DashScene Acceptable Use Policy

0) Overview

About this Policy. This Acceptable Use Policy (AUP) explains how to use DashScene’s Services safely and lawfully. It applies to all Customers and anyone they authorize to use the Services, regardless of where they access or deploy the Services. It works together with the Terms of Service (ToS), Privacy Policy, and Data Processing Addendum (DPA). If there is any conflict, the ToS controls and the DPA/Privacy Policy govern data-protection matters. This preface is for clarity only and does not create additional obligations beyond the ToS and this AUP.

1) Introduction & Incorporation

1.1 Contractual Status.

This Acceptable Use Policy (“AUP”) is incorporated by reference into the DashScene Terms of Service (“ToS” or “Terms”). By accessing or using the Services, you agree to comply with this AUP. References to “you” or “user(s)” include Customer’s administrators, authorized users, contractors, and partners; Customer is responsible for their compliance with this AUP and the ToS.

1.2 Capitalized Terms.

Capitalized terms not defined in this AUP have the meanings given in the ToS.

1.3 Relationship & Precedence.

This AUP forms part of the Terms. If this AUP conflicts with the Terms, the Terms control. For data-protection obligations, the Data Processing Addendum (DPA) (Schedule 2 to the Terms) and the Privacy Policy govern within their subject matter, in accordance with the order of precedence set out in the Terms.

1.4 Territory & Local Laws.

The Services are offered and operated primarily in Canada, as described in the Terms. DashScene makes no representation that the Services are appropriate or available for use outside Canada. As of the Effective Date, the Services are not offered in Québec; see ToS §1.8 and §14.1. If you choose to access or deploy the Services from outside Canada, you do so at your own risk and are responsible for compliance with all applicable laws and regulations at each deployment or access location (for example, province/territory, state, municipality, venue rules), in addition to any applicable Canadian laws. See Terms §14 (Export Compliance and Jurisdiction Limits) for trade/sanctions requirements.

1.5 Disputes.

Disputes relating to this AUP are resolved as set out in the ToS (see ToS §16 (Dispute Resolution)). This AUP intentionally does not restate governing-law, venue, arbitration, or class-action terms.

1.6 Updates to this AUP.

This AUP may be updated in accordance with ToS §17 (Modifications to Terms). If an update materially and adversely affects legitimate use, Customer may notify DashScene and the parties will work in good faith to address the concern.

1.7 Where to Report Issues.

Report suspected AUP violations or abuse via security@dashscene.com or abuse@dashscene.com (see §7 Reporting Channels).

2) Scope & AUP-Specific Definitions

2.1 Scope.

This AUP governs use of DashScene websites, software, the DashScene Manager admin portal, DashServer, Dash Instances, related hosting and hardware integrations, and any APIs/SDKs if made available (collectively, the “Services”).

2.2 Definitions (AUP-specific).

• User Content: Has the meaning given in the Terms. For clarity, this includes any content, data, creatives, advertisements, images, video, audio, text, QR codes, URLs, or other materials uploaded, posted, displayed, generated, or transmitted via the Services by or for Customer.
• API Key: Has the meaning given in the Terms (credentials issued by DashScene to authenticate and authorize access to the Services or any future API, intended for use by a single Dash Instance at any given time as described in ToS §6.6).
• Dash Instance: Has the meaning given in the Terms. For clarity, this is a single display endpoint or device session running DashScene software that renders real-time information and/or advertisements on a connected display.
• High-Risk Activities: As defined in the ToS (use cases where failure could cause death, personal injury, or severe environmental/critical-infrastructure harm).

3) Core Rules & Prohibited Conduct

For purposes of this Section 3, “Customer” includes Customer’s administrators, authorized users, contractors, and any other third parties acting on its behalf.

3.1 Illegal or harmful content.

Customer will not store, display, transmit, or distribute content that is illegal or harmful, including content that involves the sexual exploitation, abuse, or endangerment of minors; is deceptive, defamatory, or invasive of privacy; incites violence; promotes self-harm; constitutes harassment or hate; or otherwise violates applicable law (including Canadian law where relevant).

3.2 Security violations.

Customer will not interfere with or disrupt the Services; probe, scan, or test vulnerabilities; bypass or attempt to bypass authentication, authorization, encryption, or rate limits; access non-public endpoints; or defeat technical measures (including key binding and instance attestation). Reverse engineering, decompiling, or disassembling DashScene software or components is prohibited, except where applicable law expressly permits it.

3.3 Abuse & spam.

Customer will not send spam or bulk unsolicited communications; engage in deceptive advertising, click-fraud, traffic spoofing, artificial impression inflation, or manipulative referral schemes.

3.4 Privacy & data protection.

Customer will not collect, display, or process personal information via screens, widgets, or QR codes without required notices/consents under PIPEDA, any applicable provincial privacy laws, and any other applicable privacy or data-protection laws in the jurisdictions where viewers are located or where the destination operates, or without a clear and accurate Privacy Policy at the destination describing the collection, use, and disclosure of that personal information. Customer will not transmit personal data unlawfully or link to destinations that do so.

Customer is solely responsible for ensuring that any QR destinations or third-party services it configures through the Services comply with those laws and provide required notices, consents, and privacy policies; DashScene does not provide such notices or consents on Customer’s behalf.

3.5 Intellectual property.

Customer will not upload or display content without necessary rights/permissions; infringe or misappropriate copyright, trademark, trade secret, or other IP; remove or alter copyright notices, attributions, or trademarks; or link QR codes to infringing or hijacked resources.

3.6 API/key misuse (one key, one Dash Instance).

• One key, one Dash Instance. Each API Key is licensed for use by a single Dash Instance at any given time.
• Customer will not reuse a single API Key across multiple Dash Instances (whether on the same Device or across multiple Devices), or implement workarounds that have the effect of hiding or circumventing per-instance licensing or analytics.
• Customer will not modify the software or deployment to attach multiple API Keys to a single Dash Instance.
• Customer may operate multiple Dash Instances on the same Device only where each Dash Instance uses its own valid API Key and subscription. Such configurations may result in degraded performance, are excluded from SLA coverage as described in the Terms, and may be treated as unsupported for troubleshooting purposes.

3.7 Refresh cadence & rate limits.

The software retrieves data on an automated interval (typically 5–15 seconds, subject to documentation and change). Customer will not:

• script, modify, or integrate the Services in a way that increases refresh frequency or creates functionally equivalent extra polling (e.g., parallel processes, hot-patching clients, synthetic events); or
• exceed documented rate limits, quotas, or concurrency caps for the applicable plan (including any future API).

3.8 High-Risk use.

Customer will not use the Services in High-Risk Activities. High-Risk Activities include, without limitation, uses where failure of the Services could result in death, personal injury, or severe environmental or critical-infrastructure harm (for example, life-support, medical devices, emergency services, air traffic control, nuclear facilities, or safety-critical navigation/communications). See the Terms for additional disclaimers relating to High-Risk Activities.

3.9 Obscenity, decency & advertising laws.

Customer will not publicly display content through the Services that violates

1. Canadian criminal law relating to obscenity, indecency, child exploitation, hate, or incitement to violence, or
2. any applicable advertising, marketing, or consumer-protection laws, regulations, or binding advertising standards in the jurisdiction where the content is displayed (for example, the Ad Standards Canada Code or any equivalent local framework), including any required disclaimers and age-gating.

Customer will not misrepresent affiliation, endorsement, or sponsorship.

3.10 Fraud & misrepresentation.

Customer will not impersonate any person or entity or falsify dashboards, analytics, telemetry, or reports generated by the Services.

3.11 Sanctions/export.

Customer will not use the Services in violation of Canadian or other applicable sanctions, export-control, or trade-control laws; in any prohibited jurisdiction; or in any way that involves or benefits any person or entity that is a restricted or sanctioned party under such laws.

3.12 Scraping & automated access (web properties).

Customer will not scrape, crawl, or harvest data from DashScene websites except as permitted by robots.txt or with DashScene’s prior written consent.

4) Operational Safeguards & Customer Responsibilities

Customer responsibility. As between the parties, Customer is responsible for complying with this Section 4 and for ensuring that its administrators, authorized users, contractors, and partners comply with it. Any act or omission by them is deemed an act or omission by Customer.

4.1 Account & Credential Security.

Customer must maintain the security of all accounts, admin access, Devices, and API Keys; use strong authentication and least privilege access; promptly remove access for departed users; and rotate credentials/keys at reasonable intervals. Customer is responsible for activity under its accounts and for securing its own networks, Devices, and physical deployment sites.

4.2 Responsible Disclosure & Incident Reporting.

Report suspected vulnerabilities, abuse, key compromise, or unauthorized access to security@dashscene.com without undue delay. Do not exploit, exfiltrate, or publicly disclose vulnerabilities before coordinated remediation with DashScene. DashScene may request additional details and reasonable cooperation to investigate and mitigate issues.

4.3 No Forced Installs or Covert Code.

Do not cause downloads, installs, or code execution on viewer devices through QR Codes or links without the viewer’s informed consent and any other legally required permissions. Covert or deceptive installs, drive-by downloads, or similar tactics are prohibited.

4.4 Site Rules & Local Compliance.

Customer must comply with deployment site rules (e.g., venue safety policies, building codes), municipal bylaws, and any sector-specific standards applicable to the context of display and signage.

4.5 CASL and Messaging.

If a QR destination results in sending Commercial Electronic Messages (CEMs) (e.g., email/SMS sign-ups, promotional messaging), Customer must comply with Canada’s Anti-Spam Legislation (CASL) and any other applicable anti-spam or marketing laws in the jurisdictions where messages are sent or received, including valid consent, sender identification, and an effective unsubscribe mechanism. Customer remains solely responsible for such compliance for its campaigns and destinations.

4.6 Malicious Code, Exploits & Phishing (QR Destinations).

Customer must not use QR Codes or linked destinations to deliver or facilitate:

1. malware, spyware, adware, ransomware, botnet command-and-control, cryptomining, droppers, or exploit kits;
2. browser/OS exploits, drive-by downloads, forced downloads, or auto-executing code;
3. phishing, credential or MFA/2FA harvesting, deceptive account verification flows, or social engineering schemes;
4. actions that materially degrade viewer device security (e.g., installing root certificates, disabling security controls, or prompting jailbreak/rooting); or
5. any content intended to circumvent platform, app-store, or enterprise policy controls.

4.7 Redirect Transparency, Control & Shorteners.

QR Codes generated by the Services ordinarily point to a DashScene-managed URL (on a DashScene-controlled domain) that records QR scan events and then redirects to the QR Destination configured by Customer. This DashScene-managed redirection is permitted and is not considered “cloaking” for purposes of this AUP.

Customer must not configure QR Destinations in a way that adds additional layers of obfuscation or redirection that cloak or materially obscure the Ultimate Destination from viewers. URL shorteners or multi-hop redirects selected by Customer (other than DashScene’s own redirect infrastructure) may be used only if they:

1. resolve to the Ultimate Destination that is Customer-Controlled (as defined below);
2. are not open redirectors; and
3. are not used to evade security checks or DashScene policies. Excessive redirect chains or obfuscation are prohibited.

For purposes of this §4.7:

• Ultimate Destination means the final resolving URL that a viewer’s browser reaches after leaving DashScene’s own QR redirect endpoint (i.e., the landing page the viewer interacts with).
• Customer-Controlled means the Ultimate Destination is either:
  1. hosted on a domain owned and administered by Customer; or
  2. hosted by a contracted service provider acting solely on Customer’s behalf, where Customer has administrative ability to modify or remove the destination content and disable access promptly (e.g., via account control or enforceable takedown rights).

Use of redirect patterns that send viewers to destinations that are not Customer-Controlled is prohibited. Upon DashScene’s reasonable request, Customer will prove control of the Ultimate Destination or migrate the QR Code to a Customer-Controlled destination.

4.8 Safe Download & Install Paths.

If a QR destination offers a download or app install, it must:

1. link to an official app-store page or a clearly identified first-party site;
2. use HTTPS with a valid certificate;
3. avoid auto-download behavior; and
4. clearly disclose required permissions before install.

Sideloading flows are prohibited unless lawful, clearly disclosed, and limited to Customer’s own first-party apps.

4.9 DashScene Protective Actions.

In addition to any rights under the ToS/AUP, DashScene may block, disable, or substitute QR Codes or destinations it reasonably believes are unsafe, unlawful, deceptive, policy-violating, or present a security risk, and may request remediation or proofs of control/cleanliness.

4.10 System Updates & Endpoint Hygiene (Customer-Managed Devices).

Customer must—and will ensure its administrators, authorized users, contractors, and partners also—keep Devices that Customer owns or operates (and their host operating systems, firmware, drivers, and security software) reasonably current (e.g., apply critical security fixes within thirty (30) days of vendor release, or sooner if actively exploited); disable unsupported services; and remove unauthorized software. Customer must not block or interfere with DashScene client updates. End-of-life OS/firmware must be upgraded or the Dash Instance taken out of service. DashScene may restrict or suspend affected Instances under ToS §10 where material risk remains. Downtime or incidents resulting from non-compliance are excluded from SLA credits (SLA §3).

5) Enforcement, Monitoring & Remediation

5.1 Monitoring & Automated Checks.

DashScene may monitor use of the Services (including through automated checks) to detect abuse, security issues, or violations of this AUP or the Terms, in each case in accordance with the Privacy Policy and the Terms. Monitoring may include inspection of metadata, configuration, traffic patterns, and QR destinations for safety signals.

5.2 Protective Controls.

Where reasonably necessary to protect the Services or third parties, DashScene may implement protective controls, including: throttling, queueing, quality reduction (e.g., bitrate/resolution), geoblocking, rate-limit enforcement, credential/key rotation, API Key rebinding, quarantine of suspicious links, and temporary feature restrictions.

5.3 Content & Link Actions.

DashScene may block, disable, or remove advertisements, creatives, QR Codes, or destinations that DashScene reasonably believes are unsafe, unlawful, deceptive, infringing, or otherwise violate this AUP or the ToS, and may request remediation or proof of control/cleanliness.

5.4 Suspension & Termination.

For repeated or egregious violations—or where immediate action is needed for security, safety, or legal compliance—DashScene may suspend or terminate access in accordance with the ToS (§10). Where practicable, DashScene will provide notice and a reasonable opportunity to cure before suspension; immediate action may be taken for urgent risks.

5.5 AUP Compliance Reviews.

With reasonable prior notice (and not more than once every twelve (12) months, except in cases of suspected abuse or security incidents), DashScene may request information reasonably necessary to verify Customer’s compliance with this AUP, including explanations of Customer’s configuration and, where relevant, information about Customer-controlled QR Destinations or systems that receive traffic from the Services. Any such requests will be subject to confidentiality and must not unreasonably disrupt Customer’s operations. DashScene will ordinarily rely on its own logs and monitoring data for AUP enforcement.

5.6 Cooperation & Lawful Requests.

Customer will cooperate in good faith to investigate and remediate suspected violations. DashScene may preserve records and cooperate with lawful requests by authorities, providing Customer notice where legally permitted.

5.7 Appeal & Restoration.

If Customer believes an enforcement action was taken in error, Customer may email abuse@dashscene.com within 14 days with supporting details. DashScene will review the appeal in good faith and may restore access after verified remediation. Enforcement actions and remediation time are not eligible for SLA credits.

5.8 Cost Recovery.

If Customer’s misuse, policy breach, or security incident causes disproportionate operational burden (e.g., significant abuse mitigation, threat response, or third-party costs), DashScene may charge reasonable fees for cost recovery or professional services at then-current rates and pass through any applicable third-party charges.

5.9 No Waiver.

DashScene’s decision not to enforce any part of this AUP in a particular instance is not a waiver of DashScene’s rights to enforce it later.

6) Monitoring, Investigation & Enforcement

6.1 Protective Actions.

If DashScene reasonably believes activity violates this AUP or creates risk to the Services or third parties, DashScene may take protective actions, including: throttling or queueing traffic; reducing quality (e.g., bitrate/resolution); blocking or removing content, creatives, QR Codes, or destinations; enforcing or tightening rate limits; rotating or revoking credentials/API Keys; rebinding keys to a Dash Instance; geoblocking; requiring configuration changes; and suspending access for the Customer’s account, for specific Dash Instances, or for particular features, up to termination as permitted by the Terms.

6.2 Notice & Cure.

Where practicable, DashScene will provide notice and a reasonable opportunity to cure before suspension. Immediate action may be taken for security, safety, legal, or operational emergencies. Enforcement periods and suspensions are not eligible for SLA credits.

6.3 Lawful Requests & Preservation.

DashScene may report unlawful content or activity to authorities and cooperate as required by law. DashScene may preserve logs and records relevant to suspected violations or lawful requests and will notify Customer where legally permitted.

6.4 Repeat or Egregious Violations.

Repeated or egregious violations may result in permanent account termination or contract cancellation under the ToS (§10). Restoration may be conditioned on verified remediation and may require reactivation fees where applicable.

6.5 Audit & Monitoring.

DashScene may monitor usage (including automated checks) to verify compliance with this AUP and the ToS, including the “one key, one Dash Instance” rule and rate limits. With reasonable prior notice and not more than once every twelve (12) months (except for suspected abuse or security issues), DashScene may review relevant usage logs and configurations. Reviews will occur during business hours, be subject to confidentiality, and be conducted in a manner that does not unreasonably disrupt Customer’s operations. DashScene’s monitoring data and system logs will be conclusive absent manifest error.

6.6 Appeals.

If Customer believes an enforcement action was taken in error, Customer may submit an appeal pursuant to §5.7 (Appeal & Restoration). DashScene will review the appeal in good faith and may restore access after verified remediation.

7) Reporting Channels

• Security & Abuse: security@dashscene.com or abuse@dashscene.com
  Include a brief description of the issue, where you saw it (for example, the business or venue name and street address, or as much location detail as you know, such as city, neighbourhood, or nearby intersection), the approximate date and time (with time zone), and any QR codes, URLs, or screenshots/photos/videos that show the problem.

  If you are a DashScene Customer or administrator reporting an issue affecting your own DashScene deployment and have access to DashScene Manager, you may also include the relevant Dash Instance name or identifier from your account. Security researchers or technical contacts may provide limited technical details (such as HTTP headers or log snippets) where relevant, but please do not include more personal information than is necessary to explain the issue.

• IP Complaints (Copyright/Trademark): legal@dashscene.com
  DashScene follows Canada’s Notice-and-Notice regime as described in Appendix B (Canadian Notice-and-Notice Procedure) to the Terms and will forward conforming notices to the Customer responsible for the content. Notices should include the rights-holder’s identity and contact information, identification of the work claimed to have been infringed, and sufficient detail to locate the allegedly infringing material or activity (for example, where and when you saw it, any relevant URLs or QR destinations, and photos/screenshots if available).

  If you are a DashScene Customer or administrator and have access to DashScene Manager, you may also include the relevant Advertisement or Dash Instance name or identifier from your account. For more detail on what a notice should contain and how DashScene handles such notices, see Appendix B in the Terms of Service.

• General Inquiries: info@dashscene.com
  For questions about the AUP, ToS, or policies not involving abuse or legal complaints.

8) Changes to this AUP

8.1 How Updates Occur.

DashScene may update this AUP from time to time by posting a revised version with an updated Effective Date.

8.2 Minor vs. Material Changes.

• Minor changes (e.g., clarifications, formatting, non-substantive updates) take effect upon posting.
• Material changes (those that materially reduce Customer’s rights or impose new material obligations) will follow the notice process in ToS §17 (Modifications to Terms), including advance notice where practicable.

8.3 Notice & Remedies.

Where a material update materially and adversely affects Customer’s legitimate use, Customer may notify DashScene and the parties will work in good faith to address the concern. Any additional options or remedies (e.g., termination/refund rights) are governed by ToS §17.

8.4 Acceptance.

Continued use of the Services after the Effective Date of the updated AUP constitutes acceptance of the changes. Changes do not apply retroactively to events or disputes that pre-date the Effective Date unless required by law.

9) Contact

DashScene Systems Incorporated

• Legal: legal@dashscene.com
• Security / Abuse: security@dashscene.com / abuse@dashscene.com
• Address:
  DashScene Systems Incorporated
  10-1338 Wellington Street West
  c/o Wellington Cowork
  Ottawa, ON K1Y 3B7
  Canada

For report formatting and what to include, see §7 (Reporting Channels).