Applies to: All Customers and Authorized Users of the Hyvery SaaS platform (web UI, mobile apps, APIs, integrations) and any related services.
Related documents: Terms of Service (ToS), Service Level Agreement (SLA), Data Processing Addendum (DPA), Security & Privacy Policies.
This AUP sets the rules for using Hyvery. It protects Customers, end users, our infrastructure, and third parties from misuse, abuse, and security risks. Capitalized terms not defined here have the meanings in the ToS/DPA.
You are responsible for:
Ensuring Authorized Users comply with this AUP.
Keeping accounts secure (unique credentials, MFA where supported, least‑privilege roles).
Configuring your tenant appropriately (RBAC, data retention, integrations).
Using non‑production/sanitized data for testing and training.
You (and anyone acting on your behalf) must not:
Security violations — attempt to bypass authentication/authorization, scan, probe, or test the Service or underlying infrastructure without written permission; exploit or publicly disclose vulnerabilities before coordinated remediation.
Malware & interference — upload, store, or transmit Malicious Code; introduce backdoors; perform actions that degrade, disrupt, or overload the Service (incl. DoS, DDoS, amplification, excessive traffic bursts, job floods, or unstable automations).
Abuse of resources — circumvent or exceed published rate limits, quotas, or fair‑use thresholds; attempt to disable safety controls, logging, or monitoring.
Misuse of APIs — scrape or bulk‑export content beyond API allowances; resell, sublicense, or provide the Service or API to third parties unless expressly permitted; falsify headers or request identity; misuse webhooks.
Illegal content/activities — use the Service for activities that violate law or third‑party rights (privacy, IP, export/sanctions, anti‑corruption, labor); stalk, harass, or engage in deceptive, fraudulent, or misleading practices.
Infringement & data rights — upload or process content you do not have the right to share; remove/alter proprietary notices; reverse engineer or create derivative works except as allowed by open‑source licenses or law.
Sensitive data restrictions — upload payment card PAN, government‑issued IDs, health/PHI, biometrics, or children’s data unless we have a signed addendum expressly permitting such processing and you configure the Service accordingly.
Privacy violations — track individuals without notice/consent, attempt to re‑identify de‑identified data, or collect data in violation of consent, transparency, or minimization obligations.
Spam & messaging abuse — send unsolicited or bulk messages, phishing, or deceptive communications via the Service; misuse notification features.
Physical‑world harm — use the Service for safety‑critical or life‑support functions, or to control equipment where failure could cause injury, death, or severe damage.
Credential/secret handling — store secrets in plaintext within tickets, comments, or attachments; share accounts; use human credentials for integrations (use service accounts/API keys with least privilege).
You will only upload data relevant to facility/operations use cases and in compliance with law and your policies.
Unless otherwise agreed, primary processing and storage occur in the United States with limited disclosed operations in Canada (see DPA/Sub‑Processor list).
You must not copy or export data from the Service to uncontrolled locations or personal devices without appropriate safeguards.
Hyvery enforces API/UI rate limits and fair‑use caps to protect the platform.
You must implement backoff/retry strategies and respect 429/5xx responses.
Job queues, webhooks, and integrations must be idempotent and bounded. Hyvery may throttle, queue, or drop requests that threaten stability.
Report suspected vulnerabilities to security@hyvery.com with details and a proof of concept.
Do not access data that is not yours, modify or destroy data, or disrupt service.
Good‑faith research within these bounds will not lead to legal action by Hyvery. Public disclosure requires prior written coordination.
Your use of identity providers, messaging gateways, mapping, payments, or other third‑party services is subject to their terms.
You are responsible for any data flows you enable via integrations and for ensuring those third parties meet your compliance obligations.
You must not use or provide access to the Service in violation of U.S. or other applicable export control/sanctions laws, or permit access by denied or restricted parties.
Hyvery may monitor use of the Service (including API calls and metadata) to operate, secure, and improve the Service, and to enforce this AUP.
Operational Service Data (e.g., logs, metrics) may be used for security, billing, analytics, and abuse prevention consistent with the ToS and DPA.
Violations may result in warning, throttling, feature limitations, suspension, or termination.
For severe or repeated violations (e.g., security abuse, legal risk), Hyvery may immediately suspend access.
Hyvery may preserve data and cooperate with law enforcement where legally required.
Hyvery may update this AUP from time to time per the change mechanism in the ToS. Material adverse changes for active annual terms will apply at renewal unless you consent earlier.
Questions or reports: support@hyvery.com or security@hyvery.com.
Allowed: Creating/assigning work orders; uploading site floor plans; integrating with your IdP for SSO; using APIs within published limits; exporting your own data for lawful business needs.
Not Allowed: Credential stuffing; scraping other tenants’ data; running port scans; uploading malware or ransomware samples; sending mass unsolicited SMS/email; storing full payment card numbers or PHI without a signed addendum; bulk‑downloading content beyond API pagination; disabling audit logs.
Rotate API keys at least annually and upon any personnel change.
Use service accounts for automation; grant least privilege; review quarterly.
Store secrets in a secrets manager; never in tickets/comments.