Acceptable Use Policy

What you may not do with the Free Tool and the Pro Service, and what happens if you do.

Version 1.0 (pending counsel review). Last updated 2026-04-17. Effective 2026-04-24. This Acceptable Use Policy (the "AUP") is incorporated by reference into the Terms of Service.

1. Scope

This AUP applies to all use of Abundera QR, including the free generator at qr.abundera.ai and the paid Pro Service at pro.qr.abundera.ai. If you use either product, you agree to this AUP. Violation is grounds for remediation up to and including account termination, as described in Section 5.

2. What you may not do

You may not use Abundera QR — directly or indirectly, through a dynamic QR code's destination URL, through an API integration, or through any other means — to:

2.1 Illegal or harmful content

• Distribute, link to, or redirect to content that is illegal in the United States or in the jurisdiction where your scanners are located.
• Facilitate the sexual exploitation of minors in any form. We cooperate with law enforcement, preserve records, and report as required by 18 U.S.C. § 2258A.
• Facilitate human trafficking, terrorism, incitement to violence, or credible threats against specific individuals or groups.
• Distribute malware, ransomware, spyware, cryptominers, rootkits, or any code that installs or executes without explicit informed consent.

2.2 Fraud, phishing, impersonation

• Phishing — impersonating a bank, government agency, delivery service, employer, or other trusted party to collect credentials, payment details, or personal information.
• Fraudulent merchant activity, fake charities, fake e-commerce storefronts, or payment-redirect schemes that deceive scanners into paying the wrong recipient.
• Impersonating another person, company, or organization without authorization.
• Redirecting to typosquatting domains intended to deceive.

2.3 Intellectual property and trademark infringement

• Using the service to direct traffic to counterfeit goods, copyright-infringing downloads, or pirated streams.
• Embedding a third party's registered trademark in a dynamic QR code or its destination URL in a way likely to confuse scanners as to sponsorship or affiliation.
• Circumventing technical protection measures or DRM.

2.4 Abuse of the platform itself

• Bot-amplified scan traffic — using automation to manufacture scan volume on your own or anyone else's codes for the purpose of inflating analytics, triggering scan-cap alerts against a competitor, or stressing our infrastructure.
• Extortion scenarios — threatening to direct high volumes of scans at a competitor's code or at our service unless a payment is made.
• Rate-limit evasion — rotating shortcodes, accounts, or API keys to evade our documented rate limits.
• Probing the service for vulnerabilities outside the scope of responsible disclosure.
• Reverse-engineering the service, scraping the full catalog of shortcodes, or attempting to enumerate other customers' codes or data.

2.5 Privacy and security violations against others

• Using dynamic QR codes to track the location or behavior of individuals without their consent.
• Harassment, doxing, or stalking via QR redirects.
• Unauthorized data collection from scanners via the destination URL (e.g., covert fingerprinting, session hijacking).

2.6 Spam and unsolicited distribution

• Distributing QR codes via spam email, robocalls, unsolicited SMS, leaflets in prohibited areas, or stickers placed on property you do not control.
• Using the service in campaigns that violate the CAN-SPAM Act (US), CASL (Canada), GDPR Art. 6 consent rules (EU/EEA), or equivalent regional anti-spam laws.

2.7 Sanctioned parties and destinations

• Using the service in countries subject to US sanctions, or on behalf of any person or entity listed on the US OFAC Specially Designated Nationals list, EU sanctions lists, or UK sanctions lists.

3. Examples of acceptable use

To avoid ambiguity, the following are expressly permitted:

• Printing dynamic QR codes on restaurant menus, event signage, product packaging, lanyards, business cards, posters, and similar physical materials where scanners have a reasonable expectation of what the code will do.
• Running legitimate marketing campaigns with dynamic QR codes where the destination URL is accurately represented in surrounding context.
• Security research conducted under the responsible-disclosure policy at security@abundera.ai, with advance notice.
• Sharing scan data with your own vendors and partners where you have the legal right to do so, subject to your own privacy obligations.
• Load testing your own account's codes at reasonable volumes, with advance notice to support@abundera.ai so we can size capacity in advance.

4. What we do when we see abuse

Our enforcement is deliberately tiered. We try to remediate rather than suspend, but severe cases skip tiers.

1. Notify. We email the account owner describing the behavior we observed, the AUP provision it violates, and the timeline for remediation. Most issues stop here.
2. Throttle. For ongoing abuse during or after the notice window, we may apply a rate limit to the affected code or the account as a whole. We will tell you we have done so.
3. Suspend. For severe or unresolved abuse, we suspend account writes (new codes, edits) while redirects continue resolving. This preserves legitimate printed campaigns from third parties who scanned the code in good faith while the dispute is investigated.
4. Terminate. For the most severe or repeat violations, we terminate the account. Dynamic redirects stop resolving per the account-deletion schedule in the Terms of Service. Any prepaid-but-unused balance is non-refundable in termination-for-cause cases.

Severe categories skip tiers: confirmed CSAM (Section 2.1) triggers immediate termination plus required NCMEC reporting under 18 U.S.C. § 2258A. Active phishing campaigns (Section 2.2) trigger immediate code-level suspension. Active malware distribution (Section 2.1) triggers immediate code-level suspension plus account review.

5. Appeals

If we take enforcement action and you believe it was in error, reply to the enforcement email within thirty (30) days, or send a fresh appeal to appeals@abundera.ai. Include the account email, the action taken, and the specific reason you believe the action was mistaken. We will review within ten (10) business days and respond in writing. An appeals decision is final for that specific action; it does not waive future enforcement for separate conduct.

6. Reporting abuse to us

If you encounter a dynamic QR code served by Abundera (URL shape qr.abundera.ai/r/*) that appears to violate this AUP, report it to abuse@abundera.ai. Include: the full shortcode URL, what you observed, any screenshots, and (if different) where you encountered the code. We triage same-day on business days and within 48 hours otherwise. For suspected CSAM, report directly to the NCMEC CyberTipline; we cannot advance that process faster than NCMEC's own intake.

7. Law-enforcement and legal requests

We respond to valid legal process (subpoenas, court orders, MLAT requests for US conduct) per our standard compliance posture. Emergency requests for imminent threat to life are processed 24/7 via security@abundera.ai with a separate intake form. We publish an annual transparency report summarizing aggregate numbers of requests received and actions taken.

8. Changes to this policy

We may update this AUP to address new abuse vectors. Material changes are notified by email to Pro account holders at least thirty (30) days in advance. Non-material clarifications (examples, phrasing) take effect on posting. The effective date at the top of this page reflects the current version.

9. Contact

• Reports of abuse: abuse@abundera.ai
• Appeals of enforcement actions: appeals@abundera.ai
• Security disclosures: security@abundera.ai
• General questions: support@abundera.ai

Abundera, Inc., 200 W Sahara Ave, Unit 3301, Las Vegas, NV 89102, USA.

Version 1.0 — effective 2026-04-24, pending counsel review.