Anti-Abuse Protection

Effective date: September 14, 2025 • Replaces all prior versions

This Anti‑Abuse Policy (the “Policy”) explains prohibited behaviors and enforcement mechanics for using Piixoo. It applies to all accounts, end users, and traffic sent through our email automation platform and related services (the “Services”). This Policy complements our Sending Policy, Terms of Service, Privacy Policy, and DPA.

1) Prohibited Conduct

A. Unsolicited & Deceptive Messaging

• Sending unsolicited or bulk emails without valid, provable consent (opt‑in) or other lawful basis.
• Using purchased, rented, scraped, or appended lists; directory harvest attacks; dictionary attacks.
• Deceptive headers or subjects, brand impersonation, spoofing, forged domains, or false identities.

B. Harmful, Illegal, or Abusive Content

• Phishing, malware, spyware, or code intended to harm or exfiltrate data.
• Illegal goods or services; child sexual abuse material; incitement to violence or hate; doxxing.
• Infringing, defamatory, or otherwise unlawful content; violations of privacy or publicity rights.

C. Technical Abuse & Network Interference

• Circumventing rate limits, warm‑up, reputation safeguards, or authentication requirements.
• Probing or disrupting infrastructure; abusive API usage; credential stuffing or brute forcing.
• Hosting or controlling botnets; testing exploits; unauthorized security testing against Piixoo.

2) High‑Risk Industries & Use Cases

We may restrict or require additional review for: affiliate marketing networks, lead brokers, payday/short‑term loans, gambling, adult content or services, crypto token promotions, multi‑level marketing, work‑from‑home schemes, illegal substances or devices, unlicensed pharmaceuticals, and other categories with elevated complaint or fraud risk.

3) Sender Identity, Authentication & Compliance

• Authenticate domains used in the From header via SPF, DKIM, and DMARC. Maintain accurate From identities and a monitored Return‑Path.
• Maintain a functional abuse@ or postmaster@ mailbox. Publish accurate WHOIS or contact methods.
• Include a valid physical mailing address and a visible one‑click unsubscribe in marketing emails, honored without undue delay.
• Comply with applicable anti‑spam and e‑privacy laws (e.g., CAN‑SPAM, CASL, UK PECR, GDPR where applicable).

4) Consent, List Hygiene & Suppressions

• Maintain documented proof of consent (time, source, method). Provide proof upon request.
• Remove hard bounces, complaints, and unsubscribes immediately; do not re‑mail suppressed addresses.
• Respect account‑level and global suppression lists where applicable. Avoid role accounts if prohibited by destination ISPs.
• Use verification and segmentation for older or low‑engagement lists before high‑volume sends.

5) Warm‑Up, Rate Controls & Reputation Targets

• New domains or IPs must follow a gradual warm‑up plan. Abrupt volume spikes may be throttled or blocked.
• Operate below these targets: Complaint rate ≤ 0.10% per campaign (persistent ≥ 0.20% may trigger suspension); Hard bounces ≤ 2.0% per campaign (persistent ≥ 5.0% may trigger immediate suspension).
• Excessive blocks/deferrals or spam‑trap hits may pause traffic pending remediation.

6) Monitoring, Investigation & Enforcement

• We may analyze representative content, headers, and metrics (automated/manual) to detect abuse signals.
• We may request remediation (list cleaning, consent proof, template changes, segmentation, lower caps) as a condition of continued sending.
• We may throttle, queue, block, suspend, or terminate accounts for violations or threats to deliverability or security, without refund.
• We may report egregious abuse to relevant providers or authorities as legally required.

7) Reporting Abuse

If you receive unwanted or abusive messages from a Piixoo sender, forward the full message with headers to compliance@piixoo.com. We investigate abuse reports promptly and take appropriate action.

8) Account Verification

We may require identity or domain ownership verification, proof of consent collection methods, sample templates, sending volumes, and traffic segmentation plans prior to enabling or restoring sending privileges.

9) Data Protection & Security

We process personal data in accordance with our Privacy Policy and DPA. Maintain strong access controls and rotate API keys if exposed. Retain only necessary data and respect data subject rights where applicable.

10) Third‑Party Providers

We use third‑party infrastructure and subprocessors. Your use of Piixoo must comply with applicable third‑party terms, including acceptable use policies and service terms required by such providers.

11) Changes to this Policy

We may update this Policy to reflect changes in law, provider requirements, or best practices. We will post updates here and, where appropriate, notify you in the Service or by email. Continued use after the effective date constitutes acceptance.

12) Governing Law

This Policy is governed by the laws of the State of California, United States, with exclusive jurisdiction in the state and federal courts located in San Francisco, California, unless otherwise required by applicable law.