Acceptable Use Policy

The rules that keep WoneSuite trustworthy.

WoneSuite is shared, multi-tenant infrastructure that many businesses rely on every day. This policy sets clear, firm, and fair boundaries — so the platform stays safe, lawful, fast, and reliable for everyone on it.

Effective July 2, 2026 Updated July 2, 2026 WoneSuite abuse@wonesuite.com

At a glance

The short version — before the fine print

Never breach isolation

No attempt to bypass tenant isolation or row-level security, access another tenant's data, or defeat our security controls — ever.

Email consent is mandatory

Our email engine is for people who agreed to hear from you. No purchased lists, no spam, no phishing — honor every unsubscribe.

Share the platform fairly

Storage quotas, rate limits, and API limits keep WoneSuite fast for everyone. No overloading, flooding, or crypto-mining.

Report, don't exploit

Found a vulnerability? Tell us at abuse@wonesuite.com. Good-faith, coordinated disclosure is welcome and protected.

This summary is for convenience only and does not replace the full text below.

1

Purpose & Scope

WoneSuite is an all-in-one business operating system: one workspace where businesses run their CRM, commerce, finance, HR and payroll, projects, support, websites, analytics, SEO, and email. This Acceptable Use Policy ("AUP") sets the ground rules that keep that shared platform safe, lawful, reliable, and trustworthy for everyone on it.

This AUP is part of, and incorporated into, your agreement with WoneSuite. It works alongside our Terms of Service and Privacy Policy. If there is a conflict between this AUP and a signed order or master agreement, the more specific document controls for the subject it addresses.

Because a single misuse can affect other tenants, their customers, and the reputation of the platform's shared sending and hosting infrastructure, we enforce this policy firmly. We also apply it fairly, proportionately, and with notice wherever circumstances reasonably allow.

Short version: don't break the law, don't harm other people, don't attack or overload the platform, and don't abuse our email or hosting to spam, deceive, or defraud. The rest of this page is the detail.

2

Who This Applies To

This AUP applies to everyone who accesses or uses WoneSuite, and to everything done through an account, workspace, website, API key, or email stream connected to WoneSuite. That includes:

  • Business customers (tenants)
  • Workspace owners & administrators
  • Team members & invited users
  • Developers using our APIs & integrations
  • Visitors to tenant-built websites
  • A tenant's end-customers who use public links or portals
  • Anyone acting on a tenant's behalf

2.1 Tenants are responsible for their people

As a tenant, you are responsible for how your team members, contractors, integrations, and end-customers use the platform through your workspace. Actions taken under your account, API keys, or sending domains are treated as your actions for the purposes of this policy.

You must not use WoneSuite to help anyone else do something this policy prohibits, and you must not knowingly permit your workspace, website, or email streams to be used for prohibited purposes.

3

Prohibited Content

You may not upload, store, publish, host, transmit, or send — through any WoneSuite module, website, form, portal, or email stream — content that:

3.1 Illegal & harmful

  • Is illegal or promotes illegal activity
  • Depicts or facilitates the sexual exploitation or abuse of minors (CSAM)
  • Depicts non-consensual intimate imagery
  • Incites or threatens violence or terrorism
  • Harasses, bullies, stalks, or defames
  • Promotes hatred against protected groups
  • Sells regulated or prohibited goods unlawfully

3.2 Infringing & deceptive

  • Infringes copyright, trademark, or other IP
  • Misappropriates trade secrets
  • Impersonates a person, brand, or WoneSuite itself
  • Is fraudulent, deceptive, or misleading
  • Facilitates a scam, pyramid, or Ponzi scheme
  • Enables counterfeiting or piracy

3.3 Malicious & privacy-violating

  • Contains malware, ransomware, or spyware
  • Distributes exploits or attack tooling
  • Phishes for credentials or payment data
  • Exposes others' personal data unlawfully (doxxing)
  • Contains hidden or malicious code in files or pages
  • Harvests data in violation of privacy law

Child sexual abuse material is met with immediate removal, permanent account termination, preservation of evidence, and reporting to the appropriate authorities and hotlines. There is no warning and no second chance for CSAM.

Some content is lawful in one context and not another. We look at intent, consent, and applicable law — but where content is clearly illegal or abusive, we act first to protect victims and the platform.

4

Platform Integrity & Tenant Isolation

WoneSuite is multi-tenant: many businesses share the same platform, and every tenant's data is isolated at the database level using row-level security (RLS). The integrity of that isolation is the single most important promise we make. Protecting it is non-negotiable.

You must never attempt to breach, bypass, disable, or test the limits of tenant isolation or row-level security, or access, view, probe, or interfere with any data, workspace, or account that is not yours.

4.1 Strictly prohibited

  • Accessing another tenant's data or workspace
  • Attempting to bypass or defeat row-level security
  • Exploiting or probing for isolation, authorization, or IDOR flaws
  • Unauthorized access to any account, server, or system
  • Escalating privileges beyond what you were granted
  • Circumventing authentication, MFA, or access controls
  • Reverse-engineering the platform to defeat security
  • Tampering with audit logs or security telemetry

4.2 No abusive automation

  • Scraping or harvesting data you are not entitled to
  • Automated account creation or credential stuffing
  • Denial-of-service or resource-exhaustion attacks
  • Flooding endpoints, forms, or email streams
  • Deploying bots to overload or disrupt the service
  • Crypto-mining or other unauthorized compute abuse
  • Introducing viruses, worms, or malicious payloads
  • Interfering with other tenants' use of the platform

Legitimate, authorized security research is welcome — but only under Section 9. Testing our security controls without following the responsible-disclosure process is not permitted and may be unlawful.

5

Prohibited Activities

Beyond content and platform attacks, the following activities are prohibited anywhere on WoneSuite:

5.1 Misrepresentation & abuse

  • Providing false identity or billing information
  • Using the service to defraud or deceive others
  • Reselling or sublicensing access without authorization
  • Sharing credentials to exceed your entitlements
  • Evading suspensions, bans, or usage limits
  • Using the platform to violate someone else's rights

5.2 Interference & tampering

  • Disrupting servers, networks, or infrastructure
  • Circumventing rate limits, quotas, or metering
  • Manipulating analytics, SEO, or ranking signals deceptively
  • Testing or probing vulnerabilities without authorization
  • Removing or altering proprietary notices
  • Using the platform for unlawful surveillance

This list is illustrative, not exhaustive. Conduct that is clearly abusive, unlawful, or harmful to others is prohibited even if it is not spelled out word-for-word here.

6

Email & Anti-Spam Rules

WoneSuite includes a built-in email engine that can send on your behalf — transactional messages, campaigns, invoices, and notifications. Sending reputation is shared infrastructure: one spammer can harm deliverability for every honest tenant. These rules are therefore strict and strictly enforced.

You may only send email to recipients who have given you permission to contact them. No purchased, rented, scraped, or harvested lists — ever.

6.1 You must

  • Have a lawful basis and consent to contact each recipient
  • Honor unsubscribe and opt-out requests promptly
  • Include a working unsubscribe mechanism in marketing email
  • Accurately identify yourself and your sending organization
  • Use truthful subject lines and headers
  • Include a valid physical postal address where required
  • Keep bounce and complaint rates within healthy limits
  • Comply with CAN-SPAM, CASL, GDPR/PECR, and local law

6.2 You must not

  • Send unsolicited bulk email (spam)
  • Use purchased, rented, or scraped recipient lists
  • Send phishing, spoofing, or fraudulent messages
  • Forge headers or disguise the message origin
  • Mail addresses that opted out or hard-bounced
  • Attach or link to malware or deceptive payloads
  • Relay third-party spam through our infrastructure
  • Deliberately evade spam filters or authentication (SPF/DKIM/DMARC)

Phishing sent through the WoneSuite email engine — including credential-harvesting and payment-fraud campaigns — results in immediate suspension of sending and may lead to termination and referral to authorities.

We monitor complaint rates, bounce rates, spam-trap hits, and blocklist signals. We may throttle, pause, or disable sending to protect the deliverability of the shared platform, even before a formal investigation concludes.

7

Fair Use & Resource Limits

WoneSuite runs on shared, finite infrastructure. To keep the platform fast and reliable for every tenant, your plan includes storage quotas, rate limits, and API limits. Fair use means operating within them and not degrading the experience for others.

7.1 The limits that apply

  • Storage quotas for files, media & records
  • API request rate limits & concurrency caps
  • Email sending volume & throughput limits
  • Per-endpoint request and form-submission limits
  • Compute and background-job fair-use ceilings
  • Bandwidth for hosted websites & assets

7.2 What is not allowed

  • Circumventing or artificially inflating limits
  • Sustained traffic that degrades service for others
  • Using storage as a generic file-dump or CDN for unrelated content
  • Automated hammering of APIs beyond documented limits
  • Crypto-mining or other disproportionate compute use
  • Sharing one account to serve many separate businesses

If you have a legitimate need for higher limits, contact us — we would much rather raise your quota than throttle you. Attempting to defeat limits, however, is a violation.

We may apply automated rate limiting, throttling, or temporary caps to protect platform stability. Where usage is abusive rather than merely high, we treat it as a policy violation.

8

Websites & CMS Content Standards

Tenants can build and host public websites, articles, product pages, and forms using our CMS and website builder, including on custom domains. Everything you publish must comply with this AUP, our Terms, and applicable law.

8.1 Hosted sites must not

  • Host any prohibited content from Section 3
  • Distribute malware or run drive-by attacks
  • Operate phishing or credential-harvesting pages
  • Deceptively manipulate SEO (cloaking, hidden text, link schemes)
  • Host unrelated bulk content purely for storage or SEO farming
  • Redirect visitors to malicious or fraudulent destinations
  • Impersonate another brand, person, or WoneSuite

8.2 You are the publisher

You are responsible for the content, legality, licensing, and privacy practices of the sites you build and the forms you run. If your site collects personal data, you must provide your own privacy notice and honor your visitors' and customers' rights.

We may remove or disable individual pages, forms, or entire sites that violate this policy, and we may suspend a custom domain used for abuse.

9

Security Research & Responsible Disclosure

We welcome good-faith security research and value the people who help us keep the platform safe. If you believe you have found a vulnerability, we want to hear from you — and we will work with you.

  1. 1Report it promptly and privately to abuse@wonesuite.com with enough detail for us to reproduce it.
  2. 2Give us reasonable time to investigate and remediate before any public disclosure — coordinate the timing with us.
  3. 3Only interact with accounts, workspaces, and data that you own or have explicit permission to test.
  4. 4Do not access, modify, destroy, or exfiltrate other tenants' data, and stop as soon as you can demonstrate a flaw.
  5. 5Avoid privacy violations, service degradation, denial-of-service, spam, and social-engineering of our staff or users.

Safe harbor: for research conducted in good faith and in line with this section, we will not pursue or support legal action against you, and we will treat your access as authorized. We coordinate all disclosures with our security team.

This safe harbor does not cover breaching another tenant's isolation for real, extracting or selling data, extortion, or any testing that goes beyond what is needed to prove a vulnerability. When in doubt, ask us first.

10

Monitoring & Investigation

We do not routinely monitor the private contents of your workspace, and we treat your business data as confidential. However, to protect the platform and its users, we may investigate suspected violations, review abuse signals, and inspect the minimum necessary to respond to a report, security incident, or legal obligation.

We may use automated systems to detect spam, malware, phishing, fraud, abusive traffic, and attempts to breach isolation. These systems help us act quickly to protect other tenants.

11

Reporting Abuse

If you encounter content, email, a website, or activity on WoneSuite that you believe violates this policy or the law, report it to abuse@wonesuite.com. Please include as much detail as you safely can:

  • The offending URL, email, or workspace reference
  • What the abuse is and why it violates this policy
  • Relevant timestamps & headers
  • Screenshots or samples where appropriate
  • How to reach you for follow-up

For urgent safety issues — such as child sexual abuse material, credible threats of violence, or an active security breach — report to abuse@wonesuite.com immediately and, where a life is at risk, contact your local emergency services first.

We take every report seriously, triage by severity, and act on verified abuse. We may not always be able to share the outcome of an investigation with the reporter.

12

Enforcement & Consequences

When we identify a violation, our response is proportionate to its severity, impact, and whether it is repeated or willful. Depending on the circumstances, we may take one or more of the following actions:

ActionWhen we typically use it
Warning & request to remedyFirst-time or lower-severity issues where you can quickly bring your use into compliance.
Content or page removalSpecific content, pages, forms, or messages that violate this policy.
Throttling or rate limitingResource abuse, sending problems, or usage that degrades the platform for others.
Suspending sending or a featureEmail abuse, deliverability risk, or misuse of a specific module.
Account suspensionSerious or unresolved violations, or where suspension is needed to protect others.
TerminationSevere, repeated, or willful violations, or unlawful use.
Preservation & legal referralIllegal activity — including CSAM, fraud, or attacks — reported to the appropriate authorities.

For severe harms — CSAM, active attacks on tenant isolation, phishing, fraud, or anything that endangers people or the platform — we may suspend or terminate immediately and without prior notice.

12.1 Fairness & appeals

Where circumstances reasonably allow, we give notice and a chance to fix the problem before taking severe action, and you may appeal an enforcement decision by contacting us. We aim to enforce consistently and in good faith, but we will always act decisively to protect victims, other tenants, and the integrity of the platform.

Enforcement under this AUP does not limit any other remedy available to us under our Terms of Service or applicable law, and does not entitle you to a refund for periods affected by your own violation.

13

Your Responsibilities

Using WoneSuite responsibly is a shared effort. As a tenant, you are expected to:

  • Keep your credentials & API keys secure
  • Enable MFA and manage roles carefully
  • Vet the integrations you connect
  • Obtain consent before emailing or collecting data
  • Publish only content you have the right to publish
  • Stay within your plan's fair-use limits
  • Report abuse and security issues you discover
  • Comply with the laws that apply to your business

You must comply with all laws applicable to your use of WoneSuite, including data-protection, consumer-protection, anti-spam, export-control, and sanctions laws.

14

Changes to This Policy

We may update this Acceptable Use Policy as our services, technology, threat landscape, and legal obligations evolve. When changes are material, we will notify you through the website, the platform, or email, and update the "Effective" date above.

Your continued use of WoneSuite after an update takes effect means you accept the revised policy. If you do not agree with a change, you should stop using the affected features and may close your account.

15

Contact & Abuse Reports

Questions about this policy, requests for higher limits, security disclosures, and abuse reports all go to abuse@wonesuite.com. We monitor this inbox and respond as quickly as severity allows.

Help us keep WoneSuite safe, fast, and trustworthy for everyone. When something looks wrong, tell us — and we will act.

WoneSuite Trust & Abuse

Reporting a violation, disclosing a vulnerability, or need more headroom on your limits? Reach our trust and abuse team directly.

Firm rules. A platform you can trust.

Clear boundaries are what let thousands of businesses run side by side on WoneSuite with confidence. Play fair, protect each other, and the whole platform stays strong.