Acceptable Use Policy

1. Who We Are

We are Upmos Inc. (“Company,” “Upmos,” “we,” “us,” or “our”), a Delaware corporation with principal offices at 9896 Bissonnet St, Houston, TX 77036. We operate the website https://upmos.com.

About Upmos

Upmos is operated by Upmos Inc., a Delaware corporation (registered agent: REPUBLIC REGISTERED AGENT LLC, 262 Chapman Rd, Ste 240, Newark, DE 19702), with principal offices at 9896 Bissonnet St, Houston, TX 77036. References in this Policy to “Upmos Inc.”, “Upmos,” “we,” “us,” and “our” mean Upmos Inc. and its affiliates, as the context requires.

2. Use of the Services

When you use the Services, you warrant that you will comply with this Policy and with all applicable laws.

You also acknowledge that you may NOT (under any circumstances) engage in the following prohibited activities:

Data Collection & Scraping

• Systematically retrieve data or other content from the Services to create or compile, directly or indirectly, a collection, compilation, database, or directory without written permission from us
• Upload or transmit (or attempt to upload or to transmit) any material that acts as a passive or active information collection or transmission mechanism, including without limitation, clear graphics interchange formats (“gifs”), 1×1 pixels, web bugs, cookies, or other similar devices
• Except as may be the result of standard search engine or Internet browser usage, use, launch, develop, or distribute any automated system, including without limitation, any spider, robot, cheat utility, scraper, or offline reader that accesses the Services

Unauthorized Access & Security

• Make any unauthorized use of the Services, including collecting usernames and/or email addresses of users by electronic or other means for the purpose of sending unsolicited email, or creating user accounts by automated means or under false pretenses
• Circumvent, disable, or otherwise interfere with security-related features of the Services, including features that prevent or restrict the use or copying of any Content or enforce limitations on the use of the Services and/or the Content contained therein
• Attempt to bypass any measures of the Services designed to prevent or restrict access to the Services, or any portion of the Services
• Engage in unauthorized framing of or linking to the Services

Fraud & Deception

• Trick, defraud, or mislead us and other users, especially in any attempt to learn sensitive account information such as user passwords
• Make improper use of our Services, including our support services, or submit false reports of abuse or misconduct
• Attempt to impersonate another user or person or use the username of another user
• Use a buying agent or purchasing agent to make purchases on the Services
• Sell or otherwise transfer your profile

Harassment & Harmful Conduct

• Use any information obtained from the Services in order to harass, abuse, or harm another person
• Harass, annoy, intimidate, or threaten any of our employees or agents engaged in providing any portion of the Services to you
• Disparage, tarnish, or otherwise harm, in our opinion, us and/or the Services

Automated Systems & Interference

• Engage in any automated use of the Services, such as using scripts to send comments or messages, or using any data mining, robots, or similar data gathering and extraction tools
• Interfere with, disrupt, or create an undue burden on the Services or the networks or the Services connected
• Upload or transmit (or attempt to upload or to transmit) viruses, Trojan horses, or other material, including excessive use of capital letters and spamming (continuous posting of repetitive text), that interferes with any party’s uninterrupted use and enjoyment of the Services or modifies, impairs, disrupts, alters, or interferes with the use, features, functions, operation, or maintenance of the Services

Intellectual Property & Software

• Decipher, decompile, disassemble, or reverse engineer any of the software comprising or in any way making up a part of the Services, except as expressly permitted by applicable law
• Delete the copyright or other proprietary rights notice from any Content
• Copy or adapt the Services’ software, including but not limited to Flash, PHP, HTML, JavaScript, or other code

Commercial Misuse

• Use the Services as part of any effort to compete with us or otherwise use the Services and/or the Content for any revenue-generating endeavor or commercial enterprise
• Use the Services in a manner inconsistent with any applicable laws or regulations

4. Seller Code of Conduct

This section applies to users who sell goods or services through the Upmos marketplace. If you are a buyer only, you may skip this section.

All sellers using Upmos marketplace Services must adhere to professional standards of conduct to ensure a positive experience for buyers and maintain platform integrity.

Professional Behavior Requirements

Prohibited Seller Practices

• Manipulating reviews or ratings (fake reviews, review swaps, incentivized reviews)
• Price gouging or exploiting supply shortages
• Selling counterfeit, stolen, or unauthorized goods
• Misrepresenting shipping times or availability
• Requesting payment or communication outside the Upmos platform
• Discriminating against buyers based on protected characteristics
• Retaliating against buyers who leave negative feedback

Performance Standards

Sellers must maintain the following minimum thresholds:

Consequences for Seller Violations

Sellers who violate this Code of Conduct may face graduated enforcement:

INFORM Consumers Act Compliance

Upmos Inc. operates as an “online marketplace” and complies with the federal Integrity, Notification, and Fairness in Online Retail Marketplaces for Consumers Act (“INFORM Consumers Act”), codified at 15 U.S.C. § 45f. The following requirements apply to all sellers that meet the statutory thresholds and operate through the Upmos marketplace.

Definition of High-Volume Third-Party Seller

A “high-volume third-party seller” means any seller in the Upmos marketplace who, during any continuous twelve-month period in the prior twenty-four months, has entered into 200 or more discrete sales or transactions of new or unused consumer products with an aggregate total gross revenue of $5,000 or more. Sales across multiple storefronts controlled by the same person or entity are aggregated for purposes of this threshold.

Information Upmos Collects and Verifies

From each high-volume third-party seller, Upmos collects and verifies, at a minimum:

• (a) Bank account information. The seller’s payout bank account, or if the seller does not have a bank account, the name of the payee for payments issued by Upmos.
• (b) Contact information. The full name of the seller (or, for a business entity, the name of an individual acting as the point of contact), a current physical business address, a current working telephone number, and a current working email address.
• (c) Tax identification number. A valid Taxpayer Identification Number, which may be an Employer Identification Number (EIN) for a business or a Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN) for an individual.
• (d) Consumer contact email. A working email address, telephone number, or other means of direct electronic messaging that will be disclosed to consumers for product-related inquiries.

Annual Certification and Updates

Each high-volume third-party seller must certify annually that the information on file with Upmos has not changed, or must provide updated information. Sellers must notify Upmos of any change to the information identified above within ten (10) days of the change. Upmos independently re-verifies the information at least annually.

Public Disclosures on Listings and at Point of Sale

For every listing or product-detail page associated with a high-volume third-party seller, Upmos will disclose in a clear and conspicuous manner:

• The seller’s full name (or business name);
• The seller’s physical business address;
• A working email address or telephone number for consumer contact (or, where the statute permits, a link to a designated electronic communication channel); and
• Whether the product is being fulfilled by Upmos or by a third party (including whether the seller is the manufacturer, reseller, or other intermediary).

Suspension for Non-Compliance

If a high-volume third-party seller fails to provide, verify, or recertify the required information within ten (10) days of a request from Upmos, Upmos will suspend the seller’s selling privileges until compliance is achieved. Repeated or willful failure to comply may result in permanent termination and referral to the Federal Trade Commission or applicable state attorney general.

Consumer Reporting Mechanism

Every marketplace listing displays a clear and accessible mechanism for consumers to report suspicious marketplace activity, including counterfeit goods, unsafe products, or sellers failing to provide required information. Consumers may:

• Use the “Report this listing” button on any product page;
• Submit a report at upmos.com/report-seller; or
• Email report@upmos.com.

Reports are acknowledged within 24 hours and investigated promptly. Upmos will not retaliate against consumers or sellers who report in good faith.

State Marketplace Transparency Laws

In addition to the INFORM Consumers Act, Upmos complies with analogous state marketplace seller transparency laws, including Ohio Rev. Code § 1349.05 (online marketplace disclosure requirements) and equivalent provisions in California, New York, New Jersey, Arkansas, and other states. Where state law imposes requirements stricter than the federal floor, Upmos applies the stricter standard to sellers operating in or shipping to that state.

Consumer Product Safety Reporting

Sellers shall report to Upmos, and where required by 15 U.S.C. § 2064(b) and 16 CFR Part 1115, directly to the Consumer Product Safety Commission (CPSC), within 24 hours of becoming aware of any product defect, failure to comply with a CPSC rule, ban, standard, or regulation, or substantial product hazard associated with a product listed or sold through the Services. Sellers must also report incidents involving death, serious injury, or risk of death or serious injury as required by the Consumer Product Safety Improvement Act (CPSIA) and related regulations.

Upmos will cooperate with any CPSC investigation and, where sellers fail to report or to respond promptly to a safety concern, Upmos may independently report to the CPSC, remove the listing, suspend the seller’s account, and assist in the execution of any voluntary or mandatory recall. Sellers are responsible for the cost of recalls, customer notifications, and remediation arising from products they list on the Services.

Cross-References: Marketplace Seller Obligations

The seller standards in this Section operate together with the following marketplace-program documents, which control over generic statements here to the extent of any conflict:

• Marketplace Participation Agreement — primary seller contract (commission, payout, listing rights).
• Seller Performance Standards Policy — cancellation rate, defect rate, response-time thresholds.
• INFORM Consumers Act Notice — federal high-volume-seller disclosure obligations (in effect since June 27, 2023).
• Brand Registry & Trademark License Agreement — verified-brand enrollment and takedown rights.
• Seller Tax Compliance Agreement — 1099-K reporting, marketplace-facilitator tax obligations, sales-tax nexus.
• Product Safety and Compliance Policy — CPSC, FDA, recall and defect reporting.
• Prohibited & Restricted Products Policy — categories that cannot be listed or that require pre-approval.

5. Subscriptions

If you subscribe to our Services, you understand, acknowledge, and agree that you may not, except if expressly permitted:

• Engage in any use, including modification, copying, redistribution, publication, display, performance, or retransmission, of any portions of any Services, other than as expressly permitted by this Policy, without the prior written consent of Upmos Inc..
• Reconstruct or attempt to discover any source code or algorithms of the Services, or any portion thereof, by any means whatsoever.
• Provide, or otherwise make available, the Services to any third party.
• Intercept any data not intended for you.
• Damage, reveal, or alter any user’s data, or any other hardware, software, or information relating to another person or entity.

Trademark and Branding Use

Prohibited uses: Sellers cannot use Upmos logos, names (e.g., “Upmos”), or other proprietary graphics on their products, packaging, manuals, or advertising materials unless granted a written license.

Implied endorsement: Sellers are forbidden from using Upmos’s marks in any way that implies sponsorship or endorsement by Upmos Inc..

Misleading customers: Unauthorized use of Upmos’s branding is considered a form of trademark infringement, which can confuse customers and damage our company’s reputation.

Correct wording: For off-Upmos advertising, sellers may be permitted to use text like “Available at Upmos” or the corresponding official logo under specific conditions and without implying endorsement.

6. AI Products

This section covers prohibited uses of AI features on our platform. For our broader AI ethics commitments and enforcement policies, see Artificial Intelligence below.

When you use the AI Products provided by Upmos Inc., you warrant that you will not:

• Deploy AI techniques that utilize subliminal, manipulative, or deceptive methods designed to distort behavior and impair informed decision-making, particularly when such actions cause significant harm to individuals.
• Exploit vulnerabilities related to age, disability, or socio-economic circumstances through AI in a way that distorts behavior or decision-making, especially if this results in significant harm to the individual.
• Use AI systems for biometric categorization that infer sensitive attributes such as race, political opinions, trade union membership, religious or philosophical beliefs, sex life, or sexual orientation.
• Implement AI-based social scoring systems that evaluate or classify individuals or groups based on their social behavior or personal traits in a manner that causes harm, discrimination, or unfair treatment.
• Assess the risk of an individual committing criminal offenses based solely on profiling, personality traits, or other non-behavioral factors, except in narrowly defined circumstances where legal safeguards are in place.
• Compile facial recognition databases through untargeted scraping of facial images from the internet, social media, or CCTV footage, unless it is part of a legally compliant and narrowly defined purpose.
• Use AI to infer emotions in sensitive environments such as workplaces, educational institutions, or any other context where such analysis could lead to discrimination, unfair treatment, or privacy violations.
• Engage in real-time remote biometric identification in public places for law enforcement purposes, except in specific situations where there are strong legal justifications and oversight mechanisms.

Generative AI & Synthetic Media

Upmos applies additional rules to content that is wholly or substantially generated, altered, or synthesized by artificial intelligence (“Synthetic Media”), including text, images, audio, video, and product listings. This section applies whether the Synthetic Media is created on-platform using AI Products or uploaded from third-party tools.

You must not:

• Create or distribute non-consensual intimate imagery (including AI-generated nudity, sexual deepfakes, or sexualized depictions of any identifiable real person) regardless of age. Depictions of real or apparent minors in any sexualized context are strictly prohibited and reported in accordance with 18 U.S.C. § 2258A and the TAKE IT DOWN Act (where enacted into federal law).
• Generate or distribute deepfakes of real individuals (including voice clones and face-swap videos) for the purpose of defamation, fraud, harassment, election interference, or to impersonate a person for financial gain, without their verifiable consent.
• Use AI to impersonate Upmos, any brand, public figure, or government official in a manner likely to deceive a reasonable person.
• List AI-generated products or content as human-made, handcrafted, original, or authentic when they are not, in violation of 15 U.S.C. § 45 (FTC Act prohibition on deceptive trade practices).
• Submit AI-generated reviews, testimonials, or endorsements, which violate the FTC Endorsement Guides (16 C.F.R. Part 255) and the FTC Rule on Fake Reviews and Testimonials (16 C.F.R. Part 465).
• Circumvent or strip provenance metadata, watermarks, or content credentials (including C2PA, IPTC, or platform-applied AI disclosures) from Synthetic Media before publishing.

Required disclosures. If you list, sell, or publish Synthetic Media on Upmos, you must clearly and conspicuously disclose that the content was AI-generated or AI-assisted in the listing description or posted content. Upmos may apply an automated “AI-generated” label and may preserve or add C2PA content credentials in accordance with California AB 2655, AB 2839, the Colorado AI Act (SB 24-205), the EU AI Act (Regulation (EU) 2024/1689, Article 50), and other applicable transparency laws.

Intellectual property. You represent that any Synthetic Media you upload does not infringe the copyright, trademark, right of publicity, or other rights of any third party, including training-data claims. Upmos may remove Synthetic Media in response to valid DMCA notices or right-of-publicity claims under the same procedures set out in the DMCA & Intellectual Property section.

8. Community/Forum Guidelines

Upmos provides community features including forums, reviews, and messaging. All community interactions must comply with this Policy and the following standards:

Community Standards

• Be Respectful: Treat all community members with courtesy and respect, regardless of background or viewpoint
• Stay On-Topic: Keep discussions relevant to the forum, product, or service being discussed
• No Spam: Do not post repetitive content, unsolicited promotions, or irrelevant links
• No Harassment: Bullying, hate speech, threats, or personal attacks are prohibited
• No Doxxing: Never share another user’s private information (address, phone, real name) without consent
• Accurate Information: Do not deliberately spread false or misleading information
• Report Violations: Use the report function or contact support@upmos.com to flag policy violations

Moderation

Upmos moderators may remove content, issue warnings, or restrict community access for violations. Moderation decisions can be appealed via legal@upmos.com within 15 days.

For full community standards, see our Community Guidelines.

7. Artificial Intelligence

This section covers our ethical AI commitments and enforcement framework. For specific prohibited uses of AI features, see AI Products above.

We recognize the significant impact AI can have on our users and society, and we are dedicated to ensuring that our AI Products are designed and operated in a manner that aligns with comprehensive ethical standards. We aim to use AI to enhance user experiences while upholding fairness, transparency, and accountability principles.

This Policy applies to all AI-powered features, services, and systems in our Services. It governs the development, deployment, and use of AI technologies to protect users’ rights and maintain transparency in all AI operations. This Policy applies to all stakeholders, including employees, third-party vendors, and partners who contribute to or interact with our AI Products.

Enforcement

Any misuse of our AI Products or failure to adhere to the standards outlined in this Policy will result in appropriate actions to ensure the integrity of our platform and the protection of our users. The specific consequences for misuse of AI may vary depending on the nature and severity of the violation and the user’s history with our Services.

Violations may include, but are not limited to:

• Engaging the AI Products in ways that violate user privacy, manipulate data, disregard ethical guidelines, or are against AI Service Providers’ terms of use.
• Deploying AI in a manner that introduces or causes bias, leading to unfair treatment of users or groups.
• Improper handling, storage, or use of data by AI Products, leading to breaches of user trust and legal compliance.
• Using AI in a way that compromises the privacy and security of our systems, data, or users.

Depending on the violation, Upmos Inc. may take one or more of the following actions:

• WARNINGS: The responsible party may receive a formal warning and be required to cease violating practices.
• TEMPORARY SUSPENSION: In cases of repeated or more severe violations, the responsible individual’s access to AI Products or certain features may be temporarily suspended.
• TERMINATION OF ACCESS: Serious violations may lead to permanent termination of access to our AI Products and Services.
• LEGAL ACTION: In cases where the misuse of AI leads to significant harm, data breaches, or legal violations, we may pursue legal action.
• PUBLIC DISCLOSURE: For incidents that impact public trust or involve severe ethical breaches, we reserve the right to publicly disclose the violation and the actions taken.

Commitment to Responsible AI

We are deeply committed to repairing any harm caused by the misuse of AI. We will correct biased outcomes and implement additional safeguards to prevent future violations.

At Upmos Inc., we are committed to the ongoing refinement and enhancement of our Policy. As technology evolves and regulatory environments shift, we will regularly review and update our Policy to reflect technological advancements and legal changes.

9. Contributions

In this Policy, the term “Contributions” means:

• Any data, information, software, text, code, music, scripts, sound, graphics, photos, videos, tags, messages, interactive features, or other materials that you post, share, upload, submit, or otherwise provide in any manner on or through to the Services; or
• Any other content, materials, or data you provide to Upmos Inc. or use with the Services.

Some areas of the Services may allow users to upload, transmit, or post Contributions. We may but are under no obligation to review or moderate the Contributions made on the Services.

License Grant

By submitting a Contribution, you grant Upmos Inc. a worldwide, royalty-free, non-exclusive, sublicensable, transferable license to host, store, cache, reproduce, modify, create derivative works of, translate, publicly display, publicly perform, and distribute your Contribution in connection with operating, promoting, and improving the Services. You retain ownership of your Contribution. This license continues for so long as Upmos hosts the Contribution and survives termination to the extent necessary for backups, legal-retention copies, fraud investigations, and enforcement of rights. If you are a seller, this license extends to Upmos’s co-marketing of your product listings on third-party advertising channels, affiliate networks, and partner marketplaces under Upmos’s marketplace agreements. You waive, or where waiver is not permitted by law, agree not to enforce, any moral rights in your Contribution to the extent necessary to permit the exercise of this license.

You warrant that:

• You are the creator and owner of or have the necessary licenses, rights, consents, releases, and permissions to use and to authorize us, the Services, and other users of the Services to use your Contributions.
• All your Contributions comply with applicable laws and are original and true (if they represent your opinion or facts).
• The creation, distribution, transmission, public display, or performance, and the accessing, downloading, or copying of your Contributions do not and will not infringe the proprietary rights of any third party.
• You have the verifiable consent, release, and/or permission of each and every identifiable individual person in your Contributions to use the name or likeness of each and every such identifiable individual person.

You also agree that you will NOT post, transmit, or upload any Contribution that:

• Is in breach of applicable laws, regulation, court order, contractual obligation, this Policy, our Legal Terms, a legal duty, or that promotes or facilitates fraud or illegal activities.
• Is defamatory, obscene, offensive, hateful, insulting, intimidating, bullying, abusive, or threatening.
• Is false, inaccurate, or misleading.
• Includes child sexual abuse material, or violates any applicable law concerning child pornography or otherwise intended to protect minors.
• Contains any material that solicits personal information from anyone under the age of 18 or exploits people under the age of 18.
• Promotes violence, advocates the violent overthrow of any government, or incites, encourages, or threatens physical harm.
• Is obscene, lewd, lascivious, filthy, violent, harassing, libelous, slanderous, contains sexually explicit material, or is otherwise objectionable.
• Is discriminatory based on race, sex, religion, nationality, disability, sexual orientation, or age.
• Bullies, intimidates, humiliates, or insults any person.
• Promotes, facilitates, or assists anyone in promoting and facilitating acts of terrorism.
• Infringes, or assists anyone in infringing, a third party’s intellectual property rights or publicity or privacy rights.
• Is deceitful, misrepresents your identity or affiliation with any person.
• Contains unsolicited or unauthorized advertising, promotional materials, pyramid schemes, chain letters, spam, mass mailings, or other forms of solicitation.
• Misrepresents your identity or who the Contribution is from.

Prohibited Goods and Services

You may not use our Services to offer, present, promote, sell, give away or otherwise make available to others any good or service involving:

• Items that promote, encourage, facilitate, or instruct others how to engage in illegal activity
• Cigarettes
• Controlled substances and/or other products that present a risk to consumer safety, narcotics, steroids, drug paraphernalia
• Specific knives or other weapons regulated under applicable law
• Firearms, ammunition, or certain firearm parts or accessories
• Certain sexually oriented materials or services
• Certain items before the seller has control or possession of the item
• Prohibited products include bootlegs, fakes, or pirated copies of products or content
• Unauthorized intellectual property infringement
• Prohibited classes include explosives, toxic gases, substances liable to spontaneous combustion, infectious substances, and radioactive materials
• Hate speech and offensive content
• Gambling and lottery-related items
• Human parts and burial artifacts
• Stolen goods
• Products or services identified by government agencies to be highly likely to be fraudulent
• Any transaction or activity that requires pre-approval without having obtained said approval

10. Review and Ratings

When your Contribution is a review or rating, you also agree that:

• You have firsthand experience with the goods, services, or software being reviewed
• Your Contribution is true to your experience
• You are not affiliated with competitors if posting negative reviews (or linked in any way to, e.g., by being the owner or seller/manufacturer of, a product or service if posting positive reviews)
• You cannot make or offer any conclusions as to the legality of conduct
• You cannot post any false or misleading statements
• You do not and will not organize a campaign encouraging others to post reviews, whether positive or negative

FTC Compliance & Material Connections

In accordance with FTC Endorsement Guides (16 CFR Part 255), you must disclose any material connection to the seller, manufacturer, or Upmos when posting reviews. Material connections include:

• Receiving free or discounted products in exchange for a review
• Affiliate relationships or referral commissions
• Employment or contractor relationships with the seller
• Family or personal relationships with the seller

Review Integrity

• No incentivized reviews: Sellers may not offer compensation, discounts, or free products in exchange for positive reviews
• No review manipulation: Coordinated review campaigns, review swaps, or review-for-review schemes are prohibited
• Authenticity: All reviews must reflect genuine purchasing and usage experience
• Removal: Upmos reserves the right to remove reviews that violate these standards without notice

Review Integrity

Detailed rules on prohibited review behavior (incentivized reviews without disclosure, sock-puppet accounts, vote manipulation, retaliatory reviews, FTC endorsement-guideline requirements) are set out in the Review Integrity & Endorsement Policy. Detected manipulation may result in review removal, account suspension, or referral to law enforcement.

11. Reporting a Breach of This Policy

If you believe any Service, Content, or Contribution breaches this Policy, we encourage you to report it promptly.

How to Report

• Online Report Form: upmos.com/report (preferred method — allows attachments)
• Email: abuse@upmos.com
• Phone: 1-855-MERCHED (1-855-637-2433)

What to Include in Your Report

• URL or location of the offending Content or Contribution
• Description of the violation and which section of this Policy it breaches
• Screenshots or evidence (if applicable)
• Your contact information for follow-up

Response Timeline

• Acknowledgment: Within 24 hours
• Initial review: Within 3 business days
• Resolution or update: Within 10 business days

AI Feedback

Users can send detailed feedback on their interactions with our AI Products by emailing support@upmos.com. Include specific details about the AI interaction, the nature of the concern, and any relevant screenshots or documentation.

Confidentiality

All reports are treated as confidential. The identity of the reporter will not be disclosed to the reported user unless required by law or legal proceedings.

Specialized Reporting Channels

This Section covers reports of policy violations on the marketplace. For different categories of concern, use the dedicated channel:

• Whistleblower & Confidential Reporting Policy — confidential reporting of ethics, compliance, or corporate misconduct (anti-retaliation protections apply).
• Trust and Safety Policy — platform-integrity threats, coordinated abuse, account-takeover patterns.
• Content Moderation Policy — full takedown standards, appeals procedure, and notification timelines for moderated content.
• security@upmos.com — security vulnerabilities (see §33 Responsible Disclosure & Bug Bounty).

12. Consequences of Breaching This Policy

The consequences for violating our Policy will vary depending on the severity of the breach, the user’s history on the Services, and the potential harm to other users or the platform.

Graduated Enforcement

Immediate Action

We reserve the right to skip lower enforcement levels and take immediate action (including permanent termination and law enforcement referral) when:

• There is a genuine risk of harm to an individual or threat to public safety
• The violation involves illegal activity (e.g., sale of prohibited goods, fraud, CSAM)
• The user’s account shows patterns consistent with organized abuse

Liability Exclusion

We exclude our liability for all action we may take in response to any breaches of this Policy. Enforcement actions are taken in our sole discretion and are not subject to review except through the appeal process.

13. Complaints and Removal of Legitimate Content

If you consider that some Content or Contribution has been mistakenly removed or blocked from the Services, you may file a complaint using the methods below:

How to File a Complaint

• Email: legal@upmos.com with subject line “Content Removal Complaint”
• Online: upmos.com/report — select “Content Removal Appeal”
• Phone: 1-855-MERCHED (1-855-637-2433) (Mon–Fri, 9 AM–5 PM CST)

Review Process

• Acknowledgment: Within 2 business days of receipt
• Review period: Content will be reviewed within 10 business days
• Decision: Written notification of our decision, including the reason for removal or reinstatement
• During review: The Content or Contribution may remain “down” while we conduct the review process

Escalation

If you disagree with our decision, you may escalate by emailing legal@upmos.com with subject “Content Decision Appeal.” Escalated reviews are handled by a different team member within 15 business days.

14. Disclaimer of Warranties

Monitoring Disclaimer

Upmos Inc. is under no obligation to monitor users’ activities, and we disclaim any responsibility for any user’s misuse of the Services. Upmos Inc. has no responsibility for any user or other Content or Contribution created, maintained, stored, transmitted, or accessible on or through the Services, and is not obligated to monitor or exercise any editorial control over such material.

If Upmos Inc. becomes aware that any such Content or Contribution violates this Policy, Upmos Inc. may, in its sole discretion, remove such Content or Contribution, block your account, and report such breach to the police or appropriate regulatory authority.

“AS IS” Disclaimer

THE SERVICES ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED. To the fullest extent permitted by applicable law, Upmos Inc. disclaims all warranties, express or implied, including but not limited to:

• Implied warranties of merchantability
• Fitness for a particular purpose
• Non-infringement
• Accuracy, reliability, or completeness of any content or information
• Uninterrupted or error-free operation of the Services
• Freedom from viruses or other harmful components

No Guarantee

Upmos Inc. does not warrant that: (a) the Services will meet your specific requirements; (b) the Services will be available at any particular time or location; (c) any defects or errors will be corrected; or (d) the results of using the Services will meet your expectations. Your use of the Services is at your sole risk.

Third-Party Content

Unless otherwise stated in this Policy, Upmos Inc. disclaims any obligation to any person who has not entered into an agreement with Upmos Inc. for the use of the Services. We are not responsible for third-party content, products, or services offered through the marketplace.

3. Age Requirements

To create an account, make purchases, or sell on Upmos Services, you must be at least 18 years of age. By creating an account or transacting on the Services, you represent and warrant that you are at least 18 years old.

Users Ages 13–17: Minors between 13 and 17 years of age may browse the Services with verifiable parental or guardian consent, but may not create accounts, make purchases, or sell items without direct parent/guardian involvement. See our Children’s Online Privacy (COPPA) section for full details.

Users Under 13: The Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. See COPPA.

False age declarations are a violation of this Policy and may result in immediate account termination without refund. Parents or guardians who knowingly allow minors to use the Services in violation of these age requirements are responsible for monitoring such use and may be held liable for violations.

15. DMCA & Intellectual Property Rights

Upmos Inc. respects intellectual property rights and has adopted a policy of investigating and taking appropriate action against users who may infringe or assist in infringing the intellectual property rights of others under the Digital Millennium Copyright Act (“DMCA”), 17 U.S.C. § 512.

Designated Copyright Agent

Pursuant to 17 U.S.C. § 512(c)(2), Upmos Inc. has designated the following Copyright Agent to receive notifications of claimed infringement. S. Copyright Office at dmca.copyright.gov/osp, use the contact information below.

• Copyright Agent: Legal Department, Upmos Inc.
• Address: 9896 Bissonnet St, Houston, TX 77036, United States
• Email: dmca@upmos.com
• Phone: 1-855-MERCHED (1-855-637-2433)
• Online Form: upmos.com/dmca

Copyright Infringement Notices (Takedown Requests)

If you believe that content or material on the Services infringes your copyright, you may submit a written notification to the Designated Copyright Agent above. To be effective under 17 U.S.C. § 512(c)(3), your notice must include substantially the following:

• (i) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
• (ii) Identification of the copyrighted work claimed to have been infringed (or, if multiple works are covered by a single notice, a representative list);
• (iii) Identification of the material that is claimed to be infringing and information reasonably sufficient to permit us to locate the material (e.g., the URL);
• (iv) Information reasonably sufficient to permit us to contact you, including your name, address, telephone number, and email address;
• (v) A statement that you have a good-faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
• (vi) A statement, made under penalty of perjury, that the information in the notification is accurate and that you are the copyright owner or authorized to act on the owner’s behalf.

Counter-Notification

If you believe that material you posted was removed or disabled by mistake or misidentification, you may submit a counter-notification to our Designated Copyright Agent. To be effective under 17 U.S.C. § 512(g)(3), your counter-notification must include substantially the following six elements:

• (i) Your physical or electronic signature;
• (ii) Identification of the material that has been removed or to which access has been disabled, and the location at which the material appeared before it was removed or disabled;
• (iii) A statement under penalty of perjury that you have a good-faith belief that the material was removed or disabled as a result of mistake or misidentification of the material;
• (iv) Your name, address, and telephone number;
• (v) A statement that you consent to the jurisdiction of the Federal District Court for the judicial district in which your address is located, or, if your address is outside the United States, for any judicial district in which Upmos Inc. may be found; and
• (vi) A statement that you will accept service of process from the party who provided the takedown notice under 17 U.S.C. § 512(c)(1)(C), or an agent of such person.

Restoration Timeline

Upon receiving a valid counter-notification, we will promptly forward it to the original claimant and, unless the claimant files a legal action seeking a court order to restrain the allegedly infringing activity and provides Upmos with notice of such filing within 10–14 business days after we forward the counter-notification, we will restore the removed or disabled material (or cease disabling access to it) in a reasonable time.

Repeat Infringer Policy

Upmos terminates the accounts of users and sellers who are repeat copyright infringers, consistent with 17 U.S.C. § 512(i). A seller or user who receives three (3) separate substantiated takedown notices in a rolling 12-month period will be terminated from the Services. Before termination, Upmos will provide written notice of the strikes and a meaningful opportunity to appeal under the procedures described in Account Termination & Data Management. Egregious or willful infringement may result in immediate termination without prior strikes.

Trademark, Right of Publicity, and Other IP Claims

Claims of trademark infringement, right-of-publicity violations, or other non-copyright intellectual-property claims should be directed to legal@upmos.com. Include the same types of information required for a DMCA notice, tailored to the applicable legal basis.

16. Account Termination & Data Management

Account Termination Grounds

Upmos Inc. may TERMINATE or SUSPEND your account at any time, in our sole discretion, for the following reasons:

• Violation of this Acceptable Use Policy or Terms of Use
• Fraudulent activity or suspicious account behavior
• Repeated policy violations or complaints
• Inactivity for 24 consecutive months
• Age verification failure or false age declaration
• Non-compliance with payment obligations
• Account flagged by security systems for abuse

Inactive Account Policy

Accounts with no login activity for 24 months may be deactivated. Before deactivation, we will attempt to notify you at your registered email address. You have 30 days from notification to log in and reactivate your account.

Data Retention After Termination

After account termination:

• Active data retained for 90 days during appeal period
• Transaction records retained for 7 years (legal/tax compliance)
• Personal data deleted within 30 days after appeal period expires
• Anonymized usage data may be retained indefinitely for analytics
• Court orders or legal holds override deletion timelines

Data Export & Portability

Before account deletion, you may request a data export including:

• Your profile information
• Transaction history
• Messages and communications
• Uploaded content and files

Submit requests to: support@upmos.com with subject “Data Export Request”

Appeal Process

If your account is terminated, you have 30 days to appeal by:

• Emailing: legal@upmos.com
• Phone: 1-855-MERCHED (1-855-637-2433)
• Including detailed explanation and supporting documentation

We will respond within 15 business days with our decision.

17. Payment Fraud & Chargebacks

Payment Card Data Security (PCI DSS)

Upmos does not directly store, process, or transmit raw payment card data on its own servers. All credit and debit card transactions on the Services are handled by PCI DSS Level 1 certified third-party payment processors (including, without limitation, Airwallex, Stripe, PayPal, Braintree, Apple Pay, and Google Pay), each of whom is independently audited and assessed for compliance with the Payment Card Industry Data Security Standard (PCI DSS v4.0) published by the PCI Security Standards Council.

When you enter payment card information on the Services:

• Card data is collected directly by the payment processor through a PCI-compliant hosted field, iframe, or SDK, and is never transmitted to Upmos servers in its raw form.
• Upmos receives only a tokenized reference (a non-reversible identifier) and non-sensitive metadata (last four digits, card brand, expiry month/year, billing ZIP) necessary to display the payment method and reconcile transactions.
• Full cardholder data (PAN, CVV/CVC/CID, full track data, PIN, and PIN block) is never stored by Upmos in any form, consistent with PCI DSS Requirement 3.
• All card-data transmission uses TLS 1.2 or higher (we target TLS 1.3 where supported), consistent with PCI DSS Requirement 4 and NIST SP 800-52 Rev. 2.
• Upmos maintains a Self-Assessment Questionnaire (SAQ A) where applicable for merchants that fully outsource cardholder data functions, and annually reviews its processor attestations of compliance (AOC).

Wallet, ACH, and Alternative Payment Methods

Digital wallets (Apple Pay, Google Pay), ACH/bank-transfer providers, and buy-now-pay-later services operate under their own regulatory and security frameworks, including the Electronic Fund Transfer Act (EFTA), Regulation E (12 C.F.R. Part 1005), and Nacha Operating Rules. Upmos does not retain bank account numbers or routing numbers beyond what is necessary for transaction settlement and required record retention.

Cryptocurrency and Digital Asset Payments

Where cryptocurrency payments are supported, transactions are processed through regulated money services businesses (MSBs) registered with FinCEN and, where applicable, licensed under state money-transmitter regimes and the New York DFS BitLicense. Upmos does not hold custody of user crypto funds outside the settlement window and complies with applicable Bank Secrecy Act (BSA), Travel Rule (31 C.F.R. § 1010.410), and IRS Form 1099-DA reporting obligations.

Breach Notification

In the unlikely event of a payment-data or personal-data incident affecting Upmos systems, Upmos will investigate promptly and provide notice to affected users and applicable regulators in accordance with state breach-notification laws (including the NY SHIELD Act, CA Civ. Code § 1798.82, and analogous statutes in all 50 U.S. states, D.C., and U.S. territories), the GDPR Article 33/34 72-hour notification regime, and applicable PCI DSS and card-brand incident-response requirements.

Fraud Prevention

Upmos Inc. implements multiple fraud detection systems including:

• Automated transaction monitoring and anomaly detection
• Identity verification for high-value transactions
• Address verification system (AVS) checks
• Card security code (CVV) validation
• Velocity checks (unusual purchase patterns)

Suspicious Activity

Transactions may be flagged for review if:

• Multiple failed payment attempts
• Mismatched billing/shipping addresses
• High-value purchase from new account
• Purchase patterns inconsistent with account history
• Use of known compromised payment methods

Chargeback Process

For Buyers: If you don’t recognize a charge:

• Step 1: Contact seller directly through Upmos (most issues resolved here)
• Step 2: File dispute with Upmos within 60 days of transaction
• Step 3: If unresolved, you may file chargeback with your bank

For Sellers: If a chargeback is filed against you:

• You will be notified within 48 hours
• You have 7 days to submit evidence (tracking, proof of delivery, communications)
• Upmos will represent your case to payment processor
• Funds may be held during investigation (15-90 days)

Chargeback Fees

• Sellers may be charged $15-25 per chargeback (varies by processor)
• Excessive chargebacks (>1% of transactions) may result in account suspension
• Fraudulent chargebacks reported to credit bureaus and law enforcement

Fraud Reporting

Report suspected fraud to:

• Email: fraud@upmos.com
• Phone: 1-855-MERCHED (1-855-637-2433) (24/7 fraud hotline)

Related Payment-Risk Policies

This Section operates together with the following payment-risk and financial-crime policies:

• Chargeback Policy — how credit/debit-card chargebacks interact with marketplace dispute resolution and the binding-arbitration clause in §28.
• Anti-Money-Laundering and Know-Your-Customer Policy — identity verification, suspicious-activity reporting, FinCEN obligations.
• OFAC and Sanctions Compliance Policy — Specially Designated Nationals screening, embargoed-country block, prohibited transactions.
• PCI DSS & Data Security Policy — full PCI DSS v4.0 program description and merchant compliance attestations.

18. Escrow & Refund Policy

The following escrow protections apply to peer-to-peer marketplace transactions on Upmos. For direct retail purchases from Upmos Inc., standard return and refund policies apply as described in our Refund & Returns Policy.

Escrow Protection

All peer-to-peer marketplace transactions on Upmos are protected by escrow:

• Buyer’s payment is held by Upmos until delivery confirmation
• Seller receives payment only after buyer receives item (or 3 days post-delivery)
• If dispute arises, funds remain in escrow until resolution

Refund Windows

Buyers may request refunds within:

• Physical goods: 30 days from delivery date
• Digital goods/services: 14 days from purchase (if not used/downloaded)
• Custom/personalized items: 7 days (if defective or not as described)
• Services: Before service delivery begins

Refund Eligibility

Refunds are issued if:

• Item significantly different from description
• Item arrives damaged or defective
• Item never arrives (after tracking confirms non-delivery)
• Seller cancels order after payment
• Seller violates Upmos policies

Non-Refundable Items

The following are NOT eligible for refunds:

• Items damaged by buyer negligence
• Items used beyond “try-on” or inspection purposes
• Perishable goods past expiration
• Gift cards or prepaid credits
• Downloadable digital content after download
• Custom items made to buyer specifications (unless defective)

Refund Processing Times

• Approval: Within 5 business days of return received
• Bank processing: 5-10 business days after approval
• Total time: Up to 15 business days

Return Shipping

• Buyer pays return shipping unless item defective or not as described
• Seller must provide return address within 24 hours of refund request
• Items must be returned in original condition with tags/packaging

For refund requests, contact: refunds@upmos.com

19. Dispute Resolution & Timelines

General Dispute Process

If you have a dispute with another user or with Upmos Inc., follow these steps:

Step 1: Initial Complaint

Timeline: Submit within 30 days of the incident

• Contact us through: https://upmos.com/report
• Include detailed description, dates, transaction IDs, and evidence
• Expected response: 3 business days

Step 2: Investigation

Timeline: Investigation period is 15 business days

• We will review all evidence from both parties
• May request additional documentation
• Both parties notified at business day 7 and day 14

Step 3: Resolution & Decision

Timeline: Final decision within 30 business days

• Written decision sent to both parties
• If you disagree, you have 10 business days to appeal
• Appeal reviewed by different team (48-72 hour response)

Transaction Disputes

For buyer-seller disputes:

• Dispute must be filed within 60 days of transaction
• Initial resolution attempt: 10 business days
• If unresolved, escalation to Upmos arbitration: 20 business days
• Refunds processed within 5-10 business days after resolution

Definitions

• Business days: Monday-Friday, excluding Upmos holidays
• Calendar days: All days including weekends
• Days count from: Date complaint received in our system

Contact for Disputes

• Email: disputes@upmos.com
• Report Portal: https://upmos.com/report
• Phone: 1-855-MERCHED (1-855-637-2433) (Mon-Fri, 9AM-5PM CST)

20. Data Protection & Privacy Compliance

Data Security

Upmos Inc. is committed to protecting your personal data. We implement industry-standard security measures including encryption, access controls, and regular security audits.

Data Retention Policy

We retain your data only as long as necessary for:

• Active account use: Retained during account activity
• Legal obligations: 7 years for tax/financial records
• Dispute resolution: Until disputes fully resolved + 1 year
• Security/fraud investigation: Up to 2 years
• Marketing/analytics: Anonymized data retained indefinitely

Your Data Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your data (except legal holds)
• Portability: Request export of data in standard format
• Opt-out: Unsubscribe from marketing communications anytime

Data Breach Notification

Upmos will notify affected users and, where applicable, regulators of a personal data breach as required by law. This includes:

• (a) Supervisory authorities under GDPR Art. 33 within 72 hours of becoming aware of a personal data breach (and affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms);
• (b) Texas residents and the Texas Attorney General under Tex. Bus. & Com. Code § 521.053 without unreasonable delay (generally within 60 days of discovery, subject to law-enforcement requests to delay);
• (c) California residents under Cal. Civ. Code § 1798.82 in the most expedient time possible and without unreasonable delay;
• (d) New York residents under the NY SHIELD Act (Gen. Bus. Law § 899-aa) and, where applicable, the NY Department of Financial Services; and
• (e) Residents of other US states as required by applicable state breach-notification laws, including those of Illinois, Massachusetts, Washington, Florida, and others.

Notifications will describe, to the extent known, the nature of the breach, the categories of data affected, the likely consequences, the measures taken or proposed to address the breach, and steps affected individuals may take to protect themselves.

Third-Party Data Sharing

Upmos does not sell personal information for monetary consideration. Certain data transfers to advertising, analytics, and measurement partners may, however, qualify as a “sale” or “sharing” under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) and analogous state laws. You may opt out of such transfers at upmos.com/do-not-sell or by enabling the Global Privacy Control (GPC) signal in your browser. We only share data with:

• Service providers and processors (payment processors, hosting, analytics, customer support) under written data-processing agreements;
• Legal or law-enforcement authorities when required by law, subpoena, or court order;
• Third parties with your explicit consent for specific purposes; and
• In connection with a corporate transaction (merger, acquisition, asset sale), subject to continuing confidentiality obligations.

Privacy Policy

For complete privacy details, please review our Privacy Policy

Data Protection Contact

• Email: privacy@upmos.com
• Data Protection Officer: dpo@upmos.com

Related Privacy & Compliance Documents

The full data-collection, use, retention, and rights framework is described in the dedicated privacy documents:

• Privacy Policy — primary disclosure of data categories, sources, recipients, retention, and security.
• CCPA/CPRA Compliance Policy + U.S. State Privacy Rights Notices + California Consumer Notice — state-specific rights to know, delete, correct, opt-out of sale/share, and limit use of sensitive PI.
• GDPR Compliance Policy + UK GDPR Notice + PIPEDA Notice (Canada) — non-U.S. rights of access, rectification, erasure, restriction, portability, objection.
• New York SHIELD Act Compliance Statement — reasonable-security and breach-notification obligations for NY residents.
• Security & Breach Notification Policy — incident response procedure and required-notification timeline.
• Data Processing Agreement + Sub-Processors — controller/processor terms for B2B users and authorized sub-processor list.

21. Jurisdiction-Specific Compliance

European Union (GDPR)

For users in the European Economic Area (EEA) and Switzerland, Upmos Inc. complies with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the Swiss Federal Act on Data Protection (revFADP), as applicable. You have the following rights, exercisable by contacting privacy@upmos.com or dpo@upmos.com:

• Right to Access (Art. 15): receive a copy of your personal data within 30 days;
• Right to Rectification (Art. 16): correct inaccurate or incomplete data;
• Right to Erasure / “Right to Be Forgotten” (Art. 17);
• Right to Restriction of Processing (Art. 18);
• Right to Data Portability (Art. 20): receive your data in a structured, machine-readable format;
• Right to Object (Art. 21), including to direct marketing;
• Rights in relation to Automated Decision-Making and Profiling (Art. 22);
• Right to withdraw consent at any time where processing is based on consent; and
• Right to lodge a complaint with a supervisory authority in your Member State.

International Data Transfers — DPF and SCCs

Transfers of personal data from the EEA, the United Kingdom, or Switzerland to the United States are made pursuant to the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and/or the Swiss-US Data Privacy Framework where Upmos is self-certified, and/or under the Standard Contractual Clauses set out in Commission Implementing Decision (EU) 2021/914 (Modules 1–4 as applicable), together with the UK International Data Transfer Addendum issued by the UK ICO. Upmos applies supplementary technical and organizational measures (including encryption in transit and at rest, access controls, and transfer impact assessments) as described in our Privacy Policy.

EU Representative (Art. 27 GDPR)

Upmos Inc. has appointed an EU Representative pursuant to Article 27 of the GDPR. You may contact our EU Representative for any questions relating to the processing of your personal data:

• VeraSafe Ireland Ltd.
• Unit 3D North Point House, North Point Business Park, New Mallow Road, Cork, T23 AT2P, Ireland
• Email: eu-rep@upmos.com
• Web form: verasafe.com/privacy-services/contact-article-27-representative

United Kingdom (UK GDPR)

For users in the United Kingdom, Upmos complies with the UK General Data Protection Regulation and the Data Protection Act 2018, which provide substantially the same rights as the EU GDPR.

UK Representative (Art. 27 UK GDPR)

• VeraSafe United Kingdom Ltd.
• 37 Albert Embankment, London, SE1 7TL, United Kingdom
• Email: uk-rep@upmos.com

UK users may also lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.

California (CCPA/CPRA)

For California residents, under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), you have the rights to:

• Know / Access the categories and specific pieces of personal information we collect, the sources, business purposes, and categories of recipients;
• Delete personal information we have collected about you, subject to statutory exceptions;
• Correct inaccurate personal information;
• Opt Out of Sale or Sharing of personal information;
• Limit Use and Disclosure of Sensitive Personal Information;
• Data Portability; and
• Non-Discrimination for exercising these rights.

Upmos does not sell personal information for monetary consideration. Certain data transfers to advertising and analytics partners may qualify as a “sale” or “sharing” under the CCPA/CPRA. You may opt out at upmos.com/do-not-sell or by enabling the Global Privacy Control (GPC) signal in your browser. To submit requests, email privacy@upmos.com or call 1-855-MERCHED (1-855-637-2433). You may designate an authorized agent to act on your behalf, subject to verification.

Texas (TDPSA)

For Texas residents, under the Texas Data Privacy and Security Act, Tex. Bus. & Com. Code § 541.001 et seq. (“TDPSA”) — the law of Upmos’s home state — you have the right to:

• Access the personal data we process about you;
• Correct inaccuracies;
• Delete personal data;
• Port your data in a portable, machine-readable format; and
• Opt out of (i) targeted advertising, (ii) the sale of personal data, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects.

You may exercise these rights through upmos.com/do-not-sell or by contacting privacy@upmos.com. Upmos will respond within 45 days (extendable by 45 days where reasonably necessary). If we decline a request, you may appeal to privacy-appeal@upmos.com; if the appeal is denied, you may contact the Texas Attorney General. Upmos honors the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and targeted advertising for Texas residents.

Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA)

For residents of Virginia (Virginia Consumer Data Protection Act), Colorado (Colorado Privacy Act), Connecticut (Connecticut Data Privacy Act), and Utah (Utah Consumer Privacy Act), Upmos provides a common framework of rights:

• Access your personal data;
• Correct inaccuracies (not available under the Utah UCPA);
• Delete personal data;
• Data portability in a commonly used, machine-readable format;
• Opt out of the sale of personal data, targeted advertising, and profiling in furtherance of decisions that produce legal or similarly significant effects (Utah’s scope is narrower and does not include a right to opt out of profiling or a right to correct); and
• Right to appeal a refusal to act on a request (Utah does not provide an internal appeal right but permits complaints to the Utah Division of Consumer Protection).

Submit requests at upmos.com/do-not-sell or by emailing privacy@upmos.com. Colorado and Connecticut residents may use universal opt-out mechanisms, including the Global Privacy Control, to opt out of sale and targeted advertising; Upmos will honor recognized signals as required by applicable state law.

Illinois (BIPA), Texas (CUBI), and Biometric Information

Upmos does not collect or use face geometry, fingerprint, voiceprint, iris/retina scans, or other biometric identifiers for purposes of identifying an individual as part of the core Services. Where any Upmos feature (current or future) would collect biometric identifiers or biometric information within the meaning of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001) (“CUBI”), or the Washington biometric statute (RCW 19.375), Upmos will: (i) provide a written notice, (ii) obtain separate written consent, (iii) publish a retention and destruction schedule, and (iv) not sell, lease, trade, or otherwise profit from the biometric data. Sellers and third-party developers using AI Products on our platform must independently comply with BIPA, CUBI, and analogous state biometric laws before collecting any biometric data from Upmos users.

Washington (My Health My Data Act) and Consumer Health Data

For residents of Washington and users whose data is covered by the Washington My Health My Data Act (RCW 19.373) (“MHMDA”), the analogous Nevada SB 370, and the Connecticut CTDPA health-data amendment, Upmos applies heightened protections to “consumer health data”, which includes data that identifies a consumer’s past, present, or future physical or mental health status. Specifically, Upmos will: (i) obtain separate, affirmative consent before collecting or sharing consumer health data; (ii) post a standalone Consumer Health Data Privacy Policy where required; (iii) honor rights to access, delete, and withdraw consent; and (iv) prohibit the use of geofences around any “in-person health-care facility” to identify, track, or send notifications to consumers. Upmos does not knowingly sell consumer health data.

Additional US State Privacy Laws

Upmos extends substantially equivalent consumer privacy rights (access, correction, deletion, portability, opt-out of sale/targeted advertising/profiling, and appeal) to residents of all US states that have enacted comprehensive consumer-privacy statutes, including: Texas (Texas Data Privacy and Security Act, TDPSA), Oregon (Oregon Consumer Privacy Act, OCPA), Montana (Montana Consumer Data Privacy Act, MCDPA), Tennessee (Tennessee Information Protection Act, TIPA), Delaware (Delaware Personal Data Privacy Act, DPDPA), New Hampshire (New Hampshire Privacy Act), New Jersey (NJDPA), Iowa (Iowa Consumer Data Protection Act), Indiana (INCDPA), Kentucky (Kentucky Consumer Data Protection Act), Maryland (Maryland Online Data Privacy Act, MODPA), Minnesota (Minnesota Consumer Data Privacy Act), Nebraska (Nebraska Data Privacy Act), and Rhode Island. Residents of these states may exercise their rights via upmos.com/do-not-sell or by emailing privacy@upmos.com. Where a state law imposes stricter requirements (such as an opt-in consent standard for sensitive data under MODPA, OCPA, or the NJDPA), Upmos applies the stricter standard to residents of that state.

New York SHIELD Act & Breach Notification

Consistent with the New York Stop Hacks and Improve Electronic Data Security Act (NY SHIELD Act, Gen. Bus. Law § 899-aa/bb) and the breach-notification laws of all 50 US states and the District of Columbia, Upmos maintains reasonable administrative, technical, and physical safeguards to protect private information and will notify affected residents and applicable regulators without unreasonable delay following discovery of a qualifying security breach, in accordance with each jurisdiction’s timing and content requirements.

Children & Teen Protections (California AADC, UK AADC, COPPA)

Upmos is a general-audience platform not directed to children under 13 within the meaning of the Children’s Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501 et seq.; 16 C.F.R. Part 312). For users whom we know or reasonably should know are minors, Upmos applies the data-minimization, default-privacy, and profile-limitation principles of the California Age-Appropriate Design Code Act (Cal. Civ. Code §§ 1798.99.28 et seq., “CA AADC”), the UK Age Appropriate Design Code, and the Kids Online Safety Act (KOSA) where applicable. Upmos does not use minors’ personal information for targeted advertising, does not sell minors’ data, and applies the highest available privacy settings by default.

Global Privacy Control (GPC)

Upmos recognizes the Global Privacy Control (GPC) browser signal as a valid opt-out of sale and sharing of personal information for all US state privacy laws that require honoring such signals, including the CCPA/CPRA (California), CPA (Colorado), CTDPA (Connecticut), and TDPSA (Texas). When Upmos detects a GPC signal from your browser, we will treat it as a request to opt your browser or device out of “sale” and “sharing” and of targeted advertising. Authenticated users may also apply the opt-out to their account by visiting upmos.com/do-not-sell.

Other Jurisdictions

Upmos complies with applicable data protection laws in all jurisdictions where we operate, including the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil’s Lei Geral de Proteção de Dados (LGPD), and Japan’s Act on the Protection of Personal Information (APPI), among others. For region-specific privacy inquiries, contact: privacy@upmos.com.

EU Digital Services Act (DSA)

For users in the European Union, Upmos complies with the Regulation (EU) 2022/2065 (the Digital Services Act). The EU DSA Compliance Statement describes our notice-and-action mechanism, internal complaint handling, out-of-court dispute settlement, transparency reporting, and the single point of contact for EU authorities. The periodic Marketplace Transparency Report presents DSA-style metrics on content actions, account suspensions, and law-enforcement requests.

22. Force Majeure & Service Interruption

Force Majeure Events

Upmos Inc. shall not be liable for delays or failures in performance resulting from events beyond our reasonable control, including:

• Natural disasters (earthquakes, floods, hurricanes, wildfires, tornadoes);
• Acts of war, terrorism, or civil unrest;
• Government actions, sanctions, or embargoes;
• Pandemics or public health emergencies;
• Internet or telecommunications failures;
• Power outages or utility failures;
• Cyberattacks, ransomware, or denial-of-service events;
• Cloud-service or CDN outages (including failures of third-party infrastructure providers such as AWS, Google Cloud, Azure, Cloudflare, or upstream DNS providers);
• Supply chain disruptions affecting inventory, components, or fulfillment;
• Sanctions or embargoes affecting payment processors, banks, or shipping carriers;
• Labor strikes, lockouts, or industrial disputes.

Service Interruption Notification

In the event of service disruption:

• Immediate: Status updates posted at upmos.com
• Within 2 hours: Email notification to active users
• Within 24 hours: Estimated restoration time provided
• Post-restoration: Incident report published within 72 hours

Suspension of Obligations

During force majeure events:

• Payment processing deadlines may be extended
• Seller shipping requirements suspended
• Dispute resolution timelines paused
• Subscription renewals delayed until service restoration
• No penalties assessed for delays caused by force majeure

Planned Maintenance

Scheduled maintenance will be announced 7 days in advance via email and site banner. We aim for 99.9% uptime excluding planned maintenance.

Service Credits

For paid subscribers, if service is unavailable for more than 24 consecutive hours (excluding planned maintenance), you may be eligible for service credits. Contact support@upmos.com within 30 days.

23. Frequently Asked Questions (FAQ)

Below are answers to common questions about this Acceptable Use Policy, organized by topic. For questions not covered here, contact support@upmos.com or call 1-855-MERCHED (1-855-637-2433).

Account & Access

Violations & Enforcement

Refunds & Payments

Reporting Issues

Privacy & Data

Sellers

Technical Issues

24. API & Developer Terms

Effective Date: March 1, 2026  |  API Version: v1  |  Last Updated: May 19, 2026

Quick Navigation

• Overview & Purpose
• When Would You Use the API?
• Definitions
• Access & Authentication
• API Response Standards
• Rate Limits & Quotas
• HTTP Status Codes Reference
• API Endpoints Overview
• License Grant & Restrictions
• Data Usage & Privacy
• Security Requirements
• API Service Level Agreement
• Versioning & Deprecation
• SDK & Client Libraries
• Sandbox & Testing
• Webhook Events & Delivery
• Prohibited Uses
• Contact & Support
• Developer Support Tiers

Overview & Purpose

These API & Developer Terms (“API Terms”) govern your access to and use of the Upmos Marketplace Application Programming Interfaces (APIs), software development kits (SDKs), webhooks, developer documentation, and related tools and services (collectively, the “Go APIs” or “Vendor API Access” as listed in the Advertising & Sponsored Products Terms §8.1). By accessing or using any Go API, you agree to be bound by this Section, the Marketplace Participation Agreement (MPA), the Non-Disclosure & Confidentiality Agreement, and all related policies.

Upmos Entity: Upmos Services LLC, 9896 Bissonnet St, Houston TX 77036, USA
Contact: developers@upmos.com · 1-855-MERCHED (1-855-637-2433)
Developer Portal: developers.upmos.com

When Would You Use the Go API?

The Go API — formally listed as Vendor API Access in the Go Partner Program (§8.1) — is an optional, Tier 2 add-on. It is not required to sell on Upmos. Most sellers manage their store entirely through the Bloom Dashboard. The API becomes valuable when you need to automate, integrate, or scale beyond what the dashboard provides.

Who Uses the API?

Common Scenarios: When to Opt Into API Access

Do You Need the API?

How to Get Started

1. Enroll in the Go Partner Program (§8.1 of the Advertising & Sponsored Products Terms) to subscribe to Vendor API Access ($1,495/year).
2. Accept this Section. Continued use constitutes acceptance.
3. Get API keys from the Bloom Dashboard → Settings → API & Integrations.
4. Review plan: 2.5M GET calls/month included; overages $0.30 per 500 calls.
5. Start in sandbox: Test at sandbox-api.upmos.com with test data.
6. Go live: Switch to api.upmos.com after verification.
7. Need help? Basic support (free) or Premium support ($29/month) — see Developer Support Tiers below.

API vs. Dashboard — Quick Comparison

Definitions

• API: Application Programming Interface — protocols and tools that enable software to communicate with the Upmos Marketplace platform.
• API Key: A unique identifier and secret-token pair issued to authenticated developers/sellers.
• OAuth 2.0: The authorization framework used by Go APIs for delegated access and token-based authentication.
• Webhook: An HTTP callback that delivers real-time notifications when specific events occur (e.g., order placed, shipment updated).
• SDK: Software Development Kit — libraries, code samples, documentation, and tools provided by Upmos to facilitate integration.
• Sandbox Environment: A testing environment that mirrors production without affecting real data, orders, or transactions.
• Rate Limit: The maximum number of API requests permitted per unit of time.
• Throttling: Automatic reduction of API processing speed when rate limits are approached or exceeded.
• Idempotency Key: A unique identifier attached to API requests to ensure the same operation is not executed multiple times due to retries.
• Third-Party Developer: An individual or entity that builds applications using the Go APIs on behalf of sellers, but who is not themselves an Upmos seller.
• CORS: Cross-Origin Resource Sharing — a security mechanism that controls which web domains may make requests to the Go API from browser-based applications.
• Pagination: The method of dividing large API result sets into smaller pages (cursor-based or offset-based).
• OpenAPI Specification: The machine-readable API contract (formerly Swagger) documenting all endpoints, parameters, and schemas.
• Endpoint: A specific URL path (e.g., /api/v1/products) that provides access to a resource or action.
• Burst Limit: The maximum requests allowed in a 1–2 second window before throttling applies, separate from sustained rate limits.

Access & Authentication

Eligibility

• API access requires an active Upmos seller account in good standing.
• Third-Party Developers must register in the Upmos Developer Program and complete an application review (5–10 business days).
• All API users must accept this Section and the NDA before API keys are issued.

Authentication Methods

API Key Security

• Store API keys and secrets in environment variables, secrets managers, or encrypted vaults. Hardcoding credentials in source code is prohibited.
• API keys must never be exposed in client-side code, browser JavaScript, mobile app bundles, or public repositories (GitHub, GitLab, etc.).
• Sellers must rotate API keys at least annually and immediately upon suspected compromise.
• Upmos continuously scans public repositories for exposed keys and will automatically revoke compromised credentials with notification.
• Each integration should use a separate API key. Sharing keys across multiple applications or sellers is prohibited.

API Response Standards

Response Format

• All responses are JSON (Content-Type: application/json; charset=utf-8).
• UTF-8 text encoding. Non-ASCII characters returned as native Unicode.
• Dates/times use ISO 8601 (YYYY-MM-DDTHH:mm:ssZ) in UTC unless otherwise specified.
• Monetary values are integers in the smallest currency unit (cents for USD); a currency field accompanies all monetary fields.
• Booleans use true/false (not 0/1 or strings).
• Null fields are included explicitly with null values rather than being omitted.

Pagination

• List endpoints use cursor-based pagination by default for consistency across large datasets.
• Each paginated response includes: data (array), has_more (boolean), next_cursor (string).
• Default page size: 25 items. Maximum: 100 items (set via ?limit=).
• Legacy offset pagination (?page=&per_page=) is available but deprecated. Migrate to cursor-based by December 2027.

CORS Policy

• Browser-based applications must register their domains in the Developer Portal.
• Preflight (OPTIONS) requests are handled automatically. Allowed methods: GET, POST, PUT, PATCH, DELETE.
• Credentials supported for OAuth-authenticated browser sessions.
• Wildcard origins (*) are never permitted for authenticated endpoints.

Request Standards

• Request bodies must use JSON with Content-Type: application/json.
• File uploads use multipart/form-data, maximum 50 MB.
• All mutating requests (POST/PUT/PATCH/DELETE) should include an Idempotency-Key header.
• Query parameters use snake_case (e.g., ?created_after=2026-01-01).
• Array query parameters use bracket notation: ?status[]=active&status[]=pending.

OpenAPI Specification

• Complete spec in OpenAPI 3.1 format at developers.upmos.com/openapi.json.
• Interactive documentation with “Try It” functionality at the Developer Portal.
• Use OpenAPI Generator or similar tools to generate client libraries from the spec.

Rate Limits & Quotas

Standard Rate Limits

Rate Limiting Mechanism — Token Bucket

The Go API uses a token bucket algorithm — the industry-standard mechanism used by Amazon SP-API, Azure API Management, and other major cloud platforms.

Rate Limit Headers

Every API response includes:

• X-RateLimit-Limit — maximum requests in the current window
• X-RateLimit-Remaining — requests remaining
• X-RateLimit-Reset — Unix timestamp when the window resets
• Retry-After — seconds to wait (only when rate limited)

Rate Limit Exceeded (HTTP 429)

• HTTP 429 includes a Retry-After header. Implement exponential backoff with jitter; linear retry is discouraged.
• Persistent violations (>100 429 responses/hour) may result in temporary API suspension.

Quota Increases

• Higher rate limits may be requested via the Developer Portal or developers@upmos.com.
• Evaluated based on use case, historical usage, and account standing.
• Approved increases take effect within 3 business days.

HTTP Status Codes Reference

All error responses include a JSON body with error_code, message, and request_id for debugging.

Success Codes

Client Error Codes

Server Error Codes

Error Response Format

• error_code — machine-readable identifier (e.g., INVALID_PARAMETER, RATE_LIMITED)
• message — human-readable description
• request_id — unique identifier for support debugging
• errors (optional) — field-level validation errors
• documentation_url (optional) — link to relevant docs

API Endpoints Overview

All endpoints are accessed via https://api.upmos.com/v1/ (production) or https://sandbox-api.upmos.com/v1/ (sandbox).

Bulk Operations

• Bulk-supporting endpoints accept up to 1,000 items per request.
• Processed asynchronously; returns a job_id for status via /v1/jobs/{job_id}.
• Bulk product imports support CSV, JSON, and XML.
• Bulk results available for download for 7 days after completion.

License Grant & Restrictions

Subject to your compliance with this Section, Upmos grants you a limited, non-exclusive, non-transferable, non-sublicensable, revocable license to access and use the Go APIs solely for the purpose of integrating with the Upmos Marketplace in connection with your seller account or authorized Third-Party Developer application.

Restrictions

• No Resale: You may not sell, lease, sublicense, or otherwise commercialize access to the Go APIs themselves.
• No Competitive Use: You may not use the Go APIs to build, operate, or market a competing marketplace platform.
• No Circumvention: No circumventing platform fees, referral fees, rate limits, or security controls.
• No Reverse Engineering: You may not reverse engineer, decompile, or attempt to derive source code.
• No Misrepresentation: No implying endorsement, partnership, or affiliation beyond your actual relationship.
• Attribution: Applications using the Go APIs must include “Powered by Upmos Marketplace API” in a reasonably visible location.

Data Usage & Privacy

Data You May Access

• Your Seller Data: Product listings, orders, inventory, pricing, performance metrics, and account information for your seller account.
• Buyer Data (Limited): Order-specific buyer information (name, shipping address) solely for fulfillment. No buyer data may be stored beyond 90 days after order completion unless required by law.
• Marketplace Data: Category information, fee schedules, and other publicly available marketplace reference data.

Data Usage Restrictions

• Data obtained through the APIs may only be used in connection with the Upmos Marketplace and the authorized Purpose.
• You may not sell, share, or transfer data to any third party (except shipping carriers for fulfillment).
• You may not aggregate, anonymize, or de-identify buyer data for use outside the Upmos ecosystem.
• Comply with GDPR, CCPA, and all applicable privacy laws (see Privacy Policy and §20 above).
• Implement a retention policy that deletes buyer personal data within 90 days of order completion, unless a longer retention is legally required.
• If a buyer exercises their right to deletion under GDPR or CCPA, Upmos will notify you via webhook; you must delete the relevant data within 30 days.

PCI DSS Compliance

The Go APIs do not expose payment card data. All payment processing is handled by Upmos’s PCI DSS Level 1 certified payment processors (see §17 above). Developers must not attempt to capture, store, or intercept payment card information through any integration.

Security Requirements

Mandatory Security Practices

• HTTPS Only: TLS 1.2 or higher required. HTTP rejected.
• Webhook Verification: All payloads include HMAC-SHA256 signature in X-Upmos-Signature. Verify before processing.
• Input Validation: All data must be validated and sanitized. SQL injection, XSS, and other injection attacks are monitored.
• Secure Storage: Tokens, keys, and secrets stored in encrypted form (AES-256 or equivalent) at rest.
• Audit Logging: Maintain logs of all API interactions for a minimum of 12 months (timestamps, endpoints, response codes).
• Dependency Management: Keep all SDKs and libraries current. Known vulnerabilities must be patched within 30 days.

Compliance & Certifications

• SOC 2 Type II reports available under NDA to Booming, Reserve, and Loyalty plan sellers on request.
• Data Processing Agreement (DPA) available at /dpa/ for GDPR compliance.
• Annual third-party penetration testing; summary findings shared in the Developer Portal security center.

Vulnerability Reporting

• Upmos operates a Responsible Disclosure Program (see §33 below).
• Report to security@upmos.com.
• Do not exploit or publicly disclose vulnerabilities before Upmos has had a reasonable opportunity to remediate (minimum 90 days).
• Valid reports may be eligible for recognition in Upmos’s Security Hall of Fame.

API Service Level Agreement

Uptime Commitment

Service Credits

• 99.0%–99.9%: 10% credit on that month’s API charges.
• 95.0%–99.0%: 25% credit.
• Below 95.0%: 50% credit.
• Credit requests must be submitted within 30 days of the affected month via the Developer Portal.

Maintenance Windows

• Planned Maintenance: 72 hours’ advance notice via Developer Portal, status page, and email. Typically Tuesdays 2:00–6:00 AM CT.
• Emergency Maintenance: Communicated as soon as practicable; rolling deployments minimize impact.
• Status Page: status.upmos.com

Versioning & Deprecation

API Versioning

• URL-based versioning (/api/v1/, /api/v2/).
• Each major version is supported for at least 24 months after the next major release.
• Minor and patch updates are backward-compatible.

Deprecation Policy

• 12-Month Notice: Before deprecating any major version.
• 6-Month Notice: For individual endpoint deprecation within a supported version.
• Deprecated endpoints include Sunset and Deprecation HTTP headers.
• Migration documentation and code examples provided for all deprecations.
• Booming plan sellers receive dedicated migration assistance from Developer Relations.

Breaking Changes (require a new major version)

• Removal/renaming of existing endpoints, fields, or parameters.
• Changes to response structure or data types of existing fields.
• Changes to authentication or authorization mechanisms.
• Changes to error response formats or status codes for existing error conditions.

SDK & Client Libraries

Upmos provides officially maintained SDKs for the most popular languages. All SDKs are open-source on GitHub.

SDK Features

• Automatic Authentication: Built-in OAuth 2.0 token management with automatic refresh.
• Rate Limit Handling: Automatic retry with exponential backoff.
• Pagination Helpers: Iterators that transparently handle cursor-based pagination.
• Type Safety: Full type definitions (TypeScript types, Python dataclasses, Java POJOs).
• Webhook Verification: Built-in HMAC-SHA256 helpers.
• Error Handling: Typed exceptions for all error codes with retry recommendations.

Community & Third-Party Libraries

• Community-contributed SDKs listed in the Developer Portal Community Libraries page.
• Upmos does not guarantee the quality, security, or maintenance of community libraries.
• Custom clients can be generated from the OpenAPI 3.1 spec using OpenAPI Generator.

Sandbox & Testing

Sandbox Environment

• All API users have access to sandbox-api.upmos.com.
• The sandbox mirrors production behavior but uses test data only. No real orders, payments, or customer data.
• Sandbox keys are separate from production and prefixed with upmos_test_.
• Sandbox rate limits are 50% lower than production.

Test Data

• Pre-populated test catalogs, orders, and buyer accounts.
• Test payment methods (including test credit card numbers) for end-to-end order flow.
• Webhook testing tools to simulate events without real transactions.

Production Certification

• Before going live, integrations must pass certification by the Developer Relations team.
• Certification covers: authentication flow, error handling, rate limit compliance, webhook verification, data handling.
• Certification results within 10 business days of submission.

Webhook Events & Delivery

Available Webhook Events

Subscribe via the Developer Portal or the /v1/webhooks API.

Delivery & Retry Policy

• Webhooks delivered via HTTP POST with a JSON payload.
• Endpoint must return HTTP 2xx within 10 seconds.

Webhook Security

• Every webhook includes X-Upmos-Signature (HMAC-SHA256 with your webhook secret).
• Every webhook includes X-Upmos-Timestamp. Reject events older than 5 minutes to prevent replay attacks.
• Webhook endpoints must use HTTPS (TLS 1.2+). HTTP is not supported.
• Each event includes a unique event_id for deduplication.

Dead Letter Queue

• After all 5 retries fail, the event is moved to a Dead Letter Queue (DLQ) accessible via the Developer Portal.
• DLQ events retained for 30 days and can be manually replayed.
• If your endpoint fails for 7 consecutive days, the webhook subscription is automatically paused with email notification.

Prohibited Uses

• Scraping / Crawling: Using the APIs to systematically scrape, crawl, or index Upmos data outside the authorized scope.
• Load Testing Production: Stress tests, load tests, or benchmarks against production without prior written approval.
• Data Harvesting: Collecting buyer, seller, or marketplace data for sale to third parties or competing databases.
• Automated Account Creation: Creating, modifying, or managing seller accounts in violation of the MPA.
• Price Manipulation: Automated pricing strategies that violate fair pricing policies (e.g., algorithmic price gouging during emergencies).
• Circumventing Controls: Using multiple keys, IPs, or accounts to circumvent rate limits, quotas, or access restrictions.
• Malware Distribution: Distributing applications containing malware, spyware, or malicious code.
• Unauthorized Access: Accessing endpoints, data, or functionality beyond your authorized scope.

Suspension & Termination

API access is subject to the suspension and termination provisions in §16 Account Termination & Data Management above, supplemented by these API-specific triggers:

• Security Threat: Immediate suspension if an integration poses a security risk to Upmos, sellers, or buyers.
• Rate Limit Abuse: Persistent violation of rate limits (>500 HTTP 429 responses in 24 hours).
• Inactivity: API keys unused for 12+ months may be automatically deactivated (with 30 days’ email notice).

Upon termination, all API keys and access tokens are immediately invalidated; webhook deliveries cease; cached data must be deleted within 30 days; provisions regarding data deletion, confidentiality, indemnification, and liability survive.

Liability & Disclaimers

The Go APIs are provided “AS IS” and “AS AVAILABLE” without warranty of any kind, express or implied. Upmos does not warrant that the APIs will be uninterrupted, error-free, or free of harmful components. The aggregate liability cap in §29 Limitation of Liability applies. Indemnification is governed by §30 Indemnification. Governing law, venue, dispute resolution, and arbitration are governed by §19 and §28. Force majeure is governed by §22.

Contact & Support

• Developer Relations: developers@upmos.com
• Security Reports: security@upmos.com
• Vendor Support: vendors@upmos.com
• Phone: 1-855-MERCHED (1-855-637-2433)
• Developer Portal: developers.upmos.com
• API Status: status.upmos.com

Developer Support Tiers

Upmos offers two Developer Support tiers to meet the needs of sellers and Third-Party Developers at every stage of integration.

Basic Support (Free) — What’s Included

• Email support at developers@upmos.com with a 48-business-hour response SLA.
• Full access to the Developer Knowledge Base, API reference, and interactive OpenAPI explorer.
• Community forums for peer-to-peer discussions, code sharing, and best practices.
• Sandbox environment at sandbox-api.upmos.com.
• All 7 official SDKs with auto-auth and retry logic.
• API status page at status.upmos.com.
• Available to all seller plans at no additional cost.

Premium Support ($29/month) — Everything in Basic Plus

• 4-hour response SLA during business hours (Mon–Fri, 8 AM–8 PM CT) — 12× faster than Basic.
• Direct phone support at 1-855-MERCHED (1-855-637-2433), option 2.
• Priority ticket queue — your issues are escalated ahead of standard tickets.
• Dedicated account manager — named point of contact who knows your integration.
• Hands-on migration assistance from Amazon SP-API, Shopify, WooCommerce, or other platforms.
• Private Slack channel with direct access to the engineering team.
• Monthly integration reviews — scheduled calls to review usage, errors, optimization.
• Early access to beta APIs.
• Fast-tracked rate-limit increases within 1 business day (vs. 3 days for Basic).
• Architecture consultation for high-volume, multi-seller, and multi-channel integrations.

To upgrade: contact developers@upmos.com or call 1-855-MERCHED. Cancel any time with 30 days’ notice.

Related Documents

• Marketplace Participation Agreement (MPA)
• Service Level Agreement (SLA)
• Non-Disclosure & Confidentiality Agreement (NDA)
• Advertising & Sponsored Products Terms
• Data Processing Agreement (DPA)
• Privacy Policy
• Standalone Go API & Developer Terms of Service — full standalone version of these terms

25. Accessibility Statement

Our Commitment

Upmos Inc. is committed to ensuring digital accessibility for people with disabilities. We continually improve the user experience for everyone and apply relevant accessibility standards.

Conformance Status

Upmos Services conform to WCAG 2.2 Level AA standards. This includes:

• Screen reader compatibility (NVDA, JAWS, VoiceOver)
• Keyboard navigation support
• Sufficient color contrast (4.5:1 minimum)
• Resizable text up to 200% without loss of functionality
• Alt text for images and meaningful content
• Captions and transcripts for video content

Accessibility Features

• Skip navigation links: Jump to main content
• ARIA labels: Clear descriptions for assistive technologies
• Focus indicators: Visible keyboard focus states
• Form labels: All form fields properly labeled
• Error identification: Clear error messages with guidance

Known Limitations

Despite our efforts, some third-party integrations (payment processors, map widgets) may have accessibility limitations. We’re working with vendors to address these issues.

Feedback & Assistance

If you encounter accessibility barriers:

• Email: accessibility@upmos.com
• Phone: 1-855-MERCHED (1-855-637-2433) (TTY available)
• Mail: Accessibility Coordinator, 9896 Bissonnet St, Houston, TX 77036

We aim to respond within 3 business days and resolve issues within 10 business days.

Third-Party Content

User-generated content (product listings, reviews) may not meet accessibility standards. We encourage sellers to provide alt text and descriptive titles.

26. Children’s Online Privacy (COPPA)

Age Requirements

Upmos Services are NOT intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Parental Consent

If we discover we have collected information from a child under 13 without parental consent, we will:

• Delete the information immediately
• Terminate the account
• Notify parents if contact information is available

Users Ages 13-17

Users between 13-17 years old:

• May browse the site with parental permission
• May NOT make purchases without parent/guardian involvement
• May NOT create seller accounts
• Must have parent/guardian acknowledge Terms of Use

Reporting

If you believe a child under 13 has provided personal information to Upmos:

• Email: privacy@upmos.com
• Subject line: “COPPA Concern”
• Include username and reason for concern

We will investigate within 48 hours and take appropriate action.

Parent Rights

Parents/guardians may:

• Review information collected from their child
• Request deletion of their child’s information
• Refuse further collection or use of their child’s information

27. Policy Change Notification

How We Update This Policy

Upmos Inc. may update this Acceptable Use Policy from time to time to reflect:

• Changes in legal or regulatory requirements
• New features or services
• Security or safety improvements
• User feedback and best practices

Notification Procedures

For minor changes (clarifications, formatting):

• Updated “Last Updated” date at top of policy
• No advance notice required

For material changes (new prohibitions, enforcement changes):

• 30 days advance notice via email to account address
• Prominent banner on website and app
• Summary of changes provided
• Option to export data before changes take effect

Your Options

If you disagree with updated terms:

• Stop using the Services before changes take effect
• Request account deletion with data export
• Continued use after effective date constitutes acceptance

For a complete record of changes to this Policy, see the Version History section at the end of this document.

28. Governing Law & Jurisdiction

This Policy and any disputes arising out of or related to it or the Services shall be governed by and construed in accordance with the laws of the State of Texas, United States, without regard to its conflict of law provisions.

Exclusive Venue

Any legal action or proceeding arising under this Policy shall be brought exclusively in the federal or state courts located in Harris County, Texas. You hereby consent to the personal jurisdiction of such courts and waive any objection to venue in such courts.

Dispute Resolution

Before initiating any legal claim, you agree to first attempt to resolve the dispute informally by contacting legal@upmos.com. If the dispute is not resolved within 30 days, either party may proceed with formal resolution as provided herein.

Binding Arbitration

Any dispute, claim, or controversy arising out of or relating to this Policy, the Services, or the breach thereof that is not resolved informally shall, subject to the opt-out below, be submitted to binding individual arbitration administered by the American Arbitration Association (“AAA”). Arbitration shall take place in Houston, Texas, or at another mutually agreed location, and may proceed by telephone, video, or on written submissions for consumer claims at your election.

Rules

The AAA Consumer Arbitration Rules will govern consumer disputes; the AAA Commercial Arbitration Rules will govern non-consumer (business-to-business) disputes. The arbitrator shall be a single neutral arbitrator appointed in accordance with the applicable AAA Rules. The Federal Arbitration Act (9 U.S.C. §§ 1 et seq.) governs the interpretation and enforcement of this arbitration agreement.

Delegation Clause

The arbitrator, and not any federal, state, or local court, shall have exclusive authority to resolve any dispute relating to the interpretation, applicability, enforceability, or formation of this arbitration agreement, including any claim that all or any part of it is void or voidable.

Mutuality and Injunctive Relief

Both Upmos and you are bound by this arbitration agreement. Notwithstanding the foregoing, either party may bring an individual action in court to seek injunctive or equitable relief to prevent the actual or threatened infringement, misappropriation, or violation of intellectual property rights, trade secrets, data security, or confidentiality obligations, pending the outcome of arbitration on the merits.

Fees

For consumer claims under $10,000, Upmos will pay all AAA filing and administrative fees beyond the consumer’s first $200 filing fee. Each party bears its own attorneys’ fees, except as otherwise required by the AAA Rules or applicable law (including any fee-shifting statute invoked by the prevailing party).

Mass-Arbitration Protocol

If 50 or more similar arbitration demands are filed against Upmos by or on behalf of represented claimants raising substantially similar legal and factual claims, the parties will cooperate in good faith under the AAA Mass Arbitration Supplementary Rules to manage the proceedings efficiently, including through a coordinated bellwether process, staged fee payments, and appointment of a process arbitrator.

30-Day Opt-Out

You may opt out of this arbitration agreement within 30 days of first accepting this Policy (or within 30 days of the effective date of this revision, whichever is later) by sending written notice of your opt-out decision to legal@upmos.com or by mail to Upmos Inc., Attn: Legal – Arbitration Opt-Out, 9896 Bissonnet St, Houston, TX 77036. Your opt-out notice must include your full name, account email, and a clear statement that you wish to opt out of arbitration. Opting out does not affect any other provision of this Policy.

Class Action Waiver

YOU AND UPMOS AGREE THAT ANY ARBITRATION OR LEGAL PROCEEDING SHALL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. The arbitrator may not consolidate more than one person’s claims and may not otherwise preside over any form of representative proceeding. If the class-action waiver is found unenforceable as to any claim, that claim (and only that claim) shall proceed in court, and all other claims shall proceed in arbitration. If for any reason a claim proceeds in court rather than in arbitration, you and Upmos each waive any right to a jury trial.

Small Claims Exception

Notwithstanding the above, either party may bring an individual action in small claims court for disputes within the jurisdictional limits of such court.

29. Limitation of Liability

Consequential Damages Exclusion

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL UPMOS INC, ITS DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, OR AFFILIATES BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, including but not limited to:

• Loss of profits, revenue, or business opportunities
• Loss of data or data corruption
• Loss of goodwill or reputation
• Cost of procurement of substitute goods or services
• Business interruption

Whether based on warranty, contract, tort (including negligence), strict liability, or any other legal theory, even if Upmos Inc. has been advised of the possibility of such damages.

Aggregate Liability Cap

Upmos Inc.’s total aggregate liability to you for all claims arising out of or related to this Policy or the Services shall not exceed the greater of: (a) the amounts you have paid to Upmos Inc. in the twelve (12) months preceding the claim, or (b) one hundred dollars ($100 USD).

Essential Purpose

The limitations in this section apply even if any limited remedy fails of its essential purpose. Some jurisdictions do not allow the exclusion or limitation of certain damages. In such jurisdictions, our liability is limited to the fullest extent permitted by law.

Basis of the Bargain

You acknowledge that Upmos Inc. has set its fees and entered into this agreement in reliance upon the limitations of liability and disclaimers of warranties set forth herein, and that the same form an essential basis of the bargain between the parties.

Carve-Outs

Nothing in this Section limits or excludes our liability for: (a) death or personal injury caused by our negligence; (b) fraud or fraudulent misrepresentation; (c) gross negligence or willful misconduct; (d) any non-waivable consumer rights under applicable law (including, without limitation, rights under the Consumer Review Fairness Act, the Electronic Fund Transfer Act, or state Unfair and Deceptive Acts and Practices (UDAP) laws); or (e) any other liability that cannot, under applicable law, be limited or excluded.

Aggregate Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, UPMOS’S AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THIS POLICY OR THE SERVICES SHALL NOT EXCEED THE GREATER OF (A) ONE HUNDRED U.S. DOLLARS ($100), OR (B) THE TOTAL AMOUNTS PAID BY YOU TO UPMOS INC. IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. For purposes of this cap, “amounts paid to Upmos” means fees Upmos retained for its own account — it does not include amounts that were collected by Upmos as agent of a Vendor and remitted to the Vendor. Upmos chose the consumer-friendly greater-of formulation so that occasional or first-time buyers are not capped at a trivial amount. This cap aligns with the corresponding provision in the Terms of Use (§23).

30. Indemnification

Your Indemnification of Upmos

You agree to indemnify and hold harmless Upmos Inc., its affiliates, officers, directors, employees, and agents from and against any third-party claims, damages, or losses (including reasonable attorneys’ fees) arising out of:

• (a) your material breach of this Policy, our Terms of Use, or any applicable law;
• (b) your willful misconduct or negligence;
• (c) your infringement of a third party’s intellectual property rights in connection with Contributions or listings you provide; or
• (d) your violation of law.

This obligation does not apply to the extent such claim arises from Upmos’s own breach, gross negligence, or willful misconduct.

Upmos’s Indemnification of You (IP Infringement)

Upmos will correspondingly indemnify you for third-party claims that the Services themselves (excluding your Contributions, your listings, third-party content, or combinations of the Services with non-Upmos materials) infringe a US-issued patent, copyright, or trademark. This obligation does not apply to claims arising from: (i) your use of the Services in violation of this Policy; (ii) modifications of the Services not made or authorized by Upmos; (iii) your Contributions; or (iv) combinations of the Services with products or services not supplied by Upmos.

Cap on Indemnification

Each party’s aggregate indemnification obligation under this Section shall not exceed the greater of: (a) amounts paid or payable by you to Upmos in the twelve (12) months preceding the claim, or (b) $1,000 USD. The carve-outs in the Limitation of Liability section (including for gross negligence, fraud, personal injury, and non-waivable consumer rights) override this cap to the extent required by law.

Procedure — Notice, Control, Cooperation

The party seeking indemnification (the “indemnified party”) shall: (i) promptly notify the indemnifying party in writing of the claim; (ii) grant the indemnifying party sole control of the defense and settlement of the claim (provided that no settlement requiring an admission of liability by, or imposing any non-monetary obligation on, the indemnified party shall be made without the indemnified party’s prior written consent, not to be unreasonably withheld); and (iii) provide all reasonable cooperation at the indemnifying party’s expense. Failure to provide prompt notice does not relieve the indemnifying party of its obligations except to the extent such failure materially prejudices the defense.

31. Export Control & Sanctions Compliance

You agree to comply with all applicable export control laws and regulations, including but not limited to:

• U.S. Export Administration Regulations (EAR) administered by the Bureau of Industry and Security
• Office of Foreign Assets Control (OFAC) sanctions programs
• International Traffic in Arms Regulations (ITAR) where applicable

You Represent and Warrant That:

• You are not located in, a national or resident of, or under the control of any country subject to U.S. sanctions or embargoes
• You are not on any U.S. government restricted party list, including the Specially Designated Nationals (SDN) list
• You will not use the Services to transfer data, goods, or services in violation of export control laws
• You will not use the Services for any purpose prohibited by applicable sanctions

Anti-Money Laundering (AML) & Sanctions Screening

Upmos Inc. maintains an anti-money laundering program and may require Know Your Customer (KYC) verification for sellers, buyers in high-value transactions, or where suspicious activity is detected. Failure to provide requested verification may result in account suspension.

Upmos screens sellers, buyers of high-value goods, and high-risk transactions against the OFAC Specially Designated Nationals and Blocked Persons (SDN) List, the Bureau of Industry and Security Denied Persons List, the Entity List, the Consolidated Screening List, and applicable EU, UK, UN, and other relevant sanctions lists before onboarding and on an ongoing basis. Transactions involving persons on these lists will be blocked, funds may be frozen in accordance with applicable law, and the activity may be reported to the appropriate US government authority, including OFAC, FinCEN, or the Department of Commerce, as required.

Anti-Corruption

You represent, warrant, and covenant that you will comply with all applicable anti-bribery and anti-corruption laws, including the US Foreign Corrupt Practices Act (15 U.S.C. §§ 78dd-1 et seq.), the UK Bribery Act 2010, and equivalent local laws. You will not, directly or indirectly, offer, promise, give, or authorize any payment or transfer of anything of value to any person (including any government official, political party, or candidate for public office) for the purpose of improperly influencing any decision, obtaining or retaining business, securing an improper advantage, or inducing any act or omission in violation of such laws. You shall maintain books and records that accurately reflect all transactions conducted in connection with the Services and, upon reasonable request, cooperate with any audit or investigation conducted by Upmos or by a competent authority.

Sanctions & AML Companion Policies

Implementation details (including screening cadence, escalation procedure, and prohibited-country lists) are in the OFAC and Sanctions Compliance Policy and the Anti-Money-Laundering and Know-Your-Customer Policy. The International Trade & Customs Policy describes customs-broker arrangements, Incoterms, and import-duty allocation for cross-border shipments.

32. General Provisions

Entire Agreement

This Policy, together with our Terms of Use and Privacy Policy, constitutes the entire agreement between you and Upmos Inc. regarding the subject matter hereof and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written.

Severability

If any provision of this Policy is held to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect. The invalid provision shall be modified to the minimum extent necessary to make it valid and enforceable while preserving the original intent.

Waiver

The failure of Upmos Inc. to enforce any right or provision of this Policy shall not constitute a waiver of such right or provision. Any waiver of any provision of this Policy will be effective only if in writing and signed by an authorized representative of Upmos Inc.

Assignment

You may not assign or transfer your rights or obligations under this Policy without the prior written consent of Upmos Inc. Upmos Inc. may freely assign this Policy without restriction. Any attempted assignment in violation of this section is void.

Survival

The following sections shall survive termination or expiration of this Policy: Disclaimer of Warranties, Limitation of Liability, Indemnification, Governing Law & Jurisdiction, Export Control & Sanctions, and this General Provisions section.

No Partnership or Agency

Nothing in this Policy creates a partnership, joint venture, employment, or agency relationship between you and Upmos Inc. Neither party has authority to bind the other or incur obligations on behalf of the other. Users are independent contractors with no authority to act on behalf of Upmos Inc.

Third-Party Beneficiaries

This Policy does not confer any third-party beneficiary rights. No person or entity other than the parties to this Policy shall have any right to enforce any of its terms.

Interactive Computer Service (Section 230)

Upmos operates as an “interactive computer service” within the meaning of 47 U.S.C. § 230(f)(2). Except as specifically provided in this Policy, to the maximum extent permitted by law, Upmos is not the publisher or speaker of third-party Contributions or listings, and is not liable for user-generated content beyond the obligations set forth in this Policy. Nothing in this Policy shall be construed to waive any immunity, defense, or protection available to Upmos under Section 230, the DMCA, or analogous federal or state laws.

Electronic Communications

In accordance with the Electronic Signatures in Global and National Commerce Act (ESIGN Act, 15 U.S.C. §7001 et seq.) and the Uniform Electronic Transactions Act (UETA), you consent to receive communications from Upmos Inc. electronically. You agree that all agreements, notices, disclosures, and other communications provided electronically satisfy any legal requirement that such communications be in writing.

CAN-SPAM Compliance

Upmos Inc. complies with the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act, 15 U.S.C. §7701). All commercial emails include a clear unsubscribe mechanism and accurate sender information. Users may opt out of marketing communications at any time via account settings or by clicking “Unsubscribe” in any email.

Statute of Limitations

Any claim arising out of or related to this Policy or the Services must be brought within two (2) years after the cause of action accrues, except that this limitation does not apply to any consumer claim where applicable law provides a longer period that cannot be shortened by agreement. For business-to-business claims by sellers and developers, a one (1) year limitation period applies to the maximum extent permitted by law. Claims that are not commenced within the applicable period are permanently barred.

Headings

Section headings are for convenience only and shall not affect the interpretation of this Policy.

Notices

All notices to Upmos Inc. must be sent to: legal@upmos.com or by mail to: Upmos Inc., 9896 Bissonnet St, Houston, TX 77036. Notices to you will be sent to the email address associated with your account. Notices are deemed received when delivered electronically or 3 business days after mailing.

33. Responsible Disclosure & Bug Bounty

Security Vulnerability Reporting

Upmos Inc. welcomes responsible disclosure of security vulnerabilities. We’re committed to working with security researchers to verify and address issues.

How to Report

• Email: security@upmos.com
• Subject: “Security Vulnerability Report”
• PGP Key: Available at security@upmos.com

Include in your report:

• Detailed description of the vulnerability
• Steps to reproduce
• Proof of concept (if applicable)
• Potential impact assessment
• Your contact information

Our Response Timeline

• Initial response: Within 48 hours
• Triage & validation: Within 7 days
• Fix deployment: 30-90 days (depending on severity)
• Public disclosure: After fix deployed + 14 days

Responsible Disclosure Guidelines

We ask that you:

• DO NOT exploit the vulnerability beyond proving it exists
• DO NOT access, modify, or delete user data
• DO NOT publicly disclose the issue before we’ve addressed it
• DO NOT conduct testing that degrades service performance
• Give us reasonable time to fix the issue before disclosure

Safe Harbor

Researchers who follow these guidelines will not face legal action from Upmos Inc. for security research activities. We consider good-faith security research to be:

• Authorized under Computer Fraud and Abuse Act (CFAA)
• Exempt from DMCA Section 1201
• Protected from breach of terms claims

Bug Bounty Rewards

Qualifying vulnerabilities may be eligible for rewards:

• Critical: $500-$5,000 (RCE, SQL injection, authentication bypass)
• High: $100-$500 (XSS, CSRF, privilege escalation)
• Medium: $50-$100 (information disclosure, subdomain takeover)

Reward amounts determined by severity, impact, and quality of report.

Out of Scope

The following are NOT eligible for rewards:

• Social engineering or phishing attacks
• Denial of service (DoS/DDoS) attacks
• Physical attacks against Upmos property or employees
• Reports from automated scanners without validation
• Issues in third-party services we don’t control

How Can You Contact Us About This Policy?

If you have any further questions or comments or wish to report any problematic Content or Contribution, you may contact us by:

General Contact

• Phone: 1-855-MERCHED (1-855-637-2433) (Mon–Fri, 9 AM–5 PM CST)
• General Support: support@upmos.com
• Report Issue: upmos.com/report
• Send Feedback: upmos.com/feedback

Department Directory

Mailing Address

Upmos Inc.
9896 Bissonnet St
Houston, TX 77036
United States