Legal

Acceptable Use Policy

Activities that are not permitted on the Paylists Services. Incorporated into and forming part of the Paylists User Agreement.

Effective date: 10 May 2026 Part of the Paylists User Agreement

This Acceptable Use Policy ("AUP") sets out activities that are not permitted on the Paylists Services. It is incorporated into and forms part of the Paylists User Agreement. Capitalised terms used but not defined in this AUP have the meanings given in the User Agreement.

By accessing or using the Services, you agree to comply with this AUP. Paylists may update this AUP from time to time and will publish the current version at paylists.com/acceptable-use.html.

1. Lawful business use only

The Services are provided exclusively for lawful business and professional use. You must not use the Services in a way that:

  • violates any applicable law, regulation, sanctions regime, or court or regulatory order;
  • infringes the intellectual property rights of any other person;
  • breaches a contractual obligation owed to a third party; or
  • requires you to hold a regulatory authorisation that you do not hold.

2. Prohibited activities

You must not, and must not permit any other person to:

2.1 Fraud, deception and unauthorised invoicing

  • send payment requests, invoices, credit notes, bills or reminders to recipients with whom you do not have a valid commercial agreement, contract, purchase order, engagement or other lawful business relationship;
  • impersonate any individual or organisation;
  • misrepresent your identity, business, address, ownership, authority, VAT status or other relevant information;
  • engage in money laundering, terrorism financing, tax evasion, sanctions evasion or any other financial crime; or
  • attempt to circumvent Flowin/Codabox's KYC, proof-of-ownership, authority verification or business verification processes.

2.2 Harmful or unlawful content

You must not upload, transmit, store, send or share via the Services any content that:

  • is illegal, fraudulent, defamatory, obscene, harassing, threatening, hateful, discriminatory, or that incites violence or terrorism;
  • contains malware, viruses, ransomware, time bombs, trojans, spyware, worms, corrupted files or any other harmful code;
  • exploits, harms or attempts to exploit or harm minors;
  • infringes any intellectual property right, trade secret, privacy right, publicity right or other right of any person;
  • contains personal data that you do not have a lawful basis to provide to Paylists; or
  • contains special categories of personal data (such as health, biometric, racial, ethnic, political, religious, philosophical, trade union, sexual orientation or genetic data) unless Paylists has expressly agreed in writing and you have a valid lawful basis.

2.3 Unsolicited communications

You must not use the Services to send marketing communications, bulk messages, "spam" or unsolicited business communications unless permitted by applicable law (including the Privacy and Electronic Communications Regulations 2003 and equivalent EU national laws) and you have all required consents and notices in place.

2.4 Security and integrity

You must not, and must not attempt to:

  • gain unauthorised access to the Services, any account, any system, any network or any data;
  • circumvent, disable, interfere with or compromise the security or operation of the Services or any related infrastructure (including Vercel, Supabase, AWS, Twilio, OpenAI or Flowin/Codabox);
  • introduce malware, denial-of-service traffic, automated traffic, scrapers or bots into the Services;
  • probe, scan or test the vulnerability of the Services other than under the Paylists Vulnerability Disclosure Policy;
  • decompile, reverse engineer, disassemble, attempt to derive source code from, or create derivative works of the Paylists software except to the extent expressly permitted by applicable law that cannot be excluded;
  • use the Services to develop a competing product or service; or
  • remove, obscure or alter any proprietary notices, labels or marks on the Services.

2.5 Excessive or abusive usage

  • excessive or unreasonable use that adversely impacts the performance, availability or security of the Services for other users;
  • automated mass-creation of accounts, businesses, customers, vendors, invoices or messages without Paylists' written authorisation;
  • use of the Services in a manner that adversely affects Paylists' relationship with Flowin/Codabox, OpenAI, Twilio or any other sub-processor.

2.6 Misuse of Peppol functionality

  • use of Peppol e-invoicing without the necessary authority, mandate, lawful basis or business relationship;
  • providing inaccurate, incomplete, misleading or fabricated End-User Information for Peppol onboarding or registration;
  • using Peppol functionality to send documents that do not constitute genuine invoices, credit notes or related business documents;
  • attempting to send Peppol documents in countries or to recipients for which the functionality is not enabled or supported.

2.7 Misuse of AI Services

  • using AI Services in a manner that violates applicable law or third-party rights;
  • inputting data that you do not have a lawful basis to share with Paylists or its AI service providers;
  • relying on AI Output as legal, financial, accounting, tax, investment, credit or other professional advice;
  • attempting to extract, reverse engineer, exploit, jailbreak or misuse the AI service provider's models, prompts or outputs.

3. Your responsibility

You are responsible for the activity of all users of your Account, including authorised users, employees, contractors and agents. You must take appropriate measures to ensure that those users comply with this AUP.

4. Reporting violations

If you become aware of any violation of this AUP, please report it to abuse@paylists.com (or, for security-specific issues, to security@paylists.com).

For Digital Services Act matters in the EU/EEA, including competent-authority communications and DSA-related concerns about illegal content, DataRep may be contacted at digitalrequest@datarep.com quoting "Paylists LTD" in the subject line, through www.datarep.com/data-request, by post to DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland, or by phone on +353 (1) 919 8899. DataRep is not the user-support, billing or general complaints contact for Paylists.

5. Enforcement

Paylists may, in its discretion and without prior notice where reasonable in the circumstances:

  • investigate suspected violations of this AUP;
  • remove, restrict or disable access to content;
  • suspend or restrict an Account, business profile, Peppol functionality, AI Services or any other feature;
  • terminate the Agreement in accordance with the User Agreement;
  • report suspected unlawful activity to law enforcement, regulators, payment providers, banks, Flowin/Codabox, Peppol or other competent authorities;
  • cooperate with Flowin/Codabox where they require suspension or restriction in connection with KYC, AML, sanctions or compliance concerns.

Paylists is not liable for losses arising from any reasonable enforcement action taken under this AUP, except to the extent caused by Paylists' breach of the User Agreement or where liability cannot lawfully be excluded.

6. Changes to this AUP

Paylists may update this AUP from time to time. Material changes will be notified in line with the User Agreement. The effective date of the current version is shown at the top of this document.