Acceptable Use Policy
Last updated: June 2026
1. Purpose
This Acceptable Use Policy ("AUP") describes what you may and may not do when using the Osapher platform. It applies to all users across both Osapher products — the SMB Portal (app.osapher.com.au) and the Enterprise KYB platform (enterprise.osapher.com) — including free-tier accounts, paid subscribers, API consumers, and anyone accessing the platform on behalf of an organisation.
This AUP is incorporated into and forms part of our Terms of Service. Violations may result in immediate suspension or termination of your account.
2. Permitted Uses — SMB Portal
You may use the Osapher SMB Portal to:
- Verify your own business identity against public registries (ABR, NZBN)
- Generate and publish verified JSON-LD schema for your own website or websites of clients you are authorised to represent
- Run website schema scans on domains you own or have explicit permission to scan
- Integrate Osapher Schema Lock tokens into your own web properties via our script tag or WordPress plugin
- Use the platform API for legitimate business automation within your allocated rate limits
3. Permitted Uses — Enterprise KYB Platform
You may use the Osapher Enterprise platform to:
- Verify business entities as part of a documented AML/CTF customer due diligence program
- Screen entities and their directors against sanctions, PEP, and adverse media sources as part of your compliance obligations
- Issue VRNT-KYB certificates as internal compliance records for verified entities
- Export verification reports and audit trails for your organisation's compliance records or regulatory reporting
- Integrate the Enterprise API into your own CRM, practice management, or onboarding systems for legitimate business automation
- Generate SMR/SAR regulatory draft exports for submission through the relevant regulator's official channels
4. Prohibited Uses
You must not use any part of the Osapher platform to:
- Impersonate or misrepresent: Submit business identity information for entities you do not own or control, or claim authorisation you do not have
- Verify without purpose: Run KYB verifications on entities outside the scope of a genuine compliance or due diligence obligation
- Misuse verification results: Use VRNT-KYB certificates or verification outputs as a substitute for another party's own due diligence obligations, or represent Osapher results as a legal determination of compliance status
- Scan without permission: Initiate scans on domains or web properties you do not own or have not been explicitly authorised to scan
- Abuse the infrastructure: Send automated requests beyond documented rate limits, conduct denial-of-service attacks, or attempt to overload our systems
- Bypass security controls: Attempt to circumvent authentication, access other users' data, or probe for security vulnerabilities without our written consent
- Circumvent sanctions obligations: Use the platform to facilitate transactions or relationships with sanctioned entities, or to structure verification workflows to avoid triggering sanctions matches
- Distribute malicious content: Use your Schema Lock token or schema payload to inject harmful scripts, malware, or deceptive content into third-party websites
- Resell without authorisation: Resell, sublicense, or white-label the platform without a written reseller agreement with Osapher
- Violate laws: Use the platform in any way that violates applicable Australian or New Zealand law, including the Privacy Act 1988 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (NZ), the Spam Act 2003, or applicable consumer protection legislation
5. Enterprise KYB — Additional Obligations
Users of the Enterprise KYB platform are subject to the following additional obligations:
- You must not use KYB verification outputs as the sole basis for AML/CTF compliance decisions. Regulated entities remain responsible for maintaining their own AML/CTF program as required by applicable law.
- You must not share VRNT-KYB certificates with third parties as a representation that those parties have satisfied their own due diligence obligations.
- You must not upload documents to the platform that you do not have the right to process, or that contain personally identifiable information of individuals who have not consented to such processing.
- SMR/SAR draft exports are provided as drafts only. You are solely responsible for reviewing, completing, and submitting reports through the relevant regulator's official channels. Osapher does not submit reports on your behalf.
- You must maintain appropriate access controls within your organisation, including assigning roles (Analyst, Compliance Manager) consistent with your internal compliance program.
6. API and Automation
Automated use of the Osapher API is permitted within your plan's rate limits. Scraping, bulk harvesting, or systematic extraction of data beyond your authorised usage is prohibited. We reserve the right to rate-limit or block requests that threaten platform stability.
7. Reporting Violations
If you believe someone is using the Osapher platform in violation of this policy, please report it to security@osapher.com. We investigate all credible reports.
8. Enforcement
We reserve the right to investigate any suspected violation of this AUP. Depending on the severity, we may issue a warning, suspend access, or terminate your account permanently. We may also report violations to relevant authorities where legally required.
9. Changes to This Policy
We may update this AUP from time to time. Continued use of the platform after changes constitutes acceptance of the updated policy.
10. Contact
For acceptable use enquiries: security@osapher.com
Osapher · ABN 18 459 403 998 · Melbourne, Victoria, Australia