Acceptable Use Policy

This Acceptable Use Policy ("AUP") governs your use of CAIRL's services, API, and platform. It applies to all users — individuals, Business Users, and developers. This AUP is incorporated into and supplements our Terms of Service.

Violation of this policy may result in suspension or termination of your account, revocation of API access, and forfeiture of any prepaid wallet balance.

You agree not to:

• Submit fraudulent documents — Including forged, altered, stolen, or expired identity documents presented as valid
• Impersonate others — Attempt to verify as someone other than yourself, or represent another person's identity as your own
• Create duplicate accounts — Maintain more than one CAIRL account per individual, or circumvent biometric uniqueness enforcement
• Circumvent security — Attempt to bypass, disable, or interfere with security features, bot protection, liveness detection, rate limiting, or consent mechanisms
• Use automated access without authorization — Use bots, scrapers, or automated tools to access the Service without our written consent
• Engage in illegal activity — Use the Service for any unlawful purpose, including money laundering, terrorist financing, sanctions evasion, or facilitating illegal transactions
• Interfere with the Service — Take actions that could damage, disable, overload, or impair the Service or its infrastructure
• Reverse engineer — Attempt to decompile, disassemble, or derive the source code, algorithms, or data models of the Service
• Attempt to access restricted data — Attempt to access, extract, or infer biometric data, raw identity documents, or other restricted data not exposed through authorized interfaces

If you operate a business context on CAIRL, you additionally agree to:

• Use claims only as authorized — Use verification results (claims) only for the purposes authorized by the verifying user at the time of consent
• Honor revocations — When a user revokes consent, immediately cease using their claims and delete any cached verification results
• No resale — Not re-sell, sublicense, or redistribute verification results or claims to any third party
• No profiling — Not use claims to build user profiles, dossiers, behavioral tracking systems, or surveillance tools
• No AI training — Not use verification results or claims to train machine learning models or AI systems without explicit written consent from CAIRL
• No attempt to reconstruct identity — Not attempt to reverse, infer, or reconstruct a user's underlying identity from claims or verification outputs
• No authentication-only use — Not use CAIRL solely as a standalone authentication service without incorporating verification claims. Production OAuth usage must include at least one CAIRL verification claim once integration is complete.
• Legal compliance — Comply with all applicable laws regarding identity verification data in your jurisdiction

If you access the Service via API, you additionally agree to:

• Respect rate limits — Honor all rate limits and usage quotas as documented in our API documentation. Sustained or deliberate rate limit violations may result in key revocation.
• No evasion of rate limits — Do not attempt to bypass, rotate, or otherwise evade rate limiting controls.
• Protect credentials — Keep API keys, tokens, and signing secrets confidential. Never commit credentials to public repositories, share them in client-side code, or transmit them over insecure channels.
• Use sandbox for testing — Use sandbox environments and test keys for development and testing. Do not use production keys for testing or development purposes.
• Follow integration guidelines — Comply with our API documentation, integration guides, and webhook handling requirements
• Validate inputs — Sanitize and validate all inputs before sending to CAIRL endpoints. Do not transmit malicious payloads, injection attempts, or intentionally malformed requests.
• Handle data responsibly — Cache verification results only as necessary and only for the duration authorized. Do not store or persist raw API responses beyond their authorized use. Only derived claims and permitted data may be retained in accordance with the Data Processing Agreement and user consent.
• Report vulnerabilities — Report security vulnerabilities to security@cairl.app responsibly. Do not exploit vulnerabilities or access other users' data.

CAIRL may not be used to:

• Facilitate identity theft, fraud, or impersonation
• Verify identities for the purpose of harassment, stalking, or intimidation
• Enable discrimination based on race, ethnicity, religion, gender, sexual orientation, disability, or any other protected characteristic
• Circumvent age restrictions on regulated substances or activities in violation of applicable law
• Provide identity verification for services that violate applicable law in the jurisdiction where the service operates

We review potential violations on a case-by-case basis. Depending on severity, we may:

• Issue a warning and request remediation
• Temporarily suspend access while investigating
• Permanently terminate your account and revoke all API access
• Forfeit remaining wallet balance in cases of for-cause termination (e.g., fraud, abuse, or policy violations)
• Report illegal activity to appropriate authorities

For fraud, serious ToS violations, or security threats, we may act immediately without prior warning. We may cooperate with lawful investigations and requests where required by applicable law.

If you become aware of a violation of this policy, please report it to:

• Security concerns: security@cairl.app
• General reports: legal@cairl.app

• Legal inquiries: legal@cairl.app
• Security: security@cairl.app
• Address: reAPPlicate Incorporated, 3200 NW 62nd Avenue #22, Margate, FL 33063