Acceptable Use Policy

1. Overview

VastConfluence is committed to providing a trustworthy, lawful, and respectful environment for businesses to publish content, run operations, and discover great design. To make that possible, we draw clear lines around what is and is not acceptable on our platform. This AUP describes those lines and explains how we respond when they are crossed. Where applicable law requires more (or different) limits than this AUP, applicable law takes precedence.

2. Scope & Application

This AUP applies to:

• Account holders who subscribe to TechNanny, BizNanny, or any other paid Service.
• End users who access content or features through an Account holder's deployment.
• Designers who list, sell, or distribute templates on Template Waterfall.
• Buyers who purchase or download templates from Template Waterfall.
• Anonymous visitors who view our marketing sites or any sites published on TechNanny.

Account holders are responsible for the conduct of all users acting under their Account credentials and for any content, code, or data they upload, publish, or distribute through the Services. If you operate a website using TechNanny, you are the "publisher" of that website for legal purposes; we are the hosting provider.

3. Definitions

Capitalized terms used and not defined here have the meanings given in our Terms of Service. In addition:

• "Content" means any text, image, video, audio, code, template, font, dataset, link, metadata, or other material uploaded to, published through, or distributed by means of the Services.
• "Illegal Content" means any Content that is itself unlawful, or whose publication, distribution, or possession is unlawful, under (i) U.S. federal law, (ii) the law of the jurisdiction where the Content is published or accessed, or (iii) the law of the EU Member State or other jurisdiction whose authorities have issued a binding order with respect to that Content.
• "Notice and Action" means the procedure described in Section 21, by which any person can notify us of suspected Illegal Content and request its removal or restriction.
• "Trusted Flagger" has the meaning given in Article 22 of the EU Digital Services Act.

4. General Principles

The rules in this AUP can be summarized in five sentences. Don't break the law. Don't harm people. Don't take what isn't yours. Don't deceive or defraud. Don't damage the platform. The detailed prohibitions below are specific applications of these principles. When in doubt, ask yourself whether your intended use would, if disclosed publicly, attract regulatory attention, lawsuit, payment-processor termination, or harm to identifiable people. If the answer is yes, the use is likely prohibited.

5. Illegal Content

You may not use the Services to publish, host, distribute, transmit, or facilitate access to any Illegal Content. This includes, without limitation:

• Content that incites or promotes terrorism, violent extremism, or genocide, including content prohibited by the EU Regulation on Terrorist Content Online (Regulation (EU) 2021/784).
• Content that constitutes incitement to violence or hatred against a group or member of a group based on race, ethnicity, religion, national origin, sex, sexual orientation, gender identity, disability, or any other protected characteristic, where such incitement is unlawful under the applicable jurisdiction's law.
• Content that infringes copyright, trademark, patent, trade secret, design rights, database rights, or other intellectual-property rights (see Section 8).
• Content that violates privacy or data-protection law, including unauthorized publication of personal data (see Section 9).
• Content that is defamatory, libelous, or unlawfully harassing under the applicable jurisdiction's law.
• Content that constitutes unlawful pornography, including any depiction prohibited by Section 6.
• Content offering illegal goods or services, including unlicensed firearms, controlled substances not lawfully available, counterfeit currency, fraudulent identification documents, or stolen data.
• Content that violates economic sanctions, export controls, or anti-money-laundering laws (see Section 18).

6. Child Safety & Zero-Tolerance Provisions

Without limiting Section 5, the following are strictly prohibited:

• Child Sexual Abuse Material (CSAM) in any form, format, or context, including drawn, animated, AI-generated, or computer-generated images depicting minors in a sexual manner.
• Grooming, solicitation, or facilitation of contact with a minor for sexual or exploitative purposes.
• Content that sexualizes minors, including suggestive posing, "modeling" galleries, or commentary on the bodies or sexuality of identifiable minors.
• Content that promotes, glorifies, or normalizes the sexual exploitation of minors.
• Trafficking, recruitment, or advertisement for the trafficking of minors.
• Content depicting violence, self-harm, dangerous challenges, or exploitation directed at or featuring minors.

Mandatory reporting: Pursuant to 18 U.S.C. § 2258A and similar laws in other jurisdictions, we report apparent CSAM to NCMEC's CyberTipline as soon as practicable upon discovery and preserve associated records for the period required by law. Where a non-U.S. jurisdiction requires a parallel report (for example, to the UK's Internet Watch Foundation), we make that report as well.

Account consequences: Any Account associated with CSAM or with content prohibited by this Section is permanently terminated without refund or appeal, and the responsible person may be permanently banned from all VastConfluence Services across all brands. We do not pre-announce this enforcement and we do not seek "the user's side of the story" before acting.

7. Harmful but Not Necessarily Illegal Content

Some content is not strictly illegal in every jurisdiction but is harmful enough that we still prohibit it on our Services:

• Content that promotes, glorifies, or instructs others in self-harm, suicide, or eating disorders, particularly when targeted at minors or other vulnerable persons.
• Detailed instructions for creating weapons capable of mass harm (chemical, biological, radiological, nuclear, or explosive).
• Doxxing — the publication of private personal information of an identifiable individual without consent and with the apparent purpose of inviting harassment, intimidation, or violence.
• Targeted harassment campaigns directed at identifiable persons, including coordinated brigading.
• Content that facilitates real-world stalking or domestic abuse.
• Non-consensual intimate imagery ("revenge porn"), including AI-generated synthetic versions of identifiable persons.
• Content that promotes dangerous misinformation about elections, vaccines, or public-health emergencies in ways likely to cause physical harm or undermine democratic processes.

8. Intellectual-Property Violations

8.1 General Rule

You may not upload, publish, sell, or otherwise distribute Content that infringes another person's copyright, trademark, patent, trade secret, right of publicity, design rights, database rights, or other intellectual-property rights.

8.2 Designer Originality Requirement

Designers selling on Template Waterfall must warrant that their templates are original works or properly licensed, and that all third-party assets bundled with a template (fonts, images, icons, code libraries) carry licenses compatible with commercial sublicensing. Bundling assets under licenses that prohibit sublicensing or commercial use is a violation regardless of the designer's intent.

8.3 AI-Trained or Derivative Templates

Templates substantially generated by AI tools must be disclosed as such on the listing. Templates that are mechanically copied, "remastered," or derivatively produced from the work of other designers — whether on our marketplace or elsewhere — will be removed and the designer's account suspended. Repeated infringement leads to permanent removal from the Center Sharing Program.

8.4 DMCA & Equivalent Notices

If you believe Content on our Services infringes your copyright, follow the notice procedure in Section 22. Designers and Account holders who repeatedly receive substantiated infringement notices are subject to the repeat-infringer policy in Section 25.4.

9. Privacy & Data-Protection Violations

You may not use the Services to:

• Collect, process, or publish personal data in violation of applicable data-protection law (GDPR, UK GDPR, CCPA/CPRA, PIPEDA, LGPD, PIPL, APPI, Australian Privacy Act, and similar regimes).
• Operate a website or service without the privacy notices, lawful basis, and consent mechanisms required for your jurisdiction and the jurisdictions of your users.
• Sell personal data of California consumers without honoring CCPA/CPRA opt-out signals, including the Global Privacy Control.
• Track users without consent in jurisdictions where consent is required (see our Cookie Policy).
• Aggregate or scrape personal data from other websites in violation of those websites' terms or applicable law.
• Build databases of biometric identifiers, facial-recognition templates, or other sensitive data without legally valid consent and required safeguards.
• Process the personal data of children under 13 (or under the higher age of digital consent in your jurisdiction, where applicable) without verifiable parental consent.

10. Deception, Fraud & Manipulation

You may not use the Services to deceive others, manipulate markets, or commit fraud. Prohibited conduct includes:

• Phishing pages, fake login portals, or other content designed to harvest credentials or personal data under false pretenses.
• Spoofed brands, logos, or visual identities of organizations you are not authorized to represent.
• Fake invoices, fake purchase receipts, fake bank notices, fake government correspondence, or other documents designed to deceive.
• Pump-and-dump campaigns, fake reviews, fake testimonials, fake social-proof widgets, and similar engagement-manipulation schemes.
• Romance scams, advance-fee fraud, "pig butchering," and similar long-form social-engineering operations.
• Pyramid schemes, multi-level marketing operations that violate FTC business-opportunity rules, and "get rich quick" investment scams.
• Misrepresentation of goods, services, professional credentials, or geographic origin in ways likely to deceive consumers.
• Operating affiliate networks built on fake conversions, cookie stuffing, or attribution fraud.

11. AI & Synthetic Media

11.1 Required Disclosure

Where required by Article 50 of the EU AI Act and similar transparency laws, content generated or substantially modified by AI must be labeled as such when published through our Services. This includes synthetic audio, video ("deepfakes"), images, and text presented as if from a real person or organization. Designers must disclose AI-generated templates per Section 8.3.

11.2 Prohibited AI-Generated Content

You may not use the Services to generate, host, or distribute:

• Non-consensual sexual imagery of identifiable persons, whether real or synthetic.
• Synthetic depictions of identifiable persons committing crimes, making statements they did not make, or in compromising situations, where the depiction is likely to deceive a reasonable viewer and is published without consent.
• AI-generated child sexual abuse material in any form (covered also by Section 6).
• Voice clones of identifiable persons used to deceive their family, employer, or financial institution.
• Synthetic content designed to interfere with elections, including fabricated statements by candidates, fake voter-suppression notices, or fake "live" event coverage.
• AI-generated medical, legal, or financial advice presented as if authored by a licensed professional.

11.3 Watermarking & Provenance

Where C2PA or similar provenance metadata has been attached to a piece of media, you must not strip, alter, or forge that metadata. Stripping provenance to deceive viewers is itself a form of synthetic-media abuse.

12. Spam & Unsolicited Communications

You may not use the Services to send spam, unsolicited bulk email, or other unwanted communications. This means you must comply with the U.S. CAN-SPAM Act, Canada's Anti-Spam Legislation (CASL), the EU ePrivacy Directive, the UK Privacy and Electronic Communications Regulations (PECR), and similar laws applicable to your senders and recipients. Specific prohibitions:

• Sending email to recipients who have not given consent (where consent is required) or who have unsubscribed.
• Operating "send-and-burn" mail-server infrastructure designed to evade reputation systems.
• Using deceptive subject lines, forged headers, or false "from" addresses.
• Failing to provide a working unsubscribe mechanism honored within 10 business days.
• Harvesting email addresses by scraping, buying lists from unverified sources, or using lookup tools that bypass platform terms.
• Using TechNanny-published websites primarily as link farms, scraper destinations, or affiliate cloaking pages.

13. Malware & Security Threats

You may not use the Services to create, host, distribute, link to, or facilitate the spread of:

• Viruses, worms, trojans, rootkits, ransomware, spyware, keyloggers, or other malicious code.
• Browser exploits, drive-by downloads, malvertising, or formjacking scripts.
• Tools whose primary purpose is to compromise computer systems, including stresser/booter services, credential-stuffing tools, and "RAT" (remote-access trojan) kits.
• Phishing kits, scam page templates, and toolkits used to operate fraudulent schemes.
• Cryptocurrency miners running on visitors' devices without explicit, opt-in disclosure and consent.

Security research conducted under our Coordinated Vulnerability Disclosure Policy is welcome and expressly authorized within the scope and rules described there. Outside that scope, the activities above are prohibited regardless of stated intent.

14. Network & Resource Abuse

You may not abuse our networks or computational resources. Prohibited conduct includes:

• Denial-of-service attacks of any kind, whether targeting our infrastructure or third parties through our infrastructure.
• Excessive automated requests beyond rate limits, scraping at volumes that materially degrade Service performance, or repeated probing for unpublished endpoints.
• Cryptocurrency mining (including proof-of-work and proof-of-space mining) on our compute resources, except where the plan explicitly permits it (none currently do).
• Operating high-bandwidth file-sharing services, video-streaming services, or unlicensed media archives that consume disproportionate resources relative to your plan.
• Tarpitting, spam-relay, or open-proxy operations.
• Circumventing usage quotas, plan limits, or feature gating using technical means.

What counts as "excessive" is fact-specific; we will use commercially reasonable judgment and, where practical, contact the Account holder before throttling or suspending.

15. Unauthorized Access

You may not access, attempt to access, or facilitate access to any system, account, network, or data that you are not authorized to access. Prohibited conduct under the U.S. Computer Fraud and Abuse Act (18 U.S.C. § 1030), the EU Directive 2013/40/EU, the UK Computer Misuse Act 1990, and equivalent laws includes:

• Logging in to another user's Account without permission, including with credentials obtained through phishing, credential stuffing, or password leaks.
• Probing, scanning, or testing the vulnerability of our systems, except as permitted under our Coordinated Vulnerability Disclosure Policy.
• Bypassing authentication, rate-limit, or access-control mechanisms.
• Reverse-engineering Service binaries beyond the scope permitted by mandatory law.
• Using leaked or stolen API keys, session tokens, or service credentials.

16. High-Risk & Restricted Industries

Certain industries are restricted on our Services because of the elevated legal, financial, or safety risk they present to us, our payment processors, and other users. The categories below require pre-approval, are restricted, or are entirely prohibited.

Operating a restricted business without pre-approval is itself a violation of this AUP. To request approval, contact abuse@vastconfluence.com with documentation of your licensing, jurisdictional scope, and compliance program.

17. Adult Content

TechNanny, BizNanny, and Template Waterfall are not intended for the publication, sale, or distribution of adult or pornographic content. Lawful, age-gated adult content is not permitted on our Services. This is a business decision driven by payment-processor policy and the operational complexity of complying with age-verification, performer-consent, and 18 U.S.C. § 2257 record-keeping requirements; it is not a moral judgment on lawful adult industries.

Editorial discussion of sexuality, sex education, sexual health, and similar topics is not "adult content" for purposes of this Section, provided the content does not include sexually explicit imagery and complies with the rest of this AUP.

18. Sanctions, Embargoes & Export Controls

You may not use the Services in violation of U.S. economic sanctions administered by the Office of Foreign Assets Control (OFAC), EU Council restrictive measures, UK Office of Financial Sanctions Implementation (OFSI) measures, or similar regimes elsewhere. Specifically:

• You may not access or use the Services from, or for the benefit of any person or entity in, any country or region subject to comprehensive U.S. sanctions (currently including Cuba, Iran, North Korea, Syria, the Crimea, Donetsk, Luhansk, Kherson, and Zaporizhzhia regions of Ukraine, as updated from time to time).
• You may not be a person identified on the OFAC Specially Designated Nationals (SDN) list, the U.S. Department of Commerce Entity List, the EU Consolidated List of Sanctions, or the UK Sanctions List.
• You may not use the Services to facilitate transactions for sanctioned persons or to evade sanctions.
• You may not export, re-export, or transfer Service components to destinations restricted under U.S. Export Administration Regulations (EAR) or equivalent laws.

We screen Account holders against applicable sanctions lists at signup and periodically thereafter. If a match is identified, the Account is suspended and the matter is reported to authorities where required.

19. Template Waterfall Designer Rules

Designers participating in the Center Sharing Program agree to additional rules that supplement this AUP:

• Submit only original templates or templates for which you hold valid commercial-sublicense rights to all included assets.
• Disclose AI-generated portions per Section 11.1.
• Do not create multiple Designer accounts to manipulate ranking, reviews, or tax-reporting thresholds.
• Do not purchase your own templates with payment instruments to inflate sales or generate fraudulent revenue share.
• Do not solicit reviews in exchange for compensation, refunds, or other consideration.
• Do not link from the live preview to any content prohibited by this AUP.
• Respond to legitimate buyer support requests within commercially reasonable timeframes.

Designers found in violation may have specific templates removed, accrued revenue share clawed back per the Refund Policy, the Designer account suspended, and in serious cases be permanently removed from the program.

20. Reporting Violations

20.1 General Reports

Anyone — Account holder, end user, or member of the public — can report suspected violations of this AUP. We accept reports through:

• In-product: the "Report" button in TechNanny-published websites and on Template Waterfall listings.
• Email: abuse@vastconfluence.com.
• Web form: you may use the online form available on our website (please contact us for the direct link).

20.2 What to Include

Useful reports include the URL or Account identifier, a description of the violation, and (where available) screenshots or other evidence. For copyright and other IP claims, follow Section 22. For Illegal Content reports under the EU Digital Services Act, follow Section 21.

20.3 Anonymous Reports

You may report anonymously. We may not be able to follow up with you, but anonymous reports are still investigated. Reports made in good faith do not lead to retaliation against the reporter.

21. EU Digital Services Act — Notice & Action

21.1 Notice Mechanism

In accordance with Article 16 of Regulation (EU) 2022/2065 (the "Digital Services Act"), we provide an electronic notice mechanism allowing any person to notify us of Content that they consider Illegal Content. To submit a DSA notice, email abuse@vastconfluence.com with the subject line "DSA Notice". Alternatively, you may use the contact form on our website (please reach out for the specific URL).

21.2 Required Information

To enable us to act, your notice should include:

1. A sufficiently substantiated explanation of the reasons why the individual or entity considers the Content to be Illegal Content.
2. A clear indication of the exact electronic location of the Content (URL or stable identifier).
3. The name and email address of the submitter, except where the report concerns content covered by Articles 3–7 of Directive 2011/93/EU (child sexual abuse), in which case anonymous notice is accepted.
4. A statement of good-faith belief that the information in the notice is accurate and complete.

21.3 Our Response

We acknowledge receipt of valid notices without undue delay and decide on the notice with diligence, in a non-arbitrary and objective manner. Where we remove or restrict access to Content following a notice, we provide a "statement of reasons" to the affected user as required by Article 17 of the DSA, including the legal or contractual basis for the action and information about the appeal options described in Section 26.

21.4 Single Point of Contact

Our single point of contact for EU Member State authorities and the European Commission, as required by Articles 11 and 12 of the DSA, is abuse@vastconfluence.com. We will respond in English; we are not currently designated as a Very Large Online Platform.

22. DMCA & Copyright Notices

22.1 Notification of Claimed Infringement

Pursuant to 17 U.S.C. § 512(c), if you believe Content on our Services infringes your copyright, you (or your authorized agent) may submit a written DMCA notice to our Designated Agent containing:

1. A physical or electronic signature of the owner or authorized agent.
2. Identification of the copyrighted work claimed to have been infringed.
3. Identification of the infringing material and information reasonably sufficient to permit us to locate it (URL).
4. Your contact information (address, telephone number, email).
5. A statement of good-faith belief that the use is not authorized by the copyright owner, its agent, or the law.
6. A statement, under penalty of perjury, that the information is accurate and that you are the owner or authorized agent.

22.2 Designated Agent

22.3 Counter-Notice

If your Content was removed pursuant to a DMCA notice and you believe the removal was wrongful, you may submit a counter-notice under 17 U.S.C. § 512(g) containing the elements specified in that statute. We forward valid counter-notices to the original complainant and, absent a court action, restore the Content within 10 to 14 business days.

22.4 Penalties for Misrepresentation

Under 17 U.S.C. § 512(f), any person who knowingly materially misrepresents that material is infringing, or that material was removed by mistake, may be liable for damages, costs, and attorneys' fees.

22.5 Repeat Infringers

We have a policy, described in Section 25.4, of terminating Accounts of users who are determined to be repeat infringers in appropriate circumstances.

23. Trusted Flaggers (EU)

Pursuant to Article 22 of the DSA, notices submitted by entities formally awarded "Trusted Flagger" status by the Digital Services Coordinator of an EU Member State are processed with priority. Trusted Flaggers should identify themselves and reference their Trusted Flagger status when submitting notices via abuse@vastconfluence.com.

24. Investigation & Enforcement

24.1 Investigation

When we receive a credible report or detect potential abuse through automated tooling, we investigate. Investigation may include reviewing relevant Account activity, server logs, content samples, and (where lawful) information provided by third parties such as Stripe, NCMEC, or law enforcement. We use a combination of human review and automated tooling proportionate to the type and severity of the suspected violation.

24.2 Proportionate Action

Where a violation is confirmed, we take action proportionate to the severity, repetition, and intent of the violation, the harm caused, and the user's history. The range of available actions is described in Section 25. Decisions on Content removal are made in accordance with this AUP, applicable law, and the user's freedom of expression and other fundamental rights.

24.3 Without Notice for Severe Cases

For severe violations including CSAM, terrorist content, active phishing campaigns, malware distribution, sanctions violations, and credible threats to life, we may take enforcement action without prior notice and without giving the user an opportunity to respond.

25. Consequences of Violation

25.1 Range of Actions

Possible consequences include, depending on severity:

• A warning and request to remediate the issue within a stated timeframe.
• Removal or restriction of specific Content.
• Suspension of specific features (publishing, sending email, designer payouts).
• Account suspension, with or without notice.
• Account termination, with forfeiture of any non-refundable balance.
• Permanent ban across all VastConfluence brands.
• Reporting to law enforcement, payment processors, and industry hotlines.
• Civil action for damages, where applicable.

25.2 No Refund for Termination Due to Violation

If we terminate your Account because of a substantiated violation of this AUP, we do not issue refunds for unused prepaid amounts, except where (i) the violation was minor and remediable but enforcement was nonetheless necessary, or (ii) refund is required by mandatory law.

25.3 Liability for Damage

You are responsible for damage caused by your violation of this AUP, including chargeback fees, third-party claims defended by us, and the cost of remediating affected users' systems. Where the law permits, we will offset such damages against any refund or balance owed to you.

25.4 Repeat Infringer Policy

We terminate the Accounts of users who, in our judgment, are repeat copyright infringers, repeat sources of illegal content, or repeat senders of spam. "Repeat" generally means three or more substantiated incidents within a 12-month period, but we apply judgment based on severity and pattern.

26. Appeals & Internal Complaint Handling

26.1 Right to Appeal

If we restrict or remove your Content, suspend your Account, or take any other adverse action, you have the right to challenge that decision through our internal complaint-handling system, in accordance with Article 20 of the DSA and as a matter of good faith generally. To file an appeal, email appeals@vastconfluence.com within 30 days of the action, identifying the action and explaining why you believe it was incorrect.

26.2 Our Response

We review appeals in a timely, non-discriminatory, diligent, and non-arbitrary manner under qualified personnel not involved in the original decision. We respond within 14 business days for most cases and inform you of the outcome and the reasoning. If we reverse the decision, we restore Content or Account access promptly.

26.3 Out-of-Court Dispute Settlement (EU)

EU users who are dissatisfied with the outcome of our internal appeal may, in accordance with Article 21 of the DSA, refer the dispute to any out-of-court dispute settlement body certified by the Digital Services Coordinator of the relevant Member State. Our cooperation with such bodies does not prejudge any subsequent right to bring proceedings before a court.

27. Cooperation with Law Enforcement

We cooperate with valid legal process from courts, regulators, and law-enforcement authorities. This typically means responding to subpoenas, court orders, search warrants, and similar instruments lawfully issued in jurisdictions where we are subject to compulsion. Our practices are described in our Law Enforcement Guidelines, which include our policies on:

• Required form of process for different categories of data.
• Voluntary disclosure in emergencies involving imminent risk of death or serious bodily harm.
• User notice (we notify affected users of legal process unless legally prohibited from doing so).
• Mutual legal-assistance treaty (MLAT) requests for non-U.S. authorities.

Law enforcement inquiries should be sent to abuse@vastconfluence.com.

28. Transparency Reporting

Consistent with Article 15 of the DSA and our broader commitment to accountability, we publish a transparency report at least once per year describing aggregate enforcement statistics, including the volume of notices received, actions taken, appeals processed, and law-enforcement requests received and complied with. The most recent report is available upon request or via a dedicated page on our website.

29. Changes to This Policy

We may update this AUP from time to time to reflect new threats, new legal requirements, or operational learning. Material changes are announced at least 30 days before they take effect, by email to Account holders and by an in-product notice. Continued use of the Services after the effective date constitutes acceptance. If you do not accept the changes, you may cancel under our Refund Policy.

30. Contact Us

For different categories of inquiry, please use the appropriate channel below. This makes sure your message reaches the right team and is handled within applicable timelines.

This Acceptable Use Policy is published in English. Translations are provided for convenience only; in case of any conflict, the English version prevails.