Acceptable Use Policy

Last updated: 2026-04-21

This Acceptable Use Policy ("AUP") governs what you may and may not do with Finn. It supplements the Terms of Service and forms part of your agreement with us. Violation can result in immediate suspension or termination.

Finn sends email via AWS Simple Email Service. You are bound by AWS's own Acceptable Use Policy in addition to this one.

No unsolicited bulk email

You may send email only to recipients who have given you prior, informed consent to receive it, or with whom you have a clearly established prior relationship that implies such consent (e.g. a customer receiving a receipt for a purchase they made).

Purchased, scraped, rented, or otherwise third-party-sourced recipient lists are prohibited. Sending unsolicited bulk email ("spam") is prohibited.

Mandatory headers and mechanisms

Marketing and newsletter email must include:

An accurate From: header identifying you
A subject line that is not misleading
A physical postal address in the message body (CAN-SPAM, CASL)
A functional List-Unsubscribe: header and/or a clearly labelled unsubscribe link
A prompt (within 10 business days) unsubscribe mechanism

Transactional email (receipts, password resets, notifications) is exempt from unsubscribe requirements but must still use honest From/Subject and must not contain unrelated marketing content.

Prohibited content

You may not use Finn to send email that:

Is illegal in the sender's or recipient's jurisdiction
Contains malware, viruses, ransomware, or links to such content
Attempts phishing, credential theft, or financial fraud
Impersonates another person, company, brand, or institution
Promotes content that sexually exploits minors
Promotes illegal drugs, weapons, counterfeit goods, or human trafficking
Contains content prohibited by AWS's Acceptable Use Policy
Infringes copyright, trademark, or other intellectual property
Defames, harasses, or threatens another person

Prohibited behaviour

You may not:

Abuse the API or SMTP interface (e.g. bypassing rate limits, credential sharing across tenants)
Attempt to access another tenant's data or the underlying infrastructure
Reverse-engineer, scrape, or disrupt the service
Use Finn to send email that violates AWS's own AUP (we will lose our SES access; you will be terminated)
Use Finn as a generic open relay or as infrastructure for a competing email product

Compliance with law

You are solely responsible for complying with every law applicable to your sending:

CAN-SPAM Act (US)
CASL (Canada)
GDPR / UK GDPR / PECR (EU / UK)
ASA / ICO guidance (UK)
Australian Spam Act 2003
Any local equivalent

Consent records, data-processing agreements, and lawful-basis documentation are your responsibility.

Bounces, complaints, suppressions

Finn automatically suppresses recipient addresses that hard-bounce or file spam complaints. You must not attempt to circumvent suppression (for example by re-signing the same recipient through a different alias).

Your tenant is automatically suspended if your bounce rate exceeds 5% or complaint rate exceeds 0.1% over the rolling monitoring window. Suspension protects shared infrastructure; you will need to resolve the cause and contact support to reinstate.

Reporting abuse

To report abuse originating from a Finn-hosted sender, email [email protected]. Include the full email headers where possible. We review every report and act within 72 hours.

To report a security issue, email [email protected] with the subject line "SECURITY". We honour responsible disclosure.

Enforcement

We will investigate suspected violations. We may:

Suspend sending immediately if risk is material
Require remediation before reinstating
Terminate the account for repeated or severe violations
Notify affected third parties or law enforcement where required by law
Cooperate fully with legitimate law-enforcement requests

We do not issue refunds for accounts suspended or terminated for AUP violations.

Changes

We may update this policy. Material changes are announced to account owners at least 14 days in advance.