Acceptable Use Policy
Last updated: 10 March 2026
This Acceptable Use Policy (this “Policy”) describes prohibited and restricted uses of the web services, platform, and website offered by Eager Lobster Ltd, trading as “whoot” (“we”, “us”, “our”), a company registered in England and Wales (Company Number 17038042) with its registered office at First Floor 1 Des Roches Sq, Witan Way, Witney, England, OX28 4BE (the “Services”) and the website located at https://whoot.com (the “Site”).
This Policy is governed by and construed in accordance with the laws of England and Wales. It forms part of, and should be read alongside, our Terms & Conditions and Privacy Policy. Where there is any conflict between this Policy and the Terms & Conditions, the Terms & Conditions shall prevail.
By using the Services or accessing the Site, you agree to the latest version of this Policy. Violation of this Policy may result in the immediate suspension or termination of your account and/or access to the Services.
1. General Prohibitions
1.1 Service Integrity
You may not use the Services in any manner that materially degrades, disrupts, or interferes with the Services or other customers' use of the Services.
1.2 Illegal & Fraudulent Activities
Any activity that violates applicable laws or regulations is prohibited. This includes, but is not limited to:
- The dissemination of child sexual abuse material (CSAM).
- Promoting fraudulent schemes (e.g. Ponzi schemes, “make-money-fast” scams).
- Identity theft or impersonation of another person.
- Activities that breach the Proceeds of Crime Act 2002, the Fraud Act 2006, or equivalent legislation.
1.3 Infringing Content
Content that infringes or misappropriates the intellectual property or proprietary rights of others, including wholesale copyright infringement (piracy), hosting unauthorised streaming services, or violations of the Copyright, Designs and Patents Act 1988.
1.4 Harmful Technology
Viruses, malware, Trojan horses, ransomware, or any technology intended to damage systems and/or surreptitiously intercept, exfiltrate, or destroy data. This includes conduct that would constitute an offence under the Computer Misuse Act 1990.
1.5 Obfuscation
Using techniques to obfuscate code or application logic uploaded to the whoot platform to hide malicious intent or bypass platform detection and security controls.
2. Data Protection & GDPR
2.1 Personal Data
You must not use the Services to collect, store, or process personal data in breach of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, or the EU General Data Protection Regulation (EU) 2016/679 (together, “Data Protection Laws”).
2.2 Lawful Basis
Where you use the Services to process personal data, you must ensure that an appropriate lawful basis (as defined in Article 6 of the UK GDPR) exists for each processing activity. You are the data controller for personal data processed through your workspace.
2.3 Data Subject Rights
You must not use the Services in a manner that prevents or impedes data subjects from exercising their rights under Data Protection Laws, including rights of access, rectification, erasure, restriction, portability, and objection.
2.4 International Transfers
You must not use the Services to transfer personal data outside the United Kingdom or European Economic Area unless adequate safeguards are in place in accordance with Data Protection Laws (e.g. standard contractual clauses, adequacy decisions, or binding corporate rules).
2.5 Special Category Data
The processing of special category data (as defined in Article 9 of the UK GDPR) is only permitted where an appropriate condition under Schedule 1 of the Data Protection Act 2018 is met. You must ensure that appropriate technical and organisational measures are in place before processing such data through the Services.
3. Artificial Intelligence & Content Manipulation
3.1 Deepfakes & Deceptive Synthetics
Generating or storing synthetic media intended to deceive or harass, including but not limited to non-consensual intimate imagery. This includes conduct that may constitute an offence under the Online Safety Act 2023.
3.2 Safety Guardrails Circumvention
Using the Services to facilitate the “jailbreaking” of AI models or to bypass safety guardrails.
3.3 Unauthorised Scraping
Storing or processing datasets obtained through web scraping, or performing automated network and system reconnaissance (including port scanning), in violation of applicable terms of service, robots.txt directives, or without explicit authorisation.
3.4 Reputation & SEO Manipulation
Creating “gibberish” or nonsensical content, deceptive search engine results, or falsifying reputation metrics (e.g. automated generation of fake reviews or social proof).
4. Security & Network Integrity
4.1 Unauthorised Access
Attempting to probe, scan, or test the vulnerability of any system (including port scanning) unless expressly authorised by us in writing. Unauthorised access constitutes an offence under the Computer Misuse Act 1990.
4.2 Denial of Service
Inundating a target with requests (including flooders, reflectors, and amplifiers) to render it ineffective or slow.
4.3 Proxy & Anonymisation Services
Operating open proxies, open mail relays, or proxy infrastructure used to bypass geographic restrictions or IP-based rate limits.
4.4 Cryptocurrency Mining
Using whoot compute resources for mining digital assets or cryptocurrencies.
4.5 Vulnerability Disclosure
Exploiting discovered vulnerabilities or publicly disclosing them before a fix is available. Discoveries must be reported privately to whoot at [email protected].
5. Account & Messaging Abuse
5.1 Account Registration
You may not use temporary, disposable, or “dead-drop” email addresses for your whoot account.
5.2 Automated & Bulk Registration
Creating accounts via automated means, registering accounts in bulk, or maintaining an excessive number of accounts as a single user is prohibited without our prior written consent.
5.3 Spam & Deception
Distributing unsolicited mass messages, altering message headers to obscure identity, or collecting personal data via phishing and deceptive web forms. Such activity may also constitute an offence under the Privacy and Electronic Communications (EC Directive) Regulations 2003.
5.4 Infrastructure Abuse
Using the Services as a “drop-zone” for stolen data or as command-and-control (C2) infrastructure for malware.
6. Financial Crime & Regulated Goods
6.1 Carding & Financial Fraud
Using the Services for card testing, card verification, or the storage of stolen financial data. Payment processing on the platform is handled exclusively by Stripe; any attempt to circumvent or exploit payment flows is strictly prohibited.
6.2 Illegal Trade
The sale or distribution of controlled substances, drug paraphernalia, or facilitating unregulated gambling and wagering activities, including in contravention of the Gambling Act 2005 and the Misuse of Drugs Act 1971.
6.3 Money Laundering
Using the Services to facilitate money laundering or terrorist financing, including activities that would constitute offences under the Proceeds of Crime Act 2002 or the Terrorism Act 2000.
6.4 Sanctions
You may not use the Services in connection with any person, entity, or territory subject to UK, EU, or UN sanctions, or in breach of the Sanctions and Anti-Money Laundering Act 2018.
6.5 High-Risk Systems
Use in nuclear facilities, aircraft navigation, or life support systems where failure could lead to death or catastrophic damage.
7. Monitoring & Enforcement
7.1 Investigation & Action
We reserve the right, in our sole discretion, to investigate, suspend, or terminate access to the Services if we determine that your conduct violates this Policy or poses legal, regulatory, security, reputational, or operational risk to us, the Services, or other customers.
7.2 Reporting to Authorities
We may report suspected illegal activity to law enforcement, regulators (including the Information Commissioner's Office), or other appropriate authorities. This may include disclosing relevant account information and cooperating with investigations, as required or permitted by law.
7.3 No Monitoring Obligation
We have no obligation to monitor user content or activity and do not assume responsibility for user content. However, we may monitor the Services to enforce this Policy, comply with applicable law, or respond to legal process.
7.4 Suspension & Termination
Where we suspend or terminate access under this Policy, we will, where reasonably practicable and not prohibited by law, provide notice and an opportunity to remediate the breach. Repeated or serious violations may result in immediate termination without prior notice.
8. Governing Law & Jurisdiction
This Policy is governed by and construed in accordance with the laws of England and Wales. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.
Nothing in this Policy shall limit any rights you may have under the Consumer Rights Act 2015 or other mandatory statutory protections that cannot be excluded or limited by contract.
9. Changes to This Policy
We may update this Policy from time to time. Where changes are material, we will notify you via email or through the Services at least 30 days before the changes take effect. Continued use of the Services after the updated Policy becomes effective constitutes your acceptance of the revised Policy.
10. Reporting Violations
If you become aware of any violation of this Policy, please report it to us at [email protected] or [email protected].
For data-protection-specific concerns or to exercise your rights under Data Protection Laws, please contact our Data Protection Officer at [email protected].