Skip to content
    FollowUP Logo
    Schedule B

    Acceptable Use Policy

    Schedule B - rules about how you and your end users may and may not use the Platform.

    FollowUP CRM - Acceptable Use Policy (AUP)

    Schedule B to the Master Subscription Agreement

    Effective Date: 10 May 2026 Version: 2.0 Last Updated: 10 May 2026 Governing Language: English


    📋 Quick Summary (TL;DR)

    • What this is. Rules about how you and your end users may - and may not - use the FollowUP CRM Platform.
    • Why it matters. Violation can lead to suspension, termination of your account, and indemnification claims against you. Some violations may also be reported to authorities or upstream providers (HighLevel, Twilio, Meta, Google).
    • Who it applies to. You, every user under your account (employees, sub-account users, agency clients), and anyone you give access to. You are responsible for their conduct.
    • The two big categories. (1) General misuse - illegal, harmful, abusive, fraudulent, or technically destructive activity; (2) AI-specific misuse - using AI features for prohibited purposes under the EU AI Act, U.S. state AI laws, and our ethical standards.
    • How we enforce. First, by warning where possible. Second, by suspension. Third, by termination. For severe violations (CSAM, fraud, immediate threat to others, mass spam attack), we suspend immediately and ask questions later.
    • How to report violations. info@followup.agency

    1. Application of this AUP

    1.1 Who Is Bound

    This AUP applies to:

    (a) You (the Customer who accepted the Master Subscription Agreement, "MSA"); (b) all users under your account, including employees, contractors, agents, sub-account users, and (for Reseller Customers) your end clients who have been granted access; (c) any third party to whom you provide access to the Platform, by any means.

    You are responsible for ensuring all of the above comply with this AUP. A violation by any of them is treated as a violation by you.

    1.2 Updates

    We may update this AUP from time to time, particularly to reflect changes in law (e.g., the EU AI Act phasing in, new state laws); changes in upstream provider rules (HighLevel, Twilio, Meta, Google, AI providers); or to address new categories of abuse or fraud we detect on the Platform.


    2. General Conduct Standards

    You must use the Platform:

    (a) for lawful purposes only, in compliance with all applicable laws and regulations; (b) in accordance with the MSA, the Privacy Policy, the DPA, and any other applicable schedule; (c) in compliance with the upstream rules of HighLevel (per MSA Section 4) and of any third-party platforms you connect to (Twilio, Meta, Google, WhatsApp, TikTok, etc.); (d) in compliance with carrier rules (10DLC for U.S. SMS, A2P registration, content filters); (e) in a manner that does not interfere with other Customers' use of the Platform or the Platform's stability; (f) with respect for the rights and dignity of others, including end users and third parties.


    3. Prohibited Activities - General

    You will not, and will not allow any user under your account to, engage in any of the following:

    3.1 Illegal Activity

    (a) use the Platform for any activity that is illegal in any jurisdiction relevant to the activity; (b) facilitate, plan, instruct, or encourage commission of any crime; (c) violate any sanctions, export controls, or restricted-party regulations (per MSA Section 5).

    3.2 Spam, Unsolicited Communications, and Carrier Violations

    (a) send any unsolicited bulk communication ("spam") - by SMS, email, voice, MMS, RCS, WhatsApp, chat, or any other channel; (b) send communications without the recipient's prior express consent where required by applicable law (TCPA's "prior express written consent" for autodialed/prerecorded calls and texts; GDPR Art. 6 lawful basis; CASL express or implied consent; PECR; etc.); (c) send communications after a recipient has opted out, replied STOP, or otherwise indicated they do not wish to be contacted; (d) send communications during prohibited hours (TCPA quiet hours: 8 a.m. - 9 p.m. local time of recipient; equivalent rules in other jurisdictions); (e) send communications without the required sender identification (CAN-SPAM Section 5; CASL identification requirements; PECR sender identification); (f) fail to honor Do Not Call lists, including the U.S. National DNC Registry, state DNC lists, and any internal DNC list; (g) evade A2P 10DLC registration, Toll-Free Verification, or other carrier-level approval requirements; (h) violate WhatsApp Business Platform policies (commerce policy, opt-in requirements, template approval, prohibited content); (i) violate Meta Business Tools policies for Facebook/Instagram messaging; (j) purchase, scrape, harvest, or otherwise obtain contact lists of people who have not consented to receive communications from you, and then upload them to the Platform.

    3.3 Fraud, Deception, and Impersonation

    (a) engage in any fraudulent, deceptive, or misleading practice; (b) impersonate any person or entity, falsely state or otherwise misrepresent your affiliation with a person or entity; (c) impersonate FollowUP CRM, HighLevel, or any of our employees, agents, or affiliates; (d) make false statements about FollowUP CRM, HighLevel, or any third party in communications; (e) engage in phishing, smishing (SMS phishing), vishing (voice phishing), or spoofing; (f) use the Platform to facilitate financial fraud, including but not limited to investment scams, romance scams, fake invoice schemes, and gift card scams; (g) use the Platform to facilitate identity theft or unauthorized data collection; (h) engage in astroturfing (fake grassroots support), fake review generation, or fabrication of social proof.

    3.4 Exploitation, Harassment, and Harmful Content

    (a) use the Platform to exploit, harm, or threaten any person, including minors; (b) harass, bully, intimidate, stalk, or threaten any person; (c) generate, store, transmit, or distribute content that promotes hatred, discrimination, or violence against any person or group on the basis of religion, race, ethnicity, nationality, gender, gender identity, sexual orientation, disability, age, health status, political opinion, or other protected characteristic; (d) generate, store, transmit, or distribute content that constitutes child sexual abuse material (CSAM) or that sexually exploits or endangers minors. This is an absolute prohibition. We will report violations to the relevant authorities (e.g., NCMEC in the U.S., relevant national authorities elsewhere) and preserve evidence as required by law. (e) generate, store, transmit, or distribute non-consensual intimate imagery ("revenge porn"), or any content depicting persons in sexually explicit situations without their verifiable consent; (f) generate, store, transmit, or distribute content that promotes self-harm, suicide, or eating disorders to vulnerable audiences; (g) generate, store, transmit, or distribute content that promotes terrorism, violent extremism, or illegal violent activity.

    3.5 IP Infringement and Privacy Violations

    (a) use the Platform in any way that infringes the intellectual property rights of others (copyright, trademark, patent, trade secret, publicity rights, moral rights); (b) distribute counterfeit, pirated, or unlicensed content; (c) use the Platform to violate the privacy rights of others, including by recording calls without legally required consent, surveilling without authorization, or unlawfully collecting personal data; (d) publish or transmit private information about others without permission (doxing, leaking, swatting facilitation).

    3.6 Technical Misuse

    (a) attempt to gain unauthorized access to the Platform, its servers, databases, or any account that is not yours; (b) attempt to circumvent security features, authentication, rate limiting, or usage limits; (c) reverse engineer, decompile, disassemble, or attempt to derive source code or know-how; (d) probe, scan, or test the Platform's vulnerability without prior written authorization; (e) introduce, transmit, or upload malware, viruses, worms, trojans, ransomware, logic bombs, or any other malicious code; (f) conduct or facilitate denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks; (g) use automated tools, bots, scrapers, or crawlers to access the Platform except via documented APIs and within published rate limits; (h) overload the Platform with disproportionate or abusive request volumes; (i) interfere with another Customer's enjoyment of the Platform.

    3.7 Deceptive Marketing and False Claims

    (a) make false or misleading claims about products, services, prices, qualifications, or affiliations; (b) publish fake reviews, testimonials, or endorsements; (c) violate FTC Endorsement Guides, EU Omnibus Directive disclosure rules, and equivalent advertising-disclosure obligations; (d) operate any dark pattern that manipulates users into actions they would not otherwise take.

    3.8 Disinformation and Manipulation

    (a) engage in disinformation campaigns, including coordinated inauthentic behavior; (b) facilitate election interference, voter suppression, or campaign-finance violations; (c) operate fake accounts at scale across messaging platforms; (d) plagiarize content presented as original.

    3.9 Regulated Goods, Services, and Activities

    You may not use the Platform to market or sell, or to facilitate marketing or sales of:

    (a) Always prohibited: Illegal drugs, controlled substances, weapons (except where lawfully sold by licensed dealers), counterfeit goods, stolen property, trafficked persons, child sexual exploitation, wildlife trafficking, hacking tools intended to cause harm.

    (b) Restricted (only with your verifiable license/authorization): Regulated pharmaceuticals, tobacco/vaping/nicotine products, alcohol, cannabis (where legal), firearms and ammunition (where legal), gambling/sports betting/lotteries, adult content, cryptocurrency/ICOs, payday lending, debt collection/consolidation/credit repair, MLMs with deceptive elements, astrology/psychic services, healthcare claims subject to regulation, investment advice (where licensure required).

    For (b), we may require proof of license, registration, or authorization before enabling relevant features.

    3.10 Unauthorized Practice of Professions

    The unauthorized practice of law, medicine, psychology, financial advisory services, tax preparation, immigration counseling, or any other licensed profession.

    3.11 High-Risk Public Interest Activities

    You may not use the Platform for:

    (a) automated decision-making with legal or similarly significant effects on natural persons without complying with GDPR Article 22, NYC Local Law 144, Colorado AI Act, Illinois HB 3773, and the EU AI Act; (b) law enforcement, criminal justice, or national security applications; (c) military, weapons development, or warfare applications; (d) management or operation of critical infrastructure (energy, water, transportation, telecoms); (e) political campaigning, lobbying, or political fundraising in violation of applicable campaign-finance laws.

    3.12 Affiliate Program - Specific Prohibitions

    If you participate in our Affiliate Program: no spam promotion; no brand bidding on Google Ads, Bing, or other search platforms ("FollowUP CRM" and variants); no misleading claims; no self-referrals; no affiliate-stacking; no cookie stuffing; no posting affiliate links on piracy/illegal-content/coupon-fraud sites; comply with all FTC Endorsement Guides.


    4. AI-Specific Acceptable Use

    These rules apply when you use the AI features of the Platform (Conversation AI, Comment AI, Content AI, Workflow AI, AI voice agents, AI-generated content, etc.).

    4.1 General AI Conduct

    You must use AI features in compliance with all applicable laws and regulations, including the EU AI Act (Regulation (EU) 2024/1689), as it phases in. Review AI-generated content before publication; you remain responsible for the content.

    4.2 EU AI Act Article 5 - Prohibited AI Practices

    You may not, in any jurisdiction, use AI for:

    (a) Subliminal or manipulative techniques that materially distort behavior in ways likely to cause harm (Art. 5(1)(a)); (b) Exploitation of vulnerabilities due to age, disability, or social/economic situation (Art. 5(1)(b)); (c) Social scoring of natural persons by public authorities (Art. 5(1)(c)); (d) Predictive policing based solely on profiling (Art. 5(1)(d)); (e) Untargeted scraping of facial images from the internet or CCTV (Art. 5(1)(e)); (f) Emotion inference in workplaces or educational institutions (Art. 5(1)(f)); (g) Biometric categorization to deduce protected categories (Art. 5(1)(g)); (h) Real-time remote biometric identification in publicly accessible spaces for law enforcement (Art. 5(1)(h)).

    4.3 EU AI Act High-Risk Use Cases (Annex III)

    You may not use AI features for any high-risk use case under EU AI Act Annex III without independently complying with deployer obligations (Articles 26 et seq.) and notifying us in writing at info@followup.agency.

    4.4 Transparency Obligations - EU AI Act Article 50

    You must clearly inform any natural person they are interacting with an AI system, at the start of the interaction and in language they can reasonably understand. Acceptable methods include AI voice agent script disclosures, chatbot first-message disclosures, and visual "AI Assistant" indicators.

    Comply also with applicable U.S. state AI laws including: California (AB 1018, SB 942); Utah (HB 149); Texas (Responsible AI Governance Act); Colorado (Colorado AI Act); NYC (Local Law 144).

    4.5 Synthetic Content (Deepfakes, Voice Cloning, AI-Generated Images)

    If you generate synthetic audio, video, or image content depicting natural persons:

    (a) comply with EU AI Act Article 50(4) - label deepfake content as artificially generated; (b) obtain verifiable consent of any natural person whose likeness or voice is replicated; (c) comply with applicable U.S. state deepfake laws (Texas, California, New York, Tennessee ELVIS Act, etc.); (d) do not generate synthetic content depicting real persons in sexually explicit, defamatory, or otherwise harmful contexts.

    4.6 AI Output - Your Responsibility

    You acknowledge AI features can produce inaccurate, incomplete, biased, or offensive output. AI features should not be relied on for legal, medical, financial, or other professional advice. You are responsible for reviewing, editing, and validating all AI output before use.

    4.7 AI Sub-processors and Confidentiality

    Your AI inputs may be transmitted to AI Sub-processors (OpenAI, Anthropic, ElevenLabs, Google). Do not provide highly sensitive inputs (PHI without BAA, payment card numbers, government IDs, attorney-client privileged content) without prior verification. We do not, and our AI Sub-processors do not, use your inputs to train general-purpose AI models without your consent.

    4.8 AI in Healthcare, Legal, Financial, and Other Regulated Sectors

    You may not use AI features to provide individualized medical advice, individualized legal advice, individualized financial advice, or individualized therapy. You may use AI features for general informational content with clear disclaimers, AI directing users to qualified professionals, and review by qualified professionals before release.


    5. Data Quality and Hygiene

    You must:

    (a) upload to the Platform only data you have lawfully obtained and have the right to process; (b) maintain accurate, current, and complete data; (c) honor opt-outs and DNCs and reflect them in the Platform; (d) delete or anonymize end-user data when retention purpose is exhausted (GDPR Art. 5(1)(e), Georgian law, equivalent rules); (e) not import data from other platforms in violation of those platforms' terms of service or applicable laws.


    6. Account and Sub-Account Hygiene

    You must maintain accurate registration information; keep login credentials secure; enable 2FA; ensure each user has only the minimum access they need; immediately revoke access for departed employees or contractors; cooperate with our security and abuse-investigation requests.


    7. Prohibited Use of FollowUP CRM Marks and HighLevel Identity

    You will not: claim to be an employee/agent/representative of FollowUP CRM or HighLevel except where genuinely so; suggest unauthorized endorsement; use FollowUP CRM or HighLevel marks without authorization; direct end users to contact FollowUP CRM or HighLevel directly for matters that are your responsibility; disparage FollowUP CRM, HighLevel, or other Customers; publish comparative advertising that misrepresents FollowUP CRM or HighLevel.


    8. Cooperation with Authorities

    You agree to respond promptly to requests from us, regulators, law enforcement, telecom carriers, and platforms regarding your use of the Platform; cooperate with our investigations; not retaliate against any End User or third party who reports a suspected violation in good faith.


    9. Reporting Violations


    10. Enforcement

    10.1 Our Investigation

    We may investigate reports or detected activity; review logs, message content, and account configurations; request additional information; consult with HighLevel, carriers, or other affected parties.

    10.2 Range of Remedies

    Depending on severity, we may: warn; rate-limit, throttle, or disable functionality; suspend specific sub-accounts or your entire account; terminate per MSA Section 17; report to authorities/carriers/platforms; preserve evidence; pursue indemnification.

    10.3 Severe Violations - Immediate Suspension

    For the following, we will suspend your account immediately, without prior warning:

    (a) CSAM or any content sexually exploiting minors; (b) Imminent threats of violence against identified persons; (c) Mass spam, smishing, or fraud campaigns posing immediate harm; (d) Active credential stuffing, account takeover, or DDoS activity; (e) Sanctions violations (use by sanctioned persons or entities); (f) Fraudulent payment or chargeback abuse.

    10.4 Appeal

    If you believe an enforcement action is mistaken, you may appeal by emailing info@followup.agency within fourteen (14) days.


    11. Reseller Customer Specific Obligations

    If you are a Reseller Customer (per MSA Section 13 and Schedule D):

    (a) you must flow down AUP-equivalent obligations to your end clients; (b) you are responsible for monitoring and enforcing your end clients' compliance; (c) violations by your end clients are treated as your violations; (d) when we detect violations at the sub-account level, we will (where reasonably possible) notify you and ask you to remediate.


    12. Limitation

    This AUP is not exhaustive. The fact that an activity is not specifically listed here does not mean it is permitted. Use the Platform in good faith, with respect for others, in compliance with law, and in line with the spirit of this AUP.

    If you are uncertain whether a planned use is permitted, ask us at info@followup.agency before proceeding.


    End of Acceptable Use Policy v2.0