Introduction
This Acceptable Use Policy ("AUP") governs how the SpoonieFans Platform, infrastructure, services, and APIs (collectively, the "Services") may be used. It is operated by Pickii Group, LLC and applies to every person and system that accesses the Services — creators, subscribers, visitors, automated tools, integrations, researchers, and third parties.
This AUP focuses on the technical and operational integrity of the Platform. It works alongside our Terms of Service and Community Guidelines, which cover content and behavior standards. Violating this AUP may result in immediate suspension, termination, IP/network blocks, legal action, or referral to law enforcement, depending on the severity.
💚 In Plain English: This policy keeps SpoonieFans fast, safe, and available for our community. It mostly matters to developers, security researchers, and anyone interacting with the Platform programmatically. Regular users almost never need to think about it.
Who This Policy Applies To
- All registered users (creators and subscribers)
- Visitors browsing public areas of the Platform
- Developers using SpoonieFans APIs, webhooks, or integrations
- Security researchers conducting authorized testing
- Third-party services interacting with the Platform on a user's behalf
- Anyone accessing the Platform through any technical means, including automated tools
Prohibited Technical Activities
You may NOT engage in any of the following activities on or against the Services:
Unauthorized Access & Security Violations
- Attempting to access accounts, data, systems, or networks you are not authorized to access
- Bypassing, disabling, or circumventing authentication, authorization, or access controls
- Exploiting vulnerabilities outside our Responsible Disclosure Program
- Probing, scanning, or testing the vulnerability of the Platform without prior written permission
- Decrypting, intercepting, or attempting to read traffic between users and the Platform
- Impersonating SpoonieFans systems, staff, or other users
- Forging headers, IP addresses, identifiers, or session tokens
Service Disruption
- Launching denial-of-service (DoS), distributed denial-of-service (DDoS), or similar attacks
- Sending excessive, malformed, or malicious requests intended to degrade or disrupt the Services
- Knowingly introducing malware, viruses, worms, ransomware, trojans, or other harmful code
- Triggering platform alarms, error pages, or fail-safes intentionally as a stress test without authorization
- Interfering with backups, logging, monitoring, or other operational systems
Reverse Engineering & Source Inspection
- Reverse engineering, decompiling, or disassembling any part of the Platform, mobile apps, or proprietary client code
- Extracting, copying, or reusing our source code, proprietary algorithms (including the quality scoring system), models, or trade secrets
- Removing, altering, or obscuring copyright, trademark, or proprietary notices
- Modifying, adapting, or creating derivative works of the Platform without our written permission
Scraping & Data Harvesting
- Using crawlers, spiders, scrapers, bots, or other automated tools to access, collect, or extract content or data without explicit written permission
- Bulk downloading content, profiles, comments, images, videos, or any other data from the Platform
- Building datasets from SpoonieFans content for AI/ML training, analytics, research, or commercial use without permission
- Aggregating creator information, subscriber lists, or engagement metrics from the Platform
- Bypassing or ignoring our robots.txt directives, rate limits, or anti-scraping measures
⚠️ Scraping for AI Training: Scraping creator content for AI training is explicitly prohibited. Our community shares deeply personal health stories — they are not training data. Violations may result in legal action under the Computer Fraud and Abuse Act (CFAA) and applicable state laws.
Automation, Bots & Fake Engagement
- Operating bots, scripts, or automation to perform actions a human user would normally perform (without explicit API authorization)
- Generating fake views, likes, follows, comments, subscriptions, or tips
- Inflating engagement metrics through coordinated inauthentic behavior
- Operating "view farms," click farms, or similar engagement manipulation services
- Creating multiple accounts to evade bans, manipulate metrics, or appear to be different people
- Selling, buying, or trading SpoonieFans accounts, follows, or engagement
API & Integration Misuse
- Exceeding documented rate limits or attempting to evade them through IP rotation, account rotation, or similar techniques
- Using API keys you were not issued, or sharing API keys with unauthorized parties
- Caching API responses beyond what our documentation permits
- Using deprecated API endpoints after their sunset date
- Building applications that mirror or replicate the Platform's core functionality
- Using the API in ways that misrepresent our Services or violate this AUP
Resource Abuse
- Uploading files larger than published limits or in formats designed to consume excessive resources
- Storing data on the Platform that is unrelated to your use of the Services (using us as cloud storage)
- Embedding the Platform in iframes or wrappers to obscure its origin or capture user data
- Using the Platform to host external content unrelated to your SpoonieFans presence
- Exploiting promotional features (free trials, referral bonuses) through fraudulent or repetitive registrations
Prohibited Operational Uses
You may not use the Services for any of the following purposes (these complement our Community Guidelines with operational and legal-focused prohibitions):
- Distributing malware, phishing pages, or links to compromised sites
- Operating command-and-control infrastructure for botnets or other malicious networks
- Hosting cryptocurrency mining scripts or browser-based mining code
- Running gambling, sweepstakes, or lottery operations
- Sending unsolicited bulk communications (spam) within or from the Platform
- Engaging in money laundering, sanctions evasion, or financial fraud
- Violating export control, sanctions, or embargo laws
- Using the Platform from an OFAC-sanctioned country or in violation of US export law
- Coordinating illegal activity of any kind
Account Integrity
- You must use accurate identity, payment, and contact information
- You may not share your account credentials with anyone, including family members
- You are responsible for all activity that occurs under your account
- You must promptly notify us at safety@spooniefans.com if you suspect your account has been compromised
- You may not transfer, sell, lease, or assign your account to anyone else
- Each person may operate only one account unless we explicitly authorize multiple accounts in writing
AI & Machine Learning Restrictions
In addition to the AI-generated content rules in our Community Guidelines, the following AI-related uses of the Platform are prohibited:
- Using SpoonieFans content (text, images, video, audio) to train, fine-tune, or evaluate AI/ML models without explicit written permission
- Operating AI-powered scrapers, crawlers, or extraction tools against the Platform
- Using LLM-powered agents to automate engagement, comments, messages, or interactions on the Platform
- Generating synthetic accounts using AI-generated identities, photos, or biographical information
- Using AI to circumvent our security, moderation, or anti-fraud systems
🤖 About AI: We respect the legitimate role of AI in many fields, but AI models trained on chronic illness narratives without consent are an exploitation of our community's vulnerability. We will pursue every available legal remedy against such uses.
Rate Limits & Fair Use
We apply rate limits to protect the Services for all users. Specific limits are documented in our developer documentation and may change without notice. Generally:
- Authenticated API requests are subject to per-key and per-account rate limits
- Unauthenticated requests have stricter limits
- File upload size, frequency, and total storage are subject to limits based on your account type
- Excessive use that affects other users may trigger throttling, even within published limits
- We reserve the right to adjust rate limits or impose temporary restrictions to protect Service stability
Automated Access
Automated access to the Services is permitted ONLY through our official APIs and only when authorized by a valid API key. The following automated tools may access publicly available content for limited purposes:
- Search engine crawlers (Google, Bing, DuckDuckGo, etc.) honoring our robots.txt
- Accessibility tools assisting individual users (screen readers, etc.)
- Archival services explicitly permitted by us
- Third-party integrations explicitly approved by us with appropriate API credentials
All other automated access — including AI crawlers (GPTBot, ClaudeBot, CCBot, PerplexityBot, etc.) — is prohibited. Our robots.txt and HTTP headers will explicitly block these crawlers, and bypassing those controls is a violation of this AUP.
Responsible Disclosure for Security Researchers
We welcome good-faith security research that helps make SpoonieFans safer. If you believe you have discovered a security vulnerability, please report it to security@spooniefans.com under our Responsible Disclosure Program.
Safe Harbor
We will not pursue legal action against researchers who:
- Make a good-faith effort to avoid privacy violations, data destruction, and Service interruption
- Only access the minimum amount of data necessary to demonstrate the vulnerability
- Do not exploit the vulnerability beyond the proof of concept
- Do not publicly disclose the vulnerability before we have had a reasonable opportunity to fix it (typically 90 days)
- Do not access, modify, or delete other users' data
- Comply with all applicable laws
Out of Scope
- Denial-of-service testing without explicit prior approval
- Social engineering of SpoonieFans staff, contractors, or vendors
- Physical security testing
- Testing of third-party services we do not control (Stripe, Brevo, Hetzner, etc.) — report to those vendors directly
Enforcement
Our Response to Violations
Depending on the nature and severity of a violation, we may take any of the following actions:
- Issue a warning
- Throttle or temporarily restrict access
- Revoke API keys or integration credentials
- Suspend or terminate the offending account
- Block the offending IP address, network range, or device
- Remove content created or hosted in violation of this AUP
- Forfeit any unpaid creator earnings tied to fraudulent activity
- Pursue legal remedies, including injunctive relief and damages
- Refer the matter to law enforcement
No Notice Required for Severe Violations
For violations that pose immediate risk to the Platform, our users, or third parties — including DDoS attacks, data theft, mass scraping, or active exploitation of vulnerabilities — we will act immediately without prior notice.
Cooperation with Law Enforcement
We cooperate with valid legal requests from law enforcement and regulators. We will preserve and disclose account data, logs, and other records when legally required, and we may proactively report serious violations (such as CSAM, credible threats of violence, or major fraud) without waiting for a request.
Indemnification
You agree to indemnify, defend, and hold harmless SpoonieFans, Pickii Group, LLC, and our officers, directors, employees, and agents from any claims, damages, costs, and expenses (including reasonable attorneys' fees) arising from your violation of this AUP. This obligation survives termination of your account.
Reporting Violations
If you become aware of a violation of this AUP, please report it:
Changes to This Policy
We may update this AUP at any time, particularly as new threats emerge or as our infrastructure evolves. Material changes will be communicated via email or platform notification. The "Last Updated" date at the top reflects the most recent revision. Your continued use of the Services after changes take effect constitutes acceptance.
Relationship to Other Policies
In the event of a conflict, the more specific policy generally controls.