← innlockerapp.com
Annual Enterprise Consulting LLC — Acceptable Use Policy
Acceptable Use Policy innlockerapp.com · hello@innlockerapp.com

ACCEPTABLE USE POLICY (AUP)

Annual Enterprise Consulting LLC — Exhibit C to the Master Services Agreement

Version 1.0 — Effective upon execution of the applicable Order Form

This Acceptable Use Policy ("AUP") defines the permitted and prohibited uses of

the InnLocker platform. This AUP is Exhibit C to the Master Services Agreement

("MSA") between Annual Enterprise Consulting LLC ("InnLocker") and Customer, and is incorporated

into the MSA by reference.

Violation of this AUP may result in immediate suspension or termination of Customer's

access to the Service, as described in Section 4 below.

All capitalized terms used but not defined in this AUP have the meanings given in the MSA.

SECTION 1 — PERMITTED USES

Customer may use the Service solely for the following purposes:

1.1 Package Management. Logging, tracking, storing, and delivering physical

packages received on behalf of hotel guests who are registered at the hotel

property or properties identified in Customer's Order Form.

1.2 Storage Fee Billing. Charging hotel guests storage fees for packages held

beyond any free storage period, at rates configured by Customer within the parameters

of the Service.

1.3 Reporting and Auditing. Generating reports and audit trails of package

activity for Customer's internal business operations and compliance purposes.

1.4 Staff Operations. Allowing Customer's authorized hotel staff to use the

Service in the course of their employment duties related to package management.

1.5 Guest Tracking. Allowing hotel guests to track the status of their own

packages via the InnLocker public tracking portal using the package identifier and

their last name.

1.6 Training. Using the Training Mode feature to train hotel staff on Service

operations using simulated data, prior to activating production mode.

SECTION 2 — PROHIBITED USES

Customer shall not, and shall ensure that its Authorized Users do not:

2.1 Scope Violations

(a) Non-Guest Packages. Use the Service to manage packages for persons who

are not registered guests of the hotel identified in the Order Form (e.g., packages

for hotel staff personal use, local residents, or external businesses).

(b) Unauthorized Properties. Use the Service for hotel properties not identified

in Customer's Order Form without first obtaining a separate Order Form for each

additional property.

(c) Resale or Sublicensing. Resell, sublicense, rent, lease, or otherwise make

the Service available to any third party outside of Customer's authorized hotel

operations.

(d) Non-Permitted Services. Use the Service as a general inventory management

system, lost-and-found system, storage facility for non-package items, or for any

purpose other than hotel guest package management.

2.2 Security and Technical Violations

(e) Credential Sharing. Share account credentials between properties not

covered under the same Order Form, or allow individuals who are not Authorized

Users to access the Service using Customer's credentials.

(f) Unauthorized Access. Access, or attempt to access, any data belonging to

other hotels or customers of InnLocker.

(g) Reverse Engineering. Reverse engineer, decompile, disassemble, or attempt

to derive the source code of the Service or any component thereof.

(h) Security Circumvention. Disable, bypass, or attempt to circumvent any

security feature, audit log, access control, or authentication mechanism of the Service.

(i) Automated Scraping. Use bots, scrapers, crawlers, or other automated means

to extract data from the Service beyond what is expressly permitted by InnLocker's API.

(j) System Overloading. Submit an excessive or unreasonable volume of requests

that places undue load on the Service's infrastructure, or use the Service in a

manner not contemplated by the Documentation.

(k) Vulnerability Exploitation. Probe, scan, or test the vulnerability of the

Service or any related system without InnLocker's prior written authorization.

2.3 Data and Privacy Violations

(l) Unauthorized Data Collection. Collect or process Personal Data of individuals

through the Service beyond what is necessary for hotel package management operations.

(m) Sensitive Data. Submit special categories of sensitive personal data to the

Service (including health information, government ID numbers, financial account

numbers, or biometric data beyond digital delivery signatures) without InnLocker's

prior written approval.

(n) Audit Log Tampering. Alter, delete, falsify, or attempt to manipulate any

audit log, delivery record, signature, or transaction record within the Service.

(o) Data Misuse. Use Customer Data or any data derived from the Service to

build competing products or services, or to harm, discriminate against, or defraud

hotel guests.

2.4 Fee and Billing Violations

(p) Fee Manipulation. Configure storage fees in a manner designed to deceive

hotel guests, including charging fees that were not disclosed to guests prior to

package acceptance, or retroactively modifying fee records.

(q) Unauthorized Charges. Use the Service to charge hotel guests for services

or amounts not related to legitimate package storage fees as disclosed by Customer.

(r) Payment Circumvention. Attempt to circumvent, reverse, or manipulate

Stripe payment processing transactions handled through the Service.

2.5 Legal and Ethical Violations

(s) Illegal Activity. Use the Service in connection with any illegal activity,

including money laundering, fraud, tax evasion, or the storage of contraband or

illegal items.

(t) Discrimination. Use the Service in a manner that discriminates against

hotel guests on the basis of race, color, religion, national origin, sex, disability,

or any other protected characteristic under applicable law.

(u) Harassment. Use the Service in any manner intended to harass, intimidate,

or harm hotel guests, hotel staff, or any other individual.

(v) Intellectual Property Infringement. Upload, submit, or transmit through

the Service any content that infringes the Intellectual Property Rights of any

third party.

(w) Misrepresentation. Impersonate InnLocker or any InnLocker employee, or

misrepresent Customer's relationship with InnLocker to hotel guests or third parties.

SECTION 3 — CUSTOMER'S RESPONSIBILITIES

3.1 Staff Training. Customer is responsible for training its Authorized Users

on the permitted uses of the Service and the requirements of this AUP before

granting them access.

3.2 Monitoring. Customer is responsible for monitoring the use of the Service

by its Authorized Users and for taking prompt corrective action upon discovering

any violation of this AUP.

3.3 Reporting Violations. Customer shall promptly notify InnLocker at

hello@innlockerapp.com upon discovering any violation of this AUP by any

Authorized User or any unauthorized use of Customer's account.

3.4 Accountability. Customer is responsible for all acts and omissions of its

Authorized Users as if they were Customer's own acts. A violation of this AUP by

an Authorized User is treated as a violation by Customer.

SECTION 4 — ENFORCEMENT

4.1 Investigation. InnLocker reserves the right to investigate any suspected

violation of this AUP. Customer agrees to cooperate with InnLocker's reasonable

investigation requests, including providing access to relevant records and personnel.

4.2 Immediate Suspension. InnLocker may immediately suspend Customer's access

to the Service, without prior notice, if InnLocker reasonably determines that

Customer's use poses an immediate risk to:

(a) The security or integrity of the Service or InnLocker's infrastructure;

(b) The privacy or security of data belonging to other InnLocker customers; or

(c) InnLocker's legal compliance obligations.

4.3 Suspension with Notice. For violations that do not pose an immediate risk,

InnLocker will provide Customer with written notice specifying the violation and

a ten (10)-day cure period. If Customer fails to cure the violation within

the cure period, InnLocker may suspend Customer's access until the violation is resolved.

4.4 Termination. InnLocker may terminate the MSA with immediate effect (without

the thirty (30)-day cure period provided in the MSA) if:

(a) Customer commits a material violation of this AUP that is not capable of cure; or

(b) Customer commits two (2) or more violations of this AUP within any twelve

(12)-month period, regardless of whether each individual violation was cured.

4.5 No Refunds. In the event of suspension or termination due to Customer's

violation of this AUP, Customer is not entitled to any refund of Fees paid for

the period during which the violation occurred.

4.6 Audit Logs as Evidence. InnLocker's audit logs are the primary evidentiary

record for any investigation of AUP violations. In any dispute, the audit log

data maintained by InnLocker shall be given significant evidentiary weight.

SECTION 5 — REPORTING VIOLATIONS

If you believe that the Service is being used in violation of this AUP — by

Customer, an Authorized User, or any third party — please report it to:

Email: hello@innlockerapp.com Subject line: AUP Violation Report WhatsApp: +1 (786) 416-2606

InnLocker will investigate all good-faith reports and take appropriate action.

SECTION 6 — UPDATES TO THIS AUP

InnLocker may update this AUP from time to time with thirty (30) days' prior

written notice to Customer, consistent with the amendment procedure in the MSA.

Continued use of the Service after the effective date of any update constitutes

Customer's acceptance of the revised AUP.

Annual Enterprise Consulting LLC · innlockerapp.com · hello@innlockerapp.com AUP Version 1.0 — May 2026 This document is Exhibit C to the InnLocker Master Services Agreement.
Annual Enterprise Consulting LLC  ·  innlockerapp.com  ·  hello@innlockerapp.com  ·  +1 (786) 416-2606