Acceptable Use Policy

The AUP applies to every person and organization that accesses the Services, whether as a visitor, free user, paid subscriber, API developer, enterprise customer, or end user of a product built on the API. If you provide the Services to end users, you are responsible for ensuring their compliance with the AUP.

You must use the Services only for lawful purposes and in a way that:

• complies with all applicable laws, regulations, and sanctions regimes;
• respects the rights, privacy, and safety of others;
• does not facilitate unlawful discrimination, harassment, or harm;
• does not facilitate immigration fraud, visa-status misrepresentation, identity fraud, or circumvention of border controls.

You must not use the Services to create, store, transmit, or link to content or activity that:

• is unlawful, defamatory, fraudulent, obscene, hateful, threatening, or infringes intellectual property, privacy, or publicity rights;
• exploits, endangers, or sexualizes minors, or targets individuals for harassment or doxxing;
• promotes or facilitates violence, terrorism, human trafficking, weapons proliferation, or sanctions evasion;
• distributes malware, ransomware, phishing kits, stalkerware, spyware, or tools primarily designed to harm systems or people;
• sends unsolicited bulk messages, spam, or deceptive communications, or manipulates search, review, or ranking systems.

You must not, and must not attempt to:

• probe, scan, penetration-test, fuzz, or perform vulnerability research against the Services without our prior written consent;
• bypass, disable, or interfere with authentication, rate limits, quotas, billing, captchas, firewalls, or any access control;
• use automated means (bots, crawlers, scrapers, headless browsers) to access the Services except via interfaces we expressly provide and in accordance with their documentation;
• interfere with the operation of the Services, overload infrastructure, or degrade the experience of other users;
• reverse engineer, decompile, or attempt to derive source code or non-public data structures, except to the extent this restriction is prohibited by law;
• create accounts or credentials by automated means, operate multiple accounts to evade limits, or falsify identity, affiliation, or location to obtain access you would not otherwise have.

Legitimate security research may be conducted under our published responsible-disclosure terms or with prior written authorization from [email protected].

Except where expressly permitted by a written agreement with us, you must not:

• scrape, mirror, bulk download, or systematically extract content from the Services to build an archive of Passportbase data;
• resell, sublicense, rent, syndicate, or otherwise commercialize Services content or API responses in raw or substantially raw form;
• redistribute or republish Services content to third parties, including via other APIs, feeds, bulk files, or data marketplaces;
• use Services content or API data to train, fine-tune, evaluate, or benchmark a machine-learning model that is distributed outside your organization or offered as a service to third parties;
• use Services content or API data to build, improve, or benchmark a product, model, or dataset that competes with Passportbase.

You may surface API data inside your own product to your own end users, subject to the API Terms and any caching guidance we publish.

Published rate limits, request quotas, and concurrency caps are enforceable contractual limits, not suggestions. You must implement reasonable retry logic (including exponential backoff), honor Retry-After and 429 responses, and must not operate multiple accounts or credentials to evade limits.

Even where you are within your quota, usage that repeatedly degrades platform stability or disproportionately consumes shared resources may be throttled at our discretion, with notice where practicable.

You must keep credentials (passwords, API keys, tokens, webhook secrets) confidential and:

• not share them with third parties or embed them in client-side code, public repositories, mobile app bundles, browser extensions, or distributed binaries;
• rotate them promptly if they are, or may have been, exposed;
• implement reasonable key management, including scoping, rotation, revocation, and least-privilege controls;
• use strong, unique passwords and enable multi-factor authentication where offered.

You are responsible for all activity performed with your credentials. Report suspected compromise to [email protected].

If you build a product on the Services, you are responsible for your end-user experience and must:

• maintain a compliant privacy policy and terms of service for your end users;
• provide any notices, lawful bases, and consents required under applicable data protection law for processing of end-user data;
• clearly disclaim accuracy of Passportbase data to your end users and direct them to official government sources for authoritative requirements;
• not use the Services to make decisions with legal or similarly significant effects on individuals without appropriate human review and independent verification against official sources.

You must not submit to us special category data, payment card data, or data of children under an applicable minimum age, except where expressly supported by the product.

You must not misrepresent the source of Services content or imply partnership, sponsorship, or endorsement by Passportbase. Where required by the API Terms, you must attribute Passportbase as the data source. You must not use our name, logos, or marks except as expressly permitted.

If you become aware of activity that appears to violate this AUP, report it to [email protected]. For security vulnerabilities, email [email protected]. Please include enough detail for us to reproduce and investigate.

We may investigate suspected violations and take any action we reasonably believe is appropriate, including warning, throttling, suspension, termination, credential revocation, removal of content, forfeiture of fees, and cooperation with law enforcement. We may act without prior notice where we believe urgent action is necessary to protect the platform, users, or third parties.

Our failure to act on a violation is not a waiver of our right to act on it later, and our enforcement decisions are made in our sole reasonable discretion.

We may update this AUP from time to time. Material changes will be reflected on this page with an updated effective date and, where appropriate, additional notice. Your continued use of the Services after changes take effect constitutes acceptance.

Vexon Group LTD, trading as Passportbase. For questions about this AUP, contact [email protected].