If, at any time, you have questions or concerns regarding our acceptable use policy or if you believe a violation of our policy has occurred, please contact us at abuse@mapp.com.
INTRODUCTION
This Acceptable Use Policy (“AUP”) sets forth the principles that govern the use of the web-based products, emails and other services (the “Services” or “Software”) provided by Mapp Digital (“Mapp” or “Service Provider”) to its customers (“Customers”). The Services enable customers to send and receive commercial, marketing, transactional and internal emails, sms, social media posts, in-app push messages and other messages with commercial and marketing background (collectively referred to herein as “Messages”), to interact with their end users and to collect data about their users.
Mapp’s goal is to offer customers a positive experience in their use of the Services. To help Mapp offer its customers the best user experience possible and to ensure the Services are used in an appropriate manner, all customers must follow the same rules and guidelines with respect to their use of the Services.
This AUP is designed to help protect customers and the internet community from irresponsible, abusive or illegal activities, and to make the Services available to all customers as consistently and efficiently as possible. By accessing and/or using the Services, you agree to adhere to this AUP.
If you are unable to agree and abide by the AUP, you should not utilize the Services.
1 – OPT-IN REQUIREMENTS
Deliverability depends heavily on numerous factors but mainly relies on the quality of the sender’s list. Single opt-in is defined as an opt-in where the subscriber has shared their email information with a customer for a specific purpose in order to start receiving emails from the sender directly relating to that purpose. Any emails sent by customer/sender that would be outside of that purpose are strictly prohibited.
Customer must comply with all applicable laws, regulations and industry best practice standards with respect to its usage of the Software. Mapp is not obliged to monitor the compliance of send-outs with the applicable laws, regulations and industry best practice standards with cross-promotional or third-party content clearly labeled as such, nor is Mapp obliged to provide its Software to customers that utilize the Software in an incompliant manner. Commercial Messages (as defined by the applicable laws, regulations and industry best practice standards) may only be sent via our Software if the addressee consented to receiving commercial Messages (at least Single-Opt-In as described below) and if the sending of the commercial/marketing Message is otherwise compliant with the applicable laws and regulations.
- 1.1. Customer must have opt-in permission on file for all subscribers including: (1) the date and time of signup; (2) the IP address used to submit the sign-up form; and (3) the sign-up forms URL and language at time of submission (especially if the sign-up form is subsequently updated/changed/removed). A screenshot of the form with URL and layout/language is best. Information on file must be provided within 24 hours upon request.
- 1.2. Consent must be granted “actively and separately” and any sign-up forms must have separate checkboxes for 1st party and 3rd party mailings as well as any terms and conditions (No prechecked boxes).
- 1.3. For 3rd party consent, the consent granted must not be blanket. A “reasonable and limited” list of all partners including verticals (cannot include a disproportionate number of companies) who would be potentially contacting the subscriber must be provided. It must also state that these partners will not forward subscriber information to any other parties without first obtaining additional consent. Any new (or future) partners would require new/additional consent (this can be added as additional options via a preference page).
- 1.4. Excluding newsletters, if a subscriber can opt into mailings for multiple separate verticals, each vertical must have its own opt-in checkbox (preference center style is recommended).
- 1.5. If consent was not granted in writing or electronically (i.e.: Verbally), then it requires written confirmation be sent to the subscriber.
- 1.6. Language describing the ability to revoke consent (unsubscribe) at any time in the future must also be stated within the sign-up form. Unsubscribe links/forms must auto-populate with the information necessary to unsubscribe. Unsubscribing must not be complicated (2 click maximum, no login required). Unsubscribe requests must be processed within 5 working days maximum.
- 1.7. Legal Notice/Imprint or Impressum is required to be visible either directly on the sign-up form itself or by a direct link on the form to the Imprint information. A complete and proper Impressum must include at least the following information:
- Full name and address of the Company and its legal structure.
- Names of the managing directors (or authorized representatives) of the company. (Where required by local law for either sender or recipient).
- Telephone or Fax number of the company or an electronic contact form and email address.
- Name and address of the companies´ court of registration and its registration number.
- Sales tax ID number, business ID number or VAT identification number (when available).
- If the website offers services within the framework of an activity which requires the approval of any public authorities, details of the responsible supervisory authority must be provided as well.
- Any other information that may be required by National laws (where applicable).
Mapp’s Software offers the possibility to collect additional Personal Data of individuals. which may require the data subject’s prior notification or consent. Customer must ensure to use the Software in compliance with the applicable laws, regulations and with the applicable industry best practice standards. It is Customer’s obligation to register with and/or to obtain approval from the relevant authorities where required by the applicable laws and regulations.
Some ISP’s inform Mapp if a Message sent via Mapp is marked as “junk” or “spam” by the recipient (so-called “feedback loop”). Mapp will treat such a marking as an unsubscribe and the respective Address will be blocked from further send-outs.
2 – TRANSPARENCY AND OPT-OUT REQUIREMENTS
Customer transparency with its subscribers is essential and identifying information included in messages must allow a recipient to easily identify and contact the sender and/or advertiser of the message. Customers must perform all send-outs in its own name, under its brand and nothing in a Message must indicate Mapp as the official sender of the Message. Therefore, the following actions are prohibited: misidentifying the source of a message; adding, removing, or modifying identifying network header information (aka “spoofing”) in an effort to deceive or mislead; or attempting to impersonate any person by using forged headers or other identifying information. Usage of a multitude of sending domains (“From Domains”) for the sole purpose of bypassing filtering or attempting to affect user engagement is also prohibited. Descriptions of onerous terms relative to email communication in boilerplate legal terms and conditions are likewise prohibited.
- 2.1. Messages that include cross-promotional content or promote 3rd party offers must be clearly labeled as such (Any partners being promoted must have been listed on the form when the subscriber signed up).
- 2.2. Sender and commercial nature of message must not be obscured. From address must be a registered domain and clearly identify the sender. Customer must own or have permission to utilize the From Domain and the domain must have a functional “live” site that ties back to the Customer.
- 2.3. Maintaining transparency with ISPs and filters, Mapp requires Customer to configure all sending domains (From Domains) with SPF and 1st party DKIM records.
- 2.4. Subject lines and message content must not be misleading in any way.
- 2.5. Customer must ensure that all messages to the “from address” and reply address indicated in the Message are processed immediately. If from or reply address is unmonitored, it must have an autoresponder detailing that it is unmonitored, as well as alternative ways to contact the Customer. A monitored email address must be one of those included forms of communication.
- 2.6. All emails which are not transactional messages must include an opt-out link which will be functional for no less than 60 days after the send is complete.
- 2.7. Language describing the ability to revoke consent (unsubscribe) must also be stated within the message body or footer. Unsubscribing must not be complicated (2 click maximum, no login required).
- 2.8. Unsubscribes submitted via the integrated unsubscribe function within the Software will be processed automatically and the respective address will be blocked from future send-outs. Unsubscribe requests must be processed within 2 working days maximum.
- 2.9. Legal Notice/Imprint or Impressum (see above) is required to be included in every email message directly in the message body/footer.
- 2.10. Messages must only contain offers that a subscriber has explicitly opted into. (Messages can generically direct a subscriber to a preference page to manage their subscriptions).
- 2.11. Messages and their content must comply with all local laws and regulations.
3 – RESTRICTED CONTENT AND ACTIVITIES
Restricted content and activities must be disclosed prior to the beginning of contract signing, these items may be permitted with limitation or additional monitoring. Customers must submit content samples and answer Compliance/Deliverability questionnaire and obtain written approval prior to sending any of the following:
- 3.1. Pornography/sexually explicit content.
- 3.2. Pharmaceutical products.
- 3.3. Except as may be expressly prohibited herein, credit repair, credit cards, online day-trading, related foreign exchange (forex), mortgages, loans and other financial data.
- 3.4. Sensitive personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, health or sex life, offenses or criminal convictions.
- 3.5. Any other content or activities that Mapp, in its sole discretion determines to be restricted.
Failure to disclose restricted content and activities as well as sending prior to obtaining the necessary approval will be (at the Service Providers sole discretion) considered grounds for restriction of access to or termination of Services.
4 – PROHIBITED CONTENT AND ACTIVITIES
Actions, whether intentional or inadvertent, that the Service Provider considers inappropriate and grounds for restriction of access to or removal of offending material or termination of Services include, but are not limited to, the following:
- 4.1. Messages which violate any relevant or applicable anti-spam laws, or which are illegal at either the sender’s, service’s or recipient’s location.
- 4.2. Any illegal purpose, including but not limited to material which is libelous, threatening, or defamatory, or which infringes on the intellectual property rights of any other entity, or encourages conduct which would constitute a criminal offense, give rise to civil liability, or otherwise violate any local, state, federal or international law, order or regulation.
- 4.3. Any content or activity that holds the service provider, its affiliates and/or partners and their parent companies, and their employees or shareholders up to public scorn or ridicule or would in any way damage or impair their reputation or goodwill.
- 4.4. Any information or material which the Service Provider determines (in its sole opinion) to be objectionable, offensive, indecent, harassing, threatening, embarrassing, distressing, vulgar, hateful, racially or ethnically offensive, or otherwise inappropriate, regardless of whether this material or its dissemination is unlawful.
- 4.5. Any content or activity that the Service Provider (in its sole discretion) determines is being utilized for the purpose of bypassing ISP filtering.
- 4.6. Posting, storing, sending, transmitting, or disseminating any individual’s social security number, credit card number or other bank account related information.
- 4.7. Any information or software which contains malware, including viruses, worms, remote access trojans, other harmful feature, or other information or software which circumvents the security measures of another person or entity, or adversely affects the ability of other people or services to use the internet.
- 4.8. Restricting, inhibiting, interfering with, or otherwise disrupting or causing a performance degradation, regardless of intent, purpose or knowledge, to the services, or otherwise causing a performance degradation to any facilities, equipment or networks used to deliver the services.
- 4.9. Purchasing or selling (including renting) subscription lists, including providing or using list broker and list rental services.
- 4.10. Sending of messages to addresses which were appended to other data is expressly prohibited. The email address attached to a subscriber’s data must be provided to the sender by the subscriber.
- 4.11. Selling, leasing, renting, or otherwise making available data learned through the services in any form (printed, electronically relayed, posted to public list services or bulletin boards, or magnetically stored) to, or for the benefit, of any third party for any reason other than to assist the customer in its normal business activities.
- 4.12. Payday loans or other short-term high-interest loans that violate applicable predatory lending laws and regulations, including without limitation, the federal truth in lending act.
- 4.13. Real-money gambling.
- 4.14. Generating content which is sent through another service, such as creating tracking links within the system which are included in messages sent through another service or system.
- 4.15. Causing a significant blacklisting or sending content on behalf of an organization with a listing on a significant blacklist at the time of the send. Significant blacklists include Spamhaus, casa, invaluement, uribl, surbl, or other commonly used blacklists as determined by the company based on current industry usage.
- 4.16. Receiving excessive complaints or sending to too many spam traps as defined by the company based on current industry standards.
- 4.17. Reverse engineering, decompiling, disassembling, or otherwise attempting to learn the source code to, the services.
- 4.18. Assigning, reselling, sublicensing, or otherwise making the services available to third parties for their own use, except as expressly permitted by the terms of a customer’s agreement with the service provider. Bundling the services as part of a customer’s own product offering, without the express prior written consent of the service provider.
This is intended to be an illustrative, and not exhaustive, list of Prohibited Content. The examples identified in this list are in addition to the content identified in the Agreement between the Service Provider and its customer pursuant to whose Agreement you are given the right to access the Services and are provided solely for your guidance. As a Customer you agree to comply with these restrictions and not to conduct or participate in Prohibited Content. If you are unsure whether any contemplated use or action is permitted, or wish to report a violation of this AUP, please contact the Service Provider.
5 – PRIVACY/DATA SUBJECT REQUESTS
The Service Provider is a Data Processor and as such will not directly handle Privacy/Data Subject related requests such as Art. 15 – 18 GDPR. If a request is received, the Service Provider will request only enough information (sample of message received or message headers) from the subscriber to identify the Customer (the Data Controller) in question and pass along the request to the Customer for processing. The Customer must acknowledge receipt of the request and will be solely responsible for honoring the request in a timely manner.
6 – ACTIONS TO BE TAKEN BY SERVICE PROVIDER
The Service Provider is entitled to perform a list audit and other assessments, at its own discretion, to determine whether or not a customer is in compliance with this AUP. The Service Provider prefers to advise customers of inappropriate behavior or any prohibited conduct and any necessary corrective action. However, if the Services are used in a way that the Service Provider, in its sole discretion as between any customer and the Service Provider, believes violates this AUP, the Service Provider may take such responsive action(s) as the Service Provider, in its sole discretion, determines to be appropriate. These responsive actions may include, but are not limited to, suspending your right to access and use any shared resources, suspending your right to access and use the Services in general, and/or termination of the agreement between the Service Provider and the customer, without notice and without opportunity to cure. Further and for the avoidance of doubt, the Service Provider reserves the right, in its sole discretion as between any customer and the Service Provider, to restrict access to or to remove any content for any reason, including but not limited to, your violation of any laws or the terms and conditions of any agreement between the Service Provider and its customer pursuant to whose agreement you are given the right to access the Services, or this Acceptable Use Policy.
While the Service Provider and its third-party service provider may elect to monitor your use of the Service to confirm your adherence to this Acceptable Use Policy, it is ultimately the responsibility of the user of the Services to ensure that all use complies with this Acceptable Use Policy.
The Service Provider’s right to take action under this Acceptable Use Policy will not place an obligation on the Service Provider to monitor or exert any editorial control over your website.
Any breach of this AUP identified during a list audit or a test send-out or showing during or as a result of a regular send-out entitles, but does not oblige, Mapp to block further send-outs and to immediately stop on-going send-outs to the concerned list. The blocking will be limited to the necessary scope required to prevent further violations. A blocking shall not result in reduction of the fees. Recurring fees shall continue.
In case of breaches of the AUP Mapp shall be entitled, but not obliged, to reduce the transmission speed for send-outs to the list (max. 10,000 emails per hour) alternatively to blocking the list.
When Customer has provided an explanation of what measures were taken (e.g. cleaning the list from Addresses causing Rejected Bounces) and no further breaches are expected, Mapp will lift the blocking of a list and/or stop reduction of the transmission speed. Customer can instruct Mapp to perform a deliverability audit, which is a detailed analysis of a list intended to improve deliverability and ensure compliance with this AUP (available for a fee).
In case of repeated or serious breaches of the AUP Mapp is entitled, but not obliged, to assign Customer’s system to a dedicated separate IP pool that may not provide the same high level of IP reputation as Mapp’s general IP pool which may negatively impact the deliverability of Customer’s send-outs.
A material and/or repeated breach of the AUP shall be considered a material breach of the Agreement.
7 – BANDWIDTH USAGE ALLOCATION
A customer’s use of bandwidth is expected to compare to the normal bandwidth used by other customers. If, in the sole discretion of the Service Provider, a customer requires or is utilizing bandwidth that is excessive in comparison to other customers.
8 – NETWORK SECURITY
You may not use the Service Provider’s network or any third-party networks contracted by the Service Provider to circumvent user authentication or interfere with the security of any host, network, or account. This includes, but is not limited to, accessing data not intended for you, logging into a server or account you are not authorized to access, password cracking, probing the security of other networks in search of weaknesses, or violation of any other organization’s security policy. You may not attempt to interfere with or deny service to any user, host, or network. Any violation of network security may result in immediate termination of the Agreement between the customer on whose behalf you are utilizing the Services and the Service Provider.
While Mapp is responsible for maintaining the security of the software application and the underlying infrastructure pursuant to the applicable agreement, the Customer is responsible for the security within the application which includes ensuring access credentials are kept securely and accounts/permissions are properly managed at their end.
9 – DATA PROCESSING AGREEMENT
To comply with applicable laws, Mapp requires that all Customers have a Data Processing Agreement (“DPA”) on file. If no such DPA is on file, then by utilizing the Services, Customer acknowledges that such services will be provided in accordance with Mapp’s standard DPA, which can be found at www.mapp.com/contracts and is also available upon request.
10 – REVISIONS TO THIS ACCEPTABLE USE POLICY
The Service Provider reserves the right to revise, amend, and/or modify this AUP at any time. Notice of any revision, amendment, and/or modification to this AUP will be posted on the dashboard/welcome page for the Services. You agree that your use of the Services, beyond a period of ten (10) calendar days after a notice of such change has been provided on the Services for the first time, shall constitute your consent to the revised, amended, and/or modified version of the AUP.
v16.0 (effective May 3, 2019)