Acceptable Use Policy

Last updated: [Effective date]

1. Purpose and scope

We provide the Services to help businesses run their operations responsibly. This Policy sets out the activities that are not allowed, so that the platform stays safe, lawful, and available for everyone. If you are an administrator of a business or branch account, you are responsible for the conduct of the users you invite, and for making this Policy known to them. By using the Services you agree to comply with this Policy.

2. General responsibilities

You must use the Services only for lawful purposes and in a manner consistent with all applicable laws of India, including the Information Technology Act 2000 and rules made under it, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (the "IT Rules 2021"), and the Digital Personal Data Protection Act 2023 (the "DPDP Act"). You are responsible for the content you submit, the configuration of your account, and the security of your login credentials.

3. Prohibited activities

You must not, and must not permit any other person to, use the Services to do any of the following:

3.1 Unlawful or harmful use

• Engage in any activity that is unlawful, fraudulent, defamatory, obscene, or that infringes the rights of any person, or that is otherwise prohibited under Indian law.
• Upload, store, or transmit content that is grossly harmful, harassing, hateful, paedophilic, invasive of another person's privacy, or that is unlawful in any manner whatsoever within the meaning of the IT Rules 2021.
• Impersonate any person or entity, or misrepresent your affiliation with any person or entity.

3.2 Intellectual property and third-party rights

• Upload, distribute, or otherwise use content that infringes any patent, trademark, copyright, trade secret, or other proprietary right of any third party.
• Use any name, logo, or branding in a way that is likely to mislead others as to the source or sponsorship of content.

3.3 Security and integrity

• Introduce, upload, or transmit any virus, worm, trojan, ransomware, or other malicious code, or any file or program designed to disrupt, damage, or limit the functioning of the Services or any device.
• Attempt to gain unauthorised access to any part of the Services, to other accounts, to our single sign-on (SSO) or authentication systems, or to any servers, networks, or infrastructure connected to the Services.
• Probe, scan, or test the vulnerability of any system or network, or breach or circumvent any security, authentication, rate-limiting, or access-control measure, except under a written authorisation from us for responsible security research.
• Interfere with or disrupt the integrity or performance of the Services, including through denial-of-service attacks or excessive automated requests.

3.4 Scraping, resale, and API abuse

• Use any automated means, including bots, scrapers, or crawlers, to extract data from the Services other than through interfaces and documented APIs that we expressly provide for that purpose.
• Resell, sublicense, rent, or otherwise make the Services available to any third party without our prior written authorisation.
• Exceed published rate limits, share or rotate credentials to evade limits, or use the API in a way that imposes an unreasonable load on our infrastructure or degrades the experience of other users.

3.5 Data protection and personal data

• Process any personal data through the Services without a lawful basis and the necessary consent or other ground required under the DPDP Act.
• Collect, use, or disclose health information or other sensitive personal data except for the purposes for which it was provided, and in accordance with applicable law and the rights of the individuals concerned.
• Use personal data obtained through the Services to send unsolicited communications, to profile individuals unlawfully, or for any purpose beyond what the relevant individual has agreed to.

4. Enforcement and suspension

We may investigate any suspected violation of this Policy. Where we reasonably believe that this Policy has been breached, or that continued use poses a risk to the Services, to other users, or to any third party, we may, with or without notice depending on the severity:

• remove, disable, or restrict access to offending content;
• throttle, suspend, or revoke API keys or access to specific features;
• suspend or terminate the affected account or branch, in accordance with our Terms of Service; and
• report unlawful activity to, and cooperate with, law enforcement or other competent authorities as required by law.

We will act proportionately and, where it is reasonable and lawful to do so, give you an opportunity to remedy a breach. Suspension or termination does not relieve you of fees already due. Nothing in this Policy limits any other right or remedy available to us under the Terms of Service or applicable law.

5. Reporting abuse

If you become aware of any content or activity that violates this Policy, please report it to abuse@spexx.in. To help us act quickly, include a description of the issue, the relevant URLs or account identifiers, and any evidence you can provide. We review reports promptly and take action where appropriate. We do not disclose the identity of a reporter to the party complained of unless required by law.

6. Grievance redressal

In accordance with the IT Rules 2021 and the DPDP Act, complaints relating to content, conduct, or the handling of personal data may be addressed to our Grievance Officer:

We will acknowledge grievances and resolve them within the timelines prescribed under applicable law.

7. Changes to this Policy

We may update this Policy from time to time to reflect changes in our Services or in the law. When we make material changes, we will update the date above and, where appropriate, notify account administrators. Your continued use of the Services after an update takes effect constitutes acceptance of the revised Policy.

8. Contact

For questions about this Policy, contact us at grievance@spexx.in or through our contact page. You can also review our Privacy Policy and security practices.