DRAFT — NOT LEGAL ADVICE — counsel must review before go-live

Magic Sites Acceptable Use Policy (AUP)

Last updated: 2026-04-23 Jurisdiction / governing law: [STATE TBD BY COUNSEL]

Counsel TODO:

• Confirm CSAM reporting flow — NCMEC CyberTipline registration and 18 U.S.C. § 2258A obligations.
• Confirm how “hate / harassment” is scoped (constitutional speech concerns; define by conduct not viewpoint).
• Confirm suspension-without-notice grounds list — align with Cloudflare’s upstream AUP so we don’t carry obligations they don’t allow.
• Confirm reselling definition for the Agency tier — whitelabel vs referral vs full resale.
• Confirm appeal process SLA (drafted at 10 business days for non-severe suspensions).
• Confirm rate-limit numbers — currently placeholders; ops team to supply actual thresholds.

1. Purpose

This Acceptable Use Policy (“AUP”) describes conduct and content that is prohibited on Magic Sites (the “Service”). Violations may result in content removal, feature limits, suspension, or termination. This AUP supplements the Terms of Service.

2. Prohibited content and conduct

You must not use the Service to create, host, transmit, or link to:

• Illegal content under U.S. federal law or the law of any jurisdiction where the content is made available.
• Child sexual abuse material (CSAM) — zero tolerance. We report to NCMEC and cooperate with law enforcement.
• Malware, phishing, or exploit kits — including botnet C2, credential-harvesting pages, and drive-by downloads.
• Spam — unsolicited bulk messaging, link-farming, doorway pages, or abusive transactional email.
• Fraud and deception — scams, impersonation, fake storefronts, deceptive affiliate cloaking.
• Violence and threats — incitement, credible threats, terrorism glorification, or content facilitating real-world harm.
• Harassment and hate — targeted harassment or content that incites violence or discrimination against a person or class based on protected characteristics.
• Sexual content involving minors or non-consensual intimate imagery.
• Infringement — content that infringes copyright, trademark, patent, trade secret, publicity, or privacy rights.
• Doxing and stalking — publishing private personal information with intent to harm.
• Deceptive AI-generated content — synthetic media designed to deceive about identity, authorship, or material facts without disclosure.
• Illegal commerce — unlicensed firearms, controlled substances, counterfeits, human trafficking.
• Circumvention — bypassing access controls, DRM, or rate limits.

3. Technical abuse

You must not:

• Probe, scan, or test vulnerabilities of the Service without authorization.
• Interfere with service to any user, host, or network (denial-of-service, flooding, resource exhaustion).
• Introduce malicious code.
• Reverse-engineer or scrape at a volume or manner that burdens the Service.

4. Rate limits and fair use

Accounts are subject to per-tier rate limits on requests, storage, bandwidth, emails, AI invocations, and plugin calls. Abuse thresholds (placeholder, to be finalized by ops):

• Request rate: [TBD] requests per second per site; sustained bursts may be shaped.
• Email sends: [TBD] transactional emails per day; marketing email is not permitted without a compatible paid add-on.
• Outbound fetch: [TBD] outbound requests per minute per worker.

Sustained abuse triggers automated throttling; severe abuse triggers suspension.

5. Reselling and multi-tenant restrictions

You may not resell, sublicense, or offer the Service as a hosted product to third parties except under the Agency tier with a signed agency agreement. Creating throw-away tenants to bypass per-tenant limits is prohibited.

6. Suspension grounds

We may suspend or terminate access without prior notice for:

• CSAM, credible threats of violence, active malware distribution, or active phishing.
• Law enforcement or court orders.
• Security incidents originating from your tenant that threaten other customers.
• Non-payment past the cure period.
• Repeated or material AUP violations after notice.

For non-severe violations we will make reasonable efforts to provide notice and an opportunity to cure.

7. Reporting abuse

Report suspected abuse to abuse@auramediastudios.com. For copyright claims see the DMCA section of the Terms of Service. For CSAM, we also report directly to NCMEC and preserve required records.

8. Appeals

If your account is suspended or content removed, you may appeal by emailing appeals@auramediastudios.com within 30 days. We aim to respond within 10 business days for non-severe matters. Severe matters (CSAM, active malware, court orders) are not subject to appeal except by legal process.

9. Changes

We may update this AUP. Material changes will be announced with reasonable notice.

10. Contact

abuse@auramediastudios.com — legal@auramediastudios.com