Acceptable Use Policy
Effective 30 June 2026
·Version 1
⚠️ DRAFT v0.1 — pending legal review. This document has not yet been reviewed by counsel and may change before formal publication. By using InstaTable, you agree to the terms as published at the time of your access.
Acceptable Use Policy
This Acceptable Use Policy (the "AUP") applies to everyone who uses the InstaTable platform — restaurant operators, their staff, and any other person who accesses the Services. It supplements our Terms of Service and forms part of the agreement between you and us.
We keep this AUP intentionally short and direct. You are responsible for everything that happens on your account. If you are unsure whether something is allowed, ask us at abuse@instatable.net before doing it.
1. What you may not do
You must not use the Services to:
1.1 Send spam or unlawful marketing
- Send marketing emails, SMS or WhatsApp messages without valid consent from each recipient in accordance with:
- the NZ Unsolicited Electronic Messages Act 2007 (UEMA);
- Canada's Anti-Spam Legislation (CASL);
- the EU/UK GDPR and PECR where it applies to a recipient; and
- any other applicable anti-spam law.
- Send messages that hide or misrepresent the sender, omit a working unsubscribe mechanism, or fail to identify your business clearly.
- Continue messaging a recipient after they unsubscribe or send a STOP keyword.
- Buy, rent, scrape or upload marketing lists that you cannot demonstrate were collected with proper consent.
- Use the Services to send phishing, fraudulent or deceptive messages.
1.2 Send harmful, illegal or harassing content
- Anything illegal in the recipient's or sender's country.
- Harassing, threatening, defamatory, hateful, discriminatory or violent content.
- Content that exploits or endangers minors.
- Pornographic, sexually explicit, or other adult content.
- Content promoting self-harm, terrorism, or unlawful weapons.
- Content that infringes intellectual-property rights or misappropriates trade secrets.
1.3 Misrepresent your business or identity
- Falsely claim to operate a restaurant that you do not.
- Use the Services to impersonate any person, business or government body.
- Use a name, brand or trade mark you are not authorised to use.
1.4 Compromise the platform or other users
- Attempt to gain unauthorised access to any account, server, or data, including by exploiting vulnerabilities, brute-forcing credentials, or session-hijacking.
- Probe, scan, or test the vulnerability of the Platform without our prior written permission.
- Interfere with or disrupt the Services or any network, including by denial-of-service attacks, flooding, or sending malformed requests.
- Introduce or distribute viruses, worms, trojans, ransomware, or any other malicious code.
- Submit content that is reasonably likely to harm the device of any recipient.
1.5 Misuse data
- Access, collect, store or use data of any Guest or other Tenant beyond what is necessary for your legitimate restaurant operations.
- Re-identify any data we have de-identified.
- Combine Guest data with data from other sources in a way that the Guest did not reasonably expect, including for profiling or targeted advertising unrelated to your restaurant relationship.
- Sell, rent, share or otherwise disclose Guest data to any third party, except (a) to your own service providers under appropriate written terms, (b) to the Guest themselves, or (c) where required by law.
1.6 Scrape, reverse-engineer, or build a competing product
- Use any automated system (bot, crawler, scraper, harvester) to access the Services other than via approved APIs and within published rate limits.
- Reverse-engineer, decompile or disassemble any part of the Platform, except to the limited extent any such restriction is prohibited by applicable law.
- Use the Services or our data to build a product or feature that competes with InstaTable.
1.7 Impair platform performance
- Generate excessive traffic, storage or compute load designed to degrade performance.
- Use the Services to mine cryptocurrency or perform unrelated heavy computation.
- Circumvent any plan limits, throttles or quotas we apply.
2. Special rules for marketing channels
Because email, SMS and WhatsApp are heavily regulated, the following rules apply in addition to the rest of this AUP:
- Consent timestamps. Use only consent records captured through the Services, or import consent records you can fully evidence (date, time, IP, consent text, recipient identifier). We may ask you to demonstrate consent at any time.
- Sender identification. Every marketing email must clearly identify your restaurant in the "From" name and include a postal contact in the footer.
- Unsubscribe. Every marketing email must include a working one-click unsubscribe link. Every SMS marketing message must respect STOP, UNSUBSCRIBE, CANCEL, END, QUIT and OPT-OUT keywords.
- WhatsApp. When messaging via WhatsApp Business, you must use approved templates for outbound marketing and respect the 24-hour customer-service window for free-form messages.
- Suppression. You must not bypass or attempt to bypass the suppression list. Adding a contact who has previously unsubscribed, complained, or hard-bounced is a serious breach of this AUP.
3. Reporting violations
If you believe someone is violating this AUP — whether spam, harassment, fraud, security abuse, or anything else — please report it to abuse@instatable.net with:
- the URL, email, phone number or other identifier of the alleged violator;
- the date, time and (if relevant) message content;
- any evidence you can share (screenshots, headers, etc.).
We treat reports confidentially to the extent possible. We will investigate every credible report.
4. Consequences of breach
We may take any of the following actions for breach of this AUP, in our reasonable discretion:
- issue a warning and request a corrective action plan;
- disable specific features (e.g. marketing sends, gift-card sales) pending investigation;
- suspend your account, with or without notice;
- terminate the agreement and delete your data in accordance with the Terms of Service;
- report the matter to law-enforcement, regulators (e.g. NZ Department of Internal Affairs, CRTC in Canada) or affected third parties;
- pursue any other legal remedy available to us, including damages and indemnification.
Where reasonably practicable and not likely to make things worse, we will give you notice and an opportunity to cure before suspending or terminating. We may act immediately to protect the Platform, other Tenants, Guests, or any third party.
5. No waiver
Our failure to enforce this AUP in any particular instance is not a waiver of our right to enforce it later.
6. Changes
We may update this AUP from time to time. The current version always lives at /legal/acceptable-use. We will give Tenants reasonable notice of material changes.
7. Contact
- Abuse reports: abuse@instatable.net
- Legal questions: legal@instatable.net
- Privacy questions: privacy@instatable.net
Questions about this document?
privacy@instatable.netSee also: Privacy · Terms · Cookies · Acceptable Use