Acceptable Use Policy | Platform Guidelines

1. Introduction

This Acceptable Use Policy (“AUP”) governs your use of the iTrack AML/CTF/CPF risk assessment platform (the “Service”) provided by Comsure Technology Limited (“we”, “us”, or “our”).

This AUP is incorporated into and forms part of our Terms of Service. By using the Service, you agree to comply with this AUP. Failure to comply may result in suspension or termination of your access to the Service.

Important Notice

Violations of this AUP may result in immediate suspension or termination of your account without prior notice, particularly in cases involving illegal activity, security threats, or harm to other users.

2. Scope and Application

This AUP applies to:

All users of the Service, including account administrators, end users, and API consumers
All activities conducted through the Service, including data input, assessment processing, reporting, and API usage
All devices and networks used to access the Service
All data uploaded, processed, or stored through the Service

You are responsible for ensuring that all users within your organisation who access the Service through your account comply with this AUP. You will be held accountable for any violations committed by your users.

3. Permitted Use

The Service is designed exclusively for legitimate AML/CTF/CPF compliance purposes by regulated financial services entities and professional service firms. Permitted uses include:

Client Risk Assessments: Conducting customer due diligence (CDD) and enhanced due diligence (EDD) risk assessments in accordance with applicable AML/CTF/CPF regulations.

Transaction Monitoring: Monitoring and analysing client transactions for suspicious activity in compliance with regulatory obligations.

Regulatory Reporting: Generating reports and documentation required by regulators, including risk assessment records and compliance evidence.

Sanctions Screening: Screening clients and transactions against sanctions lists to comply with counter-proliferation financing obligations.

Business Risk Analysis: Assessing the AML/CTF/CPF risk profile of your organisation and clients for internal governance and compliance purposes.

API Integration: Integrating the Service with your existing systems via our APIs and webhooks, subject to the usage limits of your subscription tier.

4. Prohibited Activities

The following activities are strictly prohibited when using the Service:

Illegal and Harmful Activities

Illegal Activity: Using the Service to facilitate, promote, or engage in any illegal activity, including money laundering, terrorist financing, proliferation financing, fraud, tax evasion, or any other criminal conduct.
Sanctions Violations: Using the Service to process transactions or assess clients in violation of applicable sanctions laws, including those imposed by the UN, EU, UK, US, or Jersey.
Discrimination: Using the Service to unlawfully discriminate against individuals based on protected characteristics such as race, ethnicity, religion, gender, or nationality, except where required by legitimate sanctions or regulatory obligations.
Harassment or Abuse: Using the Service to harass, threaten, stalk, or abuse any person or entity.
Harmful Content: Uploading or processing data containing malware, viruses, ransomware, or any other harmful code.

Security and System Integrity Violations

Unauthorised Access: Attempting to access accounts, systems, or data that you are not authorised to access, including through password cracking, phishing, social engineering, or other means.
Security Bypass: Circumventing, disabling, or interfering with security features, authentication mechanisms, access controls, or usage limits of the Service.
Vulnerability Exploitation: Exploiting any security vulnerabilities in the Service, except through our responsible disclosure program.
Denial of Service: Engaging in activities that disrupt, degrade, or deny access to the Service for other users, including distributed denial-of-service (DDoS) attacks, flooding, or resource exhaustion attacks.
Network Scanning: Scanning, probing, or testing the vulnerability of our systems or networks without prior written authorisation.
Reverse Engineering: Reverse engineering, decompiling, disassembling, or otherwise attempting to derive the source code or underlying algorithms of the Service.

Data and Privacy Violations

Unlawful Data Processing: Processing personal data without a lawful basis under applicable data protection laws (e.g., Data Protection (Jersey) Law 2018, UK GDPR).
Unauthorised Data Collection: Using the Service to collect, aggregate, or process personal data that you do not have the legal right to process.
Data Scraping: Using automated tools, bots, or scripts to scrape, harvest, or extract data from the Service without authorisation.
Privacy Violations: Violating the privacy rights of individuals, including unauthorised disclosure of personal or sensitive information.
Inaccurate Data: Knowingly inputting false, inaccurate, or misleading data that could result in incorrect risk assessments or regulatory non-compliance.

Misuse of Service Features

Unauthorised Resale: Reselling, sublicensing, renting, leasing, or otherwise providing access to the Service to third parties without our prior written consent.
Competitive Use: Using the Service to develop, market, or provide a competing product or service.
Improper API Use: Exceeding API rate limits, using the API for purposes other than those described in the API documentation, or using the API to circumvent usage restrictions of your subscription tier.
Account Sharing: Sharing your account credentials with unauthorised users or allowing multiple individuals to use a single user account in violation of your subscription terms.
Spam and Unsolicited Communications: Using the Service to send spam, unsolicited marketing, or bulk communications.

Intellectual Property Violations

Copyright Infringement: Uploading or processing content that infringes the copyright, trademark, patent, or other intellectual property rights of any third party.
Unauthorised Reproduction: Copying, reproducing, or distributing the Service, its documentation, or any proprietary materials without authorisation.
Removal of Notices: Removing, obscuring, or altering any copyright, trademark, or other proprietary notices on the Service.

5. Security Obligations

You must take appropriate measures to secure your use of the Service, including:

Account Security

Use strong, unique passwords for your account (minimum 12 characters with a mix of uppercase, lowercase, numbers, and symbols)
Enable multi-factor authentication (MFA) where available (strongly recommended for all accounts)
Keep your login credentials confidential and do not share them with unauthorised individuals
Immediately notify us if you suspect unauthorised access to your account
Log out of your account after each session, especially on shared or public devices

Device and Network Security

Use up-to-date, secure devices with current operating systems and security patches
Install and maintain antivirus and anti-malware software on devices used to access the Service
Avoid accessing the Service over unsecured public Wi-Fi networks; use a VPN if necessary
Ensure that API keys, authentication tokens, and other credentials are stored securely and not exposed in public repositories or insecure locations

Data Protection

Ensure that data uploaded to the Service is obtained lawfully and processed in accordance with applicable data protection laws
Do not upload data containing viruses, malware, or malicious code
Implement appropriate access controls within your organisation to ensure only authorised personnel can access sensitive data
Regularly review user access permissions and remove access for users who no longer require it

Reporting Security Incidents

If you become aware of any security incident, vulnerability, or breach involving the Service, you must notify us immediately at info@itrackaml.com with the subject line “Security Incident”.

6. Data Input Standards

To ensure the accuracy and reliability of risk assessments, you must adhere to the following data input standards:

Accuracy: Ensure that all data inputted into the Service is accurate, complete, and up-to-date to the best of your knowledge.

Lawful Basis: Confirm that you have a lawful basis under applicable data protection laws to process the personal data you input into the Service.

No Malicious Content: Do not upload files or data containing viruses, malware, or other malicious code that could harm the Service or other users.

Format Compliance: Input data in the formats and structures specified in the Service documentation to ensure proper processing.

Data Minimisation: Only upload data that is necessary for the specific risk assessment or compliance purpose. Avoid uploading excessive or irrelevant personal data.

Regular Updates: Update client data promptly when material changes occur to ensure risk assessments reflect current circumstances.

7. Usage Limits and Fair Use

Your use of the Service is subject to the usage limits specified in your subscription tier, as detailed on our Pricing page. You agree to use the Service in a manner that is fair and reasonable and does not adversely affect other users.

Fair Use Guidelines:

API Rate Limits: Adhere to the API rate limits specified for your subscription tier. Excessive API requests may result in throttling or temporary suspension.
Storage Limits: Stay within the data storage limits of your subscription. If you approach your limit, you will be notified to upgrade or delete unnecessary data.
User Accounts: Use the number of user accounts permitted by your subscription tier. Do not share accounts or credentials to circumvent user limits.
Assessment Volume: Process a reasonable volume of risk assessments consistent with your subscription tier. Excessive or automated bulk processing may be restricted.
Resource Consumption: Avoid activities that consume excessive server resources, such as running extremely large queries, generating excessive reports, or maintaining long-lived sessions unnecessarily.

If your usage consistently exceeds the limits of your current tier, we may contact you to discuss upgrading to a higher tier. Persistent violations of usage limits may result in service restrictions or termination.

8. Reporting Violations

If you become aware of any violation of this AUP by another user or any security incident involving the Service, please report it to us immediately.

How to Report:

Send an email to info@itrackaml.com with the subject line:

“AUP Violation Report” for policy violations
“Security Incident” for security-related issues

Please include as much detail as possible, including:

Description of the violation or incident
Date and time (if known)
Any relevant screenshots, logs, or evidence
Your contact information for follow-up

We take all reports seriously and will investigate promptly. We may contact you for additional information. All reports will be kept confidential to the extent possible.

9. Enforcement and Sanctions

We reserve the right to investigate suspected violations of this AUP and to take appropriate enforcement actions. Depending on the severity of the violation, enforcement actions may include:

Progressive Enforcement:

1. Warning

For minor or first-time violations, we may issue a written warning and request corrective action within a specified timeframe (typically 48-72 hours).

2. Temporary Suspension

For repeated violations or moderate infractions, we may temporarily suspend your access to the Service (typically 7-30 days) until the issue is resolved.

3. Feature Restrictions

We may restrict access to specific features (e.g., API access, data exports) if those features are being misused.

4. Permanent Termination

For severe violations (e.g., illegal activity, security threats, repeated violations after warnings), we may permanently terminate your account and access to the Service without refund.

Immediate Termination:

We reserve the right to immediately suspend or terminate your account without prior notice if we reasonably believe that:

You are engaged in illegal activity through the Service
Your use of the Service poses a security threat to us, our infrastructure, or other users
Continued access would violate our legal obligations or expose us to legal liability
You have repeatedly violated this AUP despite prior warnings

In cases of immediate suspension or termination, we will provide you with an explanation as soon as reasonably practicable, unless doing so would compromise an ongoing investigation or violate our legal obligations.

You may appeal enforcement actions by contacting us at info@itrackaml.com with the subject line “AUP Enforcement Appeal”. We will review appeals on a case-by-case basis.

10. Liability for Violations

You are solely responsible for your use of the Service and for ensuring compliance with this AUP. You agree that:

You will indemnify and hold us harmless from any claims, damages, losses, or expenses (including legal fees) arising from your violation of this AUP
You are responsible for all activities conducted through your account, including activities by your employees, contractors, or other authorised users
We are not liable for any damages resulting from enforcement actions taken in response to violations of this AUP
You will cooperate with any investigations into suspected violations and provide requested information or evidence in a timely manner

We may report violations of this AUP to law enforcement, regulatory authorities, or other appropriate third parties if we believe such reporting is necessary to comply with legal obligations or to protect the rights, property, or safety of ourselves, our users, or the public.

11. Modifications

We may update this AUP from time to time to reflect changes in our practices, the Service, legal requirements, or industry standards. When we make material changes, we will:

Update the “Effective Date” and “Version” at the top of this page
Notify you via email (to the address associated with your account) at least 30 days before the changes take effect
Display a prominent notice in the Service or on our website

Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated AUP. If you do not agree to the updated AUP, you must stop using the Service and may terminate your account in accordance with our Terms of Service.

We maintain an archive of previous versions of this AUP. You may request access to prior versions by contacting us.

12. Contact Us

If you have any questions about this Acceptable Use Policy or need to report a violation, please contact us:

Comsure Technology Limited

Email: info@itrackaml.com

Phone: +44 (0) 1534 626841

Address:
No 1 Bond Street Chambers
St Helier, Jersey
Channel Islands, JE2 3NP

Document Version: 1.0.0

Effective Date: October 28, 2025

Last Reviewed: October 28, 2025

View Privacy Policy View Terms of Service View Cookie Policy