← All policies

Acceptable Use Policy

What you can and cannot do with HAWZ services.

Effective date: April 17, 2026 · Last updated: April 17, 2026 · Version 1.0

This Acceptable Use Policy (“AUP”) forms part of the Agreement between HAWZ Inc. (“HAWZ”) and our customers. It applies to any customer, any user authorised by a customer, and anyone else who interacts with the HAWZ platform, websites, applications we host, or related services (together, the “Services”).

WHY THIS EXISTS

The rules below protect you, your users, HAWZ, our other customers, and the public. A breach of this AUP can lead to suspension or termination of the Services without refund, and may expose you to indemnification obligations under the Agreement.

1. General principles

You may use the Services only for lawful purposes and in line with the Agreement. You are responsible for everything that happens under your account, including the acts of your users and the content you put into the Services.

2. Prohibited content

Do not upload, store, transmit, or generate, or permit others to upload, store, transmit, or generate, any content that:

  • Is illegal under the laws of Canada, the jurisdiction where HAWZ hosts the data, or your own jurisdiction.

  • Infringes intellectual property, trade secrets, moral rights, or rights of publicity or privacy of any person.

  • Is defamatory, harassing, bullying, or threatening, or promotes hatred or violence against a person or identifiable group.

  • Is sexually explicit, involves minors in any sexual context, or depicts non-consensual acts.

  • Constitutes child sexual abuse material (CSAM) — strict liability; immediate termination and reporting under Canadian law.

  • Facilitates self-harm, suicide, eating disorders, or violent extremism.

  • Is misleading in a way that could harm others, including impersonation, deepfakes without disclosure, or manipulated media presented as real.

  • Contains malware, trojans, ransomware, cryptomining scripts, backdoors, or code designed to damage or gain unauthorised access to any system.

3. Prohibited activities

  • Abuse of the Services. Attempting to gain unauthorised access to the Services, other accounts, or any system HAWZ connects to; probing, scanning, or testing vulnerabilities without written authorisation; bypassing rate limits or authentication.

  • Resale and unauthorised access. Reselling or sublicensing the Services without written consent; sharing credentials across organisations; using credentials you are not authorised to use.

  • Denial of service. Any activity that overloads, floods, or impairs the Services or the systems of third parties.

  • Reverse engineering of Platform IP. Decompiling, disassembling, or otherwise attempting to derive the source code of HAWZ's Platform IP (distinct from Deliverables belonging to Customer under the Agreement).

  • Scraping and data harvesting. Harvesting information about other HAWZ customers or users; scraping third-party services in a way that breaches their terms.

  • Competitive benchmarking disclosure. You may evaluate the Services for your own internal purposes. You may not publish competitive benchmarks of the Services without written consent.

  • Circumventing safety controls. Removing or disabling security, logging, rate-limiting, or content-safety controls built into the Services.

  • Blockchain and speculative workloads. Cryptocurrency mining, coin generation, or similar workloads are prohibited unless expressly authorised in an Order Form.

4. Anti-spam and electronic messages

If the Services are used to send commercial electronic messages (emails, SMS, push notifications, or similar), you must comply with Canada's Anti-Spam Legislation (CASL), the U.S. CAN-SPAM Act, and similar laws that apply to your audience. You must:

  • Obtain express or valid implied consent before sending.

  • Clearly identify yourself and provide a Canadian mailing address.

  • Include a functional unsubscribe mechanism in every message.

  • Honour unsubscribe requests within 10 business days.

  • Keep records of consent for at least three years.

HAWZ may cap volumes, require you to use a reputable provider (e.g., SendGrid, Postmark, Amazon SES, Twilio), or demand that you demonstrate consent for a list before sending.

5. Prohibited Data

IMPORTANT — DEFAULT RULE

Unless HAWZ has signed a written rider with you that specifically permits it, you must not upload, store, process, or transmit any of the categories of “Prohibited Data” listed below. If you need to process one of these categories, email legal@hawz.net before you upload any of it.

The following categories of data are Prohibited Data by default:

  • Personal Health Information (PHI). Information subject to Ontario's Personal Health Information Protection Act (PHIPA) or the U.S. Health Insurance Portability and Accountability Act (HIPAA), including medical records, diagnoses, clinical notes, prescriptions, and health-plan identifiers.

  • Payment card data. Primary account numbers (PAN), CVV, magnetic-stripe data, or PIN numbers subject to the Payment Card Industry Data Security Standard (PCI DSS). Use Stripe or another tokenising processor; never store card numbers in the Application.

  • Children's personal information. Personal information of individuals under 16 in Canada (or under 13 in the U.S., the threshold for COPPA), without a parental-consent workflow that HAWZ has approved.

  • Biometric identifiers. Fingerprints, face scans, voiceprints, iris scans, or behavioural biometrics used for identification.

  • Government-issued identifiers at scale. SIN, SSN, driver's licence, passport numbers, or equivalent identifiers in volume beyond single-instance identity verification.

  • Classified, controlled, or export-restricted data. Any data marked classified by a government, controlled under export-control regimes, or subject to data-localisation requirements that HAWZ's infrastructure cannot meet.

  • Adult or explicit material. Pornographic, sexually explicit, or gambling-related user content and services.

If you need to process any Prohibited Data, request a Prohibited Data Rider. HAWZ may require additional safeguards (BAAs, data residency commitments, encryption keys held by you, audit rights) and additional fees before accepting Prohibited Data.

6. Security obligations on you

  • Keep your credentials confidential, use a password manager, and enable multi-factor authentication.

  • Give users only the access they need; remove access promptly when it is no longer required.

  • Notify HAWZ at security@hawz.net as soon as you become aware of a suspected security incident affecting the Services.

  • Do not disclose security vulnerabilities you discover in the Services publicly before notifying HAWZ and allowing reasonable time to remediate.

7. AI, automation, and generated content

You may build automations and incorporate AI components in applications hosted by HAWZ. You are responsible for (a) clearly disclosing AI-generated content where required by law, (b) not using AI to impersonate real individuals without consent, and (c) ensuring automated decisions that significantly affect individuals include a meaningful human review channel where law requires it.

8. Monitoring, reporting, and enforcement

HAWZ does not monitor the substantive content of Customer Content in the ordinary course. However, HAWZ may review Customer Content and usage patterns to investigate suspected breaches of this AUP, security incidents, or legal obligations, and may take the following actions:

  • Immediate suspension for activities that create an imminent risk to the Services, other customers, or third parties (for example, an active attack, CSAM, or severe abuse). HAWZ will notify Customer as soon as reasonably possible.

  • Notice and cure for non-urgent breaches: HAWZ will describe the issue in writing and give Customer a reasonable time to cure before suspending.

  • Removal of specific content that is clearly unlawful or that violates a court order or applicable take-down regime.

  • Termination for repeated or material breaches, under the Terms of Service.

To report abuse of the Services or content that violates this AUP, email abuse@hawz.net.

9. Changes

HAWZ may update this AUP from time to time. Material changes will be announced to customers with active accounts at least 30 days in advance. Continued use of the Services after the effective date of the updated AUP constitutes acceptance.