Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs use of the All In One AI Bot platform and related services ("Service") provided by ALL IN ONE MARKETING.COM, INC. ("Company," "we," "us," or "our"). This AUP is incorporated into our Terms and Conditions ("Terms"), and applies to all Subscribers, Agency Subscribers, Sub-Subscribers, and any other users of the Service (collectively, "you" or "Subscriber"). Capitalized terms used but not defined here have the meanings given in the Terms.

By accessing or using the Service, you agree to comply with this AUP. Violations may result in immediate suspension or termination of your account, forfeiture of pre-paid fees, reporting to carriers and regulators, and legal action.

1. Purpose

The purpose of this AUP is to:

• Protect the integrity and reputation of the Service, the Company's A2P 10DLC Brand and Campaign registrations, the Company's carrier relationships, and other Subscribers;
• Comply with applicable law, including the Telephone Consumer Protection Act ("TCPA"), the CAN-SPAM Act, state mini-TCPA laws, and consumer protection laws;
• Comply with carrier rules, including those of AT&T, T-Mobile, Verizon, and other U.S. mobile network operators;
• Comply with industry guidelines, including the Cellular Telecommunications Industry Association ("CTIA") Messaging Principles and Best Practices, The Campaign Registry ("TCR") requirements, and CTIA Short Code Monitoring Handbook standards; and
• Protect End Users from spam, fraud, harassment, and other harmful messaging.

This AUP applies to all messages, content, and conduct on or through the Service, regardless of channel (SMS, MMS, iMessage, RCS, voice, email, or any other communication method).

2. Forbidden Message Categories

You may not use the Service to transmit, facilitate, or attempt to transmit messages, advertisements, or content related to any of the following categories ("Forbidden Categories"). These restrictions apply regardless of consent obtained from End Users, except where you have obtained an explicit written carrier exemption and the Company has authorized the use case in writing.

2.1 SHAFT Categories

• Sex. Sexually explicit, suggestive, or pornographic content; adult dating; escort services; sex toys; or content promoting prostitution or human trafficking.
• Hate. Content that promotes hatred, discrimination, or violence against any individual or group based on race, ethnicity, national origin, religion, gender, gender identity, sexual orientation, disability, age, or any other protected characteristic.
• Alcohol. Marketing, promotion, or sale of alcoholic beverages, except where age-gating is in place and explicit carrier exemption has been obtained.
• Firearms. Marketing, promotion, or sale of firearms, ammunition, firearm components, conversion kits, ghost guns, or related accessories.
• Tobacco. Marketing, promotion, or sale of tobacco products, e-cigarettes, vaping products, or any nicotine-containing products.

2.2 High-Risk Financial Services

• Direct Lending and Loan Arrangement. Payday loans, short-term high-interest lending, auto-title loans, debt consolidation, debt collection, debt reduction, debt settlement, debt relief, credit repair, or third-party lead generation for any of the foregoing.
• Investment Schemes. Stock trading tips, cryptocurrency promotions, forex trading promotions, get-rich-quick schemes, investment "opportunities" with guaranteed returns, or unregistered securities offerings.
• Cryptocurrency. Promotion, sale, or trading of cryptocurrency, NFTs, ICOs, or related products, except where you are a registered financial institution and the Company has authorized the use case in writing.

2.3 Gambling

Lotteries, casinos, sports betting, online gaming for money, sweepstakes (except as expressly permitted under carrier rules), or fantasy sports betting, except where you are a licensed operator in the relevant jurisdiction and the Company has authorized the use case in writing.

2.4 Cannabis and Controlled Substances

Marijuana, CBD, kratom, cannabinoid products, prescription medications without a valid medical relationship, or any controlled substances regulated under the Controlled Substances Act.

2.5 Multi-Level Marketing (MLM)

Pyramid schemes, multi-level marketing recruiting, business opportunity scams, or "work-from-home" income schemes.

2.6 Phishing, Fraud, and Deceptive Marketing

• Phishing, smishing, or attempts to obtain Personal Information by deception;
• Impersonation of any person, business, government agency, financial institution, healthcare provider, or carrier;
• Fake or deceptive marketing, including false claims of winnings, prizes, refunds, or government benefits;
• Fake delivery notifications or shipping notices;
• Romance scams, advance-fee fraud, or any form of financial fraud;
• Fake invoice or billing notifications;
• Identity theft, account takeover, or fraud-related communications.

2.7 Adult Content and Services

Adult content, escort services, or any service primarily of a sexual nature, regardless of legality in any jurisdiction.

2.8 Other Prohibited Content

• Threats, harassment, intimidation, stalking, doxxing, or revenge messaging;
• Defamation, libel, or false statements about any person or entity;
• Illegal goods, services, or activities of any kind;
• Content that violates intellectual property rights, including copyright, trademark, or trade secret;
• Malware, viruses, ransomware, exploit code, or links to malicious software;
• Pyramid schemes, chain letters, or any form of unsolicited mass marketing;
• Content that violates any law, regulation, or carrier rule.

3. Consent Requirements

3.1 General Consent Requirement

You must obtain valid consent from every End User before sending any message through the Service, in accordance with the TCPA, CAN-SPAM Act, state mini-TCPA laws, CTIA guidelines, and carrier rules.

3.2 Tiered Consent Standards

Different message types require different levels of consent:

• Express Written Consent (highest standard). Required for marketing, promotional, or advertising messages to mobile numbers. Must include:
  • Clear and conspicuous disclosure that the End User is consenting to receive marketing messages via automated technology;
  • Identification of the specific seller or business;
  • Disclosure that consent is not a condition of purchase;
  • Statement of message frequency (e.g., "up to 10 messages per month");
  • "Msg & data rates may apply";
  • Opt-out instructions ("Reply STOP to unsubscribe");
  • HELP instructions ("Reply HELP for help").
• Express Consent. Required for non-marketing automated messages (transactional, informational). Lower standard than express written consent but still requires affirmative agreement to receive messages.
• Established Business Relationship (EBR). May permit certain communications to End Users with whom you have a current or prior business relationship, consistent with TCPA exemptions. EBR alone does NOT permit marketing messages to mobile numbers without separate express written consent.

3.3 Consent Documentation

You must maintain contemporaneous, auditable records of every consent obtained, including:

• Date and time of consent;
• Method of consent (web form URL, voice recording, written form, keyword opt-in, etc.);
• IP address (where applicable);
• Exact text of the consent disclosure shown or read to the End User;
• End User contact information.

You must produce consent records to the Company, carriers, TCR, or regulatory authorities upon request within five (5) business days.

3.4 Prohibited Consent Practices

The following do NOT constitute valid consent:

• Pre-checked checkboxes or default opt-in;
• Consent buried in dense terms of service without conspicuous disclosure;
• Consent obtained through deception or material misrepresentation;
• Consent obtained from list purchases, scraping, skip tracing, or third-party "leads" without confirming the End User originally consented to receive messages from your specific business;
• Consent obtained more than 18 months prior without subsequent confirmation, for marketing purposes;
• Consent obtained from a different brand, entity, or business and "transferred" to you;
• Consent for a substantially different purpose or product than the messages being sent.

3.5 List Purchases and Third-Party Leads

Use of purchased lists, scraped contact data, skip-traced numbers, or third-party "lead" lists for messaging is presumptively a violation of this AUP unless you can document, for each individual End User, that the End User provided valid consent to receive messages from your specific business under the standards in Section 3.2. The burden of proof is on you.

4. Opt-Out Compliance

4.1 Required Opt-Out Keywords

The Service automatically processes the following keywords as opt-out requests across all Subscribers: STOP, UNSUBSCRIBE, OPT OUT, CANCEL, END, QUIT, REVOKE, UNSUB. You may not disable, override, or interfere with this automated opt-out processing.

4.2 Cross-Channel Opt-Out

You must honor opt-out requests received through any channel — SMS, voice, email, web form, mail, in-person, social media, regulatory filing, or any other communication — within the timeframes required by applicable law (generally a reasonable period, and no more than 10 business days under FTC regulations).

4.3 Opt-Out Confirmation

Upon receiving an opt-out, the Service automatically sends a single confirmation message and ceases further automated messaging. You may not send additional messages following an opt-out except for a single confirmation message that does not contain marketing content.

4.4 No Re-Contact After Opt-Out

You may not re-contact, re-add, or resume automated messaging to any End User who has opted out unless you have obtained new, valid express written consent from that individual following the opt-out. Re-engaging an opted-out End User without new consent is a serious violation.

4.5 Cross-Account Opt-Out

The Company maintains platform-wide opt-out enforcement at the messaging-service level for traffic sent under the Company's A2P 10DLC registration. Opt-outs received in one Subscriber account do not necessarily propagate to other Subscriber accounts; you remain responsible for managing your own opt-out lists across all your numbers and channels.

4.6 Do-Not-Call Registry

You must cross-reference your contact lists against the National Do Not Call Registry and any applicable state DNC registries before sending marketing messages, and you must not message numbers on these registries except where an applicable exemption applies and you have documented evidence of that exemption.

5. Quiet Hours and Time Restrictions

5.1 Federal TCPA Restrictions

The TCPA generally restricts automated calls and text messages to the hours of 8:00 AM to 9:00 PM in the End User's local time zone.

5.2 State-Specific Restrictions

Many states impose stricter restrictions, including:

• Earlier evening cutoffs (e.g., 8:00 PM in Florida, Oklahoma, Washington, Virginia, Massachusetts, Mississippi, Indiana, South Carolina);
• Later morning starts (e.g., 9:00 AM in Connecticut, Texas);
• Sunday or weekend prohibitions (e.g., Georgia, Tennessee, North Carolina, Louisiana);
• Holiday restrictions in some jurisdictions.

5.3 Subscriber Responsibility

You are solely responsible for configuring your messaging schedule to comply with all applicable federal, state, and local quiet hours laws based on the locations of your End Users. The Service provides recommended default hours (9:00 AM – 8:00 PM, Monday through Saturday, Sunday disabled), but these may not be sufficient for compliance in all jurisdictions, and the Service permits you to override them at your own risk.

5.4 No Override for Marketing

You may not override quiet hours for marketing or promotional messages. Override is intended only for emergency communications, time-sensitive transactional messages (e.g., delivery confirmations, two-factor authentication), and other categories permitted by law.

6. Initial Period (A2P 10DLC) Requirements

During the Initial Period described in Section 3.2 of the Terms, while your individual A2P 10DLC Brand and Campaign registration is pending, the following additional requirements apply:

6.1 Volume Limits

Your outbound messaging is capped at the daily segment limit displayed in your account dashboard. This limit is enforced platform-side and cannot be exceeded.

6.2 Content Restrictions

Initial Period messaging is restricted to conversational, transactional, and customer service use cases consistent with the Company's platform-level Mixed campaign registration. The following are restricted during the Initial Period and unlock only upon approval of your individual A2P registration:

• Cold outbound marketing messages to End Users who have not initiated conversation;
• Bulk lead-nurture sequences to lists of more than 50 unique recipients per day;
• Promotional offers, discount codes, and time-limited deals;
• Campaign blasts of any kind.

6.3 Recipient Pattern Restrictions

The Company monitors Initial Period traffic for blast patterns, including:

• Unusually high recipient diversity per number;
• Low engagement rates (high non-response, high opt-out, low reply rate);
• Sudden volume spikes;
• Outbound to recipients with whom no prior inbound conversation exists.

Accounts exhibiting blast patterns may be automatically suspended pending review.

6.4 Identity Verification

You must complete all identity verification steps requested by the Company during the Initial Period, including phone OTP verification, email verification, business documentation submission, and where applicable, EIN and Stripe Identity verification.

7. Carrier and TCR Compliance

7.1 A2P 10DLC Registration

You must complete your individual A2P 10DLC Brand and Campaign registration through the Service in good faith, providing accurate and complete information. Repeated registration rejections due to inaccurate information may result in suspension.

7.2 No Number Rotation or Snowshoeing

You may not engage in:

• Number rotation — switching between phone numbers to evade carrier filtering, complaint thresholds, or A2P registration limits;
• Snowshoeing — distributing high-volume traffic across many low-volume numbers to evade detection;
• Brand swapping — operating under multiple brand identities to evade carrier or TCR enforcement;
• Campaign abuse — sending messages outside the use case approved for your registered campaign.

7.3 Sample Messages and Use Case Accuracy

The sample messages and use case description you provide during A2P registration must accurately reflect the messages you will send. Sending materially different content than you registered is a violation.

7.4 Trust Score and Throughput

Your A2P 10DLC trust score is determined by TCR based on identity verification, business legitimacy, and messaging behavior. Throughput limits are determined by trust score. The Company does not control trust scores or throughput tiers. You may be required to use Company-pass-through services such as Aegis Mobile / Vet+ to improve trust score; these services involve additional fees.

7.5 URL Shorteners

You may not use public URL shorteners (such as bit.ly, tinyurl.com, t.co, ow.ly, goo.gl, is.gd) in messages sent through the Service. These are presumptively spam-flagged by carriers. Use full URLs to your own domain or a Company-approved branded shortener.

7.6 Sender Identification

Every message must clearly identify the sending business by name. Anonymous, pseudonymous, or misleading sender identification is prohibited.

8. AI-Specific Requirements

8.1 AI Disclosure

Where required by applicable law, you must configure the AI to disclose to End Users that they are interacting with an automated system. This includes:

• California Bot Disclosure Law (Cal. Bus. & Prof. Code § 17940 et seq.) — requires disclosure when using bots to incentivize sales or influence votes;
• Similar state and federal AI/automation disclosure laws as enacted.

8.2 No Impersonation of Humans

You may not configure the AI to falsely claim to be a human when directly asked, or to impersonate a specific real person, government employee, healthcare provider, attorney, financial advisor, or other licensed professional.

8.3 No Professional Advice Without Authority

The AI must not provide legal, medical, financial, tax, or other regulated professional advice unless you are a licensed professional in the relevant field and have configured the AI consistent with your professional obligations. The AI should disclose its limitations and direct End Users to qualified professionals where appropriate.

8.4 No Manipulation of Vulnerable Populations

You may not use the AI to:

• Exploit cognitive biases, emotional vulnerability, or financial desperation;
• Pressure End Users into urgent decisions through false scarcity or fabricated deadlines;
• Extract Sensitive Personal Information through deception;
• Target minors, the elderly, or other vulnerable populations with manipulative messaging.

8.5 AI Output Review

You are responsible for reviewing AI-generated content for accuracy, appropriateness, and compliance. AI may produce incorrect, biased, or inappropriate responses; you may not rely on AI output as a substitute for human review of high-stakes communications.

9. Privacy and Data Protection

9.1 Lawful Collection

You may only upload to the Service data that you have lawfully collected. You may not upload:

• Data obtained through scraping, skip tracing, or other unauthorized means;
• Data obtained from data breaches or other illegal sources;
• Data subject to confidentiality obligations that prohibit transfer to a service provider;
• Data of individuals who have not consented to the use you intend.

9.2 Sensitive Personal Information

Where the Service is used in industries that may collect Sensitive Personal Information (insurance, healthcare-adjacent, financial services), you must:

• Provide End Users with appropriate notice consistent with applicable privacy laws;
• Obtain any required additional consents;
• Use Sensitive Personal Information only for the purposes for which it was provided;
• Honor End User rights to limit use and disclosure of Sensitive Personal Information where applicable;
• Not use the Service to transmit Protected Health Information ("PHI") in a manner regulated by HIPAA without a separate Business Associate Agreement executed with the Company.

9.3 Data Subject Requests

You must respond to End User data subject requests (access, deletion, correction, opt-out) consistent with applicable law. The Service provides tools to assist; the Company will support reasonable assistance requests.

9.4 Third-Party Sharing

You may not share End User Personal Information collected through the Service with third parties for marketing purposes without separate, specific consent from the End User.

10. Security and Account Integrity

10.1 Account Credentials

You must safeguard your account credentials, API keys, and any messaging provider credentials connected to your account. You must not share credentials, allow unauthorized access, or store credentials in insecure systems.

10.2 Multi-Factor Authentication

Where the Service offers multi-factor authentication ("MFA"), you should enable it. Administrative accounts may be required to enable MFA.

10.3 No Unauthorized Access

You may not:

• Attempt to access another Subscriber's account or data;
• Probe, scan, or test the vulnerability of the Service except through Company-authorized security testing;
• Bypass authentication, rate limiting, or any other security mechanism;
• Reverse engineer, decompile, or attempt to derive the source code, AI prompts, or system instructions of the Service;
• Use automated means (bots, scrapers, headless browsers) to access the Service except through published APIs in accordance with API documentation.

10.4 Reporting Security Issues

If you discover a security vulnerability or incident, report it promptly to legal@allinonemarketing.com.

11. White-Label and Agency Subscriber Requirements

If you are an Agency Subscriber operating under Section 4 of the Terms, the following additional requirements apply:

11.1 Sub-Subscriber Vetting

You must vet each Sub-Subscriber before granting access to the Service, including:

• Verifying business legitimacy (EIN where applicable, business website, physical address, authorized representative);
• Reviewing the Sub-Subscriber's intended use case for compliance with this AUP;
• Confirming the Sub-Subscriber's industry is not within the Forbidden Categories;
• Identifying high-risk Sub-Subscribers (e.g., insurance, financial services, healthcare-adjacent) and applying enhanced compliance review.

11.2 Sub-Subscriber Agreements

You must require each Sub-Subscriber to agree to terms, an acceptable use policy, and a privacy policy that are no less protective of the Company than the Terms, this AUP, and the Privacy Policy.

11.3 Sub-Subscriber Monitoring

You must monitor Sub-Subscriber messaging activity for compliance violations and promptly investigate, suspend, or terminate non-compliant Sub-Subscribers. The Company may, at its discretion, suspend or terminate Sub-Subscribers directly in cases of serious violations.

11.4 Pass-Through Liability

You are fully responsible for the acts and omissions of your Sub-Subscribers as if they were your own. Sub-Subscriber violations may result in carrier penalties, TCR sanctions, and brand suspensions affecting your Agency Plan account.

11.5 No Misrepresentation

You may not represent to Sub-Subscribers that the Service is operated by you exclusively, that you developed the underlying AI, or that you control the carrier or TCR registrations under which messages are sent.

12. Volume, Throughput, and Fair Use

12.1 Throughput Limits

Your messaging throughput is determined by your A2P 10DLC trust score, registered campaign tier, carrier-imposed limits, and the Company's platform constraints. You may not attempt to exceed these limits.

12.2 Fair Use

The Service is offered with "unlimited" messaging on certain plans, subject to fair use. Fair use means:

• Messaging volume consistent with normal business operation in your industry;
• No bulk blast campaigns to non-consented recipients;
• Engagement rates (replies, opt-ins, conversions) consistent with legitimate business messaging;
• Opt-out rates below 3% of outbound message volume;
• Spam complaint rates below carrier thresholds (generally 1–2 complaints per 1,000 messages).

The Company reserves the right to throttle, suspend, or impose volume caps on any account exhibiting non-fair-use patterns.

12.3 No DDoS or Resource Abuse

You may not generate excessive API requests, AI inference requests, or other resource-intensive operations designed to disrupt the Service or impose disproportionate costs on the Company.

13. Compliance Monitoring and Enforcement

13.1 Monitoring

The Company monitors Service usage for compliance with this AUP, including:

• Automated content classification of outbound messages;
• Recipient pattern analysis (blast detection, list-purchase indicators);
• Opt-out rate tracking;
• Spam complaint feedback from carriers;
• AI-generated content review;
• Account behavior analytics.

The Company is not obligated to monitor every message and does not guarantee detection of all violations. Subscriber-side compliance remains your responsibility.

13.2 Enforcement Actions

The Company may take any of the following enforcement actions in response to actual or suspected AUP violations:

• Warning — written notice of violation and required corrective action;
• Throttling — temporary reduction in throughput or daily volume limits;
• Feature restriction — temporary disabling of specific features (e.g., outbound messaging, custom keywords);
• Suspension — temporary suspension of account access pending investigation;
• Termination — permanent termination of account, with forfeiture of pre-paid fees;
• Reporting — reporting to carriers, TCR, regulatory authorities, law enforcement, or other compliance partners;
• Legal action — pursuit of legal remedies, including damages and injunctive relief.

The Company may take any of these actions at its discretion, with or without prior notice, depending on the severity of the violation and the risk to the Service, other Subscribers, or End Users.

13.3 Severity Tiers

Violations are generally classified by severity:

Critical violations (immediate suspension or termination):

• Sending Forbidden Category content (Section 2);
• Phishing, fraud, or impersonation;
• Sending without valid consent;
• Re-contacting opted-out End Users;
• Attempting to evade A2P 10DLC compliance (number rotation, snowshoeing, brand swapping);
• Uploading scraped, breached, or unlawfully obtained data;
• Compromising platform security or other Subscribers' data.

Serious violations (warning, throttling, or suspension):

• Quiet hours violations;
• Use of public URL shorteners;
• Misleading sender identification;
• Failure to maintain consent records;
• Excessive opt-out or complaint rates;
• Failure to honor cross-channel opt-outs.

Minor violations (warning):

• Configuration errors that do not materially harm End Users or carrier reputation;
• First-time technical missteps with cooperative remediation.

13.4 No Right to Notice

For Critical violations, the Company may take immediate action without prior notice. For Serious and Minor violations, the Company will generally provide notice and an opportunity to cure, except where doing so would risk further harm.

13.5 Appeals

If your account is suspended or terminated for an AUP violation, you may appeal by emailing legal@allinonemarketing.com within 14 days of the enforcement action. The Company will review appeals in good faith but is not obligated to reverse enforcement decisions.

14. Investigations and Cooperation

14.1 Investigations

The Company may investigate suspected AUP violations, including by reviewing message content, account activity, consent records, and Subscriber-provided data.

14.2 Subscriber Cooperation

You agree to cooperate fully with Company investigations of suspected AUP violations, including by:

• Providing requested consent records, opt-in evidence, and contact list sources within five (5) business days;
• Providing Sub-Subscriber identity, vetting records, and agreements (for Agency Subscribers);
• Responding to Company inquiries promptly and truthfully;
• Pausing messaging activity during investigation if requested.

14.3 Law Enforcement and Regulatory Cooperation

The Company will cooperate with law enforcement and regulatory authorities investigating AUP violations or other illegal activity, consistent with applicable law and the Privacy Policy.

15. Indemnification

You agree to indemnify, defend, and hold harmless the Company and its affiliates from any claims, damages, fines, penalties, or losses arising from your violation of this AUP, including:

• Carrier penalties, TCR sanctions, brand suspensions, or trust score reductions resulting from your messaging activity;
• Regulatory fines and penalties (TCPA, FCC, FTC, state attorneys general);
• End User claims (TCPA class actions, individual TCPA claims, privacy claims);
• For Agency Subscribers, the acts and omissions of your Sub-Subscribers.

This indemnification supplements the indemnification obligations in the Terms.

16. Updates to This AUP

The Company may update this AUP from time to time to reflect changes in law, carrier rules, TCR requirements, or platform capabilities. Material changes will be communicated by email or through the Service at least 30 days in advance. Non-material changes (clarifications, typo corrections, updates reflecting new carrier rules or laws) may take effect immediately upon posting.

Your continued use of the Service after the effective date constitutes acceptance of the updated AUP.

17. Reporting Violations

To report a suspected AUP violation by another Subscriber, by a Sub-Subscriber, or by any user of the Service, contact us at:

Please include as much detail as possible, including the phone number(s) involved, date and time of the messages, message content (screenshots are helpful), and any other relevant information.

To opt out of messages from a specific business using the Service, reply STOP to that business's number.

18. Contact Information

For questions about this AUP, contact us at: