Skip to content
C
Cartly
Platform launch: May 1, 2026
Try all features now — create your store for free

Acceptable Use Policy

Effective Date: March 1, 2026 — Last Updated: March 24, 2026

1. Purpose

This Acceptable Use Policy ("AUP") outlines the permitted and prohibited uses of the Cartly platform and related services. This policy supplements and is incorporated into our Terms of Service. All users of the Cartly platform — including merchants, their staff members, developers using our APIs, and end customers — must comply with this policy.

The goal of this policy is to protect the integrity, security, and reputation of the Cartly platform and its users. We want every merchant to succeed, and maintaining a trustworthy ecosystem is essential to that mission.

2. Prohibited Activities

You may not use the Cartly platform to:

  • Violate laws or regulations: Engage in any activity that violates applicable local, state, national, or international laws, including consumer protection, export control, and sanctions laws
  • Commit fraud: Conduct fraudulent transactions, use stolen payment credentials, engage in money laundering, or participate in any form of financial fraud
  • Distribute malware: Upload, transmit, or distribute viruses, worms, trojans, ransomware, or any other malicious code through your store or via our APIs
  • Send spam: Use Cartly's email systems to send unsolicited bulk messages, phishing emails, or communications to individuals who have not opted in
  • Perform unauthorized access: Attempt to gain unauthorized access to other users' accounts, stores, data, or any Cartly internal systems
  • Mine cryptocurrency: Use Cartly's infrastructure for cryptocurrency mining or other computationally intensive operations unrelated to e-commerce
  • Scrape or harvest data: Use automated tools to scrape, crawl, or harvest data from other stores on the platform without authorization
  • Impersonate others: Misrepresent your identity or affiliation, or impersonate Cartly staff, other merchants, or any third party
  • Interfere with service: Deliberately overload, disrupt, or degrade the performance of the platform or any other user's store
  • Circumvent restrictions: Bypass rate limits, security controls, access restrictions, or any technical measures implemented by Cartly

3. Content Standards

All content published on stores hosted by Cartly must meet the following standards:

  • Accuracy: Product descriptions, pricing, and availability must be truthful and not misleading
  • Legality: All products and content must comply with applicable laws in your jurisdiction and the jurisdictions where you sell
  • Intellectual property: You must have the right to use all content, images, trademarks, and copyrighted material displayed on your store
  • Decency: Content must not be obscene, defamatory, harassing, threatening, or hateful
  • Privacy: You must not publish personal information of others without their consent

For a detailed list of prohibited products and categories, see Section 5 of our Terms of Service.

4. API Usage

Developers using the Cartly GraphQL API, REST Admin API, or OAuth App Marketplace must adhere to the following guidelines:

  • Rate limits: Respect all published rate limits. Default limits are 120 requests per minute for authenticated endpoints and 60 requests per minute for public endpoints. Exceeding limits will result in temporary throttling (HTTP 429).
  • Authentication: Use OAuth 2.0 tokens for all app-to-platform communication. Never share or expose API keys or tokens in client-side code, public repositories, or logs.
  • Data handling: Process only the data necessary for your application's stated purpose. Delete customer data when it is no longer needed. Comply with our Data Processing Agreement.
  • Transparency: Clearly describe your application's functionality and data usage in your marketplace listing. Obtain user consent before accessing their data.
  • Error handling: Implement proper error handling and retry logic with exponential backoff. Do not retry failed requests in tight loops.
  • Versioning: Use the latest stable API version. Deprecated endpoints will be supported for at least 6 months after deprecation notice.

5. Enforcement

Cartly monitors platform usage to ensure compliance with this policy. When a violation is detected, we may take one or more of the following actions, depending on the severity and nature of the violation:

  • Warning: For first-time minor violations, we will issue a written warning with specific remediation steps and a deadline for compliance
  • Content removal: Remove or disable access to specific content that violates this policy
  • Feature restriction: Temporarily disable specific features (e.g., email sending, API access) for the offending account
  • Account suspension: Temporarily suspend the account while the violation is investigated. Suspended accounts cannot process orders or receive payouts.
  • Account termination: Permanently terminate the account for severe or repeated violations. A 30-day data export period will be provided except in cases of fraud or illegal activity.
  • Legal action: Pursue legal remedies for violations that cause significant harm to Cartly, its users, or third parties

We will notify you of any enforcement action and provide an opportunity to appeal, except where immediate action is necessary to prevent ongoing harm.

6. Reporting Violations

If you become aware of any activity that violates this Acceptable Use Policy, please report it to us:

Please include as much detail as possible, including the store URL, description of the violation, and any supporting evidence. We investigate all reports and will take appropriate action. Reports can be submitted anonymously.