Acceptable use

linkutm Acceptable Use Policy

linkutm shortens links, tags them with UTM parameters, and measures the clicks. A short link hides where it goes until someone clicks it, which is exactly what makes short links useful and exactly what makes them attractive to people running scams. This policy sets out what you may not do with a linkutm link, and what we will do about it when someone tries.

Last updated: July 15, 2025

1. Who this applies to

This policy applies to everyone who uses linkutm: free accounts, paid accounts, team members inside a shared workspace, and anyone calling our API. It applies to every link you create with us, whether it sits on a linkutm domain or on a custom domain you connected yourself. Using your own domain does not put a link outside this policy.

It also applies to the destination behind the link. You are responsible for where your link sends people, including when the destination changes after you created the link, and including when the destination is a page somebody else controls.

2. Phishing and credential harvesting

Do not use linkutm to trick people into handing over information they would not give you if they knew who you were. This includes links that point to:

  • Fake sign-in pages that imitate a real service in order to capture usernames and passwords
  • Pages that collect card numbers, bank details, or payment credentials under a false pretext
  • Pages that harvest one-time passcodes, recovery codes, or multi-factor authentication tokens
  • Pages that request identity documents, national ID numbers, or tax identifiers by pretending to be a government body, an employer, or a bank
  • Fake package delivery, invoice, refund, prize, or account-suspension notices designed to pressure someone into acting quickly

This is the abuse we treat most seriously, because a shortened link is the delivery mechanism phishing depends on. We do not require a court order or a police report before we disable a link that is harvesting credentials.

3. Malware and ransomware

Do not use linkutm to distribute software that harms, hijacks, or spies on the person who runs it. This includes links to:

  • Viruses, worms, trojans, rootkits, keyloggers, or ransomware
  • Spyware, stalkerware, or any tool marketed for monitoring a person without their knowledge
  • Cryptocurrency miners that run without the visitor's informed consent
  • Drive-by download pages, or exploit kits that attack the visitor's browser or device
  • Software bundles that install additional programs a reasonable person would not expect

It does not matter whether you wrote the software, whether you host it, or whether you consider it a security research tool. If your linkutm link is the route by which malware reaches people, it violates this policy.

4. Spam and unsolicited bulk messaging

linkutm is built for marketing teams, and legitimate marketing is welcome here. Spam is not. Do not use linkutm links in:

  • Bulk email, SMS, or messaging campaigns sent to people who did not ask to hear from you
  • Lists you bought, scraped, or otherwise obtained without consent
  • Messages that hide who sent them, forge headers, or fake the sending address
  • Messages that give the recipient no working way to unsubscribe
  • Comment spam, forum spam, or automated posting across social platforms
  • Any campaign that breaks the anti-spam or electronic marketing law that applies to your recipients

The practical test is consent. If the people receiving your link asked to hear from you and can easily stop hearing from you, you are almost certainly fine.

5. Illegal content

Do not use linkutm to link to content that is illegal, or to facilitate activity that is illegal. This includes, and is not limited to:

  • Child sexual abuse material, in any form and under any justification
  • Non-consensual intimate imagery
  • Content that promotes or funds terrorism or organised violent extremism
  • Marketplaces or listings for illegal drugs, weapons, stolen goods, stolen credentials, or stolen payment data
  • Human trafficking, or the sale or exploitation of people
  • Content that infringes someone else's copyright, trademark, or other intellectual property rights
  • Fraudulent investment schemes, pyramid schemes, and Ponzi schemes

Legality is not the only line here. Content can be lawful in your jurisdiction and still breach this policy if it is used to defraud or endanger people.

6. Adult content

Adult content is not permitted on linkutm. Be clear about what this is: a decision we have made about the kind of platform we want to run, not a claim that the material is unlawful. Adult content is a legal and legitimate business in many places. It is simply not something we carry. Do not create linkutm links that point to, promote, or drive traffic to:

  • Pornography, or sexually explicit images, video, audio, or text
  • Adult webcam services, adult subscription platforms, or affiliate links into them
  • Escort listings, or sexual services offered for payment
  • Sites whose main purpose is selling or distributing adult material
  • Sexual content or nudity placed where a visitor has no reason to expect it, for example behind a link that presents itself as something else entirely

Some things this section is not aimed at: art, medical and health information, sex education, support resources, and journalism about the adult industry. If you are not sure which side of the line your destination sits on, ask us before you build the campaign rather than after.

Sexual material that is illegal, or that involves someone who has not consented to its distribution, is covered by sections 5 and 11 and is treated far more seriously than a policy breach.

7. Gambling and betting

Gambling is not permitted on linkutm either, and for the same reason. Licensed gambling is lawful and heavily regulated in many markets, and we are not suggesting otherwise. We have chosen not to carry it. Do not use linkutm links to promote or provide access to:

  • Casino games, slots, poker, or other games of chance played for money or for anything of value
  • Sports betting, bookmakers, odds comparison sites, and affiliate links into any of them
  • Betting tips, predictions, or systems offered as a route into a betting operator
  • Lotteries, raffles, and sweepstakes run to make money
  • Loot boxes, skin gambling, and other paid chance mechanics aimed at players
  • Products that are presented as a bet rather than an investment, such as binary options

A brand running a free prize draw or a giveaway to promote itself, at no cost to entrants, is doing marketing rather than gambling, and that is fine here. Reporting on the gambling industry, and research or support resources about gambling harm, are fine too.

9. Deceptive redirects and disguised destinations

Every short link involves a small amount of trust: the person clicking cannot see the destination. Do not exploit that. Specifically, do not:

  • Use a short link, a custom domain, a link preview, or any redirect technique to disguise a destination the visitor would refuse if they could see it
  • Set a custom link preview title, description, or image that misrepresents what is actually on the destination page
  • Serve one destination to moderation systems, security scanners, or link previews and a different destination to real visitors
  • Change a link's destination after it has been shared in order to swap benign content for harmful content
  • Chain redirects through intermediate hops for the purpose of defeating security scanning
  • Register a custom domain intended to be mistaken for someone else's brand

To be clear about what is allowed: changing the destination of a dynamic QR code because a campaign moved, or writing a link preview that describes the destination accurately and persuasively, are normal marketing and are fine. The violation is deception, not redirection.

10. Impersonation

Do not pretend to be someone you are not. This includes:

  • Presenting yourself as a person, company, brand, or public body you have no authority to represent
  • Using another organisation's name, logo, or branding on a link preview or destination in a way designed to mislead
  • Claiming a false affiliation, endorsement, or partnership
  • Impersonating linkutm itself, including links that imitate linkutm support, billing, or security notices

Running links on behalf of a client is fine when the client has actually engaged you to do it.

11. Harassment and threats

Do not use linkutm links to target or hurt a person. This includes:

  • Threats of violence against a person or a group
  • Publishing someone's private information without their consent, including home address, phone number, or workplace
  • Coordinated pile-ons or campaigns of repeated unwanted contact
  • Attacks on people because of race, ethnicity, national origin, religion, caste, disability, sex, gender identity, or sexual orientation
  • Content that encourages self-harm or suicide
  • Sexual content involving a person who has not consented to its distribution

12. Circumventing link protections

linkutm lets you put controls on a link: a password gate, an expiry date and time, a click limit, and geographic restrictions. Those controls exist so link owners can decide who reaches their content. Do not attack them. Do not:

  • Attempt to bypass a password gate on a link you do not own, including by guessing or brute-forcing passwords
  • Attempt to reach a destination past an expiry date, a click limit, or a geographic restriction set by the link owner
  • Probe, scan, or attack linkutm's own systems, or try to reach accounts, workspaces, or analytics that are not yours
  • Interfere with our redirect infrastructure, or attempt to degrade the service for other users
  • Evade an enforcement action we have taken, for example by recreating a disabled link, opening a replacement account, or moving the same destination to a new custom domain

Equally, do not use these controls as a weapon. Putting a password or a geographic restriction on a link in order to hide a malicious destination from security researchers or from us is a violation of section 9, not a clever workaround.

13. API and platform abuse

linkutm offers a public API, a Chrome extension, and an MCP server for AI clients. Use them as intended. Do not:

  • Send automated traffic at a volume intended to overload or destabilise the service
  • Work around rate limits, plan limits, or quotas, including by spreading one workload across several accounts
  • Share, sell, or publish your API tokens, or use credentials issued to someone else
  • Scrape linkutm, or harvest other users' links, click data, or account information
  • Generate links in bulk for the purpose of spam, phishing, or any other conduct this policy prohibits
  • Resell or rebrand linkutm as your own product unless we have agreed to that in writing
  • Send fake or inflated click traffic to distort analytics, whether yours or anyone else's

Bulk link creation is a feature we build and support. Creating thousands of links for a real campaign is expected use. Creating thousands of links to burn through a blocklist is not.

14. How we enforce this policy

When we find a violation, or when someone reports one to us and we confirm it, we may take any of the following steps:

  • Disable a link. The short link stops redirecting. This is usually the first thing we do, because it stops the harm immediately.
  • Disable a custom domain. If a connected domain is being used mainly for abuse, we may stop serving links on it.
  • Suspend or terminate an account or workspace. For serious violations, repeat violations, or when an account exists mainly to abuse the service.
  • Refuse to restore. We may decline to reinstate a link, a domain, or an account.
  • Cooperate with law enforcement. Where we are legally required to do so, or where we believe there is a risk of serious harm to someone, we may preserve and disclose information to law enforcement or another competent authority.

We try to match the response to the situation. An honest mistake by a real customer usually gets a message from us. A phishing kit gets the link disabled first and a message second. We do not promise to warn you before we act, and for active phishing or malware we generally will not.

We also do not promise to catch everything. linkutm does not review links before they are created, and we cannot vouch for any destination a customer chooses. That is one of the reasons reports from the public matter to us.

15. Appeals

We get things wrong sometimes. A legitimate campaign can look like spam from the outside, and a shared domain can be affected by somebody else's behaviour. If we have disabled your link or suspended your account and you believe we made a mistake, write to us at [email protected].

It helps if you include:

  • The account email or workspace involved
  • The specific link or links affected
  • What the link was actually for, and who the intended audience was
  • Anything that helps us verify you are who you say you are, such as control of the destination domain

A person reads these. We will look again and tell you what we decide, including when the answer is no.

16. Reporting a link

You do not need a linkutm account to report a link, and you do not need to be sure. If you have received a linkutm link that looks like phishing, malware, or a scam, tell us. Our report a link page explains what to send and what happens next.

17. Changes to this policy

We may update this policy as the product changes and as we learn how people abuse it. When we do, we will change the "Last updated" date at the top of this page. Continuing to use linkutm after a change means the current version applies to you.

18. Contact

Questions about this policy, or about whether something you want to do is allowed, can go to [email protected]. Asking first is always cheaper than being suspended later.

linkutm
205, Shivalik Western Building, LP Savani Rd
Surat, Gujarat 395009
India