Acceptable Use Policy

Last updated: 29 April 2026 · Version 1.0

This Acceptable Use Policy ("AUP") sets out what you may and may not do with the Tuma SMS - Nei Shot platform. It is incorporated by reference into our Terms of Service. Breach of this AUP is grounds for immediate suspension or termination of your account, without refund.

The AUP exists because we are accountable to mobile carriers (MTC, Telecom Namibia, Clickatell, and others), email providers, and the Communications Regulatory Authority of Namibia (CRAN). When messages from our platform are abusive, all customers suffer through carrier rate-limiting, blocked sender IDs, and IP reputation damage.

Contents 1. Prohibited content 2. Prohibited conduct 3. Recipient consent 4. Opt-out 5. Sender identification 6. Sensitive industries 7. Technical limits 8. Enforcement 9. Report abuse

1. Prohibited content

You may not use the platform to send messages that:

Are unlawful, fraudulent, deceptive, or misleading.
Promote phishing, malware, account-takeover, money-laundering, or any financial scam (including fake banking alerts, fake delivery notices, "you've won" lottery scams, and crypto pump-and-dump schemes).
Promote pornography, prostitution, or child sexual abuse material.
Promote violence, terrorism, hate speech, or harassment of any individual or group.
Promote illegal drugs, illegal firearms, illegal gambling, or other unlawful goods or services.
Infringe intellectual property, defame any person, or breach any other party's privacy.
Contain viruses, worms, trojans, ransomware, or any malicious payload.
Are intended to harass, threaten, intimidate, or stalk any person.

2. Prohibited conduct

You may not:

Send unsolicited bulk messages (spam) to recipients who have not opted in or do not have an existing relationship with you.
Buy, rent, scrape, or otherwise acquire recipient lists where you cannot demonstrate opt-in;
Bypass or attempt to bypass our suppression list, opt-out handling, rate limits, or quiet-hours policy;
Re-import a recipient who has unsubscribed from your tenant in order to message them again;
Use sender IDs that impersonate banks, government agencies, mobile networks, courier services, or any other organisation you do not represent;
Probe, scan, or test the vulnerability of our systems without prior written consent;
Reverse-engineer the platform, attempt to extract source code, or circumvent authentication or rate-limit controls;
Resell, sub-licence, or white-label the platform without a separate written agreement with us;
Use another person's account or share your credentials with anyone outside your organisation.

For every recipient on every campaign, you must be able to produce, on request, evidence of a lawful basis to message them. Acceptable bases include:

Express opt-in (e.g. they ticked a checkbox on your sign-up form);
Active customer relationship within the last 24 months;
Legal obligation (e.g. a school sending term-fee reminders to enrolled parents);
For non-commercial transactional messages, a clearly identifiable purpose (e.g. confirming an appointment a recipient booked).

The platform stores per-contact consent fields (consent_source, consent_method, consent_at, consent_ip, consent_evidence). Use them.

4. Opt-out

Every commercial SMS campaign must include a free opt-out instruction. We process the following keywords automatically (case-insensitive) and suppress the recipient on receipt: STOP, UNSUBSCRIBE, OPT-OUT, QUIT.

Every email campaign must include a working unsubscribe link. We inject one automatically if your template does not include one.

Opt-outs are global per tenant - once a recipient unsubscribes from your tenant, no further messages may be sent to them by your tenant via any channel without fresh, documented re-opt-in.

5. Sender identification

Sender IDs (alphanumeric or numeric) must accurately identify the sending business. You may not impersonate any third party, public authority, or competitor. Carriers may reject or rewrite sender IDs at their discretion.

6. Sensitive industries

The following industries require pre-approval and may incur additional compliance review and surcharges before sending: credit / lending, gambling, debt collection, adult services, political campaigning, religious solicitation. Contact support@tumasms.online before sending.

7. Technical limits

Default API and platform limits include:

API requests: 60 per minute per key (higher available on request).
Bulk-send endpoint: 1,000 messages per request.
Quiet-hours window: configurable per tenant; defaults aligned with CRAN guidance.
Webhooks: auto-disabled after 20 consecutive failures to your endpoint.

8. Enforcement

If we identify a breach we may, in our discretion and without prior notice:

Pause the campaign in flight;
Suspend the offending tenant or user;
Disable API keys;
Refuse refunds;
Report the conduct to the relevant carrier, regulator (CRAN), or law enforcement.

Repeated or severe breaches will result in permanent termination.

9. Report abuse

If you have received a message you believe was sent in breach of this AUP, email abuse@tumasms.online with the full message text, the sender ID, your phone number / email, and the date received. We investigate every report.