Acceptable Use Policy

JN SHORT ACCEPTABLE USE POLICY (AUP)

 

AUP 1. Purpose and scope

This Acceptable Use Policy (AUP) sets the rules for using JN Short’s services, including short links, QR codes, bio pages, hosted files (where enabled), custom domains, and any APIs, SDKs or integrations (collectively, the “Service”). THE AUP FORMS PART OF THE TERMS OF SERVICE (THE “TERMS”) AND IS BINDING ON ALL USERS. Capitalised terms have the meaning given in the Terms. If there is any conflict, the order of precedence is as stated in the Terms.

 

AUP 2. Who this applies to

This AUP applies to account owners, Administrators, team members, invited users, API users, and any person accessing content via the Service. If you use the Service on behalf of an organisation, you must ensure your users and contractors comply with this AUP.

 

AUP 3. What you may do (permitted use)

Subject to the Terms and this AUP, you may: (a) create and manage short links and QR codes; (b) publish bio pages and, where enabled, host files that you own or are lawfully entitled to use; (c) route visitors to lawful destinations; (d) collect analytics provided by the Service; and (e) use the API strictly within documented limits. You must ensure you have all necessary rights, authorisations and consents (including privacy/cookies consents) for any data you process using the Service.

You may also use INCENTIVISED TRAFFIC (E.G., LOYALTY/REWARD LINKS) PROVIDED THERE IS CLEAR, PROMINENT DISCLOSURE AT OR BEFORE THE CLICK/SCAN, AND SUBJECT TO AUP 5.5.

 

AUP 4. Prohibited content

Prohibited. You must not use the Service to publish, host, link to, redirect to, promote or otherwise make available any content that:

(a) MALWARE & EXPLOITS: contains or distributes malware, viruses, worms, trojans, spyware, keyloggers, rootkits, RATs, backdoors, botnet C2, cryptojacking scripts, drive‑by downloads or similar harmful code;

(b) PHISHING & SOCIAL ENGINEERING: impersonates services or brands to harvest credentials or sensitive data, or uses deceptive landing pages or QR codes for fraud;

(c) SPAM & UNSOLICITED COMMUNICATIONS: promotes unsolicited bulk e‑mail/SMS/push messages, lead generation via purchased lists, or “snowshoe”/“hailstorm” patterns;  

(d) IMPERSONATION, DOXXING & PRIVACY VIOLATIONS: impersonates a person or organisation without authority; reveals personal data (including doxxing) without a lawful basis and required consents; or violates data‑protection, confidentiality or publicity rights;

(e) CSAM & CHILD SAFETY: contains or facilitates child sexual abuse material or any sexualisation of minors; grooming; trafficking or exploitation of persons; (ZERO‑TOLERANCE — WE WILL REPORT TO RELEVANT AUTHORITIES);

(f) HATE, TERROR & EXTREMISM: promotes or incites violence, terrorism, or violent extremist activity; hate speech targeting protected characteristics; or recruitment for extremist causes;

(g) ILLEGAL GOODS/SERVICES: involves illegal drugs, unauthorised prescription medicines, weapons, explosives, hacking services or tools intended to commit crime;

(h) UNLAWFUL GAMBLING: facilitates gambling in jurisdictions where unlawful or without required licences and age‑gating;

(i) HIGH‑RISK FINANCIAL SCAMS: promotes Ponzi/pyramid schemes, multi‑level marketing that misrepresents earnings, get‑rich‑quick, unregistered securities or misleading crypto/forex schemes, or fake investment “signals”;  

(j) IP INFRINGEMENT: infringes copyright, database rights, design rights, trade marks or other IP;  

(k) ADULT CONTENT ILLEGALITY: violates applicable laws on adult content distribution, age verification or consent;  

(l) VIOLENCE & SELF‑HARM: glorifies or incites violence or self‑harm;  

(m) MEDICAL/LEGAL MISREPRESENTATION: presents health, medical or legal claims likely to cause harm or that are unlawful to advertise;  

(n) OTHER UNLAWFUL OR HARMFUL CONTENT: is otherwise illegal, harmful, deceptive or contrary to applicable law or regulation.

 

AUP 5. Platform & traffic integrity (prohibited conduct)

Prohibited. You must not:

(a) ARTIFICIAL TRAFFIC & BOTS: generate or procure artificial clicks, scans, installs or visits using bots, headless browsers, click-farms, pay-to-click schemes, or any automated means not expressly permitted; INCENTIVISED TRAFFIC IS ONLY PERMITTED UNDER AUP 5.5.

(b) MISLEADING PRESENTATION: cloak destinations; mislabel link text, previews or QR captions to deceive; use forced redirects, pop‑unders, auto‑redirects, cookie‑stuffing or drive‑by downloads;

(c) SECURITY CIRCUMVENTION: probe, scan or test the vulnerability of the Service; bypass, disable or circumvent authentication, rate‑limits, IP blocks or other security controls;  

(d) SERVICE DISRUPTION: overload the Service (including bandwidth or API capacity), initiate DDoS or similar attacks, or interfere with normal operation;

(e) UNAUTHORISED AUTOMATION & SCRAPING: access the Service via robots or scrapers except as allowed by our API Terms; violate our robots.txt; harvest data from other users’ content or analytics;  

(f) PRIVACY BYPASS: collect or process personal data without a lawful basis and, where required, without PRIOR CONSENT under applicable privacy/e‑privacy laws;  

(g) RESALE OR SUB‑LICENSING: resell, sub‑license or provide the Service on a service‑bureau basis without our written permission;  

(h) DOMAIN ABUSE: use custom domains for fast‑flux hosting, bulletproof hosting, or similar evasion tactics;  

(i) EVASION: take steps to circumvent suspension, throttling or other enforcement; or  

(j) ANY ACTIVITY that would cause us or our providers to violate law or third‑party terms.

 

AUP 5.5 Incentivised traffic (permitted with conditions)

Incentivised traffic (including loyalty, rewards, cashback, points, vouchers, sweepstakes entries or similar incentives) is PERMITTED ONLY IF ALL of the following conditions are met:

(1) CLEAR DISCLOSURE: There is CLEAR, PROMINENT DISCLOSURE at or before the click/scan that a reward or incentive is offered (for example, labels such as "AD", "SPONSORED", "REWARDED LINK" or an equivalent explicit notice). Where the medium permits, the disclosure must appear on or adjacent to the link preview, button text or QR caption.

(2) NO AUTOMATION OR FRAUD: Traffic must be HUMAN‑INITIATED and not generated by bots, headless browsers, click‑farms or scripts. You must implement reasonable measures to prevent fake or repeated actions intended solely to obtain rewards.

(3) NO DECEPTIVE PRACTICES: Do not mislead about the nature, value, odds, timing or conditions of the reward. No cloaking, forced redirects, pop‑unders, auto‑redirects, cookie‑stuffing or drive‑by downloads.

(4) PRIVACY & CONSENT: Where personal data or cookies/trackers are used to administer the incentive or measure outcomes, YOU MUST IMPLEMENT LAWFUL DISCLOSURE AND OBTAIN CONSENT WHERE REQUIRED (e.g., under GDPR/ePrivacy in the EU). Do not profile children in violation of local law.

(5) ADVERTISING & CONSUMER LAW COMPLIANCE: You must comply with applicable advertising standards and consumer‑protection laws in the target jurisdiction(s), including requirements on disclosures, endorsements and unfair commercial practices.

(6) PLATFORM & THIRD‑PARTY TERMS: If incentives relate to third‑party platforms (e.g., app stores, social networks, marketplaces), you must comply with their applicable policies.

(7) ANALYTICS INTEGRITY: Do not manipulate analytics or attempt to conceal the incentivised nature of traffic. Where technically feasible, you should flag incentivised campaigns (for example, via a campaign parameter) so they can be analysed separately.

(8) AGE‑GATING WHERE REQUIRED: Do not target minors with financial incentives where prohibited by law. Where permitted, ensure appropriate AGE‑GATING and, if required, VERIFIABLE PARENTAL CONSENT.

 

AUP 6. Privacy, tracking & cookies

(a) CONSENT: If you use analytics, cookies or similar technologies via the Service, YOU MUST IMPLEMENT LAWFUL DISCLOSURE AND CONSENT MECHANISMS where required (for example, ePrivacy/GDPR in the EU).  

(b) DATA MINIMISATION: Do not collect more personal data than necessary; avoid sensitive categories unless strictly lawful and agreed.  

(c) CHILDREN: Do not knowingly track or profile children where prohibited or without appropriate consent mechanisms under local law.

(d) TRANSPARENCY: You must provide a clear privacy notice for your properties that explains your use of JN Short and relevant analytics/cookies.

 

AUP 7. Intellectual property & brands

Do not use the Service to infringe IP, misappropriate trade secrets, misuse trade marks (including confusingly similar names), or to impersonate brands. On substantiated notice, we may disable or remove content and treat the account as a repeat infringer as set out below.

 

AUP 8. Regulated & sensitive industries

If you operate in a regulated sector (e.g., financial services, health, pharmaceuticals, adult content, gambling), YOU ARE RESPONSIBLE FOR LICENSING, DISCLOSURES, AGE‑GATING AND GEO‑RESTRICTIONS. We may require additional assurances, restrict features, or suspend use in jurisdictions where your activities are unlawful.

 

AUP 9. Security research

Unapproved testing (including penetration tests, exploit development or scanning) is PROHIBITED. If you discover a vulnerability inadvertently, follow our Vulnerability Disclosure Policy. We provide limited safe‑harbour ONLY as stated in that policy and only if you act in good faith and within scope.

 

AUP 10. Reporting abuse

Report suspected abuse or AUP violations at https://jnshort.com/contact or e‑mail abuse@jnshort.com. Provide the shortened link/QR, destination URL, a description of the issue, evidence (e.g., screenshots), and your contact details. For urgent harms (e.g., PHISHING, CSAM, TERROR CONTENT), mark the report as URGENT in the title.

 

(d) SLA TARGETS FOR REVIEW: We aim to triage URGENT reports (phishing/CSAM/terror content) within 24 HOURS and standard reports within 72 HOURS. Complex cases may take longer; we will update you where practicable. These are targets, not guarantees and are separate from any SLA.

(a) ACTIONS WE MAY TAKE: warning; link/QR/bio/file takedown; content filtering; feature restrictions; throttling; temporary suspension; PERMANENT BAN; IP blocking; contacting registrars/hosts/ISPs; and legal action.  

(b) STATEMENT OF REASONS: Where required by the EU DIGITAL SERVICES ACT, we will issue a STATEMENT OF REASONS explaining our decision.  

(c) APPEALS: You may APPEAL decisions via the channel described in the Moderation, Notice‑and‑Action & Appeals Policy. We aim to review standard appeals within 14 DAYS. Manifestly abusive or duplicative appeals may be closed more quickly.  

(d) SLA TARGETS FOR REVIEW: We aim to triage URGENT reports (phishing/CSAM/terror content) within 24 HOURS and standard reports within 72 HOURS. Complex cases may take longer; we will update you where practicable.

 

AUP 12. Repeat‑infringer policy

We may classify an account as a REPEAT INFRINGER where there are multiple substantiated violations (for example, THREE (3) OR MORE within a rolling 90‑DAY period) or any single egregious breach (e.g., CSAM). Repeat infringers may be permanently banned and related accounts blocked. We may maintain internal records necessary to enforce this policy in accordance with our Privacy Policy.

Examples include repeated actions listed in AUP 11(a) and decisions recorded under DSA 8. Egregious breaches include, for example, CSAM, phishing at scale, or terror content.

 

AUP 13. Preservation, disclosure & law enforcement

We may PRESERVE RELEVANT LOGS AND DATA for a reasonable period to investigate alleged violations, comply with legal process or protect users. We may disclose data to competent authorities where legally required or to address imminent harm, in line with our Privacy Policy and applicable law. CSAM reports will be escalated immediately to the appropriate hotlines or law‑enforcement bodies. — Legal bases: GDPR Art. 6(1)(c) (legal obligation) and/or Art. 6(1)(f) (legitimate interests) as applicable.

 

AUP 14. Custom domains, destinations & third‑party terms

If you use custom domains or redirect to third‑party platforms, YOU MUST COMPLY with the applicable terms and policies of those providers. We may restrict or suspend use where third‑party complaints or terms require action.

 

AUP 15. API‑specific acceptable use

API keys are personal to your account. YOU MUST KEEP KEYS CONFIDENTIAL. Do not exceed documented rate limits, attempt to bypass quotas, or use the API to collect data about other users or to replicate the Service. We may revoke keys that breach this AUP or the API Terms.

 

AUP 16. Sanctions & export controls

You must not use the Service in violation of sanctions or export‑control laws. We may restrict access where required by law or government order.

 

AUP 17. Consequences of breach

Consequences may include any measures in AUP 11(a) and Section 5 of the Terms. YOU MUST NOT CIRCUMVENT, OR ATTEMPT TO CIRCUMVENT, ANY TECHNICAL OR ORGANISATIONAL MEASURES WE IMPLEMENT.

 

AUP 18. Changes to this AUP

We may update this AUP as described in the “Changes to Terms” section of the Terms. Material updates will be notified in advance where required.

 

AUP 19. Contact

General questions: support@jnshort.com. Abuse/urgent harms: abuse@jnshort.com.