Acceptable Use Policy
1. Introduction and Purpose
1.1. Purpose
This Acceptable Use Policy ("AUP" or "Policy") is designed to ensure responsible, safe, and lawful use of the Evaste platform and services.
This Policy defines acceptable and unacceptable behaviors to ensure all users have a secure and productive experience.
1.2. Binding Nature
This Policy is an integral part of the Evaste Terms of Service. By accessing or using Evaste services, you agree to this Policy.
1.3. Updates and Changes
Evaste reserves the right to update this Policy at any time. Material changes will be communicated via email and/or Platform notification.
2. Scope
2.1. Covered Services
This Policy covers all Evaste services:
- Evaste web platform and dashboard
- Cookie consent management widgets
- APIs and SDKs
- Mobile applications
- Integrations and plugins
- Support and communication channels
- Documentation and community resources
2.2. Covered Users
This Policy applies to:
- Account owners
- Administrator users
- Team members
- API users
- Enterprise customer employees
- Trial account users
- Free plan users
2.3. Third-Party Responsibility
Users are responsible for compliance with this Policy by all third parties (employees, contractors, partners) accessing through their accounts.
3. Permitted Uses
3.1. Appropriate Use Purposes
Evaste services may only be used for:
(a) Data Protection Compliance
- KVKK, GDPR, CCPA and other data protection law compliance
- Cookie consent management
- Privacy policy management
- Disclosure text creation and management
(b) Consent Management
- Collecting consent from website visitors
- Recording and managing consent preferences
- Storing proof of consent
- Managing opt-in/opt-out processes
(c) Cookie Management
- Scanning and categorizing website cookies
- Displaying cookie banners
- Implementing cookie preferences
- Conducting cookie audits
(d) Reporting and Analysis
- Monitoring consent rates
- Generating compliance reports
- Reviewing audit logs
- Analyzing performance metrics
3.2. Legal and Ethical Use
All uses must:
- Comply with all applicable laws
- Respect third-party rights
- Meet ethical business standards
- Adhere to honesty and transparency principles
3.3. Supported Business Models
- Corporate websites
- E-commerce platforms
- Media and publishing sites
- SaaS applications
- Mobile applications
- B2B services
- Government and civil society organizations
- Educational institutions
4. Prohibited Uses
4.1. Illegal Activities
The following are STRICTLY PROHIBITED:
(a) Criminal Activities
- Fraud or deceptive practices
- Money laundering or terrorism financing
- Identity theft or forgery
- Illegal gambling operations
- Drug trafficking or illegal substance sales
(b) Data Protection Violations
- Collecting personal data without permission
- Deceiving data subjects when collecting consent
- Illegal processing of children's data
- Unauthorized processing of sensitive data
(c) Intellectual Property Violations
- Copyright infringement
- Trademark counterfeiting
- Patent infringement
- Trade secret theft
4.2. Harmful and Malicious Activities
(a) Technical Attacks
- Hacking or unauthorized access attempts
- DDoS or DoS attacks
- Malware, virus, or malicious code distribution
- Phishing or social engineering attacks
- SQL injection, XSS, or similar attacks
(b) System Abuse
- Resource exhaustion attacks
- Rate limit manipulation
- Automated account creation
- Fake or fraudulent activities
4.3. Deceptive Practices
(a) Misleading Consent Collection
- Using dark patterns
- Hidden or unclear consent text
- Obtaining consent through force or pressure
- Manipulating consent preferences
- Cookie walls (where illegal)
(b) False Representation
- Unauthorized representation of Evaste
- Creating fake compliance certificates
- Misleading security claims
- Presenting as competitor product
4.4. Harmful Content Association
Evaste services may not be used with sites hosting:
- Adult/pornographic content
- Violence or hate speech
- Terrorism or extremism propaganda
- Illegal weapons or drugs
- Human trafficking or exploitation
- Child abuse material
- Fake news or disinformation
5. Content Policy
5.1. User Content
For content created or uploaded through the Platform (privacy policies, cookie descriptions, etc.):
- Content must be accurate and current
- Must not be misleading or deceptive
- Must not infringe third-party rights
- Must comply with applicable laws
5.2. Templates and Sample Content
Templates provided by Evaste:
- Are for general guidance purposes
- Do not substitute for legal advice
- Must be customized by user
- Compliance with local regulations is user's responsibility
5.3. Brand Usage
Use of Evaste brand assets:
- Permitted only in approved use scenarios
- Brand guidelines must be followed
- "Powered by Evaste" badge may not be altered
- Misleading use is prohibited
6. Security Requirements
6.1. Account Security
Users must implement the following security measures:
- Use strong and unique passwords
- Enable two-factor authentication (2FA)
- Keep account credentials confidential
- Report suspicious activity immediately
- Close unused accounts
6.2. API Security
For customers using API:
- Store API keys securely
- Never use secret keys on client-side
- Rotate keys regularly
- Apply IP restrictions (if possible)
- Use HTTPS mandatorily
6.3. Data Security
For user data:
- Encrypt sensitive data
- Apply access controls
- Prevent data leakage
- Report security vulnerabilities immediately
6.4. Vulnerability Reporting
When a security vulnerability is discovered:
- Report to security@evaste.co
- Practice responsible disclosure
- Do not test without explicit permission
- Wait for fix before public disclosure
7. Resource Usage
7.1. Fair Use Principle
For fair use of shared resources:
- Avoid excessive resource consumption
- Comply with rate limits
- Avoid unnecessary API calls
- Apply efficient integration practices
7.2. Resource Limits
| Resource | Pro | Enterprise |
|---|---|---|
| Page views/month | 100K | 1M+ |
| Domain count | 5 | Unlimited |
| API calls/day | 50K | 500K+ |
| Data retention | 12 months | 24 months+ |
| Team members | 5 | Unlimited |
7.3. Quota Exceeded
When limits are exceeded:
- Warning notification sent
- Additional usage may be charged
- Service may be restricted
- Plan upgrade recommended
8. Monitoring and Enforcement
8.1. Monitoring
Evaste monitors platform usage for:
- Security threat detection
- Policy violation detection
- Performance optimization
- Service quality assurance
8.2. Automatic Detection
Automated systems detect:
- Abnormal traffic patterns
- Suspicious API usage
- Potential abuse
- Security threats
8.3. Manual Review
Manual review occurs when needed:
- Following user complaints
- Following automated alerts
- Per legal requests
- As part of periodic audits
8.4. Privacy
Monitoring activities:
- Conducted in accordance with Privacy Policy
- Collect minimum necessary data
- Data stored securely
- Protected against unauthorized access
9. Violation Consequences
9.1. Violation Levels
| Level | Definition | Examples |
|---|---|---|
| Minor | Unintentional or technical | Rate limit exceeded |
| Medium | Repeated or intentional | Spam activity |
| Serious | Security or legal violation | Hacking attempt |
| Critical | Severely harmful | Data breach |
9.2. Sanctions
| Level | 1st Violation | 2nd Violation | 3rd Violation |
|---|---|---|---|
| Minor | Warning | Restriction | Suspension |
| Medium | Restriction | Suspension | Termination |
| Serious | Suspension | Termination | - |
| Critical | Termination | - | - |
9.3. Sanction Types
(a) Warning
- Email notification
- Time allowed for correction
- Guidance provided
(b) Restriction
- Specific features suspended
- Rate limits reduced
- API access limited
(c) Suspension
- Temporary account deactivation
- All access blocked
- Investigation process initiated
(d) Termination
- Permanent account closure
- All data deleted
- Future account creation banned
9.4. Appeal Right
Against sanctions:
- Written appeal within 14 days
- Appeal sent to compliance@evaste.co
- Evidence and explanation provided
- Appeal reviewed within 10 business days
10. Reporting and Complaints
10.1. Violation Reporting
If you suspect an AUP violation: abuse@evaste.co
Report should include:
- Violating account/site information
- Violation type and details
- Evidence (screenshot, URL, etc.)
- Reporter contact information
10.2. Copyright Notice (DMCA)
For copyright infringement notices: dmca@evaste.co
Required information:
- Description of infringed work
- Location of infringing content
- Statement that you are the rights holder
- Physical or electronic signature
10.3. Security Reports
For security vulnerability reports: security@evaste.co
PGP Key: https://evaste.co/.well-known/security.txt
10.4. Privacy Complaints
For data protection complaints: dpo@evaste.co
10.5. General Complaints
For other complaints: complaints@evaste.co
Response time: 5 business days
11. Policy Changes
11.1. Right to Change
Evaste reserves the right to modify this Policy at any time.
11.2. Notification
- Material changes notified 30 days in advance
- Notification via email and Platform
- Changes published on website
11.3. Effectiveness
- Changes effective on specified date
- Continued use after changes constitutes acceptance
- Account may be closed if not accepted
11.4. Archive
Previous Policy versions available upon request.
Contact Information
Evaste Compliance Team
General: info@evaste.co
Abuse: abuse@evaste.co
Compliance: compliance@evaste.co
Security: security@evaste.co
DMCA: dmca@evaste.co
Data Protection: dpo@evaste.co
Address: Levent, Istanbul, Turkey
Web: https://evaste.co
Phone: +90 532 494 42 64
Acceptable Use Policy
1. Introduction and Purpose
1.1. Purpose
This Acceptable Use Policy ("AUP" or "Policy") is designed to ensure responsible, safe, and lawful use of the Evaste platform and services.
This Policy defines acceptable and unacceptable behaviors to ensure all users have a secure and productive experience.
1.2. Binding Nature
This Policy is an integral part of the Evaste Terms of Service. By accessing or using Evaste services, you agree to this Policy.
1.3. Updates and Changes
Evaste reserves the right to update this Policy at any time. Material changes will be communicated via email and/or Platform notification.
2. Scope
2.1. Covered Services
This Policy covers all Evaste services:
- Evaste web platform and dashboard
- Cookie consent management widgets
- APIs and SDKs
- Mobile applications
- Integrations and plugins
- Support and communication channels
- Documentation and community resources
2.2. Covered Users
This Policy applies to:
- Account owners
- Administrator users
- Team members
- API users
- Enterprise customer employees
- Trial account users
- Free plan users
2.3. Third-Party Responsibility
Users are responsible for compliance with this Policy by all third parties (employees, contractors, partners) accessing through their accounts.
3. Permitted Uses
3.1. Appropriate Use Purposes
Evaste services may only be used for:
(a) Data Protection Compliance
- KVKK, GDPR, CCPA and other data protection law compliance
- Cookie consent management
- Privacy policy management
- Disclosure text creation and management
(b) Consent Management
- Collecting consent from website visitors
- Recording and managing consent preferences
- Storing proof of consent
- Managing opt-in/opt-out processes
(c) Cookie Management
- Scanning and categorizing website cookies
- Displaying cookie banners
- Implementing cookie preferences
- Conducting cookie audits
(d) Reporting and Analysis
- Monitoring consent rates
- Generating compliance reports
- Reviewing audit logs
- Analyzing performance metrics
3.2. Legal and Ethical Use
All uses must:
- Comply with all applicable laws
- Respect third-party rights
- Meet ethical business standards
- Adhere to honesty and transparency principles
3.3. Supported Business Models
- Corporate websites
- E-commerce platforms
- Media and publishing sites
- SaaS applications
- Mobile applications
- B2B services
- Government and civil society organizations
- Educational institutions
4. Prohibited Uses
4.1. Illegal Activities
The following are STRICTLY PROHIBITED:
(a) Criminal Activities
- Fraud or deceptive practices
- Money laundering or terrorism financing
- Identity theft or forgery
- Illegal gambling operations
- Drug trafficking or illegal substance sales
(b) Data Protection Violations
- Collecting personal data without permission
- Deceiving data subjects when collecting consent
- Illegal processing of children's data
- Unauthorized processing of sensitive data
(c) Intellectual Property Violations
- Copyright infringement
- Trademark counterfeiting
- Patent infringement
- Trade secret theft
4.2. Harmful and Malicious Activities
(a) Technical Attacks
- Hacking or unauthorized access attempts
- DDoS or DoS attacks
- Malware, virus, or malicious code distribution
- Phishing or social engineering attacks
- SQL injection, XSS, or similar attacks
(b) System Abuse
- Resource exhaustion attacks
- Rate limit manipulation
- Automated account creation
- Fake or fraudulent activities
4.3. Deceptive Practices
(a) Misleading Consent Collection
- Using dark patterns
- Hidden or unclear consent text
- Obtaining consent through force or pressure
- Manipulating consent preferences
- Cookie walls (where illegal)
(b) False Representation
- Unauthorized representation of Evaste
- Creating fake compliance certificates
- Misleading security claims
- Presenting as competitor product
4.4. Harmful Content Association
Evaste services may not be used with sites hosting:
- Adult/pornographic content
- Violence or hate speech
- Terrorism or extremism propaganda
- Illegal weapons or drugs
- Human trafficking or exploitation
- Child abuse material
- Fake news or disinformation
5. Content Policy
5.1. User Content
For content created or uploaded through the Platform (privacy policies, cookie descriptions, etc.):
- Content must be accurate and current
- Must not be misleading or deceptive
- Must not infringe third-party rights
- Must comply with applicable laws
5.2. Templates and Sample Content
Templates provided by Evaste:
- Are for general guidance purposes
- Do not substitute for legal advice
- Must be customized by user
- Compliance with local regulations is user's responsibility
5.3. Brand Usage
Use of Evaste brand assets:
- Permitted only in approved use scenarios
- Brand guidelines must be followed
- "Powered by Evaste" badge may not be altered
- Misleading use is prohibited
6. Security Requirements
6.1. Account Security
Users must implement the following security measures:
- Use strong and unique passwords
- Enable two-factor authentication (2FA)
- Keep account credentials confidential
- Report suspicious activity immediately
- Close unused accounts
6.2. API Security
For customers using API:
- Store API keys securely
- Never use secret keys on client-side
- Rotate keys regularly
- Apply IP restrictions (if possible)
- Use HTTPS mandatorily
6.3. Data Security
For user data:
- Encrypt sensitive data
- Apply access controls
- Prevent data leakage
- Report security vulnerabilities immediately
6.4. Vulnerability Reporting
When a security vulnerability is discovered:
- Report to security@evaste.co
- Practice responsible disclosure
- Do not test without explicit permission
- Wait for fix before public disclosure
7. Resource Usage
7.1. Fair Use Principle
For fair use of shared resources:
- Avoid excessive resource consumption
- Comply with rate limits
- Avoid unnecessary API calls
- Apply efficient integration practices
7.2. Resource Limits
| Resource | Pro | Enterprise |
|---|---|---|
| Page views/month | 100K | 1M+ |
| Domain count | 5 | Unlimited |
| API calls/day | 50K | 500K+ |
| Data retention | 12 months | 24 months+ |
| Team members | 5 | Unlimited |
7.3. Quota Exceeded
When limits are exceeded:
- Warning notification sent
- Additional usage may be charged
- Service may be restricted
- Plan upgrade recommended
8. Monitoring and Enforcement
8.1. Monitoring
Evaste monitors platform usage for:
- Security threat detection
- Policy violation detection
- Performance optimization
- Service quality assurance
8.2. Automatic Detection
Automated systems detect:
- Abnormal traffic patterns
- Suspicious API usage
- Potential abuse
- Security threats
8.3. Manual Review
Manual review occurs when needed:
- Following user complaints
- Following automated alerts
- Per legal requests
- As part of periodic audits
8.4. Privacy
Monitoring activities:
- Conducted in accordance with Privacy Policy
- Collect minimum necessary data
- Data stored securely
- Protected against unauthorized access
9. Violation Consequences
9.1. Violation Levels
| Level | Definition | Examples |
|---|---|---|
| Minor | Unintentional or technical | Rate limit exceeded |
| Medium | Repeated or intentional | Spam activity |
| Serious | Security or legal violation | Hacking attempt |
| Critical | Severely harmful | Data breach |
9.2. Sanctions
| Level | 1st Violation | 2nd Violation | 3rd Violation |
|---|---|---|---|
| Minor | Warning | Restriction | Suspension |
| Medium | Restriction | Suspension | Termination |
| Serious | Suspension | Termination | - |
| Critical | Termination | - | - |
9.3. Sanction Types
(a) Warning
- Email notification
- Time allowed for correction
- Guidance provided
(b) Restriction
- Specific features suspended
- Rate limits reduced
- API access limited
(c) Suspension
- Temporary account deactivation
- All access blocked
- Investigation process initiated
(d) Termination
- Permanent account closure
- All data deleted
- Future account creation banned
9.4. Appeal Right
Against sanctions:
- Written appeal within 14 days
- Appeal sent to compliance@evaste.co
- Evidence and explanation provided
- Appeal reviewed within 10 business days
10. Reporting and Complaints
10.1. Violation Reporting
If you suspect an AUP violation: abuse@evaste.co
Report should include:
- Violating account/site information
- Violation type and details
- Evidence (screenshot, URL, etc.)
- Reporter contact information
10.2. Copyright Notice (DMCA)
For copyright infringement notices: dmca@evaste.co
Required information:
- Description of infringed work
- Location of infringing content
- Statement that you are the rights holder
- Physical or electronic signature
10.3. Security Reports
For security vulnerability reports: security@evaste.co
PGP Key: https://evaste.co/.well-known/security.txt
10.4. Privacy Complaints
For data protection complaints: dpo@evaste.co
10.5. General Complaints
For other complaints: complaints@evaste.co
Response time: 5 business days
11. Policy Changes
11.1. Right to Change
Evaste reserves the right to modify this Policy at any time.
11.2. Notification
- Material changes notified 30 days in advance
- Notification via email and Platform
- Changes published on website
11.3. Effectiveness
- Changes effective on specified date
- Continued use after changes constitutes acceptance
- Account may be closed if not accepted
11.4. Archive
Previous Policy versions available upon request.
Contact Information
Evaste Compliance Team
General: info@evaste.co
Abuse: abuse@evaste.co
Compliance: compliance@evaste.co
Security: security@evaste.co
DMCA: dmca@evaste.co
Data Protection: dpo@evaste.co
Address: Levent, Istanbul, Turkey
Web: https://evaste.co
Phone: +90 532 494 42 64