Acceptable Use Policy

You may not use Anvil to:

• Engage in any activity that violates applicable law where you, Anvil, or the recipient are located.
• Promote, arrange, or facilitate illegal drugs, weapons, counterfeit goods, human trafficking, money laundering, terrorist financing, or tax evasion.
• Infringe anyone’s intellectual property, privacy, publicity, or other rights.

Anvil is a tool for legitimate B2B outreach. The following are strictly prohibited:

• Sending bulk email without a lawful basis (consent, legitimate interest, or contract).
• Violating CAN-SPAM, CASL, GDPR Art. 21, PIPL, PDPO, or ePrivacy Directive requirements on unsolicited commercial communication.
• Omitting or disabling the unsubscribe link on marketing emails, or ignoring opt-out requests.
• Using deceptive subject lines, spoofed headers, or impersonated sender identities.
• Sending to purchased, scraped-without-filter, or otherwise unconsented email lists that violate applicable law.
• Chain mail, pyramid schemes, MLM recruitment, get-rich-quick campaigns.
• Excessive retry loops after bounce or unsubscribe.

Anvil maintains a global suppression list; emails to suppressed addresses are blocked at the sender layer.

• Threats of violence or credible promotion of violence against any individual or group.
• Harassment, bullying, stalking, or coordinated pile-ons.
• Hate speech, slurs, or dehumanising content targeting protected classes.
• Content that sexualises minors in any way, at any time. Zero tolerance; immediate ban and report to NCMEC / local authorities.
• Doxxing or publishing private information without consent.

• Phishing, smishing, vishing, or credential harvesting of any kind.
• Impersonating Anvil, another company, or an individual without authorization.
• Typosquatting domains or brand abuse to deceive recipients.
• Sending fake invoices, refund scams, or "Nigerian prince"-class schemes.
• Laundering payments through Anvil subscriptions.

• Probing, scanning, or testing the vulnerability of the Service without written permission under our responsible-disclosure program.
• Bypassing rate limits, authentication, or entitlement checks through any means, including but not limited to multiple accounts, IP rotation to evade blocks, or reverse-engineering API signatures.
• Using the Service to deliver malware, ransomware, cryptominers, rootkits, or distribute command-and-control traffic.
• Using the Service to launch denial-of-service attacks, port scans, or SSRF probes against third parties.
• Interfering with other tenants’ access (noisy neighbors, resource exhaustion).
• Reselling or sub-licensing API endpoints without written agreement.

Anvil includes data-discovery features. When you use them, you agree to:

• Respect the robots.txt directives of any site you scrape through Anvil, unless you have written authorization from the site owner.
• Avoid aggressive crawl cadences — Anvil rate-limits by default; do not engineer around these limits.
• Not scrape login-gated content, paid content, or content explicitly forbidden by the site’s terms of service if those terms are legally enforceable against you.
• Not scrape personal data outside a business context (work email, job title, business phone) without a lawful basis under applicable privacy law.

• Do not use Anvil AI features to generate content that violates this AUP (spam templates, phishing, impersonation scripts, hate content).
• Do not use Anvil outputs to train competing AI models.
• Do not attempt to extract system prompts, jailbreak the model, or cause it to act outside its intended scope.
• Do not feed personal data of third parties into AI features without a lawful basis to do so.

• Do not upload or collect sensitive categories of personal data (health, religion, political opinion, biometrics, children) unless you have a specific lawful basis and have informed Anvil in writing.
• Honor the rights of data subjects (access, correction, deletion) under applicable law. Anvil supplies tools to help you do this; the legal obligation remains yours.

To report a suspected violation, email abuse@anvilhk.com (forwarded to 738888@proton.me) with:

• Your contact details and relationship to the matter.
• The nature of the violation and any evidence (headers, screenshots, URLs).
• For phishing/fraud: the full email source and any linked domains.

We respond within 2 business days and investigate all reports. Credible reports of imminent harm are escalated to 24/7 on-call.

Depending on severity we may:

• Issue a written warning and required remediation plan.
• Suspend specific features (sending, scraping, AI).
• Suspend the entire account while we investigate.
• Terminate the account and delete data, subject to legal-hold obligations.
• Report to law enforcement and cooperate with their investigation.
• Refer to blocklists or industry abuse databases (Spamhaus, M3AAWG).

This AUP may change as the threat landscape evolves. We will notify Anvil account holders by email at least 7 days before material changes take effect. Questions: 738888@proton.me.