Skip to main content
Back to Home

Acceptable Use Policy

Rules governing the permissible use of the NoxVerify platform.

Last Updated: March 31, 2026Version 1.0

This Acceptable Use Policy ("AUP") sets out the rules and restrictions that apply to all Tenants, Users, and API consumers of the NoxVerify platform. This AUP supplements the Terms of Service and applies to all use of the NoxVerify services.

1. Purpose

The purpose of this AUP is to ensure that the NoxVerify platform is used lawfully, ethically, and in a manner that does not harm other users, Applicants, or the integrity of the verification ecosystem. All Tenants and their authorized Users must comply with this AUP at all times.

NoxVerify is designed to help organizations meet their regulatory compliance obligations. Using the platform for any purpose that undermines regulatory compliance, facilitates illegal activity, or infringes the rights of individuals is strictly prohibited.

2. Compliance Obligations

Tenants must ensure that their use of the NoxVerify platform complies with all applicable laws and regulations, including but not limited to:

  • Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) laws and regulations applicable in the Tenant's operating jurisdictions.
  • Data protection and privacy laws, including the GDPR (EU), KVKK (Turkey), CCPA (California), LGPD (Brazil), PIPL (China), and any other applicable data protection legislation.
  • Sanctions and export control regulations, including those administered by OFAC (US), EU Council, HM Treasury (UK), and UN Security Council.
  • Consumer protection laws applicable to the collection and use of personal data for identity verification and background screening.
  • Industry-specific regulations governing the Tenant's use of verification services, including financial services regulations, gaming regulations, and telecommunications regulations.

Tenants are solely responsible for determining which laws and regulations apply to their specific use case and for ensuring compliance. NoxVerify provides tools and features to support compliance but does not provide legal advice.

3. Prohibited Activities

The following activities are strictly prohibited on the NoxVerify platform:

  • Fraud and deception: submitting false, forged, or stolen identity documents; creating fake verification requests; or using the platform to facilitate identity theft or financial fraud.
  • Identity theft: using the platform to obtain personal data about individuals without authorization or to impersonate others.
  • False document submission: uploading altered, counterfeit, or fraudulently obtained identity documents, business registration records, or other verification evidence.
  • Unauthorized access: attempting to access other Tenants' data, bypassing authentication or authorization controls, or exploiting security vulnerabilities.
  • Reverse engineering: decompiling, disassembling, or otherwise attempting to extract the source code, algorithms, or machine learning models of the NoxVerify platform.
  • Data scraping: using automated tools to extract data from the platform beyond the scope of the authorized API, including scraping verification results, screening data, or platform content.
  • Rate limit circumvention: attempting to bypass API rate limits, quota restrictions, or other usage controls through technical means.
  • Competitive misuse: using the NoxVerify platform, its data, or its outputs to build, train, or improve a competing product or service.
  • Credential sharing: sharing account credentials, API keys, or access tokens with unauthorized individuals or organizations.
  • Harassment and abuse: using the platform to harass, threaten, or discriminate against individuals based on protected characteristics.

4. Tenant Responsibilities

In addition to the general compliance obligations above, Tenants have the following specific responsibilities:

  • Consent: obtain proper, informed consent from all Applicants before submitting their personal data (including biometric data) to the NoxVerify platform for verification. Consent must be freely given, specific, informed, and unambiguous.
  • Privacy notices: provide clear, accessible privacy notices to Applicants that describe how their data will be processed, the legal basis for processing, and their rights.
  • Security: implement appropriate security measures to protect account credentials, API keys, and any data received from the NoxVerify platform, including Verification Results.
  • Access control: manage User access to the Tenant's NoxVerify account using the provided RBAC features. Remove access promptly when Users leave the organization or change roles.
  • Incident reporting: report any suspected security incidents, data breaches, or unauthorized access to NoxVerify promptly (within 24 hours of discovery) at security@noxverify.com.
  • Data accuracy: ensure that data submitted for verification is accurate and up-to-date to the best of the Tenant's knowledge.
  • Training: ensure that all Users who access the NoxVerify platform are adequately trained on applicable data protection requirements and the proper use of verification services.

5. Biometric Data Rules

Biometric data (selfie photographs, liveness video frames, and derived facial feature vectors) is subject to additional rules due to its sensitive nature:

  • Explicit written consent: Tenants must obtain explicit, written consent from Applicants before collecting biometric data through the NoxVerify platform. The consent must specifically reference the collection and processing of biometric data.
  • Retention and destruction schedule: Tenants must publish and adhere to a retention and destruction schedule for biometric data that complies with applicable law. NoxVerify's default retention schedule is described in the Privacy Policy.
  • No surveillance use: biometric data collected through NoxVerify must not be used for surveillance, tracking, or monitoring of individuals beyond the specific verification transaction for which consent was obtained.
  • No secondary use: biometric data must not be repurposed for marketing, advertising, profiling, or any purpose other than identity verification.
  • Jurisdiction compliance: Tenants operating in jurisdictions with specific biometric data laws (such as Illinois BIPA, Texas CUBI, or Washington State biometric law) must ensure their use of biometric verification features complies with those laws.

6. Enforcement

NoxVerify monitors platform usage for compliance with this AUP. Violations may result in the following actions, at NoxVerify's discretion:

  • Warning: written notice of the violation and a request to remediate within a specified timeframe.
  • Suspension: temporary suspension of the Tenant's access to the platform pending investigation or remediation.
  • Termination: permanent termination of the Tenant's account for serious or repeated violations.
  • Legal action: pursuit of legal remedies for violations that cause harm to NoxVerify, other Tenants, Applicants, or third parties.

NoxVerify may cooperate with law enforcement authorities where violations of this AUP involve suspected criminal activity. We may also share information about violations with regulatory authorities where required by law.

NoxVerify will use reasonable efforts to notify the Tenant before taking enforcement action, except where immediate action is necessary to protect the security of the platform or to prevent imminent harm.

7. Reporting

If you become aware of any violation of this AUP, or if you have concerns about how the NoxVerify platform is being used, please report it to us:

NoxVerify Ltd. — Abuse Reporting
Email: abuse@noxverify.com
Security incidents: security@noxverify.com

All reports will be investigated promptly and treated confidentially. We will not retaliate against anyone who reports a violation in good faith.