DocuBay Acceptable Use Policy (AUP)

Effective Date: 22 May 2026

This Acceptable Use Policy (the "AUP") governs your access to and use of the DocuBay platform, including https://docubay.ae, https://hub.docubay.ae, and any related subdomains, applications, portals, or services operated under the DocuBay brand (collectively, the "Platform"). This AUP forms part of, and is incorporated by reference into, the DocuBay Terms of Service (the "Terms"). Capitalized terms not defined here have the meanings given in the Terms.

1. Purpose and Legal Posture

DocuBay operates a business-facing digital platform that may involve sensitive documents, identification materials, corporate records, compliance workflows, and service routing to licensed third-party providers. This AUP exists to:

• (a) protect clients, vendors, and DocuBay from fraud, misuse, security risks, and regulatory exposure;
• (b) preserve Platform integrity, reliability, and lawful operation; and
• (c) set clear boundaries around acceptable conduct, content, data uploads, and communications.

2. Who This Applies To

This AUP applies to any person or entity using the Platform, including company owners, authorised representatives, employees, administrators, invited users, and any third party acting on your behalf (collectively, "you"). You are responsible for ensuring your team and authorised users comply with this AUP.

3. High-Level Rule

You may use the Platform only for lawful, legitimate business purposes and only in a manner consistent with the Terms, applicable UAE law, and any relevant authority or regulatory requirements.

4. Prohibited Conduct

You must not, and must not allow any person acting through your account to:

4.1 Fraud, deception, and misrepresentation

Use the Platform to submit, upload, provide, or circulate any information or documents that are false, forged, misleading, impersonated, unlawfully obtained, or materially incomplete, including (without limitation) passports, Emirates IDs, visas, trade licenses, establishment cards, bank letters, corporate resolutions, powers of attorney, invoices, and supporting evidence.

4.2 Unauthorised access and account misuse

Attempt to access any account, workspace, data, or system component that you are not authorised to access. This includes:

• (a) password sharing beyond authorised users;
• (b) using another person's credentials or OTP;
• (c) bypassing authentication, UAEPASS flows, or platform controls; or
• (d) creating accounts under false identity or without authority from the relevant company.

4.3 Illegal activity and prohibited use cases

Use the Platform to engage in or support unlawful conduct, including money laundering, terrorism financing, sanctions evasion, bribery, corruption, fraud, identity theft, or any activity prohibited under UAE law or applicable international sanctions laws.

4.4 Abuse of authority processes

Submit requests designed to manipulate, overload, or interfere with government, court, embassy, bank, insurer, or free zone processes, or to misuse authority portals. You must not instruct DocuBay or a vendor to "find a workaround" that conflicts with legal requirements.

4.5 Harassment, threats, and abusive behavior

Use the Platform (including messages, tickets, email, WhatsApp communications, or calls related to Platform Requests) to harass, intimidate, threaten, defame, or abuse DocuBay staff, vendor staff, or any third party.

4.6 Malware, exploitation, and technical attacks

Upload, transmit, or introduce any malware, spyware, trojans, ransomware, or harmful code. You must not:

• (a) attempt to probe, scan, or test system vulnerabilities;
• (b) interfere with the Platform's security or performance;
• (c) reverse engineer or attempt to extract source code, algorithms, or underlying models; or
• (d) exploit bugs or vulnerabilities for unauthorized benefit.

4.7 Scraping, automated extraction, and excessive load

Use scraping, bots, automated scripts, or other means to extract data from the Platform or to create excessive requests that degrade performance. Any automated access requires DocuBay's prior written authorisation.

4.8 IP infringement and misuse of third-party materials

Upload or share content that infringes third-party rights (copyright, trademarks, confidential information, or trade secrets), or use DocuBay branding or vendor branding in a misleading way.

4.9 Circumventing Platform routing and commercial framework

Where the Platform introduces you to vendors or coordinates Requests, you must not use the Platform to identify vendors and then bypass the Platform to transact outside it in a manner that breaches your Terms, vendor arrangements, or any non-circumvention commitments you have accepted.

4.10 Messaging channel misuse

You must not use the DocuBay web chat widget or our WhatsApp business number to:

• (a) share or request passwords, full payment-card numbers, or full sensitive document numbers (including the complete Emirates ID, passport, or driving licence number). We will never ask for these via messaging channels. Where verification is necessary, we will direct you to the authenticated DocuBay portal.
• (b) submit time-critical applications, formal legal claims, regulatory notices, or any communication you intend to be a binding submission. Messaging channels are for general inquiries and support. Formal submissions must be made through your authenticated DocuBay account or through the appropriate authority's official process.
• (c) impersonate another individual, business, or DocuBay personnel.
• (d) transmit automated, scripted, or bulk messages without prior written authorisation.
• (e) send unsolicited promotional, commercial, or off-topic content.
• (f) attempt to extract data from our agents, including by social engineering, pretexting, or manipulating routing.

5. Document and Data Rules

Because the Platform may store and route sensitive documents, you agree that:

5.1 Accuracy and authenticity

You are responsible for ensuring all submissions are accurate, complete, and authentic. If you upload incorrect documents, outdated records, or incomplete information, you accept the risk of rejection, delays, fines, or additional costs imposed by third parties.

5.2 Authority to upload third-party data

If you upload personal data or documents of employees, owners, directors, or any third party, you confirm you have a lawful basis and required consents/authorisations to do so. DocuBay may request proof of authority where necessary.

5.3 Prohibited data submissions

You must not upload content that:

• (a) contains unlawfully obtained personal data;
• (b) includes credentials intended to be kept secret beyond necessary portal access steps (unless explicitly required and secured by the Platform flow); or
• (c) is unrelated to business/compliance purposes and creates unnecessary privacy risk.

5.4 Sensitive data hygiene

Where the Platform allows notes or free-text fields, you must avoid entering sensitive personal data unnecessarily (e.g., medical information) unless strictly required for the Request.

6. Communications and Representation Rules

To prevent regulated-activity creep and misrepresentation:

6.1 No false representation of DocuBay

You must not represent to clients, employees, vendors, banks, authorities, insurers, or third parties that DocuBay is:

• (a) a law firm, legal consultant, tax advisor, bank, lender, insurer, insurance broker, audit firm, or regulator; or
• (b) guaranteeing approvals, outcomes, court appointments, bank acceptance, or processing timelines.

6.2 No authority impersonation

You must not claim to be associated with or acting on behalf of any UAE government body, court, free zone, bank, insurer, embassy, or regulator.

6.3 No abusive escalation tactics

You must not threaten staff or vendors with baseless legal/regulatory complaints to force outcomes. Legitimate complaints are fine—abusive coercion is not.

6.4 Messaging channel operating expectations

Messaging channels operate within our published business hours (Monday to Friday, 9 AM to 6 PM UAE time, subject to public holidays). Messages received outside these hours will be addressed when our team returns to service. Response times during business hours are typically within two business hours but are not guaranteed.

WhatsApp messages and web chat sessions are not monitored for emergencies. If your matter is time-critical, contact the relevant authority directly or your DocuBay account manager (if assigned) through the channel they have designated for urgent communications.

7. Compliance Controls, Monitoring, and Enforcement

7.1 Monitoring and investigation

DocuBay may monitor Platform usage to protect security, ensure compliance, prevent fraud, and meet legal obligations. Monitoring may include audit logs, access logs, system event logs, and review of submitted materials where required for support or compliance.

7.2 Action DocuBay may take

If DocuBay reasonably believes you have violated this AUP or created a legal, security, or regulatory risk, DocuBay may, without limiting any other rights:

• (a) suspend or restrict access;
• (b) block uploads or Requests;
• (c) require additional verification steps;
• (d) remove content or documents;
• (e) refuse or cancel Requests;
• (f) escalate to relevant vendors or authorities where legally required; and/or
• (g) terminate your account in accordance with the Terms.

7.3 No duty to process unlawful or risky Requests

DocuBay is not obligated to process any Request that may be unlawful, fraudulent, or non-compliant.

7.4 Messaging channel enforcement

DocuBay reserves the right to end a chat session, suppress your number from our WhatsApp business list, or restrict your access to messaging channels where we determine, in our reasonable judgement, that:

• (a) the use of the channel breaches this Acceptable Use Policy;
• (b) the volume or content of messages constitutes harassment or abuse;
• (c) the conduct poses a security or compliance risk to DocuBay, our personnel, or our other customers; or
• (d) we are required to do so by law or regulatory direction.

Where access is restricted, you may continue to interact with DocuBay through your authenticated account portal and via email to support@docubay.ae.

8. Reporting Misuse

If you believe there is unauthorised access, fraud, or misuse related to your account or any Platform activity, you must promptly notify DocuBay at the support channel listed in the Contact section of the Terms and cooperate in good faith with any investigation.

9. Changes to This AUP

DocuBay may update this AUP from time to time to reflect operational, regulatory, or security requirements. Updates will be published on the Platform/website. Continued use of the Platform after updates take effect constitutes acceptance.

10. Governing Terms

This AUP is governed by the Terms, including governing law and jurisdiction. In case of conflict, the Terms prevail unless the AUP expressly states otherwise.