LEGAL
Effective Date: May 2, 2026 · Last Updated: May 2, 2026
This Acceptable Use Policy (the "Policy") supplements and forms part of HubFlora's Terms of Service. This Policy defines the permitted and prohibited uses of the HubFlora platform, the sending performance requirements, the abuse reporting mechanisms, and the enforcement procedures. This Policy applies to all HubFlora Subscribers, users, partners, and resellers. Compliance with this Policy is a condition of using the HubFlora platform. We reserve the right to update this Policy from time to time. Material changes will be communicated by email or in-platform notification at least 14 days before they take effect. Continued use of HubFlora after the effective date of an update constitutes acceptance of the revised Policy.
This Policy applies to every activity originating from or conducted through your HubFlora account, including but not limited to all emails sent, pages hosted, forms published, WhatsApp/Meta messages dispatched, and data processed through the HubFlora platform. You are responsible for all actions taken under your account, including the actions of your employees, contractors, end users, and any third parties to whom you grant access. Account automation, AI generation, or other technical factors do not exempt you from responsibility for violations of this Policy. This Policy supplements HubFlora's Terms of Service, Paddle's Acceptable Use Policy (since Paddle is the Merchant of Record for your subscription), and any terms imposed by our email service provider (ESP). Where these documents conflict, the stricter standard applies.
You may not use HubFlora to create, transmit, or store content that falls within any of the following categories:
Any commercial, promotional, or informational message sent to a recipient who has not provided explicit, recorded consent to receive it. This includes: • Sending to purchased, rented, leased, or scraped lists without documented consent from the recipients themselves. • Harvesting email addresses from websites, social media, public directories, or any other source without recipient consent. • Sending multiple copies of identical or substantially similar messages to multiple recipients without a lawful basis. • Sending to recipients who have withdrawn consent or unsubscribed.
Sending messages that impersonate a person, brand, or institution with the intent to steal credentials, financial information, or personal data, or to deceive recipients into taking undesired actions. This includes landing pages designed to mimic other parties for fraudulent purposes.
Distributing viruses, ransomware, trojans, spyware, or any code designed to harm, gain unauthorised access to, or interfere with recipients' systems. This includes links or attachments leading to such content.
Any content that violates applicable law in the jurisdiction of the sender, the recipient, or HubFlora, including but not limited to child sexual abuse material (CSAM), incitement to violence, terrorism, trafficking, or unlawful goods or services.
Falsified or misleading From, Reply-To, or recipient header fields, or subject lines that misrepresent the message content. The sender name and address must accurately identify the actual sender, and the subject line must honestly reflect the substance of the message. This is a violation of CAN-SPAM (US) and the EU Privacy and Electronic Communications Regulations (PECR).
Content that infringes the copyright, trademark, trade secret, or other intellectual property rights of third parties. You are responsible for ensuring you hold the necessary rights to any content you send or publish through HubFlora.
Content that incites or promotes hatred against an individual or group based on race, ethnicity, national origin, religion, sex, gender identity, sexual orientation, disability, or any other legally protected characteristic. This includes content that harasses, threatens, or intimidates specific individuals.
Because of the documented impact of certain sectors on complaint rates and sender reputation, the following categories are prohibited or require prior written approval and documentation of licensing: **Categorically prohibited:** • Child sexual abuse material or any content exploiting minors. • Escort or prostitution services. • Pyramid, Ponzi, or fraudulent investment schemes. • "Get rich quick," "work from home and earn $X" schemes, and penny-stock promotion. • Unlicensed debt collection services. • Account takeover services, hacking, or trade in stolen data. • Firearms, ammunition, or explosives sold direct-to-consumer. **Requires prior approval and documentation of licensing:** • Gambling, betting, and lotteries — requires licensing in the recipient's jurisdiction. • Adult content and pornography — requires verified age consent and compliance with jurisdictional law. • Cryptocurrency and ICO promotion — requires disclosures and compliance with applicable securities regulation. • Financial services and payday lending — requires licensing. • Pharmaceuticals, supplements, and regulated health products — require licensing and compliance with health-authority regulation. • Cannabis and related products — permitted only where legal in both the sender's and the recipient's jurisdictions. • Tobacco and e-cigarettes — subject to applicable promotional restrictions. • Multi-level marketing (MLM) — requires a transparent business model and full disclosure of distributor earnings. If your business falls within a restricted category and you wish to request approval, contact legal@hubflora.com with licensing documentation and a description of the business model.
In addition to the prohibitions above, the following rules apply to all email sent through HubFlora:
You must have documented affirmative consent from each recipient before sending any commercial communication. Double opt-in (the recipient receives a confirmation email and confirms intent) is strongly preferred. Implied consent, pre-checked checkboxes, or default opt-ins do not satisfy this requirement.
You must maintain verifiable records of every consent, including: date and time, IP address or other verification method, the form or page through which consent was given, and the text of the consent that was agreed to. These records must be available to HubFlora on request during an abuse investigation.
Only lists built from direct opt-in by the recipients themselves are permitted. Purchased, rented, leased, or third-party-imported lists without direct recipient consent are prohibited, even if the third party claims to have obtained consent. Stale lists (more than 24 months since last engagement) require re-confirmation of consent before further sending.
Every commercial message must include a clear, working unsubscribe link. The unsubscribe link is included by default in every HubFlora email template. Unsubscribe requests must be honoured within 10 business days (CAN-SPAM); in practice HubFlora applies them immediately. Bulk senders (5,000+ messages/day to Gmail/Yahoo) must provide one-click unsubscribe via the List-Unsubscribe-Post header as required by Gmail and Yahoo's 2024 sender requirements.
You are responsible for maintaining clean lists: • Remove hard bounces immediately. HubFlora suppresses them automatically; you must not re-import them. • Remove repeated soft bounces after 3–5 attempts. • Remove unengaged recipients (no opens/clicks for 6–12 months) or run a re-confirmation campaign. • Do not reactivate stale lists without a documented re-consent process.
Every commercial message must include: • The actual sender's name (legal entity or trading name). • A valid physical postal address (CAN-SPAM, PECR). • Contact information for legitimate inquiries. P.O. Box-only addresses are not permitted except where expressly allowed by applicable law.
Subject lines must honestly reflect message content. The use of non-standard characters (Unicode tricks), hidden text, or deceptive subject lines (false "Re:," false "Fwd:," manufactured urgency, misleading financial enticements) is prohibited. From and Reply-To headers must be accurate and operational.
The following sending performance limits apply to every account. They mirror the limits enforced by our email service provider, Resend. **Complaint Rate** Must remain below 0.08% (one complaint per 1,250 delivered messages). Complaint rate = (complaints / delivered) × 100. **Hard Bounce Rate** Must remain below 4%. Hard bounce rate = (hard bounces / total sent) × 100. **Spam Trap Hits** Zero tolerance. Any message reaching a known spam trap is a strong indicator of poor list hygiene and may result in immediate suspension. **Blocklist Appearances** If your sending domain or IP appears on a major blocklist (Spamhaus, SpamCop, Barracuda, etc.), corrective action must be taken immediately. We may suspend sending until the listing is resolved. **Threshold Breach** If any of the performance limits above is exceeded, HubFlora may, at its sole discretion, apply any of the enforcement actions set out in Section 8, including suspension without prior notice. You are responsible for monitoring your sending performance through the HubFlora dashboard. These thresholds apply per account in aggregate, calculated as a 30-day rolling average. For new accounts (fewer than 1,000 sends), thresholds are applied leniently during the initial reputation-building period.
All HubFlora senders must authenticate their sending domains. This is not just a technical requirement — it is a contractual obligation. **SPF (Sender Policy Framework)** Required. Your domain's SPF record must include HubFlora/Resend's authorised records. SPF values are provided in HubFlora's domain setup. **DKIM (DomainKeys Identified Mail)** Required. HubFlora generates DKIM key pairs for each sending domain. The DKIM records provided must be published in your domain's DNS. **DMARC (Domain-based Message Authentication, Reporting & Conformance)** Required at minimum with `p=none` policy. `p=quarantine` or `p=reject` is strongly recommended once alignment is verified. Gmail and Yahoo's 2024 sender requirements mandate DMARC for bulk senders. **Alignment** SPF and/or DKIM alignment must validate for every message (RFC 7489). HubFlora handles the technical signing, but you are responsible for correct DNS configuration. **Authentication Failure** Unauthenticated domains may have sending restricted or refused. HubFlora will not accept sends from domains that do not meet minimum authentication requirements.
We maintain dedicated channels for receiving abuse reports, recipient complaints, and mail technical issues. These channels are open to everyone, including recipients who are not HubFlora Subscribers. **abuse@hubflora.com** For recipient reports of spam, abusive content, or any misuse of the HubFlora platform. Every report is reviewed and acted upon where warranted. **postmaster@hubflora.com** (RFC 2142) For mail technical issues: deliverability problems, mailbox-provider complaints, blocklist configurations, aggregate DMARC reports. **security@hubflora.com** For reporting security vulnerabilities in the HubFlora platform. **legal@hubflora.com** For legal claims, copyright/trademark claims (DMCA and equivalents), and law enforcement requests. **What reporters can expect:** • Initial acknowledgement within 72 hours of receipt. • Investigation of the allegation, including review of account logs, content, and sending patterns. • Action where warranted, ranging from warning to account termination per Section 8. • A final response describing the outcome at a general level (without disclosing details specific to third-party accounts). We cooperate with law enforcement, blocklist operators, mailbox providers, and affected attribution platforms as necessary to address abuse.
HubFlora applies a graduated enforcement process. However, severe violations bypass the graduation and result in immediate suspension or termination.
**Tier 1 — Warning** Notice of violation with a request to remediate within 48–72 hours. Example: minor bounce-rate uptick, sign-up form missing unsubscribe link, use of non-compliant marketing language. **Tier 2 — Restriction** Daily send caps, paused campaigns, mandatory list cleaning before full sending resumes. Example: bounce rate exceeding 4%, failure to respond to a Tier 1 warning. **Tier 3 — Suspension** Account access read-only; no new sends; data preserved for 30 days pending investigation. Example: complaint rate exceeding 0.08%, suspected sending to a purchased list, spam trap hit. **Tier 4 — Termination** Account permanently closed; data deleted per Privacy Policy retention. Active subscriptions cancelled via Paddle. Example: repeated violations after suspension, investigation failing to establish sending integrity.
The following violations bypass the tiers above and result in immediate suspension or termination without prior notice: • Phishing or malware distribution. • Child sexual abuse material (CSAM) or content exploiting minors. • Illegal content or unlawful goods or services. • Fraudulent activity including credit card fraud. • Attempted unauthorised access to HubFlora systems or other users. • Incitement to violence or terrorism. • Sending to purchased lists where evidence is clear. • Complaint rate exceeding 0.5% or bounce rate exceeding 10% (sender-reputation emergency).
Subscribers may appeal enforcement actions in writing to legal@hubflora.com within 14 days of the action. An appeal must include: • A description of the disputed action. • Supporting evidence (consent records, proof of list hygiene, list-source receipts, etc.). • A remediation plan if the violation is acknowledged. Appeals are reviewed within 14 days. The final decision rests within HubFlora's sole discretion.
Termination for violation of this Policy or the Terms of Service does not entitle the Subscriber to a refund of any unused prepaid subscription time. This is consistent with Paddle's accelerated terms, as Paddle is the Merchant of Record for all your subscriptions. Only termination by HubFlora "without cause" (such as feature deprecation or business decisions) results in a pro-rated refund via Paddle, as set out in Section 12.2 of the Terms of Service.
HubFlora may provide information to: • Law enforcement in response to valid legal requests. • Blocklist operators (Spamhaus, SpamCop, etc.) in the course of abuse mitigation. • Mailbox providers (Gmail, Yahoo, Microsoft, etc.) regarding sending complaints. • Affected third parties as necessary to terminate ongoing abuse. Disclosures are made in accordance with our Privacy Policy and applicable data protection regulation.