Abuse Policy

Version 1: 03 Jul 2025

1. Purpose & Scope

This policy outlines the standards, processes, and enforcement actions that apply to every customer activity - email, SMS, push, web tracking, API usage, and any other channel - processed through the RedTrack platform.
Our goal is to protect end‑users, our infrastructure, and our customers’ reputations while maintaining full compliance with global legislation and industry standards.

2. Definition of an Abuse

Abuse includes, but is not limited to:

Phishing, social engineering, or fraudulent content intended to deceive end‑users.
Spam or unsolicited bulk messaging (email, SMS, push, social).
Malware, harmful redirects.
Fake or illegal services , advance‑fee scams, pyramid schemes, or counterfeit goods.
Privacy or data‑protection violations (e.g., GDPR, CPRA, CASL, PDPA, PECR, EU Digital Services Act, and upcoming EU Data Act 2025).
Regulatory non‑compliance (e.g., missing legal footers, opt‑out mechanisms, sender identification).
Any activity flagged by hosting providers, mailbox providers (MBPs), network partners, or legal authorities.

2. Zero‑Tolerance Commitment

We operate on a zero‑tolerance basis: verified abuse triggers immediate mitigation steps without negotiation. All clients accept this when using our services.

4. Campaign Removal & Account Actions

Trigger	Action	Timeline
Provider‑mandated takedown (e.g., AWS Abuse Desk)	Immediate deactivation & permanent removal of the campaign.	Instant
Verified abuse notice allowing remediation	24‑hour window for the customer to deactivate & remediate. Our team performs forced removal if not completed.	24 h
Repeat violations / egregious abuse	Account suspension, domain blocking, and optional data hand‑off to authorities.	Permanent

Appeal Process

If you believe a campaign was flagged in error, you may appeal after removal by submitting evidence (e.g., opt‑in logs, authentication records). Appeals can be addressed to the complaint owner (hosting provider, regulatory body, partner, or threat detection system).
However, the campaign must still be taken down first.

5. Internal Enforcement Workflow

1. Detection by automated scanners, FBLs, abuse desks, or user reports.

2. Triage: Security & Compliance team validates signal (<2 h SLA).

3. Action: Campaign paused or removed.

4. Notification to client with evidence & remediation steps.

5. Post-mortem Root‑cause analysis and policy update if needed.

6. Policy Maintenance

This document is reviewed at least annually or whenever relevant laws/standards change. Customers will receive a minimum 30‑day notice of material changes.

Need help? Reach out to support@redtrack.io. for guidance before launching high‑risk campaigns.