Acceptable Use Policy Template

Lots of websites and apps allow users to interact with one another, creating a unique community. But, sometimes, people misbehave, even online.

If that happens on your website or app, do you have protocols in place to respond and prevent liabilities from falling onto your business? If not, you can use an acceptable use policy to provide your users with all rules they must agree to — and any consequences that might result from breaking those rules — when using your services.

Below, we cover what an acceptable use policy is, how it intersects with your terms and conditions agreement, and why your website should have both.

Then you can download our free acceptable use policy template, so you can make your own.

What Is an Acceptable Use Policy?

An acceptable use policy is a document that service owners use to outline all rules pertaining to service users.

If someone breaks those rules, the AUP also outlines the consequences and any actions the service might take in response. When users agree to the acceptable use policy, it becomes a legal agreement between the service owner and the user.

You might’ve heard that acceptable use policies are meant for network owners, like colleges or universities setting guidelines for students accessing the WiFi, or employers outlining rules about network use for employees.

While those organizations definitely need acceptable use policies, we made our AUP template specifically for website and app owners.

Websites or apps that allow users to do any of the following should have a comprehensive acceptable use policy to take liabilities off of the business and put them back on the perpetrator.

• Generate content
• Post on forums
• Access peer-to-peer marketplaces
• Interact with an online community in some way

Because our AUP clarifies that it’s part of your terms and conditions — even if you don’t use Termly’s Terms and Conditions template — your users consent to the document when they click to agree to your terms and conditions.

Yup, it’s that easy.

Acceptable Use Policy vs. Terms and Conditions

You might notice that the acceptable use policy definition seems pretty similar to the definition of terms and conditions agreements — aka terms of use or terms of service, and you’re not wrong.

Both are rules and consequences that apply to people using a website, app, or other online services.

But AUPs are less broad and only outline your expectations of customers using your website, app, or service and the consequences for failing to follow those guidelines.

On the other hand, terms and conditions agreements outline all rules users are expected to follow when using a website or app and include clauses about:

• Payment terms
• Governing and applicable laws
• Dispute and indemnification
• User contributions
• Disclaimers and warranties
• User registration information
• Acceptable uses

Why make an acceptable use policy separate from your terms and conditions agreement?

Separating the rules and guidelines you expect your users to follow into an easily linkable document is more convenient for you and your consumers. You can post links to your AUP on forum pages, new user logins, or any relevant landing pages.

If a member of your community acts out, misbehaves, or even breaks the law, you can reference your AUP and react accordingly, potentially removing liabilities from your business and placing them back onto the individual.

When Do You Need an Acceptable Use Policy?

You need an acceptable use policy to minimize your liabilities if your services allow users to interact with one another, post content, sell goods, or upload data of any kind.

However, you don’t need an AUP if your website is simple, like, for example, a portfolio of your work, or doesn’t have features like comment sections, reviews, or user profiles.

An acceptable use policy helps minimize your risks if you own a website, ecommerce business, network, desktop app, or mobile app that allows users to:

• Generate content
• Post on forums
• Access peer-to-peer marketplaces
• Interact with an online community
• Upload data
• Post on social media
• Create user profiles

Our sample acceptable use policy template makes it easy for business owners like you to protect your website or app from reckless users.

And unlike other legal documents, AUPs are typically relatively short and only take a few minutes to customize, we promise.

What’s in an Acceptable Use Policy?

While you’ll need to customize the clauses in your acceptable use policy to fit your specific business needs, below we cover the most common conditions typically included in AUPs.

Who You Are

At the top of your acceptable use policy, you should include a clause introducing your company with information about where your business is registered, the official name of your company, and the products or services you offer that fall under your AUP.

Here, you can also state that your acceptable use policy is not a stand-alone document but part of your terms and conditions, like Paypal did in the highlighted text below, ensuring you get consent and acknowledgment from users.

Use of the Services

You should include a clause in your AUP listing all prohibited activities users cannot do while using your website or app.

In this section, you can ban things like:

• Illegal activities
• Wrongful sharing of someone else’s’ intellectual property
• Posting hateful content
• Selling products or solicitation
• All other concerns

Look at this acceptable use policy example from Google Cloud, which clearly lists all restrictions in a simple bullet list.

Community or Public Forum Guidelines

If your business hosts a community or offers a forum for users, you should include a clause with provisions that the members are expected to follow, including prohibited activities.

It’s okay to relist behaviors or actions you banned in other clauses as necessary.

The Starbucks acceptable use policy, pictured below, is actually a clause within their terms of service agreement. Read the highlighted text for an example of how they placed liability for shared user content back onto the individual, taking it off of themselves.

Contributions

If users can contribute data, information, messages, videos, tags, or other materials on your website or within your mobile app, outline the necessary stipulations in a separate contributions clause, including that you’re not responsible if users break the law. This helps prevent legal responsibilities from falling onto your business if a user commits an offense.

Below, see how the AT&T acceptable use policy explains that all user contributions are the sole responsibility of the individual, and not the responsibility of AT&T itself.

Reviews and Ratings

For websites and apps that feature user reviews or ratings, add a clause outlining the guidelines around what they can and cannot post.

For example, you can set rules to prevent competitors from purposefully posting negative comments or reviews on your website unjustly.

Social media platform TikTok’s acceptable use policy clearly addresses and bans the use of fake accounts or posting fake reviews, as seen in the highlighted text below.

Reporting a Policy Breach

If a breach does occur, have a response protocol outlined in a clause, so users know exactly how to report it. You can also point to this clause if users actively ignore policy breach reporting, removing some liabilities from your business.

Be sure to include updated contact information so your corrections and disciplinary processes go as smoothly as possible.

Below, see how policy breaches are reported to the SMS messaging software company, Twilio, based on their AUP.

Twilio’s acceptable use policy is short and succinct, and includes every detail their customers might need regarding rules of use.

Consequences of Breaching the Policy

Similar to the previous clause, it’s important to outline what the consequences are if someone does break the rules outlined in your AUP.

Here is where you mention if the user gets removed, banned from using the services, or other disciplinary actions.

Check how the Salesforce acceptable use policy handles violations in the screengrab below.

The Salesforce MSA is their main services agreement, which contains a clause referencing the AUP with more details about what happens if a user violates their acceptable uses, as pictured below.

Complaints and Removal of Legitimate Content

Sometimes, something gets reported and removed from a website accidentally, even when it follows all guidelines and rules.

It’s essential to have a process for this scenario outlined in your acceptable use policy so your business can respond and react quickly to consumer complaints. It gives you something you can point to if such an indiscretion occurs.

Below, see how Xfinity Internet’s acceptable use policy outlines the process for wrongful policy breach reporting.

Xfinity linked to the above frequently asked question style page that answered the question about wrongful policy breach reporting directly in the bodycontent of their AUP.

If you take a page out of their book and use a Q&A format in your AUP, remember to limit your wordiness so consumers can easily read through it.

Disclaimers

Including a disclaimer clause in your AUP helps reduce a lot of liabilities from your business. Be sure to list all appropriate disclaimers clarifying if your company is under no obligation to monitor users’ activities, if you’re not responsible for user content, or if your company will report illegal activity to the police.

Like the previous clause, you can point to this section of your AUP as a response, simplifying what might otherwise be a messy process.

Starbucks, for example, lists many different disclaimers in their AUP, including this one addressing their liabilities in the screenshot below.

Company Contact Information

At the end of the policy, put your company contact information, including an active email address or phone number. You want users to be able to contact your business efficiently and quickly about your acceptable use policy whenever needed.

Starbucks is our example once again, as they do a good job listing their updated contact information at the end of their AUP, as shown below.

Benefits of an Acceptable Use Policy

Now that you know what an acceptable use policy is, it’s time to consider the benefits of including one on your website or app.

How to Display an Acceptable Use Policy

There are a few common places where you should consider posting a link to your acceptable use policy. No matter what, link it within your terms and conditions agreement to ensure you get proper user consent.

Below, we cover the other places an AUP should appear on your website or app.

Website footer

Most companies post links to all legal documents, including acceptable use policies, in the website footer so users can always access the documents, no matter what page of the website they end up on.

Account creation process

You should post your acceptable use policy wherever it’s most relevant for your users to see the rules they’re expected to follow, like on new user account pages.

By giving people the policy before they create a profile, you’re setting their expectations and showing them that you keep your online community safe from toxic users.

Before users’ post and share content

You should also provide a link to your AUP before someone uploads data, shares a public post, or comments on your forums.

Posting a link to your AUP in these spots can help remind your users of the rules they must follow when they share content with the community you foster.

Your privacy center

A privacy center is a central hub that houses all legal agreements, privacy compliance documents, and any other resources you need to share with your users.

Creating a privacy center on your website or app is a great way for you to organize your legal agreements, including your acceptable use policy, and remain compliant with any data privacy laws your business falls under, like the GDPR or CCPA.

Don’t have one on your website? Check out our privacy centers guide for tips on making your very own.

How to Get Users to Agree to an Acceptable Use Policy

You need user consent for your acceptable use policy to act as a legally binding contract.

Below, we cover the different methods you might consider using to guarantee your users agree to your AUP.

Include Your AUP in your Terms and Conditions

One of the best ways to get users to agree to your acceptable use policy is to clearly state that the AUP is not a stand-alone document but is actually part of your terms and conditions.

By doing so, you only need to get their consent a single time for it to apply to both policies.

Clickwrap Method for Consent

You can also consider using what is known as the clickwrap method for consent, which requires users to select a box confirming they’ve read and agree to your terms and conditions, including the entirety of your acceptable use policy.

Clickwrap consent can also be requested by using a pop-up banner with a checkbox requesting acceptance of your terms and conditions and AUP guidelines whenever new users enter your website.

But it could also appear when a user goes to

• Download an app
• Create an account
• Publish a comment or review
• Post other content

See the screenshot below for an example of how American Eagle uses the clickwrap method when a user creates a new profile on their website.

Because acceptable use policies are technically part of your terms of use — or terms and conditions agreement — this checkbox accounts for user consent to the AUP.

Implied Consent

Another common way to get users to agree to legal documents like your AUP is through something called implied consent, or browsewrap.

Implied consent is not actively given by the user, but instead is inferred based on actions the person takes, usually it’s general use of a company’s website, app, or other services.

For example, look at the HubSpot acceptable use policy below, which states in the highlighted text that users agree to their AUP and ten other legal terms by using any of their services.

We like how HubSpot provided links to each of the additional terms, and recommend following this technique if you choose to use implied consent for your AUP and Terms and Conditions.

That being said, implied consent methods only sometimes hold up in court due to how inconspicuous they are. You can’t really prove that a user knew their actions on your website or app meant they agreed to your legal policies, so this is sometimes considered an outdated approach.

For example, under data privacy laws like the General Data Privacy Regulation (GDPR) or the California Consumer Privacy Act (CCPA), implied consent does not work for privacy policies or cookie banners, which require active user consent.

Acceptable Use Policy Examples

You should not copy another company’s acceptable use policy or any other legal document, as that is plagiarism, and legal documents are copyrighted.

However, looking at examples of acceptable use policies from other businesses can help you get ideas when creating your own.

Paypal’s Acceptable Use Policy

We’ve mentioned the importance of linking your AUP in multiple locations so your users can easily find it. A great example of an easy-to-find acceptable use policy is Paypal, pictured below.

Paypal’s acceptable use policy appears in the website’s legal section with all other relevant user agreements, making it easy for users to find, read, and know what’s expected of them.

Amazon Web Services Acceptable Use Policy

Next, we’ll look at how Amazon Web Services, a company large enough to require an independent AUP, ensures they get consent from users.

In the highlighted text below, read how AWS defines user consent to the policy in the introduction.

As you can see, the AWS acceptable use policy does not state that it’s part of the terms and conditions but does state that accessing the site is a form of agreeing to the most recent version of their AUP.

US Army Acceptable Use Policy

Now, we’ll go over an AUP sample that’s written in a way that’s easy for users to understand.

Below, look at the phrasing in the US Army’s acceptable use policy, which clearly states why these guidelines are necessary for the organization’s protection.

The acceptable use policy for the Army is very simple to read and understand, making it digestible for any users agreeing to it.

It’s important to make your acceptable use policy easy to find and read, this way, you can maintain the user’s knowledge about the policy if something ever goes wrong on your website or app.

Acceptable Use Policy FAQ

These are some of the most frequently asked questions we get about acceptable use policies.

Sample Acceptable Use Policy Template [Free Download]

You can download our free acceptable use policy template below in Word Doc, PDF, or Google Doc format. You can also just copy & paste the HTML directly to your website.

Before using it, read through the entire acceptable use policy template – fill in all of the [brackets], remove any sections that do not apply to your app, and tweak any language as needed.

Acceptable Use Policy [Text Format]

ACCEPTABLE USE POLICY

Last updated [Date]

Acceptable Use Policy (“Policy”) is part of our Terms and Conditions (“Legal Terms”) and should therefore be read alongside our main Legal Terms: [Legal Terms URL]. If you do not agree with these Legal Terms, please refrain from using our Services. Your continued use of our Services implies acceptance of these Legal Terms.

Please carefully review this Policy which applies to any and all:

(a) uses of our Services (as defined in “Legal Terms”)

(b) forms, materials, consent tools, comments, post, and all other content available on the Services (“Content”) and

(c) material which you contribute to the Services including any upload, post, review, disclosure, ratings, comments, chat etc. in any forum, chatrooms, reviews, and to any interactive services associated with it (“Contribution“).

This Acceptable Use Policy was created by Termly’s Acceptable Use Policy Generator.

WHO WE ARE

We are [Company Name], doing business as [Company Short Name] (“Company,” “we,” “us,” or “our”), a company registered in [Registered Country] at [Registered Address]. We operate the website [Website URL] (the “Site”), the mobile application [Mobile App Name] (the “App”), as well as any other related products and services that refer or link to this Policy (collectively, the “Services”).

USE OF THE SERVICES

When you use the Services you warrant that you will comply with this Policy and with all applicable laws.

You also acknowledge that you may not:

• Systematically retrieve data or other content from the Services to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us.
• Make any unauthorized use of the Services, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses.
• Circumvent, disable, or otherwise interfere with security-related features of the Services, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of the Services and/or the Content contained therein.
• Engage in unauthorized framing of or linking to the Services.
• Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords.
• Make improper use of our Services, including our support services or submit false reports of abuse or misconduct.
• Engage in any automated use of the Services, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools.
• Interfere with, disrupt, or create an undue burden on the Services or the networks or the Services connected.
• Attempt to impersonate another user or person or use the username of another user.
• Use any information obtained from the Services in order to harass, abuse, or harm another person.
• Use the Services as part of any effort to compete with us or otherwise use the Services and/or the Content for any revenue-generating endeavor or commercial enterprise.
• Decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Services, except as expressly permitted by applicable law.
• Attempt to bypass any measures of the Services designed to prevent or restrict access to the Services, or any portion of the Services.
• Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of the Services to you.
• Delete the copyright or other proprietary rights notice from any Content.
• Copy or adapt the Services’ software, including but not limited to Flash, PHP, HTML, JavaScript, or other code.
• Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party’s uninterrupted use and enjoyment of the Services or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of the Services.
• Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats (“gifs”/’gifs’), 1×1 pixels, web bugs, cookies, or other similar devices (sometimes referred to as “spyware” or “passive collection mechanisms” or “pcms”).
• Except as may be the result of standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Services, or using or launching any unauthorized script or other software.
• Disparage, tarnish, or otherwise harm, in our opinion, us and/or the Services.
• Use the Services in a manner inconsistent with any applicable laws or regulations.
• [Other]

[If you subscribe to our Services, you understand, acknowledge, and agree that you may not, except if expressly permitted:

• Reconstruct or attempt to discover any source code or algorithms of the Services, or any portion thereof, by any means whatsoever.
• Provide, or otherwise make available, the Services to any third party.
• Intercept any data not intended for you.
• Damage, reveal, or alter any user’s data, or any other hardware, software, or information relating to another person or entity.
• Engage in any use, including modification, copying, redistribution, publication, display, performance, or retransmission, of any portions of any Services, other than as expressly permitted by this Policy, without the prior written consent of [Company Name], which consent [Company Name] may grant or refuse in its sole and absolute discretion.
• [Other]]

COMMUNITY/FORUM GUIDELINES 

[Community Guidelines URL / Add Own Details]

CONTRIBUTIONS 

In this Policy, the term “Contribution” means:

• any data, information, software, text, code, music, scripts, sound, graphics, photos, videos, tags, messages, interactive features, or other materials that you post, share, upload, submit, or otherwise provide in any manner on or through the Services, and/or
• any other materials, or data you provide to [Company Name] or use with the Services.

Some areas of the Services may allow users to upload, transmit, or post Contributions. We may but are under no obligation to review or moderate the Contributions made on the Services, and we expressly exclude our liability for any loss or damage resulting from any of our users’ breach of this Policy. Please report any Contribution that you believe breaches this Policy; however, we will determine, in our sole discretion, whether a Contribution is indeed in breach of this Policy.

You warrant that:

• you are the creator and owner of or have the necessary licenses, rights, consents, releases, and permissions to use and to authorize us, the Services, and other users of the Services to use your Contributions in any manner contemplated by the Services and this Policy;
• all your Contributions comply with applicable laws and are original and true (if they represent your opinion or facts);
• the creation, distribution, transmission, public display, or performance, and the accessing, downloading, or copying of your Contributions do not and will not infringe the proprietary rights, including but not limited to the copyright, patent, trademark, trade secret, or moral rights of any third party; and
• you have the verifiable consent, release, and/or permission of each and every identifiable individual person in your Contributions to use the name or likeness of each and every such identifiable individual person to enable inclusion and use of your Contributions in any manner contemplated by the Services and this Policy.

You also agree that you will not post, transmit, or upload any (or any part of a) Contribution that:

• is in breach of applicable laws, regulation, court order, contractual obligation, this Policy, our Legal Terms, a legal duty, or that promotes or facilitates fraud or illegal activities;
• is defamatory, obscene, offensive, hateful, insulting, intimidating, bullying, abusive, or threatening, to any person or group;
• is false, inaccurate, or misleading;
• includes child sexual abuse material, or violates any applicable law concerning child pornography or otherwise intended to protect minors;
• contains any material that solicits personal information from anyone under the age of 18 or exploits people under the age of 18 in a sexual or violent manner;
• promotes violence, advocates the violent overthrow of any government, or incites, encourages, or threatens physical harm against another;
• is obscene, lewd, lascivious, filthy, violent, harassing, libelous, slanderous, contains sexually explicit material, or is otherwise objectionable (as determined by us);
• is discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age;
• bullies, intimidates, humiliates, or insults any person;
• promotes, facilitates, or assists anyone in promoting and facilitating acts of terrorism;
• infringes, or assists anyone in infringing, a third party’s intellectual property rights or publicity or privacy rights;
• is deceitful, misrepresents your identity or affiliation with any person and/or misleads anyone as to your relationship with us or implies that the Contribution was made by someone else than you;
• contains unsolicited or unauthorized advertising, promotional materials, pyramid schemes, chain letters, spam, mass mailings, or other forms of solicitation that has been “paid for,” whether with monetary compensation or in kind; or
• misrepresents your identity or who the Contribution is from.

[You may not use our Services to offer, present, promote, sell, give away or otherwise make available to others any good or service involving:

• [Other]
• items that promote, encourage, facilitate, or instruct others how to engage in illegal activity,
• stolen goods,
• products or services identified by government agencies to be highly likely to be fraudulent, and
• any transaction or activity that requires pre-approval without having obtained said approval.]

REVIEWS AND RATINGS

When your Contribution is a review or rating you also agree that:

• you have firsthand experience with the [goods / services / software / other] being reviewed;
• your Contribution is true to your experience;
• you are not affiliated with competitors if posting negative reviews (or linked in any way to, e.g., by being the owner or seller/manufacturer of, a product or service if posting positive reviews);
• you cannot make or offer any conclusions as to the legality of conduct;
• you cannot post any false or misleading statements; and
• you do not and will not organize a campaign encouraging others to post reviews, whether positive or negative.

REPORTING A BREACH OF THIS POLICY

We may but are under no obligation to review or moderate the Contributions made on the Services and we expressly exclude our liability for any loss or damage resulting from any of our users’ breach of this Policy.

If you consider that any Content or Contribution:

• breach this Policy, please call [Phone Number], email us at [Email Address], visit [Reporting Mechanism URL], or refer to the contact details at the bottom of this document to let us know which Content or Contribution is in breach and why; or
• infringe any third-party intellectual property rights, please [check out our Legal Terms for information about our copyright infringement reporting process here: [Legal Terms URL] / email us at [Email Address] / Other].

We will reasonably determine whether a Content or Contribution breaches this Policy.

CONSEQUENCES OF BREACHING OF THIS POLICY

The consequences for violating our Policy will vary depending on the severity of the breach and the user’s history on the Services, by way of example:

We may, in some cases, give you a warning [and/or remove the infringing Contribution], however, if your breach is serious or if you continue to breach our Legal Terms and this Policy, we have the right to suspend or terminate your access to and use of our Services and, if applicable, disable your account. We may also notify law enforcement or issue legal proceedings against you when we believe that there is a genuine risk to an individual or a threat to public safety.

We exclude our liability for all action we may take in response to any of your breaches of this Policy.

COMPLAINTS AND REMOVAL OF LEGITIMATE CONTENT

If you consider that some Content or Contribution have been mistakenly removed or blocked from the Services, please refer to the contact details at the bottom of this document and we will promptly review our decision to remove such Content or Contribution. The Content or Contribution may stay “down” whilst we conduct the review process.

[For more information, visit [Process for Monitoring and Blocking URL]. / Other]

DISCLAIMER

[Company Name] is under no obligation to monitor users’ activities, and we disclaim any responsibility for any user’s misuse of the Services. [Company Name] has no responsibility for any user or other Content or Contribution created, maintained, stored, transmitted, or accessible on or through the Services, and is not obligated to monitor or exercise any editorial control over such material. If [Company Name] becomes aware that any such Content or Contribution violates this Policy, [Company Name] may, in addition to removing such Content or Contribution and blocking your account, report such breach to the police or appropriate regulatory authority. Unless otherwise stated in this Policy, [Company Name] disclaims any obligation to any person who has not entered into an agreement with [Company Name] for the use of the Services.

HOW CAN YOU CONTACT US ABOUT THIS POLICY? 

If you have any further questions or comments or wish to report any problematic Content or Contribution, you may contact us by:

• Phone: [Phone Number]
• Email: [Email Address]
• Online contact form: [Contact Form URL]

Summary

An acceptable use policy is a useful extension of your terms and conditions agreement and can prevent your business from being held responsible for the decisions, choices, and even illegal actions taken by users on your website or app.

To ensure you get the proper consent to protect your business, clearly state that your AUP is part of your terms and conditions agreement, utilize clickwrap consent methods, and post an easy-to-read policy in multiple locations.

More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author