Skip to main content
DRAFT, not lawyer-reviewed. Do not rely on this document for legal purposes.

Acceptable Use Policy — DRAFT

DRAFT — not lawyer-reviewed. Supplements the Terms of Service (incorporated by reference). On conflict, the Terms control. This policy reflects product behavior documented in CONTEXT.md, PLAN.md, and TOOLS.md as of 2026-05-19.

Version: DRAFT-1
Document date: 2026-05-19
Entity: 3rdSpace, Inc. (Delaware corporation — formation TBD)

Table of contents

  1. Purpose and scope
  2. Definitions
  3. General prohibitions
  4. Account, identity, and access
  5. Organizations, roles, and billing
  6. CRM and customer data
  7. Email, SMS, and campaigns
  8. AI Booster
  9. Web Scraper (Unlimited only)
  10. SEO & GEO Audit and Business Profile Manager
  11. QR codes, short links, and affiliate marketing
  12. Venue entertainment (Trivia, Karaoke)
  13. Smart TV CMS
  14. Ticketing, reservations, and payments
  15. Waivers, lead forms, and dynamic pricing
  16. Website Services, Service Requests, and platform feedback
  17. Public surfaces and abuse prevention
  18. Enforcement
  19. Reporting violations
  20. Changes

1. Purpose and scope

This Acceptable Use Policy ("AUP") describes permitted and prohibited uses of the 3rdSpace host platform (the3rd-space.com dashboard and related APIs). It applies to all Users with Accounts and to Hosts operating Organizations.

The future 3rdSpace consumer mobile app will have separate terms when launched; references here focus on the host platform unless stated otherwise.

Violations may result in suspension, termination, loss of credits without refund where permitted by law, and legal action.

2. Definitions

Capitalized terms match the Terms of Service Article 2. Additional terms:

  • Metered Features — SMS sends, Email sends, and AI Booster calls debited from the Unified Credit Pool.
  • End Customer — a person whose data a Host stores in CRM or collects via tools.
  • Scraping — automated retrieval of content from websites via the Web Scraper tool.

3. General prohibitions

You may not use the platform to:

  1. Violate any applicable law, regulation, or third-party rights.
  2. Harass, threaten, defame, stalk, or harm any person.
  3. Commit fraud, phishing, identity theft, or payment fraud.
  4. Distribute malware, ransomware, or malicious code.
  5. Attempt unauthorized access to Accounts, Organizations, or 3rdSpace systems.
  6. Reverse-engineer, decompile, or extract source code except where law expressly permits.
  7. Interfere with platform operation (DDoS, resource exhaustion, abusive API volume).
  8. Resell or white-label the platform without written agreement.
  9. Use the platform for high-risk regulated activities we do not support (unlicensed medical diagnosis, emergency dispatch, credit reporting, etc.) unless explicitly approved in writing.
  10. Circumvent tier gates, credit limits, or technical access controls.

4. Account, identity, and access

4.1 Accurate registration

Provide truthful username, name, birthday, phone, and email. Keep information current.

4.2 Verification

Complete email and phone verification (including Google SSO users) before Organization actions per product rules.

4.3 One person, one account

Do not create multiple Accounts to evade bans, limits, or pricing.

4.4 Credentials

Protect passwords and devices. Notify us of suspected compromise.

4.5 Role boundaries

  • Do not access Organizations, Brands, or Locations outside your membership scope.
  • Do not escalate privileges (e.g., forge internal-admin).
  • Employees must not export or scrape CRM data outside permitted scope.

4.6 Username policy

Usernames must not impersonate 3rdSpace staff, violate trademarks, or use slurs. 90-day cooldown applies to username changes; old names may be held 30 days.

5. Organizations, roles, and billing

5.1 Authority

Only Owners may transfer ownership, change nonprofit verified status, or complete destructive org teardown.

Admins may manage billing (payment methods, invoices, tier/cadence, cancellation) but cannot alter Owner-only settings.

5.2 Subscription honesty

  • Billable location quantity must reflect active locations per lifecycle rules.
  • Do not create ghost locations to manipulate trials or credits.
  • Free tier limits: 3 brands, 10 locations — no tool access without upgrade.

5.3 Credits and metered usage

  • Do not manipulate creditLedger or usage meters.
  • Purchased credits are non-refundable except where law requires.

5.4 Nonprofit claims

False nonprofit verification (EIN, tax-exempt documents) is grounds for immediate termination and clawback of free-tier benefit.

6. CRM and customer data

Hosts must:

  1. Collect End Customer data lawfully with appropriate notice and consent.
  2. Use data only for disclosed purposes.
  3. Honor End Customer access, correction, deletion, and opt-out requests for Host-controlled records.
  4. Not sell or license CRM exports without consent.
  5. Not upload fabricated or third-party lists obtained illegally.

Hosts must not use CRM to:

  • Spam non-customers scraped from the open web without permission.
  • Store special-category sensitive data (health, biometric, etc.) without legal basis and safeguards.
  • Bypass Employee location-scope restrictions.

Auto-CRM-entry: Users joining an Organization are added to that Host's CRM per Privacy Policy — Hosts remain responsible for subsequent use.

7. Email, SMS, and campaigns

Applies to Email System, SMS System, and Campaign Manager (Pro+ tiers). Metered sends debit the Unified Credit Pool.

  • Email (CAN-SPAM): Identify sender; include valid physical postal address; provide one-click unsubscribe; honor opt-outs promptly.
  • SMS (TCPA): Obtain appropriate consent for marketing texts; honor STOP and HELP; respect quiet hours (8:00 a.m.–9:00 p.m. recipient local time for marketing).
  • Do not send to purchased lists without provable consent.

7.2 Suppression

Never message addresses/numbers on your Organization suppression list or after opt-out.

7.3 Content

No deceptive subject lines, phishing links, or illegal content.

7.4 A2P 10DLC

Complete Twilio A2P brand/campaign registration before large-scale US SMS. Do not send until registration is approved.

7.5 AI-drafted messages

You are responsible for reviewing AI-generated copy before send. AI does not remove your compliance duties.

8. AI Booster

  1. Do not use AI output to impersonate humans in regulated communications without disclosure where required.
  2. Do not submit unlawful content in prompts.
  3. Do not rely on AI for legal, medical, or safety-critical decisions.
  4. Booster features are L2+ — core tool functions must work without AI.
  5. Respect 14-day disable delay — do not toggle Booster to evade charges during high-usage windows.

9. Web Scraper (Unlimited only)

  1. No authenticated scraping — tool blocks login-walled targets.
  2. Permission required — proceeding past robots.txt warnings means you claim permission and accept full legal responsibility.
  3. No scraping to harvest personal data at scale without consent.
  4. No circumvention of technical access controls.
  5. 3rdSpace is not liable for Host scraping activities (Terms Article 23).

Scope: Web Scraper is for external research. SEO & GEO Audit crawls only the Host's own sites — do not use SEO tool to scrape third parties.

10. SEO & GEO Audit and Business Profile Manager

  • Use listing and Places data accurately.
  • Do not misrepresent business hours, location, or identity on synced profiles.
  • GBP/listing audits in Business Profile Manager require valid OAuth connections — do not use another business's credentials.

11.1 QR / short links (Pro+)

  • Do not redirect to malware, illegal gambling where prohibited, or deceptive destinations.
  • CRM capture prompts must be opt-in; default is off.
  • Respect generated slug policy — no brute-forcing invite or redirect endpoints.

11.2 Affiliate marketing (Unlimited)

  • Disclose sponsored/affiliate relationships where state law requires.
  • Host is payor of record for commissions; comply with tax reporting (1099-K thresholds).
  • Do not defraud affiliates or customers via attribution manipulation.

12. Venue entertainment (Trivia, Karaoke)

12.1 Account-required players

Public join flows require sign-in per product design — do not bypass to collect data without authentication where required.

12.2 Karaoke — no music licensing by 3rdSpace

3rdSpace provides request-queue software only. We do not host, stream, transcribe, or display song audio or lyrics. Host is solely responsible for PRO (ASCAP, BMI, SESAC) and venue licensing.

12.3 Trivia

Do not use trivia sessions for unlawful gambling unless licensed in your jurisdiction.

13. Smart TV CMS

  • Display only content you have rights to show.
  • Comply with broadcast, public performance, and venue rules.
  • Do not display unlawful, obscene, or harassing material in public-facing TV slots.

14. Ticketing, reservations, and payments

  • Ticketing: 3rdSpace charges zero platform fees on tickets — Host still must comply with tax, amusement, and consumer protection laws.
  • Reservations: Deposit fees apply only to platform-processed deposits per Terms.
  • Host Stripe accounts for customer payments remain Host's compliance responsibility.

15. Waivers, lead forms, and dynamic pricing

  • Digital waivers: Collect only necessary fields; provide e-sign disclosures; retain per law.
  • Lead capture: Clear privacy notice at point of collection.
  • Products & Menu dynamic pricing (Unlimited L3+): Disclose pricing rules to customers as required by local consumer protection law.

16. Website Services, Service Requests, and platform feedback

  • Provide accurate project briefs; do not submit fraudulent service requests.
  • Platform feature requests and AI automation requests are not guaranteed to be built.
  • Platform Feedback is for 3rdSpace product issues — not a substitute for Host customer support.

17. Public surfaces and abuse prevention

17.1 Marketing contact form

Do not spam /contact — subject to Turnstile, honeypot, and rate limits (≤5/hour/IP, ≤3/hour/email).

17.2 Invite codes

Do not brute-force join codes (≤12 tries/hour/IP, ≤60/hour/org fingerprint).

17.3 Demo / sales mode

Do not use demo Organizations for production customer data.

18. Enforcement

We may, with or without notice depending on severity:

  1. Warn the Account or Organization.
  2. Throttle or block API/tool actions.
  3. Remove content.
  4. Soft-downgrade subscription to Free (e.g., payment failure after Smart Retries).
  5. Suspend access pending investigation.
  6. Terminate Accounts or Organizations for egregious or repeat violations.
  7. Report illegal activity to authorities.
  8. Cooperate with law enforcement.

Material Terms/Privacy objection: Written objection within notice window may result in suspension until acceptance or offboarding (Terms Article 4.4).

19. Reporting violations

Report abuse to abuse@the3rd-space.com (TBD) with:

  • Description of conduct
  • URLs, Organization names, or Account identifiers
  • Screenshots if available

We investigate in good faith but cannot guarantee outcomes for third-party disputes between Hosts and their customers.

20. Changes

Material changes to this AUP will be communicated at least 30 days in advance (email and/or in-dashboard notice), consistent with Terms Article 4. Continued use after the effective date constitutes acceptance unless you object in writing under the Terms objection process.

Last reviewed by counsel: never (not yet)

← Back to home