Legal

Acceptable Use Policy

Last updated: 2026-05-13 Effective: 2026-05-13

Acceptable Use Policy — Delivery Zone

Version: 1.0 Last updated: 2026-05-13 Effective date: 2026-05-13

This Acceptable Use Policy ("AUP") defines the rules for using the Delivery Zone API and dashboard. It applies to all customers, API integrators, and organisation members. The AUP supplements our Terms of Service. Capitalised terms have the meanings given in the Terms of Service.

1. Purpose

This AUP protects the integrity, availability, and security of the Delivery Zone service for all customers. Violations of this AUP may result in suspension or termination of your access.

2. Permitted Uses

You may use the service to:

  • Configure and query delivery zone rules for your own delivery operations.
  • Integrate the delivery check API into your own checkout or logistics software.
  • Build applications that use the delivery check API on behalf of your business customers,

provided those customers have agreed to your own terms of service that are at least as protective as ours.

  • Test your delivery zone configurations using the Test Lookup feature.
  • Upload custom postcode datasets for your own operational use.

3. Prohibited Uses

3.1 Illegal and Harmful Activity

You may not use the service to:

  • Facilitate any activity that violates Finnish law, EU law, or other applicable law.
  • Engage in fraud, deception, or misrepresentation.
  • Transmit spam, unsolicited commercial communications, or phishing content via integrations

built on the service.

  • Harass, threaten, or harm any person.

3.2 API Response Storage and Database Reconstruction

You may not:

  • Store, persist, copy, cache, scrape, harvest, bulk download, export, or otherwise retain

Delivery Zone API responses for the purpose of creating, enriching, replacing, or reconstructing any postcode database, delivery-zone database, geographic dataset, distance table, address dataset, or similar derived dataset.

  • Save Delivery Zone API results into your own database or systems except for strictly limited

operational logging that is necessary for debugging, fraud prevention, billing verification, security monitoring, or legal compliance. Such logs must be minimised, access-controlled, and must not be used to recreate the underlying dataset.

  • Use automated scripts, bots, batch jobs, systematic queries, enumeration techniques, or

other methods to extract, map, infer, or reconstruct the coverage, postcode, distance, or delivery-zone data behind the Service.

3.3 Scraping and Data Redistribution

You may not:

  • Scrape, bulk-extract, mirror, or redistribute raw postcode or geographic data from the

service, in whole or in part.

  • Use automated tools to systematically download or copy data from the dashboard or API beyond

normal usage patterns.

  • Build derivative databases from postcode reference data obtained through the service and

distribute them publicly or commercially.

  • Resell, sublicense, publish, disclose, share, redistribute, make available, or provide

third-party access to Delivery Zone API responses, datasets, derived datasets, or validation outputs, whether directly or indirectly.

  • Use the Service or API responses to develop, train, improve, benchmark, or operate a

competing product, data product, postcode validation service, delivery-zone validation service, logistics dataset, or similar commercial service.

3.4 API Abuse

You may not:

  • Send automated API requests at a rate that exceeds your plan's rate limits or monthly quota,

or that is designed to degrade service performance for other customers.

  • Implement retry logic that ignores 429 (Too Many Requests) or 402 (Quota Exceeded) responses.
  • Use the API to conduct load testing or stress testing without prior written permission.
  • Attempt to circumvent monthly quota limits by creating multiple accounts or organisations.

3.5 Security Violations

You may not:

  • Attempt to bypass authentication, rate limiting, RBAC, or any other security control.
  • Conduct unauthorised security testing, penetration testing, or vulnerability scanning of the

service or its infrastructure without our prior written consent.

  • Attempt to access data belonging to other organisations.
  • Probe or test the service in any manner that could cause damage, data loss, or service

disruption.

  • Introduce malware, viruses, ransomware, or other malicious code.

3.6 API Key and Credential Security

You may not:

  • Embed API secret key values in public-facing frontend JavaScript, mobile application code,

public GitHub repositories, or any other publicly accessible location.

  • Share your account credentials or API keys with parties outside your organisation.
  • Use a single API key across multiple unrelated business entities without separate accounts.

3.7 Resale and Sublicensing

You may not:

  • Resell, sublicense, or white-label access to the Delivery Zone API itself as a standalone

product without our prior written consent.

  • Operate the service on behalf of third parties in a way that effectively makes you a reseller

of the API access rather than a builder of an integrated product.

Note: Building your own product or service on top of the Delivery Zone API is explicitly permitted.

3.8 Misrepresentation of Results

You must not:

  • Present API delivery check results to your end customers in a way that guarantees delivery

outcomes beyond what the API actually determines.

  • Misrepresent the source or meaning of postcode check results.
  • Use a positive delivery check result as a legally binding or contractual promise of delivery

to your end customers without your own separate operations review.

4. Rate Limits

Each plan includes a monthly API call quota and a per-minute rate limit. Details are shown in the dashboard under Billing / Usage. When you exceed:

  • Monthly quota: API requests return HTTP 402 Payment Required.
  • Per-minute rate limit: API requests return HTTP 429 Too Many Requests.

Implement appropriate retry logic with exponential back-off. If you consistently need higher limits, please upgrade your plan or contact us at [email protected] to discuss custom arrangements.

5. Consequences of Violations

Delivery Zone may suspend, throttle, block, or terminate access to the Service if it reasonably suspects misuse, excessive querying, dataset reconstruction, scraping, resale, unauthorised storage, or other prohibited use. Such actions may be taken without prior notice where the suspected violation poses an immediate risk to the integrity of the Service or its underlying licensed data.

We reserve the right to:

  • Suspend access temporarily for AUP violations while we investigate.
  • Terminate access permanently for serious or repeated violations.
  • Pursue legal remedies for violations that cause material harm to us or to other customers.

For minor violations (e.g., accidental rate limit abuse), we will generally notify you and give you an opportunity to correct the issue before taking action.

For severe violations (e.g., active security attacks, data scraping at scale, dataset reconstruction, bulk enumeration, or introducing malware), we may act without prior notice.

Refunds are not automatically issued for suspensions or terminations resulting from AUP violations.

6. Reporting Misuse

If you believe someone is misusing the service, abusing your API keys, or conducting unauthorised security testing, please report it immediately:

We take all reports seriously and will investigate promptly.