MMustr

Acceptable Use Policy

Last updated: April 2026

1. Overview

This Acceptable Use Policy ("AUP") governs your use of the Mustr platform operated by Keystone Systems (ABN 16 401 201 936). This AUP is incorporated into and forms part of our Terms of Service. Capitalised terms not defined here have the meanings given in the Terms of Service.

By using Mustr, you agree to comply with this policy. We may update this AUP from time to time, and continued use of the service after notification of changes constitutes acceptance.

2. Prohibited activities

You must not use the Mustr platform to:

2.1 Unauthorised access

  • Attempt to access accounts, data, or systems belonging to other organisations on the platform
  • Circumvent, disable, or interfere with authentication, authorisation, or security features
  • Use another person's credentials or impersonate another user
  • Attempt to bypass row-level security, tenant isolation, or role-based access controls
  • Probe, scan, or test the vulnerability of the platform without prior written authorisation

2.2 Data scraping and extraction

  • Use automated scripts, bots, scrapers, or crawlers to extract data from the platform beyond the provided API
  • Systematically download, copy, or archive other organisations' data
  • Harvest employee personal information for purposes unrelated to your legitimate workforce management needs
  • Export data in bulk for the purpose of migrating to a competing service in a manner that circumvents provided export tools

2.3 Malicious use

  • Upload, transmit, or distribute viruses, malware, ransomware, or other harmful code
  • Conduct denial-of-service attacks or any action intended to degrade platform performance
  • Use the platform to facilitate harassment, discrimination, or bullying of employees
  • Submit false time records, fraudulent leave requests, or deliberately incorrect payroll data
  • Use the service to violate the Fair Work Act, privacy legislation, or any other applicable Australian law

2.4 Misuse of communications features

  • Send spam, unsolicited commercial messages, or bulk messages unrelated to workplace operations
  • Distribute offensive, threatening, defamatory, or illegal content through chat, feed, or surveys
  • Use Mustr communications to circumvent right-to-disconnect protections for non-urgent matters

2.5 Intellectual property violations

  • Reverse engineer, decompile, disassemble, or attempt to derive the source code of the platform
  • Copy, modify, or create derivative works based on the Mustr platform or its components
  • Remove, alter, or obscure any copyright, trademark, or proprietary notices
  • Resell, sublicense, or redistribute access to the platform without written consent

3. Multi-tenancy obligations

Mustr is a multi-tenant platform where multiple organisations share the same infrastructure. Each organisation's data is strictly isolated through database-level security controls. You acknowledge and agree that:

  • You will not attempt to access, infer, or identify data belonging to other tenants
  • You will not conduct activities that disproportionately consume shared resources (CPU, database connections, storage) in a way that degrades service for other tenants
  • You will report any suspected data leakage or cross-tenant access immediately to security@mustr.com.au
  • You understand that platform administrators at Mustr may access tenant data only for support purposes with appropriate authorisation and audit logging

4. API and integration fair use

If you use API access, the following fair use guidelines apply:

4.1 Rate limits

  • API requests are subject to fair-use and abuse-prevention rate limits
  • Exceeding rate limits will result in HTTP 429 responses with a Retry-After header
  • Repeated, sustained rate limit violations may result in temporary API access suspension

4.2 Responsible integration

  • Implement exponential backoff for failed requests
  • Cache responses where appropriate rather than making repeated identical requests
  • Use webhook subscriptions for event-driven data where available, rather than polling
  • Do not use the API to replicate the entire Mustr service or build a competing product

4.3 Authentication

  • API keys and tokens must be stored securely and never exposed in client-side code or public repositories
  • Rotate API keys promptly if you suspect they have been compromised
  • Each integration should use its own API credentials for audit and revocation purposes

5. Resource usage

To ensure fair access for all users, the following resource guidelines apply:

  • File uploads are limited to reasonable sizes for workforce management documents (rosters, policies, training materials, employee documents)
  • The platform is not intended for general-purpose file storage unrelated to workforce management
  • Bulk operations (such as large data imports or exports) should be scheduled during off-peak hours where possible

6. Reporting violations

If you become aware of any violation of this Acceptable Use Policy, or any security concern, please report it promptly:

Security issues: security@mustr.com.au

Policy violations: abuse@mustr.com.au

General inquiries: hello@mustr.com.au

We take all reports seriously and will investigate promptly. You will not face retaliation for reporting a genuine concern in good faith.

7. Consequences of violations

Violations of this AUP may result in one or more of the following actions, at our sole discretion and depending on the severity of the violation:

  1. Warning: Written notice identifying the violation and requesting immediate remediation. First-time minor violations will typically receive a warning.
  2. Feature restriction: Temporary suspension of specific features (such as API access or communications features) related to the violation.
  3. Account suspension: Temporary suspension of your entire organisation's access to the platform. During suspension, your data is preserved but inaccessible.
  4. Account termination: Permanent termination of your account in accordance with the termination provisions in the Terms of Service. Data will be retained for the mandatory 7-year period under the Fair Work Act and made available for export upon request.
  5. Legal action: For serious violations (including attempted unauthorised access, data theft, or distribution of malicious code), we reserve the right to pursue legal remedies and report the matter to relevant Australian authorities.

Where practicable and appropriate, we will provide notice and an opportunity to remedy a violation before taking action. However, for violations that pose an immediate threat to platform security, data integrity, or other users, we may act without prior notice.

8. Questions

If you have questions about this Acceptable Use Policy or are unsure whether a particular use is permitted, contact us at hello@mustr.com.au before proceeding.