How to Write an Acceptable Use Policy (AUP)

What an AUP Covers

An Acceptable Use Policy defines behavior rules for users of your platform. It covers what users can do, can’t do, and consequences of violations. While your Terms of Service is a broad legal contract covering liability and IP, the AUP focuses specifically on user conduct. It’s critical for platforms with user-generated content, shared infrastructure, and community features. An AUP protects your business, other users, and your infrastructure from abuse.

Essential Sections

Every AUP needs: prohibited content (illegal material, hate speech, harassment, spam, malware, IP violations), prohibited activities (hacking, DDoS, scraping, account sharing, impersonation), resource limits (API rates, storage quotas, bandwidth caps), data handling requirements, and consequences (warnings, suspension, termination, law enforcement reporting). Be specific — ‘don’t do bad things’ isn’t enforceable. List concrete prohibited actions so users know where lines are. Use the Terms of Service Generator for the legal framework.

Enforcement and Consequences

Define a clear enforcement ladder: first violation gets a warning, second a temporary suspension, third permanent termination. For severe violations (illegal content, threats, malware), skip to immediate termination and law enforcement notification. Reserve discretionary action rights. Document all enforcement actions. Include an appeals process for users who believe actions were taken in error.

AUP vs Terms of Service

An AUP is typically a separate document referenced by your Terms of Service. The Terms establishes the contractual relationship; the AUP defines behavioral rules within it. This separation lets you update the AUP more frequently as new abuse patterns emerge without rewriting the entire Terms. Some businesses combine them, but separation is cleaner for enforcement and communication.