Acceptable Use Policy (AUP)

Last updated: 2026-04-28. Version 1.0.

This policy is an annex to the Terms of Service. Breach of the AUP is a breach of the Terms of Service and may lead to immediate suspension of the User's access.

1. Permitted use

The following uses are explicitly permitted within quota limits:

• Research and journalism: academic research, investigative journalism, education analysis, and public debate.
• Personal use: searching for school information for one's own or family's choice.
• EdTech integration: integrating school information into education apps, guidance services, or similar pedagogical products (within rate-limit; ML training requires a separate licence — see section 4).
• Embeddable widgets: embedding Skolkoll's visual components on third-party sites, provided the attribution requirements in section 5 are followed.
• Municipal / regional use: municipal and regional employees may use the free tier for internal education analysis and planning.

2. Prohibited use

The following are explicitly prohibited:

2.1 Technical abuse

• Brute force / credential stuffing: attempts to guess or systematically test authentication credentials.
• DDoS / floods: deliberate attempts to overload the Service or cause service interruption for other users.
• Rate-limit circumvention: rotation of IP addresses, automated IP pools, or other methods to exceed the assigned quota.
• Fingerprint evasion: manipulation of Origin headers, sessionId, user-agent, or similar to circumvent technical controls.
• Penetration testing without permission: any form of offensive security testing requires prior written permission from Skolkoll. We do welcome responsible security reporting.

2.2 Data misuse

• Large-scale scraping beyond rate-limit: scraping is technically unnecessary because the data is available as CSV export and via API. Massive scraping against public pages counts as misuse.
• Re-publishing without attribution: re-publishing Skolkoll's aggregations, analyses, or texts on another site without a visible "Source: Skolkoll (skolkoll.se)" attribution.
• ML training without separate licence: even if the underlying school data is public, Skolkoll's aggregated data, warning signals, and pedagogical texts require a separate licence for use as training data for AI models. Contact info@skolkoll.se to negotiate.
• False representation: presenting Skolkoll's data as another source's, or manipulating data before re-publishing without clear marking.

2.3 Unlawful and harmful purposes

• Use for discrimination on grounds of gender, ethnicity, religion, or disability.
• Harassment, bullying, or other targeted harmful action against individual schools, head teachers, or staff.
• Unlawful profiling or automated decision-making that affects individuals' rights.
• Spam, phishing, or misuse of contact information that may appear in the data.

3. Rate limit and quota policy

The free-tier API has the following standard quotas:

• 100 calls/IP/minute for public endpoints (school information, municipality data).
• 50 events/request for the analytics collector.
• 1 000 calls/IP/day for free-tier API consumers (Pro tier has higher quotas).

Quotas are measured via a distributed rate limiter (Firestore-backed). On quota exceedance, HTTP 429 with a Retry-After header is returned. Persistent exceedance may lead to temporary or permanent blocking.

Note: the quota levels above may be updated over time. Current levels are always reflected on the pricing page and in your agreed plan; meaningful reductions are announced in advance.

4. Process for extended access or ML licence

If your usage requires more than the free-tier quota:

1. For higher API quota: upgrade to Pro tier via the pricing page.
2. For municipal / regional-wide use: apply for a Municipal Licence — contact info@skolkoll.se.
3. For ML training licence: email info@skolkoll.se with:
   • Description of the model to be trained and its intended purpose.
   • Data volume (number of records, fields, update frequency).
   • Whether the model will be open source / public / commercial.
   • Transparency commitments (data sources will be published openly).
   ML licences are priced individually based on use. Applications are answered within 5 working days.
4. For research without commercial application: academic researchers may apply for an extended free-tier quota in exchange for credit in publications. Apply via the same email.

5. Attribution requirements

5.1 Embeddable widgets

All embeddable widgets ship with a visible "Källa: Skolkoll.se" link to skolkoll.se in the widget footer. This attribution must be preserved — hiding or styling it away (e.g. via CSS, iframe cropping, overlay) is an AUP breach.

Furthermore, widgets may not be embedded in misleading context. Examples of violations:

• Headlines or surrounding copy that imply Skolkoll endorses specific schools, groups, or political positions.
• Layout that makes the widget data appear to originate from another party (e.g. repackaging under a foreign logo without source attribution).
• Side-by-side combination with unreliable or fabricated data in a way that suggests equivalent authority.

Skolkoll applies a soft rate limit of 100 widget loads per minute per embedding domain (sliding window). Legitimate use never hits the cap; repeated overshoots are logged for manual review and may lead to temporary or permanent domain blocking per section 6.

5.2 API consumers

API consumers are encouraged (but not required) to link to the corresponding source page on skolkoll.se where the data is shown. This benefits both the user's ability to verify the data and Skolkoll's credibility.

5.3 Re-publishing analyses

Re-publishing Skolkoll's aggregated data, warning signals, or pedagogical texts (even in extracts) requires "Source: Skolkoll (skolkoll.se)" attribution within the same view as the cited material.

6. Consequences of AUP breach

For suspected or established breaches of the AUP, Skolkoll may take the following measures, roughly in escalating order:

1. Warning: email to a registered contact or IP-traced consumer with the opportunity to correct.
2. Temporary block: 24-72 hour block from API / embeddables.
3. Permanent block: definitive suspension on repeated or severe breaches.
4. Legal action: for economic damage, intellectual property violation, or unlawful activity.

Skolkoll need not follow the stepwise order for severe abuse (e.g. DDoS, data redistribution without licence) — direct blocking may apply.

7. Reporting suspected misuse

If you discover misuse of Skolkoll's API or embeddables (e.g. a site displaying Skolkoll's data without attribution, or suspect a bot is scraping), report to info@skolkoll.se.

8. Version history

• v1.0 (2026-04-28) — First published version. Establishes the basic framework ahead of public free-tier API + embeddable launch.

Related documents

• Terms of Service — main agreement to which the AUP is an annex.
• Privacy policy — how personal data is processed.
• Pricing — Pro tier and extended quotas.