Document ID: WST-POL-AUP-v1.0 · Effective Date: 2 May 2026 · Governing Law: Delaware, USA
This Acceptable Use Policy ("AUP") defines what customers, workspace users, integration partners, and API/MCP consumers may and may not do with Workestra LLC's platform at workestra.app (the "Service"). It applies to all workspaces, the public REST API, the Workestra MCP server, AI features, automations, sequences, voice and SMS, and any other capability of the Service.
Violations of this AUP may result in feature restriction, suspension, termination, forfeiture of fees, and where appropriate, referral to law enforcement.
1. Prohibited Content and Activities
You may not use the Service to upload, store, send, transmit, or otherwise process content that:
| Category | Examples |
|---|---|
| Illegal content | Content that violates applicable US, EU, or any other applicable law |
| Hate or harassment | Content inciting hatred, targeted harassment, threats, or doxing |
| Child exploitation | Any content sexualizing minors (zero tolerance — reported to NCMEC) |
| Defamation | False statements of fact that damage an individual's or business's reputation |
| Fraud and deception | Phishing, impersonation, fake invoices, deceptive marketing |
| Malware | Viruses, ransomware, spyware, exploit kits, command-and-control payloads |
| IP infringement | Pirated software or media, removed copyright notices, unlicensed brands |
| Privacy violations | Doxing, unlawful collection of personal data, unauthorized surveillance |
2. Email and Sequences (Outbound Communications)
The Sequences module and other email-sending features must be used in compliance with applicable anti-spam laws, including but not limited to:
- CAN-SPAM Act (US) — accurate sender info, functional opt-out, postal address
- CASL (Canada) — express or implied consent, identification, unsubscribe
- GDPR and ePrivacy Directive (EU/UK) — lawful basis for marketing and clear opt-in where required
- Australian Spam Act and equivalent regimes elsewhere
Specifically, you must:
- Send only to recipients with whom you have a legitimate business relationship or valid consent
- Honor unsubscribes promptly (Workestra suppresses unsubscribed addresses workspace-wide)
- Not use harvested, scraped, or purchased lists
- Not falsify "From" addresses, headers, or display names
- Maintain reasonable bounce and complaint rates; persistent abuse may trigger sender suspension
3. Voice and SMS (Twilio-backed Communications)
When using the Voice module or SMS features, you must comply with applicable telecom and consumer-protection laws, including:
- TCPA (US) — prior express written consent for marketing calls/SMS, clear identification, working opt-out for SMS
- GDPR and ePrivacy rules for EU/UK recipients
- STIR/SHAKEN, A2P 10DLC, and other carrier registration requirements where applicable
Specifically:
- No automated robocalls, pre-recorded calls, or autodialer SMS without documented consent
- No spoofing of caller IDs or sending numbers
- No emergency-services impersonation (911, 112, 999)
4. AI and MCP Server
The conversational AI panel, AI tools, and the Workestra MCP server are part of the Service. You may not:
- Use AI features to generate or operationalize content prohibited under Section 1
- Attempt to extract proprietary system prompts, exfiltrate other tenants' data, or jailbreak Workestra's AI safety controls
- Resell, mirror, or rebrand the MCP server or our AI tooling without a written agreement
- Connect untrusted external clients to the MCP server using shared workspace credentials
- Use AI features to evaluate, score, or surveil natural persons in ways that violate applicable laws (e.g., GDPR Article 22, EU AI Act, US state automated-decision laws)
5. Platform Integrity
You may not, and may not permit any user, integration, or API consumer to:
| Activity | Description |
|---|---|
| Attack other systems | DDoS, port scanning, unauthorized network intrusion via the Service |
| Reverse-engineer | Reverse-engineer, decompile, or attempt to derive source from the Service, except where law expressly permits |
| Scrape | Bulk-scrape the Service, public pages, or third-party sites in violation of their terms |
| Circumvent rate limits | Bypass throttles, quotas, fair-use ceilings, or pricing tiers (including by sharding across workspaces) |
| Probe security | Scan for or exploit vulnerabilities without prior written authorization (responsible disclosure: security@workestra.app) |
| Abuse storage and compute | Use workspaces as general-purpose storage, CDNs, cryptocurrency miners, or compute clusters |
| Tamper with isolation | Attempt to access another tenant's workspace, bypass RLS, or impersonate other workspaces |
| Resell access | Provide the Service to a third party as a managed service without a written reseller agreement |
6. Resource Limits and Fair Use
Each plan includes documented storage, API, AI tool execution, automation run, email send, and SMS allowances (see /pricing and your workspace settings). Workestra may apply soft and hard limits to protect platform stability. Sustained excess usage may be subject to true-up billing or feature throttling.
7. Customer Responsibilities
Workspace administrators are responsible for:
- Configuring user roles, MFA, and least-privilege access
- Securing API keys, MCP tokens, OAuth grants, and integration credentials
- Ensuring the workspace's use of the Service complies with this AUP and applicable law
- Promptly reporting any suspected security breach to security@workestra.app
- Vetting third-party tools that consume Workestra data via export, API, or MCP
8. Enforcement
If Workestra reasonably determines that an AUP violation has occurred, is occurring, or is likely to occur, we may take any of the following actions:
| Severity | Response |
|---|---|
| Minor / first offense | Written warning; request to remedy within 48 hours |
| Moderate | Feature restriction or workspace suspension until remedied |
| Severe / illegal activity | Immediate termination, no refund, preservation of evidence, and reporting to authorities where required by law |
We will make reasonable efforts to notify you before taking action, except where the violation requires immediate response to prevent harm to the Service, other customers, or third parties.
9. Reporting Abuse
To report a suspected AUP violation involving content or activity hosted by Workestra:
- Email: abuse@workestra.app
- Subject: AUP Violation Report — [workspace, URL, or sender]
- Include: relevant URLs or message IDs, a description of the violation, and supporting evidence.
For security vulnerabilities, please use security@workestra.app under our responsible disclosure practice.
We acknowledge reports within 2 business days and respond substantively within 5 business days.
10. Relationship to Other Policies
This AUP should be read alongside:
- Terms of Service — general service terms
- Service Level Agreement — uptime and support commitments
- Privacy Policy — data protection
- AI Use & Data Policy — how AI features process customer data
- Intellectual Property Policy — IP boundary
Policy Changelog
| Version | Date | Summary |
|---|---|---|
| v1.0 | 2026-05-02 | Initial publication |