1. Purpose
This policy defines the permitted and prohibited activities on the Marai Agenda platform. By using the service, you agree to comply with these rules. Non-compliance may result in suspension or termination of your account.
2. Automated abuse
The following are expressly prohibited:
- Scraping or crawling the platform to extract client, appointment or service data.
- Using bots to automate API requests without prior written permission from Marai Software, S.L.
- Executing denial-of-service attacks (DoS/DDoS) or flooding the system with mass requests.
- Attempting to exploit system or infrastructure vulnerabilities.
3. Security and privacy
Users must not:
- Attempt to access other businesses' data (IDOR attacks or other techniques).
- Capture or intercept network traffic from other users.
- Share login credentials or create shared accounts.
- Use the platform to collect or process third-party personal data without a legal basis.
4. Intellectual property
The following actions are PROHIBITED and constitute a serious violation:
- Reverse engineering the Software or attempting to extract source code.
- Copying algorithms, workflows or system features for personal or commercial use.
- Building a competing product or service based directly or indirectly on this Software.
- Reselling, sublicensing or redistributing the Software or access to it.
- Mass-exporting platform data for your own commercial use.
5. Consequences
- First violation: Written warning + account review + possible temporary suspension.
- Second violation: Permanent account suspension + data deletion (per GDPR).
- Intellectual property violation: Immediate account termination, DMCA takedown notice to hosting provider, legal action and damages claim.
6. Monitoring, logs and content takedown
Marai performs automated monitoring of usage patterns to detect abuse, fraud and violations of this policy. The legal basis for this processing is the legitimate interest (Art. 6.1.f GDPR) in maintaining the integrity and security of the service, balanced against users' rights:
- What we monitor: frequency and volume of API requests, automated scraping or crawling patterns, attempts to access resources outside the account (IDOR), mass exports, unusual WhatsApp messaging volumes and repeated authentication errors.
- Logs: security logs (IP, user-agent, timestamp, endpoint, response codes) are retained for a maximum of 12 months, after which they are deleted or anonymised. Billing logs are retained for 6 years (Art. 30 of the Spanish Commercial Code).
- Takedown procedure: for serious violations (automated abuse, intellectual property theft, fraudulent use) Marai may suspend access immediately and send a formal notice to the user within a maximum of 72 hours, indicating the detected facts, available evidence and measures adopted.
- Third-party notification: for intellectual property violations, Marai may issue a DMCA notice (17 U.S.C. § 512) to the hosting provider and exercise the applicable civil and criminal actions before the competent Spanish courts.
- Right to be heard and appeal: the affected user has 15 calendar days from notification to file written submissions at legal@maraiagenda.com. After assessment, Marai will confirm, modify or revoke the measure.
7. Report abuse
If you detect misuse of the platform by third parties, report it to seguridad@maraiagenda.com providing, if possible, the affected URL, date and time of the incident and evidence (screenshots, headers, logs). We will respond within a maximum of 5 business days.
8. Contact
For questions about this policy: legal@maraiagenda.com.