Acceptable Use and Abuse Policy

1. Scope

This Policy applies to all use of ShortURL.bot, including links, redirects, QR codes, hosted pages, forms, domains, APIs, MCP tools, AI features, uploaded assets, analytics, and conversion tracking. It is part of the Terms of Service.

2. Prohibited Content and Conduct

You may not use the Service to create, host, route, promote, collect, track, automate, or distribute any of the following:

• Phishing, credential harvesting, malware, ransomware, botnets, exploit kits, scareware, tech-support scams, or deceptive login pages.
• Spam, unsolicited commercial messages, list bombing, deceptive sender identity, unlawful marketing, or messages that violate anti-spam laws.
• Fraud, scams, impersonation, fake giveaways, fake invoices, romance scams, investment scams, crypto scams, payment diversion, or deceptive redirects.
• Child sexual abuse material, child exploitation, grooming, sexualization of minors, or attempts to evade reporting or detection of such content.
• Terrorist, violent extremist, or organized-crime support, recruitment, financing, operational guidance, or praise where prohibited by law or platform policy.
• Illegal goods or services, controlled substances, weapons, counterfeit goods, stolen data, doxxing, trafficking, sanctions violations, or evasion of law.
• Content that infringes copyright, trademarks, privacy, publicity, trade secrets, or other third-party rights.
• Harassment, threats, extortion, non-consensual intimate content, hate content, or content intended to harm, intimidate, or exploit people.
• Regulated medical, legal, financial, credit, insurance, employment, housing, education, or high-impact uses without all required licenses, disclosures, consents, and approvals.
• Privacy-invasive tracking, undisclosed conversion tracking, fingerprinting, surveillance, collection of sensitive data without a lawful basis, or misuse of form responses.

3. Platform Abuse

You may not bypass rate limits, quotas, safety scans, abuse filters, authentication, billing controls, plan limits, account restrictions, domain verification, or access controls. You may not use bots, scripts, disposable accounts, rotating IPs, proxies, scraping, enumeration, reverse engineering, load testing, or vulnerability testing except through documented and authorized channels.

4. Customer Responsibilities

You are responsible for your destinations, public pages, forms, embedded pixels, campaigns, domains, API clients, team members, and visitors. You must monitor your account for compromise, remove abusive content promptly, honor legal requests directed to you, and keep your contact and domain data accurate.

5. Enforcement

We may investigate suspected abuse and may block creation, disable or redirect links, quarantine assets, unpublish pages or forms, revoke API keys, disable domains, suspend accounts, preserve evidence, notify affected parties, contact upstream providers, dispute chargebacks, and report suspected illegal activity to service providers, registrars, payment processors, law enforcement, regulators, or other authorities.

Where we restrict, disable, remove, or suspend a specific link, QR code, hosted page, form, or other item of Customer Content based on this Policy, we will, except where law, an active investigation, or a risk of harm requires otherwise, provide the affected customer with a statement of reasons describing the action taken, the factual basis, the category of content involved, the legal or policy basis, whether automated means were used, and how to appeal or provide additional information. This statement may be delivered through the Help Center, dashboard notices, or email. Delivery of a statement of reasons is intended to support the user-notice obligations that apply to us under EU Regulation 2022/2065 (the Digital Services Act) and similar laws.

We are not required to give advance notice where doing so could increase risk, violate law, compromise an investigation, harm users, or allow evidence destruction.

6. Appeals

If you believe enforcement was a mistake, contact the Help Center with the short link, domain, page, form, workspace, affected account, intended destination, business purpose, and any evidence showing lawful use. We may deny appeals where risk remains unresolved.

7. Reporting Abuse

To report abuse, use the Help Center or email admin@shorturl.bot. Include the short link, QR code destination, domain, public page, form URL, screenshots, timestamps, and why you believe it violates this Policy.

8. Transparency Reporting

In support of our obligations under Articles 15 and 24 of EU Regulation 2022/2065 (the Digital Services Act) and equivalent transparency laws, we publish an annual transparency report on a calendar-year basis, typically by 31 March of the following year. The first published report will cover the 2026 calendar year and will be posted in the first quarter of 2027.

The report covers, at a minimum: the total number of content items restricted, disabled, suspended, or otherwise acted upon under this Policy; categories of content (for example phishing, malware, spam, intellectual-property infringement, illegal content); whether decisions were made by automated means, human reviewers, or a combination; appeals received and their outcomes; orders received from Member State authorities under Article 9 of the Digital Services Act; notices received under Article 16 of the Digital Services Act; and DMCA and other intellectual-property notices processed. The methodology and definitions used in each report will be described in that report.

9. UK Online Safety Act — Safety Duties

We treat ShortURL.bot as a user-to-user service in the United Kingdom for the purposes of the UK Online Safety Act 2023, because customer-generated content published through AI Smart Pages, hosted pages, forms, and similar features may be encountered by other users. We comply with the Part 3 duties of care that apply to our category of service, including:

• an illegal-content risk assessment and ongoing review;
• a children's-access assessment and, where required, measures to protect children from content that is harmful to them;
• proportionate systems, processes, and controls to minimize the presence, dissemination, and impact of illegal content, including phishing, malware, child sexual exploitation material, terrorist content, and fraud;
• a user complaints process, which for most users is satisfied by the reporting paths in Section 7 of this Policy and in our Law Enforcement and Abuse Requests page;
• record-keeping of our risk assessments and of content decisions as required by applicable Ofcom guidance.

Our Part 3 risk assessments are not published documents but are maintained and reviewed in line with Ofcom guidance. Questions or regulator inquiries about our UK Online Safety Act compliance can be sent to admin@shorturl.bot with the subject line "UK OSA".