Skip to content
English
File a Printer Bridge Support Ticket Customer portal
Go to www.4over.com
  • There are no suggestions because the search field is empty.

Authorized Testing, Automation & AI Use Policy

Note: This article is a plain-language summary of our Acceptable Use Policy. The Acceptable Use Policy and the Customer Agreement that incorporates it are the authoritative legal documents. If anything here conflicts with those documents, those documents control.

Why this matters

The platform is a multi-tenant production system. Activity that targets the platform, even when the intent is benign, affects every other customer running on it. AI-driven probing, automated scraping, security scans, and load tests have, in the past, caused degraded performance, false alarms in our detection systems, and automatic blocking of customer storefronts.

To keep the platform reliable and secure, the activities below require our written approval before you start. This article explains what those activities are, how to request approval, and what happens if you don't.

What requires approval

Without prior written approval from us, you must not run any of the following against your storefront, the admin panel, our APIs, or any other part of the platform:

  • AI agents and LLM-powered tools. This includes autonomous agents, "browser agents," AI assistants that perform actions on your behalf, and any AI tool that drives the platform programmatically.

  • Web scrapers, crawlers, or systematic data extraction tools.

  • Bots, scripts, headless browsers, or browser-automation frameworks.

  • Security testing of any kind. This includes penetration testing, vulnerability scanning, port scanning, fuzzing, credential testing, and red-team activity.

  • Load, stress, or performance testing.

  • Reverse engineering, decompiling, or disassembling any part of the platform.

  • Attempts to bypass authentication, authorization, or rate limits.

  • Submitting deliberately malformed or malicious input.

This is not exhaustive. The general rule: if your interaction with the platform is automated, adversarial, or unusual, ask first.

It does not matter whether the activity is intended to evaluate the platform, test your storefront, automate your operations, or audit security. Approval is required regardless of intent.

What is permitted without approval

You may use the platform normally, including placing orders, managing your storefront, accessing the admin panel, and using approved API integrations within their documented rate limits, without any special approval.

Standard manual interaction by humans through the website is fine. So is any integration we have explicitly provisioned and documented for your account.

How to request approval

Open a support ticket with the information below. The clearer your request, the faster we can approve it.

 
 
 

Field

 

What to include

 

Activity

What you intend to do (for example: "annual penetration test against our storefront," "AI assistant for product catalog management," "load test before our holiday campaign").

Tooling

The specific tools, vendors, services, or AI products you will use. Include version numbers where relevant.

Source IPs

The IP addresses or address ranges the traffic will come from.

Window

Specific start and end dates/times. Open-ended windows take longer to approve.

Contact

A person at your organization we can reach during the activity if we need to. Direct phone and email.
 
 
 

We will respond as soon as practical. Approval is granted in writing. Verbal or implied approval does not count.

If your circumstances change after approval (different tool, different time window, expanded scope), open a new ticket. Approval is limited to what was requested.

What happens if you don't get approval

When we detect activity covered by this policy, we treat it as a security event. Our standard response is:

  1. Immediate suspension or block of the offending account, storefront, or IP range.

  2. Notification to the responsible Customer and, where applicable, the Reseller.

  3. Investigation and any required remediation.

  4. Reinstatement, in our discretion, after the activity has been confirmed stopped.

Important: We do not warn before suspending. We do not exhaust intermediate measures first. We do not work through the Reseller before taking action against an account. The reason: by the time a security event is detectable, the only safe assumption is that something hostile is happening, and the right response is to stop it immediately.

In serious cases (sustained probing, exploitation attempts, attempts to extract data, or AI-driven attacks against the platform), we may also pursue legal action and recover the costs we incurred responding.

End User and tool responsibility

If you connect a third-party tool, integration, or AI assistant to the platform, the tool's behavior is your responsibility. A violation by a tool you authorized is treated as a violation by you. Approve carefully.

This is especially relevant for AI assistants and automation platforms. Many of these can perform actions you did not specifically intend. If a tool you connected probes our platform without approval, the consequences fall on you, not on the tool's vendor.

Frequently asked

Q. We're a small storefront and we use ChatGPT, Claude, or another AI to draft product descriptions. Is that a problem?

A. No. Using an AI tool to generate content that you then paste or upload through the normal admin interface is fine. What's not allowed is connecting an AI tool that performs actions against our platform on your behalf without approval.

Q. We want to do an annual penetration test for our compliance program. Can we?

A. Yes. Open a support ticket with the details and we'll work with you. Approved security testing engagements are routine.

Q. Our developer wrote a small script to bulk-update prices through the admin. Is that allowed?

A. Open a ticket. If it's a one-time bounded activity, we will usually approve it. For ongoing automation, we will likely point you at our documented API instead.

Q. Does this apply to the storefront's customers (the people placing orders)?

A. The storefront's terms and conditions cover end shoppers separately. This policy is about your activity as a Customer of the platform.

Q. We were blocked. How do we get unblocked?

A. Open a support ticket. If the activity was unintentional and has stopped, we will usually reinstate access quickly.

Q. The AI tool was scanning the platform without my knowledge. Are we still liable?

A. Yes. If you authorized the tool to interact with the platform, you are responsible for what the tool does. This is why we recommend approving each tool individually rather than granting blanket permission to AI assistants or automation platforms.