1) Prohibited Content & Conduct

You may not use the Services to:

• Security abuse: malware, phishing, pharming, credential stuffing, brute forcing, account takeover, botnets, DDoS, open redirect chains for exploitation.
• Illegal content/activities: CSAM, human trafficking or exploitation; unlawful drugs; illegal weapons; terrorism; incitement to violence.
• IP & privacy violations: copyright/patent/trademark infringement, trade secret misappropriation, doxxing, non-consensual intimate imagery, illegal surveillance or scraping.
• Fraud & deception: impersonation, fake stores, advance-fee fraud, multi-level scams, click fraud, evasion of platform bans/filters, cloaking.
• Hate & harassment: content that targets a protected class with violence or severe dehumanization; coordinated harassment or threats.
• Gambling & regulated goods: where unlawful or without required licenses.
• Spam & unsolicited communications: bulk or aggressive commercial messages without valid consent and compliance (CAN-SPAM/CASL/ePrivacy).
• Data misuse: sending sensitive data in URLs (payment card numbers, health, biometric, precise location), or violating user privacy choices (e.g., GPC/UOOM).
• Interference: attempting to circumvent rate limits, quotas, or API restrictions; excessive automated queries without approval; scraping our infrastructure.
• Security testing without consent: scanning, probing, or testing our systems except under our coordinated disclosure policy.

2) Brand & Safety Controls

• Slug/domain controls: we may reserve, reclaim, or block slugs/domains to prevent impersonation, fraud, or legal risk.
• Interstitials & warnings: we may add safety pages, captchas, or blocklists for high‑risk destinations.
• Link scanning: automated and manual review may check destinations for malware, phishing, or policy violations.

3) Enforcement

We may throttle, disable links, suspend or terminate accounts, or report to authorities, at our reasonable discretion. We'll generally notify you unless prohibited by law or security concerns. Repeated or egregious violations may result in permanent bans.

4) API‑Specific Rules

• Don't exceed documented rate limits or circumvent quotas.
• Don't use the API to replicate core link‑shortening as a competing service without written consent.
• Keep keys confidential; rotate keys if compromised; use TLS; follow our security guidance.
• Cache & store only per policy; respect user privacy and consent signals (e.g., GPC).

5) Reporting Abuse

Report abusive links or content to abuse@shortnd.com (24/7). Include: the short URL(s), destination(s), description of the issue, evidence (screenshots/headers), and your contact. We act expeditiously on valid reports.

6) Changes

We may update this AUP; changes are effective upon posting with updated "Effective" date.

1) Prohibited Content & Conduct

You may not use the Services to:

• Security abuse: malware, phishing, pharming, credential stuffing, brute forcing, account takeover, botnets, DDoS, open redirect chains for exploitation.
• Illegal content/activities: CSAM, human trafficking or exploitation; unlawful drugs; illegal weapons; terrorism; incitement to violence.
• IP & privacy violations: copyright/patent/trademark infringement, trade secret misappropriation, doxxing, non-consensual intimate imagery, illegal surveillance or scraping.
• Fraud & deception: impersonation, fake stores, advance-fee fraud, multi-level scams, click fraud, evasion of platform bans/filters, cloaking.
• Hate & harassment: content that targets a protected class with violence or severe dehumanization; coordinated harassment or threats.
• Gambling & regulated goods: where unlawful or without required licenses.
• Spam & unsolicited communications: bulk or aggressive commercial messages without valid consent and compliance (CAN-SPAM/CASL/ePrivacy).
• Data misuse: sending sensitive data in URLs (payment card numbers, health, biometric, precise location), or violating user privacy choices (e.g., GPC/UOOM).
• Interference: attempting to circumvent rate limits, quotas, or API restrictions; excessive automated queries without approval; scraping our infrastructure.
• Security testing without consent: scanning, probing, or testing our systems except under our coordinated disclosure policy.

2) Brand & Safety Controls

• Slug/domain controls: we may reserve, reclaim, or block slugs/domains to prevent impersonation, fraud, or legal risk.
• Interstitials & warnings: we may add safety pages, captchas, or blocklists for high‑risk destinations.
• Link scanning: automated and manual review may check destinations for malware, phishing, or policy violations.

3) Enforcement

We may throttle, disable links, suspend or terminate accounts, or report to authorities, at our reasonable discretion. We'll generally notify you unless prohibited by law or security concerns. Repeated or egregious violations may result in permanent bans.

4) API‑Specific Rules

• Don't exceed documented rate limits or circumvent quotas.
• Don't use the API to replicate core link‑shortening as a competing service without written consent.
• Keep keys confidential; rotate keys if compromised; use TLS; follow our security guidance.
• Cache & store only per policy; respect user privacy and consent signals (e.g., GPC).

5) Reporting Abuse

Report abusive links or content to abuse@shortnd.com (24/7). Include: the short URL(s), destination(s), description of the issue, evidence (screenshots/headers), and your contact. We act expeditiously on valid reports.

6) Changes

We may update this AUP; changes are effective upon posting with updated "Effective" date.