Skip to main content

Acceptable Use Policy

Effective Date: February 17, 2026 Last Updated: February 17, 2026 This Acceptable Use Policy (“AUP”) is part of the Terms of Service and governs how you may use the Headless Commerce platform. All users, including all team members within your Organization, must comply with this policy.

1. Prohibited Content

You may not use the Service to sell, distribute, or promote:

1.1 Illegal Goods & Services

  • Products or services that are illegal in the Merchant’s jurisdiction or the end-customer’s jurisdiction
  • Stolen, counterfeit, or misrepresented goods
  • Products that infringe intellectual property rights (trademarks, copyrights, patents)

1.2 Regulated & Dangerous Items

  • Controlled substances and illegal drugs
  • Weapons, explosives, or ammunition (except where legally permitted and properly licensed)
  • Products subject to export controls or sanctions without proper authorization

1.3 Harmful Content

  • Content that promotes violence, hatred, or discrimination
  • Content that exploits or endangers minors
  • Non-consensual intimate imagery
  • Harassment or threats directed at any person or group

1.4 Deceptive Content

  • Fraudulent products or services
  • Misleading product descriptions, pricing, or availability
  • Pyramid schemes or multi-level marketing structures that violate applicable law

2. Prohibited Activities

2.1 Security Violations

  • Unauthorized access to other Merchants’ data or stores
  • Attempting to bypass authentication, authorization, or access controls
  • Introducing malware, viruses, or other malicious code through the API
  • Conducting vulnerability scans or penetration tests without prior written authorization

2.2 Service Abuse

  • Circumventing rate limits, quotas, or other resource restrictions
  • Creating multiple free accounts to avoid plan limitations
  • Using the Service for cryptocurrency mining
  • Automated scraping of the Dashboard or API beyond normal usage
  • Intentionally degrading Service performance for other users (DDoS)

2.3 Unauthorized Distribution

  • Reselling API access to third parties without authorization
  • Providing access to the Dashboard to unauthorized users
  • Sharing API secret keys (sk_*) publicly or in client-side code

3. API Usage Rules

3.1 Key Security

  • Secret keys (sk_*) must be stored server-side only and never exposed in client-side code, repositories, or logs
  • Publishable keys (pk_*) may be used in frontend code
  • Rotate keys immediately if you suspect compromise

3.2 Rate Limits

  • Respect the rate limits for your plan tier
  • Implement exponential backoff for retried requests
  • Do not create infinite retry loops

3.3 Data Handling

  • Do not store sensitive data (passwords, tokens) in API request metadata fields
  • Use HTTPS for all API communications (HTTP requests are automatically redirected)
  • Validate webhook signatures before processing events

4. Resource Limits

Usage is subject to the limits of your subscription plan:
ResourceFreeStarterProEnterprise
Monthly orders505005,000Unlimited
Stores113Unlimited
Team members1310Unlimited
API rate limit100/min500/min2,000/minCustom

5. Korean Law Compliance (전자상거래법)

If you operate a store serving customers in Korea, you must:
  • Register as an online seller (통신판매업 신고) with your local government
  • Display required business information — business name, representative, registration number (사업자등록번호), address, phone number, email
  • Honor the 7-day cooling-off period (청약철회) for most goods as required by the Act on Consumer Protection in Electronic Commerce
  • Provide accurate product information — including price, shipping costs, return/refund policies
  • Issue electronic receipts for all transactions
These obligations apply to you as the Merchant. Headless Commerce provides the technical infrastructure, but regulatory compliance for your store is your responsibility.

6. Enforcement

6.1 Detection

We monitor for AUP violations through automated systems and user reports. We respect your privacy and only review content or activity when we have reason to believe a violation has occurred.

6.2 Actions

Depending on the severity of the violation:
SeverityActionNotice
Minor (first offense)Warning via email7-day cure period
Repeated minorTemporary suspension (up to 30 days)48-hour notice
SeriousImmediate suspensionNotice upon suspension
Egregious (illegal activity, imminent harm)Immediate terminationNotice upon termination

6.3 Appeals

If you believe enforcement action was taken in error, you may appeal by contacting abuse@headlesscommerce.io within 14 days. We will review appeals within 5 business days.

6.4 Refunds

No refund is provided for accounts terminated due to AUP violations.

7. Reporting Violations

If you become aware of content or activity that violates this AUP, please report it to: We will investigate all reports and take appropriate action.

8. Changes to This Policy

We may update this AUP from time to time. Material changes will be communicated via email and Dashboard notification at least 30 days before taking effect.