This Acceptable Use Policy ("AUP") governs your use of the Oryn Inventory Management System ("Service")
operated by Oryn Systems LLC, a Michigan limited liability company. This AUP is incorporated by
reference into our Terms of
Service.
By using the Service, you agree to comply with this AUP. We may update this AUP from time to time, and
your continued use of the Service constitutes acceptance of any changes.
2 Prohibited Conduct
You may not use the Service to engage in any of the following activities:
2.1 Illegal Activities
Violate any applicable local, state, national, or international law or regulation
Facilitate or promote illegal activity, including fraud, money laundering, or trafficking
Track, store, or manage inventory of illegal goods, contraband, or controlled substances in
violation of applicable law
Violate export control laws, sanctions, or trade embargoes
2.2 Harmful or Abusive Behavior
Harass, bully, threaten, abuse, defame, or intimidate any person
Post or transmit content that is hateful, discriminatory, obscene, or promotes violence
Impersonate any person, entity, or Oryn Systems LLC personnel
Stalk or monitor another user without their consent
2.3 Intellectual Property Infringement
Upload, store, or transmit content that infringes on any patent, trademark, trade secret, copyright,
or other intellectual property right of any party
Use the Service to distribute pirated software, media, or other copyrighted material
Remove, alter, or obscure proprietary notices on any content in the Service
2.4 System Interference
Disrupt, degrade, or interfere with the Service or its infrastructure
Introduce malware, viruses, trojans, worms, ransomware, or other malicious code
Conduct denial-of-service (DoS/DDoS) attacks or flood attacks against the Service
Probe, scan, or test the vulnerability of the Service without written authorization
Bypass, disable, or circumvent any security features, authentication, or access controls
2.5 Data Misuse
Access, download, or export another tenant's data without authorization
Use the Service to collect, store, or process personal data in violation of applicable privacy laws
(including GDPR, CCPA/CPRA, and state privacy laws)
Store regulated data (PHI, PCI data, classified information) in the Service without explicit prior
written agreement from Oryn Systems LLC
Attempt to de-anonymize, re-identify, or correlate anonymized or aggregated data to specific
individuals
3 Data Scraping and Automated Access
Automated access to the Service is subject to strict limitations:
Prohibited Scraping — You may not use bots, scripts, web crawlers, spiders, screen
scrapers, or any automated means to access, extract, download, index, or mine data from the Service
without our prior written authorization
Authorized API Use — The only authorized method of automated access is through our
published APIs, subject to the terms described in our Terms of Service and published API
documentation
Rate Limit Respect — You must respect all published rate limits. Intentionally
circumventing rate limiting (e.g., via distributed requests, rotating IP addresses, or credential
multiplexing) constitutes a violation of this AUP
User-Agent Identification — All automated requests must include accurate User-Agent
headers identifying your application and contact information
Caching — You are encouraged to implement appropriate caching to minimize API
calls. Do not make redundant or unnecessarily frequent requests
Enforcement: Automated access that exceeds reasonable usage thresholds or
circumvents technical controls may be blocked immediately without notice. Persistent violations will
result in permanent API key revocation and account termination.
4 Multi-Account Abuse
Each individual and organization may maintain only the number of accounts authorized under their
subscription plan:
One Primary Account — Each individual may maintain one user account. Creating
multiple accounts to circumvent usage limits, free tier restrictions, suspension enforcement, or ban
evasion is strictly prohibited
Organization Account Limits — Each organization receives one tenant account.
Registering multiple tenants for the same organization to artificially multiply resource allocations
is a violation
Free Tier Abuse — Creating multiple free tier accounts (whether using different
email addresses, aliases, or identities) to exceed free tier limits is prohibited
Suspension Evasion — If your account is suspended or terminated, creating a new
account without our written permission constitutes a violation of this AUP and our Terms of Service
5 Export Control Compliance
You agree to comply with all applicable export control and trade sanctions regulations when using the
Service:
You may not use the Service to manage, track, or facilitate the movement of goods, materials, or
technologies subject to export controls (e.g., ITAR, EAR) without appropriate U.S. government
authorization
You may not provide access to the Service to individuals or entities located in countries subject to
comprehensive U.S. sanctions
You must not use the Service to circumvent any export control, trade sanction, or embargo regulation
If you believe your inventory includes export-controlled items, you are solely responsible for
obtaining all required licenses and ensuring compliance. The Service does not validate export
classification
Violations of export control laws through use of the Service will result in immediate account termination
and may be reported to relevant government authorities.
6 Shared Account Responsibility
If your organization grants access to multiple team members under a shared tenant account:
Administrator Responsibility — Organization administrators are responsible for
ensuring all users within their tenant comply with this AUP and the Terms of Service
Individual Credentials — Each user must have their own individual login
credentials. Sharing login credentials between individuals is prohibited
Access Revocation — Administrators must promptly revoke access for employees or
contractors who are no longer authorized (e.g., upon termination, role change, or contract
expiration)
Activity Accountability — The organization is liable for all activities performed
by its users within the Service, regardless of whether the specific actions were authorized by the
administrator
Principle of Least Privilege — Administrators should configure roles and
permissions so that users have only the minimum access necessary to perform their duties
7 Network and Infrastructure Abuse
The following network and infrastructure activities are strictly prohibited:
Network Scanning — Scanning ports, network ranges, or service endpoints of the
Service's infrastructure without explicit written authorization from Oryn Systems LLC
Traffic Manipulation — Spoofing IP addresses, DNS records, HTTP headers, or any
other network traffic identifiers
Bandwidth Abuse — Consuming excessive bandwidth through bulk data uploads,
downloads, or transfers designed to degrade service performance
Cryptomining — Using the Service or its infrastructure for cryptocurrency mining,
proof-of-work computation, or similar resource-intensive operations
Proxy/Relay Services — Using the Service as a proxy, relay, tunnel, VPN, or
anonymization service
DNS Abuse — Using the Service to conduct DNS amplification attacks, cache
poisoning, or other DNS-based attacks
8 Resource Usage
8.1 Fair Use
You agree to use the Service's resources reasonably and in accordance with your subscription plan. You
may not:
Exceed published rate limits, API quotas, or storage allocations
Use automated tools to generate excessive requests, uploads, or data transfers
Use the Service as a general-purpose data storage or file hosting service unrelated to inventory
management
Consume disproportionate amounts of system resources that negatively impact other users
Deliberately trigger resource-intensive operations (e.g., bulk report generation, mass exports)
during peak hours to degrade performance for other tenants
8.2 API Usage
If you access the Service through APIs, you must:
Comply with all published rate limits and usage guidelines
Implement appropriate error handling and exponential backoff strategies
Identify your integration with accurate User-Agent headers
Not use APIs to scrape, harvest, or aggregate data for unauthorized purposes
Limit concurrent connections to the published maximum for your subscription tier
8.3 Storage Limits
Your use of storage capacity (including inventory records, attachments, images, and exported reports) is
subject to the limits of your subscription plan. If you approach or exceed your storage allocation, we
will notify you and may throttle uploads until additional capacity is provisioned or data is reduced.
9 Security Requirements
As a user of the Service, you have security obligations:
Password Security — Use strong, unique passwords and do not share account
credentials. We recommend passwords of at least 12 characters with a mix of uppercase, lowercase,
numbers, and symbols
Multi-Factor Authentication — Enable MFA when available. Organization
administrators may require MFA for all users within their tenant
Access Control — Configure appropriate roles and permissions for your team members;
apply the principle of least privilege
Device Security — Ensure devices used to access the Service have current security
patches, up-to-date operating systems, and active malware protection
Session Management — Log out of shared or public devices after use
API Key Management — Rotate API keys regularly (at minimum every 90 days), never
embed keys in client-side code or public repositories, and revoke compromised keys immediately
Incident Reporting — Report any suspected security incidents, unauthorized access,
or vulnerabilities to [email protected] immediately
9.1 Responsible Disclosure
If you discover a security vulnerability in the Service, we ask that you report it to us responsibly by
emailing [email protected]. Do not publicly
disclose the vulnerability until we have had a reasonable opportunity to address it (minimum 90 days).
We will not take
legal action against individuals who report vulnerabilities in good faith and in compliance with this
policy.
9.2 Security Incident Cooperation
In the event of a security incident affecting your account or tenant, you agree to cooperate fully with
our security team, including providing relevant logs, access information, and user activity details
necessary for investigation and remediation.
10 Content Restrictions
All content you upload, enter, or transmit through the Service must:
Be related to legitimate inventory management operations
Not contain malicious code, scripts, or executable content
Not violate any laws or the rights of any third party
Not be sexually explicit, violent, or promote illegal activities
Not contain personal data of individuals without their consent or a lawful basis
Not contain defamatory, libelous, or knowingly false information
Not include content designed to mine, phish, or socially engineer other users
We reserve the right to review, remove, or restrict access to content that violates this AUP, with or
without notice. We may employ automated scanning to detect prohibited content types but are under no
obligation to monitor all content.
11 Monitoring and Logging
To enforce this AUP and ensure Service integrity, we may monitor and log:
API request patterns, volumes, and error rates
Login attempts, authentication events, and session activity
Network traffic patterns and bandwidth consumption
Storage utilization and data transfer volumes
Administrative actions and configuration changes
Monitoring is performed in accordance with our Privacy Policy. We do not read the content
of your inventory data or business records as part of routine monitoring. Monitoring data is used solely
for security, abuse prevention, capacity planning, and AUP enforcement.
12 Enforcement
12.1 Actions We May Take
If we determine that you have violated this AUP, we may take one or more of the following actions at our
sole discretion:
Warning — Issue a written warning describing the violation and required corrective
action
Temporary Suspension — Temporarily suspend your access to the Service pending
investigation
Feature Restriction — Disable specific features, API access, or functionality
related to the violation
Rate Limiting — Apply additional rate limits or throttling to your account
Data Quarantine — Quarantine or restrict access to data associated with the
violation
Account Termination — Permanently terminate your account without refund
Legal Action — Pursue legal remedies, including seeking compensatory and injunctive
relief
Law Enforcement Referral — Report violations to relevant law enforcement
authorities
The severity of enforcement action will be proportional to the nature, severity, and recurrence of the
violation. We will attempt to provide notice before taking enforcement action, except where immediate
action is necessary to protect the Service, other users, or comply with legal obligations.
12.2 Appeals
If you believe enforcement action was taken in error, you may appeal by emailing [email protected] within 30 days of
the
action. Include your account details and a description of why you believe the action was unwarranted. We
will review appeals in good faith and respond within 15 business days.
12.3 Repeat Violations
Users who repeatedly violate this AUP may face escalating enforcement actions. A pattern of violations,
even if individually minor, may result in account termination. We maintain records of prior violations
for the purpose of identifying repeat offenders.
13 Reporting Violations
If you become aware of any violation of this AUP by another user, please report it to us:
Please include as much detail as possible, including screenshots, timestamps, and user information, so
that we can investigate effectively. Reports are handled confidentially and reporters will not be
identified to the reported party without consent or legal requirement.