Legal

Nesta Acceptable Use and Restricted Data Policy

Prohibited uses of Nesta and restricted categories of data or activities that require prior written approval.

Effective November 29, 2024Last updated May 4, 2026

1. Purpose

This Acceptable Use and Restricted Data Policy ("AUP") explains prohibited uses of Nesta and the categories of data and activities that are not allowed without our prior written approval.

This AUP supplements the Terms of Service.

2. Prohibited Uses

You may not use the Services to:

  • violate any law, regulation, court order, or third-party right;
  • engage in fraud, deception, phishing, impersonation, or misrepresentation;
  • upload, publish, or distribute unlawful, infringing, defamatory, harassing, abusive, or malicious content;
  • distribute malware, spyware, ransomware, or harmful code;
  • interfere with the security, integrity, or availability of the Services;
  • scrape, reverse engineer, or probe the Services beyond authorized functionality;
  • send spam or unlawful solicitations;
  • collect or process data in a manner inconsistent with your published notices or applicable consent requirements;
  • access, modify, publish, pause, resume, or otherwise control a third-party advertising, billing, or lead-generation account without authorization from the account owner;
  • use the Services to incur ad spend, lead charges, or other third-party platform charges through deception, compromised credentials, or unauthorized approvals;
  • facilitate stalking, harassment, discrimination, or exploitation of individuals; or
  • use the Services in any way that could create significant risk of physical, financial, or reputational harm.

3. Content and Website Restrictions

For hosted websites, pages, forms, and public-facing content, you may not use the Services to host, collect, or promote:

  • illegal goods or services;
  • deceptive lead generation flows;
  • fake testimonials, fraudulent reviews, or misleading claims;
  • content that infringes copyright, trademark, privacy, publicity, or other rights;
  • adult content involving exploitation or any unlawful sexual material;
  • hate speech, threats, or violent extremism;
  • malware distribution, credential theft, or unauthorized surveillance; or
  • content aimed at children where collection or tracking would trigger child-specific legal requirements unless we have expressly approved the use case in writing.

4. Restricted and High-Risk Data

Unless we expressly agree otherwise in writing, you may not use the Services to collect, store, or process:

  • protected health information or electronic protected health information subject to HIPAA;
  • payment card data outside approved payment processor fields and checkout flows;
  • Social Security numbers, driver's license numbers, passport numbers, or similar government-issued identifiers;
  • financial account login credentials or security answers;
  • biometric identifiers used to uniquely identify a person;
  • precise geolocation data beyond what is necessary for ordinary website or service delivery;
  • personal information of children under 13;
  • highly sensitive employment, insurance, credit, tenant-screening, or background-check data; or
  • special-category or similarly sensitive data such as health, race, ethnicity, religion, union membership, sexual orientation, or criminal history data.

If you need to process any restricted or high-risk data, you must obtain our prior written approval and any additional agreement we require.

5. Regulated Use Cases

Without our prior written approval, you may not use the Services for workflows that would require us to enter into sector-specific agreements or assume regulated service-provider obligations, including uses that would require:

  • a HIPAA business associate agreement;
  • a GLBA-specific service-provider agreement;
  • a COPPA-directed children's service arrangement;
  • a FCRA consumer-reporting or employment-screening workflow; or
  • similar regulated processing commitments.

6. AI and Automated Decision Restrictions

You may not use AI-assisted features in the Services as the sole basis for decisions regarding:

  • employment or hiring;
  • housing or tenancy;
  • credit, lending, or insurance eligibility;
  • healthcare diagnosis or treatment;
  • legal rights or legal advice to third parties; or
  • any decision that could have a similarly significant effect on an individual.

You are responsible for human review of AI outputs before relying on or publishing them.

7. Security Expectations

You must:

  • maintain reasonable access controls over your account;
  • promptly revoke access for unauthorized or former users;
  • maintain appropriate approval controls and role separation for any live advertising or paid-media features you enable through the Services;
  • notify us if you become aware of misuse, compromise, or unauthorized access; and
  • use the Services only through authorized interfaces and documented features.

8. Enforcement

If we reasonably believe you or your users have violated this AUP, we may:

  • require corrective action;
  • remove or disable content;
  • suspend affected features;
  • block traffic or access;
  • terminate accounts or subscriptions; and
  • report unlawful activity to appropriate authorities where permitted or required.

We may act without prior notice where we believe immediate action is necessary to protect the Services, other customers, or the public.

9. Contact

Questions about this AUP may be sent to support@nesta.so.