# Zupost

## Acceptable Use

> Category: Resources

---

## Pages


### Getting started

- [What is Zupost?](https://docs.zupost.com/getting-started/what-is-zupost)
- [Rate Limits](https://docs.zupost.com/getting-started/rate-limits)

### Quickstart

- [Node.js](https://docs.zupost.com/quickstart/node-js)

### Resources

- [Security](https://docs.zupost.com/resources/security)
- [Acceptable Use](https://docs.zupost.com/resources/acceptable-use)
- [Data Processing](https://docs.zupost.com/resources/data-processing)

---

# Acceptable Use

Zupost is built for legitimate email communication. That includes transactional email, product notifications, account-related communication, and permission-based marketing use cases.

To protect customers, recipients, and the health of the platform as a whole, all use of Zupost must follow responsible sending practices. This page explains what is allowed, what is not allowed, and why these rules matter.

## Why this matters

Email infrastructure depends on trust.

If a sending platform is used for spam, phishing, impersonation, or other abusive behavior, the consequences affect more than one sender. Abuse can damage sender reputation, reduce deliverability, harm recipients, and undermine trust in the platform overall.

Acceptable use rules are therefore not just about policy. They are part of operating a reliable email product responsibly.

## Allowed use

Zupost may be used for legitimate business and product communication, including use cases such as:

- transactional emails

- account verification emails

- password reset emails

- login links or security notifications

- onboarding emails

- order confirmations

- billing and invoice communication

- product notifications

- support-related communication

- permission-based newsletters and marketing emails

All sending activity must comply with applicable law, must respect recipient expectations, and must not be misleading, deceptive, or abusive.

## Core principles

All customers using Zupost are expected to follow a few basic principles.

### Send only to people you are allowed to email

You must only send emails to recipients where you have a valid reason or valid permission to do so, depending on the type of message and the legal framework that applies to your use case.

For marketing email in particular, this means recipients should not be added casually, purchased from third parties, scraped from the internet, or emailed without proper consent where consent is required.

### Be clear about who you are

Emails sent through Zupost must accurately represent the sender. You must not mislead recipients about who is contacting them, why they are receiving the message, or what organization is behind it.

### Respect unsubscribe and opt-out expectations

For any communication where unsubscribe or opt-out is expected or legally required, recipients must be able to stop receiving future messages within a reasonable and appropriate process.

### Keep your lists clean

Customers are expected to maintain list hygiene and avoid sending to stale, low-quality, harvested, or obviously invalid recipient lists. Good list quality protects deliverability for everyone.

### Use the platform responsibly

You may not use Zupost in a way that harms the platform, interferes with other customers, overloads systems irresponsibly, or creates security or operational risks.

## Prohibited use

The following types of activity are not allowed on Zupost.

### Spam

You may not use Zupost to send unsolicited bulk email, deceptive campaigns, or any email that would commonly be understood as spam.

This includes, but is not limited to:

- sending to purchased email lists

- sending to scraped or harvested addresses

- mass outreach without appropriate permission

- repeatedly emailing recipients who did not ask for the communication

- sending campaigns designed to bypass recipient expectations or filtering systems

### Phishing and impersonation

You may not use Zupost for phishing, credential theft, social engineering, deceptive login flows, or any attempt to impersonate a trusted individual, brand, institution, or service.

This includes emails intended to trick recipients into revealing passwords, payment information, security codes, or other sensitive information.

### Malware and harmful payloads

You may not use Zupost to distribute malware, malicious attachments, harmful scripts, infected links, or any other content intended to compromise systems, devices, accounts, or data.

### Fraud and deception

You may not use Zupost for scams, fraudulent offers, misleading financial schemes, fake invoices, fake account notices, or any communication designed to deceive recipients for personal, political, or commercial gain.

### Illegal content or unlawful activity

You may not use Zupost for any activity that violates applicable law, regulation, or enforceable legal restriction in the jurisdictions relevant to your use.

### Abuse of identities, domains, or brands

You may not use Zupost to misrepresent sender identity, misuse domains, forge trust signals, or send email that falsely suggests affiliation with another person, company, government entity, or service.

### Circumvention of platform safeguards

You may not attempt to bypass account limits, abuse controls, technical protections, review processes, or any other platform safeguards designed to protect the service and its users.

### Platform interference

You may not use Zupost in a way that disrupts the service, creates unreasonable infrastructure strain, probes for vulnerabilities without authorization, or interferes with the experience of other customers.

## Marketing email expectations

Zupost can be used for legitimate marketing email, but only when done responsibly.

Customers sending marketing emails are expected to:

- send to recipients who have appropriately opted in where required

- provide accurate sender identification

- avoid misleading subject lines

- make opt-out or unsubscribe options available where appropriate

- avoid aggressive list growth practices that compromise trust or data quality

- monitor complaints, bounce behavior, and recipient engagement responsibly

Marketing email is not treated as inherently problematic. Poor-quality marketing practices are.

## Transactional email expectations

Transactional emails are often critical to user trust and product functionality. They should therefore be sent with particular care.

Examples include:

- account creation or verification emails

- password resets

- security alerts

- login confirmations

- order and billing communication

- service-related product notices

Customers should ensure that transactional emails are accurate, relevant, and tied to real user actions or real account relationships.

Transactional email must not be used as a disguise for promotional spam.

## Content responsibility

Customers are responsible for the content they send through Zupost.

That includes responsibility for:

- the legality of the content

- the accuracy of claims

- the legitimacy of linked destinations

- the rights to use names, brands, and materials

- the use of personal data within the email

- the use of template variables and dynamic content

Using Zupost to deliver a message does not transfer responsibility for that message to Zupost.

## Account and credential responsibility

Customers are responsible for protecting their own credentials, access tokens, API keys, and team access.

You should:

- keep credentials private

- avoid exposing API keys in public repositories or client-side code

- limit team access to what is actually needed

- rotate credentials if exposure is suspected

- review access regularly

A compromised account or exposed credential can create serious risk for both the customer and the platform.

## Monitoring and enforcement

To protect the service and its users, Zupost may monitor for abuse signals, suspicious activity, unusual sending patterns, or behavior that appears inconsistent with responsible platform use.

Where necessary, Zupost may take action such as:

- requesting additional information

- temporarily restricting sending

- suspending accounts or credentials

- blocking specific activity

- removing access to the platform

- reporting unlawful activity where legally required

Enforcement decisions are made to protect recipients, customers, infrastructure integrity, and the long-term reliability of the platform.

## Reporting abuse

If you believe Zupost is being used in a way that violates this policy, please report it.

Helpful reports typically include:

- the sender information

- the message headers if available

- the content of the email

- relevant timestamps

- any additional context that helps explain the issue

For abuse-related reports, contact: **[abuse@zupost.com](mailto:abuse@zupost.com)**

## Changes to this page

This Acceptable Use page may be updated over time as the platform evolves, risks change, or operational requirements become more specific.

## Questions

If you are unsure whether a planned use case is appropriate for Zupost, contact us before going live.

We would rather clarify a legitimate use case early than deal with preventable problems later.