Acceptable Use Policy

This Acceptable Use Policy (the "AUP") applies to every Surfacedd Customer under the Master Services Agreement at /legal/terms, including Advertisers, Publishers, website visitors, and anyone accessing the Surfacedd Services. Publishers are also responsible for ensuring their AI applications and their End Users do not engage in conduct prohibited by this AUP. Surfacedd may update this AUP from time to time without reopening the MSA; the updated version applies on posting.

The following categories of content are prohibited in creative, landing pages, Publisher applications, and anywhere else the Services are used:

• Child sexual abuse material (CSAM). Absolute prohibition. Any suspected CSAM is reported to the National Center for Missing & Exploited Children (NCMEC) and the relevant authorities, and the Customer account is terminated without notice.
• Illegal goods and services in the jurisdiction of the End User, including unlicensed pharmaceuticals, controlled substances, counterfeit goods, and illicit weapons.
• Hate, incitement, and targeted harassment based on protected characteristics.
• Terrorism and violent extremism. Content promoting, facilitating, or glorifying terrorism or violent extremist organizations.
• Human trafficking, non-consensual intimate imagery, and content depicting or facilitating serious harm.
• Deceptive or misleading claims in violation of the FTC Act Section 5 and equivalent consumer-protection law, including false endorsements, fabricated reviews, unapproved medical or financial claims, and misleading pricing.
• Regulated verticals without proper basis — finance, health, crypto, gambling, alcohol, tobacco, cannabis, supplements, legal services — unless the Customer documents the regulatory basis for the claims made.
• Intellectual property infringement, including trademark, copyright, design right, and patent infringement, and passing off as another brand.
• Privacy-invasive content, including material scraped from private channels, non-consensual disclosure of personal information, and stalkerware or surveillance products marketed at non-consenting targets.
• Adult content, except where expressly permitted in a dedicated, age-gated inventory segment agreed with Surfacedd in writing.

• Distributing malware, ransomware, spyware, or other harmful code via the Services.
• Scraping or reverse-engineering the Surfacedd Platform or SDK except as permitted by MSA Section 5 or by applicable law that cannot be waived.
• Attempting to gain unauthorized access to Surfacedd systems, other Customer accounts, or End User data.
• Probing, scanning, stress-testing, or attempting denial-of-service of the Services.
• Circumventing rate limits, authentication, or security controls.
• Generating Invalid Traffic (IVT), including through automated systems, incentivized click schemes, or fraud rings; IVT is defined consistent with the IAB/MRC Invalid Traffic Detection and Filtration Guidelines.
• Modifying, obscuring, or defeating the Sponsored-label rendering obligations in the Publisher Terms Addendum Section 4.

• Labeling circumvention. Any attempt to disguise, remove, or semantically defeat the Sponsored label, including generating wrapper UI that makes sponsored content appear to originate from the underlying AI model.
• Impersonation. Using Surfacedd inventory to promote content that impersonates identifiable natural persons, public figures, or brands without authorization, or to generate synthetic media of such persons without appropriate disclosure under the EU AI Act Article 50 and equivalent transparency regimes.
• Training on Query Context. Using End User Query Context received through the Services to train general-purpose AI models or foundation models, or licensing that data to a third party for model-training purposes.
• Adversarial prompt exploitation. Attempting to exploit the ad-matching engine through prompt injection, jailbreaks, or other adversarial inputs designed to extract non-public information, bypass brand-safety filters, or produce content prohibited by this AUP.
• Deceptive autonomous agent use. Operating autonomous agents that generate Impressions or Clicks without a corresponding human-intent signal, or that misrepresent themselves as human users.
• AI-generated content that would itself breach this AUP. The Acceptable Use requirements apply regardless of whether the content was authored by a human or generated by an AI system.

The Services may not be targeted at children under the age thresholds applicable in the jurisdictions reached — under 13 in the United States (COPPA), under 16 in EU jurisdictions that set that threshold under GDPR Article 8, and the equivalent statutory thresholds elsewhere. Publishers whose applications knowingly serve audiences below those thresholds must not integrate the Surfacedd SDK. Advertisers must not configure targeting designed to reach below- threshold audiences. Regulated-vertical advertisers must observe any additional audience restrictions imposed by the applicable regulator (for example, restrictions on promoting alcohol to audiences under the legal drinking age).

Suspected AUP violations may be reported to [email protected] with enough detail for Surfacedd to investigate. Surfacedd investigates reports on a reasonable-effort basis and does not commit to a specific timeline except where law requires.

Enforcement ladder. Surfacedd\u2019s default response to a breach is a warning with a cure period, followed by suspension under MSA Section 12 if uncured, followed by termination for cause under MSA Section 10. The following breaches trigger immediate termination without a cure period: (a) CSAM or any content generating a mandatory report under applicable law; (b) operation from or on behalf of a sanctions-restricted party; (c) systemic IVT generation; (d) brand-safety breaches causing material third-party harm; (e) any breach that Surfacedd reasonably believes creates imminent legal or security risk.

Surfacedd may withhold pending payouts while investigating a Publisher breach under the Publisher Terms Addendum Section 13. Nothing in this Section limits Surfacedd\u2019s right to seek injunctive or equitable relief or to refer conduct to law enforcement.

Surfacedd may update this AUP from time to time. Because the AUP is intended to evolve in response to product changes and emerging legal standards (for example, IAB Tech Lab CoMP norms and EU AI Act transparency guidance), updates do not require reopening the MSA. The "Last updated" date at the top reflects the current revision. Continued use of the Services constitutes acceptance of the updated AUP. Material changes are notified in advance to paying Customers under MSA Section 23.