Crossdeck
Legal · AUP Effective 27 May 2026 · v1.0

Acceptable Use Policy

The categories of use that are not permitted on Crossdeck. Each restriction names the specific risk it addresses, the specific behaviour it prohibits, and the enforcement that follows a violation. Drafted to be specific enough to enforce — vague AUPs lose at arbitration; specific AUPs settle quickly.

This AUP is incorporated by reference into the Terms of Service. Violation is a material breach of the Terms and may result in suspension or termination under §15 of the Terms.

1. General prohibitions

You may not, and may not permit any third party to:

  • use the Service to violate applicable law (any law of any jurisdiction where you or your end users are located);
  • use the Service to send or transmit unsolicited commercial communications in breach of the CAN-SPAM Act, GDPR / UK PECR, POPIA, or equivalent;
  • use the Service to send malware, ransomware, phishing payloads, or other malicious content;
  • use the Service to threaten, harass, defraud, defame, or otherwise harm a person;
  • use the Service to infringe the intellectual property or privacy rights of any third party;
  • interfere with the Service's security, availability, or integrity, including by probing, scanning, or testing the vulnerability of the Service (a separate vulnerability disclosure program exists for good-faith research);
  • access the Service through automated means at a rate that materially burdens the Service or other customers;
  • access the Service from a country or by a person subject to economic sanctions imposed by the United Nations, the United States, the European Union, the United Kingdom, or South Africa, where doing so would breach such sanctions.

2. PII flooding

Crossdeck's SDK includes a PII scrubber that detects and replaces common patterns (email addresses, payment-card numbers) with redaction tokens before persistence. The scrubber is a safety net, not a license to send Crossdeck Personal Data the SDK was not designed to receive.

Specifically, you may not:

  • intentionally include full email addresses, phone numbers, government identification numbers, payment-card numbers, or other directly-identifying Personal Data inside track() event property values or identify() trait values, except for: the email trait on the identify() call (its documented purpose) and any field you have explicitly mapped to Crossdeck's identity-resolution surface;
  • send free-form user-generated text (forum posts, chat messages, comments) as event property values where that text may contain Personal Data of third parties;
  • circumvent or disable the PII scrubber and then transmit Personal Data the scrubber would have caught.

Bulk PII flooding through track() properties is a material breach of this AUP and may trigger immediate suspension under §11.

3. Payment data

Crossdeck is not in PCI scope. We process subscription state, entitlement signals, and purchase event metadata received from our customers' payment rails (Stripe, Apple App Store, Google Play) — never raw payment instruments.

You may not, without prior written agreement from Crossdeck:

  • transmit primary account numbers (PANs), card verification codes (CVV / CVC), magnetic stripe data, or sensitive authentication data through the Service in any form, encrypted or otherwise;
  • transmit raw bank account numbers, IBANs, sort codes, or routing numbers through the Service;
  • configure your application in a way that causes the Service to receive payment data even as an unintended side effect — you are responsible for keeping payment fields out of track() properties, error messages, breadcrumbs, and accessibility labels surfaced by the SDK.

If your use case requires processing of payment data, contact [email protected] before integration. A supplemental agreement, additional security controls, and possibly a PCI scope assessment will be required. Operating without one is a material breach and may trigger immediate termination.

4. Children's data

You may not:

  • install the Crossdeck SDK in an application or service directed to children under thirteen (13) years of age, as that audience is defined by the United States Children's Online Privacy Protection Act (COPPA), 16 CFR Part 312;
  • knowingly transmit Personal Data of a child under thirteen (13) through the Service;
  • install the SDK in an application directed to users under sixteen (16) in the European Economic Area, or below the equivalent national threshold (GDPR Art. 8 — Member States may lower to thirteen), unless the application has obtained verifiable parental consent in compliance with applicable law.

If your use case requires processing of children's data with verifiable parental consent, contact [email protected]. A supplemental agreement is required.

5. Health data & HIPAA

Crossdeck is not a HIPAA business associate. We do not sign Business Associate Agreements (BAAs) and we do not support workflows that involve Protected Health Information (PHI) as defined under HIPAA, 45 CFR Parts 160 and 164.

You may not:

  • install the Crossdeck SDK in any application that receives, stores, processes, or transmits PHI in connection with the Service;
  • transmit health-related Personal Data (diagnoses, conditions, treatments, prescriptions, lab results, biometric health measurements) through the Service;
  • install the SDK in any application regulated as a medical device, in vitro diagnostic, or related software-as-a-medical-device under FDA or comparable foreign regulation;
  • install the SDK in any application subject to the EU Medical Devices Regulation 2017/745 or In Vitro Diagnostic Regulation 2017/746.

6. Other sensitive data

Crossdeck does not provide the additional safeguards required under Applicable Data Protection Law for "special categories" (GDPR Art. 9) or "sensitive personal information" (CPRA), unless agreed in writing in advance.

You may not, without prior written agreement:

  • transmit data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership;
  • transmit genetic data, biometric data uniquely identifying a person, data concerning sex life or sexual orientation;
  • transmit precise geolocation as defined under CPRA (1798.140(ae) — within 1,850 feet);
  • transmit citizenship or immigration status;
  • transmit content of communications (mail, email, text messages) by other than the participant in the communication.

7. Surveillance & high-risk use cases

You may not use the Service:

  • to conduct surveillance of individuals without their consent or a lawful basis equivalent to consent (covert tracking in a workplace or domestic setting; surveillance of activists, journalists, protected categories);
  • to enable mass surveillance by governmental or commercial actors;
  • to make consequential automated decisions about individuals (employment, credit, housing, insurance, immigration, criminal-justice outcomes) using outputs of the Service — Crossdeck is not designed for, and has not been validated for, such decisions;
  • to identify a person's location, movements, or associations without a lawful basis;
  • in connection with weapons of mass destruction, dual-use technology export controls, or biological / chemical agents;
  • to provide intelligence or military services to a third party.

8. No source-of-truth misuse (entitlements)

This restriction is specific to Crossdeck and worth reading twice if you build a paywall on top of our entitlement cache.

Crossdeck's entitlement cache is a synchronisation layer over your chosen payment rail (Stripe, Apple App Store, Google Play). The payment rail is the system of record for "is this user paid right now." Crossdeck mirrors the rail's state with best-effort freshness, outage-preserve semantics, and per-user cache isolation — but a network partition, a rail-side webhook delay, or a stale cache entry can produce a temporary divergence between what Crossdeck says and what the rail says.

You may not:

  • treat Crossdeck's entitlement cache as the system of record for billing-critical decisions where divergence from the payment rail would result in financial loss to you or unjust outcome to your end user (e.g. permanently denying access to a service the user has in fact paid for);
  • build reconciliation flows that resolve a Crossdeck-vs-rail conflict in Crossdeck's favour without verifying against the rail;
  • configure your application to forego periodic reconciliation against the payment rail where billing-critical decisions are made.

You should: use isEntitled(...) for fast paywall reads (microsecond cache lookups suitable for tap handlers); reconcile against your payment rail's API on a periodic schedule and at consequential decision points (subscription renewal, refund processing, account closure, customer support escalation). Crossdeck's role is to make your user-facing paywall fast; the rail's role is to make your billing correct.

9. No reverse-engineering of contracts/

Crossdeck publishes its bank-grade contracts directory at github.com/VistaApps-za/crossdeck/tree/main/contracts under a public-read license. The contracts and the corresponding test corpus represent significant investment and constitute Crossdeck's competitive moat.

You may:

  • read, link to, and reference the contracts directory in your own evaluation of Crossdeck;
  • cite specific contracts to your own auditors, legal counsel, or procurement teams;
  • file pull requests proposing new contracts or improvements to existing ones.

You may not:

  • use the contracts directory, the test corpus, or the underlying schemas as the template, foundation, or training data for a product that competes with the Crossdeck Service;
  • distribute, republish, or commercially exploit the contracts directory as a standalone work;
  • use the test_ref structure or the schema-lock pattern as a template to build a contract-failure reporting system competitive with Crossdeck.

This restriction follows the same principle major LLM vendors apply to their model outputs (e.g. OpenAI's restriction on using their outputs to train competing models): the publicly-readable artefact is for evaluation and integration, not for cloning.

10. Rate limits, quotas, and capacity

Crossdeck enforces rate limits and quotas to maintain service quality for all customers. Limits in force on the Effective Date are published at the API documentation; Crossdeck may change limits with reasonable advance notice (or, where a rapid response is required to maintain service availability, immediately with prompt notice after the fact).

Sustained excess over your plan's quota may result in throttling or, for free-tier accounts, paused ingestion. Crossdeck contacts paid-tier customers before throttling material traffic.

11. Enforcement procedure

Where Crossdeck identifies a potential AUP violation, it will generally:

  1. send written notice to the Customer's registered admin describing the alleged violation and proposed remediation, with 14 days to cure;
  2. where 14 days is impracticable due to risk to other customers, to a third party, or to the integrity of the Service, suspend access on shorter notice and use commercially reasonable efforts to give notice contemporaneous with or promptly after the suspension;
  3. where the violation involves payment data (§3), children's data (§4), HIPAA-regulated PHI (§5), high-risk surveillance use cases (§7), or sanctions exposure (§1), suspend access immediately;
  4. where the violation is material and uncured after the cure period, terminate the affected Service under Terms §15.3.

Crossdeck reserves the right to retain reasonable evidence of an AUP violation for the period required to support enforcement and any subsequent dispute, notwithstanding the deletion procedure in DPA §12.

12. Reporting abuse

If you become aware of a possible violation of this AUP by a Crossdeck Customer, report it to [email protected]. We acknowledge reports within 5 business days and investigate in confidence. We do not disclose the identity of reporters except where compelled by law or with the reporter's consent.