Acceptable Use Policy (AUP)

1. Purpose, scope and binding nature

The purpose of this AUP is to define the permitted and prohibited uses of the CloseHunt platform and to allocate the legal responsibilities relating to the multi-channel commercial outreach conducted by means of it. It applies to every Customer and to each of its users, staff, subcontractors and agents, worldwide, for all available channels (email, LinkedIn, WhatsApp, Telegram, Instagram, Messenger, SMS, voice) as well as for the inbound auto-reply and AI-automation features.

The AUP is incorporated by reference into the ToU and forms an integral part thereof. In the event of conflict, the order of precedence is as follows: (i) the signed master agreement or order form, if any; (ii) the ToS; (iii) the ToU; (iv) this AUP; (v) the DPA for data-protection matters only. Any breach of the AUP constitutes a material breach of the ToU and entitles CloseHunt to immediate suspension, with or without notice depending on severity, without refund of any amounts paid and without prejudice to any other remedy.

The Customer acknowledges that CloseHunt is a neutral, content-agnostic software-as-a-service (SaaS) provider, and not the advertiser, sender, caller or telemarketer of the communications sent by means of the platform.

• "Outreach": any outbound or inbound communication (including auto-reply) sent, scheduled or processed by means of the platform, on any channel.
• "Recipient": any natural or legal person targeted, contacted by, or replying through the platform.
• "Channel": each of the supported means of communication (email, LinkedIn, WhatsApp, Telegram, Instagram, Messenger, SMS, voice).
• "Objection / Opt-out": any expression by a recipient of the wish to no longer be contacted (unsubscribe, STOP, withdrawal of consent, objection within the meaning of Article 21 GDPR).
• "Suppression List": a register of recipients who must no longer be contacted, across all channels.
• "Consent": a freely given, specific, informed and unambiguous indication of wishes by a clear affirmative act, within the meaning of Article 4(11) GDPR and of the regulations applicable to the relevant channel and jurisdiction.

2. Data-protection roles and the Customer's capacity

For the personal data of prospects and leads that the Customer uploads, imports, sources, enriches, targets or has processed by the platform, the CUSTOMER is the DATA CONTROLLER and CLOSEHUNT is the PROCESSOR within the meaning of Article 28 GDPR, acting exclusively on the Customer's documented instructions. The Customer alone decides who is to be contacted, on which channel, with what content, at what cadence and, above all, on what lawful basis each outreach action rests. The Customer's configuration of channels, targets and messages constitutes its documented instructions and falls under its sole responsibility.

For the account, billing, usage, security and telemetry data that CloseHunt processes for the purposes of operating its service, CLOSEHUNT is the DATA CONTROLLER. This distinction of capacities is constant: it is reiterated in the DPA and in the Privacy Policy and must never be conflated.

The Customer warrants that it acts as the data controller of the outreach data, that it holds the authority required to instruct such processing, and that it bears the entirety of the responsibility for the lawfulness of the outreach. CloseHunt exercises no judgment over, and assumes no responsibility for, the lawfulness of any given outreach action, the validity of the lawful basis, the accuracy of consent, the provenance of lists or the content of messages.

3. Customer's affirmative obligations — lawful basis and consent

The Customer represents and warrants that, before any outreach action, and for every recipient and every channel, it holds a valid lawful basis under the GDPR and any consent or opt-in required by the regulations applicable to the channel and to the recipient's jurisdiction, that it is able to evidence this, and that it is solely responsible for it. The Customer shall in all circumstances apply the strictest standard among the regulations applicable to a given recipient (cumulative, jurisdiction-by-jurisdiction approach).

The Customer acknowledges that CloseHunt's provision of compliance features constitutes neither legal advice, nor validation, nor a warranty of the compliance of its lists, messages or campaigns. Determining the lawful basis, the need for prior consent and the associated documentation is the Customer's exclusive responsibility.

• GDPR: hold a valid lawful basis (consent, legitimate interest, performance of a contract, etc.) for the processing of each prospect's data, carry out the balancing test and Legitimate Interest Assessment (LIA) where Article 6(1)(f) is relied on, and provide the information required by Articles 13 and 14 (including the source of indirectly collected data).
• ePrivacy (Directive 2002/58/EC, Art. 13) and France (CPCE Art. L.34-5, LCEN): for electronic marketing to a natural person, obtain prior opt-in consent or rely on the strictly defined "soft opt-in" exception (contact details collected in the context of a sale, similar products/services, and a simple free means to object offered at collection and in every message).
• B2B outreach to a nominative professional address ([email protected]): the CNIL's tolerance permits opt-out only where the subject of the message relates directly to the recipient's professional role, the recipient was informed at collection that the address would be used for marketing, and every message offers a simple, free means to object. This tolerance is a CNIL interpretation, not a statutory exemption: Article L.34-5 targets the "natural person" with no express professional carve-out.
• Automated / synthetic-voice / pre-recorded calls ("automated calling systems"): the strictest regime. Prior opt-in consent is required for ANY natural person, consumer OR professional, with no B2B softening (CPCE Art. L.34-5; CNIL guidance). CloseHunt's voice channel, when it uses a synthetic or automated voice, falls within this regime.
• Live telephone canvassing of consumers in France: as of 11 August 2026 (Law No. 2025-594 of 30 June 2025), prior opt-in consent becomes mandatory, with the burden of proof on the caller. The Customer must anticipate and comply with this regime.
• United States — email (CAN-SPAM): no B2B exemption; every commercial email communication to a US recipient is subject to the law.
• United States — SMS / voice (TCPA, 47 C.F.R. §64.1200): obtain and retain prior express written consent before any marketing SMS, autodialed, pre-recorded or AI-generated voice call to a US number, including business mobile numbers (no B2B exemption for mobiles). AI-generated voices are classified as "artificial voice" by the FCC ruling of 8 February 2024.
• WhatsApp / Telegram / Instagram / Messenger: obtain explicit prior opt-in consistent with the relevant platform's policy (the recipient provided their number/handle AND agreed to be contacted by the Customer's named business). Passive consent buried in general terms is insufficient.
• Canada (CASL), United Kingdom (UK GDPR + PECR) and any other jurisdiction: comply with the anti-spam, marketing and data-protection regulations applicable to each recipient.

4. Customer's affirmative obligations — objections, STOP and suppression lists

The Customer must process and honor without delay any objection, unsubscribe, STOP or cease-contact request, across all channels, and immediately stop contacting the recipient concerned. The Customer may under no circumstances re-import, re-add, re-target or re-contact a person who has objected, on any channel whatsoever, nor disable, circumvent or neutralize CloseHunt's opt-out enforcement, suppression or consent-logging features.

The Customer remains responsible for the completeness and accuracy of its suppression lists and its consent and objection records. CloseHunt provides the tooling for automatic suppression enforcement; the Customer bears the burden of proof.

• CAN-SPAM (US email): the opt-out mechanism must remain operational for at least 30 days after sending and any request must be honored within 10 business days; opt-out must be free and must not require login, payment, or any information beyond an email address and preferences. The address of a person who has opted out may not be sold, leased, exchanged or transferred.
• TCPA (US SMS / voice): honor the keywords STOP, QUIT, END, REVOKE, OPT-OUT, CANCEL, UNSUBSCRIBE and, since 11 April 2025, any revocation by any reasonable means, within 10 business days.
• ePrivacy / CPCE L.34-5 (EU/FR): every message must include a simple, free and functioning means to object (unsubscribe link, STOP keyword, reply address), and the right to object must be presented at the point of data collection and in every subsequent message.
• Maintain and apply cross-channel suppression lists (objections, bounces, complaints, do-not-contact lists, applicable anti-marketing registries).
• For telephone canvassing: comply with applicable opt-out or consent registries (BLOCTEL in France until the opt-in regime takes effect; the National Do-Not-Call Registry in the United States, to which the Customer must subscribe in its own name and against which it must scrub its lists).

5. Customer's affirmative obligations — identification, content and recordkeeping

The Customer must ensure accurate and non-deceptive identification of the sender on each channel and in each message, identify the commercial nature of communications where the law requires it, keep the subject consistent with the content, and ensure the relevance of the message to the recipient's professional role. The Customer must maintain auditable consent and objection records sufficient to demonstrate its compliance.

The Customer is solely responsible for all content sent by the AI agents on its behalf. It must supervise and configure its agents so as to honor objections, avoid any prohibited, deceptive or unlawful content, and not generate messages at a scale, cadence or pattern designed to evade spam filtering or platform abuse-prevention mechanisms.

• Accurate sender identity: header, routing, "From" / "Reply-To" information, the sender's name and, for voice, the caller ID (CLI/Caller-ID) must be accurate and identify the true sender; no concealment or falsification (CAN-SPAM §7704(a)(1); CPCE L.34-5; ePrivacy Art. 13(4)).
• Non-deceptive subject line: no subject line likely to mislead as to the content or nature of the communication.
• Commercial identification and mandatory disclosures: where required, identify the communication as advertising/commercial and include a valid physical postal address (CAN-SPAM §7704(a)(5)) and the sender's identity.
• Opt-out mechanism: every commercial electronic message must contain a functioning, free and simple means to object.
• Artificial / AI-voice calls (TCPA §64.1200(b)): state at the start of the call the identity of the business responsible and provide a callback number enabling opt-out.
• Recordkeeping: maintain consent, objection and suppression records (the TSR requires 5-year retention; proof of consent is the central defense under the TCPA).

6. Customer's affirmative obligations — compliance with channel-platform terms

The Customer must comply with the terms of use and policies of every platform, carrier or channel provider it connects or uses. These terms are private contracts that apply contractually in addition to the law. The Customer acknowledges that CloseHunt does not represent or warrant that the use of automation is authorized or endorsed by these platforms, and that it is for the Customer to ensure the contractual lawfulness of its use.

The Customer must not exceed, circumvent, or attempt to evade any platform rate limit, sending cap, anti-automation control or abuse-detection mechanism. The Customer acknowledges that the default rate throttles and warm-up phases applied by CloseHunt exist for this purpose and must not be disabled in order to abuse a channel.

• LinkedIn: comply with the User Agreement, in particular §8.2 prohibiting unauthorized automation and scraping as well as bulk automated messages and connection requests.
• WhatsApp: comply with the Business Messaging Policy, the Commerce Policy and the Business Terms, which require explicit prior opt-in.
• Meta (Instagram / Messenger) and Telegram: comply with platform terms restricting unsolicited, automated or bulk outreach.
• Email providers and mailboxes: comply with the provider's terms, sending limits and authentication rules.
• SMS: comply with carrier rules, the CTIA Messaging Principles and Best Practices and the A2P 10DLC rules (brand/campaign registration and SHAFT content limits).
• The Customer bears all the consequences of any breach of a platform's terms, including blocks, restrictions, bans or loss of accounts, numbers or domains.

7. Prohibited uses — spam, unsolicited messaging and unlawful sourcing

The following uses are strictly prohibited, the list being non-exhaustive. Any prohibited use constitutes a material breach of the AUP and the ToU.

• Sending unsolicited commercial or bulk communications without a valid lawful basis, in particular to consumers or natural persons without consent, without a valid "soft opt-in" or without an applicable legitimate-interest basis.
• Use of purchased, rented, scraped, harvested or otherwise collected lists without a demonstrable lawful basis.
• Address harvesting, dictionary attacks, and automated generation of addresses or accounts (aggravated violations within the meaning of CAN-SPAM §7704(b), exposing the Customer to treble damages).
• Ignoring objections or re-contacting, on any channel whatsoever, a person who has objected, unsubscribed or sent a STOP.
• Uploading or targeting data that the Customer has no right to use, or that was collected unfairly or unlawfully.
• Sending messages at a scale, cadence or pattern designed to evade spam filtering or platform abuse-prevention controls.

8. Prohibited uses — deception and sender-identity impersonation

The Customer shall refrain from any deceptive practice relating to the identity of the sender or to the nature of the communications.

• Falsification or deceptiveness of header, routing, "From" / "Reply-To" information or caller ID (Caller-ID / CLI).
• Deceptive or misleading subject lines.
• Impersonation of any person, brand, company, domain or number that the Customer does not control, as well as impersonation of CloseHunt.
• Concealment or disguise of the true identity of the sender on whose behalf the message is sent.
• Omission of commercial identification where required, of a valid physical postal address, or of a functioning opt-out mechanism.
• Absence or falsification of caller ID on the voice channel, or failure to state the identity of the responsible business during an artificial or AI-voice call.

9. Prohibited uses — illegal, harmful and restricted content

The Customer shall refrain from using the platform to send, distribute or cause to be sent any unlawful, harmful or sector- or channel-restricted content.

• Illegal, fraudulent, deceptive, harassing, threatening, defamatory, hateful, discriminatory or sexually explicit content.
• Malware, phishing, spoofing, or links to malicious sites.
• Content falling within the SHAFT-restricted categories (sex, hate, alcohol, firearms, tobacco) as well as other carrier- or platform-restricted categories (drugs, gambling, adult content, unsafe supplements, high-risk financial products) on SMS / WhatsApp, unless lawful and expressly approved by the platform.
• Any content infringing intellectual-property rights or the rights of third parties.
• Content generated or relayed by the AI agents in breach of these prohibitions, the Customer remaining fully responsible for content sent on its behalf.

10. Prohibited uses — circumventing platforms, rate limits, and calls/SMS without consent

The Customer shall refrain from any practice circumventing the technical and contractual rules of the channel platforms, as well as from any telephone or message solicitation without the required consent.

• Violation of the terms of any connected platform (LinkedIn, WhatsApp, Meta, Telegram, email providers, SMS carriers).
• Exceeding, circumventing or attempting to evade any platform rate cap, sending limit or abuse-detection mechanism.
• Disabling CloseHunt's default rate throttles or warm-up phases in order to abuse a channel.
• Mass sending of connection requests or messages designed to evade detection.
• Calls, SMS or messages to recipients without the consent required by the channel or the law, in particular automated or AI-voice calls without prior opt-in.
• Targeting persons listed on an opt-out registry (do-not-call, BLOCTEL, National DNC Registry) or who have objected.

11. Per-channel compliance

For each channel it enables, the Customer attests that it holds and retains the lawful basis and consent required under the matrix below, applying the strictest standard applicable to the recipient. Enabling a channel constitutes the Customer's attestation of compliance for that channel.

• Email: to a consumer/natural person = prior opt-in (EU) or CAN-SPAM compliance (US, no B2B exemption); to a nominative professional address in the EU = legitimate interest subject to conditions of relevance, information and objection; mandatory disclosures, accurate identity and a functioning opt-out in every message.
• SMS: heightened regime. EU = same rules as email with a mandatory STOP; US = prior express written consent (TCPA) including for business mobiles, A2P 10DLC registration, accurate identification and honoring of STOP/revocation.
• Voice: most heightened regime. Automated or AI voice = prior opt-in for any natural person in France/EU with no B2B softening (CPCE L.34-5); US = prior express written consent (TCPA, AI voice classified as artificial voice by the FCC), identity disclosure at the start of the call, callback number, accurate caller ID, compliance with calling hours (TSR: 8 a.m.-9 p.m. recipient local time) and with the DNC Registry.
• Social and instant messaging (LinkedIn, WhatsApp, Telegram, Instagram, Messenger): explicit prior opt-in where the platform requires it (WhatsApp in particular) and full compliance with each platform's terms of use, with no unauthorized automation or scraping.
• Inbound auto-reply: the Customer remains responsible for the content generated by the AI in reply, must configure its agents to honor objections expressed in the thread, and must not follow up with a person who has objected.

12. CloseHunt's role — neutral tool provider, no monitoring duty

CloseHunt provides an automated software platform and compliance features intended to assist the Customer in meeting its obligations, without thereby assuming them. These features include, in particular: opt-out enforcement and STOP-keyword handling, consent and objection logging, maintenance of suppression lists, assistance with data-subject-rights requests (export and erasure / DSAR), default rate throttles and warm-up phases, caller-ID pass-through, time-zone-aware scheduling, and transparency on sub-processor categories.

CloseHunt does not pre-screen, verify or monitor the Customer's content, lists, lawful basis or consent. CloseHunt exercises no judgment as to the lawfulness of any given outreach action, and the Customer remains solely responsible for it. The provision of these features constitutes neither legal advice nor a warranty of the Customer's compliance.

Where CloseHunt reasonably believes that a Customer instruction or use is liable to infringe the regulations (Article 28(3), last paragraph, GDPR), it may notify the Customer, suspend, or refuse to execute the instruction, without thereby assuming the capacity of controller or any monitoring responsibility. CloseHunt's intervention powers under this AUP are rights and not obligations, and their exercise or non-exercise shall not engage its liability nor create a duty to monitor.

13. Reporting, cooperation and sanctions

CloseHunt may, with or without notice depending on severity, throttle, suspend or terminate any account, and disconnect any channel, in the event of an actual or suspected breach of the AUP, in particular in order to protect its relationships with platforms and carriers, the reputation of its IP addresses and domains, or its other customers. CloseHunt reserves the right, without being obliged to do so, to remove any offending content or list, to report any unlawful activity to the competent authorities, to preserve evidence, and to cooperate with regulators, carriers and platforms.

The Customer must notify CloseHunt without delay of any complaint, formal notice or authority inquiry relating to its outreach, and cooperate fully with any investigation. The Customer acknowledges that CloseHunt may disclose its identity to authorities, carriers or complainants in its capacity as the responsible sender.

Any suspension or termination for breach of the AUP gives rise to no refund and does not release the Customer from its accrued payment obligations. The Customer bears all the consequences of its breaches, including any independent action by a platform or carrier (throttling, blocking, ban, loss of accounts, numbers or domains), for which CloseHunt cannot be held liable.

14. Customer warranties and indemnification

The Customer represents and warrants on a continuing basis: that it holds all the rights, lawful bases and consents (including, where required, prior express written consent) for each recipient, number, address or handle it uploads or targets; that all of its outreach complies with all applicable laws and with the channel-platform terms; that it honors objections and maintains suppression lists and consent records; that it is the registered subscriber of Do-Not-Call-type registries where applicable and the custodian of proof of consent; and that its instructions to CloseHunt are lawful. Any breach of these warranties constitutes a material breach.

In accordance with the ToU and the ToS, the Customer undertakes to indemnify, defend and hold harmless CloseHunt, its officers, staff and subcontractors, against any third-party claim, action or sanction by an authority (in particular the CNIL, FTC, FCC, state attorneys general, ICO), action by private claimants or class action, action by a carrier or platform, fine, statutory damages (including under the TCPA, CAN-SPAM, the TSR and state mini-TCPAs) and all defense costs, arising from its outreach, its content, its data sourcing, the absence of a lawful basis or consent, a failure to process objections, or a violation of the law or of platform terms.

This indemnification, the warranties, the limitations of liability and the accrued payment obligations survive termination. The terms, caps and exclusions of liability, as well as the carve-out of the indemnification from any liability cap, are governed by the ToU and the ToS, to which this clause expressly refers.

15. Governing law, jurisdiction and final provisions

This AUP is governed by French law. Any dispute relating to its validity, interpretation or performance, between professionals (B2B), falls within the exclusive jurisdiction of the Commercial Court (Tribunal de commerce) of [VILLE_SIEGE], by a jurisdiction-attribution clause, notwithstanding multiple defendants or third-party proceedings. Regulation (EU) 2016/679 (GDPR) applies to the processing of personal data.

CloseHunt may amend this AUP at any time to reflect changes in the regulations, in platform terms or in its features; the version in force is the one published on the CloseHunt website. Continued use of the platform after publication constitutes acceptance. If any provision of the AUP is held void or unenforceable, the remaining provisions shall retain full effect.

For any question: legal matters [email protected]; data protection [email protected] and [email protected]; support [email protected]. The public opt-out page is available at https://closehunt.io/opt-out. The publisher is [DENOMINATION], a [FORME_SOCIALE] with share capital of [CAPITAL_SOCIAL], whose registered office is at [ADRESSE_SIEGE], registered with the Trade and Companies Register of [RCS_VILLE] under number [SIREN], intra-Community VAT [TVA_INTRA], publication director [DIRECTEUR_PUBLICATION]. The host is Scaleway SAS, 8 rue de la Ville l'Évêque, 75008 Paris, France.