Skip to content

Acceptable Use Policy

Last updated: July 4, 2026Version v1.0

This Acceptable Use Policy (“AUP”) governs your use of the WallaB.AI platform and the AI concierge (the “Service”). It is part of, and incorporated by reference into, the Merchant Terms of Service. Capitalized terms have the meaning given there.

The goal of this AUP is simple: WallaB.AI must be used lawfully, honestly, and in a way that respects your customers, other merchants on the platform, and the integrity of the Service. You are responsible for your own use and for anyone using the Service through your account.

1Lawful Use Only

You must use the Service in compliance with all applicable laws and with the Merchant Terms, and only for legitimate business purposes. You may not use the Service:

  • to violate any law or regulation, or to infringe or misappropriate anyone's intellectual-property, privacy, or other rights;
  • to run a subscription program that does not comply with applicable auto-renewal, negative-option, and consumer-protection laws (see Section 9 of the Merchant Terms — this remains your responsibility);
  • to engage in fraud, deception, or misrepresentation toward your customers or toward us;
  • to process data you are not lawfully permitted to process.

2No Spam or Unsolicited Messaging

The Service lets you send emails, campaigns, and messages. You are responsible for the lawfulness of everything you send through it.

  • You must have the consent required by law (including CAN-SPAM, the TCPA, CASL, and GDPR/ePrivacy where they apply) for every recipient of a message, campaign, or email you send through the Service.
  • You must honor unsubscribe and opt-out requests promptly and must not send to recipients who have opted out.
  • You must not send unsolicited bulk messages, purchase or scrape recipient lists, or disguise the origin or subject of a message.
  • You must not send content that is deceptive, harassing, hateful, or otherwise unlawful.

3No Deceptive or Dark-Pattern Configurations

The plain cancel path is sacred. WallaB.AI keeps an always-visible, plain cancellation option in the concierge flow. You must not try to defeat, hide, or undermine it.

You must not configure or use the Service to:

  • hide, disable, bury, or otherwise obstruct the plain cancellation path presented to your customers, or make cancellation materially harder than the sign-up it mirrors;
  • use countdown timers, guilt or shaming copy, pre-checked add-ons, or other manipulative dark patterns to pressure customers;
  • misrepresent an offer, a price, a discount, or the terms of a subscription in a conversation or campaign;
  • present offers or savings figures that are false or that you cannot honor.

4No Manipulation of the AI Concierge

The AI concierge operates within guardrails you configure, which our server enforces on every proposed offer. You must not attempt to circumvent that enforcement. Specifically, you must not:

  • attempt to jailbreak, prompt-inject, or otherwise manipulate WallaB into ignoring its instructions, its safety filtering, or your own configured guardrails;
  • attempt to make WallaB apply an offer outside the limits your guardrails allow, or to bypass the server-side validation of offers;
  • attempt to make WallaB generate unlawful, deceptive, discriminatory, harassing, or unsafe content, or to defeat the moderation that screens conversation input and output;
  • use the Service in a way designed to extract another tenant's data or configurations through the AI.

5No Security Abuse

You must not, and must not allow anyone to:

  • probe, scan, or test the vulnerability of the Service, or breach or circumvent any authentication, rate-limiting, or security measure, without our prior written authorization;
  • attempt to access another merchant's account, data, or tenant, or any data you are not authorized to access;
  • engage in credential stuffing, brute-force attempts, or automated abuse of authentication or one-time-code endpoints;
  • scrape, crawl, or harvest data from the Service beyond your own tenant, or use the Service to distribute malware or to overload or disrupt it (including denial-of-service);
  • reverse engineer, decompile, or attempt to extract source code, except to the extent that restriction is prohibited by law.

Good-faith security research is welcome through the reporting channel in Section 8 — do not test against live tenants or other merchants’ data.

6Prohibited & Restricted Content

You must not use the Service in connection with content or businesses that are unlawful where you operate, or that the Service is not designed to support, including:

  • content that is illegal, that sexually exploits or endangers minors, or that promotes violence, terrorism, or unlawful discrimination;
  • goods or services you are not legally permitted to sell to a given customer, or that require licenses or age-gating you do not maintain;
  • any use that Shopify's own terms and acceptable-use policies prohibit, since the Service operates as a Shopify app.

We may decline to support particular industries or use cases where we reasonably determine we cannot do so safely or lawfully.

7Enforcement

We may investigate suspected violations of this AUP. Depending on the severity and circumstances, we may respond with a graduated ladder:

  • Warn — notify you of the issue and give you an opportunity to correct it, where the issue is not urgent;
  • Suspend — temporarily suspend the affected feature or your access, particularly where there is an ongoing legal, security, or customer-harm risk;
  • Terminate — terminate your access for serious, repeated, or uncured violations, as described in Section 13 of the Merchant Terms.

We may take immediate action, without prior notice, where a violation poses an urgent risk to the Service, to other merchants, to customers, or where the law or Shopify requires it. Our enforcement rights are in addition to any other remedies available to us.

8Reporting a Violation or Security Concern

To report a suspected violation of this AUP, abusive use, or a security concern, email support@wallab.ai — for security issues, use the subject line [SECURITY]. We acknowledge reports within two business days and assess them under our incident response process.

These documents were prepared for and on behalf of WallaB.ai. They describe the WallaB.AI service and the terms on which it is offered; they are not legal advice to you. Your subscription program, your store, and your customer communications carry their own legal obligations — you should seek independent legal counsel about your own compliance before relying on these terms.