martinCRM

Legal

Acceptable Use Policy

The rules every user must follow when using the martinCRM software product. Breaching this policy may result in suspension or termination of access.

Last updated:
4 May 2026
Effective:
4 May 2026

DRAFT — pending external legal review

This document is a working draft published for transparency. It reflects an internal review but has not yet been signed off by external legal counsel and is not intended to create binding obligations. We will publish the final version, with an effective date, before martinCRM accepts paying customers. Questions: legal@martincrm.com.au.

On this page

This Acceptable Use Policy (the “AUP”) forms part of the martinCRM Terms of Service and applies to every Customer and Authorised User of the martinCRM software product (the “Service”).

1. Overview

The Service is designed to help Australian financial-advice practices manage their client relationships. To keep the Service safe, legal and useful for everyone, all users must follow this AUP. We may update this AUP from time to time; the version published on this page is the version that applies.

2. Who this applies to

This AUP applies to:

  • the Customer (the entity or person that signs up);
  • every Authorised User the Customer adds to its account (employees, contractors, paraplanners, advisers, etc.);
  • anyone who accesses the Service using the Customer’s credentials, even without authorisation.

The Customer is responsible for ensuring its Authorised Users comply with this AUP.

3. Prohibited content

You must not upload, store, send or otherwise process content through the Service that:

  • is illegal under any applicable Australian, state or foreign law;
  • infringes the intellectual-property rights, privacy rights or other rights of any person;
  • is defamatory, harassing, obscene, threatening or hateful;
  • contains malware, ransomware, spyware, viruses, worms or any other harmful code;
  • consists of unsolicited bulk email, “phishing” content, or otherwise breaches the Spam Act 2003 (Cth);
  • includes payment-card numbers, government identifiers or other sensitive data the Service is not designed to store.

4. Prohibited conduct

You must not:

  • attempt to gain unauthorised access to the Service, any other customer’s data, or any underlying infrastructure;
  • probe, scan or test the vulnerability of the Service except under an explicit written authorisation from us;
  • interfere with the proper working of the Service, including by denial-of-service attacks, by introducing malicious code, or by circumventing rate limits;
  • scrape, mirror or systematically extract Service content other than the Customer’s own data via the supported export and API interfaces;
  • use the Service to train artificial-intelligence or machine-learning models on data that is not the Customer’s own;
  • reverse-engineer, decompile or disassemble the Service or attempt to derive its source code;
  • share account credentials, except as needed to support shared seats explicitly permitted by the Customer’s plan.

5. Email and campaign sending

The Service includes outbound email capability. When using it, the Customer must comply with:

  • the Spam Act 2003 (Cth) — including the requirements for consent (express or inferred), accurate sender identification and a functional unsubscribe facility in every commercial message;
  • equivalent anti-spam laws of any other jurisdiction whose residents the Customer contacts (for example, CAN-SPAM in the United States, GDPR consent rules in the EU/UK, CASL in Canada);
  • the rules of any underlying email-delivery provider, including authentication standards (SPF, DKIM, DMARC) and bounce/complaint thresholds.

The Customer is responsible for the accuracy and currency of its contact lists, for promptly honouring unsubscribe requests, and for removing addresses that bounce or complain. We may suspend campaign-sending capability if abuse, complaint or bounce thresholds are exceeded.

6. Fair use of resources

The Service operates on shared multi-tenant infrastructure. The Customer must use it in a manner consistent with normal use by an advice practice of similar size and must not attempt to monopolise shared resources. Specific fair-use thresholds (storage, API throughput, email send volume) will be published in the Documentation; if a workload approaches those thresholds, we will contact the Customer to discuss options.

7. Security and reporting

The Customer must:

  • keep account credentials confidential;
  • enable multi-factor authentication for all Authorised Users where supported;
  • promptly disable access for Authorised Users who leave the Customer’s organisation;
  • notify us promptly of any suspected compromise of credentials or of the Customer’s account.

Responsible-disclosure reports for security vulnerabilities are welcomed at security@martincrm.com.au.

8. Enforcement

If we reasonably believe a Customer or Authorised User has breached this AUP, we may, depending on the seriousness and our assessment of risk:

  • contact the Customer to discuss the issue;
  • require the Customer to remove offending content;
  • suspend access to all or part of the Service for the affected user or account;
  • remove offending content where required by law or to protect other users;
  • terminate the Customer’s subscription for material or repeated breaches, in accordance with the Terms of Service.

Where it is safe and lawful to do so, we will give the Customer notice and an opportunity to remedy the breach before taking the most disruptive measures.

9. Reporting abuse

To report suspected abuse of the Service (including spam, phishing, illegal content or harassment) by a martinCRM user, email abuse@martincrm.com.au with as much detail as you can share, including the offending message or content, headers if available, and the time of the incident.