Acceptable Use Policy
Effective: 2026-05-15
This Acceptable Use Policy ("AUP") supplements the Terms of Service and any executed Master Services Agreement. It applies to anyone using the Service.
You may not use the Service to
- Submit cardholder data (CHD) — primary account numbers (PAN), full track data, CVV / CVC2 / CVV2, PIN, or PIN blocks. Our platform is not in PCI scope to receive CHD. Submitting CHD is a material breach of the Terms.
- Violate any applicable law, regulation, or third-party right.
- Misrepresent the identity of a merchant or sign an attestation on behalf of an entity you are not authorized to bind.
- Reverse engineer, decompile, or attempt to derive source code from the Service except to the extent expressly permitted by applicable law.
- Probe, scan, or test the Service's security without our prior written consent (responsible disclosure submissions to chris.larson@complianceassessmenttool.com are explicitly welcome).
- Send malware, ransomware, viruses, worms, or any other malicious code via the Service.
- Spam, phish, or send unsolicited bulk communications to any party via the Service.
- Resell, sublicense, or repackage the Service to third parties without a written reseller agreement with us.
- Use the Service to develop a competing product or to benchmark for the purposes of building a competing product without our prior written consent.
- Submit any data subject to ITAR, EAR Category XI, or other export-controlled regimes.
- Upload Protected Health Information (PHI) subject to HIPAA — we are not a Business Associate.
You also may not
- Circumvent or attempt to circumvent any rate limit, tenant isolation, audit logging, or authentication mechanism.
- Use the Service to scrape, crawl, or systematically extract data not assigned to your tenant.
- Share API keys outside the legal entity to which they were issued.
- Use a single API key to operate multiple separate businesses without our written consent.
Enforcement
Violations may result in temporary suspension or termination of API access, with or without notice depending on severity. We will use reasonable judgment and prefer to give notice and an opportunity to cure for ambiguous or first-time violations.
Report suspected violations to chris.larson@complianceassessmenttool.com.