Acceptable Use Policy Generator
Generate an acceptable use policy (AUP) for your platform or service.
An Acceptable Use Policy (AUP) is a written agreement — enforced through terms of service or an employee handbook — that defines the rules for how users, employees, or students may use a computer network, internet connection, software platform, or device. SaaS companies need an AUP to prohibit spam, illegal content, and account sharing. Corporate IT departments use AUPs to govern employee device and network use and reduce liability for unauthorized activity. Schools and universities require AUPs for students accessing campus networks. LegalStack's free AUP generator creates a customized Acceptable Use Policy in minutes — covering prohibited activities, enforcement procedures, monitoring rights, and termination consequences. No account required.
📬 The Legal Stack
Stay up to date on legal changes
Get notified when state laws affecting your documents change.
How LegalStack's Free Acceptable Use Policy Generator Works
LegalStack's free AUP generator creates a complete Acceptable Use Policy tailored to your organization type — SaaS platform, corporate IT, school, or web host — covering prohibited activities, monitoring rights, enforcement procedures, and termination consequences. No account required. Under 3 minutes.
- Select your organization type — Choose SaaS platform, corporate/internal IT, school or university, ISP/web host, or general business. Each type pre-loads the relevant prohibited activity categories.
- Define covered systems — Specify what the AUP governs: company network and devices, a cloud platform, campus wi-fi, email systems, or a combination.
- Set prohibited activities — Choose from a comprehensive list of prohibited uses — spam, illegal downloads, data scraping, unauthorized access, harassment, account sharing, and more.
- AI generates the AUP — LegalStack's AI drafts a complete, plain-English AUP with your organization's prohibited activities, monitoring disclosures, and enforcement consequences.
- Download and publish — Download as PDF or Word. Incorporate into your ToS by reference, include in your employee handbook, or post on your platform's legal page.
Frequently Asked Questions
What is an Acceptable Use Policy (AUP) and who needs one? +
An Acceptable Use Policy (AUP) is a document that specifies the permitted and prohibited uses of a computer network, internet connection, software application, or device. Organizations that need an AUP include: SaaS and cloud platform companies (to prohibit spam, illegal content, account sharing, and scraping); corporate IT departments (to govern employee device and email use and reduce employer liability); schools and universities (to set rules for students accessing campus networks and devices); ISPs and web hosts (to define prohibited network activity). Without an AUP, you have no documented basis to suspend or terminate accounts for misuse, which undermines enforcement and exposes you to liability.
What is the difference between an Acceptable Use Policy and Terms of Service? +
Terms of Service (ToS) is a broad contract governing the entire relationship between a platform and its users — covering payment, disclaimers, liability limits, intellectual property, and dispute resolution. An Acceptable Use Policy is narrower: it specifically governs HOW users may use your service, defining prohibited conduct and enforcement consequences. The two documents complement each other: ToS sets the commercial terms; the AUP sets the behavioral rules. Many platforms incorporate the AUP by reference into the ToS. For internal corporate use, an AUP in an employee handbook governs device and network use without needing a full ToS framework.
What clauses must an Acceptable Use Policy include? +
A complete AUP must include: (1) scope — which systems, networks, and devices the policy covers; (2) permitted uses — the approved purposes for which the system may be used; (3) prohibited activities — explicit list of banned conduct (spam, illegal downloads, harassment, unauthorized access, data scraping, account sharing, cryptocurrency mining); (4) monitoring and privacy notice — whether and how user activity may be monitored (required disclosure in most corporate and school contexts); (5) enforcement and consequences — what happens when the policy is violated (account suspension, termination, legal action); (6) reporting procedures — how to report suspected violations; (7) policy updates — how users will be notified of changes.
Is an Acceptable Use Policy legally enforceable? +
Yes — an AUP is legally enforceable when it is incorporated into a binding agreement (employment contract, user registration, terms of service, or student enrollment agreement) and the user or employee has been given reasonable notice of its terms. For employees: the AUP should be acknowledged in writing (signed handbook receipt) and consistently enforced — inconsistent enforcement weakens the policy. For SaaS users: the AUP should be incorporated by reference into the ToS, which users accept at signup. For email or network systems: courts have upheld AUP enforcement under the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. §1030) when users exceed authorized use.
Does a SaaS company need a separate Acceptable Use Policy? +
Yes — a SaaS AUP is a critical compliance and liability document, especially for platforms that allow user-generated content, email sending, or API access. Without an AUP, you have no documented right to terminate accounts for spam, illegal content, or abuse. A SaaS AUP should specifically address: prohibited content types (hate speech, CSAM, illegal activity); bulk email and spam restrictions (required for CAN-SPAM Act compliance); API rate limiting and scraping prohibitions; prohibited automated account creation; cryptocurrency mining; and reseller or white-label restrictions. Most SaaS platforms also incorporate the AUP into customer contracts to create clear grounds for termination without breach of contract liability.
How does an Acceptable Use Policy protect a school or university? +
A school or university AUP protects the institution in multiple ways. First, it establishes the legal basis for monitoring student and employee computer activity on school networks — many states require specific notice before monitoring (e.g., California Penal Code §502; Electronic Communications Privacy Act). Second, it satisfies requirements under the Children's Internet Protection Act (CIPA) — federally required for schools receiving E-rate funding — which mandates a technology protection measure and an internet safety policy covering AUP elements. Third, it creates enforceable conduct standards for disciplinary proceedings when students misuse school technology. Fourth, it reduces institutional liability for misuse by establishing clear rules and consequences in advance. LegalStack's AUP generator includes CIPA-compliant provisions for K-12 institutions.