Home/ Legal/ Acceptable Use Policy

Acceptable Use Policy

Plain English where possible. Lawyer English where necessary.

Last updated: 8 May 2026

The principle

PolicySuite is a tool for legitimate compliance work. Don’t use it for anything else. This policy lists the boundaries. It is not exhaustive — common sense applies, and we reserve the right to act on conduct that breaches the spirit of these terms even if it isn’t explicitly listed below.

You must not

Use PolicySuite to:

  • Break the law of your jurisdiction or any jurisdiction your activity touches.
  • Generate or publish content designed to mislead regulators, auditors, or counterparties.
  • Impersonate another organisation, individual, or regulator.
  • Infringe intellectual property rights (yours, ours, or anyone else’s).
  • Send unsolicited bulk communications using PolicySuite’s distribution infrastructure.
  • Upload or distribute malware, exploit code, or material designed to cause harm.
  • Plan, facilitate, or carry out harm to others — physical, financial, reputational, or otherwise.
  • Process personal data in breach of UK GDPR, EU GDPR, or any other applicable data-protection law.
  • Operate as a Business Associate under HIPAA without a Business Associate Agreement in place with the relevant Covered Entity.

Technical limits

Don’t scrape the platform, reverse-engineer it, or probe its security without prior authorisation. Don’t use it in ways designed to circumvent rate limits, fair-use thresholds, or per-account licence terms. Don’t share account credentials. Don’t resell access. Don’t generate traffic that imposes a disproportionate burden on the service relative to your subscription tier.

Penetration testing of your own account is permitted with written notice to security@policy-suite.com in advance — we’ll set ground rules.

Reporting abuse

If you become aware of misuse of PolicySuite — by your own users, a vendor, or a third party — report it to abuse@policy-suite.com. We investigate every report received in good faith and respond within 5 UK business days.

Security vulnerabilities should go to security@policy-suite.com (responsible disclosure preferred — see the Security page for our policy).

Consequences

We may warn, suspend, or terminate accounts that breach this policy, with or without notice depending on severity. Severe or repeated breaches may result in immediate termination without refund. We may also report illegal activity to law enforcement and cooperate with their investigations.

If your account is suspended for breach, you remain responsible for any outstanding fees up to the suspension date. Data export may be available at our discretion if the breach was inadvertent and remediable.

Contact

Questions about this policy? Email legal@policy-suite.com.

Reporting abuse? abuse@policy-suite.com.

Security disclosure? security@policy-suite.com.