LEGAL · OFIFLOW

Acceptable Use Policy

EFFECTIVE MAY 1, 2026v2026.05.01-1

Acceptable Use Policy

Effective: May 1, 2026 · Version: 2026.05.01-1

This Acceptable Use Policy ("AUP") describes prohibited uses of the OfiFlow vertical-software platform and related services (the "Services"). The AUP is incorporated by reference into the OfiFlow Master Services Agreement and Terms of Service.

If you have questions or need to report abuse, email abuse@ofiflow.com.

1. Who this applies to

This AUP applies to:

  • Customers that subscribe to the Services
  • Authorized Users of Customer accounts (dispatchers, managers, finance, executives, administrators)
  • Drivers who interact with the Services via WhatsApp, SMS, or other supported channels
  • Anyone else who accesses the Services

Customers are responsible for ensuring their Authorized Users and any drivers they invite to the Services comply with this AUP.

2. Prohibited content

You may not upload, transmit, store, or generate content via the Services that:

  1. Is unlawful, fraudulent, defamatory, threatening, harassing, or invasive of another's privacy
  2. Violates any third party's intellectual property rights (copyright, trademark, patent, trade secret)
  3. Contains malware, viruses, worms, trojans, spyware, or other malicious code
  4. Includes payment card data (PCI scope is not supported by the Services; route card data through Stripe directly)
  5. Includes protected health information ("PHI") under HIPAA (the Services do not have a Business Associate Agreement and are not designed for PHI)
  6. Includes children's personal information regulated by COPPA
  7. Includes data you do not have legal authority to process (e.g., personal data of individuals who have not consented to your processing where consent is required by law)

3. Prohibited uses

You may not use the Services to:

  1. Violate any applicable law or regulation, including FMCSA / DOT regulations (Hours-of-Service, drug-and-alcohol programs, driver qualifications, licensing), CCPA, TCPA (telemarketing), CAN-SPAM, or international data protection laws
  2. Engage in fraud or deception, including falsifying ELD records, falsifying load documents, or manipulating dispatch data to misrepresent driver compliance
  3. Send unsolicited bulk communications (spam) via SMS, WhatsApp, or email channels integrated with the Services
  4. Send communications that violate TCPA / 10DLC opt-in requirements (e.g., messaging drivers without proper opt-in audit trail per the 10DLC and WhatsApp opt-in flows defined by OfiFlow)
  5. Resell, sublicense, lease, time-share, or otherwise transfer access to the Services to a third party
  6. Impersonate any person or entity, or misrepresent your affiliation with a person or entity
  7. Attempt to gain unauthorized access to the Services, other Customers' tenants, OfiFlow's infrastructure, or any related system
  8. Probe, scan, or test the vulnerability of the Services or attempt to bypass any security or authentication mechanism
  9. Reverse-engineer, decompile, or disassemble the Services
  10. Use the Services to develop a competing product or for benchmarking against a competing product
  11. Use the Services to harass, abuse, or stalk any person, including drivers
  12. Send communications to drivers outside the scope of operational dispatch and compliance (e.g., do not use the SMS / WhatsApp channels for personal messages, marketing to drivers, or political messaging)
  13. Aggregate or scrape data from the Services beyond what is needed for your internal business purposes
  14. Store credentials in violation of standard security practices (e.g., do not share account credentials, do not write API keys in unencrypted documents)

4. Driver-protective rules (specific to this Services context)

Because the Services include driver-facing communication channels (WhatsApp, SMS) and driver compliance data:

  1. You will only use OfiFlow's communication channels to send drivers operational messages related to their work assignments and compliance
  2. You will honor driver opt-out requests (STOP / UNSUBSCRIBE / CANCEL) immediately as transmitted by the platform
  3. You will not use OfiFlow's compliance features to retaliate against drivers for legitimate exercise of FMCSA-protected rights (e.g., refusing to drive in violation of HOS, reporting safety concerns)
  4. You will not use OfiFlow data to discriminate against drivers in violation of federal or state employment laws
  5. If a driver disputes their compliance record stored in the Services, you will provide reasonable means for the driver to view and contest the record

5. Rate limits and resource use

You will not:

  • Exceed published API rate limits
  • Generate excessive load on the Services that materially degrades performance for other Customers
  • Use the Services in a manner that would consume resources disproportionate to your subscription tier (fair-use limits described in the Documentation)

If you anticipate unusually high usage (e.g., bulk historical data import beyond your tier's free quota), contact OfiFlow for accommodation.

6. AI features

When you use OfiFlow's AI features (LLM-powered classification, OCR, agent recommendations):

  1. You acknowledge AI outputs are advisory and may contain errors; you remain responsible for verifying outputs and final decisions
  2. You will not rely on AI outputs as a substitute for legal, accounting, regulatory, or compliance advice
  3. You will not deliberately submit prompts designed to extract OfiFlow's proprietary methodology, model weights, or training data
  4. You will not use AI features to generate content that violates §2 (Prohibited content) above

7. Reporting abuse

If you become aware of any violation of this AUP, including by your own Authorized Users or drivers, contact abuse@ofiflow.com.

If you are a third party who believes the Services are being misused (e.g., a driver who believes their employer is using the Services to violate their rights), contact abuse@ofiflow.com. We will investigate and may, at our discretion, intervene with the Customer.

8. Enforcement

OfiFlow may, in response to a violation of this AUP:

  1. Notify the Customer and request that the Customer cure the violation
  2. Suspend the Authorized User account responsible for the violation
  3. Suspend the Customer's tenant access to the Services
  4. Terminate the Customer's Subscription Term per the Master Services Agreement
  5. Cooperate with legitimate law enforcement requests regarding suspected illegal activity

We will use reasonable judgment in proportion to the severity of the violation. Material violations (e.g., active fraud, unauthorized access attempts, illegal content) may result in immediate suspension without prior notice.

9. Changes

We may update this AUP from time to time. The "Effective" date and "Version" at the top reflect the most recent update.

10. Related documents

  • Master Services Agreement — executed between Customer and OfiFlow (signed copy in your account)
  • Terms of Service — /terms
  • Privacy Policy — /privacy
  • Data Processing Addendum — /dpa