The policy clarification stated that participants cannot make threats, use extortion, or access customer data beyond what is accidental or occurs in good faith.