Acceptable Use Policy

Last updated: April 4, 2026

This Acceptable Use Policy ("AUP") governs your use of the Urim KYC platform, API, and related services (the "Service"). This AUP is part of our Terms of Service. Violation may result in immediate suspension or termination of your account without refund.

1. Permitted Use

The Service is designed for legitimate compliance purposes, including:

• Know Your Customer (KYC) screening as part of client onboarding
• Anti-Money Laundering (AML) due diligence and ongoing monitoring
• Sanctions compliance screening required by law or regulation
• Politically Exposed Persons (PEP) identification for enhanced due diligence
• Criminal records checks as part of a compliance workflow
• Audit trail maintenance for regulatory purposes

2. Prohibited Uses

You may not use the Service to:

• Discriminate: Screen individuals for purposes of discrimination based on race, ethnicity, religion, gender, sexual orientation, national origin, disability, or any other protected characteristic
• Harass or stalk: Investigate, track, or monitor individuals for personal, non-compliance purposes
• Violate privacy laws: Process personal data in violation of applicable data protection regulations (GDPR, CCPA, NZ Privacy Act, etc.)
• Resell or redistribute: Resell, sublicense, or redistribute screening results or API access to third parties without our written consent
• Compete: Use the Service to build a competing product or service, or to reverse engineer our screening algorithms, databases, or matching logic
• Abuse API access: Attempt to circumvent rate limits, screen limits, or plan restrictions through automated means, multiple accounts, or other methods
• Compromise security: Attempt to access other tenants' data, probe for vulnerabilities, or interfere with the Service's infrastructure
• Share credentials: Share API keys, login credentials, or account access with unauthorized individuals
• Submit false data: Deliberately submit fabricated subject data to generate misleading compliance reports
• Misrepresent results: Present screening results as legal advice, a definitive compliance determination, or a consumer report under the FCRA or equivalent laws
• Illegal activity: Use the Service in connection with any illegal activity, including money laundering, terrorist financing, or sanctions evasion

3. API-Specific Rules

• API keys are personal to each analyst and must not be shared or embedded in client-side code
• Do not attempt to bypass authentication, access endpoints without valid credentials, or impersonate other users
• Do not use automated tools to create multiple accounts to circumvent plan limits
• Respect the rate limits and screen quotas of your subscription plan
• Do not use the API to scrape or bulk-download sanctions database content

4. Data Handling Obligations

As a user of the Service, you acknowledge that:

• You are the data controller for any personal data you submit for screening
• You have a lawful basis for processing the personal data of individuals you screen
• You are responsible for complying with all applicable data protection laws in your jurisdiction
• Screening results contain sensitive information and should be handled according to your organization's data security policies
• AI-generated compliance narratives should be reviewed by a qualified compliance professional before use in regulatory filings or official decisions

5. Reporting Violations

If you become aware of any violation of this AUP, please report it to [email protected].

6. Enforcement

We reserve the right to investigate suspected violations of this AUP. If we determine that a violation has occurred, we may take any action we deem appropriate, including:

• Issuing a warning
• Temporarily suspending your account or API access
• Permanently terminating your account
• Reporting the violation to law enforcement authorities

We will make reasonable efforts to notify you before taking enforcement action, except where immediate action is necessary to protect the Service, its users, or to comply with legal obligations.

7. Changes

We may update this AUP from time to time. Material changes will be communicated with at least 30 days' notice. Your continued use of the Service after the effective date constitutes acceptance of the updated AUP.

8. Contact

Questions about this policy? Contact us at our contact form or email [email protected].