Acceptable Use Policy

Version: 1.7
Status: Approved
Last modified: June 2024
Next Review Date: December 2025

ISO Statement

oboloo is actively preparing for ISO/IEC 27001 certification and has adopted this Acceptable Use Policy to define appropriate behaviours and usage of its systems and services. This policy supports compliance with Annex A control objectives related to acceptable use, security management, and regulatory alignment.

Purpose

The purpose of this Acceptable Use Policy is to establish guidelines for the responsible and secure use of oboloo’s systems, services, and platform. It outlines prohibited behaviours and defines consequences for misuse to protect the integrity, availability, and confidentiality of systems and data.

Scope

This policy applies to all users of oboloo’s platform, including employees, contractors, customers, suppliers, and third-party partners who access the system directly or via API integrations.

Prohibited Activities

Illegal, Harmful, or Offensive Use

You may not use (or facilitate the use of) oboloo’s platform or services for any purpose that is unlawful, harmful, or offensive, including:

  • Conducting or promoting illegal activities, including unlicensed gambling or pornography

  • Engaging in fraud, deception, phishing, or other manipulative schemes

  • Distributing offensive or abusive content, including hate speech or harassment

  • Uploading or distributing malicious code such as viruses, worms, or Trojan horses

High-Risk Activities

Use of the oboloo platform in support of high-risk activities is prohibited, including but not limited to:

  • Life-critical systems (e.g. medical devices, air traffic control)

  • Systems where failure could result in serious injury or death

Security Violations

The following behaviours are strictly prohibited:

  • Attempting to gain unauthorised access to systems or data

  • Intercepting, monitoring, or tampering with communications

  • Circumventing authentication or access restrictions

  • Engaging in any form of hacking, probing, or vulnerability scanning

Message Abuse and Spam

You may not use the Services to:

  • Send unsolicited mass messages or spam

  • Harvest or collect contact information without consent

  • Misrepresent identity in any communication (e.g. email spoofing)

Network Abuse

You may not interfere with the normal functioning of any system, including:

  • Launching denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks

  • Overloading infrastructure through abusive traffic or API calls

  • Operating open proxies or mail relays

  • Circumventing rate limits or access restrictions

Usage Responsibilities

Server and Platform Usage

  • You may not exceed fair-use resource limits defined in your licence

  • Uploading large or disproportionate data volumes (e.g. high-res videos) is prohibited unless approved

  • Additional storage may be requested and may impact licensing fees

Monitoring and Enforcement

oboloo reserves the right, but not the obligation, to:

  • Investigate any potential misuse or violation of this policy

  • Restrict, suspend, or terminate access if this policy is violated

  • Remove or block content violating applicable laws or platform rules

  • Report unlawful behaviour to law enforcement and cooperate in investigations

Additional Obligations

By using oboloo’s services, you agree not to:

  • Attempt to reverse engineer, decompile, or extract source code

  • Develop competing services using access to the platform

  • Resell, sublicense, or redistribute access outside permitted usage

  • Impersonate others or misrepresent your identity

  • Link shared mailboxes to a licence (multi-user access via a single account is prohibited)

Reporting Violations

If you become aware of a violation of this policy, you must promptly notify oboloo and assist in any investigation or remediation effort.

ISO/IEC 27001 Annex A Mapping

Policy Section ISO/IEC 27001 Control Ref Description
Acceptable Use & Behaviour
A.5.1.1 / A.6.1.1
Policy for acceptable use
Security Violations
A.13.2
Protection from malware and misuse
Monitoring & Enforcement
A.5.2 / A.18.1
Compliance monitoring and response
User Responsibilities
A.7.1.2 / A.9.3.1
Awareness of legal obligations

Review and Update of the Methodology

Bi-Annual Review: This Acceptable Use Policy is reviewed every six months or following significant regulatory, service, or legal updates.
Policy Updates: All updates are published on the oboloo website and take effect immediately unless otherwise noted.

Document Control

Version: 1.7
Date: June 2024
Description: Formalisation of acceptable use restrictions, enforcement rights, and fair use limits

Previous Versions:

  • Version 1.6 (Feb 2024): Clarified message abuse and DoS restrictions