Acceptable Use Policy

Last updated: February 9, 2026

This Acceptable Use Policy (“Policy”) describes rules that apply to your use of the TruUp application, website, and related services (the “Services”) provided by TruUp (“TruUp”, “we”, “us”, or “our”).

This Policy is part of, and incorporated into, our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service. If you do not agree with this Policy, you must not use the Services.

1. General Responsibilities

You are responsible for:

  • All use of the Services under your account, including by your employees, contractors, and other authorized users.
  • Ensuring that your use of the Services complies with this Policy, the Terms of Service, and all applicable laws and regulations.
  • Maintaining the security of your login credentials and any systems you use to access the Services.

You must promptly notify us if you become aware of any unauthorized use of your account or any breach of security.

2. Prohibited Activities

You may not use, or attempt to use, the Services in any way that:

  • Violates any applicable law or regulation.
  • Infringes, misappropriates, or violates the rights of others (including privacy, publicity, and intellectual property rights).
  • Interferes with or disrupts the integrity or performance of the Services or any systems, networks, or data.

Without limiting the generality of the above, you must not engage in any of the activities described in this section.

2.1 Illegal or harmful content

You must not use the Services to:

  • Create, store, transmit, or otherwise process any content that is unlawful, harmful, fraudulent, deceptive, defamatory, or obscene.
  • Promote or facilitate violence, terrorism, exploitation, self‑harm, or activities that pose a serious risk of harm to any person or property.
  • Engage in harassment, hate speech, or discrimination against individuals or groups based on protected characteristics.

2.2 Security violations

You must not:

  • Attempt to gain unauthorized access to the Services, other users’ accounts, or any related systems or networks.
  • Probe, scan, or test the vulnerability of the Services or any associated systems without our express written permission.
  • Circumvent, disable, or otherwise interfere with security or authentication features.
  • Deploy or transmit any malicious code, including viruses, worms, Trojan horses, time bombs, or any other code or instructions designed to harm or disrupt systems or data.

2.3 Misuse of the platform and integrations

You must not:

  • Use the Services in a way that violates the terms, policies, or acceptable use standards of any third‑party platform you connect (such as Shopify or accounting platforms).
  • Use integrations or APIs in a manner that exceeds authorized access, breaks rate limits, or undermines the security of the connected platforms.
  • Misrepresent your identity or the identity of your business to platforms, customers, or other third parties when using the Services.

2.4 Interference, abuse, and resource misuse

You must not:

  • Use the Services in a manner that imposes an unreasonable or disproportionately large load on our infrastructure or interferes with the normal operation of the Services.
  • Attempt to overload, flood, or disrupt the Services (for example, through denial‑of‑service attacks, automated requests, or abusive scripts).
  • Use automated means (such as bots, scrapers, or crawlers) to access the Services except as expressly permitted by us in writing or through documented APIs.

2.5 Unauthorized data collection or sharing

You must not use the Services to:

  • Collect, store, or process personal data without a lawful basis and appropriate notices to the individuals concerned.
  • Upload or sync data that you are not legally authorized to process or share with us.
  • Use personal data obtained through the Services for purposes unrelated to the Services or in ways that violate applicable data protection and privacy laws.

If you use TruUp as a merchant, you are responsible for your own privacy practices and for ensuring that your use of the Services complies with your privacy notices and applicable laws.

2.6 Intellectual property and fair use

You must not:

  • Copy, frame, mirror, or otherwise reproduce any part of the Services in a way that is not permitted by the Terms of Service.
  • Use the Services to build a competing product or service that is substantially similar or uses similar ideas or features in violation of applicable law or contractual restrictions.
  • Remove or obscure any proprietary notices, trademarks, or labels in the Services.

3. Protection of Customer and End‑User Data

TruUp often processes data about your customers (for example, order and return data from ecommerce platforms). You must:

  • Only provide or grant access to data that you are legally permitted to share and process.
  • Not intentionally upload or include sensitive categories of personal data (such as health information, biometric data, or information about children) into the Services unless we have explicitly agreed in writing and you have implemented all required safeguards.
  • Implement reasonable measures to restrict access to the Services within your organization to authorized personnel who need the data for legitimate business purposes.

If you become aware that data you have provided to TruUp has been collected or used in violation of applicable laws, you must notify us as soon as reasonably possible.

4. Account and Credential Security

You must:

  • Keep your passwords, API keys, and other access credentials confidential and not share them outside your organization.
  • Use strong, unique passwords and, where available, enable multi‑factor authentication.
  • Promptly revoke access for users who no longer need it (for example, departing employees or contractors).
  • Notify us immediately if you suspect that your account, API credentials, or any part of the Services has been compromised.

You are responsible for all activity that occurs under your account unless you have notified us of a potential compromise and we have had a reasonable opportunity to act.

5. API and Automation Rules

If we provide APIs or automated interfaces, you must:

  • Use them only in accordance with the documentation and any rate limits or usage restrictions we specify.
  • Not attempt to bypass or modify rate limiting, throttling, or other usage controls.
  • Ensure that any automation (such as scripts or integrations) is designed to behave responsibly and not disrupt the Services or connected platforms.

If your use of APIs or automation negatively impacts the stability, performance, or security of the Services, we may throttle, suspend, or terminate API access.

6. Reporting Violations

If you become aware of any actual or suspected violation of this Policy (including unauthorized access to the Services or misuse of data), you should promptly report it using the contact information in the “Contact” section below.

Where appropriate, include:

  • A description of the issue and how it was discovered.
  • Any relevant logs, screenshots, or identifiers (while avoiding sharing unnecessary sensitive data).
  • Contact information so we can follow up with you.

We may ask for additional information to investigate and address the issue.

7. Enforcement and Consequences

We reserve the right, but do not assume any obligation, to monitor use of the Services for compliance with this Policy and to investigate any suspected violations.

If we believe that you or anyone using your account has violated this Policy, or if your use of the Services creates a security, legal, or operational risk, we may, with or without notice and without liability to you:

  • Request that you take corrective action (such as removing certain data or modifying your usage).
  • Suspend or limit your access to some or all of the Services.
  • Terminate your account or your access to the Services in accordance with our Terms of Service.
  • Remove or disable access to content or data that we reasonably believe violates this Policy or applicable law (while seeking to minimize impact on unrelated data where feasible).

We may also cooperate with law enforcement authorities, regulators, or affected third parties as required or permitted by law.

8. Changes to This Acceptable Use Policy

We may update this Policy from time to time to reflect changes in our Services, legal requirements, or operational practices.

When we make material changes, we will:

  • Update the “Last updated” date at the top of this Policy, and
  • Provide additional notice where required by law or in accordance with our Terms of Service (for example, via email, in‑app notice, or a notice on our website).

Your continued use of the Services after the updated Policy becomes effective constitutes your acceptance of the changes. If you do not agree to the updated Policy, you must stop using the Services.

9. Contact

If you have any questions about this Acceptable Use Policy, or if you want to report a violation, you can contact us at:

TruUp TruUp

Email: [email protected] or [email protected]