Acceptable Use Policy
Last Updated: 29th January 2026
1. Introduction
This Acceptable Use Policy (“AUP”) governs your use of Carrott (“the Platform”) and all related services. This policy is incorporated into and forms part of our Terms of Service.
Company Information:
- Company Name: Carrott LTD
- Contact Email: admin@carrott.io
By using the Platform, you agree to comply with this policy. Violation of this policy may result in suspension or termination of your account.
2. Permitted Uses
2.1 Authorized Activities
You may use the Platform to:
- Create and manage legitimate digital loyalty programs for your business
- Design and distribute loyalty cards via Apple Wallet and Google Wallet
- Enroll customers who have provided consent
- Track customer engagement and loyalty transactions
- Send communications to customers who have opted in
- Manage multiple business locations and franchises
- Analyze business performance through provided dashboards
- Integrate with supported third-party services
2.2 Business Requirements
Businesses using the Platform must:
- Be legally registered entities or sole proprietors
- Operate lawful businesses
- Have authority to offer loyalty programs
- Comply with applicable consumer protection laws
- Maintain accurate business information
- Honor rewards and offers presented to customers
3. Prohibited Uses
3.1 Illegal Activities
You may NOT use the Platform for:
- Any activity that violates applicable laws or regulations
- Money laundering or terrorist financing
- Fraud, deception, or misrepresentation
- Sale of illegal goods or services
- Gambling (unless properly licensed)
- Adult content or services
- Weapons, drugs, or controlled substances
- Counterfeit goods
- Pyramid schemes or multi-level marketing
- Activities targeting minors inappropriately
3.2 Harmful Content
You may NOT create, upload, or distribute:
- Content that infringes intellectual property rights
- Defamatory, libelous, or slanderous content
- Content that promotes hatred, violence, or discrimination
- Obscene or pornographic material
- Content that violates privacy rights
- Misleading or false advertising
- Content designed to harass, bully, or intimidate
- Malicious code, viruses, or malware
3.3 Platform Abuse
You may NOT:
- Attempt to gain unauthorized access to systems or accounts
- Circumvent security measures or access restrictions
- Interfere with or disrupt the Platform’s operation
- Overload infrastructure with excessive requests
- Scrape, crawl, or harvest data without permission
- Reverse engineer, decompile, or disassemble the Platform
- Use automated tools to create accounts or content
- Resell or redistribute access to the Platform
- Impersonate other users or businesses
- Create multiple accounts to evade restrictions
3.4 Spam and Unwanted Communications
You may NOT:
- Send unsolicited bulk messages
- Send communications to people who haven’t opted in
- Mislead recipients about message origin or content
- Use purchased or harvested contact lists
- Send excessive or repetitive communications
- Violate anti-spam laws (CAN-SPAM, GDPR, etc.)
3.5 Data Misuse
You may NOT:
- Collect customer data without proper consent
- Use customer data for purposes beyond stated in privacy notices
- Share customer data with unauthorized third parties
- Retain customer data beyond necessary periods
- Process sensitive data without explicit consent
- Transfer data in violation of applicable laws
- Fail to secure collected personal data
4. Content Standards
4.1 Card Design Guidelines
Loyalty cards created on the Platform must:
- Accurately represent your business
- Not impersonate other businesses or brands
- Not infringe trademarks or copyrights
- Use appropriate imagery (no offensive content)
- Contain truthful information about rewards
- Comply with Apple and Google Wallet guidelines
4.2 Communication Standards
Messages sent through the Platform must:
- Be truthful and not misleading
- Clearly identify the sending business
- Include opt-out mechanisms where required
- Respect customer communication preferences
- Comply with applicable advertising standards
- Not contain false urgency or scarcity claims
4.3 Rewards and Offers
Loyalty program rewards must:
- Be clearly described and attainable
- Be honored as presented
- Have clear terms and conditions
- Not be designed to deceive customers
- Comply with consumer protection laws
- Not discriminate illegally
5. Account Responsibilities
5.1 Account Security
You are responsible for:
- Maintaining confidentiality of login credentials
- Using strong, unique passwords
- Enabling security features (two-factor authentication when available)
- Monitoring account activity
- Reporting suspicious activity immediately
- Ensuring team members comply with this policy
5.2 Multi-User Accounts
When granting access to team members:
- Only grant necessary permissions
- Remove access promptly when no longer needed
- Ensure team members understand this policy
- Take responsibility for team member actions
- Maintain accurate records of authorized users
5.3 API Usage
If using our API:
- Secure API credentials properly
- Implement rate limiting in your applications
- Do not share API keys publicly
- Follow API documentation and guidelines
- Report vulnerabilities responsibly
6. Third-Party Integrations
6.1 Wallet Services
When using Apple Wallet or Google Wallet:
- Comply with Apple’s and Google’s respective terms
- Do not attempt to bypass wallet restrictions
- Respect platform-specific guidelines
- Keep passes updated with current information
6.2 Payment Processing
When accepting payments:
- Comply with PCI DSS requirements
- Do not store full payment card data
- Follow Stripe’s acceptable use policies
- Process only legitimate transactions
7. Enforcement
7.1 Monitoring
We may, but are not obligated to:
- Monitor use of the Platform for policy violations
- Review content created on the Platform
- Investigate reported violations
- Take action against violating accounts
7.2 Consequences of Violation
Violations may result in:
- Warning notification
- Temporary feature restriction
- Content removal
- Account suspension
- Account termination
- Legal action
- Reporting to authorities
7.3 Severity Levels
| Violation Level | Examples | Typical Response |
|---|---|---|
| Minor | Accidental policy breach, first offense | Warning, guidance |
| Moderate | Repeated minor violations, negligent misuse | Temporary suspension, remediation required |
| Severe | Intentional abuse, illegal activity | Immediate termination, possible legal action |
7.4 Appeals
If you believe enforcement action was taken in error:
- Contact admin@carrott.io within 14 days
- Provide relevant information and context
- We will review and respond within 30 days
- Decisions on appeals are final
8. Reporting Violations
8.1 How to Report
If you become aware of violations:
- Email: admin@carrott.io
- Subject: “AUP Violation Report”
Include:
- Description of the violation
- Evidence (screenshots, URLs, etc.)
- Date and time observed
- Your contact information
8.2 Anonymous Reporting
We accept anonymous reports but may be limited in follow-up without contact information.
8.3 No Retaliation
We prohibit retaliation against good-faith reporters of violations.
9. Changes to This Policy
We may update this policy at any time. Material changes will be communicated via:
- Email notification to account administrators
- In-app notification
- Update to this document
Continued use after changes constitutes acceptance.
10. Related Policies
This AUP should be read in conjunction with:
11. Contact Information
For questions about this policy:
Carrott LTD
- Email: admin@carrott.io
- Address: Piccadilly Business Centre, Blackett Street, Manchester, M12 6AE
This Acceptable Use Policy is effective as of 23rd January 2026.