Acceptable Use Policy
Effective: July 10, 2026 · v2026-07-10
This Acceptable Use Policy (the "AUP") sets the rules for what you can and can't do on HoldFast. It applies to everyone: workspace owners and members, the people you invite to review or watch your content, and anyone who opens a link we host. HoldFast is operated by Smoke & Oakum ("HoldFast", "we", "us", "our").
This AUP is part of, and incorporated into, our Terms of Service. Words defined in the Terms have the same meaning here. If you use the service, you agree to follow these rules — and to make sure the people you share links with follow the ones that apply to them. Breaking these rules can cost you your content, your account, or both. How we respond is set out in "How we enforce this" at the end.
1. Content you may not upload, host, or share
You are responsible for everything uploaded to or shared through your workspace. You may not upload, host, stream, or share:
- Infringing content — video, audio, images, music, fonts, or any other material you don't have the rights to, or that violates someone else's copyright, trademark, patent, trade secret, or other intellectual-property right. Formal copyright complaints are handled under our Copyright / DMCA Policy.
- Illegal content — material that is unlawful where you or your viewers are located, or that promotes, facilitates, or provides instructions for a crime.
- Defamatory or knowingly false content — material you know to be false and that harms a person's or organization's reputation.
- Deceptive impersonation — content that impersonates a real person, company, or HoldFast itself in a way meant to deceive (as opposed to clearly labeled parody or authorized brand use).
- Privacy-violating content — non-consensual intimate imagery, doxxing, or personal data you have no lawful right to publish.
- Malware — files or links containing viruses, worms, ransomware, spyware, or any other code designed to disrupt, damage, disable, or gain unauthorized access to a device, system, or data.
- Content directed primarily at children — HoldFast is a business tool and is not designed or intended for child-directed content. You may not upload content whose primary audience is children unless you hold all necessary rights and comply with applicable children's-privacy law (such as COPPA and its equivalents).
Child sexual abuse material: zero tolerance
We have zero tolerance for child sexual abuse material ("CSAM") or any content that sexually exploits or endangers a child. We do not wait for a complaint. If we become aware of apparent CSAM, we will remove it, preserve the relevant records, terminate the account, and report it to the National Center for Missing & Exploited Children ("NCMEC") and to law enforcement as required by U.S. law (18 U.S.C. § 2258A). There is no warning and no appeal.
2. How you may not behave
- Harassment — no threatening, stalking, bullying, or targeted abuse of any person, whether through uploaded content, comments, or messages you send through the service.
- Spam — don't use HoldFast's email or distribution features to send unsolicited bulk mail, or anything that violates anti-spam law (such as CAN-SPAM). Every non-transactional message must include a working opt-out.
- Deception — don't use the service to run phishing, fraud, or other schemes designed to mislead people into giving up money, credentials, or personal data.
3. Technical and security limits
- No scraping or bulk extraction — don't crawl, scrape, or use bots to bulk-download the service or other users' content, except through our documented API and within its published limits.
- No reselling — don't resell, sublicense, rent, or white-label the service except where your plan expressly allows it.
- No reverse-engineering — don't decompile, disassemble, or otherwise try to derive our source code, except to the narrow extent that law makes such a restriction unenforceable.
- No rate abuse — don't flood, overload, or degrade the service, circumvent quotas or storage caps, or interfere with anyone else's use of it.
- No unauthorized access or scanning — don't probe, scan, or test the vulnerability of HoldFast systems, and don't breach or circumvent any authentication or security measure, without our prior written authorization. (Good-faith security researchers: see the box below.)
Security researchers
We welcome good-faith security research. If you think you've found a vulnerability, please don't run automated vulnerability scanners, penetration tests, or exploit attempts against our live systems, and don't access data that isn't yours. Instead, report it privately to [email protected] and give us a reasonable window to fix it before disclosing it publicly. We won't pursue action against research done in good faith under responsible-disclosure principles.
4. Analytics and viewer tracking
HoldFast gives workspaces analytics about who opens their links and how they engage — for example, watch time, resolved company, and engagement scores. You are responsible for using those analytics lawfully. You may not use HoldFast's viewer analytics, identity resolution, or enrichment features to break the law or to violate anyone's rights.
As set out in our Terms of Service, you confirm that, for the people who view your content, you have a lawful basis to track and profile them, you have given them any notice the law requires, and you have obtained any consent or provided any opt-out the law requires. You may not use the analytics to unlawfully surveil, discriminate against, or otherwise harm your viewers.
5. How we enforce this
We would rather warn you than shut you down. For most issues, we escalate step by step — but serious violations skip the ladder.
- Warn — for most first-time or minor issues, we'll let you know and ask you to fix it.
- Suspend — if it isn't fixed, or the violation is serious, we may disable the offending content, link, or account while we look into it.
- Terminate — for repeat or severe violations, we may remove content and close the account, without refund.
Immediate action. For the most serious violations — CSAM, malware distribution, active attacks on the service, or anything that exposes us or others to real legal risk or harm — we may remove content and suspend or terminate the account immediately, without prior notice, and report the matter to the authorities where the law requires or permits it.
Repeat infringers. Consistent with our Copyright / DMCA Policy, we terminate the accounts of users who repeatedly infringe others' intellectual property.
Where we act only as a processor for a workspace's content, we'll generally coordinate enforcement with the workspace owner — but we may act directly whenever we need to stop illegal activity or protect the service, our other customers, or third parties.
6. Reporting abuse
If you see something that breaks this policy, tell us at [email protected]. Include the link and a short description of the problem so we can act quickly. For copyright specifically, please use the process in our Copyright / DMCA Policy.
7. Changes to this policy
We may update this AUP from time to time. When we do, we'll change the effective date and version at the top of this page. If you keep using HoldFast after an update takes effect, you accept the revised policy.