ROAS.to
Start free trial

Acceptable Use Policy

Last updated: May 10, 2026

This Acceptable Use Policy (the "AUP") is part of and incorporated into the Terms of Service between ROAS.to and you ("Customer", "you"). It applies to all use of the Service, by you, by anyone you allow to use your account, and by anything (automation, AI, scripts, integrations) you cause to interact with the Service.

A violation of this AUP is a material breach of the Terms of Service and may result in suspension or termination without refund (Terms of Service, Section 17). We may, at our sole discretion, treat any conduct that we reasonably believe is materially equivalent to a listed violation as a violation of this AUP, and we reserve broad enforcement discretion.

1. You are responsible for everything done under your account

You are responsible for the content, configuration, automation, AI prompts, tracking deployments, and integrations on your account, regardless of whether you, a team member, an automation rule, an AI feature, an external integration, or an attacker is the proximate cause. We treat all account activity as your conduct for purposes of this AUP.

2. Compliance with applicable platform policies and law

You will, at all times, comply with: (a) all laws, regulations, and government orders applicable to you, your Customers' Data, and your advertising, including data protection, consumer protection, advertising-and-marketing, anti-spam, anti-discrimination, anti-money-laundering, sanctions, export-control, tax, and platform-specific laws; (b) the policies of every third-party platform you interact with through the Service, including Meta's Advertising Policies, Terms of Service, Commercial Terms, Platform Terms, and Conversions API Terms, as well as the policies of your e-commerce platform, your tracker, and any other connected service; and (c) this AUP. Where applicable law and a platform policy diverge, you must comply with both, or stop the activity.

3. Prohibited uses

You will not use the Service, or permit anyone else to use the Service, to:

3.1 Engage in unlawful or fraudulent activity

  • Promote, facilitate, or engage in any activity that is unlawful in any jurisdiction in which the activity is conducted or targeted (including the jurisdictions of the data subjects affected)
  • Run advertising campaigns or operate landing pages that are deceptive, fraudulent, or misleading, including baiting, false or non-existent products, fake reviews, fake scarcity / urgency, fake celebrity endorsements, deepfakes of real persons, fake news framing, fake login pages, fake government or regulator branding, or false claims about price, performance, sponsorship, approval, or affiliation
  • Conduct or facilitate financial fraud, including credit-card or banking fraud, identity theft, money laundering, terrorist financing, sanctions evasion, fake-charity scams, ad-arbitrage scams, click fraud, or affiliate fraud against any network
  • Run unauthorized lotteries, sweepstakes, or contests; impersonate licensed professionals (lawyers, doctors, financial advisors); or claim regulatory authorization, certification, or membership you do not have

3.2 Promote dangerous, harmful, or sensitive content

  • Sexual exploitation of minors (including any depiction, simulation, or facilitation of CSAM); content sexualizing minors; or content designed to groom minors
  • Illegal drugs, controlled substances, or unapproved supplements, treatments, or medical devices; weapons, ammunition, explosives, or weapon-modification guides; counterfeit goods; stolen goods; products restricted by applicable customs / import law in the targeted jurisdiction
  • Content that incites violence, threatens specific individuals or groups, glorifies terrorism, dehumanizes a protected class, organizes harassment, or promotes self-harm, suicide, or eating disorders
  • Adult sexual content, sexually explicit pornographic content, escort services, or any product or service marketed primarily for sexual gratification, where such content is prohibited by Meta's policies, the law of the targeted jurisdiction, or both
  • Surveillance, doxing, stalkerware, hidden-recording products and services, and any product or service that facilitates non-consensual collection of personal information about identifiable individuals
  • Hate speech, discriminatory targeting, or discriminatory exclusion of audiences on the basis of race, ethnicity, religion, national origin, sex, gender identity, sexual orientation, age, disability, or other protected characteristic, in violation of applicable law or Meta policy

3.3 Run high-risk verticals without compliance

Some verticals are not categorically prohibited but are high-risk and subject to strict platform-policy and legal requirements. You may run them only if you can comply fully with all applicable policy and law. We may require you to provide evidence of compliance before continuing. Examples (non-exhaustive):

  • Health, supplements, weight loss, beauty, before-and-after imagery, medical claims, mental-health products, dental and cosmetic procedures
  • Financial services, investment, securities, crypto-assets, lending, buy-now-pay-later, payday lending, credit-repair, debt-relief, insurance, forex, gambling, betting, prediction markets
  • Cannabis, CBD, vaping, tobacco, and tobacco-adjacent products
  • Online dating, relationship coaching, fertility services, sexual-wellness products
  • Multi-level marketing (MLM), "get rich quick" offers, info-product upsell funnels with high refund or chargeback rates
  • Politically sensitive issues, social issues, elections, and political-actor advertising — subject to Meta's authorization and disclaimer requirements and to local political-advertising law
  • Firearms accessories, replicas, and ammunition (where lawful)
  • Children's products and services targeted at minors — subject to COPPA, the UK Age Appropriate Design Code, and equivalents

3.4 Abuse the Service or third-party platforms

  • Connect ad accounts, Pages, Pixels, Business Managers, or other assets you are not authorized to manage; use stolen, fraudulently obtained, or sold Facebook credentials or sessions; or rent / buy / sell access to Business Managers, pixels, or ad accounts in violation of platform policy
  • Use multiple accounts to circumvent platform enforcement, evade ad-account bans, exhaust trial limits, exceed AI cost caps, or split a single business across many low-spend accounts to evade scrutiny
  • Use ROAS.to to send Meta API requests in volume designed to exhaust rate limits, exhaust BUC quota, or overwhelm Meta's systems on behalf of yourself or others; use ROAS.to as part of any platform-attack tooling
  • Use the Service to stuff cookies, hijack affiliate clicks, divert traffic attribution from another tracker, or otherwise commit attribution fraud
  • Use the Service to spam, send unsolicited messages, or violate CAN-SPAM, the EU ePrivacy Directive, the UK PECR, CASL, or the Israeli Spam Law
  • Cloak ads or landing pages so that what is shown to platform reviewers differs materially from what is shown to ordinary visitors, in violation of platform policy

3.5 Compromise security and integrity

  • Attempt to access another Customer's account, data, encryption keys, or infrastructure; attempt cross-Customer information disclosure; attempt to defeat tenant isolation, escalate privileges, or impersonate ROAS.to staff or other Customers
  • Reverse-engineer, decompile, disassemble, derive the source code, retrain on, or extract trade secrets, model weights, embeddings, or system prompts of the Service, except to the extent that such restriction is prohibited by applicable law
  • Probe, scan, or test the vulnerability of the Service or any sub-processor; conduct any unauthorized penetration test, fuzzing, denial-of-service test, or load test (responsible disclosure of suspected vulnerabilities is welcome — see Section 5)
  • Upload or transmit malware, viruses, ransomware, time-bombs, logic bombs, cryptominers, or any other malicious code; use the Service to host, redirect to, or distribute malicious content
  • Forge HTTP headers, signed-request payloads, OAuth state, webhook signatures, HMAC tokens, or any other authentication or integrity primitive used by the Service or any third-party platform
  • Bypass rate limits, scrape, or use automated means (other than the documented APIs) to interact with the Service
  • Use the Service to perform server-side request forgery (SSRF), or to probe the internal network of any third party or our subprocessors

3.6 Misuse AI features

  • Use AI features to generate prohibited content listed elsewhere in this AUP, including CSAM, non-consensual intimate imagery, deepfakes of real persons without consent, terrorism-related content, weapons-development guidance, or cyberweapon code
  • Conduct prompt-injection or jailbreaking against the Service's own prompts, attempt to exfiltrate system prompts or other internal context, or attempt to coerce AI features outside their intended scope
  • Use AI features to generate content that infringes third-party intellectual property, including unauthorized reproduction of copyrighted text or imagery beyond fair-use principles
  • Use AI features to commit defamation against identifiable persons, fabricate reviews or testimonials, or mislead consumers as to whether content was AI-generated where applicable law requires disclosure
  • Use AI outputs without the human review required by Section 10 of the Terms of Service before publishing them to ad accounts, websites, emails, or any other visitor-facing surface

3.7 Privacy and data violations

  • Send to the Service personal data for which you have no lawful basis, or special-category / sensitive personal data outside any narrow basis we have expressly agreed to in writing
  • Send to the Service any data subject to specific regulatory regimes we have not contracted for (for example, US HIPAA-protected health information, payment-card primary account numbers, financial-account credentials, or US/EU national-security-classified material)
  • Send to the Conversions API hashed contact fields without a lawful basis, without honoring the data subject's opt-out signals, or about a person who has withdrawn consent
  • Use the Service to identify, profile, or surveil individuals on behalf of any government, law-enforcement agency, or third-party investigator
  • Combine, enrich, or repurpose end-user data we process for you with other data sets in a manner inconsistent with the disclosures and consents you obtained from those end users

3.8 Reseller / agency restrictions

You may use the Service to manage Meta ad accounts of clients you serve in an agency or media-buying capacity, provided that: (a) each Business Manager is connected with proper authorization from its owner; (b) you do not white-label, rebrand, sublicense, or resell the Service itself without our prior written consent; and (c) you remain solely responsible for compliance with these Terms and this AUP for every connected client. Multi-tenancy schemes designed to disguise reselling will be treated as a material breach.

4. Enforcement

We may, in our sole discretion, take any of the following actions, with or without notice, where we reasonably believe a violation has occurred or is imminent:

  • Issue a warning and request remediation within a stated period
  • Throttle, pause, restrict, or disable specific features (including automation, AI, sync, cloning, conversions forwarding) on your account
  • Pause or quarantine specific assets (campaigns, ad sets, ads, pixels, tracking deployments) that we reasonably believe are abusive or unsafe
  • Suspend your account in whole or in part
  • Terminate your account without refund
  • Retain a residual record of the violation as part of our fraud and abuse controls (see Privacy Policy Section 12)
  • Report the violation to the affected platform (including Meta), to any affected Customer, to a competent authority, or to law enforcement, where required by law or where we reasonably believe it is necessary to protect a third party from imminent harm
  • Pursue any other remedy available under contract, law, or equity, including recovery of costs and damages

We may take enforcement action even where the conduct is technically permitted by a third-party platform but is, in our reasonable judgment, contrary to the spirit of this AUP, harmful to other Customers, or likely to cause platform enforcement against ROAS.to itself.

Suspension or termination for violation of this AUP does not entitle you to a refund. You remain liable for all fees due, all spend already incurred on connected platforms, and all consequences of the violation, including indemnification under the Terms of Service.

5. Reporting and responsible disclosure

  • Report abuse: abuse@roas.to
  • Responsible disclosure of vulnerabilities: security@roas.to — please give us a reasonable opportunity to remediate before public disclosure
  • Copyright (DMCA-style) complaints: abuse@roas.to with the information required by 17 U.S.C. § 512(c)(3) (or your jurisdiction's equivalent)

6. Changes

We may update this AUP from time to time. Material changes will be communicated as set out in the Terms of Service. The "Last updated" date above indicates when the most recent changes were made.