Acceptable Use Policy

Last updated: February 18, 2026

Purpose

This Acceptable Use Policy ("AUP") describes the rules for using Ray ("the Service"). It supplements our Terms of Service and applies to all users, including individuals and organizations. If you are using Ray on behalf of an organization, this policy applies to all members of that organization.

We wrote this policy to protect the service and the people who use it. Most of these rules come down to common sense: use Ray for its intended purpose, respect other users, and don't do anything illegal.

Domain Monitoring

Ray lets you monitor email authentication for your domains. You may only add domains that you own or that you have explicit written authorization to monitor. Specifically:

  • You must have administrative control over a domain's DNS records, or written permission from the domain owner, before adding it to Ray
  • If you manage domains on behalf of clients (for example, as an MSP or IT consultant), you must have a current service agreement with each client that authorizes monitoring
  • If your authorization to monitor a domain is revoked, you must remove it from Ray promptly
  • We may ask you to verify domain ownership if we have reason to believe a domain was added without authorization

API Usage

Ray provides an API for programmatic access to your data. When using the API:

  • Respect the published rate limits for your plan tier (see the API documentation for current limits)
  • Use your API credentials only for their intended purpose and keep them secure
  • Do not share API keys between applications or with other organizations
  • Do not use the API to scrape, harvest, or bulk-extract data beyond what your plan allows
  • Do not attempt to circumvent rate limits by rotating credentials, distributing requests across accounts, or other means

If you need higher rate limits than your current plan provides, contact us about upgrading.

Account Conduct

Each person using Ray should have their own individual account. Organizations can add multiple members through the organization management features. In addition:

  • Do not share your account credentials or authentication devices with others
  • Do not create accounts under false identities or impersonate another person or organization
  • Do not attempt to access other users' accounts, data, or organizations
  • Do not use automated tools to create accounts in bulk
  • Report any unauthorized access to your account immediately

Prohibited Activities

The following activities are prohibited when using Ray:

  • Using the service for any purpose that violates applicable law or regulation
  • Reverse engineering, decompiling, or attempting to extract the source code of the service
  • Reselling, sublicensing, or redistributing access to Ray without a written agreement
  • Interfering with or disrupting the service, its infrastructure, or other users' access
  • Attempting to probe, scan, or test the vulnerability of the service without prior written authorization
  • Using Ray's data or analysis to facilitate spam, phishing, or other forms of email abuse
  • Circumventing any technical limitations or access controls built into the service

Reporting Violations

If you believe someone is violating this policy, or if you have encountered a security issue, please report it to abuse@meetray.io. Include as much detail as possible so we can investigate effectively. We take all reports seriously and will respond within two business days.

We will not retaliate against anyone who reports a violation in good faith.

Enforcement

We enforce this policy using a graduated response that considers the severity and context of the violation:

  1. Warning. For first-time or minor violations, we will contact you to explain the issue and ask you to correct it. Most issues are resolved at this stage.
  2. Temporary suspension. If a violation is not corrected after a warning, or if the violation is serious enough to warrant immediate action (for example, unauthorized domain monitoring or service disruption), we may temporarily suspend your account while we work with you to resolve the issue.
  3. Termination. For severe or repeated violations, we may terminate your account. This is a last resort.

Before taking any enforcement action, we will notify you and give you a reasonable opportunity to respond, except where immediate action is necessary to protect the service or other users. If your account is terminated for a policy violation, you will have 30 days to export your data.

Contact

Questions about this policy? Contact abuse@meetray.io.

Adapted from the Basecamp open-source policies / CC BY 4.0