BrightSumo Get in touch
Legal

Acceptable Use Policy

Last updated: 2026-05-16

This Acceptable Use Policy ("AUP") describes activities that are prohibited on the BrightSumo website at brightsumo.co and any related services we operate. The AUP is incorporated by reference into our Terms of Use and any product-level agreement that references it. Violations may result in immediate suspension or termination of access, removal of content, and referral to law enforcement or other authorities where appropriate.

Effective date: 2026-05-16.

1. General

You are responsible for your use of BrightSumo services and for the conduct of anyone you permit to use them. You must comply with all applicable laws, including laws governing data protection, intellectual property, communications, advertising, consumer protection, and export controls.

2. Prohibited content

You will not use BrightSumo services to upload, host, transmit, generate, or distribute content that:

  • is unlawful, fraudulent, deceptive, defamatory, obscene, or invasive of another's privacy;
  • depicts or promotes child sexual abuse, exploitation, or any form of harm to minors;
  • promotes violence, terrorism, self-harm, or incitement to commit violence;
  • contains hate speech, harassment, or threats based on protected characteristics;
  • infringes a third party's intellectual property, publicity, privacy, or contractual rights;
  • discloses personal information of others without their authorisation;
  • contains malware, spyware, ransomware, worms, trojans, time bombs, or any other malicious or destructive code;
  • promotes the sale of regulated, restricted, or illegal goods and services in violation of law.

3. Prohibited activities

You will not, and will not allow any third party to:

  • attempt to gain unauthorised access to any account, system, network, or data, or bypass any authentication or security measure;
  • probe, scan, or test the vulnerability of any system or network, or breach any security or authentication measure, without our prior written authorisation through our responsible-disclosure programme;
  • interfere with or disrupt the integrity, security, or performance of our services, including by sending automated traffic, denial-of-service attacks, or excessive requests;
  • scrape, crawl, mirror, or systematically extract content, data, or features except as expressly permitted by us or applicable law;
  • reverse engineer, decompile, or disassemble any of our software, except to the limited extent permitted by mandatory law;
  • use our services to develop or improve a competing product or service, or to benchmark performance without our prior written consent;
  • resell, sublicense, or otherwise commercially exploit access to our services without authorisation;
  • impersonate any person or misrepresent your identity or affiliation;
  • circumvent rate limits, quotas, or usage restrictions;
  • misuse our APIs, including by exceeding documented rate limits or storing data outside the scope of an active integration.

4. Anti-spam and communications

If you use our services in connection with sending communications, you must:

  • comply with all applicable anti-spam laws, including the CAN-SPAM Act (US), CASL (Canada), GDPR / ePrivacy (EEA), PECR (UK), and any other law applicable to your communications;
  • send messages only to recipients who have provided valid consent or for whom you have a lawful basis to communicate;
  • accurately identify yourself, include a working unsubscribe mechanism where required, and honour opt-out requests promptly;
  • not send unsolicited bulk communications, deceptive headers, or messages that disguise the sender or subject;
  • maintain accurate suppression lists and records of consent.

5. Data protection and integrations

If you connect our services to a third-party platform (including advertising platforms, customer relationship management systems, analytics tools, or payment processors), you must have all rights, consents, and lawful bases required to transfer personal data to and from that platform and to use the data for the purposes you direct. You must comply with the terms of those third-party platforms, including their developer policies, data use restrictions, and platform-specific requirements regarding consent, hashing, and retention.

6. Security incidents and vulnerability disclosure

If you discover a security vulnerability in our services, please report it responsibly by emailing hello@brightsumo.co with the subject line "Security disclosure". Do not exploit the vulnerability beyond what is necessary to verify and report it, and do not disclose it publicly until we have had a reasonable opportunity to investigate and remediate. We will acknowledge reports and work with you in good faith.

7. Reporting abuse

If you believe a person is violating this AUP, please report it to hello@brightsumo.co. Include as much detail as you can, such as URLs, message headers, timestamps, screenshots, and a description of the activity. We will review reports and take action that we deem appropriate.

8. Enforcement

We reserve the right, but have no obligation, to investigate any suspected violation of this AUP or applicable law. We may, in our discretion and without prior notice where reasonable, (a) suspend or terminate access to our services, (b) remove or disable access to content, (c) preserve and disclose information to law enforcement, regulators, or other third parties as required or permitted by law, and (d) seek any other remedies available to us. Our failure to enforce any provision of this AUP is not a waiver of our right to do so later.

9. Changes

We may update this AUP from time to time. The updated version will be indicated by a refreshed "Last updated" date and will be effective when posted. Your continued use of our services after the update constitutes acceptance.

This document is provided for transparency. It is not legal advice. If you have a question about it, contact us at hello@brightsumo.co.