Acceptable Use Policy
Billiard CRM โ Acceptable Use Policy Operator: Golden West Games, Tacoma, WA Effective Date: [DATE] Last Updated: [DATE]
1. Purpose
This Acceptable Use Policy ("AUP") governs all access to and use of Billiard CRM, a multi-tenant software-as-a-service platform operated by Golden West Games ("we," "us," or "our"). This AUP is incorporated by reference into and forms part of the Billiard CRM Terms of Service. By accessing or using Billiard CRM, you ("Customer," "User," or "you") agree to comply with this AUP. Terms not defined here have the meanings given in the Terms of Service.
The purpose of this AUP is to protect the security and reliability of the Billiard CRM platform, protect other users and third parties from harm, and ensure that our use of third-party services โ including Twilio (communications), Stripe (payments), Resend (email), Google Cloud Storage, Vercel, Supabase, Sentry, Upstash, and NextAuth โ remains compliant with those providers' own acceptable use requirements. Where this AUP flows down obligations imposed on us by our service providers, you assume those same obligations as a condition of using Billiard CRM.
Capitalized service provider names throughout this AUP refer to the respective entities' products, policies, and terms as updated from time to time.
2. Prohibited Conduct โ General
You may not use Billiard CRM to engage in, facilitate, or promote any of the following:
2.1 Illegal Activity. Any conduct that violates applicable local, state, federal, or international law or regulation, including but not limited to consumer protection laws, privacy laws, export control laws, anti-money-laundering statutes, and sanctions programs administered by the U.S. Office of Foreign Assets Control (OFAC).
2.2 Fraud and Impersonation. Fraudulent conduct of any kind, including misrepresenting your identity, your business, or the purpose of any transaction; impersonating any person or entity; or creating false or misleading impressions.
2.3 Harassment, Threats, and Hate Speech. Harassing, threatening, intimidating, stalking, or abusing any person; transmitting content that promotes or incites violence, discrimination, or hatred against any individual or group on the basis of race, ethnicity, religion, national origin, sex, gender identity, sexual orientation, disability, or other protected characteristic.
2.4 Malware and Harmful Code. Uploading, transmitting, or distributing viruses, ransomware, spyware, adware, Trojans, worms, logic bombs, or any other malicious or harmful code or software.
2.5 Phishing and Social Engineering. Operating phishing schemes, credential-harvesting pages, fake login portals, or any other social engineering attacks targeting users of Billiard CRM or any other system.
2.6 Circumventing Platform Controls. Attempting to bypass, disable, or defeat any authentication system, rate limit, access control, feature gate, or security control within Billiard CRM or any connected service; probing for vulnerabilities without our prior written authorization; or using automated tools to access the service in ways that are not permitted.
2.7 Reverse Engineering and Scraping. Reverse engineering, decompiling, disassembling, or otherwise attempting to derive source code or trade secrets from Billiard CRM, except to the extent expressly permitted by applicable law notwithstanding this restriction. Systematically scraping, crawling, or harvesting data from the platform using automated means without our prior written consent.
2.8 Unauthorized Resale and Sublicensing. Reselling, sublicensing, rebranding, white-labeling, or otherwise making Billiard CRM available to third parties as a service without our prior written consent. This prohibition does not prevent you from using Billiard CRM to manage your own customers in the normal course of your business.
3. Prohibited Conduct โ SMS and Electronic Communications
Billiard CRM's SMS and messaging features are powered by Twilio. By using these features, you accept and are bound by Twilio's Acceptable Use Policy (available at https://www.twilio.com/legal/aup), as it may be updated from time to time. The following additional restrictions apply:
3.1 TCPA Consent. You may not send any SMS or text message to any recipient unless you have obtained that recipient's prior express written consent as required by the Telephone Consumer Protection Act (TCPA), 47 U.S.C. ยง 227, and applicable FCC regulations. You are solely responsible for obtaining, documenting, and honoring such consent. We do not obtain consent on your behalf.
3.2 Do Not Call Registry. You may not send SMS messages to telephone numbers registered on the National Do Not Call Registry unless a recognized exemption under applicable law applies and you have documented that exemption.
3.3 Quiet Hours. You may not send SMS messages outside of the hours of 8:00 AM to 9:00 PM in the recipient's local time zone, as required by the TCPA.
3.4 Opt-Out Honoring. You must immediately and permanently cease sending messages to any number from which you receive a reply containing the words STOP, UNSUBSCRIBE, CANCEL, END, QUIT, or any other standard opt-out keyword. You must process opt-outs within 10 business days of receipt. Re-subscribing a number that has opted out requires fresh affirmative opt-in consent from the recipient.
3.5 Prohibited Message Categories. You may not use Billiard CRM's messaging features to send content in any of the following categories (collectively "SHAFT-plus"):
- Sex: Sexually explicit content, escort services, or content that is pornographic or adult-oriented.
- Hate: Content promoting hatred, bigotry, or discrimination.
- Alcohol: Alcohol-related marketing, except with required age-gating and compliant carrier registration.
- Firearms: Content related to the sale, distribution, or promotion of firearms, ammunition, or accessories, except with compliant carrier registration.
- Tobacco / Vaping: Tobacco, vaping, and related products, except with required age-gating and compliant carrier registration.
- Cannabis: Cannabis or CBD-related content, except in jurisdictions where permitted and with required carrier registration for compliant campaigns.
- Gambling: Gambling-related content, except where the operator holds the required licenses and has completed compliant carrier registration.
- Debt Collection: Debt collection messages, except in full compliance with the Fair Debt Collection Practices Act (FDCPA) and applicable state law, and with proper carrier registration.
- Phishing and Deceptive Content: Any message that misrepresents its origin, sender, or purpose.
3.6 CAN-SPAM Compliance. You may not use Billiard CRM's email features (powered by Resend) in violation of the CAN-SPAM Act (15 U.S.C. ยงยง 7701โ7713) or analogous law. Without limitation, every commercial email you send through Billiard CRM must: (a) accurately identify you as the sender; (b) not use deceptive subject lines; (c) include a clear and conspicuous opt-out mechanism; (d) honor opt-out requests within 10 business days; and (e) include your valid physical mailing address.
3.7 Prohibited Email Practices. You may not send email to purchased lists, scraped or harvested address lists, or lists obtained without verifiable opt-in consent. You may not engage in practices that are likely to result in messages being classified as spam, including high-frequency cold outreach, deceptive "From" addresses, or misleading preview text.
4. Prohibited Conduct โ Payments
Billiard CRM's payment processing features are powered by Stripe and use Stripe Connect for marketplace-style payouts. By using these features, you agree to comply with Stripe's Services Agreement, Stripe Connect Account Agreement, and Stripe's Restricted Businesses list (available at https://stripe.com/legal/restricted-businesses), each as updated from time to time. The following additional restrictions apply:
4.1 Restricted Businesses. You may not use Billiard CRM to process payments for any business, product, or service listed on Stripe's Restricted Businesses list. It is your responsibility to review and monitor that list. The list is updated periodically; a business that was permissible when you signed up may become restricted.
4.2 Accurate Representation. You must accurately and completely describe your business type, products, and services to Stripe during Stripe Connect onboarding and at any time Stripe requests updated information. You may not misrepresent the nature of your transactions or use transaction descriptors that are materially different from what is being delivered.
4.3 Financial Crimes. You may not use Billiard CRM to facilitate money laundering, tax evasion, sanctions evasion, terrorist financing, or any other financial crime.
4.4 Chargebacks and Disputes. You may not knowingly process transactions that are fraudulent, unauthorized, or for which the cardholder's consent has not been obtained. You may not take actions designed to suppress legitimate chargeback or dispute rights.
4.5 No Unauthorized Intermediaries. You may not use Billiard CRM to act as a payment facilitator or aggregator for third parties unless you have separately disclosed this function to Stripe and obtained Stripe's written approval.
5. Prohibited Conduct โ Data and Privacy
5.1 Compliance with Applicable Privacy Law. You are responsible for ensuring that your collection, processing, storage, and sharing of personal data through Billiard CRM complies with all applicable privacy and data protection laws, including without limitation the California Consumer Privacy Act (CCPA / CPRA), the General Data Protection Regulation (GDPR) where applicable, the Washington My Health MY Data Act, the Fair Credit Reporting Act (FCRA), and any other jurisdiction-specific requirements that apply to your business. We do not make representations about the compliance of your own data practices.
5.2 No HIPAA Use. Billiard CRM is not designed, configured, or certified as a HIPAA-compliant platform, and we do not execute Business Associate Agreements (BAAs). You may not use Billiard CRM to create, receive, maintain, or transmit Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. Parts 160 and 164. If you operate a business with HIPAA obligations โ including healthcare providers, health plans, and their business associates โ you must ensure no PHI is entered into Billiard CRM.
5.3 Consent Prior to Data Entry. You must obtain any consents, disclosures, or authorizations required by applicable law before entering any individual's personal data into Billiard CRM. This includes consent required by TCPA, CCPA, GDPR, and any applicable state privacy law.
5.4 No Surveillance or Harm. You may not use Billiard CRM to track, surveil, or facilitate harm to any individual. This prohibition includes using the platform to build profiles for purposes that individuals have not consented to, to facilitate domestic abuse or stalking, or to enable targeted discrimination.
5.5 Data Minimization. You should collect only the personal data necessary for your legitimate business purposes. We reserve the right to take reasonable steps to prevent storage of data that appears to be collected in excess of legitimate business needs or in violation of applicable law.
6. Enforcement
6.1 Investigation. We reserve the right to investigate suspected violations of this AUP. You agree to cooperate with any reasonable investigation and to provide information or records relevant to a suspected violation upon request.
6.2 Suspension and Termination. If we determine, in our sole but reasonable discretion, that you have violated or are likely to violate this AUP, we may:
- Issue a warning;
- Suspend your access to Billiard CRM, in whole or in part, with or without prior notice;
- Terminate your account and all associated data access, in accordance with the Terms of Service;
- Retain amounts owed to us as permitted by the Terms of Service.
For violations that pose an immediate risk of harm โ including, but not limited to, ongoing illegal conduct, active transmission of malware, or compliance violations that could result in our termination by Stripe or Twilio โ we may suspend or terminate your account without notice and without opportunity to cure.
6.3 No Liability for Enforcement Actions. We will not be liable to you for any damages, losses, or costs arising from suspension or termination of your account for AUP violations.
6.4 Reporting to Authorities and Service Providers. We may report suspected violations to relevant law enforcement agencies, regulatory bodies, and affected service providers (including Stripe, Twilio, Resend, Google, Vercel, and others) as we determine is appropriate or as required by law. We may disclose your information in connection with any such report.
6.5 No Duty to Monitor. Nothing in this AUP obligates us to monitor, pre-screen, or review your content or use of the platform. Enforcement actions under this AUP are discretionary and do not constitute a representation that we monitor all use.
7. Reporting Violations
If you become aware of any use of Billiard CRM that violates this AUP โ including spam, fraud, misuse of messaging features, or illegal activity โ please report it to:
Email: steve@goldenwestgames.com Subject Line: AUP Violation Report
Please include as much detail as possible, including the nature of the suspected violation, any relevant account information or identifiers, and when the conduct occurred or is occurring.
We will review reports in good faith and take appropriate action. We cannot guarantee a response to every report or commit to specific action timelines, but we take all reports seriously.
8. Updates to This Policy
We may update this AUP at any time to reflect changes in our practices, our service providers' requirements, or applicable law. For material changes, we will provide at least thirty (30) days' advance notice by email to the address associated with your account before the updated AUP takes effect. Your continued use of Billiard CRM after the effective date of any update constitutes acceptance of the revised AUP.
We encourage you to review this AUP periodically. The current version will always be posted at [URL to AUP page].
9. Contact
Questions about this AUP may be directed to:
Golden West Games Tacoma, WA Email: steve@goldenwestgames.com