Hypedata/ Legal/ Acceptable Use Policy

Acceptable
use policy.

What you can — and cannot — do with the Hypedata Service. The AUP is part of the Terms of Service. Violating it can get your account suspended, your data seized, and, in serious cases, reported to law enforcement.

Versionv2.4 · 2026.04
EffectiveApril 20, 2026
EnforcementTrust & Safety
Report abuseabuse@hypelabs.llc

01Guiding principles

Hypedata believes the open web is a shared resource. We are committed to legitimate research, commerce, journalism, AI training, price intelligence, and the many other lawful uses of public web data. At the same time, we will not be a platform for intrusive surveillance, credential theft, harassment, or the mass harvesting of private information.

This Policy sets the boundaries of what we consider acceptable use. It applies to every HypeLabs Customer, on every plan, in every region — without exception.

Customer responsibility

Hypedata is a neutral technical intermediary. For every URL you submit, you — the Customer — decide what to fetch, why, and what to do with the result. You are responsible for ensuring each scrape is lawful, ethical, and compliant with this Policy.

02General rules

You must not use the Service to:

  • break the law in any jurisdiction that applies to you, the target, or HypeLabs;
  • infringe intellectual property, privacy, publicity, or moral rights;
  • generate unlawful content (defamation, incitement, non-consensual intimate imagery, CSAM, etc.);
  • disrupt, overload, or impair the operation of any website, network, or service, including by generating traffic disproportionate to a reasonable business need;
  • probe, scan, or test the vulnerability of systems you are not authorized to test;
  • evade export controls or sanctions, including those administered by OFAC, the EU, or the UK;
  • harass, stalk, dox, or threaten individuals;
  • promote terrorism, organized violence, or hatred against protected characteristics.

03Prohibited targets

The Service may not be used against:

  • Government authentication systems, tax portals, benefits systems, immigration portals, or criminal-record databases.
  • Critical infrastructure — utilities, hospitals, aviation, emergency services, election systems.
  • Platforms for minors — services directed primarily to children under 18 (e.g. COPPA-covered services), school portals, online classrooms.
  • Medical and healthcare patient portals, electronic health records, telehealth platforms, patient communities.
  • Private member areas of any service where you do not have authenticated access you are entitled to use, including paid subscriptions circumvented, leaked credentials, or shared logins.
  • Specifically designated sensitive databases — sex-offender registries, witness-protection systems, adoption records, and equivalent.

04Prohibited data

You must not use the Service to collect:

  • Authentication material — passwords, session tokens, API keys, 2FA codes, recovery codes.
  • Payment instruments — full card numbers (PAN), CVV, bank account numbers, crypto private keys.
  • Protected identifiers at scale — national ID numbers, SSN, passport numbers, driving-license numbers — unless you hold a valid authorization such as KYC from the data subject or a legal obligation.
  • Sensitive categories within the meaning of Art. 9 GDPR (racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic or biometric data for unique identification, health, sexual orientation) absent a specific lawful basis.
  • Protected health information (PHI) governed by HIPAA.
  • Student records governed by FERPA.
  • Personal data of individuals you know to be minors, without a lawful basis and suitable guardian consent.

This list is not exhaustive. When in doubt, ask legal@hypelabs.llc before launching a campaign.

05Prohibited methods

You must not use the Service for:

  • Credential stuffing, brute-forcing, or enumerating login endpoints;
  • Bypassing paywalls or license restrictions you have not paid for, including rotating anonymous proxies to evade free-article limits you are contractually bound to respect;
  • Impersonating official applications, browsers, or agents in a way designed to defraud the target or its users;
  • Distributed-denial-of-service, reflection, or amplification traffic;
  • Automated account creation on third-party services;
  • Re-identifying individuals in pseudonymous datasets without authorization;
  • Evading a clear and targeted block where a target has contacted you and explicitly requested you stop (as opposed to generic bot-defence mechanisms).

06Industry-specific restrictions

Some industries raise heightened risk and require pre-clearance:

Finance
Scraping of online banking interfaces, investment portals, or brokerage accounts belonging to third parties is prohibited. Open-banking flows require a regulated license (PSD2, Open Banking).
Healthcare
No PHI extraction. Public pharmaceutical pricing and drug-monograph pages are permitted.
Legal
Public court records and public legal filings are permitted; sealed records, juvenile records, and expunged records are not.
Politics / elections
Voter rolls, targeted political profiling, and influence-operation infrastructure are prohibited.
Adult content
Only where the target’s terms expressly permit scraping and all individuals are verifiably adults. CSAM is unconditionally prohibited and reported to NCMEC and local authorities.

07Robots.txt & third-party terms

Hypedata respects robots.txt directives on the public web by default. Customers may disable this respect for specific workloads where there is a lawful basis to do so (e.g., legitimate research, data subject access, journalism, the scraping of content the Customer itself publishes or has a contract to scrape).

Where a target’s terms of service are enforceable against you under applicable law, you must comply with them. Where enforceability is contested (as is currently the case for unilateral “browsewrap” ToS applied to non-account holders in many jurisdictions), you remain responsible for your own legal assessment. HypeLabs does not arbitrate those disputes.

08Enforcement

Our Trust & Safety team monitors the Service for patterns of abuse and reviews individual reports. Enforcement actions include:

  • Warnings — where the conduct is ambiguous or appears unintentional.
  • Throttling — temporarily reducing concurrency or blocking specific target hosts.
  • Suspension — freezing the account pending investigation.
  • Termination — closing the account for serious or repeated violations, with forfeiture of remaining credits.
  • Reporting — for severe violations (CSAM, critical-infrastructure attacks, credible threats), we may proactively report to law enforcement and preserve relevant logs.

HypeLabs will take reasonable steps to act proportionately and, where appropriate, engage with the Customer before terminating — but reserves the right to act without notice when the integrity of the Service, the safety of individuals, or legal obligations so require.

09Reporting abuse

If you are the operator of a target website, a victim of abuse, or a concerned third party and you believe the Service is being misused, please write to abuse@hypelabs.llc with:

  • the URL(s) affected;
  • the approximate date(s) and time(s) of the traffic;
  • any Hypedata “trace-id” header you observed in requests;
  • a description of the harm suffered or suspected.

We acknowledge abuse reports within 24 hours and target a substantive response within 5 business days. Repeat or bad-faith reports may be de-prioritized.

10Contact

Trust & safety
HypeLabs, LLC
30 North Gould Street
Sheridan, WY 82801 · United States
abuse@hypelabs.llc · legal@hypelabs.llc
NCMEC Reporting
ACTIVE
EIN
35-2851293
Related legal documents
Terms of Service
Master agreement
Privacy Policy
Data controller duties
Data Processing Agreement
GDPR processor terms
Acceptable Use
→ You’re reading it