Acceptable use
Most of this is common sense. We publish it so the line is clear, not to surprise anyone.
Don't do these things
- Don't break the law. No use of the Service to violate applicable law, regulation, or any third party's rights.
- Don't surveil people. Do not use TillPulse to monitor an application without lawful basis under applicable law. Do not use it to track end-users in ways that violate consumer privacy expectations.
- Don't deliver harmful content. No malware, phishing kits, or content that exploits children, incites violence, or supports terrorism.
- Don't infringe IP. Don't upload, store, or transmit content that infringes copyright, trademark, or other intellectual property rights.
- Don't probe the platform. No vulnerability scanning, fuzzing, or load testing without prior written approval (security researchers — see Security).
- Don't disrupt the platform. No DoS, no resource exhaustion attempts, no quota evasion through workspace splitting.
- Don't pretend to be us. Do not impersonate TillPulse, brand-misuse the marks, or claim a partnership that doesn't exist.
- Don't reverse-engineer. Except where the prohibition is unenforceable by law, do not decompile, disassemble, or attempt to extract source code from the Service.
- Don't bypass our rate limits. If you need a higher limit, talk to us.
Don't send us this kind of data
- Government IDs at scale. Even though our scrubber catches most patterns, don't deliberately send national IDs, passport numbers, or driver's licences as event metadata.
- Special-category data. Health, biometrics, sexual orientation, religious beliefs, political opinions — do not send these as breadcrumbs, tags, or context.
- Payment card data. Even though our scrubber catches Luhn-valid card numbers, do not deliberately send PAN, CVV, or expiration dates. We are not a PCI-DSS environment for cardholder data.
- Children's data. If your app collects data from people under 13 (US) or 16 (EU), put extra care into your
beforeSendhook before sending events about them.
What happens if you breach this policy
We may, at our discretion: warn you, throttle you, suspend the affected workspace, terminate the account, or report to authorities where required by law. We try to act proportionately. For unambiguous abuse — illegal content, active attack, malware distribution — we may suspend immediately without notice.
Reporting abuse
If you suspect another TillPulse user is breaching this policy, email abuse@tillpulse.io. Provide as much detail as you can. We do not retaliate against good-faith reports.
Law enforcement requests
We respond to valid legal process. We require warrants for content data, subpoenas for non-content subscriber data, and we evaluate emergency requests under our internal review process. We notify affected customers unless prohibited by law.