Proof Acceptable Use Policy
Last Updated / Effective Date: July 11, 2026
This Acceptable Use Policy (the "AUP" or this "Policy") governs your use of Proof, the software-as-a-service platform operated by Proof Incorporated ("Proof Incorporated", "we", "us", or "our") and made available at goproof.ca and related domains, applications, and interfaces (collectively, the "Service"). This Policy is incorporated by reference into, and forms part of, the Proof Terms of Service (the "Terms"). Capitalized terms used but not defined in this Policy have the meanings given to them in the Terms.
The short version
This summary is for convenience only. It is not a substitute for the full Policy below, and in the event of any conflict the full Policy and the Terms govern.
Proof is a system of record for physical assets. Use it honestly, for the operational purpose it exists to serve, and only for trailers, shipments, and workflows you are actually authorized to touch. Do not break the law; upload unlawful, abusive, harassing, hateful, or explicit material; use our messaging features to send spam or marketing; misrepresent who you are; scan or act on trailers you have no authority over; guess PINs or tokens; poke at, reverse-engineer, scrape, overload, or resell the Service; or try to reach another customer's data. If you violate this Policy we may remove Content, suspend or terminate access, and report unlawful activity to the authorities. The append-only Ledger means we can generally reconstruct exactly what happened.
1. Scope and who is bound
1.1. This Policy binds every person and system that accesses or uses the Service, including:
- a Customer (the carrier or other business that subscribes to the Service);
- each of the Customer's office and dashboard users ("Authorized Users"); and
- each driver, dock worker, yard jockey, mechanic, or other field participant who scans a Proof QR code, opens a Proof link, or otherwise interacts with the public field surface of the Service ("Field Users").
Authorized Users and Field Users are referred to collectively as "Users", and "you" and "your" refer to whichever of them is acting.
1.2. A Customer is responsible for use of the Service under its account and organization ("Org"), including all activity by its Authorized Users and by the Field Users it enrolls, texts a link to, or otherwise brings into a shipment, work order, or day-work ticket — whether or not those Field Users are the Customer's own employees. The Customer must ensure that everyone acting under or in connection with its Org complies with this Policy, and is responsible for their acts and omissions as if they were the Customer's own.
1.3. This Policy applies in addition to, and does not limit, the Terms, the Privacy Policy, the SMS / Messaging Terms & Consent, and any other policy referenced in the Terms.
2. Prohibited uses
You must not, and must not permit or assist any other person to, do any of the following.
2.1. Unlawful use
- Use the Service in violation of any applicable law, regulation, court order, sanctions regime, or the rights of any third party, in any jurisdiction that applies to you.
- Use the Service to plan, further, conceal, or record any fraudulent, deceptive, or criminal activity, or to falsify or manipulate operational, safety, customs, detention, billing, or maintenance records.
- Use the Service to violate transportation, customs, import/export, or labour laws, or to misrepresent the movement, contents, condition, or status of any asset to a carrier, shipper, broker, receiver, insurer, auditor, or government authority.
2.2. Infringement and violation of others' rights
- Upload, transmit, or make available any Content that infringes or misappropriates any patent, trademark, trade secret, copyright, database right, or other intellectual-property or proprietary right.
- Use the Service to violate any person's privacy, publicity, confidentiality, or contractual rights, or to process any personal information without a lawful basis and, where required, the person's consent.
2.3. Unlawful, harmful, and abusive Content
- Upload, submit, transmit, or store any Content — including photos, driver notes, contact records, free-text fields, or any note that rides an SMS or email — that is unlawful, defamatory, libellous, threatening, harassing, abusive, hateful, discriminatory, obscene, sexually explicit, or that depicts or promotes violence or exploitation.
- Abusive, hateful, threatening, sexually explicit, or otherwise prohibited driver notes and free-text entries are barred. The Service applies automated screening to certain free-text fields before content is transmitted by SMS, and downstream mobile carriers independently filter message content; attempting to send prohibited material through these fields is a violation of this Policy regardless of whether any given message is blocked, and repeated attempts may result in suspension. Screening is a safeguard, not a licence — the prohibition applies whether or not a message is caught.
2.4. Messaging abuse
- Use the messaging features of the Service (SMS or email) to send spam, bulk unsolicited messages, promotional or marketing communications, solicitations, political messaging, or any content unrelated to the operational, transactional purpose of a shipment, relay, work order, or day-work ticket. The Service's messaging is transactional and operational only.
- Send messages to any recipient who has not been validly enrolled or who has not provided the consent required for the message in question, or continue messaging any recipient after they have opted out.
- Use the Service to send any message in violation of Canada's Anti-Spam Legislation ("CASL"), the U.S. Telephone Consumer Protection Act and the A2P 10DLC framework ("TCPA"), the Canadian Radio-television and Telecommunications Commission's or U.S. carriers' messaging rules, or any equivalent law or carrier requirement. Your messaging obligations are detailed in the SMS / Messaging Terms & Consent, which you must also follow.
2.5. Misrepresentation and unauthorized asset activity
- Misrepresent your identity, your authority, your role, or your affiliation with any Customer, carrier, facility, or other party, or impersonate any person or entity.
- Scan, open the scan flow for, log events against, arm or clear a PIN or relay on, place into or out of service, or otherwise act on any trailer, unit, shipment, or asset that you do not have authority over or a legitimate operational reason to handle. The badge, PIN, wrong-trailer guardrail, and similar features are aids, not authorization — the absence of a warning does not grant you a right you do not have.
- Enter false, misleading, or another person's name, company, contact details, cost, or attribution into any Ledger event, work order, ticket, or contact record.
2.6. Security and integrity violations
- Probe, scan, penetration-test, or otherwise test the vulnerability of the Service, or attempt to breach, defeat, or circumvent any authentication, authorization, tenancy isolation, rate limit, lockout, or other security or access-control measure.
- Guess, brute-force, enumerate, harvest, or otherwise attempt to discover trailer tokens, badge tokens, action or handoff tokens, PINs, session identifiers, signed URLs, or any other credential or unguessable identifier. PIN and token guessing is prohibited, is rate-limited and logged as a security event, and may be reported.
- Access, attempt to access, or interfere with any data, Org, account, or resource that is not yours — including any other Customer's tenant data — whether by exploiting a vulnerability, a misconfiguration, another person's credentials, or otherwise.
- Tamper with, forge, backdate, alter, or attempt to edit or delete any Ledger event, audit record, timestamp, or GPS pin, or otherwise attempt to defeat the append-only nature of the Ledger.
2.7. Interference, reverse engineering, and misappropriation
- Scrape, crawl, harvest, index, or systematically extract data from the Service except through interfaces we expressly provide for that purpose.
- Reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code, structure, or underlying ideas of the Service, or copy, frame, mirror, or create derivative works of any part of the Service, except to the limited extent this restriction is prohibited by applicable law.
- Introduce or transmit any virus, malware, worm, trojan, or other harmful code, or use the Service to store or distribute the same.
- Interfere with, disrupt, degrade, or impose an unreasonable or disproportionately large load on the Service or its infrastructure, or attempt to do so, including any denial-of-service or distributed-denial-of-service activity, flooding, or automated request abuse.
2.8. Commercial and automated abuse
- Rent, lease, sell, resell, sublicense, distribute, time-share, or provide the Service (or access to it) to any third party except as expressly permitted by the Terms, or use the Service to operate a service bureau or competing offering.
- Use any robot, spider, script, or other automated means to access the Service in a manner that sends more requests than a human could reasonably produce, that circumvents rate limits, or that is not authorized by us in writing. Legitimate, documented integrations that comply with the Terms are not prohibited by this paragraph.
3. Content standards and your responsibility
3.1. You are solely responsible for all Content you submit, upload, transmit, or store through the Service, and for ensuring you have all rights and consents necessary to do so. "Content" includes, without limitation, scan photos, driver and field notes, contact and personal information, GPS coordinates, cost and maintenance entries, and any free-text you place into a field or into a message.
3.2. You represent and warrant that your Content and your use of it comply with this Policy, the Terms, the Privacy Policy, and applicable law, and do not infringe or violate the rights of any person.
3.3. You must not upload personal information about any individual — including a driver's, mechanic's, or contact's name, cell number, or email — unless you have the authority and, where required by law, the consent to do so for the operational purpose in question. Consent obligations for messaging are addressed in the SMS / Messaging Terms & Consent.
4. The field access model is not an attack surface
4.1. Proof's public field surface is deliberately open: a Field User scans a QR code and acts with no login and no app. That design depends on everyone using it honestly. The security controls that protect it — unguessable tokens and signed URLs, per-shipment PINs with lockout, the httpOnly badge cookie, tenancy isolation, and the append-only Ledger — are described in the Privacy Policy and the Terms.
4.2. You must not treat those controls as a challenge to be defeated. Guessing PINs or tokens, sharing or reusing another person's badge or private link to act as them, or acting on a trailer surfaced to you in error are all violations of Section 2, even where the Service technically permitted the action to be attempted.
5. Monitoring, enforcement, and reporting
5.1. Monitoring. We do not undertake to monitor Content or activity, and we are not responsible for Content submitted by Users. However, we may (but are not obligated to) review, screen, and monitor use of the Service to operate, secure, and improve it, to enforce this Policy, and to comply with law or a lawful request. Certain free-text fields are screened automatically before transmission, as described in Section 2.3.
5.2. Enforcement. If we determine, in our reasonable discretion, that you have violated or are likely to violate this Policy, or that action is necessary to protect the Service, our other customers, any person, or us, we may take any one or more of the following actions, with or without notice:
- remove, disable, restrict, or refuse to transmit any Content;
- issue a warning or require corrective action;
- throttle, suspend, or lock an account, User, Org, PIN, badge, or link; and
- suspend or terminate the Customer's subscription and access in accordance with the Terms.
5.3. Suspension mechanics. Where we suspend a Customer, the effect follows the Terms: the Customer's office dashboard goes dark immediately, while the public field surface for that Customer remains available for up to twenty-four (24) hours after the suspension takes effect and then goes dark. This preserves in-progress field activity while giving the suspension immediate effect on the office side. We may act more quickly, or bypass the field-surface grace period, where required to stop unlawful activity, a security threat, or ongoing harm.
5.4. Reporting and cooperation. We may report suspected unlawful activity to law-enforcement or regulatory authorities and cooperate with them, and we may disclose information about you and your use of the Service as described in the Privacy Policy and as permitted or required by law. Because the Ledger is append-only and GPS- and time-stamped, records of events generally cannot be edited or deleted and may be produced in connection with an investigation, dispute, or legal process.
5.5. No waiver; cumulative remedies. Our decision not to act on a violation is not a waiver of our right to act on it or on any other violation later. Our rights under this Policy are in addition to all other rights and remedies available to us under the Terms and at law.
6. Reporting violations
If you become aware of any violation of this Policy, any security vulnerability, or any Content or activity that you believe is unlawful or abusive, please report it promptly to support@goproof.ca (operational and security reports) or support@goproof.ca (legal matters). Please do not test or exploit a suspected vulnerability; report it.
7. Changes to this Policy
We may update this Policy from time to time. When we make material changes we will update the "Last Updated / Effective Date" above and, where required, provide notice through the Service or to the Customer, in accordance with the Terms. Your continued use of the Service after an update takes effect constitutes acceptance of the updated Policy.
8. Contact
Questions about this Policy may be sent to support@goproof.ca, or by mail to Proof Incorporated, Ontario, Canada (mailing address on request via support@goproof.ca).