Legal

Acceptable Use & Subscriber Agreement

Effective date: 1 July 2026 · Last updated: 1 July 2026

The relationship between lab.ai and its subscribers is governed by two connected documents: a Subscriber Agreement (Part A), which sets out what you receive and how renewals, transfers, and continuity work, and an Acceptable Use Policy (Part B), which sets out what you may and may not do with an identity. A plain-language summary of these protections is on the Trust & Ownership page.


Part A — Subscriber Agreement

A.1 Parties

This Agreement is between Apricot Ion Company Limited (the "Operator") — a company registered in Thailand under company registration number 0105544108187, with its registered office at 559/67 Thanapat Haus, Nonsi Road, Chongnonsi, Yannawa, Bangkok 10120, Thailand — which operates the lab.ai Identity Platform, and the account holder who purchases and manages one or more identities (the "Subscriber"). An identity is a memorable name under lab.ai — for example john.lab.ai — that the Subscriber may use and for which the Subscriber may manage DNS records. The Operator sells identities and provides DNS management only. It does not provide web hosting, email hosting, or SSL certificate issuance.

A.2 What you receive — a license, not title

You receive a license to use and manage an identity. You do not acquire ownership of the lab.ai domain, the identity name, or the DNS zone. Our commitment is to make that license strong, long, and transferable, so that in practice it delivers most of the comfort of ownership. Specifically, the license:

  • is long-lived and renewable on the terms in A.3;
  • is not revocable at will — it may be suspended or terminated only for the reasons and by the process in A.5 and Part B;
  • is transferable to another account, subject to A.6; and
  • is backed by the Operator's continuity and wind-down commitments (A.9 and our Continuity & Wind-down Commitment).

Because an identity exists as a subdomain under the shared lab.ai domain, it is subject to the shared-reputation realities described in A.8.

A.3 Renewal guarantee and price-lock

Renewal guarantee. As long as you pay renewal fees on time and comply with this Agreement and the Acceptable Use Policy, the Operator will not reclaim, resell, or refuse to renew your identity.

Price-lock. Renewal pricing for a given identity is capped: increases are limited and disclosed in advance under A.10. Premium and category names may carry different pricing, renewal terms, and review requirements; those specific terms attach to the identity at purchase.

Refunds — non-refundable. Fees are non-refundable. Fees, including multi-year prepayments and renewals, are not refundable — including after an identity has been activated — except where a refund is required by mandatory consumer law, or where the Operator materially breaches this Agreement. For questions about a purchase, contact legal@lab.ai.

A.4 Non-payment lifecycle

The Operator follows a domain-style lifecycle so that you never lose an identity suddenly and a live site or email does not go down the instant a payment fails.

  • Active. Paid and current. DNS resolves, editing is enabled, and the name is held.
  • Grace period (30 days). On a renewal failure the identity enters a grace period. DNS keeps resolving — your site and email stay up. DNS editing is locked, the Operator retries payment and sends reminders, and the name remains held and is not resold.
  • Redemption hold (30 days). If grace ends unpaid, DNS records are disabled (your site and email go down, which creates urgency), but the name is still not released or resold. You may recover the identity by paying the outstanding amount, plus any applicable redemption fee for premium names.
  • Release. If redemption ends unpaid, a standard identity is released to the available pool and may be purchased by anyone.

Premium and category names are never auto-released on non-payment. They always go to manual review and hold, and are never returned to the open pool by an automated job. Full deletion of ownership records occurs only after manual review, never automatically. Lifecycle transitions run on scheduled jobs that re-validate against the Operator's database, which is the source of truth.

A.5 Suspension and termination — due process

Suspension follows one of two tracks, depending on how clear-cut the violation is:

  • Ambiguous or non-urgent violations — notice and cure. The Operator gives you written notice describing the issue and a cure period to fix it or respond before any suspension.
  • Clear-cut abuse — immediate suspension. For clear-cut, high-harm abuse such as phishing, malware, or child sexual abuse material, the Operator may suspend immediately without a prior cure period. You are notified and may appeal.

Suspension is never arbitrary. The only grounds are those listed in Part B and non-payment under A.4; the Operator will not suspend or reclaim an identity outside those grounds. On suspension the Operator may prevent DNS editing and disable records, but retains the internal ownership record and does not permanently delete it without review. You may contest a suspension by contacting legal@lab.ai, and all enforcement decisions are audit-logged. You may stop renewing or request cancellation at any time, subject to the refund terms in A.3.

A.6 Transfers and assignment

The identity license is assignable: you may transfer or sell an identity to another account, which gives the practical feel of ownership and supports a secondary market. Transfers go through the platform, are subject to a small transfer fee and light identity verification, must respect reserved- and premium-name rules, and are audit-logged. The receiving account takes the identity subject to this Agreement and the AUP.

A.7 DNS scope limits

A Subscriber who holds john.lab.ai may manage DNS records only within that identity's namespace — john.lab.ai and *.john.lab.ai. You may not manage lab.ai, other customers' identities, or Operator-reserved names. Supported record types are limited (initially A, AAAA, CNAME, TXT, and MX). Sensitive record types — including NS delegation, DNSSEC, DS, CAA, and SRV — are not exposed, and attempts to bypass platform controls (for example, external NS delegation) are prohibited. Certain names are reserved and not available to Subscribers.

A.8 The shared lab.ai reputation

You acknowledge that lab.ai is the registrable domain shared by every customer and by the Operator. Severe or widespread abuse by any one subscriber can cause lab.ai itself to be blocklisted, harming every customer at once. You therefore agree not to engage in any activity that endangers the reputation of the shared domain, including spam, phishing, or malware distribution (see Part B). Enabling email on a subdomain is a reputation-risk action that may be gated behind manual review and additional conditions. To contain ongoing abuse before it escalates to an organization-level listing, the Operator may instantly disable or null-route a subdomain's records; where practical this is paired with notice, but containment may occur first for clear-cut abuse.

A.9 Continuity and wind-down

The Operator maintains structural continuity measures, including long root-domain registration, registrar lock, autopay, a public expiry date, and a continuity monitoring process. If the Operator ever ceases operating the platform, it commits to a published, orderly wind-down: advance written notice, DNS kept resolving for a defined transition period, and help migrating your setup elsewhere. Additional safeguards — such as bankruptcy-remote ring-fencing of the root domain and independent third-party escrow — are described as roadmap commitments in our Continuity & Wind-down Commitment, which states clearly what is in force today versus planned.

A.10 Changes to terms

The Operator may update this Agreement, the AUP, or pricing (subject to the price-lock in A.3) with advance notice. Material changes will not retroactively remove the renewal guarantee for a paid term.

A.11 Disclaimers and limitation of liability

The service is provided on an "as is" and "as available" basis. Because the Operator does not control web hosting, email hosting, SSL issuance, upstream DNS providers, the domain registrar, or third-party blocklist operators, it does not warrant uninterrupted DNS resolution or any particular deliverability or blocklist outcome. To the maximum extent permitted by applicable law, the Operator excludes indirect and consequential damages, and its total aggregate liability is limited to the fees you paid for the affected identity in the trailing 12 months. You agree to indemnify the Operator for your own use of the service and the content you publish. Nothing in this section limits any liability or consumer right that cannot be limited under applicable law.

A.12 Governing law

This Agreement is governed by the laws of Thailand, and any dispute arising out of or relating to it is subject to the exclusive jurisdiction of the courts of Bangkok, Thailand. Where a mandatory consumer-protection regime applies to you, nothing in this Agreement limits the rights you have under it, and you may bring proceedings in the forum that regime allows. Before commencing formal proceedings, we ask that you contact legal@lab.ai so we can try to resolve the matter directly.


Part B — Acceptable Use Policy

This Acceptable Use Policy defines what Subscribers may and may not do with an identity, so that enforcement is explicit and defensible, never arbitrary. It applies to every identity and every subdomain under it, and it forms part of the Subscriber Agreement.

B.1 Prohibited uses

You must not use, or allow any subdomain to be used, for:

  • Phishing or credential theft — phishing, credential harvesting, or deceptive login pages.
  • Malware — hosting or distributing malware, ransomware, exploit kits, or malicious scripts.
  • Spam or email abuse — spam, unsolicited bulk email, or snowshoe sending; abuse of MX or TXT records for these purposes.
  • Impersonation or trademark abuse — impersonation of people, brands, or organizations; trademark infringement.
  • Fraud or scams — fraud, scams, fake stores, or deceptive financial schemes.
  • Illegal content — content illegal under applicable law. Child sexual abuse material is zero-tolerance: it results in immediate suspension and is reported to the relevant authorities.
  • Adult content where prohibited — adult content where prohibited by this policy or by payment-provider terms.
  • DNS control bypass — using DNS to bypass platform controls, including attempts at external NS delegation or otherwise circumventing the scope limits in A.7.
  • Endangering the shared domain — any activity likely to cause lab.ai to be blocklisted.
  • Name squatting or abuse farming — bulk registration for squatting or abuse, and mass-registration attempts.

B.2 Tiered enforcement

Enforcement is proportionate to how clear and how harmful the violation is:

  • Tier 1 — immediate suspension. For phishing, malware, child sexual abuse material, and comparably clear-cut, high-harm abuse, the Operator suspends the identity or disables the offending records immediately, without a prior cure period. You are notified and may appeal. Child sexual abuse material additionally triggers reporting to authorities.
  • Tier 2 — notice and cure. For ambiguous or lower-harm cases, the Operator gives written notice and a cure period to remediate or respond before suspension.
  • Tier 3 — account-level action. Repeat or cross-identity violations may lead to suspension or termination of all identities on the account and refusal of future service.

To protect every other customer on the shared domain, the Operator may instantly disable or null-route a subdomain to stop ongoing abuse before an organization-level blocklisting occurs; notice and any applicable cure follow.

B.3 Reporting and takedown

Suspected abuse can be reported to legal@lab.ai. The Operator triages reports, may request information, and applies the tiered enforcement above within a documented target response time. The Operator continuously monitors major blocklists for both lab.ai and active subdomains and treats an organization-level listing as a top-priority incident. Higher-risk actions — premium and category-name registration, enabling email on a subdomain, trademark-sensitive names, fraud-flagged accounts, and bulk registrations — are gated behind manual review, with outcomes of approve, approve-with-conditions, hold, or reject. All review and enforcement decisions are audit-logged.


Questions about these terms? Email legal@lab.ai.