Version v1.0 — Effective 10 April 2026

Acceptable Use Policy

The rules of engagement for the EntryLog platform — what you may and may not do with the Service, and what happens when the line is crossed.

Provider
Michal Král
Business ID
07526521
Seat
Bohuslava Martinů 1559
258 01 Vlašim, Czech Republic
Registered in
Trade Licensing Register
Contact
info@entrylog.eu

Acceptable Use Policy

Provider: Michal Král
Business ID (IČO): 07526521
Registered seat: Bohuslava Martinů 1559, 258 01 Vlašim, Czech Republic
Registered in: Živnostenský rejstřík (Trade Licensing Register)
Contact: info@entrylog.eu
Version: v1.0 — 10 April 2026
Effective date: 10 April 2026

I. Scope and Incorporation

  1. This Acceptable Use Policy (the "AUP") applies to every Customer and to every user acting under a Customer's Account on the EntryLog Platform.

  2. The AUP is incorporated by reference into the Terms of Service and forms an integral part of the Contract between the Provider and the Customer. A breach of this AUP constitutes a material breach of the Contract. Capitalized terms not defined here have the meanings given in the Terms of Service.

  3. All Customers are required to comply with this AUP in their use of the Service. The Provider reserves the right to modify this AUP from time to time, with notice as set out in the Terms of Service Article XIII.

II. Lawful Purpose

The Service may be used only for lawful event-organization activities in accordance with all applicable laws, including the laws of the Czech Republic and all EU regulations. Any use of the Service that violates applicable law, breaches the rights of third parties, or infringes public policy is strictly prohibited.

III. Lawfulness of Attendee Data

  1. The Customer (acting as Organizer) warrants that, for every Attendee record processed through the Platform, the Organizer has a lawful basis under Regulation (EU) 2016/679 (the GDPR) and applicable national data protection law to process that Attendee's personal data.

  2. The Provider does not verify the lawfulness of the Organizer's legal basis and relies entirely on the Organizer's warranty. The Organizer acknowledges that the choice of lawful basis is the Organizer's sole responsibility.

  3. A breach of the warranty in § 1 above constitutes a material breach of the Contract and may result in immediate suspension and termination as set out in Section VII below.

IV. Email and Anti-Spam Compliance

A. Hard thresholds per Email Campaign

The Provider operates email delivery infrastructure in partnership with MailerSend and enforces strict quality thresholds on all Email Campaigns (non-transactional bulk emails sent through the Platform). A Customer breach of either threshold authorizes immediate suspension:

  1. Bounce and invalid email rate: The bounce and invalid-email rate on any single Email Campaign must be strictly less than 2% of recipients targeted.

  2. Spam complaint rate: The spam complaint rate on any single Email Campaign must be strictly less than 0.3% of recipients who received the email.

B. Unsubscribe mechanism and suppression

  1. Every Email Campaign (other than transactional emails strictly necessary to fulfill the Service contract, such as password resets, registration confirmations, ticket delivery, and check-in notifications) must include an unsubscribe mechanism that is functional, conspicuous, and complies with the GDPR right to object to marketing (Art. 21 GDPR).

  2. The Platform automatically injects an unsubscribe mechanism into all non-transactional Email Campaigns. The Customer must not remove, disable, or obfuscate the unsubscribe link or button in any Blueprint or Email Campaign.

  3. The Customer must not send any Email Campaign to: - Recipients who have previously unsubscribed from any Email Campaign; - Recipients who have submitted a spam complaint against any prior Email Campaign; or - Recipients whose email address has hard-bounced in any prior Email Campaign.

C. Source restrictions

  1. The Customer must not send Email Campaigns to email addresses obtained by scraping websites, purchasing from third-party list brokers, harvesting from public directories, or any other non-consensual method.

  2. All recipients must be recipients to whom the Organizer has a direct relationship (prior event attendee, registered user, opted-in newsletter subscriber, or similar consensual basis).

  3. Violation of this requirement is grounds for immediate suspension without warning, as set out in Section VII § 2 below.

D. Legal compliance

The Customer acknowledges that § 7 of Act No. 480/2004 Coll. on certain information society services (the Czech opt-out regime for commercial communications) and Art. 21 of the GDPR (the right to object to direct marketing) are mandatory. The Customer's Email Campaigns must comply with these provisions.

V. Prohibited Content

The Customer must not upload, submit, publish, or distribute any of the following content through the Platform:

  1. Intellectual property infringement. Content that infringes any copyright, trademark, patent, trade secret, or other intellectual property right of a third party, without authorization.

  2. Hate speech and incitement. Content that incites hatred, violence, discrimination, or terrorism against a person or group based on protected characteristics (race, ethnicity, religion, national origin, gender, sexual orientation, disability, or other status recognized by law).

  3. Child sexual abuse material. Any image, video, text, or other content depicting, encouraging, or facilitating the sexual abuse, exploitation, or trafficking of minors. This provision is absolute and without exception. Any content of this nature will result in immediate permanent termination, law enforcement notification, and cooperation with authorities.

  4. Non-consensual intimate content. Pornographic or sexually explicit imagery or video depicting minors, animals, or non-consensual sexual conduct, or deepfake imagery created to simulate such content.

  5. Defamation and false statements. Content that falsely and materially misrepresents an identifiable third party in a manner that is reasonably likely to cause reputational, economic, or emotional harm, and that is not substantially true.

  6. Malware, phishing, and credential harvesting. Any content, link, file, script, or code designed to: - Install malicious software (viruses, trojans, ransomware, spyware) on recipient devices; - Deceive recipients into disclosing passwords, personal data, financial information, or login credentials (phishing); - Harvest credentials or personal data through deception; or - Impersonate a trusted entity or service.

  7. Sanctions and export control violations. Content that violates economic sanctions, export control regimes, or the list of restricted entities published by the European Union, the United States, the United Nations, or other applicable governmental authorities.

VI. Prohibited Platform Uses

The Customer must not:

  1. Reverse-engineering and source extraction. Reverse-engineer, decompile, disassemble, or otherwise attempt to extract, analyze, or reconstruct the Platform's source code, architecture, algorithms, or trade secrets by any means (including by analyzing network traffic, bytecode, or API responses).

  2. Security bypass. Attempt to bypass, circumvent, or disable any security measure, rate limit, CAPTCHA challenge, authentication factor, authorization control, or other technical protection mechanism on the Platform.

  3. Competitive intelligence. Use the Platform to build, benchmark, develop, test, or train a product or service that competes with EntryLog or any feature thereof. This prohibition is enforceable under § 2985 of Act No. 89/2012 Coll., the Civil Code, which governs unfair competition. The Customer acknowledges that using the Platform to develop a competing event-management system or to extract aggregated performance data for benchmarking purposes constitutes unfair competition.

  4. Resale and sublicensing. Resell, sublicense, lease, rent, or otherwise transfer the right to use the Service to any third party without the Provider's prior written consent. The Customer may not white-label the Platform, frame it within another service, or present it as a Customer's own product.

  5. Automated scraping. Perform automated scraping, crawling, or data extraction beyond the documented REST API endpoints and their published rate limits. The Customer may use the REST API in accordance with the published rate limits (currently 100 requests per minute per token), but systematic scraping of the entire data set, user enumeration, or harvesting of data at scale is prohibited.

  6. Credential sharing. Share, distribute, or allow multiple individuals to use a single Account, password, or authentication token. Each human user must have their own named Account and login credentials. API tokens may be shared only with the Customer's own systems and contractors under confidentiality obligations.

  7. Load testing and penetration testing. Perform load testing, stress testing, penetration testing, or security research on the Platform's production environment without the Provider's prior written consent. Any attempt to test the Platform's defenses, capacity, or security posture without authorization is prohibited.

VII. Enforcement and Remedies

The Provider enforces this AUP according to the following escalation ladder. Enforcement is at the Provider's sole discretion and may be adjusted based on the severity, nature, and impact of the violation.

A. First incident — notice and cure period

Upon discovery of an apparent breach of this AUP (other than those listed in § B and § C below), the Provider will send a warning email to the Organizer's registered contact address. The warning will describe the apparent breach and request remediation within a 48 to 72 hour window, unless the breach is not remediable (in which case immediate suspension may apply).

If the Organizer cures the breach within the window and provides evidence of remediation, the matter is resolved and a record is maintained.

B. Immediate suspension without notice

Notwithstanding § A above, the Provider may immediately suspend the Account and disable all Activations without prior notice if:

  1. The breach creates immediate, ongoing, or irreparable harm, including: - Active distribution of child sexual abuse material (CSAM) or non-consensual intimate content; - Active phishing, malware, or credential-harvesting attack via the Platform; - Active distribution of content that violates sanctions or export controls;

  2. The breach threatens the integrity or deliverability of the Platform's email infrastructure, including but not limited to: - a bounce rate exceeding 10% on a single Email Campaign; or - a spam complaint rate exceeding 1% on a single Email Campaign; or - any other sustained pattern of email behaviour that, in the Provider's reasonable judgment, threatens the integrity or deliverability of the Platform's email infrastructure or the Provider's sender reputation with upstream providers such as MailerSend.

Immediate suspension is followed by termination proceedings as set out in § C below.

C. Persistent breach or serious violation — permanent termination

After three (3) separate enforcement actions under § A within any rolling twenty-four (24) month period, or upon any serious single breach, the Provider may terminate the Contract immediately for cause, without refund and without pro-rata compensation. For the avoidance of doubt, an enforcement action under § A ceases to count toward the three-strike threshold once twenty-four (24) months have elapsed since the date on which that enforcement action was issued, provided no further enforcement action has been issued in the interim. Serious breaches include:

  • Repeated violations of the data-lawfulness warranty in Section III;
  • Repeated circumvention of rate limits or security measures;
  • Any attempt to reverse-engineer the Platform;
  • Use of the Platform to develop a competing service, as prohibited in Section VI § 3;
  • Any distribution of prohibited content.

Termination is effective immediately. The Account is suspended, all Activations are disabled, and data deletion procedures specified in the Terms of Service Article X § 4 commence.

D. No refund on suspension or termination for cause

Activation Fees paid by the Customer are non-refundable in the event of suspension or termination for cause under this Section VII. No pro-rata credit, refund, or service credit is available for any period during which the Account is suspended.

VIII. Indemnification

The Organizer indemnifies, defends, and holds harmless the Provider from and against any third-party claims, damages, fines, costs, and expenses (including reasonable legal fees) arising out of or related to:

  1. A breach of this AUP by the Organizer or any user acting under the Organizer's Account;

  2. Regulatory enforcement actions or fines issued by any data protection authority (including the Office for Personal Data Protection — ÚOOÚ), consumer protection authority (including the Czech Trade Inspection Authority — ČOI), or other governmental body, arising out of the Organizer's violation of data protection law, consumer law, or other applicable law in connection with the Organizer's use of the Service;

  3. Claims brought by Attendees, other users, or third parties arising out of the Organizer's content, data practices, or use of the Platform; or

  4. Any infringement of intellectual property rights or violation of law attributable to the Organizer's content or conduct.

This indemnification obligation is in addition to, and does not limit, any liability framework set out in the Terms of Service Article VIII.

IX. Reporting Abuse

Customers, Attendees, or third parties who observe conduct or content that violates this AUP may report it to:

Email: info@entrylog.eu Subject line: "AUP Violation Report" (or similar)

Reports should include a description of the alleged violation, relevant dates and times, and any supporting evidence (e.g., screenshots, email headers, or URLs).

The Provider will investigate abuse reports promptly and in good faith. However, the Provider makes no commitment as to the timeframe for investigation or resolution. The Provider's decision on enforcement is final and not subject to appeal.

X. Relationship with the Terms of Service

  1. This AUP is subordinate to the Terms of Service. In any conflict between this AUP and the Terms of Service, the Terms of Service prevail.

  2. The Terms of Service Article IX § 1 incorporates this AUP by reference and states that a breach of this AUP is a breach of the Contract.

  3. In addition to the enforcement mechanisms described in this Section VII, the Provider may enforce breaches of this AUP through the suspension and termination procedures described in the Terms of Service Article X.

  4. This AUP is published in English and Czech. Both versions are binding. In the event of any conflict between the English and Czech versions, the Czech version prevails.