In compliance with the program policies of the ad networks you run; and
  • With the notices, lawful basis, and consents required to deploy the tag on your sites, as described in our Privacy Policy and DPA — you are the data controller for visitor signals; we are your processor.

You must be able to form a binding contract in [GOVERNING JURISDICTION] and must not be barred from receiving the Service under applicable law or sanctions.

3. No facilitating fraud

You must not use the Service, or any output or insight from it, to:

  • Manufacture, launder, inflate, or disguise traffic of any kind — including bot traffic, paid-to-click schemes, incentivized clicks, pop-unders, forced redirects, or any other artificial or invalid ad activity;
  • Reverse-engineer another party's fraud controls — for example, using our verdicts, signals, scores, or thresholds to learn what an ad network or fraud system flags, in order to make invalid traffic harder to detect;
  • Misrepresent PubSentry's verdicts or statistics to ad networks, advertisers, partners, auditors, or investors — including presenting unfiltered, simulated, demo, or selectively edited results as verified clean traffic;
  • Generate, replay, or spoof beacons, clicks, or events to fabricate or distort the data we process;
  • Use the Service in connection with any malware, click injection, ad injection, cookie stuffing, attribution fraud, or other activity prohibited by an ad network or by law.

The Service is designed to fail open and to err away from blocking real humans — it is a detection product, not a guarantee. You must not rely on, or represent, the absence of a block as proof that traffic is valid.

4. No reverse engineering

Except to the narrow extent that applicable law expressly permits and that right cannot lawfully be waived, you must not, and must not permit anyone to:

  • Reverse-engineer, decompile, disassemble, or derive the source of the detection tag, scoring engine, edge worker, or any other non-open component of the Service;
  • Extract, copy, or republish our detection logic, rules, thresholds, signal definitions, calibration data, or model weights;
  • Use the Service to build, train, or benchmark a competing IVT or ad-fraud product, or to assist a third party in doing so;
  • Remove, obscure, or alter any proprietary notice, identifier, or security mechanism in the tag or APIs.

Studying the publicly served tag as it runs in your own browser is not by itself a breach; weaponizing what you learn to defeat detection (see Section 3) is.

5. No abuse of the API or tag

The tag and our endpoints (including /v1/beacon, /v1/click, /v1/site-config, and the authenticated /v1 APIs) are provided for legitimate use of your own account. You must not:

  • Probe, scan, or test the security of the Service, or access endpoints, accounts, sites, or data that are not yours — including any attempt to reach our backend services directly. Those services are bound to localhost behind our reverse proxy by design; bypassing that boundary, our authentication, or our same-origin controls is prohibited;
  • Circumvent, tamper with, or exceed the volume limits, rate limits, paywall, or plan boundaries enforced on your account (pageviews, site count, and history window are enforced per plan);
  • Send malformed, high-volume, or automated traffic intended to overload, degrade, or deny service, or to evade our in-flight and rate-limit protections;
  • Install the tag on a property you do not control, or impersonate another site, account, or data-site identifier;
  • Scrape, crawl, or harvest the dashboard or APIs beyond your own data, or use credentials or sessions that are not yours;
  • Upload or transmit unlawful, infringing, deceptive, or malicious content, or use the Service to attack, surveil, or harm any third party.

Attempting to undo, probe, or work around these protections is a serious breach.

6. Protecting other customers and the platform

The Service is multi-tenant. You must not take any action that compromises the security, integrity, availability, or privacy of the platform or of other customers — including reading another account's events, sites, configuration, billing, or reputation data, or interfering with shared infrastructure. Because raw IP and User-Agent are hashed with HMAC-SHA256 and then dropped (never stored raw), you must not attempt to re-identify or correlate hashed or aggregated data back to individuals.

7. Reporting abuse and vulnerabilities

If you discover a security vulnerability or a misuse of the Service, please report it to [DPO/CONTACT EMAIL] rather than exploiting, publicizing, or testing it further. Good-faith reports that respect this AUP and give us a reasonable time to remediate are welcome. [Confirm with counsel whether to publish a formal vulnerability-disclosure or safe-harbor statement.]

8. Enforcement

We may investigate suspected violations and cooperate with law enforcement and ad-network partners where appropriate. Where we reasonably believe continued use threatens the security, integrity, or lawful operation of the Service, ourselves, our partners, or other customers, we may — with or without prior notice, and in our reasonable discretion — throttle, restrict, or suspend access; disable offending content, rules, or configurations; terminate the account consistent with the Terms of Service; or take any step required by law, by a payment, ad-network, or infrastructure provider, or to prevent ongoing harm.

We will aim to be proportionate, but conduct that facilitates fraud, attacks the platform, or endangers other customers may be acted on immediately. Suspension or termination for an AUP breach does not entitle you to a refund (see the Terms).

9. Changes to this policy

We may update this AUP as the Service, our threat landscape, and our providers evolve. Material changes will be reflected by a new effective date and, where appropriate, notice to account-holders. Continued use after changes take effect constitutes acceptance.

Contact

Questions or abuse reports: [DPO/CONTACT EMAIL] — [LEGAL ENTITY NAME], [REGISTERED ADDRESS].

Draft for internal review. Do not treat any statement here as final or as legal advice until [LEGAL ENTITY NAME] has had it reviewed by qualified counsel.

Stop invalid traffic before the ad fires. Score every visitor, block the invalid ones pre-serve, protect your account. Free for your first 500 pageviews.
Start free →