Terms of Service & Acceptable Use Policy
Last updated: March 2026
1. Introduction
These Terms of Service ("Terms") govern the use of the Pikaboo platform ("Service") provided by Pikaboo Enterprises ("we", "us", "our") to the subscribing organisation ("Client", "you") and your authorised users ("Users").
By using the Service, you agree to these Terms. If you do not agree, do not use the Service.
2. Service Description
Pikaboo provides a multi-tenant, self-hosted video calling platform. Each Client receives an isolated instance that includes:
- Encrypted peer-to-peer video and audio calls (WebRTC)
- TOTP-based user authentication
- Optional text chat, live captions, and group calls (depending on tier)
- An admin panel for user management
- A branded subdomain (e.g.
yourorg.pikaboolive.app) or custom domain
3. Subscription Tiers
| Tier | Features | Max Users | TURN Relay Allowance |
|---|---|---|---|
| Basic | 1:1 video calls, TOTP auth, admin panel | 5 | 30 GB/month (shared pool) |
| Pro | Basic + text chat | 10 | 100 GB/month (shared pool) |
| Enterprise | Pro + live captions (on-device), group calls (up to 4), screen sharing (desktop) | 15 | 500 GB/month (shared pool) |
| Enterprise+ | Enterprise features | 20 | Unlimited (dedicated key) |
Tier changes take effect on container restart. Per-feature overrides may be applied by arrangement. Additional users beyond the tier limit are available as a paid add-on. TURN relay is only used when direct peer-to-peer connections fail - most calls consume zero TURN data.
4. Client Responsibilities
As a Client, you agree to:
- Manage your users - add, remove, and manage user access via the admin panel. You are responsible for ensuring only authorised individuals have access.
- Safeguard credentials - keep TOTP setup keys confidential. Do not share session tokens.
- Comply with applicable law - use the Service in compliance with all applicable laws in your jurisdiction, including data protection regulations.
- Inform your users - provide your users with our Privacy Policy and inform them about how their data is processed.
- Report issues - notify us promptly of any security concerns or suspected breaches.
5. Acceptable Use
5.1 You May
- Use the Service for legitimate communication by your authorised staff, volunteers, and beneficiaries.
- Configure branding (logo, accent colour) for your instance.
- Use a custom domain with your instance.
- Manage users via the admin panel.
5.2 You Must Not
- Use the Service for any unlawful purpose.
- Attempt to access another tenant's instance, data, or infrastructure.
- Reverse-engineer, decompile, or attempt to extract the source code of the Service (beyond what is available in the repository).
- Perform or facilitate denial-of-service attacks against the Service or any other system.
- Use the Service to harass, threaten, or abuse any individual.
- Share access credentials with unauthorised individuals.
- Attempt to circumvent rate limiting, authentication, or any other security measure.
- Use the Service to transmit malware, viruses, or other harmful code.
- Resell or sublicense access to the Service without written permission.
- Use automated tools (bots, scrapers) against the Service without authorisation.
5.3 Fair Use
Each tenant instance is allocated shared resources on our infrastructure (256 MB memory, 0.5 CPU). Each tier includes a monthly TURN relay allowance shared across tenants in the same group (Basic: 30 GB, Pro: 100 GB, Enterprise: 500 GB). Enterprise+ tenants receive a dedicated allowance with no shared quota.
If a tier group's TURN allowance is exceeded, calls will fall back to STUN-only (direct peer-to-peer), which may fail behind restrictive firewalls. Excessive use of compute resources that degrades service for other tenants may result in throttling or suspension after notification.
6. Data & Privacy
- We process minimal personal data as described in our Privacy Policy.
- Call content (audio, video, chat) is peer-to-peer and never stored on or transmitted through our servers.
- We act as a data processor on your behalf. Our obligations are set out in the Data Processing Agreement.
- You remain the data controller for your users' data.
7. Service Availability
- We aim to maintain high availability but do not guarantee uptime percentages.
- The Service runs on a single VPS with automated security patching and log rotation.
- The VPS may automatically reboot at 4:00 AM UTC when kernel updates require it. Containers restart automatically after reboot - downtime is typically under 1 minute.
- Planned maintenance beyond automated patching will be communicated in advance where possible.
- We are not liable for downtime caused by: upstream provider outages (Hetzner, Cloudflare, Upstash), DNS propagation, force majeure, or Client misconfiguration.
8. Intellectual Property
- The Pikaboo platform, including its code, design, and branding, is owned by Pikaboo Enterprises.
- Client-specific branding (logos, colours) remains the property of the Client.
- The Service uses open-source dependencies, each governed by their respective licences.
9. Limitation of Liability
To the maximum extent permitted by law:
- Pikaboo is provided "as is" without warranties of any kind, express or implied.
- We are not liable for any indirect, incidental, or consequential damages arising from use of the Service.
- Our total liability for any claim related to the Service is limited to the fees paid by the Client in the 12 months preceding the claim.
- We are not liable for the content of calls, messages, or any communication made using the Service, as this data is peer-to-peer and outside our control.
10. Suspension & Termination
10.1 By Pikaboo Enterprises
We may suspend or terminate a Client's instance if:
- These Terms are violated.
- The Service is used for unlawful purposes.
- Activity degrades service for other tenants.
- Payment obligations are not met (if applicable).
We will provide reasonable notice before suspension except in urgent security situations.
10.2 By the Client
You may terminate at any time by requesting removal of your instance. Upon termination:
- Your Docker container and configuration will be removed from the VPS.
- All user data (usernames, TOTP secrets) will be deleted from Redis within 30 days.
- See our Data Retention Policy for details.
11. Changes to These Terms
We may update these Terms from time to time. We will notify Clients of significant changes via email. Continued use of the Service after changes constitutes acceptance.
12. Governing Law
These Terms are governed by the laws of England and Wales. Disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.
13. Contact
For questions about these Terms:
Email: privacy@pikaboo.app