Lots of websites and apps allow users to interact with one another, creating a unique community. But, sometimes, people misbehave, even online.
If that happens on your website or app, do you have protocols in place to respond and prevent liabilities from falling onto your business? If not, you can use an acceptable use policy to provide your users with all rules they must agree to — and any consequences that might result from breaking those rules — when using your services.
Below, we cover what an acceptable use policy is, how it intersects with your terms and conditions agreement, and why your website should have both.
Then you can download our free acceptable use policy template, so you can make your own.
An acceptable use policy is a document that service owners use to outline all rules pertaining to service users.
If someone breaks those rules, the AUP also outlines the consequences and any actions the service might take in response. When users agree to the acceptable use policy, it becomes a legal agreement between the service owner and the user.
You might’ve heard that acceptable use policies are meant for network owners, like colleges or universities setting guidelines for students accessing the WiFi, or employers outlining rules about network use for employees.
While those organizations definitely need acceptable use policies, we made our AUP template specifically for website and app owners.
Websites or apps that allow users to do any of the following should have a comprehensive acceptable use policy to take liabilities off of the business and put them back on the perpetrator.
Because our AUP clarifies that it’s part of your terms and conditions — even if you don’t use Termly’s Terms and Conditions template — your users consent to the document when they click to agree to your terms and conditions.
Yup, it’s that easy.
You might notice that the acceptable use policy definition seems pretty similar to the definition of terms and conditions agreements — aka terms of use or terms of service, and you’re not wrong.
Both are rules and consequences that apply to people using a website, app, or other online services.
But AUPs are less broad and only outline your expectations of customers using your website, app, or service and the consequences for failing to follow those guidelines.
On the other hand, terms and conditions agreements outline all rules users are expected to follow when using a website or app and include clauses about:
Separating the rules and guidelines you expect your users to follow into an easily linkable document is more convenient for you and your consumers. You can post links to your AUP on forum pages, new user logins, or any relevant landing pages.
If a member of your community acts out, misbehaves, or even breaks the law, you can reference your AUP and react accordingly, potentially removing liabilities from your business and placing them back onto the individual.
Our free AUP template clarifies that it’s part of your terms and conditions directly in the intro.
You need an acceptable use policy to minimize your liabilities if your services allow users to interact with one another, post content, sell goods, or upload data of any kind.
However, you don’t need an AUP if your website is simple, like, for example, a portfolio of your work, or doesn’t have features like comment sections, reviews, or user profiles.
An acceptable use policy helps minimize your risks if you own a website, ecommerce business, network, desktop app, or mobile app that allows users to:
Our sample acceptable use policy template makes it easy for business owners like you to protect your website or app from reckless users.
And unlike other legal documents, AUPs are typically relatively short and only take a few minutes to customize, we promise.
While you’ll need to customize the clauses in your acceptable use policy to fit your specific business needs, below we cover the most common conditions typically included in AUPs.
At the top of your acceptable use policy, you should include a clause introducing your company with information about where your business is registered, the official name of your company, and the products or services you offer that fall under your AUP.
Here, you can also state that your acceptable use policy is not a stand-alone document but part of your terms and conditions, like Paypal did in the highlighted text below, ensuring you get consent and acknowledgment from users.
You should include a clause in your AUP listing all prohibited activities users cannot do while using your website or app.
In this section, you can ban things like:
Look at this acceptable use policy example from Google Cloud, which clearly lists all restrictions in a simple bullet list.
If your business hosts a community or offers a forum for users, you should include a clause with provisions that the members are expected to follow, including prohibited activities.
It’s okay to relist behaviors or actions you banned in other clauses as necessary.
The Starbucks acceptable use policy, pictured below, is actually a clause within their terms of service agreement. Read the highlighted text for an example of how they placed liability for shared user content back onto the individual, taking it off of themselves.
If users can contribute data, information, messages, videos, tags, or other materials on your website or within your mobile app, outline the necessary stipulations in a separate contributions clause, including that you’re not responsible if users break the law. This helps prevent legal responsibilities from falling onto your business if a user commits an offense.
Below, see how the AT&T acceptable use policy explains that all user contributions are the sole responsibility of the individual, and not the responsibility of AT&T itself.
For websites and apps that feature user reviews or ratings, add a clause outlining the guidelines around what they can and cannot post.
For example, you can set rules to prevent competitors from purposefully posting negative comments or reviews on your website unjustly.
Social media platform TikTok’s acceptable use policy clearly addresses and bans the use of fake accounts or posting fake reviews, as seen in the highlighted text below.
If a breach does occur, have a response protocol outlined in a clause, so users know exactly how to report it. You can also point to this clause if users actively ignore policy breach reporting, removing some liabilities from your business.
Be sure to include updated contact information so your corrections and disciplinary processes go as smoothly as possible.
Below, see how policy breaches are reported to the SMS messaging software company, Twilio, based on their AUP.
Twilio’s acceptable use policy is short and succinct, and includes every detail their customers might need regarding rules of use.
Similar to the previous clause, it’s important to outline what the consequences are if someone does break the rules outlined in your AUP.
Here is where you mention if the user gets removed, banned from using the services, or other disciplinary actions.
Check how the Salesforce acceptable use policy handles violations in the screengrab below.
The Salesforce MSA is their main services agreement, which contains a clause referencing the AUP with more details about what happens if a user violates their acceptable uses, as pictured below.
Sometimes, something gets reported and removed from a website accidentally, even when it follows all guidelines and rules.
It’s essential to have a process for this scenario outlined in your acceptable use policy so your business can respond and react quickly to consumer complaints. It gives you something you can point to if such an indiscretion occurs.
Below, see how Xfinity Internet’s acceptable use policy outlines the process for wrongful policy breach reporting.
Xfinity linked to the above frequently asked question style page that answered the question about wrongful policy breach reporting directly in the bodycontent of their AUP.
If you take a page out of their book and use a Q&A format in your AUP, remember to limit your wordiness so consumers can easily read through it.
Including a disclaimer clause in your AUP helps reduce a lot of liabilities from your business. Be sure to list all appropriate disclaimers clarifying if your company is under no obligation to monitor users’ activities, if you’re not responsible for user content, or if your company will report illegal activity to the police.
Like the previous clause, you can point to this section of your AUP as a response, simplifying what might otherwise be a messy process.
Starbucks, for example, lists many different disclaimers in their AUP, including this one addressing their liabilities in the screenshot below.
We offer a free downloadable disclaimer template, if you need one for your website or app.
At the end of the policy, put your company contact information, including an active email address or phone number. You want users to be able to contact your business efficiently and quickly about your acceptable use policy whenever needed.
Starbucks is our example once again, as they do a good job listing their updated contact information at the end of their AUP, as shown below.
Now that you know what an acceptable use policy is, it’s time to consider the benefits of including one on your website or app.
There are a few common places where you should consider posting a link to your acceptable use policy. No matter what, link it within your terms and conditions agreement to ensure you get proper user consent.
Below, we cover the other places an AUP should appear on your website or app.
Most companies post links to all legal documents, including acceptable use policies, in the website footer so users can always access the documents, no matter what page of the website they end up on.
You should post your acceptable use policy wherever it’s most relevant for your users to see the rules they’re expected to follow, like on new user account pages.
By giving people the policy before they create a profile, you’re setting their expectations and showing them that you keep your online community safe from toxic users.
You should also provide a link to your AUP before someone uploads data, shares a public post, or comments on your forums.
Posting a link to your AUP in these spots can help remind your users of the rules they must follow when they share content with the community you foster.
A privacy center is a central hub that houses all legal agreements, privacy compliance documents, and any other resources you need to share with your users.
Creating a privacy center on your website or app is a great way for you to organize your legal agreements, including your acceptable use policy, and remain compliant with any data privacy laws your business falls under, like the GDPR or CCPA.
Don’t have one on your website? Check out our privacy centers guide for tips on making your very own.
Remember, it’s a business best practice to post legal agreements like your AUP in multiple locations so your users can always find them.
You need user consent for your acceptable use policy to act as a legally binding contract.
Below, we cover the different methods you might consider using to guarantee your users agree to your AUP.
One of the best ways to get users to agree to your acceptable use policy is to clearly state that the AUP is not a stand-alone document but is actually part of your terms and conditions.
By doing so, you only need to get their consent a single time for it to apply to both policies.
You can also consider using what is known as the clickwrap method for consent, which requires users to select a box confirming they’ve read and agree to your terms and conditions, including the entirety of your acceptable use policy.
Clickwrap consent can also be requested by using a pop-up banner with a checkbox requesting acceptance of your terms and conditions and AUP guidelines whenever new users enter your website.
But it could also appear when a user goes to
See the screenshot below for an example of how American Eagle uses the clickwrap method when a user creates a new profile on their website.
Because acceptable use policies are technically part of your terms of use — or terms and conditions agreement — this checkbox accounts for user consent to the AUP.
Another common way to get users to agree to legal documents like your AUP is through something called implied consent, or browsewrap.
Implied consent is not actively given by the user, but instead is inferred based on actions the person takes, usually it’s general use of a company’s website, app, or other services.
For example, look at the HubSpot acceptable use policy below, which states in the highlighted text that users agree to their AUP and ten other legal terms by using any of their services.
We like how HubSpot provided links to each of the additional terms, and recommend following this technique if you choose to use implied consent for your AUP and Terms and Conditions.
That being said, implied consent methods only sometimes hold up in court due to how inconspicuous they are. You can’t really prove that a user knew their actions on your website or app meant they agreed to your legal policies, so this is sometimes considered an outdated approach.
For example, under data privacy laws like the General Data Privacy Regulation (GDPR) or the California Consumer Privacy Act (CCPA), implied consent does not work for privacy policies or cookie banners, which require active user consent.
Make sure you understand the difference between a privacy policy and terms and conditions, so you’re not found in violation under any data privacy laws that might apply to your website or app.
You should not copy another company’s acceptable use policy or any other legal document, as that is plagiarism, and legal documents are copyrighted.
However, looking at examples of acceptable use policies from other businesses can help you get ideas when creating your own.
We’ve mentioned the importance of linking your AUP in multiple locations so your users can easily find it. A great example of an easy-to-find acceptable use policy is Paypal, pictured below.
Paypal’s acceptable use policy appears in the website’s legal section with all other relevant user agreements, making it easy for users to find, read, and know what’s expected of them.
Next, we’ll look at how Amazon Web Services, a company large enough to require an independent AUP, ensures they get consent from users.
In the highlighted text below, read how AWS defines user consent to the policy in the introduction.
As you can see, the AWS acceptable use policy does not state that it’s part of the terms and conditions but does state that accessing the site is a form of agreeing to the most recent version of their AUP.
Now, we’ll go over an AUP sample that’s written in a way that’s easy for users to understand.
Below, look at the phrasing in the US Army’s acceptable use policy, which clearly states why these guidelines are necessary for the organization’s protection.
The acceptable use policy for the Army is very simple to read and understand, making it digestible for any users agreeing to it.
It’s important to make your acceptable use policy easy to find and read, this way, you can maintain the user’s knowledge about the policy if something ever goes wrong on your website or app.
These are some of the most frequently asked questions we get about acceptable use policies.
You don’t need to have an acceptable use policy, but if you own a website or application that provides online features for users, it’s in your best interest to have one.
You can start with our sample acceptable use policy template and customize it for your website or app in minutes.
Acceptable use policies are not required by law, but with user consent, they are legally binding agreements between your business and your users.
An AUP may protect your business from being held responsible if any of your users cause harm, act in a destructive way, or break the law.
The most common clauses in acceptable use policies are:
When creating your AUP, choose the clauses relevant to how your users use your website or app.
Display your AUP within your terms of use agreement and in multiple locations across your website or application so users can always find it if they have questions about the rules.
Common spots to link an AUP include:
Your acceptable use policy is enforceable if you include the proper clauses and get user consent or acknowledged acceptance. It should also be easy to read and understand.
By making it part of your terms and conditions agreement, you only need to ask users to agree and acknowledge the policy a single time.
Yes, you need an AUP for a network, especially if users have access. Otherwise, your business is liable for their behaviors and choices.
Yes, many applications need acceptable use policies, especially if the users create profiles, leave comments, or have other access. Your business could be held liable for your users’ behaviors and choices unless your acceptable use policy states otherwise.
Yes, you should make an AUP for your website if you allow any type of user creation or contributions.
But if your website is something simple, like a portfolio of your work, and does not provide access to any users, an AUP may be unnecessary.
Yes, you need both terms of use and an acceptable use policy, but your AUP should be linked to your terms of use. Terms of use is an alternative name for terms and conditions agreements.
You can download our free acceptable use policy template below in Word Doc, PDF, or Google Doc format. You can also just copy & paste the HTML directly to your website.
Before using it, read through the entire acceptable use policy template – fill in all of the [brackets], remove any sections that do not apply to your app, and tweak any language as needed.
Last updated [Date]
Acceptable Use Policy (“Policy”) is part of our Terms and Conditions (“Legal Terms”) and should therefore be read alongside our main Legal Terms: [Legal Terms URL]. If you do not agree with these Legal Terms, please refrain from using our Services. Your continued use of our Services implies acceptance of these Legal Terms.
Please carefully review this Policy which applies to any and all:
(a) uses of our Services (as defined in “Legal Terms”)
(b) forms, materials, consent tools, comments, post, and all other content available on the Services (“Content”) and
(c) material which
You can copy our acceptable use policy template HTML code or download it using the options below.
Template HTML Copy HTML Code Copied!
Last updated [Date]
Acceptable Use Policy (“Policy”) is part of our Terms and Conditions (“Legal Terms”) and should therefore be read alongside our main Legal Terms: [Legal Terms URL]. If you do not agree with these Legal Terms, please refrain from using our Services. Your continued use of our Services implies acceptance of these Legal Terms.
Please carefully review this Policy which applies to any and all:
(a) uses of our Services (as defined in “Legal Terms”)
(b) forms, materials, consent tools, comments, post, and all other content available on the Services (“Content”) and
(c) material which you contribute to the Services including any upload, post, review, disclosure, ratings, comments, chat etc. in any forum, chatrooms, reviews, and to any interactive services associated with it (“Contribution“).
This Acceptable Use Policy was created by Termly’s Acceptable Use Policy Generator.
WHO WE ARE
We are [Company Name], doing business as [Company Short Name] (“Company,” “we,” “us,” or “our”), a company registered in [Registered Country] at [Registered Address]. We operate the website [Website URL] (the “Site”), the mobile application [Mobile App Name] (the “App”), as well as any other related products and services that refer or link to this Policy (collectively, the “Services”).
USE OF THE SERVICES
When you use the Services you warrant that you will comply with this Policy and with all applicable laws.
You also acknowledge that you may not:
COMMUNITY/FORUM GUIDELINES
[Community Guidelines URL / Add Own Details]
CONTRIBUTIONS
In this Policy, the term “Contribution” means:
Some areas of the Services may allow users to upload, transmit, or post Contributions. We may but are under no obligation to review or moderate the Contributions made on the Services, and we expressly exclude our liability for any loss or damage resulting from any of our users’ breach of this Policy. Please report any Contribution that you believe breaches this Policy; however, we will determine, in our sole discretion, whether a Contribution is indeed in breach of this Policy.
You warrant that:
You also agree that you will not post, transmit, or upload any (or any part of a) Contribution that:
REVIEWS AND RATINGS
When your Contribution is a review or rating you also agree that:
REPORTING A BREACH OF THIS POLICY
We may but are under no obligation to review or moderate the Contributions made on the Services and we expressly exclude our liability for any loss or damage resulting from any of our users’ breach of this Policy.
If you consider that any Content or Contribution:
We will reasonably determine whether a Content or Contribution breaches this Policy.
CONSEQUENCES OF BREACHING OF THIS POLICY
The consequences for violating our Policy will vary depending on the severity of the breach and the user’s history on the Services, by way of example:
We may, in some cases, give you a warning [and/or remove the infringing Contribution], however, if your breach is serious or if you continue to breach our Legal Terms and this Policy, we have the right to suspend or terminate your access to and use of our Services and, if applicable, disable your account. We may also notify law enforcement or issue legal proceedings against you when we believe that there is a genuine risk to an individual or a threat to public safety.
We exclude our liability for all action we may take in response to any of your breaches of this Policy.
COMPLAINTS AND REMOVAL OF LEGITIMATE CONTENT
If you consider that some Content or Contribution have been mistakenly removed or blocked from the Services, please refer to the contact details at the bottom of this document and we will promptly review our decision to remove such Content or Contribution. The Content or Contribution may stay “down” whilst we conduct the review process.
[For more information, visit [Process for Monitoring and Blocking URL]. / Other]
DISCLAIMER
[Company Name] is under no obligation to monitor users’ activities, and we disclaim any responsibility for any user’s misuse of the Services. [Company Name] has no responsibility for any user or other Content or Contribution created, maintained, stored, transmitted, or accessible on or through the Services, and is not obligated to monitor or exercise any editorial control over such material. If [Company Name] becomes aware that any such Content or Contribution violates this Policy, [Company Name] may, in addition to removing such Content or Contribution and blocking your account, report such breach to the police or appropriate regulatory authority. Unless otherwise stated in this Policy, [Company Name] disclaims any obligation to any person who has not entered into an agreement with [Company Name] for the use of the Services.
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have any further questions or comments or wish to report any problematic Content or Contribution, you may contact us by:
An acceptable use policy is a useful extension of your terms and conditions agreement and can prevent your business from being held responsible for the decisions, choices, and even illegal actions taken by users on your website or app.
To ensure you get the proper consent to protect your business, clearly state that your AUP is part of your terms and conditions agreement, utilize clickwrap consent methods, and post an easy-to-read policy in multiple locations.
Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author