UPTECH Usage Policy
Rules for using services, platforms, APIs, and connectivity resources.
Acceptable use
Defines permitted and prohibited conduct when using UPTECH connectivity, platforms, APIs, and support.
Network protection
Preserves availability, security, and operational quality for customers and connected devices.
Abuse response
Violations may result in technical blocking, limitation, suspension, contract termination, and cooperation with authorities.
Report abuse
Send technical evidence, occurrence time, and involved identifiers for analysis by the UPTECH team.
abuse@uptech.com.br1
Scope and acceptance
This Usage Policy establishes rules for using the services, platforms, APIs, connectivity resources, SIM/eSIM, APNs, integrations, and technical channels made available by UPTECH.
By contracting, accessing, or using any UPTECH service, the customer, authorized user, partner, or integrator agrees to comply with this policy, applicable contracts, commercial proposals, technical terms, and current law.
This policy applies to production, staging, sandbox, API, portal, management platform, and support service environments;
Use of the services must be related to lawful, professional purposes compatible with the contracted solution;
Specific conditions provided in contracts, SLAs, DPAs, proposals, or service orders prevail when they are more restrictive.
2
Customer and authorized user responsibility
The customer is responsible for its accounts, users, credentials, devices, integrations, traffic, submitted data, and any use of the services by internal teams, third parties, suppliers, or systems under its administration.
Keep registration data, technical contacts, and security contacts up to date;
Ensure that users and integrators have proper authorization to access UPTECH systems;
Configure devices, applications, firewalls, webhooks, and integrations securely;
Prevent misuse by third parties, including in cases of leaked credentials, compromised devices, or misconfigured automations;
Be responsible for damages, costs, sanctions, or impacts caused by irregular use of contracted resources.
UPTECH may provide technical guidance to customers and partners, but administration of the customer's environments, devices, and credentials remains the customer's responsibility, unless an expressly contracted managed service applies.
3
Prohibited uses
UPTECH services may not be used for illegal, abusive, fraudulent, harmful to third parties, or incompatible with the contracted purpose activities.
Illegal or fraudulent activities
Using the services to violate laws, commit fraud, bypass controls, simulate identities, mask traffic origin, or support irregular operations.
Spam and unsolicited messages
Sending, facilitating, or automating unsolicited messages, abusive campaigns, phishing, smishing, spoofing, or any mass communication without legal basis and appropriate consent.
Unauthorized access
Attempting to access accounts, networks, APIs, systems, devices, databases, or environments without permission, including through brute force, scanning, vulnerability exploitation, or social engineering.
Malware and harmful content
Distributing viruses, botnets, exploit tools, ransomware, malicious scripts, or any code capable of causing damage, unavailability, interception, or data leakage.
Intellectual property violation
Transmitting, hosting, distributing, or facilitating content that violates copyrights, trademarks, patents, trade secrets, software licenses, or third-party rights.
Interference with the network or services
Running activities that degrade availability, stability, IP reputation, network quality, API performance, or the operation of other customers.
4
Rules for IoT/M2M connectivity
Connectivity resources provided by UPTECH must be used according to the contracted technical profile, volume, geography, purpose, and commercial conditions.
Use operator profiles only in devices, applications, and purposes compatible with the contract.
Do not resell, sublicense, share, or transfer lines, profiles, credentials, or access without formal UPTECH authorization.
Do not use IoT/M2M resources as substitutes for consumer mobile plans, residential modems, public hotspots, or generic connectivity services.
Do not tamper with, clone, reprogram, manipulate, or attempt to extract keys, profiles, identifiers, or technical parameters from SIM/eSIM or eUICC.
Avoid anomalous traffic, reconnection loops, incompatible consumption, continuous unplanned use, or behavior that harms operators, partners, or the platform.
Cooperate with diagnostics when there is suspected failure, abuse, compromise, out-of-profile use, or network impact.
5
Rules for APIs, webhooks, and integrations
APIs, webhooks, tokens, access keys, sandbox environments, and integrations must be used with security, access control, and respect for technical limits defined by UPTECH.
Protect tokens, keys, secrets, certificates, OAuth credentials, and webhook endpoints from public exposure.
Respect request limits, usage windows, authorization scopes, rate limit policies, and technical integration guidelines.
Do not run scraping, enumeration, aggressive automated tests, artificial load, DDoS, brute force, or any automation that degrades the services.
Validate webhook origin, signature, and content before executing actions in internal systems.
Immediately notify UPTECH in case of credential leaks, compromised tokens, anomalous behavior, or integration incidents.
6
Account, credential, and device security
The customer must adopt proportionate security measures to protect its access, connected devices, applications, and environments integrated with UPTECH services.
Credentials and users
Use strong passwords, multifactor authentication when available, profile segregation, and immediate revocation of unnecessary access.
Field devices
Keep firmware, embedded applications, certificates, network settings, and communication policies in secure condition.
Corporate environments
Protect ERPs, CRMs, servers, firewalls, databases, and event queues connected to UPTECH solutions.
Incidents
Quickly report device loss, misuse, suspicious access, data leakage, traffic abuse, or system compromise.
7
Content, data, and regulatory compliance
UPTECH does not pre-control the content, commands, payloads, messages, events, telemetry data, or integrations generated by the customer. The customer must ensure that all data transmitted or processed through the services is lawful and compatible with its legal and contractual obligations.
Do not transmit discriminatory, abusive, illegal, fraudulent, misleading content or content that violates third-party rights;
Comply with applicable telecommunications, data protection, information security, consumer protection, intellectual property, and sector-specific rules;
Process personal data according to the LGPD and other applicable laws, including when UPTECH acts as processor on behalf of the customer;
Maintain legal bases, records, consents, privacy notices, and governance controls when required by the customer's operation.
8
Monitoring, investigation, and cooperation
To protect customers, network, platform, partners, and third parties, UPTECH may monitor technical metrics, security events, traffic patterns, logs, API integrity, and signs of abuse, respecting applicable law and current contracts.
Investigate incidents, reports, third-party complaints, abuse listings, traffic anomalies, and security alerts;
Request technical information from the customer to validate origin, purpose, and correction of suspicious behavior;
Apply preventive measures to contain immediate risk, preserve availability, or protect third parties;
Cooperate with competent authorities when there is a legal obligation, valid order, or substantiated suspicion of illegal activity.
9
Measures in case of violation
In case of violation of this policy, reasonable suspicion of abuse, security risk, network impact, or contractual non-compliance, UPTECH may adopt measures proportional to the severity and urgency of the case.
Technical measures
Traffic blocking, request limitation, token revocation, APN isolation, line suspension, SIM/eSIM blocking, or temporary integration deactivation.
Administrative measures
Customer notification, correction request, remediation plan requirement, credential change, or permission review.
Contractual measures
Partial or total service suspension, contract termination, charging generated costs, losses and damages, fines, or other consequences provided by contract.
Legal measures
Record preservation, communication to authorities, compliance with judicial or administrative orders, and cooperation in legal investigations.
In urgent situations, UPTECH may act without prior notice to reduce risk, avoid damage, preserve evidence, or protect service continuity.
10
Abuse reporting channel
Anyone who identifies a possible violation of this policy, network abuse, attempted fraud, API misuse, spam, phishing, malicious traffic, or incident related to UPTECH services may send a report to our contact channel.
IP address, ICCID, MSISDN, device identifier, token, or endpoint involved, when available;
Date, time, and timezone of the occurrence, preferably in Brasilia time;
Objective event description, technical evidence, logs, headers, messages, URLs, or screenshots;
Contact details for follow-up, if additional information is needed.
Reporting channel
abuse@uptech.com.br11
Changes to this policy
This Usage Policy may be updated to reflect changes in UPTECH services, technologies, regulatory requirements, security practices, or commercial models.
The current version will be available on this page. When a change has relevant impact on active customers, UPTECH may communicate through the appropriate contractual, commercial, or operational channels.
Need to validate a technical use?
Talk to UPTECH before running integrations, automations, load tests, or traffic flows.