Skip to content

Legal

Acceptable Use Policy

The conduct rules that apply to anyone using the OneFinOps platform - designed to keep the Service safe, lawful and useful for every Customer.

Last updated:

This Acceptable Use Policy (the “AUP”) describes activities that are not permitted on the OneFinOps platform (the “Service”) and the standards we apply when investigating reports of abuse. The AUP forms part of the Terms of Service and applies to every Customer, User and integrator who accesses the Service.

We keep the AUP intentionally short and principles-based. We will use reasonable judgment in applying it, give Customers a chance to remedy material issues, and act faster when conduct creates immediate risk to the Service, other Customers or the public.

1. Definitions

Capitalised terms used in this AUP but not defined here have the meanings given in the Terms of Service.

  • “AUP” means this Acceptable Use Policy.
  • “Customer” means the entity or individual that has accepted the Terms.
  • “Personal Data” has the meaning given in the Privacy Policy and the DPDP Act.
  • “Prohibited Conduct” means any of the activities listed in sections 2 to 5 of this AUP.
  • “Service” means the OneFinOps platform.
  • “User” means an individual authorised by a Customer to use the Service through the Customer’s account.
  • “VentureSpin” means VentureSpin Private Limited (CIN: U62099TS2025PTC205120), referred to as “we” or “us”.

2. You will not break the law

You will not use the Service to engage in, plan or facilitate any activity that is unlawful under Indian law or the laws of any other jurisdiction in which the conduct has effect. Examples include money laundering, tax evasion, sanctions violations, falsifying statutory filings, forging invoices, evading e-invoicing requirements, or generating documents intended to deceive a regulator, auditor or counterparty.

The Service exists to make financial operations and compliance easier, not to enable non-compliance.

3. You will not abuse the Service or its infrastructure

You will not, and will not permit any User to:

  • Probe, scan or test the vulnerability of the Service except under a written authorisation or our responsible disclosure programme.
  • Bypass authentication, rate limits, quotas or access controls; share, sell or distribute API keys or authentication credentials.
  • Reverse-engineer or decompile any part of the Service except to the extent expressly permitted by law.
  • Submit malicious code, virus, worm, time bomb, trojan or other harmful instructions.
  • Generate excessive traffic, flood any endpoint, or otherwise impair the availability of the Service for other Customers.
  • Resell, sublicence, lease or rent the Service, or use it on a service-bureau basis on behalf of unauthorised third parties.

4. You will not abuse other Customers or third parties

You will not use the Service to:

  • Send unsolicited bulk commercial messages, phishing attempts, scams or any communication that violates the Telecom Commercial Communications Customer Preference Regulations or equivalent anti-spam law in the recipient’s jurisdiction.
  • Harass, threaten, defame or impersonate any individual or organisation.
  • Upload content that infringes intellectual property, breaches confidentiality, or violates publicity, privacy or data-protection rights of others.
  • Upload sexually explicit material involving minors, content that incites violence, or content that violates community standards under applicable law.

5. You will not misuse data or integrations

You will not:

  • Submit Personal Data of individuals without a lawful basis under the DPDP Act or other applicable privacy law.
  • Use the Service to enrich data sets that you intend to monetise without the Data Principal’s consent.
  • Use authorised integrations (ERP, GSTN, MCA21, TRACES, banking) for any purpose other than the financial-operations and compliance workflows the Service is built to support.
  • Train competing models or services on the Service, its outputs or other Customers’ data.

6. Connectors, APIs and automation

If you use OneFinOps APIs, webhooks or third-party connectors:

  • Respect documented rate limits. If your workload requires higher throughput, contact us before scaling up; we’ll provision appropriate quotas.
  • Use service accounts that are tied to your organisation, not to a single departing employee.
  • Rotate API keys at least every 90 days, or immediately on suspected compromise.
  • Do not embed credentials in client-side code, public repositories or any environment outside your organisation’s control.

7. Reporting abuse

If you believe another Customer or User is violating this AUP, email abuse@onefinops.com with as much detail as you can share, including affected URLs, timestamps, sample messages and screenshots. We treat reports confidentially.

For security vulnerabilities specifically, follow our responsible disclosure process instead of using the abuse mailbox.

8. Enforcement

When we receive a credible report of an AUP violation, we will:

  1. Notify the affected Customer in writing, except where notification would interfere with an ongoing investigation or be unlawful.
  2. Investigate proportionally, most often by reviewing logs and asking clarifying questions.
  3. Take action, ranging from a written warning, to a 24-hour suspension, to termination of the affected account.

We may act faster, including immediate suspension, if conduct presents a clear and present risk to the Service, other Customers or the public, for example an active phishing campaign, an exposed integration credential, or a court-ordered freeze.

9. Updates to this Policy

We update this AUP from time to time. Material changes will be posted on this page and, for active Customers, communicated by email to the account owner. Continued use of the Service after a change takes effect constitutes acceptance of the updated AUP.

For questions about this AUP, write to legal@onefinops.com.

Questions?

Email legal@onefinops.com for legal queries, or privacy@onefinops.com for privacy and data-protection requests.