STISON

Publishing Software & Services

Acceptable Use Policy

Standards of conduct for use of the Stison platform and services

Stison Ltd  |  2 College Mews, Wandsworth, London SW18 2SJ  |  Company No. 6473263

1       Purpose

This Acceptable Use Policy (“AUP” or “Policy”) sets out the standards of conduct that Stison Ltd (“Stison”) requires of all customers and their Authorised Users when using the Stison publishing management platform and services (the “Stison Services”).

The purpose of this Policy is to protect the security, integrity and availability of the Stison platform; to protect other customers, third parties and the wider public; and to ensure that the Stison Services are used only for lawful and appropriate purposes.

2       Scope and Application

This Policy applies to:

• all customers who have subscribed to the Stison Services, regardless of the contract route (online Terms and Conditions, SaaS Agreement, Software Licence and Hosting Services Agreement, or other agreement);
• all Authorised Users of the Stison platform — including employees, contractors, agents and any other individuals who access the platform using credentials associated with a customer account; and
• all use of the Stison platform and services, including access via web browser, API, or any other interface.

Customers are responsible for ensuring that all of their Authorised Users are aware of and comply with this Policy. A breach of this Policy by an Authorised User is treated as a breach by the customer.

3       Permitted Use

The Stison Services are provided for legitimate business purposes related to publishing management, including title management, rights management, production management, sales management, and marketing management.

You may use the Stison Services to:

• store, manage, and process data relating to your publishing operations in the normal course of your business;
• collaborate with colleagues and authorised third parties on publishing workflows within the platform;
• access and use documentation, reports, and analytics provided by the platform; and
• integrate the platform with other systems using Stison’s supported API, in accordance with Stison’s API documentation.

4       Prohibited Uses

The following uses of the Stison Services are strictly prohibited. This list is not exhaustive — Stison reserves the right to determine whether any use not described here is nonetheless in breach of this Policy.

4.1      Unlawful and harmful content

You must not upload, store, transmit, distribute, or make accessible through the Stison platform any content that:

• is unlawful, harmful, threatening, abusive, harassing, defamatory, obscene, or invasive of another person’s privacy;
• incites or promotes violence, discrimination, or hatred on any grounds including race, religion, gender, sexual orientation, disability, or nationality;
• constitutes or facilitates fraud, deception, or any other criminal activity; or
• violates any applicable law or regulation in any jurisdiction in which you or your data subjects are located.

4.2      Malicious code and security threats

You must not upload, introduce, or transmit through the Stison platform:

• any virus, worm, trojan horse, ransomware, spyware, adware, or other malicious or harmful code;
• any code or file designed or intended to damage, disrupt, intercept, or gain unauthorised access to any system, network, device, or data; or
• any content that exploits or targets security vulnerabilities in the Stison platform or any connected infrastructure.

4.3      Unauthorised access and interference

You must not:

• attempt to gain access to any part of the Stison platform, infrastructure, or data for which you do not have explicit authorisation;
• attempt to access, copy, modify, or delete another customer’s data or account;
• circumvent, disable, or interfere with any security, authentication, or access control mechanism of the platform;
• use automated tools to probe, scan, or test the vulnerability of the Stison platform or network without Stison’s prior written consent; or
• engage in any activity that constitutes a denial of service attack or that otherwise disrupts or degrades the performance of the Stison Services for other customers.

4.4      Unsolicited communications and spam

You must not use the Stison platform or any email or communication functionality connected to it to:

• send unsolicited bulk emails or other communications (spam) to individuals who have not consented to receive them;
• send communications in breach of applicable anti-spam legislation, including the UK Privacy and Electronic Communications Regulations 2003, the EU ePrivacy Directive, CASL (Canada), or CAN-SPAM (USA);
• impersonate any person, organisation, or domain; or
• forge or manipulate email headers or other identifying information.

4.5      Intellectual property infringement

You must not use the Stison platform to:

• upload, store, or distribute content that infringes any third party’s copyright, trade mark, patent, database right, or other intellectual property right;
• reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of the Stison platform or any component of it; or
• copy, reproduce, or create derivative works based on the Stison platform or its underlying software.

4.6      Misuse of data and privacy violations

You must not use the Stison platform to:

• process personal data in a manner that violates applicable data protection law, including UK GDPR, EU GDPR, or other applicable privacy legislation;
• process special categories of personal data (such as health data, biometric data, or data about criminal convictions) without appropriate legal bases and safeguards in place; or
• upload or store data that you do not have the right to process, including data obtained without valid consent or other lawful basis.

4.7      Fair Use — Users and Storage

Stison operates a fair use policy in relation to the number of Authorised Users and the volume of data stored on the platform. While Stison describes certain plans as offering “unlimited” users or storage, this refers to the absence of a hard contractual cap — it does not mean that use is unrestricted at any level whatsoever. The following fair use guidelines apply to all customers.

4.7.1     Authorised Users

Where a subscription plan describes user access as “unlimited”, this means that Stison does not charge per individual user seat up to a fair use threshold of 40 Authorised Users per account. Customers with up to 40 Authorised Users will not be subject to any additional charge solely on the basis of user numbers.

Where a customer’s active Authorised User count consistently and materially exceeds 40, Stison will contact the customer to discuss their requirements. Any adjustment to pricing or terms will be agreed in writing between the parties before taking effect — Stison will not make unilateral changes to a customer’s subscription cost without prior discussion and agreement.

4.7.2     Data Storage

Stison operates a storage fair use guideline of an average of 30 MB per Title held on the platform, measured as an average across a customer’s total Title count. This is not a fixed per-Title limit — individual Titles may exceed 30 MB, provided that the customer’s overall average remains within a reasonable range of the guideline.

The 30 MB guideline is a system-wide average benchmark, not a hard cap. It exists to ensure equitable use of platform infrastructure across all customers. Where a customer’s average storage per Title consistently and materially exceeds this guideline, Stison will:

• contact the customer to discuss their storage usage and understand the reasons for it;
• provide the customer with ample advance notice and a reasonable period to review their storage usage before any commercial discussion takes place; and
• work with the customer to agree a fair resolution, which may include adjusting the customer’s plan, reviewing their storage needs, or agreeing a bespoke storage arrangement at an agreed price.

Any change to a customer’s pricing as a result of storage usage will only take effect following a written agreement between the parties. Stison will not impose additional charges for storage without the customer’s express agreement.

4.7.3     General Fair Use Principles

In addition to the above, you must not use the Stison platform in a way that:

• places an unreasonable or disproportionate load on Stison’s infrastructure relative to your subscription; or
• interferes with the performance or availability of the Stison Services for other customers.

4.8      Other prohibited activities

You must not use the Stison Services:

• to provide access to the platform to any person or organisation that is subject to applicable sanctions or export control restrictions;
• in a way that brings Stison into disrepute or damages Stison’s reputation;
• to resell, sublicense, or otherwise provide access to the Stison Services to third parties without Stison’s prior written consent; or
• for any purpose other than your own internal business operations, unless expressly agreed with Stison in writing.

5       Account Security Obligations

You are responsible for maintaining the security of your account and all credentials used to access the Stison platform. In particular, you must:

• keep all passwords and access credentials confidential and not share them with anyone who is not an Authorised User of your account;
• ensure that all Authorised Users use appropriately strong passwords and, where available, enable multi-factor authentication (MFA);
• not permit any individual to access the platform using another person’s credentials;
• notify Stison immediately at helpdesk@stison.com if you become aware of any actual or suspected unauthorised access to your account or any security breach; and
• ensure that access credentials are revoked promptly when an Authorised User leaves your organisation or no longer requires access.

6       Consequences of Breach

Stison takes breaches of this Policy seriously. Depending on the nature and severity of the breach, Stison may take one or more of the following actions:

More specifically:

• For breaches involving unlawful content, malicious code, spam, unauthorised access, or any activity that poses an immediate risk to the platform or to other customers, Stison may suspend access immediately and without notice under the terms of your Governing Agreement.
• For breaches involving excessive resource use or less severe conduct, Stison will typically issue a written warning and allow a reasonable period to remedy the breach before taking further action.
• For persistent or repeated breaches, or where a breach is not remedied within any cure period specified by Stison, Stison may terminate your subscription in accordance with your Governing Agreement.
• Where a breach involves suspected criminal activity, Stison reserves the right to report the matter to the relevant law enforcement or regulatory authorities and to preserve and disclose any relevant data as required by law.

Suspension or termination for breach of this Policy does not affect your obligation to pay any outstanding subscription fees. Stison shall not be liable for any loss or damage arising from a suspension or termination carried out in accordance with this Policy.

7       Reporting Concerns

If you become aware of any use of the Stison platform that you believe may breach this Policy — whether by your own Authorised Users or by another customer — please report it to us promptly:

• Email: legal@stison.com
• Helpdesk: helpdesk@stison.com or stison.zendesk.com

We take all reports seriously and will investigate in accordance with our internal procedures. We may not be able to provide you with details of the outcome of any investigation.

8       Amendments to This Policy

Stison may update this Policy from time to time to reflect changes in the law, changes to the Stison Services, or evolving best practice. We will give customers at least 30 days’ prior written notice of any material changes to this Policy.

Notice may be given by email, by a notification within the Stison platform, or by posting a revised version at www.stison.com/aup. Your continued use of the Stison Services after the effective date of any changes constitutes your acceptance of the updated Policy.

If you do not wish to accept a material change to this Policy, you may terminate your subscription before the change takes effect in accordance with your Governing Agreement.

9       Relationship to Other Stison Documents

This Policy should be read alongside:

• Your Governing Agreement (Terms and Conditions, SaaS Agreement, or other applicable agreement) — which sets out the legal basis for suspension and termination in the event of a breach of this Policy.
• The Stison Privacy Notice (www.stison.com/privacy) — which sets out how Stison handles personal data, including data uploaded to the platform.
• The Stison Service Level Agreement (SLA) — which sets out Stison’s support and availability commitments.

In the event of any conflict between this Policy and your Governing Agreement, the Governing Agreement shall take precedence.

10   Contact

For questions about this Policy or to report a concern:

© Stison Ltd 2026. All rights reserved.