Navigare Space Ltd
Effective date: [INSERT DATE] Version: 1.0 Document reference: NS-AUP-v1.0
1.1 This Acceptable Use Policy ("AUP") sets out the rules for using the Navigare Space services. It is incorporated into our Master Services Agreement and applies to all customers, their Authorised Users, and anyone else accessing the Services.
1.2 The AUP exists to keep the Services secure, lawful, and useful for everyone. It is not exhaustive; the underlying principle is use the Services for legitimate business purposes, lawfully, and without harming other users or third parties.
1.3 We may update this AUP from time to time on reasonable notice. Material changes will be communicated by email and by notification on our website.
You may not use the Services to:
(a) Engage in any activity that is unlawful under the laws of England and Wales, or under the laws of any jurisdiction where your activity has effect.
(b) Process, store, or transmit data that you have no lawful basis to process under UK data-protection law.
(c) Infringe intellectual property rights (copyright, trade marks, patents, designs, database rights, or rights in confidential information) of any third party.
(d) Operate in a manner that breaches sector-specific regulations applicable to your business (for example, SRA Standards for legal practices, FCA rules for regulated financial activities, MHRA rules for pharmaceutical activities).
(a) Send unsolicited bulk communications ("spam"), whether by email, SMS, or any other channel, including via integrations with our Services.
(b) Send communications that breach the Privacy and Electronic Communications Regulations 2003.
(c) Engage in phishing, fraud, identity theft, scams, or any deceptive practice.
(d) Distribute, link to, or host malware, viruses, ransomware, trojans, worms, or any other malicious code.
(e) Harvest, scrape, or collect personal data from third parties without lawful basis.
(f) Harass, threaten, defame, or otherwise harm individuals.
(g) Promote violence, terrorism, hate speech, or discrimination on grounds protected by the Equality Act 2010.
(a) Probe, scan, or test the vulnerability of the Services or any underlying infrastructure, without our prior written consent. (Legitimate security research that you want to perform should be discussed with us first.)
(b) Attempt to gain unauthorised access to any part of the Services, to other customers' instances, or to systems connected to the Services.
(c) Circumvent or attempt to circumvent rate limits, user limits, storage limits, or other technical restrictions of your Plan.
(d) Use the Services in a manner that interferes with their availability, performance, or security for other customers.
(e) Attempt to overload, disrupt, or degrade the Services through deliberate excessive use, denial-of-service attacks, or similar means.
(f) Operate cryptocurrency mining, distributed computing for third parties, or similar resource-intensive workloads unrelated to legitimate use of the Services as a business platform.
(g) Reverse-engineer, decompile, or attempt to derive source code from any part of the Services or its underlying infrastructure (save to the extent permitted by law, and noting that the underlying Odoo Community Edition is itself open-source under LGPL v3).
(a) Resell, sublicense, rent, or otherwise commercially exploit access to your instance to third parties — save under a separate written reseller agreement with us, or as expressly permitted by the Plan (e.g. the Software House Plan permits granting client-portal access to your own clients).
(b) Misrepresent the Services, our brand, or our identity in any communication.
(c) Hold yourself out as a representative, agent, or partner of Navigare Space without authorisation under a Partner Agreement.
The Services are designed for business use. You may not store on the Services:
(a) Content depicting child sexual abuse material — which we will immediately report to the appropriate authorities.
(b) Content that is illegal under English law.
(c) Personal data that you have no lawful basis to hold (regardless of who originally collected it).
(d) Payment card data within the scope of PCI DSS (use tokenised integrations to compliant payment providers — Stripe, GoCardless, Worldpay etc. — instead of storing card data in the Services).
(e) NHS patient records subject to the NHS Digital Data Security and Protection (DSP) Toolkit, unless we have expressly agreed to support such use under a separate addendum.
(f) UK Government data classified above OFFICIAL.
3.1 Plan limits. Each Plan has user limits and resource allocations as set out in the Order Form. You must stay within these limits or upgrade your Plan.
3.2 Fair use of shared resources. For Plans on shared infrastructure (currently the Skiff Hosting tier), exceptionally heavy workloads that adversely affect other users may be throttled, limited, or required to move to a dedicated Plan. We will discuss this with you before taking action where reasonably possible.
3.3 Excessive load on dedicated infrastructure. For dedicated infrastructure Plans, we provide the specified resources. If your workload routinely exceeds those resources (CPU, RAM, storage I/O, network), we will inform you and discuss upgrade options. We will not abruptly cut service for resource usage on dedicated Plans — but very sudden growth (10× or more in a short period) may temporarily affect performance until we can adjust capacity.
3.4 Outbound email & SMS. Outbound transactional volumes that significantly exceed normal patterns (for example, sending hundreds of thousands of emails from a Salon-Plan instance) may be throttled or paused, and may indicate misuse or a security incident. We will contact you before taking irreversible action.
4.1 You are responsible for:
(a) keeping the credentials of your Authorised Users confidential; (b) using strong passwords and (where available) multi-factor authentication; (c) promptly removing access for individuals who no longer need it; (d) configuring user roles and permissions appropriate to your business; (e) notifying us promptly of any suspected compromise of your account or your data; and (f) keeping browsers and devices used to access the Services reasonably up to date and free of malware.
4.2 If you discover a security vulnerability in the Services, please report it responsibly to [email protected] rather than exploiting or publicising it. We treat all responsible disclosures with appreciation, even if we don't currently operate a formal bug-bounty programme.
5.1 If you become aware of any violation of this AUP — whether by another user, by content stored on the Services, or otherwise — please report it to [email protected].
5.2 We will investigate reports promptly. Where the report concerns illegal content, we may notify the relevant authorities.
6.1 Where we believe an AUP breach has occurred, we may, depending on severity:
(a) contact you to discuss and request remediation; (b) require the removal of offending content or activity; (c) suspend the affected feature, instance, or account, with notice where reasonably possible; (d) terminate the Principal Agreement under its termination provisions; and/or (e) report the matter to law enforcement or other authorities, where appropriate.
6.2 We will act proportionately. For genuine mistakes and minor breaches, a conversation is usually enough. For wilful misconduct, serious illegality, or actions threatening other customers, we will act more decisively.
6.3 No service credits are payable for outages caused by suspension or termination due to AUP breach.
Customers on Plans designed for regulated industries (Legal, Accountancy, Estate Agency, Construction, Veterinary, Restaurant) are reminded that the Services are tools to support your compliance — but the legal and regulatory obligations are yours, not ours. You remain responsible for your filings, your record-keeping, your client money, your AML obligations, and your fitness for purpose.
If you grant access to your own clients via the client-portal feature, you are responsible for:
(a) the legal relationship between you and your clients; (b) any service-level commitments you make to your clients (we do not become a party to those); (c) ensuring your clients comply with this AUP when using the portal; and (d) limiting your clients' access to the project artefacts that are appropriate for them to see.
Customers whose business involves a high volume of outbound emails or SMS (e.g. Estate Agencies sending market updates, Wellness Studios sending class reminders to large memberships) should discuss expected volumes with us at onboarding so we can configure deliverability and sender reputation appropriately. Volumes far above plan norms may require additional setup or an upgrade.
For any question about this AUP, or for clarification on whether a specific use is permitted, contact:
We'd rather have a conversation about a borderline use case in advance than discover it via an incident.
[END OF ACCEPTABLE USE POLICY]
← All legal documents