Sample Acceptable Use Policy Template


If your organization provides a service that's accessed by members of the public, you'll want to make sure it's not misused. Unlawful or malicious use of your property could lead to costs, legal issues, and reputational damage.

An Acceptable Use Policy will make the rules of using your service clear. It is also a legally-binding document that you can use to enforce your organization's rights or defend against legal claims.

But not all Acceptable Use Policies are created equally. Draft it carelessly and you'll end up with an agreement that's not worth the paper it's written on.

Let's take a look at how you can create an Acceptable Use Policy that serves the needs of your organization.

What is an Acceptable Use Policy?

An Acceptable Use Policy is an agreement between a service provider and a service user. It typically sets out the rules of how the system may be used, and what will happen in the event of non-compliance with these rules.

There is no predetermined format for an Acceptable Use Policy, but most will include certain sections. We'll look at what these are later.

Elements of an Acceptable Use Policy

The exact contents of your Acceptable Use Policy will vary depending on the context in which you're using it and the nature of your business. We're going to look at some example of the clauses that are typically present in such agreements.

Remember that your Acceptable Use Policy must be clear and easy to understand. Keep your target audience in mind. Are they members of the general public, students, employees?

The agreement should not read like a complicated business-to-business contract. Try to avoid "legalese" where possible.

Here's an example from Business Advice:

BusinessAdvice Acceptable Use Policy: Introduction section

This strikes a somewhat different tone. However, there is nothing wrong with keeping your introduction brief, so long as it serves your purposes.

Definitions

It's helpful to define certain words in your Acceptable Use Policy to minimize the risk of misinterpretation.

Here's how SEACOM does this:

SEACOM Acceptable Use Policy: Definitions section

You might define some or all of the phrases used in another document, such as your Terms and Conditions. If so, you should make your users aware of this. Here's an example from Telnyx:

Telnyx Acceptable Use Policy: Definitions in Terms and Conditions section

Acceptable Activities

Before setting out what's not allowed, some Acceptable Use Policies have a section that sets out what the service may be used for.

Here's an example from VoiceSage:

VoiceSage Acceptable Use Policy: Acceptable Use clause

Prohibited Activities

You should list the things that are not allowed when using your service.

What you include in your rules is up to you. Almost all Acceptable Use Policies will have a term that prohibits using the service for illegal activities.

Here are some of Shopify's prohibited activities:

Shopify Acceptable Use Policy: Prohibited Activities clause

You'll notice that under rule 1, the word "Materials" is a link. It leads to a page that defines "Materials":

Shopify Acceptable Use Policy: Definition of Materials

Linking back to your definitions throughout your Acceptable Use Policy is a good way to help ensure clarity.

As well as preventing the misuse of your service, you may wish to impose limitations on the way in which your service is supposed to be used. For example, if you run a website or app which allows users to sell products, you could list the types of products that are not permitted for sale.

Here's an excerpt from such a list from PayToolbox:

PayToolbox Acceptable Use Policy: Excerpt of Selling Products clause

Activities Requiring Pre-Approval

Some activities might be restricted, but not banned outright. If you wish to place conditions on certain activities you should make these clear.

Here's how PayPal does this:

PayPal Acceptable Use Policy: Service Requiring Pre-Approval chart

Indemnity Clause

Some Acceptable Use Policies will include an indemnity clause (often known as a "hold harmless" clause). These are usually included in a main Terms and Conditions agreement but are sometimes found in an Acceptable Use Policy.

An indemnity clause is a legal mechanism by which a party agrees to compensate another party for the cost of any damages caused by their actions.

For example, a user might make a libelous claim on your website. If the victim of this libel takes legal action against your company, you will want to recuperate the cost from your user. An indemnity clause could be helpful in this context.

An indemnity clause will need to be very carefully worded in order to be enforceable. Local laws may restrict or prohibit their enforceability.

Here's an example of an indemnity clause from the Acceptable Use Policy of the Seafarers' Rights International website:

Seafarers Rights International Acceptable Use Policy: Indemnity clause

Penalties

If you wish to impose any penalties for non-compliance with the rules, you must set these out clearly in your Acceptable Use Policy.

This will usually include your right to suspend or terminate a user's access to your service.

Here's how Algolia set out its rights to investigate violations, suspend or terminate accounts and remove any content that violates its Acceptable Use Policy:

Algolia Acceptable Use Policy: Clause to reserve the right to suspend or terminate violating accounts

And here's the relevant part of ServerGuy's policy, which threatens some particularly severe penalties:

ServerGuy Acceptable Use Policy: Sending spam clause

The extent to which these sorts of penalties would be enforceable will depend on various factors, including local law.

Infringement Reporting and Investigation Procedure

You may wish to include a procedure whereby users can report alleged infringements of the Acceptable Use Policy. This can also set out the procedure by which your company will investigate such claims.

Many Acceptable Use Policies covering the use of shared networks include such a section.

Your Acceptable Use Policy is where you can make it very clear how your users are to use your service, and what they must not do. You can also disclose your plan of action for if there are violations of your policy.

Where to Display Your Acceptable Use Policy

You should do everything you can to make sure your users read your Acceptable Use Policy.

It's best to place a link to your Acceptable Use Policy in a persistent footer on your website, along with any other agreements that you hope your users will read. Here's how the Royal College of Surgeons does this:

Royal College of Surgeons website footer

But simply placing a link to your Acceptable Use Policy on your website is unlikely to be enough.

You should take all reasonable steps to ensure that your users actively agree to your Acceptable Use Policy. You might find that your agreement is not enforced in court unless your users can be shown to have agreed to it.

Use Clickwrap

A "clickwrap" method of obtaining agreement is safest. You ask your users to click a box to confirm that they have read and agree to your Acceptable Use Policy.

This should be simple where users are creating an account or logging into a network.

Summary of Your Acceptable Use Policy

An Acceptable Use Policy helps establish the rules of using your service. It can also help you enforce those rules or seek compensation if they are broken.