Acceptable Use Policy

Version: 2026-04-25
Last updated: April 25, 2026

This Acceptable Use Policy (the "AUP") describes conduct and content that are not permitted on or through the Bringits platform (the "Service"), and the actions Bringits may take in response. The AUP is incorporated by reference into the Bringits Terms of Service; capitalised terms used here have the meanings given in the Terms.

We host an unblocking infrastructure for collecting publicly available web content. That capability is powerful, and a small minority of users will try to apply it to activities that are unlawful, abusive, or harmful. This AUP exists so that the rules are clear up front and so that we can act quickly when they are broken.

1. Prohibited activities

You may not use the Service, directly or indirectly, to do any of the following. The list is illustrative, not exhaustive — we reserve the right to treat conduct of similar character as a violation even if not specifically named.

1.1 Attacks on authentication and authorization systems

• Credential stuffing, password spraying, brute-force login attempts, or any other automated submission of credentials obtained from breaches or guessed at scale.
• Any form of account takeover activity targeting accounts you do not own and are not authorised to access.
• Bypassing, disabling, or circumventing authentication, captcha, multi-factor, or device-binding mechanisms on third-party services except where you have explicit written authorization from the operator (e.g. an authorized security assessment).
• Using the Service to scrape, replay, or relay session cookies, bearer tokens, or other authentication artifacts that you do not own.

1.2 Targeting of restricted or sensitive systems

You may not direct the Service at the following categories of websites or endpoints, which are partially or wholly enforced by our domain blocklist:

• Banking, payments, and financial-services login portals (consumer or business banking, brokerages, payment processors, wallets, exchanges).
• Government login or transactional portals (tax, benefits, immigration, court records when behind auth, voter registration, identity issuance).
• Healthcare patient portals, electronic health records, prescription systems, insurance member portals, or any endpoint primarily handling protected health information.
• Educational gradebooks, student information systems, and children's services behind authentication.
• Critical infrastructure operator portals (utilities, transport control systems, industrial control systems).

We may add categories to the blocklist at any time without notice as new abuse patterns emerge. Requests targeting blocklisted hostnames are rejected with HTTP 403 at the edge.

1.3 Fraud and deceptive activity

• Ad fraud and click fraud, including any automated impressions, clicks, conversions, installs, or other engagements intended to defraud advertisers, advertising networks, or affiliate programs.
• Generating fake reviews, ratings, social-media engagement, or referral signups.
• Bypassing pricing tiers, geographic licensing, paywalls, or trial limits in a manner that violates the targeted service's terms, except where overridden by mandatory law (e.g. text-and-data-mining exceptions, rights of consumers in their jurisdiction).
• Misrepresenting yourself, your organization, or the source of traffic generated through the Service.

1.4 Harvesting of personal data at scale

• Mass collection of personal data (as defined under GDPR / UK GDPR / CCPA / similar) without a lawful basis under the applicable regime.
• Building or augmenting facial-recognition, biometric-identity, or location-tracking datasets from public images or content without affirmative legal grounds.
• Compiling lists of personal contact information (email, phone, home address) for unsolicited marketing or for resale.

1.5 Disruption and denial of service

• Volumetric or behavioural patterns that, in our reasonable judgement, constitute or contribute to a denial-of-service attack against any third-party site, service, or network.
• Crawling at request rates that ignore Retry-After headers, ignore observed rate limits, or otherwise demonstrate disregard for the load capacity of target services.
• Attempting to discover, enumerate, or exploit vulnerabilities in third-party systems through the Service.

1.6 Illegal content and activity

• Any use that is illegal in your jurisdiction, in the jurisdiction of the targeted service, or in the State of Israel.
• Collection or distribution of child sexual abuse material (CSAM), content depicting non-consensual intimate imagery, or content that incites violence or terrorism. We cooperate with law enforcement on these categories without requiring legal process beyond what is mandated.
• Trafficking of stolen credentials, breached personal data, or other unlawfully obtained material through any channel of the Service.
• Use in connection with sanctions evasion, money laundering, or terrorism financing.

1.7 Abuse of the Service itself

• Sharing API tokens with parties outside your organization, or otherwise reselling or sublicensing the Service without a written Bringits agreement that explicitly permits resale.
• Operating multiple accounts to circumvent quota limits, free-tier limits, or to evade a prior suspension.
• Using disposable, throwaway, or programmatically generated email addresses to register accounts. Signups from known disposable email providers are rejected at the pre-signup stage.
• Reverse-engineering, scraping, or otherwise extracting Bringits's proprietary internals (e.g. unblocking heuristics, proxy pool composition) for purposes of recreating or circumventing the Service.

2. Customer obligations on collected content

Whether or not the act of collection is permitted under this AUP, you remain solely responsible for the legality, ethics, and downstream handling of the content you collect. In particular:

• You must respect the rights of data subjects whose personal data you encounter, including providing privacy notices and honouring access, deletion, and objection requests where the law requires.
• You must comply with the copyright, database, and unfair competition laws of the jurisdictions you operate in.
• You must observe relevant technical access signals (e.g. robots.txt, X-Robots-Tag, paywall indicators) where doing so is required by your jurisdiction or your contractual relationship with the target.
• You must not use collected content in a way that defames, discriminates against, or otherwise unlawfully harms any identifiable person.

3. Reporting abuse

If you believe the Service is being used in violation of this AUP — by another customer, by an unknown third party, or unintentionally by you — please report it. Reports are reviewed by an on-call rotation per our internal triage runbook.

• General abuse, takedowns, account compromise: abuse@bringits.com. We acknowledge within forty-eight (48) hours.
• Security vulnerabilities in the Service itself: security@bringits.com. Coordinated disclosure preferred; please do not exploit the vulnerability further than necessary to demonstrate it.
• Law-enforcement or legal-process inquiries: legal@bringits.com, with abuse@bringits.com in CC. We require legal process appropriate to the request and the jurisdiction.

Where possible, please include: a description of the activity, the target hostname(s) involved, timestamps in UTC, any sample request identifiers, and your relationship to the target (e.g. operator of the site, affected user, third-party observer).

4. Enforcement

4.1 Investigation

On receiving a credible report or detecting suspected abuse through our own monitoring, we may inspect operational logs (request metadata, target hostnames, response codes) for the relevant tenant. We do not retain the content of customer requests except as transiently necessary to deliver responses; investigations rely on metadata.

4.2 Remediation tiers

Depending on severity and prior history, we may take any of the following actions, in any order, with or without prior notice:

1. Warning — written notice describing the issue and requesting cessation, typically within 24 hours.
2. Throttling — temporary reduction of your rate limit or quota.
3. Targeted block — adding the targeted hostname or pattern to our domain blocklist.
4. Suspension — disabling your account's API tokens pending investigation. Suspension is the default response for Section 1.1 (auth attacks), 1.2 (restricted targets), 1.5 (DoS), and 1.6 (illegal content) violations, and may be imposed immediately and without prior notice for those categories.
5. Termination — closure of the account under Section 7.2 of the Terms of Service. Fees paid for the suspended or terminated billing period are non-refundable for AUP violations.
6. Referral — disclosure to law enforcement, regulators, affected operators, or threat-intelligence partners where we believe this is necessary or legally required.

4.3 Appeals

If you believe a suspension or termination was made in error, contact abuse@bringits.com with the subject line "Appeal: <your tenant ID>". We will review and respond within five (5) business days. Appeals do not automatically unblock the account.

4.4 Co-operation with law enforcement

We respond to valid legal process from competent authorities in jurisdictions where we operate. Where lawfully permitted, we will notify the affected customer before disclosure.

5. Right to audit (Enterprise)

For tenants on the Enterprise plan, Bringits reserves the right to request, no more than once per calendar year and on reasonable notice, a written description of the customer's compliance controls relating to this AUP — for example, the customer's process for verifying authority to access targeted systems, handling of personal data, or internal escalation of suspected misuse. This right is in addition to, and does not replace, our rights under Section 4.

6. Changes to this AUP

We may revise this AUP from time to time, particularly in response to new abuse patterns. The current version is identified by the "Version" string at the top of this page. Material changes take effect thirty (30) days after we notify you, except that changes required to address active abuse, security risk, or legal obligation may take effect immediately.

7. Contact

Questions about this AUP? Email legal@bringits.com or abuse@bringits.com.