PurposeThis policy applies to public visitors, customers, portal users, affiliates, freelancers, staff, suppliers, and anyone using or submitting material through our systems.
ActionWe may block, remove, suspend, investigate, report, or preserve evidence where activity creates legal, security, privacy, payment, domain, or operational risk.
Last updated: 1 June 2026. This page is written for a New Zealand business context and is not legal advice.
Contents
- Prohibited content
- Security misuse
- Spam and marketing abuse
- Payment, referral, and domain abuse
- AI and automation misuse
- Consequences
1. Prohibited content and instructions
- Do not submit or ask us to publish unlawful, misleading, fraudulent, defamatory, harassing, hateful, exploitative, infringing, obscene, unsafe, or deceptive material.
- Do not provide content, images, logos, code, lists, software, customer data, or claims that you do not have rights to use.
- Do not submit regulated claims, professional advice, warranties, testimonials, pricing, employment claims, medical claims, financial claims, or legal claims unless you are responsible for their accuracy and compliance.
2. Security misuse
- Do not attempt unauthorised access, privilege escalation, account takeover, credential stuffing, brute force, phishing, social engineering, malware upload, destructive scanning, denial-of-service, scraping, token theft, session abuse, or bypassing Turnstile, rate limits, role checks, signed links, or payment flows.
- Do not upload private keys, passwords, API secrets, card details, production credentials, or other secrets unless a secure transfer method has been agreed.
- Do not probe, scan, or test systems except through the responsible security reporting path and within the boundaries stated on the security reporting page.
3. Spam, messaging, and marketing abuse
- Do not use forms, portal messages, campaign tools, booking tools, affiliate links, referral links, support requests, or file uploads for spam, unsolicited marketing, bulk abuse, nuisance messages, scraped lists, address harvesting, misleading sender identity, or evasion of unsubscribe/suppression rules.
- Marketing contacts and email lists must be collected and used lawfully, with consent or another lawful basis where required, accurate sender information, and functional unsubscribe handling.
4. Payment, referral, affiliate, and domain abuse
- Do not use payment features for fraud, stolen cards, chargeback abuse, false disputes, fake invoices, refund manipulation, or attempts to avoid owed fees.
- Do not use referrals or affiliate resources for self-referrals, duplicate leads, fake leads, paid ads pretending to be ExcelinWeb, cookie stuffing, forced redirects, misleading guarantees, unauthorised brand bidding, coupon abuse, or hidden incentive schemes.
- Do not use domain search, DNS, domain requests, or managed domain services for phishing, impersonation, malware, spam, cybersquatting, trademark abuse, domain fronting, illegal content, or evasion of provider rules.
5. AI, automation, and generated work
- Do not use AI or automation features to generate malware, phishing kits, spam content, credential theft material, deceptive reviews, false claims, evasion instructions, or content that violates this policy.
- Do not submit sensitive personal information, regulated data, secrets, or confidential third-party material into AI fields unless we have approved the secure handling requirements.
- AI-generated drafts, classifications, summaries, studio files, or recommendations must be reviewed before use and may be refused or revised if they create legal, security, brand, or quality risk.
6. Consequences
If we believe this policy has been breached, we may remove content, refuse work, pause delivery, suspend portal access, block forms, reverse referral rewards, withhold commissions, cancel domain requests, terminate services, preserve logs, notify affected parties or providers, report unlawful conduct, or take other reasonable steps to protect the business, customers, users, and systems.