Terms of Service
Privacy Policy
Acceptable Use Policy
Data Processing Addendum
Sub-Processor Disclosure

Acceptable Use Policy

Version
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Review Engine Acceptable Use Policy (AUP)

Version: 1.0 (Current)
Owner: Tiny Mammoth, Inc. (“Review Engine,” “we,” “us,” “our”)
Contact: support@review-engine.com

This AUP sets the ground rules for using Review Engine’s Services and technology (including via clients’ websites or platforms). Examples below are illustrative, not exhaustive. This AUP is incorporated into the Terms of Service and may be updated from time to time. Using the Services means you agree to the latest version.

If, in our reasonable judgment, you (or anyone acting for you) violate this AUP—or help someone else do so—we may suspend or terminate access, throttle traffic, block content, or take other action to protect users, carriers, and our platform.

1) General Requirements (Read This First)

Deliverability and compliance go hand-in-hand. To keep messages landing (and carriers happy), you must:

  • Send only communications permitted by law and by this AUP.
  • Obtain valid consent (opt-in) for the message type you send.
  • Provide clear sender identification and a simple opt-out in the first message (and where required thereafter).
  • Keep records of consent and opt-outs.
  • Follow carrier and CTIA rules (including A2P 10DLC in the U.S.).
  • Never attempt to evade filters or carrier detection.

2) Consent (Opt-In) Requirements

2.1 Standard Consent

Before sending your first message to a recipient, obtain their express consent for the specific use case (e.g., review request, appointment reminders). Keep a record (form copy, timestamp, source page, double-opt-in log, etc.). If you don’t send within a reasonable time after opt-in, reconfirm consent in the first message you do send.

Consent is not transferrable. No purchased lists. No “blanket” consent across unrelated brands.

2.2 Alternative Paths (Limited Scope)

  • User-initiated contact: If a person texts you first (e.g., “What are your hours?”), you may respond on-topic within that conversation. New or different message types require fresh consent.
  • Informational messages with prior relationship: Allowed if the recipient provided the number, took an action triggering the communication, and hasn’t opted out (e.g., receipts, one-time passwords, appointment reminders, order updates). No marketing in these.

2.3 Periodic/Ongoing Messages

Remind recipients how to unsubscribe (see §4). Respect stated frequency preferences. Reconfirm consent periodically and as required by law or industry best practices.

2.4 Quiet Hours (Jurisdictional)

Observe applicable quiet hours (e.g., TCPA 8am–9pm recipient local time). Configure local-time sends whenever possible.

3) Identify Yourself Clearly

Every initial message must state who you are (the brand that obtained consent). Ongoing back-and-forth in the same thread doesn’t need to repeat the brand in each reply, but it must remain on-topic.

4) Opt-Out (Revocation of Consent)

Include opt-out instructions in your first message:
“Reply END to unsubscribe.” We also honor STOP, STOPALL, UNSUBSCRIBE, QUIT, CANCEL.

  • Opt-outs must be processed immediately. You may send one confirmation (“You’re unsubscribed. Reply START to rejoin.”)
  • Do not message again unless a new opt-in occurs.
  • Honor HELP/INFO with a short help response and contact method.

Maintain auditable logs of opt-outs.

5) Prohibited Content & Use

You may not use the Services to transmit, promote, or link to content involving:

  • Unsolicited or unlawful messaging (spam), or any messaging without proper consent.
  • Illegal, harmful, or fraudulent activity (e.g., scams; phishing; spoofing; “get-rich-quick” schemes; deceptive lead gen).
  • High-risk financial products/services (e.g., payday loans, credit repair, third-party debt relief).
  • Regulated/illegal substances (e.g., cannabis/CBD where restricted; non-OTC prescription drugs).
  • Gambling (where prohibited).
  • SHAFT categories: Sex, Hate, Alcohol, Firearms, Tobacco (including vaping), unless explicitly allowed by law and carrier policy and pre-approved by us and our carriers.
  • Infringing content (IP violations).
  • Harassing, defamatory, obscene, or abusive content.
  • Malware or harmful code (viruses, worms, etc.).
  • Third-party lead brokering (buying/selling/share lists), or contacting anyone who did not directly consent to your brand.

Payments: If using payment features, you must not operate in prohibited industries under our processors’ rules (e.g., Stripe/QuickBooks prohibited lists).

6) Evasion & Abuse Are Strictly Forbidden

  • Filter evasion content: Don’t intentionally misspell terms or craft non-standard opt-outs to dodge carrier blocks.
  • Snowshoeing: Don’t spread similar/identical messages across many numbers/senders to bypass filtering.
  • Shared public URL shorteners: Don’t use shared shorteners (e.g., bit.ly, tinyurl). Use your own branded domain or our vetted link tools.
  • Falsified identity/origin: No spoofing or forged headers.
  • Rate/rule circumvention: Don’t bypass throughput or rate limits.

7) Scope of Use & Reasonable Use

Your Scope of Use (locations, users, volumes, features) is defined in your Subscription Documentation. “Unlimited” features (if any) mean normal business use—not high-volume broadcast or abuse.

We may throttle, queue, or temporarily suspend if usage threatens platform stability, violates carrier rules, or exceeds agreed limits.

8) Carrier & A2P 10DLC Compliance (U.S.)

  • Registration: U.S. A2P messaging typically requires brand and campaign registration. You must provide accurate info and supported use-case descriptions.
  • Templates & disclosures: Content must match registered campaign types; include required legal disclosures; use standard STOP/HELP keywords.
  • Vet changes: Material changes to use cases may require re-registration or approval.
  • Penalties: Carriers impose fees/blocks for non-compliance. You are responsible for such pass-through fees.

9) Voice & Recording

If you enable voice features or call recording, you must:

  • Comply with all one-party/two-party consent laws.
  • Provide notice and obtain any legally required consent before recording.
  • Store and access recordings securely; delete when no longer needed.

10) Data, Privacy & Sensitive Information

  • Processor role: For most client/customer data, Review Engine acts as processor/service provider (see Privacy Policy + DPA).
  • HIPAA/PHI: The Services are not designed for PHI by default. Do not send or store PHI unless your account is configured for HIPAA use and you have an executed BAA with us.
  • GDPR/CCPA: You must fulfill your controller obligations (lawful basis, notices, rights handling) and honor data subject requests.
  • Consent records: Retain opt-ins, opt-outs, and preference logs for the period required by law/carrier policy.

11) API, Automation, and AI

  • API/Automation: Use APIs and automations within your Scope of Use and rate limits. No scraping, brute force, or security testing without written permission.
  • AI features: AI-assisted outputs can be imperfect. You are responsible for reviewing content and ensuring it complies with law and this AUP before sending.

12) Monitoring & Enforcement

We may (but are not obligated to) monitor content, metadata, deliverability, complaint rates, blocklists, and abuse signals to protect the platform and the ecosystem. If we detect violations or elevated risk, we may:

  • warn you and request remediation;
  • block specific traffic, links, or senders;
  • throttle throughput or pause campaigns;
  • require new opt-in verification or template changes;
  • suspend or terminate access; and/or
  • report illegal activity to carriers, partners, or authorities.

You’re responsible for any carrier fines, pass-through fees, damages, or costs arising from your use.

13) Reporting Violations

See something off? Report immediately to support@review-engine.com with details (sender, content, timestamp, phone numbers/IDs, screenshots). We may ask for additional logs so we can triage quickly.

Effective: