Geonode logo

Acceptable Use Policy

This Geonode Acceptable Use Policy (“Policy”) governs access to and use of the Services provided by Geonode PTE LTD (“Company,” “we,” “us,” or “our”). This Policy forms part of the Geonode Terms of Service (“Terms”). Capitalised terms used but not defined in this Policy have the meanings given in the Terms. If there is a conflict between this Policy and the Terms, this Policy governs permitted use, prohibited use, abuse, restrictions, blocking, and enforcement matters. By accessing or using the Services, you agree to comply with this Policy.

The Company may update this Policy from time to time in accordance with the amendment provisions of the Terms. Where a change materially affects your rights or obligations, the Company will give notice as required under the Terms. Other changes take effect when posted unless the updated Policy states a later date. Your continued use of the Services after an updated Policy takes effect constitutes acceptance of the updated Policy. If you do not accept an updated Policy, you must stop using the Services.

1. General Requirements

1.1 Lawful and Authorised Use

You may use the Services only for lawful, authorised, and responsible purposes. You are responsible for ensuring that your use of the Services, including proxy routing, API use, Data Scraper instructions, target selection, automation, Customer Data, Requests, and outputs, complies with applicable law and third-party rights. The technical ability to access a target, route traffic, retrieve content, rotate IP addresses, maintain sessions, process Requests, or use a geographic location does not mean that the activity is lawful, authorised, or permitted by any third party.

1.2 Rights, Permissions, and Legal Bases

You must obtain any rights, permissions, authorisations, consents, licences, notices, and lawful bases required for your use of the Services. You must comply with any legal, regulatory, contractual, or other binding obligations applicable to your activity.

1.3 Responsibility for Users and Systems

You are responsible for all activity conducted through your account, credentials, API keys, proxy endpoints, whitelisted IP addresses, systems, configurations, applications, scripts, bots, automation tools, and other access methods. You must ensure that your employees, contractors, agents, authorised users, and other persons using the Services through your account comply with this Policy.

2. Permitted Uses

2.1 Permitted Use Cases

Subject to this Policy, the Terms, applicable plan terms, third-party rights, and applicable law, permitted use cases may include:

  • lawful web scraping and public-data collection;
  • travel-price monitoring;
  • e-commerce monitoring;
  • price comparison and market research;
  • SEO and search-result research;
  • review monitoring and brand protection;
  • ad verification and compliance monitoring;
  • web and application testing;
  • geographic testing and lawful access to region-specific content;
  • authorised account management and session-based workflows;
  • AI training, fine-tuning, model development, and data-analysis workflows where the relevant data has been obtained lawfully and with the rights, permissions, and lawful bases required under applicable copyright, database, contractual, and data-protection laws; and
  • other use cases approved by the Company.

2.2 No Implied Approval

The examples in Clause 2.1 do not grant you any right to access a specific target, collect specific data, bypass restrictions, or engage in activity that would otherwise violate this Policy, the Terms, applicable law, or third-party rights. The Company may restrict, condition, or withdraw approval for any use case where it reasonably considers this necessary for legal, compliance, security, abuse-prevention, supplier, infrastructure, or service-integrity reasons.

3. Prohibited Uses

3.1 Unlawful Activity

You must not use the Services to engage in, facilitate, assist, conceal, or support any unlawful, fraudulent, deceptive, abusive, or harmful activity.

3.2 Cyber Abuse

You must not use the Services to commit, attempt, facilitate, or assist any offence under the Computer Misuse Act 1993 of Singapore or equivalent computer-misuse, cybercrime, or unauthorised-access laws in any applicable jurisdiction. Without limiting the foregoing, you must not use the Services to:

  • access or attempt to access any system, account, network, API, data, service, or content without authorisation;
  • engage in credential stuffing, password spraying, brute-force attacks, account takeover, login abuse, or unauthorised account access;
  • acquire, validate, use, disclose, distribute, or sell credentials, tokens, session identifiers, access codes, or authentication data obtained without authorisation;
  • distribute malware, ransomware, spyware, botnets, malicious code, exploits, or harmful payloads;
  • conduct vulnerability scanning, penetration testing, exploitation, security testing, or probing without authorisation from the relevant system owner;
  • interfere with, obstruct, disrupt, overload, degrade, disable, or impair any system, network, service, website, application, or infrastructure;
  • engage in denial-of-service, distributed denial-of-service, traffic flooding, or similar activity intended to overwhelm or disrupt any system; or
  • conduct load testing, stress testing, or similar testing unless you own or control the relevant system, or the system owner has expressly authorised the activity in writing, and the Company has approved the activity in advance.

3.3 Spam and Abuse

You must not use the Services to:

  • send, facilitate, support, or distribute unsolicited bulk communications;
  • engage in email spam, SMS spam, messaging spam, form spam, comment spam, review spam, or similar activity;
  • harvest email addresses, telephone numbers, contact details, or other identifiers for spam or unlawful marketing; or
  • evade unsubscribe requests, do-not-contact requirements, marketing restrictions, or similar obligations.

You must comply with the Spam Control Act 2007 of Singapore, the Do Not Call provisions of the Personal Data Protection Act 2012 of Singapore, and equivalent laws in any applicable jurisdiction.

3.4 Fraud and Deceptive Conduct

You must not use the Services to:

  • engage in payment fraud, ad fraud, affiliate fraud, click fraud, referral fraud, or traffic manipulation;
  • impersonate another person or entity;
  • create or operate fake accounts, synthetic identities, account farms, or deceptive profiles;
  • manipulate reviews, ratings, votes, impressions, engagement, rankings, search results, metrics, or platform activity;
  • circumvent purchase limits, inventory limits, ticketing limits, retailer controls, or similar restrictions for deceptive acquisition, inventory hoarding, or abusive resale; or
  • conceal the source, destination, nature, ownership, or beneficiary of unlawful or prohibited activity.

3.5 Personal Data and Privacy

Where Customer Personal Data is processed through the Services, you are responsible for ensuring that the processing complies with the Personal Data Protection Act 2012 of Singapore and equivalent data-protection laws in any applicable jurisdiction. Where the Company processes Customer Personal Data on your behalf, the Company acts as a data intermediary for Singapore PDPA purposes and as a processor under comparable data-protection laws, in accordance with the Data Processing Addendum where it applies. You must not use the Services to collect, scrape, process, store, disclose, sell, or otherwise use personal data unless you have the rights, permissions, lawful bases, notices, and safeguards required by applicable law. You must not use the Services to:

  • collect or process personal data for doxxing, stalking, harassment, intimidation, unlawful surveillance, or harmful profiling;
  • unlawfully collect or process data relating to children or minors;
  • collect authentication credentials, financial account data, health data, biometric data, government identifiers, or other sensitive or high-risk personal data without a lawful and authorised purpose and appropriate safeguards;
  • identify, deanonymise, locate, or track individuals unlawfully; or
  • use personal data or outputs in violation of applicable data-protection, privacy, marketing, or communications laws.

3.6 Intellectual Property and Third-Party Rights

You must not use the Services to unlawfully infringe, misappropriate, or violate:

  • copyright, database rights, trademarks, patents, or other intellectual-property rights;
  • confidentiality obligations, trade secrets, or proprietary information;
  • contractual restrictions binding on you;
  • privacy, publicity, personality, or similar rights; or
  • any other third-party rights.

3.7 Illegal Content and Regulated Activity

You must not use the Services in connection with:

  • child sexual abuse material, child sexual exploitation material, or any other content or activity involving the sexual exploitation, sexualisation, grooming, or abuse of minors;
  • human trafficking, sexual exploitation, or abuse;
  • terrorism, violent extremist activity, or unlawful incitement;
  • illegal drugs, unlawful weapons, or prohibited goods;
  • illegal gambling, unlawful financial activity, scams, or fraud schemes;
  • unlawful harassment, threats, or violence; or
  • any content, goods, services, or activity prohibited by applicable law.

3.8 Sanctions and Restricted Use

You must not use the Services in violation of the sanctions, export-control, restricted-user, or anti-circumvention requirements in Section 11 of the Terms. You must not use the Services in connection with the supply, transfer, brokering, financing, or facilitation of strategic goods, technology, or services where prohibited or restricted under the Strategic Goods (Control) Act 2002 of Singapore or equivalent export-control laws in any applicable jurisdiction.

3.9 Evasion and Circumvention

You must not use alternative accounts, linked accounts, nominee accounts, affiliates, intermediaries, resellers, shared credentials, payment methods, scripts, bots, proxies, VPNs, routing tools, corporate structures, or coordinated users to:

  • continue activity that the Company has restricted, suspended, terminated, blocked, or identified as abusive or high-risk;
  • bypass account restrictions, target restrictions, destination blocks, rate limits, verification requirements, payment controls, sanctions controls, or other enforcement measures; or
  • conceal prohibited use of the Services.

This Clause is in addition to, and does not limit, Clause 4.5 of the Terms.

4. Data Scraper and Third-Party Content

4.1 Customer Instructions

You are responsible for all URLs, domains, targets, Requests, scraping instructions, configurations, parameters, and other instructions submitted through the Data Scraper. You must ensure that you have the rights, permissions, lawful bases, and authorisations required to access, retrieve, process, store, export, and use the relevant content and outputs.

4.2 Content

You may use the Data Scraper to retrieve publicly available content where your activity is lawful and complies with this Policy, the Terms, applicable law, and third-party rights. You must not use the Services to access login-protected, paywalled, restricted, confidential, or otherwise non-public content unless you own or control the relevant account, the account holder or rights holder has authorised your access, or you otherwise have a lawful right to access and process the content. The availability of content on a publicly accessible page does not by itself mean that all collection, reuse, disclosure, or other processing is lawful.

4.3 Authentication and Access Controls

You must not bypass authentication, authorisation, account-recovery controls, paywalls, technical access controls, or other restrictions without authorisation. Where your use case requires it under applicable law or contractual obligations binding on you, you must comply with the relevant target's published access conditions, terms of service, and robots exclusion protocol.

4.4 Outputs and Third-Party Content

You are responsible for reviewing, validating, and lawfully using Data Scraper outputs. The Company does not grant you any right to third-party content and does not determine whether your collection, processing, storage, export, or use of any output is lawful or permitted by a third party.

5. Restricted Targets and Destinations

5.1 Target Restrictions

The Company may block, restrict, limit, or require prior written approval for access to any target, destination, category of targets, or use case where it reasonably considers this necessary for legal, compliance, fraud-prevention, abuse-prevention, security, supplier, infrastructure, reputational, or service-integrity reasons.

5.2 High-Risk Categories

Restricted or approval-based targets may include:

  • banking, payment, and cryptocurrency systems;
  • government systems;
  • healthcare systems;
  • identity providers;
  • login, password-reset, and account-recovery pages;
  • email and messaging infrastructure;
  • minors-directed services;
  • ticketing, limited-inventory, and high-demand retail platforms;
  • targets associated with elevated fraud, abuse, security, or regulatory risk; and
  • any other target designated by the Company on the basis of legal, compliance, fraud-prevention, abuse-prevention, security, supplier, infrastructure, or reputational risk.

5.3 Confidential Restrictions

The Company may, but is not required to, publish, disclose, or explain its complete target restrictions, blocklists, thresholds, signals, methods, or internal risk criteria. Where reasonably possible, the Company will provide sufficient information for you to understand the basis of a restriction affecting your account.

6. Technical Use and Network Control

6.1 Permitted Environments

You may use the Services through browsers, applications, APIs, scripts, automation frameworks, server-side environments, cloud environments, virtual machines, containers, headless browsers, and similar tools, subject to this Policy, the Terms, applicable plan limits, and applicable law.

6.2 Customer Responsibility

You are responsible for your systems, configurations, concurrency levels, request patterns, traffic volumes, integrations, automation workflows, credentials, and security controls.

6.3 No Interference with the Services

You must not:

  • interfere with, disrupt, overload, degrade, or impair the Services or any related infrastructure;
  • bypass or attempt to bypass technical limits, usage limits, throughput limits, concurrency limits, rate limits, restrictions, authentication, or security controls applied by the Company;
  • test, scan, probe, benchmark, reverse engineer, or attempt to derive non-public technical information from the Services without prior written approval; or
  • use the Services in a way that creates unreasonable risk to the Company, its infrastructure, suppliers, IP pools, users, or third parties.

6.4 Network Management

The Company may manage, route, filter, queue, throttle, restrict, block, suspend, rotate, replace, or remove traffic, targets, destinations, IP addresses, IP pools, gateways, routes, sessions, endpoints, credentials, protocols, features, or other network resources.

6.5 Fair Use and Unlimited Plans

The Company may apply technical limits, fair-use controls, rate limits, throughput limits, concurrency controls, target-specific restrictions, or other measures where reasonably necessary to protect service integrity, network capacity, IP reputation, suppliers, users, or third parties. Unlimited plans remain subject to applicable throughput limits, technical configuration, network capacity, this Policy, the Terms, and reasonable measures required to protect the Services. “Unlimited” does not permit unlawful, abusive, disruptive, harmful, or excessive use.

7. Monitoring and Enforcement

7.1 Monitoring

The Company may, but is not obligated to, monitor use of the Services and investigate actual, suspected, or potential violations of this Policy, the Terms, applicable law, or third-party rights. For these purposes, the Company may review technical, usage, billing, account, security, compliance, complaint, and abuse-prevention information in accordance with the Privacy Policy. The Company does not undertake to monitor all activity, detect all misuse, prevent all unlawful conduct, or verify the legality of every customer instruction, target, Request, output, or use case.

7.2 Enforcement Actions

Where the Company reasonably believes that a violation, abuse, risk, complaint, or harmful activity has occurred or may occur, the Company may:

  • block traffic, targets, destinations, IP addresses, Requests, or other activity;
  • impose technical limits, rate limits, throttling, queuing, or restrictions;
  • disable credentials, endpoints, features, sessions, or access methods;
  • restrict, suspend, or terminate accounts or Services;
  • refuse registration, activation, renewal, support, or restoration of access;
  • preserve records and evidence;
  • request information or verification;
  • cooperate with suppliers, platforms, payment providers, regulators, law-enforcement agencies, competent authorities, or other relevant parties; and
  • take any other action permitted under the Terms or required by law.

7.3 Serious, Repeated, or Coordinated Abuse

The Company may immediately suspend or permanently terminate access for serious, repeated, coordinated, or evasive abuse, including credential stuffing, brute-force attacks, DDoS activity, fraud, spam, multi-account abuse, linked-account abuse, or circumvention of enforcement.

7.4 Law-Enforcement and Legal Requests

The Company may respond to valid law-enforcement requests, subpoenas, court orders, regulatory inquiries, or other legal demands in accordance with applicable law and the Privacy Policy. Where legally permitted, the Company may, but is not required to, notify the affected customer.

7.5 Internal Controls

The Company is not required to disclose internal review methods, thresholds, signals, blocklists, risk criteria, monitoring tools, supplier information, or enforcement methods.

8. Abuse Reporting

8.1 Reporting Suspected Abuse

Suspected abuse may be reported to abuse-reports@geonode.com. Where available, reports should include the relevant IP address or endpoint, date, time, timezone, target domain or service, supporting logs or evidence, and a description of the suspected activity.

8.2 Review and Cooperation

The Company may request additional information, investigate the report, preserve evidence, restrict activity, or take other appropriate action. The Company may disclose relevant information where permitted or required by law, or where reasonably necessary to protect the Company, the Services, suppliers, users, or third parties.