Acceptable Use Policy

This Acceptable Use Policy sets the boundaries for what the macup service may be used for, and what may be stored in storage managed by macup on your behalf. It is short on purpose. If a line here is ambiguous, write to legal@macup.app and we will clarify in writing.

Purpose

This policy sets out what customers may and may not do with the macup service, and what may not be stored in macup-managed storage. It supplements — and is incorporated into — the macup Terms of Service.

Applies to

This policy applies to all paid and trial customers of macup, including end users operating under an organisational customer’s plan (for example, employees of a business or members of a team). Organisational customers are responsible for the conduct of their end users under this policy.

Scope

This policy applies to use of the macup application, macup Cloud storage, and any data processed by macup on a customer’s behalf.

It applies even when that data is end-to-end encrypted. Ciphertext that we cannot read is still stored on our infrastructure and is still subject to this policy. We reserve the right to terminate accounts storing prohibited content regardless of whether the content itself is visible to us.

Prohibited content

The following content may not be stored in macup-managed storage, or processed through the macup service, under any circumstances:

• Content that is illegal in the customer’s jurisdiction or in the United States.
• Child sexual abuse material (CSAM), in any form, without exception. This is a zero-tolerance category. See the enforcement and reporting sections below.
• Content that infringes intellectual-property or moral rights, where macup has been put on notice under the Digital Millennium Copyright Act (DMCA) or an equivalent statutory notice-and-takedown process.
• Content subject to export controls — including, without limitation, information regulated under the International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) — absent proper licensing held by the customer.
• Classified government information, at any level of classification, of any nation.
• Payment-card data within the scope of the Payment Card Industry Data Security Standard (PCI-DSS). macup is not a PCI-compliant processor and its storage is not an appropriate location for cardholder data.
• Protected Health Information (PHI) within the scope of the United States Health Insurance Portability and Accountability Act (HIPAA), absent a Business Associate Agreement. macup does not offer a BAA at this time.

Where a category above is limited by scope (for example, PCI or HIPAA), the restriction applies to data that falls within that regulatory scope. Incidental personal data that happens to mention a health condition or a card number is not what this section is aimed at; regulated data held in a regulated capacity is.

Prohibited conduct

Customers may not:

• Use macup to store, transmit, or serve malware, including ransomware payloads staged for delivery to targets.
• Use the service to distribute content to third parties. macup is a backup product. It is not a content-delivery network, a file-sharing service, or a public hosting platform.
• Attempt to breach the security of macup, its infrastructure, or the accounts of other customers.
• Attempt to bypass rate limits, quota enforcement, or billing controls.
• Use automated scraping to replicate macup’s public pages for republication.
• Resell macup access, or provide macup as part of a managed service to third parties, without a written reseller or managed-service-provider (MSP) agreement. See /backup/for/msp for the MSP programme.
• Impersonate macup in communications, or misrepresent your affiliation with the company.

Reporting a violation

To report suspected violations of this policy, or abusive content hosted through macup, email abuse@macup.app. Reports are read by humans during business hours and triaged within one business day.

For CSAM specifically, reports may additionally be made to the National Center for Missing & Exploited Children’s CyberTipline, as contemplated by 18 U.S.C. § 2258A. macup makes its own reports to the CyberTipline where required.

Enforcement

macup investigates reports it receives under this policy. Depending on the facts, responses may include:

• A written warning.
• Suspension of the account, in whole or in part, pending further investigation.
• Termination of the account.
• Forfeiture of stored data, in narrow enforcement contexts where continued storage would be unlawful.
• Referral to law enforcement, where required by law or appropriate under the circumstances.

macup reserves the right to suspend an account immediately, without prior notice, on a good-faith determination that it is being used for CSAM or for conduct that presents imminent harm to people or systems. A suspension under this provision is pending investigation; it is not itself a finding.

Cooperation with law enforcement

macup responds to valid legal process — including subpoenas, court orders, search warrants, and properly scoped requests from qualified authorities — in accordance with applicable law.

macup does not volunteer customer data outside legal process.

Because the large majority of customer data stored in macup-managed storage is encrypted with keys held by the customer, the content macup can produce in response to legal process is limited. Law-enforcement requesters are informed of this architecture as part of our response, so that requests can be directed appropriately.

Changes

This policy may be updated from time to time. The effective-date and last-reviewed fields at the top of this page track changes. Material changes will be notified to account holders by email.

Contact

• For interpretation of this policy, or questions before publishing content that is close to a line above: legal@macup.app.
• To report a suspected violation or abusive content: abuse@macup.app.