Acceptable Use Policy

(Anti-Spam and Sending Policy) · Last Updated: April 21, 2026 · Version 2.0

1. Purpose and Scope

The Service enables Customer to send outbound email communications, manage contacts, automate outreach, and perform related sales and marketing activities. Because the Service shares infrastructure (including IP addresses, domains, and sender reputation) with other customers and depends on Sub-processors such as email-delivery providers, abuse by any individual customer can cause immediate harm to other users, recipients, and Geniri. This AUP sets the minimum standards every Customer must meet to preserve deliverability, user trust, and legal compliance.

2. Compliance with Applicable Law

Customer is solely responsible for complying with all laws, regulations, industry self-regulatory codes, and mail-box-provider requirements applicable to its communications, including but not limited to:

• the CAN-SPAM Act of 2003 (United States, 15 U.S.C. §§ 7701 et seq.);
• the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the ePrivacy Directive 2002/58/EC, together with Member-State implementations;
• the United Kingdom GDPR and the Privacy and Electronic Communications Regulations 2003 ("PECR");
• the Canadian Anti-Spam Legislation ("CASL");
• the Brazilian Lei Geral de Proteção de Dados ("LGPD");
• the UAE Personal Data Protection Law (Federal Decree-Law No. 45/2021, "PDPL") and applicable TDRA rules;
• the California Consumer Privacy Act and California Privacy Rights Act ("CCPA/CPRA");
• Argentina's Ley 25.326, Colombia's Ley 1581 (including the obligation to prefix advertising emails with "PUBLICIDAD" where required), and Mexico's LFPDPPP and FCPL;
• industry standards and mail-box-provider requirements from Gmail, Yahoo, Microsoft, Apple, and others, including SPF, DKIM, DMARC authentication and the one-click List-Unsubscribe requirements introduced in 2024/2025.

Customer acknowledges that many of these laws apply extraterritorially and may apply to Customer regardless of where Customer is incorporated.

3. Permission, Consent, and Lawful Basis

3.1 Required Lawful Basis

Customer shall send email only to recipients for whom Customer has a valid legal basis under Applicable Law, such as:

• express, freely given, specific, informed, and unambiguous consent (required for B2C communications in most opt-in jurisdictions);
• documented legitimate interest with a completed legitimate-interest assessment (permissible for B2B outreach under GDPR, subject to recipient rights);
• an existing business relationship within the timeframes permitted by Applicable Law (for example, implied consent under CASL for up to twenty-four months following a qualifying transaction);
• any other lawful basis expressly permitted by the applicable jurisdiction.

3.2 No Cold Outreach Where Prohibited

Customer shall not send unsolicited commercial communications to recipients in jurisdictions that prohibit cold email without prior consent, including but not limited to the UAE, Argentina, Colombia, and certain EU Member States (e.g., Denmark). Customer bears the burden of determining the applicable legal regime for each recipient.

3.3 Consent Recording

Customer shall maintain records sufficient to demonstrate the source, date, and content of consent or other lawful basis for each recipient, and shall provide such records to Geniri promptly upon request in connection with an investigation, abuse complaint, or regulatory inquiry.

4. Prohibited Sources of Data

• purchased, rented, leased, or traded from a third party, unless the data was lawfully collected with verifiable consent and Customer has obtained documentation thereof;
• scraped, harvested, or otherwise collected from websites, social networks, directories, or other public sources without a lawful basis;
• obtained through dictionary attacks, random address generation, or similar techniques;
• obtained in breach of any third-party terms of service, intellectual-property rights, or confidentiality obligations;
• stolen, disclosed without authorization, or otherwise unlawfully acquired.

5. Prohibited Content and Conduct

Customer shall not use the Service to send, distribute, promote, or facilitate any of the following:

• unsolicited bulk email, spam, chain letters, pyramid or Ponzi schemes, or "get rich quick" offers;
• messages with false, misleading, or deceptive headers, sender names, From, Reply-To, or routing information;
• subject lines that do not accurately describe the content of the message;
• content that is fraudulent, phishing, impersonates any person or entity, or misrepresents Customer's affiliation;
• malware, viruses, ransomware, spyware, trojans, worms, or any malicious code or links;
• content that is defamatory, libelous, slanderous, harassing, threatening, abusive, or that incites violence or hatred;
• content that is obscene, pornographic, sexually explicit, or harmful to minors;
• content promoting, selling, or distributing: (i) illegal drugs or controlled substances; (ii) illegal weapons, ammunition, explosives, or fireworks; (iii) stolen goods; (iv) counterfeit goods; (v) unlawful gambling; (vi) prostitution or human trafficking; (vii) multi-level-marketing or pyramid schemes; (viii) deceptive payday-loan, debt-collection, credit-repair, or debt-consolidation services; (ix) work-from-home or "make money fast" schemes; (x) cryptocurrency pump-and-dump schemes, dubious ICO promotions, airdrops, or mixer services; (xi) adult-entertainment services in jurisdictions that prohibit them; (xii) unregulated pharmaceuticals, prescription drugs, supplements with unsubstantiated health claims, or CBD/THC products where illegal; (xiii) firearms or weapons where restricted; (xiv) tobacco, e-cigarette, or vaping products where restricted; or (xv) any other goods or services whose offering violates Applicable Law;
• content that infringes any patent, trademark, copyright, trade secret, right of publicity, right of privacy, or other proprietary right;
• content that promotes, incites, or facilitates unlawful discrimination, hate speech, extremism, or terrorism;
• content designed to manipulate search-engine rankings, generate fake reviews, or artificially inflate metrics;
• communications to mailing lists, distribution lists, aliases (e.g., info@, support@, sales@), or other group addresses unless each recipient has individually provided consent;
• messages to recipients who have unsubscribed, opted out, complained, or otherwise indicated they do not wish to receive communications from Customer;
• communications that do not include a clear sender identification and a functional unsubscribe mechanism as required under Section 6.

6. Required Elements in Every Message

• the full legal name of the sender;
• a valid physical postal address of the sender (street address, registered P.O. Box, or private mailbox), configured by Customer in the Account settings;
• a working, conspicuous, easy-to-use unsubscribe link that requires no more than one click and no more than an email address from the recipient to process the opt-out;
• the List-Unsubscribe header and List-Unsubscribe-Post header enabling one-click unsubscribe (RFC 8058), as required by Gmail, Yahoo, Microsoft, and Apple;
• a truthful subject line that reasonably describes the content of the message;
• accurate From, To, Reply-To, and routing headers identifying the sender;
• where required by Applicable Law, appropriate labeling (for example, the "PUBLICIDAD" prefix for advertising emails to Colombian recipients, or additional labels for adult-oriented content).

7. Unsubscribe and Opt-Out Handling

Customer shall honor all opt-out requests in full compliance with Applicable Law and within the shortest of the applicable statutory periods. Where legally permitted, opt-outs will be processed immediately through the Service; otherwise, within ten (10) business days (CAN-SPAM) or as otherwise required. Once a recipient has opted out, Customer shall not:

• send further commercial emails to that recipient, except as expressly permitted by Applicable Law;
• sell, transfer, rent, or share that recipient's email address or contact information;
• attempt to circumvent the opt-out by uploading a new or alternative version of the same contact;
• require any payment, login, disclosure of additional personal data, or justification as a condition of opt-out.

Geniri maintains an automated suppression list that applies at the Account level. Customer may not disable or attempt to override this suppression list.

8. Sender Authentication and Reputation Management

To protect deliverability for all users of the Service, Customer shall:

• properly configure SPF, DKIM, and DMARC records for each sending domain before sending any email through the Service;
• not send email from domains Customer does not control or is not authorized to use;
• perform IP and domain warm-up gradually when scaling volume, following Geniri's guidance;
• use separate sending domains or subdomains for transactional and marketing communications when appropriate;
• monitor bounce rates, spam-complaint rates, and engagement metrics via the dashboards provided by the Service and by Google Postmaster Tools, Microsoft SNDS, and similar tools;
• maintain hard-bounce rates below two percent (2%) and spam-complaint rates below 0.1%.

Metric	Warning Threshold	Automatic Action
Hard Bounce Rate	> 2%	Warning; > 5% pause campaign
Spam Complaint Rate	> 0.1%	Warning; > 0.3% pause + list cleanup required
Unsubscribe Rate	> 1% per send	Warning and review
Invalid Addresses at Import	> 10%	Block problematic contacts, require cleaning

9. Volume, Rate, and Throttling

Customer shall not attempt to circumvent the Service's rate limits, throttling, or queue-management features. Geniri may impose sending limits based on Subscription plan, sender reputation, account history, and behavior of shared Sub-processor infrastructure. Customer shall comply with announced and technical limits at all times.

10. Security and Integrity of the Service

Customer shall not, and shall not permit any third party to:

• attempt to probe, scan, penetrate, or test the vulnerability of the Service without Geniri's prior written authorization;
• interfere with or disrupt servers, networks, or services connected to the Service;
• distribute, upload, or transmit any malware or malicious code;
• attempt to gain unauthorized access to any account, system, or data;
• use the Service for cryptocurrency mining or other resource-intensive activities unrelated to authorized use;
• forge headers, tokens, or identifiers;
• misuse the API in a manner that places undue load on the infrastructure.

Customer shall report suspected security vulnerabilities responsibly to security@geniri.ai.

11. Prohibited Uses — Zero Tolerance

12. Monitoring, Investigation, and Enforcement

12.1 Monitoring

Geniri may, but is not obligated to, monitor Customer's use of the Service to detect violations of this AUP and to maintain deliverability and security. Monitoring may include inspection of sending metrics, automated content analysis, review of spam complaints, and review of account behavior. Geniri does not review Customer Content for accuracy, legality, or quality and has no duty to do so.

12.2 Investigation

Geniri may investigate suspected violations of this AUP or Applicable Law, including by requesting from Customer information about: (a) the source and consent status of its contact lists; (b) its data-protection practices; (c) the nature of its business; and (d) any documentation required by law-enforcement, regulators, or Sub-processors. Customer shall cooperate fully with such requests within the time specified by Geniri.

12.3 Remedies

If Geniri determines, in its reasonable discretion, that Customer has violated or is likely to violate this AUP, Geniri may take any of the following actions, in any combination, without notice:

• issue a warning and require corrective action;
• pause, throttle, or block individual campaigns or sending activities;
• remove specific content or contacts from the Service;
• suspend Customer's Account, in whole or in part;
• terminate Customer's Account and the Agreement;
• report the violation to law-enforcement agencies, regulators, data-protection authorities, or Sub-processors;
• take any other action Geniri reasonably considers necessary to protect the Service, other users, recipients, or Geniri.

12.4 No Refunds for Violations

Suspension or termination of the Account for violation of this AUP does not entitle Customer to any refund of fees already paid.

12.5 Customer Liability

Customer remains fully responsible for all communications sent through the Service and for all consequences of a violation of this AUP, including third-party claims, regulatory fines, and damage to sender reputation. Customer's obligation to defend, indemnify, and hold harmless Geniri under the Terms applies in full to any violation of this AUP.

13. Reporting Abuse

If you have received a message you believe violates this AUP, or if you wish to report other abuse, please contact:

Reports should include: the full message with headers, a description of the concern, and the reporter's contact information (kept confidential to the extent permitted by law).

14. Changes to This AUP

Geniri may update this AUP from time to time. Material changes will be communicated with at least thirty (30) days' prior notice, unless a shorter period is required by Applicable Law, to address a security or legal issue, or for new features.

15. Contact