This Acceptable Use Policy ("AUP") tells you what you can and cannot do on Zendrhax. It supplements the Terms of Service; the broader account-management rules there apply too.
We enforce this policy fairly but firmly. Violations may trigger content removal, workspace suspension, or full account termination without prior notice when needed to protect the platform.
You must not use the Service to
Harm people or systems
- Distribute malware, viruses, ransomware, exploit kits, or any code designed to disable or compromise other systems.
- Run brute-force, credential-stuffing, denial-of-service, or vulnerability-scanning attacks against the platform, other customers, or third parties.
- Bypass authentication, access-control, rate limits, or any other security control the Service relies on.
Send abusive communication
- Send unsolicited bulk email ("spam") through the platform's shared SMTP or any module that emits email on your behalf.
- Send phishing, scam, malware-laced, or otherwise deceptive communications.
- Use the Service to harass, stalk, threaten, defame, or discriminate against another person.
Host illegal or harmful content
- Upload or process content you do not have the right to use (copyright infringement, leaked trade secrets, etc.).
- Host child sexual abuse material (CSAM). We report any such content to the National Center for Missing & Exploited Children (NCMEC) and to law enforcement as required.
- Host or distribute material that incites violence or terrorism against a person or group.
Circumvent commercial terms
- Resell, sublicense, or "white-label" the Service in violation of your plan.
- Use the Service to build a competing product (scraping, mass exporting, or reverse-engineering platform behaviour beyond what the public API exposes).
- Share API keys or accounts among unrelated parties to evade per-seat or per-key billing.
Misuse fiscal artefacts
- Issue fraudulent invoices through the Invoices app (invoices for goods or services not provided, fake numbering, falsified tax records).
- Alter fiscal documents after emission. The platform's gapless numbering, immutability checks, and credit-note flow exist precisely to make this impossible by design — circumventing them is a violation.
Interfere with the platform
- Probe, scan, or test the vulnerability of the platform without written authorisation through our responsible-disclosure channel.
- Reverse-engineer, decompile, or attempt to extract source code except where the law expressly grants that right.
- Use automated tools to create accounts, generate fake traffic, or artificially inflate any metric the platform exposes.
What we do when we find a violation
The response is proportional to the harm and your history with the Service.
| Severity | Typical response |
|---|---|
| Borderline / first offence | We write to you, explain the issue, ask you to stop. |
| Clear violation | We remove the offending content or feature access and notify you. |
| Repeat or harmful violation | We suspend the workspace or account. |
| Critical (CSAM, active attack, fraud) | We terminate access immediately, preserve evidence, and report to law enforcement. |
We log every enforcement action in the workspace's audit log (where applicable) and in our internal records.
Reporting
If you see something on the Service that violates this policy, write to abuse@zendrhax.com with as much detail as you can — URL, screenshot, time, anything else relevant. We aim to triage within two business days; CSAM and active attacks are escalated immediately.
Security research
If you found a vulnerability and want to report it under our responsible-disclosure framework, write to security@zendrhax.com. Please do not run intrusive tests against the production environment — set up your own test account or contact us first for explicit authorisation.
Contact
- Reporting abuse — abuse@zendrhax.com
- Security disclosure — security@zendrhax.com
- Customer support — support@zendrhax.com