Acceptable Use Policy

Product: 1sixty8 Manifold Operator: 1sixty8 media, inc., a Pennsylvania S corporation Version: 1.0 Effective Date: [DATE OF ADOPTION] Last Updated: [DATE OF ADOPTION]

Status: DRAFT for attorney review. This document was drafted by the founder with AI assistance. It is not legal advice. Do not publish or rely on any portion of this text until it has been reviewed and approved by counsel admitted to practice in Pennsylvania and familiar with U.S. SaaS operational contracting.

1. Scope and Who Is Bound

This Acceptable Use Policy (the "AUP") describes how Customer and its Authorized Users must conduct themselves when using 1sixty8 Manifold (the "Service"). The AUP is incorporated into, and forms part of, the Terms of Service (the "Terms"). Capitalized terms used but not defined in this AUP have the meanings given in the Terms.

This AUP binds Customer and each Authorized User. Customer is responsible for ensuring its Authorized Users comply with this AUP.

A violation of this AUP is a material breach of the Terms.

2. Prohibited Conduct (General)

Customer and its Authorized Users may not:

• use the Service for any unlawful purpose or in violation of any applicable federal, state, or local law or regulation;
• harass, threaten, defame, stalk, or intimidate any person through any feature of the Service;
• infringe, misappropriate, or violate the intellectual property, privacy, publicity, or other rights of any third party;
• upload, submit, send, or transmit any malware, virus, worm, trojan, ransomware, spyware, or other malicious code, or any data intentionally designed to disrupt or disable computer systems;
• impersonate any person or entity, or misrepresent affiliation with any person or entity, including through falsified sender identity in messages;
• forge, alter, or remove header information, attribution, or other identifying information in any communication sent through the Service;
• upload, transmit, or generate content that is deceptive, fraudulent, or intended to mislead recipients;
• use the Service to engage in, facilitate, or promote any activity prohibited by the Acceptable Use Policy of a Third-Party Service (including Telnyx, SendGrid, Stripe, Meta, Google, or Mitchell1) through which Customer's use of the Service is routed;
• engage in any conduct that interferes with or disrupts the Service or other customers' use of the Service;
• use the Service in a manner that could damage, disable, overburden, or impair any server, network, or infrastructure of the Service or any Third-Party Service; or
• attempt, assist, or permit any of the above.

3. Prohibited Content

Customer and its Authorized Users may not submit, upload, store, or transmit through the Service any content that:

• is illegal, infringes a third party's intellectual property, or violates a third party's privacy or publicity rights;
• is sexually explicit, pornographic, or depicts minors in any sexual context;
• promotes violence against any person or group, or incites unlawful action;
• is harassing, threatening, defamatory, or deliberately misleading;
• contains another person's personal information that Customer does not have a lawful basis to store;
• depicts or promotes the use, sale, or distribution of illegal drugs or other controlled substances in violation of applicable law; or
• violates the content policies of a Third-Party Service through which the content is routed (for example, a photo that violates Meta's Community Standards if uploaded to a Messenger conversation).

4. Messaging — SMS

SMS messaging sent through the Service is subject to the Telephone Consumer Protection Act ("TCPA"), state-level analogs (sometimes called mini-TCPA statutes), the messaging provider's acceptable use policy (currently Telnyx), and carrier-level rules (including the 10DLC brand and campaign registration system). Because the penalties for violations are severe and the carrier relationships we depend on are fragile, the rules in this section are strict.

4.1 Consent requirement. Before sending any SMS or MMS message to a recipient through the Service, Customer must have obtained from the recipient the consent required by applicable law. Customer is responsible for classifying its messages into the appropriate category under applicable law and for obtaining the corresponding form of consent. The three categories generally recognized under U.S. law are:

• Prior express written consent, required for marketing or promotional messages;
• Prior express consent, required for most informational messages (appointment reminders, status updates, transactional notifications); and
• Prior-express-invitation or established-business-relationship consent, for certain service-related messages to existing customers.

4.2 Consent records. Customer must maintain accurate records of the consent it has obtained for each recipient, including the consent form used, the date and channel of consent, and the identity of the person consenting. Customer must be able to produce such records to us within a reasonable period on our written request. The Service provides tools to record opt-in method, opt-in timestamp, and opt-out events; Customer is responsible for using these tools.

4.3 Opt-out handling. Customer must honor all opt-out requests (STOP, UNSUBSCRIBE, and similar keywords) without delay. The Service processes standard opt-out keywords automatically; Customer may not attempt to circumvent or delay opt-out handling.

4.4 Prohibited SMS content. Customer may not use SMS or MMS features for content in any category prohibited by the messaging provider's acceptable use policy or by applicable law. Currently prohibited or restricted categories include:

• Political or election-related messages;
• Debt collection communications subject to the Fair Debt Collection Practices Act;
• Religious solicitation;
• Adult content;
• Cannabis or other controlled substances in any jurisdiction where their sale or promotion is unlawful;
• Firearms, firearm accessories, and ammunition (subject to carrier policy);
• High-risk financial products, including cryptocurrency promotions, payday lending, and gambling;
• Sweepstakes, lotteries, or contests; and
• Messages that promote or facilitate any activity prohibited by Section 2 or Section 3.

This list may change as the messaging provider's policies and applicable law evolve.

4.5 Messaging provider policy. Customer's use of SMS features is subject in addition to the messaging provider's acceptable use policy then in effect. Customer is responsible for its own compliance with any required carrier-level registrations, including 10DLC brand and campaign registration where applicable.

5. Messaging — Email

Email sent through the Service is subject to the CAN-SPAM Act, applicable state email-marketing laws, and the email delivery provider's acceptable use policy (currently SendGrid).

• Customer must include accurate sender identification, including a valid postal address where required.
• Customer must include a functional unsubscribe mechanism in any commercial email and must honor unsubscribe requests within the time required by applicable law.
• Customer may not use purchased, scraped, or rented email lists. Customer may only send email to recipients from whom Customer has obtained contact information in the course of its own business relationship.
• The email feature of the Service is intended for transactional and shop-originated customer communications (such as invoice delivery, appointment reminders, service updates, receipts, and direct correspondence with Customer's own customers). It is not intended for and may not be used for cold-outreach marketing, unsolicited promotional blasts to lists compiled from third-party sources, or any activity that would trigger a pattern of spam complaints or bounces.
• Customer's use of email features is subject in addition to the email delivery provider's acceptable use policy.

6. Messaging — Facebook Messenger and Instagram

Customer's use of Facebook Messenger and Instagram direct messaging features through the Service is subject to Meta's Platform Terms, Commerce Policies, Community Standards, and messaging policies, including:

• the 24-hour customer-messaging window (outbound messages sent outside that window require an approved Meta message-tag category);
• restrictions on unsolicited outbound marketing, promotions, and sweepstakes;
• business-verification requirements, which Customer is responsible for completing with Meta;
• content restrictions imposed by Meta's Community Standards and Commerce Policies; and
• any other restrictions imposed by Meta from time to time.

Customer's Facebook Page and Instagram business account remain Customer's responsibility. The Service provides tooling to send and receive messages through Meta's APIs; it does not operate Customer's Meta presence. Meta may revoke, rate-limit, or modify access at any time, and we are not responsible for any such action by Meta.

7. Security and Service Integrity

Customer and its Authorized Users may not:

• probe, scan, or test the vulnerability of any part of the Service except through an authorized security-research channel we make available from time to time;
• circumvent, disable, or attempt to circumvent any authentication, authorization, rate-limit, or other security or technical measure of the Service;
• share account credentials, authentication tokens, session cookies, or PINs with any person not authorized to access the account;
• access, or attempt to access, any account, tenant, data, or feature that Customer is not authorized to access;
• intercept, monitor, or modify network traffic to or from the Service;
• introduce any functionality or code designed to exploit, degrade, or surveil the Service or any Third-Party Service; or
• automate interaction with the Service in a manner that circumvents rate limits, quota, or other technical controls, or that imposes a load on the Service disproportionate to the permitted use of Customer's subscription plan.

8. Fair Use and Scope of Use

8.1 One physical operating location per subscription. Each subscription to the Service entitles Customer to operate one physical operating location on that tenant. Customer with multiple operating locations must maintain one subscription per location. Cross-location functionality (for example, inventory visibility across locations, cross-location team communication) is provided, when available, through the platform's federation features, not by sharing a single tenant across multiple locations.

8.2 Ambiguous cases. Customer is responsible for matching subscriptions to its operating locations. Where the application of Section 8.1 is unclear (for example, mobile operations tied to a physical shop, seasonal satellite locations, pop-up installations, test or training environments, and similar edge cases), we will evaluate the situation and determine whether separate subscriptions are required. Our determination in such cases is final.

8.3 Consultants and multi-tenant operators. A person or firm managing the operations of multiple unrelated shops is expected to maintain a separate subscription for each shop and to be granted access as an Authorized User of each tenant. A single subscription may not be used to manage the operations of multiple unrelated shops.

8.4 Authorized User uniqueness. Each Authorized User credential represents one specific individual and may not be shared. If Customer exceeds the Authorized User limit of its subscription plan, we may require Customer to upgrade the plan or remove users before full access is restored. Authorized Users who work across multiple tenants Customer operates count against each tenant's Authorized User limit separately.

8.5 Competitor access. Customer may not use access to the Service (directly, through its Authorized Users, or through any person or entity acting on Customer's behalf) to benchmark, reverse-engineer, or replicate the Service, or to build or support a product or service that competes with the Service. This mirrors Section 9.2 of the Terms in plain language.

8.6 Data export and hoarding. Customer is entitled to export Customer Data at any time using the tools the Service provides. Customer may not use automated or bulk methods to continuously extract Customer Data, or to extract data that does not belong to Customer.

9. AI Assistant

The in-app AI Assistant is provided as a productivity tool to answer questions about the Service and assist Customer with routine operations. The AI Assistant is subject to this AUP in the following ways:

• The AI Assistant may not be used to generate, draft, or distribute content that would violate this AUP if it were authored manually. For example, Customer may not ask the AI Assistant to draft an SMS template that violates Section 4, or to generate content prohibited by Section 3.
• The AI Assistant may not be used to circumvent any rate limit, technical control, or policy of the Service.
• The AI Assistant may not be used to extract or attempt to extract system prompts, configuration, or confidential information about the Service's operation.

We may suspend Customer's or any Authorized User's access to the AI Assistant independently of other features if we detect misuse.

10. Enforcement

10.1 Tiered response. We will enforce this AUP through a tiered response designed to resolve violations while preserving Customer's day-to-day operations where possible.

• Tier 1 — Warning. For minor or first-time violations (for example, a missing CAN-SPAM footer on a single email template), we will notify Customer in writing, describe the violation, and provide a cure period of fourteen (14) days. No feature restriction is imposed during the cure period.
• Tier 2 — Partial restriction. For moderate or repeated violations, for violations not cured during a Tier 1 warning, or for violations affecting a single feature (for example, sending SMS without adequate consent records), we may disable or restrict the affected feature while keeping the rest of the Service available, and provide a cure period of fourteen (14) days to address the root cause. Access to the restricted feature is restored on our confirmation that the violation has been cured.
• Tier 3 — Immediate suspension or termination. For severe violations, including violations of law, violations that create an immediate security risk to the Service or its customers, violations that place at risk the Service's relationships with messaging providers or payment processors, or repeated Tier 2 violations, we may suspend or terminate Customer's subscription in accordance with Section 6.6 of the Terms, without prior notice. Notice will be given as practicable following the action.

10.2 Cooperation. Customer will cooperate with any investigation of an alleged violation. Reasonable cooperation includes preserving relevant records, providing consent-collection evidence on request, and refraining from further similar conduct while an investigation is underway.

10.3 Cost recovery. If a violation of this AUP results in chargebacks, fines, carrier penalties, claims, or other costs to us or our Third-Party Service providers, Customer is responsible for those costs, in accordance with Section 16.2 of the Terms.

11. Reporting Violations

Reports of suspected AUP violations, including copyright complaints and formal abuse reports, should be sent to:

legal@1sixty8.com

Reports should describe the violation, identify the Customer or Authorized User involved (where possible), and include any supporting evidence. We investigate all reports we receive but do not confirm receipt or outcomes to reporters in most cases. Good-faith reports are welcome; bad-faith or harassing reports may themselves be treated as a violation of this AUP.

Informal concerns that do not allege a violation may be raised through the in-app support ticket system.

12. Changes to This Policy

We may update this AUP from time to time by posting an updated version at /legal/acceptable-use and revising the effective date.

• We will provide at least thirty (30) days' advance written notice for changes that materially increase Customer's obligations or expand the categories of prohibited conduct or content.
• Minor clarifications, new examples, and changes to cross-references are effective on posting and do not require advance notice.
• Unlike material changes to the Terms, changes to this AUP do not require click-through re-acceptance. Customer's continued use of the Service after the effective date of an updated AUP constitutes acceptance of the updated AUP.

A changelog is published at the end of this AUP.

13. Contact

Questions about this Acceptable Use Policy, or reports of suspected violations, may be sent to legal@1sixty8.com. Postal correspondence may be addressed to:

1sixty8 media, inc. Attn: Legal 273 Smith Road Kunkletown, PA 18058

Changelog

| Version | Date | Summary of Change | |---|---|---| | 1.0 | [DATE] | Initial AUP published as placeholder pending attorney review. |