# Acceptable Use Policy (AUP)

**Platform:** MyFinalMessage (myfinalmessage.info)  
**Operator:** MyFinalMessage, an online legacy message vault service operated from Turkey under Istanbul, Turkey  
**Contact:** support@myfinalmessage.info  
**Effective Date:** May 26, 2026  
**Last Updated:** May 26, 2026

---

## 1. Purpose and Scope

1.1 This Acceptable Use Policy ("AUP") sets out the specific rules governing what content may be uploaded to MyFinalMessage and how the platform may be used. It supplements and forms part of the MyFinalMessage Terms of Service. In the event of a conflict between this AUP and the Terms of Service, this AUP prevails with respect to content and usage prohibitions.

1.2 MyFinalMessage is a post-mortem video dispatch platform. Its sole intended purpose is to allow registered users aged 18 and over to record personal video messages that are stored encrypted and dispatched to nominated recipients only after the user's death or prolonged unresponsiveness as determined by the platform's automated escalation process. Any use of the platform for any other purpose is prohibited.

1.3 This AUP applies to:

- All registered users of MyFinalMessage, including Essential plan holders, Family plan owners, and Family plan sub-account members.
- All content uploaded to, stored on, or transmitted through the MyFinalMessage platform, including video recordings, audio, metadata, file names, and recipient or emergency contact data.
- All actions taken via the MyFinalMessage web application, API endpoints, and any affiliated services.

1.4 This AUP has been prepared in compliance with the requirements of our infrastructure and payment providers, including Google Cloud Platform (GCP) Acceptable Use Policy (https://cloud.google.com/terms/aup) and Dodo Payments's terms and conditions (https://dodopayments.com/legal/restricted-businesses). By using MyFinalMessage, you agree to comply with those providers' policies in addition to this AUP.

---

## 2. Prohibited Content

The following categories of content are absolutely prohibited on MyFinalMessage. Uploading, storing, transmitting, or causing the dispatch of any of the following constitutes a material breach of this AUP and the Terms of Service.

### 2.1 Child Sexual Abuse Material (CSAM)

MyFinalMessage operates a **zero-tolerance policy** toward any content that sexualises, exploits, or abuses minors. This includes, without limitation:

- Any video, image, or audio recording depicting a person under the age of 18 in a sexual context.
- Content that grooms, solicits, or encourages sexual contact with minors.
- Cartoon, animated, or AI-generated depictions of child sexual abuse.

Upon discovery or credible report of CSAM on the platform, MyFinalMessage will:

1. Immediately and permanently terminate the offending account without notice or refund.
2. Preserve all associated account data, metadata, and logs as required for law enforcement purposes.
3. Report the content to the relevant national law enforcement authority and, where applicable, to the National Center for Missing and Exploited Children (NCMEC) CyberTipline, the Internet Watch Foundation (IWF), and the Turkish Information Technologies and Communication Authority (BTK).
4. Cooperate fully with any resulting criminal investigation.

### 2.2 Terrorism, Extremism, and Violent Radicalization

Users may not upload content that:

- Promotes, glorifies, or incites acts of terrorism or politically motivated violence.
- Recruits individuals to terrorist organisations or extremist movements.
- Disseminates manifestos, instructions, or calls to action from designated terrorist organisations under Turkish law (TMK — Law No. 3713), EU Directive 2017/541, or equivalent.
- Attempts to radicalise recipients by including extremist ideology in dispatched video messages.

### 2.3 Harassment, Stalking, Doxxing, and Threats

Users may not upload content that:

- Directs credible threats of physical harm, death, or sexual violence toward any identifiable individual.
- Constitutes targeted harassment of a named or identifiable person.
- Discloses private personal information of a third party (name, address, phone number, workplace, financial information, etc.) without that person's consent ("doxxing").
- Is designed to intimidate, coerce, or surveil an individual in a manner that would constitute stalking under applicable law.

MyFinalMessage is a platform for personal farewell messages. Messages intended to intimidate, threaten, or harm recipients after the sender's death are strictly prohibited.

### 2.4 Self-Harm Encouragement and Suicide Instruction

Users may not upload content that:

- Provides specific methods, techniques, or step-by-step instructions for self-harm or suicide.
- Glorifies, romanticises, or encourages self-harm or suicide in a manner that could influence a recipient to engage in such behaviour.
- Is designed to be dispatched as a final instruction to a recipient to cause harm to themselves.

This prohibition does not apply to sincere farewell messages that express distress, grief, or personal reflection, provided they do not contain specific instructional content or direct encouragement to self-harm.

### 2.5 Non-Consensual Intimate Imagery (NCII)

Users may not upload content that:

- Depicts any person in a sexual manner without that person's explicit consent to the recording and to the recording's storage and dispatch via this platform.
- Is intended to be dispatched as revenge pornography or an act of sexual humiliation post-mortem.
- Constitutes intimate image abuse under applicable law, including Turkish Penal Code Article 134 (violation of privacy).

### 2.6 Malware, Ransomware, and Phishing

Users may not upload content, links, or files that:

- Contain or link to malicious software, including viruses, trojans, ransomware, spyware, or keyloggers.
- Direct recipients to phishing pages designed to steal credentials or financial information.
- Embed scripts or executable code intended to compromise the device or data of any recipient.

### 2.7 Impersonation

Users may not upload content that:

- Falsely impersonates a living person in a manner likely to deceive recipients (e.g. recording a video while pretending to be a public figure, authority, or known third party).
- Falsely impersonates a deceased person to deceive the deceased's family or associates.
- Creates a false impression of authority, identity, or professional status (e.g. posing as a medical professional, attorney, or law enforcement officer) in messages dispatched to recipients.

### 2.8 Scams, Fraud, and Pyramid Schemes

Users may not use MyFinalMessage to:

- Dispatch post-mortem messages containing fraudulent financial instructions designed to deceive recipients (e.g. fabricated inheritance instructions, fraudulent wire transfer requests, counterfeit legal claims).
- Operate pyramid schemes, multi-level marketing fraud, or advance-fee fraud via dispatched messages.
- Deceive recipients into believing they are owed money or property that the sender does not legitimately hold.

### 2.9 Illegal Instructions

Users may not upload content that provides instructions, tutorials, or technical guidance for:

- Manufacturing, assembling, or deploying weapons, including firearms, explosives, biological weapons, or chemical weapons, in violation of applicable law.
- Synthesising, producing, or distributing controlled substances or narcotics.
- Committing any other act that is illegal under Turkish law, EU law, or the law of the country in which the recipient is located.

### 2.10 Content Violating Applicable Law

Users may not upload content that violates:

- Turkish law, including but not limited to the Turkish Penal Code (TCK), Turkish Information Technology Law No. 5651, KVKK (Law No. 6698), or any regulation issued by RTÜK or BTK.
- European Union law applicable to operators or data subjects within the EU/EEA.
- The domestic law of the recipient's jurisdiction, to the extent that dispatching such content to that recipient would constitute a criminal offence.

### 2.11 Unauthorized Likeness, Voice, and Third-Party Media
Users are strictly prohibited from uploading, recording, or storing any content that depicts, records, or includes the personal likeness, voice, image, or private video of any third-party individual unless:
- The user has obtained the prior, explicit, and written consent of that third party to be recorded and for their recording to be stored on and dispatched by the MyFinalMessage platform.
- In the case of minors under 18, the user has obtained the prior, explicit, and written consent of their parent or legal guardian.
Any unauthorized upload of another person's likeness or voice constitutes a material breach of this AUP, and the account owner shall hold sole, exclusive, and complete liability for any resulting claims of privacy violations, copyright infringement, or personality rights violations. MyFinalMessage serves as a passive host and is not liable for any unauthorized third-party media uploaded by users.

---

## 3. Prohibited Uses

### 3.1 Circumventing Platform Limits

Users may not:

- Create multiple accounts to exceed the video storage or recipient limits of their subscribed plan (Free Trial: 1 video, 3 recipients; Essential: 3 videos, 3 recipients per video; Family: owner + 3 sub-accounts, each with 3 videos and 3 recipients).
- Use automated scripts, bots, or tools to artificially create accounts, upload content, or trigger dispatch flows.
- Share account credentials with persons not entitled to sub-account access under the Family plan.

### 3.2 Re-registration After Termination

Any user whose account has been terminated for an AUP or Terms of Service violation is permanently banned from MyFinalMessage. Such users may not:

- Register a new account using a different email address.
- Register using a family member's or third party's identity.
- Use a VPN, proxy, or other IP-masking technology to circumvent an IP-based ban.

MyFinalMessage retains the SHA-256 hash of email addresses for 2 years after account deletion (including termination) for the purpose of enforcing this re-registration prohibition, pursuant to GDPR Article 6(1)(f) (legitimate interest in platform integrity).

### 3.3 Use Beyond Intended Purpose

MyFinalMessage is exclusively designed for the encrypted storage and post-mortem dispatch of personal video messages. The platform may not be used:

- As a general-purpose video hosting or streaming service.
- As a communication tool for real-time or near-real-time messaging between living parties.
- As a data exfiltration or file storage service unrelated to personal post-mortem messages.
- As a vehicle for commercial advertising or promotional content delivered to recipients as though it were a personal farewell.

### 3.4 Use in Sanctioned Jurisdictions

MyFinalMessage is not available to individuals or entities located in, or acting on behalf of governments of, countries subject to comprehensive sanctions administered by the U.S. Office of Foreign Assets Control (OFAC), the EU, or the UN Security Council. Dodo Payments automatically blocks payment processing from sanctioned jurisdictions. Accounts associated with sanctioned jurisdictions are subject to immediate termination.

### 3.5 Attempting to Decrypt Other Users' Data

MyFinalMessage uses AES-256-GCM envelope encryption. Each user's videos are encrypted with a unique Data Encryption Key (DEK) stored in Cloud Firestore, wrapped by a root Key Encrypting Key (KEK) managed in Google Cloud KMS. Users may not:

- Attempt to access, copy, or decrypt another user's encrypted video files from Google Cloud Storage.
- Attempt to retrieve, copy, or reconstruct another user's DEK from Firestore.
- Attempt to exploit any vulnerability in the KMS, encryption, or key rotation infrastructure.

Any such attempt constitutes a criminal offence under Turkish law (TCK Article 243 — unauthorised access to an information system) and equivalent cybercrime legislation.

### 3.6 Attempting to Access Other Users' Accounts

Users may not:

- Attempt to log in to another user's account by guessing, brute-forcing, phishing, or credential stuffing.
- Exploit any session management vulnerability in our authentication system to impersonate another user.
- Use social engineering to obtain another user's login credentials.

Under the Family plan, account owners may not access, view, edit, or delete any content or configuration belonging to a sub-account. Sub-account data is strictly isolated at the application and database level.

### 3.7 System Overloading and Denial-of-Service Attacks

Users may not:

- Submit an excessive volume of requests to the MyFinalMessage platform in a manner that degrades service availability for other users (Denial-of-Service or Distributed Denial-of-Service attack).
- Upload video files that significantly exceed reasonable size limits in an attempt to exhaust Google Cloud Storage quotas.
- Exploit the check-in or dispatch triggering mechanism in a manner that generates artificial email or SMS volume through Amazon SES or Twilio.

---

## 4. Enforcement

### 4.1 Immediate Account Termination Without Refund

Any violation of Section 2 (Prohibited Content) or Section 3 (Prohibited Uses) may result in immediate, permanent termination of the offending account without prior notice and without refund of any amounts paid. This applies regardless of:

- The plan tier of the account (Free Trial, Essential, or Family).
- Whether the violation was detected by automated means or a user report.
- Whether the prohibited content had already been dispatched to recipients or was stored but not yet dispatched.

For Family plan accounts: termination of the owner account results in the immediate disabling of all associated sub-accounts. Sub-account violations may result in termination of the sub-account only, or of the entire Family plan at MyFinalMessage's sole discretion.

### 4.2 Law Enforcement Referral

MyFinalMessage will refer violations to relevant law enforcement authorities where legally required or where the nature of the violation warrants referral. This includes, without limitation:

- CSAM (Section 2.1): mandatory referral to Turkish law enforcement and applicable international bodies.
- Terrorism or violent extremism content (Section 2.2): referral to the Turkish National Police and, where relevant, Europol and equivalent agencies.
- Credible threats of violence (Section 2.3): referral to the law enforcement authority with jurisdiction over the threatened individual.
- Criminal fraud or financial deception (Section 2.8): referral to relevant financial crime authorities.

### 4.3 Data Preservation for Legal Investigations

Notwithstanding MyFinalMessage's standard data deletion practices, where an account is suspended or terminated pending a law enforcement investigation, or where MyFinalMessage has received a valid legal process request (court order, subpoena, or equivalent), the following data will be preserved for as long as required by the investigation or legal process:

- All encrypted video files associated with the account in Google Cloud Storage.
- All Firestore metadata and configuration records.
- Authentication database records including account creation timestamps, sign-in history, and associated IP addresses.
- Amazon SES and Twilio delivery logs.
- Dodo Payments transaction records.

This preservation is in addition to, and takes precedence over, any account deletion request submitted by the user during the preservation period.

### 4.4 Right to Restrict Access Pending Investigation

MyFinalMessage reserves the right to suspend access to an account (without full termination) while an investigation into a potential AUP violation is ongoing. During a suspension:

- The user cannot upload, modify, or delete content.
- Scheduled dispatch events are paused.
- The user will be notified of the suspension by email to their registered address unless notification is legally prohibited (e.g. by a non-disclosure order).

---

## 5. Reporting Violations

If you become aware of content on MyFinalMessage that you believe violates this AUP, please contact us immediately:

**Email:** support@myfinalmessage.info  
**Subject line:** "AUP Violation Report"

Please include in your report:

- A description of the content or behaviour you are reporting.
- Any relevant URLs, account identifiers, or timestamps.
- Your contact information (if you wish to be contacted regarding the outcome).

MyFinalMessage will acknowledge all AUP violation reports within 5 business days and will take appropriate action as described in Section 4. We cannot guarantee that we will disclose the outcome of every investigation due to legal, privacy, and third-party confidentiality constraints.

---

## 6. No Proactive Monitoring Disclaimer

6.1 MyFinalMessage does not proactively monitor, review, or screen the content of video recordings uploaded by users. Videos are stored in encrypted form in Google Cloud Storage using AES-256-GCM encryption. MyFinalMessage employees and systems do not routinely access, view, or analyse the plaintext contents of user videos.

6.2 Notwithstanding Section 6.1, MyFinalMessage reserves the right — but does not assume the obligation — to:

- Review account-level metadata (upload dates, file sizes, account activity) for anomalous patterns.
- Investigate any account upon receipt of a credible third-party report alleging an AUP violation.
- Access account content where legally compelled to do so by a valid Turkish court order or equivalent legal instrument.
- Terminate accounts based on metadata indicators of prohibited use, without necessarily reviewing the encrypted content itself.

6.3 This disclaimer does not limit MyFinalMessage's right to enforce this AUP or to cooperate with law enforcement as described in Section 4.2.

---

## 7. Governing Law

This Acceptable Use Policy is governed by and construed in accordance with the laws of the Republic of Turkey. Any dispute arising out of or in connection with this AUP shall be subject to the exclusive jurisdiction of the courts in the Turkey.

---

## 8. Amendments

MyFinalMessage may update this AUP at any time. Changes will be notified to registered users by email to their registered address at least 14 days before taking effect. Continued use of MyFinalMessage after the effective date of an updated AUP constitutes acceptance of the revised policy.

---

*For questions about this AUP, contact support@myfinalmessage.info.*
