What you can and can’t do with Veritus.

1. Purpose

This Acceptable Use Policy (“AUP”) sets out the things you must not do when using Veritus. Our intent is to keep the service useful for legitimate fraud-prevention purposes while protecting end users from misuse of the technology.

2. What Veritus is for

Veritus is intended for assessing fraud risk on signup, login, password reset, contact and similar low-friction events on services you operate. Examples of acceptable use:

• Vetting new account signups on a SaaS application you run
• Scoring promo-code or trial signups on your e-commerce site
• Filtering registrations on a forum or community you operate
• Pre-screening before a heavier KYC step on a regulated service
• MSP / agency: vetting signups on behalf of your end customers (with proper agreements in place)

3. Prohibited uses

You must not use Veritus to:

• Discriminate against any person based on protected characteristics under UK Equality Act 2010 (age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation).
• Make fully-automated decisions with legal or significant effects on a person without offering a human review path, contrary to UK GDPR Article 22.
• Score data subjects who have no relationship with you (e.g. uploading scraped contact lists for enrichment).
• Use Veritus output as the sole basis for refusing employment, credit, insurance, housing, or legal entitlement.
• Resell raw Veritus output as a data product to third parties (resale of fraud screening services to your own customers under your brand is permitted under the Scale tier).
• Attempt to reverse-engineer the ML model, extract training data, or probe the service for vulnerabilities outside our coordinated disclosure programme.
• Submit data on behalf of any child under 13, or under 16 in jurisdictions where the digital-consent age is 16.
• Use the service for stalking, harassment, doxxing, or any unlawful surveillance.

4. Service abuse

You must not:

• Exceed rate limits documented in our API reference, or attempt to circumvent them.
• Test, load-test, or fuzz the production API without prior written agreement (use the sandbox instead).
• Share your API keys with third parties outside your organisation, or commit them to public source repositories.
• Run automated tooling that submits synthetic data at scale in a way that could pollute training data.
• Attempt to interfere with the operation of the service, including DDoS, intrusion attempts, or denial-of-service against shared infrastructure.

5. Reporting violations

If you become aware of any violation of this policy, please report it to abuse@veritus.uk. We investigate every report.

6. Consequences

Violations may result in any of the following, at our discretion:

• Written warning and required remediation within a stated timeframe
• Temporary suspension of API access
• Permanent termination of the account
• Forfeiture of pre-paid fees for material violations
• Referral to law-enforcement or regulatory authorities where required by law

For serious or wilful violations, we may terminate immediately without prior warning.

7. Right to refuse service

We reserve the right to refuse to provide Veritus to anyone we reasonably believe will use it in a manner contrary to this policy, even if their use case is technically permitted. This is rare but not negotiable.

8. Updates

We may update this AUP on 30 days’ notice. Material changes that broaden prohibitions will not be applied retroactively to use that was permitted at the time it occurred.