Acceptable Use Policy
Table of Contents
Summary: We built this infrastructure for people who need private communication. Journalists, activists, researchers, businesses, and anyone who values privacy are welcome. We explicitly prohibit child sexual abuse material, terrorism, and activities designed to harm the infrastructure itself. Because we cannot see message content by design, this policy operates primarily on the honor system and through technical measures against infrastructure abuse.
1. Purpose and Scope
This Acceptable Use Policy ("AUP") defines the permitted and prohibited uses of SimpleGo's public SMP relay server infrastructure, including all clearnet and Tor onion service endpoints operated by IT and More Systems.
This AUP supplements and is incorporated into the Terms of Service. In the event of a conflict between this AUP and the Terms of Service, the Terms of Service shall prevail.
By connecting to our SMP relay servers, you agree to comply with this AUP.
2. Our Philosophy on Acceptable Use
SimpleGo's SMP relay servers are neutral communications infrastructure, comparable to the postal system or the public internet backbone. We believe that privacy is a fundamental human right (Art. 12 UDHR, Art. 8 ECHR, Art. 7 EU Charter of Fundamental Rights) and that people should be able to communicate without surveillance as the default, not the exception.
We recognize that any private communication tool can potentially be misused. This reality is not unique to encrypted messaging: it applies equally to the telephone network, postal mail, the public internet, and in-person conversation. The existence of potential misuse does not justify eliminating privacy for everyone.
Our approach is grounded in three principles. First, architecture over surveillance: we build systems that structurally cannot collect user data, rather than collecting data and promising not to look at it. Second, transparency over trust: our software is open source, our policies are public, and our enforcement capabilities are documented honestly. Third, proportionality over absolutism: we cooperate with legitimate legal processes while refusing to build backdoors or implement mass surveillance capabilities.
3. Permitted Uses
Our SMP relay servers are available for any lawful communication purpose. The following are explicitly encouraged uses:
Journalism and Press Freedom
Communication between journalists and sources, editorial coordination, protection of confidential source identity, and any communication related to journalistic work. Press freedom is protected under Art. 5 of the German Basic Law (Grundgesetz) and Art. 11 EU Charter.
Human Rights and Civil Society
Communication by human rights organizations, NGOs, civil liberties groups, and individuals engaged in lawful advocacy, organizing, or documentation of human rights issues. This includes communication in jurisdictions where such activities may be persecuted by authoritarian governments.
Legal and Professional Communication
Attorney-client privileged communications, medical professional-patient communications, communications protected by professional secrecy obligations (Berufsgeheimnis), whistleblower communications, and any communication where confidentiality is legally protected or professionally required.
Business and Commercial Use
Corporate communications requiring confidentiality, protection of trade secrets, internal organizational messaging, communication with customers and partners, and any lawful business use. There are no restrictions on commercial use of the free relay service.
Academic and Security Research
Communication related to academic research, security auditing, protocol analysis, and privacy technology development. We welcome responsible security research against our infrastructure (see our security contact information in Section 10).
Personal Privacy
Private communication between individuals for any lawful purpose. You do not need a specific reason to use encrypted messaging. Privacy is not suspicious; it is a right.
4. Prohibited Activities
The following activities constitute violations of this AUP. Because our servers cannot inspect message content by design, many of these prohibitions are enforceable only through legal process rather than technical monitoring. They nonetheless establish the terms under which we provide this service.
Child Sexual Abuse Material (CSAM)
The use of our infrastructure to distribute, store, or facilitate access to child sexual abuse material is absolutely prohibited. This includes any visual depiction of sexually explicit conduct involving a minor as defined under German law (§ 184b StGB) and the EU Directive 2011/93/EU. We will cooperate fully with law enforcement investigations into CSAM, to the maximum extent technically possible. There are no exceptions.
Terrorism and Incitement to Violence
The use of our infrastructure to plan, coordinate, recruit for, or incite acts of terrorism as defined under German criminal law (§§ 89a, 89b, 129a, 129b StGB) and EU Directive 2017/541 is prohibited. This includes the dissemination of terrorist propaganda when it constitutes a criminal offense under applicable law.
Distribution of Malware
Using our relay servers to distribute malicious software, ransomware, spyware, or to operate command-and-control infrastructure for botnets or similar systems. This prohibition applies to the use of SMP message queues as a transport mechanism for malware distribution or coordination.
Fraud and Financial Crime
The use of our infrastructure to conduct or facilitate fraud, phishing, identity theft, money laundering, or sanctions evasion. This includes using SMP messaging as a coordination channel for scam operations.
Unauthorized Access to Computer Systems
Using our infrastructure to conduct or coordinate unauthorized access to third-party computer systems (§ 202a StGB), data interception (§ 202b StGB), or data manipulation (§ 303a StGB). This does not apply to authorized penetration testing or security research with proper consent.
Sanctions Circumvention
Use of our servers to circumvent applicable sanctions under EU Regulation 269/2014 or comparable German and international sanctions regimes. While we cannot identify sanctioned individuals by design, such use constitutes a violation of this AUP and applicable law.
Spam and Unsolicited Bulk Messaging
Automated, bulk, or unsolicited messaging that degrades the experience for other users or strains server resources. This includes queue flooding, automated account creation at scale, or using our infrastructure as a spam relay.
5. Technical Abuse
The following technical activities are prohibited regardless of the content being transmitted. Unlike content-based prohibitions, these are detectable and enforceable through technical means.
- Denial of Service (DoS/DDoS): Flooding our servers with excessive connections, requests, or data with the intent to degrade or disrupt service for other users.
- Resource exhaustion: Creating an excessive number of message queues, sending oversized or malformed packets, or engaging in patterns designed to exhaust server memory, storage, or bandwidth.
- Protocol abuse: Exploiting the SMP protocol in ways not intended by its specification to interfere with server operation or other users' communications.
- Unauthorized probing: Scanning, port-probing, or attempting to gain unauthorized access to server management interfaces, operating system services, or co-located infrastructure. Note: responsible security research with coordinated disclosure is welcomed and not considered unauthorized probing.
- Traffic amplification: Using our servers as amplifiers for reflected denial-of-service attacks against third parties.
Technical abuse is the primary category we can detect and act upon in real-time. We employ rate limiting, connection throttling, and automated blocking of abusive IP addresses. These measures operate at the network layer and do not inspect message content.
6. Enforcement Limitations
We believe in honest documentation of our capabilities and limitations. This section explains what we can and cannot enforce.
6.1 What we can enforce
We can detect and respond to technical abuse at the network and transport layer: excessive connection rates, abnormal queue creation patterns, protocol violations, and resource exhaustion attacks. We can block IP addresses or rate-limit connections that exhibit abusive patterns. For Tor users, our enforcement options are limited to rate-limiting Tor exit nodes or, in extreme cases, temporarily restricting onion service access.
6.2 What we cannot enforce
We cannot monitor, inspect, filter, or moderate the content of messages. All messages are encrypted end-to-end before reaching our servers, and we do not possess decryption keys. We cannot determine who is communicating with whom. We cannot verify the identity of any user. We cannot selectively block users - only IP addresses or connection patterns. We cannot prevent any specific type of communication from occurring on our infrastructure.
This is a deliberate architectural decision, not an oversight. A system that can selectively block specific types of communication requires the ability to inspect that communication, which is fundamentally incompatible with genuine end-to-end encryption.
6.3 Cooperation with legal process
When we receive valid German court orders relating to prohibited activities, we cooperate to the maximum extent technically possible. This cooperation is documented in detail in our Terms of Service (Section 9) and Privacy Policy (Section 12). The inherent limitations of our architecture apply equally to legal process: we can only provide data that we technically possess.
7. Reporting Abuse
If you believe our infrastructure is being used for prohibited activities, you may report this to: abuse@simplego.dev
For technical abuse reports (DoS attacks, resource exhaustion, unauthorized probing), please include: the IP address or server endpoint affected, the approximate time and duration of the abuse, a description of the observed abusive behavior, and any relevant log excerpts or packet captures.
For reports of criminal activity, we recommend contacting the appropriate law enforcement agency directly, as they have the legal authority to issue court orders that we can act upon. We cannot investigate criminal allegations independently, and we cannot provide user-identifying information without legal process.
For security vulnerabilities in our infrastructure, please contact security@simplego.dev. We welcome responsible disclosure and will acknowledge researchers who help us improve our security.
8. Consequences of Violation
Violations of this AUP may result in the following actions, proportionate to the severity and nature of the violation:
- Technical measures: Rate limiting, temporary IP blocking, or permanent IP banning for technical abuse. These measures are automated and apply to connection patterns, not message content.
- Queue deletion: In cases of court-ordered enforcement, deletion of specific message queues identified in the court order.
- Cooperation with authorities: Full cooperation with valid legal process as described in our Terms of Service and Privacy Policy.
- Public disclosure: In cases of significant abuse that affects other users, we may publish anonymized details of the incident and our response, consistent with our transparency commitments.
We do not maintain user accounts, so account suspension is not applicable. Our enforcement is necessarily limited to network-layer measures and cooperation with legal process.
9. Relationship to Other Policies
This AUP is part of a set of legal documents governing the use of SimpleGo's SMP relay servers. For complete information, please review our Terms of Service, our Privacy Policy, and our Disclaimer.
10. Contact
General inquiries: legal@simplego.dev
Abuse reports: abuse@simplego.dev
Security vulnerabilities: security@simplego.dev
Privacy inquiries: privacy@simplego.dev
IT and More Systems
Sascha Dämgen
Am Neumarkt 22
45663 Recklinghausen
Germany / EU
SimpleGo Legal Framework
All documents available in English and German. Server infrastructure operated under German and EU law.