Home Legal Acceptable Use Policy

Acceptable Use Policy

Rules governing how you may and may not use the ConvoAI platform.

Last updated: May 5, 2026 ConvoAI by Serverlys
Terms of Service Privacy Policy Cookie Policy Acceptable Use DPA
Summary: Use ConvoAI only for legitimate business communications. Don't send spam, don't violate Meta's WhatsApp policies, don't use the platform for illegal or harmful purposes. Violations may result in immediate account termination.

1. Introduction

This Acceptable Use Policy ("AUP") applies to all users of ConvoAI, operated by Serverlys. It supplements our Terms of Service and Data Processing Agreement and defines specific rules for acceptable use of the platform.

ConvoAI provides AI-powered WhatsApp automation tools. Because our Service involves sending messages to real people via a regulated messaging platform, responsible use is critical — both to protect your business and to maintain the integrity and deliverability of the WhatsApp ecosystem.

By using ConvoAI, you agree to this AUP. We reserve the right to update this policy at any time with notice.

2. WhatsApp Business Policy Compliance

Your use of ConvoAI's messaging features must at all times comply with:

Key WhatsApp requirements you must follow:

  • Opt-in consent: You must have explicit, documented opt-in consent from recipients before sending any business-initiated (outbound) messages or marketing communications. The opt-in must clearly identify your business and the nature of messages the user will receive.
  • Honest identification: You must accurately identify your business in all communications. AI agents may use a persona name but must not claim to be human when a user sincerely asks.
  • Opt-out honoring: You must promptly honor any request to stop receiving messages, including keywords such as "STOP", "Unsubscribe", or equivalent in the user's language. Opted-out contacts must not receive further business-initiated messages.
  • 24-hour customer service window: Free-form replies to customer-initiated messages are only permitted within 24 hours of the customer's last message. Outside this window, you must use Meta-approved message templates.
  • Approved message templates: All outbound campaigns, reminders, and follow-up messages sent outside the 24-hour window must use templates that have been reviewed and approved by Meta before use. You are responsible for template compliance and approval.
  • Quality rating maintenance: Meta assigns a quality rating to WhatsApp Business Accounts based on block rates and negative feedback. You are responsible for maintaining an acceptable quality rating. Consistent low quality may result in ConvoAI limiting your messaging capabilities.
  • No unsolicited initiation: You must never initiate a conversation with a user who has not opted in or who has not previously messaged your business number.
  • Approved use cases only: WhatsApp Business messaging must be used only for legitimate business communications as defined by Meta's policies. See Section 3 for prohibited use cases.

Violations of Meta's policies may result in your WhatsApp Business Account being independently suspended or permanently banned by Meta, regardless of any action we take under this AUP.

3. Prohibited Messaging Practices

You must not use ConvoAI to:

  • Send spam — unsolicited bulk messages to users who have not opted in to receive communications from you
  • Send marketing messages without consent — any promotional or commercial message sent without a valid legal basis and documented opt-in
  • Harvest or purchase contact lists — using scraped, purchased, or rented phone number lists to initiate WhatsApp conversations
  • Send misleading messages — any communication that misrepresents your identity, the nature of your business, or the purpose of the message
  • Ignore opt-outs — continuing to message contacts who have requested to stop receiving communications
  • Circumvent WhatsApp rate limits — attempting to send messages at a volume that exceeds Meta's permitted sending rates or quality thresholds
  • Use fake or spoofed identities — impersonating another business, brand, individual, or government entity

4. Prohibited Content & Industries

You must not use ConvoAI to send, generate, or facilitate content that:

  • Is illegal under applicable law (including hate speech, threats, harassment, and defamation)
  • Promotes or facilitates violence, terrorism, or self-harm
  • Is sexually explicit or involves minors in any sexual context
  • Promotes discrimination based on race, ethnicity, religion, gender, sexual orientation, disability, or other protected characteristics
  • Infringes the copyright, trademark, or intellectual property rights of any third party
  • Constitutes phishing, social engineering, or fraud of any kind
  • Contains malware, viruses, or harmful code of any kind
  • Promotes pyramid schemes, multi-level marketing (MLM) without proper disclosure, or other deceptive business practices

4.1 Prohibited Industries (WhatsApp Commerce Policy)

You must not use ConvoAI in connection with any of the following product or service categories, as prohibited under Meta's WhatsApp Commerce Policy:

  • Illegal drugs and substances: Illicit drugs, drug paraphernalia, prescription medications dispensed without a valid pharmacy licence, or products making unauthorised medical claims
  • Tobacco and nicotine: Cigarettes, e-cigarettes, vaping devices, tobacco products, or related accessories and promotional materials
  • Gambling: Real-money online gambling, sports betting, poker, casino services, lotteries, or sweepstakes, unless you hold a valid gambling licence and have obtained express prior approval from Meta
  • Alcohol: The sale or direct marketing of alcohol where prohibited by local law or where the audience cannot be verified to be of legal age
  • Firearms and weapons: Firearms, ammunition, explosives, weapon parts, suppressors, or any device that converts a weapon to automatic fire
  • Adult and sexually explicit content: Pornography, escort services, adult dating platforms, or any sexually explicit material
  • Surveillance and tracking: Stalkerware, covert tracking devices, or services marketed for spying on individuals without their knowledge
  • Counterfeit and IP-infringing goods: Fake designer goods, pirated software, unlicensed replicas, or any product that misrepresents its origin or authenticity
  • Predatory financial services: Payday loans with deceptive terms, high-pressure debt collection, binary options trading, or unregistered investment schemes
  • Cryptocurrency (restricted): Initial coin offerings (ICOs), token sales, or cryptocurrency exchange promotion without applicable regulatory approval
  • Subscription traps: Services that rely on hidden recurring charges, negative option billing, or trial periods designed to enrol users in paid subscriptions without clear consent
  • Multi-level marketing: MLM schemes, network marketing structures, or pyramid schemes
  • Human exploitation: Any service that facilitates human trafficking, forced labour, sex trafficking, or exploitation of minors
  • Any other category prohibited by Meta's Commerce Policy as updated from time to time

This list reflects Meta's Commerce Policy restrictions as of the document's last updated date. You are responsible for monitoring the current version of Meta's Commerce Policy and complying with any updates. Serverlys reserves the right to suspend or terminate accounts operating in prohibited categories without notice or refund.

5. Data & Privacy Rules

When processing customer data through ConvoAI, you must:

  • Maintain a valid Privacy Policy for your customers that discloses WhatsApp-based data processing
  • Have a lawful basis for processing your customers' personal data under applicable law (GDPR, CCPA, etc.)
  • Promptly respond to data subject requests (deletion, access) from your customers
  • Not use the CRM features to aggregate personal data in ways that exceed your disclosed purposes
  • Not upload sensitive personal data (health records, financial details, government IDs) to ConvoAI without appropriate safeguards and legal authority
  • Safeguard your API credentials and account access to prevent unauthorized data access
  • Notify us promptly if you become aware of any unauthorized access to your account or breach of your customers' data

6. Technical Abuse

You must not:

  • Attempt to gain unauthorized access to any part of the ConvoAI Service, its databases, infrastructure, or other user accounts
  • Conduct penetration tests, vulnerability scans, or security assessments of ConvoAI systems without our prior written consent
  • Reverse engineer, decompile, disassemble, or attempt to extract source code from the Service
  • Interfere with or disrupt the Service's operation, including its servers, networks, and APIs
  • Attempt to bypass, circumvent, or disable any security features, rate limits, or access controls
  • Automate account creation or use the Service in a way that artificially inflates usage metrics
  • Use the Service in a way that could impair the performance or availability of the Service for other users
  • Resell, sublicense, or otherwise commercialize access to the Service without our express written permission
  • Attempt to extract or scrape our pricing data, customer lists, or other proprietary information

7. AI Usage Rules

ConvoAI uses Anthropic's Claude models to power AI responses. When using AI features, you must:

  • Not use AI to deceive: Do not configure your AI agent to deny being an AI when sincerely asked by a customer. Your agent may use a persona name but must not claim to be human when a user genuinely wants to know if they are talking to an AI.
  • Not use AI for manipulation: Do not configure your agent to use dark patterns, exploit cognitive biases, or manipulate users against their own interests
  • Maintain accuracy: Do not train your agent with knowingly false information or configure it to make claims you know to be untrue
  • Review AI outputs: You are responsible for the accuracy and appropriateness of AI-generated content sent to your customers. We recommend monitoring conversations, especially in early deployment
  • Provide a human escalation path: Where required by applicable law or regulation (including EU AI Act provisions where applicable), you must ensure customers can reach a human agent
  • Not use AI for prohibited purposes: Do not configure AI agents to generate content that violates Section 4 of this policy

8. API & Webhook Integration Rules

If you use ConvoAI's API keys or webhook features:

  • Keep your API keys confidential — do not expose them in client-side code, public repositories, or shared documents
  • Rotate your API keys immediately if you believe they have been compromised
  • Use webhooks only to receive data for legitimate business processing — do not forward ConvoAI webhook data to unauthorized third parties
  • Do not use the API to automate actions that would violate this AUP if performed manually
  • Implement proper rate limiting on your webhook endpoints to avoid performance issues

9. Enforcement

We investigate reports of AUP violations and may take the following actions, at our sole discretion and without prior notice in urgent cases:

  • Warning: A formal notice for minor or first-time violations with a deadline to remedy
  • Suspension: Temporary suspension of messaging capabilities or full account access
  • Termination: Permanent termination of your account for serious, repeated, or willful violations
  • Legal referral: For violations involving illegal activity, we may refer the matter to relevant law enforcement authorities and cooperate with any investigation
  • Reporting to Meta: Violations of WhatsApp's policies may be reported to Meta, which may result in independent action against your WhatsApp Business Account

We do not issue refunds for accounts terminated due to AUP violations.

10. Reporting Abuse

If you become aware of any ConvoAI user violating this policy — including sending spam through the platform or using it for illegal purposes — please report it to us at hello@serverlys.com. Please include:

  • A description of the violation
  • Any evidence you have (screenshots, message content, phone numbers)
  • The approximate date and time of the incident

We take all abuse reports seriously and will investigate promptly. Your identity will be kept confidential where legally permitted.

11. Contact

For questions about this policy or to report a violation: