Acceptable Use Policy 

Please note: the title of this document has been revised from “Anti-Spam Policy” to “Acceptable Use Policy”

Customer.io’s Acceptable Use Policy (“AUP”) forms a part of the Customer.io terms of service entered into between you, the Customer and describes the acceptable and unacceptable use of the Services. Terms that are not defined in this AUP are defined in the agreement or terms of service entered into between Peaberry Software, Inc. (“Customer.io”) and Customer (“Customer” or “you” or “your”). The prohibited conduct in this AUP is not exhaustive. Customer is responsible for its authorized users’ compliance with this AUP. If Customer or any authorized user violates this AUP, Customer.io may suspend Customer’s use of the Services.

Anti-spam Policy

Customer.io has a no tolerance spam policy. “Spam” means unsolicited communication to persons with whom our customers do not have a business relationship or who have not specifically requested (opted-in to) our customers’ mailings.

We monitor the Services for any large increases in sending emails. A user’s account will be terminated if the user sends unsolicited email messages. Please report any suspected abuse to badactor@customer.io. ISPs and Blacklist administrators may contact us at blacklists@customer.io. Please forward the complete email in question, including headers. If applicable, please also unsubscribe from the newsletter using the link at the bottom of the email if you no longer wish to receive emails from the sender. We will take the appropriate action against the sender of the email in question.

To use our Services, you must adhere to the following guidelines regarding email communications:

1. Permission-Based Emails: Emails must be sent only to recipients who have explicitly opted in to receive content related to your brand. Opt-ins must be express and specific to your brand.
2. Prohibited Recipient Sources: You may not use our Services to contact recipients whose information:
   1. Was harvested or scraped from websites.
   2. Originates from purchased lists, regardless of opt-in status.
   3. Has been inactive or unengaged for two years or longer.
   4. Was obtained from partners or third-party organizations.
3. Prohibited Sending Practices:
   1. Subscription forms must not enroll users into unrelated lists. Opt-ins are brand-specific and non-transferable.
   2. Emails must not contain links or promotions unrelated to the brand for which the recipient originally opted in.

Affiliate Marketing sending requirements

While we do not expressly restrict affiliate marketing content within Customer.io, we do not allow the sending of affiliate marketing content from our in-house sending network and require all affiliate marketers to utilize their own Custom SMTP.

How do we define affiliate marketing?

Any email content that links to or directs recipients to an organization that is not your own via affiliate links or any other means with the goal of driving a conversion with a third party falls under the scope of Customer.io's definition of affiliate marketing content.

Customer.io may determine, at its sole discretion, if content meets our definition of affiliate marketing.

Procedure for Handling High User-Generated Spam Complaint Rates

Your account may be subject to termination, temporary suspension, or the requirement that you utilize your own SMTP if your user generated spam complaint rates meet or exceed 0.1% for a 30 day period.

If your spam rates meet or exceed this threshold, our team will:

• Provide notice to the admin email address(es) in your account.
• Provide reasonable guidance on spam rate reduction.

We may allow a sender 30-60 days to reduce average spam rates depending on individual circumstances.

Procedure for Handling Recipient Complaints

Your account will be immediately terminated if we determine in our sole discretion that you send spam. If you use the Services to send out emails to addresses obtained in any way other than a subscriber opting-in to your list, you may incur a $100 (US) charge per substantiated incident (i.e. per email) in accordance with state and federal regulations.

To determine whether you have sent spam we will:

• review the content of the message in question
• review your subscriber list for patterns common to harvested lists
• review the spam complaint
• view the records to see when the subscriber was subscribed and their IP address

Text-Message & Mobile Communications

Aside from two exceptions noted later in this section, you need to meet each of the consent requirements listed below.

Consent Requirements

Customer must comply with the following consent requirements or the Alternative Consent Requirements prior to sending any SMS, MMS, or other messaging:

• Prior to sending the first message, Customer must obtain consent from the message recipient to communicate with them. Customer must make clear to the individual they are agreeing to receive messages of the type that Customer will send (er.g., consent must be specific to the type of messaging, like marketing messages).
• Customer must keep a record of the consent, such as a copy of the document or form that the message recipient signed, or a timestamp of when the recipient completed a sign-up flow.
• If Customer does not send an initial message to that recipient within a reasonable period after receiving consent (or as set forth by applicable law), then Customer will need to reconfirm consent in the first message sent to that recipient.
• The consent applies only to the Customer entity that received the consent from the recipient, and to the specific use or campaign that the recipient has consented to. Customers are prohibited from sending messages from other brands or companies to a recipient unless the recipient has consented to each brand/company individually and specifically with respect to the type of message.
• Customer must retain proof of opt-in consent as set forth by applicable law.

Alternative Consent Requirements

Express consent prior to sending a recipient a message is not necessary where:

• Contact is initiated by the recipient: If an individual sends a message to you, you are free to respond in an exchange with that individual.
• Informational content based on prior relationship: You may send a message to an individual where you have a prior relationship, provided that individual provided their phone number to you, and has taken some action to trigger the potential communication, and has not expressed a preference to not receive messages from you. Actions can include a button press, alert setup, appointments, or order placements. Examples of acceptable messages in these scenarios include appointment reminders, receipts, one-time passwords, order/shipping/reservation confirmations, drivers coordinating pick up locations with riders, and repair persons confirming service call times.The message can’t attempt to promote a product, convince someone to buy something, or advocate for a social cause.

Periodic Messages and Ongoing Consent

If you intend to send messages to a recipient on an ongoing basis, you should confirm the recipient’s consent by offering them a clear reminder of how to unsubscribe from those messages using standard opt-out language (defined below). You must also respect the message recipient’s preferences in terms of frequency of contact. If applicable law requires that you reconfirm the recipient’s consent periodically, you are required to reconfirm the recipient’s consent.

Identifying the Sender

Every message you send must clearly identify you (the party that obtained the opt-in from the recipient) as the sender, except in follow-up messages of an ongoing conversation.

Opt-out

The initial message that you send to an individual needs to include the following language: “Reply STOP to unsubscribe,” or the equivalent using another standard opt-out keyword, such as STOPALL, UNSUBSCRIBE, CANCEL, END, and QUIT.

Individuals must have the ability to revoke consent at any time by replying with a standard opt-out keyword. When an individual opts out, you may deliver one final message to confirm that the opt-out has been processed, but any subsequent messages are not allowed. An individual must once again provide consent before you can send any additional messages.

Country-Specific Rules

All messages should comply with the rules applicable to the country in which the message recipient lives. You are responsible for understanding the laws applicable to the locations where your recipients are located.

Age and Geographic Gating

If you are sending messages in any way related to alcohol, firearms, gambling, tobacco, or other adult content, then more restrictions apply. In addition to obtaining consent from every message recipient, you must ensure that no message recipient is younger than the legal age of consent based on where the recipient is located. You also must ensure that the message content complies with all applicable laws of the jurisdiction in which the message recipient is located or applicable communications industry guidelines or standards.

You need to be able to provide proof that you have in place measures to ensure compliance with these restrictions.

Messaging Policy Violation Detection and Prevention Evasion

Customers may not evade any unwanted messaging detection and prevention mechanisms (whether such detection and prevention mechanisms are ours, our messaging platform’s or a telecommunication provider’s mechanisms). We or our third-party messaging platform may collect and monitor the content of text messages that are transmitted via the Services to certain countries in order to detect spam, fraudulent activity, and violations of the AUP. Examples of prohibited practices include content that is specifically designed to evade detection, snowshoeing, intentionally misspelled words, or nonstandard opt-out phrases that are designed to evade detection mechanisms.

Prohibited Content

Customer.io prohibits the use of the Services to send content which:

1. Provides, sells or offers to sell (or services related to): pornography; escort services; illegal goods; illegal drugs; illegal drug contraband; pirated computer programs; instructions on how to assemble or otherwise make bombs, grenades or other weapons
2. Provides, sells, or offers to sell or rent any mailing list
3. Displays material that exploits children, or otherwise exploits children under 18 years of age
4. Posts or discloses any personally identifying information or private information about children
5. Provides material that is abusive, bigoted, prejudiced, racist, hateful, profane, obscene, violent, harassing, fraudulent, deceptive, misleading or otherwise illegal content
6. Violates the copyright, trademark, patent, trade secret, intellectual property or other rights of another
7. Sells or promotes any products or services that are unlawful in the location at which the content is posted or received
8. Introduces viruses, worms, harmful code and/or Trojan horses on the Internet
9. Promotes, solicits or participates in pyramid schemes
10. Engages in any libelous, defamatory, scandalous, threatening, harassing activity
11. Posts any content that advocates, promotes or otherwise encourages violence against any governments, organizations, groups or individuals or which provides instruction, information or assistance in causing or carrying out such violence
12. Is fraudulent
13. Relates to the marketing or promotion of cannabis, CBD, alcohol, firearms, or tobacco in violation of applicable laws
14. Offers for prescription medication that cannot legally be sold over-the-counter are prohibited in the United States
15. Any other message or content that is illegal in the jurisdiction in which the recipient lives
16. Fraudulent messages
17. Malicious content, such as malware or viruses
18. Any content that is intentionally designed to evade detection.
19. Contains diagnostic information, medical test outcomes, laboratory results, or similar protected health information. Customer.io shall not be liable for any HIPAA compliance failures arising from Customer's use of the platform and Services to distribute content containing such medical data.

Customer.io reserves the right to prohibit the use of the Services by any entity at its sole discretion.