Acceptable Use Policy
Kentro Acceptable Use Policy
This Acceptable Use Policy (the "AUP") sets out the rules that govern the use of the Kentro commerce operations platform, the Kentro 3PL Services, the Kentro Copilot AI Services, and all related services (collectively, the "Services") provided by Kentro Inc., a Delaware corporation ("Kentro," "we," "us," or "our"). This AUP is incorporated by reference into, and forms part of, the Kentro Platform Terms of Service (the "Terms"). Capitalized terms used but not defined here have the meanings given in the Terms. Each Tenant and each of its Users must comply with this AUP at all times when accessing or using the Services.
1. Scope and Application
This AUP applies to the Tenant and to every User, agent, contractor, integration, application, and automated process that accesses the Services under the Tenant's account, whether or not authorized by the Tenant. The Tenant is responsible for ensuring that everyone who accesses the Services under its account complies with this AUP. Violations by any such person are attributable to the Tenant. This AUP is in addition to, and does not limit, the Tenant's obligations under the Terms, the Kentro Data Processing Addendum (where applicable), the Kentro Privacy Policy, applicable law, and any acceptable use policies of third-party providers disclosed by Kentro (including AI model providers, telephony providers, and shipping carriers). Where this AUP is silent, the Terms and applicable law control.
2. Unlawful and Harmful Activities
The Services must not be used to engage in, promote, facilitate, or conceal any unlawful, deceptive, or harmful activity, including:
- the sale, purchase, distribution, marketing, storage, or shipment of goods or services whose manufacture, sale, transport, or possession is unlawful in the origin, transit, or destination jurisdiction;
- fraud, misrepresentation, market manipulation, sanctions evasion, money laundering, terrorist financing, or the facilitation of any of the foregoing;
- the sale or shipment of counterfeit goods or goods that violate consumer protection, product safety, labeling, customs, export, or import laws;
- the collection, use, sale, or disclosure of personal information in violation of applicable privacy or data protection law;
- harassment, threats, hate speech, or the incitement of violence against individuals or protected groups;
- content or activity that sexually exploits or abuses children, or that solicits or facilitates the sexual exploitation or abuse of children; and
- any other conduct that violates applicable law or a court order.
3. Intellectual Property and Content
The Services must not be used to infringe, misappropriate, or dilute the intellectual property, publicity, or contractual rights of any third party. Specifically, the Tenant and each User must not:
- upload, store, transmit, or list for sale content, product data, images, descriptions, or trademarks in a manner that infringes the intellectual property rights of a third party;
- attempt to reverse engineer, decompile, disassemble, scrape, or otherwise derive the source code, models, or non-public information underlying the Services, except to the extent expressly permitted by applicable law notwithstanding this restriction;
- remove, alter, or obscure any proprietary notices, watermarks, or attribution required by Kentro or by third-party providers integrated with the Services; or
- use Kentro branding, marks, or logos other than as permitted in writing by Kentro or in the Documentation.
4. Security, Integrity, and Isolation
The Services must not be used to compromise, threaten, or work around the security, integrity, availability, or tenant isolation of the Services or of any Kentro or third-party system. Specifically, the Tenant and each User must not:
- upload, distribute, or execute malware, viruses, worms, trojans, ransomware, spyware, keystroke loggers, or any other malicious code;
- probe, scan, or test the vulnerability of any part of the Services, any Kentro system or infrastructure, or any system operated by a contracted third-party fulfillment provider or other subprocessor, except under a written authorization from Kentro that expressly permits the testing (for example, a coordinated penetration test);
- attempt to bypass, defeat, or interfere with authentication, authorization, rate limits, quotas, throttles, captcha protections, session controls, audit logging, or any other technical or contractual control;
- conduct credential-stuffing, brute-force, password-spraying, session-hijacking, or similar attacks against the Services or against any account, whether the account is the Tenant's or someone else's;
- access, view, use, or attempt to access, view, or use data, accounts, or systems belonging to any other tenant, User, or third party, or otherwise attempt to defeat the multi-tenant isolation of the Services;
- attempt to re-identify, correlate, or otherwise link individuals, tenants, or their data from de-identified or aggregated outputs, benchmarks, or metrics made available through the Services;
- use headless browsers, unauthorized scripts, unauthorized bots, or unauthorized automation in a manner that materially exceeds normal human or supported programmatic use, or that materially degrades the Services for others; or
- interfere with, disrupt, or degrade the Services, other tenants' use of the Services, or any underlying network, whether through denial-of-service techniques, resource exhaustion, misconfiguration of integrations, or otherwise.
5. Acceptable Use of AI Services (Kentro Copilot)
Kentro Copilot and the other AI Services are provided for lawful, in-scope business use only. In addition to the general rules above, the Tenant and each User must not:
- attempt to use Copilot to view, extract, infer, or otherwise obtain data belonging to any other tenant or User, including through prompt engineering, jailbreak attempts, or side-channel probing;
- submit prompts, tool inputs, retrieved content, or hidden instructions designed to make Copilot ignore, contradict, or circumvent Kentro's or the Tenant's policies, guardrails, permission checks, or the acceptable use policies of Model Providers (that is, prompt-injection or indirect prompt-injection attacks);
- use Copilot to generate content or take actions that are unlawful, deceptive, defamatory, harassing, discriminatory, sexually exploitative of children, or otherwise prohibited by this AUP or by applicable law;
- use Copilot to impersonate a natural person or an organization, or to make representations that are known to be false, in customer-facing communications;
- use Copilot to draft or send high-stakes communications (such as legal notices, medical guidance, or safety warnings) without human review, or to make automated decisions that would violate Section 6.6 of the Terms (No High-Risk Use);
- use Copilot to automate actions that circumvent role-based access controls, approval flows, segregation-of-duties requirements, or other permissions the Tenant has configured; or use Copilot as a proxy to grant a User capabilities the User is not otherwise authorized to hold;
- submit prompts, files, or context that contain sensitive data outside the scope for which the Tenant has a lawful basis to Process such data;
- use the AI Services to develop, train, evaluate, or benchmark a competing product or service, or to derive prompts, model weights, or training data from the AI Services; or
- rely on Copilot outputs as the sole basis for material operational, financial, legal, or reputational decisions without human review, as further described in Section 6 of the Terms.
The Tenant is responsible for supervising User use of Copilot; for configuring available permissions, roles, guardrails, and approval flows to limit the scope of actions Copilot can take on the Tenant's behalf; and for the consequences of actions Users direct, authorize, or fail to properly supervise or configure.
6. Telephony, SMS, and Email
Where the Services are used to send or receive telephone calls, SMS or MMS messages, or email, the Tenant and each User must comply with all applicable telecommunications, marketing, and anti-spam laws, including the United States Telephone Consumer Protection Act ("TCPA"), the CAN-SPAM Act, the Federal Trade Commission's Telemarketing Sales Rule, applicable state and provincial telemarketing and anti-spam laws, and comparable laws in other jurisdictions (including Canada's Anti-Spam Legislation and the European Union's ePrivacy rules). Without limiting the foregoing:
- The Tenant is solely responsible for obtaining and maintaining any consent required from the recipient for calls, SMS, MMS, voice, or email messages that the Tenant, its Users, or Copilot originates or triggers on the Tenant's behalf, including express written consent where required by law;
- The Tenant must maintain accurate records of consent, must honor opt-out and unsubscribe requests promptly, and must comply with quiet-hours rules, do-not-call registries, and message-frequency and content requirements applicable to the recipient's jurisdiction;
- The Tenant must not use the Services to send unsolicited bulk or commercial messages, to send messages with false or misleading sender or subject-line information, to disguise the origin of communications, or to send messages that would violate carrier rules (including telecommunications provider content and use policies);
- The Tenant must not use the Services to conduct robocalls, automated calls, or messaging campaigns that violate applicable law, and must ensure that any AI-driven voice interactions provide disclosures required by law (including any legally required disclosure that the recipient is interacting with an automated system);
- The Tenant must obtain any consents required for the recording of calls, storage of transcripts, and processing of voice content, including under two-party consent regimes; and
- The Tenant must not use the Services to phish, spoof, or otherwise deceive recipients about the identity of the sender, or to send content that promotes malware, fraud, or scams.
Kentro may throttle, suspend, or terminate messaging capabilities without prior notice where reasonably necessary to comply with law, to protect recipients or carriers, or to respond to abuse.
7. Reselling and Access
The Tenant and each User must not:
- resell, sublicense, white-label, rent, lease, or otherwise make the Services available to any third party as a service, other than in support of the Tenant's own commerce operations as expressly permitted by the Terms and by any applicable Order Form;
- share account credentials, API keys, tokens, or session identifiers with any person other than a User authorized under the Terms and this AUP;
- circumvent user-based, tenant-based, or usage-based pricing or metering by sharing accounts, pooling access, or aggregating usage across parties that would otherwise be separate customers; or
- provide access to the Services to any person or entity that is subject to United States or other applicable trade sanctions, or that is located in a country subject to comprehensive United States sanctions.
8. Truthful Signup and Account Information
The Tenant and each User must provide accurate, current, and complete information at signup and throughout use of the Services, including legal entity name, business contact details, billing information, tax identifiers where applicable, and, for Kentro 3PL Services, product, shipping, and customs information. The Tenant and each User must not (a) impersonate any person or entity, (b) misrepresent affiliation with any person or entity, (c) create accounts using automated means or under false pretenses, or (d) use the Services to circumvent a prior suspension or termination by Kentro. Kentro may verify information provided at signup and thereafter and may refuse, suspend, or terminate access where information is found to be inaccurate, incomplete, or fraudulent.
9. Fulfillment-Specific Rules
Where the Tenant uses the Kentro 3PL Services, additional rules apply to protect the safety and integrity of contracted third-party fulfillment provider facilities, personnel, and operations. In addition to Section 5.5 of the Terms, the Tenant and each User must not:
- tender to Kentro or to a contracted third-party fulfillment provider any hazardous, restricted, regulated, dangerous, or otherwise prohibited goods without prior written disclosure to, and written approval from, Kentro and the relevant facility, and without full compliance with all applicable requirements (including packaging, labeling, documentation, and carrier acceptance rules);
- misrepresent, understate, or omit the contents, quantity, weight, dimensions, value, origin, harmonized-code classification, or destination of inbound or outbound shipments, or provide inaccurate customs, product-safety, or regulatory documentation;
- ship goods to destinations that are prohibited by applicable export, sanctions, embargo, or other trade-control law, or that are restricted by the destination jurisdiction;
- use the Services to route shipments in a manner intended to evade taxes, duties, or lawful reporting or licensing obligations;
- interfere with or attempt to direct facility operations outside of the channels made available by Kentro and by the relevant contracted third-party fulfillment provider; or
- disregard receiving windows, cutoffs, cycle-count procedures, or reconciliation timelines as described in the Documentation and any Commercial Addendum.
Kentro and the relevant contracted third-party fulfillment provider may refuse to accept, hold pending instructions, quarantine, return, or lawfully dispose of any goods that are believed in good faith to violate this Section 9 or applicable law, at the Tenant's cost and without waiving any other remedy.
10. Enforcement
Kentro may investigate suspected violations of this AUP and may take any action Kentro considers appropriate in response. Available actions include, without limitation, issuing a warning; requesting information or remediation from the Tenant; disabling, throttling, or restricting specific features (including AI, messaging, or fulfillment capabilities); suspending a User's access; suspending the Tenant's account in whole or in part; removing or restricting content; withholding release of goods in accordance with Section 5.3 of the Terms; terminating the Terms for cause in accordance with Section 12.3 of the Terms; and cooperating with law enforcement, regulators, carriers, and other affected third parties.
Kentro will typically attempt to notify the Tenant before taking enforcement action and to provide a reasonable opportunity to remediate, particularly for lower-severity or first-time issues. However, Kentro may take immediate action without prior notice where reasonably necessary to (a) address a security threat, an active abuse incident, or a threat to Kentro, other customers, Providers, carriers, or third parties; (b) comply with applicable law or a lawful order; (c) prevent or mitigate financial, operational, reputational, or safety harm; or (d) respond to conduct that Kentro reasonably believes is unlawful, fraudulent, or a severe violation of this AUP. Nothing in this AUP limits Kentro's rights under the Terms, and enforcement under this AUP does not waive any other right or remedy.
11. Reporting Abuse
To report suspected abuse of the Services, security vulnerabilities that do not require a coordinated disclosure channel, or violations of this AUP by any Tenant, User, or third party, please contact [email protected]. Kentro will review reports and take such action as Kentro considers appropriate, consistent with this AUP, the Terms, and applicable law. Kentro is not obligated to disclose the outcome of any investigation to the reporter, except as required by law.
For questions about this AUP, please contact [email protected]. For privacy matters, please contact [email protected].