Acceptable Use Policy.
No malicious packs, no stolen content, no token sharing, no review games. Higher-risk categories need written approval before they list.
No malicious packs, no stolen content, no token sharing, no review games. Higher-risk categories need written approval before they list.
1. How this policy works
This Acceptable Use Policy (the AUP) sets the rules for what may be sold on Loup and how the platform may be used. It forms part of the Terms of Service and the Creator Agreement, and it applies to everyone who touches the Service: creators, buyers, affiliates, and visitors. Capitalised terms carry the meanings given in the Terms.
The policy has four parts:
- Part A lists Skill Pack content that is prohibited outright. These packs may never be listed, sold, or delivered through Loup.
- Part B lists restricted categories that are allowed only with our prior written approval. Publishing in a restricted category without approval is treated as a Part A violation.
- Part C lists platform conduct that is prohibited for every account, regardless of what is being bought or sold.
- Part D explains how we enforce this policy and how to appeal a decision.
The lists below are illustrative, not exhaustive. We read this policy purposively: if something is obviously within the spirit of a prohibition, the absence of an exact match in the wording does not make it allowed, and engineering around the letter of a rule is itself a violation. We may update this policy as risks, laws, and payment processor rules change, following the change process in the Terms.
This policy supplements the law; it never replaces it. Something lawful in one place may still be banned here, and nothing being absent from this page makes illegal conduct acceptable. The rules also bind buyers: commissioning, requesting, or knowingly using a pack for a prohibited purpose breaches this policy just as publishing one does.
2. Part A: Prohibited pack content
Part A applies to everything a pack ships and everything a listing says: the delivered files, code, prompts, configuration, course content, listing copy, and preview material. Creators carry primary responsibility for Part A, and buyers must not commission, request, or knowingly use packs for these purposes. Where the law of a market a pack targets is stricter than this list, the stricter rule applies, and the creator is responsible for knowing it.
- Illegal goods and services. Packs that sell, source, or facilitate anything unlawful in Australia or in the markets the pack targets, including controlled substances, stolen data, hacking-for-hire, fake identity documents, identity-verification bypass, and evasion of law enforcement.
- Stolen or plagiarised content. Republishing another creator’s pack, ripped courses, copied prompt libraries, or any material you do not own or hold a licence to sell. Cosmetic rewording of someone else’s work counts, and using an AI model to regenerate it does not launder the infringement. Infringement complaints follow the process in the Terms.
- Malicious software and hidden behaviour. This is the category we police hardest, because packs run inside a buyer’s own AI agent. Prohibited without exception:
- malware, ransomware, spyware, keyloggers, and cryptominers;
- hidden data exfiltration: collecting or transmitting buyer data to any destination not clearly disclosed in the listing or documentation;
- prompt-injection payloads: instructions embedded in pack files designed to hijack, mislead, or redirect a buyer’s agent beyond the pack’s stated purpose;
- undisclosed outbound calls: network requests to endpoints the buyer was never told about;
- credential harvesting: prompting for, capturing, or transmitting secrets unrelated to the pack’s stated function; and
- obfuscation intended to defeat review of any of the above.
- Deceptive earnings claims and MLM. Guaranteed-income promises, fabricated revenue screenshots, get-rich-quick framing, recruit-to-earn schemes, and pyramid mechanics, whether in the pack or in the listing. Any income figure used in a listing must be real, substantiated, and presented with honest context, not as a typical or promised outcome.
- Adult content. Pornography, sexual services, and sexually explicit material. Any sexual content involving minors is reported to authorities without notice to the account.
- Weapons. Packs that provide instructions, sourcing, or automation for firearms, explosives, or chemical, biological, radiological, or nuclear weapons, including packs that exist to coax such instructions out of an AI model.
- Unapproved regulated advice. Packs that generate financial product advice, medical diagnosis or treatment guidance, or legal advice without prior approval under Part B and the disclosures we require with it.
- Harassment and hate. Tools built to harass, intimidate, dox, or surveil individuals, and content that vilifies people on the basis of protected attributes. Automating a pile-on does not make it something other than harassment.
- Privacy-violating data collection. Scrapers that harvest personal data without a lawful basis, stalkerware, deanonymisation tooling, facial-recognition databases built without consent, and the sale of personal data sets.
- Sanctions and export violations. Packs that serve sanctioned persons or territories, or that are designed to circumvent export controls or sanctions screening, including obfuscating the origin or destination of funds, goods, or data.
- Gambling. Operating or facilitating gambling, betting automation, or lottery sales. Licensed operators in lawful markets may apply under Part B before listing anything in this space; without that approval the category is closed.
- Counterfeits and brand impersonation. Counterfeit goods, packs that pose as another company’s official product, and listings that imitate another creator or brand without authorisation. Saying a pack works with a product is fine; implying it comes from that product’s maker is not.
- Spam and manipulation tooling. Bulk unsolicited messaging systems, engagement bots, fake-review generators, account farms, CAPTCHA-solving services, and rate-limit evasion tools. A messaging pack is only acceptable where recipients have consented under the anti-spam laws that apply to them, and the pack must say so.
- Anything our payment processor prohibits. Payments run through Stripe, so the categories Stripe prohibits or restricts for its merchants are prohibited or restricted here too, even where this policy does not list them expressly. If processor rules tighten, this policy tightens with them.
If you are not sure which side of a line a pack falls on, ask before publishing at support@selrgroup.com.au. A pre-publish question costs nothing; a takedown costs the listing.
3. Part B: Restricted categories
Some categories are legitimate but carry elevated legal or safety risk: professional regulation applies to them, payment processor rules constrain them, or a badly built pack can do real harm to a buyer. Packs in these categories may be listed only with our prior written approval, granted before publishing. Approval is per pack, not per account; an approval for one pack says nothing about your next one.
- Financial-advice packs. Anything generating investment, trading, tax, or credit guidance. Approval requires clear scope limits, prominent general-advice and no-guarantee disclaimers, and evidence of any licence the law requires for what the pack does. A pack that tells buyers what to buy or sell is a different animal from one that explains concepts, and we treat it that way.
- Health and wellness packs. Anything touching diagnosis, treatment, mental health, nutrition plans, or medication. Approval requires professional-review provenance or strict information-only framing, plus crisis-resource signposting where relevant. Packs that could plausibly delay someone seeking real medical care face the highest bar.
- Legal-template packs. Contract templates, policy generators, and legal-drafting workflows. Approval requires jurisdiction labelling, clear not-legal-advice framing, and honesty about what a template cannot do, namely substitute for advice on the buyer’s specific situation.
- Web-scraping tools. Approval requires a described lawful basis, respect for technical access controls, and prominent disclosure of the account or legal risk the buyer takes on with the target services. A scraper that hides that risk from the buyer will not be approved.
- Crypto tooling. Wallet automation, trading bots, and on-chain transaction tooling. Approval requires custody and key-handling disclosure and no yield or return promises. A pack that can move funds must say exactly when, how, and under whose keys, in words a non-developer can follow.
- Lead generation involving personal data. Approval requires a lawful basis for the data handling, source disclosure, and compliance with applicable privacy and anti-spam laws in the markets the pack targets. Bought lists and scraped contact databases do not become compliant because an AI agent is doing the sending.
How to request approval. Before publishing, email support@selrgroup.com.au with a description of the pack, the category it falls under, the compliance measures above, and any licences you hold. In reviewing a request we weigh the potential for buyer harm, the strength of the disclosures, the regulatory position in the markets the pack targets, and our payment processor’s rules. Approval is only effective in writing, may carry conditions such as required disclaimers or market restrictions, applies only to the pack and scope described, and can be revoked if the pack changes or the stated facts turn out to be wrong. If approval is revoked, the listing comes down, and buyers with existing entitlements are handled under the Refund Policy. Publishing a restricted pack without approval is treated as a Part A violation.
4. Part C: Prohibited platform conduct
These rules apply to every account, whatever it buys or sells, and they cover use of the website, the API, the installer, install tokens, and bridged communities. Attempting any of the following counts as a violation even where the attempt fails:
- Token sharing and resale. Sharing, selling, lending, or pooling
loupit_install tokens, installing packs for people who have not bought them, or operating a shared account to split one purchase across many users. Teams and organisations buy the seats or tier their listing requires; one personal licence is not a site licence. - Credential harvesting. Phishing or collecting other users’ sign-in links, install tokens, or stored secrets, or attempting to intercept them in transit. This includes impersonating Loup emails or pages to capture a sign-in link.
- Scraping and API abuse. Accessing the catalogue or API beyond documented limits, mirroring listings at scale, or harvesting platform data for a competing service. Ordinary browsing, search indexing, and personal bookmarking are not the target of this rule.
- Review and ranking manipulation. Fake reviews, review swaps, brigading, undisclosed paid reviews, and inflating install or sales counts. This applies equally to boosting your own listings and to tearing down a competitor’s.
- Affiliate fraud. Self-referral in any form, cookie stuffing, fake accounts, misleading promotion, and earnings claims, as set out in the Terms and the Affiliate Disclosure.
- Community spam. Spamming bridged Telegram groups, unsolicited promotion, scams, and harassment of community members. Creators set the tone of their own groups, but no group may be used to run conduct this policy prohibits elsewhere.
- Fee circumvention. Using the marketplace to find buyers and then steering the payment off-platform to avoid platform fees on packs listed here. Creators remain free to sell their work anywhere else; what is prohibited is intercepting a purchase that started on Loup.
- Reverse engineering the platform. Copying, decompiling, or probing the Service or installer to rebuild it, bypass entitlement checks, or extract other users’ data. Good-faith security research reported responsibly to support@selrgroup.com.au is welcome.
- Abusing free installs and trials. Serial account creation, disposable identities, or refund cycling to obtain paid packs without paying. This does not limit honest use of the Refund Policy or your statutory rights; it targets the pattern, not the individual claim.
- Impersonation. Posing as Loup, Selr Group staff, a creator, or another user, in listings, communities, or messages, including lookalike account names and forged badges or verification claims.
- Interfering with other users. Denial-of-service attempts, flooding endpoints, disrupting installs or deliveries, or degrading the Service for anyone else, whether by volume, malformed requests, or exploitation of a defect.
- Evading enforcement. Opening new accounts after termination, republishing a removed pack under a new name, laundering a banned pack through another creator’s account, or otherwise working around an enforcement action.
5. Part D: Enforcement
We may review any pack, listing, or account at any time, and we may act on what we find, on reports from users, or on information from payment processors and authorities. Depending on the severity and history involved, enforcement may include:
- refusing or delaying a listing before it goes live;
- requiring changes to a pack or listing as a condition of staying listed;
- removing or delisting a pack;
- disabling install tokens or specific entitlements;
- suspending or terminating accounts;
- withholding or clawing back creator payouts and affiliate commission connected to the violation; and
- reporting conduct to payment processors or authorities where the law calls for it.
We keep records of enforcement actions so that history can be weighed fairly in later decisions, and we handle those records as described in the Privacy Policy. When we act against an account, the notice we send states which rule was violated, what action we took, and how to appeal, except where the law or an active investigation prevents that level of detail.
How we choose a response. Enforcement is graduated where the situation allows it. We weigh the severity of the violation, whether it looks deliberate or careless, the account’s history, the harm or potential harm to buyers, and how the account responds when contacted. A first-time labelling problem usually gets a fix-it notice and a deadline. Malicious code under Part A category 3 gets no ladder at all: removal and termination, every time.
Immediate action. Where a pack or account presents a live risk, for example anything in Part A category 3, active fraud, or a leaked token being exploited, we suspend first and explain afterwards. In other cases we aim to give notice and a chance to respond before acting.
Appeals. If we act against your pack or account and you believe we got it wrong, email support@selrgroup.com.au within 14 days of the decision with the subject "AUP appeal", the affected pack or account, and the facts you want considered. A person reviews every appeal, and we tell you the outcome. If an appeal is upheld, we reinstate what was removed and correct the account record. Your statutory rights are unaffected by this process.
Buyers affected by an enforcement action, for example a purchased pack being removed for a Part A violation, are notified and handled under the Refund Policy.
6. Reporting violations
If you believe a pack, listing, or account violates this policy, email support@selrgroup.com.au with the subject "AUP report". Include the pack or account URL, what you observed, and any evidence such as screenshots, file paths, or network destinations. A way to contact you helps if more detail is needed, but anonymous reports are accepted and reviewed too. Every report is reviewed.
Good-faith reports are protected: we do not penalise accounts for reporting honestly, even where we decide no violation occurred. Knowingly false reports made to harm a competitor are themselves a Part C violation. If you find a security vulnerability, report it through the same address, do not exploit it beyond what is needed to demonstrate it, and do not access data belonging to other users.
For privacy reasons we may not share the detail of action taken against another account, but reported packs and accounts are reviewed against this policy, and enforcement follows Part D where a violation is found.
Have questions about this policy?
Get in touch - we'd rather give you a straight answer than make you read between the lines.