Terms

Terms of service.

Last updated:

Plain-English terms drafted by the operator to match the actual product. Australian Consumer Law applies; nothing here waives the statutory rights it gives you. If a clause seems wrong or contradicts what the site actually does, that's a defect — please report via /security.

1. Who you're agreeing with

mikrotikfilters.com is run by an Australia-based solo operator (sole trader at v1.0; this may change to a Pty Ltd or fiscal host later — the date above moves forward when it does). The operator is the contracting party for any donation or supporter subscription. The site is hosted on Cloudflare; payments go through Stripe; emails go through Resend. You are not contracting with any of them when you use this site.

2. What the site does

mikrotikfilters.com publishes:

The site is a reference resource and a community-curation surface. It is not a managed service — your router is your router, and importing any rule or script onto it is a decision you make. See §10 below.

3. Acceptable use

You agree not to:

The operator may suspend or terminate any account that breaches the above (see §11). Suspension is reversible; hard deletion is not.

4. Accounts

An account is created the first time you complete the magic-link sign-in at /login. We do not use passwords. Sessions live in your browser as an HttpOnly cookie; you can revoke a session from /account.

You're responsible for keeping your email account secure — magic-link sign-in means anyone who can read your email can sign in as you. Optional TOTP 2FA is available on /account.

Accounts that have never verified an email (the magic-link was issued but never clicked) auto-prune after 30 days.

5. Submissions to the lists + scripts library

Lists. When you submit an IP/CIDR via /submit, you grant the operator the right to (a) review it, (b) approve or reject it, and (c) if approved, publish it in the public list at /api/lists/<slug>.rsc. Approved entries are public and accessible to anyone — that's the whole product. You can withdraw a still-pending submission via your dashboard; you cannot retract an approved entry directly, but you can ask via /security and the operator will weigh the request against the public curation interest.

Scripts. If you're a supporter and submit a script via /account/scripts/new, the same flow applies plus: once approved you become read-only on the row; you can request deletion via POST /api/scripts/:slug/request-delete (a moderator decides); and if your supporter subscription is cancelled past the 30-day grace window, ownership of your approved scripts transfers to a system "community" account — the script stays public, and only moderators or the operator can take it down. This is the orphan-transfer mechanism documented in /privacy §3.8.

You retain copyright in your submissions; you grant a perpetual, worldwide, royalty-free licence to the operator to publish, reproduce, modify (for moderation / formatting), and redistribute approved submissions.

6. Rate limits + caps

The published limits as of v1.0:

Limits may change with notice. Material decreases (a tighter limit affecting existing supporters) get pre-announced on the supporter page for at least 30 days.

7. Supporter subscriptions

Supporter is a recurring subscription (A$8/mo or A$80/yr; placeholder pending the operator's pricing finalisation). It pays for site hosting and signals patronage of the project.

Every individual list at /lists/<slug> is free, forever. Supporter is not paywall — it's capability/headroom (the higher pull cap, the bundle builder, API keys, the community-scripts library submission, the donor wall opt-in for recurring supporters) and signal-of-support.

Supporter subscriptions auto-renew. You can cancel anytime via the Stripe Customer Portal link on /account; your access stays until the end of the current billing period. Cancelling does NOT trigger a refund of the unused portion — see §8.

8. Refunds (Australian Consumer Law + ours)

Australian Consumer Law (ACL). If you're an Australian consumer, the consumer guarantees in the ACL apply to supporter subscriptions and any other paid service from this site. Those guarantees give you remedies — refund, replacement, or compensation — when the service is not delivered with due care, is not fit for purpose, or otherwise fails the statutory standard. Nothing in these terms waives those rights. They are the floor.

Our discretionary refund policy on top of the statutory floor:

Refunds go back to the original payment method via Stripe. Stripe's transaction-fee deduction is non-refundable — we get the gross-of-fees amount and refund the same amount; Stripe pockets the fee on both the original charge and the refund. (We can't change that; it's a Stripe-side policy.)

9. No SLAs

This is a solo-dev project. We do not promise:

The published limits in §6 are operational targets, not contractual guarantees. The same goes for any "we aim to respond in X days" wording elsewhere on the site — those are aspirations, not commitments. The memory/feedback_no_sla.md file in the project memory documents this stance for future-self consistency.

10. Disclaimer of warranties

Subject to §8 (Australian Consumer Law non-waivable rights), the site and the published rules / lists / scripts are provided as-is, with all faults. We do not warrant that they will work on every router config, that the lists are complete, or that any rule will defend against any specific threat. Routers are powerful tools and every paste is a decision you make. Always have console access before applying firewall changes.

Specifically: the community scripts library is supporter- contributed content that the operator's moderators review before approval. Moderation is a sanity check — not a formal audit, not a security review, not a guarantee. Read every line before you /import, especially anything flagged HIGH or DESTRUCTIVE.

11. Suspension + termination

The operator may suspend an account that breaches §3 (acceptable use), or that triggers automated-abuse thresholds. Suspension blocks magic-link issuance + API-key resolution + session validation; the account row stays so the user can be unsuspended later. The operator records the suspension reason in the audit log.

You can close your account anytime by emailing the operator (see /security). Closure deletes your account row + anonymises associated data per the retention policy in /privacy §7. Data we have to keep (tax records 5yr; audit log 90d+) gets stripped of personal identifiers where lawful.

12. Limitation of liability

To the maximum extent permitted by law (and subject to §8 ACL non-waivable rights):

This cap does not apply to the consumer-guarantee remedies in the ACL when the ACL prohibits limitation, or to operator misconduct that the law refuses to cap.

13. Indemnification

You agree to indemnify the operator against third-party claims arising directly from (a) content you submitted in breach of §3 or §5, or (b) your use of the site in breach of these terms. The indemnity is capped at the same amount as §12 — solo-dev project, asymmetric risk, sensible cap.

14. Governing law + disputes

These terms are governed by the laws of Western Australia, Australia. Disputes go to the courts of Western Australia, with exception for any consumer-protection forum the law gives an Australian consumer the right to use (small-claims tribunals, e.g.). EU/UK consumers retain access to their local consumer-protection authorities for matters within their jurisdiction.

15. Changes to these terms

Material changes (a refund-window narrowing, a cap tightening, a new restriction in §3) will be flagged at the top of this page for at least 30 days, and the "Last updated" date moves forward. Editorial fixes (typos, clarifications) bump the date but don't get a banner. Continued use of the site after a material-change notice period elapses means you accept the change. If you don't, cancel your supporter subscription + close your account per §11.

16. Severability + entire agreement

If a clause here is held unenforceable, the rest stands. These terms together with the privacy policy are the entire agreement between you and the operator regarding the site.

17. Contact

Refund requests, account closures, ToS questions: /security for the operator's email. Australian residents who can't resolve a complaint with the operator can contact ACCC; EU/UK consumers can contact their local authority.