Acceptable Use Policy

This Acceptable Use Policy ("AUP") sets out the rules for using Zapac links, WhatsApp links, QR codes and bio pages. It is part of, and incorporated into, our Terms of Service. It exists because link and QR tools can be abused, and protecting our users, their audiences and the wider internet is a core responsibility we take seriously.

1. Prohibited content and uses

You must not use Zapac to create, link to, distribute, facilitate or promote any of the following. This list is illustrative, not exhaustive:

Phishing and credential harvesting, and impersonation of any person, brand or organisation — including through deceptive link slugs on shared domains.
Malware, ransomware, spyware, drive-by downloads or exploit distribution.
Spam — unsolicited bulk messaging or email, and links used in spam campaigns on any channel, including WhatsApp.
Deceptive or cloaked destinations — showing one thing to reviewers or scanners and another to users, or swapping a destination to evade review after approval.
Shortener-chaining and open-redirect laundering to disguise a destination behind a trusted name.
Illegal content — child sexual abuse material (zero tolerance, reported to authorities as required by law), illegal drugs, weapons, fraud and scams, and illegal gambling where prohibited.
Intellectual-property infringement — counterfeit goods, pirated media or software, and trademark abuse.
Hate, harassment, violence or self-harm content, as scoped by applicable law.
Circumventing platform controls — evading bans or limits, farming free accounts, or mass-creating links beyond the limits we set.
Security and network abuse — using links or QR codes to facilitate SSRF, denial-of-service, or to probe or attack systems.

You must also comply with the platform terms of any third party your campaigns touch, including WhatsApp and Meta's policies for business messaging and commerce.

2. How we enforce this policy

Where practical, enforcement is graduated, reversible and appealable. Depending on the severity and history, we may apply any of the following steps:

Warn → Require verification → Soft-suspend → Suspend → Review → Ban

We may act immediately — skipping straight to suspension or a ban, and purging the link from our edge cache — for active phishing or malware, or where required by law or valid legal process.
Enforcement is never silent where we can avoid it: affected accounts are notified and may appeal by replying to the notice or contacting abuse@zap.ac.
Low-trust links may be held inactive until they pass automated safety checks; trusted accounts are activated without that delay.

3. Takedown timelines

We act on valid abuse reports and legal orders promptly. Confirmed-malicious links are disabled within 24 hours, and faster for active phishing or malware. We acknowledge grievances within 24 hours and aim to resolve them within 15 days, consistent with our obligations as an intermediary.

4. Repeat-infringer policy

Accounts that repeatedly violate this AUP — including the people, devices and networks behind them — will be terminated. Confirmed-malicious destination domains may be added to a product-wide denylist so the same abuse cannot be re-submitted under a new account.

5. Reporting abuse

If you encounter a Zapac link or QR code you believe violates this policy, report it to abuse@zap.ac or to our Grievance Officer at grievance@zap.ac. Please include the link and a brief description of the problem. Reports feed the same review pipeline as our in-product reporting, and we treat them confidentially.

6. No refund on abuse termination

An account suspended or terminated for violating this AUP is not entitled to a refund. See the Refund & Cancellation Policy for details.

7. Changes

We may update this AUP as abuse patterns and the law evolve. Each version carries an effective date, and your continued use of the Service after an update takes effect constitutes acceptance.