Acceptable Use Policy

1. Who This Applies To

This AUP applies to every Merchant and to everyone who accesses Routella through a Merchant's account — including the Merchant's staff users and Drivers. The Merchant is responsible for making sure everyone who uses the Service through its account follows this AUP, as if their acts were the Merchant's own.

2. General Rule — Lawful, Honest, Authorized Use

You may use Routella only for your own legitimate delivery and dispatch operations, only with data you are allowed to use, and only in compliance with all laws that apply to you and to the people you contact. You must not use the Service to do anything unlawful, deceptive, infringing, or harmful, or to help anyone else do so.

3. Prohibited Activities

You must not, and must not allow anyone else to:

• use the Service for any unlawful, fraudulent, infringing, defamatory, deceptive, harassing, or otherwise harmful purpose, or in violation of any applicable law or third-party right;
• upload, store, or transmit data you do not have the right to provide, or that violates anyone's privacy, intellectual-property, contract, or other rights;
• impersonate any person or business, misrepresent who is sending a delivery update, or use a false or misleading sender identity;
• use the Service to plan, support, or carry out the delivery of goods or services that are illegal where the sender or the recipient is located;
• resell, sublicense, rent, lease, white-label, or operate the Service as a service bureau for third parties, except as expressly allowed in writing by us;
• share one account across unrelated businesses, or create accounts to evade a suspension, limit, or ban;
• use the Service to build or train a competing product, or to scrape or harvest data from it beyond your own data.

4. Messaging, Consent, and Anti-Spam

When you send SMS, WhatsApp, or email through Routella, you are the sender of those messages and Routella is only the technical conduit (see Section 6 of the Terms). You are solely responsible for the legality of every message and for having the consent the law requires. Specifically, you must:

• obtain and keep records of valid consent or another lawful basis for every recipient before messaging them, for the specific sender and the specific kind of message;
• send only messages that are permitted under the rules that apply to you — including, as applicable, the U.S. TCPA, CTIA guidelines and 10DLC/toll-free registration, Canada's CASL, the EU/UK GDPR and ePrivacy/PECR rules, Israel's anti-spam (Communications) Law, the WhatsApp Business Messaging Policy and Meta business terms, carrier rules, and the laws of each recipient's country;
• honor opt-out and unsubscribe requests promptly and by any reasonable method, and never re-message a recipient who has opted out (Routella also processes recognized keywords such as STOP, and applies platform-wide opt-outs on shared senders, but you remain responsible for honoring opt-outs in your own data and templates);
• identify yourself as the sender and include any opt-out and contact information the law or platform requires, and maintain a published privacy policy where a platform (such as WhatsApp) requires one;
• not send unsolicited bulk or marketing messages, message purchased or scraped contact lists, or use Routella to send a volume or pattern of messages that generates abnormal complaint, spam-report, or opt-out rates;
• provide evidence of consent for any recipient within five (5) business days of our reasonable request.

5. Prohibited and Restricted Message Content

You must not use the Service to send content that is prohibited by law, by carriers, or by the WhatsApp Business Messaging Policy. Restricted categories that are commonly prohibited or limited — and that you must not send unless you are fully compliant and authorized — include:

• content that is unlawful, hateful, harassing, threatening, sexually explicit, or that exploits or endangers minors;
• phishing, malware links, scams, or deceptive or misleading claims;
• messages promoting or facilitating restricted goods and services where prohibited — for example illegal drugs or controlled substances, firearms and weapons, tobacco and vaping, alcohol to unverified recipients, gambling, adult content, high-interest or payday lending, cryptocurrency or get-rich-quick schemes, and multi-level marketing;
• any content that infringes intellectual-property rights or discloses someone's personal data without a lawful basis.

6. System Integrity and Security

You must not threaten the security, integrity, or availability of the Service or the systems it depends on. You must not:

• upload or transmit viruses, malware, or other harmful code;
• attempt to gain unauthorized access to the Service, to other accounts or tenants' data, or to our or our Sub-processors' infrastructure;
• probe, scan, or test the vulnerability of the Service, or breach or circumvent any authentication, rate-limiting, or security measure, without our prior written authorization;
• reverse-engineer, decompile, disassemble, or attempt to derive source code or underlying algorithms, except to the extent this restriction is prohibited by applicable law;
• interfere with or disrupt the Service, or impose an unreasonable or disproportionately large load on it or the networks connected to it, including through automated request floods.
• If you are a security researcher and find a vulnerability, please report it responsibly to support@routella.app rather than exploiting it.

7. Data, Privacy, and Drivers

You are responsible for the data you put into Routella and for the people it concerns. You must:

• have the lawful basis, notices, and consents required to upload and process End Customer and Driver personal data, including addresses, phone numbers, and Driver location;
• inform your Drivers that their location is tracked only while a delivery round is active, and handle their data fairly as their controller;
• not enter special-category data (for example health, religious, or biometric data) into free-text fields unless you have a lawful basis under GDPR Article 9;
• respond to privacy and data-subject requests from your own End Customers and Drivers, with Routella's assistance as set out in the Privacy Policy and DPA;
• not use the Service to process data about children or other protected groups without a valid lawful basis.

8. Fair Use of Shared Resources

The Service runs on shared infrastructure. Even within your plan, usage that is abusive, automated beyond normal product use, or that degrades the Service for others is not permitted. We may apply reasonable technical limits (such as rate limits and queue throttling) to protect the platform, and we may contact you if your usage is materially out of line with normal operation.

9. Third-Party Platforms and Integrations

When you connect an Integration (such as Shopify, WooCommerce, Wix, or Wolt) or use a messaging channel (such as WhatsApp via Meta), you must also follow that platform's own terms and policies. A violation of a connected platform's rules through Routella is also a violation of this AUP, and the platform may independently suspend or remove your access.

10. Enforcement, Suspension, and Reporting

We may investigate suspected violations and may remove or disable offending content or configurations. Where we reasonably suspect non-consensual messaging, abuse, fraud, a security threat, high complaint or opt-out rates, a carrier or platform complaint, or a violation of law or this AUP, we may throttle, suspend, block, or disable messaging or the account immediately, without the cure period in Section 17 of the Terms, as described in Sections 6 and 17 of the Terms.

We will use reasonable judgment and, where practical and lawful, give you notice and a chance to fix the problem — but protecting recipients, the platform, and third parties comes first. To report abuse, a security issue, or a suspected violation of this AUP, contact support@routella.app.