Acceptable Use Policy

This Acceptable Use Policy applies to all use of SmartComply websites, applications, public portals, APIs, support tools, documentation, integrations, and related services.

Customers are responsible for their users, public portals, API clients, integrations, and third parties acting under their tenant or credentials.

• Do not attempt unauthorized access to SmartComply, another tenant, another user account, source code, infrastructure, logs, credentials, APIs, or connected systems.
• Do not probe, scan, test, or bypass security controls except as expressly authorized in writing or within a documented vulnerability disclosure process.
• Do not introduce malware, ransomware, worms, credential harvesters, destructive payloads, or harmful code.
• Do not interfere with service availability, overload systems, abuse rate limits, scrape at unreasonable volume, or bypass technical restrictions.
• Do not attempt to defeat tenant isolation, authentication, authorization, logging, consent controls, billing controls, or usage limits.

• Do not upload unlawful, deceptive, defamatory, abusive, harassing, threatening, obscene, infringing, malicious, or harmful content.
• Do not use SmartComply to send spam, phishing, deceptive notices, unlawful marketing, or abusive communications.
• Do not misrepresent identity, employment, regulatory authority, certifications, signatures, inspection results, sample results, manifests, permit status, compliance status, or legal authority.
• Do not submit false, fabricated, altered, or misleading compliance information, test results, inspection records, reports, signatures, or credentials.
• Do not use SmartComply to violate privacy rights, intellectual property rights, public records laws, procurement rules, environmental laws, consumer protection laws, export laws, sanctions, or other applicable laws.

Do not submit information you are not authorized to submit or process.

Do not use SmartComply to collect unrelated sensitive personal information, payment card numbers outside approved payment flows, protected health information unless covered by a specific written agreement, or secrets that do not belong in a compliance workflow.

Do not export, share, or disclose data from SmartComply except as authorized by the customer, applicable law, and your role.

Automation, imports, exports, APIs, and webhooks must use documented methods and must respect authentication, scopes, rate limits, idempotency, and security requirements.

Do not use bots, scripts, or integrations to evade billing, usage limits, security controls, audit logs, or customer permissions.

Public and external portal users may only submit information for workflows made available to them and must provide accurate information to the best of their knowledge.

Portal users may not access, modify, or submit records for another party unless they are authorized to do so.

We may remove content, throttle traffic, disable API keys, suspend users, restrict portals, block IP addresses, notify customer administrators, preserve evidence, contact authorities, or suspend or terminate service when activity creates risk for SmartComply, customers, users, infrastructure, or legal compliance.

We try to tailor enforcement to the severity and urgency of the issue, but emergency action may occur without advance notice when needed to protect the service or others.