Acceptable Use Policy.

1. Scope and Applicability

This Acceptable Use Policy ('AUP') governs all use of the SpacePe platform, including the web application, mobile interfaces, APIs, SDKs, webhooks, and associated services. It applies to all users, administrators, API consumers, and any person or system accessing SpacePe on your behalf.

This AUP supplements the SpacePe Terms of Service, Privacy Policy, and any applicable Enterprise Agreement. In the event of conflict, the Enterprise Agreement prevails for enterprise customers, followed by the Terms of Service, followed by this AUP.

SpacePe reserves the right to update this AUP. Material changes will be communicated via email to account administrators and posted on the platform with a 30-day notice period before enforcement.

2. Permitted Use

SpacePe may be used exclusively for lawful business financial operations in compliance with applicable Indian law, including the Companies Act 2013, Income Tax Act 1961, CGST Act 2017, FEMA 1999, PMLA 2002, and Information Technology Act 2000.

Authorized activities include: banking operations, invoice management, bill processing, treasury management, payroll disbursement, expense management, virtual account operations, compliance management, audit trail maintenance, and financial reporting.

API access must comply with published rate limits, Developer Terms of Use, and API Documentation. API keys are issued per-organization and must not be shared across legal entities without prior authorization.

3. Prohibited Activities - Financial

Money laundering, structuring, layering, or any activity designed to conceal the origin, ownership, or destination of funds in violation of the Prevention of Money Laundering Act 2002 and its amendments.

Financing of terrorism or proliferation of weapons of mass destruction under the Unlawful Activities (Prevention) Act 1967 or any UN Security Council sanctions regime applicable in India.

Processing transactions for illegal goods, services, or activities under Indian law, including narcotics, counterfeit goods, unlicensed gambling, and unlicensed financial services.

Circumventing transaction limits, velocity controls, approval workflows, or security controls implemented by your organization's administrators or by SpacePe's risk management systems.

Creating shell entities, fictitious vendors, or phantom employees for the purpose of siphoning funds, tax evasion, or fraudulent financial reporting through the platform.

Generating invoices that do not reflect bona fide underlying goods or services (fictitious invoicing) or inflating invoice amounts beyond actual transaction value.

4. Prohibited Activities - Technical

Unauthorized access to other customers' data, accounts, or infrastructure via any means including credential stuffing, brute force, SQL injection, or API parameter manipulation.

Automated scraping, crawling, bulk data extraction, or systematic downloading of platform content beyond the scope of authorized and documented API access.

Reverse engineering, decompiling, disassembling, or attempting to derive source code of the SpacePe platform, its APIs, or proprietary algorithms.

Uploading malicious code, malware, ransomware, or any software designed to disrupt, damage, or gain unauthorized access to any system connected to the platform.

API keys must be stored in secure secret management systems - never hardcoded in source code, committed to version control repositories, or transmitted via unencrypted channels.

5. Compliance Obligations

All transactions must comply with applicable RBI guidelines, FEMA regulations, NPCI rules, and tax laws of the relevant jurisdiction within India.

Users must maintain accurate KYC records for all beneficial owners and authorized signatories. Suspicious transactions must be reported as required under PMLA 2002 and FIU-IND guidelines.

Cross-border transactions must comply with Liberalised Remittance Scheme limits (currently USD 250,000 per financial year per individual), FEMA documentation requirements, and purpose code reporting.

GST-compliant invoices generated through SpacePe must accurately reflect HSN/SAC codes, correct GSTIN of supplier and recipient, and applicable tax rates per destination state.

6. Enforcement and Remedies

SpacePe employs automated monitoring systems and periodic manual reviews to detect AUP violations. Automated systems may flag, throttle, or temporarily suspend activities pending compliance review.

Upon detection of a violation, SpacePe may: issue a written warning with remediation timeline; temporarily suspend the violating feature, API key, or user account; or permanently terminate the account with notice.

SpacePe is legally obligated to report suspected money laundering, terrorist financing, and other specified offences to FIU-IND and relevant authorities. SpacePe cooperates with lawful requests from regulatory authorities and courts of competent jurisdiction.

Suspended accounts may submit a written appeal to legal@spacepe.io within 30 calendar days. Appeals are reviewed by the Compliance Committee within 15 business days. The Committee's decision is final.