Acceptable Use Policy

This AUP applies to all use of the Service, including use through the dashboard, API, CLI, MCP integrations, mailbox workflows, agents, automations, and any person or system acting through your account, credentials, or domains.

You may use ReplyLayer only for legitimate, lawful email workflows such as:

• customer support, account notifications, operational alerts, confirmations, and similar transactional messages;
• reply-driven workflows where the recipient already initiated or is actively participating in the conversation;
• internal or business workflows that comply with applicable law and the Terms; and
• testing and development within the constraints of the sandbox tier and product documentation.

You may not use the Service to send or facilitate:

• spam, unsolicited bulk email, or mass promotional campaigns;
• cold outreach, lead-generation blasts, or campaign-style prospecting;
• phishing, impersonation, fraud, scams, social engineering, or deceptive messages;
• malware, ransomware, spyware, credential theft, or malicious links or attachments;
• messages that violate anti-spam, consumer protection, privacy, export, sanctions, or communications laws;
• harassing, threatening, abusive, defamatory, hateful, exploitative, or unlawfully discriminatory communications; or
• content that infringes intellectual property, privacy, publicity, or confidentiality rights.

If a message is commercial or promotional, you are responsible for ensuring it complies with applicable law in the recipient's jurisdiction, including CAN-SPAM, CASL, the ePrivacy Directive, and similar laws. The FTC notes that commercial email must use accurate headers and subject lines, include a valid postal address, provide a working opt-out mechanism, and honor opt-out requests promptly. Source: FTC CAN-SPAM compliance guidance.

You may not use the Service in ways that create runaway or abusive automation, including:

• reply loops, auto-escalation loops, or recursive agent-to-agent exchanges that generate uncontrolled traffic;
• rapid repeated sends to the same or similar recipient sets;
• attempts to use agents to evade recipient consent, verified-recipient checks, or policy controls;
• high-volume or repetitive outbound patterns inconsistent with your plan, tier, trust level, or documented use case; or
• using the Service as a generic mail relay, spam engine, or abuse-resistant sender infrastructure.

You are responsible for supervising your agents and workflows. "The agent did it" is not a defense to an AUP violation.

Sandbox and low-trust accounts are subject to extra restrictions designed to protect shared infrastructure. Those restrictions may include verified recipients only, reply-within-thread rules, mailbox limits, send budgets, and other controls.

You may not attempt to bypass trust-level controls, recipient verification requirements, complaint suppression, quarantine, rate limits, or domain restrictions. If the Service says a recipient or workflow is not allowed for your tier, that is part of the platform's acceptable-use boundary.

You may not:

• probe, scan, reverse engineer, benchmark, scrape, or test the Service in a way that harms the platform or other users;
• intentionally test ReplyLayer's internal security boundaries, including prompt-injection attacks against ReplyLayer's own protective controls, outside an authorized program or written approval;
• bypass authentication, tenant isolation, safe-view restrictions, rate limits, kill switches, or safety controls;
• attempt unauthorized access to mailboxes, raw content, infrastructure, models, or administrative features;
• interfere with the normal operation of the Service, including through denial-of-service, resource exhaustion, or excessive automated requests; or
• use the Service to build, train, or improve a competing email-safety or agent-email platform by extracting data, outputs, or system behavior in bulk.

You may not:

• share credentials in an unauthorized way or allow unauthorized third parties to use your account;
• misrepresent your identity, affiliation, sender authority, or relationship to a recipient;
• forge message headers, routing information, domains, or reply paths; or
• pretend to speak for ReplyLayer or another organization without authorization.

You may not use the Service to:

• collect, infer, or exfiltrate sensitive information without authorization;
• process data that you are not legally permitted to process;
• store or transmit regulated or highly sensitive categories of data where the Service is not approved for that use; or
• use message content or platform access to surveil, profile, or target people unlawfully.

ReplyLayer may investigate suspected violations and may take action without prior notice where appropriate to protect the Service, users, recipients, or third parties.

Actions may include:

• warning you or requiring remediation;
• quarantining, blocking, suppressing, or deleting messages;
• enforcing rate limits, recipient limits, circuit breakers, reply-loop detection, or mailbox kill switches;
• suspending or terminating accounts, mailboxes, API keys, domains, or specific workflows; and
• reporting abuse to providers, affected parties, or law enforcement when appropriate.

ReplyLayer may consider complaint rates, bounce rates, suppression events, safety-check outcomes, traffic patterns, recipient reports, and other abuse signals when deciding whether use is acceptable.

To report suspected abuse or an AUP violation, contact [email protected]. Include enough detail for us to investigate, such as the mailbox, sender, recipient, time, and why you believe the activity violates this policy.

We may update this AUP from time to time. If we make a material change, we will provide reasonable notice. Continued use of the Service after the updated AUP becomes effective means the updated version applies to your use, to the extent permitted by law.