Acceptable Use Policy

What is prohibited on the platform and what happens when rules are broken. This document expands on the Terms of Service: specific boundaries, not general principles.

Effective 17/04/2026
Version v1.0

1. About this document

This policy is a detailed list of actions prohibited when using the Bumaga Service platform. The Terms of Service describe general principles; the AUP fills them in with specifics.

This document applies to all users of the platform, to every service without exception, and to all content created or transmitted through the platform.

Not knowing this document does not exempt you from complying with it. By registering on the platform, you confirm that you have read the AUP and agree to follow it.

2. General principles

The core idea is simple: use the platform in a way that doesn't harm others and doesn't create problems for us.

Baseline rules that everything else builds on:

  • Comply with the laws of the country where you are located.
  • Don't harm other users of the platform or third parties.
  • Don't use the platform's services for purposes explicitly prohibited by this document.
  • Don't attempt to bypass the platform's technical or organisational restrictions.

3. Criminal activity

It is prohibited to use the platform's services to commit crimes or to prepare for them. This includes, but is not limited to:

  • Terrorism, terrorism financing, extremist activity.
  • Human trafficking, illegal migration.
  • Trafficking in weapons, explosives, or poisons outside the scope of law.
  • Trafficking in narcotics and prohibited substances.
  • Money laundering, sanctions evasion.
  • Extortion, blackmail, kidnapping.

No warning procedure applies to violations in this category. Accounts are blocked immediately, funds are forfeited. When we receive a binding legal requirement from a competent jurisdiction, we are obliged to comply.

4. Protection of minors

This is a separate section, split out from the general list of crimes — because the protection of children is absolute and a top priority.

Absolutely and without exception, the following are prohibited:

  • Any content exploiting minors in a sexual or violent context.
  • Using the services to interact with minors for the purpose of exploitation.
  • Distributing, producing or storing CSAM content through any platform channels.
  • Providing platform services to minors to help them bypass age restrictions on third-party resources.

We operate with zero tolerance for this category. Detection results in an immediate permanent ban, forfeiture of all funds, and unconditional reporting of materials to competent authorities. Our privacy policy does not apply to shielding such users — privacy does not extend to crimes against children.

5. Infrastructure attacks

It is prohibited to use the platform's services to attack external infrastructure, as well as the platform itself:

5.1. External attacks

  • DDoS attacks and distributed network attacks.
  • Authentication brute-force, password guessing.
  • Port and vulnerability scanning without the resource owner's consent.
  • Distribution of malware (viruses, worms, trojans, ransomware).
  • Phishing and creation of fake websites.
  • Spam through any channel.
  • Intrusion into third-party information systems.

5.2. Attacks against the platform

  • Attempts to exploit platform vulnerabilities.
  • Reverse-engineering of protective mechanisms.
  • Automation via unofficial APIs, parsing that bypasses rate limits.
  • Actions aimed at reducing the platform's availability for other users.

6. Platform fraud

Any fraud schemes using platform mechanisms are prohibited:

6.1. Escrow and deals

  • Knowingly unfulfillable obligations when entering an Escrow deal.
  • Collusion with the other party to run fictitious operations.
  • Manipulation of evidence when opening a dispute.
  • Threats or blackmail against a counterparty to influence dispute resolution.

6.2. Public registries

  • Filing knowingly false reports in Scam List or Red Flag.
  • Attempts to pressure the administration via mass reports from multi-accounts.
  • Blackmailing another party with a threat of placement in a public registry to obtain gain.

6.3. Payments

  • Attempts to forge payment screenshots.
  • Chargeback fraud and disputing of payment operations actually made by the user.
  • Use of stolen crypto wallets or payment credentials.

7. Proxy abuse

Proxies are intended for legitimate use: bypassing regional restrictions, privacy, marketing research, automation within the policies of external sites. The following are prohibited:

  • DDoS attacks, brute-force, port and vulnerability scanning.
  • Aggressively bypassing rate limits of third-party sites in a way that creates load on their infrastructure.
  • Intrusion into third-party accounts or systems.
  • Spam via email, messengers, or contact forms.
  • Phishing operations and collection of third-party credentials.
  • Reselling IP addresses issued by the platform to third parties.

Proxies are an infrastructure resource. Complaints from owners of services targeted by destructive actions are reviewed promptly.

8. SMS activation abuse

The SMS activation service is intended for registering accounts for purposes permitted by the policies of the respective services. The following are prohibited:

  • Creating fake accounts for fraud on other platforms.
  • Registering in someone else's name with intent to mislead.
  • Mass account creation for public opinion manipulation, review inflation, fake mass complaints.
  • Using the service to recover access to third-party accounts without the owner's consent.
  • Bypassing anti-bot mechanisms with intent to cause damage to external services.

9. Labels abuse

The Labels service is intended for legal logistics and documentation work. The following are prohibited:

  • Refund fraud against retailers (refund fraud, empty parcels).
  • Use for sending prohibited goods, contraband, narcotics, or weapons.
  • Forgery of tracking numbers and documentation to mislead third parties.
  • Using the services to attack logistics operators and damage their reputation.

10. Multi-accounts and circumvention

Each user may hold only one account. The following are prohibited:

  • Creating multiple accounts by a single person to bypass limits, bonuses or checks.
  • Using multi-accounts to inflate reputation, manipulate votes or reviews.
  • Circumventing a block by registering a new account.
  • Selling or transferring an account to a third party.
  • Using an account on behalf of another person without their consent.
  • Creating a group of accounts for coordinated actions against other users.

11. User-to-user conduct

When communicating with other users of the platform (in disputes, deals, comments, messages), the following are prohibited:

  • Threats of physical violence, harm to life or health.
  • Insults based on race, nationality, religion, gender, sexual orientation.
  • Doxxing — publishing real personal data of other users without their consent.
  • Harassment and persistent unwanted contact after an explicit refusal of communication.
  • Spreading knowingly false information about other users with intent to damage their reputation.
  • Attempts to manipulate or coerce another user into acting against their own interests.

12. Enforcement actions

The approach is straightforward: for any violation of this document, the administration may take action without prior warning.

12.1. What may happen

  • Immediate account block with no restoration.
  • Forfeiture of all balance funds without refund.
  • Refusal to deliver services that were paid for but not yet performed at the time the violation was detected.
  • Publication of the violator's information in the Scam List when there is evidence of financial fraud against other users.
  • When indicators of serious crimes are present — compliance with binding legal requirements from competent courts.

12.2. Why no advance warning

The AUP is published in advance and available on the platform at all times. By registering, you confirm you've read it. Repeating a warning about what is explicitly prohibited contradicts the logic of the document and creates risk for other users during the gap between warning and block.

12.3. Appeal

If you believe the block was a mistake, you can file an appeal with support via the ticket system. The administration will review it and either confirm the decision with reasoning or restore the account.

Appeals do not apply to violations in categories 3 (crimes) and 4 (minors protection) — such blocks are final.

The administration makes decisions based on available evidence. When direct evidence is lacking, priority is given to protecting other users and the platform — that is, to blocking an account that raises reasonable suspicion.

13. Reporting violations

If you encounter a violation of this document — tell us.

Reports are accepted only via the ticket system on the platform. This is the only channel for abuse reports.

When filing a report, include:

  • The violator's login (if known).
  • The service where the violation occurred.
  • A description of the violation and the AUP clause that was breached.
  • Evidence: screenshots, logs, in-platform correspondence.

False reports aimed at harming another user are themselves a violation of the AUP (see "Platform fraud").

14. Interaction with authorities

Our policy regarding requests from state authorities is built on two principles: minimisation of collected data and respect for jurisdictional boundaries.

14.1. Proactive cooperation

We do not proactively cooperate with authorities of any jurisdiction. We do not disclose user data in response to informal requests, information notices, or any other inquiries that lack binding legal force.

Exception — cases expressly provided for by the laws of our jurisdiction, in particular: the absolute prohibition on services related to the exploitation of minors (see section 4). In such cases, we act regardless of whether a legal requirement has been issued.

14.2. Binding legal requirements

When receiving a binding legal requirement from a competent court of our jurisdiction (Saint Kitts and Nevis), we are obliged to comply. In such cases, we will disclose only the information we actually hold.

Our platform is designed to collect the minimum amount of data. We don't store email, registration IP, device data, behavioural history, or any other markers that could identify a user outside the platform (details — in the Privacy Policy).

14.3. Requests from other jurisdictions

Requests from state authorities of countries other than Saint Kitts and Nevis have no direct binding force on the company. Such requests can be executed only via the official recognition procedure through the courts of our jurisdiction.

Warrant canary: as of the last update of this document, we have not received any legally binding requirements to disclose user data. The absence of this statement in future versions of the document may indicate that such requirements have been received.

15. Changes to this policy

We may update this document as the platform evolves and new services are added. We will notify users on the platform at least 7 days before significant changes take effect.

The date of last update is shown in the document header.

Related documents
Document About
Document Terms of Service
Document Privacy Policy