Acceptable Use Policy
Rules and guidelines for using WP WAF Manager and related services responsibly.
Effective Date: April 7, 2026
This Acceptable Use Policy (“AUP”) governs your use of the website www.wpwafmanager.com (the “Site”) and the WP WAF Manager WordPress plugin and related software, updates, documentation, and support services (collectively, the “Plugin”), operated by Nahnu Fitness LLC, a Washington State limited liability company (“Company,” “we,” “us,” or “our”).
This AUP is incorporated into and forms part of our Terms of Use. By accessing the Site or using the Plugin, you agree to comply with this AUP. Capitalized terms not defined here have the meaning given in the Terms of Use.
If you violate this AUP, we may suspend or terminate your access to the Site and Plugin, revoke your license, refuse refunds, and pursue any other remedies available to us under the Terms of Use or applicable law — with or without notice.
1. General Principles
You agree to use the Site and Plugin only for lawful purposes, in good faith, and in a way that does not infringe the rights of, restrict, or inhibit anyone else’s use and enjoyment of the Site, the Plugin, the internet, or any third-party service.
You are responsible for everything that happens through your account, your license keys, and any WordPress site on which you install the Plugin.
2. Prohibited Uses
You may not use the Site or Plugin, or permit anyone else to use them, to:
2.1 Violate Laws or Third-Party Rights
- Engage in any illegal, fraudulent, deceptive, or harmful activity;
- Violate any applicable local, state, national, or international law or regulation;
- Infringe any copyright, trademark, trade secret, patent, publicity, privacy, or other proprietary right of any third party;
- Violate the terms of service or acceptable use policy of any third-party service the Plugin interacts with, including but not limited to Cloudflare’s Terms of Service and Acceptable Use Policy, SureCart’s terms, Stripe’s terms, or your hosting provider’s terms;
- Violate U.S. export control laws, economic sanctions, or any restricted-party list (see Section 17 of the Terms of Use).
2.2 Harm Others or Their Systems
- Launch, facilitate, or participate in denial-of-service (DoS or DDoS) attacks, brute-force attacks, port scanning, vulnerability scanning, penetration testing, or any other unauthorized probing or attack of any network, server, or service;
- Use the Plugin to create WAF rules, edge rules, or IP access rules designed to harass, dox, retaliate against, or unjustly block specific individuals or protected groups;
- Distribute malware, ransomware, viruses, trojans, worms, rootkits, keyloggers, spyware, or any other malicious code;
- Attempt to gain unauthorized access to any system, account, network, or data;
- Interfere with or disrupt the integrity or performance of the Site, the Plugin, our license server, or any third-party service;
- Use the Plugin to harvest, scrape, or collect personal data about other internet users without a lawful basis.
2.3 Host or Facilitate Prohibited Content
You may not install or use the Plugin on any WordPress site that is used to host, distribute, link to, or facilitate:
- Child sexual abuse material (CSAM) or any sexual content involving minors;
- Content that sexually exploits, endangers, or otherwise harms minors;
- Terrorist content, content promoting violent extremism, or content inciting violence against people or property;
- Human trafficking, sex trafficking, or modern slavery;
- Phishing, credential harvesting, fake login pages, or other deceptive content designed to defraud users;
- Unlawful sale of firearms, explosives, controlled substances, or other regulated goods;
- Content designed to facilitate identity theft, financial fraud, tax fraud, or money laundering;
- Pirated software, cracked plugins or themes, illegal streaming, or any other content that infringes intellectual property rights;
- Defamatory, libelous, or knowingly false content intended to harm a person’s reputation;
- Content that harasses, stalks, threatens, or intimidates any individual.
2.4 Abuse the License or the Plugin Itself
- Share, resell, sublicense, transfer, or publish your license key without our prior written consent;
- Use a single license on more sites than your license tier permits;
- Reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of any non-open-source component, except to the extent applicable law expressly permits;
- Remove, obscure, or alter any copyright, trademark, license, or attribution notices;
- Modify the Plugin to bypass license validation, update checks, or any security measure;
- Distribute modified versions of the Plugin under the same name in a way that could mislead users into thinking they are receiving the official Plugin;
- Use the Plugin in any way intended to interfere with the legitimate business of Company or any of its customers.
2.5 Abuse Our Systems
- Make excessive, automated, or abusive requests to the Site, our license server, our update server, or any of our endpoints;
- Use bots, crawlers, scripts, or other automated means to access the Site in a way that exceeds normal browsing or imposes an unreasonable load;
- Attempt to bypass any rate-limit, security control, authentication mechanism, or access restriction we have in place;
- Submit false, misleading, or fraudulent information when purchasing a license, requesting support, or filing a refund or chargeback.
2.6 Misrepresent Yourself or Your Affiliation
- Impersonate Company, our employees, or any other person or entity;
- Falsely claim affiliation, sponsorship, endorsement, or partnership with Company;
- Use Company’s trademarks, logos, or trade names without prior written permission, except as permitted by fair use;
- Use the Site or Plugin to send unsolicited bulk email, spam, or other unwanted communications.
3. Security Research and Vulnerability Reporting
We welcome good-faith security research. If you believe you have found a security vulnerability in the Plugin or the Site, please report it to [email protected] before disclosing it publicly. Good-faith security research conducted in accordance with this section is not a violation of this AUP, provided that you:
- Do not access, modify, or destroy data that does not belong to you;
- Do not degrade or disrupt the Site, Plugin, or any third-party service;
- Do not exfiltrate any data beyond what is necessary to demonstrate the vulnerability;
- Give us a reasonable amount of time to investigate and remediate before any public disclosure; and
- Comply with all applicable laws.
We do not currently operate a paid bug bounty program, but we are happy to credit responsible researchers in our changelog or release notes upon request.
4. Reporting Violations
If you believe someone is using the Site or Plugin in violation of this AUP, please report it to [email protected]. Please include:
- The nature of the violation;
- The URL(s), license key, or account involved (if known);
- Any supporting evidence; and
- Your contact information (so we can follow up if needed).
We will review reports in good faith but make no commitment to take any specific action and are not obligated to disclose the results of any investigation.
5. Enforcement
We reserve the right, but are not obligated, to investigate any suspected violation of this AUP. If we determine, in our sole discretion, that you have violated this AUP, we may take any action we consider appropriate, including:
- Issuing a warning;
- Suspending or terminating your account, license, or access to the Site and Plugin without notice and without refund;
- Removing or disabling any content or configuration that violates this AUP;
- Reporting the violation to law enforcement or other appropriate authorities;
- Cooperating with law enforcement in any investigation; and
- Pursuing any civil or criminal remedies available to us.
We are not liable for any action we take, or fail to take, in response to a suspected or actual violation of this AUP.
6. No Obligation to Monitor
We do not actively monitor your use of the Plugin, the configurations you create through it, or the content of any WordPress site on which it is installed. You — not Company — are solely responsible for ensuring that your use complies with this AUP and with all applicable laws.
The fact that we may become aware of a violation does not create any obligation to take action, nor does our failure to act on a particular violation constitute a waiver of our right to act on the same or similar violations in the future.
7. Changes to This AUP
We may update this AUP from time to time to reflect changes in our practices, in the Plugin, or in applicable law. When we do, we will post the revised version on the Site and update the “Last Updated” date at the top. Your continued use of the Site or Plugin after the effective date of the revised AUP constitutes your acceptance of the changes.
8. Relationship to Other Agreements
This AUP supplements, and does not replace, the Terms of Use, the Privacy Policy, the Cookie Policy, and any other agreement between you and Company. In the event of a conflict between this AUP and the Terms of Use, the Terms of Use will control unless the conflicting provision is specifically intended to be overridden by this AUP.
9. Contact
Questions, reports, and security disclosures should be sent to:
Nahnu Fitness LLC Website: https://www.wpwafmanager.com Email: [email protected]