Acceptable Use Policy

This Acceptable Use Policy (“AUP”) sets out the rules that govern the use of the Treffio platform (“Service”). It is part of, and incorporated by reference into, the Terms and Conditions and the License Terms. Capitalized terms not defined here have the meanings given in those documents.

The AUP applies to everyone who uses the Service: Administrators, Customers, Guests, and any other Users. Administrators are responsible for ensuring that everyone who uses the Service under their account or in connection with their events also complies with this AUP.

We may update this AUP from time to time. Material changes will be communicated through the admin dashboard or by email.

1. Why this matters

Treffio is built on trust. Administrators trust us with their guests’ data; guests trust us not to abuse our access to their information. Companies trust us not to be used as a tool for spam, fraud, or harassment. This AUP describes the behavior we expect from everyone in our ecosystem so that this trust is preserved.

2. Communications: anti-spam and event scope

You must only use the Service to send communications that are:

1. directly related to an event you are managing or attending;
2. expected by the recipient based on the relationship that gave rise to their inclusion (registration, invitation by a known organizer, prior business relationship, etc.); and
3. lawful under all applicable rules, including the GDPR, the Danish Marketing Practices Act (Markedsføringsloven), the ePrivacy Directive, and equivalent rules in any country where recipients are located.

In particular, you must not:

• send unsolicited marketing or promotional content to guests except where you have a valid lawful basis (typically opt-in consent or a relevant pre-existing customer relationship);
• send messages unrelated to the event, such as marketing for other products or services not affiliated with the event;
• forge or misrepresent sender identity, headers, or origin;
• send messages on behalf of an organization you do not represent;
• send messages to scraped, purchased, or otherwise unlawfully obtained address lists;
• circumvent or disable opt-out, unsubscribe, or stop mechanisms;
• send the same message at unreasonable volume or cadence to wear down the recipient.

After an event has ended, you may continue to send strictly transactional service messages related to that event for a reasonable period — for example, evaluation surveys, certificates, photos, materials from speakers, or operational follow-ups requested by the event organizer. You must include a clear way to opt out of further post-event messages, and you must honor those opt-outs immediately.

3. Treatment of guest personal data

Personal data of guests handled through the Service is confidential. You must:

• treat all identifiable guest information as confidential, including names, contact details, registration responses, dietary restrictions, accessibility needs, financial information, and any free-text responses;
• only access, view, export, or process guest data to the extent necessary to operate the relevant event;
• only share guest data with third parties (such as caterers, hotels, transport providers, security, or sub-organizers) to the extent strictly necessary, only with the minimum information needed, and only under appropriate confidentiality and data-protection obligations; and
• not share, post, or discuss identifiable guest information in support requests, social media, internal chat tools, or anywhere else outside the secure operational context of the event.

Aggregate, non-personal statistics (for example “we had 247 attendees” or “60 % chose the vegetarian option”) are not subject to the same restrictions and may be shared freely, provided no specific person can be identified from them in context.

4. Lawful basis and individual rights

You must, at all times, have a lawful basis under Article 6 GDPR (and, where relevant, an appropriate condition under Article 9) to invite, contact, register, and otherwise process the personal data of every individual you add to or process within the Service.

You must also:

• provide each individual with the transparency information required by Articles 13 and 14 GDPR;
• promptly process opt-outs (for example, unsubscribe requests for emails or STOP replies for SMS);
• promptly process and respond to data-subject requests for access, rectification, erasure, restriction, objection, and portability;
• not use guest contact details obtained through the Service for any purpose unrelated to the event for which they were provided;
• not transfer guest data to third countries without an appropriate transfer mechanism.

4a. Use of AI features (OpenAI translation)

The admin dashboard offers an optional AI-powered translation feature backed by OpenAI, described in the Privacy Policy. When you use it, you must:

• only submit free-text content for which you have the right to use AI translation (for example, event titles and descriptions);
• not paste identifiable guest data, payment information, special-category data, or any third-party confidential information into the translation prompt; and
• treat the feature as assistance, not authority — you are responsible for the final translated output you publish or send to guests.

If you would not put a piece of text into a public-facing webpage, do not put it into the translation feature.

5. Account security and credential sharing

You must:

• keep your sign-in credentials confidential and not share them with anyone;
• not allow other people to log in as you, even within your own organization — instead, request a separate admin user for each person who needs access;
• promptly revoke admin access from people who leave your organization or change roles;
• enable available security features (for example, multi-factor authentication where offered);
• promptly notify [email protected] of any actual or suspected unauthorized access; and
• be responsible for activity carried out under your account, whether you authorized it or not.

6. Prohibited content

You must not use the Service to send, store, post, distribute, or otherwise process content that:

• is illegal under applicable law;
• infringes intellectual-property rights, privacy rights, publicity rights, or other rights of third parties;
• is defamatory, obscene, sexually explicit, hateful, or harassing;
• promotes self-harm, suicide, eating disorders, or other dangerous behavior;
• promotes terrorism, violence, or organized criminal activity;
• depicts or sexualizes minors;
• is fraudulent, deceptive, or designed to mislead;
• contains malware, viruses, ransomware, or other harmful code;
• is a phishing attempt or other social-engineering attack;
• targets minors with adult content; or
• you do not have the necessary rights or consents to process or distribute.

7. Prohibited conduct

You must not:

• attempt to access any part of the Service or any other user’s data that you are not authorized to access;
• attempt to identify, deanonymize, or re-identify individuals from aggregated or anonymized data;
• attempt to interfere with, disrupt, overload, or degrade the Service or its underlying infrastructure;
• circumvent, disable, or attempt to bypass security, rate-limiting, throttling, or quota features;
• reverse engineer, decompile, or attempt to derive source code from the Service;
• use automated means (bots, scrapers, crawlers) to access the Service except as expressly permitted by us in writing;
• use the Service to develop a competing product or to benchmark for competitive purposes without our prior written permission;
• impersonate another person or entity, including other Treffio Customers or employees;
• use the Service in connection with any high-risk activity where failure of the Service could result in death, personal injury, or environmental damage;
• use the Service to violate sanctions, export controls, or anti-corruption laws.

8. Fair use of communications, ticketing, and storage

The Service includes generous limits for sending email and SMS, ticketing, and file storage. You must use these features in good faith and in proportion to the scale of your events. Treffio may rate-limit, throttle, queue, or refuse to send communications, or impose additional charges, where, in our reasonable judgment:

1. the volume or pattern of activity would damage sender reputation or that of other Customers;
2. the activity exposes Treffio or its subprocessors to legal, security, or reputational risk;
3. the activity is inconsistent with the plan you are subscribed to; or
4. the activity is not in good faith use of the Service.

We will, where practicable, notify you in advance and discuss alternatives.

9. Cooperation with abuse reports

If we receive a credible report of abuse, illegal content, or AUP violation related to your account or events, we may:

1. investigate, including by reviewing logs and metadata;
2. require you to remove or modify offending content or change offending behavior;
3. share information with law enforcement or other authorities where required or appropriate; and
4. take action under Section 11.

10. Reporting violations

If you become aware of a violation of this AUP — for example, abuse on our platform, suspected unauthorized access, or unlawful processing — please report it to [email protected]. We take reports seriously and investigate promptly.

11. Enforcement

Treffio may, depending on the severity, urgency, and recurrence of the violation, take any of the following actions, in any order, with or without prior notice:

1. issue a warning and require corrective action;
2. remove, hide, or modify content that violates this AUP;
3. throttle, rate-limit, or temporarily disable specific features;
4. suspend the relevant Administrator account, the Customer’s subscription, or specific events;
5. terminate the Customer’s subscription for cause under the License Terms;
6. block specific Guest accounts or recipients;
7. disclose information to law enforcement or supervisory authorities, as required or permitted by law;
8. preserve evidence as needed; and
9. claim damages and other remedies available to it under contract or applicable law.

For severe violations — including illegal content, child safety concerns, security threats, or behavior that exposes Treffio or its other Customers to material risk — Treffio may act without prior notice and with immediate effect.

12. Contact

For questions about this AUP, contact us at [email protected].